os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/share/security/patches/EN-15:02/openssl-9.3.patch

32829 lines
1.2 MiB
Raw Blame History

Index: crypto/openssl/CHANGES
===================================================================
--- crypto/openssl/CHANGES (revision 279126)
+++ crypto/openssl/CHANGES (working copy)
@@ -2,6 +2,171 @@
OpenSSL CHANGES
_______________
+ Changes between 0.9.8zc and 0.9.8zd [8 Jan 2015]
+
+ *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS
+ message can cause a segmentation fault in OpenSSL due to a NULL pointer
+ dereference. This could lead to a Denial Of Service attack. Thanks to
+ Markus Stenberg of Cisco Systems, Inc. for reporting this issue.
+ (CVE-2014-3571)
+ [Steve Henson]
+
+ *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is
+ built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl
+ method would be set to NULL which could later result in a NULL pointer
+ dereference. Thanks to Frank Schmirler for reporting this issue.
+ (CVE-2014-3569)
+ [Kurt Roeckx]
+
+ *) Abort handshake if server key exchange message is omitted for ephemeral
+ ECDH ciphersuites.
+
+ Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for
+ reporting this issue.
+ (CVE-2014-3572)
+ [Steve Henson]
+
+ *) Remove non-export ephemeral RSA code on client and server. This code
+ violated the TLS standard by allowing the use of temporary RSA keys in
+ non-export ciphersuites and could be used by a server to effectively
+ downgrade the RSA key length used to a value smaller than the server
+ certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at
+ INRIA or reporting this issue.
+ (CVE-2015-0204)
+ [Steve Henson]
+
+ *) Fix various certificate fingerprint issues.
+
+ By using non-DER or invalid encodings outside the signed portion of a
+ certificate the fingerprint can be changed without breaking the signature.
+ Although no details of the signed portion of the certificate can be changed
+ this can cause problems with some applications: e.g. those using the
+ certificate fingerprint for blacklists.
+
+ 1. Reject signatures with non zero unused bits.
+
+ If the BIT STRING containing the signature has non zero unused bits reject
+ the signature. All current signature algorithms require zero unused bits.
+
+ 2. Check certificate algorithm consistency.
+
+ Check the AlgorithmIdentifier inside TBS matches the one in the
+ certificate signature. NB: this will result in signature failure
+ errors for some broken certificates.
+
+ Thanks to Konrad Kraszewski from Google for reporting this issue.
+
+ 3. Check DSA/ECDSA signatures use DER.
+
+ Reencode DSA/ECDSA signatures and compare with the original received
+ signature. Return an error if there is a mismatch.
+
+ This will reject various cases including garbage after signature
+ (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
+ program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
+ (negative or with leading zeroes).
+
+ Further analysis was conducted and fixes were developed by Stephen Henson
+ of the OpenSSL core team.
+
+ (CVE-2014-8275)
+ [Steve Henson]
+
+ *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect
+ results on some platforms, including x86_64. This bug occurs at random
+ with a very low probability, and is not known to be exploitable in any
+ way, though its exact impact is difficult to determine. Thanks to Pieter
+ Wuille (Blockstream) who reported this issue and also suggested an initial
+ fix. Further analysis was conducted by the OpenSSL development team and
+ Adam Langley of Google. The final fix was developed by Andy Polyakov of
+ the OpenSSL core team.
+ (CVE-2014-3570)
+ [Andy Polyakov]
+
+ Changes between 0.9.8zb and 0.9.8zc [15 Oct 2014]
+
+ *) Session Ticket Memory Leak.
+
+ When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
+ integrity of that ticket is first verified. In the event of a session
+ ticket integrity check failing, OpenSSL will fail to free memory
+ causing a memory leak. By sending a large number of invalid session
+ tickets an attacker could exploit this issue in a Denial Of Service
+ attack.
+ (CVE-2014-3567)
+ [Steve Henson]
+
+ *) Build option no-ssl3 is incomplete.
+
+ When OpenSSL is configured with "no-ssl3" as a build option, servers
+ could accept and complete a SSL 3.0 handshake, and clients could be
+ configured to send them.
+ (CVE-2014-3568)
+ [Akamai and the OpenSSL team]
+
+ *) Add support for TLS_FALLBACK_SCSV.
+ Client applications doing fallback retries should call
+ SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV).
+ (CVE-2014-3566)
+ [Adam Langley, Bodo Moeller]
+
+ *) Add additional DigestInfo checks.
+
+ Reencode DigestInto in DER and check against the original when
+ verifying RSA signature: this will reject any improperly encoded
+ DigestInfo structures.
+
+ Note: this is a precautionary measure and no attacks are currently known.
+
+ [Steve Henson]
+
+ Changes between 0.9.8za and 0.9.8zb [6 Aug 2014]
+
+ *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject
+ to a denial of service attack. A malicious server can crash the client
+ with a null pointer dereference (read) by specifying an anonymous (EC)DH
+ ciphersuite and sending carefully crafted handshake messages.
+
+ Thanks to Felix Gr<47>bert (Google) for discovering and researching this
+ issue.
+ (CVE-2014-3510)
+ [Emilia K<>sper]
+
+ *) By sending carefully crafted DTLS packets an attacker could cause openssl
+ to leak memory. This can be exploited through a Denial of Service attack.
+ Thanks to Adam Langley for discovering and researching this issue.
+ (CVE-2014-3507)
+ [Adam Langley]
+
+ *) An attacker can force openssl to consume large amounts of memory whilst
+ processing DTLS handshake messages. This can be exploited through a
+ Denial of Service attack.
+ Thanks to Adam Langley for discovering and researching this issue.
+ (CVE-2014-3506)
+ [Adam Langley]
+
+ *) An attacker can force an error condition which causes openssl to crash
+ whilst processing DTLS packets due to memory being freed twice. This
+ can be exploited through a Denial of Service attack.
+ Thanks to Adam Langley and Wan-Teh Chang for discovering and researching
+ this issue.
+ (CVE-2014-3505)
+ [Adam Langley]
+
+ *) A flaw in OBJ_obj2txt may cause pretty printing functions such as
+ X509_name_oneline, X509_name_print_ex et al. to leak some information
+ from the stack. Applications may be affected if they echo pretty printing
+ output to the attacker.
+
+ Thanks to Ivan Fratric (Google) for discovering this issue.
+ (CVE-2014-3508)
+ [Emilia K<>sper, and Steve Henson]
+
+ *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
+ for corner cases. (Certain input points at infinity could lead to
+ bogus results, with non-infinity inputs mapped to infinity too.)
+ [Bodo Moeller]
+
Changes between 0.9.8y and 0.9.8za [5 Jun 2014]
*) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
Index: crypto/openssl/FAQ
===================================================================
--- crypto/openssl/FAQ (revision 279126)
+++ crypto/openssl/FAQ (working copy)
@@ -113,11 +113,6 @@ that came with the version of OpenSSL you are usin
documentation is included in each OpenSSL distribution under the docs
directory.
-For information on parts of libcrypto that are not yet documented, you
-might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
-predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>. Much
-of this still applies to OpenSSL.
-
There is some documentation about certificate extensions and PKCS#12
in doc/openssl.txt
Index: crypto/openssl/Makefile
===================================================================
--- crypto/openssl/Makefile (revision 279126)
+++ crypto/openssl/Makefile (working copy)
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=0.9.8za
+VERSION=0.9.8zd
MAJOR=0
MINOR=9.8
SHLIB_VERSION_NUMBER=0.9.8
Index: crypto/openssl/NEWS
===================================================================
--- crypto/openssl/NEWS (revision 279126)
+++ crypto/openssl/NEWS (working copy)
@@ -5,6 +5,38 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 0.9.8zc and OpenSSL 0.9.8zd [8 Jan 2015]
+
+ o Fix for CVE-2014-3571
+ o Fix for CVE-2014-3569
+ o Fix for CVE-2014-3572
+ o Fix for CVE-2015-0204
+ o Fix for CVE-2014-8275
+ o Fix for CVE-2014-3570
+
+ Major changes between OpenSSL 0.9.8zb and OpenSSL 0.9.8zc [15 Oct 2014]:
+
+ o Fix for CVE-2014-3513
+ o Fix for CVE-2014-3567
+ o Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
+ o Fix for CVE-2014-3568
+
+ Major changes between OpenSSL 0.9.8za and OpenSSL 0.9.8zb [6 Aug 2014]:
+
+ o Fix for CVE-2014-3510
+ o Fix for CVE-2014-3507
+ o Fix for CVE-2014-3506
+ o Fix for CVE-2014-3505
+ o Fix for CVE-2014-3508
+
+ Known issues in OpenSSL 0.9.8za:
+
+ o Compilation failure of s3_pkt.c on some platforms due to missing
+ <limits.h> include. Fixed in 0.9.8zb-dev.
+ o FIPS capable link failure with missing symbol BN_consttime_swap.
+ Fixed in 0.9.8zb-dev. Workaround is to compile with no-ec: the EC
+ algorithms are not FIPS approved in OpenSSL 0.9.8 anyway.
+
Major changes between OpenSSL 0.9.8y and OpenSSL 0.9.8za [5 Jun 2014]:
o Fix for CVE-2014-0224
Index: crypto/openssl/README
===================================================================
--- crypto/openssl/README (revision 279126)
+++ crypto/openssl/README (working copy)
@@ -1,5 +1,5 @@
- OpenSSL 0.9.8za 5 Jun 2014
+ OpenSSL 0.9.8zd 8 Jan 2015
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Index: crypto/openssl/apps/apps.c
===================================================================
--- crypto/openssl/apps/apps.c (revision 279126)
+++ crypto/openssl/apps/apps.c (working copy)
@@ -362,6 +362,8 @@ int chopup_args(ARGS *arg, char *buf, int *argc, c
{
arg->count=20;
arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
+ if (arg->data == NULL)
+ return 0;
}
for (i=0; i<arg->count; i++)
arg->data[i]=NULL;
@@ -1429,6 +1431,8 @@ char *make_config_name()
len=strlen(t)+strlen(OPENSSL_CONF)+2;
p=OPENSSL_malloc(len);
+ if (p == NULL)
+ return NULL;
BUF_strlcpy(p,t,len);
#ifndef OPENSSL_SYS_VMS
BUF_strlcat(p,"/",len);
Index: crypto/openssl/apps/ca.c
===================================================================
--- crypto/openssl/apps/ca.c (revision 279126)
+++ crypto/openssl/apps/ca.c (working copy)
@@ -1582,6 +1582,7 @@ static int certify(X509 **xret, char *infile, EVP_
{
ok=0;
BIO_printf(bio_err,"Signature verification problems....\n");
+ ERR_print_errors(bio_err);
goto err;
}
if (i == 0)
@@ -1588,6 +1589,7 @@ static int certify(X509 **xret, char *infile, EVP_
{
ok=0;
BIO_printf(bio_err,"Signature did not match the certificate request\n");
+ ERR_print_errors(bio_err);
goto err;
}
else
@@ -2751,6 +2753,9 @@ char *make_revocation_str(int rev_type, char *rev_
revtm = X509_gmtime_adj(NULL, 0);
+ if (!revtm)
+ return NULL;
+
i = revtm->length + 1;
if (reason) i += strlen(reason) + 1;
Index: crypto/openssl/apps/crl2p7.c
===================================================================
--- crypto/openssl/apps/crl2p7.c (revision 279126)
+++ crypto/openssl/apps/crl2p7.c (working copy)
@@ -142,7 +142,13 @@ int MAIN(int argc, char **argv)
{
if (--argc < 1) goto bad;
if(!certflst) certflst = sk_new_null();
- sk_push(certflst,*(++argv));
+ if (!certflst)
+ goto end;
+ if (!sk_push(certflst,*(++argv)))
+ {
+ sk_free(certflst);
+ goto end;
+ }
}
else
{
Index: crypto/openssl/apps/ocsp.c
===================================================================
--- crypto/openssl/apps/ocsp.c (revision 279126)
+++ crypto/openssl/apps/ocsp.c (working copy)
@@ -1344,7 +1344,7 @@ OCSP_RESPONSE *process_responder(BIO *err, OCSP_RE
}
resp = query_responder(err, cbio, path, req, req_timeout);
if (!resp)
- BIO_printf(bio_err, "Error querying OCSP responsder\n");
+ BIO_printf(bio_err, "Error querying OCSP responder\n");
end:
if (ctx)
SSL_CTX_free(ctx);
Index: crypto/openssl/apps/s_server.c
===================================================================
--- crypto/openssl/apps/s_server.c (revision 279126)
+++ crypto/openssl/apps/s_server.c (working copy)
@@ -583,7 +583,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, i
if (servername)
{
- if (strcmp(servername,p->servername))
+ if (strcasecmp(servername,p->servername))
return p->extension_error;
if (ctx2)
{
@@ -1095,6 +1095,14 @@ bad:
sv_usage();
goto end;
}
+#ifndef OPENSSL_NO_DTLS1
+ if (www && socket_type == SOCK_DGRAM)
+ {
+ BIO_printf(bio_err,
+ "Can't use -HTTP, -www or -WWW with DTLS\n");
+ goto end;
+ }
+#endif
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
@@ -1922,8 +1930,10 @@ again:
#ifdef CHARSET_EBCDIC
ascii2ebcdic(buf,buf,i);
#endif
- write(fileno(stdout),buf,
- (unsigned int)i);
+ if (write(fileno(stdout),buf,
+ (unsigned int)i) != i)
+ goto err;
+
if (SSL_pending(con)) goto again;
break;
case SSL_ERROR_WANT_WRITE:
Index: crypto/openssl/apps/speed.c
===================================================================
--- crypto/openssl/apps/speed.c (revision 279126)
+++ crypto/openssl/apps/speed.c (working copy)
@@ -2767,7 +2767,11 @@ static int do_multi(int multi)
fds=malloc(multi*sizeof *fds);
for(n=0 ; n < multi ; ++n)
{
- pipe(fd);
+ if (pipe(fd) == -1)
+ {
+ fprintf(stderr, "pipe failure\n");
+ exit(1);
+ }
fflush(stdout);
fflush(stderr);
if(fork())
@@ -2779,7 +2783,11 @@ static int do_multi(int multi)
{
close(fd[0]);
close(1);
- dup(fd[1]);
+ if (dup(fd[1]) == -1)
+ {
+ fprintf(stderr, "dup failed\n");
+ exit(1);
+ }
close(fd[1]);
mr=1;
usertime=0;
Index: crypto/openssl/crypto/LPdir_vms.c
===================================================================
--- crypto/openssl/crypto/LPdir_vms.c (revision 279126)
+++ crypto/openssl/crypto/LPdir_vms.c (working copy)
@@ -1,4 +1,3 @@
-/* $LP: LPlib/source/LPdir_vms.c,v 1.20 2004/08/26 13:36:05 _cvs_levitte Exp $ */
/*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved.
@@ -82,6 +81,12 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const c
size_t filespeclen = strlen(directory);
char *filespec = NULL;
+ if (filespeclen == 0)
+ {
+ errno = ENOENT;
+ return 0;
+ }
+
/* MUST be a VMS directory specification! Let's estimate if it is. */
if (directory[filespeclen-1] != ']'
&& directory[filespeclen-1] != '>'
Index: crypto/openssl/crypto/LPdir_win.c
===================================================================
--- crypto/openssl/crypto/LPdir_win.c (revision 279126)
+++ crypto/openssl/crypto/LPdir_win.c (working copy)
@@ -1,4 +1,3 @@
-/* $LP: LPlib/source/LPdir_win.c,v 1.10 2004/08/26 13:36:05 _cvs_levitte Exp $ */
/*
* Copyright (c) 2004, Richard Levitte <richard@levitte.org>
* All rights reserved.
@@ -65,6 +64,16 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const c
errno = 0;
if (*ctx == NULL)
{
+ const char *extdir = directory;
+ char *extdirbuf = NULL;
+ size_t dirlen = strlen (directory);
+
+ if (dirlen == 0)
+ {
+ errno = ENOENT;
+ return 0;
+ }
+
*ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
if (*ctx == NULL)
{
@@ -73,15 +82,35 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const c
}
memset(*ctx, '\0', sizeof(LP_DIR_CTX));
+ if (directory[dirlen-1] != '*')
+ {
+ extdirbuf = (char *)malloc(dirlen + 3);
+ if (extdirbuf == NULL)
+ {
+ free(*ctx);
+ *ctx = NULL;
+ errno = ENOMEM;
+ return 0;
+ }
+ if (directory[dirlen-1] != '/' && directory[dirlen-1] != '\\')
+ extdir = strcat(strcpy (extdirbuf,directory),"/*");
+ else
+ extdir = strcat(strcpy (extdirbuf,directory),"*");
+ }
+
if (sizeof(TCHAR) != sizeof(char))
{
TCHAR *wdir = NULL;
/* len_0 denotes string length *with* trailing 0 */
- size_t index = 0,len_0 = strlen(directory) + 1;
+ size_t index = 0,len_0 = strlen(extdir) + 1;
- wdir = (TCHAR *)malloc(len_0 * sizeof(TCHAR));
+ wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR));
if (wdir == NULL)
{
+ if (extdirbuf != NULL)
+ {
+ free (extdirbuf);
+ }
free(*ctx);
*ctx = NULL;
errno = ENOMEM;
@@ -89,10 +118,10 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const c
}
#ifdef LP_MULTIBYTE_AVAILABLE
- if (!MultiByteToWideChar(CP_ACP, 0, directory, len_0, (WCHAR *)wdir, len_0))
+ if (!MultiByteToWideChar(CP_ACP, 0, extdir, len_0, (WCHAR *)wdir, len_0))
#endif
for (index = 0; index < len_0; index++)
- wdir[index] = (TCHAR)directory[index];
+ wdir[index] = (TCHAR)extdir[index];
(*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);
@@ -99,7 +128,13 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const c
free(wdir);
}
else
- (*ctx)->handle = FindFirstFile((TCHAR *)directory, &(*ctx)->ctx);
+ {
+ (*ctx)->handle = FindFirstFile((TCHAR *)extdir, &(*ctx)->ctx);
+ }
+ if (extdirbuf != NULL)
+ {
+ free (extdirbuf);
+ }
if ((*ctx)->handle == INVALID_HANDLE_VALUE)
{
@@ -116,7 +151,6 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const c
return 0;
}
}
-
if (sizeof(TCHAR) != sizeof(char))
{
TCHAR *wdir = (*ctx)->ctx.cFileName;
Index: crypto/openssl/crypto/Makefile
===================================================================
--- crypto/openssl/crypto/Makefile (revision 279126)
+++ crypto/openssl/crypto/Makefile (working copy)
@@ -30,6 +30,7 @@ AFLAGS=$(ASFLAGS)
LIBS=
GENERAL=Makefile README crypto-lib.com install.com
+TEST=constant_time_test.c
LIB= $(TOP)/libcrypto.a
SHARED_LIB= libcrypto$(SHLIB_EXT)
@@ -40,7 +41,8 @@ SRC= $(LIBSRC)
EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
ossl_typ.h
-HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h $(EXHEADER)
+HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h \
+ constant_time_locl.h $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
Index: crypto/openssl/crypto/asn1/asn1_lib.c
===================================================================
--- crypto/openssl/crypto/asn1/asn1_lib.c (revision 279126)
+++ crypto/openssl/crypto/asn1/asn1_lib.c (working copy)
@@ -131,6 +131,9 @@ int ASN1_get_object(const unsigned char **pp, long
*pclass=xclass;
if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err;
+ if (inf && !(ret & V_ASN1_CONSTRUCTED))
+ goto err;
+
#if 0
fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n",
(int)p,*plength,omax,(int)*pp,(int)(p+ *plength),
Index: crypto/openssl/crypto/asn1/asn_mime.c
===================================================================
--- crypto/openssl/crypto/asn1/asn_mime.c (revision 279126)
+++ crypto/openssl/crypto/asn1/asn_mime.c (working copy)
@@ -595,6 +595,8 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *
int len, state, save_state = 0;
headers = sk_MIME_HEADER_new(mime_hdr_cmp);
+ if (!headers)
+ return NULL;
while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
/* If whitespace at line start then continuation line */
if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
Index: crypto/openssl/crypto/asn1/asn_pack.c
===================================================================
--- crypto/openssl/crypto/asn1/asn_pack.c (revision 279126)
+++ crypto/openssl/crypto/asn1/asn_pack.c (working copy)
@@ -134,15 +134,23 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_vo
if (!(octmp->length = i2d(obj, NULL))) {
ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
- return NULL;
+ goto err;
}
if (!(p = OPENSSL_malloc (octmp->length))) {
ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
- return NULL;
+ goto err;
}
octmp->data = p;
i2d (obj, &p);
return octmp;
+ err:
+ if (!oct || !*oct)
+ {
+ ASN1_STRING_free(octmp);
+ if (oct)
+ *oct = NULL;
+ }
+ return NULL;
}
#endif
Index: crypto/openssl/crypto/asn1/evp_asn1.c
===================================================================
--- crypto/openssl/crypto/asn1/evp_asn1.c (revision 279126)
+++ crypto/openssl/crypto/asn1/evp_asn1.c (working copy)
@@ -66,7 +66,11 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsign
ASN1_STRING *os;
if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0);
- if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0);
+ if (!M_ASN1_OCTET_STRING_set(os,data,len))
+ {
+ M_ASN1_OCTET_STRING_free(os);
+ return 0;
+ }
ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);
return(1);
}
Index: crypto/openssl/crypto/asn1/t_x509.c
===================================================================
--- crypto/openssl/crypto/asn1/t_x509.c (revision 279126)
+++ crypto/openssl/crypto/asn1/t_x509.c (working copy)
@@ -465,6 +465,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int
l=80-2-obase;
b=X509_NAME_oneline(name,NULL,0);
+ if (!b)
+ return 0;
if (!*b)
{
OPENSSL_free(b);
Index: crypto/openssl/crypto/asn1/tasn_enc.c
===================================================================
--- crypto/openssl/crypto/asn1/tasn_enc.c (revision 279126)
+++ crypto/openssl/crypto/asn1/tasn_enc.c (working copy)
@@ -453,9 +453,14 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *
{
derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
* sizeof(*derlst));
+ if (!derlst)
+ return 0;
tmpdat = OPENSSL_malloc(skcontlen);
- if (!derlst || !tmpdat)
+ if (!tmpdat)
+ {
+ OPENSSL_free(derlst);
return 0;
+ }
}
}
/* If not sorting just output each item */
Index: crypto/openssl/crypto/bio/bio_lib.c
===================================================================
--- crypto/openssl/crypto/bio/bio_lib.c (revision 279126)
+++ crypto/openssl/crypto/bio/bio_lib.c (working copy)
@@ -132,8 +132,8 @@ int BIO_free(BIO *a)
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
- if ((a->method == NULL) || (a->method->destroy == NULL)) return(1);
- a->method->destroy(a);
+ if ((a->method != NULL) && (a->method->destroy != NULL))
+ a->method->destroy(a);
OPENSSL_free(a);
return(1);
}
Index: crypto/openssl/crypto/bn/asm/x86_64-gcc.c
===================================================================
--- crypto/openssl/crypto/bn/asm/x86_64-gcc.c (revision 279126)
+++ crypto/openssl/crypto/bn/asm/x86_64-gcc.c (working copy)
@@ -185,7 +185,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULON
if (n <= 0) return 0;
- asm (
+ asm volatile (
" subq %2,%2 \n"
".align 16 \n"
"1: movq (%4,%2,8),%0 \n"
@@ -196,7 +196,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULON
" sbbq %0,%0 \n"
: "=&a"(ret),"+c"(n),"=&r"(i)
: "r"(rp),"r"(ap),"r"(bp)
- : "cc"
+ : "cc", "memory"
);
return ret&1;
@@ -208,7 +208,7 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULON
if (n <= 0) return 0;
- asm (
+ asm volatile (
" subq %2,%2 \n"
".align 16 \n"
"1: movq (%4,%2,8),%0 \n"
@@ -219,7 +219,7 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULON
" sbbq %0,%0 \n"
: "=&a"(ret),"+c"(n),"=&r"(i)
: "r"(rp),"r"(ap),"r"(bp)
- : "cc"
+ : "cc", "memory"
);
return ret&1;
Index: crypto/openssl/crypto/bn/bn_exp.c
===================================================================
--- crypto/openssl/crypto/bn/bn_exp.c (revision 279126)
+++ crypto/openssl/crypto/bn/bn_exp.c (working copy)
@@ -767,7 +767,14 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, c
bits = BN_num_bits(p);
if (bits == 0)
{
- ret = BN_one(rr);
+ /* x**0 mod 1 is still zero. */
+ if (BN_is_one(m))
+ {
+ ret = 1;
+ BN_zero(rr);
+ }
+ else
+ ret = BN_one(rr);
return ret;
}
if (a == 0)
Index: crypto/openssl/crypto/bn/bn_gf2m.c
===================================================================
--- crypto/openssl/crypto/bn/bn_gf2m.c (revision 279126)
+++ crypto/openssl/crypto/bn/bn_gf2m.c (working copy)
@@ -1095,3 +1095,54 @@ int BN_GF2m_arr2poly(const unsigned int p[], BIGNU
return 1;
}
+/*
+ * Constant-time conditional swap of a and b.
+ * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
+ * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
+ * and that no more than nwords are used by either a or b.
+ * a and b cannot be the same number
+ */
+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
+ {
+ BN_ULONG t;
+ int i;
+
+ bn_wcheck_size(a, nwords);
+ bn_wcheck_size(b, nwords);
+
+ assert(a != b);
+ assert((condition & (condition - 1)) == 0);
+ assert(sizeof(BN_ULONG) >= sizeof(int));
+
+ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
+
+ t = (a->top^b->top) & condition;
+ a->top ^= t;
+ b->top ^= t;
+
+#define BN_CONSTTIME_SWAP(ind) \
+ do { \
+ t = (a->d[ind] ^ b->d[ind]) & condition; \
+ a->d[ind] ^= t; \
+ b->d[ind] ^= t; \
+ } while (0)
+
+
+ switch (nwords) {
+ default:
+ for (i = 10; i < nwords; i++)
+ BN_CONSTTIME_SWAP(i);
+ /* Fallthrough */
+ case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
+ case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
+ case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
+ case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
+ case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
+ case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
+ case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
+ case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
+ case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
+ case 1: BN_CONSTTIME_SWAP(0);
+ }
+#undef BN_CONSTTIME_SWAP
+}
Index: crypto/openssl/crypto/bn/bn_lib.c
===================================================================
--- crypto/openssl/crypto/bn/bn_lib.c (revision 279126)
+++ crypto/openssl/crypto/bn/bn_lib.c (working copy)
@@ -320,6 +320,15 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *
BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
return(NULL);
}
+#ifdef PURIFY
+ /* Valgrind complains in BN_consttime_swap because we process the whole
+ * array even if it's not initialised yet. This doesn't matter in that
+ * function - what's important is constant time operation (we're not
+ * actually going to use the data)
+ */
+ memset(a, 0, sizeof(BN_ULONG)*words);
+#endif
+
#if 1
B=b->d;
/* Check if the previous number needs to be copied */
@@ -824,55 +833,3 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_
}
return bn_cmp_words(a,b,cl);
}
-
-/*
- * Constant-time conditional swap of a and b.
- * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
- * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
- * and that no more than nwords are used by either a or b.
- * a and b cannot be the same number
- */
-void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
- {
- BN_ULONG t;
- int i;
-
- bn_wcheck_size(a, nwords);
- bn_wcheck_size(b, nwords);
-
- assert(a != b);
- assert((condition & (condition - 1)) == 0);
- assert(sizeof(BN_ULONG) >= sizeof(int));
-
- condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
-
- t = (a->top^b->top) & condition;
- a->top ^= t;
- b->top ^= t;
-
-#define BN_CONSTTIME_SWAP(ind) \
- do { \
- t = (a->d[ind] ^ b->d[ind]) & condition; \
- a->d[ind] ^= t; \
- b->d[ind] ^= t; \
- } while (0)
-
-
- switch (nwords) {
- default:
- for (i = 10; i < nwords; i++)
- BN_CONSTTIME_SWAP(i);
- /* Fallthrough */
- case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
- case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
- case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
- case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
- case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
- case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
- case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
- case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
- case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
- case 1: BN_CONSTTIME_SWAP(0);
- }
-#undef BN_CONSTTIME_SWAP
-}
Index: crypto/openssl/crypto/bn/bn_sqr.c
===================================================================
--- crypto/openssl/crypto/bn/bn_sqr.c (revision 279126)
+++ crypto/openssl/crypto/bn/bn_sqr.c (working copy)
@@ -77,6 +77,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx
if (al <= 0)
{
r->top=0;
+ r->neg = 0;
return 1;
}
Index: crypto/openssl/crypto/bn/exptest.c
===================================================================
--- crypto/openssl/crypto/bn/exptest.c (revision 279126)
+++ crypto/openssl/crypto/bn/exptest.c (working copy)
@@ -71,6 +71,48 @@
static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+/*
+ * Disabled for FIPS capable builds because they use the FIPS BIGNUM library
+ * which will fail this test.
+ */
+#ifndef OPENSSL_FIPS
+/* test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. */
+static int test_exp_mod_zero() {
+ BIGNUM a, p, m;
+ BIGNUM r;
+ BN_CTX *ctx = BN_CTX_new();
+ int ret = 1;
+
+ BN_init(&m);
+ BN_one(&m);
+
+ BN_init(&a);
+ BN_one(&a);
+
+ BN_init(&p);
+ BN_zero(&p);
+
+ BN_init(&r);
+ BN_mod_exp(&r, &a, &p, &m, ctx);
+ BN_CTX_free(ctx);
+
+ if (BN_is_zero(&r))
+ ret = 0;
+ else
+ {
+ printf("1**0 mod 1 = ");
+ BN_print_fp(stdout, &r);
+ printf(", should be 0\n");
+ }
+
+ BN_free(&r);
+ BN_free(&a);
+ BN_free(&p);
+ BN_free(&m);
+
+ return ret;
+}
+#endif
int main(int argc, char *argv[])
{
BN_CTX *ctx;
@@ -190,7 +232,13 @@ int main(int argc, char *argv[])
ERR_remove_state(0);
CRYPTO_mem_leaks(out);
BIO_free(out);
- printf(" done\n");
+ printf("\n");
+#ifndef OPENSSL_FIPS
+ if (test_exp_mod_zero() != 0)
+ goto err;
+#endif
+ printf("done\n");
+
EXIT(0);
err:
ERR_load_crypto_strings();
Index: crypto/openssl/crypto/conf/conf_api.c
===================================================================
--- crypto/openssl/crypto/conf/conf_api.c (revision 279126)
+++ crypto/openssl/crypto/conf/conf_api.c (working copy)
@@ -294,7 +294,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const ch
v->value=(char *)sk;
vv=(CONF_VALUE *)lh_insert(conf->data,v);
- assert(vv == NULL);
+ OPENSSL_assert(vv == NULL);
ok=1;
err:
if (!ok)
Index: crypto/openssl/crypto/conf/conf_def.c
===================================================================
--- crypto/openssl/crypto/conf/conf_def.c (revision 279126)
+++ crypto/openssl/crypto/conf/conf_def.c (working copy)
@@ -324,7 +324,7 @@ again:
p=eat_ws(conf, end);
if (*p != ']')
{
- if (*p != '\0')
+ if (*p != '\0' && ss != p)
{
ss=p;
goto again;
Index: crypto/openssl/crypto/constant_time_locl.h
===================================================================
--- crypto/openssl/crypto/constant_time_locl.h (revision 0)
+++ crypto/openssl/crypto/constant_time_locl.h (working copy)
@@ -0,0 +1,206 @@
+/* crypto/constant_time_locl.h */
+/*
+ * Utilities for constant-time cryptography.
+ *
+ * Author: Emilia Kasper (emilia@openssl.org)
+ * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley
+ * (Google).
+ * ====================================================================
+ * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_CONSTANT_TIME_LOCL_H
+#define HEADER_CONSTANT_TIME_LOCL_H
+
+#include "e_os.h" /* For 'inline' */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * The boolean methods return a bitmask of all ones (0xff...f) for true
+ * and 0 for false. This is useful for choosing a value based on the result
+ * of a conditional in constant time. For example,
+ *
+ * if (a < b) {
+ * c = a;
+ * } else {
+ * c = b;
+ * }
+ *
+ * can be written as
+ *
+ * unsigned int lt = constant_time_lt(a, b);
+ * c = constant_time_select(lt, a, b);
+ */
+
+/*
+ * Returns the given value with the MSB copied to all the other
+ * bits. Uses the fact that arithmetic shift shifts-in the sign bit.
+ * However, this is not ensured by the C standard so you may need to
+ * replace this with something else on odd CPUs.
+ */
+static inline unsigned int constant_time_msb(unsigned int a);
+
+/*
+ * Returns 0xff..f if a < b and 0 otherwise.
+ */
+static inline unsigned int constant_time_lt(unsigned int a, unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b);
+
+/*
+ * Returns 0xff..f if a >= b and 0 otherwise.
+ */
+static inline unsigned int constant_time_ge(unsigned int a, unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b);
+
+/*
+ * Returns 0xff..f if a == 0 and 0 otherwise.
+ */
+static inline unsigned int constant_time_is_zero(unsigned int a);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_is_zero_8(unsigned int a);
+
+
+/*
+ * Returns 0xff..f if a == b and 0 otherwise.
+ */
+static inline unsigned int constant_time_eq(unsigned int a, unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b);
+/* Signed integers. */
+static inline unsigned int constant_time_eq_int(int a, int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_eq_int_8(int a, int b);
+
+
+/*
+ * Returns (mask & a) | (~mask & b).
+ *
+ * When |mask| is all 1s or all 0s (as returned by the methods above),
+ * the select methods return either |a| (if |mask| is nonzero) or |b|
+ * (if |mask| is zero).
+ */
+static inline unsigned int constant_time_select(unsigned int mask,
+ unsigned int a, unsigned int b);
+/* Convenience method for unsigned chars. */
+static inline unsigned char constant_time_select_8(unsigned char mask,
+ unsigned char a, unsigned char b);
+/* Convenience method for signed integers. */
+static inline int constant_time_select_int(unsigned int mask, int a, int b);
+
+static inline unsigned int constant_time_msb(unsigned int a)
+ {
+ return 0-(a >> (sizeof(a) * 8 - 1));
+ }
+
+static inline unsigned int constant_time_lt(unsigned int a, unsigned int b)
+ {
+ return constant_time_msb(a^((a^b)|((a-b)^b)));
+ }
+
+static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b)
+ {
+ return (unsigned char)(constant_time_lt(a, b));
+ }
+
+static inline unsigned int constant_time_ge(unsigned int a, unsigned int b)
+ {
+ return ~constant_time_lt(a, b);
+ }
+
+static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b)
+ {
+ return (unsigned char)(constant_time_ge(a, b));
+ }
+
+static inline unsigned int constant_time_is_zero(unsigned int a)
+ {
+ return constant_time_msb(~a & (a - 1));
+ }
+
+static inline unsigned char constant_time_is_zero_8(unsigned int a)
+ {
+ return (unsigned char)(constant_time_is_zero(a));
+ }
+
+static inline unsigned int constant_time_eq(unsigned int a, unsigned int b)
+ {
+ return constant_time_is_zero(a ^ b);
+ }
+
+static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b)
+ {
+ return (unsigned char)(constant_time_eq(a, b));
+ }
+
+static inline unsigned int constant_time_eq_int(int a, int b)
+ {
+ return constant_time_eq((unsigned)(a), (unsigned)(b));
+ }
+
+static inline unsigned char constant_time_eq_int_8(int a, int b)
+ {
+ return constant_time_eq_8((unsigned)(a), (unsigned)(b));
+ }
+
+static inline unsigned int constant_time_select(unsigned int mask,
+ unsigned int a, unsigned int b)
+ {
+ return (mask & a) | (~mask & b);
+ }
+
+static inline unsigned char constant_time_select_8(unsigned char mask,
+ unsigned char a, unsigned char b)
+ {
+ return (unsigned char)(constant_time_select(mask, a, b));
+ }
+
+static inline int constant_time_select_int(unsigned int mask, int a, int b)
+ {
+ return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
+ }
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HEADER_CONSTANT_TIME_LOCL_H */
Index: crypto/openssl/crypto/constant_time_test.c
===================================================================
--- crypto/openssl/crypto/constant_time_test.c (revision 0)
+++ crypto/openssl/crypto/constant_time_test.c (working copy)
@@ -0,0 +1,330 @@
+/* crypto/constant_time_test.c */
+/*
+ * Utilities for constant-time cryptography.
+ *
+ * Author: Emilia Kasper (emilia@openssl.org)
+ * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley
+ * (Google).
+ * ====================================================================
+ * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "../crypto/constant_time_locl.h"
+
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+static const unsigned int CONSTTIME_TRUE = (unsigned)(~0);
+static const unsigned int CONSTTIME_FALSE = 0;
+static const unsigned char CONSTTIME_TRUE_8 = 0xff;
+static const unsigned char CONSTTIME_FALSE_8 = 0;
+
+static int test_binary_op(unsigned int (*op)(unsigned int a, unsigned int b),
+ const char* op_name, unsigned int a, unsigned int b, int is_true)
+ {
+ unsigned c = op(a, b);
+ if (is_true && c != CONSTTIME_TRUE)
+ {
+ fprintf(stderr, "Test failed for %s(%du, %du): expected %du "
+ "(TRUE), got %du\n", op_name, a, b, CONSTTIME_TRUE, c);
+ return 1;
+ }
+ else if (!is_true && c != CONSTTIME_FALSE)
+ {
+ fprintf(stderr, "Test failed for %s(%du, %du): expected %du "
+ "(FALSE), got %du\n", op_name, a, b, CONSTTIME_FALSE,
+ c);
+ return 1;
+ }
+ return 0;
+ }
+
+static int test_binary_op_8(unsigned char (*op)(unsigned int a, unsigned int b),
+ const char* op_name, unsigned int a, unsigned int b, int is_true)
+ {
+ unsigned char c = op(a, b);
+ if (is_true && c != CONSTTIME_TRUE_8)
+ {
+ fprintf(stderr, "Test failed for %s(%du, %du): expected %u "
+ "(TRUE), got %u\n", op_name, a, b, CONSTTIME_TRUE_8, c);
+ return 1;
+ }
+ else if (!is_true && c != CONSTTIME_FALSE_8)
+ {
+ fprintf(stderr, "Test failed for %s(%du, %du): expected %u "
+ "(FALSE), got %u\n", op_name, a, b, CONSTTIME_FALSE_8,
+ c);
+ return 1;
+ }
+ return 0;
+ }
+
+static int test_is_zero(unsigned int a)
+ {
+ unsigned int c = constant_time_is_zero(a);
+ if (a == 0 && c != CONSTTIME_TRUE)
+ {
+ fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
+ "expected %du (TRUE), got %du\n", a, CONSTTIME_TRUE, c);
+ return 1;
+ }
+ else if (a != 0 && c != CONSTTIME_FALSE)
+ {
+ fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
+ "expected %du (FALSE), got %du\n", a, CONSTTIME_FALSE,
+ c);
+ return 1;
+ }
+ return 0;
+ }
+
+static int test_is_zero_8(unsigned int a)
+ {
+ unsigned char c = constant_time_is_zero_8(a);
+ if (a == 0 && c != CONSTTIME_TRUE_8)
+ {
+ fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
+ "expected %u (TRUE), got %u\n", a, CONSTTIME_TRUE_8, c);
+ return 1;
+ }
+ else if (a != 0 && c != CONSTTIME_FALSE)
+ {
+ fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
+ "expected %u (FALSE), got %u\n", a, CONSTTIME_FALSE_8,
+ c);
+ return 1;
+ }
+ return 0;
+ }
+
+static int test_select(unsigned int a, unsigned int b)
+ {
+ unsigned int selected = constant_time_select(CONSTTIME_TRUE, a, b);
+ if (selected != a)
+ {
+ fprintf(stderr, "Test failed for constant_time_select(%du, %du,"
+ "%du): expected %du(first value), got %du\n",
+ CONSTTIME_TRUE, a, b, a, selected);
+ return 1;
+ }
+ selected = constant_time_select(CONSTTIME_FALSE, a, b);
+ if (selected != b)
+ {
+ fprintf(stderr, "Test failed for constant_time_select(%du, %du,"
+ "%du): expected %du(second value), got %du\n",
+ CONSTTIME_FALSE, a, b, b, selected);
+ return 1;
+ }
+ return 0;
+ }
+
+static int test_select_8(unsigned char a, unsigned char b)
+ {
+ unsigned char selected = constant_time_select_8(CONSTTIME_TRUE_8, a, b);
+ if (selected != a)
+ {
+ fprintf(stderr, "Test failed for constant_time_select(%u, %u,"
+ "%u): expected %u(first value), got %u\n",
+ CONSTTIME_TRUE, a, b, a, selected);
+ return 1;
+ }
+ selected = constant_time_select_8(CONSTTIME_FALSE_8, a, b);
+ if (selected != b)
+ {
+ fprintf(stderr, "Test failed for constant_time_select(%u, %u,"
+ "%u): expected %u(second value), got %u\n",
+ CONSTTIME_FALSE, a, b, b, selected);
+ return 1;
+ }
+ return 0;
+ }
+
+static int test_select_int(int a, int b)
+ {
+ int selected = constant_time_select_int(CONSTTIME_TRUE, a, b);
+ if (selected != a)
+ {
+ fprintf(stderr, "Test failed for constant_time_select(%du, %d,"
+ "%d): expected %d(first value), got %d\n",
+ CONSTTIME_TRUE, a, b, a, selected);
+ return 1;
+ }
+ selected = constant_time_select_int(CONSTTIME_FALSE, a, b);
+ if (selected != b)
+ {
+ fprintf(stderr, "Test failed for constant_time_select(%du, %d,"
+ "%d): expected %d(second value), got %d\n",
+ CONSTTIME_FALSE, a, b, b, selected);
+ return 1;
+ }
+ return 0;
+ }
+
+static int test_eq_int(int a, int b)
+ {
+ unsigned int equal = constant_time_eq_int(a, b);
+ if (a == b && equal != CONSTTIME_TRUE)
+ {
+ fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): "
+ "expected %du(TRUE), got %du\n",
+ a, b, CONSTTIME_TRUE, equal);
+ return 1;
+ }
+ else if (a != b && equal != CONSTTIME_FALSE)
+ {
+ fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): "
+ "expected %du(FALSE), got %du\n",
+ a, b, CONSTTIME_FALSE, equal);
+ return 1;
+ }
+ return 0;
+ }
+
+static int test_eq_int_8(int a, int b)
+ {
+ unsigned char equal = constant_time_eq_int_8(a, b);
+ if (a == b && equal != CONSTTIME_TRUE_8)
+ {
+ fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): "
+ "expected %u(TRUE), got %u\n",
+ a, b, CONSTTIME_TRUE_8, equal);
+ return 1;
+ }
+ else if (a != b && equal != CONSTTIME_FALSE_8)
+ {
+ fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): "
+ "expected %u(FALSE), got %u\n",
+ a, b, CONSTTIME_FALSE_8, equal);
+ return 1;
+ }
+ return 0;
+ }
+
+static unsigned int test_values[] = {0, 1, 1024, 12345, 32000, UINT_MAX/2-1,
+ UINT_MAX/2, UINT_MAX/2+1, UINT_MAX-1,
+ UINT_MAX};
+
+static unsigned char test_values_8[] = {0, 1, 2, 20, 32, 127, 128, 129, 255};
+
+static int signed_test_values[] = {0, 1, -1, 1024, -1024, 12345, -12345,
+ 32000, -32000, INT_MAX, INT_MIN, INT_MAX-1,
+ INT_MIN+1};
+
+
+int main(int argc, char *argv[])
+ {
+ unsigned int a, b, i, j;
+ int c, d;
+ unsigned char e, f;
+ int num_failed = 0, num_all = 0;
+ fprintf(stdout, "Testing constant time operations...\n");
+
+ for (i = 0; i < sizeof(test_values)/sizeof(int); ++i)
+ {
+ a = test_values[i];
+ num_failed += test_is_zero(a);
+ num_failed += test_is_zero_8(a);
+ num_all += 2;
+ for (j = 0; j < sizeof(test_values)/sizeof(int); ++j)
+ {
+ b = test_values[j];
+ num_failed += test_binary_op(&constant_time_lt,
+ "constant_time_lt", a, b, a < b);
+ num_failed += test_binary_op_8(&constant_time_lt_8,
+ "constant_time_lt_8", a, b, a < b);
+ num_failed += test_binary_op(&constant_time_lt,
+ "constant_time_lt_8", b, a, b < a);
+ num_failed += test_binary_op_8(&constant_time_lt_8,
+ "constant_time_lt_8", b, a, b < a);
+ num_failed += test_binary_op(&constant_time_ge,
+ "constant_time_ge", a, b, a >= b);
+ num_failed += test_binary_op_8(&constant_time_ge_8,
+ "constant_time_ge_8", a, b, a >= b);
+ num_failed += test_binary_op(&constant_time_ge,
+ "constant_time_ge", b, a, b >= a);
+ num_failed += test_binary_op_8(&constant_time_ge_8,
+ "constant_time_ge_8", b, a, b >= a);
+ num_failed += test_binary_op(&constant_time_eq,
+ "constant_time_eq", a, b, a == b);
+ num_failed += test_binary_op_8(&constant_time_eq_8,
+ "constant_time_eq_8", a, b, a == b);
+ num_failed += test_binary_op(&constant_time_eq,
+ "constant_time_eq", b, a, b == a);
+ num_failed += test_binary_op_8(&constant_time_eq_8,
+ "constant_time_eq_8", b, a, b == a);
+ num_failed += test_select(a, b);
+ num_all += 13;
+ }
+ }
+
+ for (i = 0; i < sizeof(signed_test_values)/sizeof(int); ++i)
+ {
+ c = signed_test_values[i];
+ for (j = 0; j < sizeof(signed_test_values)/sizeof(int); ++j)
+ {
+ d = signed_test_values[j];
+ num_failed += test_select_int(c, d);
+ num_failed += test_eq_int(c, d);
+ num_failed += test_eq_int_8(c, d);
+ num_all += 3;
+ }
+ }
+
+ for (i = 0; i < sizeof(test_values_8); ++i)
+ {
+ e = test_values_8[i];
+ for (j = 0; j < sizeof(test_values_8); ++j)
+ {
+ f = test_values_8[j];
+ num_failed += test_select_8(e, f);
+ num_all += 1;
+ }
+ }
+
+ if (!num_failed)
+ {
+ fprintf(stdout, "ok (ran %d tests)\n", num_all);
+ return EXIT_SUCCESS;
+ }
+ else
+ {
+ fprintf(stdout, "%d of %d tests failed!\n", num_failed, num_all);
+ return EXIT_FAILURE;
+ }
+ }
Index: crypto/openssl/crypto/ec/ec_key.c
===================================================================
--- crypto/openssl/crypto/ec/ec_key.c (revision 279126)
+++ crypto/openssl/crypto/ec/ec_key.c (working copy)
@@ -64,7 +64,6 @@
#include <string.h>
#include "ec_lcl.h"
#include <openssl/err.h>
-#include <string.h>
EC_KEY *EC_KEY_new(void)
{
Index: crypto/openssl/crypto/ec/ec_lib.c
===================================================================
--- crypto/openssl/crypto/ec/ec_lib.c (revision 279126)
+++ crypto/openssl/crypto/ec/ec_lib.c (working copy)
@@ -1010,7 +1010,7 @@ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *
int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
{
- if (group->meth->dbl == 0)
+ if (group->meth->invert == 0)
{
ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
Index: crypto/openssl/crypto/ec/ecp_smpl.c
===================================================================
--- crypto/openssl/crypto/ec/ecp_smpl.c (revision 279126)
+++ crypto/openssl/crypto/ec/ecp_smpl.c (working copy)
@@ -1540,9 +1540,8 @@ int ec_GFp_simple_make_affine(const EC_GROUP *grou
int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
{
BN_CTX *new_ctx = NULL;
- BIGNUM *tmp0, *tmp1;
- size_t pow2 = 0;
- BIGNUM **heap = NULL;
+ BIGNUM *tmp, *tmp_Z;
+ BIGNUM **prod_Z = NULL;
size_t i;
int ret = 0;
@@ -1557,124 +1556,104 @@ int ec_GFp_simple_points_make_affine(const EC_GROU
}
BN_CTX_start(ctx);
- tmp0 = BN_CTX_get(ctx);
- tmp1 = BN_CTX_get(ctx);
- if (tmp0 == NULL || tmp1 == NULL) goto err;
+ tmp = BN_CTX_get(ctx);
+ tmp_Z = BN_CTX_get(ctx);
+ if (tmp == NULL || tmp_Z == NULL) goto err;
- /* Before converting the individual points, compute inverses of all Z values.
- * Modular inversion is rather slow, but luckily we can do with a single
- * explicit inversion, plus about 3 multiplications per input value.
- */
+ prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]);
+ if (prod_Z == NULL) goto err;
+ for (i = 0; i < num; i++)
+ {
+ prod_Z[i] = BN_new();
+ if (prod_Z[i] == NULL) goto err;
+ }
- pow2 = 1;
- while (num > pow2)
- pow2 <<= 1;
- /* Now pow2 is the smallest power of 2 satifsying pow2 >= num.
- * We need twice that. */
- pow2 <<= 1;
+ /* Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z,
+ * skipping any zero-valued inputs (pretend that they're 1). */
- heap = OPENSSL_malloc(pow2 * sizeof heap[0]);
- if (heap == NULL) goto err;
-
- /* The array is used as a binary tree, exactly as in heapsort:
- *
- * heap[1]
- * heap[2] heap[3]
- * heap[4] heap[5] heap[6] heap[7]
- * heap[8]heap[9] heap[10]heap[11] heap[12]heap[13] heap[14] heap[15]
- *
- * We put the Z's in the last line;
- * then we set each other node to the product of its two child-nodes (where
- * empty or 0 entries are treated as ones);
- * then we invert heap[1];
- * then we invert each other node by replacing it by the product of its
- * parent (after inversion) and its sibling (before inversion).
- */
- heap[0] = NULL;
- for (i = pow2/2 - 1; i > 0; i--)
- heap[i] = NULL;
- for (i = 0; i < num; i++)
- heap[pow2/2 + i] = &points[i]->Z;
- for (i = pow2/2 + num; i < pow2; i++)
- heap[i] = NULL;
-
- /* set each node to the product of its children */
- for (i = pow2/2 - 1; i > 0; i--)
+ if (!BN_is_zero(&points[0]->Z))
{
- heap[i] = BN_new();
- if (heap[i] == NULL) goto err;
-
- if (heap[2*i] != NULL)
+ if (!BN_copy(prod_Z[0], &points[0]->Z)) goto err;
+ }
+ else
+ {
+ if (group->meth->field_set_to_one != 0)
{
- if ((heap[2*i + 1] == NULL) || BN_is_zero(heap[2*i + 1]))
- {
- if (!BN_copy(heap[i], heap[2*i])) goto err;
- }
- else
- {
- if (BN_is_zero(heap[2*i]))
- {
- if (!BN_copy(heap[i], heap[2*i + 1])) goto err;
- }
- else
- {
- if (!group->meth->field_mul(group, heap[i],
- heap[2*i], heap[2*i + 1], ctx)) goto err;
- }
- }
+ if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) goto err;
}
+ else
+ {
+ if (!BN_one(prod_Z[0])) goto err;
+ }
}
- /* invert heap[1] */
- if (!BN_is_zero(heap[1]))
+ for (i = 1; i < num; i++)
{
- if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx))
+ if (!BN_is_zero(&points[i]->Z))
{
- ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
- goto err;
+ if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], &points[i]->Z, ctx)) goto err;
}
+ else
+ {
+ if (!BN_copy(prod_Z[i], prod_Z[i - 1])) goto err;
+ }
}
+
+ /* Now use a single explicit inversion to replace every
+ * non-zero points[i]->Z by its inverse. */
+
+ if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx))
+ {
+ ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
+ goto err;
+ }
if (group->meth->field_encode != 0)
{
- /* in the Montgomery case, we just turned R*H (representing H)
+ /* In the Montgomery case, we just turned R*H (representing H)
* into 1/(R*H), but we need R*(1/H) (representing 1/H);
- * i.e. we have need to multiply by the Montgomery factor twice */
- if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;
- if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;
+ * i.e. we need to multiply by the Montgomery factor twice. */
+ if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err;
+ if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err;
}
- /* set other heap[i]'s to their inverses */
- for (i = 2; i < pow2/2 + num; i += 2)
+ for (i = num - 1; i > 0; --i)
{
- /* i is even */
- if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1]))
+ /* Loop invariant: tmp is the product of the inverses of
+ * points[0]->Z .. points[i]->Z (zero-valued inputs skipped). */
+ if (!BN_is_zero(&points[i]->Z))
{
- if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err;
- if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err;
- if (!BN_copy(heap[i], tmp0)) goto err;
- if (!BN_copy(heap[i + 1], tmp1)) goto err;
+ /* Set tmp_Z to the inverse of points[i]->Z (as product
+ * of Z inverses 0 .. i, Z values 0 .. i - 1). */
+ if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) goto err;
+ /* Update tmp to satisfy the loop invariant for i - 1. */
+ if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) goto err;
+ /* Replace points[i]->Z by its inverse. */
+ if (!BN_copy(&points[i]->Z, tmp_Z)) goto err;
}
- else
- {
- if (!BN_copy(heap[i], heap[i/2])) goto err;
- }
}
- /* we have replaced all non-zero Z's by their inverses, now fix up all the points */
+ if (!BN_is_zero(&points[0]->Z))
+ {
+ /* Replace points[0]->Z by its inverse. */
+ if (!BN_copy(&points[0]->Z, tmp)) goto err;
+ }
+
+ /* Finally, fix up the X and Y coordinates for all points. */
+
for (i = 0; i < num; i++)
{
EC_POINT *p = points[i];
-
+
if (!BN_is_zero(&p->Z))
{
/* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */
- if (!group->meth->field_sqr(group, tmp1, &p->Z, ctx)) goto err;
- if (!group->meth->field_mul(group, &p->X, &p->X, tmp1, ctx)) goto err;
+ if (!group->meth->field_sqr(group, tmp, &p->Z, ctx)) goto err;
+ if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx)) goto err;
- if (!group->meth->field_mul(group, tmp1, tmp1, &p->Z, ctx)) goto err;
- if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp1, ctx)) goto err;
-
+ if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx)) goto err;
+ if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx)) goto err;
+
if (group->meth->field_set_to_one != 0)
{
if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err;
@@ -1688,20 +1667,19 @@ int ec_GFp_simple_points_make_affine(const EC_GROU
}
ret = 1;
-
+
err:
BN_CTX_end(ctx);
if (new_ctx != NULL)
BN_CTX_free(new_ctx);
- if (heap != NULL)
+ if (prod_Z != NULL)
{
- /* heap[pow2/2] .. heap[pow2-1] have not been allocated locally! */
- for (i = pow2/2 - 1; i > 0; i--)
+ for (i = 0; i < num; i++)
{
- if (heap[i] != NULL)
- BN_clear_free(heap[i]);
+ if (prod_Z[i] == NULL) break;
+ BN_clear_free(prod_Z[i]);
}
- OPENSSL_free(heap);
+ OPENSSL_free(prod_Z);
}
return ret;
}
Index: crypto/openssl/crypto/ecdsa/Makefile
===================================================================
--- crypto/openssl/crypto/ecdsa/Makefile (revision 279126)
+++ crypto/openssl/crypto/ecdsa/Makefile (working copy)
@@ -128,11 +128,12 @@ ecs_sign.o: ../../include/openssl/safestack.h ../.
ecs_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ecs_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
ecs_sign.o: ecs_locl.h ecs_sign.c
-ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
+ecs_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
+ecs_vrf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ecs_vrf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+ecs_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
ecs_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
ecs_vrf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
ecs_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
@@ -140,4 +141,4 @@ ecs_vrf.o: ../../include/openssl/ossl_typ.h ../../
ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
ecs_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ecs_vrf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-ecs_vrf.o: ecs_locl.h ecs_vrf.c
+ecs_vrf.o: ../cryptlib.h ecs_locl.h ecs_vrf.c
Index: crypto/openssl/crypto/idea/ideatest.c
===================================================================
--- crypto/openssl/crypto/idea/ideatest.c (revision 279126)
+++ crypto/openssl/crypto/idea/ideatest.c (working copy)
@@ -199,10 +199,10 @@ static int cfb64_test(unsigned char *cfb_cipher)
}
memcpy(cfb_tmp,cfb_iv,8);
n=0;
- idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks,
+ idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)13,&eks,
cfb_tmp,&n,IDEA_DECRYPT);
- idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
- (long)CFB_TEST_SIZE-17,&dks,
+ idea_cfb64_encrypt(&(cfb_buf1[13]),&(cfb_buf2[13]),
+ (long)CFB_TEST_SIZE-13,&eks,
cfb_tmp,&n,IDEA_DECRYPT);
if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0)
{
Index: crypto/openssl/crypto/md32_common.h
===================================================================
--- crypto/openssl/crypto/md32_common.h (revision 279126)
+++ crypto/openssl/crypto/md32_common.h (working copy)
@@ -225,8 +225,7 @@
#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \
l|=(((unsigned long)(*((c)++)))<<16), \
l|=(((unsigned long)(*((c)++)))<< 8), \
- l|=(((unsigned long)(*((c)++))) ), \
- l)
+ l|=(((unsigned long)(*((c)++))) ) )
#endif
#ifndef HOST_l2c
#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
@@ -262,8 +261,7 @@
#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \
l|=(((unsigned long)(*((c)++)))<< 8), \
l|=(((unsigned long)(*((c)++)))<<16), \
- l|=(((unsigned long)(*((c)++)))<<24), \
- l)
+ l|=(((unsigned long)(*((c)++)))<<24) )
#endif
#ifndef HOST_l2c
#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
Index: crypto/openssl/crypto/ocsp/ocsp_ht.c
===================================================================
--- crypto/openssl/crypto/ocsp/ocsp_ht.c (revision 279126)
+++ crypto/openssl/crypto/ocsp/ocsp_ht.c (working copy)
@@ -464,6 +464,9 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path
ctx = OCSP_sendreq_new(b, path, req, -1);
+ if (!ctx)
+ return NULL;
+
do
{
rv = OCSP_sendreq_nbio(&resp, ctx);
Index: crypto/openssl/crypto/ocsp/ocsp_lib.c
===================================================================
--- crypto/openssl/crypto/ocsp/ocsp_lib.c (revision 279126)
+++ crypto/openssl/crypto/ocsp/ocsp_lib.c (working copy)
@@ -220,8 +220,19 @@ int OCSP_parse_url(char *url, char **phost, char *
if (!*ppath) goto mem_err;
+ p = host;
+ if(host[0] == '[')
+ {
+ /* ipv6 literal */
+ host++;
+ p = strchr(host, ']');
+ if(!p) goto parse_err;
+ *p = '\0';
+ p++;
+ }
+
/* Look for optional ':' for port number */
- if ((p = strchr(host, ':')))
+ if ((p = strchr(p, ':')))
{
*p = 0;
port = p + 1;
Index: crypto/openssl/crypto/opensslv.h
===================================================================
--- crypto/openssl/crypto/opensslv.h (revision 279126)
+++ crypto/openssl/crypto/opensslv.h (working copy)
@@ -25,11 +25,11 @@
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x009081afL
+#define OPENSSL_VERSION_NUMBER 0x009081dfL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za-fips 5 Jun 2014"
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zd-fips 8 Jan 2015"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za-freebsd 5 Jun 2014"
+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zd-freebsd 8 Jan 2015"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
Index: crypto/openssl/crypto/pkcs7/Makefile
===================================================================
--- crypto/openssl/crypto/pkcs7/Makefile (revision 279126)
+++ crypto/openssl/crypto/pkcs7/Makefile (working copy)
@@ -39,20 +39,6 @@ test:
all: lib
-testapps: enc dec sign verify
-
-enc: enc.o lib
- $(CC) $(CFLAGS) -o enc enc.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
-
-dec: dec.o lib
- $(CC) $(CFLAGS) -o dec dec.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
-
-sign: sign.o lib
- $(CC) $(CFLAGS) -o sign sign.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
-
-verify: verify.o example.o lib
- $(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS)
-
lib: $(LIBOBJ)
$(ARX) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
Index: crypto/openssl/crypto/pkcs7/bio_ber.c
===================================================================
--- crypto/openssl/crypto/pkcs7/bio_ber.c (revision 279126)
+++ crypto/openssl/crypto/pkcs7/bio_ber.c (working copy)
@@ -1,466 +0,0 @@
-/* crypto/evp/bio_ber.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-
-static int ber_write(BIO *h,char *buf,int num);
-static int ber_read(BIO *h,char *buf,int size);
-/*static int ber_puts(BIO *h,char *str); */
-/*static int ber_gets(BIO *h,char *str,int size); */
-static long ber_ctrl(BIO *h,int cmd,long arg1,char *arg2);
-static int ber_new(BIO *h);
-static int ber_free(BIO *data);
-static long ber_callback_ctrl(BIO *h,int cmd,void *(*fp)());
-#define BER_BUF_SIZE (32)
-
-/* This is used to hold the state of the BER objects being read. */
-typedef struct ber_struct
- {
- int tag;
- int class;
- long length;
- int inf;
- int num_left;
- int depth;
- } BER_CTX;
-
-typedef struct bio_ber_struct
- {
- int tag;
- int class;
- long length;
- int inf;
-
- /* most of the following are used when doing non-blocking IO */
- /* reading */
- long num_left; /* number of bytes still to read/write in block */
- int depth; /* used with indefinite encoding. */
- int finished; /* No more read data */
-
- /* writting */
- char *w_addr;
- int w_offset;
- int w_left;
-
- int buf_len;
- int buf_off;
- unsigned char buf[BER_BUF_SIZE];
- } BIO_BER_CTX;
-
-static BIO_METHOD methods_ber=
- {
- BIO_TYPE_CIPHER,"cipher",
- ber_write,
- ber_read,
- NULL, /* ber_puts, */
- NULL, /* ber_gets, */
- ber_ctrl,
- ber_new,
- ber_free,
- ber_callback_ctrl,
- };
-
-BIO_METHOD *BIO_f_ber(void)
- {
- return(&methods_ber);
- }
-
-static int ber_new(BIO *bi)
- {
- BIO_BER_CTX *ctx;
-
- ctx=(BIO_BER_CTX *)OPENSSL_malloc(sizeof(BIO_BER_CTX));
- if (ctx == NULL) return(0);
-
- memset((char *)ctx,0,sizeof(BIO_BER_CTX));
-
- bi->init=0;
- bi->ptr=(char *)ctx;
- bi->flags=0;
- return(1);
- }
-
-static int ber_free(BIO *a)
- {
- BIO_BER_CTX *b;
-
- if (a == NULL) return(0);
- b=(BIO_BER_CTX *)a->ptr;
- OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX));
- OPENSSL_free(a->ptr);
- a->ptr=NULL;
- a->init=0;
- a->flags=0;
- return(1);
- }
-
-int bio_ber_get_header(BIO *bio, BIO_BER_CTX *ctx)
- {
- char buf[64];
- int i,j,n;
- int ret;
- unsigned char *p;
- unsigned long length
- int tag;
- int class;
- long max;
-
- BIO_clear_retry_flags(b);
-
- /* Pack the buffer down if there is a hole at the front */
- if (ctx->buf_off != 0)
- {
- p=ctx->buf;
- j=ctx->buf_off;
- n=ctx->buf_len-j;
- for (i=0; i<n; i++)
- {
- p[0]=p[j];
- p++;
- }
- ctx->buf_len-j;
- ctx->buf_off=0;
- }
-
- /* If there is more room, read some more data */
- i=BER_BUF_SIZE-ctx->buf_len;
- if (i)
- {
- i=BIO_read(bio->next_bio,&(ctx->buf[ctx->buf_len]),i);
- if (i <= 0)
- {
- BIO_copy_next_retry(b);
- return(i);
- }
- else
- ctx->buf_len+=i;
- }
-
- max=ctx->buf_len;
- p=ctx->buf;
- ret=ASN1_get_object(&p,&length,&tag,&class,max);
-
- if (ret & 0x80)
- {
- if ((ctx->buf_len < BER_BUF_SIZE) &&
- (ERR_GET_REASON(ERR_peek_error()) == ASN1_R_TOO_LONG))
- {
- ERR_clear_error(); /* clear the error */
- BIO_set_retry_read(b);
- }
- return(-1);
- }
-
- /* We have no error, we have a header, so make use of it */
-
- if ((ctx->tag >= 0) && (ctx->tag != tag))
- {
- BIOerr(BIO_F_BIO_BER_GET_HEADER,BIO_R_TAG_MISMATCH);
- sprintf(buf,"tag=%d, got %d",ctx->tag,tag);
- ERR_add_error_data(1,buf);
- return(-1);
- }
- if (ret & 0x01)
- if (ret & V_ASN1_CONSTRUCTED)
- }
-
-static int ber_read(BIO *b, char *out, int outl)
- {
- int ret=0,i,n;
- BIO_BER_CTX *ctx;
-
- BIO_clear_retry_flags(b);
-
- if (out == NULL) return(0);
- ctx=(BIO_BER_CTX *)b->ptr;
-
- if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
-
- if (ctx->finished) return(0);
-
-again:
- /* First see if we are half way through reading a block */
- if (ctx->num_left > 0)
- {
- if (ctx->num_left < outl)
- n=ctx->num_left;
- else
- n=outl;
- i=BIO_read(b->next_bio,out,n);
- if (i <= 0)
- {
- BIO_copy_next_retry(b);
- return(i);
- }
- ctx->num_left-=i;
- outl-=i;
- ret+=i;
- if (ctx->num_left <= 0)
- {
- ctx->depth--;
- if (ctx->depth <= 0)
- ctx->finished=1;
- }
- if (outl <= 0)
- return(ret);
- else
- goto again;
- }
- else /* we need to read another BER header */
- {
- }
- }
-
-static int ber_write(BIO *b, char *in, int inl)
- {
- int ret=0,n,i;
- BIO_ENC_CTX *ctx;
-
- ctx=(BIO_ENC_CTX *)b->ptr;
- ret=inl;
-
- BIO_clear_retry_flags(b);
- n=ctx->buf_len-ctx->buf_off;
- while (n > 0)
- {
- i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
- if (i <= 0)
- {
- BIO_copy_next_retry(b);
- return(i);
- }
- ctx->buf_off+=i;
- n-=i;
- }
- /* at this point all pending data has been written */
-
- if ((in == NULL) || (inl <= 0)) return(0);
-
- ctx->buf_off=0;
- while (inl > 0)
- {
- n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl;
- EVP_CipherUpdate(&(ctx->cipher),
- (unsigned char *)ctx->buf,&ctx->buf_len,
- (unsigned char *)in,n);
- inl-=n;
- in+=n;
-
- ctx->buf_off=0;
- n=ctx->buf_len;
- while (n > 0)
- {
- i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
- if (i <= 0)
- {
- BIO_copy_next_retry(b);
- return(i);
- }
- n-=i;
- ctx->buf_off+=i;
- }
- ctx->buf_len=0;
- ctx->buf_off=0;
- }
- BIO_copy_next_retry(b);
- return(ret);
- }
-
-static long ber_ctrl(BIO *b, int cmd, long num, char *ptr)
- {
- BIO *dbio;
- BIO_ENC_CTX *ctx,*dctx;
- long ret=1;
- int i;
-
- ctx=(BIO_ENC_CTX *)b->ptr;
-
- switch (cmd)
- {
- case BIO_CTRL_RESET:
- ctx->ok=1;
- ctx->finished=0;
- EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
- ctx->cipher.berrypt);
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- case BIO_CTRL_EOF: /* More to read */
- if (ctx->cont <= 0)
- ret=1;
- else
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- case BIO_CTRL_WPENDING:
- ret=ctx->buf_len-ctx->buf_off;
- if (ret <= 0)
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- case BIO_CTRL_PENDING: /* More to read in buffer */
- ret=ctx->buf_len-ctx->buf_off;
- if (ret <= 0)
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- case BIO_CTRL_FLUSH:
- /* do a final write */
-again:
- while (ctx->buf_len != ctx->buf_off)
- {
- i=ber_write(b,NULL,0);
- if (i < 0)
- {
- ret=i;
- break;
- }
- }
-
- if (!ctx->finished)
- {
- ctx->finished=1;
- ctx->buf_off=0;
- ret=EVP_CipherFinal_ex(&(ctx->cipher),
- (unsigned char *)ctx->buf,
- &(ctx->buf_len));
- ctx->ok=(int)ret;
- if (ret <= 0) break;
-
- /* push out the bytes */
- goto again;
- }
-
- /* Finally flush the underlying BIO */
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- case BIO_C_GET_CIPHER_STATUS:
- ret=(long)ctx->ok;
- break;
- case BIO_C_DO_STATE_MACHINE:
- BIO_clear_retry_flags(b);
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- BIO_copy_next_retry(b);
- break;
-
- case BIO_CTRL_DUP:
- dbio=(BIO *)ptr;
- dctx=(BIO_ENC_CTX *)dbio->ptr;
- memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher));
- dbio->init=1;
- break;
- default:
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- }
- return(ret);
- }
-
-static long ber_callback_ctrl(BIO *b, int cmd, void *(*fp)())
- {
- long ret=1;
-
- if (b->next_bio == NULL) return(0);
- switch (cmd)
- {
- default:
- ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
- break;
- }
- return(ret);
- }
-
-/*
-void BIO_set_cipher_ctx(b,c)
-BIO *b;
-EVP_CIPHER_ctx *c;
- {
- if (b == NULL) return;
-
- if ((b->callback != NULL) &&
- (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
- return;
-
- b->init=1;
- ctx=(BIO_ENC_CTX *)b->ptr;
- memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX));
-
- if (b->callback != NULL)
- b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
- }
-*/
-
-void BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *k, unsigned char *i,
- int e)
- {
- BIO_ENC_CTX *ctx;
-
- if (b == NULL) return;
-
- if ((b->callback != NULL) &&
- (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
- return;
-
- b->init=1;
- ctx=(BIO_ENC_CTX *)b->ptr;
- EVP_CipherInit_ex(&(ctx->cipher),c,NULL,k,i,e);
-
- if (b->callback != NULL)
- b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
- }
-
Index: crypto/openssl/crypto/pkcs7/dec.c
===================================================================
--- crypto/openssl/crypto/pkcs7/dec.c (revision 279126)
+++ crypto/openssl/crypto/pkcs7/dec.c (working copy)
@@ -1,248 +0,0 @@
-/* crypto/pkcs7/verify.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/asn1.h>
-
-int verify_callback(int ok, X509_STORE_CTX *ctx);
-
-BIO *bio_err=NULL;
-
-int main(argc,argv)
-int argc;
-char *argv[];
- {
- char *keyfile=NULL;
- BIO *in;
- EVP_PKEY *pkey;
- X509 *x509;
- PKCS7 *p7;
- PKCS7_SIGNER_INFO *si;
- X509_STORE_CTX cert_ctx;
- X509_STORE *cert_store=NULL;
- BIO *data,*detached=NULL,*p7bio=NULL;
- char buf[1024*4];
- unsigned char *pp;
- int i,printit=0;
- STACK_OF(PKCS7_SIGNER_INFO) *sk;
-
- OpenSSL_add_all_algorithms();
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
- data=BIO_new(BIO_s_file());
- pp=NULL;
- while (argc > 1)
- {
- argc--;
- argv++;
- if (strcmp(argv[0],"-p") == 0)
- {
- printit=1;
- }
- else if ((strcmp(argv[0],"-k") == 0) && (argc >= 2)) {
- keyfile = argv[1];
- argc-=1;
- argv+=1;
- } else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2))
- {
- detached=BIO_new(BIO_s_file());
- if (!BIO_read_filename(detached,argv[1]))
- goto err;
- argc-=1;
- argv+=1;
- }
- else break;
- }
-
- if (!BIO_read_filename(data,argv[0])) goto err;
-
- if(!keyfile) {
- fprintf(stderr, "No private key file specified\n");
- goto err;
- }
-
- if ((in=BIO_new_file(keyfile,"r")) == NULL) goto err;
- if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err;
- BIO_reset(in);
- if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL)
- goto err;
- BIO_free(in);
-
- if (pp == NULL)
- BIO_set_fp(data,stdin,BIO_NOCLOSE);
-
-
- /* Load the PKCS7 object from a file */
- if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL,NULL)) == NULL) goto err;
-
-
-
- /* This stuff is being setup for certificate verification.
- * When using SSL, it could be replaced with a
- * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */
- cert_store=X509_STORE_new();
- X509_STORE_set_default_paths(cert_store);
- X509_STORE_load_locations(cert_store,NULL,"../../certs");
- X509_STORE_set_verify_cb_func(cert_store,verify_callback);
-
- ERR_clear_error();
-
- /* We need to process the data */
- /* We cannot support detached encryption */
- p7bio=PKCS7_dataDecode(p7,pkey,detached,x509);
-
- if (p7bio == NULL)
- {
- printf("problems decoding\n");
- goto err;
- }
-
- /* We now have to 'read' from p7bio to calculate digests etc. */
- for (;;)
- {
- i=BIO_read(p7bio,buf,sizeof(buf));
- /* print it? */
- if (i <= 0) break;
- fwrite(buf,1, i, stdout);
- }
-
- /* We can now verify signatures */
- sk=PKCS7_get_signer_info(p7);
- if (sk == NULL)
- {
- fprintf(stderr, "there are no signatures on this data\n");
- }
- else
- {
- /* Ok, first we need to, for each subject entry,
- * see if we can verify */
- ERR_clear_error();
- for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++)
- {
- si=sk_PKCS7_SIGNER_INFO_value(sk,i);
- i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
- if (i <= 0)
- goto err;
- else
- fprintf(stderr,"Signature verified\n");
- }
- }
- X509_STORE_free(cert_store);
-
- exit(0);
-err:
- ERR_load_crypto_strings();
- ERR_print_errors_fp(stderr);
- exit(1);
- }
-
-/* should be X509 * but we can just have them as char *. */
-int verify_callback(int ok, X509_STORE_CTX *ctx)
- {
- char buf[256];
- X509 *err_cert;
- int err,depth;
-
- err_cert=X509_STORE_CTX_get_current_cert(ctx);
- err= X509_STORE_CTX_get_error(ctx);
- depth= X509_STORE_CTX_get_error_depth(ctx);
-
- X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
- BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
- if (!ok)
- {
- BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
- X509_verify_cert_error_string(err));
- if (depth < 6)
- {
- ok=1;
- X509_STORE_CTX_set_error(ctx,X509_V_OK);
- }
- else
- {
- ok=0;
- X509_STORE_CTX_set_error(ctx,X509_V_ERR_CERT_CHAIN_TOO_LONG);
- }
- }
- switch (ctx->error)
- {
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
- BIO_printf(bio_err,"issuer= %s\n",buf);
- break;
- case X509_V_ERR_CERT_NOT_YET_VALID:
- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
- BIO_printf(bio_err,"notBefore=");
- ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
- BIO_printf(bio_err,"\n");
- break;
- case X509_V_ERR_CERT_HAS_EXPIRED:
- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
- BIO_printf(bio_err,"notAfter=");
- ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
- BIO_printf(bio_err,"\n");
- break;
- }
- BIO_printf(bio_err,"verify return:%d\n",ok);
- return(ok);
- }
Index: crypto/openssl/crypto/pkcs7/des.pem
===================================================================
--- crypto/openssl/crypto/pkcs7/des.pem (revision 279126)
+++ crypto/openssl/crypto/pkcs7/des.pem (working copy)
@@ -1,15 +0,0 @@
-
-MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
-ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEC2vXI1xQDW6lUHM3zQ
-/9uBEBOO5A3TtkrklAXq7v01gsIC21t52qSk36REXY+slhNZ0OQ349tgkTsoETHFLoEwMIHw
-AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
-QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
-UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G
-CSqGSIb3DQEBAQUABEB8ujxbabxXUYJhopuDm3oDq4JNqX6Io4p3ro+ShqfIndsXTZ1v5a2N
-WtLLCWlHn/habjBwZ/DgQgcKASbZ7QxNMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
-oAQIbsL5v1wX98KggAQoAaJ4WHm68fXY1WE5OIjfVBIDpO1K+i8dmKhjnAjrjoyZ9Bwc8rDL
-lgQg4CXb805h5xl+GfvSwUaHJayte1m2mcOhs3J2YyqbQ+MEIMIiJQccmhO3oDKm36CFvYR8
-5PjpclVcZyX2ngbwPFMnBAgy0clOAE6UKAAAAAAAAAAAAAA=
-
Index: crypto/openssl/crypto/pkcs7/doc
===================================================================
--- crypto/openssl/crypto/pkcs7/doc (revision 279126)
+++ crypto/openssl/crypto/pkcs7/doc (working copy)
@@ -1,24 +0,0 @@
-int PKCS7_set_content_type(PKCS7 *p7, int type);
-Call to set the type of PKCS7 object we are working on
-
-int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
- EVP_MD *dgst);
-Use this to setup a signer info
-There will also be functions to add signed and unsigned attributes.
-
-int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-Add a signer info to the content.
-
-int PKCS7_add_certificae(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
-
-----
-
-p7=PKCS7_new();
-PKCS7_set_content_type(p7,NID_pkcs7_signed);
-
-signer=PKCS7_SINGNER_INFO_new();
-PKCS7_SIGNER_INFO_set(signer,x509,pkey,EVP_md5());
-PKCS7_add_signer(py,signer);
-
-we are now setup.
Index: crypto/openssl/crypto/pkcs7/enc.c
===================================================================
--- crypto/openssl/crypto/pkcs7/enc.c (revision 279126)
+++ crypto/openssl/crypto/pkcs7/enc.c (working copy)
@@ -1,174 +0,0 @@
-/* crypto/pkcs7/enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include <string.h>
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-
-int main(argc,argv)
-int argc;
-char *argv[];
- {
- X509 *x509;
- PKCS7 *p7;
- BIO *in;
- BIO *data,*p7bio;
- char buf[1024*4];
- int i;
- int nodetach=1;
- char *keyfile = NULL;
- const EVP_CIPHER *cipher=NULL;
- STACK_OF(X509) *recips=NULL;
-
- OpenSSL_add_all_algorithms();
-
- data=BIO_new(BIO_s_file());
- while(argc > 1)
- {
- if (strcmp(argv[1],"-nd") == 0)
- {
- nodetach=1;
- argv++; argc--;
- }
- else if ((strcmp(argv[1],"-c") == 0) && (argc >= 2)) {
- if(!(cipher = EVP_get_cipherbyname(argv[2]))) {
- fprintf(stderr, "Unknown cipher %s\n", argv[2]);
- goto err;
- }
- argc-=2;
- argv+=2;
- } else if ((strcmp(argv[1],"-k") == 0) && (argc >= 2)) {
- keyfile = argv[2];
- argc-=2;
- argv+=2;
- if (!(in=BIO_new_file(keyfile,"r"))) goto err;
- if (!(x509=PEM_read_bio_X509(in,NULL,NULL,NULL)))
- goto err;
- if(!recips) recips = sk_X509_new_null();
- sk_X509_push(recips, x509);
- BIO_free(in);
- } else break;
- }
-
- if(!recips) {
- fprintf(stderr, "No recipients\n");
- goto err;
- }
-
- if (!BIO_read_filename(data,argv[1])) goto err;
-
- p7=PKCS7_new();
-#if 0
- BIO_reset(in);
- if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
- BIO_free(in);
- PKCS7_set_type(p7,NID_pkcs7_signedAndEnveloped);
-
- if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err;
- /* we may want to add more */
- PKCS7_add_certificate(p7,x509);
-#else
- PKCS7_set_type(p7,NID_pkcs7_enveloped);
-#endif
- if(!cipher) {
-#ifndef OPENSSL_NO_DES
- cipher = EVP_des_ede3_cbc();
-#else
- fprintf(stderr, "No cipher selected\n");
- goto err;
-#endif
- }
-
- if (!PKCS7_set_cipher(p7,cipher)) goto err;
- for(i = 0; i < sk_X509_num(recips); i++) {
- if (!PKCS7_add_recipient(p7,sk_X509_value(recips, i))) goto err;
- }
- sk_X509_pop_free(recips, X509_free);
-
- /* Set the content of the signed to 'data' */
- /* PKCS7_content_new(p7,NID_pkcs7_data); not used in envelope */
-
- /* could be used, but not in this version :-)
- if (!nodetach) PKCS7_set_detached(p7,1);
- */
-
- if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err;
-
- for (;;)
- {
- i=BIO_read(data,buf,sizeof(buf));
- if (i <= 0) break;
- BIO_write(p7bio,buf,i);
- }
- BIO_flush(p7bio);
-
- if (!PKCS7_dataFinal(p7,p7bio)) goto err;
- BIO_free(p7bio);
-
- PEM_write_PKCS7(stdout,p7);
- PKCS7_free(p7);
-
- exit(0);
-err:
- ERR_load_crypto_strings();
- ERR_print_errors_fp(stderr);
- exit(1);
- }
-
Index: crypto/openssl/crypto/pkcs7/es1.pem
===================================================================
--- crypto/openssl/crypto/pkcs7/es1.pem (revision 279126)
+++ crypto/openssl/crypto/pkcs7/es1.pem (working copy)
@@ -1,66 +0,0 @@
------BEGIN PKCS7-----
-MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
-ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqGSIb3DQEBAQUABEDWak0y/5XZJhQJeCLo
-KECcHXkTEbjzYkYNHIinbiPmRK4QbNfs9z2mA3z/c2ykQ4eAqFR2jyNrUMN/+I5XEiv6MIHw
-AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
-QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
-UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G
-CSqGSIb3DQEBAQUABEAWg9+KgtCjc77Jdj1Ve4wGgHjVHbbSYEA1ZqKFDoi15vSr9hfpHmC4
-ycZzcRo16JkTfolefiHZzmyjVz94vSN6MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
-oAQI7X4Tk4mcbV6ggASBsHl1mCaJ3RhXWlNPCgCRU53d7M5x6TDZRkvwdtdvW96m1lupT03F
-XtonkBqk7oMkH7kGfs5/REQOPjx0QE2Ixmgt1W3szum82EZwA7pZNppcraK7W/odw/7bYZO+
-II3HPmRklE2N9qiu1LPaPUsnYogkO6SennyeL5tZ382vBweL/8pnG0qsbT1OBb65v+llnsjT
-pa1T/p+fIx/iJJGE6K9fYFokC6gXLQ6ozXRdOu5oBDB8mPCYYvAqKycidM/MrGGUkpEtS4f0
-lS31PwQi5YTim8Ig3/TOwVpPX32i46FTuEIEIMHkD/OvpfwCCzXUHHJnKnKUAUvIsSY3vGBs
-8ezpUDfBBBj9LHDy32hZ2tQilkDefP5VM2LLdrWgamYEgfiyITQvn08Ul5lQOQxbFKBheFq5
-otCCN4MR+w5eq12xQu6y+f9z0159ag2ru87D0lLtUtXXtCELbO1nUkT2sJ0k/iDs9TOXr6Cx
-go1XKYho83hlkXYiCteVizdAbgVGNsNRD4wtIdajsorET/LuJECgp11YeL9w1dlDB0HLEZfi
-XCsUphH4jGagba3hDeUSibnjSiJlN0ukfuQurBBbI2UkBAujiEAubKPn7C1FZJRSw6CPPX5t
-KEpmcqT1JNk6LO8Js6/1sCmmBh1VGCy1+EuTI9J1p7Dagf4nQ8cHitoCRpHuKZlFHnZyv7tw
-Rn/KOhHaYP2VzAh40gQIvKMAAWh9oFsEEIMwIoOmLwLH5wf+8QdbDhoECH8HwZt9a12dBAjL
-r4j2zlvtfgQIt7nmEM3wz1EECKlc3EIy1irCBBCAKINcermK3A+jI6ISN2RzBFA3dsh/xwMu
-l61aWMBBZzEz/SF92k6n35KZhCC0d6fIVC/1WMv0fnCwQ8oEDynSre216VEFiYKBaQLJe5o/
-mTAxC7Ht3goXnuc+i1FItOkLrgRI/wyvTICEn2WsNZiMADnGaee2bqPnUopo+VMGexJEtCPk
-l0ZNlDJGquPDkpUwaEtecVZzCNyVPYyyF4J/l8rmGDhDdYUIC8IKBEg/ip/E0BuubBLWVbv+
-HRl4QrnGpyCyeXRXXK603QP3sT1Zbbm1v5pI/loOhVHi724LmtXHSyp5qv9MDcxE1PoX10LY
-gBRtlwwESPeCF8bK5jk4xIQMhK5NMHj1Y1KQWTZ9NGITBL4hjRq2qp4Qk5GIpGgOVPopAuCo
-TIyPikpqBRNtLSPRSsDs6QPUPzWBh6JgxwRQblnDKKUkxUcnJiD4i9QtGa/ZabMn4KxtNOBL
-5JSh1nJkaLXCZY070131WWPAByLcd5TiXq8x84pmzV5NNk4tiMpoXhJNsx8e4rskQQlKd6ME
-SCe2eYDHKcKPX3WJbUzhrJSQ92/aWnI2iUY8WQ+kSNyiZ2QUjyuUg9Z66g/0d2STlvPOBHT/
-y5ODP2CwbcWX4QmCbUc9TT66fQRIrRVuwvtOfnUueyGgYhJ3HpAJfVaB/7kap5bj7Fi/azW4
-9JDfd1bC/W9h0Kyk7RO2gxvE0hIHc26mZJHTm9MNP5D328MnM2MdBEjKjQBtgrp+lFIii7MP
-nGHFTKUkG4WAIZJCf/CsT+p6/SW0qG71Me/YcSw5STB24j+a+HgMV8RVIeUlkP4z0IWWrSoB
-Gh4d/Z0EUMCVHs/HZ/bWgiyhtHpvuVAzidm8D81p1LJ5BQX5/5f/m+q5+fS/npL27dTEbNqs
-LSB6ij3MZAi7LwHWpTn9zWnDajCMEj9vlaV7mcKtHK5iBEg85agFi1h3MvicqLtoFe5hVv9T
-tG0j6CRkjkixPzivltlrf44KHv14gLM0XJxCGyq7vd3l8QYr3+9at0zNnX/yqTiBnsnE5dUE
-SIgrYuz87M2gi/ER9PcDoTtONH3+CkcqVy03q/Sj8cVWD/b1KgEhqnNOfc8Ak9PctyR/ItcR
-8Me5XVn1GJKkQJk4O29fxvgNoAQIrIESvUWGshAEQByXiFoFTDUByjTlgjcy77H1lrH+y3P/
-wAInJjJAut9kCNyGJV0PA4kdPB5USWltuO6t8gk4Pd2YBMl09zqUWkAEUCjFrtZ3mapjcGZI
-uQTASKR5LSjXoWxTT5gae/+64MerF/oCEeO3ehRTpjnPrsiRDo0rWIQTaj9+Nro8Z2xtWstw
-RnfoAHIxV1lEamPwjsceBEi2SD9hiifFeO5ECiVoaE1FdXUXhU+jwYAMx6jHWO9hMkYzS9pM
-Y3IyWR5ybtOjiQgkUdvRJPUPGf5DVVMPnymGX25aDh5PYpIESPbsM9akCpOOVuscywcUswmU
-o7dXvlB48WWCfg/al3BQKAZbn5ZXtWNwpUZkrEdHsrxAVv3rxRcdkT3Z1fzUbIuYkLJN200o
-WgRIJvn6RO8KEj7/HOg2sYuuM8nz1kR0TSgwX7/0y/7JfjBa0JIlP7o75sNJscE8oyoIMzuy
-Dvn6/U9g3BCDXn83A/s+ke60qn9gBFC6NAeLOlXal1YVWYhMQNOqCyUfAjiXBTawaysQb1Mk
-YgeNlF8xuEFcUQWIP+vNG7FJ5JPMaMRL4YEoaQ3sVFhYOERJR1cSb+8xt4QCYtBKQgRIUOmJ
-CHW5o1hXJWJiTkZK2qWFcEMzTINSj5EpYFySr8aVBjkRnI7vxegRT/+XZZXoYedQ3UNsnGI3
-DdkWii5VzX0PNF6C60pfBEiVpausYuX7Wjb3Lfm8cBj7GgN69i6Pm2gxtobVcmpo2nS4D714
-ePyhlX9n8kJ6QAcqWMRj22smDPrHVGNTizfzHBh5zNllK9gESJizILOWI327og3ZWp+qUht5
-kNDJCzMK7Z09UAy+h+vq0VTQuEo3FgLzVdqkJujjSL4Nx97lXg51AovrEn3nd4evydwcjKLX
-1wRIo72NaeWuUEQ+rt1SlCsOJ7k1ioJSqhrPOfvwcaFcb4beVet1JWiy4yvowTjLDGbUje2s
-xjrlVt4BJWI/uA6jbQsrxSe89ADZBAi5YAlR4qszeAQIXD3VSBVKbRUECNTtyvw9vvqXBAhb
-IZNn4H4cxgQI+XW7GkfL+ekECCCCg2reMyGDBAh1PYqkg3lw3gQQkNlggEPU+BH8eh7Gm7n7
-7AQIjC5EWbkil5cEEKcpuqwTWww/X89KnQAg8TcECJPomqHvrlZFBBiRSuIiHpmN+PaujXpv
-qZV2VhjkB2j09GEECOIdv8AVOJgKBAjlHgIqAD9jZQQIXHbs44+wogcEIGGqTACRJxrhMcMG
-X8drNjksIPt+snxTXUBIkTVpZWoABAh6unXPTyIr8QQgBF8xKoX27MWk7iTNmkSNZggZXa2a
-DWCGHSYLngbSOHIECD9XmO6VsvTgBAjfqB70CEW4WwQIVIBkbCocznUEEHB/zFXy/sR4OYHe
-UfbNPnIEEDWBB/NTCLMGE+o8BfyujcAECFik7GQnnF9VBBAhLXExQeWAofZNc6NtN7qZBCC1
-gVIS3ruTwKltmcrgx3heT3M8ZJhCfWa+6KzchnmKygQQ+1NL5sSzR4m/fdrqxHFyUAQYCT2x
-PamQr3wK3h0lyZER+4H0zPM86AhFBBC3CkmvL2vjflMfujnzPBVpBBge9rMbI5+0q9DLrTiT
-5F3AIgXLpD8PQWAECHkHVo6RomV3BAgMbi8E271UeAQIqtS8wnI3XngECG3TWmOMb3/iBEha
-y+mvCS6I3n3JfL8e1B5P4qX9/czJRaERLuKpGNjLiL4A+zxN0LZ0UHd0qfmJjwOTxAx3iJAC
-lGXX4nB9ATYPUT5EU+o1Y4sECN01pP6vWNIdBDAsiE0Ts8/9ltJlqX2B3AoOM4qOt9EaCjXf
-lB+aEmrhtjUwuZ6GqS5Ke7P6XnakTk4ECCLIMatNdootAAAAAAAAAAAAAA==
------END PKCS7-----
Index: crypto/openssl/crypto/pkcs7/example.c
===================================================================
--- crypto/openssl/crypto/pkcs7/example.c (revision 279126)
+++ crypto/openssl/crypto/pkcs7/example.c (working copy)
@@ -1,329 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/pkcs7.h>
-#include <openssl/asn1_mac.h>
-#include <openssl/x509.h>
-
-int add_signed_time(PKCS7_SIGNER_INFO *si)
- {
- ASN1_UTCTIME *sign_time;
-
- /* The last parameter is the amount to add/subtract from the current
- * time (in seconds) */
- sign_time=X509_gmtime_adj(NULL,0);
- PKCS7_add_signed_attribute(si,NID_pkcs9_signingTime,
- V_ASN1_UTCTIME,(char *)sign_time);
- return(1);
- }
-
-ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si)
- {
- ASN1_TYPE *so;
-
- so=PKCS7_get_signed_attribute(si,NID_pkcs9_signingTime);
- if (so->type == V_ASN1_UTCTIME)
- return so->value.utctime;
- return NULL;
- }
-
-static int signed_string_nid= -1;
-
-void add_signed_string(PKCS7_SIGNER_INFO *si, char *str)
- {
- ASN1_OCTET_STRING *os;
-
- /* To a an object of OID 1.2.3.4.5, which is an octet string */
- if (signed_string_nid == -1)
- signed_string_nid=
- OBJ_create("1.2.3.4.5","OID_example","Our example OID");
- os=ASN1_OCTET_STRING_new();
- ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str));
- /* When we add, we do not free */
- PKCS7_add_signed_attribute(si,signed_string_nid,
- V_ASN1_OCTET_STRING,(char *)os);
- }
-
-int get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len)
- {
- ASN1_TYPE *so;
- ASN1_OCTET_STRING *os;
- int i;
-
- if (signed_string_nid == -1)
- signed_string_nid=
- OBJ_create("1.2.3.4.5","OID_example","Our example OID");
- /* To retrieve */
- so=PKCS7_get_signed_attribute(si,signed_string_nid);
- if (so != NULL)
- {
- if (so->type == V_ASN1_OCTET_STRING)
- {
- os=so->value.octet_string;
- i=os->length;
- if ((i+1) > len)
- i=len-1;
- memcpy(buf,os->data,i);
- return(i);
- }
- }
- return(0);
- }
-
-static int signed_seq2string_nid= -1;
-/* ########################################### */
-int add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
- {
- /* To add an object of OID 1.9.999, which is a sequence containing
- * 2 octet strings */
- unsigned char *p;
- ASN1_OCTET_STRING *os1,*os2;
- ASN1_STRING *seq;
- unsigned char *data;
- int i,total;
-
- if (signed_seq2string_nid == -1)
- signed_seq2string_nid=
- OBJ_create("1.9.9999","OID_example","Our example OID");
-
- os1=ASN1_OCTET_STRING_new();
- os2=ASN1_OCTET_STRING_new();
- ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1));
- ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1));
- i =i2d_ASN1_OCTET_STRING(os1,NULL);
- i+=i2d_ASN1_OCTET_STRING(os2,NULL);
- total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
-
- data=malloc(total);
- p=data;
- ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
- i2d_ASN1_OCTET_STRING(os1,&p);
- i2d_ASN1_OCTET_STRING(os2,&p);
-
- seq=ASN1_STRING_new();
- ASN1_STRING_set(seq,data,total);
- free(data);
- ASN1_OCTET_STRING_free(os1);
- ASN1_OCTET_STRING_free(os2);
-
- PKCS7_add_signed_attribute(si,signed_seq2string_nid,
- V_ASN1_SEQUENCE,(char *)seq);
- return(1);
- }
-
-/* For this case, I will malloc the return strings */
-int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2)
- {
- ASN1_TYPE *so;
-
- if (signed_seq2string_nid == -1)
- signed_seq2string_nid=
- OBJ_create("1.9.9999","OID_example","Our example OID");
- /* To retrieve */
- so=PKCS7_get_signed_attribute(si,signed_seq2string_nid);
- if (so && (so->type == V_ASN1_SEQUENCE))
- {
- ASN1_const_CTX c;
- ASN1_STRING *s;
- long length;
- ASN1_OCTET_STRING *os1,*os2;
-
- s=so->value.sequence;
- c.p=ASN1_STRING_data(s);
- c.max=c.p+ASN1_STRING_length(s);
- if (!asn1_GetSequence(&c,&length)) goto err;
- /* Length is the length of the seqence */
-
- c.q=c.p;
- if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL)
- goto err;
- c.slen-=(c.p-c.q);
-
- c.q=c.p;
- if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL)
- goto err;
- c.slen-=(c.p-c.q);
-
- if (!asn1_const_Finish(&c)) goto err;
- *str1=malloc(os1->length+1);
- *str2=malloc(os2->length+1);
- memcpy(*str1,os1->data,os1->length);
- memcpy(*str2,os2->data,os2->length);
- (*str1)[os1->length]='\0';
- (*str2)[os2->length]='\0';
- ASN1_OCTET_STRING_free(os1);
- ASN1_OCTET_STRING_free(os2);
- return(1);
- }
-err:
- return(0);
- }
-
-
-/* #######################################
- * THE OTHER WAY TO DO THINGS
- * #######################################
- */
-X509_ATTRIBUTE *create_time(void)
- {
- ASN1_UTCTIME *sign_time;
- X509_ATTRIBUTE *ret;
-
- /* The last parameter is the amount to add/subtract from the current
- * time (in seconds) */
- sign_time=X509_gmtime_adj(NULL,0);
- ret=X509_ATTRIBUTE_create(NID_pkcs9_signingTime,
- V_ASN1_UTCTIME,(char *)sign_time);
- return(ret);
- }
-
-ASN1_UTCTIME *sk_get_time(STACK_OF(X509_ATTRIBUTE) *sk)
- {
- ASN1_TYPE *so;
- PKCS7_SIGNER_INFO si;
-
- si.auth_attr=sk;
- so=PKCS7_get_signed_attribute(&si,NID_pkcs9_signingTime);
- if (so->type == V_ASN1_UTCTIME)
- return so->value.utctime;
- return NULL;
- }
-
-X509_ATTRIBUTE *create_string(char *str)
- {
- ASN1_OCTET_STRING *os;
- X509_ATTRIBUTE *ret;
-
- /* To a an object of OID 1.2.3.4.5, which is an octet string */
- if (signed_string_nid == -1)
- signed_string_nid=
- OBJ_create("1.2.3.4.5","OID_example","Our example OID");
- os=ASN1_OCTET_STRING_new();
- ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str));
- /* When we add, we do not free */
- ret=X509_ATTRIBUTE_create(signed_string_nid,
- V_ASN1_OCTET_STRING,(char *)os);
- return(ret);
- }
-
-int sk_get_string(STACK_OF(X509_ATTRIBUTE) *sk, char *buf, int len)
- {
- ASN1_TYPE *so;
- ASN1_OCTET_STRING *os;
- int i;
- PKCS7_SIGNER_INFO si;
-
- si.auth_attr=sk;
-
- if (signed_string_nid == -1)
- signed_string_nid=
- OBJ_create("1.2.3.4.5","OID_example","Our example OID");
- /* To retrieve */
- so=PKCS7_get_signed_attribute(&si,signed_string_nid);
- if (so != NULL)
- {
- if (so->type == V_ASN1_OCTET_STRING)
- {
- os=so->value.octet_string;
- i=os->length;
- if ((i+1) > len)
- i=len-1;
- memcpy(buf,os->data,i);
- return(i);
- }
- }
- return(0);
- }
-
-X509_ATTRIBUTE *add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
- {
- /* To add an object of OID 1.9.999, which is a sequence containing
- * 2 octet strings */
- unsigned char *p;
- ASN1_OCTET_STRING *os1,*os2;
- ASN1_STRING *seq;
- X509_ATTRIBUTE *ret;
- unsigned char *data;
- int i,total;
-
- if (signed_seq2string_nid == -1)
- signed_seq2string_nid=
- OBJ_create("1.9.9999","OID_example","Our example OID");
-
- os1=ASN1_OCTET_STRING_new();
- os2=ASN1_OCTET_STRING_new();
- ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1));
- ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1));
- i =i2d_ASN1_OCTET_STRING(os1,NULL);
- i+=i2d_ASN1_OCTET_STRING(os2,NULL);
- total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
-
- data=malloc(total);
- p=data;
- ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
- i2d_ASN1_OCTET_STRING(os1,&p);
- i2d_ASN1_OCTET_STRING(os2,&p);
-
- seq=ASN1_STRING_new();
- ASN1_STRING_set(seq,data,total);
- free(data);
- ASN1_OCTET_STRING_free(os1);
- ASN1_OCTET_STRING_free(os2);
-
- ret=X509_ATTRIBUTE_create(signed_seq2string_nid,
- V_ASN1_SEQUENCE,(char *)seq);
- return(ret);
- }
-
-/* For this case, I will malloc the return strings */
-int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2)
- {
- ASN1_TYPE *so;
- PKCS7_SIGNER_INFO si;
-
- if (signed_seq2string_nid == -1)
- signed_seq2string_nid=
- OBJ_create("1.9.9999","OID_example","Our example OID");
-
- si.auth_attr=sk;
- /* To retrieve */
- so=PKCS7_get_signed_attribute(&si,signed_seq2string_nid);
- if (so->type == V_ASN1_SEQUENCE)
- {
- ASN1_const_CTX c;
- ASN1_STRING *s;
- long length;
- ASN1_OCTET_STRING *os1,*os2;
-
- s=so->value.sequence;
- c.p=ASN1_STRING_data(s);
- c.max=c.p+ASN1_STRING_length(s);
- if (!asn1_GetSequence(&c,&length)) goto err;
- /* Length is the length of the seqence */
-
- c.q=c.p;
- if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL)
- goto err;
- c.slen-=(c.p-c.q);
-
- c.q=c.p;
- if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL)
- goto err;
- c.slen-=(c.p-c.q);
-
- if (!asn1_const_Finish(&c)) goto err;
- *str1=malloc(os1->length+1);
- *str2=malloc(os2->length+1);
- memcpy(*str1,os1->data,os1->length);
- memcpy(*str2,os2->data,os2->length);
- (*str1)[os1->length]='\0';
- (*str2)[os2->length]='\0';
- ASN1_OCTET_STRING_free(os1);
- ASN1_OCTET_STRING_free(os2);
- return(1);
- }
-err:
- return(0);
- }
-
-
Index: crypto/openssl/crypto/pkcs7/example.h
===================================================================
--- crypto/openssl/crypto/pkcs7/example.h (revision 279126)
+++ crypto/openssl/crypto/pkcs7/example.h (working copy)
@@ -1,57 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-int add_signed_time(PKCS7_SIGNER_INFO *si);
-ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si);
-int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2);
Index: crypto/openssl/crypto/pkcs7/info.pem
===================================================================
--- crypto/openssl/crypto/pkcs7/info.pem (revision 279126)
+++ crypto/openssl/crypto/pkcs7/info.pem (working copy)
@@ -1,57 +0,0 @@
-issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA
-subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com
-serial :047D
-
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1149 (0x47d)
- Signature Algorithm: md5withRSAEncryption
- Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA
- Validity
- Not Before: May 13 05:40:58 1998 GMT
- Not After : May 12 05:40:58 2000 GMT
- Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Modulus:
- 00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:
- 73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:
- 89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:
- fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:
- e7:e7:0c:4d:0b
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Netscape Comment:
- Generated with SSLeay
- Signature Algorithm: md5withRSAEncryption
- 52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:
- f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:
- d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:
- 50:74:ad:92:cb:4e:90:e5:fa:7d
-
------BEGIN CERTIFICATE-----
-MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV
-MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE
-ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E
-IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw
-NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
-UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0
-aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG
-9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf
-lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB
-hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA
-UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8
-4A3ZItobUHStkstOkOX6fQ==
------END CERTIFICATE-----
-
------BEGIN RSA PRIVATE KEY-----
-MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
-mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
-fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
-zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
-p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
-bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
-IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
------END RSA PRIVATE KEY-----
Index: crypto/openssl/crypto/pkcs7/infokey.pem
===================================================================
--- crypto/openssl/crypto/pkcs7/infokey.pem (revision 279126)
+++ crypto/openssl/crypto/pkcs7/infokey.pem (working copy)
@@ -1,9 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
-mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
-fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
-zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
-p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
-bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
-IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
------END RSA PRIVATE KEY-----
Index: crypto/openssl/crypto/pkcs7/p7/a1
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Index: crypto/openssl/crypto/pkcs7/p7/a2
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Index: crypto/openssl/crypto/pkcs7/p7/cert.p7c
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Index: crypto/openssl/crypto/pkcs7/p7/smime.p7m
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Index: crypto/openssl/crypto/pkcs7/p7/smime.p7s
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Index: crypto/openssl/crypto/pkcs7/server.pem
===================================================================
--- crypto/openssl/crypto/pkcs7/server.pem (revision 279126)
+++ crypto/openssl/crypto/pkcs7/server.pem (working copy)
@@ -1,24 +0,0 @@
-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
------BEGIN CERTIFICATE-----
-MIIB6TCCAVICAQAwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
-VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzQ2WhcNOTgwNjA5
-MTM1NzQ2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
-A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
-cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
-Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
-Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB4TMR2CvacKE9wAsu9jyCX8YiW
-mgCM+YoP6kt4Zkj2z5IRfm7WrycKsnpnOR+tGeqAjkCeZ6/36o9l91RvPnN1VJ/i
-xQv2df0KFeMr00IkDdTNAdIWqFkSsZTAY2QAdgenb7MB1joejquYzO2DQIO7+wpH
-irObpESxAZLySCmPPg==
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
-TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
-OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
-gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
-rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
-PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
-vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
------END RSA PRIVATE KEY-----
Index: crypto/openssl/crypto/pkcs7/sign.c
===================================================================
--- crypto/openssl/crypto/pkcs7/sign.c (revision 279126)
+++ crypto/openssl/crypto/pkcs7/sign.c (working copy)
@@ -1,154 +0,0 @@
-/* crypto/pkcs7/sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include <string.h>
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-
-int main(argc,argv)
-int argc;
-char *argv[];
- {
- X509 *x509;
- EVP_PKEY *pkey;
- PKCS7 *p7;
- PKCS7_SIGNER_INFO *si;
- BIO *in;
- BIO *data,*p7bio;
- char buf[1024*4];
- int i;
- int nodetach=0;
-
-#ifndef OPENSSL_NO_MD2
- EVP_add_digest(EVP_md2());
-#endif
-#ifndef OPENSSL_NO_MD5
- EVP_add_digest(EVP_md5());
-#endif
-#ifndef OPENSSL_NO_SHA1
- EVP_add_digest(EVP_sha1());
-#endif
-#ifndef OPENSSL_NO_MDC2
- EVP_add_digest(EVP_mdc2());
-#endif
-
- data=BIO_new(BIO_s_file());
-again:
- if (argc > 1)
- {
- if (strcmp(argv[1],"-nd") == 0)
- {
- nodetach=1;
- argv++; argc--;
- goto again;
- }
- if (!BIO_read_filename(data,argv[1]))
- goto err;
- }
- else
- BIO_set_fp(data,stdin,BIO_NOCLOSE);
-
- if ((in=BIO_new_file("server.pem","r")) == NULL) goto err;
- if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err;
- BIO_reset(in);
- if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL) goto err;
- BIO_free(in);
-
- p7=PKCS7_new();
- PKCS7_set_type(p7,NID_pkcs7_signed);
-
- si=PKCS7_add_signature(p7,x509,pkey,EVP_sha1());
- if (si == NULL) goto err;
-
- /* If you do this then you get signing time automatically added */
- PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT,
- OBJ_nid2obj(NID_pkcs7_data));
-
- /* we may want to add more */
- PKCS7_add_certificate(p7,x509);
-
- /* Set the content of the signed to 'data' */
- PKCS7_content_new(p7,NID_pkcs7_data);
-
- if (!nodetach)
- PKCS7_set_detached(p7,1);
-
- if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err;
-
- for (;;)
- {
- i=BIO_read(data,buf,sizeof(buf));
- if (i <= 0) break;
- BIO_write(p7bio,buf,i);
- }
-
- if (!PKCS7_dataFinal(p7,p7bio)) goto err;
- BIO_free(p7bio);
-
- PEM_write_PKCS7(stdout,p7);
- PKCS7_free(p7);
-
- exit(0);
-err:
- ERR_load_crypto_strings();
- ERR_print_errors_fp(stderr);
- exit(1);
- }
-
Index: crypto/openssl/crypto/pkcs7/t/3des.pem
===================================================================
--- crypto/openssl/crypto/pkcs7/t/3des.pem (revision 279126)
+++ crypto/openssl/crypto/pkcs7/t/3des.pem (working copy)
@@ -1,16 +0,0 @@
------BEGIN PKCS7-----
-MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
-ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEC2vXI1xQDW6lUHM3zQ
-/9uBEBOO5A3TtkrklAXq7v01gsIC21t52qSk36REXY+slhNZ0OQ349tgkTsoETHFLoEwMIHw
-AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
-QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
-UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G
-CSqGSIb3DQEBAQUABEB8ujxbabxXUYJhopuDm3oDq4JNqX6Io4p3ro+ShqfIndsXTZ1v5a2N
-WtLLCWlHn/habjBwZ/DgQgcKASbZ7QxNMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
-oAQIbsL5v1wX98KggAQoAaJ4WHm68fXY1WE5OIjfVBIDpO1K+i8dmKhjnAjrjoyZ9Bwc8rDL
-lgQg4CXb805h5xl+GfvSwUaHJayte1m2mcOhs3J2YyqbQ+MEIMIiJQccmhO3oDKm36CFvYR8
-5PjpclVcZyX2ngbwPFMnBAgy0clOAE6UKAAAAAAAAAAAAAA=
------END PKCS7-----
-
Index: crypto/openssl/crypto/pkcs7/t/3dess.pem
===================================================================
--- crypto/openssl/crypto/pkcs7/t/3dess.pem (revision 279126)
+++ crypto/openssl/crypto/pkcs7/t/3dess.pem (working copy)
@@ -1,32 +0,0 @@
------BEGIN PKCS7-----
-MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
-BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR
-BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv
-ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE
-AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow
-gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu
-ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG
-A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m
-dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh
-hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg
-hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP
-igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds
-syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG
-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
-ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB
-kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l
-MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
-TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB
-BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf
-mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s
-8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx
-ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP
-BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ
-REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB
-AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B
-CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG
-SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv
-BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA
-9CWR6g==
------END PKCS7-----
Index: crypto/openssl/crypto/pkcs7/t/c.pem
===================================================================
--- crypto/openssl/crypto/pkcs7/t/c.pem (revision 279126)
+++ crypto/openssl/crypto/pkcs7/t/c.pem (working copy)
@@ -1,48 +0,0 @@
-issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA
-subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com
-serial :047D
-
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1149 (0x47d)
- Signature Algorithm: md5withRSAEncryption
- Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA
- Validity
- Not Before: May 13 05:40:58 1998 GMT
- Not After : May 12 05:40:58 2000 GMT
- Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Modulus:
- 00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:
- 73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:
- 89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:
- fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:
- e7:e7:0c:4d:0b
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Netscape Comment:
- Generated with SSLeay
- Signature Algorithm: md5withRSAEncryption
- 52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:
- f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:
- d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:
- 50:74:ad:92:cb:4e:90:e5:fa:7d
-
------BEGIN CERTIFICATE-----
-MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV
-MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE
-ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E
-IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw
-NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
-UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0
-aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG
-9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf
-lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB
-hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA
-UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8
-4A3ZItobUHStkstOkOX6fQ==
------END CERTIFICATE-----
-
Index: crypto/openssl/crypto/pkcs7/t/ff
===================================================================
--- crypto/openssl/crypto/pkcs7/t/ff (revision 279126)
+++ crypto/openssl/crypto/pkcs7/t/ff (working copy)
@@ -1,32 +0,0 @@
------BEGIN PKCS7-----
-MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
-BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR
-BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv
-ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE
-AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow
-gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu
-ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG
-A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m
-dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh
-hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg
-hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP
-igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds
-syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG
-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
-ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB
-kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l
-MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
-TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB
-BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf
-mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s
-8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx
-ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP
-BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ
-REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB
-AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B
-CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG
-SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv
-BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA
-9CWR6g==
------END PKCS7-----
Index: crypto/openssl/crypto/pkcs7/t/msie-e
===================================================================
--- crypto/openssl/crypto/pkcs7/t/msie-e (revision 279126)
+++ crypto/openssl/crypto/pkcs7/t/msie-e (working copy)
@@ -1,20 +0,0 @@
-
-MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV
-BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k
-aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABECMzu8y
-wQ/qZbO8cAGMRBF+mPruv3+Dvb9aWNZ2k8njUgqF6mcdhVB2MkGcsG3memRXJBixvMYWVkU3qK4Z
-VuKsMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE
-BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
-UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG
-SIb3DQEBAQUABEBcWwYFHJbJGhiztt7lzue3Lc9CH5WAbyR+2BZ3uv+JxZfRs1PuaWPOwRa0Vgs3
-YwSJoRfxQj2Gk0wFqG1qt6d1MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQI8vRlP/Nx
-2iSggASCAZhR5srxyspy7DfomRJ9ff8eMCtaNwEoEx7G25PZRonC57hBvGoScLtEPU3Wp9FEbPN7
-oJESeC+AqMTyTLNy8aQsyC5s53E9UkoIvg62ekYZBbXZqXsrxx4PhiiX3NH8GVh42phB0Chjw0nK
-HZeRDmxGY3Cmk+J+l0uVKxbNIfJIKOguLBnhqmnKH/PrnzDt591u0ULy2aTLqRm+4/1Yat/QPb6J
-eoKGwNPBbS9ogBdrCNCp9ZFg3Xar2AtQHzyTQIfYeH3SRQUpKmRm5U5o9p5emgEdT+ZfJm/J4tSH
-OmbgAFsbHQakA4MBZ4J5qfDJhOA2g5lWk1hIeu5Dn/AaLRZd0yz3oY0Ieo/erPWx/bCqtBzYbMe9
-qSFTedKlbc9EGe3opOTdBZVzK8KH3w3zsy5luxKdOUG59YYb5F1IZiWGiDyuo/HuacX+griu5LeD
-bEzOtZnko+TZXvWIko30fD79j3T4MRRhWXbgj2HKza+4vJ0mzcC/1+GPsJjAEAA/JgIEDU4w6/DI
-/HQHhLAO3G+9xKD7MvmrzkoAAAAAAAAAAAAA
-
-
Index: crypto/openssl/crypto/pkcs7/t/msie-e.pem
===================================================================
--- crypto/openssl/crypto/pkcs7/t/msie-e.pem (revision 279126)
+++ crypto/openssl/crypto/pkcs7/t/msie-e.pem (working copy)
@@ -1,22 +0,0 @@
------BEGIN PKCS7-----
-MIAGCSqGSIb3DQEHA6CAMIIDkAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ
-bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT
-aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ
-uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQIzO7zLBD+pls7xwAYxEEX6Y+u6/f4O9
-v1pY1naTyeNSCoXqZx2FUHYyQZywbeZ6ZFckGLG8xhZWRTeorhlW4qwwgfACAQAw
-gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
-EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT
-GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW
-QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQFxbBgUclskaGLO23uXO57ctz0If
-lYBvJH7YFne6/4nFl9GzU+5pY87BFrRWCzdjBImhF/FCPYaTTAWobWq3p3UwggHD
-BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECPL0ZT/zcdokgIIBmFHmyvHK
-ynLsN+iZEn19/x4wK1o3ASgTHsbbk9lGicLnuEG8ahJwu0Q9Tdan0URs83ugkRJ4
-L4CoxPJMs3LxpCzILmzncT1SSgi+DrZ6RhkFtdmpeyvHHg+GKJfc0fwZWHjamEHQ
-KGPDScodl5EObEZjcKaT4n6XS5UrFs0h8kgo6C4sGeGqacof8+ufMO3n3W7RQvLZ
-pMupGb7j/Vhq39A9vol6gobA08FtL2iAF2sI0Kn1kWDddqvYC1AfPJNAh9h4fdJF
-BSkqZGblTmj2nl6aAR1P5l8mb8ni1Ic6ZuAAWxsdBqQDgwFngnmp8MmE4DaDmVaT
-WEh67kOf8BotFl3TLPehjQh6j96s9bH9sKq0HNhsx72pIVN50qVtz0QZ7eik5N0F
-lXMrwoffDfOzLmW7Ep05Qbn1hhvkXUhmJYaIPK6j8e5pxf6CuK7kt4NsTM61meSj
-5Nle9YiSjfR8Pv2PdPgxFGFZduCPYcrNr7i8nSbNwL/X4Y+wmMAQAD8mAgQNTjDr
-8Mj8dAeEsA7cb73EoPsy+avOSgAAAAA=
------END PKCS7-----
Index: crypto/openssl/crypto/pkcs7/t/msie-enc-01
===================================================================
--- crypto/openssl/crypto/pkcs7/t/msie-enc-01 (revision 279126)
+++ crypto/openssl/crypto/pkcs7/t/msie-enc-01 (working copy)
@@ -1,62 +0,0 @@
-
-MIAGCSqGSIb3DQEHA6CAMIACAQAxgfMwgfACAQAwgZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYD
-VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0
-IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMT
-EkRFTU8gWkVSTyBWQUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQKvMaW8xh6oF/X+CJivz
-IZV7yHxlp4O3NHQtWG0A8MOZB+CtKlU7/6g5e/a9Du/TOqxRMqtYRp63pa2Q/mM4IYMwgAYJ
-KoZIhvcNAQcBMBoGCCqGSIb3DQMCMA4CAgCgBAifz6RvzOPYlKCABIGwxtGA/FLBBRs1wbBP
-gDCbSG0yCwjJNsFg89/k6xuXo8c5YTwsw8+XlIVq03navpew6XxxzY090rD2OJ0t6HA6GqrI
-pd8WiSh/Atqn0yfLFmkLqgIAPRfzxUxqUocxLpQsLIFp2YNUGE+yps+UZmIjw/WHfdqrcWTm
-STSvKuy3UkIJZCkGDBpTvqk4BFaHh4oTXEpgpNY+GKxjf9TDN9GQPqQZR7sgQki4t2g4/Saq
-Kl4EMISgluk6swdND0tiHY7v5d6YR29ePCl2/STJ98eJpWkEEC22GNNvOy7ru/Rv2He4MgQg
-optd7sk9MMd9xhJppg7CcH/yDx//HrtgpOcWmn6VxpgECFqon4uXkQtIBIH4PaNclFn7/hLx
-Pw2VmBGaC0SYF3U1jyN96EBxdjqy8Aa6ByMXYDW5BcfqniD5mYXfw+b81lh1kutxaPaV4YJ9
-ZlRUW752N7VHo/fG0/fukoe5W9a8kIhgLpygllb/GP4oSF4wM6n1/OgRzZj2IWFiobKO4d/t
-Mnh+C+PoEVAuFZcxQwi9GqvsK5OoIjVwNx0XcVSOl1TTYS9SwC7ugMBCab73JiruC24pL78Y
-M+NaIpIQ3On4DokJA2ZHtjBjZIxF4tKA144RvFN6pBd6TVE5XM6KD/Vh9bjSmujtEAfdQ3Te
-dvKJsbZuu0stErbvWcRy11I328l557EECAJT7d44OJ3rBBBj6bnnx6dDU2SRqp2CEoQaBAhK
-RBuyhNxkygQIOY9/NhwqAJAECOvX0Zd0DqgoBAjobPpMHhVV3gQQWLU2vEoZ51BwzxdzCmxO
-wwQI4oKfudaNqoAESKzBNAqv5kGumHOlMKsRfrs7jZCcSaOuEj97pYx08FLEgF23cav39MOQ
-NUEM1dNU+EYslL4o3RoSHRjUgPU+2t9c0prS9A/bPARIEOP94PynaTNxwHi3VTK7SzuQmgzA
-4n942E9joSiqsQPlsKAb3sPUaLC3SuUxSjNBgfpvD0bmrA/5h+WZoYXvIogFpwjkSmnFBEie
-0lh5Ov1aRrvCw5/j3Q/W/4ZtN5U+aeVBJMtA8n0Mxd5kPxHbNVh4oGprZ6wEegV8ht3voyZa
-mZ5Cyxc8ffMYnM/JJI6/oEYEUEMyyiS5FnYyvxKzfMtyn2lZ2st9nZGNNgMc9N62r5HgNbdD
-FHuRdKKzV+8kQfuMc3mOPpK1t9TFY+QgrxiB5p6S7VooI97YtP3PbfknszCEBEh4PdXYbbaR
-3AacN3Q5kYYmWsq3WW6xgrg0mmEGosGvwSQxBBuiXZrxScCa4ivEq05UZwyShePvKduOvnUE
-2zDO6IXFLZxhTZAESEm9/FovLgGAiJ7iMGmYvsISLJScwG4n+wrSaQNQXizs9N3ykys54wBN
-d/+BQ4F7pncHhDQ2Dyt5MekB8Y8iNOocUTFCu524vQRIaWCXmXP3vU7D21dp0XnAMzRQJ565
-JV3aHRoY7XDa4LePa7PP9ywyafOE5yCW7ndqx3J+2JhTDvSFsW8/q3H3iyeFhykuJVS6BFDK
-6CmKbnyyjOfE2iLGJmTFa905V2KrVDCmlEu/xyGMs80yTyZC+ySzM83FMVvLEQmSzcTNUZVp
-DfA1kNXbXkPouBXXT6g8r8JCRljaKKABmgRIlMheOJQRUUU4cgvhMreXPayhq5Ao4VMSCkA5
-hYRCBczm4Di/MMohF0SxIsdRY6gY9CPnrBXAsY6h1RbR7Tw0iQZmeXi52DCiBEj0by+SYMAa
-9z0CReIzl8JLL6EVIFz8kFxlkGWjr4dnOzhhPOq/mCpp0WxbavDfdhE87MdXJZBnLwoT62QG
-955HlAoEQBOGJbcESCgd5XSirZ9Y3AbCfuKOqoMBvEUGn+w/pMaqnGvnr5FZhuBDKrhRXqtx
-QsxA//drGUxsrZOuSL/0+fbvo7n2h1Z8Ny86jOvVZAQIAjw2l1Yc5RAESNc9i3I8pKEOVQf/
-UBczJ0NR9aTEF80dRg2lpXwD0ho4N0AvSiVbgxC7cPZHQwIqvq9LHRUs/4n+Vu3SVYU3cAxo
-lUTiCGUSlARIF+TD57SI5+RI+MNtnD9rs4E1ml51YoHGWFj3UPriDmY0FKEwIgqtMXMY3fZ9
-Kq8d83bjDzxwbDX7WwR7KbSeJWT42pCz7kM+BEjjPsOnZHuusXT3x2rrsBnYtYsbt98mSFiS
-KzTtFmXfkOBbCQdit1P76QnYJ1aXMGs6zP6GypQTadK/zYWvlm38QkVwueaJ0woESKW2pqKA
-70h2UMDHOrpepU1lj0YMzmotDHSTU3L909VvUMNg9uqfrQ6mSkb9j5Tl8oF2otOw5EzA1Yda
-KPmgsv62RWLYl80wXQRQwG0e/mgG75jp9lOhJdVXqcYbQpS9viwVaVkwH+69mu/bQI4gjoEs
-UYX6O71Re2z+cYhcm9UrK+DXuSFBXQOIlAFxKMW4B0apd6fU84FsZLMESOorXE5OE0A2B2ji
-J8QI0Exk4hUvWrMNJfUZwFyS7E05xV9ORuX1xmsKqkT4tVR5Nqln4vhvAY860VBoloz0CDkd
-8seSBEjeMgRI9FvpYuflIeHg9urkwp6N+1f0DrJJhJY9ZQ0HTQhziJmIfvbEjNqCl7hEC28+
-F8I5tuViLgfSwcFFCvnS6WFoN4X6QdFdqMCbBEjdlI1c+IQGA/IuTDMJYCuQ/v+8BG5ZeWVH
-icPZmXfRat9eFK1dGKAJef6+Tf9HPuDjSpDyffrifsp7Dc34lmm7GN1+ON3ZMtwEUNm6epb8
-1RKWjoI7jIKUV/M2p/0eeGSqs4b06KF/VR6dBwsJVL5DpnTsp3MV4j/CAOlRdSPZ5++tsKbM
-aplk+ceqQtpEFz1MYTtVV4+rlrWaBEA1okJyNZ5/tNOwM7B+XfOZ0xw+uyVi9v4byTZM2Qds
-J+d3YGYLAugTGHISLqQEerD8/gGK+/SL06b2gNedXPHtBAiBKX+Mdy3wFQQIqE9gVgvrFNUE
-CKKoTFoMGqnPBAjDPgLCklNfrwQI3Ek1vSq68w8ECBodu2FOZJVkBAgzwjfSr2N9WQQQTCoQ
-KkAbrS9tnjXn1I3+ZwQIrPx3eINo/YUECIeYWCFskxlYBAiDUdvZXwD3vgQIkEyZbbZWbUUE
-CH4+odl1Isk3BBj68fkqJ0fKJRWVLWuW/O3VE4BOPKwFlaIECFseVTdDUho8BAj+cOKvV2WA
-hgQgaXr+wwq+ItblG0Qxz8IVUXX6PV2mIdHwz4SCCvnCsaIECJhBYxdfLI/XBCDswamPn9MR
-yXi2HVQBineV+GtWVkIoZ2dCLFB9mQRMoAQI0nUR5a5AOJoECA+AunKlAlx8BAi5RtFeF4g1
-FQQIz/ie+16LlQcECOmNuVg5DXjMBAjH2nkfpXZgWwQIVdLuO/+kuHAECO/5rEHmyI9vBBD4
-16BU4Rd3YerDQnHtrwOQBCCkho1XxK5Maz8KLCNi20wvcGt8wsIXlj2h5q9ITBq7IgQQvKVY
-4OfJ7bKbItP2dylwQgQYPIGxwkkbRXNraONYvN19G8UdF35rFOuIBAjf0sKz/618ZQQIxObr
-xJkRe0sECIC+ssnjEb2NBBBI+XM4OntVWGsRV9Td3sFgBAinGwIroo8O0gQQMGAwgc9PaLaG
-gBCiwSTrYQQIVHjfCQgOtygEUIoraFoANfhZgIShpOd/RRxFU4/7xZR5tMdGoYz/g0thR0lM
-+Hi88FtFD4mAh/Oat4Ri8B7bv04aokjN2UHz6nPbHHjZ8zIqpbYTCy043GNZBAhOqjyB2JbD
-NwQoR23XCYD9x6E20ChHJRXmaHwyMdYXKl5CUxypl7ois+sy2D7jDukS3wQIsTyyPgJi0GsA
-AAAAAAAAAAAA
-
Index: crypto/openssl/crypto/pkcs7/t/msie-enc-01.pem
===================================================================
--- crypto/openssl/crypto/pkcs7/t/msie-enc-01.pem (revision 279126)
+++ crypto/openssl/crypto/pkcs7/t/msie-enc-01.pem (working copy)
@@ -1,66 +0,0 @@
------BEGIN PKCS7-----
-MIAGCSqGSIb3DQEHA6CAMIILyAIBADGB8zCB8AIBADCBmTCBkjELMAkGA1UEBhMC
-QVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYD
-VQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
-TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBAgIEbjANBgkq
-hkiG9w0BAQEFAARAq8xpbzGHqgX9f4ImK/MhlXvIfGWng7c0dC1YbQDww5kH4K0q
-VTv/qDl79r0O79M6rFEyq1hGnrelrZD+YzghgzCCCssGCSqGSIb3DQEHATAaBggq
-hkiG9w0DAjAOAgIAoAQIn8+kb8zj2JSAggqgxtGA/FLBBRs1wbBPgDCbSG0yCwjJ
-NsFg89/k6xuXo8c5YTwsw8+XlIVq03navpew6XxxzY090rD2OJ0t6HA6GqrIpd8W
-iSh/Atqn0yfLFmkLqgIAPRfzxUxqUocxLpQsLIFp2YNUGE+yps+UZmIjw/WHfdqr
-cWTmSTSvKuy3UkIJZCkGDBpTvqk4BFaHh4oTXEpgpNY+GKxjf9TDN9GQPqQZR7sg
-Qki4t2g4/SaqKl6EoJbpOrMHTQ9LYh2O7+XemEdvXjwpdv0kyffHiaVpBBAtthjT
-bzsu67v0b9h3uDKim13uyT0wx33GEmmmDsJwf/IPH/8eu2Ck5xaafpXGmFqon4uX
-kQtIPaNclFn7/hLxPw2VmBGaC0SYF3U1jyN96EBxdjqy8Aa6ByMXYDW5BcfqniD5
-mYXfw+b81lh1kutxaPaV4YJ9ZlRUW752N7VHo/fG0/fukoe5W9a8kIhgLpygllb/
-GP4oSF4wM6n1/OgRzZj2IWFiobKO4d/tMnh+C+PoEVAuFZcxQwi9GqvsK5OoIjVw
-Nx0XcVSOl1TTYS9SwC7ugMBCab73JiruC24pL78YM+NaIpIQ3On4DokJA2ZHtjBj
-ZIxF4tKA144RvFN6pBd6TVE5XM6KD/Vh9bjSmujtEAfdQ3TedvKJsbZuu0stErbv
-WcRy11I328l557ECU+3eODid62PpuefHp0NTZJGqnYIShBpKRBuyhNxkyjmPfzYc
-KgCQ69fRl3QOqCjobPpMHhVV3li1NrxKGedQcM8XcwpsTsPigp+51o2qgKzBNAqv
-5kGumHOlMKsRfrs7jZCcSaOuEj97pYx08FLEgF23cav39MOQNUEM1dNU+EYslL4o
-3RoSHRjUgPU+2t9c0prS9A/bPBDj/eD8p2kzccB4t1Uyu0s7kJoMwOJ/eNhPY6Eo
-qrED5bCgG97D1Giwt0rlMUozQYH6bw9G5qwP+YflmaGF7yKIBacI5EppxZ7SWHk6
-/VpGu8LDn+PdD9b/hm03lT5p5UEky0DyfQzF3mQ/Eds1WHigamtnrAR6BXyG3e+j
-JlqZnkLLFzx98xicz8kkjr+gRkMyyiS5FnYyvxKzfMtyn2lZ2st9nZGNNgMc9N62
-r5HgNbdDFHuRdKKzV+8kQfuMc3mOPpK1t9TFY+QgrxiB5p6S7VooI97YtP3Pbfkn
-szCEeD3V2G22kdwGnDd0OZGGJlrKt1lusYK4NJphBqLBr8EkMQQbol2a8UnAmuIr
-xKtOVGcMkoXj7ynbjr51BNswzuiFxS2cYU2QSb38Wi8uAYCInuIwaZi+whIslJzA
-bif7CtJpA1BeLOz03fKTKznjAE13/4FDgXumdweENDYPK3kx6QHxjyI06hxRMUK7
-nbi9aWCXmXP3vU7D21dp0XnAMzRQJ565JV3aHRoY7XDa4LePa7PP9ywyafOE5yCW
-7ndqx3J+2JhTDvSFsW8/q3H3iyeFhykuJVS6yugpim58soznxNoixiZkxWvdOVdi
-q1QwppRLv8chjLPNMk8mQvskszPNxTFbyxEJks3EzVGVaQ3wNZDV215D6LgV10+o
-PK/CQkZY2iigAZqUyF44lBFRRThyC+Eyt5c9rKGrkCjhUxIKQDmFhEIFzObgOL8w
-yiEXRLEix1FjqBj0I+esFcCxjqHVFtHtPDSJBmZ5eLnYMKL0by+SYMAa9z0CReIz
-l8JLL6EVIFz8kFxlkGWjr4dnOzhhPOq/mCpp0WxbavDfdhE87MdXJZBnLwoT62QG
-955HlAoEQBOGJbcoHeV0oq2fWNwGwn7ijqqDAbxFBp/sP6TGqpxr56+RWYbgQyq4
-UV6rcULMQP/3axlMbK2Trki/9Pn276O59odWfDcvOozr1WQCPDaXVhzlENc9i3I8
-pKEOVQf/UBczJ0NR9aTEF80dRg2lpXwD0ho4N0AvSiVbgxC7cPZHQwIqvq9LHRUs
-/4n+Vu3SVYU3cAxolUTiCGUSlBfkw+e0iOfkSPjDbZw/a7OBNZpedWKBxlhY91D6
-4g5mNBShMCIKrTFzGN32fSqvHfN24w88cGw1+1sEeym0niVk+NqQs+5DPuM+w6dk
-e66xdPfHauuwGdi1ixu33yZIWJIrNO0WZd+Q4FsJB2K3U/vpCdgnVpcwazrM/obK
-lBNp0r/Nha+WbfxCRXC55onTCqW2pqKA70h2UMDHOrpepU1lj0YMzmotDHSTU3L9
-09VvUMNg9uqfrQ6mSkb9j5Tl8oF2otOw5EzA1YdaKPmgsv62RWLYl80wXcBtHv5o
-Bu+Y6fZToSXVV6nGG0KUvb4sFWlZMB/uvZrv20COII6BLFGF+ju9UXts/nGIXJvV
-Kyvg17khQV0DiJQBcSjFuAdGqXen1POBbGSz6itcTk4TQDYHaOInxAjQTGTiFS9a
-sw0l9RnAXJLsTTnFX05G5fXGawqqRPi1VHk2qWfi+G8BjzrRUGiWjPQIOR3yx5IE
-SN4y9FvpYuflIeHg9urkwp6N+1f0DrJJhJY9ZQ0HTQhziJmIfvbEjNqCl7hEC28+
-F8I5tuViLgfSwcFFCvnS6WFoN4X6QdFdqMCb3ZSNXPiEBgPyLkwzCWArkP7/vARu
-WXllR4nD2Zl30WrfXhStXRigCXn+vk3/Rz7g40qQ8n364n7Kew3N+JZpuxjdfjjd
-2TLc2bp6lvzVEpaOgjuMgpRX8zan/R54ZKqzhvTooX9VHp0HCwlUvkOmdOyncxXi
-P8IA6VF1I9nn762wpsxqmWT5x6pC2kQXPUxhO1VXj6uWtZo1okJyNZ5/tNOwM7B+
-XfOZ0xw+uyVi9v4byTZM2QdsJ+d3YGYLAugTGHISLqQEerD8/gGK+/SL06b2gNed
-XPHtgSl/jHct8BWoT2BWC+sU1aKoTFoMGqnPwz4CwpJTX6/cSTW9KrrzDxodu2FO
-ZJVkM8I30q9jfVlMKhAqQButL22eNefUjf5nrPx3eINo/YWHmFghbJMZWINR29lf
-APe+kEyZbbZWbUV+PqHZdSLJN/rx+SonR8olFZUta5b87dUTgE48rAWVolseVTdD
-Uho8/nDir1dlgIZpev7DCr4i1uUbRDHPwhVRdfo9XaYh0fDPhIIK+cKxophBYxdf
-LI/X7MGpj5/TEcl4th1UAYp3lfhrVlZCKGdnQixQfZkETKDSdRHlrkA4mg+AunKl
-Alx8uUbRXheINRXP+J77XouVB+mNuVg5DXjMx9p5H6V2YFtV0u47/6S4cO/5rEHm
-yI9v+NegVOEXd2Hqw0Jx7a8DkKSGjVfErkxrPwosI2LbTC9wa3zCwheWPaHmr0hM
-GrsivKVY4OfJ7bKbItP2dylwQjyBscJJG0Vza2jjWLzdfRvFHRd+axTriN/SwrP/
-rXxlxObrxJkRe0uAvrLJ4xG9jUj5czg6e1VYaxFX1N3ewWCnGwIroo8O0jBgMIHP
-T2i2hoAQosEk62FUeN8JCA63KIoraFoANfhZgIShpOd/RRxFU4/7xZR5tMdGoYz/
-g0thR0lM+Hi88FtFD4mAh/Oat4Ri8B7bv04aokjN2UHz6nPbHHjZ8zIqpbYTCy04
-3GNZTqo8gdiWwzdHbdcJgP3HoTbQKEclFeZofDIx1hcqXkJTHKmXuiKz6zLYPuMO
-6RLfsTyyPgJi0GsAAAAA
------END PKCS7-----
Index: crypto/openssl/crypto/pkcs7/t/msie-enc-02
===================================================================
--- crypto/openssl/crypto/pkcs7/t/msie-enc-02 (revision 279126)
+++ crypto/openssl/crypto/pkcs7/t/msie-enc-02 (working copy)
@@ -1,90 +0,0 @@
-
-MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV
-BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k
-aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABEACr4tn
-kSzvo3aIlHfJLGbfokNCV6FjdDP1vQhL+kdXONqcFCEf9ReETCvaHslIr/Wepc5j2hjZselzgqLn
-rM1ZMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE
-BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
-UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG
-SIb3DQEBAQUABEBanBxKOvUoRn3DiFY55lly2TPu2Cv+dI/GLrzW6qvnUMZPWGPGaUlPyWLMZrXJ
-xGXZUiRJKTBwDu91fnodUEK9MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQImxKZEDWP
-EuOggASCBACBi1bX/qc3geqFyfRpX7JyIo/g4CDr62GlwvassAGlIO8zJ5Z/UDIIooeV6QS4D4OW
-PymKd0WXhwcJI0yBcJTWEoxND27LM7CWFJpA07AoxVCRHTOPgm794NynLecNUOqVTFyS4CRuLhVG
-PAk0nFZG/RE2yMtx4rAkSiVgOexES7wq/xWuoDSSmuTMNQOTbKfkEKqdFLkM/d62gD2wnaph7vKk
-PPK82wdZP8rF3nUUC5c4ahbNoa8g+5B3tIF/Jz3ZZK3vGLU0IWO+i7W451dna13MglDDjXOeikNl
-XLsQdAVo0nsjfGu+f66besJojPzysNA+IEZl6gNWUetl9lim4SqrxubUExdS2rmXnXXmEuEW/HC7
-dlTAeYq5Clqx5id6slhC2C2oegMww3XH9yxHw6OqzvXY6pVPEScEtBMQLgaKFQT+m2SRtbTVFG7c
-QcnUODyVB1IbpQTF1DHeeOX1W/HfpWZym8dzkti6SCyeumHmqO406xDiIMVKtHOqM86nEHuAMZsr
-cLy+ey6TEJvR6S4N8QRzng8JJDZDTJXQN6q84aEudsnOrw2KyOVwPpI6ey4qBsHUgQ8kAFy5lsQa
-WV45h6exgUwbBcKLgPZGFj+OdD2RKJsTb83/UqbJS5Q/lGXhzBlnaYucyJxEprRxbntmcnOEPFJe
-+tRDUwOTd7qlJljdhIJL+uDcooL9Ahgo6Cwep6tduekv2cSEohJeTE8Dvy34YRhMbLvnFNdmnpNy
-rNZDYVVxxaKoyd2AfB8NPFZh1VdAYfI3R1QAQ2kXEef5NNIfVQfMzD9akJn4RP+Kv32Qaxm4FrnK
-xmwRyGJShavIBc2ax+F1r1+NZXuSBHn5vfoRTxOk0ST4dXsw74dnlYUMRaSu4qqUdM9jsXSyeX4Z
-gQgkR2bkaYO6ezFgenFIa7QWVw8rXZAEZ5aibCxbnY1VE41PYIvhlLdbFJhH9gY22s+fFAuwnzyA
-SRjC40A9aAEItRlaPStWSGiqlLRgNkBBwdpv2l2YPBd2QzHx6ek6XGrvRJuAC+Nh62rtQKwpNH54
-YAOHW55maBFW2SQ3TF+cZ6NbbqhCmHTyyR7mcSYc9sXSVDWEhYKQ1iyU870zhHWVpvglZizZetJC
-ZFjYex3b1ngVdcgargOvpPq9urCKKi2mbkqv/EFpzSWGXkKSpfCG/XfMnEOtkNrB8S06vnk2JcJB
-OBqJot+uuSH5hOg0vTpxX2DuONJSiWSWyfRE/lTfJJFXwhod7SXclUyXPeSyibcSic2hVAzDmwjD
-31js/j2k02PI/agPhr3UQ8cMgcNAiaoCKbNaWfn6BGbCAbTchxzUlo2cSJiLlrX2IDZmfXbXmZCo
-m1smWIG+BIIEALiuAxDb6dWLAYyVBoN9hYI4AiPeZAY9MtvQ6AV8o2/EFm6PvYGXy3Hei5830CH0
-PBeX7Kdd6ff1y33TW/l5qSkIL1ULTGR7okFfJePHDmq1dFt6/JOMptiQ8WSu7CsJQvZ9VTFXeYFc
-ZqCPPZc1NrPegNK70Zf9QxWIbDAevJ5KLBf1c6j8pU2/6LnvDY6VjaTvYSgr7vTR8eVzH4Rm77W0
-iOHxg5VcODv6cGSVyuvbX8UAGo8Cmb58ERDtBDJBQXVpWKLNAuDJ9GX8n2zNkpjZLbPSkcmuhqGa
-BJBE/BaCTkUQWlY9dIbRtEnxIU1mfbPPdx1Ppa8DqGDjSOsQdKcKYNNZtayEw++EIpmpdBNsKphC
-fB8UEK2Wkk4ZVW+qyGoi/r0MFsvO1NmSOOZ0o/jy/YHmoeURHhPy97AO3eVTkEAa5CfJEJybmo56
-7CDw/FwoGAUCgsoz7rlxzMudr/IhHIH+APinncxXlHO2ecvHD9i8DaHGA8tVifgsUhqQoZieULut
-eF94O5UAxOkv41UZssYTwN4nYrN1QkesZl3BX4ORS4EE30/PQ23ARf3WZptZrCJevGm2ZYzGeh8x
-g17mCDfiLO+bff4qP/4mC96Pu4ia6j4to5BwKIJS/+DCuoD8WeSKF4pugXQkMUiHdQnNnVP9Sp2O
-/4ly5mO8JzrQC59V2bnTNBqPhpno8kfJvK5TypPSVC+bTzern3rJ6UceB3srcn9zxKx9GdNydJQj
-yWjv8ec3n3d1nuQwhz5Q053NBhIjwoGg3Go7LO6i78ZOlpF7dcoAO13NfHLyNjnyHCaiWtVRTct9
-rLf5vN00urSn8YJngHk1eTKK8nHGIcOg6YdYDOD2nE5XwRijKmieG8Xa3eKRzfbL06GrBQENle6J
-mC131bp3cRVxpjq+o6RAbGoMm4yICsL4eTarCQrsyHmoPHqr91UHo91avyxU7knWmEhX27ybmsrs
-8aeZwPHixL14TeyhruCqRVvkf1Ks7P+z8MPUboGNqQe2WLN8ktCGEr15O8MJR/em86G03Jfo4oaw
-/DVUH5RwLT6acedOGuzMh/2r8BcmemhVQ8/cWvV4YJ0tOW4hzyVHC5hQf8sZ3LzxXLH6Ohnrbprh
-xvrdbaSdChWZDDP0bCCbxEhkwuBkBeKZrMbwRTP+TPTPYLVTH/CmKLzKh/114tkGkyO3hHS4qExU
-V39F2Sj4mylx+hD0+20D9pntpNi7htccGlOm6yNM69at/3+kLgJJyoIlaxLcCUYHNMifDt+T3p/t
-5U4XmD53uUQ6M8dvj/udqPekNSUfse15yrd9pjOt5PcJuqW28q0sFHf9pHIgz3XZFMe5PD7ppw6r
-S+C6Ir4PrYIEggQA7ZDVtiCm+BbtNNB/UJm79/OQ5mp5bTI0kPmDeycaWTa0Ojpum+c/dpG/iJOB
-DICj7jHOXSHT7JlGyX6aSFJUltucAnZvwzhPDmdDaIDiKSk85GqgdDWVfGosSCX9Ph/T3WpIxnwf
-WSDRtIHkWTjly+pe4yy5K6/XISy/L5Zh/fhiI5fjHjgzmlibs2ru4nVw6hBhUvlSSe2BEs5d9h/y
-NH8Wy3qvb2D3jh7hkepFtZJGNTHp8ZUC7Ns2JIpQYObsaxdI65i3mMOu7fRwI+0/4ejsWhP6KCEi
-LgwvLg0qM82ma6YB7qHAHboaczRVEffDcJUG4a5uycB0DoZFn+uEaEFyili20hCn4hVfsqUQk2PT
-8Mo1tSl5e30xI1YJZrRgiJm9nHRX6fLizngP+ILJLPHZsPvlSVIfY+/v/FR8feKOjaGhyGF51BAx
-aM2NIQ4jMP5/X+U5gQybi0E6u7rroDhaHsKmCMgXqszwXWCpedA/sEbeHpiTC59YlPPSlIOMc9vP
-Ko/mQCfWy/9icUaIfKQldvkllUxxNkqu6AbIpHVscbAEzSPs5xbQXU8EZNNCDisFnnpY3nQ3eLnl
-m89saTJxRb7NWHRMlmPv7qgD7uMIq3vdOGA7i5wT9MeoNIgK1/DsgH30s6RWjJy4YyyLmRTXPzbj
-hbQVpEmiMRbEidIvUx2OjKVxVQIcgtLsa2lvHQ4XL1cpLr5GVtOgy0fMg5OCDUUDsvjgjgLQ3P2U
-p2nVY5FM6/QpPc5DTLuuR9ekI2/c9Biz09RtcYDUQK2ajdo8h1IyKqHFoB7h48OXxXKKY94DY0TG
-x6PonB/epj8orAw4QKmm5M0vXYwBOqRymCTHTqOJGObdLx1euFFyqguzHJOU2gAGZI0z9Lg1yRuF
-yhdPZyuniIcmtLNxRZ1duYHErcAyX56qndmLXt7UVkATai/rIMuoJLfAsUnVuTUS5p7tJM754UZT
-7lTcXvDJgOUNnBRaIcxC3pxvbrYDJ2iFJ72xkxUP2p74gucqg25XnCVmQuLg6zDDxF6CLuw9isxy
-Xg4pkneMN//7fpp8GYl9nyZm2yqYYM+jcw0fcVc64L+X4w/gL3H2UMGgxIHSJp7HIG7VKHtXrNyj
-dPXXPVUsMsAAimqOr0Lr2sZWirfuivLaPTqhbkvG5PF7K3gT80AOIcd/6EIHBy2hZ7ukfjHmdP4L
-yQOhTQklaKzGHI0mypq0uFLWJOUlZnVrMiLP1xrWkpC8Ro9eo6mfjjQ45z8adC43a47klwTEzvod
-3rNEFIGJJUEjAN3mbqie7IxoSJknBBJK0D9lZEQ8lZWlq7vuN8JdqPM6xh155jMVsPwjLK6Tzkj5
-BpRD9Tgm3u6HPQSCBADgkWEN75Mu9TGosXY0xm1k6K6sPv8L949CrLWo4r1I2LA072bTGvQP28Vs
-hUA76jgcT1ocC++9PoktIK10YCq5w+FfMAQ04KeCXuAdmiY2iAT4Slea61PMCMta3mVGyLUZCLEm
-P+I0UKR5mlO0fGEcjU9j8TmbjZqxNFqloLsU7oSi7Os0EtYHkdAVrExUyOc/ZDie6fBjdLTmLdCm
-bE9JNwjlbXypdTZupGgLNhKGDIskUAAMwZYayI6YfSIMkNCeAYTnjOuGZZ1msCXGXsfMBR1sfUIj
-9UeGjwD8gq+UVVHX/oeoH/m0eJ5ppqi3+nUlgc9DvpYsC/Fg0G2KuYb9B+VJ+a4GMzQSPREoFtQp
-B9dtLkBb7Ha/hpGWTIdqzW0eAo5llyN8FNvl2Fu2IcLaNmWFO69gLjRKQopp0dvFOuwAVI6fvGDj
-p1WigoNbFZl8N+iiWmzKOjoG2ZLbez1clZCms/JPJrXhEMMOxWpVzkQyN336VWHmGgMcjaKCGSeA
-2nnESIGuiCXMrkHlGfabYIsKcHFCo2t13uXyZPf0zSPTkuD0Eh92wqC9pvA3gvrrCUfo9Mn3bs+e
-KWKmDlpcs8mDn032oIg+zrQhIduMqXVn3evzeVM3B5MBOGMvg51/SXg7R+MC/463juQQEb9IVe/I
-YGnO//oWm9lw/377Af/qH+FnN02obJw1FvesQIs9e5RHNQykKbO+vmVJQl1nd9DZWrHDNO7/80Yz
-2hCm7Tws5nSRN2iFlyRaYJHr7ypxkU2rCak2r6ua7XDwu1qU2RT3+qPjT1RuxQ2oTlHyGkKPMZGC
-Rc+CSWz5aeeCmHZVwdb3nC8YpfsujMiYqygLeuQ82pjKuR7DIKGmnfcOLdv5F+Ek2Wyy0D98iSgk
-+aoQGYLhL9llU13pn21uRsDY5uGcXiIw1IETFlTdgENEv8futZuJsegrp7fmFXyNoNyFNyypeDrM
-6ZqR4vKxFjg3tKKeVpkw/W4EAklzMxmNiazGNDBHsnYV3rwPlKa+HeeE2YxnsKwGLCNgRYUXTaJk
-461vS160z3dvh/mLfdZ7MYCkmO3bNE3ELUDAw7YQkSuo9ujzdFKte9LC34sjg9fOex3ThAg5Y50n
-wYm4zBmGM7yEqL8O6QgnM6tIDFS9XryDaLNzcGhMWqMvhzO6sC/AA2WfLgwS517Cp03IkJQWqG9q
-w52+E+GAtpioJfczEhlv9BrhjttdugRSjJrG8SYVYE4zG3Aur5eNBoGaALIOHOtPw8+JovQmIWcF
-oaJ/WQuglFrWtew51IK6F8RiHAOBVavZOuZcO7tV+5enVfreOd0rX8ZOy4hYmHhmF1hOrrWOn+Ee
-E0SYKonXN01BM9xMBIIBSLCvNAppnGPTUGjwbMJRg1VJ2KMiBWH5oJp8tyfIAxMuWFdtaLYbRSOD
-XbOAshPVK8JAY8DQDkzqaCTAkLTfSRAt9yY6SbUpMsRv7xa8nMZNJBJzJT9b/wNjgiOJgaGuJMkV
-2g/DX2jfP3PrMM/Sbnz7edORXHj1Pa5XTT8nG5MS0FuZgvevdq3o/gVVAz+ZCKOH3ShMzZvfp01l
-SX5gaJTflmU6cdNwtn2yZ6IScF7OrjUeA9iEoSVR9dQcA+4lB3RAG3LMwcnxXY35D7+PMJzHIZdF
-cSnq+n03ACY2/E/T31iijRH29rvYHGI+mP/ieYs45iq4fTWo6i1HofeWLdP0fX7xW3XO0/hWYFiw
-BxKu66whAbRhaib3XJNvetVs25ToYXyiDpjG+cd5rCMei8sGQwTBj9Zeh0URoeMW1inTP0JvCmMU
-rZgAAAAAAAAAAAAA
-
Index: crypto/openssl/crypto/pkcs7/t/msie-enc-02.pem
===================================================================
--- crypto/openssl/crypto/pkcs7/t/msie-enc-02.pem (revision 279126)
+++ crypto/openssl/crypto/pkcs7/t/msie-enc-02.pem (working copy)
@@ -1,106 +0,0 @@
------BEGIN PKCS7-----
-MIAGCSqGSIb3DQEHA6CAMIITQAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ
-bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT
-aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ
-uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQAKvi2eRLO+jdoiUd8ksZt+iQ0JXoWN0
-M/W9CEv6R1c42pwUIR/1F4RMK9oeyUiv9Z6lzmPaGNmx6XOCoueszVkwgfACAQAw
-gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
-EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT
-GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW
-QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQFqcHEo69ShGfcOIVjnmWXLZM+7Y
-K/50j8YuvNbqq+dQxk9YY8ZpSU/JYsxmtcnEZdlSJEkpMHAO73V+eh1QQr0wghFz
-BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECJsSmRA1jxLjgIIRSIGLVtf+
-pzeB6oXJ9GlfsnIij+DgIOvrYaXC9qywAaUg7zMnln9QMgiih5XpBLgPg5Y/KYp3
-RZeHBwkjTIFwlNYSjE0PbsszsJYUmkDTsCjFUJEdM4+Cbv3g3Kct5w1Q6pVMXJLg
-JG4uFUY8CTScVkb9ETbIy3HisCRKJWA57ERLvCr/Fa6gNJKa5Mw1A5Nsp+QQqp0U
-uQz93raAPbCdqmHu8qQ88rzbB1k/ysXedRQLlzhqFs2hryD7kHe0gX8nPdlkre8Y
-tTQhY76LtbjnV2drXcyCUMONc56KQ2VcuxB0BWjSeyN8a75/rpt6wmiM/PKw0D4g
-RmXqA1ZR62X2WKbhKqvG5tQTF1LauZeddeYS4Rb8cLt2VMB5irkKWrHmJ3qyWELY
-Lah6AzDDdcf3LEfDo6rO9djqlU8RJwS0ExAuBooVBP6bZJG1tNUUbtxBydQ4PJUH
-UhulBMXUMd545fVb8d+lZnKbx3OS2LpILJ66Yeao7jTrEOIgxUq0c6ozzqcQe4Ax
-mytwvL57LpMQm9HpLg3xBHOeDwkkNkNMldA3qrzhoS52yc6vDYrI5XA+kjp7LioG
-wdSBDyQAXLmWxBpZXjmHp7GBTBsFwouA9kYWP450PZEomxNvzf9SpslLlD+UZeHM
-GWdpi5zInESmtHFue2Zyc4Q8Ul761ENTA5N3uqUmWN2Egkv64Nyigv0CGCjoLB6n
-q1256S/ZxISiEl5MTwO/LfhhGExsu+cU12aek3Ks1kNhVXHFoqjJ3YB8Hw08VmHV
-V0Bh8jdHVABDaRcR5/k00h9VB8zMP1qQmfhE/4q/fZBrGbgWucrGbBHIYlKFq8gF
-zZrH4XWvX41le5IEefm9+hFPE6TRJPh1ezDvh2eVhQxFpK7iqpR0z2OxdLJ5fhmB
-CCRHZuRpg7p7MWB6cUhrtBZXDytdkARnlqJsLFudjVUTjU9gi+GUt1sUmEf2Bjba
-z58UC7CfPIBJGMLjQD1oAQi1GVo9K1ZIaKqUtGA2QEHB2m/aXZg8F3ZDMfHp6Tpc
-au9Em4AL42Hrau1ArCk0fnhgA4dbnmZoEVbZJDdMX5xno1tuqEKYdPLJHuZxJhz2
-xdJUNYSFgpDWLJTzvTOEdZWm+CVmLNl60kJkWNh7HdvWeBV1yBquA6+k+r26sIoq
-LaZuSq/8QWnNJYZeQpKl8Ib9d8ycQ62Q2sHxLTq+eTYlwkE4Gomi3665IfmE6DS9
-OnFfYO440lKJZJbJ9ET+VN8kkVfCGh3tJdyVTJc95LKJtxKJzaFUDMObCMPfWOz+
-PaTTY8j9qA+GvdRDxwyBw0CJqgIps1pZ+foEZsIBtNyHHNSWjZxImIuWtfYgNmZ9
-dteZkKibWyZYgb64rgMQ2+nViwGMlQaDfYWCOAIj3mQGPTLb0OgFfKNvxBZuj72B
-l8tx3oufN9Ah9DwXl+ynXen39ct901v5eakpCC9VC0xke6JBXyXjxw5qtXRbevyT
-jKbYkPFkruwrCUL2fVUxV3mBXGagjz2XNTaz3oDSu9GX/UMViGwwHryeSiwX9XOo
-/KVNv+i57w2OlY2k72EoK+700fHlcx+EZu+1tIjh8YOVXDg7+nBklcrr21/FABqP
-Apm+fBEQ7QQyQUF1aViizQLgyfRl/J9szZKY2S2z0pHJroahmgSQRPwWgk5FEFpW
-PXSG0bRJ8SFNZn2zz3cdT6WvA6hg40jrEHSnCmDTWbWshMPvhCKZqXQTbCqYQnwf
-FBCtlpJOGVVvqshqIv69DBbLztTZkjjmdKP48v2B5qHlER4T8vewDt3lU5BAGuQn
-yRCcm5qOeuwg8PxcKBgFAoLKM+65cczLna/yIRyB/gD4p53MV5RztnnLxw/YvA2h
-xgPLVYn4LFIakKGYnlC7rXhfeDuVAMTpL+NVGbLGE8DeJ2KzdUJHrGZdwV+DkUuB
-BN9Pz0NtwEX91mabWawiXrxptmWMxnofMYNe5gg34izvm33+Kj/+Jgvej7uImuo+
-LaOQcCiCUv/gwrqA/FnkiheKboF0JDFIh3UJzZ1T/Uqdjv+JcuZjvCc60AufVdm5
-0zQaj4aZ6PJHybyuU8qT0lQvm083q596yelHHgd7K3J/c8SsfRnTcnSUI8lo7/Hn
-N593dZ7kMIc+UNOdzQYSI8KBoNxqOyzuou/GTpaRe3XKADtdzXxy8jY58hwmolrV
-UU3Lfay3+bzdNLq0p/GCZ4B5NXkyivJxxiHDoOmHWAzg9pxOV8EYoyponhvF2t3i
-kc32y9OhqwUBDZXuiZgtd9W6d3EVcaY6vqOkQGxqDJuMiArC+Hk2qwkK7Mh5qDx6
-q/dVB6PdWr8sVO5J1phIV9u8m5rK7PGnmcDx4sS9eE3soa7gqkVb5H9SrOz/s/DD
-1G6BjakHtlizfJLQhhK9eTvDCUf3pvOhtNyX6OKGsPw1VB+UcC0+mnHnThrszIf9
-q/AXJnpoVUPP3Fr1eGCdLTluIc8lRwuYUH/LGdy88Vyx+joZ626a4cb63W2knQoV
-mQwz9Gwgm8RIZMLgZAXimazG8EUz/kz0z2C1Ux/wpii8yof9deLZBpMjt4R0uKhM
-VFd/Rdko+JspcfoQ9PttA/aZ7aTYu4bXHBpTpusjTOvWrf9/pC4CScqCJWsS3AlG
-BzTInw7fk96f7eVOF5g+d7lEOjPHb4/7naj3pDUlH7Htecq3faYzreT3CbqltvKt
-LBR3/aRyIM912RTHuTw+6acOq0vguiK+D62C7ZDVtiCm+BbtNNB/UJm79/OQ5mp5
-bTI0kPmDeycaWTa0Ojpum+c/dpG/iJOBDICj7jHOXSHT7JlGyX6aSFJUltucAnZv
-wzhPDmdDaIDiKSk85GqgdDWVfGosSCX9Ph/T3WpIxnwfWSDRtIHkWTjly+pe4yy5
-K6/XISy/L5Zh/fhiI5fjHjgzmlibs2ru4nVw6hBhUvlSSe2BEs5d9h/yNH8Wy3qv
-b2D3jh7hkepFtZJGNTHp8ZUC7Ns2JIpQYObsaxdI65i3mMOu7fRwI+0/4ejsWhP6
-KCEiLgwvLg0qM82ma6YB7qHAHboaczRVEffDcJUG4a5uycB0DoZFn+uEaEFyili2
-0hCn4hVfsqUQk2PT8Mo1tSl5e30xI1YJZrRgiJm9nHRX6fLizngP+ILJLPHZsPvl
-SVIfY+/v/FR8feKOjaGhyGF51BAxaM2NIQ4jMP5/X+U5gQybi0E6u7rroDhaHsKm
-CMgXqszwXWCpedA/sEbeHpiTC59YlPPSlIOMc9vPKo/mQCfWy/9icUaIfKQldvkl
-lUxxNkqu6AbIpHVscbAEzSPs5xbQXU8EZNNCDisFnnpY3nQ3eLnlm89saTJxRb7N
-WHRMlmPv7qgD7uMIq3vdOGA7i5wT9MeoNIgK1/DsgH30s6RWjJy4YyyLmRTXPzbj
-hbQVpEmiMRbEidIvUx2OjKVxVQIcgtLsa2lvHQ4XL1cpLr5GVtOgy0fMg5OCDUUD
-svjgjgLQ3P2Up2nVY5FM6/QpPc5DTLuuR9ekI2/c9Biz09RtcYDUQK2ajdo8h1Iy
-KqHFoB7h48OXxXKKY94DY0TGx6PonB/epj8orAw4QKmm5M0vXYwBOqRymCTHTqOJ
-GObdLx1euFFyqguzHJOU2gAGZI0z9Lg1yRuFyhdPZyuniIcmtLNxRZ1duYHErcAy
-X56qndmLXt7UVkATai/rIMuoJLfAsUnVuTUS5p7tJM754UZT7lTcXvDJgOUNnBRa
-IcxC3pxvbrYDJ2iFJ72xkxUP2p74gucqg25XnCVmQuLg6zDDxF6CLuw9isxyXg4p
-kneMN//7fpp8GYl9nyZm2yqYYM+jcw0fcVc64L+X4w/gL3H2UMGgxIHSJp7HIG7V
-KHtXrNyjdPXXPVUsMsAAimqOr0Lr2sZWirfuivLaPTqhbkvG5PF7K3gT80AOIcd/
-6EIHBy2hZ7ukfjHmdP4LyQOhTQklaKzGHI0mypq0uFLWJOUlZnVrMiLP1xrWkpC8
-Ro9eo6mfjjQ45z8adC43a47klwTEzvod3rNEFIGJJUEjAN3mbqie7IxoSJknBBJK
-0D9lZEQ8lZWlq7vuN8JdqPM6xh155jMVsPwjLK6Tzkj5BpRD9Tgm3u6HPeCRYQ3v
-ky71MaixdjTGbWTorqw+/wv3j0KstajivUjYsDTvZtMa9A/bxWyFQDvqOBxPWhwL
-770+iS0grXRgKrnD4V8wBDTgp4Je4B2aJjaIBPhKV5rrU8wIy1reZUbItRkIsSY/
-4jRQpHmaU7R8YRyNT2PxOZuNmrE0WqWguxTuhKLs6zQS1geR0BWsTFTI5z9kOJ7p
-8GN0tOYt0KZsT0k3COVtfKl1Nm6kaAs2EoYMiyRQAAzBlhrIjph9IgyQ0J4BhOeM
-64ZlnWawJcZex8wFHWx9QiP1R4aPAPyCr5RVUdf+h6gf+bR4nmmmqLf6dSWBz0O+
-liwL8WDQbYq5hv0H5Un5rgYzNBI9ESgW1CkH120uQFvsdr+GkZZMh2rNbR4CjmWX
-I3wU2+XYW7Yhwto2ZYU7r2AuNEpCimnR28U67ABUjp+8YOOnVaKCg1sVmXw36KJa
-bMo6OgbZktt7PVyVkKaz8k8mteEQww7FalXORDI3ffpVYeYaAxyNooIZJ4DaecRI
-ga6IJcyuQeUZ9ptgiwpwcUKja3Xe5fJk9/TNI9OS4PQSH3bCoL2m8DeC+usJR+j0
-yfduz54pYqYOWlyzyYOfTfagiD7OtCEh24ypdWfd6/N5UzcHkwE4Yy+DnX9JeDtH
-4wL/jreO5BARv0hV78hgac7/+hab2XD/fvsB/+of4Wc3TahsnDUW96xAiz17lEc1
-DKQps76+ZUlCXWd30NlascM07v/zRjPaEKbtPCzmdJE3aIWXJFpgkevvKnGRTasJ
-qTavq5rtcPC7WpTZFPf6o+NPVG7FDahOUfIaQo8xkYJFz4JJbPlp54KYdlXB1vec
-Lxil+y6MyJirKAt65DzamMq5HsMgoaad9w4t2/kX4STZbLLQP3yJKCT5qhAZguEv
-2WVTXemfbW5GwNjm4ZxeIjDUgRMWVN2AQ0S/x+61m4mx6Cunt+YVfI2g3IU3LKl4
-OszpmpHi8rEWODe0op5WmTD9bgQCSXMzGY2JrMY0MEeydhXevA+Upr4d54TZjGew
-rAYsI2BFhRdNomTjrW9LXrTPd2+H+Yt91nsxgKSY7ds0TcQtQMDDthCRK6j26PN0
-Uq170sLfiyOD1857HdOECDljnSfBibjMGYYzvISovw7pCCczq0gMVL1evINos3Nw
-aExaoy+HM7qwL8ADZZ8uDBLnXsKnTciQlBaob2rDnb4T4YC2mKgl9zMSGW/0GuGO
-2126BFKMmsbxJhVgTjMbcC6vl40GgZoAsg4c60/Dz4mi9CYhZwWhon9ZC6CUWta1
-7DnUgroXxGIcA4FVq9k65lw7u1X7l6dV+t453Stfxk7LiFiYeGYXWE6utY6f4R4T
-RJgqidc3TUEz3EywrzQKaZxj01Bo8GzCUYNVSdijIgVh+aCafLcnyAMTLlhXbWi2
-G0Ujg12zgLIT1SvCQGPA0A5M6mgkwJC030kQLfcmOkm1KTLEb+8WvJzGTSQScyU/
-W/8DY4IjiYGhriTJFdoPw19o3z9z6zDP0m58+3nTkVx49T2uV00/JxuTEtBbmYL3
-r3at6P4FVQM/mQijh90oTM2b36dNZUl+YGiU35ZlOnHTcLZ9smeiEnBezq41HgPY
-hKElUfXUHAPuJQd0QBtyzMHJ8V2N+Q+/jzCcxyGXRXEp6vp9NwAmNvxP099Yoo0R
-9va72BxiPpj/4nmLOOYquH01qOotR6H3li3T9H1+8Vt1ztP4VmBYsAcSruusIQG0
-YWom91yTb3rVbNuU6GF8og6YxvnHeawjHovLBkMEwY/WXodFEaHjFtYp0z9Cbwpj
-FK2YAAAAAA==
------END PKCS7-----
Index: crypto/openssl/crypto/pkcs7/t/msie-s-a-e
===================================================================
--- crypto/openssl/crypto/pkcs7/t/msie-s-a-e (revision 279126)
+++ crypto/openssl/crypto/pkcs7/t/msie-s-a-e (working copy)
@@ -1,91 +0,0 @@
-
-MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV
-BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k
-aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABECjscaS
-G0U299fqiEAgTqTFQBp8Ai6zzjl557cVb3k6z4QZ7CbqBjSXAjLbh5e7S5Hd/FrFcDnxl1Ka06ha
-VHGPMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE
-BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
-UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG
-SIb3DQEBAQUABECsyHXZ1xaiv0UQRvOmVYsaF38AL2XX75wxbCsz5/wOg7g3RP4aicZxaR4sBog0
-f2G1o9om/hu+A0rIYF/L4/GUMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQIsozQrnwj
-cc2ggASCBAAQz/LPoJe/+iYWeTwSebz6Q9UeKZzQ2UWm7GLtEM3s3c9SCvpmkwIRdEhLjWaBJMyI
-DiL7t1I1vMf9inB8LXgAcIEYkpNScjS8ERA9Ebb7ieNKSBg7w7B8ATHFxLSlDADqRgoZrB1Ctfgf
-ximp3EgxTgnhtyQhZxXW7kBQyFRwumplrJXOp7albP7IothrOKncw30IJT1fwPxWNMItI9juXF0U
-CbWVSjPzGBo4+XNXMvUO6MplOQEz/ywEQ9E8OZAQex1Zw9qq5ppsXB2pMsYV5sLJGikukMYKquiz
-3YK+tN6J8ahLcDUs+VGwqvZi17gpBTlbEP+ZmXJpnO63t1yTEB0V5AZcRKWUOhzlCBM5YUagqNoY
-cpsmSvOK6bYzkUKOrzWpDCAtGZ/Dvul5dTZZmxs2WpM+iyeHXMxO3huy8K1brPTqt1f1sHhuq1jD
-1eXedaCjIgUW9qV18vNAQCof/Yb6T/1fxztf/jD7pPLQJ+7LJkKCAEHGcaizpoKqhYcttaEhLq1G
-O+Ohqf7yFegMdTJ3wwP324w5ZYSU5fLo2Z34/Edf6EGvXyTIqVfAmEBALd6JGVdN5GlYYTxrL+eO
-P80Z4ao4YKoxwEmRp5bmQsQ8B29QhOFKmC6eiG5B96qLMtp7Zmu1grDNxTd6OXShWVwYARD0/B1P
-Sy0PAfk9Gb4fAkO9fZJDQYZ7s0mM5iOPEeSR7820TolOb+KfRabLA9d714jsc2jEykKlpP66Bh4j
-aCsyqJ0uUQcE8SnzrKAqGwgWiCGQpiTa+HBiP6eRlRGOKQj5Y06vcNx6Ija4cGe6+yCN8HV8tCY0
-okZK98NQCl5t79R/ZB2c3NvBJH+/g3ulU48ikT3tVmDxE3mOZofZyGFEM99P+YCMScLDxTl3hzGy
-0YkI8U855P7qOAbcFfh2T5n+LSELwLhbkymEfZT917GWTfmypBWMvJx0WHeDhKwQYPdzbKgWETnc
-yeKasaCW+oLdhBwrd6Ws2r4MA8cwiYXDLbwYmCxJA8VF++8kubF2HJOjSyMBS+QT2PSV/0D9UWoi
-Vfk7R4OvWBJVvq7nV+lXS0O5igjExxlmx1OaBfg7+Cr/MbK4zVNrKSJn82NnKKt6LC6RaTmvFYay
-0sDFxQ7Xo+Th6tDNKmKWJt6Kegfjc+qTWJTKb3kL+UI8vS0zTLy1+M/rZ4ekos/JiS5rYIcAswvg
-58kBgp/0rc6upBeWjBaK5O0aLAeBQfLulo1axWX04OSVKmYeoAltyR6UO9ME3acurQyg7Ta24yqO
-whi/PrIaEiO7dsWvFtzsshVzBLic02NlAkPkMUzliPYnZHWQglDAVxL5K2qhvK1OFCkQpIgBsBDM
-6KYRL/mkBIIEALIl927rIkaN37/BQIcxLcSa05YfC0Hl3mxWESt1A0D4lA37A9S8EbYmDfAYlMc0
-3HhZGdZEtawfpJFyDHzNZceNWBch6nxeNZCY4YFdsbzuGS0RKpwNA9S/czOJ4p9ymBCxuhGepI3U
-PKbC8C749Www1/wMdAot1n+K7M/PBGR8hWmaH5SS7U3yMwAB1fq2NDjx4ur+Um+MclSdN01MDXzG
-EO+eAo1pdAY8479234l8dB2YVAhZ1ZlJ4KmbqMKJrGJXnQUEYS6/cTDRjsUocsoW7uGg1ci2GiHa
-qjlkfpBfie3SdhFW/K8hwAH0HALs56oFN66wUkP/AaJAPfIUNhR6RpHKzZ9zCC42oB2mNawQRMnF
-ETBl1s/SwMxLKRp7jAfKs4NZxSY6I9z/2dTpzS3tsHMjxVDuxkolvRNWBILEMeL1CBvip2HhmoUw
-/Sz5NDgyzk1aQLV6DQNJ2RZLMZDRCtSwZSBu6lhhSgTJGazP0+NbqXXC5aQTrqrFIcWyDXz+ADle
-kszzYM/gSaQTCALTwfDDaU9Ek3xVgW+XBtExtJ3U+0AN3l0j86rUIdIvp6eWdxWQqv9LtpoorKMD
-KfUc5PYV09Z1JgsT4X51Zzq+74l5dz7udIM7UNbdTpmRm9PDj3TUbGCvNR9hqOEGTLbkvb1ZR24a
-h6uGRl2znB25IpDAGRhNRb9is/pO2tvHwHTDMOjrgvZG/pNvXgSUxz0pRjUjXIcqBe2X2gcQfeal
-r8gY76o83WEGL6ODryV9vTQVHt52+izgpYoBZaVlpgqbZl54c+OE0Zxf9RwXwDbcYu5Ku5E0MPL0
-qUjc0y2+Y6E4P5bAWaZGMGT+ORkyVUzcaWmM/+XlO7PER5wrWlCIMZCX1L/nvioY0q0CKqALn7DJ
-QU+qenbwrb6uwS7uNZY6V86s0aDYpU7yRyqxC5SbuyNJb02gdxUCgpIscFaMUjMVRml4M4BIjX/b
-U+HgHoVMUm8SnN9gRcT2izPrgOGVcMTJjfenzoCKoCPo9RjgGMctgB4DvKamErNU7OrilIfuoqzE
-PNSeP9SPw/zkDmNvMebM499We9CVnsHUWqF00/ZJWoua77+0f1bLS/tmci1JBvIcMo/4SJvgH+KF
-o0gijP9gqAPd5iCOnpnJlHUqRIym42SmyKEDuzdSwXKjAR6j7uXda39JyMJr8gGzEsu0jYRkAmj1
-YdiqwKXUcLMkcj1AKeU/PxTUVw0YKsv/rowrPYww3xQUWqNivrXB7GCHE3BzsYNdHsmziaGIXQbA
-+EBHdkuKrM8BcC+fxhF/l/KUxngsD1E75IcUv8zFDF+sk4CBYHqks9S4JYlcubuizqsILbdGzIMN
-Z7w34k0XT+sEggQAyzr8MHeIJGsT+AYnZr08PeTbyr01JEoT7lPYT6PzX4F63QKKDl+mB+PwLMzY
-CXrxZcUmuay6/MV8w/f5T6vQXdoSw5puWodBYwVReYh1IaEN+jiTapm9YBVmcIsJPO6abHowknSV
-OWSvST0AtAX57fFOTckm+facfBK9s9T1lUUgF44Bh5e8f9qKqfOV44nqdCOEyUm0Dao497ieN4Eg
-XBLNvOZY9+irMiXjp0lcyFvhrJOczfyCr9EiiaiH1TfSzKGKsf2W84iKn/JH6x2eOo7xjwJ40BQD
-c6S1cUNEuqBhP6by0FioOXYOKVyifpxk84Eb+F/4CNdTJTvCPwsiegdfsX/Q53DvKVtXp9Ycam5J
-TmKRHXK/bMHF4ONv3p/O/kn/BqRx+fbbP2eMX8Z1F/ltHKfp6B+06HljUwQLBJs9XtCfqH5Zgdz9
-gad5WZF5ykFArmHDgeFlgggvbZ7z9vqnjN/TH68TxJzauYQ5vLHQ6wGXik4/4uq7/TqNmhxlQEM4
-zVkwsn203bUmKLyz+yl1zItDpn5zy1uXfGo99rBdUzdbdE9LmEFPMaFsaHd4a8oDaUroD7FgCbeD
-JJVld3ac6F8+3QbExPs48OrgA1kI3/UwXr52ldjiYzTLfAGR9BjqNFTw45FUHuMf8TEM5hcHx56w
-95eKAqraDk28o9k+M2UKpcmrdlWoWzdqVVFeWGpM8x9Y9Nt0lf/4VUQgrXjqTkUCQkJyqTeTeGgH
-rn3QBk2XAgpxZhaJs3InW0BkAlBmK99cMinUiJeFt5a4p5wPeXrVuh6V9m7Mpl9hzpogg++EZqah
-fzzNnDgxOZfW342DX052PdgXo0NnkhCk005LvFt6M2mRn0fLgNVfyUZZoOp8cO5ZWbhXXlrhrgUt
-j2zKPK6Q94Zj4kdXHBGpAkrB8ZQ4EGGODE0Dqusm8WPXzB+9236IMHPU7lFbyjBrFNI7O4jg+qRI
-Ipi+7tX0FsilqEbmjG+OPwhZXrdqUqyF+rjKQuSRq7lOeDB4c6S2dq4OOny01i5HCbbyc9UvSHRm
-hOhGqUlzHyHLo3W7j+26V/MhkDXJ+Tx+qfylv4pbliwTteJJj+CZwzjv29qb6lxYi+38Bw10ERap
-m8UCRFBecVN7xXlcIfyeAl666Vi7EBJZv3EdFNrx1nlLwM65nYya7uj6L7IwJWotIUx8E0XH0/cU
-xS/dG8bxf9L/8652h5gq3LI+wTNGuEX0DMuz7BGQG+NtgabrZ6SsKGthGa7eULTpz0McWTLRU0y/
-/tkckpm5pDnXSFbIMskwwjECz82UZBSPpigdN/Pjg5d+0yWu7s3VJxw4ENWPPpzZ+j7sOXmdvn9P
-O1tQd60EO+3awASCBAAZQvWV3/yJ6FxPttbP+qeURpJoPEZfpN2UYZmd8HqtR0YbaOZ6Rln9nvpd
-K9fylXdw9z2xeCbjDWUttJB4VqZxGJM8eCTC1VDVyAOsQ5n7SY55dMkQbU+o4Z/4J5m8+wz50BBI
-LfruL1eZ6/CF6CdvxVRiJ10sXc0Tn2sVMXqkw7Adp1GYoCI9c6VFSFK74+n+y7LVFQ5HBnbQyKJc
-dvdLOXwZOPaFHC5UNXRmOpcwdPqyXUe+xIsOMYbzdlAnI9eGDNeRDktUa/Rh0CbZCxjmJzoZEYOE
-ZjsYZlEfp1Kb61t8z4m28hGLEg88T1Ihmxa2HeUWes1RpmgIOP+/2Lb3smj/l/fpSu4gabFgyCAV
-H5HdCYMScUv8SVu55+tpeO8ELoHHQUXV4rr084O4budzhgNSOPyLGDl5sfDUXiyusPCxS4JVO/KY
-6V2Qrtg/q2wtmXpEkZnGT+Qi3WDzwt4W81alztnYMP17oGLmxX71KV9OEiMZjI4WaaGt+OOINLtR
-qefioZ1NI2L1s5M0tybwTsyU9WERM+3pUwXIfJVsbMZRlNaO2OogcHbaR4UWvhOj+3CTG1sThiYQ
-MxMnp1Rpqx3nhyzqLO3TRrkYvxnA3cdPBn9EeqpgBMg7X3hCiMV3Fl5cj/WOMhtHYgY7BgeCXo46
-EFVZ4+WroGZ46xGiRDiIblo8bzLd7QCxvukzxy3mUDgsZQ8pds4N28weSUhBk5MAPbfBpRvXUVJx
-MhKqXucQU1Md1qSGLbuuIQuz9pAGp1JFUx/vEkCgm74daSoVWCZuB+1ZE4f48clvrBj51xMNf8CP
-EFE7vySzVb6X2H1i5X3Z+Y3DdIcWw4Y2FClfcJk4Mwq8Cq2GALGFEge9YSEE9YmyuU6OFeU0ICon
-iXAgZ72SM8fBwJPruLFbdsNYKW+oAfmPisXSWMcZmdSbfk0GYv+vKtu3eegSbWw1UsCVtZOh9E5Z
-uQ83l59CBqO9sV/SFU3WrrJ0qNWxrmXu9nJn5Qf5iCRoFGYNHYHkIG5FS6N00GEDZxGkxmro2d++
-Adj5LVHc/b1cYWmrux+jEqI8ZK8cyTB0XMbBA/HYbx9NXazr7znP4/Mlv3pZToEcYt+lgLHAArtU
-AdhybhbLIwNMq0gr6EwtDklBa3ns4Wx/rJU8H7LGs6gV8uqeaSketv+nz+sQhfctxZ1rx+5qzXfy
-FOQVpO23KDQunBi1Bl9k61Di4q9JWcyADBXPHXJzp7mL8Fk7zdvMAEfuED1phdRm6GgDYoYUs4yQ
-IrhSjFlWyk7hT8475xk3BIv++obvWSAv/3+pF6A6U2RXDChVmnG0JnPa9wYYtdzBmLfZKBjX+DjD
-yEMsuhPsCzuN4R6tBIIBWCVRKmKwdkatmpsQBgDw48u0/Arffl5/DRlS9ee+QffFecUitDdCK+kt
-X5L2fGYrL5g6SltncMIeV1ptx4nuSjC/O944q1KYtqvQiPFWJqEXIRMNbbYOC47sjLza0tEFrimN
-wxcrWGSzsy5R9beFQ1aHPcMrDWfCoviNRk2qPtxuKIC5Qk2ZuOmJLjCiLwUGEb0/1Mpzv3MqQa7d
-mRayXg3DZWJPajxNZv6eS357ElMvwGQmqafb2mlQJwWLsg9m9PG7uqEoyrqSc6MiuY+icLEFib9j
-OfRQrx70rTSKUfTr4MtP0aZZAefjCrpVIyTekhFDOk0Nmx057eonlyGgmGpl5/Uo+t1J1Z11Ya/l
-bNbfmebRISJeTVW0I8FhseAZMI1GSwp/ludJxSLYOgyRkh+GX134MexNo7O9F1SxLCfWaSG9Fc3s
-5ify04ua9/t8SGrYZPm/l3MkAAAAAAAAAAAAAA==
-
-
Index: crypto/openssl/crypto/pkcs7/t/msie-s-a-e.pem
===================================================================
--- crypto/openssl/crypto/pkcs7/t/msie-s-a-e.pem (revision 279126)
+++ crypto/openssl/crypto/pkcs7/t/msie-s-a-e.pem (working copy)
@@ -1,106 +0,0 @@
------BEGIN PKCS7-----
-MIAGCSqGSIb3DQEHA6CAMIITUAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ
-bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT
-aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ
-uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQKOxxpIbRTb31+qIQCBOpMVAGnwCLrPO
-OXnntxVveTrPhBnsJuoGNJcCMtuHl7tLkd38WsVwOfGXUprTqFpUcY8wgfACAQAw
-gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
-EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT
-GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW
-QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQKzIddnXFqK/RRBG86ZVixoXfwAv
-ZdfvnDFsKzPn/A6DuDdE/hqJxnFpHiwGiDR/YbWj2ib+G74DSshgX8vj8ZQwghGD
-BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECLKM0K58I3HNgIIRWBDP8s+g
-l7/6JhZ5PBJ5vPpD1R4pnNDZRabsYu0Qzezdz1IK+maTAhF0SEuNZoEkzIgOIvu3
-UjW8x/2KcHwteABwgRiSk1JyNLwRED0RtvuJ40pIGDvDsHwBMcXEtKUMAOpGChms
-HUK1+B/GKancSDFOCeG3JCFnFdbuQFDIVHC6amWslc6ntqVs/sii2Gs4qdzDfQgl
-PV/A/FY0wi0j2O5cXRQJtZVKM/MYGjj5c1cy9Q7oymU5ATP/LARD0Tw5kBB7HVnD
-2qrmmmxcHakyxhXmwskaKS6Qxgqq6LPdgr603onxqEtwNSz5UbCq9mLXuCkFOVsQ
-/5mZcmmc7re3XJMQHRXkBlxEpZQ6HOUIEzlhRqCo2hhymyZK84rptjORQo6vNakM
-IC0Zn8O+6Xl1NlmbGzZakz6LJ4dczE7eG7LwrVus9Oq3V/WweG6rWMPV5d51oKMi
-BRb2pXXy80BAKh/9hvpP/V/HO1/+MPuk8tAn7ssmQoIAQcZxqLOmgqqFhy21oSEu
-rUY746Gp/vIV6Ax1MnfDA/fbjDllhJTl8ujZnfj8R1/oQa9fJMipV8CYQEAt3okZ
-V03kaVhhPGsv544/zRnhqjhgqjHASZGnluZCxDwHb1CE4UqYLp6IbkH3qosy2ntm
-a7WCsM3FN3o5dKFZXBgBEPT8HU9LLQ8B+T0Zvh8CQ719kkNBhnuzSYzmI48R5JHv
-zbROiU5v4p9FpssD13vXiOxzaMTKQqWk/roGHiNoKzKonS5RBwTxKfOsoCobCBaI
-IZCmJNr4cGI/p5GVEY4pCPljTq9w3HoiNrhwZ7r7II3wdXy0JjSiRkr3w1AKXm3v
-1H9kHZzc28Ekf7+De6VTjyKRPe1WYPETeY5mh9nIYUQz30/5gIxJwsPFOXeHMbLR
-iQjxTznk/uo4BtwV+HZPmf4tIQvAuFuTKYR9lP3XsZZN+bKkFYy8nHRYd4OErBBg
-93NsqBYROdzJ4pqxoJb6gt2EHCt3pazavgwDxzCJhcMtvBiYLEkDxUX77yS5sXYc
-k6NLIwFL5BPY9JX/QP1RaiJV+TtHg69YElW+rudX6VdLQ7mKCMTHGWbHU5oF+Dv4
-Kv8xsrjNU2spImfzY2coq3osLpFpOa8VhrLSwMXFDtej5OHq0M0qYpYm3op6B+Nz
-6pNYlMpveQv5Qjy9LTNMvLX4z+tnh6Siz8mJLmtghwCzC+DnyQGCn/Stzq6kF5aM
-Fork7RosB4FB8u6WjVrFZfTg5JUqZh6gCW3JHpQ70wTdpy6tDKDtNrbjKo7CGL8+
-shoSI7t2xa8W3OyyFXMEuJzTY2UCQ+QxTOWI9idkdZCCUMBXEvkraqG8rU4UKRCk
-iAGwEMzophEv+aSyJfdu6yJGjd+/wUCHMS3EmtOWHwtB5d5sVhErdQNA+JQN+wPU
-vBG2Jg3wGJTHNNx4WRnWRLWsH6SRcgx8zWXHjVgXIep8XjWQmOGBXbG87hktESqc
-DQPUv3MzieKfcpgQsboRnqSN1DymwvAu+PVsMNf8DHQKLdZ/iuzPzwRkfIVpmh+U
-ku1N8jMAAdX6tjQ48eLq/lJvjHJUnTdNTA18xhDvngKNaXQGPOO/dt+JfHQdmFQI
-WdWZSeCpm6jCiaxiV50FBGEuv3Ew0Y7FKHLKFu7hoNXIthoh2qo5ZH6QX4nt0nYR
-VvyvIcAB9BwC7OeqBTeusFJD/wGiQD3yFDYUekaRys2fcwguNqAdpjWsEETJxREw
-ZdbP0sDMSykae4wHyrODWcUmOiPc/9nU6c0t7bBzI8VQ7sZKJb0TVgSCxDHi9Qgb
-4qdh4ZqFMP0s+TQ4Ms5NWkC1eg0DSdkWSzGQ0QrUsGUgbupYYUoEyRmsz9PjW6l1
-wuWkE66qxSHFsg18/gA5XpLM82DP4EmkEwgC08Hww2lPRJN8VYFvlwbRMbSd1PtA
-Dd5dI/Oq1CHSL6enlncVkKr/S7aaKKyjAyn1HOT2FdPWdSYLE+F+dWc6vu+JeXc+
-7nSDO1DW3U6ZkZvTw4901GxgrzUfYajhBky25L29WUduGoerhkZds5wduSKQwBkY
-TUW/YrP6Ttrbx8B0wzDo64L2Rv6Tb14ElMc9KUY1I1yHKgXtl9oHEH3mpa/IGO+q
-PN1hBi+jg68lfb00FR7edvos4KWKAWWlZaYKm2ZeeHPjhNGcX/UcF8A23GLuSruR
-NDDy9KlI3NMtvmOhOD+WwFmmRjBk/jkZMlVM3GlpjP/l5TuzxEecK1pQiDGQl9S/
-574qGNKtAiqgC5+wyUFPqnp28K2+rsEu7jWWOlfOrNGg2KVO8kcqsQuUm7sjSW9N
-oHcVAoKSLHBWjFIzFUZpeDOASI1/21Ph4B6FTFJvEpzfYEXE9osz64DhlXDEyY33
-p86AiqAj6PUY4BjHLYAeA7ymphKzVOzq4pSH7qKsxDzUnj/Uj8P85A5jbzHmzOPf
-VnvQlZ7B1FqhdNP2SVqLmu+/tH9Wy0v7ZnItSQbyHDKP+Eib4B/ihaNIIoz/YKgD
-3eYgjp6ZyZR1KkSMpuNkpsihA7s3UsFyowEeo+7l3Wt/ScjCa/IBsxLLtI2EZAJo
-9WHYqsCl1HCzJHI9QCnlPz8U1FcNGCrL/66MKz2MMN8UFFqjYr61wexghxNwc7GD
-XR7Js4mhiF0GwPhAR3ZLiqzPAXAvn8YRf5fylMZ4LA9RO+SHFL/MxQxfrJOAgWB6
-pLPUuCWJXLm7os6rCC23RsyDDWe8N+JNF0/ryzr8MHeIJGsT+AYnZr08PeTbyr01
-JEoT7lPYT6PzX4F63QKKDl+mB+PwLMzYCXrxZcUmuay6/MV8w/f5T6vQXdoSw5pu
-WodBYwVReYh1IaEN+jiTapm9YBVmcIsJPO6abHowknSVOWSvST0AtAX57fFOTckm
-+facfBK9s9T1lUUgF44Bh5e8f9qKqfOV44nqdCOEyUm0Dao497ieN4EgXBLNvOZY
-9+irMiXjp0lcyFvhrJOczfyCr9EiiaiH1TfSzKGKsf2W84iKn/JH6x2eOo7xjwJ4
-0BQDc6S1cUNEuqBhP6by0FioOXYOKVyifpxk84Eb+F/4CNdTJTvCPwsiegdfsX/Q
-53DvKVtXp9Ycam5JTmKRHXK/bMHF4ONv3p/O/kn/BqRx+fbbP2eMX8Z1F/ltHKfp
-6B+06HljUwQLBJs9XtCfqH5Zgdz9gad5WZF5ykFArmHDgeFlgggvbZ7z9vqnjN/T
-H68TxJzauYQ5vLHQ6wGXik4/4uq7/TqNmhxlQEM4zVkwsn203bUmKLyz+yl1zItD
-pn5zy1uXfGo99rBdUzdbdE9LmEFPMaFsaHd4a8oDaUroD7FgCbeDJJVld3ac6F8+
-3QbExPs48OrgA1kI3/UwXr52ldjiYzTLfAGR9BjqNFTw45FUHuMf8TEM5hcHx56w
-95eKAqraDk28o9k+M2UKpcmrdlWoWzdqVVFeWGpM8x9Y9Nt0lf/4VUQgrXjqTkUC
-QkJyqTeTeGgHrn3QBk2XAgpxZhaJs3InW0BkAlBmK99cMinUiJeFt5a4p5wPeXrV
-uh6V9m7Mpl9hzpogg++EZqahfzzNnDgxOZfW342DX052PdgXo0NnkhCk005LvFt6
-M2mRn0fLgNVfyUZZoOp8cO5ZWbhXXlrhrgUtj2zKPK6Q94Zj4kdXHBGpAkrB8ZQ4
-EGGODE0Dqusm8WPXzB+9236IMHPU7lFbyjBrFNI7O4jg+qRIIpi+7tX0FsilqEbm
-jG+OPwhZXrdqUqyF+rjKQuSRq7lOeDB4c6S2dq4OOny01i5HCbbyc9UvSHRmhOhG
-qUlzHyHLo3W7j+26V/MhkDXJ+Tx+qfylv4pbliwTteJJj+CZwzjv29qb6lxYi+38
-Bw10ERapm8UCRFBecVN7xXlcIfyeAl666Vi7EBJZv3EdFNrx1nlLwM65nYya7uj6
-L7IwJWotIUx8E0XH0/cUxS/dG8bxf9L/8652h5gq3LI+wTNGuEX0DMuz7BGQG+Nt
-gabrZ6SsKGthGa7eULTpz0McWTLRU0y//tkckpm5pDnXSFbIMskwwjECz82UZBSP
-pigdN/Pjg5d+0yWu7s3VJxw4ENWPPpzZ+j7sOXmdvn9PO1tQd60EO+3awBlC9ZXf
-/InoXE+21s/6p5RGkmg8Rl+k3ZRhmZ3weq1HRhto5npGWf2e+l0r1/KVd3D3PbF4
-JuMNZS20kHhWpnEYkzx4JMLVUNXIA6xDmftJjnl0yRBtT6jhn/gnmbz7DPnQEEgt
-+u4vV5nr8IXoJ2/FVGInXSxdzROfaxUxeqTDsB2nUZigIj1zpUVIUrvj6f7LstUV
-DkcGdtDIolx290s5fBk49oUcLlQ1dGY6lzB0+rJdR77Eiw4xhvN2UCcj14YM15EO
-S1Rr9GHQJtkLGOYnOhkRg4RmOxhmUR+nUpvrW3zPibbyEYsSDzxPUiGbFrYd5RZ6
-zVGmaAg4/7/YtveyaP+X9+lK7iBpsWDIIBUfkd0JgxJxS/xJW7nn62l47wQugcdB
-RdXiuvTzg7hu53OGA1I4/IsYOXmx8NReLK6w8LFLglU78pjpXZCu2D+rbC2ZekSR
-mcZP5CLdYPPC3hbzVqXO2dgw/XugYubFfvUpX04SIxmMjhZpoa3444g0u1Gp5+Kh
-nU0jYvWzkzS3JvBOzJT1YREz7elTBch8lWxsxlGU1o7Y6iBwdtpHhRa+E6P7cJMb
-WxOGJhAzEyenVGmrHeeHLOos7dNGuRi/GcDdx08Gf0R6qmAEyDtfeEKIxXcWXlyP
-9Y4yG0diBjsGB4JejjoQVVnj5augZnjrEaJEOIhuWjxvMt3tALG+6TPHLeZQOCxl
-Dyl2zg3bzB5JSEGTkwA9t8GlG9dRUnEyEqpe5xBTUx3WpIYtu64hC7P2kAanUkVT
-H+8SQKCbvh1pKhVYJm4H7VkTh/jxyW+sGPnXEw1/wI8QUTu/JLNVvpfYfWLlfdn5
-jcN0hxbDhjYUKV9wmTgzCrwKrYYAsYUSB71hIQT1ibK5To4V5TQgKieJcCBnvZIz
-x8HAk+u4sVt2w1gpb6gB+Y+KxdJYxxmZ1Jt+TQZi/68q27d56BJtbDVSwJW1k6H0
-Tlm5DzeXn0IGo72xX9IVTdausnSo1bGuZe72cmflB/mIJGgUZg0dgeQgbkVLo3TQ
-YQNnEaTGaujZ374B2PktUdz9vVxhaau7H6MSojxkrxzJMHRcxsED8dhvH01drOvv
-Oc/j8yW/ellOgRxi36WAscACu1QB2HJuFssjA0yrSCvoTC0OSUFreezhbH+slTwf
-ssazqBXy6p5pKR62/6fP6xCF9y3FnWvH7mrNd/IU5BWk7bcoNC6cGLUGX2TrUOLi
-r0lZzIAMFc8dcnOnuYvwWTvN28wAR+4QPWmF1GboaANihhSzjJAiuFKMWVbKTuFP
-zjvnGTcEi/76hu9ZIC//f6kXoDpTZFcMKFWacbQmc9r3Bhi13MGYt9koGNf4OMPI
-Qyy6E+wLO43hHq0lUSpisHZGrZqbEAYA8OPLtPwK335efw0ZUvXnvkH3xXnFIrQ3
-QivpLV+S9nxmKy+YOkpbZ3DCHldabceJ7kowvzveOKtSmLar0IjxViahFyETDW22
-DguO7Iy82tLRBa4pjcMXK1hks7MuUfW3hUNWhz3DKw1nwqL4jUZNqj7cbiiAuUJN
-mbjpiS4woi8FBhG9P9TKc79zKkGu3ZkWsl4Nw2ViT2o8TWb+nkt+exJTL8BkJqmn
-29ppUCcFi7IPZvTxu7qhKMq6knOjIrmPonCxBYm/Yzn0UK8e9K00ilH06+DLT9Gm
-WQHn4wq6VSMk3pIRQzpNDZsdOe3qJ5choJhqZef1KPrdSdWddWGv5WzW35nm0SEi
-Xk1VtCPBYbHgGTCNRksKf5bnScUi2DoMkZIfhl9d+DHsTaOzvRdUsSwn1mkhvRXN
-7OYn8tOLmvf7fEhq2GT5v5dzJAAAAAA=
------END PKCS7-----
Index: crypto/openssl/crypto/pkcs7/t/nav-smime
===================================================================
--- crypto/openssl/crypto/pkcs7/t/nav-smime (revision 279126)
+++ crypto/openssl/crypto/pkcs7/t/nav-smime (working copy)
@@ -1,157 +0,0 @@
-From angela@c2.net.au Thu May 14 13:32:27 1998
-X-UIDL: 83c94dd550e54329bf9571b72038b8c8
-Return-Path: angela@c2.net.au
-Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id NAA27838 for <tjh@cryptsoft.com>; Thu, 14 May 1998 13:32:26 +1000 (EST)
-Message-ID: <355A6779.4B63E64C@cryptsoft.com>
-Date: Thu, 14 May 1998 13:39:37 +1000
-From: Angela van Lent <angela@c2.net.au>
-X-Mailer: Mozilla 4.03 [en] (Win95; U)
-MIME-Version: 1.0
-To: tjh@cryptsoft.com
-Subject: signed
-Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms9A58844C95949ECC78A1C54C"
-Content-Length: 2604
-Status: OR
-
-This is a cryptographically signed message in MIME format.
-
---------------ms9A58844C95949ECC78A1C54C
-Content-Type: text/plain; charset=us-ascii
-Content-Transfer-Encoding: 7bit
-
-signed body
-
---------------ms9A58844C95949ECC78A1C54C
-Content-Type: application/x-pkcs7-signature; name="smime.p7s"
-Content-Transfer-Encoding: base64
-Content-Disposition: attachment; filename="smime.p7s"
-Content-Description: S/MIME Cryptographic Signature
-
-MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
-BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR
-BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv
-ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE
-AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow
-gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu
-ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG
-A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m
-dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh
-hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg
-hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP
-igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds
-syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG
-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
-ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB
-kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l
-MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
-TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB
-BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf
-mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s
-8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx
-ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP
-BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ
-REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB
-AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B
-CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG
-SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv
-BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA
-9CWR6g==
---------------ms9A58844C95949ECC78A1C54C--
-
-
-From angela@c2.net.au Thu May 14 13:33:16 1998
-X-UIDL: 8f076c44ff7c5967fd5b00c4588a8731
-Return-Path: angela@c2.net.au
-Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id NAA27847 for <tjh@cryptsoft.com>; Thu, 14 May 1998 13:33:15 +1000 (EST)
-Message-ID: <355A67AB.2AF38806@cryptsoft.com>
-Date: Thu, 14 May 1998 13:40:27 +1000
-From: Angela van Lent <angela@c2.net.au>
-X-Mailer: Mozilla 4.03 [en] (Win95; U)
-MIME-Version: 1.0
-To: tjh@cryptsoft.com
-Subject: signed
-Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------msD7863B84BD61E02C407F2F5E"
-Content-Length: 2679
-Status: OR
-
-This is a cryptographically signed message in MIME format.
-
---------------msD7863B84BD61E02C407F2F5E
-Content-Type: text/plain; charset=us-ascii
-Content-Transfer-Encoding: 7bit
-
-signed body 2
-
---------------msD7863B84BD61E02C407F2F5E
-Content-Type: application/x-pkcs7-signature; name="smime.p7s"
-Content-Transfer-Encoding: base64
-Content-Disposition: attachment; filename="smime.p7s"
-Content-Description: S/MIME Cryptographic Signature
-
-MIIGVgYJKoZIhvcNAQcCoIIGRzCCBkMCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
-BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR
-BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv
-ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE
-AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow
-gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu
-ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG
-A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m
-dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh
-hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg
-hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP
-igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds
-syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG
-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
-ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB
-kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l
-MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
-TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB
-BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf
-mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s
-8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx
-ggGzMIIBrwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP
-BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ
-REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB
-AgIEfjAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcN
-AQkFMQ8XDTk4MDUxNDAzNDAyN1owIwYJKoZIhvcNAQkEMRYEFOKcV8mNYJnM8rHQajcSEqJN
-rwdDMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMAcGBSsO
-AwIHMA0GCCqGSIb3DQMCAgFAMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABEADPE/N
-coH+zTFuX5YpolupTKxKK8eEjc48TuADuO8bIHHDE/fEYaWunlwDuTlcFJl1ig0idffPB1qC
-Zp8SSVVY
---------------msD7863B84BD61E02C407F2F5E--
-
-
-From angela@c2.net.au Thu May 14 14:05:32 1998
-X-UIDL: a7d629b4b9acacaee8b39371b860a32a
-Return-Path: angela@c2.net.au
-Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id OAA28033 for <tjh@cryptsoft.com>; Thu, 14 May 1998 14:05:32 +1000 (EST)
-Message-ID: <355A6F3B.AC385981@cryptsoft.com>
-Date: Thu, 14 May 1998 14:12:43 +1000
-From: Angela van Lent <angela@c2.net.au>
-X-Mailer: Mozilla 4.03 [en] (Win95; U)
-MIME-Version: 1.0
-To: tjh@cryptsoft.com
-Subject: encrypted
-Content-Type: application/x-pkcs7-mime; name="smime.p7m"
-Content-Transfer-Encoding: base64
-Content-Disposition: attachment; filename="smime.p7m"
-Content-Description: S/MIME Encrypted Message
-Content-Length: 905
-Status: OR
-
-MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
-A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
-ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEA92N29Yk39RUY2tIVd
-exGT2MFX3J6H8LB8aDRJjw7843ALgJ5zXpM5+f80QkAWwEN2A6Pl3VxiCeKLi435zXVyMIHw
-AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
-QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
-UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0G
-CSqGSIb3DQEBAQUABECR9IfyHtvnjFmZ8B2oUCEs1vxMsG0u1kxKE4RMPFyDqDCEARq7zXMg
-nzSUI7Wgv5USSKDqcLRJeW+jvYURv/nJMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
-oAQIrLqrij2ZMpeggAQoibtn6reRZWuWk5Iv5IAhgitr8EYE4w4ySQ7EMB6mTlBoFpccUMWX
-BwQgQn1UoWCvYAlhDzURdbui64Dc0rS2wtj+kE/InS6y25EEEPe4NUKaF8/UlE+lo3LtILQE
-CL3uV8k7m0iqAAAAAAAAAAAAAA==
-
Index: crypto/openssl/crypto/pkcs7/t/s.pem
===================================================================
--- crypto/openssl/crypto/pkcs7/t/s.pem (revision 279126)
+++ crypto/openssl/crypto/pkcs7/t/s.pem (working copy)
@@ -1,57 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
-mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
-fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
-zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
-p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
-bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
-IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
------END RSA PRIVATE KEY-----
-issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA
-subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com
-serial :047D
-
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1149 (0x47d)
- Signature Algorithm: md5withRSAEncryption
- Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA
- Validity
- Not Before: May 13 05:40:58 1998 GMT
- Not After : May 12 05:40:58 2000 GMT
- Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Modulus:
- 00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:
- 73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:
- 89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:
- fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:
- e7:e7:0c:4d:0b
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Netscape Comment:
- Generated with SSLeay
- Signature Algorithm: md5withRSAEncryption
- 52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:
- f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:
- d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:
- 50:74:ad:92:cb:4e:90:e5:fa:7d
-
------BEGIN CERTIFICATE-----
-MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV
-MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE
-ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E
-IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw
-NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
-UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0
-aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG
-9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf
-lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB
-hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA
-UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8
-4A3ZItobUHStkstOkOX6fQ==
------END CERTIFICATE-----
-
Index: crypto/openssl/crypto/pkcs7/t/server.pem
===================================================================
--- crypto/openssl/crypto/pkcs7/t/server.pem (revision 279126)
+++ crypto/openssl/crypto/pkcs7/t/server.pem (working copy)
@@ -1,57 +0,0 @@
-issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA
-subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com
-serial :047D
-
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1149 (0x47d)
- Signature Algorithm: md5withRSAEncryption
- Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA
- Validity
- Not Before: May 13 05:40:58 1998 GMT
- Not After : May 12 05:40:58 2000 GMT
- Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Modulus:
- 00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:
- 73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:
- 89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:
- fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:
- e7:e7:0c:4d:0b
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- Netscape Comment:
- Generated with SSLeay
- Signature Algorithm: md5withRSAEncryption
- 52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:
- f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:
- d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:
- 50:74:ad:92:cb:4e:90:e5:fa:7d
-
------BEGIN CERTIFICATE-----
-MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV
-MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE
-ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E
-IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw
-NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
-UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
-dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0
-aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG
-9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf
-lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB
-hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA
-UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8
-4A3ZItobUHStkstOkOX6fQ==
------END CERTIFICATE-----
-
------BEGIN RSA PRIVATE KEY-----
-MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
-mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
-fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
-zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
-p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
-bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
-IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
------END RSA PRIVATE KEY-----
Index: crypto/openssl/crypto/pkcs7/verify.c
===================================================================
--- crypto/openssl/crypto/pkcs7/verify.c (revision 279126)
+++ crypto/openssl/crypto/pkcs7/verify.c (working copy)
@@ -1,263 +0,0 @@
-/* crypto/pkcs7/verify.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include <string.h>
-#include <openssl/bio.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include "example.h"
-
-int verify_callback(int ok, X509_STORE_CTX *ctx);
-
-BIO *bio_err=NULL;
-BIO *bio_out=NULL;
-
-int main(argc,argv)
-int argc;
-char *argv[];
- {
- PKCS7 *p7;
- PKCS7_SIGNER_INFO *si;
- X509_STORE_CTX cert_ctx;
- X509_STORE *cert_store=NULL;
- BIO *data,*detached=NULL,*p7bio=NULL;
- char buf[1024*4];
- char *pp;
- int i,printit=0;
- STACK_OF(PKCS7_SIGNER_INFO) *sk;
-
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
- bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifndef OPENSSL_NO_MD2
- EVP_add_digest(EVP_md2());
-#endif
-#ifndef OPENSSL_NO_MD5
- EVP_add_digest(EVP_md5());
-#endif
-#ifndef OPENSSL_NO_SHA1
- EVP_add_digest(EVP_sha1());
-#endif
-#ifndef OPENSSL_NO_MDC2
- EVP_add_digest(EVP_mdc2());
-#endif
-
- data=BIO_new(BIO_s_file());
-
- pp=NULL;
- while (argc > 1)
- {
- argc--;
- argv++;
- if (strcmp(argv[0],"-p") == 0)
- {
- printit=1;
- }
- else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2))
- {
- detached=BIO_new(BIO_s_file());
- if (!BIO_read_filename(detached,argv[1]))
- goto err;
- argc--;
- argv++;
- }
- else
- {
- pp=argv[0];
- if (!BIO_read_filename(data,argv[0]))
- goto err;
- }
- }
-
- if (pp == NULL)
- BIO_set_fp(data,stdin,BIO_NOCLOSE);
-
-
- /* Load the PKCS7 object from a file */
- if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL,NULL)) == NULL) goto err;
-
- /* This stuff is being setup for certificate verification.
- * When using SSL, it could be replaced with a
- * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */
- cert_store=X509_STORE_new();
- X509_STORE_set_default_paths(cert_store);
- X509_STORE_load_locations(cert_store,NULL,"../../certs");
- X509_STORE_set_verify_cb_func(cert_store,verify_callback);
-
- ERR_clear_error();
-
- /* We need to process the data */
- if ((PKCS7_get_detached(p7) || detached))
- {
- if (detached == NULL)
- {
- printf("no data to verify the signature on\n");
- exit(1);
- }
- else
- p7bio=PKCS7_dataInit(p7,detached);
- }
- else
- {
- p7bio=PKCS7_dataInit(p7,NULL);
- }
-
- /* We now have to 'read' from p7bio to calculate digests etc. */
- for (;;)
- {
- i=BIO_read(p7bio,buf,sizeof(buf));
- /* print it? */
- if (i <= 0) break;
- }
-
- /* We can now verify signatures */
- sk=PKCS7_get_signer_info(p7);
- if (sk == NULL)
- {
- printf("there are no signatures on this data\n");
- exit(1);
- }
-
- /* Ok, first we need to, for each subject entry, see if we can verify */
- for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++)
- {
- ASN1_UTCTIME *tm;
- char *str1,*str2;
- int rc;
-
- si=sk_PKCS7_SIGNER_INFO_value(sk,i);
- rc=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
- if (rc <= 0)
- goto err;
- printf("signer info\n");
- if ((tm=get_signed_time(si)) != NULL)
- {
- BIO_printf(bio_out,"Signed time:");
- ASN1_UTCTIME_print(bio_out,tm);
- ASN1_UTCTIME_free(tm);
- BIO_printf(bio_out,"\n");
- }
- if (get_signed_seq2string(si,&str1,&str2))
- {
- BIO_printf(bio_out,"String 1 is %s\n",str1);
- BIO_printf(bio_out,"String 2 is %s\n",str2);
- }
-
- }
-
- X509_STORE_free(cert_store);
-
- printf("done\n");
- exit(0);
-err:
- ERR_load_crypto_strings();
- ERR_print_errors_fp(stderr);
- exit(1);
- }
-
-/* should be X509 * but we can just have them as char *. */
-int verify_callback(int ok, X509_STORE_CTX *ctx)
- {
- char buf[256];
- X509 *err_cert;
- int err,depth;
-
- err_cert=X509_STORE_CTX_get_current_cert(ctx);
- err= X509_STORE_CTX_get_error(ctx);
- depth= X509_STORE_CTX_get_error_depth(ctx);
-
- X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
- BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
- if (!ok)
- {
- BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
- X509_verify_cert_error_string(err));
- if (depth < 6)
- {
- ok=1;
- X509_STORE_CTX_set_error(ctx,X509_V_OK);
- }
- else
- {
- ok=0;
- X509_STORE_CTX_set_error(ctx,X509_V_ERR_CERT_CHAIN_TOO_LONG);
- }
- }
- switch (ctx->error)
- {
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
- BIO_printf(bio_err,"issuer= %s\n",buf);
- break;
- case X509_V_ERR_CERT_NOT_YET_VALID:
- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
- BIO_printf(bio_err,"notBefore=");
- ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
- BIO_printf(bio_err,"\n");
- break;
- case X509_V_ERR_CERT_HAS_EXPIRED:
- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
- BIO_printf(bio_err,"notAfter=");
- ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
- BIO_printf(bio_err,"\n");
- break;
- }
- BIO_printf(bio_err,"verify return:%d\n",ok);
- return(ok);
- }
Index: crypto/openssl/crypto/rsa/Makefile
===================================================================
--- crypto/openssl/crypto/rsa/Makefile (revision 279126)
+++ crypto/openssl/crypto/rsa/Makefile (working copy)
@@ -189,7 +189,7 @@ rsa_oaep.o: ../../include/openssl/opensslv.h ../..
rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
rsa_oaep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rsa_oaep.o: ../cryptlib.h rsa_oaep.c
+rsa_oaep.o: ../constant_time_locl.h ../cryptlib.h rsa_oaep.c
rsa_pk1.o: ../../e_os.h ../../include/openssl/asn1.h
rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -198,7 +198,8 @@ rsa_pk1.o: ../../include/openssl/lhash.h ../../inc
rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c
+rsa_pk1.o: ../../include/openssl/symhacks.h ../constant_time_locl.h
+rsa_pk1.o: ../cryptlib.h rsa_pk1.c
rsa_pss.o: ../../e_os.h ../../include/openssl/asn1.h
rsa_pss.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_pss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
Index: crypto/openssl/crypto/rsa/rsa.h
===================================================================
--- crypto/openssl/crypto/rsa/rsa.h (revision 279126)
+++ crypto/openssl/crypto/rsa/rsa.h (working copy)
@@ -479,6 +479,7 @@ void ERR_load_RSA_strings(void);
#define RSA_R_OAEP_DECODING_ERROR 121
#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142
#define RSA_R_PADDING_CHECK_FAILED 114
+#define RSA_R_PKCS_DECODING_ERROR 159
#define RSA_R_P_NOT_PRIME 128
#define RSA_R_Q_NOT_PRIME 129
#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
Index: crypto/openssl/crypto/rsa/rsa_eay.c
===================================================================
--- crypto/openssl/crypto/rsa/rsa_eay.c (revision 279126)
+++ crypto/openssl/crypto/rsa/rsa_eay.c (working copy)
@@ -457,7 +457,7 @@ static int RSA_eay_private_encrypt(int flen, const
if (padding == RSA_X931_PADDING)
{
BN_sub(f, rsa->n, ret);
- if (BN_cmp(ret, f))
+ if (BN_cmp(ret, f) > 0)
res = f;
else
res = ret;
Index: crypto/openssl/crypto/rsa/rsa_err.c
===================================================================
--- crypto/openssl/crypto/rsa/rsa_err.c (revision 279126)
+++ crypto/openssl/crypto/rsa/rsa_err.c (working copy)
@@ -151,6 +151,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"},
{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"},
+{ERR_REASON(RSA_R_PKCS_DECODING_ERROR) ,"pkcs decoding error"},
{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"},
{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"},
{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"},
Index: crypto/openssl/crypto/rsa/rsa_oaep.c
===================================================================
--- crypto/openssl/crypto/rsa/rsa_oaep.c (revision 279126)
+++ crypto/openssl/crypto/rsa/rsa_oaep.c (working copy)
@@ -18,6 +18,7 @@
* an equivalent notion.
*/
+#include "constant_time_locl.h"
#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
#include <stdio.h>
@@ -92,51 +93,62 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to
const unsigned char *from, int flen, int num,
const unsigned char *param, int plen)
{
- int i, dblen, mlen = -1;
- const unsigned char *maskeddb;
- int lzero;
- unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
- unsigned char *padded_from;
- int bad = 0;
+ int i, dblen, mlen = -1, one_index = 0, msg_index;
+ unsigned int good, found_one_byte;
+ const unsigned char *maskedseed, *maskeddb;
+ /* |em| is the encoded message, zero-padded to exactly |num| bytes:
+ * em = Y || maskedSeed || maskedDB */
+ unsigned char *db = NULL, *em = NULL, seed[EVP_MAX_MD_SIZE],
+ phash[EVP_MAX_MD_SIZE];
- if (--num < 2 * SHA_DIGEST_LENGTH + 1)
- /* 'num' is the length of the modulus, i.e. does not depend on the
- * particular ciphertext. */
+ if (tlen <= 0 || flen <= 0)
+ return -1;
+
+ /*
+ * |num| is the length of the modulus; |flen| is the length of the
+ * encoded message. Therefore, for any |from| that was obtained by
+ * decrypting a ciphertext, we must have |flen| <= |num|. Similarly,
+ * num < 2 * SHA_DIGEST_LENGTH + 2 must hold for the modulus
+ * irrespective of the ciphertext, see PKCS #1 v2.2, section 7.1.2.
+ * This does not leak any side-channel information.
+ */
+ if (num < flen || num < 2 * SHA_DIGEST_LENGTH + 2)
goto decoding_err;
- lzero = num - flen;
- if (lzero < 0)
+ dblen = num - SHA_DIGEST_LENGTH - 1;
+ db = OPENSSL_malloc(dblen);
+ em = OPENSSL_malloc(num);
+ if (db == NULL || em == NULL)
{
- /* signalling this error immediately after detection might allow
- * for side-channel attacks (e.g. timing if 'plen' is huge
- * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal
- * Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001),
- * so we use a 'bad' flag */
- bad = 1;
- lzero = 0;
- flen = num; /* don't overflow the memcpy to padded_from */
- }
-
- dblen = num - SHA_DIGEST_LENGTH;
- db = OPENSSL_malloc(dblen + num);
- if (db == NULL)
- {
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
- return -1;
+ goto cleanup;
}
- /* Always do this zero-padding copy (even when lzero == 0)
- * to avoid leaking timing info about the value of lzero. */
- padded_from = db + dblen;
- memset(padded_from, 0, lzero);
- memcpy(padded_from + lzero, from, flen);
+ /*
+ * Always do this zero-padding copy (even when num == flen) to avoid
+ * leaking that information. The copy still leaks some side-channel
+ * information, but it's impossible to have a fixed memory access
+ * pattern since we can't read out of the bounds of |from|.
+ *
+ * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL.
+ */
+ memset(em, 0, num);
+ memcpy(em + num - flen, from, flen);
- maskeddb = padded_from + SHA_DIGEST_LENGTH;
+ /*
+ * The first byte must be zero, however we must not leak if this is
+ * true. See James H. Manger, "A Chosen Ciphertext Attack on RSA
+ * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001).
+ */
+ good = constant_time_is_zero(em[0]);
+ maskedseed = em + 1;
+ maskeddb = em + 1 + SHA_DIGEST_LENGTH;
+
MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
for (i = 0; i < SHA_DIGEST_LENGTH; i++)
- seed[i] ^= padded_from[i];
-
+ seed[i] ^= maskedseed[i];
+
MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
for (i = 0; i < dblen; i++)
db[i] ^= maskeddb[i];
@@ -143,38 +155,52 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to
EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL);
- if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
+ good &= constant_time_is_zero(CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH));
+
+ found_one_byte = 0;
+ for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
+ {
+ /* Padding consists of a number of 0-bytes, followed by a 1. */
+ unsigned int equals1 = constant_time_eq(db[i], 1);
+ unsigned int equals0 = constant_time_is_zero(db[i]);
+ one_index = constant_time_select_int(~found_one_byte & equals1,
+ i, one_index);
+ found_one_byte |= equals1;
+ good &= (found_one_byte | equals0);
+ }
+
+ good &= found_one_byte;
+
+ /*
+ * At this point |good| is zero unless the plaintext was valid,
+ * so plaintext-awareness ensures timing side-channels are no longer a
+ * concern.
+ */
+ if (!good)
goto decoding_err;
+
+ msg_index = one_index + 1;
+ mlen = dblen - msg_index;
+
+ if (tlen < mlen)
+ {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
+ mlen = -1;
+ }
else
{
- for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
- if (db[i] != 0x00)
- break;
- if (i == dblen || db[i] != 0x01)
- goto decoding_err;
- else
- {
- /* everything looks OK */
-
- mlen = dblen - ++i;
- if (tlen < mlen)
- {
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
- mlen = -1;
- }
- else
- memcpy(to, db + i, mlen);
- }
+ memcpy(to, db + msg_index, mlen);
+ goto cleanup;
}
- OPENSSL_free(db);
- return mlen;
decoding_err:
- /* to avoid chosen ciphertext attacks, the error message should not reveal
- * which kind of decoding error happened */
+ /* To avoid chosen ciphertext attacks, the error message should not reveal
+ * which kind of decoding error happened. */
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
+cleanup:
if (db != NULL) OPENSSL_free(db);
- return -1;
+ if (em != NULL) OPENSSL_free(em);
+ return mlen;
}
int PKCS1_MGF1(unsigned char *mask, long len,
Index: crypto/openssl/crypto/rsa/rsa_pk1.c
===================================================================
--- crypto/openssl/crypto/rsa/rsa_pk1.c (revision 279126)
+++ crypto/openssl/crypto/rsa/rsa_pk1.c (working copy)
@@ -56,6 +56,8 @@
* [including the GNU Public Licence.]
*/
+#include "constant_time_locl.h"
+
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/bn.h>
@@ -181,44 +183,87 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to
int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
const unsigned char *from, int flen, int num)
{
- int i,j;
- const unsigned char *p;
+ int i;
+ /* |em| is the encoded message, zero-padded to exactly |num| bytes */
+ unsigned char *em = NULL;
+ unsigned int good, found_zero_byte;
+ int zero_index = 0, msg_index, mlen = -1;
- p=from;
- if ((num != (flen+1)) || (*(p++) != 02))
+ if (tlen < 0 || flen < 0)
+ return -1;
+
+ /* PKCS#1 v1.5 decryption. See "PKCS #1 v2.2: RSA Cryptography
+ * Standard", section 7.2.2. */
+
+ if (flen > num)
+ goto err;
+
+ if (num < 11)
+ goto err;
+
+ em = OPENSSL_malloc(num);
+ if (em == NULL)
{
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02);
- return(-1);
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE);
+ return -1;
}
-#ifdef PKCS1_CHECK
- return(num-11);
-#endif
+ memset(em, 0, num);
+ /*
+ * Always do this zero-padding copy (even when num == flen) to avoid
+ * leaking that information. The copy still leaks some side-channel
+ * information, but it's impossible to have a fixed memory access
+ * pattern since we can't read out of the bounds of |from|.
+ *
+ * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL.
+ */
+ memcpy(em + num - flen, from, flen);
- /* scan over padding data */
- j=flen-1; /* one for type. */
- for (i=0; i<j; i++)
- if (*(p++) == 0) break;
+ good = constant_time_is_zero(em[0]);
+ good &= constant_time_eq(em[1], 2);
- if (i == j)
+ found_zero_byte = 0;
+ for (i = 2; i < num; i++)
{
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_NULL_BEFORE_BLOCK_MISSING);
- return(-1);
+ unsigned int equals0 = constant_time_is_zero(em[i]);
+ zero_index = constant_time_select_int(~found_zero_byte & equals0, i, zero_index);
+ found_zero_byte |= equals0;
}
- if (i < 8)
+ /*
+ * PS must be at least 8 bytes long, and it starts two bytes into |em|.
+ * If we never found a 0-byte, then |zero_index| is 0 and the check
+ * also fails.
+ */
+ good &= constant_time_ge((unsigned int)(zero_index), 2 + 8);
+
+ /* Skip the zero byte. This is incorrect if we never found a zero-byte
+ * but in this case we also do not copy the message out. */
+ msg_index = zero_index + 1;
+ mlen = num - msg_index;
+
+ /* For good measure, do this check in constant time as well; it could
+ * leak something if |tlen| was assuming valid padding. */
+ good &= constant_time_ge((unsigned int)(tlen), (unsigned int)(mlen));
+
+ /*
+ * We can't continue in constant-time because we need to copy the result
+ * and we cannot fake its length. This unavoidably leaks timing
+ * information at the API boundary.
+ * TODO(emilia): this could be addressed at the call site,
+ * see BoringSSL commit 0aa0767340baf925bda4804882aab0cb974b2d26.
+ */
+ if (!good)
{
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BAD_PAD_BYTE_COUNT);
- return(-1);
+ mlen = -1;
+ goto err;
}
- i++; /* Skip over the '\0' */
- j-=i;
- if (j > tlen)
- {
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE);
- return(-1);
- }
- memcpy(to,p,(unsigned int)j);
- return(j);
+ memcpy(to, em + msg_index, mlen);
+
+err:
+ if (em != NULL)
+ OPENSSL_free(em);
+ if (mlen == -1)
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR);
+ return mlen;
}
-
Index: crypto/openssl/crypto/rsa/rsa_sign.c
===================================================================
--- crypto/openssl/crypto/rsa/rsa_sign.c (revision 279126)
+++ crypto/openssl/crypto/rsa/rsa_sign.c (working copy)
@@ -155,6 +155,25 @@ int RSA_sign(int type, const unsigned char *m, uns
return(ret);
}
+/*
+ * Check DigestInfo structure does not contain extraneous data by reencoding
+ * using DER and checking encoding against original.
+ */
+static int rsa_check_digestinfo(X509_SIG *sig, const unsigned char *dinfo, int dinfolen)
+ {
+ unsigned char *der = NULL;
+ int derlen;
+ int ret = 0;
+ derlen = i2d_X509_SIG(sig, &der);
+ if (derlen <= 0)
+ return 0;
+ if (derlen == dinfolen && !memcmp(dinfo, der, derlen))
+ ret = 1;
+ OPENSSL_cleanse(der, derlen);
+ OPENSSL_free(der);
+ return ret;
+ }
+
int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
{
@@ -215,7 +234,7 @@ int RSA_verify(int dtype, const unsigned char *m,
if (sig == NULL) goto err;
/* Excess data can be used to create forgeries */
- if(p != s+i)
+ if(p != s+i || !rsa_check_digestinfo(sig, s, i))
{
RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
goto err;
Index: crypto/openssl/crypto/ui/ui_lib.c
===================================================================
--- crypto/openssl/crypto/ui/ui_lib.c (revision 279126)
+++ crypto/openssl/crypto/ui/ui_lib.c (working copy)
@@ -897,9 +897,9 @@ int UI_set_result(UI *ui, UI_STRING *uis, const ch
break;
}
}
+ }
default:
break;
}
- }
return 0;
}
Index: crypto/openssl/demos/eay/Makefile
===================================================================
--- crypto/openssl/demos/eay/Makefile (revision 279126)
+++ crypto/openssl/demos/eay/Makefile (working copy)
@@ -1,24 +0,0 @@
-CC=cc
-CFLAGS= -g -I../../include
-#LIBS= -L../.. -lcrypto -lssl
-LIBS= -L../.. ../../libssl.a ../../libcrypto.a
-
-# the file conn.c requires a file "proxy.h" which I couldn't find...
-#EXAMPLES=base64 conn loadrsa
-EXAMPLES=base64 loadrsa
-
-all: $(EXAMPLES)
-
-base64: base64.o
- $(CC) -o base64 base64.o $(LIBS)
-#
-# sorry... can't find "proxy.h"
-#conn: conn.o
-# $(CC) -o conn conn.o $(LIBS)
-
-loadrsa: loadrsa.o
- $(CC) -o loadrsa loadrsa.o $(LIBS)
-
-clean:
- rm -f $(EXAMPLES) *.o
-
Index: crypto/openssl/demos/eay/base64.c
===================================================================
--- crypto/openssl/demos/eay/base64.c (revision 279126)
+++ crypto/openssl/demos/eay/base64.c (working copy)
@@ -1,49 +0,0 @@
-/* This is a simple example of using the base64 BIO to a memory BIO and then
- * getting the data.
- */
-#include <stdio.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-
-main()
- {
- int i;
- BIO *mbio,*b64bio,*bio;
- char buf[512];
- char *p;
-
- mbio=BIO_new(BIO_s_mem());
- b64bio=BIO_new(BIO_f_base64());
-
- bio=BIO_push(b64bio,mbio);
- /* We now have bio pointing at b64->mem, the base64 bio encodes on
- * write and decodes on read */
-
- for (;;)
- {
- i=fread(buf,1,512,stdin);
- if (i <= 0) break;
- BIO_write(bio,buf,i);
- }
- /* We need to 'flush' things to push out the encoding of the
- * last few bytes. There is special encoding if it is not a
- * multiple of 3
- */
- BIO_flush(bio);
-
- printf("We have %d bytes available\n",BIO_pending(mbio));
-
- /* We will now get a pointer to the data and the number of elements. */
- /* hmm... this one was not defined by a macro in bio.h, it will be for
- * 0.9.1. The other option is too just read from the memory bio.
- */
- i=(int)BIO_ctrl(mbio,BIO_CTRL_INFO,0,(char *)&p);
-
- printf("%d\n",i);
- fwrite("---\n",1,4,stdout);
- fwrite(p,1,i,stdout);
- fwrite("---\n",1,4,stdout);
-
- /* This call will walk the chain freeing all the BIOs */
- BIO_free_all(bio);
- }
Index: crypto/openssl/demos/eay/conn.c
===================================================================
--- crypto/openssl/demos/eay/conn.c (revision 279126)
+++ crypto/openssl/demos/eay/conn.c (working copy)
@@ -1,105 +0,0 @@
-/* NOCW */
-/* demos/eay/conn.c */
-
-/* A minimal program to connect to a port using the sock4a protocol.
- *
- * cc -I../../include conn.c -L../.. -lcrypto
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/err.h>
-#include <openssl/bio.h>
-/* #include "proxy.h" */
-
-extern int errno;
-
-int main(argc,argv)
-int argc;
-char *argv[];
- {
- PROXY *pxy;
- char *host;
- char buf[1024*10],*p;
- BIO *bio;
- int i,len,off,ret=1;
-
- if (argc <= 1)
- host="localhost:4433";
- else
- host=argv[1];
-
- /* Lets get nice error messages */
- ERR_load_crypto_strings();
-
- /* First, configure proxy settings */
- pxy=PROXY_new();
- PROXY_add_server(pxy,PROXY_PROTOCOL_SOCKS,"gromit:1080");
-
- bio=BIO_new(BIO_s_socks4a_connect());
-
- BIO_set_conn_hostname(bio,host);
- BIO_set_proxies(bio,pxy);
- BIO_set_socks_userid(bio,"eay");
- BIO_set_nbio(bio,1);
-
- p="GET / HTTP/1.0\r\n\r\n";
- len=strlen(p);
-
- off=0;
- for (;;)
- {
- i=BIO_write(bio,&(p[off]),len);
- if (i <= 0)
- {
- if (BIO_should_retry(bio))
- {
- fprintf(stderr,"write DELAY\n");
- sleep(1);
- continue;
- }
- else
- {
- goto err;
- }
- }
- off+=i;
- len-=i;
- if (len <= 0) break;
- }
-
- for (;;)
- {
- i=BIO_read(bio,buf,sizeof(buf));
- if (i == 0) break;
- if (i < 0)
- {
- if (BIO_should_retry(bio))
- {
- fprintf(stderr,"read DELAY\n");
- sleep(1);
- continue;
- }
- goto err;
- }
- fwrite(buf,1,i,stdout);
- }
-
- ret=1;
-
- if (0)
- {
-err:
- if (ERR_peek_error() == 0) /* system call error */
- {
- fprintf(stderr,"errno=%d ",errno);
- perror("error");
- }
- else
- ERR_print_errors_fp(stderr);
- }
- BIO_free_all(bio);
- if (pxy != NULL) PROXY_free(pxy);
- exit(!ret);
- return(ret);
- }
-
Index: crypto/openssl/demos/eay/loadrsa.c
===================================================================
--- crypto/openssl/demos/eay/loadrsa.c (revision 279126)
+++ crypto/openssl/demos/eay/loadrsa.c (working copy)
@@ -1,53 +0,0 @@
-#include <stdio.h>
-#include <openssl/rsa.h>
-
-/* This is a simple program to generate an RSA private key. It then
- * saves both the public and private key into a char array, then
- * re-reads them. It saves them as DER encoded binary data.
- */
-
-void callback(stage,count,arg)
-int stage,count;
-char *arg;
- {
- FILE *out;
-
- out=(FILE *)arg;
- fprintf(out,"%d",stage);
- if (stage == 3)
- fprintf(out,"\n");
- fflush(out);
- }
-
-main()
- {
- RSA *rsa,*pub_rsa,*priv_rsa;
- int len;
- unsigned char buf[1024],*p;
-
- rsa=RSA_generate_key(512,RSA_F4,callback,(char *)stdout);
-
- p=buf;
-
- /* Save the public key into buffer, we know it will be big enough
- * but we should really check how much space we need by calling the
- * i2d functions with a NULL second parameter */
- len=i2d_RSAPublicKey(rsa,&p);
- len+=i2d_RSAPrivateKey(rsa,&p);
-
- printf("The public and private key are now both in a char array\n");
- printf("and are taking up %d bytes\n",len);
-
- RSA_free(rsa);
-
- p=buf;
- pub_rsa=d2i_RSAPublicKey(NULL,&p,(long)len);
- len-=(p-buf);
- priv_rsa=d2i_RSAPrivateKey(NULL,&p,(long)len);
-
- if ((pub_rsa == NULL) || (priv_rsa == NULL))
- ERR_print_errors_fp(stderr);
-
- RSA_free(pub_rsa);
- RSA_free(priv_rsa);
- }
Index: crypto/openssl/demos/maurice/Makefile
===================================================================
--- crypto/openssl/demos/maurice/Makefile (revision 279126)
+++ crypto/openssl/demos/maurice/Makefile (working copy)
@@ -1,59 +0,0 @@
-CC=cc
-CFLAGS= -g -I../../include -Wall
-LIBS= -L../.. -lcrypto
-EXAMPLES=example1 example2 example3 example4
-
-all: $(EXAMPLES)
-
-example1: example1.o loadkeys.o
- $(CC) -o example1 example1.o loadkeys.o $(LIBS)
-
-example2: example2.o loadkeys.o
- $(CC) -o example2 example2.o loadkeys.o $(LIBS)
-
-example3: example3.o
- $(CC) -o example3 example3.o $(LIBS)
-
-example4: example4.o
- $(CC) -o example4 example4.o $(LIBS)
-
-clean:
- rm -f $(EXAMPLES) *.o
-
-test: all
- @echo
- @echo Example 1 Demonstrates the sealing and opening APIs
- @echo Doing the encrypt side...
- ./example1 <README >t.t
- @echo Doing the decrypt side...
- ./example1 -d <t.t >t.2
- diff t.2 README
- rm -f t.t t.2
- @echo example1 is OK
-
- @echo
- @echo Example2 Demonstrates rsa encryption and decryption
- @echo and it should just print \"This the clear text\"
- ./example2
-
- @echo
- @echo Example3 Demonstrates the use of symmetric block ciphers
- @echo in this case it uses EVP_des_ede3_cbc
- @echo i.e. triple DES in Cipher Block Chaining mode
- @echo Doing the encrypt side...
- ./example3 ThisIsThePassword <README >t.t
- @echo Doing the decrypt side...
- ./example3 -d ThisIsThePassword <t.t >t.2
- diff t.2 README
- rm -f t.t t.2
- @echo example3 is OK
-
- @echo
- @echo Example4 Demonstrates base64 encoding and decoding
- @echo Doing the encrypt side...
- ./example4 <README >t.t
- @echo Doing the decrypt side...
- ./example4 -d <t.t >t.2
- diff t.2 README
- rm -f t.t t.2
- @echo example4 is OK
Index: crypto/openssl/demos/maurice/README
===================================================================
--- crypto/openssl/demos/maurice/README (revision 279126)
+++ crypto/openssl/demos/maurice/README (working copy)
@@ -1,34 +0,0 @@
-From Maurice Gittens <mgittens@gits.nl>
---
- Example programs, demonstrating some basic SSLeay crypto library
- operations, to help you not to make the same mistakes I did.
-
- The following files are present.
- - loadkeys.c Demonstrates the loading and of public and
- private keys.
- - loadkeys.h The interface for loadkeys.c
- - example1.c Demonstrates the sealing and opening API's
- - example2.c Demonstrates rsa encryption and decryption
- - example3.c Demonstrates the use of symmetric block ciphers
- - example4.c Demonstrates base64 and decoding
- - Makefile A makefile you probably will have to adjust for
- your environment
- - README this file
-
-
- The programs were written by Maurice Gittens <mgittens@gits.nl>
- with the necesary help from Eric Young <eay@cryptsoft.com>
-
- You may do as you please with these programs, but please don't
- pretend that you wrote them.
-
- To be complete: If you use these programs you acknowlegde that
- you are aware that there is NO warranty of any kind associated
- with these programs. I don't even claim that the programs work,
- they are provided AS-IS.
-
- January 1997
-
- Maurice
-
-
Index: crypto/openssl/demos/maurice/cert.pem
===================================================================
--- crypto/openssl/demos/maurice/cert.pem (revision 279126)
+++ crypto/openssl/demos/maurice/cert.pem (working copy)
@@ -1,77 +0,0 @@
-issuer :/C=NL/SP=Brabant/L=Eindhoven/O=Gittens Information Systems B.V./OU=Certification Services/CN=ca.gits.nl/Email=mgittens@gits.nl
-subject:/C=NL/SP=Brabant/O=Gittens Information Systems B.V./OU=Certification Services/CN=caleb.gits.nl/Email=mgittens@gits.nl
-serial :01
-
-Certificate:
- Data:
- Version: 0 (0x0)
- Serial Number: 1 (0x1)
- Signature Algorithm: md5withRSAEncryption
- Issuer: C=NL, SP=Brabant, L=Eindhoven, O=Gittens Information Systems B.V., OU=Certification Services, CN=ca.gits.nl/Email=mgittens@gits.nl
- Validity
- Not Before: Jan 5 13:21:16 1997 GMT
- Not After : Jul 24 13:21:16 1997 GMT
- Subject: C=NL, SP=Brabant, O=Gittens Information Systems B.V., OU=Certification Services, CN=caleb.gits.nl/Email=mgittens@gits.nl
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Modulus:
- 00:dd:82:a0:fe:a9:8d:6a:02:7e:78:d6:33:75:9b:
- 82:01:4b:12:80:ea:6b:9b:83:9e:e3:ae:dc:f3:d0:
- 71:7c:4b:ea:03:57:b4:cc:ba:44:5b:b8:4b:49:d3:
- f6:39:cc:3d:12:1f:da:58:26:27:bc:bc:ab:a4:6d:
- 62:d1:91:5a:47:9f:80:40:c1:b9:fa:e3:1e:ef:52:
- 78:46:26:43:65:1d:f2:6b:bf:ff:c0:81:66:14:cd:
- 81:32:91:f1:f8:51:7d:0e:17:1f:27:fc:c7:51:fd:
- 1c:73:41:e5:66:43:3c:67:a3:09:b9:5e:36:50:50:
- b1:e8:42:bd:5c:c6:2b:ec:a9:2c:fe:6a:fe:40:26:
- 64:9e:b9:bf:2d:1d:fb:d0:48:5b:82:2a:8e:ab:a4:
- d5:7b:5f:26:84:8a:9a:69:5e:c1:71:e2:a9:59:4c:
- 2a:76:f7:fd:f4:cf:3f:d3:ce:30:72:62:65:1c:e9:
- e9:ee:d2:fc:44:00:1e:e0:80:57:e9:41:b3:f0:44:
- e5:0f:77:3b:1a:1f:57:5e:94:1d:c3:a5:fa:af:41:
- 8c:4c:30:6b:2b:00:84:52:0c:64:0c:a8:5b:17:16:
- d1:1e:f8:ea:72:01:47:9a:b9:21:95:f9:71:ed:7c:
- d2:93:54:0c:c5:9c:e8:e5:40:28:c5:a0:ca:b1:a9:
- 20:f9
- Exponent: 65537 (0x10001)
- Signature Algorithm: md5withRSAEncryption
- 93:08:f9:e0:d4:c5:ca:95:de:4e:38:3b:28:87:e9:d3:b6:ce:
- 4f:69:2e:c9:09:57:2f:fa:e2:50:9f:39:ec:f3:84:e8:3a:8f:
- 9b:c3:06:62:90:49:93:6d:23:7a:2b:3d:7b:f9:46:32:18:d3:
- 87:44:49:f7:29:2f:f3:58:97:70:c3:45:5b:90:52:1c:df:fb:
- a8:a3:a1:29:53:a3:4c:ed:d2:51:d0:44:98:a4:14:6f:76:9d:
- 0d:03:76:e5:d3:13:21:ce:a3:4d:2a:77:fe:ad:b3:47:6d:42:
- b9:4a:0e:ff:61:f4:ec:62:b2:3b:00:9c:ac:16:a2:ec:19:c8:
- c7:3d:d7:7d:97:cd:4d:1a:d2:00:07:4e:40:3d:b9:ba:1e:e2:
- fe:81:28:57:b9:ad:2b:74:59:b0:9f:8b:a5:98:d3:75:06:67:
- 4a:04:11:b2:ea:1a:8c:e0:d4:be:c8:0c:46:76:7f:5f:5a:7b:
- 72:09:dd:b6:d3:6b:97:70:e8:7e:17:74:1c:f7:3a:5f:e3:fa:
- c2:f7:95:bd:74:5e:44:4b:9b:bd:27:de:02:7f:87:1f:68:68:
- 60:b9:f4:1d:2b:7b:ce:ef:b1:7f:3a:be:b9:66:60:54:6f:0c:
- a0:dd:8c:03:a7:f1:9f:f8:0e:8d:bb:c6:ba:77:61:f7:8e:be:
- 28:ba:d8:4f
-
------BEGIN CERTIFICATE-----
-MIIDzzCCArcCAQEwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAk5MMRAwDgYD
-VQQIEwdCcmFiYW50MRIwEAYDVQQHEwlFaW5kaG92ZW4xKTAnBgNVBAoTIEdpdHRl
-bnMgSW5mb3JtYXRpb24gU3lzdGVtcyBCLlYuMR8wHQYDVQQLExZDZXJ0aWZpY2F0
-aW9uIFNlcnZpY2VzMRMwEQYDVQQDEwpjYS5naXRzLm5sMR8wHQYJKoZIhvcNAQkB
-FhBtZ2l0dGVuc0BnaXRzLm5sMB4XDTk3MDEwNTEzMjExNloXDTk3MDcyNDEzMjEx
-NlowgaQxCzAJBgNVBAYTAk5MMRAwDgYDVQQIEwdCcmFiYW50MSkwJwYDVQQKEyBH
-aXR0ZW5zIEluZm9ybWF0aW9uIFN5c3RlbXMgQi5WLjEfMB0GA1UECxMWQ2VydGlm
-aWNhdGlvbiBTZXJ2aWNlczEWMBQGA1UEAxMNY2FsZWIuZ2l0cy5ubDEfMB0GCSqG
-SIb3DQEJARYQbWdpdHRlbnNAZ2l0cy5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAN2CoP6pjWoCfnjWM3WbggFLEoDqa5uDnuOu3PPQcXxL6gNXtMy6
-RFu4S0nT9jnMPRIf2lgmJ7y8q6RtYtGRWkefgEDBufrjHu9SeEYmQ2Ud8mu//8CB
-ZhTNgTKR8fhRfQ4XHyf8x1H9HHNB5WZDPGejCbleNlBQsehCvVzGK+ypLP5q/kAm
-ZJ65vy0d+9BIW4Iqjquk1XtfJoSKmmlewXHiqVlMKnb3/fTPP9POMHJiZRzp6e7S
-/EQAHuCAV+lBs/BE5Q93OxofV16UHcOl+q9BjEwwaysAhFIMZAyoWxcW0R746nIB
-R5q5IZX5ce180pNUDMWc6OVAKMWgyrGpIPkCAwEAATANBgkqhkiG9w0BAQQFAAOC
-AQEAkwj54NTFypXeTjg7KIfp07bOT2kuyQlXL/riUJ857POE6DqPm8MGYpBJk20j
-eis9e/lGMhjTh0RJ9ykv81iXcMNFW5BSHN/7qKOhKVOjTO3SUdBEmKQUb3adDQN2
-5dMTIc6jTSp3/q2zR21CuUoO/2H07GKyOwCcrBai7BnIxz3XfZfNTRrSAAdOQD25
-uh7i/oEoV7mtK3RZsJ+LpZjTdQZnSgQRsuoajODUvsgMRnZ/X1p7cgndttNrl3Do
-fhd0HPc6X+P6wveVvXReREubvSfeAn+HH2hoYLn0HSt7zu+xfzq+uWZgVG8MoN2M
-A6fxn/gOjbvGundh946+KLrYTw==
------END CERTIFICATE-----
-
Index: crypto/openssl/demos/maurice/example1.c
===================================================================
--- crypto/openssl/demos/maurice/example1.c (revision 279126)
+++ crypto/openssl/demos/maurice/example1.c (working copy)
@@ -1,198 +0,0 @@
-/* NOCW */
-/*
- Please read the README file for condition of use, before
- using this software.
-
- Maurice Gittens <mgittens@gits.nl> January 1997
-*/
-
-#include <unistd.h>
-#include <stdio.h>
-#include <netinet/in.h>
-#include <fcntl.h>
-#include <strings.h>
-#include <stdlib.h>
-
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-
-#include "loadkeys.h"
-
-#define PUBFILE "cert.pem"
-#define PRIVFILE "privkey.pem"
-
-#define STDIN 0
-#define STDOUT 1
-
-void main_encrypt(void);
-void main_decrypt(void);
-
-static const char *usage = "Usage: example1 [-d]\n";
-
-int main(int argc, char *argv[])
-{
-
- ERR_load_crypto_strings();
-
- if ((argc == 1))
- {
- main_encrypt();
- }
- else if ((argc == 2) && !strcmp(argv[1],"-d"))
- {
- main_decrypt();
- }
- else
- {
- printf("%s",usage);
- exit(1);
- }
-
- return 0;
-}
-
-void main_encrypt(void)
-{
- unsigned int ebuflen;
- EVP_CIPHER_CTX ectx;
- unsigned char iv[EVP_MAX_IV_LENGTH];
- unsigned char *ekey[1];
- int readlen;
- int ekeylen, net_ekeylen;
- EVP_PKEY *pubKey[1];
- char buf[512];
- char ebuf[512];
-
- memset(iv, '\0', sizeof(iv));
-
- pubKey[0] = ReadPublicKey(PUBFILE);
-
- if(!pubKey[0])
- {
- fprintf(stderr,"Error: can't load public key");
- exit(1);
- }
-
- ekey[0] = malloc(EVP_PKEY_size(pubKey[0]));
- if (!ekey[0])
- {
- EVP_PKEY_free(pubKey[0]);
- perror("malloc");
- exit(1);
- }
-
- EVP_SealInit(&ectx,
- EVP_des_ede3_cbc(),
- ekey,
- &ekeylen,
- iv,
- pubKey,
- 1);
-
- net_ekeylen = htonl(ekeylen);
- write(STDOUT, (char*)&net_ekeylen, sizeof(net_ekeylen));
- write(STDOUT, ekey[0], ekeylen);
- write(STDOUT, iv, sizeof(iv));
-
- while(1)
- {
- readlen = read(STDIN, buf, sizeof(buf));
-
- if (readlen <= 0)
- {
- if (readlen < 0)
- perror("read");
-
- break;
- }
-
- EVP_SealUpdate(&ectx, ebuf, &ebuflen, buf, readlen);
-
- write(STDOUT, ebuf, ebuflen);
- }
-
- EVP_SealFinal(&ectx, ebuf, &ebuflen);
-
- write(STDOUT, ebuf, ebuflen);
-
- EVP_PKEY_free(pubKey[0]);
- free(ekey[0]);
-}
-
-void main_decrypt(void)
-{
- char buf[520];
- char ebuf[512];
- unsigned int buflen;
- EVP_CIPHER_CTX ectx;
- unsigned char iv[EVP_MAX_IV_LENGTH];
- unsigned char *encryptKey;
- unsigned int ekeylen;
- EVP_PKEY *privateKey;
-
- memset(iv, '\0', sizeof(iv));
-
- privateKey = ReadPrivateKey(PRIVFILE);
- if (!privateKey)
- {
- fprintf(stderr, "Error: can't load private key");
- exit(1);
- }
-
- read(STDIN, &ekeylen, sizeof(ekeylen));
- ekeylen = ntohl(ekeylen);
-
- if (ekeylen != EVP_PKEY_size(privateKey))
- {
- EVP_PKEY_free(privateKey);
- fprintf(stderr, "keylength mismatch");
- exit(1);
- }
-
- encryptKey = malloc(sizeof(char) * ekeylen);
- if (!encryptKey)
- {
- EVP_PKEY_free(privateKey);
- perror("malloc");
- exit(1);
- }
-
- read(STDIN, encryptKey, ekeylen);
- read(STDIN, iv, sizeof(iv));
- EVP_OpenInit(&ectx,
- EVP_des_ede3_cbc(),
- encryptKey,
- ekeylen,
- iv,
- privateKey);
-
- while(1)
- {
- int readlen = read(STDIN, ebuf, sizeof(ebuf));
-
- if (readlen <= 0)
- {
- if (readlen < 0)
- perror("read");
-
- break;
- }
-
- EVP_OpenUpdate(&ectx, buf, &buflen, ebuf, readlen);
- write(STDOUT, buf, buflen);
- }
-
- EVP_OpenFinal(&ectx, buf, &buflen);
-
- write(STDOUT, buf, buflen);
-
- EVP_PKEY_free(privateKey);
- free(encryptKey);
-}
-
-
Index: crypto/openssl/demos/maurice/example2.c
===================================================================
--- crypto/openssl/demos/maurice/example2.c (revision 279126)
+++ crypto/openssl/demos/maurice/example2.c (working copy)
@@ -1,75 +0,0 @@
-/* NOCW */
-/*
- Please read the README file for condition of use, before
- using this software.
-
- Maurice Gittens <mgittens@gits.nl> January 1997
-*/
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <strings.h>
-
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-
-#include "loadkeys.h"
-
-#define PUBFILE "cert.pem"
-#define PRIVFILE "privkey.pem"
-#define STDIN 0
-#define STDOUT 1
-
-int main()
-{
- char *ct = "This the clear text";
- char *buf;
- char *buf2;
- EVP_PKEY *pubKey;
- EVP_PKEY *privKey;
- int len;
-
- ERR_load_crypto_strings();
-
- privKey = ReadPrivateKey(PRIVFILE);
- if (!privKey)
- {
- ERR_print_errors_fp (stderr);
- exit (1);
- }
-
- pubKey = ReadPublicKey(PUBFILE);
- if(!pubKey)
- {
- EVP_PKEY_free(privKey);
- fprintf(stderr,"Error: can't load public key");
- exit(1);
- }
-
- /* No error checking */
- buf = malloc(EVP_PKEY_size(pubKey));
- buf2 = malloc(EVP_PKEY_size(pubKey));
-
- len = RSA_public_encrypt(strlen(ct)+1, ct, buf, pubKey->pkey.rsa,RSA_PKCS1_PADDING);
-
- if (len != EVP_PKEY_size(pubKey))
- {
- fprintf(stderr,"Error: ciphertext should match length of key\n");
- exit(1);
- }
-
- RSA_private_decrypt(len, buf, buf2, privKey->pkey.rsa,RSA_PKCS1_PADDING);
-
- printf("%s\n", buf2);
-
- EVP_PKEY_free(privKey);
- EVP_PKEY_free(pubKey);
- free(buf);
- free(buf2);
- return 0;
-}
Index: crypto/openssl/demos/maurice/example3.c
===================================================================
--- crypto/openssl/demos/maurice/example3.c (revision 279126)
+++ crypto/openssl/demos/maurice/example3.c (working copy)
@@ -1,87 +0,0 @@
-/* NOCW */
-/*
- Please read the README file for condition of use, before
- using this software.
-
- Maurice Gittens <mgittens@gits.nl> January 1997
-
-*/
-
-#include <stdio.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <sys/stat.h>
-#include <openssl/evp.h>
-
-#define STDIN 0
-#define STDOUT 1
-#define BUFLEN 512
-#define INIT_VECTOR "12345678"
-#define ENCRYPT 1
-#define DECRYPT 0
-#define ALG EVP_des_ede3_cbc()
-
-static const char *usage = "Usage: example3 [-d] password\n";
-
-void do_cipher(char *,int);
-
-int main(int argc, char *argv[])
-{
- if ((argc == 2))
- {
- do_cipher(argv[1],ENCRYPT);
- }
- else if ((argc == 3) && !strcmp(argv[1],"-d"))
- {
- do_cipher(argv[2],DECRYPT);
- }
- else
- {
- fprintf(stderr,"%s", usage);
- exit(1);
- }
-
- return 0;
-}
-
-void do_cipher(char *pw, int operation)
-{
- char buf[BUFLEN];
- char ebuf[BUFLEN + 8];
- unsigned int ebuflen; /* rc; */
- unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH];
- /* unsigned int ekeylen, net_ekeylen; */
- EVP_CIPHER_CTX ectx;
-
- memcpy(iv, INIT_VECTOR, sizeof(iv));
-
- EVP_BytesToKey(ALG, EVP_md5(), "salu", pw, strlen(pw), 1, key, iv);
-
- EVP_CIPHER_CTX_init(&ectx);
- EVP_CipherInit_ex(&ectx, ALG, NULL, key, iv, operation);
-
- while(1)
- {
- int readlen = read(STDIN, buf, sizeof(buf));
-
- if (readlen <= 0)
- {
- if (!readlen)
- break;
- else
- {
- perror("read");
- exit(1);
- }
- }
-
- EVP_CipherUpdate(&ectx, ebuf, &ebuflen, buf, readlen);
-
- write(STDOUT, ebuf, ebuflen);
- }
-
- EVP_CipherFinal_ex(&ectx, ebuf, &ebuflen);
- EVP_CIPHER_CTX_cleanup(&ectx);
-
- write(STDOUT, ebuf, ebuflen);
-}
Index: crypto/openssl/demos/maurice/example4.c
===================================================================
--- crypto/openssl/demos/maurice/example4.c (revision 279126)
+++ crypto/openssl/demos/maurice/example4.c (working copy)
@@ -1,123 +0,0 @@
-/* NOCW */
-/*
- Please read the README file for condition of use, before
- using this software.
-
- Maurice Gittens <mgittens@gits.nl> January 1997
-
-*/
-
-#include <stdio.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <sys/stat.h>
-#include <openssl/evp.h>
-
-#define STDIN 0
-#define STDOUT 1
-#define BUFLEN 512
-
-static const char *usage = "Usage: example4 [-d]\n";
-
-void do_encode(void);
-void do_decode(void);
-
-int main(int argc, char *argv[])
-{
- if ((argc == 1))
- {
- do_encode();
- }
- else if ((argc == 2) && !strcmp(argv[1],"-d"))
- {
- do_decode();
- }
- else
- {
- fprintf(stderr,"%s", usage);
- exit(1);
- }
-
- return 0;
-}
-
-void do_encode()
-{
- char buf[BUFLEN];
- char ebuf[BUFLEN+24];
- unsigned int ebuflen;
- EVP_ENCODE_CTX ectx;
-
- EVP_EncodeInit(&ectx);
-
- while(1)
- {
- int readlen = read(STDIN, buf, sizeof(buf));
-
- if (readlen <= 0)
- {
- if (!readlen)
- break;
- else
- {
- perror("read");
- exit(1);
- }
- }
-
- EVP_EncodeUpdate(&ectx, ebuf, &ebuflen, buf, readlen);
-
- write(STDOUT, ebuf, ebuflen);
- }
-
- EVP_EncodeFinal(&ectx, ebuf, &ebuflen);
-
- write(STDOUT, ebuf, ebuflen);
-}
-
-void do_decode()
-{
- char buf[BUFLEN];
- char ebuf[BUFLEN+24];
- unsigned int ebuflen;
- EVP_ENCODE_CTX ectx;
-
- EVP_DecodeInit(&ectx);
-
- while(1)
- {
- int readlen = read(STDIN, buf, sizeof(buf));
- int rc;
-
- if (readlen <= 0)
- {
- if (!readlen)
- break;
- else
- {
- perror("read");
- exit(1);
- }
- }
-
- rc = EVP_DecodeUpdate(&ectx, ebuf, &ebuflen, buf, readlen);
- if (rc <= 0)
- {
- if (!rc)
- {
- write(STDOUT, ebuf, ebuflen);
- break;
- }
-
- fprintf(stderr, "Error: decoding message\n");
- return;
- }
-
- write(STDOUT, ebuf, ebuflen);
- }
-
- EVP_DecodeFinal(&ectx, ebuf, &ebuflen);
-
- write(STDOUT, ebuf, ebuflen);
-}
-
Index: crypto/openssl/demos/maurice/loadkeys.c
===================================================================
--- crypto/openssl/demos/maurice/loadkeys.c (revision 279126)
+++ crypto/openssl/demos/maurice/loadkeys.c (working copy)
@@ -1,72 +0,0 @@
-/* NOCW */
-/*
- Please read the README file for condition of use, before
- using this software.
-
- Maurice Gittens <mgittens@gits.nl> January 1997
-
-*/
-
-#include <unistd.h>
-#include <stdio.h>
-#include <netinet/in.h>
-#include <fcntl.h>
-#include <strings.h>
-#include <stdlib.h>
-
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-
-EVP_PKEY * ReadPublicKey(const char *certfile)
-{
- FILE *fp = fopen (certfile, "r");
- X509 *x509;
- EVP_PKEY *pkey;
-
- if (!fp)
- return NULL;
-
- x509 = PEM_read_X509(fp, NULL, 0, NULL);
-
- if (x509 == NULL)
- {
- ERR_print_errors_fp (stderr);
- return NULL;
- }
-
- fclose (fp);
-
- pkey=X509_extract_key(x509);
-
- X509_free(x509);
-
- if (pkey == NULL)
- ERR_print_errors_fp (stderr);
-
- return pkey;
-}
-
-EVP_PKEY *ReadPrivateKey(const char *keyfile)
-{
- FILE *fp = fopen(keyfile, "r");
- EVP_PKEY *pkey;
-
- if (!fp)
- return NULL;
-
- pkey = PEM_read_PrivateKey(fp, NULL, 0, NULL);
-
- fclose (fp);
-
- if (pkey == NULL)
- ERR_print_errors_fp (stderr);
-
- return pkey;
-}
-
-
Index: crypto/openssl/demos/maurice/loadkeys.h
===================================================================
--- crypto/openssl/demos/maurice/loadkeys.h (revision 279126)
+++ crypto/openssl/demos/maurice/loadkeys.h (working copy)
@@ -1,19 +0,0 @@
-/* NOCW */
-/*
- Please read the README file for condition of use, before
- using this software.
-
- Maurice Gittens <mgittens@gits.nl> January 1997
-
-*/
-
-#ifndef LOADKEYS_H_SEEN
-#define LOADKEYS_H_SEEN
-
-#include <openssl/evp.h>
-
-EVP_PKEY * ReadPublicKey(const char *certfile);
-EVP_PKEY *ReadPrivateKey(const char *keyfile);
-
-#endif
-
Index: crypto/openssl/demos/maurice/privkey.pem
===================================================================
--- crypto/openssl/demos/maurice/privkey.pem (revision 279126)
+++ crypto/openssl/demos/maurice/privkey.pem (working copy)
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA3YKg/qmNagJ+eNYzdZuCAUsSgOprm4Oe467c89BxfEvqA1e0
-zLpEW7hLSdP2Ocw9Eh/aWCYnvLyrpG1i0ZFaR5+AQMG5+uMe71J4RiZDZR3ya7//
-wIFmFM2BMpHx+FF9DhcfJ/zHUf0cc0HlZkM8Z6MJuV42UFCx6EK9XMYr7Kks/mr+
-QCZknrm/LR370EhbgiqOq6TVe18mhIqaaV7BceKpWUwqdvf99M8/084wcmJlHOnp
-7tL8RAAe4IBX6UGz8ETlD3c7Gh9XXpQdw6X6r0GMTDBrKwCEUgxkDKhbFxbRHvjq
-cgFHmrkhlflx7XzSk1QMxZzo5UAoxaDKsakg+QIDAQABAoIBAQC0hnh083PnuJ6g
-Flob+B+stCUhYWtPc6ZzgphaMD+9ABV4oescipWZdooNYiyikBwZgFIvUvFBtTXh
-rLBDgUVlZ81beUb7/EvC2aBh818rsotWW0Sw/ARY4d7wetcL/EWBzUA8E5vR6wlb
-uZGelR9OiyYqp2h2bj1/v5yaVnuHxBeBj5clTHtPMXc+/70iUNBDMZ0ruZTdSwll
-e0DH8pp/5USYewlrKtRIJT7elC8LFMqEz4OpNvfaR2OEY0FatYYmSvQPNwV8/Eor
-XlNzRi9qD0uXbVexaAgQZ3/KZuAzUbOgwJZZXEAOGkZ/J1n08jljPXdU0o7bHhNl
-7siHbuEBAoGBAP53IvvJkhnH8Akf6E6sXelZkPKHnwDwfywDAiIhXza9DB1DViRS
-bZUB5gzcxmLGalex5+LcwZmsqFO5NXZ8SQeE9p0YT8yJsX4J1w9JzSvsWJBS2vyW
-Kbt21oG6JAGrWSGMIfxKpuahtWLf4JpGjftti0qIVQ60GKEPc1/xE2PZAoGBAN7Y
-nRPaUaqcIwbnH9kovOKwZ/PWREy1ecr3YXj65VYTnwSJHD0+CJa/DX8eB/G4AoNA
-Y2LPbq0Xu3+7SaUsO45VkaZuJmNwheUQ4tmyd/YdnVZ0AHXx1tvpR7QeO0WjnlNK
-mR+x00fetrff2Ypahs0wtU0Xf3F8ORgVB8jnxBIhAoGAcwf0PpI+g30Im3dbEsWE
-poogpiJ81HXjZ0fs3PTtD9eh9FCOTlkcxHFZR5M980TyqbX4t2tH8WpFpaNh8a/5
-a3bF7PoiiLnuDKXyHC0mnKZ42rU53VkcgGwWSAqXYFHPNwUcD+rHTBbp4kqGQ/eF
-E5XPk9/RY5YyVAyiAUr/kvECgYBvW1Ua75SxqbZDI8mhbZ79tGMt0NtubZz/1KCL
-oOxrGAD1dkJ7Q/1svunSpMIZgvcWeV1wqfFHY72ZNZC2jiTwmkffH9nlBPyTm92Q
-JYOWo/PUmMEGLyRL3gWrtxOtV/as7nEYCndmyZ8KwTxmy5fi/z0J2f0gS5AIPbIX
-LeGnoQKBgQDapjz9K4HWR5AMxyga4eiLIrmADySP846uz3eZIvTJQZ+6TAamvnno
-KbnU21cGq5HBBtxqQvGswLPGW9rZAgykHHJmYBUp0xv4+I4qHfXyD7QNmvq+Vxjj
-V2tgIafEpaf2ZsfM7BZeZz8MzeGcDwyrHtIO1FQiYN5Qz9Hq68XmVA==
------END RSA PRIVATE KEY-----
Index: crypto/openssl/doc/apps/asn1parse.pod
===================================================================
--- crypto/openssl/doc/apps/asn1parse.pod (revision 279126)
+++ crypto/openssl/doc/apps/asn1parse.pod (working copy)
@@ -15,6 +15,8 @@ B<openssl> B<asn1parse>
[B<-length number>]
[B<-i>]
[B<-oid filename>]
+[B<-dump>]
+[B<-dlimit num>]
[B<-strparse offset>]
[B<-genstr string>]
[B<-genconf file>]
@@ -64,6 +66,14 @@ indents the output according to the "depth" of the
a file containing additional OBJECT IDENTIFIERs (OIDs). The format of this
file is described in the NOTES section below.
+=item B<-dump>
+
+dump unknown data in hex format.
+
+=item B<-dlimit num>
+
+like B<-dump>, but only the first B<num> bytes are output.
+
=item B<-strparse offset>
parse the contents octets of the ASN.1 object starting at B<offset>. This
Index: crypto/openssl/doc/apps/ca.pod
===================================================================
--- crypto/openssl/doc/apps/ca.pod (revision 279126)
+++ crypto/openssl/doc/apps/ca.pod (working copy)
@@ -13,6 +13,8 @@ B<openssl> B<ca>
[B<-name section>]
[B<-gencrl>]
[B<-revoke file>]
+[B<-status serial>]
+[B<-updatedb>]
[B<-crl_reason reason>]
[B<-crl_hold instruction>]
[B<-crl_compromise time>]
@@ -26,6 +28,7 @@ B<openssl> B<ca>
[B<-md arg>]
[B<-policy arg>]
[B<-keyfile arg>]
+[B<-keyform PEM|DER>]
[B<-key arg>]
[B<-passin arg>]
[B<-cert file>]
@@ -83,7 +86,7 @@ a single self signed certificate to be signed by t
a file containing a single Netscape signed public key and challenge
and additional field values to be signed by the CA. See the B<SPKAC FORMAT>
-section for information on the required format.
+section for information on the required input and output format.
=item B<-infiles>
@@ -94,7 +97,7 @@ are assumed to be the names of files containing ce
the output file to output certificates to. The default is standard
output. The certificate details will also be printed out to this
-file.
+file in PEM format (except that B<-spkac> outputs DER format).
=item B<-outdir directory>
@@ -110,6 +113,11 @@ the CA certificate file.
the private key to sign requests with.
+=item B<-keyform PEM|DER>
+
+the format of the data in the private key file.
+The default is PEM.
+
=item B<-key password>
the password used to encrypt the private key. Since on some
@@ -265,6 +273,15 @@ the number of hours before the next CRL is due.
a filename containing a certificate to revoke.
+=item B<-status serial>
+
+displays the revocation status of the certificate with the specified
+serial number and exits.
+
+=item B<-updatedb>
+
+Updates the database index to purge expired certificates.
+
=item B<-crl_reason reason>
revocation reason, where B<reason> is one of: B<unspecified>, B<keyCompromise>,
@@ -495,6 +512,10 @@ the SPKAC and also the required DN components as n
If you need to include the same component twice then it can be
preceded by a number and a '.'.
+When processing SPKAC format, the output is DER if the B<-out>
+flag is used, but PEM format if sending to stdout or the B<-outdir>
+flag is used.
+
=head1 EXAMPLES
Note: these examples assume that the B<ca> directory structure is
Index: crypto/openssl/doc/apps/crl.pod
===================================================================
--- crypto/openssl/doc/apps/crl.pod (revision 279126)
+++ crypto/openssl/doc/apps/crl.pod (working copy)
@@ -12,6 +12,7 @@ B<openssl> B<crl>
[B<-text>]
[B<-in filename>]
[B<-out filename>]
+[B<-nameopt option>]
[B<-noout>]
[B<-hash>]
[B<-issuer>]
@@ -53,6 +54,11 @@ default.
print out the CRL in text form.
+=item B<-nameopt option>
+
+option which determines how the subject or issuer names are displayed. See
+the description of B<-nameopt> in L<x509(1)|x509(1)>.
+
=item B<-noout>
don't output the encoded version of the CRL.
Index: crypto/openssl/doc/apps/dhparam.pod
===================================================================
--- crypto/openssl/doc/apps/dhparam.pod (revision 279126)
+++ crypto/openssl/doc/apps/dhparam.pod (working copy)
@@ -12,6 +12,7 @@ B<openssl dhparam>
[B<-in> I<filename>]
[B<-out> I<filename>]
[B<-dsaparam>]
+[B<-check>]
[B<-noout>]
[B<-text>]
[B<-C>]
@@ -64,6 +65,10 @@ exchange more efficient. Beware that with such DS
parameters, a fresh DH key should be created for each use to
avoid small-subgroup attacks that may be possible otherwise.
+=item B<-check>
+
+check if the parameters are valid primes and generator.
+
=item B<-2>, B<-5>
The generator to use, either 2 or 5. 2 is the default. If present then the
Index: crypto/openssl/doc/apps/dsa.pod
===================================================================
--- crypto/openssl/doc/apps/dsa.pod (revision 279126)
+++ crypto/openssl/doc/apps/dsa.pod (working copy)
@@ -13,6 +13,12 @@ B<openssl> B<dsa>
[B<-passin arg>]
[B<-out filename>]
[B<-passout arg>]
+[B<-aes128>]
+[B<-aes192>]
+[B<-aes256>]
+[B<-camellia128>]
+[B<-camellia192>]
+[B<-camellia256>]
[B<-des>]
[B<-des3>]
[B<-idea>]
@@ -74,10 +80,10 @@ filename.
the output file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-=item B<-des|-des3|-idea>
+=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
-These options encrypt the private key with the DES, triple DES, or the
-IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
+These options encrypt the private key with the specified
+cipher before outputting it. A pass phrase is prompted for.
If none of these options is specified the key is written in plain text. This
means that using the B<dsa> utility to read in an encrypted key with no
encryption option can be used to remove the pass phrase from a key, or by
Index: crypto/openssl/doc/apps/ecparam.pod
===================================================================
--- crypto/openssl/doc/apps/ecparam.pod (revision 279126)
+++ crypto/openssl/doc/apps/ecparam.pod (working copy)
@@ -16,7 +16,7 @@ B<openssl ecparam>
[B<-C>]
[B<-check>]
[B<-name arg>]
-[B<-list_curve>]
+[B<-list_curves>]
[B<-conv_form arg>]
[B<-param_enc arg>]
[B<-no_seed>]
Index: crypto/openssl/doc/apps/gendsa.pod
===================================================================
--- crypto/openssl/doc/apps/gendsa.pod (revision 279126)
+++ crypto/openssl/doc/apps/gendsa.pod (working copy)
@@ -8,6 +8,12 @@ gendsa - generate a DSA private key from a set of
B<openssl> B<gendsa>
[B<-out filename>]
+[B<-aes128>]
+[B<-aes192>]
+[B<-aes256>]
+[B<-camellia128>]
+[B<-camellia192>]
+[B<-camellia256>]
[B<-des>]
[B<-des3>]
[B<-idea>]
@@ -24,10 +30,10 @@ The B<gendsa> command generates a DSA private key
=over 4
-=item B<-des|-des3|-idea>
+=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
-These options encrypt the private key with the DES, triple DES, or the
-IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
+These options encrypt the private key with specified
+cipher before outputting it. A pass phrase is prompted for.
If none of these options is specified no encryption is used.
=item B<-rand file(s)>
Index: crypto/openssl/doc/apps/genrsa.pod
===================================================================
--- crypto/openssl/doc/apps/genrsa.pod (revision 279126)
+++ crypto/openssl/doc/apps/genrsa.pod (working copy)
@@ -9,6 +9,18 @@ genrsa - generate an RSA private key
B<openssl> B<genrsa>
[B<-out filename>]
[B<-passout arg>]
+[B<-aes128>]
+[B<-aes128>]
+[B<-aes192>]
+[B<-aes256>]
+[B<-camellia128>]
+[B<-camellia192>]
+[B<-camellia256>]
+[B<-aes192>]
+[B<-aes256>]
+[B<-camellia128>]
+[B<-camellia192>]
+[B<-camellia256>]
[B<-des>]
[B<-des3>]
[B<-idea>]
@@ -36,10 +48,10 @@ used.
the output file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-=item B<-des|-des3|-idea>
+=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
-These options encrypt the private key with the DES, triple DES, or the
-IDEA ciphers respectively before outputting it. If none of these options is
+These options encrypt the private key with specified
+cipher before outputting it. If none of these options is
specified no encryption is used. If encryption is used a pass phrase is prompted
for if it is not supplied via the B<-passout> argument.
Index: crypto/openssl/doc/apps/rsa.pod
===================================================================
--- crypto/openssl/doc/apps/rsa.pod (revision 279126)
+++ crypto/openssl/doc/apps/rsa.pod (working copy)
@@ -15,6 +15,12 @@ B<openssl> B<rsa>
[B<-out filename>]
[B<-passout arg>]
[B<-sgckey>]
+[B<-aes128>]
+[B<-aes192>]
+[B<-aes256>]
+[B<-camellia128>]
+[B<-camellia192>]
+[B<-camellia256>]
[B<-des>]
[B<-des3>]
[B<-idea>]
@@ -80,10 +86,10 @@ see the B<PASS PHRASE ARGUMENTS> section in L<open
use the modified NET algorithm used with some versions of Microsoft IIS and SGC
keys.
-=item B<-des|-des3|-idea>
+=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
-These options encrypt the private key with the DES, triple DES, or the
-IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
+These options encrypt the private key with the specified
+cipher before outputting it. A pass phrase is prompted for.
If none of these options is specified the key is written in plain text. This
means that using the B<rsa> utility to read in an encrypted key with no
encryption option can be used to remove the pass phrase from a key, or by
Index: crypto/openssl/doc/apps/s_client.pod
===================================================================
--- crypto/openssl/doc/apps/s_client.pod (revision 279126)
+++ crypto/openssl/doc/apps/s_client.pod (working copy)
@@ -17,6 +17,22 @@ B<openssl> B<s_client>
[B<-pass arg>]
[B<-CApath directory>]
[B<-CAfile filename>]
+[B<-attime timestamp>]
+[B<-check_ss_sig>]
+[B<-crl_check>]
+[B<-crl_check_all>]
+[B<-explicit_policy>]
+[B<-ignore_critical>]
+[B<-inhibit_any>]
+[B<-inhibit_map>]
+[B<-issuer_checks>]
+[B<-policy arg>]
+[B<-policy_check>]
+[B<-policy_print>]
+[B<-purpose purpose>]
+[B<-use_deltas>]
+[B<-verify_depth num>]
+[B<-x509_strict>]
[B<-reconnect>]
[B<-pause>]
[B<-showcerts>]
@@ -38,6 +54,7 @@ B<openssl> B<s_client>
[B<-bugs>]
[B<-cipher cipherlist>]
[B<-starttls protocol>]
+[B<-xmpphost hostname>]
[B<-engine id>]
[B<-tlsextdebug>]
[B<-no_ticket>]
@@ -53,6 +70,11 @@ SSL servers.
=head1 OPTIONS
+In addition to the options below the B<s_client> utility also supports the
+common and client only options documented in the
+in the L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)/SUPPORTED COMMAND LINE COMMANDS>
+manual page.
+
=over 4
=item B<-connect host:port>
@@ -102,6 +124,15 @@ also used when building the client certificate cha
A file containing trusted certificates to use during server authentication
and to use when attempting to build the client certificate chain.
+=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
+B<explicit_policy>, B<-ignore_critical>, B<-inhibit_any>,
+B<-inhibit_map>, B<-issuer_checks>, B<-policy>,
+B<-policy_check>, B<-policy_print>, B<-purpose>,
+B<-use_deltas>, B<-verify_depth>, B<-x509_strict>
+
+Set various certificate chain valiadition options. See the
+L<B<verify>|verify(1)> manual page for details.
+
=item B<-reconnect>
reconnects to the same server 5 times using the same session ID, this can
@@ -192,18 +223,22 @@ command for more information.
send the protocol-specific message(s) to switch to TLS for communication.
B<protocol> is a keyword for the intended protocol. Currently, the only
-supported keywords are "smtp", "pop3", "imap", and "ftp".
+supported keywords are "smtp", "pop3", "imap", "ftp" and "xmpp".
+=item B<-xmpphost hostname>
+
+This option, when used with "-starttls xmpp", specifies the host for the
+"to" attribute of the stream element.
+If this option is not specified, then the host specified with "-connect"
+will be used.
+
=item B<-tlsextdebug>
-print out a hex dump of any TLS extensions received from the server. Note: this
-option is only available if extension support is explicitly enabled at compile
-time
+print out a hex dump of any TLS extensions received from the server.
=item B<-no_ticket>
-disable RFC4507bis session ticket support. Note: this option is only available
-if extension support is explicitly enabled at compile time
+disable RFC4507bis session ticket support.
=item B<-sess_out filename>
@@ -216,7 +251,7 @@ connection from this session.
=item B<-engine id>
-specifying an engine (by it's unique B<id> string) will cause B<s_client>
+specifying an engine (by its unique B<id> string) will cause B<s_client>
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
@@ -278,8 +313,11 @@ Since the SSLv23 client hello cannot include compr
these will only be supported if its use is disabled, for example by using the
B<-no_sslv2> option.
-TLS extensions are only supported in OpenSSL 0.9.8 if they are explictly
-enabled at compile time using for example the B<enable-tlsext> switch.
+The B<s_client> utility is a test tool and is designed to continue the
+handshake after any certificate verification errors. As a result it will
+accept any certificate chain (trusted or not) sent by the peer. None test
+applications should B<not> do this as it makes them vulnerable to a MITM
+attack.
=head1 BUGS
@@ -288,9 +326,6 @@ the techniques used are rather old, the C source o
hard to read and not a model of how things should be done. A typical
SSL client program would be much simpler.
-The B<-verify> option should really exit if the server verification
-fails.
-
The B<-prexit> option is a bit of a hack. We should really report
information whenever a session is renegotiated.
Index: crypto/openssl/doc/apps/s_server.pod
===================================================================
--- crypto/openssl/doc/apps/s_server.pod (revision 279126)
+++ crypto/openssl/doc/apps/s_server.pod (working copy)
@@ -35,6 +35,7 @@ B<openssl> B<s_server>
[B<-CAfile filename>]
[B<-nocert>]
[B<-cipher cipherlist>]
+[B<-serverpref>]
[B<-quiet>]
[B<-no_tmp_rsa>]
[B<-ssl2>]
@@ -144,6 +145,9 @@ the client. With the B<-verify> option a certifica
client does not have to send one, with the B<-Verify> option the client
must supply a certificate or an error occurs.
+If the ciphersuite cannot request a client certificate (for example an
+anonymous ciphersuite or PSK) this option has no effect.
+
=item B<-crl_check>, B<-crl_check_all>
Check the peer certificate has not been revoked by its CA.
@@ -215,6 +219,10 @@ also included in the server list is used. Because
the preference order, the order of the server cipherlist irrelevant. See
the B<ciphers> command for more information.
+=item B<-serverpref>
+
+use the server's cipher preferences, rather than the client's preferences.
+
=item B<-tlsextdebug>
print out a hex dump of any TLS extensions received from the server.
Index: crypto/openssl/doc/apps/verify.pod
===================================================================
--- crypto/openssl/doc/apps/verify.pod (revision 279126)
+++ crypto/openssl/doc/apps/verify.pod (working copy)
@@ -7,13 +7,27 @@ verify - Utility to verify certificates.
=head1 SYNOPSIS
B<openssl> B<verify>
+[B<-CAfile file>]
[B<-CApath directory>]
-[B<-CAfile file>]
+[B<-attime timestamp>]
+[B<-check_ss_sig>]
+[B<-crl_check>]
+[B<-crl_check_all>]
+[B<-explicit_policy>]
+[B<-help>]
+[B<-ignore_critical>]
+[B<-inhibit_any>]
+[B<-inhibit_map>]
+[B<-issuer_checks>]
+[B<-policy arg>]
+[B<-policy_check>]
+[B<-policy_print>]
[B<-purpose purpose>]
[B<-untrusted file>]
-[B<-help>]
-[B<-issuer_checks>]
+[B<-use_deltas>]
[B<-verbose>]
+[B<-verify_depth num>]
+[B<-x509_strict>]
[B<->]
[certificates]
@@ -26,6 +40,11 @@ The B<verify> command verifies certificate chains.
=over 4
+=item B<-CAfile file>
+
+A file of trusted certificates. The file should contain multiple certificates
+in PEM format concatenated together.
+
=item B<-CApath directory>
A directory of trusted certificates. The certificates should have names
@@ -34,56 +53,113 @@ form ("hash" is the hashed certificate subject nam
of the B<x509> utility). Under Unix the B<c_rehash> script will automatically
create symbolic links to a directory of certificates.
-=item B<-CAfile file>
+=item B<-attime timestamp>
-A file of trusted certificates. The file should contain multiple certificates
-in PEM format concatenated together.
+Perform validation checks using time specified by B<timestamp> and not
+current system time. B<timestamp> is the number of seconds since
+01.01.1970 (UNIX time).
-=item B<-untrusted file>
+=item B<-check_ss_sig>
-A file of untrusted certificates. The file should contain multiple certificates
+Verify the signature on the self-signed root CA. This is disabled by default
+because it doesn't add any security.
-=item B<-purpose purpose>
+=item B<-crl_check>
-the intended use for the certificate. Without this option no chain verification
-will be done. Currently accepted uses are B<sslclient>, B<sslserver>,
-B<nssslserver>, B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION>
-section for more information.
+Checks end entity certificate validity by attempting to look up a valid CRL.
+If a valid CRL cannot be found an error occurs.
+=item B<-crl_check_all>
+
+Checks the validity of B<all> certificates in the chain by attempting
+to look up valid CRLs.
+
+=item B<-explicit_policy>
+
+Set policy variable require-explicit-policy (see RFC5280).
+
=item B<-help>
-prints out a usage message.
+Print out a usage message.
-=item B<-verbose>
+=item B<-ignore_critical>
-print extra information about the operations being performed.
+Normally if an unhandled critical extension is present which is not
+supported by OpenSSL the certificate is rejected (as required by RFC5280).
+If this option is set critical extensions are ignored.
+=item B<-inhibit_any>
+
+Set policy variable inhibit-any-policy (see RFC5280).
+
+=item B<-inhibit_map>
+
+Set policy variable inhibit-policy-mapping (see RFC5280).
+
=item B<-issuer_checks>
-print out diagnostics relating to searches for the issuer certificate
-of the current certificate. This shows why each candidate issuer
-certificate was rejected. However the presence of rejection messages
-does not itself imply that anything is wrong: during the normal
-verify process several rejections may take place.
+Print out diagnostics relating to searches for the issuer certificate of the
+current certificate. This shows why each candidate issuer certificate was
+rejected. The presence of rejection messages does not itself imply that
+anything is wrong; during the normal verification process, several
+rejections may take place.
-=item B<-check_ss_sig>
+=item B<-policy arg>
-Verify the signature on the self-signed root CA. This is disabled by default
-because it doesn't add any security.
+Enable policy processing and add B<arg> to the user-initial-policy-set (see
+RFC5280). The policy B<arg> can be an object name an OID in numeric form.
+This argument can appear more than once.
+=item B<-policy_check>
+
+Enables certificate policy processing.
+
+=item B<-policy_print>
+
+Print out diagnostics related to policy processing.
+
+=item B<-purpose purpose>
+
+The intended use for the certificate. If this option is not specified,
+B<verify> will not consider certificate purpose during chain verification.
+Currently accepted uses are B<sslclient>, B<sslserver>, B<nssslserver>,
+B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION> section for more
+information.
+
+=item B<-untrusted file>
+
+A file of untrusted certificates. The file should contain multiple certificates
+in PEM format concatenated together.
+
+=item B<-use_deltas>
+
+Enable support for delta CRLs.
+
+=item B<-verbose>
+
+Print extra information about the operations being performed.
+
+=item B<-verify_depth num>
+
+Limit the maximum depth of the certificate chain to B<num> certificates.
+
+=item B<-x509_strict>
+
+For strict X.509 compliance, disable non-compliant workarounds for broken
+certificates.
+
=item B<->
-marks the last option. All arguments following this are assumed to be
+Indicates the last option. All arguments following this are assumed to be
certificate files. This is useful if the first certificate filename begins
with a B<->.
=item B<certificates>
-one or more certificates to verify. If no certificate filenames are included
-then an attempt is made to read a certificate from standard input. They should
-all be in PEM format.
+One or more certificates to verify. If no certificates are given, B<verify>
+will attempt to read a certificate from standard input. Certificates must be
+in PEM format.
-
=back
=head1 VERIFY OPERATION
@@ -176,7 +252,7 @@ normally means the list of trusted certificates is
=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL>
-the CRL of a certificate could not be found. Unused.
+the CRL of a certificate could not be found.
=item B<4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature>
@@ -199,7 +275,7 @@ the signature of the certificate is invalid.
=item B<8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure>
-the signature of the certificate is invalid. Unused.
+the signature of the certificate is invalid.
=item B<9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid>
@@ -211,11 +287,11 @@ the certificate has expired: that is the notAfter
=item B<11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
-the CRL is not yet valid. Unused.
+the CRL is not yet valid.
=item B<12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired>
-the CRL has expired. Unused.
+the CRL has expired.
=item B<13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field>
@@ -227,11 +303,11 @@ the certificate notAfter field contains an invalid
=item B<15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field>
-the CRL lastUpdate field contains an invalid time. Unused.
+the CRL lastUpdate field contains an invalid time.
=item B<16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field>
-the CRL nextUpdate field contains an invalid time. Unused.
+the CRL nextUpdate field contains an invalid time.
=item B<17 X509_V_ERR_OUT_OF_MEM: out of memory>
@@ -263,7 +339,7 @@ the certificate chain length is greater than the s
=item B<23 X509_V_ERR_CERT_REVOKED: certificate revoked>
-the certificate has been revoked. Unused.
+the certificate has been revoked.
=item B<24 X509_V_ERR_INVALID_CA: invalid CA certificate>
@@ -320,7 +396,7 @@ an application specific error. Unused.
Although the issuer checks are a considerable improvement over the old technique they still
suffer from limitations in the underlying X509_LOOKUP API. One consequence of this is that
trusted certificates with matching subject name must either appear in a file (as specified by the
-B<-CAfile> option) or a directory (as specified by B<-CApath>. If they occur in both then only
+B<-CAfile> option) or a directory (as specified by B<-CApath>). If they occur in both then only
the certificates in the file will be recognised.
Previous versions of OpenSSL assume certificates with matching subject name are identical and
Index: crypto/openssl/doc/apps/x509.pod
===================================================================
--- crypto/openssl/doc/apps/x509.pod (revision 279126)
+++ crypto/openssl/doc/apps/x509.pod (working copy)
@@ -19,6 +19,7 @@ B<openssl> B<x509>
[B<-hash>]
[B<-subject_hash>]
[B<-issuer_hash>]
+[B<-ocspid>]
[B<-subject>]
[B<-issuer>]
[B<-nameopt option>]
@@ -27,6 +28,7 @@ B<openssl> B<x509>
[B<-enddate>]
[B<-purpose>]
[B<-dates>]
+[B<-checkend num>]
[B<-modulus>]
[B<-fingerprint>]
[B<-alias>]
@@ -40,6 +42,7 @@ B<openssl> B<x509>
[B<-days arg>]
[B<-set_serial n>]
[B<-signkey filename>]
+[B<-passin arg>]
[B<-x509toreq>]
[B<-req>]
[B<-CA filename>]
@@ -47,6 +50,7 @@ B<openssl> B<x509>
[B<-CAcreateserial>]
[B<-CAserial filename>]
[B<-text>]
+[B<-certopt option>]
[B<-C>]
[B<-md2|-md5|-sha1|-mdc2>]
[B<-clrext>]
@@ -153,6 +157,10 @@ name.
outputs the "hash" of the certificate issuer name.
+=item B<-ocspid>
+
+outputs the OCSP hash values for the subject name and public key.
+
=item B<-hash>
synonym for "-subject_hash" for backward compatibility reasons.
@@ -188,6 +196,11 @@ prints out the expiry date of the certificate, tha
prints out the start and expiry dates of a certificate.
+=item B<-checkend arg>
+
+checks if the certificate expires within the next B<arg> seconds and exits
+non-zero if yes it will expire or zero if not.
+
=item B<-fingerprint>
prints out the digest of the DER encoded version of the whole certificate
@@ -293,6 +306,11 @@ If the input is a certificate request then a self
is created using the supplied private key using the subject name in
the request.
+=item B<-passin arg>
+
+the key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
=item B<-clrext>
delete any extensions from a certificate. This option is used when a
@@ -446,7 +464,7 @@ using the format \UXXXX for 16 bits and \WXXXXXXXX
Also if this option is off any UTF8Strings will be converted to their
character form first.
-=item B<no_type>
+=item B<ignore_type>
this option does not attempt to interpret multibyte characters in any
way. That is their content octets are merely dumped as though one octet
Index: crypto/openssl/doc/apps/x509v3_config.pod
===================================================================
--- crypto/openssl/doc/apps/x509v3_config.pod (revision 279126)
+++ crypto/openssl/doc/apps/x509v3_config.pod (working copy)
@@ -52,7 +52,7 @@ use is defined by the extension code itself: check
policies extension for an example.
If an extension type is unsupported then the I<arbitrary> extension syntax
-must be used, see the L<ARBITRART EXTENSIONS|/"ARBITRARY EXTENSIONS"> section for more details.
+must be used, see the L<ARBITRARY EXTENSIONS|/"ARBITRARY EXTENSIONS"> section for more details.
=head1 STANDARD EXTENSIONS
@@ -174,11 +174,11 @@ The IP address used in the B<IP> options can be in
The value of B<dirName> should point to a section containing the distinguished
name to use as a set of name value pairs. Multi values AVAs can be formed by
-preceeding the name with a B<+> character.
+preceding the name with a B<+> character.
otherName can include arbitrary data associated with an OID: the value
should be the OID followed by a semicolon and the content in standard
-ASN1_generate_nconf() format.
+L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)> format.
Examples:
@@ -226,21 +226,82 @@ Example:
=head2 CRL distribution points.
-This is a multi-valued extension that supports all the literal options of
-subject alternative name. Of the few software packages that currently interpret
-this extension most only interpret the URI option.
+This is a multi-valued extension whose options can be either in name:value pair
+using the same form as subject alternative name or a single value representing
+a section name containing all the distribution point fields.
-Currently each option will set a new DistributionPoint with the fullName
-field set to the given value.
+For a name:value pair a new DistributionPoint with the fullName field set to
+the given value both the cRLissuer and reasons fields are omitted in this case.
-Other fields like cRLissuer and reasons cannot currently be set or displayed:
-at this time no examples were available that used these fields.
+In the single option case the section indicated contains values for each
+field. In this section:
-Examples:
+If the name is "fullname" the value field should contain the full name
+of the distribution point in the same format as subject alternative name.
+If the name is "relativename" then the value field should contain a section
+name whose contents represent a DN fragment to be placed in this field.
+
+The name "CRLIssuer" if present should contain a value for this field in
+subject alternative name format.
+
+If the name is "reasons" the value field should consist of a comma
+separated field containing the reasons. Valid reasons are: "keyCompromise",
+"CACompromise", "affiliationChanged", "superseded", "cessationOfOperation",
+"certificateHold", "privilegeWithdrawn" and "AACompromise".
+
+
+Simple examples:
+
crlDistributionPoints=URI:http://myhost.com/myca.crl
crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl
+Full distribution point example:
+
+ crlDistributionPoints=crldp1_section
+
+ [crldp1_section]
+
+ fullname=URI:http://myhost.com/myca.crl
+ CRLissuer=dirName:issuer_sect
+ reasons=keyCompromise, CACompromise
+
+ [issuer_sect]
+ C=UK
+ O=Organisation
+ CN=Some Name
+
+=head2 Issuing Distribution Point
+
+This extension should only appear in CRLs. It is a multi valued extension
+whose syntax is similar to the "section" pointed to by the CRL distribution
+points extension with a few differences.
+
+The names "reasons" and "CRLissuer" are not recognized.
+
+The name "onlysomereasons" is accepted which sets this field. The value is
+in the same format as the CRL distribution point "reasons" field.
+
+The names "onlyuser", "onlyCA", "onlyAA" and "indirectCRL" are also accepted
+the values should be a boolean value (TRUE or FALSE) to indicate the value of
+the corresponding field.
+
+Example:
+
+ issuingDistributionPoint=critical, @idp_section
+
+ [idp_section]
+
+ fullname=URI:http://myhost.com/myca.crl
+ indirectCRL=TRUE
+ onlysomereasons=keyCompromise, CACompromise
+
+ [issuer_sect]
+ C=UK
+ O=Organisation
+ CN=Some Name
+
+
=head2 Certificate Policies.
This is a I<raw> extension. All the fields of this extension can be set by
@@ -330,6 +391,16 @@ Examples:
nameConstraints=excluded;email:.com
+
+=head2 OCSP No Check
+
+The OCSP No Check extension is a string extension but its value is ignored.
+
+Example:
+
+ noCheck = ignored
+
+
=head1 DEPRECATED EXTENSIONS
The following extensions are non standard, Netscape specific and largely
@@ -370,7 +441,8 @@ the data is formatted correctly for the given exte
There are two ways to encode arbitrary extensions.
The first way is to use the word ASN1 followed by the extension content
-using the same syntax as ASN1_generate_nconf(). For example:
+using the same syntax as L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)>.
+For example:
1.2.3.4=critical,ASN1:UTF8String:Some random data
@@ -450,7 +522,8 @@ for arbitrary extensions was added in OpenSSL 0.9.
=head1 SEE ALSO
-L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)>
+L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)>,
+L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)>
=cut
Index: crypto/openssl/doc/crypto/ASN1_generate_nconf.pod
===================================================================
--- crypto/openssl/doc/crypto/ASN1_generate_nconf.pod (revision 279126)
+++ crypto/openssl/doc/crypto/ASN1_generate_nconf.pod (working copy)
@@ -61,7 +61,7 @@ Encode the B<NULL> type, the B<value> string must
=item B<INTEGER>, B<INT>
Encodes an ASN1 B<INTEGER> type. The B<value> string represents
-the value of the integer, it can be preceeded by a minus sign and
+the value of the integer, it can be preceded by a minus sign and
is normally interpreted as a decimal value unless the prefix B<0x>
is included.
@@ -103,7 +103,8 @@ bits is set to zero.
=item B<UNIVERSALSTRING>, B<UNIV>, B<IA5>, B<IA5STRING>, B<UTF8>,
B<UTF8String>, B<BMP>, B<BMPSTRING>, B<VISIBLESTRING>,
B<VISIBLE>, B<PRINTABLESTRING>, B<PRINTABLE>, B<T61>,
-B<T61STRING>, B<TELETEXSTRING>, B<GeneralString>
+B<T61STRING>, B<TELETEXSTRING>, B<GeneralString>, B<NUMERICSTRING>,
+B<NUMERIC>
These encode the corresponding string types. B<value> represents the
contents of this structure. The format can be B<ASCII> or B<UTF8>.
Index: crypto/openssl/doc/crypto/BIO_f_base64.pod
===================================================================
--- crypto/openssl/doc/crypto/BIO_f_base64.pod (revision 279126)
+++ crypto/openssl/doc/crypto/BIO_f_base64.pod (working copy)
@@ -46,11 +46,11 @@ to standard output:
b64 = BIO_new(BIO_f_base64());
bio = BIO_new_fp(stdout, BIO_NOCLOSE);
- bio = BIO_push(b64, bio);
- BIO_write(bio, message, strlen(message));
- BIO_flush(bio);
+ BIO_push(b64, bio);
+ BIO_write(b64, message, strlen(message));
+ BIO_flush(b64);
- BIO_free_all(bio);
+ BIO_free_all(b64);
Read Base64 encoded data from standard input and write the decoded
data to standard output:
@@ -62,11 +62,12 @@ data to standard output:
b64 = BIO_new(BIO_f_base64());
bio = BIO_new_fp(stdin, BIO_NOCLOSE);
bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
- bio = BIO_push(b64, bio);
- while((inlen = BIO_read(bio, inbuf, 512)) > 0)
+ BIO_push(b64, bio);
+ while((inlen = BIO_read(b64, inbuf, 512)) > 0)
BIO_write(bio_out, inbuf, inlen);
- BIO_free_all(bio);
+ BIO_flush(bio_out);
+ BIO_free_all(b64);
=head1 BUGS
Index: crypto/openssl/doc/crypto/BIO_push.pod
===================================================================
--- crypto/openssl/doc/crypto/BIO_push.pod (revision 279126)
+++ crypto/openssl/doc/crypto/BIO_push.pod (working copy)
@@ -40,7 +40,7 @@ If the call:
BIO_push(b64, f);
-is made then the new chain will be B<b64-chain>. After making the calls
+is made then the new chain will be B<b64-f>. After making the calls
BIO_push(md2, b64);
BIO_push(md1, md2);
Index: crypto/openssl/doc/crypto/ERR_get_error.pod
===================================================================
--- crypto/openssl/doc/crypto/ERR_get_error.pod (revision 279126)
+++ crypto/openssl/doc/crypto/ERR_get_error.pod (working copy)
@@ -49,10 +49,10 @@ additionally store the file name and line number w
the error occurred in *B<file> and *B<line>, unless these are B<NULL>.
ERR_get_error_line_data(), ERR_peek_error_line_data() and
-ERR_get_last_error_line_data() store additional data and flags
+ERR_peek_last_error_line_data() store additional data and flags
associated with the error code in *B<data>
and *B<flags>, unless these are B<NULL>. *B<data> contains a string
-if *B<flags>&B<ERR_TXT_STRING> is true.
+if *B<flags>&B<ERR_TXT_STRING> is true.
An application B<MUST NOT> free the *B<data> pointer (or any other pointers
returned by these functions) with OPENSSL_free() as freeing is handled
Index: crypto/openssl/doc/crypto/RSA_set_method.pod
===================================================================
--- crypto/openssl/doc/crypto/RSA_set_method.pod (revision 279126)
+++ crypto/openssl/doc/crypto/RSA_set_method.pod (working copy)
@@ -125,14 +125,18 @@ the default method is used.
/* sign. For backward compatibility, this is used only
* if (flags & RSA_FLAG_SIGN_VER)
*/
- int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
- unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-
+ int (*rsa_sign)(int type,
+ const unsigned char *m, unsigned int m_length,
+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
/* verify. For backward compatibility, this is used only
* if (flags & RSA_FLAG_SIGN_VER)
*/
- int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len,
- unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+ int (*rsa_verify)(int dtype,
+ const unsigned char *m, unsigned int m_length,
+ const unsigned char *sigbuf, unsigned int siglen,
+ const RSA *rsa);
+ /* keygen. If NULL builtin RSA key generation will be used */
+ int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
} RSA_METHOD;
Index: crypto/openssl/doc/crypto/RSA_sign.pod
===================================================================
--- crypto/openssl/doc/crypto/RSA_sign.pod (revision 279126)
+++ crypto/openssl/doc/crypto/RSA_sign.pod (working copy)
@@ -20,6 +20,10 @@ RSA_sign() signs the message digest B<m> of size B
private key B<rsa> as specified in PKCS #1 v2.0. It stores the
signature in B<sigret> and the signature size in B<siglen>. B<sigret>
must point to RSA_size(B<rsa>) bytes of memory.
+Note that PKCS #1 adds meta-data, placing limits on the size of the
+key that can be used.
+See L<RSA_private_encrypt(3)|RSA_private_encrypt(3)> for lower-level
+operations.
B<type> denotes the message digest algorithm that was used to generate
B<m>. It usually is one of B<NID_sha1>, B<NID_ripemd160> and B<NID_md5>;
Index: crypto/openssl/doc/crypto/des.pod
===================================================================
--- crypto/openssl/doc/crypto/des.pod (revision 279126)
+++ crypto/openssl/doc/crypto/des.pod (working copy)
@@ -135,9 +135,8 @@ depend on a global variable.
DES_set_odd_parity() sets the parity of the passed I<key> to odd.
-DES_is_weak_key() returns 1 is the passed key is a weak key, 0 if it
-is ok. The probability that a randomly generated key is weak is
-1/2^52, so it is not really worth checking for them.
+DES_is_weak_key() returns 1 if the passed key is a weak key, 0 if it
+is ok.
The following routines mostly operate on an input and output stream of
I<DES_cblock>s.
@@ -181,7 +180,7 @@ of 24 bytes. This is much better than CBC DES.
DES_ede3_cbc_encrypt() implements outer triple CBC DES encryption with
three keys. This means that each DES operation inside the CBC mode is
-really an C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL.
+an C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL.
The DES_ede2_cbc_encrypt() macro implements two-key Triple-DES by
reusing I<ks1> for the final encryption. C<C=E(ks1,D(ks2,E(ks1,M)))>.
Index: crypto/openssl/doc/crypto/err.pod
===================================================================
--- crypto/openssl/doc/crypto/err.pod (revision 279126)
+++ crypto/openssl/doc/crypto/err.pod (working copy)
@@ -171,7 +171,6 @@ ERR_get_string_table(void) respectively.
=head1 SEE ALSO
-L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>,
L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>,
L<ERR_get_error(3)|ERR_get_error(3)>,
L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>,
Index: crypto/openssl/doc/crypto/pem.pod
===================================================================
--- crypto/openssl/doc/crypto/pem.pod (revision 279126)
+++ crypto/openssl/doc/crypto/pem.pod (working copy)
@@ -450,9 +450,9 @@ byte B<salt> encoded as a set of hexadecimal digit
After this is the base64 encoded encrypted data.
-The encryption key is determined using EVP_bytestokey(), using B<salt> and an
+The encryption key is determined using EVP_BytesToKey(), using B<salt> and an
iteration count of 1. The IV used is the value of B<salt> and *not* the IV
-returned by EVP_bytestokey().
+returned by EVP_BytesToKey().
=head1 BUGS
@@ -474,3 +474,7 @@ The read routines return either a pointer to the s
if an error occurred.
The write routines return 1 for success or 0 for failure.
+
+=head1 SEE ALSO
+
+L<EVP_get_cipherbyname(3)|EVP_get_cipherbyname>, L<EVP_BytesToKey(3)|EVP_BytesToKey(3)>
Index: crypto/openssl/doc/crypto/ui.pod
===================================================================
--- crypto/openssl/doc/crypto/ui.pod (revision 279126)
+++ crypto/openssl/doc/crypto/ui.pod (working copy)
@@ -119,7 +119,7 @@ verification will fail.
UI_add_input_boolean() adds a prompt to the UI that's supposed to be answered
in a boolean way, with a single character for yes and a different character
for no. A set of characters that can be used to cancel the prompt is given
-as well. The prompt itself is really divided in two, one part being the
+as well. The prompt itself is divided in two, one part being the
descriptive text (given through the I<prompt> argument) and one describing
the possible answers (given through the I<action_desc> argument).
Index: crypto/openssl/doc/fingerprints.txt
===================================================================
--- crypto/openssl/doc/fingerprints.txt (revision 279126)
+++ crypto/openssl/doc/fingerprints.txt (working copy)
@@ -4,12 +4,11 @@ OpenSSL releases are signed with PGP/GnuPG keys.
signatures in separate files in the same location you find the
distributions themselves. The normal file name is the same as the
distribution file, with '.asc' added. For example, the signature for
-the distribution of OpenSSL 0.9.7f, openssl-0.9.7f.tar.gz, is found in
-the file openssl-0.9.7f.tar.gz.asc.
+the distribution of OpenSSL 1.0.1h, openssl-1.0.1h.tar.gz, is found in
+the file openssl-1.0.1h.tar.gz.asc.
The following is the list of fingerprints for the keys that are
-currently in use (have been used since summer 2004) to sign OpenSSL
-distributions:
+currently in use to sign OpenSSL distributions:
pub 1024D/F709453B 2003-10-20
Key fingerprint = C4CA B749 C34F 7F4C C04F DAC9 A7AF 9E78 F709 453B
@@ -34,10 +33,6 @@ uid Mark Cox <mjc@redhat.com>
uid Mark Cox <mark@awe.com>
uid Mark Cox <mjc@apache.org>
-pub 1024R/26BB437D 1997-04-28
- Key fingerprint = 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
-uid Ralf S. Engelschall <rse@engelschall.com>
-
pub 1024R/9C58A66D 1997-04-03
Key fingerprint = 13 D0 B8 9D 37 30 C3 ED AC 9C 24 7D 45 8C 17 67
uid jaenicke@openssl.org
@@ -62,3 +57,7 @@ uid Bodo Moeller <3moeller@inform
uid Bodo Moeller <Bodo_Moeller@public.uni-hamburg.de>
uid Bodo Moeller <3moeller@rzdspc5.informatik.uni-hamburg.de>
+pub 2048R/0E604491 2013-04-30
+ Key fingerprint = 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491
+uid Matt Caswell <frodo@baggins.org>
+
Index: crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod
===================================================================
--- crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod (revision 279126)
+++ crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod (working copy)
@@ -23,8 +23,12 @@ SSL_CIPHER_get_bits() returns the number of secret
B<alg_bits> is not NULL, it contains the number of bits processed by the
chosen algorithm. If B<cipher> is NULL, 0 is returned.
-SSL_CIPHER_get_version() returns the protocol version for B<cipher>, currently
-"SSLv2", "SSLv3", or "TLSv1". If B<cipher> is NULL, "(NONE)" is returned.
+SSL_CIPHER_get_version() returns string which indicates the SSL/TLS protocol
+version that first defined the cipher.
+This is currently B<SSLv2> or B<TLSv1/SSLv3>.
+In some cases it should possibly return "TLSv1.2" but does not;
+use SSL_CIPHER_description() instead.
+If B<cipher> is NULL, "(NONE)" is returned.
SSL_CIPHER_description() returns a textual description of the cipher used
into the buffer B<buf> of length B<len> provided. B<len> must be at least
@@ -52,7 +56,8 @@ Textual representation of the cipher name.
=item <protocol version>
-Protocol version: B<SSLv2>, B<SSLv3>. The TLSv1 ciphers are flagged with SSLv3.
+Protocol version: B<SSLv2>, B<SSLv3>, B<TLSv1.2>. The TLSv1.0 ciphers are
+flagged with SSLv3. No new ciphers were added by TLSv1.1.
=item Kx=<key exchange>
@@ -91,6 +96,10 @@ Some examples for the output of SSL_CIPHER_descrip
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
+A comp[lete list can be retrieved by invoking the following command:
+
+ openssl ciphers -v ALL
+
=head1 BUGS
If SSL_CIPHER_description() is called with B<cipher> being NULL, the
Index: crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
===================================================================
--- crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod (revision 279126)
+++ crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod (working copy)
@@ -24,6 +24,16 @@ the library will try to complete the chain from th
certificates in the trusted CA storage, see
L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.
+The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be freed by the library when the B<SSL_CTX> is destroyed. An application B<should not> free the B<x509> object.
+
+=head1 RESTRICTIONS
+
+Only one set of extra chain certificates can be specified per SSL_CTX
+structure. Different chains for different certificates (for example if both
+RSA and DSA certificates are specified by the same server) or different SSL
+structures with the same parent SSL_CTX cannot be specified using this
+function.
+
=head1 RETURN VALUES
SSL_CTX_add_extra_chain_cert() returns 1 on success. Check out the
Index: crypto/openssl/doc/ssl/SSL_CTX_add_session.pod
===================================================================
--- crypto/openssl/doc/ssl/SSL_CTX_add_session.pod (revision 279126)
+++ crypto/openssl/doc/ssl/SSL_CTX_add_session.pod (working copy)
@@ -41,7 +41,7 @@ If a server SSL_CTX is configured with the SSL_SES
flag then the internal cache will not be populated automatically by new
sessions negotiated by the SSL/TLS implementation, even though the internal
cache will be searched automatically for session-resume requests (the
-latter can be surpressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the
+latter can be suppressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the
application can use SSL_CTX_add_session() directly to have full control
over the sessions that can be resumed if desired.
Index: crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod
===================================================================
--- crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod (revision 279126)
+++ crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod (working copy)
@@ -35,7 +35,7 @@ the chosen B<ssl>, overriding the setting valid fo
=head1 NOTES
When a TLS/SSL server requests a client certificate (see
-B<SSL_CTX_set_verify_options()>), it sends a list of CAs, for which
+B<SSL_CTX_set_verify(3)>), it sends a list of CAs, for which
it will accept certificates, to the client.
This list must explicitly be set using SSL_CTX_set_client_CA_list() for
Index: crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod
===================================================================
--- crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod (revision 279126)
+++ crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod (working copy)
@@ -29,7 +29,7 @@ using the B<x509> and B<pkey> arguments and "1" mu
certificate will be installed into B<ssl>, see the NOTES and BUGS sections.
If no certificate should be set, "0" has to be returned and no certificate
will be sent. A negative return value will suspend the handshake and the
-handshake function will return immediatly. L<SSL_get_error(3)|SSL_get_error(3)>
+handshake function will return immediately. L<SSL_get_error(3)|SSL_get_error(3)>
will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was
suspended. The next call to the handshake function will again lead to the call
of client_cert_cb(). It is the job of the client_cert_cb() to store information
Index: crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod
===================================================================
--- crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod (revision 279126)
+++ crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod (working copy)
@@ -61,12 +61,16 @@ deal with read/write operations returning without
flag SSL_MODE_AUTO_RETRY will cause read/write operations to only
return after the handshake and successful completion.
-=item SSL_MODE_FALLBACK_SCSV
+=item SSL_MODE_SEND_FALLBACK_SCSV
Send TLS_FALLBACK_SCSV in the ClientHello.
-To be set by applications that reconnect with a downgraded protocol
+To be set only by applications that reconnect with a downgraded protocol
version; see draft-ietf-tls-downgrade-scsv-00 for details.
+DO NOT ENABLE THIS if your application attempts a normal handshake.
+Only use this in explicit fallback retries, following the guidance
+in draft-ietf-tls-downgrade-scsv-00.
+
=back
=head1 RETURN VALUES
Index: crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
===================================================================
--- crypto/openssl/doc/ssl/SSL_CTX_set_options.pod (revision 279126)
+++ crypto/openssl/doc/ssl/SSL_CTX_set_options.pod (working copy)
@@ -243,7 +243,7 @@ Connections and renegotiation are always permitted
=head2 Unpatched client and patched OpenSSL server
-The initial connection suceeds but client renegotiation is denied by the
+The initial connection succeeds but client renegotiation is denied by the
server with a B<no_renegotiation> warning alert if TLS v1.0 is used or a fatal
B<handshake_failure> alert in SSL v3.0.
Index: crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
===================================================================
--- crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod (revision 0)
+++ crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod (working copy)
@@ -0,0 +1,195 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_tlsext_ticket_key_cb - set a callback for session ticket processing
+
+=head1 SYNOPSIS
+
+ #include <openssl/tls1.h>
+
+ long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx,
+ int (*cb)(SSL *s, unsigned char key_name[16],
+ unsigned char iv[EVP_MAX_IV_LENGTH],
+ EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc));
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_tlsext_ticket_key_cb() sets a callback fuction I<cb> for handling
+session tickets for the ssl context I<sslctx>. Session tickets, defined in
+RFC5077 provide an enhanced session resumption capability where the server
+implementation is not required to maintain per session state. It only applies
+to TLS and there is no SSLv3 implementation.
+
+The callback is available when the OpenSSL library was built without
+I<OPENSSL_NO_TLSEXT> being defined.
+
+The callback function I<cb> will be called for every client instigated TLS
+session when session ticket extension is presented in the TLS hello
+message. It is the responsibility of this function to create or retrieve the
+cryptographic parameters and to maintain their state.
+
+The OpenSSL library uses your callback function to help implement a common TLS
+ticket construction state according to RFC5077 Section 4 such that per session
+state is unnecessary and a small set of cryptographic variables needs to be
+maintained by the callback function implementation.
+
+In order to reuse a session, a TLS client must send the a session ticket
+extension to the server. The client can only send exactly one session ticket.
+The server, through the callback function, either agrees to reuse the session
+ticket information or it starts a full TLS handshake to create a new session
+ticket.
+
+Before the callback function is started I<ctx> and I<hctx> have been
+initialised with EVP_CIPHER_CTX_init and HMAC_CTX_init respectively.
+
+For new sessions tickets, when the client doesn't present a session ticket, or
+an attempted retreival of the ticket failed, or a renew option was indicated,
+the callback function will be called with I<enc> equal to 1. The OpenSSL
+library expects that the function will set an arbitary I<name>, initialize
+I<iv>, and set the cipher context I<ctx> and the hash context I<hctx>.
+
+The I<name> is 16 characters long and is used as a key identifier.
+
+The I<iv> length is the length of the IV of the corresponding cipher. The
+maximum IV length is L<EVP_MAX_IV_LENGTH> bytes defined in B<evp.h>.
+
+The initialization vector I<iv> should be a random value. The cipher context
+I<ctx> should use the initialisation vector I<iv>. The cipher context can be
+set using L<EVP_EncryptInit_ex>. The hmac context can be set using L<HMAC_Init_ex>.
+
+When the client presents a session ticket, the callback function with be called
+with I<enc> set to 0 indicating that the I<cb> function should retreive a set
+of parameters. In this case I<name> and I<iv> have already been parsed out of
+the session ticket. The OpenSSL library expects that the I<name> will be used
+to retrieve a cryptographic parameters and that the cryptographic context
+I<ctx> will be set with the retreived parameters and the initialization vector
+I<iv>. using a function like L<EVP_DecryptInit_ex>. The I<hctx> needs to be set
+using L<HMAC_Init_ex>.
+
+If the I<name> is still valid but a renewal of the ticket is required the
+callback function should return 2. The library will call the callback again
+with an arguement of enc equal to 1 to set the new ticket.
+
+The return value of the I<cb> function is used by OpenSSL to determine what
+further processing will occur. The following return values have meaning:
+
+=over 4
+
+=item Z<>2
+
+This indicates that the I<ctx> and I<hctx> have been set and the session can
+continue on those parameters. Additionally it indicates that the session
+ticket is in a renewal period and should be replaced. The OpenSSL library will
+call I<cb> again with an enc argument of 1 to set the new ticket (see RFC5077
+3.3 paragraph 2).
+
+=item Z<>1
+
+This indicates that the I<ctx> and I<hctx> have been set and the session can
+continue on those parameters.
+
+=item Z<>0
+
+This indicates that it was not possible to set/retrieve a session ticket and
+the SSL/TLS session will continue by by negiotationing a set of cryptographic
+parameters or using the alternate SSL/TLS resumption mechanism, session ids.
+
+If called with enc equal to 0 the library will call the I<cb> again to get
+a new set of parameters.
+
+=item less than 0
+
+This indicates an error.
+
+=back
+
+=head1 NOTES
+
+Session resumption shortcuts the TLS so that the client certificate
+negiotation don't occur. It makes up for this by storing client certificate
+an all other negotiated state information encrypted within the ticket. In a
+resumed session the applications will have all this state information available
+exactly as if a full negiotation had occured.
+
+If an attacker can obtain the key used to encrypt a session ticket, they can
+obtain the master secret for any ticket using that key and decrypt any traffic
+using that session: even if the ciphersuite supports forward secrecy. As
+a result applications may wish to use multiple keys and avoid using long term
+keys stored in files.
+
+Applications can use longer keys to maintain a consistent level of security.
+For example if a ciphersuite uses 256 bit ciphers but only a 128 bit ticket key
+the overall security is only 128 bits because breaking the ticket key will
+enable an attacker to obtain the session keys.
+
+=head1 EXAMPLES
+
+Reference Implemention:
+ SSL_CTX_set_tlsext_ticket_key_cb(SSL,ssl_tlsext_ticket_key_cb);
+ ....
+
+ static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)
+ {
+ if (enc) { /* create new session */
+ if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) ) {
+ return -1; /* insufficient random */
+ }
+
+ key = currentkey(); /* something that you need to implement */
+ if ( !key ) {
+ /* current key doesn't exist or isn't valid */
+ key = createkey(); /* something that you need to implement.
+ * createkey needs to initialise, a name,
+ * an aes_key, a hmac_key and optionally
+ * an expire time. */
+ if ( !key ) { /* key couldn't be created */
+ return 0;
+ }
+ }
+ memcpy(key_name, key->name, 16);
+
+ EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv);
+ HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
+
+ return 1;
+
+ } else { /* retrieve session */
+ key = findkey(name);
+
+ if (!key || key->expire < now() ) {
+ return 0;
+ }
+
+ HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
+ EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv );
+
+ if (key->expire < ( now() - RENEW_TIME ) ) {
+ /* return 2 - this session will get a new ticket even though the current is still valid */
+ return 2;
+ }
+ return 1;
+
+ }
+ }
+
+
+
+=head1 RETURN VALUES
+
+returns 0 to indicate the callback function was set.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
+L<SSL_session_reused(3)|SSL_session_reused(3)>,
+L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
+L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
+L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
+L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
+
+=head1 HISTORY
+
+This function was introduced in OpenSSL 0.9.8h
+
+=cut
Index: crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
===================================================================
--- crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod (revision 279126)
+++ crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod (working copy)
@@ -12,12 +12,10 @@ SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, S
DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);
- void SSL_set_tmp_dh_callback(SSL_CTX *ctx,
+ void SSL_set_tmp_dh_callback(SSL *ctx,
DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
long SSL_set_tmp_dh(SSL *ssl, DH *dh)
- DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
-
=head1 DESCRIPTION
SSL_CTX_set_tmp_dh_callback() sets the callback function for B<ctx> to be
@@ -81,7 +79,7 @@ instead (see L<dhparam(1)|dhparam(1)>), but in thi
is mandatory.
Application authors may compile in DH parameters. Files dh512.pem,
-dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current
+dh1024.pem, dh2048.pem, and dh4096.pem in the 'apps' directory of current
version of the OpenSSL distribution contain the 'SKIP' DH parameters,
which use safe primes and were generated verifiably pseudo-randomly.
These files can be converted into C code using the B<-C> option of the
Index: crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
===================================================================
--- crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod (revision 279126)
+++ crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod (working copy)
@@ -109,8 +109,8 @@ certificates would not be present, most likely a
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY will be issued.
The depth count is "level 0:peer certificate", "level 1: CA certificate",
"level 2: higher level CA certificate", and so on. Setting the maximum
-depth to 2 allows the levels 0, 1, and 2. The default depth limit is 9,
-allowing for the peer certificate and additional 9 CA certificates.
+depth to 2 allows the levels 0, 1, and 2. The default depth limit is 100,
+allowing for the peer certificate and additional 100 CA certificates.
The B<verify_callback> function is used to control the behaviour when the
SSL_VERIFY_PEER flag is set. It must be supplied by the application and
Index: crypto/openssl/doc/ssl/SSL_get_version.pod
===================================================================
--- crypto/openssl/doc/ssl/SSL_get_version.pod (revision 279126)
+++ crypto/openssl/doc/ssl/SSL_get_version.pod (working copy)
@@ -12,12 +12,12 @@ SSL_get_version - get the protocol version of a co
=head1 DESCRIPTION
-SSL_get_cipher_version() returns the name of the protocol used for the
+SSL_get_version() returns the name of the protocol used for the
connection B<ssl>.
=head1 RETURN VALUES
-The following strings can occur:
+The following strings can be returned:
=over 4
@@ -31,8 +31,16 @@ The connection uses the SSLv3 protocol.
=item TLSv1
-The connection uses the TLSv1 protocol.
+The connection uses the TLSv1.0 protocol.
+=item TLSv1.1
+
+The connection uses the TLSv1.1 protocol.
+
+=item TLSv1.2
+
+The connection uses the TLSv1.2 protocol.
+
=item unknown
This indicates that no version has been set (no connection established).
Index: crypto/openssl/doc/ssl/SSL_shutdown.pod
===================================================================
--- crypto/openssl/doc/ssl/SSL_shutdown.pod (revision 279126)
+++ crypto/openssl/doc/ssl/SSL_shutdown.pod (working copy)
@@ -104,7 +104,7 @@ erroneous SSL_ERROR_SYSCALL may be flagged even th
The shutdown was successfully completed. The "close notify" alert was sent
and the peer's "close notify" alert was received.
-=item -1
+=item Z<>-1
The shutdown was not successful because a fatal error occurred either
at the protocol level or a connection failure occurred. It can also occur if
Index: crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod
===================================================================
--- crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod (revision 279126)
+++ crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod (working copy)
@@ -48,6 +48,16 @@ known limit on the size of the created ASN1 repres
amount of space should be obtained by first calling i2d_SSL_SESSION() with
B<pp=NULL>, and obtain the size needed, then allocate the memory and
call i2d_SSL_SESSION() again.
+Note that this will advance the value contained in B<*pp> so it is necessary
+to save a copy of the original allocation.
+For example:
+ int i,j;
+ char *p, *temp;
+ i = i2d_SSL_SESSION(sess, NULL);
+ p = temp = malloc(i);
+ j = i2d_SSL_SESSION(sess, &temp);
+ assert(i == j);
+ assert(p+i == temp);
=head1 RETURN VALUES
Index: crypto/openssl/e_os.h
===================================================================
--- crypto/openssl/e_os.h (revision 279126)
+++ crypto/openssl/e_os.h (working copy)
@@ -275,7 +275,7 @@ extern "C" {
# ifdef _WIN64
# define strlen(s) _strlen31(s)
/* cut strings to 2GB */
-static unsigned int _strlen31(const char *str)
+static __inline unsigned int _strlen31(const char *str)
{
unsigned int len=0;
while (*str && len<0x80000000U) str++, len++;
@@ -360,7 +360,7 @@ extern "C" {
# define DEFAULT_HOME "C:"
# endif
-#else /* The non-microsoft world world */
+#else /* The non-microsoft world */
# ifdef OPENSSL_SYS_VMS
# define VMS 1
@@ -702,9 +702,25 @@ struct servent *getservbyname(const char *name, co
#endif
/* end vxworks */
+#if !defined(inline) && !defined(__cplusplus)
+# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L
+ /* do nothing, inline works */
+# elif defined(__GNUC__) && __GNUC__>=2
+# define inline __inline__
+# elif defined(_MSC_VER)
+ /*
+ * Visual Studio: inline is available in C++ only, however
+ * __inline is available for C, see
+ * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx
+ */
+# define inline __inline
+# else
+# define inline
+# endif
+#endif
+
#ifdef __cplusplus
}
#endif
#endif
-
Index: crypto/openssl/openssl.spec
===================================================================
--- crypto/openssl/openssl.spec (revision 279126)
+++ crypto/openssl/openssl.spec (working copy)
@@ -6,7 +6,7 @@ Release: 1
Summary: Secure Sockets Layer and cryptography libraries and tools
Name: openssl
-Version: 0.9.8za
+Version: 0.9.8zd
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
License: OpenSSL
Group: System Environment/Libraries
Index: crypto/openssl/ssl/Makefile
===================================================================
--- crypto/openssl/ssl/Makefile (revision 279126)
+++ crypto/openssl/ssl/Makefile (working copy)
@@ -545,27 +545,28 @@ s3_both.o: ../include/openssl/ssl23.h ../include/o
s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
s3_both.o: ../include/openssl/x509_vfy.h s3_both.c ssl_locl.h
-s3_cbc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_cbc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s3_cbc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_cbc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s3_cbc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s3_cbc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s3_cbc.o: ../include/openssl/err.h ../include/openssl/evp.h
-s3_cbc.o: ../include/openssl/fips.h ../include/openssl/hmac.h
-s3_cbc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s3_cbc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-s3_cbc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_cbc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s3_cbc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s3_cbc.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
-s3_cbc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s3_cbc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_cbc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_cbc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_cbc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_cbc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_cbc.o: ../include/openssl/x509_vfy.h s3_cbc.c ssl_locl.h
+s3_cbc.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h
+s3_cbc.o: ../include/openssl/bio.h ../include/openssl/bn.h
+s3_cbc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s3_cbc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+s3_cbc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s3_cbc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s3_cbc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s3_cbc.o: ../include/openssl/evp.h ../include/openssl/fips.h
+s3_cbc.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+s3_cbc.o: ../include/openssl/lhash.h ../include/openssl/md5.h
+s3_cbc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s3_cbc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s3_cbc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s3_cbc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_cbc.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+s3_cbc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_cbc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_cbc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_cbc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_cbc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_cbc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_cbc.c
+s3_cbc.o: ssl_locl.h
s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -674,29 +675,29 @@ s3_pkt.o: ../include/openssl/ssl3.h ../include/ope
s3_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
s3_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_pkt.c
s3_pkt.o: ssl_locl.h
-s3_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s3_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s3_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s3_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s3_srvr.o: ../include/openssl/evp.h ../include/openssl/fips.h
-s3_srvr.o: ../include/openssl/hmac.h ../include/openssl/krb5_asn.h
-s3_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s3_srvr.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s3_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s3_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
-s3_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-s3_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
-s3_srvr.o: s3_srvr.c ssl_locl.h
+s3_srvr.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h
+s3_srvr.o: ../include/openssl/bio.h ../include/openssl/bn.h
+s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s3_srvr.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s3_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s3_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_srvr.o: ../include/openssl/fips.h ../include/openssl/hmac.h
+s3_srvr.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h
+s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md5.h
+s3_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s3_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s3_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
+s3_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_srvr.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_srvr.c ssl_locl.h
ssl_algs.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
ssl_algs.o: ../include/openssl/bn.h ../include/openssl/buffer.h
ssl_algs.o: ../include/openssl/comp.h ../include/openssl/crypto.h
Index: crypto/openssl/ssl/d1_both.c
===================================================================
--- crypto/openssl/ssl/d1_both.c (revision 279126)
+++ crypto/openssl/ssl/d1_both.c (working copy)
@@ -1195,6 +1195,8 @@ dtls1_buffer_message(SSL *s, int is_ccs)
OPENSSL_assert(s->init_off == 0);
frag = dtls1_hm_fragment_new(s->init_num, 0);
+ if (!frag)
+ return 0;
memcpy(frag->fragment, s->init_buf->data, s->init_num);
Index: crypto/openssl/ssl/d1_srvr.c
===================================================================
--- crypto/openssl/ssl/d1_srvr.c (revision 279126)
+++ crypto/openssl/ssl/d1_srvr.c (working copy)
@@ -468,10 +468,11 @@ int dtls1_accept(SSL *s)
s->state = SSL3_ST_SR_CLNT_HELLO_C;
}
else {
- /* could be sent for a DH cert, even if we
- * have not asked for it :-) */
- ret=ssl3_get_client_certificate(s);
- if (ret <= 0) goto end;
+ if (s->s3->tmp.cert_request)
+ {
+ ret=ssl3_get_client_certificate(s);
+ if (ret <= 0) goto end;
+ }
s->init_num=0;
s->state=SSL3_ST_SR_KEY_EXCH_A;
}
Index: crypto/openssl/ssl/s23_lib.c
===================================================================
--- crypto/openssl/ssl/s23_lib.c (revision 279126)
+++ crypto/openssl/ssl/s23_lib.c (working copy)
@@ -112,6 +112,9 @@ int ssl23_put_cipher_by_char(const SSL_CIPHER *c,
long l;
/* We can write SSLv2 and SSLv3 ciphers */
+ /* but no ECC ciphers */
+ if (c->algorithms & (SSL_ECDH|SSL_aECDSA))
+ return 0;
if (p != NULL)
{
l=c->id;
Index: crypto/openssl/ssl/s3_cbc.c
===================================================================
--- crypto/openssl/ssl/s3_cbc.c (revision 279126)
+++ crypto/openssl/ssl/s3_cbc.c (working copy)
@@ -53,6 +53,7 @@
*
*/
+#include "../crypto/constant_time_locl.h"
#include "ssl_locl.h"
#include <openssl/md5.h>
@@ -67,37 +68,6 @@
* supported by TLS.) */
#define MAX_HASH_BLOCK_SIZE 128
-/* Some utility functions are needed:
- *
- * These macros return the given value with the MSB copied to all the other
- * bits. They use the fact that arithmetic shift shifts-in the sign bit.
- * However, this is not ensured by the C standard so you may need to replace
- * them with something else on odd CPUs. */
-#define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) )
-#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x)))
-
-/* constant_time_lt returns 0xff if a<b and 0x00 otherwise. */
-static unsigned constant_time_lt(unsigned a, unsigned b)
- {
- a -= b;
- return DUPLICATE_MSB_TO_ALL(a);
- }
-
-/* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */
-static unsigned constant_time_ge(unsigned a, unsigned b)
- {
- a -= b;
- return DUPLICATE_MSB_TO_ALL(~a);
- }
-
-/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */
-static unsigned char constant_time_eq_8(unsigned a, unsigned b)
- {
- unsigned c = a ^ b;
- c--;
- return DUPLICATE_MSB_TO_ALL_8(c);
- }
-
/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
* record in |rec| by updating |rec->length| in constant time.
*
@@ -126,8 +96,8 @@ int ssl3_cbc_remove_padding(const SSL* s,
padding_length = good & (padding_length+1);
rec->length -= padding_length;
rec->type |= padding_length<<8; /* kludge: pass padding length */
- return (int)((good & 1) | (~good & -1));
-}
+ return constant_time_select_int(good, 1, -1);
+ }
/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
* record in |rec| in constant time and returns 1 if the padding is valid and
@@ -201,7 +171,7 @@ int tls1_cbc_remove_padding(const SSL* s,
for (i = 0; i < to_check; i++)
{
- unsigned char mask = constant_time_ge(padding_length, i);
+ unsigned char mask = constant_time_ge_8(padding_length, i);
unsigned char b = rec->data[rec->length-1-i];
/* The final |padding_length+1| bytes should all have the value
* |padding_length|. Therefore the XOR should be zero. */
@@ -209,20 +179,14 @@ int tls1_cbc_remove_padding(const SSL* s,
}
/* If any of the final |padding_length+1| bytes had the wrong value,
- * one or more of the lower eight bits of |good| will be cleared. We
- * AND the bottom 8 bits together and duplicate the result to all the
- * bits. */
- good &= good >> 4;
- good &= good >> 2;
- good &= good >> 1;
- good <<= sizeof(good)*8-1;
- good = DUPLICATE_MSB_TO_ALL(good);
-
+ * one or more of the lower eight bits of |good| will be cleared.
+ */
+ good = constant_time_eq(0xff, good & 0xff);
padding_length = good & (padding_length+1);
rec->length -= padding_length;
rec->type |= padding_length<<8; /* kludge: pass padding length */
- return (int)((good & 1) | (~good & -1));
+ return constant_time_select_int(good, 1, -1);
}
/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in
@@ -289,8 +253,8 @@ void ssl3_cbc_copy_mac(unsigned char* out,
memset(rotated_mac, 0, md_size);
for (i = scan_start, j = 0; i < orig_len; i++)
{
- unsigned char mac_started = constant_time_ge(i, mac_start);
- unsigned char mac_ended = constant_time_ge(i, mac_end);
+ unsigned char mac_started = constant_time_ge_8(i, mac_start);
+ unsigned char mac_ended = constant_time_ge_8(i, mac_end);
unsigned char b = rec->data[i];
rotated_mac[j++] |= b & mac_started & ~mac_ended;
j &= constant_time_lt(j,md_size);
@@ -676,12 +640,12 @@ void ssl3_cbc_digest_record(
b = data[k-header_length];
k++;
- is_past_c = is_block_a & constant_time_ge(j, c);
- is_past_cp1 = is_block_a & constant_time_ge(j, c+1);
+ is_past_c = is_block_a & constant_time_ge_8(j, c);
+ is_past_cp1 = is_block_a & constant_time_ge_8(j, c+1);
/* If this is the block containing the end of the
* application data, and we are at the offset for the
* 0x80 value, then overwrite b with 0x80. */
- b = (b&~is_past_c) | (0x80&is_past_c);
+ b = constant_time_select_8(is_past_c, 0x80, b);
/* If this the the block containing the end of the
* application data and we're past the 0x80 value then
* just write zero. */
@@ -697,7 +661,8 @@ void ssl3_cbc_digest_record(
if (j >= md_block_size - md_length_size)
{
/* If this is index_b, write a length byte. */
- b = (b&~is_block_b) | (is_block_b&length_bytes[j-(md_block_size-md_length_size)]);
+ b = constant_time_select_8(
+ is_block_b, length_bytes[j-(md_block_size-md_length_size)], b);
}
block[j] = b;
}
Index: crypto/openssl/ssl/s3_clnt.c
===================================================================
--- crypto/openssl/ssl/s3_clnt.c (revision 279126)
+++ crypto/openssl/ssl/s3_clnt.c (working copy)
@@ -442,6 +442,7 @@ int ssl3_connect(SSL *s)
s->method->ssl3_enc->client_finished_label,
s->method->ssl3_enc->client_finished_label_len);
if (ret <= 0) goto end;
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
s->state=SSL3_ST_CW_FLUSH;
/* clear flags */
@@ -1094,8 +1095,8 @@ int ssl3_get_key_exchange(SSL *s)
#endif
EVP_MD_CTX md_ctx;
unsigned char *param,*p;
- int al,i,j,param_len,ok;
- long n,alg;
+ int al,j,ok;
+ long i,param_len,n,alg;
EVP_PKEY *pkey=NULL;
#ifndef OPENSSL_NO_RSA
RSA *rsa=NULL;
@@ -1172,8 +1173,10 @@ int ssl3_get_key_exchange(SSL *s)
s->session->sess_cert=ssl_sess_cert_new();
}
+ /* Total length of the parameters including the length prefix */
param_len=0;
+ al=SSL_AD_DECODE_ERROR;
#ifndef OPENSSL_NO_RSA
if (alg & SSL_kRSA)
{
@@ -1189,14 +1192,23 @@ int ssl3_get_key_exchange(SSL *s)
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
goto err;
}
- n2s(p,i);
- param_len=i+2;
+
+ param_len = 2;
if (param_len > n)
{
- al=SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+ SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
+ n2s(p,i);
+
+ if (i > n - param_len)
+ {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH);
goto f_err;
}
+ param_len += i;
+
if (!(rsa->n=BN_bin2bn(p,i,rsa->n)))
{
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
@@ -1204,14 +1216,23 @@ int ssl3_get_key_exchange(SSL *s)
}
p+=i;
+ if (2 > n - param_len)
+ {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+ SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
+ param_len += 2;
+
n2s(p,i);
- param_len+=i+2;
- if (param_len > n)
+
+ if (i > n - param_len)
{
- al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH);
goto f_err;
}
+ param_len += i;
+
if (!(rsa->e=BN_bin2bn(p,i,rsa->e)))
{
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
@@ -1243,14 +1264,23 @@ int ssl3_get_key_exchange(SSL *s)
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB);
goto err;
}
- n2s(p,i);
- param_len=i+2;
+
+ param_len = 2;
if (param_len > n)
{
- al=SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+ SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
+ n2s(p,i);
+
+ if (i > n - param_len)
+ {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH);
goto f_err;
}
+ param_len += i;
+
if (!(dh->p=BN_bin2bn(p,i,NULL)))
{
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
@@ -1258,14 +1288,23 @@ int ssl3_get_key_exchange(SSL *s)
}
p+=i;
+ if (2 > n - param_len)
+ {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+ SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
+ param_len += 2;
+
n2s(p,i);
- param_len+=i+2;
- if (param_len > n)
+
+ if (i > n - param_len)
{
- al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH);
goto f_err;
}
+ param_len += i;
+
if (!(dh->g=BN_bin2bn(p,i,NULL)))
{
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
@@ -1273,14 +1312,23 @@ int ssl3_get_key_exchange(SSL *s)
}
p+=i;
+ if (2 > n - param_len)
+ {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+ SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
+ param_len += 2;
+
n2s(p,i);
- param_len+=i+2;
- if (param_len > n)
+
+ if (i > n - param_len)
{
- al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH);
goto f_err;
}
+ param_len += i;
+
if (!(dh->pub_key=BN_bin2bn(p,i,NULL)))
{
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
@@ -1332,13 +1380,20 @@ int ssl3_get_key_exchange(SSL *s)
*/
/* XXX: For now we only support named (not generic) curves
- * and the ECParameters in this case is just three bytes.
+ * and the ECParameters in this case is just three bytes. We
+ * also need one byte for the length of the encoded point
*/
- param_len=3;
- if ((param_len > n) ||
- (*p != NAMED_CURVE_TYPE) ||
- ((curve_nid = curve_id2nid(*(p + 2))) == 0))
+ param_len=4;
+ if (param_len > n)
{
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+ SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
+
+ if ((*p != NAMED_CURVE_TYPE) ||
+ ((curve_nid = curve_id2nid(*(p + 2))) == 0))
+ {
al=SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
goto f_err;
@@ -1379,15 +1434,15 @@ int ssl3_get_key_exchange(SSL *s)
encoded_pt_len = *p; /* length of encoded point */
p+=1;
- param_len += (1 + encoded_pt_len);
- if ((param_len > n) ||
+
+ if ((encoded_pt_len > n - param_len) ||
(EC_POINT_oct2point(group, srvr_ecpoint,
p, encoded_pt_len, bn_ctx) == 0))
{
- al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT);
goto f_err;
}
+ param_len += encoded_pt_len;
n-=param_len;
p+=encoded_pt_len;
@@ -1438,10 +1493,10 @@ int ssl3_get_key_exchange(SSL *s)
n-=2;
j=EVP_PKEY_size(pkey);
+ /* Check signature length. If n is 0 then signature is empty */
if ((i != n) || (n > j) || (n <= 0))
{
/* wrong packet length */
- al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH);
goto f_err;
}
@@ -1450,6 +1505,7 @@ int ssl3_get_key_exchange(SSL *s)
if (pkey->type == EVP_PKEY_RSA)
{
int num;
+ unsigned int size;
j=0;
q=md_buf;
@@ -1462,9 +1518,9 @@ int ssl3_get_key_exchange(SSL *s)
EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
EVP_DigestUpdate(&md_ctx,param,param_len);
- EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);
- q+=i;
- j+=i;
+ EVP_DigestFinal_ex(&md_ctx,q,&size);
+ q+=size;
+ j+=size;
}
i=RSA_verify(NID_md5_sha1, md_buf, j, p, n,
pkey->pkey.rsa);
@@ -1535,7 +1591,6 @@ int ssl3_get_key_exchange(SSL *s)
}
if (n != 0)
{
- al=SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE);
goto f_err;
}
Index: crypto/openssl/ssl/s3_pkt.c
===================================================================
--- crypto/openssl/ssl/s3_pkt.c (revision 279126)
+++ crypto/openssl/ssl/s3_pkt.c (working copy)
@@ -110,6 +110,7 @@
*/
#include <stdio.h>
+#include <limits.h>
#include <errno.h>
#define USE_SOCKETS
#include "ssl_locl.h"
@@ -230,6 +231,12 @@ int ssl3_read_n(SSL *s, int n, int max, int extend
return(n);
}
+/* MAX_EMPTY_RECORDS defines the number of consecutive, empty records that will
+ * be processed per call to ssl3_get_record. Without this limit an attacker
+ * could send empty records at a faster rate than we can process and cause
+ * ssl3_get_record to loop forever. */
+#define MAX_EMPTY_RECORDS 32
+
/* Call this to get a new input record.
* It will return <= 0 if more data is needed, normally due to an error
* or non-blocking IO.
@@ -250,6 +257,7 @@ static int ssl3_get_record(SSL *s)
short version;
unsigned mac_size, orig_len;
size_t extra;
+ unsigned empty_record_count = 0;
rr= &(s->s3->rrec);
sess=s->session;
@@ -477,7 +485,17 @@ printf("\n");
s->packet_length=0;
/* just read a 0 length packet */
- if (rr->length == 0) goto again;
+ if (rr->length == 0)
+ {
+ empty_record_count++;
+ if (empty_record_count > MAX_EMPTY_RECORDS)
+ {
+ al=SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_RECORD_TOO_SMALL);
+ goto f_err;
+ }
+ goto again;
+ }
return(1);
@@ -535,7 +553,7 @@ int ssl3_write_bytes(SSL *s, int type, const void
int i,tot;
s->rwstate=SSL_NOTHING;
- OPENSSL_assert(s->s3->wnum < INT_MAX);
+ OPENSSL_assert(s->s3->wnum <= INT_MAX);
tot=s->s3->wnum;
s->s3->wnum=0;
@@ -839,7 +857,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned cha
if (!ssl3_setup_buffers(s))
return(-1);
- if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) ||
+ if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE)) ||
(peek && (type != SSL3_RT_APPLICATION_DATA)))
{
SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
Index: crypto/openssl/ssl/s3_srvr.c
===================================================================
--- crypto/openssl/ssl/s3_srvr.c (revision 279126)
+++ crypto/openssl/ssl/s3_srvr.c (working copy)
@@ -128,6 +128,7 @@
#include <stdio.h>
#include "ssl_locl.h"
#include "kssl_lcl.h"
+#include "../crypto/constant_time_locl.h"
#include <openssl/buffer.h>
#include <openssl/rand.h>
#include <openssl/objects.h>
@@ -1816,6 +1817,10 @@ int ssl3_get_client_key_exchange(SSL *s)
#ifndef OPENSSL_NO_RSA
if (l & SSL_kRSA)
{
+ unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
+ int decrypt_len;
+ unsigned char decrypt_good, version_good;
+
/* FIX THIS UP EAY EAY EAY EAY */
if (s->s3->tmp.use_rsa_tmp)
{
@@ -1864,54 +1869,61 @@ int ssl3_get_client_key_exchange(SSL *s)
n=i;
}
- i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
+ /* We must not leak whether a decryption failure occurs because
+ * of Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see
+ * RFC 2246, section 7.4.7.1). The code follows that advice of
+ * the TLS RFC and generates a random premaster secret for the
+ * case that the decrypt fails. See
+ * https://tools.ietf.org/html/rfc5246#section-7.4.7.1 */
- al = -1;
-
- if (i != SSL_MAX_MASTER_KEY_LENGTH)
+ /* should be RAND_bytes, but we cannot work around a failure. */
+ if (RAND_pseudo_bytes(rand_premaster_secret,
+ sizeof(rand_premaster_secret)) <= 0)
+ goto err;
+ decrypt_len = RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
+ ERR_clear_error();
+
+ /* decrypt_len should be SSL_MAX_MASTER_KEY_LENGTH.
+ * decrypt_good will be 0xff if so and zero otherwise. */
+ decrypt_good = constant_time_eq_int_8(decrypt_len, SSL_MAX_MASTER_KEY_LENGTH);
+
+ /* If the version in the decrypted pre-master secret is correct
+ * then version_good will be 0xff, otherwise it'll be zero.
+ * The Klima-Pokorny-Rosa extension of Bleichenbacher's attack
+ * (http://eprint.iacr.org/2003/052/) exploits the version
+ * number check as a "bad version oracle". Thus version checks
+ * are done in constant time and are treated like any other
+ * decryption error. */
+ version_good = constant_time_eq_8(p[0], (unsigned)(s->client_version>>8));
+ version_good &= constant_time_eq_8(p[1], (unsigned)(s->client_version&0xff));
+
+ /* The premaster secret must contain the same version number as
+ * the ClientHello to detect version rollback attacks
+ * (strangely, the protocol does not offer such protection for
+ * DH ciphersuites). However, buggy clients exist that send the
+ * negotiated protocol version instead if the server does not
+ * support the requested protocol version. If
+ * SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */
+ if (s->options & SSL_OP_TLS_ROLLBACK_BUG)
{
- al=SSL_AD_DECODE_ERROR;
- /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
+ unsigned char workaround_good;
+ workaround_good = constant_time_eq_8(p[0], (unsigned)(s->version>>8));
+ workaround_good &= constant_time_eq_8(p[1], (unsigned)(s->version&0xff));
+ version_good |= workaround_good;
}
- if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
+ /* Both decryption and version must be good for decrypt_good
+ * to remain non-zero (0xff). */
+ decrypt_good &= version_good;
+
+ /* Now copy rand_premaster_secret over p using
+ * decrypt_good_mask. */
+ for (i = 0; i < (int) sizeof(rand_premaster_secret); i++)
{
- /* The premaster secret must contain the same version number as the
- * ClientHello to detect version rollback attacks (strangely, the
- * protocol does not offer such protection for DH ciphersuites).
- * However, buggy clients exist that send the negotiated protocol
- * version instead if the server does not support the requested
- * protocol version.
- * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */
- if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
- (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
- {
- al=SSL_AD_DECODE_ERROR;
- /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */
-
- /* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack
- * (http://eprint.iacr.org/2003/052/) exploits the version
- * number check as a "bad version oracle" -- an alert would
- * reveal that the plaintext corresponding to some ciphertext
- * made up by the adversary is properly formatted except
- * that the version number is wrong. To avoid such attacks,
- * we should treat this just like any other decryption error. */
- }
+ p[i] = constant_time_select_8(decrypt_good, p[i],
+ rand_premaster_secret[i]);
}
- if (al != -1)
- {
- /* Some decryption failure -- use random value instead as countermeasure
- * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
- * (see RFC 2246, section 7.4.7.1). */
- ERR_clear_error();
- i = SSL_MAX_MASTER_KEY_LENGTH;
- p[0] = s->client_version >> 8;
- p[1] = s->client_version & 0xff;
- if (RAND_pseudo_bytes(p+2, i-2) <= 0) /* should be RAND_bytes, but we cannot work around a failure */
- goto err;
- }
-
s->session->master_key_length=
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,
@@ -2368,7 +2380,7 @@ int ssl3_get_cert_verify(SSL *s)
SSL3_ST_SR_CERT_VRFY_A,
SSL3_ST_SR_CERT_VRFY_B,
-1,
- 514, /* 514? */
+ SSL3_RT_MAX_PLAIN_LENGTH,
&ok);
if (!ok) return((int)n);
Index: crypto/openssl/ssl/ssl.h
===================================================================
--- crypto/openssl/ssl/ssl.h (revision 279126)
+++ crypto/openssl/ssl/ssl.h (working copy)
@@ -563,8 +563,13 @@ typedef struct ssl_session_st
/* Don't attempt to automatically build certificate chain */
#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
/* Send TLS_FALLBACK_SCSV in the ClientHello.
- * To be set by applications that reconnect with a downgraded protocol
- * version; see draft-ietf-tls-downgrade-scsv-00 for details. */
+ * To be set only by applications that reconnect with a downgraded protocol
+ * version; see draft-ietf-tls-downgrade-scsv-00 for details.
+ *
+ * DO NOT ENABLE THIS if your application attempts a normal handshake.
+ * Only use this in explicit fallback retries, following the guidance
+ * in draft-ietf-tls-downgrade-scsv-00.
+ */
#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L
Index: crypto/openssl/ssl/ssl_ciph.c
===================================================================
--- crypto/openssl/ssl/ssl_ciph.c (revision 279126)
+++ crypto/openssl/ssl/ssl_ciph.c (working copy)
@@ -390,7 +390,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const
break;
}
- if ((i < 0) || (i > SSL_ENC_NUM_IDX))
+ if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
*enc=NULL;
else
{
@@ -412,7 +412,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const
i= -1;
break;
}
- if ((i < 0) || (i > SSL_MD_NUM_IDX))
+ if ((i < 0) || (i >= SSL_MD_NUM_IDX))
*md=NULL;
else
*md=ssl_digest_methods[i];
Index: crypto/openssl/ssl/ssl_lib.c
===================================================================
--- crypto/openssl/ssl/ssl_lib.c (revision 279126)
+++ crypto/openssl/ssl/ssl_lib.c (working copy)
@@ -1401,6 +1401,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INAPPROPRIATE_FALLBACK);
goto err;
}
+ p += n;
continue;
}
Index: crypto/openssl/ssl/ssl_stat.c
===================================================================
--- crypto/openssl/ssl/ssl_stat.c (revision 279126)
+++ crypto/openssl/ssl/ssl_stat.c (working copy)
@@ -186,7 +186,6 @@ case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certi
case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break;
#endif
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
/* SSLv2/v3 compatibility states */
/* client */
case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break;
@@ -196,7 +195,6 @@ case SSL23_ST_CR_SRVR_HELLO_B: str="SSLv2/v3 read
/* server */
case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break;
case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break;
-#endif
/* DTLS */
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break;
@@ -340,7 +338,6 @@ case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break
case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break;
#endif
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
/* SSLv2/v3 compatibility states */
/* client */
case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break;
@@ -350,7 +347,7 @@ case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; bre
/* server */
case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break;
case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break;
-#endif
+
/* DTLS */
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break;
case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break;
Index: crypto/openssl/ssl/t1_lib.c
===================================================================
--- crypto/openssl/ssl/t1_lib.c (revision 279126)
+++ crypto/openssl/ssl/t1_lib.c (working copy)
@@ -1117,7 +1117,11 @@ static int tls_decrypt_ticket(SSL *s, const unsign
}
EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen);
if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0)
+ {
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ OPENSSL_free(sdec);
goto tickerr;
+ }
slen += mlen;
EVP_CIPHER_CTX_cleanup(&ctx);
p = sdec;
Index: crypto/openssl/test/Makefile
===================================================================
--- crypto/openssl/test/Makefile (revision 279126)
+++ crypto/openssl/test/Makefile (working copy)
@@ -72,6 +72,7 @@ FIPS_DSATEST= fips_dsatest
FIPS_DSSVS= fips_dssvs
FIPS_RNGVS= fips_rngvs
FIPS_TEST_SUITE=fips_test_suite
+CONSTTIMETEST= constant_time_test
TESTS= alltests
@@ -88,7 +89,8 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(EC
$(FIPS_HMACTEST)$(EXE_EXT) $(FIPS_RSAVTEST)$(EXE_EXT) \
$(FIPS_RSASTEST)$(EXE_EXT) $(FIPS_RSAGTEST)$(EXE_EXT) \
$(FIPS_DSSVS)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) \
- $(FIPS_RNGVS)$(EXE_EXT) $(FIPS_TEST_SUITE)$(EXE_EXT) jpaketest$(EXE_EXT)
+ $(FIPS_RNGVS)$(EXE_EXT) $(FIPS_TEST_SUITE)$(EXE_EXT) \
+ jpaketest$(EXE_EXT) $(CONSTTIMETEST)$(EXE_EXT)
# $(METHTEST)$(EXE_EXT)
@@ -105,7 +107,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECD
$(FIPS_AESTEST).o $(FIPS_HMACTEST).o $(FIPS_RSAVTEST).o \
$(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o \
$(FIPS_DSSVS).o $(FIPS_DSATEST).o $(FIPS_RNGVS).o $(FIPS_TEST_SUITE).o \
- jpaketest.o
+ jpaketest.o $(CONSTTIMETEST).o
SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
$(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
@@ -119,7 +121,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECD
$(FIPS_AESTEST).c $(FIPS_HMACTEST).c $(FIPS_RSAVTEST).c \
$(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c \
$(FIPS_DSSVS).c $(FIPS_DSATEST).c $(FIPS_RNGVS).c $(FIPS_TEST_SUITE).c \
- jpaketest.c
+ jpaketest.c $(CONSTTIMETEST).c
EXHEADER=
HEADER= $(EXHEADER)
@@ -161,7 +163,8 @@ alltests: \
test_rand test_bn test_ec test_ecdsa test_ecdh \
test_enc test_x509 test_rsa test_crl test_sid \
test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
- test_ss test_ca test_engine test_evp test_ssl test_ige test_jpake
+ test_ss test_ca test_engine test_evp test_ssl test_ige test_jpake \
+ test_constant_time
test_evp:
../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
@@ -333,6 +336,10 @@ test_jpake: jpaketest$(EXE_EXT)
@echo "Test JPAKE"
../util/shlib_wrap.sh ./jpaketest
+test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
+ @echo "Test constant time utilites"
+ ../util/shlib_wrap.sh ./$(CONSTTIMETEST)
+
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
@@ -527,6 +534,9 @@ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
jpaketest$(EXE_EXT): jpaketest.o $(DLIBCRYPTO)
@target=jpaketest; $(BUILD_CMD)
+$(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
+ @target=$(CONSTTIMETEST) $(BUILD_CMD)
+
#$(AESTEST).o: $(AESTEST).c
# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
@@ -561,6 +571,9 @@ bntest.o: ../include/openssl/symhacks.h ../include
bntest.o: ../include/openssl/x509_vfy.h bntest.c
casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h
casttest.o: ../include/openssl/opensslconf.h casttest.c
+constant_time_test.o: ../crypto/constant_time_locl.h ../e_os.h
+constant_time_test.o: ../include/openssl/e_os2.h
+constant_time_test.o: ../include/openssl/opensslconf.h constant_time_test.c
destest.o: ../include/openssl/des.h ../include/openssl/des_old.h
destest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
destest.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
Index: crypto/openssl/test/constant_time_test.c
===================================================================
--- crypto/openssl/test/constant_time_test.c (revision 0)
+++ crypto/openssl/test/constant_time_test.c (working copy)
@@ -0,0 +1 @@
+link ../crypto/constant_time_test.c
\ No newline at end of file
Index: crypto/openssl/util/mk1mf.pl
===================================================================
--- crypto/openssl/util/mk1mf.pl (revision 279126)
+++ crypto/openssl/util/mk1mf.pl (working copy)
@@ -786,12 +786,6 @@ foreach (values %lib_nam)
$lib_obj=$lib_obj{$_};
local($slib)=$shlib;
- if (($_ eq "SSL") && $no_ssl2 && $no_ssl3)
- {
- $rules.="\$(O_SSL):\n\n";
- next;
- }
-
if ((!$fips && ($_ eq "CRYPTO")) || ($fips && ($_ eq "FIPS")))
{
if ($cpuid_asm_obj ne "")
Index: crypto/openssl/util/mkerr.pl
===================================================================
--- crypto/openssl/util/mkerr.pl (revision 279126)
+++ crypto/openssl/util/mkerr.pl (working copy)
@@ -698,7 +698,7 @@ foreach (keys %rcodes) {
push (@runref, $_) unless exists $urcodes{$_};
}
-if($debug && defined(@funref) ) {
+if($debug && @funref) {
print STDERR "The following function codes were not referenced:\n";
foreach(sort @funref)
{
@@ -706,7 +706,7 @@ foreach (keys %rcodes) {
}
}
-if($debug && defined(@runref) ) {
+if($debug && @runref) {
print STDERR "The following reason codes were not referenced:\n";
foreach(sort @runref)
{
Index: secure/lib/libcrypto/Makefile
===================================================================
--- secure/lib/libcrypto/Makefile (revision 279126)
+++ secure/lib/libcrypto/Makefile (working copy)
@@ -239,8 +239,8 @@ SRCS+= p12_add.c p12_asn.c p12_attr.c p12_crpt.c p
INCS+= pkcs12.h pkcs7.h
# pkcs7
-SRCS+= example.c pk7_asn1.c pk7_attr.c pk7_dgst.c pk7_doit.c \
- pk7_lib.c pk7_mime.c pk7_smime.c pkcs7err.c
+SRCS+= pk7_asn1.c pk7_attr.c pk7_dgst.c pk7_doit.c pk7_lib.c \
+ pk7_mime.c pk7_smime.c pkcs7err.c
# pqueue
SRCS+= pqueue.c
Index: secure/lib/libcrypto/Makefile.inc
===================================================================
--- secure/lib/libcrypto/Makefile.inc (revision 279126)
+++ secure/lib/libcrypto/Makefile.inc (working copy)
@@ -3,8 +3,8 @@
.include <bsd.own.mk>
# OpenSSL version used for manual page generation
-OPENSSL_VER= 0.9.8za
-OPENSSL_DATE= 2014-06-05
+OPENSSL_VER= 0.9.8zd
+OPENSSL_DATE= 2015-01-08
LCRYPTO_SRC= ${.CURDIR}/../../../crypto/openssl
LCRYPTO_DOC= ${.CURDIR}/../../../crypto/openssl/doc
Index: secure/lib/libcrypto/man/ASN1_OBJECT_new.3
===================================================================
--- secure/lib/libcrypto/man/ASN1_OBJECT_new.3 (revision 279126)
+++ secure/lib/libcrypto/man/ASN1_OBJECT_new.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_OBJECT_new 3"
-.TH ASN1_OBJECT_new 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ASN1_OBJECT_new 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -142,7 +151,7 @@ ASN1_OBJECT_new, ASN1_OBJECT_free, \- object alloc
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1ASN1_OBJECT\s0 allocation routines, allocate and free an
-\&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0.
+\&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1 OBJECT IDENTIFIER.\s0
.PP
\&\fIASN1_OBJECT_new()\fR allocates and initializes a \s-1ASN1_OBJECT\s0 structure.
.PP
Index: secure/lib/libcrypto/man/ASN1_STRING_length.3
===================================================================
--- secure/lib/libcrypto/man/ASN1_STRING_length.3 (revision 279126)
+++ secure/lib/libcrypto/man/ASN1_STRING_length.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_STRING_length 3"
-.TH ASN1_STRING_length 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ASN1_STRING_length 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -193,7 +202,7 @@ utility functions should be used instead.
In general it cannot be assumed that the data returned by \fIASN1_STRING_data()\fR
is null terminated or does not contain embedded nulls. The actual format
of the data will depend on the actual string type itself: for example
-for and IA5String the data will be \s-1ASCII\s0, for a BMPString two bytes per
+for and IA5String the data will be \s-1ASCII,\s0 for a BMPString two bytes per
character in big endian format, UTF8String will be in \s-1UTF8\s0 format.
.PP
Similar care should be take to ensure the data is in the correct format
Index: secure/lib/libcrypto/man/ASN1_STRING_new.3
===================================================================
--- secure/lib/libcrypto/man/ASN1_STRING_new.3 (revision 279126)
+++ secure/lib/libcrypto/man/ASN1_STRING_new.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_STRING_new 3"
-.TH ASN1_STRING_new 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ASN1_STRING_new 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
===================================================================
--- secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 (revision 279126)
+++ secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_STRING_print_ex 3"
-.TH ASN1_STRING_print_ex 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ASN1_STRING_print_ex 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,7 +159,7 @@ the options \fBflags\fR. \fIASN1_STRING_print_ex_f
to \fBfp\fR instead.
.PP
\&\fIASN1_STRING_print()\fR prints \fBstr\fR to \fBout\fR but using a different format to
-\&\fIASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR\s0, \s-1LF\s0)
+\&\fIASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR, LF\s0)
with '.'.
.SH "NOTES"
.IX Header "NOTES"
@@ -157,7 +166,7 @@ with '.'.
\&\fIASN1_STRING_print()\fR is a legacy function which should be avoided in new applications.
.PP
Although there are a large number of options frequently \fB\s-1ASN1_STRFLGS_RFC2253\s0\fR is
-suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLGS_RFC2253\s0 & ~ASN1_STRFLGS_ESC_MSB\fR.
+suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLGS_RFC2253 &\s0 ~ASN1_STRFLGS_ESC_MSB\fR.
.PP
The complete set of supported options for \fBflags\fR is listed below.
.PP
@@ -189,7 +198,7 @@ all: everything is assumed to be one byte per char
debugging purposes and can result in confusing output in multi character strings.
.PP
If \fB\s-1ASN1_STRFLGS_SHOW_TYPE\s0\fR is set then the string type itself is printed out
-before its value (for example \*(L"\s-1BMPSTRING\s0\*(R"), this actually uses \fIASN1_tag2str()\fR.
+before its value (for example \*(L"\s-1BMPSTRING\*(R"\s0), this actually uses \fIASN1_tag2str()\fR.
.PP
The content of a string instead of being interpreted can be \*(L"dumped\*(R": this just
outputs the value of the string using the form #XXXX using hex format for each
@@ -197,7 +206,7 @@ octet.
.PP
If \fB\s-1ASN1_STRFLGS_DUMP_ALL\s0\fR is set then any type is dumped.
.PP
-Normally non character string types (such as \s-1OCTET\s0 \s-1STRING\s0) are assumed to be
+Normally non character string types (such as \s-1OCTET STRING\s0) are assumed to be
one byte per character, if \fB\s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0\fR is set then they will
be dumped instead.
.PP
@@ -205,10 +214,10 @@ When a type is dumped normally just the content oc
\&\fB\s-1ASN1_STRFLGS_DUMP_DER\s0\fR is set then the complete encoding is dumped
instead (including tag and length octets).
.PP
-\&\fB\s-1ASN1_STRFLGS_RFC2253\s0\fR includes all the flags required by \s-1RFC2253\s0. It is
+\&\fB\s-1ASN1_STRFLGS_RFC2253\s0\fR includes all the flags required by \s-1RFC2253.\s0 It is
equivalent to:
\s-1ASN1_STRFLGS_ESC_2253\s0 | \s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 |
- \s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0 \s-1ASN1_STRFLGS_DUMP_DER\s0
+ \s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIX509_NAME_print_ex\fR\|(3),
Index: secure/lib/libcrypto/man/ASN1_generate_nconf.3
===================================================================
--- secure/lib/libcrypto/man/ASN1_generate_nconf.3 (revision 279126)
+++ secure/lib/libcrypto/man/ASN1_generate_nconf.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_generate_nconf 3"
-.TH ASN1_generate_nconf 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ASN1_generate_nconf 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -162,7 +171,7 @@ is:
That is zero or more comma separated modifiers followed by a type
followed by an optional colon and a value. The formats of \fBtype\fR,
\&\fBvalue\fR and \fBmodifier\fR are explained below.
-.SS "\s-1SUPPORTED\s0 \s-1TYPES\s0"
+.SS "\s-1SUPPORTED TYPES\s0"
.IX Subsection "SUPPORTED TYPES"
The supported types are listed below. Unless otherwise specified
only the \fB\s-1ASCII\s0\fR format is permissible.
@@ -177,46 +186,46 @@ are acceptable.
Encode the \fB\s-1NULL\s0\fR type, the \fBvalue\fR string must not be present.
.IP "\fB\s-1INTEGER\s0\fR, \fB\s-1INT\s0\fR" 2
.IX Item "INTEGER, INT"
-Encodes an \s-1ASN1\s0 \fB\s-1INTEGER\s0\fR type. The \fBvalue\fR string represents
-the value of the integer, it can be preceeded by a minus sign and
+Encodes an \s-1ASN1 \s0\fB\s-1INTEGER\s0\fR type. The \fBvalue\fR string represents
+the value of the integer, it can be preceded by a minus sign and
is normally interpreted as a decimal value unless the prefix \fB0x\fR
is included.
.IP "\fB\s-1ENUMERATED\s0\fR, \fB\s-1ENUM\s0\fR" 2
.IX Item "ENUMERATED, ENUM"
-Encodes the \s-1ASN1\s0 \fB\s-1ENUMERATED\s0\fR type, it is otherwise identical to
+Encodes the \s-1ASN1 \s0\fB\s-1ENUMERATED\s0\fR type, it is otherwise identical to
\&\fB\s-1INTEGER\s0\fR.
.IP "\fB\s-1OBJECT\s0\fR, \fB\s-1OID\s0\fR" 2
.IX Item "OBJECT, OID"
-Encodes an \s-1ASN1\s0 \fB\s-1OBJECT\s0 \s-1IDENTIFIER\s0\fR, the \fBvalue\fR string can be
+Encodes an \s-1ASN1 \s0\fB\s-1OBJECT IDENTIFIER\s0\fR, the \fBvalue\fR string can be
a short name, a long name or numerical format.
.IP "\fB\s-1UTCTIME\s0\fR, \fB\s-1UTC\s0\fR" 2
.IX Item "UTCTIME, UTC"
-Encodes an \s-1ASN1\s0 \fBUTCTime\fR structure, the value should be in
+Encodes an \s-1ASN1 \s0\fBUTCTime\fR structure, the value should be in
the format \fB\s-1YYMMDDHHMMSSZ\s0\fR.
.IP "\fB\s-1GENERALIZEDTIME\s0\fR, \fB\s-1GENTIME\s0\fR" 2
.IX Item "GENERALIZEDTIME, GENTIME"
-Encodes an \s-1ASN1\s0 \fBGeneralizedTime\fR structure, the value should be in
+Encodes an \s-1ASN1 \s0\fBGeneralizedTime\fR structure, the value should be in
the format \fB\s-1YYYYMMDDHHMMSSZ\s0\fR.
.IP "\fB\s-1OCTETSTRING\s0\fR, \fB\s-1OCT\s0\fR" 2
.IX Item "OCTETSTRING, OCT"
-Encodes an \s-1ASN1\s0 \fB\s-1OCTET\s0 \s-1STRING\s0\fR. \fBvalue\fR represents the contents
+Encodes an \s-1ASN1 \s0\fB\s-1OCTET STRING\s0\fR. \fBvalue\fR represents the contents
of this structure, the format strings \fB\s-1ASCII\s0\fR and \fB\s-1HEX\s0\fR can be
used to specify the format of \fBvalue\fR.
.IP "\fB\s-1BITSTRING\s0\fR, \fB\s-1BITSTR\s0\fR" 2
.IX Item "BITSTRING, BITSTR"
-Encodes an \s-1ASN1\s0 \fB\s-1BIT\s0 \s-1STRING\s0\fR. \fBvalue\fR represents the contents
+Encodes an \s-1ASN1 \s0\fB\s-1BIT STRING\s0\fR. \fBvalue\fR represents the contents
of this structure, the format strings \fB\s-1ASCII\s0\fR, \fB\s-1HEX\s0\fR and \fB\s-1BITLIST\s0\fR
can be used to specify the format of \fBvalue\fR.
.Sp
If the format is anything other than \fB\s-1BITLIST\s0\fR the number of unused
bits is set to zero.
-.IP "\fB\s-1UNIVERSALSTRING\s0\fR, \fB\s-1UNIV\s0\fR, \fB\s-1IA5\s0\fR, \fB\s-1IA5STRING\s0\fR, \fB\s-1UTF8\s0\fR, \fBUTF8String\fR, \fB\s-1BMP\s0\fR, \fB\s-1BMPSTRING\s0\fR, \fB\s-1VISIBLESTRING\s0\fR, \fB\s-1VISIBLE\s0\fR, \fB\s-1PRINTABLESTRING\s0\fR, \fB\s-1PRINTABLE\s0\fR, \fBT61\fR, \fBT61STRING\fR, \fB\s-1TELETEXSTRING\s0\fR, \fBGeneralString\fR" 2
-.IX Item "UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, UTF8String, BMP, BMPSTRING, VISIBLESTRING, VISIBLE, PRINTABLESTRING, PRINTABLE, T61, T61STRING, TELETEXSTRING, GeneralString"
+.IP "\fB\s-1UNIVERSALSTRING\s0\fR, \fB\s-1UNIV\s0\fR, \fB\s-1IA5\s0\fR, \fB\s-1IA5STRING\s0\fR, \fB\s-1UTF8\s0\fR, \fBUTF8String\fR, \fB\s-1BMP\s0\fR, \fB\s-1BMPSTRING\s0\fR, \fB\s-1VISIBLESTRING\s0\fR, \fB\s-1VISIBLE\s0\fR, \fB\s-1PRINTABLESTRING\s0\fR, \fB\s-1PRINTABLE\s0\fR, \fBT61\fR, \fBT61STRING\fR, \fB\s-1TELETEXSTRING\s0\fR, \fBGeneralString\fR, \fB\s-1NUMERICSTRING\s0\fR, \fB\s-1NUMERIC\s0\fR" 2
+.IX Item "UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, UTF8String, BMP, BMPSTRING, VISIBLESTRING, VISIBLE, PRINTABLESTRING, PRINTABLE, T61, T61STRING, TELETEXSTRING, GeneralString, NUMERICSTRING, NUMERIC"
These encode the corresponding string types. \fBvalue\fR represents the
contents of this structure. The format can be \fB\s-1ASCII\s0\fR or \fB\s-1UTF8\s0\fR.
.IP "\fB\s-1SEQUENCE\s0\fR, \fB\s-1SEQ\s0\fR, \fB\s-1SET\s0\fR" 2
.IX Item "SEQUENCE, SEQ, SET"
-Formats the result as an \s-1ASN1\s0 \fB\s-1SEQUENCE\s0\fR or \fB\s-1SET\s0\fR type. \fBvalue\fR
+Formats the result as an \s-1ASN1 \s0\fB\s-1SEQUENCE\s0\fR or \fB\s-1SET\s0\fR type. \fBvalue\fR
should be a section name which will contain the contents. The
field names in the section are ignored and the values are in the
generated string format. If \fBvalue\fR is absent then an empty \s-1SEQUENCE\s0
@@ -233,9 +242,9 @@ Add an explicit tag to the following structure. Th
should be followed by a colon and the tag value to use as a
decimal value.
.Sp
-By following the number with \fBU\fR, \fBA\fR, \fBP\fR or \fBC\fR \s-1UNIVERSAL\s0,
-\&\s-1APPLICATION\s0, \s-1PRIVATE\s0 or \s-1CONTEXT\s0 \s-1SPECIFIC\s0 tagging can be used,
-the default is \s-1CONTEXT\s0 \s-1SPECIFIC\s0.
+By following the number with \fBU\fR, \fBA\fR, \fBP\fR or \fBC\fR \s-1UNIVERSAL,
+APPLICATION, PRIVATE\s0 or \s-1CONTEXT SPECIFIC\s0 tagging can be used,
+the default is \s-1CONTEXT SPECIFIC.\s0
.IP "\fB\s-1IMPLICIT\s0\fR, \fB\s-1IMP\s0\fR" 2
.IX Item "IMPLICIT, IMP"
This is the same as \fB\s-1EXPLICIT\s0\fR except \s-1IMPLICIT\s0 tagging is used
@@ -242,8 +251,8 @@ This is the same as \fB\s-1EXPLICIT\s0\fR except \
instead.
.IP "\fB\s-1OCTWRAP\s0\fR, \fB\s-1SEQWRAP\s0\fR, \fB\s-1SETWRAP\s0\fR, \fB\s-1BITWRAP\s0\fR" 2
.IX Item "OCTWRAP, SEQWRAP, SETWRAP, BITWRAP"
-The following structure is surrounded by an \s-1OCTET\s0 \s-1STRING\s0, a \s-1SEQUENCE\s0,
-a \s-1SET\s0 or a \s-1BIT\s0 \s-1STRING\s0 respectively. For a \s-1BIT\s0 \s-1STRING\s0 the number of unused
+The following structure is surrounded by an \s-1OCTET STRING,\s0 a \s-1SEQUENCE,\s0
+a \s-1SET\s0 or a \s-1BIT STRING\s0 respectively. For a \s-1BIT STRING\s0 the number of unused
bits is set to zero.
.IP "\fB\s-1FORMAT\s0\fR" 2
.IX Item "FORMAT"
@@ -252,8 +261,8 @@ by a colon and one of the strings \fB\s-1ASCII\s0\
.Sp
If no format specifier is included then \fB\s-1ASCII\s0\fR is used. If \fB\s-1UTF8\s0\fR is
specified then the value string must be a valid \fB\s-1UTF8\s0\fR string. For \fB\s-1HEX\s0\fR the
-output must be a set of hex digits. \fB\s-1BITLIST\s0\fR (which is only valid for a \s-1BIT\s0
-\&\s-1STRING\s0) is a comma separated list of the indices of the set bits, all other
+output must be a set of hex digits. \fB\s-1BITLIST\s0\fR (which is only valid for a \s-1BIT
+STRING\s0) is a comma separated list of the indices of the set bits, all other
bits are zero.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Index: secure/lib/libcrypto/man/BIO_ctrl.3
===================================================================
--- secure/lib/libcrypto/man/BIO_ctrl.3 (revision 279126)
+++ secure/lib/libcrypto/man/BIO_ctrl.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_ctrl 3"
-.TH BIO_ctrl 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BIO_ctrl 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -164,7 +173,7 @@ BIO_get_info_callback, BIO_set_info_callback \- BI
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIBIO_ctrl()\fR, \fIBIO_callback_ctrl()\fR, \fIBIO_ptr_ctrl()\fR and \fIBIO_int_ctrl()\fR
-are \s-1BIO\s0 \*(L"control\*(R" operations taking arguments of various types.
+are \s-1BIO \s0\*(L"control\*(R" operations taking arguments of various types.
These functions are not normally called directly, various macros
are used instead. The standard macros are described below, macros
specific to a particular type of \s-1BIO\s0 are described in the specific
@@ -178,16 +187,16 @@ start of the file.
\&\fIBIO_seek()\fR resets a file related \s-1BIO\s0's (that is file descriptor and
\&\s-1FILE\s0 BIOs) file position pointer to \fBofs\fR bytes from start of file.
.PP
-\&\fIBIO_tell()\fR returns the current file position of a file related \s-1BIO\s0.
+\&\fIBIO_tell()\fR returns the current file position of a file related \s-1BIO.\s0
.PP
\&\fIBIO_flush()\fR normally writes out any internally buffered data, in some
cases it is used to signal \s-1EOF\s0 and that no more data will be written.
.PP
-\&\fIBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF\s0, the precise meaning of
-\&\*(L"\s-1EOF\s0\*(R" varies according to the \s-1BIO\s0 type.
+\&\fIBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF,\s0 the precise meaning of
+\&\*(L"\s-1EOF\*(R"\s0 varies according to the \s-1BIO\s0 type.
.PP
-\&\fIBIO_set_close()\fR sets the \s-1BIO\s0 \fBb\fR close flag to \fBflag\fR. \fBflag\fR can
-take the value \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0. Typically \s-1BIO_CLOSE\s0 is used
+\&\fIBIO_set_close()\fR sets the \s-1BIO \s0\fBb\fR close flag to \fBflag\fR. \fBflag\fR can
+take the value \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 Typically \s-1BIO_CLOSE\s0 is used
in a source/sink \s-1BIO\s0 to indicate that the underlying I/O stream should
be closed when the \s-1BIO\s0 is freed.
.PP
@@ -213,7 +222,7 @@ for success and \-1 for failure.
.PP
\&\fIBIO_set_close()\fR always returns 1.
.PP
-\&\fIBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0.
+\&\fIBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0
.PP
\&\fIBIO_pending()\fR, \fIBIO_ctrl_pending()\fR, \fIBIO_wpending()\fR and \fIBIO_ctrl_wpending()\fR
return the amount of pending data.
@@ -234,10 +243,10 @@ Filter BIOs if they do not internally handle a par
operation usually pass the operation to the next \s-1BIO\s0 in the chain.
This often means there is no need to locate the required \s-1BIO\s0 for
a particular operation, it can be called on a chain and it will
-be automatically passed to the relevant \s-1BIO\s0. However this can cause
+be automatically passed to the relevant \s-1BIO.\s0 However this can cause
unexpected results: for example no current filter BIOs implement
\&\fIBIO_seek()\fR, but this may still succeed if the chain ends in a \s-1FILE\s0
-or file descriptor \s-1BIO\s0.
+or file descriptor \s-1BIO.\s0
.PP
Source/sink BIOs return an 0 if they do not recognize the \fIBIO_ctrl()\fR
operation.
Index: secure/lib/libcrypto/man/BIO_f_base64.3
===================================================================
--- secure/lib/libcrypto/man/BIO_f_base64.3 (revision 279126)
+++ secure/lib/libcrypto/man/BIO_f_base64.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_base64 3"
-.TH BIO_f_base64 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BIO_f_base64 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -149,7 +158,7 @@ Base64 BIOs do not support \fIBIO_gets()\fR or \fI
.PP
\&\fIBIO_flush()\fR on a base64 \s-1BIO\s0 that is being written through is
used to signal that no more data is to be encoded: this is used
-to flush the final block through the \s-1BIO\s0.
+to flush the final block through the \s-1BIO.\s0
.PP
The flag \s-1BIO_FLAGS_BASE64_NO_NL\s0 can be set with \fIBIO_set_flags()\fR
to encode the data all on one line or expect the data to be all
@@ -172,11 +181,11 @@ to standard output:
\&
\& b64 = BIO_new(BIO_f_base64());
\& bio = BIO_new_fp(stdout, BIO_NOCLOSE);
-\& bio = BIO_push(b64, bio);
-\& BIO_write(bio, message, strlen(message));
-\& BIO_flush(bio);
+\& BIO_push(b64, bio);
+\& BIO_write(b64, message, strlen(message));
+\& BIO_flush(b64);
\&
-\& BIO_free_all(bio);
+\& BIO_free_all(b64);
.Ve
.PP
Read Base64 encoded data from standard input and write the decoded
@@ -190,11 +199,12 @@ data to standard output:
\& b64 = BIO_new(BIO_f_base64());
\& bio = BIO_new_fp(stdin, BIO_NOCLOSE);
\& bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
-\& bio = BIO_push(b64, bio);
-\& while((inlen = BIO_read(bio, inbuf, 512)) > 0)
+\& BIO_push(b64, bio);
+\& while((inlen = BIO_read(b64, inbuf, 512)) > 0)
\& BIO_write(bio_out, inbuf, inlen);
\&
-\& BIO_free_all(bio);
+\& BIO_flush(bio_out);
+\& BIO_free_all(b64);
.Ve
.SH "BUGS"
.IX Header "BUGS"
@@ -202,7 +212,7 @@ The ambiguity of \s-1EOF\s0 in base64 encoded data
data following the base64 encoded block to be misinterpreted.
.PP
There should be some way of specifying a test that the \s-1BIO\s0 can perform
-to reliably determine \s-1EOF\s0 (for example a \s-1MIME\s0 boundary).
+to reliably determine \s-1EOF \s0(for example a \s-1MIME\s0 boundary).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1TBA\s0
Index: secure/lib/libcrypto/man/BIO_f_buffer.3
===================================================================
--- secure/lib/libcrypto/man/BIO_f_buffer.3 (revision 279126)
+++ secure/lib/libcrypto/man/BIO_f_buffer.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_buffer 3"
-.TH BIO_f_buffer 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BIO_f_buffer 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -159,7 +168,7 @@ Calling \fIBIO_reset()\fR on a buffering \s-1BIO\s
.PP
\&\fIBIO_set_read_buffer_size()\fR, \fIBIO_set_write_buffer_size()\fR and \fIBIO_set_buffer_size()\fR
set the read, write or both read and write buffer sizes to \fBsize\fR. The initial
-buffer size is \s-1DEFAULT_BUFFER_SIZE\s0, currently 4096. Any attempt to reduce the
+buffer size is \s-1DEFAULT_BUFFER_SIZE,\s0 currently 4096. Any attempt to reduce the
buffer size below \s-1DEFAULT_BUFFER_SIZE\s0 is ignored. Any buffered data is cleared
when the buffer is resized.
.PP
Index: secure/lib/libcrypto/man/BIO_f_cipher.3
===================================================================
--- secure/lib/libcrypto/man/BIO_f_cipher.3 (revision 279126)
+++ secure/lib/libcrypto/man/BIO_f_cipher.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_cipher 3"
-.TH BIO_f_cipher 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BIO_f_cipher 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -154,10 +163,10 @@ Cipher BIOs do not support \fIBIO_gets()\fR or \fI
.PP
\&\fIBIO_flush()\fR on an encryption \s-1BIO\s0 that is being written through is
used to signal that no more data is to be encrypted: this is used
-to flush and possibly pad the final block through the \s-1BIO\s0.
+to flush and possibly pad the final block through the \s-1BIO.\s0
.PP
-\&\fIBIO_set_cipher()\fR sets the cipher of \s-1BIO\s0 \fBb\fR to \fBcipher\fR using key \fBkey\fR
-and \s-1IV\s0 \fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for
+\&\fIBIO_set_cipher()\fR sets the cipher of \s-1BIO \s0\fBb\fR to \fBcipher\fR using key \fBkey\fR
+and \s-1IV \s0\fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for
decryption.
.PP
When reading from an encryption \s-1BIO\s0 the final block is automatically
@@ -172,7 +181,7 @@ with the standard cipher routines to set it up. Th
.SH "NOTES"
.IX Header "NOTES"
When encrypting \fIBIO_flush()\fR \fBmust\fR be called to flush the final block
-through the \s-1BIO\s0. If it is not then the final block will fail a subsequent
+through the \s-1BIO.\s0 If it is not then the final block will fail a subsequent
decrypt.
.PP
When decrypting an error on the final block is signalled by a zero
@@ -181,7 +190,7 @@ by \s-1EOF\s0 will also return zero for the final
should be called to determine if the decrypt was successful.
.PP
As always, if \fIBIO_gets()\fR or \fIBIO_puts()\fR support is needed then it can
-be achieved by preceding the cipher \s-1BIO\s0 with a buffering \s-1BIO\s0.
+be achieved by preceding the cipher \s-1BIO\s0 with a buffering \s-1BIO.\s0
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method.
Index: secure/lib/libcrypto/man/BIO_f_md.3
===================================================================
--- secure/lib/libcrypto/man/BIO_f_md.3 (revision 279126)
+++ secure/lib/libcrypto/man/BIO_f_md.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_md 3"
-.TH BIO_f_md 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BIO_f_md 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -156,9 +165,9 @@ Any data written or read through a digest \s-1BIO\
digest calculation and returns the digest value. \fIBIO_puts()\fR is
not supported.
.PP
-\&\fIBIO_reset()\fR reinitialises a digest \s-1BIO\s0.
+\&\fIBIO_reset()\fR reinitialises a digest \s-1BIO.\s0
.PP
-\&\fIBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this
+\&\fIBIO_set_md()\fR sets the message digest of \s-1BIO \s0\fBb\fR to \fBmd\fR: this
must be called to initialize a digest \s-1BIO\s0 before any data is
passed through it. It is a \fIBIO_ctrl()\fR macro.
.PP
@@ -183,7 +192,7 @@ data is passed through it.
.PP
If an application needs to call \fIBIO_gets()\fR or \fIBIO_puts()\fR through
a chain containing digest BIOs then this can be done by prepending
-a buffering \s-1BIO\s0.
+a buffering \s-1BIO.\s0
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIBIO_f_md()\fR returns the digest \s-1BIO\s0 method.
Index: secure/lib/libcrypto/man/BIO_f_null.3
===================================================================
--- secure/lib/libcrypto/man/BIO_f_null.3 (revision 279126)
+++ secure/lib/libcrypto/man/BIO_f_null.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_null 3"
-.TH BIO_f_null 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BIO_f_null 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/BIO_f_ssl.3
===================================================================
--- secure/lib/libcrypto/man/BIO_f_ssl.3 (revision 279126)
+++ secure/lib/libcrypto/man/BIO_f_ssl.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_ssl 3"
-.TH BIO_f_ssl 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BIO_f_ssl 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -162,32 +171,32 @@ BIO_ssl_shutdown \- SSL BIO
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBIO_f_ssl()\fR returns the \s-1SSL\s0 \s-1BIO\s0 method. This is a filter \s-1BIO\s0 which
-is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO\s0 \*(L"flavour\*(R" to
-\&\s-1SSL\s0 I/O.
+\&\fIBIO_f_ssl()\fR returns the \s-1SSL BIO\s0 method. This is a filter \s-1BIO\s0 which
+is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO \s0\*(L"flavour\*(R" to
+\&\s-1SSL I/O. \s0
.PP
-I/O performed on an \s-1SSL\s0 \s-1BIO\s0 communicates using the \s-1SSL\s0 protocol with
+I/O performed on an \s-1SSL BIO\s0 communicates using the \s-1SSL\s0 protocol with
the SSLs read and write BIOs. If an \s-1SSL\s0 connection is not established
then an attempt is made to establish one on the first I/O call.
.PP
-If a \s-1BIO\s0 is appended to an \s-1SSL\s0 \s-1BIO\s0 using \fIBIO_push()\fR it is automatically
+If a \s-1BIO\s0 is appended to an \s-1SSL BIO\s0 using \fIBIO_push()\fR it is automatically
used as the \s-1SSL\s0 BIOs read and write BIOs.
.PP
-Calling \fIBIO_reset()\fR on an \s-1SSL\s0 \s-1BIO\s0 closes down any current \s-1SSL\s0 connection
+Calling \fIBIO_reset()\fR on an \s-1SSL BIO\s0 closes down any current \s-1SSL\s0 connection
by calling \fISSL_shutdown()\fR. \fIBIO_reset()\fR is then sent to the next \s-1BIO\s0 in
the chain: this will typically disconnect the underlying transport.
-The \s-1SSL\s0 \s-1BIO\s0 is then reset to the initial accept or connect state.
+The \s-1SSL BIO\s0 is then reset to the initial accept or connect state.
.PP
-If the close flag is set when an \s-1SSL\s0 \s-1BIO\s0 is freed then the internal
+If the close flag is set when an \s-1SSL BIO\s0 is freed then the internal
\&\s-1SSL\s0 structure is also freed using \fISSL_free()\fR.
.PP
-\&\fIBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR to \fBssl\fR using
+\&\fIBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO \s0\fBb\fR to \fBssl\fR using
the close flag \fBc\fR.
.PP
-\&\fIBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR, it can then be
+\&\fIBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO \s0\fBb\fR, it can then be
manipulated using the standard \s-1SSL\s0 library functions.
.PP
-\&\fIBIO_set_ssl_mode()\fR sets the \s-1SSL\s0 \s-1BIO\s0 mode to \fBclient\fR. If \fBclient\fR
+\&\fIBIO_set_ssl_mode()\fR sets the \s-1SSL BIO\s0 mode to \fBclient\fR. If \fBclient\fR
is 1 client mode is set. If \fBclient\fR is 0 server mode is set.
.PP
\&\fIBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count
@@ -202,15 +211,15 @@ automatically renegotiated.
\&\fIBIO_get_num_renegotiates()\fR returns the total number of session
renegotiations due to I/O or timeout.
.PP
-\&\fIBIO_new_ssl()\fR allocates an \s-1SSL\s0 \s-1BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using
+\&\fIBIO_new_ssl()\fR allocates an \s-1SSL BIO\s0 using \s-1SSL_CTX \s0\fBctx\fR and using
client mode if \fBclient\fR is non zero.
.PP
\&\fIBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an
-\&\s-1SSL\s0 \s-1BIO\s0 (using \fBctx\fR) followed by a connect \s-1BIO\s0.
+\&\s-1SSL BIO \s0(using \fBctx\fR) followed by a connect \s-1BIO.\s0
.PP
\&\fIBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting
-of a buffering \s-1BIO\s0, an \s-1SSL\s0 \s-1BIO\s0 (using \fBctx\fR) and a connect
-\&\s-1BIO\s0.
+of a buffering \s-1BIO,\s0 an \s-1SSL BIO \s0(using \fBctx\fR) and a connect
+\&\s-1BIO.\s0
.PP
\&\fIBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between
\&\s-1BIO\s0 chains \fBfrom\fR and \fBto\fR. It does this by locating the
@@ -218,7 +227,7 @@ client mode if \fBclient\fR is non zero.
the internal \s-1SSL\s0 pointer.
.PP
\&\fIBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0
-chain \fBbio\fR. It does this by locating the \s-1SSL\s0 \s-1BIO\s0 in the
+chain \fBbio\fR. It does this by locating the \s-1SSL BIO\s0 in the
chain and calling \fISSL_shutdown()\fR on its internal \s-1SSL\s0
pointer.
.PP
@@ -239,7 +248,7 @@ case where this happens is when \s-1SGC\s0 or step
.PP
In OpenSSL 0.9.6 and later the \s-1SSL\s0 flag \s-1SSL_AUTO_RETRY\s0 can be
set to disable this behaviour. That is when this flag is set
-an \s-1SSL\s0 \s-1BIO\s0 using a blocking transport will never request a
+an \s-1SSL BIO\s0 using a blocking transport will never request a
retry.
.PP
Since unknown \fIBIO_ctrl()\fR operations are sent through filter
@@ -323,7 +332,7 @@ unencrypted example in \fIBIO_s_connect\fR\|(3).
.Ve
.PP
Here is a simple server example. It makes use of a buffering
-\&\s-1BIO\s0 to allow lines to be read from the \s-1SSL\s0 \s-1BIO\s0 using BIO_gets.
+\&\s-1BIO\s0 to allow lines to be read from the \s-1SSL BIO\s0 using BIO_gets.
It creates a pseudo web page containing the actual request from
a client and also echoes the request to standard output.
.PP
Index: secure/lib/libcrypto/man/BIO_find_type.3
===================================================================
--- secure/lib/libcrypto/man/BIO_find_type.3 (revision 279126)
+++ secure/lib/libcrypto/man/BIO_find_type.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_find_type 3"
-.TH BIO_find_type 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BIO_find_type 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -169,7 +178,7 @@ BIO_find_type, BIO_next \- BIO chain traversal
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fIBIO_find_type()\fR searches for a \s-1BIO\s0 of a given type in a chain, starting
-at \s-1BIO\s0 \fBb\fR. If \fBtype\fR is a specific type (such as \s-1BIO_TYPE_MEM\s0) then a search
+at \s-1BIO \s0\fBb\fR. If \fBtype\fR is a specific type (such as \s-1BIO_TYPE_MEM\s0) then a search
is made for a \s-1BIO\s0 of that type. If \fBtype\fR is a general type (such as
\&\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR) then the next matching \s-1BIO\s0 of the given general type is
searched for. \fIBIO_find_type()\fR returns the next matching \s-1BIO\s0 or \s-1NULL\s0 if none is
@@ -181,7 +190,7 @@ Note: not all the \fBBIO_TYPE_*\fR types above hav
in a chain or used in conjunction with \fIBIO_find_type()\fR to find all BIOs of a
certain type.
.PP
-\&\fIBIO_method_type()\fR returns the type of a \s-1BIO\s0.
+\&\fIBIO_method_type()\fR returns the type of a \s-1BIO.\s0
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIBIO_find_type()\fR returns a matching \s-1BIO\s0 or \s-1NULL\s0 for no match.
@@ -188,7 +197,7 @@ certain type.
.PP
\&\fIBIO_next()\fR returns the next \s-1BIO\s0 in a chain.
.PP
-\&\fIBIO_method_type()\fR returns the type of the \s-1BIO\s0 \fBb\fR.
+\&\fIBIO_method_type()\fR returns the type of the \s-1BIO \s0\fBb\fR.
.SH "NOTES"
.IX Header "NOTES"
\&\fIBIO_next()\fR was added to OpenSSL 0.9.6 to provide a 'clean' way to traverse a \s-1BIO\s0
Index: secure/lib/libcrypto/man/BIO_new.3
===================================================================
--- secure/lib/libcrypto/man/BIO_new.3 (revision 279126)
+++ secure/lib/libcrypto/man/BIO_new.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_new 3"
-.TH BIO_new 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BIO_new 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -146,9 +155,9 @@ BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_al
.IX Header "DESCRIPTION"
The \fIBIO_new()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR.
.PP
-\&\fIBIO_set()\fR sets the method of an already existing \s-1BIO\s0.
+\&\fIBIO_set()\fR sets the method of an already existing \s-1BIO.\s0
.PP
-\&\fIBIO_free()\fR frees up a single \s-1BIO\s0, \fIBIO_vfree()\fR also frees up a single \s-1BIO\s0
+\&\fIBIO_free()\fR frees up a single \s-1BIO,\s0 \fIBIO_vfree()\fR also frees up a single \s-1BIO\s0
but it does not return a value. Calling \fIBIO_free()\fR may also have some effect
on the underlying I/O structure, for example it may close the file being
referred to under certain circumstances. For more details see the individual
@@ -176,7 +185,7 @@ Calling \fIBIO_free_all()\fR a single \s-1BIO\s0 h
on it other than the discarded return value.
.PP
Normally the \fBtype\fR argument is supplied by a function which returns a
-pointer to a \s-1BIO_METHOD\s0. There is a naming convention for such functions:
+pointer to a \s-1BIO_METHOD.\s0 There is a naming convention for such functions:
a source/sink \s-1BIO\s0 is normally called BIO_s_*() and a filter \s-1BIO\s0
BIO_f_*();
.SH "EXAMPLE"
Index: secure/lib/libcrypto/man/BIO_push.3
===================================================================
--- secure/lib/libcrypto/man/BIO_push.3 (revision 279126)
+++ secure/lib/libcrypto/man/BIO_push.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_push 3"
-.TH BIO_push 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BIO_push 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -141,11 +150,11 @@ BIO_push, BIO_pop \- add and remove BIOs from a ch
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-The \fIBIO_push()\fR function appends the \s-1BIO\s0 \fBappend\fR to \fBb\fR, it returns
+The \fIBIO_push()\fR function appends the \s-1BIO \s0\fBappend\fR to \fBb\fR, it returns
\&\fBb\fR.
.PP
-\&\fIBIO_pop()\fR removes the \s-1BIO\s0 \fBb\fR from a chain and returns the next \s-1BIO\s0
-in the chain, or \s-1NULL\s0 if there is no next \s-1BIO\s0. The removed \s-1BIO\s0 then
+\&\fIBIO_pop()\fR removes the \s-1BIO \s0\fBb\fR from a chain and returns the next \s-1BIO\s0
+in the chain, or \s-1NULL\s0 if there is no next \s-1BIO.\s0 The removed \s-1BIO\s0 then
becomes a single \s-1BIO\s0 with no association with the original chain,
it can thus be freed or attached to a different chain.
.SH "NOTES"
@@ -160,7 +169,7 @@ be noted in the descriptions of individual BIOs.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
For these examples suppose \fBmd1\fR and \fBmd2\fR are digest BIOs, \fBb64\fR is
-a base64 \s-1BIO\s0 and \fBf\fR is a file \s-1BIO\s0.
+a base64 \s-1BIO\s0 and \fBf\fR is a file \s-1BIO.\s0
.PP
If the call:
.PP
@@ -168,7 +177,7 @@ If the call:
\& BIO_push(b64, f);
.Ve
.PP
-is made then the new chain will be \fBb64\-chain\fR. After making the calls
+is made then the new chain will be \fBb64\-f\fR. After making the calls
.PP
.Vb 2
\& BIO_push(md2, b64);
@@ -193,7 +202,7 @@ be written to \fBmd1\fR as before.
\&\fIBIO_push()\fR returns the end of the chain, \fBb\fR.
.PP
\&\fIBIO_pop()\fR returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next
-\&\s-1BIO\s0.
+\&\s-1BIO.\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1TBA\s0
Index: secure/lib/libcrypto/man/BIO_read.3
===================================================================
--- secure/lib/libcrypto/man/BIO_read.3 (revision 279126)
+++ secure/lib/libcrypto/man/BIO_read.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_read 3"
-.TH BIO_read 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BIO_read 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -143,7 +152,7 @@ BIO_read, BIO_write, BIO_gets, BIO_puts \- BIO I/O
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO\s0 \fBb\fR and places
+\&\fIBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO \s0\fBb\fR and places
the data in \fBbuf\fR.
.PP
\&\fIBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data
@@ -152,9 +161,9 @@ from the \s-1BIO\s0 of maximum length \fBlen\fR. T
however, for example \fIBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and
return the digest and other BIOs may not support \fIBIO_gets()\fR at all.
.PP
-\&\fIBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO\s0 \fBb\fR.
+\&\fIBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO \s0\fBb\fR.
.PP
-\&\fIBIO_puts()\fR attempts to write a null terminated string \fBbuf\fR to \s-1BIO\s0 \fBb\fR
+\&\fIBIO_puts()\fR attempts to write a null terminated string \fBbuf\fR to \s-1BIO \s0\fBb\fR
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
All these functions return either the amount of data successfully read or
@@ -182,7 +191,7 @@ See \fIBIO_should_retry\fR\|(3) for details of how
determine the cause of a retry and other I/O issues.
.PP
If the \fIBIO_gets()\fR function is not supported by a \s-1BIO\s0 then it possible to
-work around this by adding a buffering \s-1BIO\s0 \fIBIO_f_buffer\fR\|(3)
+work around this by adding a buffering \s-1BIO \s0\fIBIO_f_buffer\fR\|(3)
to the chain.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
Index: secure/lib/libcrypto/man/BIO_s_accept.3
===================================================================
--- secure/lib/libcrypto/man/BIO_s_accept.3 (revision 279126)
+++ secure/lib/libcrypto/man/BIO_s_accept.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_accept 3"
-.TH BIO_s_accept 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BIO_s_accept 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -203,18 +212,18 @@ a single call: that is it creates a new accept \s-
\&\fIBIO_set_accept_bios()\fR can be used to set a chain of BIOs which
will be duplicated and prepended to the chain when an incoming
connection is received. This is useful if, for example, a
-buffering or \s-1SSL\s0 \s-1BIO\s0 is required for each connection. The
+buffering or \s-1SSL BIO\s0 is required for each connection. The
chain of BIOs must not be freed after this call, they will
be automatically freed when the accept \s-1BIO\s0 is freed.
.PP
\&\fIBIO_set_bind_mode()\fR and \fIBIO_get_bind_mode()\fR set and retrieve
-the current bind mode. If \s-1BIO_BIND_NORMAL\s0 (the default) is set
+the current bind mode. If \s-1BIO_BIND_NORMAL \s0(the default) is set
then another socket cannot be bound to the same port. If
\&\s-1BIO_BIND_REUSEADDR\s0 is set then other sockets can bind to the
same port. If \s-1BIO_BIND_REUSEADDR_IF_UNUSED\s0 is set then and
-attempt is first made to use \s-1BIO_BIN_NORMAL\s0, if this fails
+attempt is first made to use \s-1BIO_BIN_NORMAL,\s0 if this fails
and the port is not in use then a second attempt is made
-using \s-1BIO_BIND_REUSEADDR\s0.
+using \s-1BIO_BIND_REUSEADDR.\s0
.PP
\&\fIBIO_do_accept()\fR serves two functions. When it is first
called, after the accept \s-1BIO\s0 has been setup, it will attempt
@@ -235,7 +244,7 @@ an initial accept socket will await an incoming co
perform I/O on it.
.PP
If any additional BIOs have been set using \fIBIO_set_accept_bios()\fR
-then they are placed between the socket and the accept \s-1BIO\s0,
+then they are placed between the socket and the accept \s-1BIO,\s0
that is the chain will be accept\->otherbios\->socket.
.PP
If a server wishes to process multiple connections (as is normally
@@ -261,7 +270,7 @@ and freeing up the accept \s-1BIO\s0 after the ini
.PP
If the underlying accept socket is non-blocking and \fIBIO_do_accept()\fR is
called to await an incoming connection it is possible for
-\&\fIBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT\s0. If this happens
+\&\fIBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT.\s0 If this happens
then it is an indication that an accept attempt would block: the application
should take appropriate action to wait until the underlying socket has
accepted a connection and retry the call.
Index: secure/lib/libcrypto/man/BIO_s_bio.3
===================================================================
--- secure/lib/libcrypto/man/BIO_s_bio.3 (revision 279126)
+++ secure/lib/libcrypto/man/BIO_s_bio.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_bio 3"
-.TH BIO_s_bio 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BIO_s_bio 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -170,7 +179,7 @@ Since \s-1BIO\s0 chains typically end in a source/
one half of a \s-1BIO\s0 pair and have all the data processed by the chain under application
control.
.PP
-One typical use of \s-1BIO\s0 pairs is to place \s-1TLS/SSL\s0 I/O under application control, this
+One typical use of \s-1BIO\s0 pairs is to place \s-1TLS/SSL I/O\s0 under application control, this
can be used when the application wishes to use a non standard transport for
\&\s-1TLS/SSL\s0 or the normal socket routines are inappropriate.
.PP
@@ -190,12 +199,12 @@ determine the amount of pending data in the read o
\&\fIBIO_destroy_pair()\fR destroys the association between two connected BIOs. Freeing
up any half of the pair will automatically destroy the association.
.PP
-\&\fIBIO_shutdown_wr()\fR is used to close down a \s-1BIO\s0 \fBb\fR. After this call no further
-writes on \s-1BIO\s0 \fBb\fR are allowed (they will return an error). Reads on the other
+\&\fIBIO_shutdown_wr()\fR is used to close down a \s-1BIO \s0\fBb\fR. After this call no further
+writes on \s-1BIO \s0\fBb\fR are allowed (they will return an error). Reads on the other
half of the pair will return any pending data or \s-1EOF\s0 when all pending data has
been read.
.PP
-\&\fIBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO\s0 \fBb\fR to \fBsize\fR.
+\&\fIBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO \s0\fBb\fR to \fBsize\fR.
If the size is not initialized a default value is used. This is currently
17K, sufficient for a maximum size \s-1TLS\s0 record.
.PP
@@ -205,11 +214,11 @@ If the size is not initialized a default value is
\&\fIBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR
with write buffer sizes \fBwritebuf1\fR and \fBwritebuf2\fR. If either size is
zero then the default size is used. \fIBIO_new_bio_pair()\fR does not check whether
-\&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO\s0, the values are overwritten,
+\&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO,\s0 the values are overwritten,
\&\fIBIO_free()\fR is not called.
.PP
\&\fIBIO_get_write_guarantee()\fR and \fIBIO_ctrl_get_write_guarantee()\fR return the maximum
-length of data that can be currently written to the \s-1BIO\s0. Writes larger than this
+length of data that can be currently written to the \s-1BIO.\s0 Writes larger than this
value will return a value from \fIBIO_write()\fR less than the amount requested or if the
buffer is full request a retry. \fIBIO_ctrl_get_write_guarantee()\fR is a function
whereas \fIBIO_get_write_guarantee()\fR is a macro.
Index: secure/lib/libcrypto/man/BIO_s_connect.3
===================================================================
--- secure/lib/libcrypto/man/BIO_s_connect.3 (revision 279126)
+++ secure/lib/libcrypto/man/BIO_s_connect.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_connect 3"
-.TH BIO_s_connect 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BIO_s_connect 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -180,7 +189,7 @@ Calling \fIBIO_reset()\fR on a connect \s-1BIO\s0
connection and reset the \s-1BIO\s0 into a state where it can connect
to the same host again.
.PP
-\&\fIBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL\s0,
+\&\fIBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL,\s0
it also returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of
type (int *).
.PP
@@ -220,7 +229,7 @@ non blocking I/O is set during the connect process
\&\fIBIO_new_connect()\fR combines \fIBIO_new()\fR and \fIBIO_set_conn_hostname()\fR into
a single call: that is it creates a new connect \s-1BIO\s0 with \fBname\fR.
.PP
-\&\fIBIO_do_connect()\fR attempts to connect the supplied \s-1BIO\s0. It returns 1
+\&\fIBIO_do_connect()\fR attempts to connect the supplied \s-1BIO.\s0 It returns 1
if the connection was established successfully. A zero or negative
value is returned if the connection could not be established, the
call \fIBIO_should_retry()\fR should be used for non blocking connect BIOs
@@ -250,7 +259,7 @@ If non blocking I/O is set then retries will be re
.PP
It addition to \fIBIO_should_read()\fR and \fIBIO_should_write()\fR it is also
possible for \fIBIO_should_io_special()\fR to be true during the initial
-connection process with the reason \s-1BIO_RR_CONNECT\s0. If this is returned
+connection process with the reason \s-1BIO_RR_CONNECT.\s0 If this is returned
then this is an indication that a connection attempt would block,
the application should then take appropriate action to wait until
the underlying socket has connected and retry the call.
Index: secure/lib/libcrypto/man/BIO_s_fd.3
===================================================================
--- secure/lib/libcrypto/man/BIO_s_fd.3 (revision 279126)
+++ secure/lib/libcrypto/man/BIO_s_fd.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_fd 3"
-.TH BIO_s_fd 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BIO_s_fd 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -162,10 +171,10 @@ using lseek(fd, ofs, 0).
.PP
\&\fIBIO_tell()\fR returns the current file position by calling lseek(fd, 0, 1).
.PP
-\&\fIBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close
+\&\fIBIO_set_fd()\fR sets the file descriptor of \s-1BIO \s0\fBb\fR to \fBfd\fR and the close
flag to \fBc\fR.
.PP
-\&\fIBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL\s0, it also
+\&\fIBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL,\s0 it also
returns the file descriptor. If \fBc\fR is not \s-1NULL\s0 it should be of type
(int *).
.PP
Index: secure/lib/libcrypto/man/BIO_s_file.3
===================================================================
--- secure/lib/libcrypto/man/BIO_s_file.3 (revision 279126)
+++ secure/lib/libcrypto/man/BIO_s_file.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_file 3"
-.TH BIO_s_file 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BIO_s_file 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -154,7 +163,7 @@ BIO_rw_filename \- FILE bio
.IX Header "DESCRIPTION"
\&\fIBIO_s_file()\fR returns the \s-1BIO\s0 file method. As its name implies it
is a wrapper round the stdio \s-1FILE\s0 structure and it is a
-source/sink \s-1BIO\s0.
+source/sink \s-1BIO.\s0
.PP
Calls to \fIBIO_read()\fR and \fIBIO_write()\fR read and write data to the
underlying stream. \fIBIO_gets()\fR and \fIBIO_puts()\fR are supported on file BIOs.
@@ -175,10 +184,10 @@ is freed.
.PP
\&\fIBIO_new_file()\fR creates a new file \s-1BIO\s0 with mode \fBmode\fR the meaning
of \fBmode\fR is the same as the stdio function \fIfopen()\fR. The \s-1BIO_CLOSE\s0
-flag is set on the returned \s-1BIO\s0.
+flag is set on the returned \s-1BIO.\s0
.PP
\&\fIBIO_new_fp()\fR creates a file \s-1BIO\s0 wrapping \fBstream\fR. Flags can be:
-\&\s-1BIO_CLOSE\s0, \s-1BIO_NOCLOSE\s0 (the close flag) \s-1BIO_FP_TEXT\s0 (sets the underlying
+\&\s-1BIO_CLOSE, BIO_NOCLOSE \s0(the close flag) \s-1BIO_FP_TEXT \s0(sets the underlying
stream to text mode, default is binary: this only has any effect under
Win32).
.PP
@@ -185,7 +194,7 @@ Win32).
\&\fIBIO_set_fp()\fR set the fp of a file \s-1BIO\s0 to \fBfp\fR. \fBflags\fR has the same
meaning as in \fIBIO_new_fp()\fR, it is a macro.
.PP
-\&\fIBIO_get_fp()\fR retrieves the fp of a file \s-1BIO\s0, it is a macro.
+\&\fIBIO_get_fp()\fR retrieves the fp of a file \s-1BIO,\s0 it is a macro.
.PP
\&\fIBIO_seek()\fR is a macro that sets the position pointer to \fBoffset\fR bytes
from the start of file.
@@ -193,7 +202,7 @@ from the start of file.
\&\fIBIO_tell()\fR returns the value of the position pointer.
.PP
\&\fIBIO_read_filename()\fR, \fIBIO_write_filename()\fR, \fIBIO_append_filename()\fR and
-\&\fIBIO_rw_filename()\fR set the file \s-1BIO\s0 \fBb\fR to use file \fBname\fR for
+\&\fIBIO_rw_filename()\fR set the file \s-1BIO \s0\fBb\fR to use file \fBname\fR for
reading, writing, append or read write respectively.
.SH "NOTES"
.IX Header "NOTES"
@@ -201,10 +210,10 @@ When wrapping stdout, stdin or stderr the underlyi
normally be closed so the \s-1BIO_NOCLOSE\s0 flag should be set.
.PP
Because the file \s-1BIO\s0 calls the underlying stdio functions any quirks
-in stdio behaviour will be mirrored by the corresponding \s-1BIO\s0.
+in stdio behaviour will be mirrored by the corresponding \s-1BIO.\s0
.SH "EXAMPLES"
.IX Header "EXAMPLES"
-File \s-1BIO\s0 \*(L"hello world\*(R":
+File \s-1BIO \s0\*(L"hello world\*(R":
.PP
.Vb 3
\& BIO *bio_out;
Index: secure/lib/libcrypto/man/BIO_s_mem.3
===================================================================
--- secure/lib/libcrypto/man/BIO_s_mem.3 (revision 279126)
+++ secure/lib/libcrypto/man/BIO_s_mem.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_mem 3"
-.TH BIO_s_mem 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BIO_s_mem 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -156,7 +165,7 @@ as appropriate to accommodate the stored data.
.PP
Any data written to a memory \s-1BIO\s0 can be recalled by reading from it.
Unless the memory \s-1BIO\s0 is read only any data read from it is deleted from
-the \s-1BIO\s0.
+the \s-1BIO.\s0
.PP
Memory BIOs support \fIBIO_gets()\fR and \fIBIO_puts()\fR.
.PP
@@ -167,12 +176,12 @@ Calling \fIBIO_reset()\fR on a read write memory \
read only \s-1BIO\s0 it restores the \s-1BIO\s0 to its original state and the read only
data can be read again.
.PP
-\&\fIBIO_eof()\fR is true if no data is in the \s-1BIO\s0.
+\&\fIBIO_eof()\fR is true if no data is in the \s-1BIO.\s0
.PP
\&\fIBIO_ctrl_pending()\fR returns the number of bytes currently stored.
.PP
-\&\fIBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO\s0 \fBb\fR when it is
-empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF\s0 (that is
+\&\fIBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO \s0\fBb\fR when it is
+empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF \s0(that is
it will return zero and BIO_should_retry(b) will be false. If \fBv\fR is non
zero then it will return \fBv\fR when it is empty and it will set the read retry
flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal
@@ -182,7 +191,7 @@ positive return value \fBv\fR should be set to a n
and returns the total amount of data available. It is implemented as a macro.
.PP
\&\fIBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the
-close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0.
+close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0
It is a macro.
.PP
\&\fIBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in \fBpp\fR. It is
@@ -192,7 +201,7 @@ a macro.
if \fBlen\fR is \-1 then the \fBbuf\fR is assumed to be null terminated and its
length is determined by \fBstrlen\fR. The \s-1BIO\s0 is set to a read only state and
as a result cannot be written to. This is useful when some data needs to be
-made available from a static area of memory in the form of a \s-1BIO\s0. The
+made available from a static area of memory in the form of a \s-1BIO.\s0 The
supplied data is read directly from the supplied buffer: it is \fBnot\fR copied
first, so the supplied area of memory must be unchanged until the \s-1BIO\s0 is freed.
.SH "NOTES"
@@ -207,7 +216,7 @@ memory \s-1BIO\s0 avoids this problem. If the \s-1
a buffering \s-1BIO\s0 to the chain will speed up the process.
.SH "BUGS"
.IX Header "BUGS"
-There should be an option to set the maximum size of a memory \s-1BIO\s0.
+There should be an option to set the maximum size of a memory \s-1BIO.\s0
.PP
There should be a way to \*(L"rewind\*(R" a read write \s-1BIO\s0 without destroying
its contents.
Index: secure/lib/libcrypto/man/BIO_s_null.3
===================================================================
--- secure/lib/libcrypto/man/BIO_s_null.3 (revision 279126)
+++ secure/lib/libcrypto/man/BIO_s_null.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_null 3"
-.TH BIO_s_null 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BIO_s_null 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -141,7 +150,7 @@ BIO_s_null \- null data sink
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. Data written to
-the null sink is discarded, reads return \s-1EOF\s0.
+the null sink is discarded, reads return \s-1EOF.\s0
.SH "NOTES"
.IX Header "NOTES"
A null sink \s-1BIO\s0 behaves in a similar manner to the Unix /dev/null
Index: secure/lib/libcrypto/man/BIO_s_socket.3
===================================================================
--- secure/lib/libcrypto/man/BIO_s_socket.3 (revision 279126)
+++ secure/lib/libcrypto/man/BIO_s_socket.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_socket 3"
-.TH BIO_s_socket 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BIO_s_socket 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -154,10 +163,10 @@ round the platform's socket routines.
If the close flag is set then the socket is shut down and closed
when the \s-1BIO\s0 is freed.
.PP
-\&\fIBIO_set_fd()\fR sets the socket of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close
+\&\fIBIO_set_fd()\fR sets the socket of \s-1BIO \s0\fBb\fR to \fBfd\fR and the close
flag to \fBclose_flag\fR.
.PP
-\&\fIBIO_get_fd()\fR places the socket in \fBc\fR if it is not \s-1NULL\s0, it also
+\&\fIBIO_get_fd()\fR places the socket in \fBc\fR if it is not \s-1NULL,\s0 it also
returns the socket. If \fBc\fR is not \s-1NULL\s0 it should be of type (int *).
.PP
\&\fIBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR.
Index: secure/lib/libcrypto/man/BIO_set_callback.3
===================================================================
--- secure/lib/libcrypto/man/BIO_set_callback.3 (revision 279126)
+++ secure/lib/libcrypto/man/BIO_set_callback.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_set_callback 3"
-.TH BIO_set_callback 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BIO_set_callback 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -170,7 +179,7 @@ The \s-1BIO\s0 the callback is attached to is pass
.PP
\&\fBoper\fR is set to the operation being performed. For some operations
the callback is called twice, once before and once after the actual
-operation, the latter case has \fBoper\fR or'ed with \s-1BIO_CB_RETURN\s0.
+operation, the latter case has \fBoper\fR or'ed with \s-1BIO_CB_RETURN.\s0
.PP
The meaning of the arguments \fBargp\fR, \fBargi\fR and \fBargl\fR depends on
the value of \fBoper\fR, that is the operation being performed.
@@ -189,26 +198,26 @@ value returned to the application.
.IX Header "CALLBACK OPERATIONS"
.IP "\fBBIO_free(b)\fR" 4
.IX Item "BIO_free(b)"
-callback(b, \s-1BIO_CB_FREE\s0, \s-1NULL\s0, 0L, 0L, 1L) is called before the
+callback(b, \s-1BIO_CB_FREE, NULL, 0L, 0L, 1L\s0) is called before the
free operation.
.IP "\fBBIO_read(b, out, outl)\fR" 4
.IX Item "BIO_read(b, out, outl)"
-callback(b, \s-1BIO_CB_READ\s0, out, outl, 0L, 1L) is called before
+callback(b, \s-1BIO_CB_READ,\s0 out, outl, 0L, 1L) is called before
the read and callback(b, BIO_CB_READ|BIO_CB_RETURN, out, outl, 0L, retvalue)
after.
.IP "\fBBIO_write(b, in, inl)\fR" 4
.IX Item "BIO_write(b, in, inl)"
-callback(b, \s-1BIO_CB_WRITE\s0, in, inl, 0L, 1L) is called before
+callback(b, \s-1BIO_CB_WRITE,\s0 in, inl, 0L, 1L) is called before
the write and callback(b, BIO_CB_WRITE|BIO_CB_RETURN, in, inl, 0L, retvalue)
after.
.IP "\fBBIO_gets(b, out, outl)\fR" 4
.IX Item "BIO_gets(b, out, outl)"
-callback(b, \s-1BIO_CB_GETS\s0, out, outl, 0L, 1L) is called before
+callback(b, \s-1BIO_CB_GETS,\s0 out, outl, 0L, 1L) is called before
the operation and callback(b, BIO_CB_GETS|BIO_CB_RETURN, out, outl, 0L, retvalue)
after.
.IP "\fBBIO_puts(b, in)\fR" 4
.IX Item "BIO_puts(b, in)"
-callback(b, \s-1BIO_CB_WRITE\s0, in, 0, 0L, 1L) is called before
+callback(b, \s-1BIO_CB_WRITE,\s0 in, 0, 0L, 1L) is called before
the operation and callback(b, BIO_CB_WRITE|BIO_CB_RETURN, in, 0, 0L, retvalue)
after.
.IP "\fBBIO_ctrl(\s-1BIO\s0 *b, int cmd, long larg, void *parg)\fR" 4
Index: secure/lib/libcrypto/man/BIO_should_retry.3
===================================================================
--- secure/lib/libcrypto/man/BIO_should_retry.3 (revision 279126)
+++ secure/lib/libcrypto/man/BIO_should_retry.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_should_retry 3"
-.TH BIO_should_retry 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BIO_should_retry 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -185,7 +194,7 @@ the reason code and the action that should be take
the type of \s-1BIO\s0 that resulted in this condition.
.PP
\&\fIBIO_get_retry_reason()\fR returns the reason for a special condition if
-passed the relevant \s-1BIO\s0, for example as returned by \fIBIO_get_retry_BIO()\fR.
+passed the relevant \s-1BIO,\s0 for example as returned by \fIBIO_get_retry_BIO()\fR.
.SH "NOTES"
.IX Header "NOTES"
If \fIBIO_should_retry()\fR returns false then the precise \*(L"error condition\*(R"
@@ -193,7 +202,7 @@ depends on the \s-1BIO\s0 type that caused it and
operation. For example if a call to \fIBIO_read()\fR on a socket \s-1BIO\s0 returns
0 and \fIBIO_should_retry()\fR is false then the cause will be that the
connection closed. A similar condition on a file \s-1BIO\s0 will mean that it
-has reached \s-1EOF\s0. Some \s-1BIO\s0 types may place additional information on
+has reached \s-1EOF.\s0 Some \s-1BIO\s0 types may place additional information on
the error queue. For more details see the individual \s-1BIO\s0 type manual
pages.
.PP
@@ -201,7 +210,7 @@ If the underlying I/O structure is in a blocking m
\&\s-1BIO\s0 types will not request a retry, because the underlying I/O
calls will not. If the application knows that the \s-1BIO\s0 type will never
signal a retry then it need not call \fIBIO_should_retry()\fR after a failed
-\&\s-1BIO\s0 I/O call. This is typically done with file BIOs.
+\&\s-1BIO I/O\s0 call. This is typically done with file BIOs.
.PP
\&\s-1SSL\s0 BIOs are the only current exception to this rule: they can request a
retry even if the underlying I/O structure is blocking, if a handshake
Index: secure/lib/libcrypto/man/BN_BLINDING_new.3
===================================================================
--- secure/lib/libcrypto/man/BN_BLINDING_new.3 (revision 279126)
+++ secure/lib/libcrypto/man/BN_BLINDING_new.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_BLINDING_new 3"
-.TH BN_BLINDING_new 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BN_BLINDING_new 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -180,7 +189,7 @@ the inverse blinding.
.PP
\&\fIBN_BLINDING_convert()\fR and \fIBN_BLINDING_invert()\fR are wrapper
functions for \fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR
-with \fBr\fR set to \s-1NULL\s0.
+with \fBr\fR set to \s-1NULL.\s0
.PP
\&\fIBN_BLINDING_set_thread_id()\fR and \fIBN_BLINDING_get_thread_id()\fR
set and get the \*(L"thread id\*(R" value of the \fB\s-1BN_BLINDING\s0\fR structure,
Index: secure/lib/libcrypto/man/BN_CTX_new.3
===================================================================
--- secure/lib/libcrypto/man/BN_CTX_new.3 (revision 279126)
+++ secure/lib/libcrypto/man/BN_CTX_new.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_CTX_new 3"
-.TH BN_CTX_new 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BN_CTX_new 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/BN_CTX_start.3
===================================================================
--- secure/lib/libcrypto/man/BN_CTX_start.3 (revision 279126)
+++ secure/lib/libcrypto/man/BN_CTX_start.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_CTX_start 3"
-.TH BN_CTX_start 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BN_CTX_start 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/BN_add.3
===================================================================
--- secure/lib/libcrypto/man/BN_add.3 (revision 279126)
+++ secure/lib/libcrypto/man/BN_add.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_add 3"
-.TH BN_add 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BN_add 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/BN_add_word.3
===================================================================
--- secure/lib/libcrypto/man/BN_add_word.3 (revision 279126)
+++ secure/lib/libcrypto/man/BN_add_word.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_add_word 3"
-.TH BN_add_word 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BN_add_word 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/BN_bn2bin.3
===================================================================
--- secure/lib/libcrypto/man/BN_bn2bin.3 (revision 279126)
+++ secure/lib/libcrypto/man/BN_bn2bin.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_bn2bin 3"
-.TH BN_bn2bin 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BN_bn2bin 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -159,7 +168,7 @@ memory.
.PP
\&\fIBN_bin2bn()\fR converts the positive integer in big-endian form of length
\&\fBlen\fR at \fBs\fR into a \fB\s-1BIGNUM\s0\fR and places it in \fBret\fR. If \fBret\fR is
-\&\s-1NULL\s0, a new \fB\s-1BIGNUM\s0\fR is created.
+\&\s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created.
.PP
\&\fIBN_bn2hex()\fR and \fIBN_bn2dec()\fR return printable strings containing the
hexadecimal and decimal encoding of \fBa\fR respectively. For negative
@@ -167,8 +176,8 @@ numbers, the string is prefaced with a leading '\-
freed later using \fIOPENSSL_free()\fR.
.PP
\&\fIBN_hex2bn()\fR converts the string \fBstr\fR containing a hexadecimal number
-to a \fB\s-1BIGNUM\s0\fR and stores it in **\fBbn\fR. If *\fBbn\fR is \s-1NULL\s0, a new
-\&\fB\s-1BIGNUM\s0\fR is created. If \fBbn\fR is \s-1NULL\s0, it only computes the number's
+to a \fB\s-1BIGNUM\s0\fR and stores it in **\fBbn\fR. If *\fBbn\fR is \s-1NULL,\s0 a new
+\&\fB\s-1BIGNUM\s0\fR is created. If \fBbn\fR is \s-1NULL,\s0 it only computes the number's
length in hexadecimal digits. If the string starts with '\-', the
number is negative. \fIBN_dec2bn()\fR is the same using the decimal system.
.PP
@@ -188,7 +197,7 @@ calling BN_bn2mpi(\fBa\fR, \s-1NULL\s0).
.PP
\&\fIBN_mpi2bn()\fR converts the \fBlen\fR bytes long representation at \fBs\fR to
a \fB\s-1BIGNUM\s0\fR and stores it at \fBret\fR, or in a newly allocated \fB\s-1BIGNUM\s0\fR
-if \fBret\fR is \s-1NULL\s0.
+if \fBret\fR is \s-1NULL.\s0
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIBN_bn2bin()\fR returns the length of the big-endian number placed at \fBto\fR.
Index: secure/lib/libcrypto/man/BN_cmp.3
===================================================================
--- secure/lib/libcrypto/man/BN_cmp.3 (revision 279126)
+++ secure/lib/libcrypto/man/BN_cmp.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_cmp 3"
-.TH BN_cmp 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BN_cmp 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/BN_copy.3
===================================================================
--- secure/lib/libcrypto/man/BN_copy.3 (revision 279126)
+++ secure/lib/libcrypto/man/BN_copy.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_copy 3"
-.TH BN_copy 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BN_copy 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/BN_generate_prime.3
===================================================================
--- secure/lib/libcrypto/man/BN_generate_prime.3 (revision 279126)
+++ secure/lib/libcrypto/man/BN_generate_prime.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_generate_prime 3"
-.TH BN_generate_prime 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BN_generate_prime 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/BN_mod_inverse.3
===================================================================
--- secure/lib/libcrypto/man/BN_mod_inverse.3 (revision 279126)
+++ secure/lib/libcrypto/man/BN_mod_inverse.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_mod_inverse 3"
-.TH BN_mod_inverse 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BN_mod_inverse 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -142,7 +151,7 @@ BN_mod_inverse \- compute inverse modulo n
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIBN_mod_inverse()\fR computes the inverse of \fBa\fR modulo \fBn\fR
-places the result in \fBr\fR (\f(CW\*(C`(a*r)%n==1\*(C'\fR). If \fBr\fR is \s-1NULL\s0,
+places the result in \fBr\fR (\f(CW\*(C`(a*r)%n==1\*(C'\fR). If \fBr\fR is \s-1NULL,\s0
a new \fB\s-1BIGNUM\s0\fR is created.
.PP
\&\fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary
Index: secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
===================================================================
--- secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 (revision 279126)
+++ secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_mod_mul_montgomery 3"
-.TH BN_mod_mul_montgomery 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BN_mod_mul_montgomery 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
===================================================================
--- secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 (revision 279126)
+++ secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_mod_mul_reciprocal 3"
-.TH BN_mod_mul_reciprocal 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BN_mod_mul_reciprocal 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/BN_new.3
===================================================================
--- secure/lib/libcrypto/man/BN_new.3 (revision 279126)
+++ secure/lib/libcrypto/man/BN_new.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_new 3"
-.TH BN_new 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BN_new 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/BN_num_bytes.3
===================================================================
--- secure/lib/libcrypto/man/BN_num_bytes.3 (revision 279126)
+++ secure/lib/libcrypto/man/BN_num_bytes.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_num_bytes 3"
-.TH BN_num_bytes 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BN_num_bytes 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/BN_rand.3
===================================================================
--- secure/lib/libcrypto/man/BN_rand.3 (revision 279126)
+++ secure/lib/libcrypto/man/BN_rand.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_rand 3"
-.TH BN_rand 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BN_rand 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/BN_set_bit.3
===================================================================
--- secure/lib/libcrypto/man/BN_set_bit.3 (revision 279126)
+++ secure/lib/libcrypto/man/BN_set_bit.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_set_bit 3"
-.TH BN_set_bit 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BN_set_bit 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/BN_swap.3
===================================================================
--- secure/lib/libcrypto/man/BN_swap.3 (revision 279126)
+++ secure/lib/libcrypto/man/BN_swap.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_swap 3"
-.TH BN_swap 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BN_swap 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/BN_zero.3
===================================================================
--- secure/lib/libcrypto/man/BN_zero.3 (revision 279126)
+++ secure/lib/libcrypto/man/BN_zero.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_zero 3"
-.TH BN_zero 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH BN_zero 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/CONF_modules_free.3
===================================================================
--- secure/lib/libcrypto/man/CONF_modules_free.3 (revision 279126)
+++ secure/lib/libcrypto/man/CONF_modules_free.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CONF_modules_free 3"
-.TH CONF_modules_free 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH CONF_modules_free 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/CONF_modules_load_file.3
===================================================================
--- secure/lib/libcrypto/man/CONF_modules_load_file.3 (revision 279126)
+++ secure/lib/libcrypto/man/CONF_modules_load_file.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CONF_modules_load_file 3"
-.TH CONF_modules_load_file 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH CONF_modules_load_file 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
===================================================================
--- secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 (revision 279126)
+++ secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CRYPTO_set_ex_data 3"
-.TH CRYPTO_set_ex_data 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH CRYPTO_set_ex_data 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/DH_generate_key.3
===================================================================
--- secure/lib/libcrypto/man/DH_generate_key.3 (revision 279126)
+++ secure/lib/libcrypto/man/DH_generate_key.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DH_generate_key 3"
-.TH DH_generate_key 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH DH_generate_key 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/DH_generate_parameters.3
===================================================================
--- secure/lib/libcrypto/man/DH_generate_parameters.3 (revision 279126)
+++ secure/lib/libcrypto/man/DH_generate_parameters.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DH_generate_parameters 3"
-.TH DH_generate_parameters 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH DH_generate_parameters 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -191,4 +200,4 @@ a usable generator.
The \fBcb_arg\fR argument to \fIDH_generate_parameters()\fR was added in SSLeay 0.9.0.
.PP
In versions before OpenSSL 0.9.5, \s-1DH_CHECK_P_NOT_STRONG_PRIME\s0 is used
-instead of \s-1DH_CHECK_P_NOT_SAFE_PRIME\s0.
+instead of \s-1DH_CHECK_P_NOT_SAFE_PRIME.\s0
Index: secure/lib/libcrypto/man/DH_get_ex_new_index.3
===================================================================
--- secure/lib/libcrypto/man/DH_get_ex_new_index.3 (revision 279126)
+++ secure/lib/libcrypto/man/DH_get_ex_new_index.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DH_get_ex_new_index 3"
-.TH DH_get_ex_new_index 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH DH_get_ex_new_index 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/DH_new.3
===================================================================
--- secure/lib/libcrypto/man/DH_new.3 (revision 279126)
+++ secure/lib/libcrypto/man/DH_new.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DH_new 3"
-.TH DH_new 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH DH_new 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/DH_set_method.3
===================================================================
--- secure/lib/libcrypto/man/DH_set_method.3 (revision 279126)
+++ secure/lib/libcrypto/man/DH_set_method.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DH_set_method 3"
-.TH DH_set_method 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH DH_set_method 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -153,7 +162,7 @@ DH_set_method, DH_new_method, DH_OpenSSL \- select
A \fB\s-1DH_METHOD\s0\fR specifies the functions that OpenSSL uses for Diffie-Hellman
operations. By modifying the method, alternative implementations
such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for
-important information about how these \s-1DH\s0 \s-1API\s0 functions are affected by the use
+important information about how these \s-1DH API\s0 functions are affected by the use
of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
.PP
Initially, the default \s-1DH_METHOD\s0 is the OpenSSL internal implementation, as
@@ -161,15 +170,15 @@ returned by \fIDH_OpenSSL()\fR.
.PP
\&\fIDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0
structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set
-as a default for \s-1DH\s0, so this function is no longer recommended.
+as a default for \s-1DH,\s0 so this function is no longer recommended.
.PP
-\&\fIDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD\s0.
-However, the meaningfulness of this result is dependent on whether the \s-1ENGINE\s0
-\&\s-1API\s0 is being used, so this function is no longer recommended.
+\&\fIDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD.\s0
+However, the meaningfulness of this result is dependent on whether the \s-1ENGINE
+API\s0 is being used, so this function is no longer recommended.
.PP
\&\fIDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR.
This will replace the \s-1DH_METHOD\s0 used by the \s-1DH\s0 key and if the previous method
-was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will be released during the
+was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the
change. It is possible to have \s-1DH\s0 keys that only work with certain \s-1DH_METHOD\s0
implementations (eg. from an \s-1ENGINE\s0 module that supports embedded
hardware-protected keys), and in such cases attempting to change the \s-1DH_METHOD\s0
@@ -176,7 +185,7 @@ hardware-protected keys), and in such cases attemp
for the key can have unexpected results.
.PP
\&\fIDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will
-be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL\s0, the default \s-1ENGINE\s0 for \s-1DH\s0
+be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default \s-1ENGINE\s0 for \s-1DH\s0
operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0 controlled by
\&\fIDH_set_default_method()\fR is used.
.SH "THE DH_METHOD STRUCTURE"
@@ -227,10 +236,10 @@ returns a pointer to the newly allocated structure
.SH "NOTES"
.IX Header "NOTES"
As of version 0.9.7, \s-1DH_METHOD\s0 implementations are grouped together with other
-algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a
-default \s-1ENGINE\s0 is specified for \s-1DH\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function,
-that will override any \s-1DH\s0 defaults set using the \s-1DH\s0 \s-1API\s0 (ie.
-\&\fIDH_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way
+algorithmic APIs (eg. \s-1RSA_METHOD, EVP_CIPHER,\s0 etc) in \fB\s-1ENGINE\s0\fR modules. If a
+default \s-1ENGINE\s0 is specified for \s-1DH\s0 functionality using an \s-1ENGINE API\s0 function,
+that will override any \s-1DH\s0 defaults set using the \s-1DH API \s0(ie.
+\&\fIDH_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way
to control default implementations for use in \s-1DH\s0 and other cryptographic
algorithms.
.SH "SEE ALSO"
@@ -245,8 +254,8 @@ algorithms.
\&\fIDH_set_default_method()\fR and \fIDH_get_default_method()\fR respectively, and
\&\fIDH_set_method()\fR and \fIDH_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than
\&\fB\s-1DH_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For
-0.9.7, the handling of defaults in the \s-1ENGINE\s0 \s-1API\s0 was restructured so that this
+0.9.7, the handling of defaults in the \s-1ENGINE API\s0 was restructured so that this
change was reversed, and behaviour of the other functions resembled more closely
-the previous behaviour. The behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now
-transparently overrides the behaviour of defaults in the \s-1DH\s0 \s-1API\s0 without
+the previous behaviour. The behaviour of defaults in the \s-1ENGINE API\s0 now
+transparently overrides the behaviour of defaults in the \s-1DH API\s0 without
requiring changing these function prototypes.
Index: secure/lib/libcrypto/man/DH_size.3
===================================================================
--- secure/lib/libcrypto/man/DH_size.3 (revision 279126)
+++ secure/lib/libcrypto/man/DH_size.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DH_size 3"
-.TH DH_size 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH DH_size 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/DSA_SIG_new.3
===================================================================
--- secure/lib/libcrypto/man/DSA_SIG_new.3 (revision 279126)
+++ secure/lib/libcrypto/man/DSA_SIG_new.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_SIG_new 3"
-.TH DSA_SIG_new 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH DSA_SIG_new 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/DSA_do_sign.3
===================================================================
--- secure/lib/libcrypto/man/DSA_do_sign.3 (revision 279126)
+++ secure/lib/libcrypto/man/DSA_do_sign.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_do_sign 3"
-.TH DSA_do_sign 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH DSA_do_sign 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/DSA_dup_DH.3
===================================================================
--- secure/lib/libcrypto/man/DSA_dup_DH.3 (revision 279126)
+++ secure/lib/libcrypto/man/DSA_dup_DH.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_dup_DH 3"
-.TH DSA_dup_DH 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH DSA_dup_DH 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/DSA_generate_key.3
===================================================================
--- secure/lib/libcrypto/man/DSA_generate_key.3 (revision 279126)
+++ secure/lib/libcrypto/man/DSA_generate_key.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_generate_key 3"
-.TH DSA_generate_key 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH DSA_generate_key 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/DSA_generate_parameters.3
===================================================================
--- secure/lib/libcrypto/man/DSA_generate_parameters.3 (revision 279126)
+++ secure/lib/libcrypto/man/DSA_generate_parameters.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_generate_parameters 3"
-.TH DSA_generate_parameters 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH DSA_generate_parameters 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -143,7 +152,7 @@ DSA_generate_parameters \- generate DSA parameters
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIDSA_generate_parameters()\fR generates primes p and q and a generator g
-for use in the \s-1DSA\s0.
+for use in the \s-1DSA.\s0
.PP
\&\fBbits\fR is the length of the prime to be generated; the \s-1DSS\s0 allows a
maximum of 1024 bits.
Index: secure/lib/libcrypto/man/DSA_get_ex_new_index.3
===================================================================
--- secure/lib/libcrypto/man/DSA_get_ex_new_index.3 (revision 279126)
+++ secure/lib/libcrypto/man/DSA_get_ex_new_index.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_get_ex_new_index 3"
-.TH DSA_get_ex_new_index 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH DSA_get_ex_new_index 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/DSA_new.3
===================================================================
--- secure/lib/libcrypto/man/DSA_new.3 (revision 279126)
+++ secure/lib/libcrypto/man/DSA_new.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_new 3"
-.TH DSA_new 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH DSA_new 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/DSA_set_method.3
===================================================================
--- secure/lib/libcrypto/man/DSA_set_method.3 (revision 279126)
+++ secure/lib/libcrypto/man/DSA_set_method.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_set_method 3"
-.TH DSA_set_method 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH DSA_set_method 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -153,7 +162,7 @@ DSA_set_method, DSA_new_method, DSA_OpenSSL \- sel
A \fB\s-1DSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1DSA\s0
operations. By modifying the method, alternative implementations
such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for
-important information about how these \s-1DSA\s0 \s-1API\s0 functions are affected by the use
+important information about how these \s-1DSA API\s0 functions are affected by the use
of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
.PP
Initially, the default \s-1DSA_METHOD\s0 is the OpenSSL internal implementation,
@@ -161,16 +170,16 @@ as returned by \fIDSA_OpenSSL()\fR.
.PP
\&\fIDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0
structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has
-been set as a default for \s-1DSA\s0, so this function is no longer recommended.
+been set as a default for \s-1DSA,\s0 so this function is no longer recommended.
.PP
\&\fIDSA_get_default_method()\fR returns a pointer to the current default
-\&\s-1DSA_METHOD\s0. However, the meaningfulness of this result is dependent on
-whether the \s-1ENGINE\s0 \s-1API\s0 is being used, so this function is no longer
+\&\s-1DSA_METHOD.\s0 However, the meaningfulness of this result is dependent on
+whether the \s-1ENGINE API\s0 is being used, so this function is no longer
recommended.
.PP
\&\fIDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key
\&\fBrsa\fR. This will replace the \s-1DSA_METHOD\s0 used by the \s-1DSA\s0 key and if the
-previous method was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will
+previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will
be released during the change. It is possible to have \s-1DSA\s0 keys that only
work with certain \s-1DSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module
that supports embedded hardware-protected keys), and in such cases
@@ -178,7 +187,7 @@ attempting to change the \s-1DSA_METHOD\s0 for the
results.
.PP
\&\fIDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR
-will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL\s0, the default engine
+will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default engine
for \s-1DSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DSA_METHOD\s0
controlled by \fIDSA_set_default_method()\fR is used.
.SH "THE DSA_METHOD STRUCTURE"
@@ -241,10 +250,10 @@ fails. Otherwise it returns a pointer to the newly
.SH "NOTES"
.IX Header "NOTES"
As of version 0.9.7, \s-1DSA_METHOD\s0 implementations are grouped together with other
-algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a
-default \s-1ENGINE\s0 is specified for \s-1DSA\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function,
-that will override any \s-1DSA\s0 defaults set using the \s-1DSA\s0 \s-1API\s0 (ie.
-\&\fIDSA_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way
+algorithmic APIs (eg. \s-1RSA_METHOD, EVP_CIPHER,\s0 etc) in \fB\s-1ENGINE\s0\fR modules. If a
+default \s-1ENGINE\s0 is specified for \s-1DSA\s0 functionality using an \s-1ENGINE API\s0 function,
+that will override any \s-1DSA\s0 defaults set using the \s-1DSA API \s0(ie.
+\&\fIDSA_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way
to control default implementations for use in \s-1DSA\s0 and other cryptographic
algorithms.
.SH "SEE ALSO"
@@ -259,8 +268,8 @@ algorithms.
\&\fIDSA_set_default_method()\fR and \fIDSA_get_default_method()\fR respectively, and
\&\fIDSA_set_method()\fR and \fIDSA_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than
\&\fB\s-1DSA_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For
-0.9.7, the handling of defaults in the \s-1ENGINE\s0 \s-1API\s0 was restructured so that this
+0.9.7, the handling of defaults in the \s-1ENGINE API\s0 was restructured so that this
change was reversed, and behaviour of the other functions resembled more closely
-the previous behaviour. The behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now
-transparently overrides the behaviour of defaults in the \s-1DSA\s0 \s-1API\s0 without
+the previous behaviour. The behaviour of defaults in the \s-1ENGINE API\s0 now
+transparently overrides the behaviour of defaults in the \s-1DSA API\s0 without
requiring changing these function prototypes.
Index: secure/lib/libcrypto/man/DSA_sign.3
===================================================================
--- secure/lib/libcrypto/man/DSA_sign.3 (revision 279126)
+++ secure/lib/libcrypto/man/DSA_sign.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_sign 3"
-.TH DSA_sign 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH DSA_sign 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,7 +157,7 @@ DSA_sign, DSA_sign_setup, DSA_verify \- DSA signat
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message
-digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN\s0.1 \s-1DER\s0
+digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN.1 DER\s0
encoding at \fBsigret\fR. The length of the signature is places in
*\fBsiglen\fR. \fBsigret\fR must point to DSA_size(\fBdsa\fR) bytes of memory.
.PP
@@ -156,9 +165,9 @@ encoding at \fBsigret\fR. The length of the signat
operation in case signature generation is time-critical. It expects
\&\fBdsa\fR to contain \s-1DSA\s0 parameters. It places the precomputed values
in newly allocated \fB\s-1BIGNUM\s0\fRs at *\fBkinvp\fR and *\fBrp\fR, after freeing
-the old ones unless *\fBkinvp\fR and *\fBrp\fR are \s-1NULL\s0. These values may
+the old ones unless *\fBkinvp\fR and *\fBrp\fR are \s-1NULL.\s0 These values may
be passed to \fIDSA_sign()\fR in \fBdsa\->kinv\fR and \fBdsa\->r\fR.
-\&\fBctx\fR is a pre-allocated \fB\s-1BN_CTX\s0\fR or \s-1NULL\s0.
+\&\fBctx\fR is a pre-allocated \fB\s-1BN_CTX\s0\fR or \s-1NULL.\s0
.PP
\&\fIDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR
matches a given message digest \fBdgst\fR of size \fBlen\fR.
@@ -176,8 +185,8 @@ signature and \-1 on error. The error codes can be
\&\fIERR_get_error\fR\|(3).
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186 (Digital Signature
-Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30
+\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186 \s0(Digital Signature
+Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3),
Index: secure/lib/libcrypto/man/DSA_size.3
===================================================================
--- secure/lib/libcrypto/man/DSA_size.3 (revision 279126)
+++ secure/lib/libcrypto/man/DSA_size.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_size 3"
-.TH DSA_size 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH DSA_size 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -140,7 +149,7 @@ DSA_size \- get DSA signature size
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-This function returns the size of an \s-1ASN\s0.1 encoded \s-1DSA\s0 signature in
+This function returns the size of an \s-1ASN.1\s0 encoded \s-1DSA\s0 signature in
bytes. It can be used to determine how much memory must be allocated
for a \s-1DSA\s0 signature.
.PP
Index: secure/lib/libcrypto/man/ERR_GET_LIB.3
===================================================================
--- secure/lib/libcrypto/man/ERR_GET_LIB.3 (revision 279126)
+++ secure/lib/libcrypto/man/ERR_GET_LIB.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_GET_LIB 3"
-.TH ERR_GET_LIB 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ERR_GET_LIB 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -157,7 +166,7 @@ reason codes are unique within each sub-library.
libraries may use the same value to signal different functions and
reasons.
.PP
-\&\fB\s-1ERR_R_\s0...\fR reason codes such as \fB\s-1ERR_R_MALLOC_FAILURE\s0\fR are globally
+\&\fB\s-1ERR_R_...\s0\fR reason codes such as \fB\s-1ERR_R_MALLOC_FAILURE\s0\fR are globally
unique. However, when checking for sub-library specific reason codes,
be sure to also compare the library number.
.PP
Index: secure/lib/libcrypto/man/ERR_clear_error.3
===================================================================
--- secure/lib/libcrypto/man/ERR_clear_error.3 (revision 279126)
+++ secure/lib/libcrypto/man/ERR_clear_error.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_clear_error 3"
-.TH ERR_clear_error 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ERR_clear_error 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/ERR_error_string.3
===================================================================
--- secure/lib/libcrypto/man/ERR_error_string.3 (revision 279126)
+++ secure/lib/libcrypto/man/ERR_error_string.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_error_string 3"
-.TH ERR_error_string 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ERR_error_string 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/ERR_get_error.3
===================================================================
--- secure/lib/libcrypto/man/ERR_get_error.3 (revision 279126)
+++ secure/lib/libcrypto/man/ERR_get_error.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_get_error 3"
-.TH ERR_get_error 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ERR_get_error 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -177,12 +186,12 @@ additionally store the file name and line number w
the error occurred in *\fBfile\fR and *\fBline\fR, unless these are \fB\s-1NULL\s0\fR.
.PP
\&\fIERR_get_error_line_data()\fR, \fIERR_peek_error_line_data()\fR and
-\&\fIERR_get_last_error_line_data()\fR store additional data and flags
+\&\fIERR_peek_last_error_line_data()\fR store additional data and flags
associated with the error code in *\fBdata\fR
and *\fBflags\fR, unless these are \fB\s-1NULL\s0\fR. *\fBdata\fR contains a string
if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR is true.
.PP
-An application \fB\s-1MUST\s0 \s-1NOT\s0\fR free the *\fBdata\fR pointer (or any other pointers
+An application \fB\s-1MUST NOT\s0\fR free the *\fBdata\fR pointer (or any other pointers
returned by these functions) with \fIOPENSSL_free()\fR as freeing is handled
automatically by the error library.
.SH "RETURN VALUES"
Index: secure/lib/libcrypto/man/ERR_load_crypto_strings.3
===================================================================
--- secure/lib/libcrypto/man/ERR_load_crypto_strings.3 (revision 279126)
+++ secure/lib/libcrypto/man/ERR_load_crypto_strings.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_load_crypto_strings 3"
-.TH ERR_load_crypto_strings 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ERR_load_crypto_strings 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/ERR_load_strings.3
===================================================================
--- secure/lib/libcrypto/man/ERR_load_strings.3 (revision 279126)
+++ secure/lib/libcrypto/man/ERR_load_strings.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_load_strings 3"
-.TH ERR_load_strings 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ERR_load_strings 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/ERR_print_errors.3
===================================================================
--- secure/lib/libcrypto/man/ERR_print_errors.3 (revision 279126)
+++ secure/lib/libcrypto/man/ERR_print_errors.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_print_errors 3"
-.TH ERR_print_errors 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ERR_print_errors 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/ERR_put_error.3
===================================================================
--- secure/lib/libcrypto/man/ERR_put_error.3 (revision 279126)
+++ secure/lib/libcrypto/man/ERR_put_error.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_put_error 3"
-.TH ERR_put_error 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ERR_put_error 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/ERR_remove_state.3
===================================================================
--- secure/lib/libcrypto/man/ERR_remove_state.3 (revision 279126)
+++ secure/lib/libcrypto/man/ERR_remove_state.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_remove_state 3"
-.TH ERR_remove_state 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ERR_remove_state 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/ERR_set_mark.3
===================================================================
--- secure/lib/libcrypto/man/ERR_set_mark.3 (revision 279126)
+++ secure/lib/libcrypto/man/ERR_set_mark.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_set_mark 3"
-.TH ERR_set_mark 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ERR_set_mark 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/EVP_BytesToKey.3
===================================================================
--- secure/lib/libcrypto/man/EVP_BytesToKey.3 (revision 279126)
+++ secure/lib/libcrypto/man/EVP_BytesToKey.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_BytesToKey 3"
-.TH EVP_BytesToKey 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH EVP_BytesToKey 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -168,7 +177,7 @@ v2.0 for key derivation.
.SH "KEY DERIVATION ALGORITHM"
.IX Header "KEY DERIVATION ALGORITHM"
The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until
-enough data is available for the key and \s-1IV\s0. D_i is defined as:
+enough data is available for the key and \s-1IV.\s0 D_i is defined as:
.PP
.Vb 1
\& D_i = HASH^count(D_(i\-1) || data || salt)
@@ -179,7 +188,7 @@ algorithm in use, HASH^1(data) is simply \s-1HASH\
is \s-1HASH\s0(\s-1HASH\s0(data)) and so on.
.PP
The initial bytes are used for the key and the subsequent bytes for
-the \s-1IV\s0.
+the \s-1IV.\s0
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIEVP_BytesToKey()\fR returns the size of the derived key in bytes.
Index: secure/lib/libcrypto/man/EVP_DigestInit.3
===================================================================
--- secure/lib/libcrypto/man/EVP_DigestInit.3 (revision 279126)
+++ secure/lib/libcrypto/man/EVP_DigestInit.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_DigestInit 3"
-.TH EVP_DigestInit 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH EVP_DigestInit 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -197,7 +206,7 @@ The \s-1EVP\s0 digest routines are a high level in
\&\fIEVP_MD_CTX_create()\fR allocates, initializes and returns a digest context.
.PP
\&\fIEVP_DigestInit_ex()\fR sets up digest context \fBctx\fR to use a digest
-\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized before calling this
+\&\fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized before calling this
function. \fBtype\fR will typically be supplied by a functionsuch as \fIEVP_sha1()\fR.
If \fBimpl\fR is \s-1NULL\s0 then the default implementation of digest \fBtype\fR is used.
.PP
@@ -242,7 +251,7 @@ hash.
\&\fIEVP_MD_block_size()\fR and \fIEVP_MD_CTX_block_size()\fR return the block size of the
message digest when passed an \fB\s-1EVP_MD\s0\fR or an \fB\s-1EVP_MD_CTX\s0\fR structure.
.PP
-\&\fIEVP_MD_type()\fR and \fIEVP_MD_CTX_type()\fR return the \s-1NID\s0 of the \s-1OBJECT\s0 \s-1IDENTIFIER\s0
+\&\fIEVP_MD_type()\fR and \fIEVP_MD_CTX_type()\fR return the \s-1NID\s0 of the \s-1OBJECT IDENTIFIER\s0
representing the given message digest when passed an \fB\s-1EVP_MD\s0\fR structure.
For example EVP_MD_type(\fIEVP_sha1()\fR) returns \fBNID_sha1\fR. This function is
normally used when setting \s-1ASN1\s0 OIDs.
@@ -256,11 +265,11 @@ return \fBNID_sha1WithRSAEncryption\fR. This \*(L"
algorithms may not be retained in future versions of OpenSSL.
.PP
\&\fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR
-return \fB\s-1EVP_MD\s0\fR structures for the \s-1MD2\s0, \s-1MD5\s0, \s-1SHA\s0, \s-1SHA1\s0, \s-1MDC2\s0 and \s-1RIPEMD160\s0 digest
+return \fB\s-1EVP_MD\s0\fR structures for the \s-1MD2, MD5, SHA, SHA1, MDC2\s0 and \s-1RIPEMD160\s0 digest
algorithms respectively. The associated signature algorithm is \s-1RSA\s0 in each case.
.PP
\&\fIEVP_dss()\fR and \fIEVP_dss1()\fR return \fB\s-1EVP_MD\s0\fR structures for \s-1SHA\s0 and \s-1SHA1\s0 digest
-algorithms but using \s-1DSS\s0 (\s-1DSA\s0) for the signature algorithm.
+algorithms but using \s-1DSS \s0(\s-1DSA\s0) for the signature algorithm.
.PP
\&\fIEVP_md_null()\fR is a \*(L"null\*(R" message digest that does nothing: i.e. the hash it
returns is of zero length.
@@ -277,7 +286,7 @@ success and 0 for failure.
\&\fIEVP_MD_CTX_copy_ex()\fR returns 1 if successful or 0 for failure.
.PP
\&\fIEVP_MD_type()\fR, \fIEVP_MD_pkey_type()\fR and \fIEVP_MD_type()\fR return the \s-1NID\s0 of the
-corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 or NID_undef if none exists.
+corresponding \s-1OBJECT IDENTIFIER\s0 or NID_undef if none exists.
.PP
\&\fIEVP_MD_size()\fR, \fIEVP_MD_block_size()\fR, EVP_MD_CTX_size(e), \fIEVP_MD_size()\fR,
\&\fIEVP_MD_CTX_block_size()\fR and \fIEVP_MD_block_size()\fR return the digest or block
Index: secure/lib/libcrypto/man/EVP_EncryptInit.3
===================================================================
--- secure/lib/libcrypto/man/EVP_EncryptInit.3 (revision 279126)
+++ secure/lib/libcrypto/man/EVP_EncryptInit.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_EncryptInit 3"
-.TH EVP_EncryptInit 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH EVP_EncryptInit 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -227,7 +236,7 @@ symmetric ciphers.
\&\fIEVP_CIPHER_CTX_init()\fR initializes cipher contex \fBctx\fR.
.PP
\&\fIEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption
-with cipher \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized
+with cipher \fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized
before calling this function. \fBtype\fR is normally supplied
by a function such as \fIEVP_des_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the
default implementation is used. \fBkey\fR is the symmetric key to use
@@ -235,7 +244,7 @@ and \fBiv\fR is the \s-1IV\s0 to use (if necessary
used for the key and \s-1IV\s0 depends on the cipher. It is possible to set
all parameters to \s-1NULL\s0 except \fBtype\fR in an initial call and supply
the remaining parameters in subsequent calls, all of which have \fBtype\fR
-set to \s-1NULL\s0. This is done when the default cipher parameters are not
+set to \s-1NULL.\s0 This is done when the default cipher parameters are not
appropriate.
.PP
\&\fIEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and
@@ -294,8 +303,8 @@ return an \s-1EVP_CIPHER\s0 structure when passed
.PP
\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return the \s-1NID\s0 of a cipher when
passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The actual \s-1NID\s0
-value is an internal value which may not have a corresponding \s-1OBJECT\s0
-\&\s-1IDENTIFIER\s0.
+value is an internal value which may not have a corresponding \s-1OBJECT
+IDENTIFIER.\s0
.PP
\&\fIEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. By default
encryption operations are padded using standard block padding and the
@@ -317,7 +326,7 @@ length to any value other than the fixed value is
.PP
\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0
length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR.
-It will return zero if the cipher does not use an \s-1IV\s0. The constant
+It will return zero if the cipher does not use an \s-1IV. \s0 The constant
\&\fB\s-1EVP_MAX_IV_LENGTH\s0\fR is the maximum \s-1IV\s0 length for all ciphers.
.PP
\&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block
@@ -326,9 +335,9 @@ structure. The constant \fB\s-1EVP_MAX_IV_LENGTH\s
length for all ciphers.
.PP
\&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the type of the passed
-cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 of the cipher \s-1OBJECT\s0
-\&\s-1IDENTIFIER\s0 as such it ignores the cipher parameters and 40 bit \s-1RC2\s0 and
-128 bit \s-1RC2\s0 have the same \s-1NID\s0. If the cipher does not have an object
+cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 of the cipher \s-1OBJECT
+IDENTIFIER\s0 as such it ignores the cipher parameters and 40 bit \s-1RC2\s0 and
+128 bit \s-1RC2\s0 have the same \s-1NID.\s0 If the cipher does not have an object
identifier or does not have \s-1ASN1\s0 support this function will return
\&\fBNID_undef\fR.
.PP
@@ -336,13 +345,13 @@ identifier or does not have \s-1ASN1\s0 support th
an \fB\s-1EVP_CIPHER_CTX\s0\fR structure.
.PP
\&\fIEVP_CIPHER_mode()\fR and \fIEVP_CIPHER_CTX_mode()\fR return the block cipher mode:
-\&\s-1EVP_CIPH_ECB_MODE\s0, \s-1EVP_CIPH_CBC_MODE\s0, \s-1EVP_CIPH_CFB_MODE\s0 or
-\&\s-1EVP_CIPH_OFB_MODE\s0. If the cipher is a stream cipher then
+\&\s-1EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE\s0 or
+\&\s-1EVP_CIPH_OFB_MODE.\s0 If the cipher is a stream cipher then
\&\s-1EVP_CIPH_STREAM_CIPHER\s0 is returned.
.PP
\&\fIEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based
on the passed cipher. This will typically include any parameters and an
-\&\s-1IV\s0. The cipher \s-1IV\s0 (if any) must be set when this call is made. This call
+\&\s-1IV.\s0 The cipher \s-1IV \s0(if any) must be set when this call is made. This call
should be made before the cipher is actually \*(L"used\*(R" (before any
\&\fIEVP_EncryptUpdate()\fR, \fIEVP_DecryptUpdate()\fR calls for example). This function
may fail if the cipher does not have any \s-1ASN1\s0 support.
@@ -349,11 +358,11 @@ may fail if the cipher does not have any \s-1ASN1\
.PP
\&\fIEVP_CIPHER_asn1_to_param()\fR sets the cipher parameters based on an \s-1ASN1\s0
AlgorithmIdentifier \*(L"parameter\*(R". The precise effect depends on the cipher
-In the case of \s-1RC2\s0, for example, it will set the \s-1IV\s0 and effective key length.
+In the case of \s-1RC2,\s0 for example, it will set the \s-1IV\s0 and effective key length.
This function should be called after the base cipher type is set but before
the key is set. For example \fIEVP_CipherInit()\fR will be called with the \s-1IV\s0 and
-key set to \s-1NULL\s0, \fIEVP_CIPHER_asn1_to_param()\fR will be called and finally
-\&\fIEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL\s0. It is
+key set to \s-1NULL,\s0 \fIEVP_CIPHER_asn1_to_param()\fR will be called and finally
+\&\fIEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL.\s0 It is
possible for this function to fail if the cipher does not have any \s-1ASN1\s0 support
or the parameters cannot be set (for example the \s-1RC2\s0 effective key length
is not supported.
@@ -377,7 +386,7 @@ return 1 for success and 0 for failure.
\&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR
return an \fB\s-1EVP_CIPHER\s0\fR structure or \s-1NULL\s0 on error.
.PP
-\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return a \s-1NID\s0.
+\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return a \s-1NID.\s0
.PP
\&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block
size.
@@ -388,10 +397,10 @@ length.
\&\fIEVP_CIPHER_CTX_set_padding()\fR always returns 1.
.PP
\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0
-length or zero if the cipher does not use an \s-1IV\s0.
+length or zero if the cipher does not use an \s-1IV.\s0
.PP
\&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the \s-1NID\s0 of the cipher's
-\&\s-1OBJECT\s0 \s-1IDENTIFIER\s0 or NID_undef if it has no defined \s-1OBJECT\s0 \s-1IDENTIFIER\s0.
+\&\s-1OBJECT IDENTIFIER\s0 or NID_undef if it has no defined \s-1OBJECT IDENTIFIER.\s0
.PP
\&\fIEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure.
.PP
@@ -405,13 +414,13 @@ All algorithms have a fixed key length unless othe
Null cipher: does nothing.
.IP "EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)" 4
.IX Item "EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)"
-\&\s-1DES\s0 in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively.
+\&\s-1DES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively.
.IP "EVP_des_ede_cbc(void), \fIEVP_des_ede()\fR, EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)" 4
-.IX Item "EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)"
-Two key triple \s-1DES\s0 in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively.
+.IX Item "EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)"
+Two key triple \s-1DES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively.
.IP "EVP_des_ede3_cbc(void), \fIEVP_des_ede3()\fR, EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)" 4
-.IX Item "EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)"
-Three key triple \s-1DES\s0 in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively.
+.IX Item "EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)"
+Three key triple \s-1DES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively.
.IP "EVP_desx_cbc(void)" 4
.IX Item "EVP_desx_cbc(void)"
\&\s-1DESX\s0 algorithm in \s-1CBC\s0 mode.
@@ -424,10 +433,10 @@ Null cipher: does nothing.
and the \fIEVP_CIPHER_CTX_set_key_length()\fR function.
.IP "\fIEVP_idea_cbc()\fR EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void)" 4
.IX Item "EVP_idea_cbc() EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void)"
-\&\s-1IDEA\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively.
+\&\s-1IDEA\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively.
.IP "EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void)" 4
.IX Item "EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void)"
-\&\s-1RC2\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key
+\&\s-1RC2\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key
length cipher with an additional parameter called \*(L"effective key bits\*(R" or \*(L"effective key length\*(R".
By default both are set to 128 bits.
.IP "EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void)" 4
@@ -437,15 +446,15 @@ These are obsolete and new code should use \fIEVP_
\&\fIEVP_CIPHER_CTX_ctrl()\fR to set the key length and effective key length.
.IP "EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);" 4
.IX Item "EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);"
-Blowfish encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key
+Blowfish encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key
length cipher.
.IP "EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void)" 4
.IX Item "EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void)"
-\&\s-1CAST\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key
+\&\s-1CAST\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key
length cipher.
.IP "EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void)" 4
.IX Item "EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void)"
-\&\s-1RC5\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key length
+\&\s-1RC5\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key length
cipher with an additional \*(L"number of rounds\*(R" parameter. By default the key length is set to 128
bits and 12 rounds.
.SH "NOTES"
@@ -487,7 +496,7 @@ unpredictable. This is because it has become stand
generic key as a fixed unsigned char array containing \s-1EVP_MAX_KEY_LENGTH\s0 bytes.
.PP
The \s-1ASN1\s0 code is incomplete (and sometimes inaccurate) it has only been tested
-for certain common S/MIME ciphers (\s-1RC2\s0, \s-1DES\s0, triple \s-1DES\s0) in \s-1CBC\s0 mode.
+for certain common S/MIME ciphers (\s-1RC2, DES,\s0 triple \s-1DES\s0) in \s-1CBC\s0 mode.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Get the number of rounds used in \s-1RC5:\s0
@@ -570,7 +579,7 @@ utility with the command line:
\& S<openssl bf \-in cipher.bin \-K 000102030405060708090A0B0C0D0E0F \-iv 0102030405060708 \-d>
.Ve
.PP
-General encryption, decryption function example using \s-1FILE\s0 I/O and \s-1RC2\s0 with an
+General encryption, decryption function example using \s-1FILE I/O\s0 and \s-1RC2\s0 with an
80 bit key:
.PP
.Vb 10
Index: secure/lib/libcrypto/man/EVP_OpenInit.3
===================================================================
--- secure/lib/libcrypto/man/EVP_OpenInit.3 (revision 279126)
+++ secure/lib/libcrypto/man/EVP_OpenInit.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_OpenInit 3"
-.TH EVP_OpenInit 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH EVP_OpenInit 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -163,7 +172,7 @@ page.
It is possible to call \fIEVP_OpenInit()\fR twice in the same way as
\&\fIEVP_DecryptInit()\fR. The first call should have \fBpriv\fR set to \s-1NULL\s0
and (after setting any cipher parameters) it should be called again
-with \fBtype\fR set to \s-1NULL\s0.
+with \fBtype\fR set to \s-1NULL.\s0
.PP
If the cipher passed in the \fBtype\fR parameter is a variable length
cipher then the key length will be set to the value of the recovered
Index: secure/lib/libcrypto/man/EVP_PKEY_new.3
===================================================================
--- secure/lib/libcrypto/man/EVP_PKEY_new.3 (revision 279126)
+++ secure/lib/libcrypto/man/EVP_PKEY_new.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_new 3"
-.TH EVP_PKEY_new 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH EVP_PKEY_new 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
===================================================================
--- secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 (revision 279126)
+++ secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_set1_RSA 3"
-.TH EVP_PKEY_set1_RSA 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH EVP_PKEY_set1_RSA 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -172,8 +181,8 @@ will be freed when the parent \fBpkey\fR is freed.
.PP
\&\fIEVP_PKEY_type()\fR returns the type of key corresponding to the value
\&\fBtype\fR. The type of a key can be obtained with
-EVP_PKEY_type(pkey\->type). The return value will be \s-1EVP_PKEY_RSA\s0,
-\&\s-1EVP_PKEY_DSA\s0, \s-1EVP_PKEY_DH\s0 or \s-1EVP_PKEY_EC\s0 for the corresponding
+EVP_PKEY_type(pkey\->type). The return value will be \s-1EVP_PKEY_RSA,
+EVP_PKEY_DSA, EVP_PKEY_DH\s0 or \s-1EVP_PKEY_EC\s0 for the corresponding
key types or NID_undef if the key type is unassigned.
.SH "NOTES"
.IX Header "NOTES"
Index: secure/lib/libcrypto/man/EVP_SealInit.3
===================================================================
--- secure/lib/libcrypto/man/EVP_SealInit.3 (revision 279126)
+++ secure/lib/libcrypto/man/EVP_SealInit.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_SealInit 3"
-.TH EVP_SealInit 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH EVP_SealInit 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,12 +156,12 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- EVP
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1EVP\s0 envelope routines are a high level interface to envelope
-encryption. They generate a random key and \s-1IV\s0 (if required) then
+encryption. They generate a random key and \s-1IV \s0(if required) then
\&\*(L"envelope\*(R" it by using public key encryption. Data can then be
encrypted using this key.
.PP
\&\fIEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption
-with cipher \fBtype\fR using a random secret key and \s-1IV\s0. \fBtype\fR is normally
+with cipher \fBtype\fR using a random secret key and \s-1IV. \s0\fBtype\fR is normally
supplied by a function such as \fIEVP_des_cbc()\fR. The secret key is encrypted
using one or more public keys, this allows the same encrypted data to be
decrypted using any of the corresponding private keys. \fBek\fR is an array of
@@ -163,7 +172,7 @@ size of each encrypted secret key is written to th
an array of \fBnpubk\fR public keys.
.PP
The \fBiv\fR parameter is a buffer where the generated \s-1IV\s0 is written to. It must
-contain enough room for the corresponding cipher's \s-1IV\s0, as determined by (for
+contain enough room for the corresponding cipher's \s-1IV,\s0 as determined by (for
example) EVP_CIPHER_iv_length(type).
.PP
If the cipher does not require an \s-1IV\s0 then the \fBiv\fR parameter is ignored
@@ -196,7 +205,7 @@ using public key encryption.
It is possible to call \fIEVP_SealInit()\fR twice in the same way as
\&\fIEVP_EncryptInit()\fR. The first call should have \fBnpubk\fR set to 0
and (after setting any cipher parameters) it should be called again
-with \fBtype\fR set to \s-1NULL\s0.
+with \fBtype\fR set to \s-1NULL.\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIevp\fR\|(3), \fIrand\fR\|(3),
Index: secure/lib/libcrypto/man/EVP_SignInit.3
===================================================================
--- secure/lib/libcrypto/man/EVP_SignInit.3 (revision 279126)
+++ secure/lib/libcrypto/man/EVP_SignInit.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_SignInit 3"
-.TH EVP_SignInit 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH EVP_SignInit 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,7 +159,7 @@ The \s-1EVP\s0 signature routines are a high level
signatures.
.PP
\&\fIEVP_SignInit_ex()\fR sets up signing context \fBctx\fR to use digest
-\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized with
+\&\fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized with
\&\fIEVP_MD_CTX_init()\fR before calling this function.
.PP
\&\fIEVP_SignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
Index: secure/lib/libcrypto/man/EVP_VerifyInit.3
===================================================================
--- secure/lib/libcrypto/man/EVP_VerifyInit.3 (revision 279126)
+++ secure/lib/libcrypto/man/EVP_VerifyInit.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_VerifyInit 3"
-.TH EVP_VerifyInit 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH EVP_VerifyInit 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,7 +157,7 @@ The \s-1EVP\s0 signature verification routines are
signatures.
.PP
\&\fIEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest
-\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized by calling
+\&\fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized by calling
\&\fIEVP_MD_CTX_init()\fR before calling this function.
.PP
\&\fIEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
Index: secure/lib/libcrypto/man/OBJ_nid2obj.3
===================================================================
--- secure/lib/libcrypto/man/OBJ_nid2obj.3 (revision 279126)
+++ secure/lib/libcrypto/man/OBJ_nid2obj.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "OBJ_nid2obj 3"
-.TH OBJ_nid2obj 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH OBJ_nid2obj 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -160,9 +169,9 @@ functions
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1ASN1\s0 object utility functions process \s-1ASN1_OBJECT\s0 structures which are
-a representation of the \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0 (\s-1OID\s0) type.
+a representation of the \s-1ASN1 OBJECT IDENTIFIER \s0(\s-1OID\s0) type.
.PP
-\&\fIOBJ_nid2obj()\fR, \fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR convert the \s-1NID\s0 \fBn\fR to
+\&\fIOBJ_nid2obj()\fR, \fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR convert the \s-1NID \s0\fBn\fR to
an \s-1ASN1_OBJECT\s0 structure, its long name and its short name respectively,
or \fB\s-1NULL\s0\fR is an error occurred.
.PP
@@ -223,7 +232,7 @@ Objects which are not in the table have the \s-1NI
.PP
Objects do not need to be in the internal tables to be processed,
the functions \fIOBJ_txt2obj()\fR and \fIOBJ_obj2txt()\fR can process the numerical
-form of an \s-1OID\s0.
+form of an \s-1OID.\s0
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Create an object for \fBcommonName\fR:
Index: secure/lib/libcrypto/man/OPENSSL_Applink.3
===================================================================
--- secure/lib/libcrypto/man/OPENSSL_Applink.3 (revision 279126)
+++ secure/lib/libcrypto/man/OPENSSL_Applink.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL_Applink 3"
-.TH OPENSSL_Applink 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH OPENSSL_Applink 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
===================================================================
--- secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 (revision 279126)
+++ secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL_VERSION_NUMBER 3"
-.TH OPENSSL_VERSION_NUMBER 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH OPENSSL_VERSION_NUMBER 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -205,8 +214,8 @@ The \*(L"Configure\*(R" target of the library buil
if available or \*(L"platform: information not available\*(R" otherwise.
.IP "\s-1SSLEAY_DIR\s0" 4
.IX Item "SSLEAY_DIR"
-The \*(L"\s-1OPENSSLDIR\s0\*(R" setting of the library build in the form \*(L"\s-1OPENSSLDIR:\s0 \*(R"..."\*(L"
-if available or \*(R"\s-1OPENSSLDIR:\s0 N/A" otherwise.
+The \*(L"\s-1OPENSSLDIR\*(R"\s0 setting of the library build in the form \*(L"\s-1OPENSSLDIR: \*(R"..."\*(L"\s0
+if available or \*(R"\s-1OPENSSLDIR: N/A"\s0 otherwise.
.PP
For an unknown \fBt\fR, the text \*(L"not available\*(R" is returned.
.SH "RETURN VALUE"
Index: secure/lib/libcrypto/man/OPENSSL_config.3
===================================================================
--- secure/lib/libcrypto/man/OPENSSL_config.3 (revision 279126)
+++ secure/lib/libcrypto/man/OPENSSL_config.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL_config 3"
-.TH OPENSSL_config 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH OPENSSL_config 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/OPENSSL_ia32cap.3
===================================================================
--- secure/lib/libcrypto/man/OPENSSL_ia32cap.3 (revision 279126)
+++ secure/lib/libcrypto/man/OPENSSL_ia32cap.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL_ia32cap 3"
-.TH OPENSSL_ia32cap 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH OPENSSL_ia32cap 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -159,7 +168,7 @@ significant, namely:
.PP
For example, clearing bit #26 at run-time disables high-performance
\&\s-1SSE2\s0 code present in the crypto library. You might have to do this if
-target OpenSSL application is executed on \s-1SSE2\s0 capable \s-1CPU\s0, but under
+target OpenSSL application is executed on \s-1SSE2\s0 capable \s-1CPU,\s0 but under
control of \s-1OS\s0 which does not support \s-1SSE2\s0 extentions. Even though you
can manipulate the value programmatically, you most likely will find it
more appropriate to set up an environment variable with the same name
Index: secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
===================================================================
--- secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 (revision 279126)
+++ secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL_load_builtin_modules 3"
-.TH OPENSSL_load_builtin_modules 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH OPENSSL_load_builtin_modules 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -146,7 +155,7 @@ The function \fIOPENSSL_load_builtin_modules()\fR
configuration modules to the internal list. They can then be used by the
OpenSSL configuration code.
.PP
-\&\fIASN1_add_oid_module()\fR adds just the \s-1ASN1\s0 \s-1OBJECT\s0 module.
+\&\fIASN1_add_oid_module()\fR adds just the \s-1ASN1 OBJECT\s0 module.
.PP
\&\fIENGINE_add_conf_module()\fR adds just the \s-1ENGINE\s0 configuration module.
.SH "NOTES"
Index: secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
===================================================================
--- secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 (revision 279126)
+++ secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "OpenSSL_add_all_algorithms 3"
-.TH OpenSSL_add_all_algorithms 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH OpenSSL_add_all_algorithms 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -171,7 +180,7 @@ needs to lookup algorithms.
.PP
The cipher and digest lookup functions are used in many parts of the library. If
the table is not initialized several functions will misbehave and complain they
-cannot find algorithms. This includes the \s-1PEM\s0, PKCS#12, \s-1SSL\s0 and S/MIME libraries.
+cannot find algorithms. This includes the \s-1PEM,\s0 PKCS#12, \s-1SSL\s0 and S/MIME libraries.
This is a common query in the OpenSSL mailing lists.
.PP
Calling \fIOpenSSL_add_all_algorithms()\fR links in all algorithms: as a result a
Index: secure/lib/libcrypto/man/PKCS12_create.3
===================================================================
--- secure/lib/libcrypto/man/PKCS12_create.3 (revision 279126)
+++ secure/lib/libcrypto/man/PKCS12_create.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS12_create 3"
-.TH PKCS12_create 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH PKCS12_create 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -158,15 +167,15 @@ The parameters \fBnid_key\fR, \fBnid_cert\fR, \fBi
can all be set to zero and sensible defaults will be used.
.PP
These defaults are: 40 bit \s-1RC2\s0 encryption for certificates, triple \s-1DES\s0
-encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER\s0
-(currently 2048) and a \s-1MAC\s0 iteration count of 1.
+encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER
+\&\s0(currently 2048) and a \s-1MAC\s0 iteration count of 1.
.PP
The default \s-1MAC\s0 iteration count is 1 in order to retain compatibility with
old software which did not interpret \s-1MAC\s0 iteration counts. If such compatibility
-is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER\s0.
+is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER.\s0
.PP
\&\fBkeytype\fR adds a flag to the store private key. This is a non standard extension
-that is only currently interpreted by \s-1MSIE\s0. If set to zero the flag is omitted,
+that is only currently interpreted by \s-1MSIE.\s0 If set to zero the flag is omitted,
if set to \fB\s-1KEY_SIG\s0\fR the key can be used for signing only, if set to \fB\s-1KEY_EX\s0\fR
it can be used for signing and encryption. This option was useful for old
export grade software which could use signing only keys of arbitrary size but
Index: secure/lib/libcrypto/man/PKCS12_parse.3
===================================================================
--- secure/lib/libcrypto/man/PKCS12_parse.3 (revision 279126)
+++ secure/lib/libcrypto/man/PKCS12_parse.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS12_parse 3"
-.TH PKCS12_parse 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH PKCS12_parse 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/PKCS7_decrypt.3
===================================================================
--- secure/lib/libcrypto/man/PKCS7_decrypt.3 (revision 279126)
+++ secure/lib/libcrypto/man/PKCS7_decrypt.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7_decrypt 3"
-.TH PKCS7_decrypt 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH PKCS7_decrypt 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/PKCS7_encrypt.3
===================================================================
--- secure/lib/libcrypto/man/PKCS7_encrypt.3 (revision 279126)
+++ secure/lib/libcrypto/man/PKCS7_encrypt.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7_encrypt 3"
-.TH PKCS7_encrypt 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH PKCS7_encrypt 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -153,7 +162,7 @@ be signed using the \s-1RSA\s0 algorithm.
most clients will support it.
.PP
Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 bit
-\&\s-1RC2\s0. These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR respectively.
+\&\s-1RC2.\s0 These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR respectively.
.PP
The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of its
parameters.
Index: secure/lib/libcrypto/man/PKCS7_sign.3
===================================================================
--- secure/lib/libcrypto/man/PKCS7_sign.3 (revision 279126)
+++ secure/lib/libcrypto/man/PKCS7_sign.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7_sign 3"
-.TH PKCS7_sign 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH PKCS7_sign 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -145,7 +154,7 @@ is the certificate to sign with, \fBpkey\fR is the
\&\fBcerts\fR is an optional additional set of certificates to include in the
PKCS#7 structure (for example any intermediate CAs in the chain).
.PP
-The data to be signed is read from \s-1BIO\s0 \fBdata\fR.
+The data to be signed is read from \s-1BIO \s0\fBdata\fR.
.PP
\&\fBflags\fR is an optional set of flags.
.SH "NOTES"
@@ -177,7 +186,7 @@ will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is
omitted.
.PP
If present the SMIMECapabilities attribute indicates support for the following
-algorithms: triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. If any
+algorithms: triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any
of these algorithms is disabled then it will not be included.
.PP
If the flags \fB\s-1PKCS7_PARTSIGN\s0\fR is set then the returned \fB\s-1PKCS7\s0\fR structure
Index: secure/lib/libcrypto/man/PKCS7_verify.3
===================================================================
--- secure/lib/libcrypto/man/PKCS7_verify.3 (revision 279126)
+++ secure/lib/libcrypto/man/PKCS7_verify.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7_verify 3"
-.TH PKCS7_verify 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH PKCS7_verify 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +156,7 @@ structure to verify. \fBcerts\fR is a set of certi
the signer's certificate. \fBstore\fR is a trusted certficate store (used for
chain verification). \fBindata\fR is the signed data if the content is not
present in \fBp7\fR (that is it is detached). The content is written to \fBout\fR
-if it is not \s-1NULL\s0.
+if it is not \s-1NULL.\s0
.PP
\&\fBflags\fR is an optional set of flags, which can be used to modify the verify
operation.
Index: secure/lib/libcrypto/man/RAND_add.3
===================================================================
--- secure/lib/libcrypto/man/RAND_add.3 (revision 279126)
+++ secure/lib/libcrypto/man/RAND_add.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_add 3"
-.TH RAND_add 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH RAND_add 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -156,7 +165,7 @@ key presses, mouse movements) and certain hardware
\&\fBentropy\fR argument is (the lower bound of) an estimate of how much
randomness is contained in \fBbuf\fR, measured in bytes. Details about
sources of randomness and how to estimate their entropy can be found
-in the literature, e.g. \s-1RFC\s0 1750.
+in the literature, e.g. \s-1RFC 1750.\s0
.PP
\&\fIRAND_add()\fR may be called with sensitive data such as user entered
passwords. The seed values cannot be recovered from the \s-1PRNG\s0 output.
@@ -174,11 +183,11 @@ or \fIRAND_load_file\fR\|(3).
movements and other user interaction. It should be called with the
\&\fBiMsg\fR, \fBwParam\fR and \fBlParam\fR arguments of \fIall\fR messages sent to
the window procedure. It will estimate the entropy contained in the
-event message (if any), and add it to the \s-1PRNG\s0. The program can then
+event message (if any), and add it to the \s-1PRNG.\s0 The program can then
process the messages as usual.
.PP
The \fIRAND_screen()\fR function is available for the convenience of Windows
-programmers. It adds the current contents of the screen to the \s-1PRNG\s0.
+programmers. It adds the current contents of the screen to the \s-1PRNG.\s0
For applications that can catch Windows events, seeding the \s-1PRNG\s0 by
calling \fIRAND_event()\fR is a significantly better source of
randomness. It should be noted that both methods cannot be used on
Index: secure/lib/libcrypto/man/RAND_bytes.3
===================================================================
--- secure/lib/libcrypto/man/RAND_bytes.3 (revision 279126)
+++ secure/lib/libcrypto/man/RAND_bytes.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_bytes 3"
-.TH RAND_bytes 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH RAND_bytes 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/RAND_cleanup.3
===================================================================
--- secure/lib/libcrypto/man/RAND_cleanup.3 (revision 279126)
+++ secure/lib/libcrypto/man/RAND_cleanup.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_cleanup 3"
-.TH RAND_cleanup 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH RAND_cleanup 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -140,7 +149,7 @@ RAND_cleanup \- erase the PRNG state
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIRAND_cleanup()\fR erases the memory used by the \s-1PRNG\s0.
+\&\fIRAND_cleanup()\fR erases the memory used by the \s-1PRNG.\s0
.SH "RETURN VALUE"
.IX Header "RETURN VALUE"
\&\fIRAND_cleanup()\fR returns no value.
Index: secure/lib/libcrypto/man/RAND_egd.3
===================================================================
--- secure/lib/libcrypto/man/RAND_egd.3 (revision 279126)
+++ secure/lib/libcrypto/man/RAND_egd.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_egd 3"
-.TH RAND_egd 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH RAND_egd 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -145,12 +154,12 @@ RAND_egd \- query entropy gathering daemon
.IX Header "DESCRIPTION"
\&\fIRAND_egd()\fR queries the entropy gathering daemon \s-1EGD\s0 on socket \fBpath\fR.
It queries 255 bytes and uses \fIRAND_add\fR\|(3) to seed the
-OpenSSL built-in \s-1PRNG\s0. RAND_egd(path) is a wrapper for
+OpenSSL built-in \s-1PRNG.\s0 RAND_egd(path) is a wrapper for
RAND_egd_bytes(path, 255);
.PP
\&\fIRAND_egd_bytes()\fR queries the entropy gathering daemon \s-1EGD\s0 on socket \fBpath\fR.
It queries \fBbytes\fR bytes and uses \fIRAND_add\fR\|(3) to seed the
-OpenSSL built-in \s-1PRNG\s0.
+OpenSSL built-in \s-1PRNG.\s0
This function is more flexible than \fIRAND_egd()\fR.
When only one secret key must
be generated, it is not necessary to request the full amount 255 bytes from
@@ -159,7 +168,7 @@ that can be retrieved from \s-1EGD\s0 over time is
.PP
\&\fIRAND_query_egd_bytes()\fR performs the actual query of the \s-1EGD\s0 daemon on socket
\&\fBpath\fR. If \fBbuf\fR is given, \fBbytes\fR bytes are queried and written into
-\&\fBbuf\fR. If \fBbuf\fR is \s-1NULL\s0, \fBbytes\fR bytes are queried and used to seed the
+\&\fBbuf\fR. If \fBbuf\fR is \s-1NULL, \s0\fBbytes\fR bytes are queried and used to seed the
OpenSSL built-in \s-1PRNG\s0 using \fIRAND_add\fR\|(3).
.SH "NOTES"
.IX Header "NOTES"
@@ -191,7 +200,7 @@ is located at /var/run/egd\-pool, /dev/egd\-pool o
.IX Header "RETURN VALUE"
\&\fIRAND_egd()\fR and \fIRAND_egd_bytes()\fR return the number of bytes read from the
daemon on success, and \-1 if the connection failed or the daemon did not
-return enough data to fully seed the \s-1PRNG\s0.
+return enough data to fully seed the \s-1PRNG.\s0
.PP
\&\fIRAND_query_egd_bytes()\fR returns the number of bytes read from the daemon on
success, and \-1 if the connection failed. The \s-1PRNG\s0 state is not considered.
Index: secure/lib/libcrypto/man/RAND_load_file.3
===================================================================
--- secure/lib/libcrypto/man/RAND_load_file.3 (revision 279126)
+++ secure/lib/libcrypto/man/RAND_load_file.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_load_file 3"
-.TH RAND_load_file 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH RAND_load_file 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -151,7 +160,7 @@ set, \f(CW$HOME\fR/.rnd otherwise. If \f(CW$HOME\f
too small for the path name, an error occurs.
.PP
\&\fIRAND_load_file()\fR reads a number of bytes from file \fBfilename\fR and
-adds them to the \s-1PRNG\s0. If \fBmax_bytes\fR is non-negative,
+adds them to the \s-1PRNG.\s0 If \fBmax_bytes\fR is non-negative,
up to to \fBmax_bytes\fR are read; starting with OpenSSL 0.9.5,
if \fBmax_bytes\fR is \-1, the complete file is read.
.PP
Index: secure/lib/libcrypto/man/RAND_set_rand_method.3
===================================================================
--- secure/lib/libcrypto/man/RAND_set_rand_method.3 (revision 279126)
+++ secure/lib/libcrypto/man/RAND_set_rand_method.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_set_rand_method 3"
-.TH RAND_set_rand_method 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH RAND_set_rand_method 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +156,7 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_S
A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random number
generation. By modifying the method, alternative implementations such as
hardware RNGs may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for important
-information about how these \s-1RAND\s0 \s-1API\s0 functions are affected by the use of
+information about how these \s-1RAND API\s0 functions are affected by the use of
\&\fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
.PP
Initially, the default \s-1RAND_METHOD\s0 is the OpenSSL internal implementation, as
@@ -154,12 +163,12 @@ Initially, the default \s-1RAND_METHOD\s0 is the O
returned by \fIRAND_SSLeay()\fR.
.PP
\&\fIRAND_set_default_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use. \fB\s-1NB\s0\fR: This is
-true only whilst no \s-1ENGINE\s0 has been set as a default for \s-1RAND\s0, so this function
+true only whilst no \s-1ENGINE\s0 has been set as a default for \s-1RAND,\s0 so this function
is no longer recommended.
.PP
-\&\fIRAND_get_default_method()\fR returns a pointer to the current \s-1RAND_METHOD\s0.
-However, the meaningfulness of this result is dependent on whether the \s-1ENGINE\s0
-\&\s-1API\s0 is being used, so this function is no longer recommended.
+\&\fIRAND_get_default_method()\fR returns a pointer to the current \s-1RAND_METHOD.\s0
+However, the meaningfulness of this result is dependent on whether the \s-1ENGINE
+API\s0 is being used, so this function is no longer recommended.
.SH "THE RAND_METHOD STRUCTURE"
.IX Header "THE RAND_METHOD STRUCTURE"
.Vb 9
@@ -185,10 +194,10 @@ Each component may be \s-1NULL\s0 if the function
.SH "NOTES"
.IX Header "NOTES"
As of version 0.9.7, \s-1RAND_METHOD\s0 implementations are grouped together with other
-algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a
-default \s-1ENGINE\s0 is specified for \s-1RAND\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function,
-that will override any \s-1RAND\s0 defaults set using the \s-1RAND\s0 \s-1API\s0 (ie.
-\&\fIRAND_set_rand_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way
+algorithmic APIs (eg. \s-1RSA_METHOD, EVP_CIPHER,\s0 etc) in \fB\s-1ENGINE\s0\fR modules. If a
+default \s-1ENGINE\s0 is specified for \s-1RAND\s0 functionality using an \s-1ENGINE API\s0 function,
+that will override any \s-1RAND\s0 defaults set using the \s-1RAND API \s0(ie.
+\&\fIRAND_set_rand_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way
to control default implementations for use in \s-1RAND\s0 and other cryptographic
algorithms.
.SH "SEE ALSO"
@@ -201,6 +210,6 @@ available in all versions of OpenSSL.
.PP
In the engine version of version 0.9.6, \fIRAND_set_rand_method()\fR was altered to
take an \s-1ENGINE\s0 pointer as its argument. As of version 0.9.7, that has been
-reverted as the \s-1ENGINE\s0 \s-1API\s0 transparently overrides \s-1RAND\s0 defaults if used,
-otherwise \s-1RAND\s0 \s-1API\s0 functions work as before. \fIRAND_set_rand_engine()\fR was also
+reverted as the \s-1ENGINE API\s0 transparently overrides \s-1RAND\s0 defaults if used,
+otherwise \s-1RAND API\s0 functions work as before. \fIRAND_set_rand_engine()\fR was also
introduced in version 0.9.7.
Index: secure/lib/libcrypto/man/RSA_blinding_on.3
===================================================================
--- secure/lib/libcrypto/man/RSA_blinding_on.3 (revision 279126)
+++ secure/lib/libcrypto/man/RSA_blinding_on.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_blinding_on 3"
-.TH RSA_blinding_on 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH RSA_blinding_on 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/RSA_check_key.3
===================================================================
--- secure/lib/libcrypto/man/RSA_check_key.3 (revision 279126)
+++ secure/lib/libcrypto/man/RSA_check_key.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_check_key 3"
-.TH RSA_check_key 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH RSA_check_key 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -173,7 +182,7 @@ acceleration or analysis purposes, then in all lik
is complete and untouched, but this can't be assumed in the general case.
.SH "BUGS"
.IX Header "BUGS"
-A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA\s0 \s-1API\s0 functions might need
+A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA API\s0 functions might need
to be considered. Right now \fIRSA_check_key()\fR simply uses the \s-1RSA\s0 structure
elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and
completely violating encapsulation and object-orientation in the process).
Index: secure/lib/libcrypto/man/RSA_generate_key.3
===================================================================
--- secure/lib/libcrypto/man/RSA_generate_key.3 (revision 279126)
+++ secure/lib/libcrypto/man/RSA_generate_key.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_generate_key 3"
-.TH RSA_generate_key 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH RSA_generate_key 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/RSA_get_ex_new_index.3
===================================================================
--- secure/lib/libcrypto/man/RSA_get_ex_new_index.3 (revision 279126)
+++ secure/lib/libcrypto/man/RSA_get_ex_new_index.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_get_ex_new_index 3"
-.TH RSA_get_ex_new_index 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH RSA_get_ex_new_index 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -166,7 +175,7 @@ The \fB\f(BIRSA_get_ex_new_index()\fB\fR function
new application specific data. It takes three optional function pointers which
are called when the parent structure (in this case an \s-1RSA\s0 structure) is
initially created, when it is copied and when it is freed up. If any or all of
-these function pointer arguments are not used they should be set to \s-1NULL\s0. The
+these function pointer arguments are not used they should be set to \s-1NULL.\s0 The
precise manner in which these function pointers are called is described in more
detail below. \fB\f(BIRSA_get_ex_new_index()\fB\fR also takes additional long and pointer
parameters which will be passed to the supplied functions but which otherwise
Index: secure/lib/libcrypto/man/RSA_new.3
===================================================================
--- secure/lib/libcrypto/man/RSA_new.3 (revision 279126)
+++ secure/lib/libcrypto/man/RSA_new.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_new 3"
-.TH RSA_new 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH RSA_new 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
===================================================================
--- secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 (revision 279126)
+++ secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_padding_add_PKCS1_type_1 3"
-.TH RSA_padding_add_PKCS1_type_1 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH RSA_padding_add_PKCS1_type_1 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/RSA_print.3
===================================================================
--- secure/lib/libcrypto/man/RSA_print.3 (revision 279126)
+++ secure/lib/libcrypto/man/RSA_print.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_print 3"
-.TH RSA_print 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH RSA_print 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/RSA_private_encrypt.3
===================================================================
--- secure/lib/libcrypto/man/RSA_private_encrypt.3 (revision 279126)
+++ secure/lib/libcrypto/man/RSA_private_encrypt.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_private_encrypt 3"
-.TH RSA_private_encrypt 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH RSA_private_encrypt 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/RSA_public_encrypt.3
===================================================================
--- secure/lib/libcrypto/man/RSA_public_encrypt.3 (revision 279126)
+++ secure/lib/libcrypto/man/RSA_public_encrypt.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_public_encrypt 3"
-.TH RSA_public_encrypt 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH RSA_public_encrypt 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -154,7 +163,7 @@ session key) using the public key \fBrsa\fR and st
\&\s-1PKCS\s0 #1 v1.5 padding. This currently is the most widely used mode.
.IP "\s-1RSA_PKCS1_OAEP_PADDING\s0" 4
.IX Item "RSA_PKCS1_OAEP_PADDING"
-EME-OAEP as defined in \s-1PKCS\s0 #1 v2.0 with \s-1SHA\-1\s0, \s-1MGF1\s0 and an empty
+EME-OAEP as defined in \s-1PKCS\s0 #1 v2.0 with \s-1SHA\-1, MGF1\s0 and an empty
encoding parameter. This mode is recommended for all new applications.
.IP "\s-1RSA_SSLV23_PADDING\s0" 4
.IX Item "RSA_SSLV23_PADDING"
@@ -168,7 +177,7 @@ Encrypting user data directly with \s-1RSA\s0 is i
.PP
\&\fBflen\fR must be less than RSA_size(\fBrsa\fR) \- 11 for the \s-1PKCS\s0 #1 v1.5
based padding modes, less than RSA_size(\fBrsa\fR) \- 41 for
-\&\s-1RSA_PKCS1_OAEP_PADDING\s0 and exactly RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING\s0.
+\&\s-1RSA_PKCS1_OAEP_PADDING\s0 and exactly RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING.\s0
The random number generator must be seeded prior to calling
\&\fIRSA_public_encrypt()\fR.
.PP
@@ -187,7 +196,7 @@ On error, \-1 is returned; the error codes can be
obtained by \fIERR_get_error\fR\|(3).
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0
+\&\s-1SSL, PKCS\s0 #1 v2.0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fIrand\fR\|(3), \fIrsa\fR\|(3),
Index: secure/lib/libcrypto/man/RSA_set_method.3
===================================================================
--- secure/lib/libcrypto/man/RSA_set_method.3 (revision 279126)
+++ secure/lib/libcrypto/man/RSA_set_method.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_set_method 3"
-.TH RSA_set_method 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH RSA_set_method 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -159,7 +168,7 @@ RSA_new_method \- select RSA method
An \fB\s-1RSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1RSA\s0
operations. By modifying the method, alternative implementations such as
hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for
-important information about how these \s-1RSA\s0 \s-1API\s0 functions are affected by the
+important information about how these \s-1RSA API\s0 functions are affected by the
use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
.PP
Initially, the default \s-1RSA_METHOD\s0 is the OpenSSL internal implementation,
@@ -167,16 +176,16 @@ as returned by \fIRSA_PKCS1_SSLeay()\fR.
.PP
\&\fIRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0
structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has
-been set as a default for \s-1RSA\s0, so this function is no longer recommended.
+been set as a default for \s-1RSA,\s0 so this function is no longer recommended.
.PP
\&\fIRSA_get_default_method()\fR returns a pointer to the current default
-\&\s-1RSA_METHOD\s0. However, the meaningfulness of this result is dependent on
-whether the \s-1ENGINE\s0 \s-1API\s0 is being used, so this function is no longer
+\&\s-1RSA_METHOD.\s0 However, the meaningfulness of this result is dependent on
+whether the \s-1ENGINE API\s0 is being used, so this function is no longer
recommended.
.PP
\&\fIRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key
\&\fBrsa\fR. This will replace the \s-1RSA_METHOD\s0 used by the \s-1RSA\s0 key and if the
-previous method was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will
+previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will
be released during the change. It is possible to have \s-1RSA\s0 keys that only
work with certain \s-1RSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module
that supports embedded hardware-protected keys), and in such cases
@@ -190,10 +199,10 @@ it is, the return value can only be guaranteed to
\&\fIRSA_set_method()\fR.
.PP
\&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current
-\&\s-1RSA_METHOD\s0. See the \s-1BUGS\s0 section.
+\&\s-1RSA_METHOD.\s0 See the \s-1BUGS\s0 section.
.PP
\&\fIRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that
-\&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL\s0, the
+\&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the
default \s-1ENGINE\s0 for \s-1RSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set,
the \s-1RSA_METHOD\s0 controlled by \fIRSA_set_default_method()\fR is used.
.PP
@@ -253,14 +262,18 @@ the default method is used.
\& /* sign. For backward compatibility, this is used only
\& * if (flags & RSA_FLAG_SIGN_VER)
\& */
-\& int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
-\& unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-\&
+\& int (*rsa_sign)(int type,
+\& const unsigned char *m, unsigned int m_length,
+\& unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
\& /* verify. For backward compatibility, this is used only
\& * if (flags & RSA_FLAG_SIGN_VER)
\& */
-\& int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len,
-\& unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+\& int (*rsa_verify)(int dtype,
+\& const unsigned char *m, unsigned int m_length,
+\& const unsigned char *sigbuf, unsigned int siglen,
+\& const RSA *rsa);
+\& /* keygen. If NULL builtin RSA key generation will be used */
+\& int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
\&
\& } RSA_METHOD;
.Ve
@@ -273,7 +286,7 @@ and \fIRSA_get_method()\fR return pointers to the
.PP
\&\fIRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation
that was replaced. However, this return value should probably be ignored
-because if it was supplied by an \s-1ENGINE\s0, the pointer could be invalidated
+because if it was supplied by an \s-1ENGINE,\s0 the pointer could be invalidated
at any time if the \s-1ENGINE\s0 is unloaded (in fact it could be unloaded as a
result of the \fIRSA_set_method()\fR function releasing its handle to the
\&\s-1ENGINE\s0). For this reason, the return type may be replaced with a \fBvoid\fR
@@ -285,10 +298,10 @@ it returns a pointer to the newly allocated struct
.SH "NOTES"
.IX Header "NOTES"
As of version 0.9.7, \s-1RSA_METHOD\s0 implementations are grouped together with
-other algorithmic APIs (eg. \s-1DSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) into \fB\s-1ENGINE\s0\fR
+other algorithmic APIs (eg. \s-1DSA_METHOD, EVP_CIPHER,\s0 etc) into \fB\s-1ENGINE\s0\fR
modules. If a default \s-1ENGINE\s0 is specified for \s-1RSA\s0 functionality using an
-\&\s-1ENGINE\s0 \s-1API\s0 function, that will override any \s-1RSA\s0 defaults set using the \s-1RSA\s0
-\&\s-1API\s0 (ie. \fIRSA_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the
+\&\s-1ENGINE API\s0 function, that will override any \s-1RSA\s0 defaults set using the \s-1RSA
+API \s0(ie. \fIRSA_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the
recommended way to control default implementations for use in \s-1RSA\s0 and other
cryptographic algorithms.
.SH "BUGS"
@@ -316,9 +329,9 @@ added in OpenSSL 0.9.4.
replaced \fIRSA_set_default_method()\fR and \fIRSA_get_default_method()\fR
respectively, and \fIRSA_set_method()\fR and \fIRSA_new_method()\fR were altered to use
\&\fB\s-1ENGINE\s0\fRs rather than \fB\s-1RSA_METHOD\s0\fRs during development of the engine
-version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the \s-1ENGINE\s0
-\&\s-1API\s0 was restructured so that this change was reversed, and behaviour of the
+version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the \s-1ENGINE
+API\s0 was restructured so that this change was reversed, and behaviour of the
other functions resembled more closely the previous behaviour. The
-behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now transparently overrides the
-behaviour of defaults in the \s-1RSA\s0 \s-1API\s0 without requiring changing these
+behaviour of defaults in the \s-1ENGINE API\s0 now transparently overrides the
+behaviour of defaults in the \s-1RSA API\s0 without requiring changing these
function prototypes.
Index: secure/lib/libcrypto/man/RSA_sign.3
===================================================================
--- secure/lib/libcrypto/man/RSA_sign.3 (revision 279126)
+++ secure/lib/libcrypto/man/RSA_sign.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_sign 3"
-.TH RSA_sign 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH RSA_sign 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,6 +157,10 @@ RSA_sign, RSA_verify \- RSA signatures
private key \fBrsa\fR as specified in \s-1PKCS\s0 #1 v2.0. It stores the
signature in \fBsigret\fR and the signature size in \fBsiglen\fR. \fBsigret\fR
must point to RSA_size(\fBrsa\fR) bytes of memory.
+Note that \s-1PKCS\s0 #1 adds meta-data, placing limits on the size of the
+key that can be used.
+See \fIRSA_private_encrypt\fR\|(3) for lower-level
+operations.
.PP
\&\fBtype\fR denotes the message digest algorithm that was used to generate
\&\fBm\fR. It usually is one of \fBNID_sha1\fR, \fBNID_ripemd160\fR and \fBNID_md5\fR;
@@ -171,7 +184,7 @@ Certain signatures with an improper algorithm iden
for compatibility with SSLeay 0.4.5 :\-)
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0
+\&\s-1SSL, PKCS\s0 #1 v2.0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fIobjects\fR\|(3),
Index: secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
===================================================================
--- secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 (revision 279126)
+++ secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_sign_ASN1_OCTET_STRING 3"
-.TH RSA_sign_ASN1_OCTET_STRING 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH RSA_sign_ASN1_OCTET_STRING 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/RSA_size.3
===================================================================
--- secure/lib/libcrypto/man/RSA_size.3 (revision 279126)
+++ secure/lib/libcrypto/man/RSA_size.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_size 3"
-.TH RSA_size 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH RSA_size 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/SMIME_read_PKCS7.3
===================================================================
--- secure/lib/libcrypto/man/SMIME_read_PKCS7.3 (revision 279126)
+++ secure/lib/libcrypto/man/SMIME_read_PKCS7.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SMIME_read_PKCS7 3"
-.TH SMIME_read_PKCS7 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SMIME_read_PKCS7 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/SMIME_write_PKCS7.3
===================================================================
--- secure/lib/libcrypto/man/SMIME_write_PKCS7.3 (revision 279126)
+++ secure/lib/libcrypto/man/SMIME_write_PKCS7.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SMIME_write_PKCS7 3"
-.TH SMIME_write_PKCS7 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SMIME_write_PKCS7 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
===================================================================
--- secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 (revision 279126)
+++ secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509_NAME_ENTRY_get_object 3"
-.TH X509_NAME_ENTRY_get_object 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH X509_NAME_ENTRY_get_object 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
===================================================================
--- secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 (revision 279126)
+++ secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509_NAME_add_entry_by_txt 3"
-.TH X509_NAME_add_entry_by_txt 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH X509_NAME_add_entry_by_txt 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -151,7 +160,7 @@ X509_NAME_add_entry, X509_NAME_delete_entry \- X50
.IX Header "DESCRIPTION"
\&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR and
\&\fIX509_NAME_add_entry_by_NID()\fR add a field whose name is defined
-by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID\s0 \fBnid\fR respectively.
+by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID \s0\fBnid\fR respectively.
The field value to be added is in \fBbytes\fR of length \fBlen\fR. If
\&\fBlen\fR is \-1 then the field length is calculated internally using
strlen(bytes).
Index: secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
===================================================================
--- secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 (revision 279126)
+++ secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509_NAME_get_index_by_NID 3"
-.TH X509_NAME_get_index_by_NID 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH X509_NAME_get_index_by_NID 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -151,7 +160,7 @@ X509_NAME lookup and enumeration functions
.IX Header "DESCRIPTION"
These functions allow an \fBX509_NAME\fR structure to be examined. The
\&\fBX509_NAME\fR structure is the same as the \fBName\fR type defined in
-\&\s-1RFC2459\s0 (and elsewhere) and used for example in certificate subject
+\&\s-1RFC2459 \s0(and elsewhere) and used for example in certificate subject
and issuer names.
.PP
\&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR retrieve
Index: secure/lib/libcrypto/man/X509_NAME_print_ex.3
===================================================================
--- secure/lib/libcrypto/man/X509_NAME_print_ex.3 (revision 279126)
+++ secure/lib/libcrypto/man/X509_NAME_print_ex.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509_NAME_print_ex 3"
-.TH X509_NAME_print_ex 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH X509_NAME_print_ex 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -144,7 +153,7 @@ X509_NAME_oneline \- X509_NAME printing routines.
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO\s0 \fBout\fR. Each
+\&\fIX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO \s0\fBout\fR. Each
line (for multiline formats) is indented by \fBindent\fR spaces. The output format
can be extensively customised by use of the \fBflags\fR parameter.
.PP
@@ -169,7 +178,7 @@ Although there are a large number of possible flag
\&\fB\s-1XN_FLAG_ONELINE\s0\fR, \fB\s-1XN_FLAG_MULTILINE\s0\fR or \fB\s-1XN_FLAG_RFC2253\s0\fR will suffice.
As noted on the \fIASN1_STRING_print_ex\fR\|(3) manual page
for \s-1UTF8\s0 terminals the \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR should be unset: so for example
-\&\fB\s-1XN_FLAG_ONELINE\s0 & ~ASN1_STRFLGS_ESC_MSB\fR would be used.
+\&\fB\s-1XN_FLAG_ONELINE &\s0 ~ASN1_STRFLGS_ESC_MSB\fR would be used.
.PP
The complete set of the flags supported by \fIX509_NAME_print_ex()\fR is listed below.
.PP
@@ -178,7 +187,7 @@ Several options can be ored together.
The options \fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR, \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR,
\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR and \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR determine the field separators
to use. Two distinct separators are used between distinct RelativeDistinguishedName
-components and separate values in the same \s-1RDN\s0 for a multi-valued \s-1RDN\s0. Multi-valued
+components and separate values in the same \s-1RDN\s0 for a multi-valued \s-1RDN.\s0 Multi-valued
RDNs are currently very rare so the second separator will hardly ever be used.
.PP
\&\fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR uses comma and plus as separators. \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR
Index: secure/lib/libcrypto/man/X509_new.3
===================================================================
--- secure/lib/libcrypto/man/X509_new.3 (revision 279126)
+++ secure/lib/libcrypto/man/X509_new.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509_new 3"
-.TH X509_new 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH X509_new 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/bio.3
===================================================================
--- secure/lib/libcrypto/man/bio.3 (revision 279126)
+++ secure/lib/libcrypto/man/bio.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "bio 3"
-.TH bio 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH bio 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -145,10 +154,10 @@ details from an application. If an application use
I/O it can transparently handle \s-1SSL\s0 connections, unencrypted network
connections and file I/O.
.PP
-There are two type of \s-1BIO\s0, a source/sink \s-1BIO\s0 and a filter \s-1BIO\s0.
+There are two type of \s-1BIO,\s0 a source/sink \s-1BIO\s0 and a filter \s-1BIO.\s0
.PP
As its name implies a source/sink \s-1BIO\s0 is a source and/or sink of data,
-examples include a socket \s-1BIO\s0 and a file \s-1BIO\s0.
+examples include a socket \s-1BIO\s0 and a file \s-1BIO.\s0
.PP
A filter \s-1BIO\s0 takes data from one \s-1BIO\s0 and passes it through to
another, or the application. The data may be left unmodified (for
Index: secure/lib/libcrypto/man/blowfish.3
===================================================================
--- secure/lib/libcrypto/man/blowfish.3 (revision 279126)
+++ secure/lib/libcrypto/man/blowfish.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "blowfish 3"
-.TH blowfish 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH blowfish 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -161,9 +170,9 @@ by Counterpane (see http://www.counterpane.com/blo
Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data.
It uses a variable size key, but typically, 128 bit (16 byte) keys are
considered good for strong encryption. Blowfish can be used in the same
-modes as \s-1DES\s0 (see \fIdes_modes\fR\|(7)). Blowfish is currently one
-of the faster block ciphers. It is quite a bit faster than \s-1DES\s0, and much
-faster than \s-1IDEA\s0 or \s-1RC2\s0.
+modes as \s-1DES \s0(see \fIdes_modes\fR\|(7)). Blowfish is currently one
+of the faster block ciphers. It is quite a bit faster than \s-1DES,\s0 and much
+faster than \s-1IDEA\s0 or \s-1RC2.\s0
.PP
Blowfish consists of a key setup phase and the actual encryption or decryption
phase.
@@ -183,7 +192,7 @@ all operate on variable length data. They all tak
\&\fBivec\fR which needs to be passed along into the next call of the same function
for the same message. \fBivec\fR may be initialized with anything, but the
recipient needs to know what it was initialized with, or it won't be able
-to decrypt. Some programs and protocols simplify this, like \s-1SSH\s0, where
+to decrypt. Some programs and protocols simplify this, like \s-1SSH,\s0 where
\&\fBivec\fR is simply initialized to zero.
\&\fIBF_cbc_encrypt()\fR operates on data that is a multiple of 8 bytes long, while
\&\fIBF_cfb64_encrypt()\fR and \fIBF_ofb64_encrypt()\fR are used to encrypt an variable
Index: secure/lib/libcrypto/man/bn.3
===================================================================
--- secure/lib/libcrypto/man/bn.3 (revision 279126)
+++ secure/lib/libcrypto/man/bn.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "bn 3"
-.TH bn 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH bn 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/bn_internal.3
===================================================================
--- secure/lib/libcrypto/man/bn_internal.3 (revision 279126)
+++ secure/lib/libcrypto/man/bn_internal.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "bn_internal 3"
-.TH bn_internal 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH bn_internal 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/buffer.3
===================================================================
--- secure/lib/libcrypto/man/buffer.3 (revision 279126)
+++ secure/lib/libcrypto/man/buffer.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "buffer 3"
-.TH buffer 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH buffer 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/crypto.3
===================================================================
--- secure/lib/libcrypto/man/crypto.3 (revision 279126)
+++ secure/lib/libcrypto/man/crypto.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "crypto 3"
-.TH crypto 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH crypto 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -137,8 +146,8 @@ crypto \- OpenSSL cryptographic library
.IX Header "DESCRIPTION"
The OpenSSL \fBcrypto\fR library implements a wide range of cryptographic
algorithms used in various Internet standards. The services provided
-by this library are used by the OpenSSL implementations of \s-1SSL\s0, \s-1TLS\s0
-and S/MIME, and they have also been used to implement \s-1SSH\s0, OpenPGP, and
+by this library are used by the OpenSSL implementations of \s-1SSL, TLS\s0
+and S/MIME, and they have also been used to implement \s-1SSH,\s0 OpenPGP, and
other cryptographic standards.
.SH "OVERVIEW"
.IX Header "OVERVIEW"
@@ -148,30 +157,30 @@ individual algorithms.
The functionality includes symmetric encryption, public key
cryptography and key agreement, certificate handling, cryptographic
hash functions and a cryptographic pseudo-random number generator.
-.IP "\s-1SYMMETRIC\s0 \s-1CIPHERS\s0" 4
+.IP "\s-1SYMMETRIC CIPHERS\s0" 4
.IX Item "SYMMETRIC CIPHERS"
\&\fIblowfish\fR\|(3), \fIcast\fR\|(3), \fIdes\fR\|(3),
\&\fIidea\fR\|(3), \fIrc2\fR\|(3), \fIrc4\fR\|(3), \fIrc5\fR\|(3)
-.IP "\s-1PUBLIC\s0 \s-1KEY\s0 \s-1CRYPTOGRAPHY\s0 \s-1AND\s0 \s-1KEY\s0 \s-1AGREEMENT\s0" 4
+.IP "\s-1PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT\s0" 4
.IX Item "PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT"
\&\fIdsa\fR\|(3), \fIdh\fR\|(3), \fIrsa\fR\|(3)
.IP "\s-1CERTIFICATES\s0" 4
.IX Item "CERTIFICATES"
\&\fIx509\fR\|(3), \fIx509v3\fR\|(3)
-.IP "\s-1AUTHENTICATION\s0 \s-1CODES\s0, \s-1HASH\s0 \s-1FUNCTIONS\s0" 4
+.IP "\s-1AUTHENTICATION CODES, HASH FUNCTIONS\s0" 4
.IX Item "AUTHENTICATION CODES, HASH FUNCTIONS"
\&\fIhmac\fR\|(3), \fImd2\fR\|(3), \fImd4\fR\|(3),
\&\fImd5\fR\|(3), \fImdc2\fR\|(3), \fIripemd\fR\|(3),
\&\fIsha\fR\|(3)
-.IP "\s-1AUXILIARY\s0 \s-1FUNCTIONS\s0" 4
+.IP "\s-1AUXILIARY FUNCTIONS\s0" 4
.IX Item "AUXILIARY FUNCTIONS"
\&\fIerr\fR\|(3), \fIthreads\fR\|(3), \fIrand\fR\|(3),
\&\s-1\fIOPENSSL_VERSION_NUMBER\s0\fR\|(3)
-.IP "\s-1INPUT/OUTPUT\s0, \s-1DATA\s0 \s-1ENCODING\s0" 4
+.IP "\s-1INPUT/OUTPUT, DATA ENCODING\s0" 4
.IX Item "INPUT/OUTPUT, DATA ENCODING"
\&\fIasn1\fR\|(3), \fIbio\fR\|(3), \fIevp\fR\|(3), \fIpem\fR\|(3),
\&\fIpkcs7\fR\|(3), \fIpkcs12\fR\|(3)
-.IP "\s-1INTERNAL\s0 \s-1FUNCTIONS\s0" 4
+.IP "\s-1INTERNAL FUNCTIONS\s0" 4
.IX Item "INTERNAL FUNCTIONS"
\&\fIbn\fR\|(3), \fIbuffer\fR\|(3), \fIlhash\fR\|(3),
\&\fIobjects\fR\|(3), \fIstack\fR\|(3),
Index: secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
===================================================================
--- secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 (revision 279126)
+++ secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_ASN1_OBJECT 3"
-.TH d2i_ASN1_OBJECT 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH d2i_ASN1_OBJECT 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -141,7 +150,7 @@ d2i_ASN1_OBJECT, i2d_ASN1_OBJECT \- ASN1 OBJECT ID
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-These functions decode and encode an \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0.
+These functions decode and encode an \s-1ASN1 OBJECT IDENTIFIER.\s0
.PP
Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR
described in the \fId2i_X509\fR\|(3) manual page.
Index: secure/lib/libcrypto/man/d2i_DHparams.3
===================================================================
--- secure/lib/libcrypto/man/d2i_DHparams.3 (revision 279126)
+++ secure/lib/libcrypto/man/d2i_DHparams.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_DHparams 3"
-.TH d2i_DHparams 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH d2i_DHparams 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/d2i_DSAPublicKey.3
===================================================================
--- secure/lib/libcrypto/man/d2i_DSAPublicKey.3 (revision 279126)
+++ secure/lib/libcrypto/man/d2i_DSAPublicKey.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_DSAPublicKey 3"
-.TH d2i_DSAPublicKey 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH d2i_DSAPublicKey 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -171,10 +180,10 @@ a SubjectPublicKeyInfo (certificate public key) st
components.
.PP
\&\fId2i_DSAparams()\fR, \fIi2d_DSAparams()\fR decode and encode the \s-1DSA\s0 parameters using
-a \fBDss-Parms\fR structure as defined in \s-1RFC2459\s0.
+a \fBDss-Parms\fR structure as defined in \s-1RFC2459.\s0
.PP
\&\fId2i_DSA_SIG()\fR, \fIi2d_DSA_SIG()\fR decode and encode a \s-1DSA\s0 signature using a
-\&\fBDss-Sig-Value\fR structure as defined in \s-1RFC2459\s0.
+\&\fBDss-Sig-Value\fR structure as defined in \s-1RFC2459.\s0
.PP
The usage of all of these functions is similar to the \fId2i_X509()\fR and
\&\fIi2d_X509()\fR described in the \fId2i_X509\fR\|(3) manual page.
Index: secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
===================================================================
--- secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 (revision 279126)
+++ secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_PKCS8PrivateKey 3"
-.TH d2i_PKCS8PrivateKey 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH d2i_PKCS8PrivateKey 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/d2i_RSAPublicKey.3
===================================================================
--- secure/lib/libcrypto/man/d2i_RSAPublicKey.3 (revision 279126)
+++ secure/lib/libcrypto/man/d2i_RSAPublicKey.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_RSAPublicKey 3"
-.TH d2i_RSAPublicKey 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH d2i_RSAPublicKey 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/d2i_X509.3
===================================================================
--- secure/lib/libcrypto/man/d2i_X509.3 (revision 279126)
+++ secure/lib/libcrypto/man/d2i_X509.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509 3"
-.TH d2i_X509 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH d2i_X509 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -172,23 +181,23 @@ case \fB*out\fR is not incremented and it points t
data just written.
.PP
\&\fId2i_X509_bio()\fR is similar to \fId2i_X509()\fR except it attempts
-to parse data from \s-1BIO\s0 \fBbp\fR.
+to parse data from \s-1BIO \s0\fBbp\fR.
.PP
\&\fId2i_X509_fp()\fR is similar to \fId2i_X509()\fR except it attempts
to parse data from \s-1FILE\s0 pointer \fBfp\fR.
.PP
\&\fIi2d_X509_bio()\fR is similar to \fIi2d_X509()\fR except it writes
-the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it
+the encoding of the structure \fBx\fR to \s-1BIO \s0\fBbp\fR and it
returns 1 for success and 0 for failure.
.PP
\&\fIi2d_X509_fp()\fR is similar to \fIi2d_X509()\fR except it writes
-the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it
+the encoding of the structure \fBx\fR to \s-1BIO \s0\fBbp\fR and it
returns 1 for success and 0 for failure.
.SH "NOTES"
.IX Header "NOTES"
The letters \fBi\fR and \fBd\fR in for example \fBi2d_X509\fR stand for
-\&\*(L"internal\*(R" (that is an internal C structure) and \*(L"\s-1DER\s0\*(R". So that
-\&\fBi2d_X509\fR converts from internal to \s-1DER\s0.
+\&\*(L"internal\*(R" (that is an internal C structure) and \*(L"\s-1DER\*(R".\s0 So that
+\&\fBi2d_X509\fR converts from internal to \s-1DER.\s0
.PP
The functions can also understand \fB\s-1BER\s0\fR forms.
.PP
Index: secure/lib/libcrypto/man/d2i_X509_ALGOR.3
===================================================================
--- secure/lib/libcrypto/man/d2i_X509_ALGOR.3 (revision 279126)
+++ secure/lib/libcrypto/man/d2i_X509_ALGOR.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509_ALGOR 3"
-.TH d2i_X509_ALGOR 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH d2i_X509_ALGOR 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/d2i_X509_CRL.3
===================================================================
--- secure/lib/libcrypto/man/d2i_X509_CRL.3 (revision 279126)
+++ secure/lib/libcrypto/man/d2i_X509_CRL.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509_CRL 3"
-.TH d2i_X509_CRL 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH d2i_X509_CRL 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,7 +157,7 @@ i2d_X509_CRL_bio, i2d_X509_CRL_fp \- PKCS#10 certi
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-These functions decode and encode an X509 \s-1CRL\s0 (certificate revocation
+These functions decode and encode an X509 \s-1CRL \s0(certificate revocation
list).
.PP
Othewise the functions behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR
Index: secure/lib/libcrypto/man/d2i_X509_NAME.3
===================================================================
--- secure/lib/libcrypto/man/d2i_X509_NAME.3 (revision 279126)
+++ secure/lib/libcrypto/man/d2i_X509_NAME.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509_NAME 3"
-.TH d2i_X509_NAME 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH d2i_X509_NAME 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -142,7 +151,7 @@ d2i_X509_NAME, i2d_X509_NAME \- X509_NAME encoding
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions decode and encode an \fBX509_NAME\fR structure which is the
-the same as the \fBName\fR type defined in \s-1RFC2459\s0 (and elsewhere) and used
+the same as the \fBName\fR type defined in \s-1RFC2459 \s0(and elsewhere) and used
for example in certificate subject and issuer names.
.PP
Othewise the functions behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR
Index: secure/lib/libcrypto/man/d2i_X509_REQ.3
===================================================================
--- secure/lib/libcrypto/man/d2i_X509_REQ.3 (revision 279126)
+++ secure/lib/libcrypto/man/d2i_X509_REQ.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509_REQ 3"
-.TH d2i_X509_REQ 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH d2i_X509_REQ 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/d2i_X509_SIG.3
===================================================================
--- secure/lib/libcrypto/man/d2i_X509_SIG.3 (revision 279126)
+++ secure/lib/libcrypto/man/d2i_X509_SIG.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509_SIG 3"
-.TH d2i_X509_SIG 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH d2i_X509_SIG 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/des.3
===================================================================
--- secure/lib/libcrypto/man/des.3 (revision 279126)
+++ secure/lib/libcrypto/man/des.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "des 3"
-.TH des 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH des 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -263,9 +272,8 @@ depend on a global variable.
.PP
\&\fIDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd.
.PP
-\&\fIDES_is_weak_key()\fR returns 1 is the passed key is a weak key, 0 if it
-is ok. The probability that a randomly generated key is weak is
-1/2^52, so it is not really worth checking for them.
+\&\fIDES_is_weak_key()\fR returns 1 if the passed key is a weak key, 0 if it
+is ok.
.PP
The following routines mostly operate on an input and output stream of
\&\fIDES_cblock\fRs.
@@ -293,7 +301,7 @@ The macro \fIDES_ecb2_encrypt()\fR is provided to
encryption by using \fIks1\fR for the final encryption.
.PP
\&\fIDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR
-(\s-1CBC\s0) mode of \s-1DES\s0. If the \fIencrypt\fR argument is non-zero, the
+(\s-1CBC\s0) mode of \s-1DES. \s0 If the \fIencrypt\fR argument is non-zero, the
routine cipher-block-chain encrypts the cleartext data pointed to by
the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR
argument, using the key schedule provided by the \fIschedule\fR argument,
@@ -302,14 +310,14 @@ and initialization vector provided by the \fIivec\
last block is copied to a temporary area and zero filled. The output
is always an integral multiple of eight bytes.
.PP
-\&\fIDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES\s0. It uses \fIinw\fR and
+\&\fIDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES. \s0 It uses \fIinw\fR and
\&\fIoutw\fR to 'whiten' the encryption. \fIinw\fR and \fIoutw\fR are secret
(unlike the iv) and are as such, part of the key. So the key is sort
-of 24 bytes. This is much better than \s-1CBC\s0 \s-1DES\s0.
+of 24 bytes. This is much better than \s-1CBC DES.\s0
.PP
-\&\fIDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC\s0 \s-1DES\s0 encryption with
+\&\fIDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC DES\s0 encryption with
three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is
-really an \f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL\s0.
+an \f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL.\s0
.PP
The \fIDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by
reusing \fIks1\fR for the final encryption. \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR.
@@ -324,7 +332,7 @@ method takes an array of characters as input and o
characters. It does not require any padding to 8 character groups.
Note: the \fIivec\fR variable is changed and the new changed value needs to
be passed to the next call to this function. Since this function runs
-a complete \s-1DES\s0 \s-1ECB\s0 encryption per \fInumbits\fR, this function is only
+a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only
suggested for use when sending small numbers of characters.
.PP
\&\fIDES_cfb64_encrypt()\fR
@@ -333,7 +341,7 @@ useful you ask? Because this routine will allow y
arbitrary number of bytes, no 8 byte padding. Each call to this
routine will encrypt the input bytes to output and then update ivec
and num. num contains 'how far' we are though ivec. If this does
-not make much sense, read more about cfb mode of \s-1DES\s0 :\-).
+not make much sense, read more about cfb mode of \s-1DES :\-\s0).
.PP
\&\fIDES_ede3_cfb64_encrypt()\fR and \fIDES_ede2_cfb64_encrypt()\fR is the same as
\&\fIDES_cfb64_encrypt()\fR except that Triple-DES is used.
@@ -343,7 +351,7 @@ takes an array of characters as input and outputs
characters. It does not require any padding to 8 character groups.
Note: the \fIivec\fR variable is changed and the new changed value needs to
be passed to the next call to this function. Since this function runs
-a complete \s-1DES\s0 \s-1ECB\s0 encryption per numbits, this function is only
+a complete \s-1DES ECB\s0 encryption per numbits, this function is only
suggested for use when sending small numbers of characters.
.PP
\&\fIDES_ofb64_encrypt()\fR is the same as \fIDES_cfb64_encrypt()\fR using Output
@@ -397,7 +405,7 @@ the key schedule and \fIiv\fR for the initial vect
\&\fBWarning:\fR The data format used by \fIDES_enc_write()\fR and \fIDES_enc_read()\fR
has a cryptographic weakness: When asked to write more than \s-1MAXWRITE\s0
bytes, \fIDES_enc_write()\fR will split the data into several chunks that
-are all encrypted using the same \s-1IV\s0. So don't use these functions
+are all encrypted using the same \s-1IV. \s0 So don't use these functions
unless you are sure you know what you do (in which case you might not
want to use them anyway). They cannot handle non-blocking sockets.
\&\fIDES_enc_read()\fR uses an internal state and thus cannot be used on
@@ -435,7 +443,7 @@ get ugly!
The same applies for \fIDES_string_to_2key()\fR.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1ANSI\s0 X3.106
+\&\s-1ANSI X3.106\s0
.PP
The \fBdes\fR library was written to be source code compatible with
the \s-1MIT\s0 Kerberos library.
Index: secure/lib/libcrypto/man/dh.3
===================================================================
--- secure/lib/libcrypto/man/dh.3 (revision 279126)
+++ secure/lib/libcrypto/man/dh.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "dh 3"
-.TH dh 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH dh 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/dsa.3
===================================================================
--- secure/lib/libcrypto/man/dsa.3 (revision 279126)
+++ secure/lib/libcrypto/man/dsa.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "dsa 3"
-.TH dsa 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH dsa 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -213,7 +222,7 @@ The \fB\s-1DSA\s0\fR structure consists of several
\& DSA;
.Ve
.PP
-In public keys, \fBpriv_key\fR is \s-1NULL\s0.
+In public keys, \fBpriv_key\fR is \s-1NULL.\s0
.PP
Note that \s-1DSA\s0 keys may use non-standard \fB\s-1DSA_METHOD\s0\fR implementations,
either directly or by the use of \fB\s-1ENGINE\s0\fR modules. In some cases (eg. an
@@ -224,8 +233,8 @@ structure elements directly and instead use \s-1AP
modify keys.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186 (Digital Signature
-Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30
+\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186 \s0(Digital Signature
+Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIbn\fR\|(3), \fIdh\fR\|(3), \fIerr\fR\|(3), \fIrand\fR\|(3),
Index: secure/lib/libcrypto/man/ecdsa.3
===================================================================
--- secure/lib/libcrypto/man/ecdsa.3 (revision 279126)
+++ secure/lib/libcrypto/man/ecdsa.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ecdsa 3"
-.TH ecdsa 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ecdsa 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -178,7 +187,7 @@ ecdsa \- Elliptic Curve Digital Signature Algorith
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fB\s-1ECDSA_SIG\s0\fR structure consists of two BIGNUMs for the
-r and s value of a \s-1ECDSA\s0 signature (see X9.62 or \s-1FIPS\s0 186\-2).
+r and s value of a \s-1ECDSA\s0 signature (see X9.62 or \s-1FIPS 186\-2\s0).
.PP
.Vb 5
\& struct
@@ -195,7 +204,7 @@ function also allocates the BIGNUMs) and initializ
.PP
\&\fIi2d_ECDSA_SIG()\fR creates the \s-1DER\s0 encoding of the \s-1ECDSA\s0 signature
\&\fBsig\fR and writes the encoded signature to \fB*pp\fR (note: if \fBpp\fR
-is \s-1NULL\s0 \fBi2d_ECDSA_SIG\fR returns the expected length in bytes of
+is \s-1NULL \s0\fBi2d_ECDSA_SIG\fR returns the expected length in bytes of
the \s-1DER\s0 encoded signature). \fBi2d_ECDSA_SIG\fR returns the length
of the \s-1DER\s0 encoded signature (or 0 on error).
.PP
@@ -214,7 +223,7 @@ values or returned in \fBkinv\fR and \fBrp\fR and
later call to \fBECDSA_sign_ex\fR or \fBECDSA_do_sign_ex\fR.
.PP
\&\fIECDSA_sign()\fR is wrapper function for ECDSA_sign_ex with \fBkinv\fR
-and \fBrp\fR set to \s-1NULL\s0.
+and \fBrp\fR set to \s-1NULL.\s0
.PP
\&\fIECDSA_sign_ex()\fR computes a digital signature of the \fBdgstlen\fR bytes
hash value \fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR and the optional
@@ -229,7 +238,7 @@ is ignored.
The parameter \fBtype\fR is ignored.
.PP
\&\fIECDSA_do_sign()\fR is wrapper function for ECDSA_do_sign_ex with \fBkinv\fR
-and \fBrp\fR set to \s-1NULL\s0.
+and \fBrp\fR set to \s-1NULL.\s0
.PP
\&\fIECDSA_do_sign_ex()\fR computes a digital signature of the \fBdgst_len\fR
bytes hash value \fBdgst\fR using the private key \fBeckey\fR and the
@@ -327,8 +336,8 @@ and finally evaluate the return value:
.Ve
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1ANSI\s0 X9.62, \s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186\-2
-(Digital Signature Standard, \s-1DSS\s0)
+\&\s-1ANSI X9.62, US\s0 Federal Information Processing Standard \s-1FIPS 186\-2
+\&\s0(Digital Signature Standard, \s-1DSS\s0)
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIdsa\fR\|(3), \fIrsa\fR\|(3)
Index: secure/lib/libcrypto/man/engine.3
===================================================================
--- secure/lib/libcrypto/man/engine.3 (revision 279126)
+++ secure/lib/libcrypto/man/engine.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "engine 3"
-.TH engine 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH engine 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -308,7 +317,7 @@ implementation includes the following abstractions
.Ve
.SS "Reference counting and handles"
.IX Subsection "Reference counting and handles"
-Due to the modular nature of the \s-1ENGINE\s0 \s-1API\s0, pointers to ENGINEs need to be
+Due to the modular nature of the \s-1ENGINE API,\s0 pointers to ENGINEs need to be
treated as handles \- ie. not only as pointers, but also as references to
the underlying \s-1ENGINE\s0 object. Ie. one should obtain a new reference when
making copies of an \s-1ENGINE\s0 pointer if the copies will be used (and
@@ -330,7 +339,7 @@ specialised form of structural reference, because
implicitly contains a structural reference as well \- however to avoid
difficult-to-find programming bugs, it is recommended to treat the two
kinds of reference independently. If you have a functional reference to an
-\&\s-1ENGINE\s0, you have a guarantee that the \s-1ENGINE\s0 has been initialised ready to
+\&\s-1ENGINE,\s0 you have a guarantee that the \s-1ENGINE\s0 has been initialised ready to
perform cryptographic operations and will remain uninitialised
until after you have released your reference.
.PP
@@ -338,12 +347,12 @@ until after you have released your reference.
.PP
This basic type of reference is used for instantiating new ENGINEs,
iterating across OpenSSL's internal linked-list of loaded
-ENGINEs, reading information about an \s-1ENGINE\s0, etc. Essentially a structural
+ENGINEs, reading information about an \s-1ENGINE,\s0 etc. Essentially a structural
reference is sufficient if you only need to query or manipulate the data of
an \s-1ENGINE\s0 implementation rather than use its functionality.
.PP
The \fIENGINE_new()\fR function returns a structural reference to a new (empty)
-\&\s-1ENGINE\s0 object. There are other \s-1ENGINE\s0 \s-1API\s0 functions that return structural
+\&\s-1ENGINE\s0 object. There are other \s-1ENGINE API\s0 functions that return structural
references such as; \fIENGINE_by_id()\fR, \fIENGINE_get_first()\fR, \fIENGINE_get_last()\fR,
\&\fIENGINE_get_next()\fR, \fIENGINE_get_prev()\fR. All structural references should be
released by a corresponding to call to the \fIENGINE_free()\fR function \- the
@@ -350,7 +359,7 @@ released by a corresponding to call to the \fIENGI
\&\s-1ENGINE\s0 object itself will only actually be cleaned up and deallocated when
the last structural reference is released.
.PP
-It should also be noted that many \s-1ENGINE\s0 \s-1API\s0 function calls that accept a
+It should also be noted that many \s-1ENGINE API\s0 function calls that accept a
structural reference will internally obtain another reference \- typically
this happens whenever the supplied \s-1ENGINE\s0 will be needed by OpenSSL after
the function has returned. Eg. the function to add a new \s-1ENGINE\s0 to
@@ -375,7 +384,7 @@ the openssl/engine.h header file includes some hin
As mentioned, functional references exist when the cryptographic
functionality of an \s-1ENGINE\s0 is required to be available. A functional
reference can be obtained in one of two ways; from an existing structural
-reference to the required \s-1ENGINE\s0, or by asking OpenSSL for the default
+reference to the required \s-1ENGINE,\s0 or by asking OpenSSL for the default
operational \s-1ENGINE\s0 for a given cryptographic purpose.
.PP
To obtain a functional reference from an existing structural reference,
@@ -383,7 +392,7 @@ call the \fIENGINE_init()\fR function. This return
already operational and couldn't be successfully initialised (eg. lack of
system drivers, no special hardware attached, etc), otherwise it will
return non-zero to indicate that the \s-1ENGINE\s0 is now operational and will
-have allocated a new \fBfunctional\fR reference to the \s-1ENGINE\s0. All functional
+have allocated a new \fBfunctional\fR reference to the \s-1ENGINE.\s0 All functional
references are released by calling \fIENGINE_finish()\fR (which removes the
implicit structural reference as well).
.PP
@@ -392,7 +401,7 @@ default implementation for a given task, eg. by \f
\&\fIENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next
section, though they are not usually required by application programmers as
they are used automatically when creating and using the relevant
-algorithm-specific types in OpenSSL, such as \s-1RSA\s0, \s-1DSA\s0, \s-1EVP_CIPHER_CTX\s0, etc.
+algorithm-specific types in OpenSSL, such as \s-1RSA, DSA, EVP_CIPHER_CTX,\s0 etc.
.SS "Default implementations"
.IX Subsection "Default implementations"
For each supported abstraction, the \s-1ENGINE\s0 code maintains an internal table
@@ -401,7 +410,7 @@ abstraction and which should be used by default. T
registered in the tables and indexed by an 'nid' value, because
abstractions like \s-1EVP_CIPHER\s0 and \s-1EVP_DIGEST\s0 support many distinct
algorithms and modes, and ENGINEs can support arbitrarily many of them.
-In the case of other abstractions like \s-1RSA\s0, \s-1DSA\s0, etc, there is only one
+In the case of other abstractions like \s-1RSA, DSA,\s0 etc, there is only one
\&\*(L"algorithm\*(R" so all implementations implicitly register using the same 'nid'
index.
.PP
@@ -410,15 +419,15 @@ when calling RSA_new_method(\s-1NULL\s0)), a \*(L"
\&\s-1ENGINE\s0 subsystem to process the corresponding state table and return a
functional reference to an initialised \s-1ENGINE\s0 whose implementation should be
used. If no \s-1ENGINE\s0 should (or can) be used, it will return \s-1NULL\s0 and the caller
-will operate with a \s-1NULL\s0 \s-1ENGINE\s0 handle \- this usually equates to using the
+will operate with a \s-1NULL ENGINE\s0 handle \- this usually equates to using the
conventional software implementation. In the latter case, OpenSSL will from
-then on behave the way it used to before the \s-1ENGINE\s0 \s-1API\s0 existed.
+then on behave the way it used to before the \s-1ENGINE API\s0 existed.
.PP
Each state table has a flag to note whether it has processed this
\&\*(L"get_default\*(R" query since the table was last modified, because to process
this question it must iterate across all the registered ENGINEs in the
table trying to initialise each of them in turn, in case one of them is
-operational. If it returns a functional reference to an \s-1ENGINE\s0, it will
+operational. If it returns a functional reference to an \s-1ENGINE,\s0 it will
also cache another reference to speed up processing future queries (without
needing to iterate across the table). Likewise, it will cache a \s-1NULL\s0
response if no \s-1ENGINE\s0 was available so that future queries won't repeat the
@@ -429,7 +438,7 @@ instead the only way for the state table to return
\&\*(L"get_default\*(R" query will be if one is expressly set in the table. Eg.
\&\fIENGINE_set_default_RSA()\fR does the same job as \fIENGINE_register_RSA()\fR except
that it also sets the state table's cached response for the \*(L"get_default\*(R"
-query. In the case of abstractions like \s-1EVP_CIPHER\s0, where implementations are
+query. In the case of abstractions like \s-1EVP_CIPHER,\s0 where implementations are
indexed by 'nid', these flags and cached-responses are distinct for each 'nid'
value.
.SS "Application requirements"
@@ -440,7 +449,7 @@ available to the user. The first thing to consider
programmer wishes to make alternative \s-1ENGINE\s0 modules available to the
application and user. OpenSSL maintains an internal linked list of
\&\*(L"visible\*(R" ENGINEs from which it has to operate \- at start-up, this list is
-empty and in fact if an application does not call any \s-1ENGINE\s0 \s-1API\s0 calls and
+empty and in fact if an application does not call any \s-1ENGINE API\s0 calls and
it uses static linking against openssl, then the resulting application
binary will not contain any alternative \s-1ENGINE\s0 code at all. So the first
consideration is whether any/all available \s-1ENGINE\s0 implementations should be
@@ -468,13 +477,13 @@ mention an important \s-1API\s0 function;
\& void ENGINE_cleanup(void);
.Ve
.PP
-If no \s-1ENGINE\s0 \s-1API\s0 functions are called at all in an application, then there
+If no \s-1ENGINE API\s0 functions are called at all in an application, then there
are no inherent memory leaks to worry about from the \s-1ENGINE\s0 functionality,
however if any ENGINEs are loaded, even if they are never registered or
used, it is necessary to use the \fIENGINE_cleanup()\fR function to
correspondingly cleanup before program exit, if the caller wishes to avoid
memory leaks. This mechanism uses an internal callback registration table
-so that any \s-1ENGINE\s0 \s-1API\s0 functionality that knows it requires cleanup can
+so that any \s-1ENGINE API\s0 functionality that knows it requires cleanup can
register its cleanup details to be called during \fIENGINE_cleanup()\fR. This
approach allows \fIENGINE_cleanup()\fR to clean up after any \s-1ENGINE\s0 functionality
at all that your program uses, yet doesn't automatically create linker
@@ -499,9 +508,9 @@ source code to openssl's builtin utilities as guid
\&\fIUsing a specific \s-1ENGINE\s0 implementation\fR
.PP
Here we'll assume an application has been configured by its user or admin
-to want to use the \*(L"\s-1ACME\s0\*(R" \s-1ENGINE\s0 if it is available in the version of
+to want to use the \*(L"\s-1ACME\*(R" ENGINE\s0 if it is available in the version of
OpenSSL the application was compiled with. If it is available, it should be
-used by default for all \s-1RSA\s0, \s-1DSA\s0, and symmetric cipher operation, otherwise
+used by default for all \s-1RSA, DSA,\s0 and symmetric cipher operation, otherwise
OpenSSL should use its builtin software as per usual. The following code
illustrates how to approach this;
.PP
@@ -574,7 +583,7 @@ so that it can be initialised for use. This could
driver or config files it needs to load, required network addresses,
smart-card identifiers, passwords to initialise protected devices,
logging information, etc etc. This class of commands typically needs to be
-passed to an \s-1ENGINE\s0 \fBbefore\fR attempting to initialise it, ie. before
+passed to an \s-1ENGINE \s0\fBbefore\fR attempting to initialise it, ie. before
calling \fIENGINE_init()\fR. The other class of commands consist of settings or
operations that tweak certain behaviour or cause certain operations to take
place, and these commands may work either before or after \fIENGINE_init()\fR, or
@@ -589,8 +598,8 @@ name of the \s-1ENGINE\s0 it wishes to use, a tabl
initialisation, and another table for use after initialisation. Note that
the string-pairs used for control commands consist of a command \*(L"name\*(R"
followed by the command \*(L"parameter\*(R" \- the parameter could be \s-1NULL\s0 in some
-cases but the name can not. This function should initialise the \s-1ENGINE\s0
-(issuing the \*(L"pre\*(R" commands beforehand and the \*(L"post\*(R" commands afterwards)
+cases but the name can not. This function should initialise the \s-1ENGINE
+\&\s0(issuing the \*(L"pre\*(R" commands beforehand and the \*(L"post\*(R" commands afterwards)
and set it as the default for everything except \s-1RAND\s0 and then return a
boolean success or failure.
.PP
@@ -639,7 +648,7 @@ failure if the \s-1ENGINE\s0 supported the given c
executing it, if the \s-1ENGINE\s0 doesn't support the command name it will simply
return success without doing anything. In this case we assume the user is
only supplying commands specific to the given \s-1ENGINE\s0 so we set this to
-\&\s-1FALSE\s0.
+\&\s-1FALSE.\s0
.PP
\&\fIDiscovering supported control commands\fR
.PP
@@ -647,14 +656,14 @@ It is possible to discover at run-time the names,
and input parameters of the control commands supported by an \s-1ENGINE\s0 using a
structural reference. Note that some control commands are defined by OpenSSL
itself and it will intercept and handle these control commands on behalf of the
-\&\s-1ENGINE\s0, ie. the \s-1ENGINE\s0's \fIctrl()\fR handler is not used for the control command.
-openssl/engine.h defines an index, \s-1ENGINE_CMD_BASE\s0, that all control commands
+\&\s-1ENGINE,\s0 ie. the \s-1ENGINE\s0's \fIctrl()\fR handler is not used for the control command.
+openssl/engine.h defines an index, \s-1ENGINE_CMD_BASE,\s0 that all control commands
implemented by ENGINEs should be numbered from. Any command value lower than
this symbol is considered a \*(L"generic\*(R" command is handled directly by the
OpenSSL core routines.
.PP
It is using these \*(L"core\*(R" control commands that one can discover the control
-commands implemented by a given \s-1ENGINE\s0, specifically the commands;
+commands implemented by a given \s-1ENGINE,\s0 specifically the commands;
.PP
.Vb 9
\& #define ENGINE_HAS_CTRL_FUNCTION 10
@@ -693,7 +702,7 @@ OpenSSL framework code will work with the followin
.PP
If the \s-1ENGINE\s0's array of control commands is empty then all other commands will
fail, otherwise; \s-1ENGINE_CTRL_GET_FIRST_CMD_TYPE\s0 returns the identifier of
-the first command supported by the \s-1ENGINE\s0, \s-1ENGINE_GET_NEXT_CMD_TYPE\s0 takes the
+the first command supported by the \s-1ENGINE, ENGINE_GET_NEXT_CMD_TYPE\s0 takes the
identifier of a command supported by the \s-1ENGINE\s0 and returns the next command
identifier or fails if there are no more, \s-1ENGINE_CMD_FROM_NAME\s0 takes a string
name for a command and returns the corresponding identifier or fails if no such
@@ -714,18 +723,18 @@ possible values;
If the \s-1ENGINE_CMD_FLAG_INTERNAL\s0 flag is set, then any other flags are purely
informational to the caller \- this flag will prevent the command being usable
for any higher-level \s-1ENGINE\s0 functions such as \fIENGINE_ctrl_cmd_string()\fR.
-\&\*(L"\s-1INTERNAL\s0\*(R" commands are not intended to be exposed to text-based configuration
+\&\*(L"\s-1INTERNAL\*(R"\s0 commands are not intended to be exposed to text-based configuration
by applications, administrations, users, etc. These can support arbitrary
operations via \fIENGINE_ctrl()\fR, including passing to and/or from the control
commands data of any arbitrary type. These commands are supported in the
discovery mechanisms simply to allow applications determinie if an \s-1ENGINE\s0
supports certain specific commands it might want to use (eg. application \*(L"foo\*(R"
-might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\s0\*(R" \-
+might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\*(R" \-\s0
and \s-1ENGINE\s0 could therefore decide whether or not to support this \*(L"foo\*(R"\-specific
extension).
.SS "Future developments"
.IX Subsection "Future developments"
-The \s-1ENGINE\s0 \s-1API\s0 and internal architecture is currently being reviewed. Slated for
+The \s-1ENGINE API\s0 and internal architecture is currently being reviewed. Slated for
possible release in 0.9.8 is support for transparent loading of \*(L"dynamic\*(R"
ENGINEs (built as self-contained shared-libraries). This would allow \s-1ENGINE\s0
implementations to be provided independently of OpenSSL libraries and/or
Index: secure/lib/libcrypto/man/err.3
===================================================================
--- secure/lib/libcrypto/man/err.3 (revision 279126)
+++ secure/lib/libcrypto/man/err.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "err 3"
-.TH err 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH err 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -202,8 +211,8 @@ new error codes to OpenSSL or add error codes from
.SS "Reporting errors"
.IX Subsection "Reporting errors"
Each sub-library has a specific macro \fIXXXerr()\fR that is used to report
-errors. Its first argument is a function code \fB\s-1XXX_F_\s0...\fR, the second
-argument is a reason code \fB\s-1XXX_R_\s0...\fR. Function codes are derived
+errors. Its first argument is a function code \fB\s-1XXX_F_...\s0\fR, the second
+argument is a reason code \fB\s-1XXX_R_...\s0\fR. Function codes are derived
from the function names; reason codes consist of textual error
descriptions. For example, the function \fIssl23_read()\fR reports a
\&\*(L"handshake failure\*(R" as follows:
@@ -216,7 +225,7 @@ Function and reason codes should consist of upper
numbers and underscores only. The error file generation script translates
function codes into function names by looking in the header files
for an appropriate function name, if none is found it just uses
-the capitalized form such as \*(L"\s-1SSL23_READ\s0\*(R" in the above example.
+the capitalized form such as \*(L"\s-1SSL23_READ\*(R"\s0 in the above example.
.PP
The trailing section of a reason code (after the \*(L"_R_\*(R") is translated
into lower case and underscores changed to spaces.
@@ -267,7 +276,7 @@ Typically it will initially look like this:
\& /* BEGIN ERROR CODES */
.Ve
.PP
-The \fB\s-1BEGIN\s0 \s-1ERROR\s0 \s-1CODES\s0\fR sequence is used by the error code
+The \fB\s-1BEGIN ERROR CODES\s0\fR sequence is used by the error code
generation script as the point to place new error codes, any text
after this point will be overwritten when \fBmake errors\fR is run.
The closing #endif etc will be automatically added by the script.
@@ -299,7 +308,6 @@ be obtained by calling ERR_get_err_state_table(voi
ERR_get_string_table(void) respectively.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fICRYPTO_set_id_callback\fR\|(3),
\&\fICRYPTO_set_locking_callback\fR\|(3),
\&\fIERR_get_error\fR\|(3),
\&\s-1\fIERR_GET_LIB\s0\fR\|(3),
Index: secure/lib/libcrypto/man/evp.3
===================================================================
--- secure/lib/libcrypto/man/evp.3 (revision 279126)
+++ secure/lib/libcrypto/man/evp.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "evp 3"
-.TH evp 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH evp 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/hmac.3
===================================================================
--- secure/lib/libcrypto/man/hmac.3 (revision 279126)
+++ secure/lib/libcrypto/man/hmac.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "hmac 3"
-.TH hmac 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH hmac 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -155,7 +164,7 @@ authentication code
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\s-1HMAC\s0 is a \s-1MAC\s0 (message authentication code), i.e. a keyed hash
+\&\s-1HMAC\s0 is a \s-1MAC \s0(message authentication code), i.e. a keyed hash
function used for message authentication, which is based on a hash
function.
.PP
@@ -165,7 +174,7 @@ function.
.PP
It places the result in \fBmd\fR (which must have space for the output of
the hash function, which is no more than \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes).
-If \fBmd\fR is \s-1NULL\s0, the digest is placed in a static array. The size of
+If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. The size of
the output is placed in \fBmd_len\fR, unless it is \fB\s-1NULL\s0\fR.
.PP
\&\fBevp_md\fR can be \fIEVP_sha1()\fR, \fIEVP_ripemd160()\fR etc.
@@ -189,7 +198,7 @@ long. It is deprecated and only included for backw
with OpenSSL 0.9.6b.
.PP
\&\fIHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use
-the function \fBevp_md\fR and key \fBkey\fR. Either can be \s-1NULL\s0, in which
+the function \fBevp_md\fR and key \fBkey\fR. Either can be \s-1NULL,\s0 in which
case the existing one will be reused. \fIHMAC_CTX_init()\fR must have been
called before the first use of an \fB\s-1HMAC_CTX\s0\fR in this
function. \fBN.B. \f(BIHMAC_Init()\fB had this undocumented behaviour in
@@ -209,7 +218,7 @@ must have space for the hash function output.
\&\fIHMAC_CTX_cleanup()\fR do not return values.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1RFC\s0 2104
+\&\s-1RFC 2104\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIsha\fR\|(3), \fIevp\fR\|(3)
Index: secure/lib/libcrypto/man/lh_stats.3
===================================================================
--- secure/lib/libcrypto/man/lh_stats.3 (revision 279126)
+++ secure/lib/libcrypto/man/lh_stats.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "lh_stats 3"
-.TH lh_stats 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH lh_stats 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/lhash.3
===================================================================
--- secure/lib/libcrypto/man/lhash.3 (revision 279126)
+++ secure/lib/libcrypto/man/lhash.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "lhash 3"
-.TH lhash 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH lhash 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -354,7 +363,7 @@ the wrapper functions without \*(L"const\*(R" type
Callers that only have \*(L"const\*(R" access to data they're indexing in a
table, yet declare callbacks without constant types (or cast the
\&\*(L"const\*(R" away themselves), are therefore creating their own risks/bugs
-without being encouraged to do so by the \s-1API\s0. On a related note,
+without being encouraged to do so by the \s-1API. \s0 On a related note,
those auditing code should pay special attention to any instances of
DECLARE/IMPLEMENT_LHASH_DOALL_[\s-1ARG_\s0]_FN macros that provide types
without any \*(L"const\*(R" qualifiers.
@@ -419,6 +428,6 @@ The \fBlhash\fR library is available in all versio
This manpage is derived from the SSLeay documentation.
.PP
In OpenSSL 0.9.7, all lhash functions that were passed function pointers
-were changed for better type safety, and the function types \s-1LHASH_COMP_FN_TYPE\s0,
-\&\s-1LHASH_HASH_FN_TYPE\s0, \s-1LHASH_DOALL_FN_TYPE\s0 and \s-1LHASH_DOALL_ARG_FN_TYPE\s0
+were changed for better type safety, and the function types \s-1LHASH_COMP_FN_TYPE,
+LHASH_HASH_FN_TYPE, LHASH_DOALL_FN_TYPE\s0 and \s-1LHASH_DOALL_ARG_FN_TYPE \s0
became available.
Index: secure/lib/libcrypto/man/md5.3
===================================================================
--- secure/lib/libcrypto/man/md5.3 (revision 279126)
+++ secure/lib/libcrypto/man/md5.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "md5 3"
-.TH md5 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH md5 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -169,12 +178,12 @@ MD4_Final, MD5_Init, MD5_Update, MD5_Final \- MD2,
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 are cryptographic hash functions with a 128 bit output.
+\&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are cryptographic hash functions with a 128 bit output.
.PP
-\&\s-1\fIMD2\s0()\fR, \s-1\fIMD4\s0()\fR, and \s-1\fIMD5\s0()\fR compute the \s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 message digest
+\&\s-1\fIMD2\s0()\fR, \s-1\fIMD4\s0()\fR, and \s-1\fIMD5\s0()\fR compute the \s-1MD2, MD4,\s0 and \s-1MD5\s0 message digest
of the \fBn\fR bytes at \fBd\fR and place it in \fBmd\fR (which must have space
for \s-1MD2_DIGEST_LENGTH\s0 == \s-1MD4_DIGEST_LENGTH\s0 == \s-1MD5_DIGEST_LENGTH\s0 == 16
-bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest is placed in a static
+bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static
array.
.PP
The following functions may be used if the message is not completely
@@ -196,7 +205,7 @@ Applications should use the higher level functions
etc. instead of calling the hash functions directly.
.SH "NOTE"
.IX Header "NOTE"
-\&\s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 are recommended only for compatibility with existing
+\&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are recommended only for compatibility with existing
applications. In new applications, \s-1SHA\-1\s0 or \s-1RIPEMD\-160\s0 should be
preferred.
.SH "RETURN VALUES"
@@ -208,7 +217,7 @@ preferred.
success, 0 otherwise.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1RFC\s0 1319, \s-1RFC\s0 1320, \s-1RFC\s0 1321
+\&\s-1RFC 1319, RFC 1320, RFC 1321\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIsha\fR\|(3), \fIripemd\fR\|(3), \fIEVP_DigestInit\fR\|(3)
Index: secure/lib/libcrypto/man/mdc2.3
===================================================================
--- secure/lib/libcrypto/man/mdc2.3 (revision 279126)
+++ secure/lib/libcrypto/man/mdc2.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "mdc2 3"
-.TH mdc2 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH mdc2 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,11 +157,11 @@ MDC2, MDC2_Init, MDC2_Update, MDC2_Final \- MDC2 h
.IX Header "DESCRIPTION"
\&\s-1MDC2\s0 is a method to construct hash functions with 128 bit output from
block ciphers. These functions are an implementation of \s-1MDC2\s0 with
-\&\s-1DES\s0.
+\&\s-1DES.\s0
.PP
\&\s-1\fIMDC2\s0()\fR computes the \s-1MDC2\s0 message digest of the \fBn\fR
bytes at \fBd\fR and places it in \fBmd\fR (which must have space for
-\&\s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest
+\&\s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest
is placed in a static array.
.PP
The following functions may be used if the message is not completely
@@ -176,7 +185,7 @@ hash functions directly.
\&\fIMDC2_Init()\fR, \fIMDC2_Update()\fR and \fIMDC2_Final()\fR return 1 for success, 0 otherwise.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1ISO/IEC\s0 10118\-2, with \s-1DES\s0
+\&\s-1ISO/IEC 10118\-2,\s0 with \s-1DES\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIsha\fR\|(3), \fIEVP_DigestInit\fR\|(3)
Index: secure/lib/libcrypto/man/pem.3
===================================================================
--- secure/lib/libcrypto/man/pem.3 (revision 279126)
+++ secure/lib/libcrypto/man/pem.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "pem 3"
-.TH pem 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH pem 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -313,7 +322,7 @@ this sense \s-1PEM\s0 format is simply base64 enco
by header lines.
.PP
For more details about the meaning of arguments see the
-\&\fB\s-1PEM\s0 \s-1FUNCTION\s0 \s-1ARGUMENTS\s0\fR section.
+\&\fB\s-1PEM FUNCTION ARGUMENTS\s0\fR section.
.PP
Each operation has four functions associated with it. For
clarity the term "\fBfoobar\fR functions" will be used to collectively
@@ -338,7 +347,7 @@ encryption is used and a PKCS#8 PrivateKeyInfo str
also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however
it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm
to use is specified in the \fBnid\fR parameter and should be the \s-1NID\s0 of the
-corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 (see \s-1NOTES\s0 section).
+corresponding \s-1OBJECT IDENTIFIER \s0(see \s-1NOTES\s0 section).
.PP
The \fB\s-1PUBKEY\s0\fR functions process a public key using an \s-1EVP_PKEY\s0
structure. The public key is encoded as a SubjectPublicKeyInfo
@@ -346,7 +355,7 @@ structure.
.PP
The \fBRSAPrivateKey\fR functions process an \s-1RSA\s0 private key using an
\&\s-1RSA\s0 structure. It handles the same formats as the \fBPrivateKey\fR
-functions but an error occurs if the private key is not \s-1RSA\s0.
+functions but an error occurs if the private key is not \s-1RSA.\s0
.PP
The \fBRSAPublicKey\fR functions process an \s-1RSA\s0 public key using an
\&\s-1RSA\s0 structure. The public key is encoded using a PKCS#1 RSAPublicKey
@@ -355,16 +364,16 @@ structure.
The \fB\s-1RSA_PUBKEY\s0\fR functions also process an \s-1RSA\s0 public key using
an \s-1RSA\s0 structure. However the public key is encoded using a
SubjectPublicKeyInfo structure and an error occurs if the public
-key is not \s-1RSA\s0.
+key is not \s-1RSA.\s0
.PP
The \fBDSAPrivateKey\fR functions process a \s-1DSA\s0 private key using a
\&\s-1DSA\s0 structure. It handles the same formats as the \fBPrivateKey\fR
-functions but an error occurs if the private key is not \s-1DSA\s0.
+functions but an error occurs if the private key is not \s-1DSA.\s0
.PP
The \fB\s-1DSA_PUBKEY\s0\fR functions process a \s-1DSA\s0 public key using
a \s-1DSA\s0 structure. The public key is encoded using a
SubjectPublicKeyInfo structure and an error occurs if the public
-key is not \s-1DSA\s0.
+key is not \s-1DSA.\s0
.PP
The \fBDSAparams\fR functions process \s-1DSA\s0 parameters using a \s-1DSA\s0
structure. The parameters are encoded using a foobar structure.
@@ -382,8 +391,8 @@ an X509 structure.
.PP
The \fBX509_REQ\fR and \fBX509_REQ_NEW\fR functions process a PKCS#10
certificate request using an X509_REQ structure. The \fBX509_REQ\fR
-write functions use \fB\s-1CERTIFICATE\s0 \s-1REQUEST\s0\fR in the header whereas
-the \fBX509_REQ_NEW\fR functions use \fB\s-1NEW\s0 \s-1CERTIFICATE\s0 \s-1REQUEST\s0\fR
+write functions use \fB\s-1CERTIFICATE REQUEST\s0\fR in the header whereas
+the \fBX509_REQ_NEW\fR functions use \fB\s-1NEW CERTIFICATE REQUEST\s0\fR
(as required by some CAs). The \fBX509_REQ\fR read functions will
handle either form so there are no \fBX509_REQ_NEW\fR read functions.
.PP
@@ -453,7 +462,7 @@ an error occurred.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Although the \s-1PEM\s0 routines take several arguments in almost all applications
-most of them are set to 0 or \s-1NULL\s0.
+most of them are set to 0 or \s-1NULL.\s0
.PP
Read a certificate in \s-1PEM\s0 format from a \s-1BIO:\s0
.PP
@@ -598,9 +607,9 @@ byte \fBsalt\fR encoded as a set of hexadecimal di
.PP
After this is the base64 encoded encrypted data.
.PP
-The encryption key is determined using \fIEVP_bytestokey()\fR, using \fBsalt\fR and an
+The encryption key is determined using \fIEVP_BytesToKey()\fR, using \fBsalt\fR and an
iteration count of 1. The \s-1IV\s0 used is the value of \fBsalt\fR and *not* the \s-1IV\s0
-returned by \fIEVP_bytestokey()\fR.
+returned by \fIEVP_BytesToKey()\fR.
.SH "BUGS"
.IX Header "BUGS"
The \s-1PEM\s0 read routines in some versions of OpenSSL will not correctly reuse
@@ -624,3 +633,6 @@ The read routines return either a pointer to the s
if an error occurred.
.PP
The write routines return 1 for success or 0 for failure.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIEVP_get_cipherbyname\fR\|(3), \fIEVP_BytesToKey\fR\|(3)
Index: secure/lib/libcrypto/man/rand.3
===================================================================
--- secure/lib/libcrypto/man/rand.3 (revision 279126)
+++ secure/lib/libcrypto/man/rand.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "rand 3"
-.TH rand 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH rand 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -163,8 +172,8 @@ rand \- pseudo\-random number generator
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-Since the introduction of the \s-1ENGINE\s0 \s-1API\s0, the recommended way of controlling
-default implementations is by using the \s-1ENGINE\s0 \s-1API\s0 functions. The default
+Since the introduction of the \s-1ENGINE API,\s0 the recommended way of controlling
+default implementations is by using the \s-1ENGINE API\s0 functions. The default
\&\fB\s-1RAND_METHOD\s0\fR, as set by \fIRAND_set_rand_method()\fR and returned by
\&\fIRAND_get_rand_method()\fR, is only used if no \s-1ENGINE\s0 has been set as the default
\&\*(L"rand\*(R" implementation. Hence, these two functions are no longer the recommened
@@ -188,7 +197,7 @@ described in \fIRAND_add\fR\|(3). Its state can be
seeding process whenever the application is started.
.PP
\&\fIRAND_bytes\fR\|(3) describes how to obtain random data from the
-\&\s-1PRNG\s0.
+\&\s-1PRNG. \s0
.SH "INTERNALS"
.IX Header "INTERNALS"
The \fIRAND_SSLeay()\fR method implements a \s-1PRNG\s0 based on a cryptographic
@@ -197,9 +206,9 @@ hash function.
The following description of its design is based on the SSLeay
documentation:
.PP
-First up I will state the things I believe I need for a good \s-1RNG\s0.
+First up I will state the things I believe I need for a good \s-1RNG.\s0
.IP "1." 4
-A good hashing algorithm to mix things up and to convert the \s-1RNG\s0 'state'
+A good hashing algorithm to mix things up and to convert the \s-1RNG \s0'state'
to random numbers.
.IP "2." 4
An initial source of random 'state'.
@@ -251,7 +260,7 @@ believe this system addresses points 1 (hash funct
\&\s-1SHA\-1\s0), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash
function and xor).
.PP
-When bytes are extracted from the \s-1RNG\s0, the following process is used.
+When bytes are extracted from the \s-1RNG,\s0 the following process is used.
For each group of 10 bytes (or less), we do the following:
.PP
Input into the hash function the local 'md' (which is initialized from
Index: secure/lib/libcrypto/man/rc4.3
===================================================================
--- secure/lib/libcrypto/man/rc4.3 (revision 279126)
+++ secure/lib/libcrypto/man/rc4.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "rc4 3"
-.TH rc4 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH rc4 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libcrypto/man/ripemd.3
===================================================================
--- secure/lib/libcrypto/man/ripemd.3 (revision 279126)
+++ secure/lib/libcrypto/man/ripemd.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ripemd 3"
-.TH ripemd 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ripemd 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -152,7 +161,7 @@ RIPEMD\-160 hash function
.PP
\&\s-1\fIRIPEMD160\s0()\fR computes the \s-1RIPEMD\-160\s0 message digest of the \fBn\fR
bytes at \fBd\fR and places it in \fBmd\fR (which must have space for
-\&\s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest
+\&\s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest
is placed in a static array.
.PP
The following functions may be used if the message is not completely
@@ -178,7 +187,7 @@ hash functions directly.
success, 0 otherwise.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1ISO/IEC\s0 10118\-3 (draft) (??)
+\&\s-1ISO/IEC 10118\-3 \s0(draft) (??)
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIsha\fR\|(3), \fIhmac\fR\|(3), \fIEVP_DigestInit\fR\|(3)
Index: secure/lib/libcrypto/man/rsa.3
===================================================================
--- secure/lib/libcrypto/man/rsa.3 (revision 279126)
+++ secure/lib/libcrypto/man/rsa.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "rsa 3"
-.TH rsa 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH rsa 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -191,7 +200,7 @@ rsa \- RSA public key cryptosystem
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions implement \s-1RSA\s0 public key encryption and signatures
-as defined in \s-1PKCS\s0 #1 v2.0 [\s-1RFC\s0 2437].
+as defined in \s-1PKCS\s0 #1 v2.0 [\s-1RFC 2437\s0].
.PP
The \fB\s-1RSA\s0\fR structure consists of several \s-1BIGNUM\s0 components. It can
contain public as well as private \s-1RSA\s0 keys:
@@ -228,7 +237,7 @@ structure elements directly and instead use \s-1AP
modify keys.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0
+\&\s-1SSL, PKCS\s0 #1 v2.0
.SH "PATENTS"
.IX Header "PATENTS"
\&\s-1RSA\s0 was covered by a \s-1US\s0 patent which expired in September 2000.
Index: secure/lib/libcrypto/man/sha.3
===================================================================
--- secure/lib/libcrypto/man/sha.3 (revision 279126)
+++ secure/lib/libcrypto/man/sha.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "sha 3"
-.TH sha 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH sha 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -146,12 +155,12 @@ SHA1, SHA1_Init, SHA1_Update, SHA1_Final \- Secure
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\s-1SHA\-1\s0 (Secure Hash Algorithm) is a cryptographic hash function with a
+\&\s-1SHA\-1 \s0(Secure Hash Algorithm) is a cryptographic hash function with a
160 bit output.
.PP
\&\s-1\fISHA1\s0()\fR computes the \s-1SHA\-1\s0 message digest of the \fBn\fR
bytes at \fBd\fR and places it in \fBmd\fR (which must have space for
-\&\s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest
+\&\s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest
is placed in a static array.
.PP
The following functions may be used if the message is not completely
@@ -169,7 +178,7 @@ Applications should use the higher level functions
\&\fIEVP_DigestInit\fR\|(3)
etc. instead of calling the hash functions directly.
.PP
-The predecessor of \s-1SHA\-1\s0, \s-1SHA\s0, is also implemented, but it should be
+The predecessor of \s-1SHA\-1, SHA,\s0 is also implemented, but it should be
used only when backward compatibility is required.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
@@ -178,11 +187,11 @@ used only when backward compatibility is required.
\&\fISHA1_Init()\fR, \fISHA1_Update()\fR and \fISHA1_Final()\fR return 1 for success, 0 otherwise.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1SHA:\s0 \s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 \s-1PUB\s0 180 (Secure Hash
+\&\s-1SHA: US\s0 Federal Information Processing Standard \s-1FIPS PUB 180 \s0(Secure Hash
Standard),
-\&\s-1SHA\-1:\s0 \s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 \s-1PUB\s0 180\-1 (Secure Hash
+\&\s-1SHA\-1: US\s0 Federal Information Processing Standard \s-1FIPS PUB 180\-1 \s0(Secure Hash
Standard),
-\&\s-1ANSI\s0 X9.30
+\&\s-1ANSI X9.30\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIripemd\fR\|(3), \fIhmac\fR\|(3), \fIEVP_DigestInit\fR\|(3)
Index: secure/lib/libcrypto/man/threads.3
===================================================================
--- secure/lib/libcrypto/man/threads.3 (revision 279126)
+++ secure/lib/libcrypto/man/threads.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "threads 3"
-.TH threads 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH threads 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -193,7 +202,7 @@ different mutex locks. It sets the \fBn\fR\-th loc
\&\fBfile\fR and \fBline\fR are the file number of the function setting the
lock. They can be useful for debugging.
.PP
-id_function(void) is a function that returns a thread \s-1ID\s0, for example
+id_function(void) is a function that returns a thread \s-1ID,\s0 for example
\&\fIpthread_self()\fR if it returns an integer (see \s-1NOTES\s0 below). It isn't
needed on Windows nor on platforms where \fIgetpid()\fR returns a different
\&\s-1ID\s0 for each thread (see \s-1NOTES\s0 below).
@@ -270,7 +279,7 @@ different answers in each thread, since that may d
the program is run on, not the machine where the program is being
compiled. For instance, Red Hat 8 Linux and earlier used
LinuxThreads, whose \fIgetpid()\fR returns a different value for each
-thread. Red Hat 9 Linux and later use \s-1NPTL\s0, which is
+thread. Red Hat 9 Linux and later use \s-1NPTL,\s0 which is
Posix-conformant, and has a \fIgetpid()\fR that returns the same value for
all threads in a process. A program compiled on Red Hat 8 and run on
Red Hat 9 will therefore see \fIgetpid()\fR returning the same value for
Index: secure/lib/libcrypto/man/ui.3
===================================================================
--- secure/lib/libcrypto/man/ui.3 (revision 279126)
+++ secure/lib/libcrypto/man/ui.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ui 3"
-.TH ui 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ui 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -201,9 +210,9 @@ prompt the user for text-based information. Throu
imaginable, be it plain text prompting, through dialog boxes or from a
cell phone.
.PP
-All the functions work through a context of the type \s-1UI\s0. This context
+All the functions work through a context of the type \s-1UI. \s0 This context
contains all the information needed to prompt correctly as well as a
-reference to a \s-1UI_METHOD\s0, which is an ordered vector of functions that
+reference to a \s-1UI_METHOD,\s0 which is an ordered vector of functions that
carry out the actual prompting.
.PP
The first thing to do is to create a \s-1UI\s0 with \fIUI_new()\fR or \fIUI_new_method()\fR,
@@ -222,10 +231,10 @@ result with \fIUI_get0_result()\fR.
The functions are as follows:
.PP
\&\fIUI_new()\fR creates a new \s-1UI\s0 using the default \s-1UI\s0 method. When done with
-this \s-1UI\s0, it should be freed using \fIUI_free()\fR.
+this \s-1UI,\s0 it should be freed using \fIUI_free()\fR.
.PP
\&\fIUI_new_method()\fR creates a new \s-1UI\s0 using the given \s-1UI\s0 method. When done with
-this \s-1UI\s0, it should be freed using \fIUI_free()\fR.
+this \s-1UI,\s0 it should be freed using \fIUI_free()\fR.
.PP
\&\fIUI_OpenSSL()\fR returns the built-in \s-1UI\s0 method (note: not the default one,
since the default can be changed. See further on). This method is the
@@ -235,7 +244,7 @@ most problems when porting.
\&\fIUI_free()\fR removes a \s-1UI\s0 from memory, along with all other pieces of memory
that's connected to it, like duplicated input strings, results and others.
.PP
-\&\fIUI_add_input_string()\fR and \fIUI_add_verify_string()\fR add a prompt to the \s-1UI\s0,
+\&\fIUI_add_input_string()\fR and \fIUI_add_verify_string()\fR add a prompt to the \s-1UI,\s0
as well as flags and a result buffer and the desired minimum and maximum
sizes of the result. The given information is used to prompt for
information, for example a password, and to verify a password (i.e. having
@@ -247,7 +256,7 @@ verification will fail.
\&\fIUI_add_input_boolean()\fR adds a prompt to the \s-1UI\s0 that's supposed to be answered
in a boolean way, with a single character for yes and a different character
for no. A set of characters that can be used to cancel the prompt is given
-as well. The prompt itself is really divided in two, one part being the
+as well. The prompt itself is divided in two, one part being the
descriptive text (given through the \fIprompt\fR argument) and one describing
the possible answers (given through the \fIaction_desc\fR argument).
.PP
@@ -257,10 +266,10 @@ The difference between the two is only conceptual.
there's no technical difference between them. Other methods may make a
difference between them, however.
.PP
-The flags currently supported are \s-1UI_INPUT_FLAG_ECHO\s0, which is relevant for
+The flags currently supported are \s-1UI_INPUT_FLAG_ECHO,\s0 which is relevant for
\&\fIUI_add_input_string()\fR and will have the users response be echoed (when
prompting for a password, this flag should obviously not be used, and
-\&\s-1UI_INPUT_FLAG_DEFAULT_PWD\s0, which means that a default password of some
+\&\s-1UI_INPUT_FLAG_DEFAULT_PWD,\s0 which means that a default password of some
sort will be used (completely depending on the application and the \s-1UI\s0
method).
.PP
@@ -293,9 +302,9 @@ the information indexed by \fIi\fR.
and prompting and returns.
.PP
\&\fIUI_ctrl()\fR adds extra control for the application author. For now, it
-understands two commands: \s-1UI_CTRL_PRINT_ERRORS\s0, which makes \fIUI_process()\fR
-print the OpenSSL error stack as part of processing the \s-1UI\s0, and
-\&\s-1UI_CTRL_IS_REDOABLE\s0, which returns a flag saying if the used \s-1UI\s0 can
+understands two commands: \s-1UI_CTRL_PRINT_ERRORS,\s0 which makes \fIUI_process()\fR
+print the OpenSSL error stack as part of processing the \s-1UI,\s0 and
+\&\s-1UI_CTRL_IS_REDOABLE,\s0 which returns a flag saying if the used \s-1UI\s0 can
be used again or not.
.PP
\&\fIUI_set_default_method()\fR changes the default \s-1UI\s0 method to the one given.
@@ -302,9 +311,9 @@ be used again or not.
.PP
\&\fIUI_get_default_method()\fR returns a pointer to the current default \s-1UI\s0 method.
.PP
-\&\fIUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI\s0.
+\&\fIUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI.\s0
.PP
-\&\fIUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI\s0.
+\&\fIUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI.\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIui_create\fR\|(3), \fIui_compat\fR\|(3)
Index: secure/lib/libcrypto/man/ui_compat.3
===================================================================
--- secure/lib/libcrypto/man/ui_compat.3 (revision 279126)
+++ secure/lib/libcrypto/man/ui_compat.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ui_compat 3"
-.TH ui_compat 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ui_compat 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +156,7 @@ Compatibility user interface functions
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1DES\s0 library contained a few routines to prompt for passwords. These
-aren't necessarely dependent on \s-1DES\s0, and have therefore become part of the
+aren't necessarely dependent on \s-1DES,\s0 and have therefore become part of the
\&\s-1UI\s0 compatibility library.
.PP
\&\fIdes_read_pw()\fR writes the string specified by \fIprompt\fR to standard output
Index: secure/lib/libcrypto/man/x509.3
===================================================================
--- secure/lib/libcrypto/man/x509.3 (revision 279126)
+++ secure/lib/libcrypto/man/x509.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "x509 3"
-.TH x509 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH x509 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -139,15 +148,15 @@ x509 \- X.509 certificate handling
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
A X.509 certificate is a structured grouping of information about
-an individual, a device, or anything one can imagine. A X.509 \s-1CRL\s0
-(certificate revocation list) is a tool to help determine if a
+an individual, a device, or anything one can imagine. A X.509 \s-1CRL
+\&\s0(certificate revocation list) is a tool to help determine if a
certificate is still valid. The exact definition of those can be
-found in the X.509 document from ITU-T, or in \s-1RFC3280\s0 from \s-1PKIX\s0.
+found in the X.509 document from ITU-T, or in \s-1RFC3280\s0 from \s-1PKIX.\s0
In OpenSSL, the type X509 is used to express such a certificate, and
-the type X509_CRL is used to express a \s-1CRL\s0.
+the type X509_CRL is used to express a \s-1CRL.\s0
.PP
A related structure is a certificate request, defined in PKCS#10 from
-\&\s-1RSA\s0 Security, Inc, also reflected in \s-1RFC2896\s0. In OpenSSL, the type
+\&\s-1RSA\s0 Security, Inc, also reflected in \s-1RFC2896. \s0 In OpenSSL, the type
X509_REQ is used to express such a certificate request.
.PP
To handle some complex parts of a certificate, there are the types
@@ -155,7 +164,7 @@ X509_NAME (to express a certificate name), X509_AT
a certificate attributes), X509_EXTENSION (to express a certificate
extension) and a few more.
.PP
-Finally, there's the supertype X509_INFO, which can contain a \s-1CRL\s0, a
+Finally, there's the supertype X509_INFO, which can contain a \s-1CRL,\s0 a
certificate and a corresponding private key.
.PP
\&\fBX509_\fR\fI...\fR, \fBd2i_X509_\fR\fI...\fR and \fBi2d_X509_\fR\fI...\fR handle X.509
Index: secure/lib/libssl/Makefile.man
===================================================================
--- secure/lib/libssl/Makefile.man (revision 279126)
+++ secure/lib/libssl/Makefile.man (working copy)
@@ -32,6 +32,7 @@ MAN+= SSL_CTX_set_session_cache_mode.3
MAN+= SSL_CTX_set_session_id_context.3
MAN+= SSL_CTX_set_ssl_version.3
MAN+= SSL_CTX_set_timeout.3
+MAN+= SSL_CTX_set_tlsext_ticket_key_cb.3
MAN+= SSL_CTX_set_tmp_dh_callback.3
MAN+= SSL_CTX_set_tmp_rsa_callback.3
MAN+= SSL_CTX_set_verify.3
Index: secure/lib/libssl/man/SSL_CIPHER_get_name.3
===================================================================
--- secure/lib/libssl/man/SSL_CIPHER_get_name.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CIPHER_get_name.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CIPHER_get_name 3"
-.TH SSL_CIPHER_get_name 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CIPHER_get_name 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -144,20 +153,24 @@ SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPH
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fISSL_CIPHER_get_name()\fR returns a pointer to the name of \fBcipher\fR. If the
-argument is the \s-1NULL\s0 pointer, a pointer to the constant value \*(L"\s-1NONE\s0\*(R" is
+argument is the \s-1NULL\s0 pointer, a pointer to the constant value \*(L"\s-1NONE\*(R"\s0 is
returned.
.PP
\&\fISSL_CIPHER_get_bits()\fR returns the number of secret bits used for \fBcipher\fR. If
-\&\fBalg_bits\fR is not \s-1NULL\s0, it contains the number of bits processed by the
-chosen algorithm. If \fBcipher\fR is \s-1NULL\s0, 0 is returned.
+\&\fBalg_bits\fR is not \s-1NULL,\s0 it contains the number of bits processed by the
+chosen algorithm. If \fBcipher\fR is \s-1NULL, 0\s0 is returned.
.PP
-\&\fISSL_CIPHER_get_version()\fR returns the protocol version for \fBcipher\fR, currently
-\&\*(L"SSLv2\*(R", \*(L"SSLv3\*(R", or \*(L"TLSv1\*(R". If \fBcipher\fR is \s-1NULL\s0, \*(L"(\s-1NONE\s0)\*(R" is returned.
+\&\fISSL_CIPHER_get_version()\fR returns string which indicates the \s-1SSL/TLS\s0 protocol
+version that first defined the cipher.
+This is currently \fBSSLv2\fR or \fBTLSv1/SSLv3\fR.
+In some cases it should possibly return \*(L"TLSv1.2\*(R" but does not;
+use \fISSL_CIPHER_description()\fR instead.
+If \fBcipher\fR is \s-1NULL, \*(L"\s0(\s-1NONE\s0)\*(R" is returned.
.PP
\&\fISSL_CIPHER_description()\fR returns a textual description of the cipher used
into the buffer \fBbuf\fR of length \fBlen\fR provided. \fBlen\fR must be at least
128 bytes, otherwise a pointer to the string \*(L"Buffer too small\*(R" is
-returned. If \fBbuf\fR is \s-1NULL\s0, a buffer of 128 bytes is allocated using
+returned. If \fBbuf\fR is \s-1NULL,\s0 a buffer of 128 bytes is allocated using
\&\fIOPENSSL_malloc()\fR. If the allocation fails, a pointer to the string
\&\*(L"OPENSSL_malloc Error\*(R" is returned.
.SH "NOTES"
@@ -175,7 +188,8 @@ sequence:
Textual representation of the cipher name.
.IP "<protocol version>" 4
.IX Item "<protocol version>"
-Protocol version: \fBSSLv2\fR, \fBSSLv3\fR. The TLSv1 ciphers are flagged with SSLv3.
+Protocol version: \fBSSLv2\fR, \fBSSLv3\fR, \fBTLSv1.2\fR. The TLSv1.0 ciphers are
+flagged with SSLv3. No new ciphers were added by TLSv1.1.
.IP "Kx=<key exchange>" 4
.IX Item "Kx=<key exchange>"
Key exchange method: \fB\s-1RSA\s0\fR (for export ciphers as \fB\s-1RSA\s0(512)\fR or
@@ -207,9 +221,15 @@ Some examples for the output of \fISSL_CIPHER_desc
\& RC4\-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
\& EXP\-RC4\-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
.Ve
+.PP
+A comp[lete list can be retrieved by invoking the following command:
+.PP
+.Vb 1
+\& openssl ciphers \-v ALL
+.Ve
.SH "BUGS"
.IX Header "BUGS"
-If \fISSL_CIPHER_description()\fR is called with \fBcipher\fR being \s-1NULL\s0, the
+If \fISSL_CIPHER_description()\fR is called with \fBcipher\fR being \s-1NULL,\s0 the
library crashes.
.PP
If \fISSL_CIPHER_description()\fR cannot handle a built-in cipher, the according
Index: secure/lib/libssl/man/SSL_COMP_add_compression_method.3
===================================================================
--- secure/lib/libssl/man/SSL_COMP_add_compression_method.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_COMP_add_compression_method.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_COMP_add_compression_method 3"
-.TH SSL_COMP_add_compression_method 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_COMP_add_compression_method 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +156,7 @@ It cannot be set for specific \s-1SSL_CTX\s0 or \s
.SH "NOTES"
.IX Header "NOTES"
The \s-1TLS\s0 standard (or SSLv3) allows the integration of compression methods
-into the communication. The \s-1TLS\s0 \s-1RFC\s0 does however not specify compression
+into the communication. The \s-1TLS RFC\s0 does however not specify compression
methods or their corresponding identifiers, so there is currently no compatible
way to integrate compression with unknown peers. It is therefore currently not
recommended to integrate compression into applications. Applications for
Index: secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_add_extra_chain_cert 3"
-.TH SSL_CTX_add_extra_chain_cert 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_add_extra_chain_cert 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,6 +159,15 @@ these certificates explicitly specified. If no cha
the library will try to complete the chain from the available \s-1CA\s0
certificates in the trusted \s-1CA\s0 storage, see
\&\fISSL_CTX_load_verify_locations\fR\|(3).
+.PP
+The \fBx509\fR certificate provided to \fISSL_CTX_add_extra_chain_cert()\fR will be freed by the library when the \fB\s-1SSL_CTX\s0\fR is destroyed. An application \fBshould not\fR free the \fBx509\fR object.
+.SH "RESTRICTIONS"
+.IX Header "RESTRICTIONS"
+Only one set of extra chain certificates can be specified per \s-1SSL_CTX\s0
+structure. Different chains for different certificates (for example if both
+\&\s-1RSA\s0 and \s-1DSA\s0 certificates are specified by the same server) or different \s-1SSL\s0
+structures with the same parent \s-1SSL_CTX\s0 cannot be specified using this
+function.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fISSL_CTX_add_extra_chain_cert()\fR returns 1 on success. Check out the
Index: secure/lib/libssl/man/SSL_CTX_add_session.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_add_session.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_add_session.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_add_session 3"
-.TH SSL_CTX_add_session 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_add_session 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -168,7 +177,7 @@ If a server \s-1SSL_CTX\s0 is configured with the
flag then the internal cache will not be populated automatically by new
sessions negotiated by the \s-1SSL/TLS\s0 implementation, even though the internal
cache will be searched automatically for session-resume requests (the
-latter can be surpressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the
+latter can be suppressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the
application can use \fISSL_CTX_add_session()\fR directly to have full control
over the sessions that can be resumed if desired.
.SH "RETURN VALUES"
Index: secure/lib/libssl/man/SSL_CTX_ctrl.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_ctrl.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_ctrl.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_ctrl 3"
-.TH SSL_CTX_ctrl 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_ctrl 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_CTX_flush_sessions.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_flush_sessions.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_flush_sessions.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_flush_sessions 3"
-.TH SSL_CTX_flush_sessions 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_flush_sessions 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_CTX_free.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_free.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_free.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_free 3"
-.TH SSL_CTX_free 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_free 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_get_ex_new_index 3"
-.TH SSL_CTX_get_ex_new_index 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_get_ex_new_index 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_get_verify_mode 3"
-.TH SSL_CTX_get_verify_mode 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_get_verify_mode 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_load_verify_locations 3"
-.TH SSL_CTX_load_verify_locations 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_load_verify_locations 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +156,7 @@ which \s-1CA\s0 certificates for verification purp
available via \fBCAfile\fR and \fBCApath\fR are trusted.
.SH "NOTES"
.IX Header "NOTES"
-If \fBCAfile\fR is not \s-1NULL\s0, it points to a file of \s-1CA\s0 certificates in \s-1PEM\s0
+If \fBCAfile\fR is not \s-1NULL,\s0 it points to a file of \s-1CA\s0 certificates in \s-1PEM\s0
format. The file can contain several \s-1CA\s0 certificates identified by
.PP
.Vb 3
@@ -162,7 +171,7 @@ which can be used e.g. for descriptions of the cer
The \fBCAfile\fR is processed on execution of the \fISSL_CTX_load_verify_locations()\fR
function.
.PP
-If \fBCApath\fR is not \s-1NULL\s0, it points to a directory containing \s-1CA\s0 certificates
+If \fBCApath\fR is not \s-1NULL,\s0 it points to a directory containing \s-1CA\s0 certificates
in \s-1PEM\s0 format. The files each contain one \s-1CA\s0 certificate. The files are
looked up by the \s-1CA\s0 subject name hash value, which must hence be available.
If more than one \s-1CA\s0 certificate with the same name hash value exist, the
Index: secure/lib/libssl/man/SSL_CTX_new.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_new.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_new.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_new 3"
-.TH SSL_CTX_new 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_new 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_CTX_sess_number.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_sess_number.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_sess_number.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_sess_number 3"
-.TH SSL_CTX_sess_number 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_sess_number 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_sess_set_cache_size 3"
-.TH SSL_CTX_sess_set_cache_size 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_sess_set_cache_size 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +156,7 @@ of context \fBctx\fR to \fBt\fR.
\&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid session cache size.
.SH "NOTES"
.IX Header "NOTES"
-The internal session cache size is \s-1SSL_SESSION_CACHE_MAX_SIZE_DEFAULT\s0,
+The internal session cache size is \s-1SSL_SESSION_CACHE_MAX_SIZE_DEFAULT,\s0
currently 1024*20, so that up to 20000 sessions can be held. This size
can be modified using the \fISSL_CTX_sess_set_cache_size()\fR call. A special
case is the size 0, which is used for unlimited size.
Index: secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_sess_set_get_cb 3"
-.TH SSL_CTX_sess_set_get_cb 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_sess_set_get_cb 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_CTX_sessions.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_sessions.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_sessions.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_sessions 3"
-.TH SSL_CTX_sessions 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_sessions 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_CTX_set_cert_store.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_set_cert_store.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_set_cert_store.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_cert_store 3"
-.TH SSL_CTX_set_cert_store 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_set_cert_store 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_cert_verify_callback 3"
-.TH SSL_CTX_set_cert_verify_callback 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_set_cert_verify_callback 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,7 +159,7 @@ function is called. If the application does not ex
verification callback function, the built-in verification function is used.
If a verification callback \fIcallback\fR is specified via
\&\fISSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called
-instead. By setting \fIcallback\fR to \s-1NULL\s0, the default behaviour is restored.
+instead. By setting \fIcallback\fR to \s-1NULL,\s0 the default behaviour is restored.
.PP
When the verification must be performed, \fIcallback\fR will be called with
the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The
Index: secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_cipher_list 3"
-.TH SSL_CTX_set_cipher_list 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_set_cipher_list 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_client_CA_list 3"
-.TH SSL_CTX_set_client_CA_list 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_set_client_CA_list 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -162,7 +171,7 @@ the chosen \fBssl\fR, overriding the setting valid
.SH "NOTES"
.IX Header "NOTES"
When a \s-1TLS/SSL\s0 server requests a client certificate (see
-\&\fB\f(BISSL_CTX_set_verify_options()\fB\fR), it sends a list of CAs, for which
+\&\fB\f(BISSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which
it will accept certificates, to the client.
.PP
This list must explicitly be set using \fISSL_CTX_set_client_CA_list()\fR for
Index: secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_client_cert_cb 3"
-.TH SSL_CTX_set_client_cert_cb 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_set_client_cert_cb 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -146,7 +155,7 @@ SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cer
called when a client certificate is requested by a server and no certificate
was yet set for the \s-1SSL\s0 object.
.PP
-When \fB\f(BIclient_cert_cb()\fB\fR is \s-1NULL\s0, no callback function is used.
+When \fB\f(BIclient_cert_cb()\fB\fR is \s-1NULL,\s0 no callback function is used.
.PP
\&\fISSL_CTX_get_client_cert_cb()\fR returns a pointer to the currently set callback
function.
@@ -157,7 +166,7 @@ using the \fBx509\fR and \fBpkey\fR arguments and
certificate will be installed into \fBssl\fR, see the \s-1NOTES\s0 and \s-1BUGS\s0 sections.
If no certificate should be set, \*(L"0\*(R" has to be returned and no certificate
will be sent. A negative return value will suspend the handshake and the
-handshake function will return immediatly. \fISSL_get_error\fR\|(3)
+handshake function will return immediately. \fISSL_get_error\fR\|(3)
will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was
suspended. The next call to the handshake function will again lead to the call
of \fIclient_cert_cb()\fR. It is the job of the \fIclient_cert_cb()\fR to store information
Index: secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_default_passwd_cb 3"
-.TH SSL_CTX_set_default_passwd_cb 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_set_default_passwd_cb 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_generate_session_id 3"
-.TH SSL_CTX_set_generate_session_id 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_set_generate_session_id 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_CTX_set_info_callback.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_set_info_callback.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_set_info_callback.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_info_callback 3"
-.TH SSL_CTX_set_info_callback 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_set_info_callback 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,11 +157,11 @@ SSL_CTX_set_info_callback, SSL_CTX_get_info_callba
obtain state information for \s-1SSL\s0 objects created from \fBctx\fR during connection
setup and use. The setting for \fBctx\fR is overridden from the setting for
a specific \s-1SSL\s0 object, if specified.
-When \fBcallback\fR is \s-1NULL\s0, not callback function is used.
+When \fBcallback\fR is \s-1NULL,\s0 not callback function is used.
.PP
\&\fISSL_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to
obtain state information for \fBssl\fR during connection setup and use.
-When \fBcallback\fR is \s-1NULL\s0, the callback setting currently valid for
+When \fBcallback\fR is \s-1NULL,\s0 the callback setting currently valid for
\&\fBctx\fR is used.
.PP
\&\fISSL_CTX_get_info_callback()\fR returns a pointer to the currently set information
@@ -189,25 +198,25 @@ Callback has been called during write operation.
.IP "\s-1SSL_CB_ALERT\s0" 4
.IX Item "SSL_CB_ALERT"
Callback has been called due to an alert being sent or received.
-.IP "\s-1SSL_CB_READ_ALERT\s0 (SSL_CB_ALERT|SSL_CB_READ)" 4
-.IX Item "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)"
+.IP "\s-1SSL_CB_READ_ALERT \s0(SSL_CB_ALERT|SSL_CB_READ)" 4
+.IX Item "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)"
.PD 0
-.IP "\s-1SSL_CB_WRITE_ALERT\s0 (SSL_CB_ALERT|SSL_CB_WRITE)" 4
-.IX Item "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)"
-.IP "\s-1SSL_CB_ACCEPT_LOOP\s0 (SSL_ST_ACCEPT|SSL_CB_LOOP)" 4
-.IX Item "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)"
-.IP "\s-1SSL_CB_ACCEPT_EXIT\s0 (SSL_ST_ACCEPT|SSL_CB_EXIT)" 4
-.IX Item "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)"
-.IP "\s-1SSL_CB_CONNECT_LOOP\s0 (SSL_ST_CONNECT|SSL_CB_LOOP)" 4
-.IX Item "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)"
-.IP "\s-1SSL_CB_CONNECT_EXIT\s0 (SSL_ST_CONNECT|SSL_CB_EXIT)" 4
-.IX Item "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)"
+.IP "\s-1SSL_CB_WRITE_ALERT \s0(SSL_CB_ALERT|SSL_CB_WRITE)" 4
+.IX Item "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)"
+.IP "\s-1SSL_CB_ACCEPT_LOOP \s0(SSL_ST_ACCEPT|SSL_CB_LOOP)" 4
+.IX Item "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)"
+.IP "\s-1SSL_CB_ACCEPT_EXIT \s0(SSL_ST_ACCEPT|SSL_CB_EXIT)" 4
+.IX Item "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)"
+.IP "\s-1SSL_CB_CONNECT_LOOP \s0(SSL_ST_CONNECT|SSL_CB_LOOP)" 4
+.IX Item "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)"
+.IP "\s-1SSL_CB_CONNECT_EXIT \s0(SSL_ST_CONNECT|SSL_CB_EXIT)" 4
+.IX Item "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)"
.IP "\s-1SSL_CB_HANDSHAKE_START\s0" 4
.IX Item "SSL_CB_HANDSHAKE_START"
.PD
Callback has been called because a new handshake is started.
-.IP "\s-1SSL_CB_HANDSHAKE_DONE\s0 0x20" 4
-.IX Item "SSL_CB_HANDSHAKE_DONE 0x20"
+.IP "\s-1SSL_CB_HANDSHAKE_DONE \s0 0x20" 4
+.IX Item "SSL_CB_HANDSHAKE_DONE 0x20"
Callback has been called because a handshake is finished.
.PP
The current state information can be obtained using the
@@ -223,7 +232,7 @@ The \fBret\fR information can be evaluated using t
.SH "EXAMPLES"
.IX Header "EXAMPLES"
The following example callback function prints state strings, information
-about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO\s0.
+about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO.\s0
.PP
.Vb 4
\& void apps_ssl_info_callback(SSL *s, int where, int ret)
Index: secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_max_cert_list 3"
-.TH SSL_CTX_set_max_cert_list 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_set_max_cert_list 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_CTX_set_mode.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_set_mode.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_set_mode.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_mode 3"
-.TH SSL_CTX_set_mode 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_set_mode 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -175,7 +184,7 @@ non-blocking \fIwrite()\fR.
Never bother the application with retries if the transport is blocking.
If a renegotiation take place during normal operation, a
\&\fISSL_read\fR\|(3) or \fISSL_write\fR\|(3) would return
-with \-1 and indicate the need to retry with \s-1SSL_ERROR_WANT_READ\s0.
+with \-1 and indicate the need to retry with \s-1SSL_ERROR_WANT_READ.\s0
In a non-blocking environment applications must be prepared to handle
incomplete read/write operations.
In a blocking environment, applications are not always prepared to
@@ -182,6 +191,15 @@ In a blocking environment, applications are not al
deal with read/write operations returning without success report. The
flag \s-1SSL_MODE_AUTO_RETRY\s0 will cause read/write operations to only
return after the handshake and successful completion.
+.IP "\s-1SSL_MODE_SEND_FALLBACK_SCSV\s0" 4
+.IX Item "SSL_MODE_SEND_FALLBACK_SCSV"
+Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello.
+To be set only by applications that reconnect with a downgraded protocol
+version; see draft\-ietf\-tls\-downgrade\-scsv\-00 for details.
+.Sp
+\&\s-1DO NOT ENABLE THIS\s0 if your application attempts a normal handshake.
+Only use this in explicit fallback retries, following the guidance
+in draft\-ietf\-tls\-downgrade\-scsv\-00.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fISSL_CTX_set_mode()\fR and \fISSL_set_mode()\fR return the new mode bitmask
Index: secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_msg_callback 3"
-.TH SSL_CTX_set_msg_callback 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_set_msg_callback 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -167,12 +176,12 @@ when a protocol message has been sent.
.IX Item "version"
The protocol version according to which the protocol message is
interpreted by the library. Currently, this is one of
-\&\fB\s-1SSL2_VERSION\s0\fR, \fB\s-1SSL3_VERSION\s0\fR and \fB\s-1TLS1_VERSION\s0\fR (for \s-1SSL\s0 2.0, \s-1SSL\s0
-3.0 and \s-1TLS\s0 1.0, respectively).
+\&\fB\s-1SSL2_VERSION\s0\fR, \fB\s-1SSL3_VERSION\s0\fR and \fB\s-1TLS1_VERSION\s0\fR (for \s-1SSL 2.0, SSL
+3.0\s0 and \s-1TLS 1.0,\s0 respectively).
.IP "\fIcontent_type\fR" 4
.IX Item "content_type"
-In the case of \s-1SSL\s0 2.0, this is always \fB0\fR. In the case of \s-1SSL\s0 3.0
-or \s-1TLS\s0 1.0, this is one of the \fBContentType\fR values defined in the
+In the case of \s-1SSL 2.0,\s0 this is always \fB0\fR. In the case of \s-1SSL 3.0\s0
+or \s-1TLS 1.0,\s0 this is one of the \fBContentType\fR values defined in the
protocol specification (\fBchange_cipher_spec(20)\fR, \fBalert(21)\fR,
\&\fBhandshake(22)\fR; but never \fBapplication_data(23)\fR because the
callback will only be called for protocol messages).
@@ -201,7 +210,7 @@ processed.
.PP
Due to automatic protocol version negotiation, \fIversion\fR is not
necessarily the protocol version used by the sender of the message: If
-a \s-1TLS\s0 1.0 ClientHello message is received by an \s-1SSL\s0 3.0\-only server,
+a \s-1TLS 1.0\s0 ClientHello message is received by an \s-1SSL 3\s0.0\-only server,
\&\fIversion\fR will be \fB\s-1SSL3_VERSION\s0\fR.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
Index: secure/lib/libssl/man/SSL_CTX_set_options.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_set_options.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_set_options.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_options 3"
-.TH SSL_CTX_set_options 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_set_options 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -209,8 +218,8 @@ As of OpenSSL 0.9.8q and 1.0.0c, this option has n
\&...
.IP "\s-1SSL_OP_SAFARI_ECDHE_ECDSA_BUG\s0" 4
.IX Item "SSL_OP_SAFARI_ECDHE_ECDSA_BUG"
-Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on \s-1OS\s0 X.
-\&\s-1OS\s0 X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
+Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on \s-1OS X.
+OS X 10.8..10.8.3\s0 has broken support for ECDHE-ECDSA ciphers.
.IP "\s-1SSL_OP_SSLEAY_080_CLIENT_DH_BUG\s0" 4
.IX Item "SSL_OP_SSLEAY_080_CLIENT_DH_BUG"
\&...
@@ -222,7 +231,7 @@ As of OpenSSL 0.9.8q and 1.0.0c, this option has n
\&...
.IP "\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0" 4
.IX Item "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS"
-Disables a countermeasure against a \s-1SSL\s0 3.0/TLS 1.0 protocol
+Disables a countermeasure against a \s-1SSL 3.0/TLS 1.0\s0 protocol
vulnerability affecting \s-1CBC\s0 ciphers, which cannot be handled by some
broken \s-1SSL\s0 implementations. This option has no effect for connections
using other ciphers.
@@ -259,15 +268,7 @@ a new \s-1DH\s0 key during each handshake but it i
temporary/ephemeral \s-1DH\s0 parameters are used.
.IP "\s-1SSL_OP_EPHEMERAL_RSA\s0" 4
.IX Item "SSL_OP_EPHEMERAL_RSA"
-Always use ephemeral (temporary) \s-1RSA\s0 key when doing \s-1RSA\s0 operations
-(see \fISSL_CTX_set_tmp_rsa_callback\fR\|(3)).
-According to the specifications this is only done, when a \s-1RSA\s0 key
-can only be used for signature operations (namely under export ciphers
-with restricted \s-1RSA\s0 keylength). By setting this option, ephemeral
-\&\s-1RSA\s0 keys are always used. This option breaks compatibility with the
-\&\s-1SSL/TLS\s0 specifications and may lead to interoperability problems with
-clients and should therefore never be used. Ciphers with \s-1EDH\s0 (ephemeral
-Diffie-Hellman) key exchange should be used instead.
+This option is no longer implemented and is treated as no op.
.IP "\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0" 4
.IX Item "SSL_OP_CIPHER_SERVER_PREFERENCE"
When choosing a cipher, use the server's preferences instead of the client
@@ -314,16 +315,16 @@ not be used by clients or servers.
.IP "\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0" 4
.IX Item "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION"
Allow legacy insecure renegotiation between OpenSSL and unpatched clients or
-servers. See the \fB\s-1SECURE\s0 \s-1RENEGOTIATION\s0\fR section for more details.
+servers. See the \fB\s-1SECURE RENEGOTIATION\s0\fR section for more details.
.IP "\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0" 4
.IX Item "SSL_OP_LEGACY_SERVER_CONNECT"
Allow legacy insecure renegotiation between OpenSSL and unpatched servers
\&\fBonly\fR: this option is currently set by default. See the
-\&\fB\s-1SECURE\s0 \s-1RENEGOTIATION\s0\fR section for more details.
+\&\fB\s-1SECURE RENEGOTIATION\s0\fR section for more details.
.SH "SECURE RENEGOTIATION"
.IX Header "SECURE RENEGOTIATION"
OpenSSL 0.9.8m and later always attempts to use secure renegotiation as
-described in \s-1RFC5746\s0. This counters the prefix attack described in
+described in \s-1RFC5746.\s0 This counters the prefix attack described in
\&\s-1CVE\-2009\-3555\s0 and elsewhere.
.PP
The deprecated and highly broken SSLv2 protocol does not support
@@ -341,7 +342,7 @@ renegotiation implementation.
Connections and renegotiation are always permitted by OpenSSL implementations.
.SS "Unpatched client and patched OpenSSL server"
.IX Subsection "Unpatched client and patched OpenSSL server"
-The initial connection suceeds but client renegotiation is denied by the
+The initial connection succeeds but client renegotiation is denied by the
server with a \fBno_renegotiation\fR warning alert if \s-1TLS\s0 v1.0 is used or a fatal
\&\fBhandshake_failure\fR alert in \s-1SSL\s0 v3.0.
.PP
Index: secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_quiet_shutdown 3"
-.TH SSL_CTX_set_quiet_shutdown 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_set_quiet_shutdown 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_session_cache_mode 3"
-.TH SSL_CTX_set_session_cache_mode 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_set_session_cache_mode 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -207,10 +216,10 @@ As automatic lookup only applies for \s-1SSL/TLS\s
clients.
.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0" 4
.IX Item "SSL_SESS_CACHE_NO_INTERNAL_STORE"
-Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER\s0,
+Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER,\s0
sessions negotiated in an \s-1SSL/TLS\s0 handshake may be cached for possible reuse.
Normally a new session is added to the internal cache as well as any external
-session caching (callback) that is configured for the \s-1SSL_CTX\s0. This flag will
+session caching (callback) that is configured for the \s-1SSL_CTX.\s0 This flag will
prevent sessions being stored in the internal cache (though the application can
add them manually using \fISSL_CTX_add_session\fR\|(3)). Note:
in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful
@@ -222,7 +231,7 @@ prevents these additions to the internal cache as
Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and
\&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 at the same time.
.PP
-The default mode is \s-1SSL_SESS_CACHE_SERVER\s0.
+The default mode is \s-1SSL_SESS_CACHE_SERVER.\s0
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fISSL_CTX_set_session_cache_mode()\fR returns the previously set cache mode.
Index: secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_session_id_context 3"
-.TH SSL_CTX_set_session_id_context 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_set_session_id_context 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_ssl_version 3"
-.TH SSL_CTX_set_ssl_version 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_set_ssl_version 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -143,12 +152,12 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_g
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects
+\&\fISSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL \s0\fBmethod\fR for \s-1SSL\s0 objects
newly created from this \fBctx\fR. \s-1SSL\s0 objects already created with
\&\fISSL_new\fR\|(3) are not affected, except when
\&\fISSL_clear\fR\|(3) is being called.
.PP
-\&\fISSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR
+\&\fISSL_set_ssl_method()\fR sets a new \s-1TLS/SSL \s0\fBmethod\fR for a particular \fBssl\fR
object. It may be reset, when \fISSL_clear()\fR is called.
.PP
\&\fISSL_get_ssl_method()\fR returns a function pointer to the \s-1TLS/SSL\s0 method
Index: secure/lib/libssl/man/SSL_CTX_set_timeout.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_set_timeout.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_set_timeout.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_timeout 3"
-.TH SSL_CTX_set_timeout 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_set_timeout 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 (revision 0)
+++ secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 (working copy)
@@ -0,0 +1,316 @@
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+. ds C`
+. ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
+.\}
+.rr rF
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "SSL_CTX_set_tlsext_ticket_key_cb 3"
+.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2015-01-08" "0.9.8zd" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+SSL_CTX_set_tlsext_ticket_key_cb \- set a callback for session ticket processing
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& #include <openssl/tls1.h>
+\&
+\& long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx,
+\& int (*cb)(SSL *s, unsigned char key_name[16],
+\& unsigned char iv[EVP_MAX_IV_LENGTH],
+\& EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc));
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fISSL_CTX_set_tlsext_ticket_key_cb()\fR sets a callback fuction \fIcb\fR for handling
+session tickets for the ssl context \fIsslctx\fR. Session tickets, defined in
+\&\s-1RFC5077\s0 provide an enhanced session resumption capability where the server
+implementation is not required to maintain per session state. It only applies
+to \s-1TLS\s0 and there is no SSLv3 implementation.
+.PP
+The callback is available when the OpenSSL library was built without
+\&\fI\s-1OPENSSL_NO_TLSEXT\s0\fR being defined.
+.PP
+The callback function \fIcb\fR will be called for every client instigated \s-1TLS\s0
+session when session ticket extension is presented in the \s-1TLS\s0 hello
+message. It is the responsibility of this function to create or retrieve the
+cryptographic parameters and to maintain their state.
+.PP
+The OpenSSL library uses your callback function to help implement a common \s-1TLS \s0
+ticket construction state according to \s-1RFC5077\s0 Section 4 such that per session
+state is unnecessary and a small set of cryptographic variables needs to be
+maintained by the callback function implementation.
+.PP
+In order to reuse a session, a \s-1TLS\s0 client must send the a session ticket
+extension to the server. The client can only send exactly one session ticket.
+The server, through the callback function, either agrees to reuse the session
+ticket information or it starts a full \s-1TLS\s0 handshake to create a new session
+ticket.
+.PP
+Before the callback function is started \fIctx\fR and \fIhctx\fR have been
+initialised with EVP_CIPHER_CTX_init and HMAC_CTX_init respectively.
+.PP
+For new sessions tickets, when the client doesn't present a session ticket, or
+an attempted retreival of the ticket failed, or a renew option was indicated,
+the callback function will be called with \fIenc\fR equal to 1. The OpenSSL
+library expects that the function will set an arbitary \fIname\fR, initialize
+\&\fIiv\fR, and set the cipher context \fIctx\fR and the hash context \fIhctx\fR.
+.PP
+The \fIname\fR is 16 characters long and is used as a key identifier.
+.PP
+The \fIiv\fR length is the length of the \s-1IV\s0 of the corresponding cipher. The
+maximum \s-1IV\s0 length is \s-1EVP_MAX_IV_LENGTH\s0 bytes defined in \fBevp.h\fR.
+.PP
+The initialization vector \fIiv\fR should be a random value. The cipher context
+\&\fIctx\fR should use the initialisation vector \fIiv\fR. The cipher context can be
+set using EVP_EncryptInit_ex. The hmac context can be set using HMAC_Init_ex.
+.PP
+When the client presents a session ticket, the callback function with be called
+with \fIenc\fR set to 0 indicating that the \fIcb\fR function should retreive a set
+of parameters. In this case \fIname\fR and \fIiv\fR have already been parsed out of
+the session ticket. The OpenSSL library expects that the \fIname\fR will be used
+to retrieve a cryptographic parameters and that the cryptographic context
+\&\fIctx\fR will be set with the retreived parameters and the initialization vector
+\&\fIiv\fR. using a function like EVP_DecryptInit_ex. The \fIhctx\fR needs to be set
+using HMAC_Init_ex.
+.PP
+If the \fIname\fR is still valid but a renewal of the ticket is required the
+callback function should return 2. The library will call the callback again
+with an arguement of enc equal to 1 to set the new ticket.
+.PP
+The return value of the \fIcb\fR function is used by OpenSSL to determine what
+further processing will occur. The following return values have meaning:
+.IP "2" 4
+.IX Item "2"
+This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can
+continue on those parameters. Additionally it indicates that the session
+ticket is in a renewal period and should be replaced. The OpenSSL library will
+call \fIcb\fR again with an enc argument of 1 to set the new ticket (see \s-1RFC5077
+3.3\s0 paragraph 2).
+.IP "1" 4
+.IX Item "1"
+This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can
+continue on those parameters.
+.IP "0" 4
+This indicates that it was not possible to set/retrieve a session ticket and
+the \s-1SSL/TLS\s0 session will continue by by negiotationing a set of cryptographic
+parameters or using the alternate \s-1SSL/TLS\s0 resumption mechanism, session ids.
+.Sp
+If called with enc equal to 0 the library will call the \fIcb\fR again to get
+a new set of parameters.
+.IP "less than 0" 4
+.IX Item "less than 0"
+This indicates an error.
+.SH "NOTES"
+.IX Header "NOTES"
+Session resumption shortcuts the \s-1TLS\s0 so that the client certificate
+negiotation don't occur. It makes up for this by storing client certificate
+an all other negotiated state information encrypted within the ticket. In a
+resumed session the applications will have all this state information available
+exactly as if a full negiotation had occured.
+.PP
+If an attacker can obtain the key used to encrypt a session ticket, they can
+obtain the master secret for any ticket using that key and decrypt any traffic
+using that session: even if the ciphersuite supports forward secrecy. As
+a result applications may wish to use multiple keys and avoid using long term
+keys stored in files.
+.PP
+Applications can use longer keys to maintain a consistent level of security.
+For example if a ciphersuite uses 256 bit ciphers but only a 128 bit ticket key
+the overall security is only 128 bits because breaking the ticket key will
+enable an attacker to obtain the session keys.
+.SH "EXAMPLES"
+.IX Header "EXAMPLES"
+Reference Implemention:
+ SSL_CTX_set_tlsext_ticket_key_cb(\s-1SSL\s0,ssl_tlsext_ticket_key_cb);
+ ....
+.PP
+.Vb 6
+\& static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)
+\& {
+\& if (enc) { /* create new session */
+\& if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) ) {
+\& return \-1; /* insufficient random */
+\& }
+\&
+\& key = currentkey(); /* something that you need to implement */
+\& if ( !key ) {
+\& /* current key doesn\*(Aqt exist or isn\*(Aqt valid */
+\& key = createkey(); /* something that you need to implement.
+\& * createkey needs to initialise, a name,
+\& * an aes_key, a hmac_key and optionally
+\& * an expire time. */
+\& if ( !key ) { /* key couldn\*(Aqt be created */
+\& return 0;
+\& }
+\& }
+\& memcpy(key_name, key\->name, 16);
+\&
+\& EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv);
+\& HMAC_Init_ex(&hctx, key\->hmac_key, 16, EVP_sha256(), NULL);
+\&
+\& return 1;
+\&
+\& } else { /* retrieve session */
+\& key = findkey(name);
+\&
+\& if (!key || key\->expire < now() ) {
+\& return 0;
+\& }
+\&
+\& HMAC_Init_ex(&hctx, key\->hmac_key, 16, EVP_sha256(), NULL);
+\& EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv );
+\&
+\& if (key\->expire < ( now() \- RENEW_TIME ) ) {
+\& /* return 2 \- this session will get a new ticket even though the current is still valid */
+\& return 2;
+\& }
+\& return 1;
+\&
+\& }
+\& }
+.Ve
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+returns 0 to indicate the callback function was set.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIssl\fR\|(3), \fISSL_set_session\fR\|(3),
+\&\fISSL_session_reused\fR\|(3),
+\&\fISSL_CTX_add_session\fR\|(3),
+\&\fISSL_CTX_sess_number\fR\|(3),
+\&\fISSL_CTX_sess_set_get_cb\fR\|(3),
+\&\fISSL_CTX_set_session_id_context\fR\|(3),
+.SH "HISTORY"
+.IX Header "HISTORY"
+This function was introduced in OpenSSL 0.9.8h
Index: secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_tmp_dh_callback 3"
-.TH SSL_CTX_set_tmp_dh_callback 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_set_tmp_dh_callback 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -140,11 +149,9 @@ SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, S
\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
\& long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);
\&
-\& void SSL_set_tmp_dh_callback(SSL_CTX *ctx,
+\& void SSL_set_tmp_dh_callback(SSL *ctx,
\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
\& long SSL_set_tmp_dh(SSL *ssl, DH *dh)
-\&
-\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
@@ -208,7 +215,7 @@ instead (see \fIdhparam\fR\|(1)), but in this case
is mandatory.
.PP
Application authors may compile in \s-1DH\s0 parameters. Files dh512.pem,
-dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current
+dh1024.pem, dh2048.pem, and dh4096.pem in the 'apps' directory of current
version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters,
which use safe primes and were generated verifiably pseudo-randomly.
These files can be converted into C code using the \fB\-C\fR option of the
Index: secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_tmp_rsa_callback 3"
-.TH SSL_CTX_set_tmp_rsa_callback 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_set_tmp_rsa_callback 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -197,26 +206,19 @@ the \s-1TLS\s0 standard, when the \s-1RSA\s0 key c
for export ciphers. Using ephemeral \s-1RSA\s0 key exchange for other purposes
violates the standard and can break interoperability with clients.
It is therefore strongly recommended to not use ephemeral \s-1RSA\s0 key
-exchange and use \s-1EDH\s0 (Ephemeral Diffie-Hellman) key exchange instead
+exchange and use \s-1EDH \s0(Ephemeral Diffie-Hellman) key exchange instead
in order to achieve forward secrecy (see
\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3)).
.PP
-On OpenSSL servers ephemeral \s-1RSA\s0 key exchange is therefore disabled by default
-and must be explicitly enabled using the \s-1SSL_OP_EPHEMERAL_RSA\s0 option of
-\&\fISSL_CTX_set_options\fR\|(3), violating the \s-1TLS/SSL\s0
-standard. When ephemeral \s-1RSA\s0 key exchange is required for export ciphers,
-it will automatically be used without this option!
+An application may either directly specify the key or can supply the key via a
+callback function. The callback approach has the advantage, that the callback
+may generate the key only in case it is actually needed. As the generation of a
+\&\s-1RSA\s0 key is however costly, it will lead to a significant delay in the handshake
+procedure. Another advantage of the callback function is that it can supply
+keys of different size while the explicit setting of the key is only useful for
+key size of 512 bits to satisfy the export restricted ciphers and does give
+away key length if a longer key would be allowed.
.PP
-An application may either directly specify the key or can supply the key via
-a callback function. The callback approach has the advantage, that the
-callback may generate the key only in case it is actually needed. As the
-generation of a \s-1RSA\s0 key is however costly, it will lead to a significant
-delay in the handshake procedure. Another advantage of the callback function
-is that it can supply keys of different size (e.g. for \s-1SSL_OP_EPHEMERAL_RSA\s0
-usage) while the explicit setting of the key is only useful for key size of
-512 bits to satisfy the export restricted ciphers and does give away key length
-if a longer key would be allowed.
-.PP
The \fBtmp_rsa_callback\fR is called with the \fBkeylength\fR needed and
the \fBis_export\fR information. The \fBis_export\fR flag is set, when the
ephemeral \s-1RSA\s0 key exchange is performed with an export cipher.
Index: secure/lib/libssl/man/SSL_CTX_set_verify.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_set_verify.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_set_verify.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_verify 3"
-.TH SSL_CTX_set_verify 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_set_verify 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -197,7 +206,7 @@ anonymous cipher is used, \s-1SSL_VERIFY_PEER\s0 i
.IX Item "SSL_VERIFY_FAIL_IF_NO_PEER_CERT"
\&\fBServer mode:\fR if the client did not return a certificate, the \s-1TLS/SSL\s0
handshake is immediately terminated with a \*(L"handshake failure\*(R" alert.
-This flag must be used together with \s-1SSL_VERIFY_PEER\s0.
+This flag must be used together with \s-1SSL_VERIFY_PEER.\s0
.Sp
\&\fBClient mode:\fR ignored
.IP "\s-1SSL_VERIFY_CLIENT_ONCE\s0" 4
@@ -204,7 +213,7 @@ handshake is immediately terminated with a \*(L"ha
.IX Item "SSL_VERIFY_CLIENT_ONCE"
\&\fBServer mode:\fR only request a client certificate on the initial \s-1TLS/SSL\s0
handshake. Do not ask for a client certificate again in case of a
-renegotiation. This flag must be used together with \s-1SSL_VERIFY_PEER\s0.
+renegotiation. This flag must be used together with \s-1SSL_VERIFY_PEER.\s0
.Sp
\&\fBClient mode:\fR ignored
.PP
@@ -228,8 +237,8 @@ certificates would not be present, most likely a
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY will be issued.
The depth count is \*(L"level 0:peer certificate\*(R", \*(L"level 1: \s-1CA\s0 certificate\*(R",
\&\*(L"level 2: higher level \s-1CA\s0 certificate\*(R", and so on. Setting the maximum
-depth to 2 allows the levels 0, 1, and 2. The default depth limit is 9,
-allowing for the peer certificate and additional 9 \s-1CA\s0 certificates.
+depth to 2 allows the levels 0, 1, and 2. The default depth limit is 100,
+allowing for the peer certificate and additional 100 \s-1CA\s0 certificates.
.PP
The \fBverify_callback\fR function is used to control the behaviour when the
\&\s-1SSL_VERIFY_PEER\s0 flag is set. It must be supplied by the application and
Index: secure/lib/libssl/man/SSL_CTX_use_certificate.3
===================================================================
--- secure/lib/libssl/man/SSL_CTX_use_certificate.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_CTX_use_certificate.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_use_certificate 3"
-.TH SSL_CTX_use_certificate 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_CTX_use_certificate 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -189,7 +198,7 @@ the memory location \fBd\fR (with length \fBlen\fR
.PP
\&\fISSL_CTX_use_certificate_file()\fR loads the first certificate stored in \fBfile\fR
into \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified
-from the known types \s-1SSL_FILETYPE_PEM\s0, \s-1SSL_FILETYPE_ASN1\s0.
+from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0
\&\fISSL_use_certificate_file()\fR loads the certificate from \fBfile\fR into \fBssl\fR.
See the \s-1NOTES\s0 section on why \fISSL_CTX_use_certificate_chain_file()\fR
should be preferred.
@@ -198,7 +207,7 @@ should be preferred.
\&\fBfile\fR into \fBctx\fR. The certificates must be in \s-1PEM\s0 format and must
be sorted starting with the subject's certificate (actual client or server
certificate), followed by intermediate \s-1CA\s0 certificates if applicable, and
-ending at the highest level (root) \s-1CA\s0.
+ending at the highest level (root) \s-1CA.\s0
There is no corresponding function working on a single \s-1SSL\s0 object.
.PP
\&\fISSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR.
@@ -220,7 +229,7 @@ key to \fBssl\fR.
.PP
\&\fISSL_CTX_use_PrivateKey_file()\fR adds the first private key found in
\&\fBfile\fR to \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified
-from the known types \s-1SSL_FILETYPE_PEM\s0, \s-1SSL_FILETYPE_ASN1\s0.
+from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0
\&\fISSL_CTX_use_RSAPrivateKey_file()\fR adds the first private \s-1RSA\s0 key found in
\&\fBfile\fR to \fBctx\fR. \fISSL_use_PrivateKey_file()\fR adds the first private key found
in \fBfile\fR to \fBssl\fR; \fISSL_use_RSAPrivateKey_file()\fR adds the first private
@@ -237,11 +246,11 @@ this \fBssl\fR, the last item added into \fBctx\fR
.IX Header "NOTES"
The internal certificate store of OpenSSL can hold two private key/certificate
pairs at a time: one key/certificate of type \s-1RSA\s0 and one key/certificate
-of type \s-1DSA\s0. The certificate used depends on the cipher select, see
+of type \s-1DSA.\s0 The certificate used depends on the cipher select, see
also \fISSL_CTX_set_cipher_list\fR\|(3).
.PP
When reading certificates and private keys from file, files of type
-\&\s-1SSL_FILETYPE_ASN1\s0 (also known as \fB\s-1DER\s0\fR, binary encoding) can only contain
+\&\s-1SSL_FILETYPE_ASN1 \s0(also known as \fB\s-1DER\s0\fR, binary encoding) can only contain
one certificate or private key, consequently
\&\fISSL_CTX_use_certificate_chain_file()\fR is only applicable to \s-1PEM\s0 formatting.
Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item.
Index: secure/lib/libssl/man/SSL_SESSION_free.3
===================================================================
--- secure/lib/libssl/man/SSL_SESSION_free.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_SESSION_free.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_SESSION_free 3"
-.TH SSL_SESSION_free 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_SESSION_free 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
===================================================================
--- secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_SESSION_get_ex_new_index 3"
-.TH SSL_SESSION_get_ex_new_index 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_SESSION_get_ex_new_index 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_SESSION_get_time.3
===================================================================
--- secure/lib/libssl/man/SSL_SESSION_get_time.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_SESSION_get_time.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_SESSION_get_time 3"
-.TH SSL_SESSION_get_time 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_SESSION_get_time 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_accept.3
===================================================================
--- secure/lib/libssl/man/SSL_accept.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_accept.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_accept 3"
-.TH SSL_accept 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_accept 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -145,11 +154,11 @@ The communication channel must already have been s
\&\fBssl\fR by setting an underlying \fB\s-1BIO\s0\fR.
.SH "NOTES"
.IX Header "NOTES"
-The behaviour of \fISSL_accept()\fR depends on the underlying \s-1BIO\s0.
+The behaviour of \fISSL_accept()\fR depends on the underlying \s-1BIO. \s0
.PP
If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_accept()\fR will only return once the
-handshake has been finished or an error occurred, except for \s-1SGC\s0 (Server
-Gated Cryptography). For \s-1SGC\s0, \fISSL_accept()\fR may return with \-1, but
+handshake has been finished or an error occurred, except for \s-1SGC \s0(Server
+Gated Cryptography). For \s-1SGC,\s0 \fISSL_accept()\fR may return with \-1, but
\&\fISSL_get_error()\fR will yield \fB\s-1SSL_ERROR_WANT_READ/WRITE\s0\fR and \fISSL_accept()\fR
should be called again.
.PP
@@ -160,9 +169,9 @@ In this case a call to \fISSL_get_error()\fR with
return value of \fISSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after
taking appropriate action to satisfy the needs of \fISSL_accept()\fR.
-The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket,
+The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket,
nothing is to be done, but \fIselect()\fR can be used to check for the required
-condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written
+condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written
into or retrieved out of the \s-1BIO\s0 before being able to continue.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
Index: secure/lib/libssl/man/SSL_alert_type_string.3
===================================================================
--- secure/lib/libssl/man/SSL_alert_type_string.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_alert_type_string.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_alert_type_string 3"
-.TH SSL_alert_type_string 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_alert_type_string 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -171,7 +180,7 @@ receiving side may cancel the connection on recept
alert on it discretion.
.PP
Several alert messages must be sent as fatal alert messages as specified
-by the \s-1TLS\s0 \s-1RFC\s0. A fatal alert always leads to a connection abort.
+by the \s-1TLS RFC. A\s0 fatal alert always leads to a connection abort.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
The following strings can occur for \fISSL_alert_type_string()\fR or
@@ -192,131 +201,131 @@ Probably \fBvalue\fR does not contain a correct al
.PP
The following strings can occur for \fISSL_alert_desc_string()\fR or
\&\fISSL_alert_desc_string_long()\fR:
-.ie n .IP """\s-1CN\s0""/""close notify""" 4
-.el .IP "``\s-1CN\s0''/``close notify''" 4
+.ie n .IP """\s-1CN""/\s0""close notify""" 4
+.el .IP "``\s-1CN''/\s0``close notify''" 4
.IX Item "CN/close notify"
The connection shall be closed. This is a warning alert.
-.ie n .IP """\s-1UM\s0""/""unexpected message""" 4
-.el .IP "``\s-1UM\s0''/``unexpected message''" 4
+.ie n .IP """\s-1UM""/\s0""unexpected message""" 4
+.el .IP "``\s-1UM''/\s0``unexpected message''" 4
.IX Item "UM/unexpected message"
An inappropriate message was received. This alert is always fatal
and should never be observed in communication between proper
implementations.
-.ie n .IP """\s-1BM\s0""/""bad record mac""" 4
-.el .IP "``\s-1BM\s0''/``bad record mac''" 4
+.ie n .IP """\s-1BM""/\s0""bad record mac""" 4
+.el .IP "``\s-1BM''/\s0``bad record mac''" 4
.IX Item "BM/bad record mac"
This alert is returned if a record is received with an incorrect
-\&\s-1MAC\s0. This message is always fatal.
-.ie n .IP """\s-1DF\s0""/""decompression failure""" 4
-.el .IP "``\s-1DF\s0''/``decompression failure''" 4
+\&\s-1MAC.\s0 This message is always fatal.
+.ie n .IP """\s-1DF""/\s0""decompression failure""" 4
+.el .IP "``\s-1DF''/\s0``decompression failure''" 4
.IX Item "DF/decompression failure"
The decompression function received improper input (e.g. data
that would expand to excessive length). This message is always
fatal.
-.ie n .IP """\s-1HF\s0""/""handshake failure""" 4
-.el .IP "``\s-1HF\s0''/``handshake failure''" 4
+.ie n .IP """\s-1HF""/\s0""handshake failure""" 4
+.el .IP "``\s-1HF''/\s0``handshake failure''" 4
.IX Item "HF/handshake failure"
Reception of a handshake_failure alert message indicates that the
sender was unable to negotiate an acceptable set of security
parameters given the options available. This is a fatal error.
-.ie n .IP """\s-1NC\s0""/""no certificate""" 4
-.el .IP "``\s-1NC\s0''/``no certificate''" 4
+.ie n .IP """\s-1NC""/\s0""no certificate""" 4
+.el .IP "``\s-1NC''/\s0``no certificate''" 4
.IX Item "NC/no certificate"
A client, that was asked to send a certificate, does not send a certificate
(SSLv3 only).
-.ie n .IP """\s-1BC\s0""/""bad certificate""" 4
-.el .IP "``\s-1BC\s0''/``bad certificate''" 4
+.ie n .IP """\s-1BC""/\s0""bad certificate""" 4
+.el .IP "``\s-1BC''/\s0``bad certificate''" 4
.IX Item "BC/bad certificate"
A certificate was corrupt, contained signatures that did not
verify correctly, etc
-.ie n .IP """\s-1UC\s0""/""unsupported certificate""" 4
-.el .IP "``\s-1UC\s0''/``unsupported certificate''" 4
+.ie n .IP """\s-1UC""/\s0""unsupported certificate""" 4
+.el .IP "``\s-1UC''/\s0``unsupported certificate''" 4
.IX Item "UC/unsupported certificate"
A certificate was of an unsupported type.
-.ie n .IP """\s-1CR\s0""/""certificate revoked""" 4
-.el .IP "``\s-1CR\s0''/``certificate revoked''" 4
+.ie n .IP """\s-1CR""/\s0""certificate revoked""" 4
+.el .IP "``\s-1CR''/\s0``certificate revoked''" 4
.IX Item "CR/certificate revoked"
A certificate was revoked by its signer.
-.ie n .IP """\s-1CE\s0""/""certificate expired""" 4
-.el .IP "``\s-1CE\s0''/``certificate expired''" 4
+.ie n .IP """\s-1CE""/\s0""certificate expired""" 4
+.el .IP "``\s-1CE''/\s0``certificate expired''" 4
.IX Item "CE/certificate expired"
A certificate has expired or is not currently valid.
-.ie n .IP """\s-1CU\s0""/""certificate unknown""" 4
-.el .IP "``\s-1CU\s0''/``certificate unknown''" 4
+.ie n .IP """\s-1CU""/\s0""certificate unknown""" 4
+.el .IP "``\s-1CU''/\s0``certificate unknown''" 4
.IX Item "CU/certificate unknown"
Some other (unspecified) issue arose in processing the
certificate, rendering it unacceptable.
-.ie n .IP """\s-1IP\s0""/""illegal parameter""" 4
-.el .IP "``\s-1IP\s0''/``illegal parameter''" 4
+.ie n .IP """\s-1IP""/\s0""illegal parameter""" 4
+.el .IP "``\s-1IP''/\s0``illegal parameter''" 4
.IX Item "IP/illegal parameter"
A field in the handshake was out of range or inconsistent with
other fields. This is always fatal.
-.ie n .IP """\s-1DC\s0""/""decryption failed""" 4
-.el .IP "``\s-1DC\s0''/``decryption failed''" 4
+.ie n .IP """\s-1DC""/\s0""decryption failed""" 4
+.el .IP "``\s-1DC''/\s0``decryption failed''" 4
.IX Item "DC/decryption failed"
A TLSCiphertext decrypted in an invalid way: either it wasn't an
even multiple of the block length or its padding values, when
checked, weren't correct. This message is always fatal.
-.ie n .IP """\s-1RO\s0""/""record overflow""" 4
-.el .IP "``\s-1RO\s0''/``record overflow''" 4
+.ie n .IP """\s-1RO""/\s0""record overflow""" 4
+.el .IP "``\s-1RO''/\s0``record overflow''" 4
.IX Item "RO/record overflow"
A TLSCiphertext record was received which had a length more than
2^14+2048 bytes, or a record decrypted to a TLSCompressed record
with more than 2^14+1024 bytes. This message is always fatal.
-.ie n .IP """\s-1CA\s0""/""unknown \s-1CA\s0""" 4
-.el .IP "``\s-1CA\s0''/``unknown \s-1CA\s0''" 4
+.ie n .IP """\s-1CA""/\s0""unknown \s-1CA""\s0" 4
+.el .IP "``\s-1CA''/\s0``unknown \s-1CA''\s0" 4
.IX Item "CA/unknown CA"
A valid certificate chain or partial chain was received, but the
certificate was not accepted because the \s-1CA\s0 certificate could not
-be located or couldn't be matched with a known, trusted \s-1CA\s0. This
+be located or couldn't be matched with a known, trusted \s-1CA. \s0 This
message is always fatal.
-.ie n .IP """\s-1AD\s0""/""access denied""" 4
-.el .IP "``\s-1AD\s0''/``access denied''" 4
+.ie n .IP """\s-1AD""/\s0""access denied""" 4
+.el .IP "``\s-1AD''/\s0``access denied''" 4
.IX Item "AD/access denied"
A valid certificate was received, but when access control was
applied, the sender decided not to proceed with negotiation.
This message is always fatal.
-.ie n .IP """\s-1DE\s0""/""decode error""" 4
-.el .IP "``\s-1DE\s0''/``decode error''" 4
+.ie n .IP """\s-1DE""/\s0""decode error""" 4
+.el .IP "``\s-1DE''/\s0``decode error''" 4
.IX Item "DE/decode error"
A message could not be decoded because some field was out of the
specified range or the length of the message was incorrect. This
message is always fatal.
-.ie n .IP """\s-1CY\s0""/""decrypt error""" 4
-.el .IP "``\s-1CY\s0''/``decrypt error''" 4
+.ie n .IP """\s-1CY""/\s0""decrypt error""" 4
+.el .IP "``\s-1CY''/\s0``decrypt error''" 4
.IX Item "CY/decrypt error"
A handshake cryptographic operation failed, including being
unable to correctly verify a signature, decrypt a key exchange,
or validate a finished message.
-.ie n .IP """\s-1ER\s0""/""export restriction""" 4
-.el .IP "``\s-1ER\s0''/``export restriction''" 4
+.ie n .IP """\s-1ER""/\s0""export restriction""" 4
+.el .IP "``\s-1ER''/\s0``export restriction''" 4
.IX Item "ER/export restriction"
A negotiation not in compliance with export restrictions was
detected; for example, attempting to transfer a 1024 bit
ephemeral \s-1RSA\s0 key for the \s-1RSA_EXPORT\s0 handshake method. This
message is always fatal.
-.ie n .IP """\s-1PV\s0""/""protocol version""" 4
-.el .IP "``\s-1PV\s0''/``protocol version''" 4
+.ie n .IP """\s-1PV""/\s0""protocol version""" 4
+.el .IP "``\s-1PV''/\s0``protocol version''" 4
.IX Item "PV/protocol version"
The protocol version the client has attempted to negotiate is
recognized, but not supported. (For example, old protocol
versions might be avoided for security reasons). This message is
always fatal.
-.ie n .IP """\s-1IS\s0""/""insufficient security""" 4
-.el .IP "``\s-1IS\s0''/``insufficient security''" 4
+.ie n .IP """\s-1IS""/\s0""insufficient security""" 4
+.el .IP "``\s-1IS''/\s0``insufficient security''" 4
.IX Item "IS/insufficient security"
Returned instead of handshake_failure when a negotiation has
failed specifically because the server requires ciphers more
secure than those supported by the client. This message is always
fatal.
-.ie n .IP """\s-1IE\s0""/""internal error""" 4
-.el .IP "``\s-1IE\s0''/``internal error''" 4
+.ie n .IP """\s-1IE""/\s0""internal error""" 4
+.el .IP "``\s-1IE''/\s0``internal error''" 4
.IX Item "IE/internal error"
An internal error unrelated to the peer or the correctness of the
protocol makes it impossible to continue (such as a memory
allocation failure). This message is always fatal.
-.ie n .IP """\s-1US\s0""/""user canceled""" 4
-.el .IP "``\s-1US\s0''/``user canceled''" 4
+.ie n .IP """\s-1US""/\s0""user canceled""" 4
+.el .IP "``\s-1US''/\s0``user canceled''" 4
.IX Item "US/user canceled"
This handshake is being canceled for some reason unrelated to a
protocol failure. If the user cancels an operation after the
@@ -323,8 +332,8 @@ protocol failure. If the user cancels an operation
handshake is complete, just closing the connection by sending a
close_notify is more appropriate. This alert should be followed
by a close_notify. This message is generally a warning.
-.ie n .IP """\s-1NR\s0""/""no renegotiation""" 4
-.el .IP "``\s-1NR\s0''/``no renegotiation''" 4
+.ie n .IP """\s-1NR""/\s0""no renegotiation""" 4
+.el .IP "``\s-1NR''/\s0``no renegotiation''" 4
.IX Item "NR/no renegotiation"
Sent by the client in response to a hello request or by the
server in response to a client hello after initial handshaking.
@@ -337,8 +346,8 @@ satisfy a request; the process might receive secur
(key length, authentication, etc.) at startup and it might be
difficult to communicate changes to these parameters after that
point. This message is always a warning.
-.ie n .IP """\s-1UK\s0""/""unknown""" 4
-.el .IP "``\s-1UK\s0''/``unknown''" 4
+.ie n .IP """\s-1UK""/\s0""unknown""" 4
+.el .IP "``\s-1UK''/\s0``unknown''" 4
.IX Item "UK/unknown"
This indicates that no description is available for this alert type.
Probably \fBvalue\fR does not contain a correct alert message.
Index: secure/lib/libssl/man/SSL_clear.3
===================================================================
--- secure/lib/libssl/man/SSL_clear.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_clear.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_clear 3"
-.TH SSL_clear 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_clear 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +156,7 @@ BIOs) are kept.
SSL_clear is used to prepare an \s-1SSL\s0 object for a new connection. While all
settings are kept, a side effect is the handling of the current \s-1SSL\s0 session.
If a session is still \fBopen\fR, it is considered bad and will be removed
-from the session cache, as required by \s-1RFC2246\s0. A session is considered open,
+from the session cache, as required by \s-1RFC2246. A\s0 session is considered open,
if \fISSL_shutdown\fR\|(3) was not called for the connection
or at least \fISSL_set_shutdown\fR\|(3) was used to
set the \s-1SSL_SENT_SHUTDOWN\s0 state.
Index: secure/lib/libssl/man/SSL_connect.3
===================================================================
--- secure/lib/libssl/man/SSL_connect.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_connect.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_connect 3"
-.TH SSL_connect 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_connect 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -145,7 +154,7 @@ channel must already have been set and assigned to
underlying \fB\s-1BIO\s0\fR.
.SH "NOTES"
.IX Header "NOTES"
-The behaviour of \fISSL_connect()\fR depends on the underlying \s-1BIO\s0.
+The behaviour of \fISSL_connect()\fR depends on the underlying \s-1BIO. \s0
.PP
If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_connect()\fR will only return once the
handshake has been finished or an error occurred.
@@ -157,9 +166,9 @@ In this case a call to \fISSL_get_error()\fR with
return value of \fISSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after
taking appropriate action to satisfy the needs of \fISSL_connect()\fR.
-The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket,
+The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket,
nothing is to be done, but \fIselect()\fR can be used to check for the required
-condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written
+condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written
into or retrieved out of the \s-1BIO\s0 before being able to continue.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
Index: secure/lib/libssl/man/SSL_do_handshake.3
===================================================================
--- secure/lib/libssl/man/SSL_do_handshake.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_do_handshake.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_do_handshake 3"
-.TH SSL_do_handshake 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_do_handshake 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,11 +156,11 @@ routines may have to be explicitly set in advance
\&\fISSL_set_accept_state\fR\|(3).
.SH "NOTES"
.IX Header "NOTES"
-The behaviour of \fISSL_do_handshake()\fR depends on the underlying \s-1BIO\s0.
+The behaviour of \fISSL_do_handshake()\fR depends on the underlying \s-1BIO.\s0
.PP
If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_do_handshake()\fR will only return
-once the handshake has been finished or an error occurred, except for \s-1SGC\s0
-(Server Gated Cryptography). For \s-1SGC\s0, \fISSL_do_handshake()\fR may return with \-1,
+once the handshake has been finished or an error occurred, except for \s-1SGC
+\&\s0(Server Gated Cryptography). For \s-1SGC,\s0 \fISSL_do_handshake()\fR may return with \-1,
but \fISSL_get_error()\fR will yield \fB\s-1SSL_ERROR_WANT_READ/WRITE\s0\fR and
\&\fISSL_do_handshake()\fR should be called again.
.PP
@@ -161,9 +170,9 @@ to continue the handshake. In this case a call to
return value of \fISSL_do_handshake()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after
taking appropriate action to satisfy the needs of \fISSL_do_handshake()\fR.
-The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket,
+The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket,
nothing is to be done, but \fIselect()\fR can be used to check for the required
-condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written
+condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written
into or retrieved out of the \s-1BIO\s0 before being able to continue.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
Index: secure/lib/libssl/man/SSL_free.3
===================================================================
--- secure/lib/libssl/man/SSL_free.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_free.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_free 3"
-.TH SSL_free 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_free 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -146,7 +155,7 @@ reference count has reached 0.
.SH "NOTES"
.IX Header "NOTES"
\&\fISSL_free()\fR also calls the \fIfree()\fRing procedures for indirectly affected items, if
-applicable: the buffering \s-1BIO\s0, the read and write BIOs,
+applicable: the buffering \s-1BIO,\s0 the read and write BIOs,
cipher lists specially created for this \fBssl\fR, the \fB\s-1SSL_SESSION\s0\fR.
Do not explicitly free these indirectly freed up items before or after
calling \fISSL_free()\fR, as trying to free things twice may lead to program
@@ -158,7 +167,7 @@ session cache. If the session is considered bad, b
\&\fISSL_shutdown\fR\|(3) was not called for the connection
and \fISSL_set_shutdown\fR\|(3) was not used to set the
\&\s-1SSL_SENT_SHUTDOWN\s0 state, the session will also be removed
-from the session cache as required by \s-1RFC2246\s0.
+from the session cache as required by \s-1RFC2246.\s0
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fISSL_free()\fR does not provide diagnostic information.
Index: secure/lib/libssl/man/SSL_get_SSL_CTX.3
===================================================================
--- secure/lib/libssl/man/SSL_get_SSL_CTX.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_get_SSL_CTX.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_SSL_CTX 3"
-.TH SSL_get_SSL_CTX 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_get_SSL_CTX 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_get_ciphers.3
===================================================================
--- secure/lib/libssl/man/SSL_get_ciphers.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_get_ciphers.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_ciphers 3"
-.TH SSL_get_ciphers 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_get_ciphers 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -146,7 +155,7 @@ sorted by preference. If \fBssl\fR is \s-1NULL\s0
is returned.
.PP
\&\fISSL_get_cipher_list()\fR returns a pointer to the name of the \s-1SSL_CIPHER\s0
-listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL\s0, no ciphers are
+listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL,\s0 no ciphers are
available, or there are less ciphers than \fBpriority\fR available, \s-1NULL\s0
is returned.
.SH "NOTES"
Index: secure/lib/libssl/man/SSL_get_client_CA_list.3
===================================================================
--- secure/lib/libssl/man/SSL_get_client_CA_list.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_get_client_CA_list.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_client_CA_list 3"
-.TH SSL_get_client_CA_list 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_get_client_CA_list 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_get_current_cipher.3
===================================================================
--- secure/lib/libssl/man/SSL_get_current_cipher.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_get_current_cipher.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_current_cipher 3"
-.TH SSL_get_current_cipher 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_get_current_cipher 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -160,7 +169,7 @@ macro to obtain the number of secret/algorithm bit
See \fISSL_CIPHER_get_name\fR\|(3) for more details.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fISSL_get_current_cipher()\fR returns the cipher actually used or \s-1NULL\s0, when
+\&\fISSL_get_current_cipher()\fR returns the cipher actually used or \s-1NULL,\s0 when
no session has been established.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
Index: secure/lib/libssl/man/SSL_get_default_timeout.3
===================================================================
--- secure/lib/libssl/man/SSL_get_default_timeout.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_get_default_timeout.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_default_timeout 3"
-.TH SSL_get_default_timeout 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_get_default_timeout 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_get_error.3
===================================================================
--- secure/lib/libssl/man/SSL_get_error.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_get_error.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_error 3"
-.TH SSL_get_error 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_get_error 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -143,14 +152,14 @@ SSL_get_error \- obtain result code for TLS/SSL I/
\&\fISSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R"
statement) for a preceding call to \fISSL_connect()\fR, \fISSL_accept()\fR, \fISSL_do_handshake()\fR,
\&\fISSL_read()\fR, \fISSL_peek()\fR, or \fISSL_write()\fR on \fBssl\fR. The value returned by
-that \s-1TLS/SSL\s0 I/O function must be passed to \fISSL_get_error()\fR in parameter
+that \s-1TLS/SSL I/O\s0 function must be passed to \fISSL_get_error()\fR in parameter
\&\fBret\fR.
.PP
In addition to \fBssl\fR and \fBret\fR, \fISSL_get_error()\fR inspects the
current thread's OpenSSL error queue. Thus, \fISSL_get_error()\fR must be
-used in the same thread that performed the \s-1TLS/SSL\s0 I/O operation, and no
+used in the same thread that performed the \s-1TLS/SSL I/O\s0 operation, and no
other OpenSSL function calls should appear in between. The current
-thread's error queue must be empty before the \s-1TLS/SSL\s0 I/O operation is
+thread's error queue must be empty before the \s-1TLS/SSL I/O\s0 operation is
attempted, or \fISSL_get_error()\fR will not work reliably.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
@@ -157,19 +166,19 @@ attempted, or \fISSL_get_error()\fR will not work
The following return values can currently occur:
.IP "\s-1SSL_ERROR_NONE\s0" 4
.IX Item "SSL_ERROR_NONE"
-The \s-1TLS/SSL\s0 I/O operation completed. This result code is returned
+The \s-1TLS/SSL I/O\s0 operation completed. This result code is returned
if and only if \fBret > 0\fR.
.IP "\s-1SSL_ERROR_ZERO_RETURN\s0" 4
.IX Item "SSL_ERROR_ZERO_RETURN"
-The \s-1TLS/SSL\s0 connection has been closed. If the protocol version is \s-1SSL\s0 3.0
-or \s-1TLS\s0 1.0, this result code is returned only if a closure
+The \s-1TLS/SSL\s0 connection has been closed. If the protocol version is \s-1SSL 3.0\s0
+or \s-1TLS 1.0,\s0 this result code is returned only if a closure
alert has occurred in the protocol, i.e. if the connection has been
closed cleanly. Note that in this case \fB\s-1SSL_ERROR_ZERO_RETURN\s0\fR
does not necessarily indicate that the underlying transport
has been closed.
-.IP "\s-1SSL_ERROR_WANT_READ\s0, \s-1SSL_ERROR_WANT_WRITE\s0" 4
+.IP "\s-1SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE\s0" 4
.IX Item "SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE"
-The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be
+The operation did not complete; the same \s-1TLS/SSL I/O\s0 function should be
called again later. If, by then, the underlying \fB\s-1BIO\s0\fR has data
available for reading (if the result code is \fB\s-1SSL_ERROR_WANT_READ\s0\fR)
or allows writing data (\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR), then some \s-1TLS/SSL\s0
@@ -182,21 +191,21 @@ protocol level.
.Sp
For socket \fB\s-1BIO\s0\fRs (e.g. when \fISSL_set_fd()\fR was used), \fIselect()\fR or
\&\fIpoll()\fR on the underlying socket can be used to find out when the
-\&\s-1TLS/SSL\s0 I/O function should be retried.
+\&\s-1TLS/SSL I/O\s0 function should be retried.
.Sp
-Caveat: Any \s-1TLS/SSL\s0 I/O function can lead to either of
+Caveat: Any \s-1TLS/SSL I/O\s0 function can lead to either of
\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR and \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. In particular,
\&\fISSL_read()\fR or \fISSL_peek()\fR may want to write data and \fISSL_write()\fR may want
to read data. This is mainly because \s-1TLS/SSL\s0 handshakes may occur at any
time during the protocol (initiated by either the client or the server);
\&\fISSL_read()\fR, \fISSL_peek()\fR, and \fISSL_write()\fR will handle any pending handshakes.
-.IP "\s-1SSL_ERROR_WANT_CONNECT\s0, \s-1SSL_ERROR_WANT_ACCEPT\s0" 4
+.IP "\s-1SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT\s0" 4
.IX Item "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT"
-The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be
+The operation did not complete; the same \s-1TLS/SSL I/O\s0 function should be
called again later. The underlying \s-1BIO\s0 was not connected yet to the peer
and the call would block in \fIconnect()\fR/\fIaccept()\fR. The \s-1SSL\s0 function should be
called again when the connection is established. These messages can only
-appear with a \fIBIO_s_connect()\fR or \fIBIO_s_accept()\fR \s-1BIO\s0, respectively.
+appear with a \fIBIO_s_connect()\fR or \fIBIO_s_accept()\fR \s-1BIO,\s0 respectively.
In order to find out, when the connection has been successfully established,
on many platforms \fIselect()\fR or \fIpoll()\fR for writing on the socket file descriptor
can be used.
@@ -204,7 +213,7 @@ can be used.
.IX Item "SSL_ERROR_WANT_X509_LOOKUP"
The operation did not complete because an application callback set by
\&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again.
-The \s-1TLS/SSL\s0 I/O function should be called again later.
+The \s-1TLS/SSL I/O\s0 function should be called again later.
Details depend on the application.
.IP "\s-1SSL_ERROR_SYSCALL\s0" 4
.IX Item "SSL_ERROR_SYSCALL"
Index: secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
===================================================================
--- secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3"
-.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_get_ex_new_index.3
===================================================================
--- secure/lib/libssl/man/SSL_get_ex_new_index.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_get_ex_new_index.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_ex_new_index 3"
-.TH SSL_get_ex_new_index 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_get_ex_new_index 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_get_fd.3
===================================================================
--- secure/lib/libssl/man/SSL_get_fd.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_get_fd.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_fd 3"
-.TH SSL_get_fd 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_get_fd 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_get_peer_cert_chain.3
===================================================================
--- secure/lib/libssl/man/SSL_get_peer_cert_chain.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_get_peer_cert_chain.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_peer_cert_chain 3"
-.TH SSL_get_peer_cert_chain 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_get_peer_cert_chain 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_get_peer_certificate.3
===================================================================
--- secure/lib/libssl/man/SSL_get_peer_certificate.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_get_peer_certificate.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_peer_certificate 3"
-.TH SSL_get_peer_certificate 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_get_peer_certificate 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_get_rbio.3
===================================================================
--- secure/lib/libssl/man/SSL_get_rbio.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_get_rbio.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_rbio 3"
-.TH SSL_get_rbio 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_get_rbio 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_get_session.3
===================================================================
--- secure/lib/libssl/man/SSL_get_session.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_get_session.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_session 3"
-.TH SSL_get_session 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_get_session 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_get_verify_result.3
===================================================================
--- secure/lib/libssl/man/SSL_get_verify_result.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_get_verify_result.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_verify_result 3"
-.TH SSL_get_verify_result 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_get_verify_result 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_get_version.3
===================================================================
--- secure/lib/libssl/man/SSL_get_version.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_get_version.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_version 3"
-.TH SSL_get_version 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_get_version 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -140,11 +149,11 @@ SSL_get_version \- get the protocol version of a c
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fISSL_get_cipher_version()\fR returns the name of the protocol used for the
+\&\fISSL_get_version()\fR returns the name of the protocol used for the
connection \fBssl\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-The following strings can occur:
+The following strings can be returned:
.IP "SSLv2" 4
.IX Item "SSLv2"
The connection uses the SSLv2 protocol.
@@ -153,7 +162,13 @@ The connection uses the SSLv2 protocol.
The connection uses the SSLv3 protocol.
.IP "TLSv1" 4
.IX Item "TLSv1"
-The connection uses the TLSv1 protocol.
+The connection uses the TLSv1.0 protocol.
+.IP "TLSv1.1" 4
+.IX Item "TLSv1.1"
+The connection uses the TLSv1.1 protocol.
+.IP "TLSv1.2" 4
+.IX Item "TLSv1.2"
+The connection uses the TLSv1.2 protocol.
.IP "unknown" 4
.IX Item "unknown"
This indicates that no version has been set (no connection established).
Index: secure/lib/libssl/man/SSL_library_init.3
===================================================================
--- secure/lib/libssl/man/SSL_library_init.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_library_init.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_library_init 3"
-.TH SSL_library_init 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_library_init 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -153,7 +162,7 @@ for \fISSL_library_init()\fR.
.SH "WARNING"
.IX Header "WARNING"
\&\fISSL_library_init()\fR adds ciphers and digests used directly and indirectly by
-\&\s-1SSL/TLS\s0.
+\&\s-1SSL/TLS.\s0
.SH "EXAMPLES"
.IX Header "EXAMPLES"
A typical \s-1TLS/SSL\s0 application will start with the library initialization,
Index: secure/lib/libssl/man/SSL_load_client_CA_file.3
===================================================================
--- secure/lib/libssl/man/SSL_load_client_CA_file.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_load_client_CA_file.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_load_client_CA_file 3"
-.TH SSL_load_client_CA_file 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_load_client_CA_file 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_new.3
===================================================================
--- secure/lib/libssl/man/SSL_new.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_new.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_new 3"
-.TH SSL_new 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_new 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_pending.3
===================================================================
--- secure/lib/libssl/man/SSL_pending.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_pending.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_pending 3"
-.TH SSL_pending 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_pending 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_read.3
===================================================================
--- secure/lib/libssl/man/SSL_read.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_read.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_read 3"
-.TH SSL_read 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_read 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -149,7 +158,7 @@ not already explicitly performed by \fISSL_connect
\&\fISSL_accept\fR\|(3). If the
peer requests a re-negotiation, it will be performed transparently during
the \fISSL_read()\fR operation. The behaviour of \fISSL_read()\fR depends on the
-underlying \s-1BIO\s0.
+underlying \s-1BIO. \s0
.PP
For the transparent negotiation to succeed, the \fBssl\fR must have been
initialized to client or server mode. This is being done by calling
@@ -186,9 +195,9 @@ return value of \fISSL_read()\fR will yield \fB\s-
\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a
call to \fISSL_read()\fR can also cause write operations! The calling process
then must repeat the call after taking appropriate action to satisfy the
-needs of \fISSL_read()\fR. The action depends on the underlying \s-1BIO\s0. When using a
+needs of \fISSL_read()\fR. The action depends on the underlying \s-1BIO.\s0 When using a
non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check
-for the required condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data
+for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data
must be written into or retrieved out of the \s-1BIO\s0 before being able to continue.
.PP
\&\fISSL_pending\fR\|(3) can be used to find out whether there
Index: secure/lib/libssl/man/SSL_rstate_string.3
===================================================================
--- secure/lib/libssl/man/SSL_rstate_string.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_rstate_string.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_rstate_string 3"
-.TH SSL_rstate_string 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_rstate_string 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,7 +159,7 @@ the \s-1SSL\s0 object \fBssl\fR.
.IX Header "NOTES"
When performing a read operation, the \s-1SSL/TLS\s0 engine must parse the record,
consisting of header and body. When working in a blocking environment,
-SSL_rstate_string[_long]() should always return \*(L"\s-1RD\s0\*(R"/\*(L"read done\*(R".
+SSL_rstate_string[_long]() should always return \*(L"\s-1RD\*(R"/\s0\*(L"read done\*(R".
.PP
This function should only seldom be needed in applications.
.SH "RETURN VALUES"
@@ -157,16 +166,16 @@ This function should only seldom be needed in appl
.IX Header "RETURN VALUES"
\&\fISSL_rstate_string()\fR and \fISSL_rstate_string_long()\fR can return the following
values:
-.ie n .IP """\s-1RH\s0""/""read header""" 4
-.el .IP "``\s-1RH\s0''/``read header''" 4
+.ie n .IP """\s-1RH""/\s0""read header""" 4
+.el .IP "``\s-1RH''/\s0``read header''" 4
.IX Item "RH/read header"
The header of the record is being evaluated.
-.ie n .IP """\s-1RB\s0""/""read body""" 4
-.el .IP "``\s-1RB\s0''/``read body''" 4
+.ie n .IP """\s-1RB""/\s0""read body""" 4
+.el .IP "``\s-1RB''/\s0``read body''" 4
.IX Item "RB/read body"
The body of the record is being evaluated.
-.ie n .IP """\s-1RD\s0""/""read done""" 4
-.el .IP "``\s-1RD\s0''/``read done''" 4
+.ie n .IP """\s-1RD""/\s0""read done""" 4
+.el .IP "``\s-1RD''/\s0``read done''" 4
.IX Item "RD/read done"
The record has been completely processed.
.ie n .IP """unknown""/""unknown""" 4
Index: secure/lib/libssl/man/SSL_session_reused.3
===================================================================
--- secure/lib/libssl/man/SSL_session_reused.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_session_reused.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_session_reused 3"
-.TH SSL_session_reused 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_session_reused 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_set_bio.3
===================================================================
--- secure/lib/libssl/man/SSL_set_bio.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_set_bio.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_bio 3"
-.TH SSL_set_bio 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_set_bio 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -141,7 +150,7 @@ SSL_set_bio \- connect the SSL object with a BIO
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fISSL_set_bio()\fR connects the BIOs \fBrbio\fR and \fBwbio\fR for the read and write
-operations of the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR.
+operations of the \s-1TLS/SSL \s0(encrypted) side of \fBssl\fR.
.PP
The \s-1SSL\s0 engine inherits the behaviour of \fBrbio\fR and \fBwbio\fR, respectively.
If a \s-1BIO\s0 is non-blocking, the \fBssl\fR will also have non-blocking behaviour.
Index: secure/lib/libssl/man/SSL_set_connect_state.3
===================================================================
--- secure/lib/libssl/man/SSL_set_connect_state.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_set_connect_state.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_connect_state 3"
-.TH SSL_set_connect_state 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_set_connect_state 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_set_fd.3
===================================================================
--- secure/lib/libssl/man/SSL_set_fd.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_set_fd.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_fd 3"
-.TH SSL_set_fd 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_set_fd 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -143,7 +152,7 @@ SSL_set_fd \- connect the SSL object with a file d
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fISSL_set_fd()\fR sets the file descriptor \fBfd\fR as the input/output facility
-for the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. \fBfd\fR will typically be the
+for the \s-1TLS/SSL \s0(encrypted) side of \fBssl\fR. \fBfd\fR will typically be the
socket file descriptor of a network connection.
.PP
When performing the operation, a \fBsocket \s-1BIO\s0\fR is automatically created to
Index: secure/lib/libssl/man/SSL_set_session.3
===================================================================
--- secure/lib/libssl/man/SSL_set_session.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_set_session.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_session 3"
-.TH SSL_set_session 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_set_session 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_set_shutdown.3
===================================================================
--- secure/lib/libssl/man/SSL_set_shutdown.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_set_shutdown.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_shutdown 3"
-.TH SSL_set_shutdown 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_set_shutdown 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -164,9 +173,9 @@ or a fatal error.
The shutdown state of the connection is used to determine the state of
the ssl session. If the session is still open, when
\&\fISSL_clear\fR\|(3) or \fISSL_free\fR\|(3) is called,
-it is considered bad and removed according to \s-1RFC2246\s0.
-The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN\s0
-(according to the \s-1TLS\s0 \s-1RFC\s0, it is acceptable to only send the \*(L"close notify\*(R"
+it is considered bad and removed according to \s-1RFC2246.\s0
+The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN
+\&\s0(according to the \s-1TLS RFC,\s0 it is acceptable to only send the \*(L"close notify\*(R"
alert but to not wait for the peer's answer, when the underlying connection
is closed).
\&\fISSL_set_shutdown()\fR can be used to set this state without sending a
Index: secure/lib/libssl/man/SSL_set_verify_result.3
===================================================================
--- secure/lib/libssl/man/SSL_set_verify_result.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_set_verify_result.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_verify_result 3"
-.TH SSL_set_verify_result 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_set_verify_result 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_shutdown.3
===================================================================
--- secure/lib/libssl/man/SSL_shutdown.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_shutdown.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_shutdown 3"
-.TH SSL_shutdown 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_shutdown 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -176,7 +185,7 @@ complete (return value of the first call is 0). As
specially handled in the SSLv2 protocol, \fISSL_shutdown()\fR will succeed on
the first call.
.PP
-The behaviour of \fISSL_shutdown()\fR additionally depends on the underlying \s-1BIO\s0.
+The behaviour of \fISSL_shutdown()\fR additionally depends on the underlying \s-1BIO. \s0
.PP
If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_shutdown()\fR will only return once the
handshake step has been finished or an error occurred.
@@ -187,9 +196,9 @@ to continue the handshake. In this case a call to
return value of \fISSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after
taking appropriate action to satisfy the needs of \fISSL_shutdown()\fR.
-The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket,
+The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket,
nothing is to be done, but \fIselect()\fR can be used to check for the required
-condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written
+condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written
into or retrieved out of the \s-1BIO\s0 before being able to continue.
.PP
\&\fISSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R"
Index: secure/lib/libssl/man/SSL_state_string.3
===================================================================
--- secure/lib/libssl/man/SSL_state_string.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_state_string.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_state_string 3"
-.TH SSL_state_string 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_state_string 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/lib/libssl/man/SSL_want.3
===================================================================
--- secure/lib/libssl/man/SSL_want.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_want.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_want 3"
-.TH SSL_want 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_want 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -171,19 +180,19 @@ There is no data to be written or to be read.
There are data in the \s-1SSL\s0 buffer that must be written to the underlying
\&\fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation.
A call to \fISSL_get_error\fR\|(3) should return
-\&\s-1SSL_ERROR_WANT_WRITE\s0.
+\&\s-1SSL_ERROR_WANT_WRITE.\s0
.IP "\s-1SSL_READING\s0" 4
.IX Item "SSL_READING"
More data must be read from the underlying \fB\s-1BIO\s0\fR layer in order to
complete the actual SSL_*() operation.
A call to \fISSL_get_error\fR\|(3) should return
-\&\s-1SSL_ERROR_WANT_READ\s0.
+\&\s-1SSL_ERROR_WANT_READ.\s0
.IP "\s-1SSL_X509_LOOKUP\s0" 4
.IX Item "SSL_X509_LOOKUP"
The operation did not complete because an application callback set by
\&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again.
A call to \fISSL_get_error\fR\|(3) should return
-\&\s-1SSL_ERROR_WANT_X509_LOOKUP\s0.
+\&\s-1SSL_ERROR_WANT_X509_LOOKUP.\s0
.PP
\&\fISSL_want_nothing()\fR, \fISSL_want_read()\fR, \fISSL_want_write()\fR, \fISSL_want_x509_lookup()\fR
return 1, when the corresponding condition is true or 0 otherwise.
Index: secure/lib/libssl/man/SSL_write.3
===================================================================
--- secure/lib/libssl/man/SSL_write.3 (revision 279126)
+++ secure/lib/libssl/man/SSL_write.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_write 3"
-.TH SSL_write 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SSL_write 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -149,7 +158,7 @@ not already explicitly performed by \fISSL_connect
\&\fISSL_accept\fR\|(3). If the
peer requests a re-negotiation, it will be performed transparently during
the \fISSL_write()\fR operation. The behaviour of \fISSL_write()\fR depends on the
-underlying \s-1BIO\s0.
+underlying \s-1BIO. \s0
.PP
For the transparent negotiation to succeed, the \fBssl\fR must have been
initialized to client or server mode. This is being done by calling
@@ -170,9 +179,9 @@ return value of \fISSL_write()\fR will yield \fB\s
\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a
call to \fISSL_write()\fR can also cause read operations! The calling process
then must repeat the call after taking appropriate action to satisfy the
-needs of \fISSL_write()\fR. The action depends on the underlying \s-1BIO\s0. When using a
+needs of \fISSL_write()\fR. The action depends on the underlying \s-1BIO.\s0 When using a
non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check
-for the required condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data
+for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data
must be written into or retrieved out of the \s-1BIO\s0 before being able to continue.
.PP
\&\fISSL_write()\fR will only return with success, when the complete contents
Index: secure/lib/libssl/man/d2i_SSL_SESSION.3
===================================================================
--- secure/lib/libssl/man/d2i_SSL_SESSION.3 (revision 279126)
+++ secure/lib/libssl/man/d2i_SSL_SESSION.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_SSL_SESSION 3"
-.TH d2i_SSL_SESSION 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH d2i_SSL_SESSION 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -175,6 +184,16 @@ known limit on the size of the created \s-1ASN1\s0
amount of space should be obtained by first calling \fIi2d_SSL_SESSION()\fR with
\&\fBpp=NULL\fR, and obtain the size needed, then allocate the memory and
call \fIi2d_SSL_SESSION()\fR again.
+Note that this will advance the value contained in \fB*pp\fR so it is necessary
+to save a copy of the original allocation.
+For example:
+ int i,j;
+ char *p, *temp;
+ i = i2d_SSL_SESSION(sess, \s-1NULL\s0);
+ p = temp = malloc(i);
+ j = i2d_SSL_SESSION(sess, &temp);
+ assert(i == j);
+ assert(p+i == temp);
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fId2i_SSL_SESSION()\fR returns a pointer to the newly allocated \s-1SSL_SESSION\s0
Index: secure/lib/libssl/man/ssl.3
===================================================================
--- secure/lib/libssl/man/ssl.3 (revision 279126)
+++ secure/lib/libssl/man/ssl.3 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ssl 3"
-.TH ssl 3 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ssl 3 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -187,7 +196,7 @@ connection: \fB\s-1SSL_CIPHER\s0\fRs, client and s
.IP "\fB\s-1SSL\s0\fR (\s-1SSL\s0 Connection)" 4
.IX Item "SSL (SSL Connection)"
That's the main \s-1SSL/TLS\s0 structure which is created by a server or client per
-established connection. This actually is the core structure in the \s-1SSL\s0 \s-1API\s0.
+established connection. This actually is the core structure in the \s-1SSL API.\s0
Under run-time the application usually deals with this structure which has
links to mostly all other structures.
.SH "HEADER FILES"
@@ -196,10 +205,10 @@ Currently the OpenSSL \fBssl\fR library provides t
containing the prototypes for the data structures and and functions:
.IP "\fBssl.h\fR" 4
.IX Item "ssl.h"
-That's the common header file for the \s-1SSL/TLS\s0 \s-1API\s0. Include it into your
+That's the common header file for the \s-1SSL/TLS API. \s0 Include it into your
program to make the \s-1API\s0 of the \fBssl\fR library available. It internally
includes both more private \s-1SSL\s0 headers and headers from the \fBcrypto\fR library.
-Whenever you need hard-core details on the internals of the \s-1SSL\s0 \s-1API\s0, look
+Whenever you need hard-core details on the internals of the \s-1SSL API,\s0 look
inside this header file.
.IP "\fBssl2.h\fR" 4
.IX Item "ssl2.h"
@@ -226,7 +235,7 @@ it's already included by ssl.h\fR.
.IX Header "API FUNCTIONS"
Currently the OpenSSL \fBssl\fR library exports 214 \s-1API\s0 functions.
They are documented in the following:
-.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1PROTOCOL\s0 \s-1METHODS\s0"
+.SS "\s-1DEALING WITH PROTOCOL METHODS\s0"
.IX Subsection "DEALING WITH PROTOCOL METHODS"
Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0
protocol methods defined in \fB\s-1SSL_METHOD\s0\fR structures.
@@ -257,7 +266,7 @@ Constructor for the TLSv1 \s-1SSL_METHOD\s0 struct
.IP "\s-1SSL_METHOD\s0 *\fBTLSv1_method\fR(void);" 4
.IX Item "SSL_METHOD *TLSv1_method(void);"
Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for combined client and server.
-.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1CIPHERS\s0"
+.SS "\s-1DEALING WITH CIPHERS\s0"
.IX Subsection "DEALING WITH CIPHERS"
Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0
ciphers defined in \fB\s-1SSL_CIPHER\s0\fR structures.
@@ -280,7 +289,7 @@ definitions in the header files.
Returns a string like "\f(CW\*(C`TLSv1/SSLv3\*(C'\fR\*(L" or \*(R"\f(CW\*(C`SSLv2\*(C'\fR" which indicates the
\&\s-1SSL/TLS\s0 protocol version to which \fIcipher\fR belongs (i.e. where it was defined
in the specification the first time).
-.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1PROTOCOL\s0 \s-1CONTEXTS\s0"
+.SS "\s-1DEALING WITH PROTOCOL CONTEXTS\s0"
.IX Subsection "DEALING WITH PROTOCOL CONTEXTS"
Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0
protocol context defined in the \fB\s-1SSL_CTX\s0\fR structure.
@@ -453,7 +462,7 @@ session instead of a context.
.IP "int \fBSSL_CTX_use_certificate_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4
.IX Item "int SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type);"
.PD
-.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1SESSIONS\s0"
+.SS "\s-1DEALING WITH SESSIONS\s0"
.IX Subsection "DEALING WITH SESSIONS"
Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0
sessions defined in the \fB\s-1SSL_SESSION\s0\fR structures.
@@ -489,7 +498,7 @@ sessions defined in the \fB\s-1SSL_SESSION\s0\fR s
.IP "long \fBSSL_SESSION_set_timeout\fR(\s-1SSL_SESSION\s0 *s, long t);" 4
.IX Item "long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);"
.PD
-.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1CONNECTIONS\s0"
+.SS "\s-1DEALING WITH CONNECTIONS\s0"
.IX Subsection "DEALING WITH CONNECTIONS"
Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0
connection defined in the \fB\s-1SSL\s0\fR structure.
Index: secure/usr.bin/openssl/man/CA.pl.1
===================================================================
--- secure/usr.bin/openssl/man/CA.pl.1 (revision 279126)
+++ secure/usr.bin/openssl/man/CA.pl.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CA.PL 1"
-.TH CA.PL 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH CA.PL 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -196,7 +205,7 @@ to standard output.
.IX Item "-signCA"
this option is the same as the \fB\-signreq\fR option except it uses the configuration
file section \fBv3_ca\fR and so makes the signed request a valid \s-1CA\s0 certificate. This
-is useful when creating intermediate \s-1CA\s0 from a root \s-1CA\s0.
+is useful when creating intermediate \s-1CA\s0 from a root \s-1CA.\s0
.IP "\fB\-signcert\fR" 4
.IX Item "-signcert"
this option is the same as \fB\-sign\fR except it expects a self signed certificate
@@ -216,7 +225,7 @@ Create a \s-1CA\s0 hierarchy:
\& CA.pl \-newca
.Ve
.PP
-Complete certificate creation example: create a \s-1CA\s0, create a request, sign
+Complete certificate creation example: create a \s-1CA,\s0 create a request, sign
the request and finally create a PKCS#12 file containing it.
.PP
.Vb 4
@@ -237,7 +246,7 @@ Create some \s-1DSA\s0 parameters:
\& openssl dsaparam \-out dsap.pem 1024
.Ve
.PP
-Create a \s-1DSA\s0 \s-1CA\s0 certificate and private key:
+Create a \s-1DSA CA\s0 certificate and private key:
.PP
.Vb 1
\& openssl req \-x509 \-newkey dsa:dsap.pem \-keyout cacert.pem \-out cacert.pem
Index: secure/usr.bin/openssl/man/asn1parse.1
===================================================================
--- secure/usr.bin/openssl/man/asn1parse.1 (revision 279126)
+++ secure/usr.bin/openssl/man/asn1parse.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1PARSE 1"
-.TH ASN1PARSE 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ASN1PARSE 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -142,13 +151,15 @@ asn1parse \- ASN.1 parsing tool
[\fB\-length number\fR]
[\fB\-i\fR]
[\fB\-oid filename\fR]
+[\fB\-dump\fR]
+[\fB\-dlimit num\fR]
[\fB\-strparse offset\fR]
[\fB\-genstr string\fR]
[\fB\-genconf file\fR]
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-The \fBasn1parse\fR command is a diagnostic utility that can parse \s-1ASN\s0.1
-structures. It can also be used to extract data from \s-1ASN\s0.1 formatted data.
+The \fBasn1parse\fR command is a diagnostic utility that can parse \s-1ASN.1\s0
+structures. It can also be used to extract data from \s-1ASN.1\s0 formatted data.
.SH "OPTIONS"
.IX Header "OPTIONS"
.IP "\fB\-inform\fR \fBDER|PEM\fR" 4
@@ -179,9 +190,15 @@ indents the output according to the \*(L"depth\*(R
.IX Item "-oid filename"
a file containing additional \s-1OBJECT\s0 IDENTIFIERs (OIDs). The format of this
file is described in the \s-1NOTES\s0 section below.
+.IP "\fB\-dump\fR" 4
+.IX Item "-dump"
+dump unknown data in hex format.
+.IP "\fB\-dlimit num\fR" 4
+.IX Item "-dlimit num"
+like \fB\-dump\fR, but only the first \fBnum\fR bytes are output.
.IP "\fB\-strparse offset\fR" 4
.IX Item "-strparse offset"
-parse the contents octets of the \s-1ASN\s0.1 object starting at \fBoffset\fR. This
+parse the contents octets of the \s-1ASN.1\s0 object starting at \fBoffset\fR. This
option can be used multiple times to \*(L"drill down\*(R" into a nested structure.
.IP "\fB\-genstr string\fR, \fB\-genconf file\fR" 4
.IX Item "-genstr string, -genconf file"
@@ -218,15 +235,15 @@ The output will typically contain lines like this:
.PP
This example is part of a self signed certificate. Each line starts with the
offset in decimal. \fBd=XX\fR specifies the current depth. The depth is increased
-within the scope of any \s-1SET\s0 or \s-1SEQUENCE\s0. \fBhl=XX\fR gives the header length
+within the scope of any \s-1SET\s0 or \s-1SEQUENCE. \s0\fBhl=XX\fR gives the header length
(tag and length octets) of the current type. \fBl=XX\fR gives the length of
the contents octets.
.PP
The \fB\-i\fR option can be used to make the output more readable.
.PP
-Some knowledge of the \s-1ASN\s0.1 structure is needed to interpret the output.
+Some knowledge of the \s-1ASN.1\s0 structure is needed to interpret the output.
.PP
-In this example the \s-1BIT\s0 \s-1STRING\s0 at offset 229 is the certificate public key.
+In this example the \s-1BIT STRING\s0 at offset 229 is the certificate public key.
The contents octets of this will contain the public key information. This can
be examined using the option \fB\-strparse 229\fR to yield:
.PP
@@ -291,4 +308,4 @@ Example config file:
.SH "BUGS"
.IX Header "BUGS"
There should be options to change the format of output lines. The output of some
-\&\s-1ASN\s0.1 types is not well handled (if at all).
+\&\s-1ASN.1\s0 types is not well handled (if at all).
Index: secure/usr.bin/openssl/man/ca.1
===================================================================
--- secure/usr.bin/openssl/man/ca.1 (revision 279126)
+++ secure/usr.bin/openssl/man/ca.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CA 1"
-.TH CA 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH CA 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -139,6 +148,8 @@ ca \- sample minimal CA application
[\fB\-name section\fR]
[\fB\-gencrl\fR]
[\fB\-revoke file\fR]
+[\fB\-status serial\fR]
+[\fB\-updatedb\fR]
[\fB\-crl_reason reason\fR]
[\fB\-crl_hold instruction\fR]
[\fB\-crl_compromise time\fR]
@@ -152,6 +163,7 @@ ca \- sample minimal CA application
[\fB\-md arg\fR]
[\fB\-policy arg\fR]
[\fB\-keyfile arg\fR]
+[\fB\-keyform PEM|DER\fR]
[\fB\-key arg\fR]
[\fB\-passin arg\fR]
[\fB\-cert file\fR]
@@ -193,15 +205,15 @@ specifies the configuration file section to use (o
.IP "\fB\-in filename\fR" 4
.IX Item "-in filename"
an input filename containing a single certificate request to be
-signed by the \s-1CA\s0.
+signed by the \s-1CA.\s0
.IP "\fB\-ss_cert filename\fR" 4
.IX Item "-ss_cert filename"
-a single self signed certificate to be signed by the \s-1CA\s0.
+a single self signed certificate to be signed by the \s-1CA.\s0
.IP "\fB\-spkac filename\fR" 4
.IX Item "-spkac filename"
a file containing a single Netscape signed public key and challenge
-and additional field values to be signed by the \s-1CA\s0. See the \fB\s-1SPKAC\s0 \s-1FORMAT\s0\fR
-section for information on the required format.
+and additional field values to be signed by the \s-1CA.\s0 See the \fB\s-1SPKAC FORMAT\s0\fR
+section for information on the required input and output format.
.IP "\fB\-infiles\fR" 4
.IX Item "-infiles"
if present this should be the last option, all subsequent arguments
@@ -210,7 +222,7 @@ are assumed to be the names of files containing ce
.IX Item "-out filename"
the output file to output certificates to. The default is standard
output. The certificate details will also be printed out to this
-file.
+file in \s-1PEM\s0 format (except that \fB\-spkac\fR outputs \s-1DER\s0 format).
.IP "\fB\-outdir directory\fR" 4
.IX Item "-outdir directory"
the directory to output certificates to. The certificate will be
@@ -222,6 +234,10 @@ the \s-1CA\s0 certificate file.
.IP "\fB\-keyfile filename\fR" 4
.IX Item "-keyfile filename"
the private key to sign requests with.
+.IP "\fB\-keyform PEM|DER\fR" 4
+.IX Item "-keyform PEM|DER"
+the format of the data in the private key file.
+The default is \s-1PEM.\s0
.IP "\fB\-key password\fR" 4
.IX Item "-key password"
the password used to encrypt the private key. Since on some
@@ -243,7 +259,7 @@ self-signed certificate.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-verbose\fR" 4
.IX Item "-verbose"
this prints extra details about the operations being performed.
@@ -253,11 +269,11 @@ don't output the text form of a certificate to the
.IP "\fB\-startdate date\fR" 4
.IX Item "-startdate date"
this allows the start date to be explicitly set. The format of the
-date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure).
+date is \s-1YYMMDDHHMMSSZ \s0(the same as an \s-1ASN1\s0 UTCTime structure).
.IP "\fB\-enddate date\fR" 4
.IX Item "-enddate date"
this allows the expiry date to be explicitly set. The format of the
-date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure).
+date is \s-1YYMMDDHHMMSSZ \s0(the same as an \s-1ASN1\s0 UTCTime structure).
.IP "\fB\-days arg\fR" 4
.IX Item "-days arg"
the number of days to certify the certificate for.
@@ -267,9 +283,9 @@ the message digest to use. Possible values include
This option also applies to CRLs.
.IP "\fB\-policy arg\fR" 4
.IX Item "-policy arg"
-this option defines the \s-1CA\s0 \*(L"policy\*(R" to use. This is a section in
+this option defines the \s-1CA \s0\*(L"policy\*(R" to use. This is a section in
the configuration file which decides which fields should be mandatory
-or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section
+or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY FORMAT\s0\fR section
for more information.
.IP "\fB\-msie_hack\fR" 4
.IX Item "-msie_hack"
@@ -288,7 +304,7 @@ DNs match the order of the request. This is not ne
.IP "\fB\-noemailDN\fR" 4
.IX Item "-noemailDN"
The \s-1DN\s0 of a certificate can contain the \s-1EMAIL\s0 field if present in the
-request \s-1DN\s0, however it is good policy just having the e\-mail set into
+request \s-1DN,\s0 however it is good policy just having the e\-mail set into
the altName extension of the certificate. When this option is set the
\&\s-1EMAIL\s0 field is removed from the certificate' subject and set only in
the, eventually present, extensions. The \fBemail_in_dn\fR keyword can be
@@ -323,7 +339,7 @@ characters may be escaped by \e (backslash), no sp
.IP "\fB\-utf8\fR" 4
.IX Item "-utf8"
this option causes field values to be interpreted as \s-1UTF8\s0 strings, by
-default they are interpreted as \s-1ASCII\s0. This means that the field
+default they are interpreted as \s-1ASCII.\s0 This means that the field
values, whether prompted from a terminal or obtained from a
configuration file, must be valid \s-1UTF8\s0 strings.
.IP "\fB\-multivalue\-rdn\fR" 4
@@ -349,6 +365,13 @@ the number of hours before the next \s-1CRL\s0 is
.IP "\fB\-revoke filename\fR" 4
.IX Item "-revoke filename"
a filename containing a certificate to revoke.
+.IP "\fB\-status serial\fR" 4
+.IX Item "-status serial"
+displays the revocation status of the certificate with the specified
+serial number and exits.
+.IP "\fB\-updatedb\fR" 4
+.IX Item "-updatedb"
+Updates the database index to purge expired certificates.
.IP "\fB\-crl_reason reason\fR" 4
.IX Item "-crl_reason reason"
revocation reason, where \fBreason\fR is one of: \fBunspecified\fR, \fBkeyCompromise\fR,
@@ -361,7 +384,7 @@ in delta CRLs which are not currently implemented.
.IP "\fB\-crl_hold instruction\fR" 4
.IX Item "-crl_hold instruction"
This sets the \s-1CRL\s0 revocation reason code to \fBcertificateHold\fR and the hold
-instruction to \fBinstruction\fR which must be an \s-1OID\s0. Although any \s-1OID\s0 can be
+instruction to \fBinstruction\fR which must be an \s-1OID.\s0 Although any \s-1OID\s0 can be
used only \fBholdInstructionNone\fR (the use of which is discouraged by \s-1RFC2459\s0)
\&\fBholdInstructionCallIssuer\fR or \fBholdInstructionReject\fR will normally be used.
.IP "\fB\-crl_compromise time\fR" 4
@@ -389,8 +412,8 @@ be used must be named in the \fBdefault_ca\fR opti
of the configuration file (or in the default section of the
configuration file). Besides \fBdefault_ca\fR, the following options are
read directly from the \fBca\fR section:
- \s-1RANDFILE\s0
- preserve
+ \s-1RANDFILE
+\&\s0 preserve
msie_hack
With the exception of \fB\s-1RANDFILE\s0\fR, this is probably a bug and may
change in future releases.
@@ -403,7 +426,7 @@ the configuration file or the command line equival
any) used.
.IP "\fBoid_file\fR" 4
.IX Item "oid_file"
-This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR.
+This specifies a file containing additional \fB\s-1OBJECT IDENTIFIERS\s0\fR.
Each line of the file should consist of the numerical form of the
object identifier followed by white space then the short name followed
by white space and finally the long name.
@@ -446,7 +469,7 @@ present.
.IX Item "default_crl_hours default_crl_days"
the same as the \fB\-crlhours\fR and the \fB\-crldays\fR options. These
will only be used if neither command line option is present. At
-least one of these must be present to generate a \s-1CRL\s0.
+least one of these must be present to generate a \s-1CRL.\s0
.IP "\fBdefault_md\fR" 4
.IX Item "default_md"
the same as the \fB\-md\fR option. The message digest to use. Mandatory.
@@ -485,13 +508,13 @@ the same as \fB\-preserveDN\fR
.IX Item "email_in_dn"
the same as \fB\-noemailDN\fR. If you want the \s-1EMAIL\s0 field to be removed
from the \s-1DN\s0 of the certificate simply set this to 'no'. If not present
-the default is to allow for the \s-1EMAIL\s0 filed in the certificate's \s-1DN\s0.
+the default is to allow for the \s-1EMAIL\s0 filed in the certificate's \s-1DN.\s0
.IP "\fBmsie_hack\fR" 4
.IX Item "msie_hack"
the same as \fB\-msie_hack\fR
.IP "\fBpolicy\fR" 4
.IX Item "policy"
-the same as \fB\-policy\fR. Mandatory. See the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section
+the same as \fB\-policy\fR. Mandatory. See the \fB\s-1POLICY FORMAT\s0\fR section
for more information.
.IP "\fBname_opt\fR, \fBcert_opt\fR" 4
.IX Item "name_opt, cert_opt"
@@ -542,6 +565,10 @@ The file should contain the variable \s-1SPKAC\s0
the \s-1SPKAC\s0 and also the required \s-1DN\s0 components as name value pairs.
If you need to include the same component twice then it can be
preceded by a number and a '.'.
+.PP
+When processing \s-1SPKAC\s0 format, the output is \s-1DER\s0 if the \fB\-out\fR
+flag is used, but \s-1PEM\s0 format if sending to stdout or the \fB\-outdir\fR
+flag is used.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Note: these examples assume that the \fBca\fR directory structure is
@@ -679,7 +706,7 @@ exposed at either a command or interface level so
.PP
Any fields in a request that are not present in a policy are silently
deleted. This does not happen if the \fB\-preserveDN\fR option is used. To
-enforce the absence of the \s-1EMAIL\s0 field within the \s-1DN\s0, as suggested by
+enforce the absence of the \s-1EMAIL\s0 field within the \s-1DN,\s0 as suggested by
RFCs, regardless the contents of the request' subject the \fB\-noemailDN\fR
option can be used. The behaviour should be more friendly and
configurable.
@@ -691,7 +718,7 @@ create an empty file.
The \fBca\fR command is quirky and at times downright unfriendly.
.PP
The \fBca\fR utility was originally meant as an example of how to do things
-in a \s-1CA\s0. It was not supposed to be used as a full blown \s-1CA\s0 itself:
+in a \s-1CA.\s0 It was not supposed to be used as a full blown \s-1CA\s0 itself:
nevertheless some people are using it for this purpose.
.PP
The \fBca\fR command is effectively a single user command: no locking is
Index: secure/usr.bin/openssl/man/ciphers.1
===================================================================
--- secure/usr.bin/openssl/man/ciphers.1 (revision 279126)
+++ secure/usr.bin/openssl/man/ciphers.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CIPHERS 1"
-.TH CIPHERS 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH CIPHERS 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -187,7 +196,7 @@ algorithms.
.PP
Lists of cipher suites can be combined in a single cipher string using the
\&\fB+\fR character. This is used as a logical \fBand\fR operation. For example
-\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1\s0 \fBand\fR the \s-1DES\s0
+\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1 \s0\fBand\fR the \s-1DES\s0
algorithms.
.PP
Each cipher string can be optionally preceded by the characters \fB!\fR,
@@ -253,7 +262,7 @@ export encryption algorithms. Including 40 and 56
with support for experimental ciphers.
.IP "\fBeNULL\fR, \fB\s-1NULL\s0\fR" 4
.IX Item "eNULL, NULL"
-the \*(L"\s-1NULL\s0\*(R" ciphers that is those offering no encryption. Because these offer no
+the \*(L"\s-1NULL\*(R"\s0 ciphers that is those offering no encryption. Because these offer no
encryption at all and are a security risk they are disabled unless explicitly
included.
.IP "\fBaNULL\fR" 4
@@ -290,46 +299,46 @@ ciphers suites using \s-1FORTEZZA\s0 key exchange,
\&\s-1TLS\s0 v1.0, \s-1SSL\s0 v3.0 or \s-1SSL\s0 v2.0 cipher suites respectively.
.IP "\fB\s-1DH\s0\fR" 4
.IX Item "DH"
-cipher suites using \s-1DH\s0, including anonymous \s-1DH\s0.
+cipher suites using \s-1DH,\s0 including anonymous \s-1DH.\s0
.IP "\fB\s-1ADH\s0\fR" 4
.IX Item "ADH"
anonymous \s-1DH\s0 cipher suites.
.IP "\fB\s-1AES\s0\fR" 4
.IX Item "AES"
-cipher suites using \s-1AES\s0.
+cipher suites using \s-1AES.\s0
.IP "\fB\s-1CAMELLIA\s0\fR" 4
.IX Item "CAMELLIA"
cipher suites using Camellia.
.IP "\fB3DES\fR" 4
.IX Item "3DES"
-cipher suites using triple \s-1DES\s0.
+cipher suites using triple \s-1DES.\s0
.IP "\fB\s-1DES\s0\fR" 4
.IX Item "DES"
-cipher suites using \s-1DES\s0 (not triple \s-1DES\s0).
+cipher suites using \s-1DES \s0(not triple \s-1DES\s0).
.IP "\fB\s-1RC4\s0\fR" 4
.IX Item "RC4"
-cipher suites using \s-1RC4\s0.
+cipher suites using \s-1RC4.\s0
.IP "\fB\s-1RC2\s0\fR" 4
.IX Item "RC2"
-cipher suites using \s-1RC2\s0.
+cipher suites using \s-1RC2.\s0
.IP "\fB\s-1IDEA\s0\fR" 4
.IX Item "IDEA"
-cipher suites using \s-1IDEA\s0.
+cipher suites using \s-1IDEA.\s0
.IP "\fB\s-1SEED\s0\fR" 4
.IX Item "SEED"
-cipher suites using \s-1SEED\s0.
+cipher suites using \s-1SEED.\s0
.IP "\fB\s-1MD5\s0\fR" 4
.IX Item "MD5"
-cipher suites using \s-1MD5\s0.
+cipher suites using \s-1MD5.\s0
.IP "\fB\s-1SHA1\s0\fR, \fB\s-1SHA\s0\fR" 4
.IX Item "SHA1, SHA"
-cipher suites using \s-1SHA1\s0.
+cipher suites using \s-1SHA1.\s0
.SH "CIPHER SUITE NAMES"
.IX Header "CIPHER SUITE NAMES"
The following lists give the \s-1SSL\s0 or \s-1TLS\s0 cipher suites names from the
relevant specification and their OpenSSL equivalents. It should be noted,
that several cipher suite names do not include the authentication used,
-e.g. \s-1DES\-CBC3\-SHA\s0. In these cases, \s-1RSA\s0 authentication is used.
+e.g. \s-1DES\-CBC3\-SHA.\s0 In these cases, \s-1RSA\s0 authentication is used.
.SS "\s-1SSL\s0 v3.0 cipher suites."
.IX Subsection "SSL v3.0 cipher suites."
.Vb 10
@@ -400,7 +409,7 @@ that several cipher suite names do not include the
\& TLS_DH_anon_WITH_DES_CBC_SHA ADH\-DES\-CBC\-SHA
\& TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH\-DES\-CBC3\-SHA
.Ve
-.SS "\s-1AES\s0 ciphersuites from \s-1RFC3268\s0, extending \s-1TLS\s0 v1.0"
+.SS "\s-1AES\s0 ciphersuites from \s-1RFC3268,\s0 extending \s-1TLS\s0 v1.0"
.IX Subsection "AES ciphersuites from RFC3268, extending TLS v1.0"
.Vb 2
\& TLS_RSA_WITH_AES_128_CBC_SHA AES128\-SHA
@@ -419,7 +428,7 @@ that several cipher suite names do not include the
\& TLS_DH_anon_WITH_AES_128_CBC_SHA ADH\-AES128\-SHA
\& TLS_DH_anon_WITH_AES_256_CBC_SHA ADH\-AES256\-SHA
.Ve
-.SS "Camellia ciphersuites from \s-1RFC4132\s0, extending \s-1TLS\s0 v1.0"
+.SS "Camellia ciphersuites from \s-1RFC4132,\s0 extending \s-1TLS\s0 v1.0"
.IX Subsection "Camellia ciphersuites from RFC4132, extending TLS v1.0"
.Vb 2
\& TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128\-SHA
@@ -438,7 +447,7 @@ that several cipher suite names do not include the
\& TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH\-CAMELLIA128\-SHA
\& TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH\-CAMELLIA256\-SHA
.Ve
-.SS "\s-1SEED\s0 ciphersuites from \s-1RFC4162\s0, extending \s-1TLS\s0 v1.0"
+.SS "\s-1SEED\s0 ciphersuites from \s-1RFC4162,\s0 extending \s-1TLS\s0 v1.0"
.IX Subsection "SEED ciphersuites from RFC4162, extending TLS v1.0"
.Vb 1
\& TLS_RSA_WITH_SEED_CBC_SHA SEED\-SHA
Index: secure/usr.bin/openssl/man/crl.1
===================================================================
--- secure/usr.bin/openssl/man/crl.1 (revision 279126)
+++ secure/usr.bin/openssl/man/crl.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CRL 1"
-.TH CRL 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH CRL 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -139,6 +148,7 @@ crl \- CRL utility
[\fB\-text\fR]
[\fB\-in filename\fR]
[\fB\-out filename\fR]
+[\fB\-nameopt option\fR]
[\fB\-noout\fR]
[\fB\-hash\fR]
[\fB\-issuer\fR]
@@ -171,9 +181,13 @@ default.
.IP "\fB\-text\fR" 4
.IX Item "-text"
print out the \s-1CRL\s0 in text form.
+.IP "\fB\-nameopt option\fR" 4
+.IX Item "-nameopt option"
+option which determines how the subject or issuer names are displayed. See
+the description of \fB\-nameopt\fR in \fIx509\fR\|(1).
.IP "\fB\-noout\fR" 4
.IX Item "-noout"
-don't output the encoded version of the \s-1CRL\s0.
+don't output the encoded version of the \s-1CRL.\s0
.IP "\fB\-hash\fR" 4
.IX Item "-hash"
output a hash of the issuer name. This can be use to lookup CRLs in
@@ -199,7 +213,7 @@ is a hash of each subject name (using \fBx509 \-ha
to each certificate.
.SH "NOTES"
.IX Header "NOTES"
-The \s-1PEM\s0 \s-1CRL\s0 format uses the header and footer lines:
+The \s-1PEM CRL\s0 format uses the header and footer lines:
.PP
.Vb 2
\& \-\-\-\-\-BEGIN X509 CRL\-\-\-\-\-
Index: secure/usr.bin/openssl/man/crl2pkcs7.1
===================================================================
--- secure/usr.bin/openssl/man/crl2pkcs7.1 (revision 279126)
+++ secure/usr.bin/openssl/man/crl2pkcs7.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CRL2PKCS7 1"
-.TH CRL2PKCS7 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH CRL2PKCS7 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -193,7 +202,7 @@ different certificates:
.SH "NOTES"
.IX Header "NOTES"
The output file is a PKCS#7 signed data structure containing no signers and
-just certificates and an optional \s-1CRL\s0.
+just certificates and an optional \s-1CRL.\s0
.PP
This utility can be used to send certificates and CAs to Netscape as part of
the certificate enrollment process. This involves sending the \s-1DER\s0 encoded output
Index: secure/usr.bin/openssl/man/dgst.1
===================================================================
--- secure/usr.bin/openssl/man/dgst.1 (revision 279126)
+++ secure/usr.bin/openssl/man/dgst.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DGST 1"
-.TH DGST 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH DGST 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -181,11 +190,11 @@ digitally sign the digest using the private key in
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the private key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-verify filename\fR" 4
.IX Item "-verify filename"
verify the signature using the public key in \*(L"filename\*(R".
-The output is either \*(L"Verification \s-1OK\s0\*(R" or \*(L"Verification Failure\*(R".
+The output is either \*(L"Verification \s-1OK\*(R"\s0 or \*(L"Verification Failure\*(R".
.IP "\fB\-prverify filename\fR" 4
.IX Item "-prverify filename"
verify the signature using the the private key in \*(L"filename\*(R".
@@ -208,7 +217,7 @@ file or files to digest. If no files are specified
used.
.SH "NOTES"
.IX Header "NOTES"
-The digest of choice for all new applications is \s-1SHA1\s0. Other digests are
+The digest of choice for all new applications is \s-1SHA1.\s0 Other digests are
however still widely used.
.PP
If you wish to sign or verify data using the \s-1DSA\s0 algorithm then the dss1
@@ -215,7 +224,7 @@ If you wish to sign or verify data using the \s-1D
digest must be used.
.PP
A source of random numbers is required for certain signing algorithms, in
-particular \s-1DSA\s0.
+particular \s-1DSA.\s0
.PP
The signing and verify options should only be used if a single file is
being signed or verified.
Index: secure/usr.bin/openssl/man/dhparam.1
===================================================================
--- secure/usr.bin/openssl/man/dhparam.1 (revision 279126)
+++ secure/usr.bin/openssl/man/dhparam.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DHPARAM 1"
-.TH DHPARAM 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH DHPARAM 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -139,6 +148,7 @@ dhparam \- DH parameter manipulation and generatio
[\fB\-in\fR \fIfilename\fR]
[\fB\-out\fR \fIfilename\fR]
[\fB\-dsaparam\fR]
+[\fB\-check\fR]
[\fB\-noout\fR]
[\fB\-text\fR]
[\fB\-C\fR]
@@ -154,7 +164,7 @@ This command is used to manipulate \s-1DH\s0 param
.IX Header "OPTIONS"
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
-This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded
form compatible with the PKCS#3 DHparameter structure. The \s-1PEM\s0 form is the
default format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with
additional header and footer lines.
@@ -182,6 +192,9 @@ and the recommended exponent length is shorter, wh
exchange more efficient. Beware that with such DSA-style \s-1DH\s0
parameters, a fresh \s-1DH\s0 key should be created for each use to
avoid small-subgroup attacks that may be possible otherwise.
+.IP "\fB\-check\fR" 4
+.IX Item "-check"
+check if the parameters are valid primes and generator.
.IP "\fB\-2\fR, \fB\-5\fR" 4
.IX Item "-2, -5"
The generator to use, either 2 or 5. 2 is the default. If present then the
@@ -230,8 +243,8 @@ versions of OpenSSL.
\& \-\-\-\-\-END DH PARAMETERS\-\-\-\-\-
.Ve
.PP
-OpenSSL currently only supports the older PKCS#3 \s-1DH\s0, not the newer X9.42
-\&\s-1DH\s0.
+OpenSSL currently only supports the older PKCS#3 \s-1DH,\s0 not the newer X9.42
+\&\s-1DH.\s0
.PP
This program manipulates \s-1DH\s0 parameters not keys.
.SH "BUGS"
Index: secure/usr.bin/openssl/man/dsa.1
===================================================================
--- secure/usr.bin/openssl/man/dsa.1 (revision 279126)
+++ secure/usr.bin/openssl/man/dsa.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA 1"
-.TH DSA 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH DSA 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -140,6 +149,12 @@ dsa \- DSA key processing
[\fB\-passin arg\fR]
[\fB\-out filename\fR]
[\fB\-passout arg\fR]
+[\fB\-aes128\fR]
+[\fB\-aes192\fR]
+[\fB\-aes256\fR]
+[\fB\-camellia128\fR]
+[\fB\-camellia192\fR]
+[\fB\-camellia256\fR]
[\fB\-des\fR]
[\fB\-des3\fR]
[\fB\-idea\fR]
@@ -160,10 +175,10 @@ applications should use the more secure PKCS#8 for
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
This specifies the input format. The \fB\s-1DER\s0\fR option with a private key uses
-an \s-1ASN1\s0 \s-1DER\s0 encoded form of an \s-1ASN\s0.1 \s-1SEQUENCE\s0 consisting of the values of
+an \s-1ASN1 DER\s0 encoded form of an \s-1ASN.1 SEQUENCE\s0 consisting of the values of
version (currently zero), p, q, g, the public and private key components
-respectively as \s-1ASN\s0.1 INTEGERs. When used with a public key it uses a
-SubjectPublicKeyInfo structure: it is an error if the key is not \s-1DSA\s0.
+respectively as \s-1ASN.1\s0 INTEGERs. When used with a public key it uses a
+SubjectPublicKeyInfo structure: it is an error if the key is not \s-1DSA.\s0
.Sp
The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64
encoded with additional header and footer lines. In the case of a private key
@@ -180,7 +195,7 @@ prompted for.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename to write a key to or standard output by
@@ -190,11 +205,11 @@ filename.
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
-.IP "\fB\-des|\-des3|\-idea\fR" 4
-.IX Item "-des|-des3|-idea"
-These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the
-\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for.
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+.IP "\fB\-aes128|\-aes192|\-aes256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4
+.IX Item "-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea"
+These options encrypt the private key with the specified
+cipher before outputting it. A pass phrase is prompted for.
If none of these options is specified the key is written in plain text. This
means that using the \fBdsa\fR utility to read in an encrypted key with no
encryption option can be used to remove the pass phrase from a key, or by
Index: secure/usr.bin/openssl/man/dsaparam.1
===================================================================
--- secure/usr.bin/openssl/man/dsaparam.1 (revision 279126)
+++ secure/usr.bin/openssl/man/dsaparam.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSAPARAM 1"
-.TH DSAPARAM 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH DSAPARAM 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -152,8 +161,8 @@ This command is used to manipulate or generate \s-
.IX Header "OPTIONS"
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
-This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded
-form compatible with \s-1RFC2459\s0 (\s-1PKIX\s0) DSS-Parms that is a \s-1SEQUENCE\s0 consisting
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded
+form compatible with \s-1RFC2459 \s0(\s-1PKIX\s0) DSS-Parms that is a \s-1SEQUENCE\s0 consisting
of p, q and g respectively. The \s-1PEM\s0 form is the default format: it consists
of the \fB\s-1DER\s0\fR format base64 encoded with additional header and footer lines.
.IP "\fB\-outform DER|PEM\fR" 4
Index: secure/usr.bin/openssl/man/ec.1
===================================================================
--- secure/usr.bin/openssl/man/ec.1 (revision 279126)
+++ secure/usr.bin/openssl/man/ec.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EC 1"
-.TH EC 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH EC 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -155,7 +164,7 @@ ec \- EC key processing
.IX Header "DESCRIPTION"
The \fBec\fR command processes \s-1EC\s0 keys. They can be converted between various
forms and their components printed out. \fBNote\fR OpenSSL uses the
-private key format specified in '\s-1SEC\s0 1: Elliptic Curve Cryptography'
+private key format specified in '\s-1SEC 1:\s0 Elliptic Curve Cryptography'
(http://www.secg.org/). To convert a OpenSSL \s-1EC\s0 private key into the
PKCS#8 private key format use the \fBpkcs8\fR command.
.SH "COMMAND OPTIONS"
@@ -163,8 +172,8 @@ PKCS#8 private key format use the \fBpkcs8\fR comm
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
This specifies the input format. The \fB\s-1DER\s0\fR option with a private key uses
-an \s-1ASN\s0.1 \s-1DER\s0 encoded \s-1SEC1\s0 private key. When used with a public key it
-uses the SubjectPublicKeyInfo structur as specified in \s-1RFC\s0 3280.
+an \s-1ASN.1 DER\s0 encoded \s-1SEC1\s0 private key. When used with a public key it
+uses the SubjectPublicKeyInfo structur as specified in \s-1RFC 3280.\s0
The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64
encoded with additional header and footer lines. In the case of a private key
PKCS#8 format is also accepted.
@@ -180,7 +189,7 @@ prompted for.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename to write a key to or standard output by
@@ -190,10 +199,10 @@ filename.
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-des|\-des3|\-idea\fR" 4
.IX Item "-des|-des3|-idea"
-These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, \s-1IDEA\s0 or
+These options encrypt the private key with the \s-1DES,\s0 triple \s-1DES, IDEA\s0 or
any other cipher supported by OpenSSL before outputting it. A pass phrase is
prompted for.
If none of these options is specified the key is written in plain text. This
@@ -232,10 +241,10 @@ the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_CO
.IX Item "-param_enc arg"
This specifies how the elliptic curve parameters are encoded.
Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are
-specified by a \s-1OID\s0, or \fBexplicit\fR where the ec parameters are
-explicitly given (see \s-1RFC\s0 3279 for the definition of the
+specified by a \s-1OID,\s0 or \fBexplicit\fR where the ec parameters are
+explicitly given (see \s-1RFC 3279\s0 for the definition of the
\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR.
-\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC\s0 3279,
+\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC 3279,\s0
is currently not implemented in OpenSSL.
.IP "\fB\-engine id\fR" 4
.IX Item "-engine id"
Index: secure/usr.bin/openssl/man/ecparam.1
===================================================================
--- secure/usr.bin/openssl/man/ecparam.1 (revision 279126)
+++ secure/usr.bin/openssl/man/ecparam.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ECPARAM 1"
-.TH ECPARAM 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ECPARAM 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -143,7 +152,7 @@ ecparam \- EC parameter manipulation and generatio
[\fB\-C\fR]
[\fB\-check\fR]
[\fB\-name arg\fR]
-[\fB\-list_curve\fR]
+[\fB\-list_curves\fR]
[\fB\-conv_form arg\fR]
[\fB\-param_enc arg\fR]
[\fB\-no_seed\fR]
@@ -157,8 +166,8 @@ This command is used to manipulate or generate \s-
.IX Header "OPTIONS"
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
-This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN\s0.1 \s-1DER\s0 encoded
-form compatible with \s-1RFC\s0 3279 EcpkParameters. The \s-1PEM\s0 form is the default
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN.1 DER\s0 encoded
+form compatible with \s-1RFC 3279\s0 EcpkParameters. The \s-1PEM\s0 form is the default
format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with additional
header and footer lines.
.IP "\fB\-outform DER|PEM\fR" 4
@@ -208,15 +217,15 @@ the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_CO
.IX Item "-param_enc arg"
This specifies how the elliptic curve parameters are encoded.
Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are
-specified by a \s-1OID\s0, or \fBexplicit\fR where the ec parameters are
-explicitly given (see \s-1RFC\s0 3279 for the definition of the
+specified by a \s-1OID,\s0 or \fBexplicit\fR where the ec parameters are
+explicitly given (see \s-1RFC 3279\s0 for the definition of the
\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR.
-\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC\s0 3279,
+\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC 3279,\s0
is currently not implemented in OpenSSL.
.IP "\fB\-no_seed\fR" 4
.IX Item "-no_seed"
This option inhibits that the 'seed' for the parameter generation
-is included in the ECParameters structure (see \s-1RFC\s0 3279).
+is included in the ECParameters structure (see \s-1RFC 3279\s0).
.IP "\fB\-genkey\fR" 4
.IX Item "-genkey"
This option will generate a \s-1EC\s0 private key using the specified parameters.
Index: secure/usr.bin/openssl/man/enc.1
===================================================================
--- secure/usr.bin/openssl/man/enc.1 (revision 279126)
+++ secure/usr.bin/openssl/man/enc.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ENC 1"
-.TH ENC 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ENC 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -167,13 +176,13 @@ the output filename, standard output by default.
.IP "\fB\-pass arg\fR" 4
.IX Item "-pass arg"
the password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-salt\fR" 4
.IX Item "-salt"
use a salt in the key derivation routines. This is the default.
.IP "\fB\-nosalt\fR" 4
.IX Item "-nosalt"
-don't use a salt in the key derivation routines. This option \fB\s-1SHOULD\s0 \s-1NOT\s0\fR be
+don't use a salt in the key derivation routines. This option \fB\s-1SHOULD NOT\s0\fR be
used except for test purposes or compatibility with ancient versions of OpenSSL
and SSLeay.
.IP "\fB\-e\fR" 4
Index: secure/usr.bin/openssl/man/errstr.1
===================================================================
--- secure/usr.bin/openssl/man/errstr.1 (revision 279126)
+++ secure/usr.bin/openssl/man/errstr.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERRSTR 1"
-.TH ERRSTR 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH ERRSTR 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/usr.bin/openssl/man/gendsa.1
===================================================================
--- secure/usr.bin/openssl/man/gendsa.1 (revision 279126)
+++ secure/usr.bin/openssl/man/gendsa.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "GENDSA 1"
-.TH GENDSA 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH GENDSA 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -135,6 +144,12 @@ gendsa \- generate a DSA private key from a set of
.IX Header "SYNOPSIS"
\&\fBopenssl\fR \fBgendsa\fR
[\fB\-out filename\fR]
+[\fB\-aes128\fR]
+[\fB\-aes192\fR]
+[\fB\-aes256\fR]
+[\fB\-camellia128\fR]
+[\fB\-camellia192\fR]
+[\fB\-camellia256\fR]
[\fB\-des\fR]
[\fB\-des3\fR]
[\fB\-idea\fR]
@@ -147,10 +162,10 @@ The \fBgendsa\fR command generates a \s-1DSA\s0 pr
(which will be typically generated by the \fBopenssl dsaparam\fR command).
.SH "OPTIONS"
.IX Header "OPTIONS"
-.IP "\fB\-des|\-des3|\-idea\fR" 4
-.IX Item "-des|-des3|-idea"
-These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the
-\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for.
+.IP "\fB\-aes128|\-aes192|\-aes256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4
+.IX Item "-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea"
+These options encrypt the private key with specified
+cipher before outputting it. A pass phrase is prompted for.
If none of these options is specified no encryption is used.
.IP "\fB\-rand file(s)\fR" 4
.IX Item "-rand file(s)"
Index: secure/usr.bin/openssl/man/genrsa.1
===================================================================
--- secure/usr.bin/openssl/man/genrsa.1 (revision 279126)
+++ secure/usr.bin/openssl/man/genrsa.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "GENRSA 1"
-.TH GENRSA 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH GENRSA 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -136,6 +145,18 @@ genrsa \- generate an RSA private key
\&\fBopenssl\fR \fBgenrsa\fR
[\fB\-out filename\fR]
[\fB\-passout arg\fR]
+[\fB\-aes128\fR]
+[\fB\-aes128\fR]
+[\fB\-aes192\fR]
+[\fB\-aes256\fR]
+[\fB\-camellia128\fR]
+[\fB\-camellia192\fR]
+[\fB\-camellia256\fR]
+[\fB\-aes192\fR]
+[\fB\-aes256\fR]
+[\fB\-camellia128\fR]
+[\fB\-camellia192\fR]
+[\fB\-camellia256\fR]
[\fB\-des\fR]
[\fB\-des3\fR]
[\fB\-idea\fR]
@@ -156,11 +177,11 @@ used.
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
-.IP "\fB\-des|\-des3|\-idea\fR" 4
-.IX Item "-des|-des3|-idea"
-These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the
-\&\s-1IDEA\s0 ciphers respectively before outputting it. If none of these options is
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+.IP "\fB\-aes128|\-aes192|\-aes256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4
+.IX Item "-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea"
+These options encrypt the private key with specified
+cipher before outputting it. If none of these options is
specified no encryption is used. If encryption is used a pass phrase is prompted
for if it is not supplied via the \fB\-passout\fR argument.
.IP "\fB\-F4|\-3\fR" 4
Index: secure/usr.bin/openssl/man/nseq.1
===================================================================
--- secure/usr.bin/openssl/man/nseq.1 (revision 279126)
+++ secure/usr.bin/openssl/man/nseq.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "NSEQ 1"
-.TH NSEQ 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH NSEQ 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/usr.bin/openssl/man/ocsp.1
===================================================================
--- secure/usr.bin/openssl/man/ocsp.1 (revision 279126)
+++ secure/usr.bin/openssl/man/ocsp.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "OCSP 1"
-.TH OCSP 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH OCSP 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -181,7 +190,7 @@ ocsp \- Online Certificate Status Protocol utility
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The Online Certificate Status Protocol (\s-1OCSP\s0) enables applications to
-determine the (revocation) state of an identified certificate (\s-1RFC\s0 2560).
+determine the (revocation) state of an identified certificate (\s-1RFC 2560\s0).
.PP
The \fBocsp\fR command performs many common \s-1OCSP\s0 tasks. It can be used
to print out requests and responses, create requests and send queries
@@ -237,7 +246,7 @@ if \s-1OCSP\s0 request or response creation is imp
with \fBserial\fR, \fBcert\fR and \fBhost\fR options).
.IP "\fB\-url responder_url\fR" 4
.IX Item "-url responder_url"
-specify the responder \s-1URL\s0. Both \s-1HTTP\s0 and \s-1HTTPS\s0 (\s-1SSL/TLS\s0) URLs can be specified.
+specify the responder \s-1URL.\s0 Both \s-1HTTP\s0 and \s-1HTTPS \s0(\s-1SSL/TLS\s0) URLs can be specified.
.IP "\fB\-host hostname:port\fR, \fB\-path pathname\fR" 4
.IX Item "-host hostname:port, -path pathname"
if the \fBhost\fR option is present then the \s-1OCSP\s0 request is sent to the host
@@ -334,7 +343,7 @@ Additional certificates to include in the \s-1OCSP
Don't include any certificates in the \s-1OCSP\s0 response.
.IP "\fB\-resp_key_id\fR" 4
.IX Item "-resp_key_id"
-Identify the signer certificate using the key \s-1ID\s0, default is to use the subject name.
+Identify the signer certificate using the key \s-1ID,\s0 default is to use the subject name.
.IP "\fB\-rkey file\fR" 4
.IX Item "-rkey file"
The private key to sign \s-1OCSP\s0 responses with: if not present the file specified in the
@@ -353,7 +362,7 @@ Number of minutes or days when fresh revocation in
omitted meaning fresh revocation information is immediately available.
.SH "OCSP Response verification."
.IX Header "OCSP Response verification."
-\&\s-1OCSP\s0 Response follows the rules specified in \s-1RFC2560\s0.
+\&\s-1OCSP\s0 Response follows the rules specified in \s-1RFC2560.\s0
.PP
Initially the \s-1OCSP\s0 responder certificate is located and the signature on
the \s-1OCSP\s0 request checked using the responder certificate's public key.
Index: secure/usr.bin/openssl/man/openssl.1
===================================================================
--- secure/usr.bin/openssl/man/openssl.1 (revision 279126)
+++ secure/usr.bin/openssl/man/openssl.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL 1"
-.TH OPENSSL 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH OPENSSL 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -180,11 +189,11 @@ same name, this provides an easy way for shell scr
availability of ciphers in the \fBopenssl\fR program. (\fBno\-\fR\fI\s-1XXX\s0\fR is
not able to detect pseudo-commands such as \fBquit\fR,
\&\fBlist\-\fR\fI...\fR\fB\-commands\fR, or \fBno\-\fR\fI\s-1XXX\s0\fR itself.)
-.SS "\s-1STANDARD\s0 \s-1COMMANDS\s0"
+.SS "\s-1STANDARD COMMANDS\s0"
.IX Subsection "STANDARD COMMANDS"
.IP "\fBasn1parse\fR" 10
.IX Item "asn1parse"
-Parse an \s-1ASN\s0.1 sequence.
+Parse an \s-1ASN.1\s0 sequence.
.IP "\fBca\fR" 10
.IX Item "ca"
Certificate Authority (\s-1CA\s0) Management.
@@ -256,13 +265,13 @@ X.509 Certificate Signing Request (\s-1CSR\s0) Man
.IP "\fBs_client\fR" 10
.IX Item "s_client"
This implements a generic \s-1SSL/TLS\s0 client which can establish a transparent
-connection to a remote server speaking \s-1SSL/TLS\s0. It's intended for testing
+connection to a remote server speaking \s-1SSL/TLS.\s0 It's intended for testing
purposes only and provides only rudimentary interface functionality but
internally uses mostly all functionality of the OpenSSL \fBssl\fR library.
.IP "\fBs_server\fR" 10
.IX Item "s_server"
This implements a generic \s-1SSL/TLS\s0 server which accepts connections from remote
-clients speaking \s-1SSL/TLS\s0. It's intended for testing purposes only and provides
+clients speaking \s-1SSL/TLS.\s0 It's intended for testing purposes only and provides
only rudimentary interface functionality but internally uses mostly all
functionality of the OpenSSL \fBssl\fR library. It provides both an own command
line oriented protocol for testing \s-1SSL\s0 functions and a simple \s-1HTTP\s0 response
@@ -288,7 +297,7 @@ OpenSSL Version Information.
.IP "\fBx509\fR" 10
.IX Item "x509"
X.509 Certificate Data Management.
-.SS "\s-1MESSAGE\s0 \s-1DIGEST\s0 \s-1COMMANDS\s0"
+.SS "\s-1MESSAGE DIGEST COMMANDS\s0"
.IX Subsection "MESSAGE DIGEST COMMANDS"
.IP "\fBmd2\fR" 10
.IX Item "md2"
@@ -320,7 +329,7 @@ X.509 Certificate Data Management.
.IP "\fBsha512\fR" 10
.IX Item "sha512"
\&\s-1SHA\-512\s0 Digest
-.SS "\s-1ENCODING\s0 \s-1AND\s0 \s-1CIPHER\s0 \s-1COMMANDS\s0"
+.SS "\s-1ENCODING AND CIPHER COMMANDS\s0"
.IX Subsection "ENCODING AND CIPHER COMMANDS"
.IP "\fBbase64\fR" 10
.IX Item "base64"
Index: secure/usr.bin/openssl/man/passwd.1
===================================================================
--- secure/usr.bin/openssl/man/passwd.1 (revision 279126)
+++ secure/usr.bin/openssl/man/passwd.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PASSWD 1"
-.TH PASSWD 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH PASSWD 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/usr.bin/openssl/man/pkcs12.1
===================================================================
--- secure/usr.bin/openssl/man/pkcs12.1 (revision 279126)
+++ secure/usr.bin/openssl/man/pkcs12.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS12 1"
-.TH PKCS12 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH PKCS12 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -188,12 +197,12 @@ They are all written in \s-1PEM\s0 format.
.IP "\fB\-pass arg\fR, \fB\-passin arg\fR" 4
.IX Item "-pass arg, -passin arg"
the PKCS#12 file (i.e. input file) password source. For more information about the
-format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in
+format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in
\&\fIopenssl\fR\|(1).
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
pass phrase source to encrypt any outputed private keys with. For more information
-about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in
+about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in
\&\fIopenssl\fR\|(1).
.IP "\fB\-noout\fR" 4
.IX Item "-noout"
@@ -271,12 +280,12 @@ displays them.
.IP "\fB\-pass arg\fR, \fB\-passout arg\fR" 4
.IX Item "-pass arg, -passout arg"
the PKCS#12 file (i.e. output file) password source. For more information about
-the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in
+the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in
\&\fIopenssl\fR\|(1).
.IP "\fB\-passin password\fR" 4
.IX Item "-passin password"
pass phrase source to decrypt any input private keys with. For more information
-about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in
+about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in
\&\fIopenssl\fR\|(1).
.IP "\fB\-chain\fR" 4
.IX Item "-chain"
@@ -285,9 +294,9 @@ certificate chain of the user certificate. The sta
for this search. If the search fails it is considered a fatal error.
.IP "\fB\-descert\fR" 4
.IX Item "-descert"
-encrypt the certificate using triple \s-1DES\s0, this may render the PKCS#12
+encrypt the certificate using triple \s-1DES,\s0 this may render the PKCS#12
file unreadable by some \*(L"export grade\*(R" software. By default the private
-key is encrypted using triple \s-1DES\s0 and the certificate using 40 bit \s-1RC2\s0.
+key is encrypted using triple \s-1DES\s0 and the certificate using 40 bit \s-1RC2.\s0
.IP "\fB\-keypbe alg\fR, \fB\-certpbe alg\fR" 4
.IX Item "-keypbe alg, -certpbe alg"
these options allow the algorithm used to encrypt the private key and
@@ -302,12 +311,12 @@ This option is only interpreted by \s-1MSIE\s0 and
encryption purposes but arbitrary length keys for signing. The \fB\-keysig\fR
option marks the key for signing only. Signing only keys can be used for
S/MIME signing, authenticode (ActiveX control signing) and \s-1SSL\s0 client
-authentication, however due to a bug only \s-1MSIE\s0 5.0 and later support
+authentication, however due to a bug only \s-1MSIE 5.0\s0 and later support
the use of signing only keys for \s-1SSL\s0 client authentication.
.IP "\fB\-nomaciter\fR, \fB\-noiter\fR" 4
.IX Item "-nomaciter, -noiter"
these options affect the iteration counts on the \s-1MAC\s0 and key algorithms.
-Unless you wish to produce files compatible with \s-1MSIE\s0 4.0 you should leave
+Unless you wish to produce files compatible with \s-1MSIE 4.0\s0 you should leave
these options alone.
.Sp
To discourage attacks by using large dictionaries of common passwords the
@@ -319,7 +328,7 @@ By default both \s-1MAC\s0 and encryption iteratio
these options the \s-1MAC\s0 and encryption iteration counts can be set to 1, since
this reduces the file security you should not use these options unless you
really have to. Most software supports both \s-1MAC\s0 and key iteration counts.
-\&\s-1MSIE\s0 4.0 doesn't support \s-1MAC\s0 iteration counts so it needs the \fB\-nomaciter\fR
+\&\s-1MSIE 4.0\s0 doesn't support \s-1MAC\s0 iteration counts so it needs the \fB\-nomaciter\fR
option.
.IP "\fB\-maciter\fR" 4
.IX Item "-maciter"
@@ -353,7 +362,7 @@ The \fB\-keypbe\fR and \fB\-certpbe\fR algorithms
algorithms for private keys and certificates to be specified. Normally
the defaults are fine but occasionally software can't handle triple \s-1DES\s0
encrypted private keys, then the option \fB\-keypbe \s-1PBE\-SHA1\-RC2\-40\s0\fR can
-be used to reduce the private key encryption to 40 bit \s-1RC2\s0. A complete
+be used to reduce the private key encryption to 40 bit \s-1RC2. A\s0 complete
description of all algorithms is contained in the \fBpkcs8\fR manual page.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Index: secure/usr.bin/openssl/man/pkcs7.1
===================================================================
--- secure/usr.bin/openssl/man/pkcs7.1 (revision 279126)
+++ secure/usr.bin/openssl/man/pkcs7.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7 1"
-.TH PKCS7 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH PKCS7 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -215,7 +224,7 @@ For compatibility with some CAs it will also accep
There is no option to print out all the fields of a PKCS#7 file.
.PP
This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in \s-1RFC2315\s0 they
-cannot currently parse, for example, the new \s-1CMS\s0 as described in \s-1RFC2630\s0.
+cannot currently parse, for example, the new \s-1CMS\s0 as described in \s-1RFC2630.\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIcrl2pkcs7\fR\|(1)
Index: secure/usr.bin/openssl/man/pkcs8.1
===================================================================
--- secure/usr.bin/openssl/man/pkcs8.1 (revision 279126)
+++ secure/usr.bin/openssl/man/pkcs8.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS8 1"
-.TH PKCS8 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH PKCS8 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -180,7 +189,7 @@ prompted for.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename to write a key to or standard output by
@@ -190,7 +199,7 @@ filename.
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-nocrypt\fR" 4
.IX Item "-nocrypt"
PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo
@@ -202,15 +211,15 @@ code signing software used unencrypted private key
.IP "\fB\-nooct\fR" 4
.IX Item "-nooct"
This option generates \s-1RSA\s0 private keys in a broken format that some software
-uses. Specifically the private key should be enclosed in a \s-1OCTET\s0 \s-1STRING\s0
+uses. Specifically the private key should be enclosed in a \s-1OCTET STRING\s0
but some software just includes the structure itself without the
-surrounding \s-1OCTET\s0 \s-1STRING\s0.
+surrounding \s-1OCTET STRING.\s0
.IP "\fB\-embed\fR" 4
.IX Item "-embed"
This option generates \s-1DSA\s0 keys in a broken format. The \s-1DSA\s0 parameters are
-embedded inside the PrivateKey structure. In this form the \s-1OCTET\s0 \s-1STRING\s0
-contains an \s-1ASN1\s0 \s-1SEQUENCE\s0 consisting of two structures: a \s-1SEQUENCE\s0 containing
-the parameters and an \s-1ASN1\s0 \s-1INTEGER\s0 containing the private key.
+embedded inside the PrivateKey structure. In this form the \s-1OCTET STRING\s0
+contains an \s-1ASN1 SEQUENCE\s0 consisting of two structures: a \s-1SEQUENCE\s0 containing
+the parameters and an \s-1ASN1 INTEGER\s0 containing the private key.
.IP "\fB\-nsdb\fR" 4
.IX Item "-nsdb"
This option generates \s-1DSA\s0 keys in a broken format compatible with Netscape
@@ -276,17 +285,17 @@ level whereas the traditional format includes them
Various algorithms can be used with the \fB\-v1\fR command line option,
including PKCS#5 v1.5 and PKCS#12. These are described in more detail
below.
-.IP "\fB\s-1PBE\-MD2\-DES\s0 \s-1PBE\-MD5\-DES\s0\fR" 4
+.IP "\fB\s-1PBE\-MD2\-DES PBE\-MD5\-DES\s0\fR" 4
.IX Item "PBE-MD2-DES PBE-MD5-DES"
These algorithms were included in the original PKCS#5 v1.5 specification.
-They only offer 56 bits of protection since they both use \s-1DES\s0.
-.IP "\fB\s-1PBE\-SHA1\-RC2\-64\s0 \s-1PBE\-MD2\-RC2\-64\s0 \s-1PBE\-MD5\-RC2\-64\s0 \s-1PBE\-SHA1\-DES\s0\fR" 4
+They only offer 56 bits of protection since they both use \s-1DES.\s0
+.IP "\fB\s-1PBE\-SHA1\-RC2\-64 PBE\-MD2\-RC2\-64 PBE\-MD5\-RC2\-64 PBE\-SHA1\-DES\s0\fR" 4
.IX Item "PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES"
These algorithms are not mentioned in the original PKCS#5 v1.5 specification
but they use the same key derivation algorithm and are supported by some
software. They are mentioned in PKCS#5 v2.0. They use either 64 bit \s-1RC2\s0 or
-56 bit \s-1DES\s0.
-.IP "\fB\s-1PBE\-SHA1\-RC4\-128\s0 \s-1PBE\-SHA1\-RC4\-40\s0 \s-1PBE\-SHA1\-3DES\s0 \s-1PBE\-SHA1\-2DES\s0 \s-1PBE\-SHA1\-RC2\-128\s0 \s-1PBE\-SHA1\-RC2\-40\s0\fR" 4
+56 bit \s-1DES.\s0
+.IP "\fB\s-1PBE\-SHA1\-RC4\-128 PBE\-SHA1\-RC4\-40 PBE\-SHA1\-3DES PBE\-SHA1\-2DES PBE\-SHA1\-RC2\-128 PBE\-SHA1\-RC2\-40\s0\fR" 4
.IX Item "PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40"
These algorithms use the PKCS#12 password based encryption algorithm and
allow strong encryption algorithms like triple \s-1DES\s0 or 128 bit \s-1RC2\s0 to be used.
@@ -327,13 +336,13 @@ Convert a private key from any PKCS#8 format to tr
.SH "STANDARDS"
.IX Header "STANDARDS"
Test vectors from this PKCS#5 v2.0 implementation were posted to the
-pkcs-tng mailing list using triple \s-1DES\s0, \s-1DES\s0 and \s-1RC2\s0 with high iteration
+pkcs-tng mailing list using triple \s-1DES, DES\s0 and \s-1RC2\s0 with high iteration
counts, several people confirmed that they could decrypt the private
keys produced and Therefore it can be assumed that the PKCS#5 v2.0
implementation is reasonably accurate at least as far as these
algorithms are concerned.
.PP
-The format of PKCS#8 \s-1DSA\s0 (and other) private keys is not well documented:
+The format of PKCS#8 \s-1DSA \s0(and other) private keys is not well documented:
it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default \s-1DSA\s0
PKCS#8 private key format complies with this standard.
.SH "BUGS"
Index: secure/usr.bin/openssl/man/rand.1
===================================================================
--- secure/usr.bin/openssl/man/rand.1 (revision 279126)
+++ secure/usr.bin/openssl/man/rand.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RAND 1"
-.TH RAND 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH RAND 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/usr.bin/openssl/man/req.1
===================================================================
--- secure/usr.bin/openssl/man/req.1 (revision 279126)
+++ secure/usr.bin/openssl/man/req.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "REQ 1"
-.TH REQ 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH REQ 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -178,7 +187,7 @@ for use as root CAs for example.
.IX Header "COMMAND OPTIONS"
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
-This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded
form compatible with the PKCS#10. The \fB\s-1PEM\s0\fR form is the default format: it
consists of the \fB\s-1DER\s0\fR format base64 encoded with additional header and
footer lines.
@@ -194,7 +203,7 @@ options (\fB\-new\fR and \fB\-newkey\fR) are not s
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename to write to or standard output by
@@ -202,7 +211,7 @@ default.
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-text\fR" 4
.IX Item "-text"
prints out the certificate request in text form.
@@ -263,7 +272,7 @@ will not be encrypted.
.IX Item "-[md5|sha1|md2|mdc2]"
this specifies the message digest to sign the request with. This
overrides the digest algorithm specified in the configuration file.
-This option is ignored for \s-1DSA\s0 requests: they always use \s-1SHA1\s0.
+This option is ignored for \s-1DSA\s0 requests: they always use \s-1SHA1.\s0
.IP "\fB\-config filename\fR" 4
.IX Item "-config filename"
this allows an alternative configuration file to be specified,
@@ -287,7 +296,7 @@ If \-multi\-rdn is not used then the \s-1UID\s0 va
.IX Item "-x509"
this option outputs a self signed certificate instead of a certificate
request. This is typically used to generate a test certificate or
-a self signed root \s-1CA\s0. The extensions added to the certificate
+a self signed root \s-1CA.\s0 The extensions added to the certificate
(if any) are specified in the configuration file. Unless specified
using the \fBset_serial\fR option \fB0\fR will be used for the serial
number.
@@ -314,7 +323,7 @@ a variety of purposes.
.IP "\fB\-utf8\fR" 4
.IX Item "-utf8"
this option causes field values to be interpreted as \s-1UTF8\s0 strings, by
-default they are interpreted as \s-1ASCII\s0. This means that the field
+default they are interpreted as \s-1ASCII.\s0 This means that the field
values, whether prompted from a terminal or obtained from a
configuration file, must be valid \s-1UTF8\s0 strings.
.IP "\fB\-nameopt option\fR" 4
@@ -331,10 +340,10 @@ accept requests containing no attributes in an inv
option produces this invalid format.
.Sp
More precisely the \fBAttributes\fR in a PKCS#10 certificate request
-are defined as a \fB\s-1SET\s0 \s-1OF\s0 Attribute\fR. They are \fBnot \s-1OPTIONAL\s0\fR so
+are defined as a \fB\s-1SET OF\s0 Attribute\fR. They are \fBnot \s-1OPTIONAL\s0\fR so
if no attributes are present then they should be encoded as an
-empty \fB\s-1SET\s0 \s-1OF\s0\fR. The invalid form does not include the empty
-\&\fB\s-1SET\s0 \s-1OF\s0\fR whereas the correct form does.
+empty \fB\s-1SET OF\s0\fR. The invalid form does not include the empty
+\&\fB\s-1SET OF\s0\fR whereas the correct form does.
.Sp
It should be noted that very few CAs still require the use of this option.
.IP "\fB\-newhdr\fR" 4
@@ -379,7 +388,7 @@ specified the key is written to standard output. T
overridden by the \fB\-keyout\fR option.
.IP "\fBoid_file\fR" 4
.IX Item "oid_file"
-This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR.
+This specifies a file containing additional \fB\s-1OBJECT IDENTIFIERS\s0\fR.
Each line of the file should consist of the numerical form of the
object identifier followed by white space then the short name followed
by white space and finally the long name.
@@ -412,7 +421,7 @@ fields. Most users will not need to change this op
It can be set to several values \fBdefault\fR which is also the default
option uses PrintableStrings, T61Strings and BMPStrings if the
\&\fBpkix\fR value is used then only PrintableStrings and BMPStrings will
-be used. This follows the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0. If the
+be used. This follows the \s-1PKIX\s0 recommendation in \s-1RFC2459.\s0 If the
\&\fButf8only\fR option is used then only UTF8Strings will be used: this
is the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0 after 2003. Finally the \fBnombstr\fR
option just uses PrintableStrings and T61Strings: certain software has
@@ -435,7 +444,7 @@ expected format of the \fBdistinguished_name\fR an
.IP "\fButf8\fR" 4
.IX Item "utf8"
if set to the value \fByes\fR then field values to be interpreted as \s-1UTF8\s0
-strings, by default they are interpreted as \s-1ASCII\s0. This means that
+strings, by default they are interpreted as \s-1ASCII.\s0 This means that
the field values, whether prompted from a terminal or obtained from a
configuration file, must be valid \s-1UTF8\s0 strings.
.IP "\fBattributes\fR" 4
@@ -488,7 +497,7 @@ on the field being used (for example countryName c
two characters long and must fit in a PrintableString).
.PP
Some fields (such as organizationName) can be used more than once
-in a \s-1DN\s0. This presents a problem because configuration files will
+in a \s-1DN.\s0 This presents a problem because configuration files will
not recognize the same name occurring twice. To avoid this problem
if the fieldName contains some characters followed by a full stop
they will be ignored. So for example a second organizationName can
@@ -663,7 +672,7 @@ Another puzzling message is this:
.Ve
.PP
this is displayed when no attributes are present and the request includes
-the correct empty \fB\s-1SET\s0 \s-1OF\s0\fR structure (the \s-1DER\s0 encoding of which is 0xa0
+the correct empty \fB\s-1SET OF\s0\fR structure (the \s-1DER\s0 encoding of which is 0xa0
0x00). If you just see:
.PP
.Vb 1
@@ -670,7 +679,7 @@ this is displayed when no attributes are present a
\& Attributes:
.Ve
.PP
-then the \fB\s-1SET\s0 \s-1OF\s0\fR is missing and the encoding is technically invalid (but
+then the \fB\s-1SET OF\s0\fR is missing and the encoding is technically invalid (but
it is tolerated). See the description of the command line option \fB\-asn1\-kludge\fR
for more information.
.SH "ENVIRONMENT VARIABLES"
@@ -682,7 +691,7 @@ environment variable serves the same purpose but i
.SH "BUGS"
.IX Header "BUGS"
OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively
-treats them as \s-1ISO\-8859\-1\s0 (Latin 1), Netscape and \s-1MSIE\s0 have similar behaviour.
+treats them as \s-1ISO\-8859\-1 \s0(Latin 1), Netscape and \s-1MSIE\s0 have similar behaviour.
This can cause problems if you need characters that aren't available in
PrintableStrings and you don't want to or can't use BMPStrings.
.PP
Index: secure/usr.bin/openssl/man/rsa.1
===================================================================
--- secure/usr.bin/openssl/man/rsa.1 (revision 279126)
+++ secure/usr.bin/openssl/man/rsa.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA 1"
-.TH RSA 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH RSA 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -141,6 +150,12 @@ rsa \- RSA key processing tool
[\fB\-out filename\fR]
[\fB\-passout arg\fR]
[\fB\-sgckey\fR]
+[\fB\-aes128\fR]
+[\fB\-aes192\fR]
+[\fB\-aes256\fR]
+[\fB\-camellia128\fR]
+[\fB\-camellia192\fR]
+[\fB\-camellia256\fR]
[\fB\-des\fR]
[\fB\-des3\fR]
[\fB\-idea\fR]
@@ -162,7 +177,7 @@ utility.
.IX Header "COMMAND OPTIONS"
.IP "\fB\-inform DER|NET|PEM\fR" 4
.IX Item "-inform DER|NET|PEM"
-This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded
form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format.
The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64
encoded with additional header and footer lines. On input PKCS#8 format private
@@ -180,7 +195,7 @@ prompted for.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename to write a key to or standard output if this
@@ -190,15 +205,15 @@ filename.
.IP "\fB\-passout password\fR" 4
.IX Item "-passout password"
the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-sgckey\fR" 4
.IX Item "-sgckey"
use the modified \s-1NET\s0 algorithm used with some versions of Microsoft \s-1IIS\s0 and \s-1SGC\s0
keys.
-.IP "\fB\-des|\-des3|\-idea\fR" 4
-.IX Item "-des|-des3|-idea"
-These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the
-\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for.
+.IP "\fB\-aes128|\-aes192|\-aes256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4
+.IX Item "-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea"
+These options encrypt the private key with the specified
+cipher before outputting it. A pass phrase is prompted for.
If none of these options is specified the key is written in plain text. This
means that using the \fBrsa\fR utility to read in an encrypted key with no
encryption option can be used to remove the pass phrase from a key, or by
@@ -249,13 +264,13 @@ The \s-1PEM\s0 public key format uses the header a
.Ve
.PP
The \fB\s-1NET\s0\fR form is a format compatible with older Netscape servers
-and Microsoft \s-1IIS\s0 .key files, this uses unsalted \s-1RC4\s0 for its encryption.
+and Microsoft \s-1IIS \s0.key files, this uses unsalted \s-1RC4\s0 for its encryption.
It is not very secure and so should only be used when necessary.
.PP
Some newer version of \s-1IIS\s0 have additional data in the exported .key
files. To use these with the utility, view the file with a binary editor
and look for the string \*(L"private-key\*(R", then trace back to the byte
-sequence 0x30, 0x82 (this is an \s-1ASN1\s0 \s-1SEQUENCE\s0). Copy all the data
+sequence 0x30, 0x82 (this is an \s-1ASN1 SEQUENCE\s0). Copy all the data
from this point onwards to another file and use that as the input
to the \fBrsa\fR utility with the \fB\-inform \s-1NET\s0\fR option. If you get
an error after entering the password try the \fB\-sgckey\fR option.
Index: secure/usr.bin/openssl/man/rsautl.1
===================================================================
--- secure/usr.bin/openssl/man/rsautl.1 (revision 279126)
+++ secure/usr.bin/openssl/man/rsautl.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSAUTL 1"
-.TH RSAUTL 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH RSAUTL 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -186,7 +195,7 @@ encrypt the input data using an \s-1RSA\s0 public
decrypt the input data using an \s-1RSA\s0 private key.
.IP "\fB\-pkcs, \-oaep, \-ssl, \-raw\fR" 4
.IX Item "-pkcs, -oaep, -ssl, -raw"
-the padding to use: PKCS#1 v1.5 (the default), PKCS#1 \s-1OAEP\s0,
+the padding to use: PKCS#1 v1.5 (the default), PKCS#1 \s-1OAEP,\s0
special padding used in \s-1SSL\s0 v2 backwards compatible handshakes,
or no padding, respectively.
For signatures, only \fB\-pkcs\fR and \fB\-raw\fR can be used.
@@ -261,7 +270,7 @@ example in certs/pca\-cert.pem . Running \fBasn1pa
\& 614:d=1 hl=3 l= 129 prim: BIT STRING
.Ve
.PP
-The final \s-1BIT\s0 \s-1STRING\s0 contains the actual signature. It can be extracted with:
+The final \s-1BIT STRING\s0 contains the actual signature. It can be extracted with:
.PP
.Vb 1
\& openssl asn1parse \-in pca\-cert.pem \-out sig \-noout \-strparse 614
Index: secure/usr.bin/openssl/man/s_client.1
===================================================================
--- secure/usr.bin/openssl/man/s_client.1 (revision 279126)
+++ secure/usr.bin/openssl/man/s_client.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "S_CLIENT 1"
-.TH S_CLIENT 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH S_CLIENT 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -143,6 +152,22 @@ s_client \- SSL/TLS client program
[\fB\-pass arg\fR]
[\fB\-CApath directory\fR]
[\fB\-CAfile filename\fR]
+[\fB\-attime timestamp\fR]
+[\fB\-check_ss_sig\fR]
+[\fB\-crl_check\fR]
+[\fB\-crl_check_all\fR]
+[\fB\-explicit_policy\fR]
+[\fB\-ignore_critical\fR]
+[\fB\-inhibit_any\fR]
+[\fB\-inhibit_map\fR]
+[\fB\-issuer_checks\fR]
+[\fB\-policy arg\fR]
+[\fB\-policy_check\fR]
+[\fB\-policy_print\fR]
+[\fB\-purpose purpose\fR]
+[\fB\-use_deltas\fR]
+[\fB\-verify_depth num\fR]
+[\fB\-x509_strict\fR]
[\fB\-reconnect\fR]
[\fB\-pause\fR]
[\fB\-showcerts\fR]
@@ -160,9 +185,11 @@ s_client \- SSL/TLS client program
[\fB\-no_ssl2\fR]
[\fB\-no_ssl3\fR]
[\fB\-no_tls1\fR]
+[\fB\-fallback_scsv\fR]
[\fB\-bugs\fR]
[\fB\-cipher cipherlist\fR]
[\fB\-starttls protocol\fR]
+[\fB\-xmpphost hostname\fR]
[\fB\-engine id\fR]
[\fB\-tlsextdebug\fR]
[\fB\-no_ticket\fR]
@@ -172,10 +199,14 @@ s_client \- SSL/TLS client program
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBs_client\fR command implements a generic \s-1SSL/TLS\s0 client which connects
-to a remote host using \s-1SSL/TLS\s0. It is a \fIvery\fR useful diagnostic tool for
+to a remote host using \s-1SSL/TLS.\s0 It is a \fIvery\fR useful diagnostic tool for
\&\s-1SSL\s0 servers.
.SH "OPTIONS"
.IX Header "OPTIONS"
+In addition to the options below the \fBs_client\fR utility also supports the
+common and client only options documented in the
+in the \fISSL_CONF_cmd\fR\|(3)
+manual page.
.IP "\fB\-connect host:port\fR" 4
.IX Item "-connect host:port"
This specifies the host and optional port to connect to. If not specified
@@ -186,7 +217,7 @@ The certificate to use, if one is requested by the
not to use a certificate.
.IP "\fB\-certform format\fR" 4
.IX Item "-certform format"
-The certificate format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default.
+The certificate format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default.
.IP "\fB\-key keyfile\fR" 4
.IX Item "-key keyfile"
The private key to use. If not specified then the certificate file will
@@ -193,11 +224,11 @@ The private key to use. If not specified then the
be used.
.IP "\fB\-keyform format\fR" 4
.IX Item "-keyform format"
-The private format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default.
+The private format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default.
.IP "\fB\-pass arg\fR" 4
.IX Item "-pass arg"
the private key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-verify depth\fR" 4
.IX Item "-verify depth"
The verify depth to use. This specifies the maximum length of the
@@ -214,9 +245,13 @@ also used when building the client certificate cha
.IX Item "-CAfile file"
A file containing trusted certificates to use during server authentication
and to use when attempting to build the client certificate chain.
+.IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fBexplicit_policy\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-issuer_checks\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-use_deltas\fR, \fB\-verify_depth\fR, \fB\-x509_strict\fR" 4
+.IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, explicit_policy, -ignore_critical, -inhibit_any, -inhibit_map, -issuer_checks, -policy, -policy_check, -policy_print, -purpose, -use_deltas, -verify_depth, -x509_strict"
+Set various certificate chain valiadition options. See the
+\&\fBverify\fR manual page for details.
.IP "\fB\-reconnect\fR" 4
.IX Item "-reconnect"
-reconnects to the same server 5 times using the same session \s-1ID\s0, this can
+reconnects to the same server 5 times using the same session \s-1ID,\s0 this can
be used as a test that session caching is working.
.IP "\fB\-pause\fR" 4
.IX Item "-pause"
@@ -232,7 +267,7 @@ to print out information even if the connection fa
will only be printed out once if the connection succeeds. This option is useful
because the cipher in use may be renegotiated or the connection may fail
because a client certificate is required or is requested only after an
-attempt is made to access a certain \s-1URL\s0. Note: the output produced by this
+attempt is made to access a certain \s-1URL.\s0 Note: the output produced by this
option is not always accurate because a connection might never have been
established.
.IP "\fB\-state\fR" 4
@@ -268,10 +303,12 @@ these options disable the use of certain \s-1SSL\s
the initial handshake uses a method which should be compatible with all
servers and permit them to use \s-1SSL\s0 v3, \s-1SSL\s0 v2 or \s-1TLS\s0 as appropriate.
.Sp
-Unfortunately there are a lot of ancient and broken servers in use which
+Unfortunately there are still ancient and broken servers in use which
cannot handle this technique and will fail to connect. Some servers only
-work if \s-1TLS\s0 is turned off with the \fB\-no_tls\fR option others will only
-support \s-1SSL\s0 v2 and may need the \fB\-ssl2\fR option.
+work if \s-1TLS\s0 is turned off.
+.IP "\fB\-fallback_scsv\fR" 4
+.IX Item "-fallback_scsv"
+Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello.
.IP "\fB\-bugs\fR" 4
.IX Item "-bugs"
there are several known bug in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this
@@ -286,16 +323,19 @@ command for more information.
.IX Item "-starttls protocol"
send the protocol-specific message(s) to switch to \s-1TLS\s0 for communication.
\&\fBprotocol\fR is a keyword for the intended protocol. Currently, the only
-supported keywords are \*(L"smtp\*(R", \*(L"pop3\*(R", \*(L"imap\*(R", and \*(L"ftp\*(R".
+supported keywords are \*(L"smtp\*(R", \*(L"pop3\*(R", \*(L"imap\*(R", \*(L"ftp\*(R" and \*(L"xmpp\*(R".
+.IP "\fB\-xmpphost hostname\fR" 4
+.IX Item "-xmpphost hostname"
+This option, when used with \*(L"\-starttls xmpp\*(R", specifies the host for the
+\&\*(L"to\*(R" attribute of the stream element.
+If this option is not specified, then the host specified with \*(L"\-connect\*(R"
+will be used.
.IP "\fB\-tlsextdebug\fR" 4
.IX Item "-tlsextdebug"
-print out a hex dump of any \s-1TLS\s0 extensions received from the server. Note: this
-option is only available if extension support is explicitly enabled at compile
-time
+print out a hex dump of any \s-1TLS\s0 extensions received from the server.
.IP "\fB\-no_ticket\fR" 4
.IX Item "-no_ticket"
-disable RFC4507bis session ticket support. Note: this option is only available
-if extension support is explicitly enabled at compile time
+disable RFC4507bis session ticket support.
.IP "\fB\-sess_out filename\fR" 4
.IX Item "-sess_out filename"
output \s-1SSL\s0 session to \fBfilename\fR
@@ -305,7 +345,7 @@ load \s-1SSL\s0 session from \fBfilename\fR. The c
connection from this session.
.IP "\fB\-engine id\fR" 4
.IX Item "-engine id"
-specifying an engine (by it's unique \fBid\fR string) will cause \fBs_client\fR
+specifying an engine (by its unique \fBid\fR string) will cause \fBs_client\fR
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
@@ -326,7 +366,7 @@ have been given), the session will be renegotiated
connection will be closed down.
.SH "NOTES"
.IX Header "NOTES"
-\&\fBs_client\fR can be used to debug \s-1SSL\s0 servers. To connect to an \s-1SSL\s0 \s-1HTTP\s0
+\&\fBs_client\fR can be used to debug \s-1SSL\s0 servers. To connect to an \s-1SSL HTTP\s0
server the command:
.PP
.Vb 1
@@ -334,7 +374,7 @@ server the command:
.Ve
.PP
would typically be used (https uses port 443). If the connection succeeds
-then an \s-1HTTP\s0 command can be given such as \*(L"\s-1GET\s0 /\*(R" to retrieve a web page.
+then an \s-1HTTP\s0 command can be given such as \*(L"\s-1GET /\*(R"\s0 to retrieve a web page.
.PP
If the handshake fails then there are several possible causes, if it is
nothing obvious like no client certificate then the \fB\-bugs\fR, \fB\-ssl2\fR,
@@ -364,8 +404,11 @@ Since the SSLv23 client hello cannot include compr
these will only be supported if its use is disabled, for example by using the
\&\fB\-no_sslv2\fR option.
.PP
-\&\s-1TLS\s0 extensions are only supported in OpenSSL 0.9.8 if they are explictly
-enabled at compile time using for example the \fBenable-tlsext\fR switch.
+The \fBs_client\fR utility is a test tool and is designed to continue the
+handshake after any certificate verification errors. As a result it will
+accept any certificate chain (trusted or not) sent by the peer. None test
+applications should \fBnot\fR do this as it makes them vulnerable to a \s-1MITM\s0
+attack.
.SH "BUGS"
.IX Header "BUGS"
Because this program has a lot of options and also because some of
@@ -373,9 +416,6 @@ the techniques used are rather old, the C source o
hard to read and not a model of how things should be done. A typical
\&\s-1SSL\s0 client program would be much simpler.
.PP
-The \fB\-verify\fR option should really exit if the server verification
-fails.
-.PP
The \fB\-prexit\fR option is a bit of a hack. We should really report
information whenever a session is renegotiated.
.SH "SEE ALSO"
Index: secure/usr.bin/openssl/man/s_server.1
===================================================================
--- secure/usr.bin/openssl/man/s_server.1 (revision 279126)
+++ secure/usr.bin/openssl/man/s_server.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "S_SERVER 1"
-.TH S_SERVER 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH S_SERVER 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -161,6 +170,7 @@ s_server \- SSL/TLS server program
[\fB\-CAfile filename\fR]
[\fB\-nocert\fR]
[\fB\-cipher cipherlist\fR]
+[\fB\-serverpref\fR]
[\fB\-quiet\fR]
[\fB\-no_tmp_rsa\fR]
[\fB\-ssl2\fR]
@@ -183,7 +193,7 @@ s_server \- SSL/TLS server program
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBs_server\fR command implements a generic \s-1SSL/TLS\s0 server which listens
-for connections on a given port using \s-1SSL/TLS\s0.
+for connections on a given port using \s-1SSL/TLS.\s0
.SH "OPTIONS"
.IX Header "OPTIONS"
.IP "\fB\-accept port\fR" 4
@@ -197,11 +207,11 @@ is not present a default value will be used.
.IX Item "-cert certname"
The certificate to use, most servers cipher suites require the use of a
certificate and some require a certificate with a certain public key type:
-for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS\s0
-(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used.
+for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS
+\&\s0(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used.
.IP "\fB\-certform format\fR" 4
.IX Item "-certform format"
-The certificate format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default.
+The certificate format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default.
.IP "\fB\-key keyfile\fR" 4
.IX Item "-key keyfile"
The private key to use. If not specified then the certificate file will
@@ -208,11 +218,11 @@ The private key to use. If not specified then the
be used.
.IP "\fB\-keyform format\fR" 4
.IX Item "-keyform format"
-The private format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default.
+The private format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default.
.IP "\fB\-pass arg\fR" 4
.IX Item "-pass arg"
the private key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-dcert filename\fR, \fB\-dkey keyname\fR" 4
.IX Item "-dcert filename, -dkey keyname"
specify an additional certificate and private key, these behave in the
@@ -220,7 +230,7 @@ same manner as the \fB\-cert\fR and \fB\-key\fR op
if they are not specified (no additional certificate and key is used). As
noted above some cipher suites require a certificate containing a key of
a certain type. Some cipher suites need a certificate carrying an \s-1RSA\s0 key
-and some a \s-1DSS\s0 (\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys
+and some a \s-1DSS \s0(\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys
a server can support clients which only support \s-1RSA\s0 or \s-1DSS\s0 cipher suites
by using an appropriate certificate.
.IP "\fB\-dcertform format\fR, \fB\-dkeyform format\fR, \fB\-dpass arg\fR" 4
@@ -252,9 +262,12 @@ client certificate chain and makes the server requ
the client. With the \fB\-verify\fR option a certificate is requested but the
client does not have to send one, with the \fB\-Verify\fR option the client
must supply a certificate or an error occurs.
+.Sp
+If the ciphersuite cannot request a client certificate (for example an
+anonymous ciphersuite or \s-1PSK\s0) this option has no effect.
.IP "\fB\-crl_check\fR, \fB\-crl_check_all\fR" 4
.IX Item "-crl_check, -crl_check_all"
-Check the peer certificate has not been revoked by its \s-1CA\s0.
+Check the peer certificate has not been revoked by its \s-1CA.\s0
The \s-1CRL\s0(s) are appended to the certificate file. With the \fB\-crl_check_all\fR
option all CRLs of all CAs in the chain are checked.
.IP "\fB\-CApath directory\fR" 4
@@ -285,7 +298,7 @@ tests non blocking I/O
turns on non blocking I/O
.IP "\fB\-crlf\fR" 4
.IX Item "-crlf"
-this option translated a line feed from the terminal into \s-1CR+LF\s0.
+this option translated a line feed from the terminal into \s-1CR+LF.\s0
.IP "\fB\-quiet\fR" 4
.IX Item "-quiet"
inhibit printing of session and certificate information.
@@ -309,6 +322,9 @@ the client sends a list of supported ciphers the f
also included in the server list is used. Because the client specifies
the preference order, the order of the server cipherlist irrelevant. See
the \fBciphers\fR command for more information.
+.IP "\fB\-serverpref\fR" 4
+.IX Item "-serverpref"
+use the server's cipher preferences, rather than the client's preferences.
.IP "\fB\-tlsextdebug\fR" 4
.IX Item "-tlsextdebug"
print out a hex dump of any \s-1TLS\s0 extensions received from the server.
Index: secure/usr.bin/openssl/man/s_time.1
===================================================================
--- secure/usr.bin/openssl/man/s_time.1 (revision 279126)
+++ secure/usr.bin/openssl/man/s_time.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "S_TIME 1"
-.TH S_TIME 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH S_TIME 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -152,7 +161,7 @@ s_time \- SSL/TLS performance timing program
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBs_client\fR command implements a generic \s-1SSL/TLS\s0 client which connects to a
-remote host using \s-1SSL/TLS\s0. It can request a page from the server and includes
+remote host using \s-1SSL/TLS.\s0 It can request a page from the server and includes
the time to transfer the payload data in its timing measurements. It measures
the number of connections within a given timeframe, the amount of data
transferred (if any), and calculates the average time spent for one connection.
@@ -234,7 +243,7 @@ and the link speed determine how many connections
.SH "NOTES"
.IX Header "NOTES"
\&\fBs_client\fR can be used to measure the performance of an \s-1SSL\s0 connection.
-To connect to an \s-1SSL\s0 \s-1HTTP\s0 server and get the default page the command
+To connect to an \s-1SSL HTTP\s0 server and get the default page the command
.PP
.Vb 1
\& openssl s_time \-connect servername:443 \-www / \-CApath yourdir \-CAfile yourfile.pem \-cipher commoncipher [\-ssl3]
Index: secure/usr.bin/openssl/man/sess_id.1
===================================================================
--- secure/usr.bin/openssl/man/sess_id.1 (revision 279126)
+++ secure/usr.bin/openssl/man/sess_id.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SESS_ID 1"
-.TH SESS_ID 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SESS_ID 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,7 +159,7 @@ needs some knowledge of the \s-1SSL\s0 protocol to
not need to use it.
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
-This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded
format containing session details. The precise format can vary from one version
to the next. The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR
format base64 encoded with additional header and footer lines.
@@ -180,7 +189,7 @@ this option prevents output of the encoded version
.IP "\fB\-context \s-1ID\s0\fR" 4
.IX Item "-context ID"
this option can set the session id so the output session information uses the
-supplied \s-1ID\s0. The \s-1ID\s0 can be any string of characters. This option wont normally
+supplied \s-1ID.\s0 The \s-1ID\s0 can be any string of characters. This option wont normally
be used.
.SH "OUTPUT"
.IX Header "OUTPUT"
Index: secure/usr.bin/openssl/man/smime.1
===================================================================
--- secure/usr.bin/openssl/man/smime.1 (revision 279126)
+++ secure/usr.bin/openssl/man/smime.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SMIME 1"
-.TH SMIME 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SMIME 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -230,7 +239,7 @@ is S/MIME and it uses the multipart/signed \s-1MIM
.IX Item "-text"
this option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied
message if encrypting or signing. If decrypting or verifying it strips
-off text headers: if the decrypted or verified message is not of \s-1MIME\s0
+off text headers: if the decrypted or verified message is not of \s-1MIME \s0
type text/plain then an error occurs.
.IP "\fB\-CAfile file\fR" 4
.IX Item "-CAfile file"
@@ -243,8 +252,8 @@ is a hash of each subject name (using \fBx509 \-ha
to each certificate.
.IP "\fB\-des \-des3 \-rc2\-40 \-rc2\-64 \-rc2\-128 \-aes128 \-aes192 \-aes256 \-camellia128 \-camellia192 \-camellia256\fR" 4
.IX Item "-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256 -camellia128 -camellia192 -camellia256"
-the encryption algorithm to use. \s-1DES\s0 (56 bits), triple \s-1DES\s0 (168 bits),
-40, 64 or 128 bit \s-1RC2\s0, 128, 192 or 256 bit \s-1AES\s0, or 128, 192 or 256 bit Camellia respectively.
+the encryption algorithm to use. \s-1DES \s0(56 bits), triple \s-1DES \s0(168 bits),
+40, 64 or 128 bit \s-1RC2, 128, 192\s0 or 256 bit \s-1AES,\s0 or 128, 192 or 256 bit Camellia respectively.
If not specified triple \s-1DES\s0 is used. Only used with \fB\-encrypt\fR.
.IP "\fB\-nointern\fR" 4
.IX Item "-nointern"
@@ -308,7 +317,7 @@ the \fB\-recip\fR or \fB\-signer\fR file.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the private key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-rand file(s)\fR" 4
.IX Item "-rand file(s)"
a file or files containing random data used to seed the random number
Index: secure/usr.bin/openssl/man/speed.1
===================================================================
--- secure/usr.bin/openssl/man/speed.1 (revision 279126)
+++ secure/usr.bin/openssl/man/speed.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SPEED 1"
-.TH SPEED 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SPEED 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/usr.bin/openssl/man/spkac.1
===================================================================
--- secure/usr.bin/openssl/man/spkac.1 (revision 279126)
+++ secure/usr.bin/openssl/man/spkac.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SPKAC 1"
-.TH SPKAC 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH SPKAC 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -168,7 +177,7 @@ present.
.IP "\fB\-passin password\fR" 4
.IX Item "-passin password"
the input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-challenge string\fR" 4
.IX Item "-challenge string"
specifies the challenge string if an \s-1SPKAC\s0 is being created.
@@ -175,23 +184,23 @@ specifies the challenge string if an \s-1SPKAC\s0
.IP "\fB\-spkac spkacname\fR" 4
.IX Item "-spkac spkacname"
allows an alternative name form the variable containing the
-\&\s-1SPKAC\s0. The default is \*(L"\s-1SPKAC\s0\*(R". This option affects both
+\&\s-1SPKAC.\s0 The default is \*(L"\s-1SPKAC\*(R".\s0 This option affects both
generated and input \s-1SPKAC\s0 files.
.IP "\fB\-spksect section\fR" 4
.IX Item "-spksect section"
allows an alternative name form the section containing the
-\&\s-1SPKAC\s0. The default is the default section.
+\&\s-1SPKAC.\s0 The default is the default section.
.IP "\fB\-noout\fR" 4
.IX Item "-noout"
-don't output the text version of the \s-1SPKAC\s0 (not used if an
+don't output the text version of the \s-1SPKAC \s0(not used if an
\&\s-1SPKAC\s0 is being created).
.IP "\fB\-pubkey\fR" 4
.IX Item "-pubkey"
-output the public key of an \s-1SPKAC\s0 (not used if an \s-1SPKAC\s0 is
+output the public key of an \s-1SPKAC \s0(not used if an \s-1SPKAC\s0 is
being created).
.IP "\fB\-verify\fR" 4
.IX Item "-verify"
-verifies the digital signature on the supplied \s-1SPKAC\s0.
+verifies the digital signature on the supplied \s-1SPKAC.\s0
.IP "\fB\-engine id\fR" 4
.IX Item "-engine id"
specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
@@ -218,7 +227,7 @@ Create an \s-1SPKAC\s0 using the challenge string
\& openssl spkac \-key key.pem \-challenge hello \-out spkac.cnf
.Ve
.PP
-Example of an \s-1SPKAC\s0, (long lines split up for clarity):
+Example of an \s-1SPKAC, \s0(long lines split up for clarity):
.PP
.Vb 5
\& SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\e
Index: secure/usr.bin/openssl/man/verify.1
===================================================================
--- secure/usr.bin/openssl/man/verify.1 (revision 279126)
+++ secure/usr.bin/openssl/man/verify.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "VERIFY 1"
-.TH VERIFY 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH VERIFY 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -134,13 +143,27 @@ verify \- Utility to verify certificates.
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
\&\fBopenssl\fR \fBverify\fR
+[\fB\-CAfile file\fR]
[\fB\-CApath directory\fR]
-[\fB\-CAfile file\fR]
+[\fB\-attime timestamp\fR]
+[\fB\-check_ss_sig\fR]
+[\fB\-crl_check\fR]
+[\fB\-crl_check_all\fR]
+[\fB\-explicit_policy\fR]
+[\fB\-help\fR]
+[\fB\-ignore_critical\fR]
+[\fB\-inhibit_any\fR]
+[\fB\-inhibit_map\fR]
+[\fB\-issuer_checks\fR]
+[\fB\-policy arg\fR]
+[\fB\-policy_check\fR]
+[\fB\-policy_print\fR]
[\fB\-purpose purpose\fR]
[\fB\-untrusted file\fR]
-[\fB\-help\fR]
-[\fB\-issuer_checks\fR]
+[\fB\-use_deltas\fR]
[\fB\-verbose\fR]
+[\fB\-verify_depth num\fR]
+[\fB\-x509_strict\fR]
[\fB\-\fR]
[certificates]
.SH "DESCRIPTION"
@@ -148,6 +171,10 @@ verify \- Utility to verify certificates.
The \fBverify\fR command verifies certificate chains.
.SH "COMMAND OPTIONS"
.IX Header "COMMAND OPTIONS"
+.IP "\fB\-CAfile file\fR" 4
+.IX Item "-CAfile file"
+A file of trusted certificates. The file should contain multiple certificates
+in \s-1PEM\s0 format concatenated together.
.IP "\fB\-CApath directory\fR" 4
.IX Item "-CApath directory"
A directory of trusted certificates. The certificates should have names
@@ -155,46 +182,92 @@ of the form: hash.0 or have symbolic links to them
form (\*(L"hash\*(R" is the hashed certificate subject name: see the \fB\-hash\fR option
of the \fBx509\fR utility). Under Unix the \fBc_rehash\fR script will automatically
create symbolic links to a directory of certificates.
-.IP "\fB\-CAfile file\fR" 4
-.IX Item "-CAfile file"
-A file of trusted certificates. The file should contain multiple certificates
-in \s-1PEM\s0 format concatenated together.
+.IP "\fB\-attime timestamp\fR" 4
+.IX Item "-attime timestamp"
+Perform validation checks using time specified by \fBtimestamp\fR and not
+current system time. \fBtimestamp\fR is the number of seconds since
+01.01.1970 (\s-1UNIX\s0 time).
+.IP "\fB\-check_ss_sig\fR" 4
+.IX Item "-check_ss_sig"
+Verify the signature on the self-signed root \s-1CA.\s0 This is disabled by default
+because it doesn't add any security.
+.IP "\fB\-crl_check\fR" 4
+.IX Item "-crl_check"
+Checks end entity certificate validity by attempting to look up a valid \s-1CRL.\s0
+If a valid \s-1CRL\s0 cannot be found an error occurs.
+.IP "\fB\-crl_check_all\fR" 4
+.IX Item "-crl_check_all"
+Checks the validity of \fBall\fR certificates in the chain by attempting
+to look up valid CRLs.
+.IP "\fB\-explicit_policy\fR" 4
+.IX Item "-explicit_policy"
+Set policy variable require-explicit-policy (see \s-1RFC5280\s0).
+.IP "\fB\-help\fR" 4
+.IX Item "-help"
+Print out a usage message.
+.IP "\fB\-ignore_critical\fR" 4
+.IX Item "-ignore_critical"
+Normally if an unhandled critical extension is present which is not
+supported by OpenSSL the certificate is rejected (as required by \s-1RFC5280\s0).
+If this option is set critical extensions are ignored.
+.IP "\fB\-inhibit_any\fR" 4
+.IX Item "-inhibit_any"
+Set policy variable inhibit-any-policy (see \s-1RFC5280\s0).
+.IP "\fB\-inhibit_map\fR" 4
+.IX Item "-inhibit_map"
+Set policy variable inhibit-policy-mapping (see \s-1RFC5280\s0).
+.IP "\fB\-issuer_checks\fR" 4
+.IX Item "-issuer_checks"
+Print out diagnostics relating to searches for the issuer certificate of the
+current certificate. This shows why each candidate issuer certificate was
+rejected. The presence of rejection messages does not itself imply that
+anything is wrong; during the normal verification process, several
+rejections may take place.
+.IP "\fB\-policy arg\fR" 4
+.IX Item "-policy arg"
+Enable policy processing and add \fBarg\fR to the user-initial-policy-set (see
+\&\s-1RFC5280\s0). The policy \fBarg\fR can be an object name an \s-1OID\s0 in numeric form.
+This argument can appear more than once.
+.IP "\fB\-policy_check\fR" 4
+.IX Item "-policy_check"
+Enables certificate policy processing.
+.IP "\fB\-policy_print\fR" 4
+.IX Item "-policy_print"
+Print out diagnostics related to policy processing.
+.IP "\fB\-purpose purpose\fR" 4
+.IX Item "-purpose purpose"
+The intended use for the certificate. If this option is not specified,
+\&\fBverify\fR will not consider certificate purpose during chain verification.
+Currently accepted uses are \fBsslclient\fR, \fBsslserver\fR, \fBnssslserver\fR,
+\&\fBsmimesign\fR, \fBsmimeencrypt\fR. See the \fB\s-1VERIFY OPERATION\s0\fR section for more
+information.
.IP "\fB\-untrusted file\fR" 4
.IX Item "-untrusted file"
A file of untrusted certificates. The file should contain multiple certificates
-.IP "\fB\-purpose purpose\fR" 4
-.IX Item "-purpose purpose"
-the intended use for the certificate. Without this option no chain verification
-will be done. Currently accepted uses are \fBsslclient\fR, \fBsslserver\fR,
-\&\fBnssslserver\fR, \fBsmimesign\fR, \fBsmimeencrypt\fR. See the \fB\s-1VERIFY\s0 \s-1OPERATION\s0\fR
-section for more information.
-.IP "\fB\-help\fR" 4
-.IX Item "-help"
-prints out a usage message.
+in \s-1PEM\s0 format concatenated together.
+.IP "\fB\-use_deltas\fR" 4
+.IX Item "-use_deltas"
+Enable support for delta CRLs.
.IP "\fB\-verbose\fR" 4
.IX Item "-verbose"
-print extra information about the operations being performed.
-.IP "\fB\-issuer_checks\fR" 4
-.IX Item "-issuer_checks"
-print out diagnostics relating to searches for the issuer certificate
-of the current certificate. This shows why each candidate issuer
-certificate was rejected. However the presence of rejection messages
-does not itself imply that anything is wrong: during the normal
-verify process several rejections may take place.
-.IP "\fB\-check_ss_sig\fR" 4
-.IX Item "-check_ss_sig"
-Verify the signature on the self-signed root \s-1CA\s0. This is disabled by default
-because it doesn't add any security.
+Print extra information about the operations being performed.
+.IP "\fB\-verify_depth num\fR" 4
+.IX Item "-verify_depth num"
+Limit the maximum depth of the certificate chain to \fBnum\fR certificates.
+.IP "\fB\-x509_strict\fR" 4
+.IX Item "-x509_strict"
+For strict X.509 compliance, disable non-compliant workarounds for broken
+certificates.
.IP "\fB\-\fR" 4
.IX Item "-"
-marks the last option. All arguments following this are assumed to be
+Indicates the last option. All arguments following this are assumed to be
certificate files. This is useful if the first certificate filename begins
with a \fB\-\fR.
.IP "\fBcertificates\fR" 4
.IX Item "certificates"
-one or more certificates to verify. If no certificate filenames are included
-then an attempt is made to read a certificate from standard input. They should
-all be in \s-1PEM\s0 format.
+One or more certificates to verify. If no certificates are given, \fBverify\fR
+will attempt to read a certificate from standard input. Certificates must be
+in \s-1PEM\s0 format.
.SH "VERIFY OPERATION"
.IX Header "VERIFY OPERATION"
The \fBverify\fR program uses the same functions as the internal \s-1SSL\s0 and S/MIME
@@ -210,10 +283,10 @@ determined.
The verify operation consists of a number of separate steps.
.PP
Firstly a certificate chain is built up starting from the supplied certificate
-and ending in the root \s-1CA\s0. It is an error if the whole chain cannot be built
+and ending in the root \s-1CA.\s0 It is an error if the whole chain cannot be built
up. The chain is built up by looking up the issuers certificate of the current
certificate. If a certificate is found which is its own issuer it is assumed
-to be the root \s-1CA\s0.
+to be the root \s-1CA.\s0
.PP
The process of 'looking up the issuers certificate' itself involves a number
of steps. In versions of OpenSSL before 0.9.5a the first certificate whose
@@ -237,9 +310,9 @@ consistency with the supplied purpose. If the \fB\
then no checks are done. The supplied or \*(L"leaf\*(R" certificate must have extensions
compatible with the supplied purpose and all other certificates must also be valid
\&\s-1CA\s0 certificates. The precise extensions required are described in more detail in
-the \fB\s-1CERTIFICATE\s0 \s-1EXTENSIONS\s0\fR section of the \fBx509\fR utility.
+the \fB\s-1CERTIFICATE EXTENSIONS\s0\fR section of the \fBx509\fR utility.
.PP
-The third operation is to check the trust settings on the root \s-1CA\s0. The root
+The third operation is to check the trust settings on the root \s-1CA.\s0 The root
\&\s-1CA\s0 should be trusted for the supplied purpose. For compatibility with previous
versions of SSLeay and OpenSSL a certificate with no trust settings is considered
to be valid for all purposes.
@@ -281,7 +354,7 @@ the issuer certificate of a looked up certificate
normally means the list of trusted certificates is not complete.
.IP "\fB3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate \s-1CRL\s0\fR" 4
.IX Item "3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL"
-the \s-1CRL\s0 of a certificate could not be found. Unused.
+the \s-1CRL\s0 of a certificate could not be found.
.IP "\fB4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature\fR" 4
.IX Item "4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature"
the certificate signature could not be decrypted. This means that the actual signature value
@@ -299,7 +372,7 @@ the public key in the certificate SubjectPublicKey
the signature of the certificate is invalid.
.IP "\fB8 X509_V_ERR_CRL_SIGNATURE_FAILURE: \s-1CRL\s0 signature failure\fR" 4
.IX Item "8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure"
-the signature of the certificate is invalid. Unused.
+the signature of the certificate is invalid.
.IP "\fB9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid\fR" 4
.IX Item "9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid"
the certificate is not yet valid: the notBefore date is after the current time.
@@ -308,10 +381,10 @@ the certificate is not yet valid: the notBefore da
the certificate has expired: that is the notAfter date is before the current time.
.IP "\fB11 X509_V_ERR_CRL_NOT_YET_VALID: \s-1CRL\s0 is not yet valid\fR" 4
.IX Item "11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid"
-the \s-1CRL\s0 is not yet valid. Unused.
+the \s-1CRL\s0 is not yet valid.
.IP "\fB12 X509_V_ERR_CRL_HAS_EXPIRED: \s-1CRL\s0 has expired\fR" 4
.IX Item "12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired"
-the \s-1CRL\s0 has expired. Unused.
+the \s-1CRL\s0 has expired.
.IP "\fB13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field\fR" 4
.IX Item "13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field"
the certificate notBefore field contains an invalid time.
@@ -320,10 +393,10 @@ the certificate notBefore field contains an invali
the certificate notAfter field contains an invalid time.
.IP "\fB15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in \s-1CRL\s0's lastUpdate field\fR" 4
.IX Item "15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field"
-the \s-1CRL\s0 lastUpdate field contains an invalid time. Unused.
+the \s-1CRL\s0 lastUpdate field contains an invalid time.
.IP "\fB16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in \s-1CRL\s0's nextUpdate field\fR" 4
.IX Item "16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field"
-the \s-1CRL\s0 nextUpdate field contains an invalid time. Unused.
+the \s-1CRL\s0 nextUpdate field contains an invalid time.
.IP "\fB17 X509_V_ERR_OUT_OF_MEM: out of memory\fR" 4
.IX Item "17 X509_V_ERR_OUT_OF_MEM: out of memory"
an error occurred trying to allocate memory. This should never happen.
@@ -348,7 +421,7 @@ self signed.
the certificate chain length is greater than the supplied maximum depth. Unused.
.IP "\fB23 X509_V_ERR_CERT_REVOKED: certificate revoked\fR" 4
.IX Item "23 X509_V_ERR_CERT_REVOKED: certificate revoked"
-the certificate has been revoked. Unused.
+the certificate has been revoked.
.IP "\fB24 X509_V_ERR_INVALID_CA: invalid \s-1CA\s0 certificate\fR" 4
.IX Item "24 X509_V_ERR_INVALID_CA: invalid CA certificate"
a \s-1CA\s0 certificate is invalid. Either it is not a \s-1CA\s0 or its extensions are not consistent
@@ -390,9 +463,9 @@ an application specific error. Unused.
.SH "BUGS"
.IX Header "BUGS"
Although the issuer checks are a considerable improvement over the old technique they still
-suffer from limitations in the underlying X509_LOOKUP \s-1API\s0. One consequence of this is that
+suffer from limitations in the underlying X509_LOOKUP \s-1API.\s0 One consequence of this is that
trusted certificates with matching subject name must either appear in a file (as specified by the
-\&\fB\-CAfile\fR option) or a directory (as specified by \fB\-CApath\fR. If they occur in both then only
+\&\fB\-CAfile\fR option) or a directory (as specified by \fB\-CApath\fR). If they occur in both then only
the certificates in the file will be recognised.
.PP
Previous versions of OpenSSL assume certificates with matching subject name are identical and
Index: secure/usr.bin/openssl/man/version.1
===================================================================
--- secure/usr.bin/openssl/man/version.1 (revision 279126)
+++ secure/usr.bin/openssl/man/version.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "VERSION 1"
-.TH VERSION 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH VERSION 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
Index: secure/usr.bin/openssl/man/x509.1
===================================================================
--- secure/usr.bin/openssl/man/x509.1 (revision 279126)
+++ secure/usr.bin/openssl/man/x509.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509 1"
-.TH X509 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH X509 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -145,6 +154,7 @@ x509 \- Certificate display and signing utility
[\fB\-hash\fR]
[\fB\-subject_hash\fR]
[\fB\-issuer_hash\fR]
+[\fB\-ocspid\fR]
[\fB\-subject\fR]
[\fB\-issuer\fR]
[\fB\-nameopt option\fR]
@@ -153,6 +163,7 @@ x509 \- Certificate display and signing utility
[\fB\-enddate\fR]
[\fB\-purpose\fR]
[\fB\-dates\fR]
+[\fB\-checkend num\fR]
[\fB\-modulus\fR]
[\fB\-fingerprint\fR]
[\fB\-alias\fR]
@@ -166,6 +177,7 @@ x509 \- Certificate display and signing utility
[\fB\-days arg\fR]
[\fB\-set_serial n\fR]
[\fB\-signkey filename\fR]
+[\fB\-passin arg\fR]
[\fB\-x509toreq\fR]
[\fB\-req\fR]
[\fB\-CA filename\fR]
@@ -173,6 +185,7 @@ x509 \- Certificate display and signing utility
[\fB\-CAcreateserial\fR]
[\fB\-CAserial filename\fR]
[\fB\-text\fR]
+[\fB\-certopt option\fR]
[\fB\-C\fR]
[\fB\-md2|\-md5|\-sha1|\-mdc2\fR]
[\fB\-clrext\fR]
@@ -183,7 +196,7 @@ x509 \- Certificate display and signing utility
.IX Header "DESCRIPTION"
The \fBx509\fR command is a multi purpose certificate utility. It can be
used to display certificate information, convert certificates to
-various forms, sign certificate requests like a \*(L"mini \s-1CA\s0\*(R" or edit
+various forms, sign certificate requests like a \*(L"mini \s-1CA\*(R"\s0 or edit
certificate trust settings.
.PP
Since there are a large number of options they will split up into
@@ -190,7 +203,7 @@ Since there are a large number of options they wil
various sections.
.SH "OPTIONS"
.IX Header "OPTIONS"
-.SS "\s-1INPUT\s0, \s-1OUTPUT\s0 \s-1AND\s0 \s-1GENERAL\s0 \s-1PURPOSE\s0 \s-1OPTIONS\s0"
+.SS "\s-1INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS\s0"
.IX Subsection "INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS"
.IP "\fB\-inform DER|PEM|NET\fR" 4
.IX Item "-inform DER|PEM|NET"
@@ -224,10 +237,10 @@ specifying an engine (by it's unique \fBid\fR stri
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
-.SS "\s-1DISPLAY\s0 \s-1OPTIONS\s0"
+.SS "\s-1DISPLAY OPTIONS\s0"
.IX Subsection "DISPLAY OPTIONS"
Note: the \fB\-alias\fR and \fB\-purpose\fR options are also display options
-but are described in the \fB\s-1TRUST\s0 \s-1SETTINGS\s0\fR section.
+but are described in the \fB\s-1TRUST SETTINGS\s0\fR section.
.IP "\fB\-text\fR" 4
.IX Item "-text"
prints out the certificate in text form. Full details are output including the
@@ -237,7 +250,7 @@ any extensions present and any trust settings.
.IX Item "-certopt option"
customise the output format used with \fB\-text\fR. The \fBoption\fR argument can be
a single option or multiple options separated by commas. The \fB\-certopt\fR switch
-may be also be used more than once to set multiple options. See the \fB\s-1TEXT\s0 \s-1OPTIONS\s0\fR
+may be also be used more than once to set multiple options. See the \fB\s-1TEXT OPTIONS\s0\fR
section for more information.
.IP "\fB\-noout\fR" 4
.IX Item "-noout"
@@ -257,6 +270,9 @@ name.
.IP "\fB\-issuer_hash\fR" 4
.IX Item "-issuer_hash"
outputs the \*(L"hash\*(R" of the certificate issuer name.
+.IP "\fB\-ocspid\fR" 4
+.IX Item "-ocspid"
+outputs the \s-1OCSP\s0 hash values for the subject name and public key.
.IP "\fB\-hash\fR" 4
.IX Item "-hash"
synonym for \*(L"\-subject_hash\*(R" for backward compatibility reasons.
@@ -271,7 +287,7 @@ outputs the issuer name.
option which determines how the subject or issuer names are displayed. The
\&\fBoption\fR argument can be a single option or multiple options separated by
commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to
-set multiple options. See the \fB\s-1NAME\s0 \s-1OPTIONS\s0\fR section for more information.
+set multiple options. See the \fB\s-1NAME OPTIONS\s0\fR section for more information.
.IP "\fB\-email\fR" 4
.IX Item "-email"
outputs the email address(es) if any.
@@ -284,6 +300,10 @@ prints out the expiry date of the certificate, tha
.IP "\fB\-dates\fR" 4
.IX Item "-dates"
prints out the start and expiry dates of a certificate.
+.IP "\fB\-checkend arg\fR" 4
+.IX Item "-checkend arg"
+checks if the certificate expires within the next \fBarg\fR seconds and exits
+non-zero if yes it will expire or zero if not.
.IP "\fB\-fingerprint\fR" 4
.IX Item "-fingerprint"
prints out the digest of the \s-1DER\s0 encoded version of the whole certificate
@@ -291,7 +311,7 @@ prints out the digest of the \s-1DER\s0 encoded ve
.IP "\fB\-C\fR" 4
.IX Item "-C"
this outputs the certificate in the form of a C source file.
-.SS "\s-1TRUST\s0 \s-1SETTINGS\s0"
+.SS "\s-1TRUST SETTINGS\s0"
.IX Subsection "TRUST SETTINGS"
Please note these options are currently experimental and may well change.
.PP
@@ -304,7 +324,7 @@ must be \*(L"trusted\*(R". By default a trusted ce
locally and must be a root \s-1CA:\s0 any certificate chain ending in this \s-1CA\s0
is then usable for any purpose.
.PP
-Trust settings currently are only used with a root \s-1CA\s0. They allow a finer
+Trust settings currently are only used with a root \s-1CA.\s0 They allow a finer
control over the purposes the root \s-1CA\s0 can be used for. For example a \s-1CA\s0
may be trusted for \s-1SSL\s0 client but not \s-1SSL\s0 server use.
.PP
@@ -346,12 +366,12 @@ option.
.IP "\fB\-purpose\fR" 4
.IX Item "-purpose"
this option performs tests on the certificate extensions and outputs
-the results. For a more complete description see the \fB\s-1CERTIFICATE\s0
-\&\s-1EXTENSIONS\s0\fR section.
-.SS "\s-1SIGNING\s0 \s-1OPTIONS\s0"
+the results. For a more complete description see the \fB\s-1CERTIFICATE
+EXTENSIONS\s0\fR section.
+.SS "\s-1SIGNING OPTIONS\s0"
.IX Subsection "SIGNING OPTIONS"
The \fBx509\fR utility can be used to sign certificates and requests: it
-can thus behave like a \*(L"mini \s-1CA\s0\*(R".
+can thus behave like a \*(L"mini \s-1CA\*(R".\s0
.IP "\fB\-signkey filename\fR" 4
.IX Item "-signkey filename"
this option causes the input file to be self signed using the supplied
@@ -367,6 +387,10 @@ the \fB\-clrext\fR option is supplied.
If the input is a certificate request then a self signed certificate
is created using the supplied private key using the subject name in
the request.
+.IP "\fB\-passin arg\fR" 4
+.IX Item "-passin arg"
+the key password source. For more information about the format of \fBarg\fR
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-clrext\fR" 4
.IX Item "-clrext"
delete any extensions from a certificate. This option is used when a
@@ -401,7 +425,7 @@ serial numbers can also be specified but their use
.IP "\fB\-CA filename\fR" 4
.IX Item "-CA filename"
specifies the \s-1CA\s0 certificate to be used for signing. When this option is
-present \fBx509\fR behaves like a \*(L"mini \s-1CA\s0\*(R". The input file is signed by this
+present \fBx509\fR behaves like a \*(L"mini \s-1CA\*(R".\s0 The input file is signed by this
\&\s-1CA\s0 using this option: that is its issuer name is set to the subject name
of the \s-1CA\s0 and it is digitally signed using the CAs private key.
.Sp
@@ -440,7 +464,7 @@ the section to add certificate extensions from. If
specified then the extensions should either be contained in the unnamed
(default) section or the default section should contain a variable called
\&\*(L"extensions\*(R" which contains the section to use.
-.SS "\s-1NAME\s0 \s-1OPTIONS\s0"
+.SS "\s-1NAME OPTIONS\s0"
.IX Subsection "NAME OPTIONS"
The \fBnameopt\fR command line switch determines how the subject and issuer
names are displayed. If no \fBnameopt\fR switch is present the default \*(L"oneline\*(R"
@@ -457,7 +481,7 @@ displays names compatible with \s-1RFC2253\s0 equi
\&\fBsep_comma_plus\fR, \fBdn_rev\fR and \fBsname\fR.
.IP "\fBoneline\fR" 4
.IX Item "oneline"
-a oneline format which is more readable than \s-1RFC2253\s0. It is equivalent to
+a oneline format which is more readable than \s-1RFC2253.\s0 It is equivalent to
specifying the \fBesc_2253\fR, \fBesc_ctrl\fR, \fBesc_msb\fR, \fButf8\fR, \fBdump_nostr\fR,
\&\fBdump_der\fR, \fBuse_quote\fR, \fBsep_comma_plus_space\fR, \fBspace_eq\fR and \fBsname\fR
options.
@@ -486,7 +510,7 @@ escapes some characters by surrounding the whole s
without the option all escaping is done with the \fB\e\fR character.
.IP "\fButf8\fR" 4
.IX Item "utf8"
-convert all strings to \s-1UTF8\s0 format first. This is required by \s-1RFC2253\s0. If
+convert all strings to \s-1UTF8\s0 format first. This is required by \s-1RFC2253.\s0 If
you are lucky enough to have a \s-1UTF8\s0 compatible terminal then the use
of this option (and \fBnot\fR setting \fBesc_msb\fR) may result in the correct
display of multibyte (international) characters. Is this option is not
@@ -494,8 +518,8 @@ present then multibyte characters larger than 0xff
using the format \eUXXXX for 16 bits and \eWXXXXXXXX for 32 bits.
Also if this option is off any UTF8Strings will be converted to their
character form first.
-.IP "\fBno_type\fR" 4
-.IX Item "no_type"
+.IP "\fBignore_type\fR" 4
+.IX Item "ignore_type"
this option does not attempt to interpret multibyte characters in any
way. That is their content octets are merely dumped as though one octet
represents each character. This is useful for diagnostic purposes but
@@ -508,11 +532,11 @@ field contents. For example \*(L"\s-1BMPSTRING:\s0
.IX Item "dump_der"
when this option is set any fields that need to be hexdumped will
be dumped using the \s-1DER\s0 encoding of the field. Otherwise just the
-content octets will be displayed. Both options use the \s-1RFC2253\s0
-\&\fB#XXXX...\fR format.
+content octets will be displayed. Both options use the \s-1RFC2253
+\&\s0\fB#XXXX...\fR format.
.IP "\fBdump_nostr\fR" 4
.IX Item "dump_nostr"
-dump non character string types (for example \s-1OCTET\s0 \s-1STRING\s0) if this
+dump non character string types (for example \s-1OCTET STRING\s0) if this
option is not set then non character string types will be displayed
as though each content octet represents a single character.
.IP "\fBdump_all\fR" 4
@@ -533,7 +557,7 @@ the \s-1RDN\s0 separator and a spaced \fB+\fR for
indents the fields by four characters.
.IP "\fBdn_rev\fR" 4
.IX Item "dn_rev"
-reverse the fields of the \s-1DN\s0. This is required by \s-1RFC2253\s0. As a side
+reverse the fields of the \s-1DN.\s0 This is required by \s-1RFC2253.\s0 As a side
effect this also reverses the order of multiple AVAs but this is
permissible.
.IP "\fBnofname\fR, \fBsname\fR, \fBlname\fR, \fBoid\fR" 4
@@ -551,7 +575,7 @@ align field values for a more readable output. Onl
.IX Item "space_eq"
places spaces round the \fB=\fR character which follows the field
name.
-.SS "\s-1TEXT\s0 \s-1OPTIONS\s0"
+.SS "\s-1TEXT OPTIONS\s0"
.IX Subsection "TEXT OPTIONS"
As well as customising the name output format, it is also possible to
customise the actual fields printed using the \fBcertopt\fR options when
@@ -685,7 +709,7 @@ certificate extensions:
.Ve
.PP
Set a certificate to be trusted for \s-1SSL\s0 client use and change set its alias to
-\&\*(L"Steve's Class 1 \s-1CA\s0\*(R"
+\&\*(L"Steve's Class 1 \s-1CA\*(R"\s0
.PP
.Vb 2
\& openssl x509 \-in cert.pem \-addtrust clientAuth \e
@@ -724,7 +748,7 @@ This is commonly called a \*(L"fingerprint\*(R". B
digests the fingerprint of a certificate is unique to that certificate and
two certificates with the same fingerprint can be considered to be the same.
.PP
-The Netscape fingerprint uses \s-1MD5\s0 whereas \s-1MSIE\s0 uses \s-1SHA1\s0.
+The Netscape fingerprint uses \s-1MD5\s0 whereas \s-1MSIE\s0 uses \s-1SHA1.\s0
.PP
The \fB\-email\fR option searches the subject name and the subject alternative
name extension. Only unique email addresses will be printed out: it will
@@ -740,12 +764,12 @@ The same code is used when verifying untrusted cer
so this section is useful if a chain is rejected by the verify code.
.PP
The basicConstraints extension \s-1CA\s0 flag is used to determine whether the
-certificate can be used as a \s-1CA\s0. If the \s-1CA\s0 flag is true then it is a \s-1CA\s0,
-if the \s-1CA\s0 flag is false then it is not a \s-1CA\s0. \fBAll\fR CAs should have the
+certificate can be used as a \s-1CA.\s0 If the \s-1CA\s0 flag is true then it is a \s-1CA,\s0
+if the \s-1CA\s0 flag is false then it is not a \s-1CA. \s0\fBAll\fR CAs should have the
\&\s-1CA\s0 flag set to true.
.PP
If the basicConstraints extension is absent then the certificate is
-considered to be a \*(L"possible \s-1CA\s0\*(R" other extensions are checked according
+considered to be a \*(L"possible \s-1CA\*(R"\s0 other extensions are checked according
to the intended use of the certificate. A warning is given in this case
because the certificate should really not be regarded as a \s-1CA:\s0 however
it is allowed to be a \s-1CA\s0 to work around some broken software.
@@ -769,14 +793,14 @@ basicConstraints and keyUsage and V1 certificates
.IP "\fB\s-1SSL\s0 Client\fR" 4
.IX Item "SSL Client"
The extended key usage extension must be absent or include the \*(L"web client
-authentication\*(R" \s-1OID\s0. keyUsage must be absent or it must have the
+authentication\*(R" \s-1OID. \s0 keyUsage must be absent or it must have the
digitalSignature bit set. Netscape certificate type must be absent or it must
have the \s-1SSL\s0 client bit set.
.IP "\fB\s-1SSL\s0 Client \s-1CA\s0\fR" 4
.IX Item "SSL Client CA"
The extended key usage extension must be absent or include the \*(L"web client
-authentication\*(R" \s-1OID\s0. Netscape certificate type must be absent or it must have
-the \s-1SSL\s0 \s-1CA\s0 bit set: this is used as a work around if the basicConstraints
+authentication\*(R" \s-1OID.\s0 Netscape certificate type must be absent or it must have
+the \s-1SSL CA\s0 bit set: this is used as a work around if the basicConstraints
extension is absent.
.IP "\fB\s-1SSL\s0 Server\fR" 4
.IX Item "SSL Server"
@@ -788,7 +812,7 @@ Netscape certificate type must be absent or have t
.IX Item "SSL Server CA"
The extended key usage extension must be absent or include the \*(L"web server
authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. Netscape certificate type must
-be absent or the \s-1SSL\s0 \s-1CA\s0 bit must be set: this is used as a work around if the
+be absent or the \s-1SSL CA\s0 bit must be set: this is used as a work around if the
basicConstraints extension is absent.
.IP "\fBNetscape \s-1SSL\s0 Server\fR" 4
.IX Item "Netscape SSL Server"
@@ -799,7 +823,7 @@ Otherwise it is the same as a normal \s-1SSL\s0 se
.IP "\fBCommon S/MIME Client Tests\fR" 4
.IX Item "Common S/MIME Client Tests"
The extended key usage extension must be absent or include the \*(L"email
-protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or should have the
+protection\*(R" \s-1OID.\s0 Netscape certificate type must be absent or should have the
S/MIME bit set. If the S/MIME bit is not set in netscape certificate type
then the \s-1SSL\s0 client bit is tolerated as an alternative but a warning is shown:
this is because some Verisign certificates don't set the S/MIME bit.
@@ -814,7 +838,7 @@ if the keyUsage extension is present.
.IP "\fBS/MIME \s-1CA\s0\fR" 4
.IX Item "S/MIME CA"
The extended key usage extension must be absent or include the \*(L"email
-protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or must have the
+protection\*(R" \s-1OID.\s0 Netscape certificate type must be absent or must have the
S/MIME \s-1CA\s0 bit set: this is used as a work around if the basicConstraints
extension is absent.
.IP "\fB\s-1CRL\s0 Signing\fR" 4
@@ -837,7 +861,7 @@ be checked.
There should be options to explicitly set such things as start and end
dates rather than an offset from the current time.
.PP
-The code to implement the verify behaviour described in the \fB\s-1TRUST\s0 \s-1SETTINGS\s0\fR
+The code to implement the verify behaviour described in the \fB\s-1TRUST SETTINGS\s0\fR
is currently being developed. It thus describes the intended behaviour rather
than the current behaviour. It is hoped that it will represent reality in
OpenSSL 0.9.5 and later.
@@ -847,4 +871,4 @@ OpenSSL 0.9.5 and later.
\&\fIgendsa\fR\|(1), \fIverify\fR\|(1)
.SH "HISTORY"
.IX Header "HISTORY"
-Before OpenSSL 0.9.8, the default digest for \s-1RSA\s0 keys was \s-1MD5\s0.
+Before OpenSSL 0.9.8, the default digest for \s-1RSA\s0 keys was \s-1MD5.\s0
Index: secure/usr.bin/openssl/man/x509v3_config.1
===================================================================
--- secure/usr.bin/openssl/man/x509v3_config.1 (revision 279126)
+++ secure/usr.bin/openssl/man/x509v3_config.1 (working copy)
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509V3_CONFIG 1"
-.TH X509V3_CONFIG 1 "2014-06-05" "0.9.8za" "OpenSSL"
+.TH X509V3_CONFIG 1 "2015-01-08" "0.9.8zd" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -185,7 +194,7 @@ use is defined by the extension code itself: check
policies extension for an example.
.PP
If an extension type is unsupported then the \fIarbitrary\fR extension syntax
-must be used, see the \s-1ARBITRART\s0 \s-1EXTENSIONS\s0 section for more details.
+must be used, see the \s-1ARBITRARY EXTENSIONS\s0 section for more details.
.SH "STANDARD EXTENSIONS"
.IX Header "STANDARD EXTENSIONS"
The following sections describe each supported extension in detail.
@@ -207,7 +216,7 @@ For example:
.Ve
.PP
A \s-1CA\s0 certificate \fBmust\fR include the basicConstraints value with the \s-1CA\s0 field
-set to \s-1TRUE\s0. An end user certificate must either set \s-1CA\s0 to \s-1FALSE\s0 or exclude the
+set to \s-1TRUE.\s0 An end user certificate must either set \s-1CA\s0 to \s-1FALSE\s0 or exclude the
extension entirely. Some software may require the inclusion of basicConstraints
with \s-1CA\s0 set to \s-1FALSE\s0 for end entity certificates.
.PP
@@ -237,7 +246,7 @@ the certificate public key can be used for,
.PP
These can either be object short names of the dotted numerical form of OIDs.
While any \s-1OID\s0 can be used only certain values make sense. In particular the
-following \s-1PKIX\s0, \s-1NS\s0 and \s-1MS\s0 values are meaningful:
+following \s-1PKIX, NS\s0 and \s-1MS\s0 values are meaningful:
.PP
.Vb 10
\& Value Meaning
@@ -296,7 +305,7 @@ Example:
The subject alternative name extension allows various literal values to be
included in the configuration file. These include \fBemail\fR (an email address)
\&\fB\s-1URI\s0\fR a uniform resource indicator, \fB\s-1DNS\s0\fR (a \s-1DNS\s0 domain name), \fB\s-1RID\s0\fR (a
-registered \s-1ID:\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0), \fB\s-1IP\s0\fR (an \s-1IP\s0 address), \fBdirName\fR
+registered \s-1ID: OBJECT IDENTIFIER\s0), \fB\s-1IP\s0\fR (an \s-1IP\s0 address), \fBdirName\fR
(a distinguished name) and otherName.
.PP
The email option include a special 'copy' value. This will automatically
@@ -307,11 +316,11 @@ The \s-1IP\s0 address used in the \fB\s-1IP\s0\fR
.PP
The value of \fBdirName\fR should point to a section containing the distinguished
name to use as a set of name value pairs. Multi values AVAs can be formed by
-preceeding the name with a \fB+\fR character.
+preceding the name with a \fB+\fR character.
.PP
otherName can include arbitrary data associated with an \s-1OID:\s0 the value
should be the \s-1OID\s0 followed by a semicolon and the content in standard
-\&\fIASN1_generate_nconf()\fR format.
+\&\fIASN1_generate_nconf\fR\|(3) format.
.PP
Examples:
.PP
@@ -346,7 +355,7 @@ Example:
.SS "Authority Info Access."
.IX Subsection "Authority Info Access."
The authority information access extension gives details about how to access
-certain information relating to the \s-1CA\s0. Its syntax is accessOID;location
+certain information relating to the \s-1CA.\s0 Its syntax is accessOID;location
where \fIlocation\fR has the same syntax as subject alternative name (except
that email:copy is not supported). accessOID can be any valid \s-1OID\s0 but only
certain values are meaningful, for example \s-1OCSP\s0 and caIssuers.
@@ -359,22 +368,84 @@ Example:
.Ve
.SS "\s-1CRL\s0 distribution points."
.IX Subsection "CRL distribution points."
-This is a multi-valued extension that supports all the literal options of
-subject alternative name. Of the few software packages that currently interpret
-this extension most only interpret the \s-1URI\s0 option.
+This is a multi-valued extension whose options can be either in name:value pair
+using the same form as subject alternative name or a single value representing
+a section name containing all the distribution point fields.
.PP
-Currently each option will set a new DistributionPoint with the fullName
-field set to the given value.
+For a name:value pair a new DistributionPoint with the fullName field set to
+the given value both the cRLissuer and reasons fields are omitted in this case.
.PP
-Other fields like cRLissuer and reasons cannot currently be set or displayed:
-at this time no examples were available that used these fields.
+In the single option case the section indicated contains values for each
+field. In this section:
.PP
-Examples:
+If the name is \*(L"fullname\*(R" the value field should contain the full name
+of the distribution point in the same format as subject alternative name.
.PP
+If the name is \*(L"relativename\*(R" then the value field should contain a section
+name whose contents represent a \s-1DN\s0 fragment to be placed in this field.
+.PP
+The name \*(L"CRLIssuer\*(R" if present should contain a value for this field in
+subject alternative name format.
+.PP
+If the name is \*(L"reasons\*(R" the value field should consist of a comma
+separated field containing the reasons. Valid reasons are: \*(L"keyCompromise\*(R",
+\&\*(L"CACompromise\*(R", \*(L"affiliationChanged\*(R", \*(L"superseded\*(R", \*(L"cessationOfOperation\*(R",
+\&\*(L"certificateHold\*(R", \*(L"privilegeWithdrawn\*(R" and \*(L"AACompromise\*(R".
+.PP
+Simple examples:
+.PP
.Vb 2
\& crlDistributionPoints=URI:http://myhost.com/myca.crl
\& crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl
.Ve
+.PP
+Full distribution point example:
+.PP
+.Vb 1
+\& crlDistributionPoints=crldp1_section
+\&
+\& [crldp1_section]
+\&
+\& fullname=URI:http://myhost.com/myca.crl
+\& CRLissuer=dirName:issuer_sect
+\& reasons=keyCompromise, CACompromise
+\&
+\& [issuer_sect]
+\& C=UK
+\& O=Organisation
+\& CN=Some Name
+.Ve
+.SS "Issuing Distribution Point"
+.IX Subsection "Issuing Distribution Point"
+This extension should only appear in CRLs. It is a multi valued extension
+whose syntax is similar to the \*(L"section\*(R" pointed to by the \s-1CRL\s0 distribution
+points extension with a few differences.
+.PP
+The names \*(L"reasons\*(R" and \*(L"CRLissuer\*(R" are not recognized.
+.PP
+The name \*(L"onlysomereasons\*(R" is accepted which sets this field. The value is
+in the same format as the \s-1CRL\s0 distribution point \*(L"reasons\*(R" field.
+.PP
+The names \*(L"onlyuser\*(R", \*(L"onlyCA\*(R", \*(L"onlyAA\*(R" and \*(L"indirectCRL\*(R" are also accepted
+the values should be a boolean value (\s-1TRUE\s0 or \s-1FALSE\s0) to indicate the value of
+the corresponding field.
+.PP
+Example:
+.PP
+.Vb 1
+\& issuingDistributionPoint=critical, @idp_section
+\&
+\& [idp_section]
+\&
+\& fullname=URI:http://myhost.com/myca.crl
+\& indirectCRL=TRUE
+\& onlysomereasons=keyCompromise, CACompromise
+\&
+\& [issuer_sect]
+\& C=UK
+\& O=Organisation
+\& CN=Some Name
+.Ve
.SS "Certificate Policies."
.IX Subsection "Certificate Policies."
This is a \fIraw\fR extension. All the fields of this extension can be set by
@@ -381,7 +452,7 @@ This is a \fIraw\fR extension. All the fields of t
using the appropriate syntax.
.PP
If you follow the \s-1PKIX\s0 recommendations and just using one \s-1OID\s0 then you just
-include the value of that \s-1OID\s0. Multiple OIDs can be set separated by commas,
+include the value of that \s-1OID.\s0 Multiple OIDs can be set separated by commas,
for example:
.PP
.Vb 1
@@ -472,6 +543,15 @@ Examples:
\&
\& nameConstraints=excluded;email:.com
.Ve
+.SS "\s-1OCSP\s0 No Check"
+.IX Subsection "OCSP No Check"
+The \s-1OCSP\s0 No Check extension is a string extension but its value is ignored.
+.PP
+Example:
+.PP
+.Vb 1
+\& noCheck = ignored
+.Ve
.SH "DEPRECATED EXTENSIONS"
.IX Header "DEPRECATED EXTENSIONS"
The following extensions are non standard, Netscape specific and largely
@@ -509,7 +589,8 @@ the data is formatted correctly for the given exte
There are two ways to encode arbitrary extensions.
.PP
The first way is to use the word \s-1ASN1\s0 followed by the extension content
-using the same syntax as \fIASN1_generate_nconf()\fR. For example:
+using the same syntax as \fIASN1_generate_nconf\fR\|(3).
+For example:
.PP
.Vb 1
\& 1.2.3.4=critical,ASN1:UTF8String:Some random data
@@ -598,4 +679,5 @@ The \fBdirectoryName\fR and \fBotherName\fR option
for arbitrary extensions was added in OpenSSL 0.9.8
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIreq\fR\|(1), \fIca\fR\|(1), \fIx509\fR\|(1)
+\&\fIreq\fR\|(1), \fIca\fR\|(1), \fIx509\fR\|(1),
+\&\fIASN1_generate_nconf\fR\|(3)
Reference in a new issue View git blame Copy permalink