diff options
Diffstat (limited to 'share/security/patches/EN-15:02/openssl-9.3.patch')
| -rw-r--r-- | share/security/patches/EN-15:02/openssl-9.3.patch | 32829 |
1 files changed, 0 insertions, 32829 deletions
diff --git a/share/security/patches/EN-15:02/openssl-9.3.patch b/share/security/patches/EN-15:02/openssl-9.3.patch deleted file mode 100644 index 8f6aafecc3..0000000000 --- a/share/security/patches/EN-15:02/openssl-9.3.patch +++ /dev/null @@ -1,32829 +0,0 @@ -Index: crypto/openssl/CHANGES -=================================================================== ---- crypto/openssl/CHANGES (revision 279126) -+++ crypto/openssl/CHANGES (working copy) -@@ -2,6 +2,171 @@ - OpenSSL CHANGES - _______________ - -+ Changes between 0.9.8zc and 0.9.8zd [8 Jan 2015] -+ -+ *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS -+ message can cause a segmentation fault in OpenSSL due to a NULL pointer -+ dereference. This could lead to a Denial Of Service attack. Thanks to -+ Markus Stenberg of Cisco Systems, Inc. for reporting this issue. -+ (CVE-2014-3571) -+ [Steve Henson] -+ -+ *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is -+ built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl -+ method would be set to NULL which could later result in a NULL pointer -+ dereference. Thanks to Frank Schmirler for reporting this issue. -+ (CVE-2014-3569) -+ [Kurt Roeckx] -+ -+ *) Abort handshake if server key exchange message is omitted for ephemeral -+ ECDH ciphersuites. -+ -+ Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for -+ reporting this issue. -+ (CVE-2014-3572) -+ [Steve Henson] -+ -+ *) Remove non-export ephemeral RSA code on client and server. This code -+ violated the TLS standard by allowing the use of temporary RSA keys in -+ non-export ciphersuites and could be used by a server to effectively -+ downgrade the RSA key length used to a value smaller than the server -+ certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at -+ INRIA or reporting this issue. -+ (CVE-2015-0204) -+ [Steve Henson] -+ -+ *) Fix various certificate fingerprint issues. -+ -+ By using non-DER or invalid encodings outside the signed portion of a -+ certificate the fingerprint can be changed without breaking the signature. -+ Although no details of the signed portion of the certificate can be changed -+ this can cause problems with some applications: e.g. those using the -+ certificate fingerprint for blacklists. -+ -+ 1. Reject signatures with non zero unused bits. -+ -+ If the BIT STRING containing the signature has non zero unused bits reject -+ the signature. All current signature algorithms require zero unused bits. -+ -+ 2. Check certificate algorithm consistency. -+ -+ Check the AlgorithmIdentifier inside TBS matches the one in the -+ certificate signature. NB: this will result in signature failure -+ errors for some broken certificates. -+ -+ Thanks to Konrad Kraszewski from Google for reporting this issue. -+ -+ 3. Check DSA/ECDSA signatures use DER. -+ -+ Reencode DSA/ECDSA signatures and compare with the original received -+ signature. Return an error if there is a mismatch. -+ -+ This will reject various cases including garbage after signature -+ (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS -+ program for discovering this case) and use of BER or invalid ASN.1 INTEGERs -+ (negative or with leading zeroes). -+ -+ Further analysis was conducted and fixes were developed by Stephen Henson -+ of the OpenSSL core team. -+ -+ (CVE-2014-8275) -+ [Steve Henson] -+ -+ *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect -+ results on some platforms, including x86_64. This bug occurs at random -+ with a very low probability, and is not known to be exploitable in any -+ way, though its exact impact is difficult to determine. Thanks to Pieter -+ Wuille (Blockstream) who reported this issue and also suggested an initial -+ fix. Further analysis was conducted by the OpenSSL development team and -+ Adam Langley of Google. The final fix was developed by Andy Polyakov of -+ the OpenSSL core team. -+ (CVE-2014-3570) -+ [Andy Polyakov] -+ -+ Changes between 0.9.8zb and 0.9.8zc [15 Oct 2014] -+ -+ *) Session Ticket Memory Leak. -+ -+ When an OpenSSL SSL/TLS/DTLS server receives a session ticket the -+ integrity of that ticket is first verified. In the event of a session -+ ticket integrity check failing, OpenSSL will fail to free memory -+ causing a memory leak. By sending a large number of invalid session -+ tickets an attacker could exploit this issue in a Denial Of Service -+ attack. -+ (CVE-2014-3567) -+ [Steve Henson] -+ -+ *) Build option no-ssl3 is incomplete. -+ -+ When OpenSSL is configured with "no-ssl3" as a build option, servers -+ could accept and complete a SSL 3.0 handshake, and clients could be -+ configured to send them. -+ (CVE-2014-3568) -+ [Akamai and the OpenSSL team] -+ -+ *) Add support for TLS_FALLBACK_SCSV. -+ Client applications doing fallback retries should call -+ SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV). -+ (CVE-2014-3566) -+ [Adam Langley, Bodo Moeller] -+ -+ *) Add additional DigestInfo checks. -+ -+ Reencode DigestInto in DER and check against the original when -+ verifying RSA signature: this will reject any improperly encoded -+ DigestInfo structures. -+ -+ Note: this is a precautionary measure and no attacks are currently known. -+ -+ [Steve Henson] -+ -+ Changes between 0.9.8za and 0.9.8zb [6 Aug 2014] -+ -+ *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject -+ to a denial of service attack. A malicious server can crash the client -+ with a null pointer dereference (read) by specifying an anonymous (EC)DH -+ ciphersuite and sending carefully crafted handshake messages. -+ -+ Thanks to Felix Gröbert (Google) for discovering and researching this -+ issue. -+ (CVE-2014-3510) -+ [Emilia Käsper] -+ -+ *) By sending carefully crafted DTLS packets an attacker could cause openssl -+ to leak memory. This can be exploited through a Denial of Service attack. -+ Thanks to Adam Langley for discovering and researching this issue. -+ (CVE-2014-3507) -+ [Adam Langley] -+ -+ *) An attacker can force openssl to consume large amounts of memory whilst -+ processing DTLS handshake messages. This can be exploited through a -+ Denial of Service attack. -+ Thanks to Adam Langley for discovering and researching this issue. -+ (CVE-2014-3506) -+ [Adam Langley] -+ -+ *) An attacker can force an error condition which causes openssl to crash -+ whilst processing DTLS packets due to memory being freed twice. This -+ can be exploited through a Denial of Service attack. -+ Thanks to Adam Langley and Wan-Teh Chang for discovering and researching -+ this issue. -+ (CVE-2014-3505) -+ [Adam Langley] -+ -+ *) A flaw in OBJ_obj2txt may cause pretty printing functions such as -+ X509_name_oneline, X509_name_print_ex et al. to leak some information -+ from the stack. Applications may be affected if they echo pretty printing -+ output to the attacker. -+ -+ Thanks to Ivan Fratric (Google) for discovering this issue. -+ (CVE-2014-3508) -+ [Emilia Käsper, and Steve Henson] -+ -+ *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) -+ for corner cases. (Certain input points at infinity could lead to -+ bogus results, with non-infinity inputs mapped to infinity too.) -+ [Bodo Moeller] -+ - Changes between 0.9.8y and 0.9.8za [5 Jun 2014] - - *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted -Index: crypto/openssl/FAQ -=================================================================== ---- crypto/openssl/FAQ (revision 279126) -+++ crypto/openssl/FAQ (working copy) -@@ -113,11 +113,6 @@ that came with the version of OpenSSL you are usin - documentation is included in each OpenSSL distribution under the docs - directory. - --For information on parts of libcrypto that are not yet documented, you --might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's --predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>. Much --of this still applies to OpenSSL. -- - There is some documentation about certificate extensions and PKCS#12 - in doc/openssl.txt - -Index: crypto/openssl/Makefile -=================================================================== ---- crypto/openssl/Makefile (revision 279126) -+++ crypto/openssl/Makefile (working copy) -@@ -4,7 +4,7 @@ - ## Makefile for OpenSSL - ## - --VERSION=0.9.8za -+VERSION=0.9.8zd - MAJOR=0 - MINOR=9.8 - SHLIB_VERSION_NUMBER=0.9.8 -Index: crypto/openssl/NEWS -=================================================================== ---- crypto/openssl/NEWS (revision 279126) -+++ crypto/openssl/NEWS (working copy) -@@ -5,6 +5,38 @@ - This file gives a brief overview of the major changes between each OpenSSL - release. For more details please read the CHANGES file. - -+ Major changes between OpenSSL 0.9.8zc and OpenSSL 0.9.8zd [8 Jan 2015] -+ -+ o Fix for CVE-2014-3571 -+ o Fix for CVE-2014-3569 -+ o Fix for CVE-2014-3572 -+ o Fix for CVE-2015-0204 -+ o Fix for CVE-2014-8275 -+ o Fix for CVE-2014-3570 -+ -+ Major changes between OpenSSL 0.9.8zb and OpenSSL 0.9.8zc [15 Oct 2014]: -+ -+ o Fix for CVE-2014-3513 -+ o Fix for CVE-2014-3567 -+ o Mitigation for CVE-2014-3566 (SSL protocol vulnerability) -+ o Fix for CVE-2014-3568 -+ -+ Major changes between OpenSSL 0.9.8za and OpenSSL 0.9.8zb [6 Aug 2014]: -+ -+ o Fix for CVE-2014-3510 -+ o Fix for CVE-2014-3507 -+ o Fix for CVE-2014-3506 -+ o Fix for CVE-2014-3505 -+ o Fix for CVE-2014-3508 -+ -+ Known issues in OpenSSL 0.9.8za: -+ -+ o Compilation failure of s3_pkt.c on some platforms due to missing -+ <limits.h> include. Fixed in 0.9.8zb-dev. -+ o FIPS capable link failure with missing symbol BN_consttime_swap. -+ Fixed in 0.9.8zb-dev. Workaround is to compile with no-ec: the EC -+ algorithms are not FIPS approved in OpenSSL 0.9.8 anyway. -+ - Major changes between OpenSSL 0.9.8y and OpenSSL 0.9.8za [5 Jun 2014]: - - o Fix for CVE-2014-0224 -Index: crypto/openssl/README -=================================================================== ---- crypto/openssl/README (revision 279126) -+++ crypto/openssl/README (working copy) -@@ -1,5 +1,5 @@ - -- OpenSSL 0.9.8za 5 Jun 2014 -+ OpenSSL 0.9.8zd 8 Jan 2015 - - Copyright (c) 1998-2011 The OpenSSL Project - Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson -Index: crypto/openssl/apps/apps.c -=================================================================== ---- crypto/openssl/apps/apps.c (revision 279126) -+++ crypto/openssl/apps/apps.c (working copy) -@@ -362,6 +362,8 @@ int chopup_args(ARGS *arg, char *buf, int *argc, c - { - arg->count=20; - arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count); -+ if (arg->data == NULL) -+ return 0; - } - for (i=0; i<arg->count; i++) - arg->data[i]=NULL; -@@ -1429,6 +1431,8 @@ char *make_config_name() - - len=strlen(t)+strlen(OPENSSL_CONF)+2; - p=OPENSSL_malloc(len); -+ if (p == NULL) -+ return NULL; - BUF_strlcpy(p,t,len); - #ifndef OPENSSL_SYS_VMS - BUF_strlcat(p,"/",len); -Index: crypto/openssl/apps/ca.c -=================================================================== ---- crypto/openssl/apps/ca.c (revision 279126) -+++ crypto/openssl/apps/ca.c (working copy) -@@ -1582,6 +1582,7 @@ static int certify(X509 **xret, char *infile, EVP_ - { - ok=0; - BIO_printf(bio_err,"Signature verification problems....\n"); -+ ERR_print_errors(bio_err); - goto err; - } - if (i == 0) -@@ -1588,6 +1589,7 @@ static int certify(X509 **xret, char *infile, EVP_ - { - ok=0; - BIO_printf(bio_err,"Signature did not match the certificate request\n"); -+ ERR_print_errors(bio_err); - goto err; - } - else -@@ -2751,6 +2753,9 @@ char *make_revocation_str(int rev_type, char *rev_ - - revtm = X509_gmtime_adj(NULL, 0); - -+ if (!revtm) -+ return NULL; -+ - i = revtm->length + 1; - - if (reason) i += strlen(reason) + 1; -Index: crypto/openssl/apps/crl2p7.c -=================================================================== ---- crypto/openssl/apps/crl2p7.c (revision 279126) -+++ crypto/openssl/apps/crl2p7.c (working copy) -@@ -142,7 +142,13 @@ int MAIN(int argc, char **argv) - { - if (--argc < 1) goto bad; - if(!certflst) certflst = sk_new_null(); -- sk_push(certflst,*(++argv)); -+ if (!certflst) -+ goto end; -+ if (!sk_push(certflst,*(++argv))) -+ { -+ sk_free(certflst); -+ goto end; -+ } - } - else - { -Index: crypto/openssl/apps/ocsp.c -=================================================================== ---- crypto/openssl/apps/ocsp.c (revision 279126) -+++ crypto/openssl/apps/ocsp.c (working copy) -@@ -1344,7 +1344,7 @@ OCSP_RESPONSE *process_responder(BIO *err, OCSP_RE - } - resp = query_responder(err, cbio, path, req, req_timeout); - if (!resp) -- BIO_printf(bio_err, "Error querying OCSP responsder\n"); -+ BIO_printf(bio_err, "Error querying OCSP responder\n"); - end: - if (ctx) - SSL_CTX_free(ctx); -Index: crypto/openssl/apps/s_server.c -=================================================================== ---- crypto/openssl/apps/s_server.c (revision 279126) -+++ crypto/openssl/apps/s_server.c (working copy) -@@ -583,7 +583,7 @@ static int MS_CALLBACK ssl_servername_cb(SSL *s, i - - if (servername) - { -- if (strcmp(servername,p->servername)) -+ if (strcasecmp(servername,p->servername)) - return p->extension_error; - if (ctx2) - { -@@ -1095,6 +1095,14 @@ bad: - sv_usage(); - goto end; - } -+#ifndef OPENSSL_NO_DTLS1 -+ if (www && socket_type == SOCK_DGRAM) -+ { -+ BIO_printf(bio_err, -+ "Can't use -HTTP, -www or -WWW with DTLS\n"); -+ goto end; -+ } -+#endif - - SSL_load_error_strings(); - OpenSSL_add_ssl_algorithms(); -@@ -1922,8 +1930,10 @@ again: - #ifdef CHARSET_EBCDIC - ascii2ebcdic(buf,buf,i); - #endif -- write(fileno(stdout),buf, -- (unsigned int)i); -+ if (write(fileno(stdout),buf, -+ (unsigned int)i) != i) -+ goto err; -+ - if (SSL_pending(con)) goto again; - break; - case SSL_ERROR_WANT_WRITE: -Index: crypto/openssl/apps/speed.c -=================================================================== ---- crypto/openssl/apps/speed.c (revision 279126) -+++ crypto/openssl/apps/speed.c (working copy) -@@ -2767,7 +2767,11 @@ static int do_multi(int multi) - fds=malloc(multi*sizeof *fds); - for(n=0 ; n < multi ; ++n) - { -- pipe(fd); -+ if (pipe(fd) == -1) -+ { -+ fprintf(stderr, "pipe failure\n"); -+ exit(1); -+ } - fflush(stdout); - fflush(stderr); - if(fork()) -@@ -2779,7 +2783,11 @@ static int do_multi(int multi) - { - close(fd[0]); - close(1); -- dup(fd[1]); -+ if (dup(fd[1]) == -1) -+ { -+ fprintf(stderr, "dup failed\n"); -+ exit(1); -+ } - close(fd[1]); - mr=1; - usertime=0; -Index: crypto/openssl/crypto/LPdir_vms.c -=================================================================== ---- crypto/openssl/crypto/LPdir_vms.c (revision 279126) -+++ crypto/openssl/crypto/LPdir_vms.c (working copy) -@@ -1,4 +1,3 @@ --/* $LP: LPlib/source/LPdir_vms.c,v 1.20 2004/08/26 13:36:05 _cvs_levitte Exp $ */ - /* - * Copyright (c) 2004, Richard Levitte <richard@levitte.org> - * All rights reserved. -@@ -82,6 +81,12 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const c - size_t filespeclen = strlen(directory); - char *filespec = NULL; - -+ if (filespeclen == 0) -+ { -+ errno = ENOENT; -+ return 0; -+ } -+ - /* MUST be a VMS directory specification! Let's estimate if it is. */ - if (directory[filespeclen-1] != ']' - && directory[filespeclen-1] != '>' -Index: crypto/openssl/crypto/LPdir_win.c -=================================================================== ---- crypto/openssl/crypto/LPdir_win.c (revision 279126) -+++ crypto/openssl/crypto/LPdir_win.c (working copy) -@@ -1,4 +1,3 @@ --/* $LP: LPlib/source/LPdir_win.c,v 1.10 2004/08/26 13:36:05 _cvs_levitte Exp $ */ - /* - * Copyright (c) 2004, Richard Levitte <richard@levitte.org> - * All rights reserved. -@@ -65,6 +64,16 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const c - errno = 0; - if (*ctx == NULL) - { -+ const char *extdir = directory; -+ char *extdirbuf = NULL; -+ size_t dirlen = strlen (directory); -+ -+ if (dirlen == 0) -+ { -+ errno = ENOENT; -+ return 0; -+ } -+ - *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX)); - if (*ctx == NULL) - { -@@ -73,15 +82,35 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const c - } - memset(*ctx, '\0', sizeof(LP_DIR_CTX)); - -+ if (directory[dirlen-1] != '*') -+ { -+ extdirbuf = (char *)malloc(dirlen + 3); -+ if (extdirbuf == NULL) -+ { -+ free(*ctx); -+ *ctx = NULL; -+ errno = ENOMEM; -+ return 0; -+ } -+ if (directory[dirlen-1] != '/' && directory[dirlen-1] != '\\') -+ extdir = strcat(strcpy (extdirbuf,directory),"/*"); -+ else -+ extdir = strcat(strcpy (extdirbuf,directory),"*"); -+ } -+ - if (sizeof(TCHAR) != sizeof(char)) - { - TCHAR *wdir = NULL; - /* len_0 denotes string length *with* trailing 0 */ -- size_t index = 0,len_0 = strlen(directory) + 1; -+ size_t index = 0,len_0 = strlen(extdir) + 1; - -- wdir = (TCHAR *)malloc(len_0 * sizeof(TCHAR)); -+ wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR)); - if (wdir == NULL) - { -+ if (extdirbuf != NULL) -+ { -+ free (extdirbuf); -+ } - free(*ctx); - *ctx = NULL; - errno = ENOMEM; -@@ -89,10 +118,10 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const c - } - - #ifdef LP_MULTIBYTE_AVAILABLE -- if (!MultiByteToWideChar(CP_ACP, 0, directory, len_0, (WCHAR *)wdir, len_0)) -+ if (!MultiByteToWideChar(CP_ACP, 0, extdir, len_0, (WCHAR *)wdir, len_0)) - #endif - for (index = 0; index < len_0; index++) -- wdir[index] = (TCHAR)directory[index]; -+ wdir[index] = (TCHAR)extdir[index]; - - (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx); - -@@ -99,7 +128,13 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const c - free(wdir); - } - else -- (*ctx)->handle = FindFirstFile((TCHAR *)directory, &(*ctx)->ctx); -+ { -+ (*ctx)->handle = FindFirstFile((TCHAR *)extdir, &(*ctx)->ctx); -+ } -+ if (extdirbuf != NULL) -+ { -+ free (extdirbuf); -+ } - - if ((*ctx)->handle == INVALID_HANDLE_VALUE) - { -@@ -116,7 +151,6 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const c - return 0; - } - } -- - if (sizeof(TCHAR) != sizeof(char)) - { - TCHAR *wdir = (*ctx)->ctx.cFileName; -Index: crypto/openssl/crypto/Makefile -=================================================================== ---- crypto/openssl/crypto/Makefile (revision 279126) -+++ crypto/openssl/crypto/Makefile (working copy) -@@ -30,6 +30,7 @@ AFLAGS=$(ASFLAGS) - LIBS= - - GENERAL=Makefile README crypto-lib.com install.com -+TEST=constant_time_test.c - - LIB= $(TOP)/libcrypto.a - SHARED_LIB= libcrypto$(SHLIB_EXT) -@@ -40,7 +41,8 @@ SRC= $(LIBSRC) - - EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \ - ossl_typ.h --HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h $(EXHEADER) -+HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h \ -+ constant_time_locl.h $(EXHEADER) - - ALL= $(GENERAL) $(SRC) $(HEADER) - -Index: crypto/openssl/crypto/asn1/asn1_lib.c -=================================================================== ---- crypto/openssl/crypto/asn1/asn1_lib.c (revision 279126) -+++ crypto/openssl/crypto/asn1/asn1_lib.c (working copy) -@@ -131,6 +131,9 @@ int ASN1_get_object(const unsigned char **pp, long - *pclass=xclass; - if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err; - -+ if (inf && !(ret & V_ASN1_CONSTRUCTED)) -+ goto err; -+ - #if 0 - fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", - (int)p,*plength,omax,(int)*pp,(int)(p+ *plength), -Index: crypto/openssl/crypto/asn1/asn_mime.c -=================================================================== ---- crypto/openssl/crypto/asn1/asn_mime.c (revision 279126) -+++ crypto/openssl/crypto/asn1/asn_mime.c (working copy) -@@ -595,6 +595,8 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO * - int len, state, save_state = 0; - - headers = sk_MIME_HEADER_new(mime_hdr_cmp); -+ if (!headers) -+ return NULL; - while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { - /* If whitespace at line start then continuation line */ - if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME; -Index: crypto/openssl/crypto/asn1/asn_pack.c -=================================================================== ---- crypto/openssl/crypto/asn1/asn_pack.c (revision 279126) -+++ crypto/openssl/crypto/asn1/asn_pack.c (working copy) -@@ -134,15 +134,23 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_vo - - if (!(octmp->length = i2d(obj, NULL))) { - ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR); -- return NULL; -+ goto err; - } - if (!(p = OPENSSL_malloc (octmp->length))) { - ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); -- return NULL; -+ goto err; - } - octmp->data = p; - i2d (obj, &p); - return octmp; -+ err: -+ if (!oct || !*oct) -+ { -+ ASN1_STRING_free(octmp); -+ if (oct) -+ *oct = NULL; -+ } -+ return NULL; - } - - #endif -Index: crypto/openssl/crypto/asn1/evp_asn1.c -=================================================================== ---- crypto/openssl/crypto/asn1/evp_asn1.c (revision 279126) -+++ crypto/openssl/crypto/asn1/evp_asn1.c (working copy) -@@ -66,7 +66,11 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsign - ASN1_STRING *os; - - if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0); -- if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0); -+ if (!M_ASN1_OCTET_STRING_set(os,data,len)) -+ { -+ M_ASN1_OCTET_STRING_free(os); -+ return 0; -+ } - ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os); - return(1); - } -Index: crypto/openssl/crypto/asn1/t_x509.c -=================================================================== ---- crypto/openssl/crypto/asn1/t_x509.c (revision 279126) -+++ crypto/openssl/crypto/asn1/t_x509.c (working copy) -@@ -465,6 +465,8 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int - l=80-2-obase; - - b=X509_NAME_oneline(name,NULL,0); -+ if (!b) -+ return 0; - if (!*b) - { - OPENSSL_free(b); -Index: crypto/openssl/crypto/asn1/tasn_enc.c -=================================================================== ---- crypto/openssl/crypto/asn1/tasn_enc.c (revision 279126) -+++ crypto/openssl/crypto/asn1/tasn_enc.c (working copy) -@@ -453,9 +453,14 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) * - { - derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) - * sizeof(*derlst)); -+ if (!derlst) -+ return 0; - tmpdat = OPENSSL_malloc(skcontlen); -- if (!derlst || !tmpdat) -+ if (!tmpdat) -+ { -+ OPENSSL_free(derlst); - return 0; -+ } - } - } - /* If not sorting just output each item */ -Index: crypto/openssl/crypto/bio/bio_lib.c -=================================================================== ---- crypto/openssl/crypto/bio/bio_lib.c (revision 279126) -+++ crypto/openssl/crypto/bio/bio_lib.c (working copy) -@@ -132,8 +132,8 @@ int BIO_free(BIO *a) - - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); - -- if ((a->method == NULL) || (a->method->destroy == NULL)) return(1); -- a->method->destroy(a); -+ if ((a->method != NULL) && (a->method->destroy != NULL)) -+ a->method->destroy(a); - OPENSSL_free(a); - return(1); - } -Index: crypto/openssl/crypto/bn/asm/x86_64-gcc.c -=================================================================== ---- crypto/openssl/crypto/bn/asm/x86_64-gcc.c (revision 279126) -+++ crypto/openssl/crypto/bn/asm/x86_64-gcc.c (working copy) -@@ -185,7 +185,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULON - - if (n <= 0) return 0; - -- asm ( -+ asm volatile ( - " subq %2,%2 \n" - ".align 16 \n" - "1: movq (%4,%2,8),%0 \n" -@@ -196,7 +196,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULON - " sbbq %0,%0 \n" - : "=&a"(ret),"+c"(n),"=&r"(i) - : "r"(rp),"r"(ap),"r"(bp) -- : "cc" -+ : "cc", "memory" - ); - - return ret&1; -@@ -208,7 +208,7 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULON - - if (n <= 0) return 0; - -- asm ( -+ asm volatile ( - " subq %2,%2 \n" - ".align 16 \n" - "1: movq (%4,%2,8),%0 \n" -@@ -219,7 +219,7 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULON - " sbbq %0,%0 \n" - : "=&a"(ret),"+c"(n),"=&r"(i) - : "r"(rp),"r"(ap),"r"(bp) -- : "cc" -+ : "cc", "memory" - ); - - return ret&1; -Index: crypto/openssl/crypto/bn/bn_exp.c -=================================================================== ---- crypto/openssl/crypto/bn/bn_exp.c (revision 279126) -+++ crypto/openssl/crypto/bn/bn_exp.c (working copy) -@@ -767,7 +767,14 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, c - bits = BN_num_bits(p); - if (bits == 0) - { -- ret = BN_one(rr); -+ /* x**0 mod 1 is still zero. */ -+ if (BN_is_one(m)) -+ { -+ ret = 1; -+ BN_zero(rr); -+ } -+ else -+ ret = BN_one(rr); - return ret; - } - if (a == 0) -Index: crypto/openssl/crypto/bn/bn_gf2m.c -=================================================================== ---- crypto/openssl/crypto/bn/bn_gf2m.c (revision 279126) -+++ crypto/openssl/crypto/bn/bn_gf2m.c (working copy) -@@ -1095,3 +1095,54 @@ int BN_GF2m_arr2poly(const unsigned int p[], BIGNU - return 1; - } - -+/* -+ * Constant-time conditional swap of a and b. -+ * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. -+ * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, -+ * and that no more than nwords are used by either a or b. -+ * a and b cannot be the same number -+ */ -+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) -+ { -+ BN_ULONG t; -+ int i; -+ -+ bn_wcheck_size(a, nwords); -+ bn_wcheck_size(b, nwords); -+ -+ assert(a != b); -+ assert((condition & (condition - 1)) == 0); -+ assert(sizeof(BN_ULONG) >= sizeof(int)); -+ -+ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; -+ -+ t = (a->top^b->top) & condition; -+ a->top ^= t; -+ b->top ^= t; -+ -+#define BN_CONSTTIME_SWAP(ind) \ -+ do { \ -+ t = (a->d[ind] ^ b->d[ind]) & condition; \ -+ a->d[ind] ^= t; \ -+ b->d[ind] ^= t; \ -+ } while (0) -+ -+ -+ switch (nwords) { -+ default: -+ for (i = 10; i < nwords; i++) -+ BN_CONSTTIME_SWAP(i); -+ /* Fallthrough */ -+ case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ -+ case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ -+ case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ -+ case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ -+ case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ -+ case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ -+ case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ -+ case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ -+ case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ -+ case 1: BN_CONSTTIME_SWAP(0); -+ } -+#undef BN_CONSTTIME_SWAP -+} -Index: crypto/openssl/crypto/bn/bn_lib.c -=================================================================== ---- crypto/openssl/crypto/bn/bn_lib.c (revision 279126) -+++ crypto/openssl/crypto/bn/bn_lib.c (working copy) -@@ -320,6 +320,15 @@ static BN_ULONG *bn_expand_internal(const BIGNUM * - BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); - return(NULL); - } -+#ifdef PURIFY -+ /* Valgrind complains in BN_consttime_swap because we process the whole -+ * array even if it's not initialised yet. This doesn't matter in that -+ * function - what's important is constant time operation (we're not -+ * actually going to use the data) -+ */ -+ memset(a, 0, sizeof(BN_ULONG)*words); -+#endif -+ - #if 1 - B=b->d; - /* Check if the previous number needs to be copied */ -@@ -824,55 +833,3 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ - } - return bn_cmp_words(a,b,cl); - } -- --/* -- * Constant-time conditional swap of a and b. -- * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. -- * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, -- * and that no more than nwords are used by either a or b. -- * a and b cannot be the same number -- */ --void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) -- { -- BN_ULONG t; -- int i; -- -- bn_wcheck_size(a, nwords); -- bn_wcheck_size(b, nwords); -- -- assert(a != b); -- assert((condition & (condition - 1)) == 0); -- assert(sizeof(BN_ULONG) >= sizeof(int)); -- -- condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; -- -- t = (a->top^b->top) & condition; -- a->top ^= t; -- b->top ^= t; -- --#define BN_CONSTTIME_SWAP(ind) \ -- do { \ -- t = (a->d[ind] ^ b->d[ind]) & condition; \ -- a->d[ind] ^= t; \ -- b->d[ind] ^= t; \ -- } while (0) -- -- -- switch (nwords) { -- default: -- for (i = 10; i < nwords; i++) -- BN_CONSTTIME_SWAP(i); -- /* Fallthrough */ -- case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ -- case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ -- case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ -- case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ -- case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ -- case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ -- case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ -- case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ -- case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ -- case 1: BN_CONSTTIME_SWAP(0); -- } --#undef BN_CONSTTIME_SWAP --} -Index: crypto/openssl/crypto/bn/bn_sqr.c -=================================================================== ---- crypto/openssl/crypto/bn/bn_sqr.c (revision 279126) -+++ crypto/openssl/crypto/bn/bn_sqr.c (working copy) -@@ -77,6 +77,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx - if (al <= 0) - { - r->top=0; -+ r->neg = 0; - return 1; - } - -Index: crypto/openssl/crypto/bn/exptest.c -=================================================================== ---- crypto/openssl/crypto/bn/exptest.c (revision 279126) -+++ crypto/openssl/crypto/bn/exptest.c (working copy) -@@ -71,6 +71,48 @@ - - static const char rnd_seed[] = "string to make the random number generator think it has entropy"; - -+/* -+ * Disabled for FIPS capable builds because they use the FIPS BIGNUM library -+ * which will fail this test. -+ */ -+#ifndef OPENSSL_FIPS -+/* test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. */ -+static int test_exp_mod_zero() { -+ BIGNUM a, p, m; -+ BIGNUM r; -+ BN_CTX *ctx = BN_CTX_new(); -+ int ret = 1; -+ -+ BN_init(&m); -+ BN_one(&m); -+ -+ BN_init(&a); -+ BN_one(&a); -+ -+ BN_init(&p); -+ BN_zero(&p); -+ -+ BN_init(&r); -+ BN_mod_exp(&r, &a, &p, &m, ctx); -+ BN_CTX_free(ctx); -+ -+ if (BN_is_zero(&r)) -+ ret = 0; -+ else -+ { -+ printf("1**0 mod 1 = "); -+ BN_print_fp(stdout, &r); -+ printf(", should be 0\n"); -+ } -+ -+ BN_free(&r); -+ BN_free(&a); -+ BN_free(&p); -+ BN_free(&m); -+ -+ return ret; -+} -+#endif - int main(int argc, char *argv[]) - { - BN_CTX *ctx; -@@ -190,7 +232,13 @@ int main(int argc, char *argv[]) - ERR_remove_state(0); - CRYPTO_mem_leaks(out); - BIO_free(out); -- printf(" done\n"); -+ printf("\n"); -+#ifndef OPENSSL_FIPS -+ if (test_exp_mod_zero() != 0) -+ goto err; -+#endif -+ printf("done\n"); -+ - EXIT(0); - err: - ERR_load_crypto_strings(); -Index: crypto/openssl/crypto/conf/conf_api.c -=================================================================== ---- crypto/openssl/crypto/conf/conf_api.c (revision 279126) -+++ crypto/openssl/crypto/conf/conf_api.c (working copy) -@@ -294,7 +294,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const ch - v->value=(char *)sk; - - vv=(CONF_VALUE *)lh_insert(conf->data,v); -- assert(vv == NULL); -+ OPENSSL_assert(vv == NULL); - ok=1; - err: - if (!ok) -Index: crypto/openssl/crypto/conf/conf_def.c -=================================================================== ---- crypto/openssl/crypto/conf/conf_def.c (revision 279126) -+++ crypto/openssl/crypto/conf/conf_def.c (working copy) -@@ -324,7 +324,7 @@ again: - p=eat_ws(conf, end); - if (*p != ']') - { -- if (*p != '\0') -+ if (*p != '\0' && ss != p) - { - ss=p; - goto again; -Index: crypto/openssl/crypto/constant_time_locl.h -=================================================================== ---- crypto/openssl/crypto/constant_time_locl.h (revision 0) -+++ crypto/openssl/crypto/constant_time_locl.h (working copy) -@@ -0,0 +1,206 @@ -+/* crypto/constant_time_locl.h */ -+/* -+ * Utilities for constant-time cryptography. -+ * -+ * Author: Emilia Kasper (emilia@openssl.org) -+ * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley -+ * (Google). -+ * ==================================================================== -+ * Copyright (c) 2014 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#ifndef HEADER_CONSTANT_TIME_LOCL_H -+#define HEADER_CONSTANT_TIME_LOCL_H -+ -+#include "e_os.h" /* For 'inline' */ -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+/* -+ * The boolean methods return a bitmask of all ones (0xff...f) for true -+ * and 0 for false. This is useful for choosing a value based on the result -+ * of a conditional in constant time. For example, -+ * -+ * if (a < b) { -+ * c = a; -+ * } else { -+ * c = b; -+ * } -+ * -+ * can be written as -+ * -+ * unsigned int lt = constant_time_lt(a, b); -+ * c = constant_time_select(lt, a, b); -+ */ -+ -+/* -+ * Returns the given value with the MSB copied to all the other -+ * bits. Uses the fact that arithmetic shift shifts-in the sign bit. -+ * However, this is not ensured by the C standard so you may need to -+ * replace this with something else on odd CPUs. -+ */ -+static inline unsigned int constant_time_msb(unsigned int a); -+ -+/* -+ * Returns 0xff..f if a < b and 0 otherwise. -+ */ -+static inline unsigned int constant_time_lt(unsigned int a, unsigned int b); -+/* Convenience method for getting an 8-bit mask. */ -+static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b); -+ -+/* -+ * Returns 0xff..f if a >= b and 0 otherwise. -+ */ -+static inline unsigned int constant_time_ge(unsigned int a, unsigned int b); -+/* Convenience method for getting an 8-bit mask. */ -+static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b); -+ -+/* -+ * Returns 0xff..f if a == 0 and 0 otherwise. -+ */ -+static inline unsigned int constant_time_is_zero(unsigned int a); -+/* Convenience method for getting an 8-bit mask. */ -+static inline unsigned char constant_time_is_zero_8(unsigned int a); -+ -+ -+/* -+ * Returns 0xff..f if a == b and 0 otherwise. -+ */ -+static inline unsigned int constant_time_eq(unsigned int a, unsigned int b); -+/* Convenience method for getting an 8-bit mask. */ -+static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b); -+/* Signed integers. */ -+static inline unsigned int constant_time_eq_int(int a, int b); -+/* Convenience method for getting an 8-bit mask. */ -+static inline unsigned char constant_time_eq_int_8(int a, int b); -+ -+ -+/* -+ * Returns (mask & a) | (~mask & b). -+ * -+ * When |mask| is all 1s or all 0s (as returned by the methods above), -+ * the select methods return either |a| (if |mask| is nonzero) or |b| -+ * (if |mask| is zero). -+ */ -+static inline unsigned int constant_time_select(unsigned int mask, -+ unsigned int a, unsigned int b); -+/* Convenience method for unsigned chars. */ -+static inline unsigned char constant_time_select_8(unsigned char mask, -+ unsigned char a, unsigned char b); -+/* Convenience method for signed integers. */ -+static inline int constant_time_select_int(unsigned int mask, int a, int b); -+ -+static inline unsigned int constant_time_msb(unsigned int a) -+ { -+ return 0-(a >> (sizeof(a) * 8 - 1)); -+ } -+ -+static inline unsigned int constant_time_lt(unsigned int a, unsigned int b) -+ { -+ return constant_time_msb(a^((a^b)|((a-b)^b))); -+ } -+ -+static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b) -+ { -+ return (unsigned char)(constant_time_lt(a, b)); -+ } -+ -+static inline unsigned int constant_time_ge(unsigned int a, unsigned int b) -+ { -+ return ~constant_time_lt(a, b); -+ } -+ -+static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b) -+ { -+ return (unsigned char)(constant_time_ge(a, b)); -+ } -+ -+static inline unsigned int constant_time_is_zero(unsigned int a) -+ { -+ return constant_time_msb(~a & (a - 1)); -+ } -+ -+static inline unsigned char constant_time_is_zero_8(unsigned int a) -+ { -+ return (unsigned char)(constant_time_is_zero(a)); -+ } -+ -+static inline unsigned int constant_time_eq(unsigned int a, unsigned int b) -+ { -+ return constant_time_is_zero(a ^ b); -+ } -+ -+static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b) -+ { -+ return (unsigned char)(constant_time_eq(a, b)); -+ } -+ -+static inline unsigned int constant_time_eq_int(int a, int b) -+ { -+ return constant_time_eq((unsigned)(a), (unsigned)(b)); -+ } -+ -+static inline unsigned char constant_time_eq_int_8(int a, int b) -+ { -+ return constant_time_eq_8((unsigned)(a), (unsigned)(b)); -+ } -+ -+static inline unsigned int constant_time_select(unsigned int mask, -+ unsigned int a, unsigned int b) -+ { -+ return (mask & a) | (~mask & b); -+ } -+ -+static inline unsigned char constant_time_select_8(unsigned char mask, -+ unsigned char a, unsigned char b) -+ { -+ return (unsigned char)(constant_time_select(mask, a, b)); -+ } -+ -+static inline int constant_time_select_int(unsigned int mask, int a, int b) -+ { -+ return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b))); -+ } -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* HEADER_CONSTANT_TIME_LOCL_H */ -Index: crypto/openssl/crypto/constant_time_test.c -=================================================================== ---- crypto/openssl/crypto/constant_time_test.c (revision 0) -+++ crypto/openssl/crypto/constant_time_test.c (working copy) -@@ -0,0 +1,330 @@ -+/* crypto/constant_time_test.c */ -+/* -+ * Utilities for constant-time cryptography. -+ * -+ * Author: Emilia Kasper (emilia@openssl.org) -+ * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley -+ * (Google). -+ * ==================================================================== -+ * Copyright (c) 2014 The OpenSSL Project. All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. All advertising materials mentioning features or use of this software -+ * must display the following acknowledgement: -+ * "This product includes cryptographic software written by -+ * Eric Young (eay@cryptsoft.com)" -+ * The word 'cryptographic' can be left out if the rouines from the library -+ * being used are not cryptographic related :-). -+ * 4. If you include any Windows specific code (or a derivative thereof) from -+ * the apps directory (application code) you must include an acknowledgement: -+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -+ * -+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ * -+ * The licence and distribution terms for any publically available version or -+ * derivative of this code cannot be changed. i.e. this code cannot simply be -+ * copied and put under another distribution licence -+ * [including the GNU Public Licence.] -+ */ -+ -+#include "../crypto/constant_time_locl.h" -+ -+#include <limits.h> -+#include <stdio.h> -+#include <stdlib.h> -+ -+static const unsigned int CONSTTIME_TRUE = (unsigned)(~0); -+static const unsigned int CONSTTIME_FALSE = 0; -+static const unsigned char CONSTTIME_TRUE_8 = 0xff; -+static const unsigned char CONSTTIME_FALSE_8 = 0; -+ -+static int test_binary_op(unsigned int (*op)(unsigned int a, unsigned int b), -+ const char* op_name, unsigned int a, unsigned int b, int is_true) -+ { -+ unsigned c = op(a, b); -+ if (is_true && c != CONSTTIME_TRUE) -+ { -+ fprintf(stderr, "Test failed for %s(%du, %du): expected %du " -+ "(TRUE), got %du\n", op_name, a, b, CONSTTIME_TRUE, c); -+ return 1; -+ } -+ else if (!is_true && c != CONSTTIME_FALSE) -+ { -+ fprintf(stderr, "Test failed for %s(%du, %du): expected %du " -+ "(FALSE), got %du\n", op_name, a, b, CONSTTIME_FALSE, -+ c); -+ return 1; -+ } -+ return 0; -+ } -+ -+static int test_binary_op_8(unsigned char (*op)(unsigned int a, unsigned int b), -+ const char* op_name, unsigned int a, unsigned int b, int is_true) -+ { -+ unsigned char c = op(a, b); -+ if (is_true && c != CONSTTIME_TRUE_8) -+ { -+ fprintf(stderr, "Test failed for %s(%du, %du): expected %u " -+ "(TRUE), got %u\n", op_name, a, b, CONSTTIME_TRUE_8, c); -+ return 1; -+ } -+ else if (!is_true && c != CONSTTIME_FALSE_8) -+ { -+ fprintf(stderr, "Test failed for %s(%du, %du): expected %u " -+ "(FALSE), got %u\n", op_name, a, b, CONSTTIME_FALSE_8, -+ c); -+ return 1; -+ } -+ return 0; -+ } -+ -+static int test_is_zero(unsigned int a) -+ { -+ unsigned int c = constant_time_is_zero(a); -+ if (a == 0 && c != CONSTTIME_TRUE) -+ { -+ fprintf(stderr, "Test failed for constant_time_is_zero(%du): " -+ "expected %du (TRUE), got %du\n", a, CONSTTIME_TRUE, c); -+ return 1; -+ } -+ else if (a != 0 && c != CONSTTIME_FALSE) -+ { -+ fprintf(stderr, "Test failed for constant_time_is_zero(%du): " -+ "expected %du (FALSE), got %du\n", a, CONSTTIME_FALSE, -+ c); -+ return 1; -+ } -+ return 0; -+ } -+ -+static int test_is_zero_8(unsigned int a) -+ { -+ unsigned char c = constant_time_is_zero_8(a); -+ if (a == 0 && c != CONSTTIME_TRUE_8) -+ { -+ fprintf(stderr, "Test failed for constant_time_is_zero(%du): " -+ "expected %u (TRUE), got %u\n", a, CONSTTIME_TRUE_8, c); -+ return 1; -+ } -+ else if (a != 0 && c != CONSTTIME_FALSE) -+ { -+ fprintf(stderr, "Test failed for constant_time_is_zero(%du): " -+ "expected %u (FALSE), got %u\n", a, CONSTTIME_FALSE_8, -+ c); -+ return 1; -+ } -+ return 0; -+ } -+ -+static int test_select(unsigned int a, unsigned int b) -+ { -+ unsigned int selected = constant_time_select(CONSTTIME_TRUE, a, b); -+ if (selected != a) -+ { -+ fprintf(stderr, "Test failed for constant_time_select(%du, %du," -+ "%du): expected %du(first value), got %du\n", -+ CONSTTIME_TRUE, a, b, a, selected); -+ return 1; -+ } -+ selected = constant_time_select(CONSTTIME_FALSE, a, b); -+ if (selected != b) -+ { -+ fprintf(stderr, "Test failed for constant_time_select(%du, %du," -+ "%du): expected %du(second value), got %du\n", -+ CONSTTIME_FALSE, a, b, b, selected); -+ return 1; -+ } -+ return 0; -+ } -+ -+static int test_select_8(unsigned char a, unsigned char b) -+ { -+ unsigned char selected = constant_time_select_8(CONSTTIME_TRUE_8, a, b); -+ if (selected != a) -+ { -+ fprintf(stderr, "Test failed for constant_time_select(%u, %u," -+ "%u): expected %u(first value), got %u\n", -+ CONSTTIME_TRUE, a, b, a, selected); -+ return 1; -+ } -+ selected = constant_time_select_8(CONSTTIME_FALSE_8, a, b); -+ if (selected != b) -+ { -+ fprintf(stderr, "Test failed for constant_time_select(%u, %u," -+ "%u): expected %u(second value), got %u\n", -+ CONSTTIME_FALSE, a, b, b, selected); -+ return 1; -+ } -+ return 0; -+ } -+ -+static int test_select_int(int a, int b) -+ { -+ int selected = constant_time_select_int(CONSTTIME_TRUE, a, b); -+ if (selected != a) -+ { -+ fprintf(stderr, "Test failed for constant_time_select(%du, %d," -+ "%d): expected %d(first value), got %d\n", -+ CONSTTIME_TRUE, a, b, a, selected); -+ return 1; -+ } -+ selected = constant_time_select_int(CONSTTIME_FALSE, a, b); -+ if (selected != b) -+ { -+ fprintf(stderr, "Test failed for constant_time_select(%du, %d," -+ "%d): expected %d(second value), got %d\n", -+ CONSTTIME_FALSE, a, b, b, selected); -+ return 1; -+ } -+ return 0; -+ } -+ -+static int test_eq_int(int a, int b) -+ { -+ unsigned int equal = constant_time_eq_int(a, b); -+ if (a == b && equal != CONSTTIME_TRUE) -+ { -+ fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): " -+ "expected %du(TRUE), got %du\n", -+ a, b, CONSTTIME_TRUE, equal); -+ return 1; -+ } -+ else if (a != b && equal != CONSTTIME_FALSE) -+ { -+ fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): " -+ "expected %du(FALSE), got %du\n", -+ a, b, CONSTTIME_FALSE, equal); -+ return 1; -+ } -+ return 0; -+ } -+ -+static int test_eq_int_8(int a, int b) -+ { -+ unsigned char equal = constant_time_eq_int_8(a, b); -+ if (a == b && equal != CONSTTIME_TRUE_8) -+ { -+ fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): " -+ "expected %u(TRUE), got %u\n", -+ a, b, CONSTTIME_TRUE_8, equal); -+ return 1; -+ } -+ else if (a != b && equal != CONSTTIME_FALSE_8) -+ { -+ fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): " -+ "expected %u(FALSE), got %u\n", -+ a, b, CONSTTIME_FALSE_8, equal); -+ return 1; -+ } -+ return 0; -+ } -+ -+static unsigned int test_values[] = {0, 1, 1024, 12345, 32000, UINT_MAX/2-1, -+ UINT_MAX/2, UINT_MAX/2+1, UINT_MAX-1, -+ UINT_MAX}; -+ -+static unsigned char test_values_8[] = {0, 1, 2, 20, 32, 127, 128, 129, 255}; -+ -+static int signed_test_values[] = {0, 1, -1, 1024, -1024, 12345, -12345, -+ 32000, -32000, INT_MAX, INT_MIN, INT_MAX-1, -+ INT_MIN+1}; -+ -+ -+int main(int argc, char *argv[]) -+ { -+ unsigned int a, b, i, j; -+ int c, d; -+ unsigned char e, f; -+ int num_failed = 0, num_all = 0; -+ fprintf(stdout, "Testing constant time operations...\n"); -+ -+ for (i = 0; i < sizeof(test_values)/sizeof(int); ++i) -+ { -+ a = test_values[i]; -+ num_failed += test_is_zero(a); -+ num_failed += test_is_zero_8(a); -+ num_all += 2; -+ for (j = 0; j < sizeof(test_values)/sizeof(int); ++j) -+ { -+ b = test_values[j]; -+ num_failed += test_binary_op(&constant_time_lt, -+ "constant_time_lt", a, b, a < b); -+ num_failed += test_binary_op_8(&constant_time_lt_8, -+ "constant_time_lt_8", a, b, a < b); -+ num_failed += test_binary_op(&constant_time_lt, -+ "constant_time_lt_8", b, a, b < a); -+ num_failed += test_binary_op_8(&constant_time_lt_8, -+ "constant_time_lt_8", b, a, b < a); -+ num_failed += test_binary_op(&constant_time_ge, -+ "constant_time_ge", a, b, a >= b); -+ num_failed += test_binary_op_8(&constant_time_ge_8, -+ "constant_time_ge_8", a, b, a >= b); -+ num_failed += test_binary_op(&constant_time_ge, -+ "constant_time_ge", b, a, b >= a); -+ num_failed += test_binary_op_8(&constant_time_ge_8, -+ "constant_time_ge_8", b, a, b >= a); -+ num_failed += test_binary_op(&constant_time_eq, -+ "constant_time_eq", a, b, a == b); -+ num_failed += test_binary_op_8(&constant_time_eq_8, -+ "constant_time_eq_8", a, b, a == b); -+ num_failed += test_binary_op(&constant_time_eq, -+ "constant_time_eq", b, a, b == a); -+ num_failed += test_binary_op_8(&constant_time_eq_8, -+ "constant_time_eq_8", b, a, b == a); -+ num_failed += test_select(a, b); -+ num_all += 13; -+ } -+ } -+ -+ for (i = 0; i < sizeof(signed_test_values)/sizeof(int); ++i) -+ { -+ c = signed_test_values[i]; -+ for (j = 0; j < sizeof(signed_test_values)/sizeof(int); ++j) -+ { -+ d = signed_test_values[j]; -+ num_failed += test_select_int(c, d); -+ num_failed += test_eq_int(c, d); -+ num_failed += test_eq_int_8(c, d); -+ num_all += 3; -+ } -+ } -+ -+ for (i = 0; i < sizeof(test_values_8); ++i) -+ { -+ e = test_values_8[i]; -+ for (j = 0; j < sizeof(test_values_8); ++j) -+ { -+ f = test_values_8[j]; -+ num_failed += test_select_8(e, f); -+ num_all += 1; -+ } -+ } -+ -+ if (!num_failed) -+ { -+ fprintf(stdout, "ok (ran %d tests)\n", num_all); -+ return EXIT_SUCCESS; -+ } -+ else -+ { -+ fprintf(stdout, "%d of %d tests failed!\n", num_failed, num_all); -+ return EXIT_FAILURE; -+ } -+ } -Index: crypto/openssl/crypto/ec/ec_key.c -=================================================================== ---- crypto/openssl/crypto/ec/ec_key.c (revision 279126) -+++ crypto/openssl/crypto/ec/ec_key.c (working copy) -@@ -64,7 +64,6 @@ - #include <string.h> - #include "ec_lcl.h" - #include <openssl/err.h> --#include <string.h> - - EC_KEY *EC_KEY_new(void) - { -Index: crypto/openssl/crypto/ec/ec_lib.c -=================================================================== ---- crypto/openssl/crypto/ec/ec_lib.c (revision 279126) -+++ crypto/openssl/crypto/ec/ec_lib.c (working copy) -@@ -1010,7 +1010,7 @@ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT * - - int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) - { -- if (group->meth->dbl == 0) -+ if (group->meth->invert == 0) - { - ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; -Index: crypto/openssl/crypto/ec/ecp_smpl.c -=================================================================== ---- crypto/openssl/crypto/ec/ecp_smpl.c (revision 279126) -+++ crypto/openssl/crypto/ec/ecp_smpl.c (working copy) -@@ -1540,9 +1540,8 @@ int ec_GFp_simple_make_affine(const EC_GROUP *grou - int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) - { - BN_CTX *new_ctx = NULL; -- BIGNUM *tmp0, *tmp1; -- size_t pow2 = 0; -- BIGNUM **heap = NULL; -+ BIGNUM *tmp, *tmp_Z; -+ BIGNUM **prod_Z = NULL; - size_t i; - int ret = 0; - -@@ -1557,124 +1556,104 @@ int ec_GFp_simple_points_make_affine(const EC_GROU - } - - BN_CTX_start(ctx); -- tmp0 = BN_CTX_get(ctx); -- tmp1 = BN_CTX_get(ctx); -- if (tmp0 == NULL || tmp1 == NULL) goto err; -+ tmp = BN_CTX_get(ctx); -+ tmp_Z = BN_CTX_get(ctx); -+ if (tmp == NULL || tmp_Z == NULL) goto err; - -- /* Before converting the individual points, compute inverses of all Z values. -- * Modular inversion is rather slow, but luckily we can do with a single -- * explicit inversion, plus about 3 multiplications per input value. -- */ -+ prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]); -+ if (prod_Z == NULL) goto err; -+ for (i = 0; i < num; i++) -+ { -+ prod_Z[i] = BN_new(); -+ if (prod_Z[i] == NULL) goto err; -+ } - -- pow2 = 1; -- while (num > pow2) -- pow2 <<= 1; -- /* Now pow2 is the smallest power of 2 satifsying pow2 >= num. -- * We need twice that. */ -- pow2 <<= 1; -+ /* Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z, -+ * skipping any zero-valued inputs (pretend that they're 1). */ - -- heap = OPENSSL_malloc(pow2 * sizeof heap[0]); -- if (heap == NULL) goto err; -- -- /* The array is used as a binary tree, exactly as in heapsort: -- * -- * heap[1] -- * heap[2] heap[3] -- * heap[4] heap[5] heap[6] heap[7] -- * heap[8]heap[9] heap[10]heap[11] heap[12]heap[13] heap[14] heap[15] -- * -- * We put the Z's in the last line; -- * then we set each other node to the product of its two child-nodes (where -- * empty or 0 entries are treated as ones); -- * then we invert heap[1]; -- * then we invert each other node by replacing it by the product of its -- * parent (after inversion) and its sibling (before inversion). -- */ -- heap[0] = NULL; -- for (i = pow2/2 - 1; i > 0; i--) -- heap[i] = NULL; -- for (i = 0; i < num; i++) -- heap[pow2/2 + i] = &points[i]->Z; -- for (i = pow2/2 + num; i < pow2; i++) -- heap[i] = NULL; -- -- /* set each node to the product of its children */ -- for (i = pow2/2 - 1; i > 0; i--) -+ if (!BN_is_zero(&points[0]->Z)) - { -- heap[i] = BN_new(); -- if (heap[i] == NULL) goto err; -- -- if (heap[2*i] != NULL) -+ if (!BN_copy(prod_Z[0], &points[0]->Z)) goto err; -+ } -+ else -+ { -+ if (group->meth->field_set_to_one != 0) - { -- if ((heap[2*i + 1] == NULL) || BN_is_zero(heap[2*i + 1])) -- { -- if (!BN_copy(heap[i], heap[2*i])) goto err; -- } -- else -- { -- if (BN_is_zero(heap[2*i])) -- { -- if (!BN_copy(heap[i], heap[2*i + 1])) goto err; -- } -- else -- { -- if (!group->meth->field_mul(group, heap[i], -- heap[2*i], heap[2*i + 1], ctx)) goto err; -- } -- } -+ if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) goto err; - } -+ else -+ { -+ if (!BN_one(prod_Z[0])) goto err; -+ } - } - -- /* invert heap[1] */ -- if (!BN_is_zero(heap[1])) -+ for (i = 1; i < num; i++) - { -- if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx)) -+ if (!BN_is_zero(&points[i]->Z)) - { -- ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); -- goto err; -+ if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], &points[i]->Z, ctx)) goto err; - } -+ else -+ { -+ if (!BN_copy(prod_Z[i], prod_Z[i - 1])) goto err; -+ } - } -+ -+ /* Now use a single explicit inversion to replace every -+ * non-zero points[i]->Z by its inverse. */ -+ -+ if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx)) -+ { -+ ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); -+ goto err; -+ } - if (group->meth->field_encode != 0) - { -- /* in the Montgomery case, we just turned R*H (representing H) -+ /* In the Montgomery case, we just turned R*H (representing H) - * into 1/(R*H), but we need R*(1/H) (representing 1/H); -- * i.e. we have need to multiply by the Montgomery factor twice */ -- if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; -- if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; -+ * i.e. we need to multiply by the Montgomery factor twice. */ -+ if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; -+ if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err; - } - -- /* set other heap[i]'s to their inverses */ -- for (i = 2; i < pow2/2 + num; i += 2) -+ for (i = num - 1; i > 0; --i) - { -- /* i is even */ -- if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1])) -+ /* Loop invariant: tmp is the product of the inverses of -+ * points[0]->Z .. points[i]->Z (zero-valued inputs skipped). */ -+ if (!BN_is_zero(&points[i]->Z)) - { -- if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err; -- if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err; -- if (!BN_copy(heap[i], tmp0)) goto err; -- if (!BN_copy(heap[i + 1], tmp1)) goto err; -+ /* Set tmp_Z to the inverse of points[i]->Z (as product -+ * of Z inverses 0 .. i, Z values 0 .. i - 1). */ -+ if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) goto err; -+ /* Update tmp to satisfy the loop invariant for i - 1. */ -+ if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) goto err; -+ /* Replace points[i]->Z by its inverse. */ -+ if (!BN_copy(&points[i]->Z, tmp_Z)) goto err; - } -- else -- { -- if (!BN_copy(heap[i], heap[i/2])) goto err; -- } - } - -- /* we have replaced all non-zero Z's by their inverses, now fix up all the points */ -+ if (!BN_is_zero(&points[0]->Z)) -+ { -+ /* Replace points[0]->Z by its inverse. */ -+ if (!BN_copy(&points[0]->Z, tmp)) goto err; -+ } -+ -+ /* Finally, fix up the X and Y coordinates for all points. */ -+ - for (i = 0; i < num; i++) - { - EC_POINT *p = points[i]; -- -+ - if (!BN_is_zero(&p->Z)) - { - /* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */ - -- if (!group->meth->field_sqr(group, tmp1, &p->Z, ctx)) goto err; -- if (!group->meth->field_mul(group, &p->X, &p->X, tmp1, ctx)) goto err; -+ if (!group->meth->field_sqr(group, tmp, &p->Z, ctx)) goto err; -+ if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx)) goto err; - -- if (!group->meth->field_mul(group, tmp1, tmp1, &p->Z, ctx)) goto err; -- if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp1, ctx)) goto err; -- -+ if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx)) goto err; -+ if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx)) goto err; -+ - if (group->meth->field_set_to_one != 0) - { - if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err; -@@ -1688,20 +1667,19 @@ int ec_GFp_simple_points_make_affine(const EC_GROU - } - - ret = 1; -- -+ - err: - BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); -- if (heap != NULL) -+ if (prod_Z != NULL) - { -- /* heap[pow2/2] .. heap[pow2-1] have not been allocated locally! */ -- for (i = pow2/2 - 1; i > 0; i--) -+ for (i = 0; i < num; i++) - { -- if (heap[i] != NULL) -- BN_clear_free(heap[i]); -+ if (prod_Z[i] == NULL) break; -+ BN_clear_free(prod_Z[i]); - } -- OPENSSL_free(heap); -+ OPENSSL_free(prod_Z); - } - return ret; - } -Index: crypto/openssl/crypto/ecdsa/Makefile -=================================================================== ---- crypto/openssl/crypto/ecdsa/Makefile (revision 279126) -+++ crypto/openssl/crypto/ecdsa/Makefile (working copy) -@@ -128,11 +128,12 @@ ecs_sign.o: ../../include/openssl/safestack.h ../. - ecs_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h - ecs_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h - ecs_sign.o: ecs_locl.h ecs_sign.c --ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h --ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h --ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h --ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h --ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h -+ecs_vrf.o: ../../e_os.h ../../include/openssl/asn1.h -+ecs_vrf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -+ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -+ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -+ecs_vrf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -+ecs_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h - ecs_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h - ecs_vrf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h - ecs_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -@@ -140,4 +141,4 @@ ecs_vrf.o: ../../include/openssl/ossl_typ.h ../../ - ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h - ecs_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h - ecs_vrf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h --ecs_vrf.o: ecs_locl.h ecs_vrf.c -+ecs_vrf.o: ../cryptlib.h ecs_locl.h ecs_vrf.c -Index: crypto/openssl/crypto/idea/ideatest.c -=================================================================== ---- crypto/openssl/crypto/idea/ideatest.c (revision 279126) -+++ crypto/openssl/crypto/idea/ideatest.c (working copy) -@@ -199,10 +199,10 @@ static int cfb64_test(unsigned char *cfb_cipher) - } - memcpy(cfb_tmp,cfb_iv,8); - n=0; -- idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks, -+ idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)13,&eks, - cfb_tmp,&n,IDEA_DECRYPT); -- idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]), -- (long)CFB_TEST_SIZE-17,&dks, -+ idea_cfb64_encrypt(&(cfb_buf1[13]),&(cfb_buf2[13]), -+ (long)CFB_TEST_SIZE-13,&eks, - cfb_tmp,&n,IDEA_DECRYPT); - if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0) - { -Index: crypto/openssl/crypto/md32_common.h -=================================================================== ---- crypto/openssl/crypto/md32_common.h (revision 279126) -+++ crypto/openssl/crypto/md32_common.h (working copy) -@@ -225,8 +225,7 @@ - #define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ - l|=(((unsigned long)(*((c)++)))<<16), \ - l|=(((unsigned long)(*((c)++)))<< 8), \ -- l|=(((unsigned long)(*((c)++))) ), \ -- l) -+ l|=(((unsigned long)(*((c)++))) ) ) - #endif - #ifndef HOST_l2c - #define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ -@@ -262,8 +261,7 @@ - #define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ - l|=(((unsigned long)(*((c)++)))<< 8), \ - l|=(((unsigned long)(*((c)++)))<<16), \ -- l|=(((unsigned long)(*((c)++)))<<24), \ -- l) -+ l|=(((unsigned long)(*((c)++)))<<24) ) - #endif - #ifndef HOST_l2c - #define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ -Index: crypto/openssl/crypto/ocsp/ocsp_ht.c -=================================================================== ---- crypto/openssl/crypto/ocsp/ocsp_ht.c (revision 279126) -+++ crypto/openssl/crypto/ocsp/ocsp_ht.c (working copy) -@@ -464,6 +464,9 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path - - ctx = OCSP_sendreq_new(b, path, req, -1); - -+ if (!ctx) -+ return NULL; -+ - do - { - rv = OCSP_sendreq_nbio(&resp, ctx); -Index: crypto/openssl/crypto/ocsp/ocsp_lib.c -=================================================================== ---- crypto/openssl/crypto/ocsp/ocsp_lib.c (revision 279126) -+++ crypto/openssl/crypto/ocsp/ocsp_lib.c (working copy) -@@ -220,8 +220,19 @@ int OCSP_parse_url(char *url, char **phost, char * - - if (!*ppath) goto mem_err; - -+ p = host; -+ if(host[0] == '[') -+ { -+ /* ipv6 literal */ -+ host++; -+ p = strchr(host, ']'); -+ if(!p) goto parse_err; -+ *p = '\0'; -+ p++; -+ } -+ - /* Look for optional ':' for port number */ -- if ((p = strchr(host, ':'))) -+ if ((p = strchr(p, ':'))) - { - *p = 0; - port = p + 1; -Index: crypto/openssl/crypto/opensslv.h -=================================================================== ---- crypto/openssl/crypto/opensslv.h (revision 279126) -+++ crypto/openssl/crypto/opensslv.h (working copy) -@@ -25,11 +25,11 @@ - * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for - * major minor fix final patch/beta) - */ --#define OPENSSL_VERSION_NUMBER 0x009081afL -+#define OPENSSL_VERSION_NUMBER 0x009081dfL - #ifdef OPENSSL_FIPS --#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za-fips 5 Jun 2014" -+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zd-fips 8 Jan 2015" - #else --#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8za-freebsd 5 Jun 2014" -+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zd-freebsd 8 Jan 2015" - #endif - #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT - -Index: crypto/openssl/crypto/pkcs7/Makefile -=================================================================== ---- crypto/openssl/crypto/pkcs7/Makefile (revision 279126) -+++ crypto/openssl/crypto/pkcs7/Makefile (working copy) -@@ -39,20 +39,6 @@ test: - - all: lib - --testapps: enc dec sign verify -- --enc: enc.o lib -- $(CC) $(CFLAGS) -o enc enc.o $(PEX_LIBS) $(LIB) $(EX_LIBS) -- --dec: dec.o lib -- $(CC) $(CFLAGS) -o dec dec.o $(PEX_LIBS) $(LIB) $(EX_LIBS) -- --sign: sign.o lib -- $(CC) $(CFLAGS) -o sign sign.o $(PEX_LIBS) $(LIB) $(EX_LIBS) -- --verify: verify.o example.o lib -- $(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS) -- - lib: $(LIBOBJ) - $(ARX) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. -Index: crypto/openssl/crypto/pkcs7/bio_ber.c -=================================================================== ---- crypto/openssl/crypto/pkcs7/bio_ber.c (revision 279126) -+++ crypto/openssl/crypto/pkcs7/bio_ber.c (working copy) -@@ -1,466 +0,0 @@ --/* crypto/evp/bio_ber.c */ --/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -- * All rights reserved. -- * -- * This package is an SSL implementation written -- * by Eric Young (eay@cryptsoft.com). -- * The implementation was written so as to conform with Netscapes SSL. -- * -- * This library is free for commercial and non-commercial use as long as -- * the following conditions are aheared to. The following conditions -- * apply to all code found in this distribution, be it the RC4, RSA, -- * lhash, DES, etc., code; not just the SSL code. The SSL documentation -- * included with this distribution is covered by the same copyright terms -- * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -- * Copyright remains Eric Young's, and as such any Copyright notices in -- * the code are not to be removed. -- * If this package is used in a product, Eric Young should be given attribution -- * as the author of the parts of the library used. -- * This can be in the form of a textual message at program startup or -- * in documentation (online or textual) provided with the package. -- * -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * 1. Redistributions of source code must retain the copyright -- * notice, this list of conditions and the following disclaimer. -- * 2. Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in the -- * documentation and/or other materials provided with the distribution. -- * 3. All advertising materials mentioning features or use of this software -- * must display the following acknowledgement: -- * "This product includes cryptographic software written by -- * Eric Young (eay@cryptsoft.com)" -- * The word 'cryptographic' can be left out if the rouines from the library -- * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -- * the apps directory (application code) you must include an acknowledgement: -- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -- * SUCH DAMAGE. -- * -- * The licence and distribution terms for any publically available version or -- * derivative of this code cannot be changed. i.e. this code cannot simply be -- * copied and put under another distribution licence -- * [including the GNU Public Licence.] -- */ -- --#include <stdio.h> --#include <errno.h> --#include "cryptlib.h" --#include <openssl/buffer.h> --#include <openssl/evp.h> -- --static int ber_write(BIO *h,char *buf,int num); --static int ber_read(BIO *h,char *buf,int size); --/*static int ber_puts(BIO *h,char *str); */ --/*static int ber_gets(BIO *h,char *str,int size); */ --static long ber_ctrl(BIO *h,int cmd,long arg1,char *arg2); --static int ber_new(BIO *h); --static int ber_free(BIO *data); --static long ber_callback_ctrl(BIO *h,int cmd,void *(*fp)()); --#define BER_BUF_SIZE (32) -- --/* This is used to hold the state of the BER objects being read. */ --typedef struct ber_struct -- { -- int tag; -- int class; -- long length; -- int inf; -- int num_left; -- int depth; -- } BER_CTX; -- --typedef struct bio_ber_struct -- { -- int tag; -- int class; -- long length; -- int inf; -- -- /* most of the following are used when doing non-blocking IO */ -- /* reading */ -- long num_left; /* number of bytes still to read/write in block */ -- int depth; /* used with indefinite encoding. */ -- int finished; /* No more read data */ -- -- /* writting */ -- char *w_addr; -- int w_offset; -- int w_left; -- -- int buf_len; -- int buf_off; -- unsigned char buf[BER_BUF_SIZE]; -- } BIO_BER_CTX; -- --static BIO_METHOD methods_ber= -- { -- BIO_TYPE_CIPHER,"cipher", -- ber_write, -- ber_read, -- NULL, /* ber_puts, */ -- NULL, /* ber_gets, */ -- ber_ctrl, -- ber_new, -- ber_free, -- ber_callback_ctrl, -- }; -- --BIO_METHOD *BIO_f_ber(void) -- { -- return(&methods_ber); -- } -- --static int ber_new(BIO *bi) -- { -- BIO_BER_CTX *ctx; -- -- ctx=(BIO_BER_CTX *)OPENSSL_malloc(sizeof(BIO_BER_CTX)); -- if (ctx == NULL) return(0); -- -- memset((char *)ctx,0,sizeof(BIO_BER_CTX)); -- -- bi->init=0; -- bi->ptr=(char *)ctx; -- bi->flags=0; -- return(1); -- } -- --static int ber_free(BIO *a) -- { -- BIO_BER_CTX *b; -- -- if (a == NULL) return(0); -- b=(BIO_BER_CTX *)a->ptr; -- OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX)); -- OPENSSL_free(a->ptr); -- a->ptr=NULL; -- a->init=0; -- a->flags=0; -- return(1); -- } -- --int bio_ber_get_header(BIO *bio, BIO_BER_CTX *ctx) -- { -- char buf[64]; -- int i,j,n; -- int ret; -- unsigned char *p; -- unsigned long length -- int tag; -- int class; -- long max; -- -- BIO_clear_retry_flags(b); -- -- /* Pack the buffer down if there is a hole at the front */ -- if (ctx->buf_off != 0) -- { -- p=ctx->buf; -- j=ctx->buf_off; -- n=ctx->buf_len-j; -- for (i=0; i<n; i++) -- { -- p[0]=p[j]; -- p++; -- } -- ctx->buf_len-j; -- ctx->buf_off=0; -- } -- -- /* If there is more room, read some more data */ -- i=BER_BUF_SIZE-ctx->buf_len; -- if (i) -- { -- i=BIO_read(bio->next_bio,&(ctx->buf[ctx->buf_len]),i); -- if (i <= 0) -- { -- BIO_copy_next_retry(b); -- return(i); -- } -- else -- ctx->buf_len+=i; -- } -- -- max=ctx->buf_len; -- p=ctx->buf; -- ret=ASN1_get_object(&p,&length,&tag,&class,max); -- -- if (ret & 0x80) -- { -- if ((ctx->buf_len < BER_BUF_SIZE) && -- (ERR_GET_REASON(ERR_peek_error()) == ASN1_R_TOO_LONG)) -- { -- ERR_clear_error(); /* clear the error */ -- BIO_set_retry_read(b); -- } -- return(-1); -- } -- -- /* We have no error, we have a header, so make use of it */ -- -- if ((ctx->tag >= 0) && (ctx->tag != tag)) -- { -- BIOerr(BIO_F_BIO_BER_GET_HEADER,BIO_R_TAG_MISMATCH); -- sprintf(buf,"tag=%d, got %d",ctx->tag,tag); -- ERR_add_error_data(1,buf); -- return(-1); -- } -- if (ret & 0x01) -- if (ret & V_ASN1_CONSTRUCTED) -- } -- --static int ber_read(BIO *b, char *out, int outl) -- { -- int ret=0,i,n; -- BIO_BER_CTX *ctx; -- -- BIO_clear_retry_flags(b); -- -- if (out == NULL) return(0); -- ctx=(BIO_BER_CTX *)b->ptr; -- -- if ((ctx == NULL) || (b->next_bio == NULL)) return(0); -- -- if (ctx->finished) return(0); -- --again: -- /* First see if we are half way through reading a block */ -- if (ctx->num_left > 0) -- { -- if (ctx->num_left < outl) -- n=ctx->num_left; -- else -- n=outl; -- i=BIO_read(b->next_bio,out,n); -- if (i <= 0) -- { -- BIO_copy_next_retry(b); -- return(i); -- } -- ctx->num_left-=i; -- outl-=i; -- ret+=i; -- if (ctx->num_left <= 0) -- { -- ctx->depth--; -- if (ctx->depth <= 0) -- ctx->finished=1; -- } -- if (outl <= 0) -- return(ret); -- else -- goto again; -- } -- else /* we need to read another BER header */ -- { -- } -- } -- --static int ber_write(BIO *b, char *in, int inl) -- { -- int ret=0,n,i; -- BIO_ENC_CTX *ctx; -- -- ctx=(BIO_ENC_CTX *)b->ptr; -- ret=inl; -- -- BIO_clear_retry_flags(b); -- n=ctx->buf_len-ctx->buf_off; -- while (n > 0) -- { -- i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); -- if (i <= 0) -- { -- BIO_copy_next_retry(b); -- return(i); -- } -- ctx->buf_off+=i; -- n-=i; -- } -- /* at this point all pending data has been written */ -- -- if ((in == NULL) || (inl <= 0)) return(0); -- -- ctx->buf_off=0; -- while (inl > 0) -- { -- n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl; -- EVP_CipherUpdate(&(ctx->cipher), -- (unsigned char *)ctx->buf,&ctx->buf_len, -- (unsigned char *)in,n); -- inl-=n; -- in+=n; -- -- ctx->buf_off=0; -- n=ctx->buf_len; -- while (n > 0) -- { -- i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); -- if (i <= 0) -- { -- BIO_copy_next_retry(b); -- return(i); -- } -- n-=i; -- ctx->buf_off+=i; -- } -- ctx->buf_len=0; -- ctx->buf_off=0; -- } -- BIO_copy_next_retry(b); -- return(ret); -- } -- --static long ber_ctrl(BIO *b, int cmd, long num, char *ptr) -- { -- BIO *dbio; -- BIO_ENC_CTX *ctx,*dctx; -- long ret=1; -- int i; -- -- ctx=(BIO_ENC_CTX *)b->ptr; -- -- switch (cmd) -- { -- case BIO_CTRL_RESET: -- ctx->ok=1; -- ctx->finished=0; -- EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL, -- ctx->cipher.berrypt); -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- case BIO_CTRL_EOF: /* More to read */ -- if (ctx->cont <= 0) -- ret=1; -- else -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- case BIO_CTRL_WPENDING: -- ret=ctx->buf_len-ctx->buf_off; -- if (ret <= 0) -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- case BIO_CTRL_PENDING: /* More to read in buffer */ -- ret=ctx->buf_len-ctx->buf_off; -- if (ret <= 0) -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- case BIO_CTRL_FLUSH: -- /* do a final write */ --again: -- while (ctx->buf_len != ctx->buf_off) -- { -- i=ber_write(b,NULL,0); -- if (i < 0) -- { -- ret=i; -- break; -- } -- } -- -- if (!ctx->finished) -- { -- ctx->finished=1; -- ctx->buf_off=0; -- ret=EVP_CipherFinal_ex(&(ctx->cipher), -- (unsigned char *)ctx->buf, -- &(ctx->buf_len)); -- ctx->ok=(int)ret; -- if (ret <= 0) break; -- -- /* push out the bytes */ -- goto again; -- } -- -- /* Finally flush the underlying BIO */ -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- case BIO_C_GET_CIPHER_STATUS: -- ret=(long)ctx->ok; -- break; -- case BIO_C_DO_STATE_MACHINE: -- BIO_clear_retry_flags(b); -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- BIO_copy_next_retry(b); -- break; -- -- case BIO_CTRL_DUP: -- dbio=(BIO *)ptr; -- dctx=(BIO_ENC_CTX *)dbio->ptr; -- memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher)); -- dbio->init=1; -- break; -- default: -- ret=BIO_ctrl(b->next_bio,cmd,num,ptr); -- break; -- } -- return(ret); -- } -- --static long ber_callback_ctrl(BIO *b, int cmd, void *(*fp)()) -- { -- long ret=1; -- -- if (b->next_bio == NULL) return(0); -- switch (cmd) -- { -- default: -- ret=BIO_callback_ctrl(b->next_bio,cmd,fp); -- break; -- } -- return(ret); -- } -- --/* --void BIO_set_cipher_ctx(b,c) --BIO *b; --EVP_CIPHER_ctx *c; -- { -- if (b == NULL) return; -- -- if ((b->callback != NULL) && -- (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0)) -- return; -- -- b->init=1; -- ctx=(BIO_ENC_CTX *)b->ptr; -- memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX)); -- -- if (b->callback != NULL) -- b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L); -- } --*/ -- --void BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *k, unsigned char *i, -- int e) -- { -- BIO_ENC_CTX *ctx; -- -- if (b == NULL) return; -- -- if ((b->callback != NULL) && -- (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0)) -- return; -- -- b->init=1; -- ctx=(BIO_ENC_CTX *)b->ptr; -- EVP_CipherInit_ex(&(ctx->cipher),c,NULL,k,i,e); -- -- if (b->callback != NULL) -- b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L); -- } -- -Index: crypto/openssl/crypto/pkcs7/dec.c -=================================================================== ---- crypto/openssl/crypto/pkcs7/dec.c (revision 279126) -+++ crypto/openssl/crypto/pkcs7/dec.c (working copy) -@@ -1,248 +0,0 @@ --/* crypto/pkcs7/verify.c */ --/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -- * All rights reserved. -- * -- * This package is an SSL implementation written -- * by Eric Young (eay@cryptsoft.com). -- * The implementation was written so as to conform with Netscapes SSL. -- * -- * This library is free for commercial and non-commercial use as long as -- * the following conditions are aheared to. The following conditions -- * apply to all code found in this distribution, be it the RC4, RSA, -- * lhash, DES, etc., code; not just the SSL code. The SSL documentation -- * included with this distribution is covered by the same copyright terms -- * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -- * Copyright remains Eric Young's, and as such any Copyright notices in -- * the code are not to be removed. -- * If this package is used in a product, Eric Young should be given attribution -- * as the author of the parts of the library used. -- * This can be in the form of a textual message at program startup or -- * in documentation (online or textual) provided with the package. -- * -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * 1. Redistributions of source code must retain the copyright -- * notice, this list of conditions and the following disclaimer. -- * 2. Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in the -- * documentation and/or other materials provided with the distribution. -- * 3. All advertising materials mentioning features or use of this software -- * must display the following acknowledgement: -- * "This product includes cryptographic software written by -- * Eric Young (eay@cryptsoft.com)" -- * The word 'cryptographic' can be left out if the rouines from the library -- * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -- * the apps directory (application code) you must include an acknowledgement: -- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -- * SUCH DAMAGE. -- * -- * The licence and distribution terms for any publically available version or -- * derivative of this code cannot be changed. i.e. this code cannot simply be -- * copied and put under another distribution licence -- * [including the GNU Public Licence.] -- */ --#include <stdio.h> --#include <stdlib.h> --#include <string.h> --#include <openssl/bio.h> --#include <openssl/x509.h> --#include <openssl/pem.h> --#include <openssl/err.h> --#include <openssl/asn1.h> -- --int verify_callback(int ok, X509_STORE_CTX *ctx); -- --BIO *bio_err=NULL; -- --int main(argc,argv) --int argc; --char *argv[]; -- { -- char *keyfile=NULL; -- BIO *in; -- EVP_PKEY *pkey; -- X509 *x509; -- PKCS7 *p7; -- PKCS7_SIGNER_INFO *si; -- X509_STORE_CTX cert_ctx; -- X509_STORE *cert_store=NULL; -- BIO *data,*detached=NULL,*p7bio=NULL; -- char buf[1024*4]; -- unsigned char *pp; -- int i,printit=0; -- STACK_OF(PKCS7_SIGNER_INFO) *sk; -- -- OpenSSL_add_all_algorithms(); -- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); -- -- data=BIO_new(BIO_s_file()); -- pp=NULL; -- while (argc > 1) -- { -- argc--; -- argv++; -- if (strcmp(argv[0],"-p") == 0) -- { -- printit=1; -- } -- else if ((strcmp(argv[0],"-k") == 0) && (argc >= 2)) { -- keyfile = argv[1]; -- argc-=1; -- argv+=1; -- } else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2)) -- { -- detached=BIO_new(BIO_s_file()); -- if (!BIO_read_filename(detached,argv[1])) -- goto err; -- argc-=1; -- argv+=1; -- } -- else break; -- } -- -- if (!BIO_read_filename(data,argv[0])) goto err; -- -- if(!keyfile) { -- fprintf(stderr, "No private key file specified\n"); -- goto err; -- } -- -- if ((in=BIO_new_file(keyfile,"r")) == NULL) goto err; -- if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err; -- BIO_reset(in); -- if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL) -- goto err; -- BIO_free(in); -- -- if (pp == NULL) -- BIO_set_fp(data,stdin,BIO_NOCLOSE); -- -- -- /* Load the PKCS7 object from a file */ -- if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL,NULL)) == NULL) goto err; -- -- -- -- /* This stuff is being setup for certificate verification. -- * When using SSL, it could be replaced with a -- * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */ -- cert_store=X509_STORE_new(); -- X509_STORE_set_default_paths(cert_store); -- X509_STORE_load_locations(cert_store,NULL,"../../certs"); -- X509_STORE_set_verify_cb_func(cert_store,verify_callback); -- -- ERR_clear_error(); -- -- /* We need to process the data */ -- /* We cannot support detached encryption */ -- p7bio=PKCS7_dataDecode(p7,pkey,detached,x509); -- -- if (p7bio == NULL) -- { -- printf("problems decoding\n"); -- goto err; -- } -- -- /* We now have to 'read' from p7bio to calculate digests etc. */ -- for (;;) -- { -- i=BIO_read(p7bio,buf,sizeof(buf)); -- /* print it? */ -- if (i <= 0) break; -- fwrite(buf,1, i, stdout); -- } -- -- /* We can now verify signatures */ -- sk=PKCS7_get_signer_info(p7); -- if (sk == NULL) -- { -- fprintf(stderr, "there are no signatures on this data\n"); -- } -- else -- { -- /* Ok, first we need to, for each subject entry, -- * see if we can verify */ -- ERR_clear_error(); -- for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++) -- { -- si=sk_PKCS7_SIGNER_INFO_value(sk,i); -- i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si); -- if (i <= 0) -- goto err; -- else -- fprintf(stderr,"Signature verified\n"); -- } -- } -- X509_STORE_free(cert_store); -- -- exit(0); --err: -- ERR_load_crypto_strings(); -- ERR_print_errors_fp(stderr); -- exit(1); -- } -- --/* should be X509 * but we can just have them as char *. */ --int verify_callback(int ok, X509_STORE_CTX *ctx) -- { -- char buf[256]; -- X509 *err_cert; -- int err,depth; -- -- err_cert=X509_STORE_CTX_get_current_cert(ctx); -- err= X509_STORE_CTX_get_error(ctx); -- depth= X509_STORE_CTX_get_error_depth(ctx); -- -- X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256); -- BIO_printf(bio_err,"depth=%d %s\n",depth,buf); -- if (!ok) -- { -- BIO_printf(bio_err,"verify error:num=%d:%s\n",err, -- X509_verify_cert_error_string(err)); -- if (depth < 6) -- { -- ok=1; -- X509_STORE_CTX_set_error(ctx,X509_V_OK); -- } -- else -- { -- ok=0; -- X509_STORE_CTX_set_error(ctx,X509_V_ERR_CERT_CHAIN_TOO_LONG); -- } -- } -- switch (ctx->error) -- { -- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: -- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256); -- BIO_printf(bio_err,"issuer= %s\n",buf); -- break; -- case X509_V_ERR_CERT_NOT_YET_VALID: -- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: -- BIO_printf(bio_err,"notBefore="); -- ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); -- BIO_printf(bio_err,"\n"); -- break; -- case X509_V_ERR_CERT_HAS_EXPIRED: -- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: -- BIO_printf(bio_err,"notAfter="); -- ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); -- BIO_printf(bio_err,"\n"); -- break; -- } -- BIO_printf(bio_err,"verify return:%d\n",ok); -- return(ok); -- } -Index: crypto/openssl/crypto/pkcs7/des.pem -=================================================================== ---- crypto/openssl/crypto/pkcs7/des.pem (revision 279126) -+++ crypto/openssl/crypto/pkcs7/des.pem (working copy) -@@ -1,15 +0,0 @@ -- --MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG --A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m --dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD --ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEC2vXI1xQDW6lUHM3zQ --/9uBEBOO5A3TtkrklAXq7v01gsIC21t52qSk36REXY+slhNZ0OQ349tgkTsoETHFLoEwMIHw --AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI --QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU --UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G --CSqGSIb3DQEBAQUABEB8ujxbabxXUYJhopuDm3oDq4JNqX6Io4p3ro+ShqfIndsXTZ1v5a2N --WtLLCWlHn/habjBwZ/DgQgcKASbZ7QxNMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA --oAQIbsL5v1wX98KggAQoAaJ4WHm68fXY1WE5OIjfVBIDpO1K+i8dmKhjnAjrjoyZ9Bwc8rDL --lgQg4CXb805h5xl+GfvSwUaHJayte1m2mcOhs3J2YyqbQ+MEIMIiJQccmhO3oDKm36CFvYR8 --5PjpclVcZyX2ngbwPFMnBAgy0clOAE6UKAAAAAAAAAAAAAA= -- -Index: crypto/openssl/crypto/pkcs7/doc -=================================================================== ---- crypto/openssl/crypto/pkcs7/doc (revision 279126) -+++ crypto/openssl/crypto/pkcs7/doc (working copy) -@@ -1,24 +0,0 @@ --int PKCS7_set_content_type(PKCS7 *p7, int type); --Call to set the type of PKCS7 object we are working on -- --int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, -- EVP_MD *dgst); --Use this to setup a signer info --There will also be functions to add signed and unsigned attributes. -- --int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); --Add a signer info to the content. -- --int PKCS7_add_certificae(PKCS7 *p7, X509 *x509); --int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); -- ------ -- --p7=PKCS7_new(); --PKCS7_set_content_type(p7,NID_pkcs7_signed); -- --signer=PKCS7_SINGNER_INFO_new(); --PKCS7_SIGNER_INFO_set(signer,x509,pkey,EVP_md5()); --PKCS7_add_signer(py,signer); -- --we are now setup. -Index: crypto/openssl/crypto/pkcs7/enc.c -=================================================================== ---- crypto/openssl/crypto/pkcs7/enc.c (revision 279126) -+++ crypto/openssl/crypto/pkcs7/enc.c (working copy) -@@ -1,174 +0,0 @@ --/* crypto/pkcs7/enc.c */ --/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -- * All rights reserved. -- * -- * This package is an SSL implementation written -- * by Eric Young (eay@cryptsoft.com). -- * The implementation was written so as to conform with Netscapes SSL. -- * -- * This library is free for commercial and non-commercial use as long as -- * the following conditions are aheared to. The following conditions -- * apply to all code found in this distribution, be it the RC4, RSA, -- * lhash, DES, etc., code; not just the SSL code. The SSL documentation -- * included with this distribution is covered by the same copyright terms -- * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -- * Copyright remains Eric Young's, and as such any Copyright notices in -- * the code are not to be removed. -- * If this package is used in a product, Eric Young should be given attribution -- * as the author of the parts of the library used. -- * This can be in the form of a textual message at program startup or -- * in documentation (online or textual) provided with the package. -- * -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * 1. Redistributions of source code must retain the copyright -- * notice, this list of conditions and the following disclaimer. -- * 2. Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in the -- * documentation and/or other materials provided with the distribution. -- * 3. All advertising materials mentioning features or use of this software -- * must display the following acknowledgement: -- * "This product includes cryptographic software written by -- * Eric Young (eay@cryptsoft.com)" -- * The word 'cryptographic' can be left out if the rouines from the library -- * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -- * the apps directory (application code) you must include an acknowledgement: -- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -- * SUCH DAMAGE. -- * -- * The licence and distribution terms for any publically available version or -- * derivative of this code cannot be changed. i.e. this code cannot simply be -- * copied and put under another distribution licence -- * [including the GNU Public Licence.] -- */ --#include <stdio.h> --#include <string.h> --#include <openssl/bio.h> --#include <openssl/x509.h> --#include <openssl/pem.h> --#include <openssl/err.h> -- --int main(argc,argv) --int argc; --char *argv[]; -- { -- X509 *x509; -- PKCS7 *p7; -- BIO *in; -- BIO *data,*p7bio; -- char buf[1024*4]; -- int i; -- int nodetach=1; -- char *keyfile = NULL; -- const EVP_CIPHER *cipher=NULL; -- STACK_OF(X509) *recips=NULL; -- -- OpenSSL_add_all_algorithms(); -- -- data=BIO_new(BIO_s_file()); -- while(argc > 1) -- { -- if (strcmp(argv[1],"-nd") == 0) -- { -- nodetach=1; -- argv++; argc--; -- } -- else if ((strcmp(argv[1],"-c") == 0) && (argc >= 2)) { -- if(!(cipher = EVP_get_cipherbyname(argv[2]))) { -- fprintf(stderr, "Unknown cipher %s\n", argv[2]); -- goto err; -- } -- argc-=2; -- argv+=2; -- } else if ((strcmp(argv[1],"-k") == 0) && (argc >= 2)) { -- keyfile = argv[2]; -- argc-=2; -- argv+=2; -- if (!(in=BIO_new_file(keyfile,"r"))) goto err; -- if (!(x509=PEM_read_bio_X509(in,NULL,NULL,NULL))) -- goto err; -- if(!recips) recips = sk_X509_new_null(); -- sk_X509_push(recips, x509); -- BIO_free(in); -- } else break; -- } -- -- if(!recips) { -- fprintf(stderr, "No recipients\n"); -- goto err; -- } -- -- if (!BIO_read_filename(data,argv[1])) goto err; -- -- p7=PKCS7_new(); --#if 0 -- BIO_reset(in); -- if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err; -- BIO_free(in); -- PKCS7_set_type(p7,NID_pkcs7_signedAndEnveloped); -- -- if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err; -- /* we may want to add more */ -- PKCS7_add_certificate(p7,x509); --#else -- PKCS7_set_type(p7,NID_pkcs7_enveloped); --#endif -- if(!cipher) { --#ifndef OPENSSL_NO_DES -- cipher = EVP_des_ede3_cbc(); --#else -- fprintf(stderr, "No cipher selected\n"); -- goto err; --#endif -- } -- -- if (!PKCS7_set_cipher(p7,cipher)) goto err; -- for(i = 0; i < sk_X509_num(recips); i++) { -- if (!PKCS7_add_recipient(p7,sk_X509_value(recips, i))) goto err; -- } -- sk_X509_pop_free(recips, X509_free); -- -- /* Set the content of the signed to 'data' */ -- /* PKCS7_content_new(p7,NID_pkcs7_data); not used in envelope */ -- -- /* could be used, but not in this version :-) -- if (!nodetach) PKCS7_set_detached(p7,1); -- */ -- -- if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err; -- -- for (;;) -- { -- i=BIO_read(data,buf,sizeof(buf)); -- if (i <= 0) break; -- BIO_write(p7bio,buf,i); -- } -- BIO_flush(p7bio); -- -- if (!PKCS7_dataFinal(p7,p7bio)) goto err; -- BIO_free(p7bio); -- -- PEM_write_PKCS7(stdout,p7); -- PKCS7_free(p7); -- -- exit(0); --err: -- ERR_load_crypto_strings(); -- ERR_print_errors_fp(stderr); -- exit(1); -- } -- -Index: crypto/openssl/crypto/pkcs7/es1.pem -=================================================================== ---- crypto/openssl/crypto/pkcs7/es1.pem (revision 279126) -+++ crypto/openssl/crypto/pkcs7/es1.pem (working copy) -@@ -1,66 +0,0 @@ -------BEGIN PKCS7----- --MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG --A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m --dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD --ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqGSIb3DQEBAQUABEDWak0y/5XZJhQJeCLo --KECcHXkTEbjzYkYNHIinbiPmRK4QbNfs9z2mA3z/c2ykQ4eAqFR2jyNrUMN/+I5XEiv6MIHw --AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI --QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU --UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G --CSqGSIb3DQEBAQUABEAWg9+KgtCjc77Jdj1Ve4wGgHjVHbbSYEA1ZqKFDoi15vSr9hfpHmC4 --ycZzcRo16JkTfolefiHZzmyjVz94vSN6MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA --oAQI7X4Tk4mcbV6ggASBsHl1mCaJ3RhXWlNPCgCRU53d7M5x6TDZRkvwdtdvW96m1lupT03F --XtonkBqk7oMkH7kGfs5/REQOPjx0QE2Ixmgt1W3szum82EZwA7pZNppcraK7W/odw/7bYZO+ --II3HPmRklE2N9qiu1LPaPUsnYogkO6SennyeL5tZ382vBweL/8pnG0qsbT1OBb65v+llnsjT --pa1T/p+fIx/iJJGE6K9fYFokC6gXLQ6ozXRdOu5oBDB8mPCYYvAqKycidM/MrGGUkpEtS4f0 --lS31PwQi5YTim8Ig3/TOwVpPX32i46FTuEIEIMHkD/OvpfwCCzXUHHJnKnKUAUvIsSY3vGBs --8ezpUDfBBBj9LHDy32hZ2tQilkDefP5VM2LLdrWgamYEgfiyITQvn08Ul5lQOQxbFKBheFq5 --otCCN4MR+w5eq12xQu6y+f9z0159ag2ru87D0lLtUtXXtCELbO1nUkT2sJ0k/iDs9TOXr6Cx --go1XKYho83hlkXYiCteVizdAbgVGNsNRD4wtIdajsorET/LuJECgp11YeL9w1dlDB0HLEZfi --XCsUphH4jGagba3hDeUSibnjSiJlN0ukfuQurBBbI2UkBAujiEAubKPn7C1FZJRSw6CPPX5t --KEpmcqT1JNk6LO8Js6/1sCmmBh1VGCy1+EuTI9J1p7Dagf4nQ8cHitoCRpHuKZlFHnZyv7tw --Rn/KOhHaYP2VzAh40gQIvKMAAWh9oFsEEIMwIoOmLwLH5wf+8QdbDhoECH8HwZt9a12dBAjL --r4j2zlvtfgQIt7nmEM3wz1EECKlc3EIy1irCBBCAKINcermK3A+jI6ISN2RzBFA3dsh/xwMu --l61aWMBBZzEz/SF92k6n35KZhCC0d6fIVC/1WMv0fnCwQ8oEDynSre216VEFiYKBaQLJe5o/ --mTAxC7Ht3goXnuc+i1FItOkLrgRI/wyvTICEn2WsNZiMADnGaee2bqPnUopo+VMGexJEtCPk --l0ZNlDJGquPDkpUwaEtecVZzCNyVPYyyF4J/l8rmGDhDdYUIC8IKBEg/ip/E0BuubBLWVbv+ --HRl4QrnGpyCyeXRXXK603QP3sT1Zbbm1v5pI/loOhVHi724LmtXHSyp5qv9MDcxE1PoX10LY --gBRtlwwESPeCF8bK5jk4xIQMhK5NMHj1Y1KQWTZ9NGITBL4hjRq2qp4Qk5GIpGgOVPopAuCo --TIyPikpqBRNtLSPRSsDs6QPUPzWBh6JgxwRQblnDKKUkxUcnJiD4i9QtGa/ZabMn4KxtNOBL --5JSh1nJkaLXCZY070131WWPAByLcd5TiXq8x84pmzV5NNk4tiMpoXhJNsx8e4rskQQlKd6ME --SCe2eYDHKcKPX3WJbUzhrJSQ92/aWnI2iUY8WQ+kSNyiZ2QUjyuUg9Z66g/0d2STlvPOBHT/ --y5ODP2CwbcWX4QmCbUc9TT66fQRIrRVuwvtOfnUueyGgYhJ3HpAJfVaB/7kap5bj7Fi/azW4 --9JDfd1bC/W9h0Kyk7RO2gxvE0hIHc26mZJHTm9MNP5D328MnM2MdBEjKjQBtgrp+lFIii7MP --nGHFTKUkG4WAIZJCf/CsT+p6/SW0qG71Me/YcSw5STB24j+a+HgMV8RVIeUlkP4z0IWWrSoB --Gh4d/Z0EUMCVHs/HZ/bWgiyhtHpvuVAzidm8D81p1LJ5BQX5/5f/m+q5+fS/npL27dTEbNqs --LSB6ij3MZAi7LwHWpTn9zWnDajCMEj9vlaV7mcKtHK5iBEg85agFi1h3MvicqLtoFe5hVv9T --tG0j6CRkjkixPzivltlrf44KHv14gLM0XJxCGyq7vd3l8QYr3+9at0zNnX/yqTiBnsnE5dUE --SIgrYuz87M2gi/ER9PcDoTtONH3+CkcqVy03q/Sj8cVWD/b1KgEhqnNOfc8Ak9PctyR/ItcR --8Me5XVn1GJKkQJk4O29fxvgNoAQIrIESvUWGshAEQByXiFoFTDUByjTlgjcy77H1lrH+y3P/ --wAInJjJAut9kCNyGJV0PA4kdPB5USWltuO6t8gk4Pd2YBMl09zqUWkAEUCjFrtZ3mapjcGZI --uQTASKR5LSjXoWxTT5gae/+64MerF/oCEeO3ehRTpjnPrsiRDo0rWIQTaj9+Nro8Z2xtWstw --RnfoAHIxV1lEamPwjsceBEi2SD9hiifFeO5ECiVoaE1FdXUXhU+jwYAMx6jHWO9hMkYzS9pM --Y3IyWR5ybtOjiQgkUdvRJPUPGf5DVVMPnymGX25aDh5PYpIESPbsM9akCpOOVuscywcUswmU --o7dXvlB48WWCfg/al3BQKAZbn5ZXtWNwpUZkrEdHsrxAVv3rxRcdkT3Z1fzUbIuYkLJN200o --WgRIJvn6RO8KEj7/HOg2sYuuM8nz1kR0TSgwX7/0y/7JfjBa0JIlP7o75sNJscE8oyoIMzuy --Dvn6/U9g3BCDXn83A/s+ke60qn9gBFC6NAeLOlXal1YVWYhMQNOqCyUfAjiXBTawaysQb1Mk --YgeNlF8xuEFcUQWIP+vNG7FJ5JPMaMRL4YEoaQ3sVFhYOERJR1cSb+8xt4QCYtBKQgRIUOmJ --CHW5o1hXJWJiTkZK2qWFcEMzTINSj5EpYFySr8aVBjkRnI7vxegRT/+XZZXoYedQ3UNsnGI3 --DdkWii5VzX0PNF6C60pfBEiVpausYuX7Wjb3Lfm8cBj7GgN69i6Pm2gxtobVcmpo2nS4D714 --ePyhlX9n8kJ6QAcqWMRj22smDPrHVGNTizfzHBh5zNllK9gESJizILOWI327og3ZWp+qUht5 --kNDJCzMK7Z09UAy+h+vq0VTQuEo3FgLzVdqkJujjSL4Nx97lXg51AovrEn3nd4evydwcjKLX --1wRIo72NaeWuUEQ+rt1SlCsOJ7k1ioJSqhrPOfvwcaFcb4beVet1JWiy4yvowTjLDGbUje2s --xjrlVt4BJWI/uA6jbQsrxSe89ADZBAi5YAlR4qszeAQIXD3VSBVKbRUECNTtyvw9vvqXBAhb --IZNn4H4cxgQI+XW7GkfL+ekECCCCg2reMyGDBAh1PYqkg3lw3gQQkNlggEPU+BH8eh7Gm7n7 --7AQIjC5EWbkil5cEEKcpuqwTWww/X89KnQAg8TcECJPomqHvrlZFBBiRSuIiHpmN+PaujXpv --qZV2VhjkB2j09GEECOIdv8AVOJgKBAjlHgIqAD9jZQQIXHbs44+wogcEIGGqTACRJxrhMcMG --X8drNjksIPt+snxTXUBIkTVpZWoABAh6unXPTyIr8QQgBF8xKoX27MWk7iTNmkSNZggZXa2a --DWCGHSYLngbSOHIECD9XmO6VsvTgBAjfqB70CEW4WwQIVIBkbCocznUEEHB/zFXy/sR4OYHe --UfbNPnIEEDWBB/NTCLMGE+o8BfyujcAECFik7GQnnF9VBBAhLXExQeWAofZNc6NtN7qZBCC1 --gVIS3ruTwKltmcrgx3heT3M8ZJhCfWa+6KzchnmKygQQ+1NL5sSzR4m/fdrqxHFyUAQYCT2x --PamQr3wK3h0lyZER+4H0zPM86AhFBBC3CkmvL2vjflMfujnzPBVpBBge9rMbI5+0q9DLrTiT --5F3AIgXLpD8PQWAECHkHVo6RomV3BAgMbi8E271UeAQIqtS8wnI3XngECG3TWmOMb3/iBEha --y+mvCS6I3n3JfL8e1B5P4qX9/czJRaERLuKpGNjLiL4A+zxN0LZ0UHd0qfmJjwOTxAx3iJAC --lGXX4nB9ATYPUT5EU+o1Y4sECN01pP6vWNIdBDAsiE0Ts8/9ltJlqX2B3AoOM4qOt9EaCjXf --lB+aEmrhtjUwuZ6GqS5Ke7P6XnakTk4ECCLIMatNdootAAAAAAAAAAAAAA== -------END PKCS7----- -Index: crypto/openssl/crypto/pkcs7/example.c -=================================================================== ---- crypto/openssl/crypto/pkcs7/example.c (revision 279126) -+++ crypto/openssl/crypto/pkcs7/example.c (working copy) -@@ -1,329 +0,0 @@ --#include <stdio.h> --#include <stdlib.h> --#include <string.h> --#include <openssl/pkcs7.h> --#include <openssl/asn1_mac.h> --#include <openssl/x509.h> -- --int add_signed_time(PKCS7_SIGNER_INFO *si) -- { -- ASN1_UTCTIME *sign_time; -- -- /* The last parameter is the amount to add/subtract from the current -- * time (in seconds) */ -- sign_time=X509_gmtime_adj(NULL,0); -- PKCS7_add_signed_attribute(si,NID_pkcs9_signingTime, -- V_ASN1_UTCTIME,(char *)sign_time); -- return(1); -- } -- --ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si) -- { -- ASN1_TYPE *so; -- -- so=PKCS7_get_signed_attribute(si,NID_pkcs9_signingTime); -- if (so->type == V_ASN1_UTCTIME) -- return so->value.utctime; -- return NULL; -- } -- --static int signed_string_nid= -1; -- --void add_signed_string(PKCS7_SIGNER_INFO *si, char *str) -- { -- ASN1_OCTET_STRING *os; -- -- /* To a an object of OID 1.2.3.4.5, which is an octet string */ -- if (signed_string_nid == -1) -- signed_string_nid= -- OBJ_create("1.2.3.4.5","OID_example","Our example OID"); -- os=ASN1_OCTET_STRING_new(); -- ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str)); -- /* When we add, we do not free */ -- PKCS7_add_signed_attribute(si,signed_string_nid, -- V_ASN1_OCTET_STRING,(char *)os); -- } -- --int get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len) -- { -- ASN1_TYPE *so; -- ASN1_OCTET_STRING *os; -- int i; -- -- if (signed_string_nid == -1) -- signed_string_nid= -- OBJ_create("1.2.3.4.5","OID_example","Our example OID"); -- /* To retrieve */ -- so=PKCS7_get_signed_attribute(si,signed_string_nid); -- if (so != NULL) -- { -- if (so->type == V_ASN1_OCTET_STRING) -- { -- os=so->value.octet_string; -- i=os->length; -- if ((i+1) > len) -- i=len-1; -- memcpy(buf,os->data,i); -- return(i); -- } -- } -- return(0); -- } -- --static int signed_seq2string_nid= -1; --/* ########################################### */ --int add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2) -- { -- /* To add an object of OID 1.9.999, which is a sequence containing -- * 2 octet strings */ -- unsigned char *p; -- ASN1_OCTET_STRING *os1,*os2; -- ASN1_STRING *seq; -- unsigned char *data; -- int i,total; -- -- if (signed_seq2string_nid == -1) -- signed_seq2string_nid= -- OBJ_create("1.9.9999","OID_example","Our example OID"); -- -- os1=ASN1_OCTET_STRING_new(); -- os2=ASN1_OCTET_STRING_new(); -- ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1)); -- ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1)); -- i =i2d_ASN1_OCTET_STRING(os1,NULL); -- i+=i2d_ASN1_OCTET_STRING(os2,NULL); -- total=ASN1_object_size(1,i,V_ASN1_SEQUENCE); -- -- data=malloc(total); -- p=data; -- ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); -- i2d_ASN1_OCTET_STRING(os1,&p); -- i2d_ASN1_OCTET_STRING(os2,&p); -- -- seq=ASN1_STRING_new(); -- ASN1_STRING_set(seq,data,total); -- free(data); -- ASN1_OCTET_STRING_free(os1); -- ASN1_OCTET_STRING_free(os2); -- -- PKCS7_add_signed_attribute(si,signed_seq2string_nid, -- V_ASN1_SEQUENCE,(char *)seq); -- return(1); -- } -- --/* For this case, I will malloc the return strings */ --int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2) -- { -- ASN1_TYPE *so; -- -- if (signed_seq2string_nid == -1) -- signed_seq2string_nid= -- OBJ_create("1.9.9999","OID_example","Our example OID"); -- /* To retrieve */ -- so=PKCS7_get_signed_attribute(si,signed_seq2string_nid); -- if (so && (so->type == V_ASN1_SEQUENCE)) -- { -- ASN1_const_CTX c; -- ASN1_STRING *s; -- long length; -- ASN1_OCTET_STRING *os1,*os2; -- -- s=so->value.sequence; -- c.p=ASN1_STRING_data(s); -- c.max=c.p+ASN1_STRING_length(s); -- if (!asn1_GetSequence(&c,&length)) goto err; -- /* Length is the length of the seqence */ -- -- c.q=c.p; -- if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) -- goto err; -- c.slen-=(c.p-c.q); -- -- c.q=c.p; -- if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) -- goto err; -- c.slen-=(c.p-c.q); -- -- if (!asn1_const_Finish(&c)) goto err; -- *str1=malloc(os1->length+1); -- *str2=malloc(os2->length+1); -- memcpy(*str1,os1->data,os1->length); -- memcpy(*str2,os2->data,os2->length); -- (*str1)[os1->length]='\0'; -- (*str2)[os2->length]='\0'; -- ASN1_OCTET_STRING_free(os1); -- ASN1_OCTET_STRING_free(os2); -- return(1); -- } --err: -- return(0); -- } -- -- --/* ####################################### -- * THE OTHER WAY TO DO THINGS -- * ####################################### -- */ --X509_ATTRIBUTE *create_time(void) -- { -- ASN1_UTCTIME *sign_time; -- X509_ATTRIBUTE *ret; -- -- /* The last parameter is the amount to add/subtract from the current -- * time (in seconds) */ -- sign_time=X509_gmtime_adj(NULL,0); -- ret=X509_ATTRIBUTE_create(NID_pkcs9_signingTime, -- V_ASN1_UTCTIME,(char *)sign_time); -- return(ret); -- } -- --ASN1_UTCTIME *sk_get_time(STACK_OF(X509_ATTRIBUTE) *sk) -- { -- ASN1_TYPE *so; -- PKCS7_SIGNER_INFO si; -- -- si.auth_attr=sk; -- so=PKCS7_get_signed_attribute(&si,NID_pkcs9_signingTime); -- if (so->type == V_ASN1_UTCTIME) -- return so->value.utctime; -- return NULL; -- } -- --X509_ATTRIBUTE *create_string(char *str) -- { -- ASN1_OCTET_STRING *os; -- X509_ATTRIBUTE *ret; -- -- /* To a an object of OID 1.2.3.4.5, which is an octet string */ -- if (signed_string_nid == -1) -- signed_string_nid= -- OBJ_create("1.2.3.4.5","OID_example","Our example OID"); -- os=ASN1_OCTET_STRING_new(); -- ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str)); -- /* When we add, we do not free */ -- ret=X509_ATTRIBUTE_create(signed_string_nid, -- V_ASN1_OCTET_STRING,(char *)os); -- return(ret); -- } -- --int sk_get_string(STACK_OF(X509_ATTRIBUTE) *sk, char *buf, int len) -- { -- ASN1_TYPE *so; -- ASN1_OCTET_STRING *os; -- int i; -- PKCS7_SIGNER_INFO si; -- -- si.auth_attr=sk; -- -- if (signed_string_nid == -1) -- signed_string_nid= -- OBJ_create("1.2.3.4.5","OID_example","Our example OID"); -- /* To retrieve */ -- so=PKCS7_get_signed_attribute(&si,signed_string_nid); -- if (so != NULL) -- { -- if (so->type == V_ASN1_OCTET_STRING) -- { -- os=so->value.octet_string; -- i=os->length; -- if ((i+1) > len) -- i=len-1; -- memcpy(buf,os->data,i); -- return(i); -- } -- } -- return(0); -- } -- --X509_ATTRIBUTE *add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2) -- { -- /* To add an object of OID 1.9.999, which is a sequence containing -- * 2 octet strings */ -- unsigned char *p; -- ASN1_OCTET_STRING *os1,*os2; -- ASN1_STRING *seq; -- X509_ATTRIBUTE *ret; -- unsigned char *data; -- int i,total; -- -- if (signed_seq2string_nid == -1) -- signed_seq2string_nid= -- OBJ_create("1.9.9999","OID_example","Our example OID"); -- -- os1=ASN1_OCTET_STRING_new(); -- os2=ASN1_OCTET_STRING_new(); -- ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1)); -- ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1)); -- i =i2d_ASN1_OCTET_STRING(os1,NULL); -- i+=i2d_ASN1_OCTET_STRING(os2,NULL); -- total=ASN1_object_size(1,i,V_ASN1_SEQUENCE); -- -- data=malloc(total); -- p=data; -- ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); -- i2d_ASN1_OCTET_STRING(os1,&p); -- i2d_ASN1_OCTET_STRING(os2,&p); -- -- seq=ASN1_STRING_new(); -- ASN1_STRING_set(seq,data,total); -- free(data); -- ASN1_OCTET_STRING_free(os1); -- ASN1_OCTET_STRING_free(os2); -- -- ret=X509_ATTRIBUTE_create(signed_seq2string_nid, -- V_ASN1_SEQUENCE,(char *)seq); -- return(ret); -- } -- --/* For this case, I will malloc the return strings */ --int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2) -- { -- ASN1_TYPE *so; -- PKCS7_SIGNER_INFO si; -- -- if (signed_seq2string_nid == -1) -- signed_seq2string_nid= -- OBJ_create("1.9.9999","OID_example","Our example OID"); -- -- si.auth_attr=sk; -- /* To retrieve */ -- so=PKCS7_get_signed_attribute(&si,signed_seq2string_nid); -- if (so->type == V_ASN1_SEQUENCE) -- { -- ASN1_const_CTX c; -- ASN1_STRING *s; -- long length; -- ASN1_OCTET_STRING *os1,*os2; -- -- s=so->value.sequence; -- c.p=ASN1_STRING_data(s); -- c.max=c.p+ASN1_STRING_length(s); -- if (!asn1_GetSequence(&c,&length)) goto err; -- /* Length is the length of the seqence */ -- -- c.q=c.p; -- if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) -- goto err; -- c.slen-=(c.p-c.q); -- -- c.q=c.p; -- if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) -- goto err; -- c.slen-=(c.p-c.q); -- -- if (!asn1_const_Finish(&c)) goto err; -- *str1=malloc(os1->length+1); -- *str2=malloc(os2->length+1); -- memcpy(*str1,os1->data,os1->length); -- memcpy(*str2,os2->data,os2->length); -- (*str1)[os1->length]='\0'; -- (*str2)[os2->length]='\0'; -- ASN1_OCTET_STRING_free(os1); -- ASN1_OCTET_STRING_free(os2); -- return(1); -- } --err: -- return(0); -- } -- -- -Index: crypto/openssl/crypto/pkcs7/example.h -=================================================================== ---- crypto/openssl/crypto/pkcs7/example.h (revision 279126) -+++ crypto/openssl/crypto/pkcs7/example.h (working copy) -@@ -1,57 +0,0 @@ --/* ==================================================================== -- * Copyright (c) 1999 The OpenSSL Project. All rights reserved. -- * -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * -- * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -- * -- * 2. Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in -- * the documentation and/or other materials provided with the -- * distribution. -- * -- * 3. All advertising materials mentioning features or use of this -- * software must display the following acknowledgment: -- * "This product includes software developed by the OpenSSL Project -- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -- * -- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -- * endorse or promote products derived from this software without -- * prior written permission. For written permission, please contact -- * openssl-core@openssl.org. -- * -- * 5. Products derived from this software may not be called "OpenSSL" -- * nor may "OpenSSL" appear in their names without prior written -- * permission of the OpenSSL Project. -- * -- * 6. Redistributions of any form whatsoever must retain the following -- * acknowledgment: -- * "This product includes software developed by the OpenSSL Project -- * for use in the OpenSSL Toolkit (http://www.openssl.org/)" -- * -- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -- * OF THE POSSIBILITY OF SUCH DAMAGE. -- * ==================================================================== -- * -- * This product includes cryptographic software written by Eric Young -- * (eay@cryptsoft.com). This product includes software written by Tim -- * Hudson (tjh@cryptsoft.com). -- * -- */ -- --int add_signed_time(PKCS7_SIGNER_INFO *si); --ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si); --int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2); -Index: crypto/openssl/crypto/pkcs7/info.pem -=================================================================== ---- crypto/openssl/crypto/pkcs7/info.pem (revision 279126) -+++ crypto/openssl/crypto/pkcs7/info.pem (working copy) -@@ -1,57 +0,0 @@ --issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA --subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com --serial :047D -- --Certificate: -- Data: -- Version: 3 (0x2) -- Serial Number: 1149 (0x47d) -- Signature Algorithm: md5withRSAEncryption -- Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA -- Validity -- Not Before: May 13 05:40:58 1998 GMT -- Not After : May 12 05:40:58 2000 GMT -- Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com -- Subject Public Key Info: -- Public Key Algorithm: rsaEncryption -- Modulus: -- 00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81: -- 73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc: -- 89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29: -- fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f: -- e7:e7:0c:4d:0b -- Exponent: 65537 (0x10001) -- X509v3 extensions: -- Netscape Comment: -- Generated with SSLeay -- Signature Algorithm: md5withRSAEncryption -- 52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55: -- f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97: -- d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b: -- 50:74:ad:92:cb:4e:90:e5:fa:7d -- -------BEGIN CERTIFICATE----- --MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV --MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE --ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E --IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw --NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK --UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m --dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0 --aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG --9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf --lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB --hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA --UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8 --4A3ZItobUHStkstOkOX6fQ== -------END CERTIFICATE----- -- -------BEGIN RSA PRIVATE KEY----- --MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9 --mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG --fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/ --zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29 --p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b --bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk --IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG -------END RSA PRIVATE KEY----- -Index: crypto/openssl/crypto/pkcs7/infokey.pem -=================================================================== ---- crypto/openssl/crypto/pkcs7/infokey.pem (revision 279126) -+++ crypto/openssl/crypto/pkcs7/infokey.pem (working copy) -@@ -1,9 +0,0 @@ -------BEGIN RSA PRIVATE KEY----- --MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9 --mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG --fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/ --zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29 --p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b --bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk --IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG -------END RSA PRIVATE KEY----- -Index: crypto/openssl/crypto/pkcs7/p7/a1 -=================================================================== -Cannot display: file marked as a binary type. -svn:mime-type = application/octet-stream -Index: crypto/openssl/crypto/pkcs7/p7/a2 -=================================================================== -Cannot display: file marked as a binary type. -svn:mime-type = application/octet-stream -Index: crypto/openssl/crypto/pkcs7/p7/cert.p7c -=================================================================== -Cannot display: file marked as a binary type. -svn:mime-type = application/octet-stream -Index: crypto/openssl/crypto/pkcs7/p7/smime.p7m -=================================================================== -Cannot display: file marked as a binary type. -svn:mime-type = application/octet-stream -Index: crypto/openssl/crypto/pkcs7/p7/smime.p7s -=================================================================== -Cannot display: file marked as a binary type. -svn:mime-type = application/octet-stream -Index: crypto/openssl/crypto/pkcs7/server.pem -=================================================================== ---- crypto/openssl/crypto/pkcs7/server.pem (revision 279126) -+++ crypto/openssl/crypto/pkcs7/server.pem (working copy) -@@ -1,24 +0,0 @@ --issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) --subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit) -------BEGIN CERTIFICATE----- --MIIB6TCCAVICAQAwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV --BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD --VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzQ2WhcNOTgwNjA5 --MTM1NzQ2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG --A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl --cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP --Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2// --Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB4TMR2CvacKE9wAsu9jyCX8YiW --mgCM+YoP6kt4Zkj2z5IRfm7WrycKsnpnOR+tGeqAjkCeZ6/36o9l91RvPnN1VJ/i --xQv2df0KFeMr00IkDdTNAdIWqFkSsZTAY2QAdgenb7MB1joejquYzO2DQIO7+wpH --irObpESxAZLySCmPPg== -------END CERTIFICATE----- -------BEGIN RSA PRIVATE KEY----- --MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD --TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu --OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj --gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz --rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b --PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA --vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU= -------END RSA PRIVATE KEY----- -Index: crypto/openssl/crypto/pkcs7/sign.c -=================================================================== ---- crypto/openssl/crypto/pkcs7/sign.c (revision 279126) -+++ crypto/openssl/crypto/pkcs7/sign.c (working copy) -@@ -1,154 +0,0 @@ --/* crypto/pkcs7/sign.c */ --/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -- * All rights reserved. -- * -- * This package is an SSL implementation written -- * by Eric Young (eay@cryptsoft.com). -- * The implementation was written so as to conform with Netscapes SSL. -- * -- * This library is free for commercial and non-commercial use as long as -- * the following conditions are aheared to. The following conditions -- * apply to all code found in this distribution, be it the RC4, RSA, -- * lhash, DES, etc., code; not just the SSL code. The SSL documentation -- * included with this distribution is covered by the same copyright terms -- * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -- * Copyright remains Eric Young's, and as such any Copyright notices in -- * the code are not to be removed. -- * If this package is used in a product, Eric Young should be given attribution -- * as the author of the parts of the library used. -- * This can be in the form of a textual message at program startup or -- * in documentation (online or textual) provided with the package. -- * -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * 1. Redistributions of source code must retain the copyright -- * notice, this list of conditions and the following disclaimer. -- * 2. Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in the -- * documentation and/or other materials provided with the distribution. -- * 3. All advertising materials mentioning features or use of this software -- * must display the following acknowledgement: -- * "This product includes cryptographic software written by -- * Eric Young (eay@cryptsoft.com)" -- * The word 'cryptographic' can be left out if the rouines from the library -- * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -- * the apps directory (application code) you must include an acknowledgement: -- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -- * SUCH DAMAGE. -- * -- * The licence and distribution terms for any publically available version or -- * derivative of this code cannot be changed. i.e. this code cannot simply be -- * copied and put under another distribution licence -- * [including the GNU Public Licence.] -- */ --#include <stdio.h> --#include <string.h> --#include <openssl/bio.h> --#include <openssl/x509.h> --#include <openssl/pem.h> --#include <openssl/err.h> -- --int main(argc,argv) --int argc; --char *argv[]; -- { -- X509 *x509; -- EVP_PKEY *pkey; -- PKCS7 *p7; -- PKCS7_SIGNER_INFO *si; -- BIO *in; -- BIO *data,*p7bio; -- char buf[1024*4]; -- int i; -- int nodetach=0; -- --#ifndef OPENSSL_NO_MD2 -- EVP_add_digest(EVP_md2()); --#endif --#ifndef OPENSSL_NO_MD5 -- EVP_add_digest(EVP_md5()); --#endif --#ifndef OPENSSL_NO_SHA1 -- EVP_add_digest(EVP_sha1()); --#endif --#ifndef OPENSSL_NO_MDC2 -- EVP_add_digest(EVP_mdc2()); --#endif -- -- data=BIO_new(BIO_s_file()); --again: -- if (argc > 1) -- { -- if (strcmp(argv[1],"-nd") == 0) -- { -- nodetach=1; -- argv++; argc--; -- goto again; -- } -- if (!BIO_read_filename(data,argv[1])) -- goto err; -- } -- else -- BIO_set_fp(data,stdin,BIO_NOCLOSE); -- -- if ((in=BIO_new_file("server.pem","r")) == NULL) goto err; -- if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err; -- BIO_reset(in); -- if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL) goto err; -- BIO_free(in); -- -- p7=PKCS7_new(); -- PKCS7_set_type(p7,NID_pkcs7_signed); -- -- si=PKCS7_add_signature(p7,x509,pkey,EVP_sha1()); -- if (si == NULL) goto err; -- -- /* If you do this then you get signing time automatically added */ -- PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, -- OBJ_nid2obj(NID_pkcs7_data)); -- -- /* we may want to add more */ -- PKCS7_add_certificate(p7,x509); -- -- /* Set the content of the signed to 'data' */ -- PKCS7_content_new(p7,NID_pkcs7_data); -- -- if (!nodetach) -- PKCS7_set_detached(p7,1); -- -- if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err; -- -- for (;;) -- { -- i=BIO_read(data,buf,sizeof(buf)); -- if (i <= 0) break; -- BIO_write(p7bio,buf,i); -- } -- -- if (!PKCS7_dataFinal(p7,p7bio)) goto err; -- BIO_free(p7bio); -- -- PEM_write_PKCS7(stdout,p7); -- PKCS7_free(p7); -- -- exit(0); --err: -- ERR_load_crypto_strings(); -- ERR_print_errors_fp(stderr); -- exit(1); -- } -- -Index: crypto/openssl/crypto/pkcs7/t/3des.pem -=================================================================== ---- crypto/openssl/crypto/pkcs7/t/3des.pem (revision 279126) -+++ crypto/openssl/crypto/pkcs7/t/3des.pem (working copy) -@@ -1,16 +0,0 @@ -------BEGIN PKCS7----- --MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG --A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m --dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD --ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEC2vXI1xQDW6lUHM3zQ --/9uBEBOO5A3TtkrklAXq7v01gsIC21t52qSk36REXY+slhNZ0OQ349tgkTsoETHFLoEwMIHw --AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI --QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU --UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G --CSqGSIb3DQEBAQUABEB8ujxbabxXUYJhopuDm3oDq4JNqX6Io4p3ro+ShqfIndsXTZ1v5a2N --WtLLCWlHn/habjBwZ/DgQgcKASbZ7QxNMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA --oAQIbsL5v1wX98KggAQoAaJ4WHm68fXY1WE5OIjfVBIDpO1K+i8dmKhjnAjrjoyZ9Bwc8rDL --lgQg4CXb805h5xl+GfvSwUaHJayte1m2mcOhs3J2YyqbQ+MEIMIiJQccmhO3oDKm36CFvYR8 --5PjpclVcZyX2ngbwPFMnBAgy0clOAE6UKAAAAAAAAAAAAAA= -------END PKCS7----- -- -Index: crypto/openssl/crypto/pkcs7/t/3dess.pem -=================================================================== ---- crypto/openssl/crypto/pkcs7/t/3dess.pem (revision 279126) -+++ crypto/openssl/crypto/pkcs7/t/3dess.pem (working copy) -@@ -1,32 +0,0 @@ -------BEGIN PKCS7----- --MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC --BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR --BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv --ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE --AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow --gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu --ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG --A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m --dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh --hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg --hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP --igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds --syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG --A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m --dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD --ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB --kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l --MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB --TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB --BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf --mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s --8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx --ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP --BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ --REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB --AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B --CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG --SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv --BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA --9CWR6g== -------END PKCS7----- -Index: crypto/openssl/crypto/pkcs7/t/c.pem -=================================================================== ---- crypto/openssl/crypto/pkcs7/t/c.pem (revision 279126) -+++ crypto/openssl/crypto/pkcs7/t/c.pem (working copy) -@@ -1,48 +0,0 @@ --issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA --subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com --serial :047D -- --Certificate: -- Data: -- Version: 3 (0x2) -- Serial Number: 1149 (0x47d) -- Signature Algorithm: md5withRSAEncryption -- Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA -- Validity -- Not Before: May 13 05:40:58 1998 GMT -- Not After : May 12 05:40:58 2000 GMT -- Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com -- Subject Public Key Info: -- Public Key Algorithm: rsaEncryption -- Modulus: -- 00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81: -- 73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc: -- 89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29: -- fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f: -- e7:e7:0c:4d:0b -- Exponent: 65537 (0x10001) -- X509v3 extensions: -- Netscape Comment: -- Generated with SSLeay -- Signature Algorithm: md5withRSAEncryption -- 52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55: -- f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97: -- d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b: -- 50:74:ad:92:cb:4e:90:e5:fa:7d -- -------BEGIN CERTIFICATE----- --MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV --MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE --ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E --IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw --NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK --UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m --dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0 --aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG --9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf --lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB --hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA --UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8 --4A3ZItobUHStkstOkOX6fQ== -------END CERTIFICATE----- -- -Index: crypto/openssl/crypto/pkcs7/t/ff -=================================================================== ---- crypto/openssl/crypto/pkcs7/t/ff (revision 279126) -+++ crypto/openssl/crypto/pkcs7/t/ff (working copy) -@@ -1,32 +0,0 @@ -------BEGIN PKCS7----- --MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC --BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR --BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv --ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE --AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow --gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu --ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG --A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m --dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh --hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg --hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP --igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds --syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG --A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m --dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD --ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB --kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l --MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB --TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB --BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf --mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s --8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx --ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP --BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ --REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB --AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B --CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG --SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv --BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA --9CWR6g== -------END PKCS7----- -Index: crypto/openssl/crypto/pkcs7/t/msie-e -=================================================================== ---- crypto/openssl/crypto/pkcs7/t/msie-e (revision 279126) -+++ crypto/openssl/crypto/pkcs7/t/msie-e (working copy) -@@ -1,20 +0,0 @@ -- --MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV --BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k --aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABECMzu8y --wQ/qZbO8cAGMRBF+mPruv3+Dvb9aWNZ2k8njUgqF6mcdhVB2MkGcsG3memRXJBixvMYWVkU3qK4Z --VuKsMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE --BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU --UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG --SIb3DQEBAQUABEBcWwYFHJbJGhiztt7lzue3Lc9CH5WAbyR+2BZ3uv+JxZfRs1PuaWPOwRa0Vgs3 --YwSJoRfxQj2Gk0wFqG1qt6d1MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQI8vRlP/Nx --2iSggASCAZhR5srxyspy7DfomRJ9ff8eMCtaNwEoEx7G25PZRonC57hBvGoScLtEPU3Wp9FEbPN7 --oJESeC+AqMTyTLNy8aQsyC5s53E9UkoIvg62ekYZBbXZqXsrxx4PhiiX3NH8GVh42phB0Chjw0nK --HZeRDmxGY3Cmk+J+l0uVKxbNIfJIKOguLBnhqmnKH/PrnzDt591u0ULy2aTLqRm+4/1Yat/QPb6J --eoKGwNPBbS9ogBdrCNCp9ZFg3Xar2AtQHzyTQIfYeH3SRQUpKmRm5U5o9p5emgEdT+ZfJm/J4tSH --OmbgAFsbHQakA4MBZ4J5qfDJhOA2g5lWk1hIeu5Dn/AaLRZd0yz3oY0Ieo/erPWx/bCqtBzYbMe9 --qSFTedKlbc9EGe3opOTdBZVzK8KH3w3zsy5luxKdOUG59YYb5F1IZiWGiDyuo/HuacX+griu5LeD --bEzOtZnko+TZXvWIko30fD79j3T4MRRhWXbgj2HKza+4vJ0mzcC/1+GPsJjAEAA/JgIEDU4w6/DI --/HQHhLAO3G+9xKD7MvmrzkoAAAAAAAAAAAAA -- -- -Index: crypto/openssl/crypto/pkcs7/t/msie-e.pem -=================================================================== ---- crypto/openssl/crypto/pkcs7/t/msie-e.pem (revision 279126) -+++ crypto/openssl/crypto/pkcs7/t/msie-e.pem (working copy) -@@ -1,22 +0,0 @@ -------BEGIN PKCS7----- --MIAGCSqGSIb3DQEHA6CAMIIDkAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ --bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT --aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ --uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQIzO7zLBD+pls7xwAYxEEX6Y+u6/f4O9 --v1pY1naTyeNSCoXqZx2FUHYyQZywbeZ6ZFckGLG8xhZWRTeorhlW4qwwgfACAQAw --gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH --EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT --GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW --QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQFxbBgUclskaGLO23uXO57ctz0If --lYBvJH7YFne6/4nFl9GzU+5pY87BFrRWCzdjBImhF/FCPYaTTAWobWq3p3UwggHD --BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECPL0ZT/zcdokgIIBmFHmyvHK --ynLsN+iZEn19/x4wK1o3ASgTHsbbk9lGicLnuEG8ahJwu0Q9Tdan0URs83ugkRJ4 --L4CoxPJMs3LxpCzILmzncT1SSgi+DrZ6RhkFtdmpeyvHHg+GKJfc0fwZWHjamEHQ --KGPDScodl5EObEZjcKaT4n6XS5UrFs0h8kgo6C4sGeGqacof8+ufMO3n3W7RQvLZ --pMupGb7j/Vhq39A9vol6gobA08FtL2iAF2sI0Kn1kWDddqvYC1AfPJNAh9h4fdJF --BSkqZGblTmj2nl6aAR1P5l8mb8ni1Ic6ZuAAWxsdBqQDgwFngnmp8MmE4DaDmVaT --WEh67kOf8BotFl3TLPehjQh6j96s9bH9sKq0HNhsx72pIVN50qVtz0QZ7eik5N0F --lXMrwoffDfOzLmW7Ep05Qbn1hhvkXUhmJYaIPK6j8e5pxf6CuK7kt4NsTM61meSj --5Nle9YiSjfR8Pv2PdPgxFGFZduCPYcrNr7i8nSbNwL/X4Y+wmMAQAD8mAgQNTjDr --8Mj8dAeEsA7cb73EoPsy+avOSgAAAAA= -------END PKCS7----- -Index: crypto/openssl/crypto/pkcs7/t/msie-enc-01 -=================================================================== ---- crypto/openssl/crypto/pkcs7/t/msie-enc-01 (revision 279126) -+++ crypto/openssl/crypto/pkcs7/t/msie-enc-01 (working copy) -@@ -1,62 +0,0 @@ -- --MIAGCSqGSIb3DQEHA6CAMIACAQAxgfMwgfACAQAwgZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYD --VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0 --IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMT --EkRFTU8gWkVSTyBWQUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQKvMaW8xh6oF/X+CJivz --IZV7yHxlp4O3NHQtWG0A8MOZB+CtKlU7/6g5e/a9Du/TOqxRMqtYRp63pa2Q/mM4IYMwgAYJ --KoZIhvcNAQcBMBoGCCqGSIb3DQMCMA4CAgCgBAifz6RvzOPYlKCABIGwxtGA/FLBBRs1wbBP --gDCbSG0yCwjJNsFg89/k6xuXo8c5YTwsw8+XlIVq03navpew6XxxzY090rD2OJ0t6HA6GqrI --pd8WiSh/Atqn0yfLFmkLqgIAPRfzxUxqUocxLpQsLIFp2YNUGE+yps+UZmIjw/WHfdqrcWTm --STSvKuy3UkIJZCkGDBpTvqk4BFaHh4oTXEpgpNY+GKxjf9TDN9GQPqQZR7sgQki4t2g4/Saq --Kl4EMISgluk6swdND0tiHY7v5d6YR29ePCl2/STJ98eJpWkEEC22GNNvOy7ru/Rv2He4MgQg --optd7sk9MMd9xhJppg7CcH/yDx//HrtgpOcWmn6VxpgECFqon4uXkQtIBIH4PaNclFn7/hLx --Pw2VmBGaC0SYF3U1jyN96EBxdjqy8Aa6ByMXYDW5BcfqniD5mYXfw+b81lh1kutxaPaV4YJ9 --ZlRUW752N7VHo/fG0/fukoe5W9a8kIhgLpygllb/GP4oSF4wM6n1/OgRzZj2IWFiobKO4d/t --Mnh+C+PoEVAuFZcxQwi9GqvsK5OoIjVwNx0XcVSOl1TTYS9SwC7ugMBCab73JiruC24pL78Y --M+NaIpIQ3On4DokJA2ZHtjBjZIxF4tKA144RvFN6pBd6TVE5XM6KD/Vh9bjSmujtEAfdQ3Te --dvKJsbZuu0stErbvWcRy11I328l557EECAJT7d44OJ3rBBBj6bnnx6dDU2SRqp2CEoQaBAhK --RBuyhNxkygQIOY9/NhwqAJAECOvX0Zd0DqgoBAjobPpMHhVV3gQQWLU2vEoZ51BwzxdzCmxO --wwQI4oKfudaNqoAESKzBNAqv5kGumHOlMKsRfrs7jZCcSaOuEj97pYx08FLEgF23cav39MOQ --NUEM1dNU+EYslL4o3RoSHRjUgPU+2t9c0prS9A/bPARIEOP94PynaTNxwHi3VTK7SzuQmgzA --4n942E9joSiqsQPlsKAb3sPUaLC3SuUxSjNBgfpvD0bmrA/5h+WZoYXvIogFpwjkSmnFBEie --0lh5Ov1aRrvCw5/j3Q/W/4ZtN5U+aeVBJMtA8n0Mxd5kPxHbNVh4oGprZ6wEegV8ht3voyZa --mZ5Cyxc8ffMYnM/JJI6/oEYEUEMyyiS5FnYyvxKzfMtyn2lZ2st9nZGNNgMc9N62r5HgNbdD --FHuRdKKzV+8kQfuMc3mOPpK1t9TFY+QgrxiB5p6S7VooI97YtP3PbfknszCEBEh4PdXYbbaR --3AacN3Q5kYYmWsq3WW6xgrg0mmEGosGvwSQxBBuiXZrxScCa4ivEq05UZwyShePvKduOvnUE --2zDO6IXFLZxhTZAESEm9/FovLgGAiJ7iMGmYvsISLJScwG4n+wrSaQNQXizs9N3ykys54wBN --d/+BQ4F7pncHhDQ2Dyt5MekB8Y8iNOocUTFCu524vQRIaWCXmXP3vU7D21dp0XnAMzRQJ565 --JV3aHRoY7XDa4LePa7PP9ywyafOE5yCW7ndqx3J+2JhTDvSFsW8/q3H3iyeFhykuJVS6BFDK --6CmKbnyyjOfE2iLGJmTFa905V2KrVDCmlEu/xyGMs80yTyZC+ySzM83FMVvLEQmSzcTNUZVp --DfA1kNXbXkPouBXXT6g8r8JCRljaKKABmgRIlMheOJQRUUU4cgvhMreXPayhq5Ao4VMSCkA5 --hYRCBczm4Di/MMohF0SxIsdRY6gY9CPnrBXAsY6h1RbR7Tw0iQZmeXi52DCiBEj0by+SYMAa --9z0CReIzl8JLL6EVIFz8kFxlkGWjr4dnOzhhPOq/mCpp0WxbavDfdhE87MdXJZBnLwoT62QG --955HlAoEQBOGJbcESCgd5XSirZ9Y3AbCfuKOqoMBvEUGn+w/pMaqnGvnr5FZhuBDKrhRXqtx --QsxA//drGUxsrZOuSL/0+fbvo7n2h1Z8Ny86jOvVZAQIAjw2l1Yc5RAESNc9i3I8pKEOVQf/ --UBczJ0NR9aTEF80dRg2lpXwD0ho4N0AvSiVbgxC7cPZHQwIqvq9LHRUs/4n+Vu3SVYU3cAxo --lUTiCGUSlARIF+TD57SI5+RI+MNtnD9rs4E1ml51YoHGWFj3UPriDmY0FKEwIgqtMXMY3fZ9 --Kq8d83bjDzxwbDX7WwR7KbSeJWT42pCz7kM+BEjjPsOnZHuusXT3x2rrsBnYtYsbt98mSFiS --KzTtFmXfkOBbCQdit1P76QnYJ1aXMGs6zP6GypQTadK/zYWvlm38QkVwueaJ0woESKW2pqKA --70h2UMDHOrpepU1lj0YMzmotDHSTU3L909VvUMNg9uqfrQ6mSkb9j5Tl8oF2otOw5EzA1Yda --KPmgsv62RWLYl80wXQRQwG0e/mgG75jp9lOhJdVXqcYbQpS9viwVaVkwH+69mu/bQI4gjoEs --UYX6O71Re2z+cYhcm9UrK+DXuSFBXQOIlAFxKMW4B0apd6fU84FsZLMESOorXE5OE0A2B2ji --J8QI0Exk4hUvWrMNJfUZwFyS7E05xV9ORuX1xmsKqkT4tVR5Nqln4vhvAY860VBoloz0CDkd --8seSBEjeMgRI9FvpYuflIeHg9urkwp6N+1f0DrJJhJY9ZQ0HTQhziJmIfvbEjNqCl7hEC28+ --F8I5tuViLgfSwcFFCvnS6WFoN4X6QdFdqMCbBEjdlI1c+IQGA/IuTDMJYCuQ/v+8BG5ZeWVH --icPZmXfRat9eFK1dGKAJef6+Tf9HPuDjSpDyffrifsp7Dc34lmm7GN1+ON3ZMtwEUNm6epb8 --1RKWjoI7jIKUV/M2p/0eeGSqs4b06KF/VR6dBwsJVL5DpnTsp3MV4j/CAOlRdSPZ5++tsKbM --aplk+ceqQtpEFz1MYTtVV4+rlrWaBEA1okJyNZ5/tNOwM7B+XfOZ0xw+uyVi9v4byTZM2Qds --J+d3YGYLAugTGHISLqQEerD8/gGK+/SL06b2gNedXPHtBAiBKX+Mdy3wFQQIqE9gVgvrFNUE --CKKoTFoMGqnPBAjDPgLCklNfrwQI3Ek1vSq68w8ECBodu2FOZJVkBAgzwjfSr2N9WQQQTCoQ --KkAbrS9tnjXn1I3+ZwQIrPx3eINo/YUECIeYWCFskxlYBAiDUdvZXwD3vgQIkEyZbbZWbUUE --CH4+odl1Isk3BBj68fkqJ0fKJRWVLWuW/O3VE4BOPKwFlaIECFseVTdDUho8BAj+cOKvV2WA --hgQgaXr+wwq+ItblG0Qxz8IVUXX6PV2mIdHwz4SCCvnCsaIECJhBYxdfLI/XBCDswamPn9MR --yXi2HVQBineV+GtWVkIoZ2dCLFB9mQRMoAQI0nUR5a5AOJoECA+AunKlAlx8BAi5RtFeF4g1 --FQQIz/ie+16LlQcECOmNuVg5DXjMBAjH2nkfpXZgWwQIVdLuO/+kuHAECO/5rEHmyI9vBBD4 --16BU4Rd3YerDQnHtrwOQBCCkho1XxK5Maz8KLCNi20wvcGt8wsIXlj2h5q9ITBq7IgQQvKVY --4OfJ7bKbItP2dylwQgQYPIGxwkkbRXNraONYvN19G8UdF35rFOuIBAjf0sKz/618ZQQIxObr --xJkRe0sECIC+ssnjEb2NBBBI+XM4OntVWGsRV9Td3sFgBAinGwIroo8O0gQQMGAwgc9PaLaG --gBCiwSTrYQQIVHjfCQgOtygEUIoraFoANfhZgIShpOd/RRxFU4/7xZR5tMdGoYz/g0thR0lM --+Hi88FtFD4mAh/Oat4Ri8B7bv04aokjN2UHz6nPbHHjZ8zIqpbYTCy043GNZBAhOqjyB2JbD --NwQoR23XCYD9x6E20ChHJRXmaHwyMdYXKl5CUxypl7ois+sy2D7jDukS3wQIsTyyPgJi0GsA --AAAAAAAAAAAA -- -Index: crypto/openssl/crypto/pkcs7/t/msie-enc-01.pem -=================================================================== ---- crypto/openssl/crypto/pkcs7/t/msie-enc-01.pem (revision 279126) -+++ crypto/openssl/crypto/pkcs7/t/msie-enc-01.pem (working copy) -@@ -1,66 +0,0 @@ -------BEGIN PKCS7----- --MIAGCSqGSIb3DQEHA6CAMIILyAIBADGB8zCB8AIBADCBmTCBkjELMAkGA1UEBhMC --QVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYD --VQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB --TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBAgIEbjANBgkq --hkiG9w0BAQEFAARAq8xpbzGHqgX9f4ImK/MhlXvIfGWng7c0dC1YbQDww5kH4K0q --VTv/qDl79r0O79M6rFEyq1hGnrelrZD+YzghgzCCCssGCSqGSIb3DQEHATAaBggq --hkiG9w0DAjAOAgIAoAQIn8+kb8zj2JSAggqgxtGA/FLBBRs1wbBPgDCbSG0yCwjJ --NsFg89/k6xuXo8c5YTwsw8+XlIVq03navpew6XxxzY090rD2OJ0t6HA6GqrIpd8W --iSh/Atqn0yfLFmkLqgIAPRfzxUxqUocxLpQsLIFp2YNUGE+yps+UZmIjw/WHfdqr --cWTmSTSvKuy3UkIJZCkGDBpTvqk4BFaHh4oTXEpgpNY+GKxjf9TDN9GQPqQZR7sg --Qki4t2g4/SaqKl6EoJbpOrMHTQ9LYh2O7+XemEdvXjwpdv0kyffHiaVpBBAtthjT --bzsu67v0b9h3uDKim13uyT0wx33GEmmmDsJwf/IPH/8eu2Ck5xaafpXGmFqon4uX --kQtIPaNclFn7/hLxPw2VmBGaC0SYF3U1jyN96EBxdjqy8Aa6ByMXYDW5BcfqniD5 --mYXfw+b81lh1kutxaPaV4YJ9ZlRUW752N7VHo/fG0/fukoe5W9a8kIhgLpygllb/ --GP4oSF4wM6n1/OgRzZj2IWFiobKO4d/tMnh+C+PoEVAuFZcxQwi9GqvsK5OoIjVw --Nx0XcVSOl1TTYS9SwC7ugMBCab73JiruC24pL78YM+NaIpIQ3On4DokJA2ZHtjBj --ZIxF4tKA144RvFN6pBd6TVE5XM6KD/Vh9bjSmujtEAfdQ3TedvKJsbZuu0stErbv --WcRy11I328l557ECU+3eODid62PpuefHp0NTZJGqnYIShBpKRBuyhNxkyjmPfzYc --KgCQ69fRl3QOqCjobPpMHhVV3li1NrxKGedQcM8XcwpsTsPigp+51o2qgKzBNAqv --5kGumHOlMKsRfrs7jZCcSaOuEj97pYx08FLEgF23cav39MOQNUEM1dNU+EYslL4o --3RoSHRjUgPU+2t9c0prS9A/bPBDj/eD8p2kzccB4t1Uyu0s7kJoMwOJ/eNhPY6Eo --qrED5bCgG97D1Giwt0rlMUozQYH6bw9G5qwP+YflmaGF7yKIBacI5EppxZ7SWHk6 --/VpGu8LDn+PdD9b/hm03lT5p5UEky0DyfQzF3mQ/Eds1WHigamtnrAR6BXyG3e+j --JlqZnkLLFzx98xicz8kkjr+gRkMyyiS5FnYyvxKzfMtyn2lZ2st9nZGNNgMc9N62 --r5HgNbdDFHuRdKKzV+8kQfuMc3mOPpK1t9TFY+QgrxiB5p6S7VooI97YtP3Pbfkn --szCEeD3V2G22kdwGnDd0OZGGJlrKt1lusYK4NJphBqLBr8EkMQQbol2a8UnAmuIr --xKtOVGcMkoXj7ynbjr51BNswzuiFxS2cYU2QSb38Wi8uAYCInuIwaZi+whIslJzA --bif7CtJpA1BeLOz03fKTKznjAE13/4FDgXumdweENDYPK3kx6QHxjyI06hxRMUK7 --nbi9aWCXmXP3vU7D21dp0XnAMzRQJ565JV3aHRoY7XDa4LePa7PP9ywyafOE5yCW --7ndqx3J+2JhTDvSFsW8/q3H3iyeFhykuJVS6yugpim58soznxNoixiZkxWvdOVdi --q1QwppRLv8chjLPNMk8mQvskszPNxTFbyxEJks3EzVGVaQ3wNZDV215D6LgV10+o --PK/CQkZY2iigAZqUyF44lBFRRThyC+Eyt5c9rKGrkCjhUxIKQDmFhEIFzObgOL8w --yiEXRLEix1FjqBj0I+esFcCxjqHVFtHtPDSJBmZ5eLnYMKL0by+SYMAa9z0CReIz --l8JLL6EVIFz8kFxlkGWjr4dnOzhhPOq/mCpp0WxbavDfdhE87MdXJZBnLwoT62QG --955HlAoEQBOGJbcoHeV0oq2fWNwGwn7ijqqDAbxFBp/sP6TGqpxr56+RWYbgQyq4 --UV6rcULMQP/3axlMbK2Trki/9Pn276O59odWfDcvOozr1WQCPDaXVhzlENc9i3I8 --pKEOVQf/UBczJ0NR9aTEF80dRg2lpXwD0ho4N0AvSiVbgxC7cPZHQwIqvq9LHRUs --/4n+Vu3SVYU3cAxolUTiCGUSlBfkw+e0iOfkSPjDbZw/a7OBNZpedWKBxlhY91D6 --4g5mNBShMCIKrTFzGN32fSqvHfN24w88cGw1+1sEeym0niVk+NqQs+5DPuM+w6dk --e66xdPfHauuwGdi1ixu33yZIWJIrNO0WZd+Q4FsJB2K3U/vpCdgnVpcwazrM/obK --lBNp0r/Nha+WbfxCRXC55onTCqW2pqKA70h2UMDHOrpepU1lj0YMzmotDHSTU3L9 --09VvUMNg9uqfrQ6mSkb9j5Tl8oF2otOw5EzA1YdaKPmgsv62RWLYl80wXcBtHv5o --Bu+Y6fZToSXVV6nGG0KUvb4sFWlZMB/uvZrv20COII6BLFGF+ju9UXts/nGIXJvV --Kyvg17khQV0DiJQBcSjFuAdGqXen1POBbGSz6itcTk4TQDYHaOInxAjQTGTiFS9a --sw0l9RnAXJLsTTnFX05G5fXGawqqRPi1VHk2qWfi+G8BjzrRUGiWjPQIOR3yx5IE --SN4y9FvpYuflIeHg9urkwp6N+1f0DrJJhJY9ZQ0HTQhziJmIfvbEjNqCl7hEC28+ --F8I5tuViLgfSwcFFCvnS6WFoN4X6QdFdqMCb3ZSNXPiEBgPyLkwzCWArkP7/vARu --WXllR4nD2Zl30WrfXhStXRigCXn+vk3/Rz7g40qQ8n364n7Kew3N+JZpuxjdfjjd --2TLc2bp6lvzVEpaOgjuMgpRX8zan/R54ZKqzhvTooX9VHp0HCwlUvkOmdOyncxXi --P8IA6VF1I9nn762wpsxqmWT5x6pC2kQXPUxhO1VXj6uWtZo1okJyNZ5/tNOwM7B+ --XfOZ0xw+uyVi9v4byTZM2QdsJ+d3YGYLAugTGHISLqQEerD8/gGK+/SL06b2gNed --XPHtgSl/jHct8BWoT2BWC+sU1aKoTFoMGqnPwz4CwpJTX6/cSTW9KrrzDxodu2FO --ZJVkM8I30q9jfVlMKhAqQButL22eNefUjf5nrPx3eINo/YWHmFghbJMZWINR29lf --APe+kEyZbbZWbUV+PqHZdSLJN/rx+SonR8olFZUta5b87dUTgE48rAWVolseVTdD --Uho8/nDir1dlgIZpev7DCr4i1uUbRDHPwhVRdfo9XaYh0fDPhIIK+cKxophBYxdf --LI/X7MGpj5/TEcl4th1UAYp3lfhrVlZCKGdnQixQfZkETKDSdRHlrkA4mg+AunKl --Alx8uUbRXheINRXP+J77XouVB+mNuVg5DXjMx9p5H6V2YFtV0u47/6S4cO/5rEHm --yI9v+NegVOEXd2Hqw0Jx7a8DkKSGjVfErkxrPwosI2LbTC9wa3zCwheWPaHmr0hM --GrsivKVY4OfJ7bKbItP2dylwQjyBscJJG0Vza2jjWLzdfRvFHRd+axTriN/SwrP/ --rXxlxObrxJkRe0uAvrLJ4xG9jUj5czg6e1VYaxFX1N3ewWCnGwIroo8O0jBgMIHP --T2i2hoAQosEk62FUeN8JCA63KIoraFoANfhZgIShpOd/RRxFU4/7xZR5tMdGoYz/ --g0thR0lM+Hi88FtFD4mAh/Oat4Ri8B7bv04aokjN2UHz6nPbHHjZ8zIqpbYTCy04 --3GNZTqo8gdiWwzdHbdcJgP3HoTbQKEclFeZofDIx1hcqXkJTHKmXuiKz6zLYPuMO --6RLfsTyyPgJi0GsAAAAA -------END PKCS7----- -Index: crypto/openssl/crypto/pkcs7/t/msie-enc-02 -=================================================================== ---- crypto/openssl/crypto/pkcs7/t/msie-enc-02 (revision 279126) -+++ crypto/openssl/crypto/pkcs7/t/msie-enc-02 (working copy) -@@ -1,90 +0,0 @@ -- --MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV --BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k --aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABEACr4tn --kSzvo3aIlHfJLGbfokNCV6FjdDP1vQhL+kdXONqcFCEf9ReETCvaHslIr/Wepc5j2hjZselzgqLn --rM1ZMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE --BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU --UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG --SIb3DQEBAQUABEBanBxKOvUoRn3DiFY55lly2TPu2Cv+dI/GLrzW6qvnUMZPWGPGaUlPyWLMZrXJ --xGXZUiRJKTBwDu91fnodUEK9MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQImxKZEDWP --EuOggASCBACBi1bX/qc3geqFyfRpX7JyIo/g4CDr62GlwvassAGlIO8zJ5Z/UDIIooeV6QS4D4OW --PymKd0WXhwcJI0yBcJTWEoxND27LM7CWFJpA07AoxVCRHTOPgm794NynLecNUOqVTFyS4CRuLhVG --PAk0nFZG/RE2yMtx4rAkSiVgOexES7wq/xWuoDSSmuTMNQOTbKfkEKqdFLkM/d62gD2wnaph7vKk --PPK82wdZP8rF3nUUC5c4ahbNoa8g+5B3tIF/Jz3ZZK3vGLU0IWO+i7W451dna13MglDDjXOeikNl --XLsQdAVo0nsjfGu+f66besJojPzysNA+IEZl6gNWUetl9lim4SqrxubUExdS2rmXnXXmEuEW/HC7 --dlTAeYq5Clqx5id6slhC2C2oegMww3XH9yxHw6OqzvXY6pVPEScEtBMQLgaKFQT+m2SRtbTVFG7c --QcnUODyVB1IbpQTF1DHeeOX1W/HfpWZym8dzkti6SCyeumHmqO406xDiIMVKtHOqM86nEHuAMZsr --cLy+ey6TEJvR6S4N8QRzng8JJDZDTJXQN6q84aEudsnOrw2KyOVwPpI6ey4qBsHUgQ8kAFy5lsQa --WV45h6exgUwbBcKLgPZGFj+OdD2RKJsTb83/UqbJS5Q/lGXhzBlnaYucyJxEprRxbntmcnOEPFJe --+tRDUwOTd7qlJljdhIJL+uDcooL9Ahgo6Cwep6tduekv2cSEohJeTE8Dvy34YRhMbLvnFNdmnpNy --rNZDYVVxxaKoyd2AfB8NPFZh1VdAYfI3R1QAQ2kXEef5NNIfVQfMzD9akJn4RP+Kv32Qaxm4FrnK --xmwRyGJShavIBc2ax+F1r1+NZXuSBHn5vfoRTxOk0ST4dXsw74dnlYUMRaSu4qqUdM9jsXSyeX4Z --gQgkR2bkaYO6ezFgenFIa7QWVw8rXZAEZ5aibCxbnY1VE41PYIvhlLdbFJhH9gY22s+fFAuwnzyA --SRjC40A9aAEItRlaPStWSGiqlLRgNkBBwdpv2l2YPBd2QzHx6ek6XGrvRJuAC+Nh62rtQKwpNH54 --YAOHW55maBFW2SQ3TF+cZ6NbbqhCmHTyyR7mcSYc9sXSVDWEhYKQ1iyU870zhHWVpvglZizZetJC --ZFjYex3b1ngVdcgargOvpPq9urCKKi2mbkqv/EFpzSWGXkKSpfCG/XfMnEOtkNrB8S06vnk2JcJB --OBqJot+uuSH5hOg0vTpxX2DuONJSiWSWyfRE/lTfJJFXwhod7SXclUyXPeSyibcSic2hVAzDmwjD --31js/j2k02PI/agPhr3UQ8cMgcNAiaoCKbNaWfn6BGbCAbTchxzUlo2cSJiLlrX2IDZmfXbXmZCo --m1smWIG+BIIEALiuAxDb6dWLAYyVBoN9hYI4AiPeZAY9MtvQ6AV8o2/EFm6PvYGXy3Hei5830CH0 --PBeX7Kdd6ff1y33TW/l5qSkIL1ULTGR7okFfJePHDmq1dFt6/JOMptiQ8WSu7CsJQvZ9VTFXeYFc --ZqCPPZc1NrPegNK70Zf9QxWIbDAevJ5KLBf1c6j8pU2/6LnvDY6VjaTvYSgr7vTR8eVzH4Rm77W0 --iOHxg5VcODv6cGSVyuvbX8UAGo8Cmb58ERDtBDJBQXVpWKLNAuDJ9GX8n2zNkpjZLbPSkcmuhqGa --BJBE/BaCTkUQWlY9dIbRtEnxIU1mfbPPdx1Ppa8DqGDjSOsQdKcKYNNZtayEw++EIpmpdBNsKphC --fB8UEK2Wkk4ZVW+qyGoi/r0MFsvO1NmSOOZ0o/jy/YHmoeURHhPy97AO3eVTkEAa5CfJEJybmo56 --7CDw/FwoGAUCgsoz7rlxzMudr/IhHIH+APinncxXlHO2ecvHD9i8DaHGA8tVifgsUhqQoZieULut --eF94O5UAxOkv41UZssYTwN4nYrN1QkesZl3BX4ORS4EE30/PQ23ARf3WZptZrCJevGm2ZYzGeh8x --g17mCDfiLO+bff4qP/4mC96Pu4ia6j4to5BwKIJS/+DCuoD8WeSKF4pugXQkMUiHdQnNnVP9Sp2O --/4ly5mO8JzrQC59V2bnTNBqPhpno8kfJvK5TypPSVC+bTzern3rJ6UceB3srcn9zxKx9GdNydJQj --yWjv8ec3n3d1nuQwhz5Q053NBhIjwoGg3Go7LO6i78ZOlpF7dcoAO13NfHLyNjnyHCaiWtVRTct9 --rLf5vN00urSn8YJngHk1eTKK8nHGIcOg6YdYDOD2nE5XwRijKmieG8Xa3eKRzfbL06GrBQENle6J --mC131bp3cRVxpjq+o6RAbGoMm4yICsL4eTarCQrsyHmoPHqr91UHo91avyxU7knWmEhX27ybmsrs --8aeZwPHixL14TeyhruCqRVvkf1Ks7P+z8MPUboGNqQe2WLN8ktCGEr15O8MJR/em86G03Jfo4oaw --/DVUH5RwLT6acedOGuzMh/2r8BcmemhVQ8/cWvV4YJ0tOW4hzyVHC5hQf8sZ3LzxXLH6Ohnrbprh --xvrdbaSdChWZDDP0bCCbxEhkwuBkBeKZrMbwRTP+TPTPYLVTH/CmKLzKh/114tkGkyO3hHS4qExU --V39F2Sj4mylx+hD0+20D9pntpNi7htccGlOm6yNM69at/3+kLgJJyoIlaxLcCUYHNMifDt+T3p/t --5U4XmD53uUQ6M8dvj/udqPekNSUfse15yrd9pjOt5PcJuqW28q0sFHf9pHIgz3XZFMe5PD7ppw6r --S+C6Ir4PrYIEggQA7ZDVtiCm+BbtNNB/UJm79/OQ5mp5bTI0kPmDeycaWTa0Ojpum+c/dpG/iJOB --DICj7jHOXSHT7JlGyX6aSFJUltucAnZvwzhPDmdDaIDiKSk85GqgdDWVfGosSCX9Ph/T3WpIxnwf --WSDRtIHkWTjly+pe4yy5K6/XISy/L5Zh/fhiI5fjHjgzmlibs2ru4nVw6hBhUvlSSe2BEs5d9h/y --NH8Wy3qvb2D3jh7hkepFtZJGNTHp8ZUC7Ns2JIpQYObsaxdI65i3mMOu7fRwI+0/4ejsWhP6KCEi --LgwvLg0qM82ma6YB7qHAHboaczRVEffDcJUG4a5uycB0DoZFn+uEaEFyili20hCn4hVfsqUQk2PT --8Mo1tSl5e30xI1YJZrRgiJm9nHRX6fLizngP+ILJLPHZsPvlSVIfY+/v/FR8feKOjaGhyGF51BAx --aM2NIQ4jMP5/X+U5gQybi0E6u7rroDhaHsKmCMgXqszwXWCpedA/sEbeHpiTC59YlPPSlIOMc9vP --Ko/mQCfWy/9icUaIfKQldvkllUxxNkqu6AbIpHVscbAEzSPs5xbQXU8EZNNCDisFnnpY3nQ3eLnl --m89saTJxRb7NWHRMlmPv7qgD7uMIq3vdOGA7i5wT9MeoNIgK1/DsgH30s6RWjJy4YyyLmRTXPzbj --hbQVpEmiMRbEidIvUx2OjKVxVQIcgtLsa2lvHQ4XL1cpLr5GVtOgy0fMg5OCDUUDsvjgjgLQ3P2U --p2nVY5FM6/QpPc5DTLuuR9ekI2/c9Biz09RtcYDUQK2ajdo8h1IyKqHFoB7h48OXxXKKY94DY0TG --x6PonB/epj8orAw4QKmm5M0vXYwBOqRymCTHTqOJGObdLx1euFFyqguzHJOU2gAGZI0z9Lg1yRuF --yhdPZyuniIcmtLNxRZ1duYHErcAyX56qndmLXt7UVkATai/rIMuoJLfAsUnVuTUS5p7tJM754UZT --7lTcXvDJgOUNnBRaIcxC3pxvbrYDJ2iFJ72xkxUP2p74gucqg25XnCVmQuLg6zDDxF6CLuw9isxy --Xg4pkneMN//7fpp8GYl9nyZm2yqYYM+jcw0fcVc64L+X4w/gL3H2UMGgxIHSJp7HIG7VKHtXrNyj --dPXXPVUsMsAAimqOr0Lr2sZWirfuivLaPTqhbkvG5PF7K3gT80AOIcd/6EIHBy2hZ7ukfjHmdP4L --yQOhTQklaKzGHI0mypq0uFLWJOUlZnVrMiLP1xrWkpC8Ro9eo6mfjjQ45z8adC43a47klwTEzvod --3rNEFIGJJUEjAN3mbqie7IxoSJknBBJK0D9lZEQ8lZWlq7vuN8JdqPM6xh155jMVsPwjLK6Tzkj5 --BpRD9Tgm3u6HPQSCBADgkWEN75Mu9TGosXY0xm1k6K6sPv8L949CrLWo4r1I2LA072bTGvQP28Vs --hUA76jgcT1ocC++9PoktIK10YCq5w+FfMAQ04KeCXuAdmiY2iAT4Slea61PMCMta3mVGyLUZCLEm --P+I0UKR5mlO0fGEcjU9j8TmbjZqxNFqloLsU7oSi7Os0EtYHkdAVrExUyOc/ZDie6fBjdLTmLdCm --bE9JNwjlbXypdTZupGgLNhKGDIskUAAMwZYayI6YfSIMkNCeAYTnjOuGZZ1msCXGXsfMBR1sfUIj --9UeGjwD8gq+UVVHX/oeoH/m0eJ5ppqi3+nUlgc9DvpYsC/Fg0G2KuYb9B+VJ+a4GMzQSPREoFtQp --B9dtLkBb7Ha/hpGWTIdqzW0eAo5llyN8FNvl2Fu2IcLaNmWFO69gLjRKQopp0dvFOuwAVI6fvGDj --p1WigoNbFZl8N+iiWmzKOjoG2ZLbez1clZCms/JPJrXhEMMOxWpVzkQyN336VWHmGgMcjaKCGSeA --2nnESIGuiCXMrkHlGfabYIsKcHFCo2t13uXyZPf0zSPTkuD0Eh92wqC9pvA3gvrrCUfo9Mn3bs+e --KWKmDlpcs8mDn032oIg+zrQhIduMqXVn3evzeVM3B5MBOGMvg51/SXg7R+MC/463juQQEb9IVe/I --YGnO//oWm9lw/377Af/qH+FnN02obJw1FvesQIs9e5RHNQykKbO+vmVJQl1nd9DZWrHDNO7/80Yz --2hCm7Tws5nSRN2iFlyRaYJHr7ypxkU2rCak2r6ua7XDwu1qU2RT3+qPjT1RuxQ2oTlHyGkKPMZGC --Rc+CSWz5aeeCmHZVwdb3nC8YpfsujMiYqygLeuQ82pjKuR7DIKGmnfcOLdv5F+Ek2Wyy0D98iSgk --+aoQGYLhL9llU13pn21uRsDY5uGcXiIw1IETFlTdgENEv8futZuJsegrp7fmFXyNoNyFNyypeDrM --6ZqR4vKxFjg3tKKeVpkw/W4EAklzMxmNiazGNDBHsnYV3rwPlKa+HeeE2YxnsKwGLCNgRYUXTaJk --461vS160z3dvh/mLfdZ7MYCkmO3bNE3ELUDAw7YQkSuo9ujzdFKte9LC34sjg9fOex3ThAg5Y50n --wYm4zBmGM7yEqL8O6QgnM6tIDFS9XryDaLNzcGhMWqMvhzO6sC/AA2WfLgwS517Cp03IkJQWqG9q --w52+E+GAtpioJfczEhlv9BrhjttdugRSjJrG8SYVYE4zG3Aur5eNBoGaALIOHOtPw8+JovQmIWcF --oaJ/WQuglFrWtew51IK6F8RiHAOBVavZOuZcO7tV+5enVfreOd0rX8ZOy4hYmHhmF1hOrrWOn+Ee --E0SYKonXN01BM9xMBIIBSLCvNAppnGPTUGjwbMJRg1VJ2KMiBWH5oJp8tyfIAxMuWFdtaLYbRSOD --XbOAshPVK8JAY8DQDkzqaCTAkLTfSRAt9yY6SbUpMsRv7xa8nMZNJBJzJT9b/wNjgiOJgaGuJMkV --2g/DX2jfP3PrMM/Sbnz7edORXHj1Pa5XTT8nG5MS0FuZgvevdq3o/gVVAz+ZCKOH3ShMzZvfp01l --SX5gaJTflmU6cdNwtn2yZ6IScF7OrjUeA9iEoSVR9dQcA+4lB3RAG3LMwcnxXY35D7+PMJzHIZdF --cSnq+n03ACY2/E/T31iijRH29rvYHGI+mP/ieYs45iq4fTWo6i1HofeWLdP0fX7xW3XO0/hWYFiw --BxKu66whAbRhaib3XJNvetVs25ToYXyiDpjG+cd5rCMei8sGQwTBj9Zeh0URoeMW1inTP0JvCmMU --rZgAAAAAAAAAAAAA -- -Index: crypto/openssl/crypto/pkcs7/t/msie-enc-02.pem -=================================================================== ---- crypto/openssl/crypto/pkcs7/t/msie-enc-02.pem (revision 279126) -+++ crypto/openssl/crypto/pkcs7/t/msie-enc-02.pem (working copy) -@@ -1,106 +0,0 @@ -------BEGIN PKCS7----- --MIAGCSqGSIb3DQEHA6CAMIITQAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ --bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT --aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ --uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQAKvi2eRLO+jdoiUd8ksZt+iQ0JXoWN0 --M/W9CEv6R1c42pwUIR/1F4RMK9oeyUiv9Z6lzmPaGNmx6XOCoueszVkwgfACAQAw --gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH --EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT --GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW --QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQFqcHEo69ShGfcOIVjnmWXLZM+7Y --K/50j8YuvNbqq+dQxk9YY8ZpSU/JYsxmtcnEZdlSJEkpMHAO73V+eh1QQr0wghFz --BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECJsSmRA1jxLjgIIRSIGLVtf+ --pzeB6oXJ9GlfsnIij+DgIOvrYaXC9qywAaUg7zMnln9QMgiih5XpBLgPg5Y/KYp3 --RZeHBwkjTIFwlNYSjE0PbsszsJYUmkDTsCjFUJEdM4+Cbv3g3Kct5w1Q6pVMXJLg --JG4uFUY8CTScVkb9ETbIy3HisCRKJWA57ERLvCr/Fa6gNJKa5Mw1A5Nsp+QQqp0U --uQz93raAPbCdqmHu8qQ88rzbB1k/ysXedRQLlzhqFs2hryD7kHe0gX8nPdlkre8Y --tTQhY76LtbjnV2drXcyCUMONc56KQ2VcuxB0BWjSeyN8a75/rpt6wmiM/PKw0D4g --RmXqA1ZR62X2WKbhKqvG5tQTF1LauZeddeYS4Rb8cLt2VMB5irkKWrHmJ3qyWELY --Lah6AzDDdcf3LEfDo6rO9djqlU8RJwS0ExAuBooVBP6bZJG1tNUUbtxBydQ4PJUH --UhulBMXUMd545fVb8d+lZnKbx3OS2LpILJ66Yeao7jTrEOIgxUq0c6ozzqcQe4Ax --mytwvL57LpMQm9HpLg3xBHOeDwkkNkNMldA3qrzhoS52yc6vDYrI5XA+kjp7LioG --wdSBDyQAXLmWxBpZXjmHp7GBTBsFwouA9kYWP450PZEomxNvzf9SpslLlD+UZeHM --GWdpi5zInESmtHFue2Zyc4Q8Ul761ENTA5N3uqUmWN2Egkv64Nyigv0CGCjoLB6n --q1256S/ZxISiEl5MTwO/LfhhGExsu+cU12aek3Ks1kNhVXHFoqjJ3YB8Hw08VmHV --V0Bh8jdHVABDaRcR5/k00h9VB8zMP1qQmfhE/4q/fZBrGbgWucrGbBHIYlKFq8gF --zZrH4XWvX41le5IEefm9+hFPE6TRJPh1ezDvh2eVhQxFpK7iqpR0z2OxdLJ5fhmB --CCRHZuRpg7p7MWB6cUhrtBZXDytdkARnlqJsLFudjVUTjU9gi+GUt1sUmEf2Bjba --z58UC7CfPIBJGMLjQD1oAQi1GVo9K1ZIaKqUtGA2QEHB2m/aXZg8F3ZDMfHp6Tpc --au9Em4AL42Hrau1ArCk0fnhgA4dbnmZoEVbZJDdMX5xno1tuqEKYdPLJHuZxJhz2 --xdJUNYSFgpDWLJTzvTOEdZWm+CVmLNl60kJkWNh7HdvWeBV1yBquA6+k+r26sIoq --LaZuSq/8QWnNJYZeQpKl8Ib9d8ycQ62Q2sHxLTq+eTYlwkE4Gomi3665IfmE6DS9 --OnFfYO440lKJZJbJ9ET+VN8kkVfCGh3tJdyVTJc95LKJtxKJzaFUDMObCMPfWOz+ --PaTTY8j9qA+GvdRDxwyBw0CJqgIps1pZ+foEZsIBtNyHHNSWjZxImIuWtfYgNmZ9 --dteZkKibWyZYgb64rgMQ2+nViwGMlQaDfYWCOAIj3mQGPTLb0OgFfKNvxBZuj72B --l8tx3oufN9Ah9DwXl+ynXen39ct901v5eakpCC9VC0xke6JBXyXjxw5qtXRbevyT --jKbYkPFkruwrCUL2fVUxV3mBXGagjz2XNTaz3oDSu9GX/UMViGwwHryeSiwX9XOo --/KVNv+i57w2OlY2k72EoK+700fHlcx+EZu+1tIjh8YOVXDg7+nBklcrr21/FABqP --Apm+fBEQ7QQyQUF1aViizQLgyfRl/J9szZKY2S2z0pHJroahmgSQRPwWgk5FEFpW --PXSG0bRJ8SFNZn2zz3cdT6WvA6hg40jrEHSnCmDTWbWshMPvhCKZqXQTbCqYQnwf --FBCtlpJOGVVvqshqIv69DBbLztTZkjjmdKP48v2B5qHlER4T8vewDt3lU5BAGuQn --yRCcm5qOeuwg8PxcKBgFAoLKM+65cczLna/yIRyB/gD4p53MV5RztnnLxw/YvA2h --xgPLVYn4LFIakKGYnlC7rXhfeDuVAMTpL+NVGbLGE8DeJ2KzdUJHrGZdwV+DkUuB --BN9Pz0NtwEX91mabWawiXrxptmWMxnofMYNe5gg34izvm33+Kj/+Jgvej7uImuo+ --LaOQcCiCUv/gwrqA/FnkiheKboF0JDFIh3UJzZ1T/Uqdjv+JcuZjvCc60AufVdm5 --0zQaj4aZ6PJHybyuU8qT0lQvm083q596yelHHgd7K3J/c8SsfRnTcnSUI8lo7/Hn --N593dZ7kMIc+UNOdzQYSI8KBoNxqOyzuou/GTpaRe3XKADtdzXxy8jY58hwmolrV --UU3Lfay3+bzdNLq0p/GCZ4B5NXkyivJxxiHDoOmHWAzg9pxOV8EYoyponhvF2t3i --kc32y9OhqwUBDZXuiZgtd9W6d3EVcaY6vqOkQGxqDJuMiArC+Hk2qwkK7Mh5qDx6 --q/dVB6PdWr8sVO5J1phIV9u8m5rK7PGnmcDx4sS9eE3soa7gqkVb5H9SrOz/s/DD --1G6BjakHtlizfJLQhhK9eTvDCUf3pvOhtNyX6OKGsPw1VB+UcC0+mnHnThrszIf9 --q/AXJnpoVUPP3Fr1eGCdLTluIc8lRwuYUH/LGdy88Vyx+joZ626a4cb63W2knQoV --mQwz9Gwgm8RIZMLgZAXimazG8EUz/kz0z2C1Ux/wpii8yof9deLZBpMjt4R0uKhM --VFd/Rdko+JspcfoQ9PttA/aZ7aTYu4bXHBpTpusjTOvWrf9/pC4CScqCJWsS3AlG --BzTInw7fk96f7eVOF5g+d7lEOjPHb4/7naj3pDUlH7Htecq3faYzreT3CbqltvKt --LBR3/aRyIM912RTHuTw+6acOq0vguiK+D62C7ZDVtiCm+BbtNNB/UJm79/OQ5mp5 --bTI0kPmDeycaWTa0Ojpum+c/dpG/iJOBDICj7jHOXSHT7JlGyX6aSFJUltucAnZv --wzhPDmdDaIDiKSk85GqgdDWVfGosSCX9Ph/T3WpIxnwfWSDRtIHkWTjly+pe4yy5 --K6/XISy/L5Zh/fhiI5fjHjgzmlibs2ru4nVw6hBhUvlSSe2BEs5d9h/yNH8Wy3qv --b2D3jh7hkepFtZJGNTHp8ZUC7Ns2JIpQYObsaxdI65i3mMOu7fRwI+0/4ejsWhP6 --KCEiLgwvLg0qM82ma6YB7qHAHboaczRVEffDcJUG4a5uycB0DoZFn+uEaEFyili2 --0hCn4hVfsqUQk2PT8Mo1tSl5e30xI1YJZrRgiJm9nHRX6fLizngP+ILJLPHZsPvl --SVIfY+/v/FR8feKOjaGhyGF51BAxaM2NIQ4jMP5/X+U5gQybi0E6u7rroDhaHsKm --CMgXqszwXWCpedA/sEbeHpiTC59YlPPSlIOMc9vPKo/mQCfWy/9icUaIfKQldvkl --lUxxNkqu6AbIpHVscbAEzSPs5xbQXU8EZNNCDisFnnpY3nQ3eLnlm89saTJxRb7N --WHRMlmPv7qgD7uMIq3vdOGA7i5wT9MeoNIgK1/DsgH30s6RWjJy4YyyLmRTXPzbj --hbQVpEmiMRbEidIvUx2OjKVxVQIcgtLsa2lvHQ4XL1cpLr5GVtOgy0fMg5OCDUUD --svjgjgLQ3P2Up2nVY5FM6/QpPc5DTLuuR9ekI2/c9Biz09RtcYDUQK2ajdo8h1Iy --KqHFoB7h48OXxXKKY94DY0TGx6PonB/epj8orAw4QKmm5M0vXYwBOqRymCTHTqOJ --GObdLx1euFFyqguzHJOU2gAGZI0z9Lg1yRuFyhdPZyuniIcmtLNxRZ1duYHErcAy --X56qndmLXt7UVkATai/rIMuoJLfAsUnVuTUS5p7tJM754UZT7lTcXvDJgOUNnBRa --IcxC3pxvbrYDJ2iFJ72xkxUP2p74gucqg25XnCVmQuLg6zDDxF6CLuw9isxyXg4p --kneMN//7fpp8GYl9nyZm2yqYYM+jcw0fcVc64L+X4w/gL3H2UMGgxIHSJp7HIG7V --KHtXrNyjdPXXPVUsMsAAimqOr0Lr2sZWirfuivLaPTqhbkvG5PF7K3gT80AOIcd/ --6EIHBy2hZ7ukfjHmdP4LyQOhTQklaKzGHI0mypq0uFLWJOUlZnVrMiLP1xrWkpC8 --Ro9eo6mfjjQ45z8adC43a47klwTEzvod3rNEFIGJJUEjAN3mbqie7IxoSJknBBJK --0D9lZEQ8lZWlq7vuN8JdqPM6xh155jMVsPwjLK6Tzkj5BpRD9Tgm3u6HPeCRYQ3v --ky71MaixdjTGbWTorqw+/wv3j0KstajivUjYsDTvZtMa9A/bxWyFQDvqOBxPWhwL --770+iS0grXRgKrnD4V8wBDTgp4Je4B2aJjaIBPhKV5rrU8wIy1reZUbItRkIsSY/ --4jRQpHmaU7R8YRyNT2PxOZuNmrE0WqWguxTuhKLs6zQS1geR0BWsTFTI5z9kOJ7p --8GN0tOYt0KZsT0k3COVtfKl1Nm6kaAs2EoYMiyRQAAzBlhrIjph9IgyQ0J4BhOeM --64ZlnWawJcZex8wFHWx9QiP1R4aPAPyCr5RVUdf+h6gf+bR4nmmmqLf6dSWBz0O+ --liwL8WDQbYq5hv0H5Un5rgYzNBI9ESgW1CkH120uQFvsdr+GkZZMh2rNbR4CjmWX --I3wU2+XYW7Yhwto2ZYU7r2AuNEpCimnR28U67ABUjp+8YOOnVaKCg1sVmXw36KJa --bMo6OgbZktt7PVyVkKaz8k8mteEQww7FalXORDI3ffpVYeYaAxyNooIZJ4DaecRI --ga6IJcyuQeUZ9ptgiwpwcUKja3Xe5fJk9/TNI9OS4PQSH3bCoL2m8DeC+usJR+j0 --yfduz54pYqYOWlyzyYOfTfagiD7OtCEh24ypdWfd6/N5UzcHkwE4Yy+DnX9JeDtH --4wL/jreO5BARv0hV78hgac7/+hab2XD/fvsB/+of4Wc3TahsnDUW96xAiz17lEc1 --DKQps76+ZUlCXWd30NlascM07v/zRjPaEKbtPCzmdJE3aIWXJFpgkevvKnGRTasJ --qTavq5rtcPC7WpTZFPf6o+NPVG7FDahOUfIaQo8xkYJFz4JJbPlp54KYdlXB1vec --Lxil+y6MyJirKAt65DzamMq5HsMgoaad9w4t2/kX4STZbLLQP3yJKCT5qhAZguEv --2WVTXemfbW5GwNjm4ZxeIjDUgRMWVN2AQ0S/x+61m4mx6Cunt+YVfI2g3IU3LKl4 --OszpmpHi8rEWODe0op5WmTD9bgQCSXMzGY2JrMY0MEeydhXevA+Upr4d54TZjGew --rAYsI2BFhRdNomTjrW9LXrTPd2+H+Yt91nsxgKSY7ds0TcQtQMDDthCRK6j26PN0 --Uq170sLfiyOD1857HdOECDljnSfBibjMGYYzvISovw7pCCczq0gMVL1evINos3Nw --aExaoy+HM7qwL8ADZZ8uDBLnXsKnTciQlBaob2rDnb4T4YC2mKgl9zMSGW/0GuGO --2126BFKMmsbxJhVgTjMbcC6vl40GgZoAsg4c60/Dz4mi9CYhZwWhon9ZC6CUWta1 --7DnUgroXxGIcA4FVq9k65lw7u1X7l6dV+t453Stfxk7LiFiYeGYXWE6utY6f4R4T --RJgqidc3TUEz3EywrzQKaZxj01Bo8GzCUYNVSdijIgVh+aCafLcnyAMTLlhXbWi2 --G0Ujg12zgLIT1SvCQGPA0A5M6mgkwJC030kQLfcmOkm1KTLEb+8WvJzGTSQScyU/ --W/8DY4IjiYGhriTJFdoPw19o3z9z6zDP0m58+3nTkVx49T2uV00/JxuTEtBbmYL3 --r3at6P4FVQM/mQijh90oTM2b36dNZUl+YGiU35ZlOnHTcLZ9smeiEnBezq41HgPY --hKElUfXUHAPuJQd0QBtyzMHJ8V2N+Q+/jzCcxyGXRXEp6vp9NwAmNvxP099Yoo0R --9va72BxiPpj/4nmLOOYquH01qOotR6H3li3T9H1+8Vt1ztP4VmBYsAcSruusIQG0 --YWom91yTb3rVbNuU6GF8og6YxvnHeawjHovLBkMEwY/WXodFEaHjFtYp0z9Cbwpj --FK2YAAAAAA== -------END PKCS7----- -Index: crypto/openssl/crypto/pkcs7/t/msie-s-a-e -=================================================================== ---- crypto/openssl/crypto/pkcs7/t/msie-s-a-e (revision 279126) -+++ crypto/openssl/crypto/pkcs7/t/msie-s-a-e (working copy) -@@ -1,91 +0,0 @@ -- --MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV --BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k --aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABECjscaS --G0U299fqiEAgTqTFQBp8Ai6zzjl557cVb3k6z4QZ7CbqBjSXAjLbh5e7S5Hd/FrFcDnxl1Ka06ha --VHGPMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE --BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU --UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG --SIb3DQEBAQUABECsyHXZ1xaiv0UQRvOmVYsaF38AL2XX75wxbCsz5/wOg7g3RP4aicZxaR4sBog0 --f2G1o9om/hu+A0rIYF/L4/GUMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQIsozQrnwj --cc2ggASCBAAQz/LPoJe/+iYWeTwSebz6Q9UeKZzQ2UWm7GLtEM3s3c9SCvpmkwIRdEhLjWaBJMyI --DiL7t1I1vMf9inB8LXgAcIEYkpNScjS8ERA9Ebb7ieNKSBg7w7B8ATHFxLSlDADqRgoZrB1Ctfgf --ximp3EgxTgnhtyQhZxXW7kBQyFRwumplrJXOp7albP7IothrOKncw30IJT1fwPxWNMItI9juXF0U --CbWVSjPzGBo4+XNXMvUO6MplOQEz/ywEQ9E8OZAQex1Zw9qq5ppsXB2pMsYV5sLJGikukMYKquiz --3YK+tN6J8ahLcDUs+VGwqvZi17gpBTlbEP+ZmXJpnO63t1yTEB0V5AZcRKWUOhzlCBM5YUagqNoY --cpsmSvOK6bYzkUKOrzWpDCAtGZ/Dvul5dTZZmxs2WpM+iyeHXMxO3huy8K1brPTqt1f1sHhuq1jD --1eXedaCjIgUW9qV18vNAQCof/Yb6T/1fxztf/jD7pPLQJ+7LJkKCAEHGcaizpoKqhYcttaEhLq1G --O+Ohqf7yFegMdTJ3wwP324w5ZYSU5fLo2Z34/Edf6EGvXyTIqVfAmEBALd6JGVdN5GlYYTxrL+eO --P80Z4ao4YKoxwEmRp5bmQsQ8B29QhOFKmC6eiG5B96qLMtp7Zmu1grDNxTd6OXShWVwYARD0/B1P --Sy0PAfk9Gb4fAkO9fZJDQYZ7s0mM5iOPEeSR7820TolOb+KfRabLA9d714jsc2jEykKlpP66Bh4j --aCsyqJ0uUQcE8SnzrKAqGwgWiCGQpiTa+HBiP6eRlRGOKQj5Y06vcNx6Ija4cGe6+yCN8HV8tCY0 --okZK98NQCl5t79R/ZB2c3NvBJH+/g3ulU48ikT3tVmDxE3mOZofZyGFEM99P+YCMScLDxTl3hzGy --0YkI8U855P7qOAbcFfh2T5n+LSELwLhbkymEfZT917GWTfmypBWMvJx0WHeDhKwQYPdzbKgWETnc --yeKasaCW+oLdhBwrd6Ws2r4MA8cwiYXDLbwYmCxJA8VF++8kubF2HJOjSyMBS+QT2PSV/0D9UWoi --Vfk7R4OvWBJVvq7nV+lXS0O5igjExxlmx1OaBfg7+Cr/MbK4zVNrKSJn82NnKKt6LC6RaTmvFYay --0sDFxQ7Xo+Th6tDNKmKWJt6Kegfjc+qTWJTKb3kL+UI8vS0zTLy1+M/rZ4ekos/JiS5rYIcAswvg --58kBgp/0rc6upBeWjBaK5O0aLAeBQfLulo1axWX04OSVKmYeoAltyR6UO9ME3acurQyg7Ta24yqO --whi/PrIaEiO7dsWvFtzsshVzBLic02NlAkPkMUzliPYnZHWQglDAVxL5K2qhvK1OFCkQpIgBsBDM --6KYRL/mkBIIEALIl927rIkaN37/BQIcxLcSa05YfC0Hl3mxWESt1A0D4lA37A9S8EbYmDfAYlMc0 --3HhZGdZEtawfpJFyDHzNZceNWBch6nxeNZCY4YFdsbzuGS0RKpwNA9S/czOJ4p9ymBCxuhGepI3U --PKbC8C749Www1/wMdAot1n+K7M/PBGR8hWmaH5SS7U3yMwAB1fq2NDjx4ur+Um+MclSdN01MDXzG --EO+eAo1pdAY8479234l8dB2YVAhZ1ZlJ4KmbqMKJrGJXnQUEYS6/cTDRjsUocsoW7uGg1ci2GiHa --qjlkfpBfie3SdhFW/K8hwAH0HALs56oFN66wUkP/AaJAPfIUNhR6RpHKzZ9zCC42oB2mNawQRMnF --ETBl1s/SwMxLKRp7jAfKs4NZxSY6I9z/2dTpzS3tsHMjxVDuxkolvRNWBILEMeL1CBvip2HhmoUw --/Sz5NDgyzk1aQLV6DQNJ2RZLMZDRCtSwZSBu6lhhSgTJGazP0+NbqXXC5aQTrqrFIcWyDXz+ADle --kszzYM/gSaQTCALTwfDDaU9Ek3xVgW+XBtExtJ3U+0AN3l0j86rUIdIvp6eWdxWQqv9LtpoorKMD --KfUc5PYV09Z1JgsT4X51Zzq+74l5dz7udIM7UNbdTpmRm9PDj3TUbGCvNR9hqOEGTLbkvb1ZR24a --h6uGRl2znB25IpDAGRhNRb9is/pO2tvHwHTDMOjrgvZG/pNvXgSUxz0pRjUjXIcqBe2X2gcQfeal --r8gY76o83WEGL6ODryV9vTQVHt52+izgpYoBZaVlpgqbZl54c+OE0Zxf9RwXwDbcYu5Ku5E0MPL0 --qUjc0y2+Y6E4P5bAWaZGMGT+ORkyVUzcaWmM/+XlO7PER5wrWlCIMZCX1L/nvioY0q0CKqALn7DJ --QU+qenbwrb6uwS7uNZY6V86s0aDYpU7yRyqxC5SbuyNJb02gdxUCgpIscFaMUjMVRml4M4BIjX/b --U+HgHoVMUm8SnN9gRcT2izPrgOGVcMTJjfenzoCKoCPo9RjgGMctgB4DvKamErNU7OrilIfuoqzE --PNSeP9SPw/zkDmNvMebM499We9CVnsHUWqF00/ZJWoua77+0f1bLS/tmci1JBvIcMo/4SJvgH+KF --o0gijP9gqAPd5iCOnpnJlHUqRIym42SmyKEDuzdSwXKjAR6j7uXda39JyMJr8gGzEsu0jYRkAmj1 --YdiqwKXUcLMkcj1AKeU/PxTUVw0YKsv/rowrPYww3xQUWqNivrXB7GCHE3BzsYNdHsmziaGIXQbA --+EBHdkuKrM8BcC+fxhF/l/KUxngsD1E75IcUv8zFDF+sk4CBYHqks9S4JYlcubuizqsILbdGzIMN --Z7w34k0XT+sEggQAyzr8MHeIJGsT+AYnZr08PeTbyr01JEoT7lPYT6PzX4F63QKKDl+mB+PwLMzY --CXrxZcUmuay6/MV8w/f5T6vQXdoSw5puWodBYwVReYh1IaEN+jiTapm9YBVmcIsJPO6abHowknSV --OWSvST0AtAX57fFOTckm+facfBK9s9T1lUUgF44Bh5e8f9qKqfOV44nqdCOEyUm0Dao497ieN4Eg --XBLNvOZY9+irMiXjp0lcyFvhrJOczfyCr9EiiaiH1TfSzKGKsf2W84iKn/JH6x2eOo7xjwJ40BQD --c6S1cUNEuqBhP6by0FioOXYOKVyifpxk84Eb+F/4CNdTJTvCPwsiegdfsX/Q53DvKVtXp9Ycam5J --TmKRHXK/bMHF4ONv3p/O/kn/BqRx+fbbP2eMX8Z1F/ltHKfp6B+06HljUwQLBJs9XtCfqH5Zgdz9 --gad5WZF5ykFArmHDgeFlgggvbZ7z9vqnjN/TH68TxJzauYQ5vLHQ6wGXik4/4uq7/TqNmhxlQEM4 --zVkwsn203bUmKLyz+yl1zItDpn5zy1uXfGo99rBdUzdbdE9LmEFPMaFsaHd4a8oDaUroD7FgCbeD --JJVld3ac6F8+3QbExPs48OrgA1kI3/UwXr52ldjiYzTLfAGR9BjqNFTw45FUHuMf8TEM5hcHx56w --95eKAqraDk28o9k+M2UKpcmrdlWoWzdqVVFeWGpM8x9Y9Nt0lf/4VUQgrXjqTkUCQkJyqTeTeGgH --rn3QBk2XAgpxZhaJs3InW0BkAlBmK99cMinUiJeFt5a4p5wPeXrVuh6V9m7Mpl9hzpogg++EZqah --fzzNnDgxOZfW342DX052PdgXo0NnkhCk005LvFt6M2mRn0fLgNVfyUZZoOp8cO5ZWbhXXlrhrgUt --j2zKPK6Q94Zj4kdXHBGpAkrB8ZQ4EGGODE0Dqusm8WPXzB+9236IMHPU7lFbyjBrFNI7O4jg+qRI --Ipi+7tX0FsilqEbmjG+OPwhZXrdqUqyF+rjKQuSRq7lOeDB4c6S2dq4OOny01i5HCbbyc9UvSHRm --hOhGqUlzHyHLo3W7j+26V/MhkDXJ+Tx+qfylv4pbliwTteJJj+CZwzjv29qb6lxYi+38Bw10ERap --m8UCRFBecVN7xXlcIfyeAl666Vi7EBJZv3EdFNrx1nlLwM65nYya7uj6L7IwJWotIUx8E0XH0/cU --xS/dG8bxf9L/8652h5gq3LI+wTNGuEX0DMuz7BGQG+NtgabrZ6SsKGthGa7eULTpz0McWTLRU0y/ --/tkckpm5pDnXSFbIMskwwjECz82UZBSPpigdN/Pjg5d+0yWu7s3VJxw4ENWPPpzZ+j7sOXmdvn9P --O1tQd60EO+3awASCBAAZQvWV3/yJ6FxPttbP+qeURpJoPEZfpN2UYZmd8HqtR0YbaOZ6Rln9nvpd --K9fylXdw9z2xeCbjDWUttJB4VqZxGJM8eCTC1VDVyAOsQ5n7SY55dMkQbU+o4Z/4J5m8+wz50BBI --LfruL1eZ6/CF6CdvxVRiJ10sXc0Tn2sVMXqkw7Adp1GYoCI9c6VFSFK74+n+y7LVFQ5HBnbQyKJc --dvdLOXwZOPaFHC5UNXRmOpcwdPqyXUe+xIsOMYbzdlAnI9eGDNeRDktUa/Rh0CbZCxjmJzoZEYOE --ZjsYZlEfp1Kb61t8z4m28hGLEg88T1Ihmxa2HeUWes1RpmgIOP+/2Lb3smj/l/fpSu4gabFgyCAV --H5HdCYMScUv8SVu55+tpeO8ELoHHQUXV4rr084O4budzhgNSOPyLGDl5sfDUXiyusPCxS4JVO/KY --6V2Qrtg/q2wtmXpEkZnGT+Qi3WDzwt4W81alztnYMP17oGLmxX71KV9OEiMZjI4WaaGt+OOINLtR --qefioZ1NI2L1s5M0tybwTsyU9WERM+3pUwXIfJVsbMZRlNaO2OogcHbaR4UWvhOj+3CTG1sThiYQ --MxMnp1Rpqx3nhyzqLO3TRrkYvxnA3cdPBn9EeqpgBMg7X3hCiMV3Fl5cj/WOMhtHYgY7BgeCXo46 --EFVZ4+WroGZ46xGiRDiIblo8bzLd7QCxvukzxy3mUDgsZQ8pds4N28weSUhBk5MAPbfBpRvXUVJx --MhKqXucQU1Md1qSGLbuuIQuz9pAGp1JFUx/vEkCgm74daSoVWCZuB+1ZE4f48clvrBj51xMNf8CP --EFE7vySzVb6X2H1i5X3Z+Y3DdIcWw4Y2FClfcJk4Mwq8Cq2GALGFEge9YSEE9YmyuU6OFeU0ICon --iXAgZ72SM8fBwJPruLFbdsNYKW+oAfmPisXSWMcZmdSbfk0GYv+vKtu3eegSbWw1UsCVtZOh9E5Z --uQ83l59CBqO9sV/SFU3WrrJ0qNWxrmXu9nJn5Qf5iCRoFGYNHYHkIG5FS6N00GEDZxGkxmro2d++ --Adj5LVHc/b1cYWmrux+jEqI8ZK8cyTB0XMbBA/HYbx9NXazr7znP4/Mlv3pZToEcYt+lgLHAArtU --AdhybhbLIwNMq0gr6EwtDklBa3ns4Wx/rJU8H7LGs6gV8uqeaSketv+nz+sQhfctxZ1rx+5qzXfy --FOQVpO23KDQunBi1Bl9k61Di4q9JWcyADBXPHXJzp7mL8Fk7zdvMAEfuED1phdRm6GgDYoYUs4yQ --IrhSjFlWyk7hT8475xk3BIv++obvWSAv/3+pF6A6U2RXDChVmnG0JnPa9wYYtdzBmLfZKBjX+DjD --yEMsuhPsCzuN4R6tBIIBWCVRKmKwdkatmpsQBgDw48u0/Arffl5/DRlS9ee+QffFecUitDdCK+kt --X5L2fGYrL5g6SltncMIeV1ptx4nuSjC/O944q1KYtqvQiPFWJqEXIRMNbbYOC47sjLza0tEFrimN --wxcrWGSzsy5R9beFQ1aHPcMrDWfCoviNRk2qPtxuKIC5Qk2ZuOmJLjCiLwUGEb0/1Mpzv3MqQa7d --mRayXg3DZWJPajxNZv6eS357ElMvwGQmqafb2mlQJwWLsg9m9PG7uqEoyrqSc6MiuY+icLEFib9j --OfRQrx70rTSKUfTr4MtP0aZZAefjCrpVIyTekhFDOk0Nmx057eonlyGgmGpl5/Uo+t1J1Z11Ya/l --bNbfmebRISJeTVW0I8FhseAZMI1GSwp/ludJxSLYOgyRkh+GX134MexNo7O9F1SxLCfWaSG9Fc3s --5ify04ua9/t8SGrYZPm/l3MkAAAAAAAAAAAAAA== -- -- -Index: crypto/openssl/crypto/pkcs7/t/msie-s-a-e.pem -=================================================================== ---- crypto/openssl/crypto/pkcs7/t/msie-s-a-e.pem (revision 279126) -+++ crypto/openssl/crypto/pkcs7/t/msie-s-a-e.pem (working copy) -@@ -1,106 +0,0 @@ -------BEGIN PKCS7----- --MIAGCSqGSIb3DQEHA6CAMIITUAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ --bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT --aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ --uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQKOxxpIbRTb31+qIQCBOpMVAGnwCLrPO --OXnntxVveTrPhBnsJuoGNJcCMtuHl7tLkd38WsVwOfGXUprTqFpUcY8wgfACAQAw --gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH --EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT --GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW --QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQKzIddnXFqK/RRBG86ZVixoXfwAv --ZdfvnDFsKzPn/A6DuDdE/hqJxnFpHiwGiDR/YbWj2ib+G74DSshgX8vj8ZQwghGD --BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECLKM0K58I3HNgIIRWBDP8s+g --l7/6JhZ5PBJ5vPpD1R4pnNDZRabsYu0Qzezdz1IK+maTAhF0SEuNZoEkzIgOIvu3 --UjW8x/2KcHwteABwgRiSk1JyNLwRED0RtvuJ40pIGDvDsHwBMcXEtKUMAOpGChms --HUK1+B/GKancSDFOCeG3JCFnFdbuQFDIVHC6amWslc6ntqVs/sii2Gs4qdzDfQgl --PV/A/FY0wi0j2O5cXRQJtZVKM/MYGjj5c1cy9Q7oymU5ATP/LARD0Tw5kBB7HVnD --2qrmmmxcHakyxhXmwskaKS6Qxgqq6LPdgr603onxqEtwNSz5UbCq9mLXuCkFOVsQ --/5mZcmmc7re3XJMQHRXkBlxEpZQ6HOUIEzlhRqCo2hhymyZK84rptjORQo6vNakM --IC0Zn8O+6Xl1NlmbGzZakz6LJ4dczE7eG7LwrVus9Oq3V/WweG6rWMPV5d51oKMi --BRb2pXXy80BAKh/9hvpP/V/HO1/+MPuk8tAn7ssmQoIAQcZxqLOmgqqFhy21oSEu --rUY746Gp/vIV6Ax1MnfDA/fbjDllhJTl8ujZnfj8R1/oQa9fJMipV8CYQEAt3okZ --V03kaVhhPGsv544/zRnhqjhgqjHASZGnluZCxDwHb1CE4UqYLp6IbkH3qosy2ntm --a7WCsM3FN3o5dKFZXBgBEPT8HU9LLQ8B+T0Zvh8CQ719kkNBhnuzSYzmI48R5JHv --zbROiU5v4p9FpssD13vXiOxzaMTKQqWk/roGHiNoKzKonS5RBwTxKfOsoCobCBaI --IZCmJNr4cGI/p5GVEY4pCPljTq9w3HoiNrhwZ7r7II3wdXy0JjSiRkr3w1AKXm3v --1H9kHZzc28Ekf7+De6VTjyKRPe1WYPETeY5mh9nIYUQz30/5gIxJwsPFOXeHMbLR --iQjxTznk/uo4BtwV+HZPmf4tIQvAuFuTKYR9lP3XsZZN+bKkFYy8nHRYd4OErBBg --93NsqBYROdzJ4pqxoJb6gt2EHCt3pazavgwDxzCJhcMtvBiYLEkDxUX77yS5sXYc --k6NLIwFL5BPY9JX/QP1RaiJV+TtHg69YElW+rudX6VdLQ7mKCMTHGWbHU5oF+Dv4 --Kv8xsrjNU2spImfzY2coq3osLpFpOa8VhrLSwMXFDtej5OHq0M0qYpYm3op6B+Nz --6pNYlMpveQv5Qjy9LTNMvLX4z+tnh6Siz8mJLmtghwCzC+DnyQGCn/Stzq6kF5aM --Fork7RosB4FB8u6WjVrFZfTg5JUqZh6gCW3JHpQ70wTdpy6tDKDtNrbjKo7CGL8+ --shoSI7t2xa8W3OyyFXMEuJzTY2UCQ+QxTOWI9idkdZCCUMBXEvkraqG8rU4UKRCk --iAGwEMzophEv+aSyJfdu6yJGjd+/wUCHMS3EmtOWHwtB5d5sVhErdQNA+JQN+wPU --vBG2Jg3wGJTHNNx4WRnWRLWsH6SRcgx8zWXHjVgXIep8XjWQmOGBXbG87hktESqc --DQPUv3MzieKfcpgQsboRnqSN1DymwvAu+PVsMNf8DHQKLdZ/iuzPzwRkfIVpmh+U --ku1N8jMAAdX6tjQ48eLq/lJvjHJUnTdNTA18xhDvngKNaXQGPOO/dt+JfHQdmFQI --WdWZSeCpm6jCiaxiV50FBGEuv3Ew0Y7FKHLKFu7hoNXIthoh2qo5ZH6QX4nt0nYR --VvyvIcAB9BwC7OeqBTeusFJD/wGiQD3yFDYUekaRys2fcwguNqAdpjWsEETJxREw --ZdbP0sDMSykae4wHyrODWcUmOiPc/9nU6c0t7bBzI8VQ7sZKJb0TVgSCxDHi9Qgb --4qdh4ZqFMP0s+TQ4Ms5NWkC1eg0DSdkWSzGQ0QrUsGUgbupYYUoEyRmsz9PjW6l1 --wuWkE66qxSHFsg18/gA5XpLM82DP4EmkEwgC08Hww2lPRJN8VYFvlwbRMbSd1PtA --Dd5dI/Oq1CHSL6enlncVkKr/S7aaKKyjAyn1HOT2FdPWdSYLE+F+dWc6vu+JeXc+ --7nSDO1DW3U6ZkZvTw4901GxgrzUfYajhBky25L29WUduGoerhkZds5wduSKQwBkY --TUW/YrP6Ttrbx8B0wzDo64L2Rv6Tb14ElMc9KUY1I1yHKgXtl9oHEH3mpa/IGO+q --PN1hBi+jg68lfb00FR7edvos4KWKAWWlZaYKm2ZeeHPjhNGcX/UcF8A23GLuSruR --NDDy9KlI3NMtvmOhOD+WwFmmRjBk/jkZMlVM3GlpjP/l5TuzxEecK1pQiDGQl9S/ --574qGNKtAiqgC5+wyUFPqnp28K2+rsEu7jWWOlfOrNGg2KVO8kcqsQuUm7sjSW9N --oHcVAoKSLHBWjFIzFUZpeDOASI1/21Ph4B6FTFJvEpzfYEXE9osz64DhlXDEyY33 --p86AiqAj6PUY4BjHLYAeA7ymphKzVOzq4pSH7qKsxDzUnj/Uj8P85A5jbzHmzOPf --VnvQlZ7B1FqhdNP2SVqLmu+/tH9Wy0v7ZnItSQbyHDKP+Eib4B/ihaNIIoz/YKgD --3eYgjp6ZyZR1KkSMpuNkpsihA7s3UsFyowEeo+7l3Wt/ScjCa/IBsxLLtI2EZAJo --9WHYqsCl1HCzJHI9QCnlPz8U1FcNGCrL/66MKz2MMN8UFFqjYr61wexghxNwc7GD --XR7Js4mhiF0GwPhAR3ZLiqzPAXAvn8YRf5fylMZ4LA9RO+SHFL/MxQxfrJOAgWB6 --pLPUuCWJXLm7os6rCC23RsyDDWe8N+JNF0/ryzr8MHeIJGsT+AYnZr08PeTbyr01 --JEoT7lPYT6PzX4F63QKKDl+mB+PwLMzYCXrxZcUmuay6/MV8w/f5T6vQXdoSw5pu --WodBYwVReYh1IaEN+jiTapm9YBVmcIsJPO6abHowknSVOWSvST0AtAX57fFOTckm --+facfBK9s9T1lUUgF44Bh5e8f9qKqfOV44nqdCOEyUm0Dao497ieN4EgXBLNvOZY --9+irMiXjp0lcyFvhrJOczfyCr9EiiaiH1TfSzKGKsf2W84iKn/JH6x2eOo7xjwJ4 --0BQDc6S1cUNEuqBhP6by0FioOXYOKVyifpxk84Eb+F/4CNdTJTvCPwsiegdfsX/Q --53DvKVtXp9Ycam5JTmKRHXK/bMHF4ONv3p/O/kn/BqRx+fbbP2eMX8Z1F/ltHKfp --6B+06HljUwQLBJs9XtCfqH5Zgdz9gad5WZF5ykFArmHDgeFlgggvbZ7z9vqnjN/T --H68TxJzauYQ5vLHQ6wGXik4/4uq7/TqNmhxlQEM4zVkwsn203bUmKLyz+yl1zItD --pn5zy1uXfGo99rBdUzdbdE9LmEFPMaFsaHd4a8oDaUroD7FgCbeDJJVld3ac6F8+ --3QbExPs48OrgA1kI3/UwXr52ldjiYzTLfAGR9BjqNFTw45FUHuMf8TEM5hcHx56w --95eKAqraDk28o9k+M2UKpcmrdlWoWzdqVVFeWGpM8x9Y9Nt0lf/4VUQgrXjqTkUC --QkJyqTeTeGgHrn3QBk2XAgpxZhaJs3InW0BkAlBmK99cMinUiJeFt5a4p5wPeXrV --uh6V9m7Mpl9hzpogg++EZqahfzzNnDgxOZfW342DX052PdgXo0NnkhCk005LvFt6 --M2mRn0fLgNVfyUZZoOp8cO5ZWbhXXlrhrgUtj2zKPK6Q94Zj4kdXHBGpAkrB8ZQ4 --EGGODE0Dqusm8WPXzB+9236IMHPU7lFbyjBrFNI7O4jg+qRIIpi+7tX0FsilqEbm --jG+OPwhZXrdqUqyF+rjKQuSRq7lOeDB4c6S2dq4OOny01i5HCbbyc9UvSHRmhOhG --qUlzHyHLo3W7j+26V/MhkDXJ+Tx+qfylv4pbliwTteJJj+CZwzjv29qb6lxYi+38 --Bw10ERapm8UCRFBecVN7xXlcIfyeAl666Vi7EBJZv3EdFNrx1nlLwM65nYya7uj6 --L7IwJWotIUx8E0XH0/cUxS/dG8bxf9L/8652h5gq3LI+wTNGuEX0DMuz7BGQG+Nt --gabrZ6SsKGthGa7eULTpz0McWTLRU0y//tkckpm5pDnXSFbIMskwwjECz82UZBSP --pigdN/Pjg5d+0yWu7s3VJxw4ENWPPpzZ+j7sOXmdvn9PO1tQd60EO+3awBlC9ZXf --/InoXE+21s/6p5RGkmg8Rl+k3ZRhmZ3weq1HRhto5npGWf2e+l0r1/KVd3D3PbF4 --JuMNZS20kHhWpnEYkzx4JMLVUNXIA6xDmftJjnl0yRBtT6jhn/gnmbz7DPnQEEgt --+u4vV5nr8IXoJ2/FVGInXSxdzROfaxUxeqTDsB2nUZigIj1zpUVIUrvj6f7LstUV --DkcGdtDIolx290s5fBk49oUcLlQ1dGY6lzB0+rJdR77Eiw4xhvN2UCcj14YM15EO --S1Rr9GHQJtkLGOYnOhkRg4RmOxhmUR+nUpvrW3zPibbyEYsSDzxPUiGbFrYd5RZ6 --zVGmaAg4/7/YtveyaP+X9+lK7iBpsWDIIBUfkd0JgxJxS/xJW7nn62l47wQugcdB --RdXiuvTzg7hu53OGA1I4/IsYOXmx8NReLK6w8LFLglU78pjpXZCu2D+rbC2ZekSR --mcZP5CLdYPPC3hbzVqXO2dgw/XugYubFfvUpX04SIxmMjhZpoa3444g0u1Gp5+Kh --nU0jYvWzkzS3JvBOzJT1YREz7elTBch8lWxsxlGU1o7Y6iBwdtpHhRa+E6P7cJMb --WxOGJhAzEyenVGmrHeeHLOos7dNGuRi/GcDdx08Gf0R6qmAEyDtfeEKIxXcWXlyP --9Y4yG0diBjsGB4JejjoQVVnj5augZnjrEaJEOIhuWjxvMt3tALG+6TPHLeZQOCxl --Dyl2zg3bzB5JSEGTkwA9t8GlG9dRUnEyEqpe5xBTUx3WpIYtu64hC7P2kAanUkVT --H+8SQKCbvh1pKhVYJm4H7VkTh/jxyW+sGPnXEw1/wI8QUTu/JLNVvpfYfWLlfdn5 --jcN0hxbDhjYUKV9wmTgzCrwKrYYAsYUSB71hIQT1ibK5To4V5TQgKieJcCBnvZIz --x8HAk+u4sVt2w1gpb6gB+Y+KxdJYxxmZ1Jt+TQZi/68q27d56BJtbDVSwJW1k6H0 --Tlm5DzeXn0IGo72xX9IVTdausnSo1bGuZe72cmflB/mIJGgUZg0dgeQgbkVLo3TQ --YQNnEaTGaujZ374B2PktUdz9vVxhaau7H6MSojxkrxzJMHRcxsED8dhvH01drOvv --Oc/j8yW/ellOgRxi36WAscACu1QB2HJuFssjA0yrSCvoTC0OSUFreezhbH+slTwf --ssazqBXy6p5pKR62/6fP6xCF9y3FnWvH7mrNd/IU5BWk7bcoNC6cGLUGX2TrUOLi --r0lZzIAMFc8dcnOnuYvwWTvN28wAR+4QPWmF1GboaANihhSzjJAiuFKMWVbKTuFP --zjvnGTcEi/76hu9ZIC//f6kXoDpTZFcMKFWacbQmc9r3Bhi13MGYt9koGNf4OMPI --Qyy6E+wLO43hHq0lUSpisHZGrZqbEAYA8OPLtPwK335efw0ZUvXnvkH3xXnFIrQ3 --QivpLV+S9nxmKy+YOkpbZ3DCHldabceJ7kowvzveOKtSmLar0IjxViahFyETDW22 --DguO7Iy82tLRBa4pjcMXK1hks7MuUfW3hUNWhz3DKw1nwqL4jUZNqj7cbiiAuUJN --mbjpiS4woi8FBhG9P9TKc79zKkGu3ZkWsl4Nw2ViT2o8TWb+nkt+exJTL8BkJqmn --29ppUCcFi7IPZvTxu7qhKMq6knOjIrmPonCxBYm/Yzn0UK8e9K00ilH06+DLT9Gm --WQHn4wq6VSMk3pIRQzpNDZsdOe3qJ5choJhqZef1KPrdSdWddWGv5WzW35nm0SEi --Xk1VtCPBYbHgGTCNRksKf5bnScUi2DoMkZIfhl9d+DHsTaOzvRdUsSwn1mkhvRXN --7OYn8tOLmvf7fEhq2GT5v5dzJAAAAAA= -------END PKCS7----- -Index: crypto/openssl/crypto/pkcs7/t/nav-smime -=================================================================== ---- crypto/openssl/crypto/pkcs7/t/nav-smime (revision 279126) -+++ crypto/openssl/crypto/pkcs7/t/nav-smime (working copy) -@@ -1,157 +0,0 @@ --From angela@c2.net.au Thu May 14 13:32:27 1998 --X-UIDL: 83c94dd550e54329bf9571b72038b8c8 --Return-Path: angela@c2.net.au --Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id NAA27838 for <tjh@cryptsoft.com>; Thu, 14 May 1998 13:32:26 +1000 (EST) --Message-ID: <355A6779.4B63E64C@cryptsoft.com> --Date: Thu, 14 May 1998 13:39:37 +1000 --From: Angela van Lent <angela@c2.net.au> --X-Mailer: Mozilla 4.03 [en] (Win95; U) --MIME-Version: 1.0 --To: tjh@cryptsoft.com --Subject: signed --Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms9A58844C95949ECC78A1C54C" --Content-Length: 2604 --Status: OR -- --This is a cryptographically signed message in MIME format. -- ----------------ms9A58844C95949ECC78A1C54C --Content-Type: text/plain; charset=us-ascii --Content-Transfer-Encoding: 7bit -- --signed body -- ----------------ms9A58844C95949ECC78A1C54C --Content-Type: application/x-pkcs7-signature; name="smime.p7s" --Content-Transfer-Encoding: base64 --Content-Disposition: attachment; filename="smime.p7s" --Content-Description: S/MIME Cryptographic Signature -- --MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC --BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR --BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv --ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE --AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow --gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu --ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG --A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m --dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh --hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg --hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP --igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds --syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG --A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m --dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD --ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB --kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l --MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB --TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB --BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf --mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s --8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx --ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP --BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ --REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB --AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B --CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG --SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv --BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA --9CWR6g== ----------------ms9A58844C95949ECC78A1C54C-- -- -- --From angela@c2.net.au Thu May 14 13:33:16 1998 --X-UIDL: 8f076c44ff7c5967fd5b00c4588a8731 --Return-Path: angela@c2.net.au --Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id NAA27847 for <tjh@cryptsoft.com>; Thu, 14 May 1998 13:33:15 +1000 (EST) --Message-ID: <355A67AB.2AF38806@cryptsoft.com> --Date: Thu, 14 May 1998 13:40:27 +1000 --From: Angela van Lent <angela@c2.net.au> --X-Mailer: Mozilla 4.03 [en] (Win95; U) --MIME-Version: 1.0 --To: tjh@cryptsoft.com --Subject: signed --Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------msD7863B84BD61E02C407F2F5E" --Content-Length: 2679 --Status: OR -- --This is a cryptographically signed message in MIME format. -- ----------------msD7863B84BD61E02C407F2F5E --Content-Type: text/plain; charset=us-ascii --Content-Transfer-Encoding: 7bit -- --signed body 2 -- ----------------msD7863B84BD61E02C407F2F5E --Content-Type: application/x-pkcs7-signature; name="smime.p7s" --Content-Transfer-Encoding: base64 --Content-Disposition: attachment; filename="smime.p7s" --Content-Description: S/MIME Cryptographic Signature -- --MIIGVgYJKoZIhvcNAQcCoIIGRzCCBkMCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC --BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR --BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv --ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE --AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow --gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu --ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG --A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m --dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh --hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg --hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP --igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds --syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG --A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m --dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD --ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB --kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l --MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB --TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB --BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf --mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s --8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx --ggGzMIIBrwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP --BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ --REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB --AgIEfjAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcN --AQkFMQ8XDTk4MDUxNDAzNDAyN1owIwYJKoZIhvcNAQkEMRYEFOKcV8mNYJnM8rHQajcSEqJN --rwdDMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMAcGBSsO --AwIHMA0GCCqGSIb3DQMCAgFAMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABEADPE/N --coH+zTFuX5YpolupTKxKK8eEjc48TuADuO8bIHHDE/fEYaWunlwDuTlcFJl1ig0idffPB1qC --Zp8SSVVY ----------------msD7863B84BD61E02C407F2F5E-- -- -- --From angela@c2.net.au Thu May 14 14:05:32 1998 --X-UIDL: a7d629b4b9acacaee8b39371b860a32a --Return-Path: angela@c2.net.au --Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id OAA28033 for <tjh@cryptsoft.com>; Thu, 14 May 1998 14:05:32 +1000 (EST) --Message-ID: <355A6F3B.AC385981@cryptsoft.com> --Date: Thu, 14 May 1998 14:12:43 +1000 --From: Angela van Lent <angela@c2.net.au> --X-Mailer: Mozilla 4.03 [en] (Win95; U) --MIME-Version: 1.0 --To: tjh@cryptsoft.com --Subject: encrypted --Content-Type: application/x-pkcs7-mime; name="smime.p7m" --Content-Transfer-Encoding: base64 --Content-Disposition: attachment; filename="smime.p7m" --Content-Description: S/MIME Encrypted Message --Content-Length: 905 --Status: OR -- --MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG --A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m --dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD --ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEA92N29Yk39RUY2tIVd --exGT2MFX3J6H8LB8aDRJjw7843ALgJ5zXpM5+f80QkAWwEN2A6Pl3VxiCeKLi435zXVyMIHw --AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI --QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU --UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0G --CSqGSIb3DQEBAQUABECR9IfyHtvnjFmZ8B2oUCEs1vxMsG0u1kxKE4RMPFyDqDCEARq7zXMg --nzSUI7Wgv5USSKDqcLRJeW+jvYURv/nJMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA --oAQIrLqrij2ZMpeggAQoibtn6reRZWuWk5Iv5IAhgitr8EYE4w4ySQ7EMB6mTlBoFpccUMWX --BwQgQn1UoWCvYAlhDzURdbui64Dc0rS2wtj+kE/InS6y25EEEPe4NUKaF8/UlE+lo3LtILQE --CL3uV8k7m0iqAAAAAAAAAAAAAA== -- -Index: crypto/openssl/crypto/pkcs7/t/s.pem -=================================================================== ---- crypto/openssl/crypto/pkcs7/t/s.pem (revision 279126) -+++ crypto/openssl/crypto/pkcs7/t/s.pem (working copy) -@@ -1,57 +0,0 @@ -------BEGIN RSA PRIVATE KEY----- --MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9 --mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG --fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/ --zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29 --p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b --bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk --IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG -------END RSA PRIVATE KEY----- --issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA --subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com --serial :047D -- --Certificate: -- Data: -- Version: 3 (0x2) -- Serial Number: 1149 (0x47d) -- Signature Algorithm: md5withRSAEncryption -- Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA -- Validity -- Not Before: May 13 05:40:58 1998 GMT -- Not After : May 12 05:40:58 2000 GMT -- Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com -- Subject Public Key Info: -- Public Key Algorithm: rsaEncryption -- Modulus: -- 00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81: -- 73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc: -- 89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29: -- fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f: -- e7:e7:0c:4d:0b -- Exponent: 65537 (0x10001) -- X509v3 extensions: -- Netscape Comment: -- Generated with SSLeay -- Signature Algorithm: md5withRSAEncryption -- 52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55: -- f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97: -- d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b: -- 50:74:ad:92:cb:4e:90:e5:fa:7d -- -------BEGIN CERTIFICATE----- --MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV --MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE --ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E --IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw --NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK --UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m --dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0 --aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG --9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf --lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB --hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA --UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8 --4A3ZItobUHStkstOkOX6fQ== -------END CERTIFICATE----- -- -Index: crypto/openssl/crypto/pkcs7/t/server.pem -=================================================================== ---- crypto/openssl/crypto/pkcs7/t/server.pem (revision 279126) -+++ crypto/openssl/crypto/pkcs7/t/server.pem (working copy) -@@ -1,57 +0,0 @@ --issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA --subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com --serial :047D -- --Certificate: -- Data: -- Version: 3 (0x2) -- Serial Number: 1149 (0x47d) -- Signature Algorithm: md5withRSAEncryption -- Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA -- Validity -- Not Before: May 13 05:40:58 1998 GMT -- Not After : May 12 05:40:58 2000 GMT -- Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com -- Subject Public Key Info: -- Public Key Algorithm: rsaEncryption -- Modulus: -- 00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81: -- 73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc: -- 89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29: -- fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f: -- e7:e7:0c:4d:0b -- Exponent: 65537 (0x10001) -- X509v3 extensions: -- Netscape Comment: -- Generated with SSLeay -- Signature Algorithm: md5withRSAEncryption -- 52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55: -- f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97: -- d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b: -- 50:74:ad:92:cb:4e:90:e5:fa:7d -- -------BEGIN CERTIFICATE----- --MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV --MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE --ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E --IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw --NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK --UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m --dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0 --aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG --9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf --lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB --hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA --UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8 --4A3ZItobUHStkstOkOX6fQ== -------END CERTIFICATE----- -- -------BEGIN RSA PRIVATE KEY----- --MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9 --mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG --fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/ --zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29 --p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b --bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk --IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG -------END RSA PRIVATE KEY----- -Index: crypto/openssl/crypto/pkcs7/verify.c -=================================================================== ---- crypto/openssl/crypto/pkcs7/verify.c (revision 279126) -+++ crypto/openssl/crypto/pkcs7/verify.c (working copy) -@@ -1,263 +0,0 @@ --/* crypto/pkcs7/verify.c */ --/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -- * All rights reserved. -- * -- * This package is an SSL implementation written -- * by Eric Young (eay@cryptsoft.com). -- * The implementation was written so as to conform with Netscapes SSL. -- * -- * This library is free for commercial and non-commercial use as long as -- * the following conditions are aheared to. The following conditions -- * apply to all code found in this distribution, be it the RC4, RSA, -- * lhash, DES, etc., code; not just the SSL code. The SSL documentation -- * included with this distribution is covered by the same copyright terms -- * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -- * Copyright remains Eric Young's, and as such any Copyright notices in -- * the code are not to be removed. -- * If this package is used in a product, Eric Young should be given attribution -- * as the author of the parts of the library used. -- * This can be in the form of a textual message at program startup or -- * in documentation (online or textual) provided with the package. -- * -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * 1. Redistributions of source code must retain the copyright -- * notice, this list of conditions and the following disclaimer. -- * 2. Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in the -- * documentation and/or other materials provided with the distribution. -- * 3. All advertising materials mentioning features or use of this software -- * must display the following acknowledgement: -- * "This product includes cryptographic software written by -- * Eric Young (eay@cryptsoft.com)" -- * The word 'cryptographic' can be left out if the rouines from the library -- * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -- * the apps directory (application code) you must include an acknowledgement: -- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -- * SUCH DAMAGE. -- * -- * The licence and distribution terms for any publically available version or -- * derivative of this code cannot be changed. i.e. this code cannot simply be -- * copied and put under another distribution licence -- * [including the GNU Public Licence.] -- */ --#include <stdio.h> --#include <string.h> --#include <openssl/bio.h> --#include <openssl/asn1.h> --#include <openssl/x509.h> --#include <openssl/pem.h> --#include <openssl/err.h> --#include "example.h" -- --int verify_callback(int ok, X509_STORE_CTX *ctx); -- --BIO *bio_err=NULL; --BIO *bio_out=NULL; -- --int main(argc,argv) --int argc; --char *argv[]; -- { -- PKCS7 *p7; -- PKCS7_SIGNER_INFO *si; -- X509_STORE_CTX cert_ctx; -- X509_STORE *cert_store=NULL; -- BIO *data,*detached=NULL,*p7bio=NULL; -- char buf[1024*4]; -- char *pp; -- int i,printit=0; -- STACK_OF(PKCS7_SIGNER_INFO) *sk; -- -- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); -- bio_out=BIO_new_fp(stdout,BIO_NOCLOSE); --#ifndef OPENSSL_NO_MD2 -- EVP_add_digest(EVP_md2()); --#endif --#ifndef OPENSSL_NO_MD5 -- EVP_add_digest(EVP_md5()); --#endif --#ifndef OPENSSL_NO_SHA1 -- EVP_add_digest(EVP_sha1()); --#endif --#ifndef OPENSSL_NO_MDC2 -- EVP_add_digest(EVP_mdc2()); --#endif -- -- data=BIO_new(BIO_s_file()); -- -- pp=NULL; -- while (argc > 1) -- { -- argc--; -- argv++; -- if (strcmp(argv[0],"-p") == 0) -- { -- printit=1; -- } -- else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2)) -- { -- detached=BIO_new(BIO_s_file()); -- if (!BIO_read_filename(detached,argv[1])) -- goto err; -- argc--; -- argv++; -- } -- else -- { -- pp=argv[0]; -- if (!BIO_read_filename(data,argv[0])) -- goto err; -- } -- } -- -- if (pp == NULL) -- BIO_set_fp(data,stdin,BIO_NOCLOSE); -- -- -- /* Load the PKCS7 object from a file */ -- if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL,NULL)) == NULL) goto err; -- -- /* This stuff is being setup for certificate verification. -- * When using SSL, it could be replaced with a -- * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */ -- cert_store=X509_STORE_new(); -- X509_STORE_set_default_paths(cert_store); -- X509_STORE_load_locations(cert_store,NULL,"../../certs"); -- X509_STORE_set_verify_cb_func(cert_store,verify_callback); -- -- ERR_clear_error(); -- -- /* We need to process the data */ -- if ((PKCS7_get_detached(p7) || detached)) -- { -- if (detached == NULL) -- { -- printf("no data to verify the signature on\n"); -- exit(1); -- } -- else -- p7bio=PKCS7_dataInit(p7,detached); -- } -- else -- { -- p7bio=PKCS7_dataInit(p7,NULL); -- } -- -- /* We now have to 'read' from p7bio to calculate digests etc. */ -- for (;;) -- { -- i=BIO_read(p7bio,buf,sizeof(buf)); -- /* print it? */ -- if (i <= 0) break; -- } -- -- /* We can now verify signatures */ -- sk=PKCS7_get_signer_info(p7); -- if (sk == NULL) -- { -- printf("there are no signatures on this data\n"); -- exit(1); -- } -- -- /* Ok, first we need to, for each subject entry, see if we can verify */ -- for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++) -- { -- ASN1_UTCTIME *tm; -- char *str1,*str2; -- int rc; -- -- si=sk_PKCS7_SIGNER_INFO_value(sk,i); -- rc=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si); -- if (rc <= 0) -- goto err; -- printf("signer info\n"); -- if ((tm=get_signed_time(si)) != NULL) -- { -- BIO_printf(bio_out,"Signed time:"); -- ASN1_UTCTIME_print(bio_out,tm); -- ASN1_UTCTIME_free(tm); -- BIO_printf(bio_out,"\n"); -- } -- if (get_signed_seq2string(si,&str1,&str2)) -- { -- BIO_printf(bio_out,"String 1 is %s\n",str1); -- BIO_printf(bio_out,"String 2 is %s\n",str2); -- } -- -- } -- -- X509_STORE_free(cert_store); -- -- printf("done\n"); -- exit(0); --err: -- ERR_load_crypto_strings(); -- ERR_print_errors_fp(stderr); -- exit(1); -- } -- --/* should be X509 * but we can just have them as char *. */ --int verify_callback(int ok, X509_STORE_CTX *ctx) -- { -- char buf[256]; -- X509 *err_cert; -- int err,depth; -- -- err_cert=X509_STORE_CTX_get_current_cert(ctx); -- err= X509_STORE_CTX_get_error(ctx); -- depth= X509_STORE_CTX_get_error_depth(ctx); -- -- X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256); -- BIO_printf(bio_err,"depth=%d %s\n",depth,buf); -- if (!ok) -- { -- BIO_printf(bio_err,"verify error:num=%d:%s\n",err, -- X509_verify_cert_error_string(err)); -- if (depth < 6) -- { -- ok=1; -- X509_STORE_CTX_set_error(ctx,X509_V_OK); -- } -- else -- { -- ok=0; -- X509_STORE_CTX_set_error(ctx,X509_V_ERR_CERT_CHAIN_TOO_LONG); -- } -- } -- switch (ctx->error) -- { -- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: -- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256); -- BIO_printf(bio_err,"issuer= %s\n",buf); -- break; -- case X509_V_ERR_CERT_NOT_YET_VALID: -- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: -- BIO_printf(bio_err,"notBefore="); -- ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); -- BIO_printf(bio_err,"\n"); -- break; -- case X509_V_ERR_CERT_HAS_EXPIRED: -- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: -- BIO_printf(bio_err,"notAfter="); -- ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); -- BIO_printf(bio_err,"\n"); -- break; -- } -- BIO_printf(bio_err,"verify return:%d\n",ok); -- return(ok); -- } -Index: crypto/openssl/crypto/rsa/Makefile -=================================================================== ---- crypto/openssl/crypto/rsa/Makefile (revision 279126) -+++ crypto/openssl/crypto/rsa/Makefile (working copy) -@@ -189,7 +189,7 @@ rsa_oaep.o: ../../include/openssl/opensslv.h ../.. - rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h - rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h - rsa_oaep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h --rsa_oaep.o: ../cryptlib.h rsa_oaep.c -+rsa_oaep.o: ../constant_time_locl.h ../cryptlib.h rsa_oaep.c - rsa_pk1.o: ../../e_os.h ../../include/openssl/asn1.h - rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h - rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -@@ -198,7 +198,8 @@ rsa_pk1.o: ../../include/openssl/lhash.h ../../inc - rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h - rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h - rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h --rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c -+rsa_pk1.o: ../../include/openssl/symhacks.h ../constant_time_locl.h -+rsa_pk1.o: ../cryptlib.h rsa_pk1.c - rsa_pss.o: ../../e_os.h ../../include/openssl/asn1.h - rsa_pss.o: ../../include/openssl/bio.h ../../include/openssl/bn.h - rsa_pss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -Index: crypto/openssl/crypto/rsa/rsa.h -=================================================================== ---- crypto/openssl/crypto/rsa/rsa.h (revision 279126) -+++ crypto/openssl/crypto/rsa/rsa.h (working copy) -@@ -479,6 +479,7 @@ void ERR_load_RSA_strings(void); - #define RSA_R_OAEP_DECODING_ERROR 121 - #define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142 - #define RSA_R_PADDING_CHECK_FAILED 114 -+#define RSA_R_PKCS_DECODING_ERROR 159 - #define RSA_R_P_NOT_PRIME 128 - #define RSA_R_Q_NOT_PRIME 129 - #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 -Index: crypto/openssl/crypto/rsa/rsa_eay.c -=================================================================== ---- crypto/openssl/crypto/rsa/rsa_eay.c (revision 279126) -+++ crypto/openssl/crypto/rsa/rsa_eay.c (working copy) -@@ -457,7 +457,7 @@ static int RSA_eay_private_encrypt(int flen, const - if (padding == RSA_X931_PADDING) - { - BN_sub(f, rsa->n, ret); -- if (BN_cmp(ret, f)) -+ if (BN_cmp(ret, f) > 0) - res = f; - else - res = ret; -Index: crypto/openssl/crypto/rsa/rsa_err.c -=================================================================== ---- crypto/openssl/crypto/rsa/rsa_err.c (revision 279126) -+++ crypto/openssl/crypto/rsa/rsa_err.c (working copy) -@@ -151,6 +151,7 @@ static ERR_STRING_DATA RSA_str_reasons[]= - {ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"}, - {ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"}, - {ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, -+{ERR_REASON(RSA_R_PKCS_DECODING_ERROR) ,"pkcs decoding error"}, - {ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, - {ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"}, - {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"}, -Index: crypto/openssl/crypto/rsa/rsa_oaep.c -=================================================================== ---- crypto/openssl/crypto/rsa/rsa_oaep.c (revision 279126) -+++ crypto/openssl/crypto/rsa/rsa_oaep.c (working copy) -@@ -18,6 +18,7 @@ - * an equivalent notion. - */ - -+#include "constant_time_locl.h" - - #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) - #include <stdio.h> -@@ -92,51 +93,62 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to - const unsigned char *from, int flen, int num, - const unsigned char *param, int plen) - { -- int i, dblen, mlen = -1; -- const unsigned char *maskeddb; -- int lzero; -- unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; -- unsigned char *padded_from; -- int bad = 0; -+ int i, dblen, mlen = -1, one_index = 0, msg_index; -+ unsigned int good, found_one_byte; -+ const unsigned char *maskedseed, *maskeddb; -+ /* |em| is the encoded message, zero-padded to exactly |num| bytes: -+ * em = Y || maskedSeed || maskedDB */ -+ unsigned char *db = NULL, *em = NULL, seed[EVP_MAX_MD_SIZE], -+ phash[EVP_MAX_MD_SIZE]; - -- if (--num < 2 * SHA_DIGEST_LENGTH + 1) -- /* 'num' is the length of the modulus, i.e. does not depend on the -- * particular ciphertext. */ -+ if (tlen <= 0 || flen <= 0) -+ return -1; -+ -+ /* -+ * |num| is the length of the modulus; |flen| is the length of the -+ * encoded message. Therefore, for any |from| that was obtained by -+ * decrypting a ciphertext, we must have |flen| <= |num|. Similarly, -+ * num < 2 * SHA_DIGEST_LENGTH + 2 must hold for the modulus -+ * irrespective of the ciphertext, see PKCS #1 v2.2, section 7.1.2. -+ * This does not leak any side-channel information. -+ */ -+ if (num < flen || num < 2 * SHA_DIGEST_LENGTH + 2) - goto decoding_err; - -- lzero = num - flen; -- if (lzero < 0) -+ dblen = num - SHA_DIGEST_LENGTH - 1; -+ db = OPENSSL_malloc(dblen); -+ em = OPENSSL_malloc(num); -+ if (db == NULL || em == NULL) - { -- /* signalling this error immediately after detection might allow -- * for side-channel attacks (e.g. timing if 'plen' is huge -- * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal -- * Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001), -- * so we use a 'bad' flag */ -- bad = 1; -- lzero = 0; -- flen = num; /* don't overflow the memcpy to padded_from */ -- } -- -- dblen = num - SHA_DIGEST_LENGTH; -- db = OPENSSL_malloc(dblen + num); -- if (db == NULL) -- { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); -- return -1; -+ goto cleanup; - } - -- /* Always do this zero-padding copy (even when lzero == 0) -- * to avoid leaking timing info about the value of lzero. */ -- padded_from = db + dblen; -- memset(padded_from, 0, lzero); -- memcpy(padded_from + lzero, from, flen); -+ /* -+ * Always do this zero-padding copy (even when num == flen) to avoid -+ * leaking that information. The copy still leaks some side-channel -+ * information, but it's impossible to have a fixed memory access -+ * pattern since we can't read out of the bounds of |from|. -+ * -+ * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. -+ */ -+ memset(em, 0, num); -+ memcpy(em + num - flen, from, flen); - -- maskeddb = padded_from + SHA_DIGEST_LENGTH; -+ /* -+ * The first byte must be zero, however we must not leak if this is -+ * true. See James H. Manger, "A Chosen Ciphertext Attack on RSA -+ * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001). -+ */ -+ good = constant_time_is_zero(em[0]); - -+ maskedseed = em + 1; -+ maskeddb = em + 1 + SHA_DIGEST_LENGTH; -+ - MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); - for (i = 0; i < SHA_DIGEST_LENGTH; i++) -- seed[i] ^= padded_from[i]; -- -+ seed[i] ^= maskedseed[i]; -+ - MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); - for (i = 0; i < dblen; i++) - db[i] ^= maskeddb[i]; -@@ -143,38 +155,52 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to - - EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL); - -- if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) -+ good &= constant_time_is_zero(CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH)); -+ -+ found_one_byte = 0; -+ for (i = SHA_DIGEST_LENGTH; i < dblen; i++) -+ { -+ /* Padding consists of a number of 0-bytes, followed by a 1. */ -+ unsigned int equals1 = constant_time_eq(db[i], 1); -+ unsigned int equals0 = constant_time_is_zero(db[i]); -+ one_index = constant_time_select_int(~found_one_byte & equals1, -+ i, one_index); -+ found_one_byte |= equals1; -+ good &= (found_one_byte | equals0); -+ } -+ -+ good &= found_one_byte; -+ -+ /* -+ * At this point |good| is zero unless the plaintext was valid, -+ * so plaintext-awareness ensures timing side-channels are no longer a -+ * concern. -+ */ -+ if (!good) - goto decoding_err; -+ -+ msg_index = one_index + 1; -+ mlen = dblen - msg_index; -+ -+ if (tlen < mlen) -+ { -+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); -+ mlen = -1; -+ } - else - { -- for (i = SHA_DIGEST_LENGTH; i < dblen; i++) -- if (db[i] != 0x00) -- break; -- if (i == dblen || db[i] != 0x01) -- goto decoding_err; -- else -- { -- /* everything looks OK */ -- -- mlen = dblen - ++i; -- if (tlen < mlen) -- { -- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); -- mlen = -1; -- } -- else -- memcpy(to, db + i, mlen); -- } -+ memcpy(to, db + msg_index, mlen); -+ goto cleanup; - } -- OPENSSL_free(db); -- return mlen; - - decoding_err: -- /* to avoid chosen ciphertext attacks, the error message should not reveal -- * which kind of decoding error happened */ -+ /* To avoid chosen ciphertext attacks, the error message should not reveal -+ * which kind of decoding error happened. */ - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); -+cleanup: - if (db != NULL) OPENSSL_free(db); -- return -1; -+ if (em != NULL) OPENSSL_free(em); -+ return mlen; - } - - int PKCS1_MGF1(unsigned char *mask, long len, -Index: crypto/openssl/crypto/rsa/rsa_pk1.c -=================================================================== ---- crypto/openssl/crypto/rsa/rsa_pk1.c (revision 279126) -+++ crypto/openssl/crypto/rsa/rsa_pk1.c (working copy) -@@ -56,6 +56,8 @@ - * [including the GNU Public Licence.] - */ - -+#include "constant_time_locl.h" -+ - #include <stdio.h> - #include "cryptlib.h" - #include <openssl/bn.h> -@@ -181,44 +183,87 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to - int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, - const unsigned char *from, int flen, int num) - { -- int i,j; -- const unsigned char *p; -+ int i; -+ /* |em| is the encoded message, zero-padded to exactly |num| bytes */ -+ unsigned char *em = NULL; -+ unsigned int good, found_zero_byte; -+ int zero_index = 0, msg_index, mlen = -1; - -- p=from; -- if ((num != (flen+1)) || (*(p++) != 02)) -+ if (tlen < 0 || flen < 0) -+ return -1; -+ -+ /* PKCS#1 v1.5 decryption. See "PKCS #1 v2.2: RSA Cryptography -+ * Standard", section 7.2.2. */ -+ -+ if (flen > num) -+ goto err; -+ -+ if (num < 11) -+ goto err; -+ -+ em = OPENSSL_malloc(num); -+ if (em == NULL) - { -- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02); -- return(-1); -+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); -+ return -1; - } --#ifdef PKCS1_CHECK -- return(num-11); --#endif -+ memset(em, 0, num); -+ /* -+ * Always do this zero-padding copy (even when num == flen) to avoid -+ * leaking that information. The copy still leaks some side-channel -+ * information, but it's impossible to have a fixed memory access -+ * pattern since we can't read out of the bounds of |from|. -+ * -+ * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. -+ */ -+ memcpy(em + num - flen, from, flen); - -- /* scan over padding data */ -- j=flen-1; /* one for type. */ -- for (i=0; i<j; i++) -- if (*(p++) == 0) break; -+ good = constant_time_is_zero(em[0]); -+ good &= constant_time_eq(em[1], 2); - -- if (i == j) -+ found_zero_byte = 0; -+ for (i = 2; i < num; i++) - { -- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_NULL_BEFORE_BLOCK_MISSING); -- return(-1); -+ unsigned int equals0 = constant_time_is_zero(em[i]); -+ zero_index = constant_time_select_int(~found_zero_byte & equals0, i, zero_index); -+ found_zero_byte |= equals0; - } - -- if (i < 8) -+ /* -+ * PS must be at least 8 bytes long, and it starts two bytes into |em|. -+ * If we never found a 0-byte, then |zero_index| is 0 and the check -+ * also fails. -+ */ -+ good &= constant_time_ge((unsigned int)(zero_index), 2 + 8); -+ -+ /* Skip the zero byte. This is incorrect if we never found a zero-byte -+ * but in this case we also do not copy the message out. */ -+ msg_index = zero_index + 1; -+ mlen = num - msg_index; -+ -+ /* For good measure, do this check in constant time as well; it could -+ * leak something if |tlen| was assuming valid padding. */ -+ good &= constant_time_ge((unsigned int)(tlen), (unsigned int)(mlen)); -+ -+ /* -+ * We can't continue in constant-time because we need to copy the result -+ * and we cannot fake its length. This unavoidably leaks timing -+ * information at the API boundary. -+ * TODO(emilia): this could be addressed at the call site, -+ * see BoringSSL commit 0aa0767340baf925bda4804882aab0cb974b2d26. -+ */ -+ if (!good) - { -- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BAD_PAD_BYTE_COUNT); -- return(-1); -+ mlen = -1; -+ goto err; - } -- i++; /* Skip over the '\0' */ -- j-=i; -- if (j > tlen) -- { -- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE); -- return(-1); -- } -- memcpy(to,p,(unsigned int)j); - -- return(j); -+ memcpy(to, em + msg_index, mlen); -+ -+err: -+ if (em != NULL) -+ OPENSSL_free(em); -+ if (mlen == -1) -+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR); -+ return mlen; - } -- -Index: crypto/openssl/crypto/rsa/rsa_sign.c -=================================================================== ---- crypto/openssl/crypto/rsa/rsa_sign.c (revision 279126) -+++ crypto/openssl/crypto/rsa/rsa_sign.c (working copy) -@@ -155,6 +155,25 @@ int RSA_sign(int type, const unsigned char *m, uns - return(ret); - } - -+/* -+ * Check DigestInfo structure does not contain extraneous data by reencoding -+ * using DER and checking encoding against original. -+ */ -+static int rsa_check_digestinfo(X509_SIG *sig, const unsigned char *dinfo, int dinfolen) -+ { -+ unsigned char *der = NULL; -+ int derlen; -+ int ret = 0; -+ derlen = i2d_X509_SIG(sig, &der); -+ if (derlen <= 0) -+ return 0; -+ if (derlen == dinfolen && !memcmp(dinfo, der, derlen)) -+ ret = 1; -+ OPENSSL_cleanse(der, derlen); -+ OPENSSL_free(der); -+ return ret; -+ } -+ - int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa) - { -@@ -215,7 +234,7 @@ int RSA_verify(int dtype, const unsigned char *m, - if (sig == NULL) goto err; - - /* Excess data can be used to create forgeries */ -- if(p != s+i) -+ if(p != s+i || !rsa_check_digestinfo(sig, s, i)) - { - RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); - goto err; -Index: crypto/openssl/crypto/ui/ui_lib.c -=================================================================== ---- crypto/openssl/crypto/ui/ui_lib.c (revision 279126) -+++ crypto/openssl/crypto/ui/ui_lib.c (working copy) -@@ -897,9 +897,9 @@ int UI_set_result(UI *ui, UI_STRING *uis, const ch - break; - } - } -+ } - default: - break; - } -- } - return 0; - } -Index: crypto/openssl/demos/eay/Makefile -=================================================================== ---- crypto/openssl/demos/eay/Makefile (revision 279126) -+++ crypto/openssl/demos/eay/Makefile (working copy) -@@ -1,24 +0,0 @@ --CC=cc --CFLAGS= -g -I../../include --#LIBS= -L../.. -lcrypto -lssl --LIBS= -L../.. ../../libssl.a ../../libcrypto.a -- --# the file conn.c requires a file "proxy.h" which I couldn't find... --#EXAMPLES=base64 conn loadrsa --EXAMPLES=base64 loadrsa -- --all: $(EXAMPLES) -- --base64: base64.o -- $(CC) -o base64 base64.o $(LIBS) --# --# sorry... can't find "proxy.h" --#conn: conn.o --# $(CC) -o conn conn.o $(LIBS) -- --loadrsa: loadrsa.o -- $(CC) -o loadrsa loadrsa.o $(LIBS) -- --clean: -- rm -f $(EXAMPLES) *.o -- -Index: crypto/openssl/demos/eay/base64.c -=================================================================== ---- crypto/openssl/demos/eay/base64.c (revision 279126) -+++ crypto/openssl/demos/eay/base64.c (working copy) -@@ -1,49 +0,0 @@ --/* This is a simple example of using the base64 BIO to a memory BIO and then -- * getting the data. -- */ --#include <stdio.h> --#include <openssl/bio.h> --#include <openssl/evp.h> -- --main() -- { -- int i; -- BIO *mbio,*b64bio,*bio; -- char buf[512]; -- char *p; -- -- mbio=BIO_new(BIO_s_mem()); -- b64bio=BIO_new(BIO_f_base64()); -- -- bio=BIO_push(b64bio,mbio); -- /* We now have bio pointing at b64->mem, the base64 bio encodes on -- * write and decodes on read */ -- -- for (;;) -- { -- i=fread(buf,1,512,stdin); -- if (i <= 0) break; -- BIO_write(bio,buf,i); -- } -- /* We need to 'flush' things to push out the encoding of the -- * last few bytes. There is special encoding if it is not a -- * multiple of 3 -- */ -- BIO_flush(bio); -- -- printf("We have %d bytes available\n",BIO_pending(mbio)); -- -- /* We will now get a pointer to the data and the number of elements. */ -- /* hmm... this one was not defined by a macro in bio.h, it will be for -- * 0.9.1. The other option is too just read from the memory bio. -- */ -- i=(int)BIO_ctrl(mbio,BIO_CTRL_INFO,0,(char *)&p); -- -- printf("%d\n",i); -- fwrite("---\n",1,4,stdout); -- fwrite(p,1,i,stdout); -- fwrite("---\n",1,4,stdout); -- -- /* This call will walk the chain freeing all the BIOs */ -- BIO_free_all(bio); -- } -Index: crypto/openssl/demos/eay/conn.c -=================================================================== ---- crypto/openssl/demos/eay/conn.c (revision 279126) -+++ crypto/openssl/demos/eay/conn.c (working copy) -@@ -1,105 +0,0 @@ --/* NOCW */ --/* demos/eay/conn.c */ -- --/* A minimal program to connect to a port using the sock4a protocol. -- * -- * cc -I../../include conn.c -L../.. -lcrypto -- */ --#include <stdio.h> --#include <stdlib.h> --#include <openssl/err.h> --#include <openssl/bio.h> --/* #include "proxy.h" */ -- --extern int errno; -- --int main(argc,argv) --int argc; --char *argv[]; -- { -- PROXY *pxy; -- char *host; -- char buf[1024*10],*p; -- BIO *bio; -- int i,len,off,ret=1; -- -- if (argc <= 1) -- host="localhost:4433"; -- else -- host=argv[1]; -- -- /* Lets get nice error messages */ -- ERR_load_crypto_strings(); -- -- /* First, configure proxy settings */ -- pxy=PROXY_new(); -- PROXY_add_server(pxy,PROXY_PROTOCOL_SOCKS,"gromit:1080"); -- -- bio=BIO_new(BIO_s_socks4a_connect()); -- -- BIO_set_conn_hostname(bio,host); -- BIO_set_proxies(bio,pxy); -- BIO_set_socks_userid(bio,"eay"); -- BIO_set_nbio(bio,1); -- -- p="GET / HTTP/1.0\r\n\r\n"; -- len=strlen(p); -- -- off=0; -- for (;;) -- { -- i=BIO_write(bio,&(p[off]),len); -- if (i <= 0) -- { -- if (BIO_should_retry(bio)) -- { -- fprintf(stderr,"write DELAY\n"); -- sleep(1); -- continue; -- } -- else -- { -- goto err; -- } -- } -- off+=i; -- len-=i; -- if (len <= 0) break; -- } -- -- for (;;) -- { -- i=BIO_read(bio,buf,sizeof(buf)); -- if (i == 0) break; -- if (i < 0) -- { -- if (BIO_should_retry(bio)) -- { -- fprintf(stderr,"read DELAY\n"); -- sleep(1); -- continue; -- } -- goto err; -- } -- fwrite(buf,1,i,stdout); -- } -- -- ret=1; -- -- if (0) -- { --err: -- if (ERR_peek_error() == 0) /* system call error */ -- { -- fprintf(stderr,"errno=%d ",errno); -- perror("error"); -- } -- else -- ERR_print_errors_fp(stderr); -- } -- BIO_free_all(bio); -- if (pxy != NULL) PROXY_free(pxy); -- exit(!ret); -- return(ret); -- } -- -Index: crypto/openssl/demos/eay/loadrsa.c -=================================================================== ---- crypto/openssl/demos/eay/loadrsa.c (revision 279126) -+++ crypto/openssl/demos/eay/loadrsa.c (working copy) -@@ -1,53 +0,0 @@ --#include <stdio.h> --#include <openssl/rsa.h> -- --/* This is a simple program to generate an RSA private key. It then -- * saves both the public and private key into a char array, then -- * re-reads them. It saves them as DER encoded binary data. -- */ -- --void callback(stage,count,arg) --int stage,count; --char *arg; -- { -- FILE *out; -- -- out=(FILE *)arg; -- fprintf(out,"%d",stage); -- if (stage == 3) -- fprintf(out,"\n"); -- fflush(out); -- } -- --main() -- { -- RSA *rsa,*pub_rsa,*priv_rsa; -- int len; -- unsigned char buf[1024],*p; -- -- rsa=RSA_generate_key(512,RSA_F4,callback,(char *)stdout); -- -- p=buf; -- -- /* Save the public key into buffer, we know it will be big enough -- * but we should really check how much space we need by calling the -- * i2d functions with a NULL second parameter */ -- len=i2d_RSAPublicKey(rsa,&p); -- len+=i2d_RSAPrivateKey(rsa,&p); -- -- printf("The public and private key are now both in a char array\n"); -- printf("and are taking up %d bytes\n",len); -- -- RSA_free(rsa); -- -- p=buf; -- pub_rsa=d2i_RSAPublicKey(NULL,&p,(long)len); -- len-=(p-buf); -- priv_rsa=d2i_RSAPrivateKey(NULL,&p,(long)len); -- -- if ((pub_rsa == NULL) || (priv_rsa == NULL)) -- ERR_print_errors_fp(stderr); -- -- RSA_free(pub_rsa); -- RSA_free(priv_rsa); -- } -Index: crypto/openssl/demos/maurice/Makefile -=================================================================== ---- crypto/openssl/demos/maurice/Makefile (revision 279126) -+++ crypto/openssl/demos/maurice/Makefile (working copy) -@@ -1,59 +0,0 @@ --CC=cc --CFLAGS= -g -I../../include -Wall --LIBS= -L../.. -lcrypto --EXAMPLES=example1 example2 example3 example4 -- --all: $(EXAMPLES) -- --example1: example1.o loadkeys.o -- $(CC) -o example1 example1.o loadkeys.o $(LIBS) -- --example2: example2.o loadkeys.o -- $(CC) -o example2 example2.o loadkeys.o $(LIBS) -- --example3: example3.o -- $(CC) -o example3 example3.o $(LIBS) -- --example4: example4.o -- $(CC) -o example4 example4.o $(LIBS) -- --clean: -- rm -f $(EXAMPLES) *.o -- --test: all -- @echo -- @echo Example 1 Demonstrates the sealing and opening APIs -- @echo Doing the encrypt side... -- ./example1 <README >t.t -- @echo Doing the decrypt side... -- ./example1 -d <t.t >t.2 -- diff t.2 README -- rm -f t.t t.2 -- @echo example1 is OK -- -- @echo -- @echo Example2 Demonstrates rsa encryption and decryption -- @echo and it should just print \"This the clear text\" -- ./example2 -- -- @echo -- @echo Example3 Demonstrates the use of symmetric block ciphers -- @echo in this case it uses EVP_des_ede3_cbc -- @echo i.e. triple DES in Cipher Block Chaining mode -- @echo Doing the encrypt side... -- ./example3 ThisIsThePassword <README >t.t -- @echo Doing the decrypt side... -- ./example3 -d ThisIsThePassword <t.t >t.2 -- diff t.2 README -- rm -f t.t t.2 -- @echo example3 is OK -- -- @echo -- @echo Example4 Demonstrates base64 encoding and decoding -- @echo Doing the encrypt side... -- ./example4 <README >t.t -- @echo Doing the decrypt side... -- ./example4 -d <t.t >t.2 -- diff t.2 README -- rm -f t.t t.2 -- @echo example4 is OK -Index: crypto/openssl/demos/maurice/README -=================================================================== ---- crypto/openssl/demos/maurice/README (revision 279126) -+++ crypto/openssl/demos/maurice/README (working copy) -@@ -1,34 +0,0 @@ --From Maurice Gittens <mgittens@gits.nl> ---- -- Example programs, demonstrating some basic SSLeay crypto library -- operations, to help you not to make the same mistakes I did. -- -- The following files are present. -- - loadkeys.c Demonstrates the loading and of public and -- private keys. -- - loadkeys.h The interface for loadkeys.c -- - example1.c Demonstrates the sealing and opening API's -- - example2.c Demonstrates rsa encryption and decryption -- - example3.c Demonstrates the use of symmetric block ciphers -- - example4.c Demonstrates base64 and decoding -- - Makefile A makefile you probably will have to adjust for -- your environment -- - README this file -- -- -- The programs were written by Maurice Gittens <mgittens@gits.nl> -- with the necesary help from Eric Young <eay@cryptsoft.com> -- -- You may do as you please with these programs, but please don't -- pretend that you wrote them. -- -- To be complete: If you use these programs you acknowlegde that -- you are aware that there is NO warranty of any kind associated -- with these programs. I don't even claim that the programs work, -- they are provided AS-IS. -- -- January 1997 -- -- Maurice -- -- -Index: crypto/openssl/demos/maurice/cert.pem -=================================================================== ---- crypto/openssl/demos/maurice/cert.pem (revision 279126) -+++ crypto/openssl/demos/maurice/cert.pem (working copy) -@@ -1,77 +0,0 @@ --issuer :/C=NL/SP=Brabant/L=Eindhoven/O=Gittens Information Systems B.V./OU=Certification Services/CN=ca.gits.nl/Email=mgittens@gits.nl --subject:/C=NL/SP=Brabant/O=Gittens Information Systems B.V./OU=Certification Services/CN=caleb.gits.nl/Email=mgittens@gits.nl --serial :01 -- --Certificate: -- Data: -- Version: 0 (0x0) -- Serial Number: 1 (0x1) -- Signature Algorithm: md5withRSAEncryption -- Issuer: C=NL, SP=Brabant, L=Eindhoven, O=Gittens Information Systems B.V., OU=Certification Services, CN=ca.gits.nl/Email=mgittens@gits.nl -- Validity -- Not Before: Jan 5 13:21:16 1997 GMT -- Not After : Jul 24 13:21:16 1997 GMT -- Subject: C=NL, SP=Brabant, O=Gittens Information Systems B.V., OU=Certification Services, CN=caleb.gits.nl/Email=mgittens@gits.nl -- Subject Public Key Info: -- Public Key Algorithm: rsaEncryption -- Modulus: -- 00:dd:82:a0:fe:a9:8d:6a:02:7e:78:d6:33:75:9b: -- 82:01:4b:12:80:ea:6b:9b:83:9e:e3:ae:dc:f3:d0: -- 71:7c:4b:ea:03:57:b4:cc:ba:44:5b:b8:4b:49:d3: -- f6:39:cc:3d:12:1f:da:58:26:27:bc:bc:ab:a4:6d: -- 62:d1:91:5a:47:9f:80:40:c1:b9:fa:e3:1e:ef:52: -- 78:46:26:43:65:1d:f2:6b:bf:ff:c0:81:66:14:cd: -- 81:32:91:f1:f8:51:7d:0e:17:1f:27:fc:c7:51:fd: -- 1c:73:41:e5:66:43:3c:67:a3:09:b9:5e:36:50:50: -- b1:e8:42:bd:5c:c6:2b:ec:a9:2c:fe:6a:fe:40:26: -- 64:9e:b9:bf:2d:1d:fb:d0:48:5b:82:2a:8e:ab:a4: -- d5:7b:5f:26:84:8a:9a:69:5e:c1:71:e2:a9:59:4c: -- 2a:76:f7:fd:f4:cf:3f:d3:ce:30:72:62:65:1c:e9: -- e9:ee:d2:fc:44:00:1e:e0:80:57:e9:41:b3:f0:44: -- e5:0f:77:3b:1a:1f:57:5e:94:1d:c3:a5:fa:af:41: -- 8c:4c:30:6b:2b:00:84:52:0c:64:0c:a8:5b:17:16: -- d1:1e:f8:ea:72:01:47:9a:b9:21:95:f9:71:ed:7c: -- d2:93:54:0c:c5:9c:e8:e5:40:28:c5:a0:ca:b1:a9: -- 20:f9 -- Exponent: 65537 (0x10001) -- Signature Algorithm: md5withRSAEncryption -- 93:08:f9:e0:d4:c5:ca:95:de:4e:38:3b:28:87:e9:d3:b6:ce: -- 4f:69:2e:c9:09:57:2f:fa:e2:50:9f:39:ec:f3:84:e8:3a:8f: -- 9b:c3:06:62:90:49:93:6d:23:7a:2b:3d:7b:f9:46:32:18:d3: -- 87:44:49:f7:29:2f:f3:58:97:70:c3:45:5b:90:52:1c:df:fb: -- a8:a3:a1:29:53:a3:4c:ed:d2:51:d0:44:98:a4:14:6f:76:9d: -- 0d:03:76:e5:d3:13:21:ce:a3:4d:2a:77:fe:ad:b3:47:6d:42: -- b9:4a:0e:ff:61:f4:ec:62:b2:3b:00:9c:ac:16:a2:ec:19:c8: -- c7:3d:d7:7d:97:cd:4d:1a:d2:00:07:4e:40:3d:b9:ba:1e:e2: -- fe:81:28:57:b9:ad:2b:74:59:b0:9f:8b:a5:98:d3:75:06:67: -- 4a:04:11:b2:ea:1a:8c:e0:d4:be:c8:0c:46:76:7f:5f:5a:7b: -- 72:09:dd:b6:d3:6b:97:70:e8:7e:17:74:1c:f7:3a:5f:e3:fa: -- c2:f7:95:bd:74:5e:44:4b:9b:bd:27:de:02:7f:87:1f:68:68: -- 60:b9:f4:1d:2b:7b:ce:ef:b1:7f:3a:be:b9:66:60:54:6f:0c: -- a0:dd:8c:03:a7:f1:9f:f8:0e:8d:bb:c6:ba:77:61:f7:8e:be: -- 28:ba:d8:4f -- -------BEGIN CERTIFICATE----- --MIIDzzCCArcCAQEwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAk5MMRAwDgYD --VQQIEwdCcmFiYW50MRIwEAYDVQQHEwlFaW5kaG92ZW4xKTAnBgNVBAoTIEdpdHRl --bnMgSW5mb3JtYXRpb24gU3lzdGVtcyBCLlYuMR8wHQYDVQQLExZDZXJ0aWZpY2F0 --aW9uIFNlcnZpY2VzMRMwEQYDVQQDEwpjYS5naXRzLm5sMR8wHQYJKoZIhvcNAQkB --FhBtZ2l0dGVuc0BnaXRzLm5sMB4XDTk3MDEwNTEzMjExNloXDTk3MDcyNDEzMjEx --NlowgaQxCzAJBgNVBAYTAk5MMRAwDgYDVQQIEwdCcmFiYW50MSkwJwYDVQQKEyBH --aXR0ZW5zIEluZm9ybWF0aW9uIFN5c3RlbXMgQi5WLjEfMB0GA1UECxMWQ2VydGlm --aWNhdGlvbiBTZXJ2aWNlczEWMBQGA1UEAxMNY2FsZWIuZ2l0cy5ubDEfMB0GCSqG --SIb3DQEJARYQbWdpdHRlbnNAZ2l0cy5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEP --ADCCAQoCggEBAN2CoP6pjWoCfnjWM3WbggFLEoDqa5uDnuOu3PPQcXxL6gNXtMy6 --RFu4S0nT9jnMPRIf2lgmJ7y8q6RtYtGRWkefgEDBufrjHu9SeEYmQ2Ud8mu//8CB --ZhTNgTKR8fhRfQ4XHyf8x1H9HHNB5WZDPGejCbleNlBQsehCvVzGK+ypLP5q/kAm --ZJ65vy0d+9BIW4Iqjquk1XtfJoSKmmlewXHiqVlMKnb3/fTPP9POMHJiZRzp6e7S --/EQAHuCAV+lBs/BE5Q93OxofV16UHcOl+q9BjEwwaysAhFIMZAyoWxcW0R746nIB --R5q5IZX5ce180pNUDMWc6OVAKMWgyrGpIPkCAwEAATANBgkqhkiG9w0BAQQFAAOC --AQEAkwj54NTFypXeTjg7KIfp07bOT2kuyQlXL/riUJ857POE6DqPm8MGYpBJk20j --eis9e/lGMhjTh0RJ9ykv81iXcMNFW5BSHN/7qKOhKVOjTO3SUdBEmKQUb3adDQN2 --5dMTIc6jTSp3/q2zR21CuUoO/2H07GKyOwCcrBai7BnIxz3XfZfNTRrSAAdOQD25 --uh7i/oEoV7mtK3RZsJ+LpZjTdQZnSgQRsuoajODUvsgMRnZ/X1p7cgndttNrl3Do --fhd0HPc6X+P6wveVvXReREubvSfeAn+HH2hoYLn0HSt7zu+xfzq+uWZgVG8MoN2M --A6fxn/gOjbvGundh946+KLrYTw== -------END CERTIFICATE----- -- -Index: crypto/openssl/demos/maurice/example1.c -=================================================================== ---- crypto/openssl/demos/maurice/example1.c (revision 279126) -+++ crypto/openssl/demos/maurice/example1.c (working copy) -@@ -1,198 +0,0 @@ --/* NOCW */ --/* -- Please read the README file for condition of use, before -- using this software. -- -- Maurice Gittens <mgittens@gits.nl> January 1997 --*/ -- --#include <unistd.h> --#include <stdio.h> --#include <netinet/in.h> --#include <fcntl.h> --#include <strings.h> --#include <stdlib.h> -- --#include <openssl/rsa.h> --#include <openssl/evp.h> --#include <openssl/objects.h> --#include <openssl/x509.h> --#include <openssl/err.h> --#include <openssl/pem.h> --#include <openssl/ssl.h> -- --#include "loadkeys.h" -- --#define PUBFILE "cert.pem" --#define PRIVFILE "privkey.pem" -- --#define STDIN 0 --#define STDOUT 1 -- --void main_encrypt(void); --void main_decrypt(void); -- --static const char *usage = "Usage: example1 [-d]\n"; -- --int main(int argc, char *argv[]) --{ -- -- ERR_load_crypto_strings(); -- -- if ((argc == 1)) -- { -- main_encrypt(); -- } -- else if ((argc == 2) && !strcmp(argv[1],"-d")) -- { -- main_decrypt(); -- } -- else -- { -- printf("%s",usage); -- exit(1); -- } -- -- return 0; --} -- --void main_encrypt(void) --{ -- unsigned int ebuflen; -- EVP_CIPHER_CTX ectx; -- unsigned char iv[EVP_MAX_IV_LENGTH]; -- unsigned char *ekey[1]; -- int readlen; -- int ekeylen, net_ekeylen; -- EVP_PKEY *pubKey[1]; -- char buf[512]; -- char ebuf[512]; -- -- memset(iv, '\0', sizeof(iv)); -- -- pubKey[0] = ReadPublicKey(PUBFILE); -- -- if(!pubKey[0]) -- { -- fprintf(stderr,"Error: can't load public key"); -- exit(1); -- } -- -- ekey[0] = malloc(EVP_PKEY_size(pubKey[0])); -- if (!ekey[0]) -- { -- EVP_PKEY_free(pubKey[0]); -- perror("malloc"); -- exit(1); -- } -- -- EVP_SealInit(&ectx, -- EVP_des_ede3_cbc(), -- ekey, -- &ekeylen, -- iv, -- pubKey, -- 1); -- -- net_ekeylen = htonl(ekeylen); -- write(STDOUT, (char*)&net_ekeylen, sizeof(net_ekeylen)); -- write(STDOUT, ekey[0], ekeylen); -- write(STDOUT, iv, sizeof(iv)); -- -- while(1) -- { -- readlen = read(STDIN, buf, sizeof(buf)); -- -- if (readlen <= 0) -- { -- if (readlen < 0) -- perror("read"); -- -- break; -- } -- -- EVP_SealUpdate(&ectx, ebuf, &ebuflen, buf, readlen); -- -- write(STDOUT, ebuf, ebuflen); -- } -- -- EVP_SealFinal(&ectx, ebuf, &ebuflen); -- -- write(STDOUT, ebuf, ebuflen); -- -- EVP_PKEY_free(pubKey[0]); -- free(ekey[0]); --} -- --void main_decrypt(void) --{ -- char buf[520]; -- char ebuf[512]; -- unsigned int buflen; -- EVP_CIPHER_CTX ectx; -- unsigned char iv[EVP_MAX_IV_LENGTH]; -- unsigned char *encryptKey; -- unsigned int ekeylen; -- EVP_PKEY *privateKey; -- -- memset(iv, '\0', sizeof(iv)); -- -- privateKey = ReadPrivateKey(PRIVFILE); -- if (!privateKey) -- { -- fprintf(stderr, "Error: can't load private key"); -- exit(1); -- } -- -- read(STDIN, &ekeylen, sizeof(ekeylen)); -- ekeylen = ntohl(ekeylen); -- -- if (ekeylen != EVP_PKEY_size(privateKey)) -- { -- EVP_PKEY_free(privateKey); -- fprintf(stderr, "keylength mismatch"); -- exit(1); -- } -- -- encryptKey = malloc(sizeof(char) * ekeylen); -- if (!encryptKey) -- { -- EVP_PKEY_free(privateKey); -- perror("malloc"); -- exit(1); -- } -- -- read(STDIN, encryptKey, ekeylen); -- read(STDIN, iv, sizeof(iv)); -- EVP_OpenInit(&ectx, -- EVP_des_ede3_cbc(), -- encryptKey, -- ekeylen, -- iv, -- privateKey); -- -- while(1) -- { -- int readlen = read(STDIN, ebuf, sizeof(ebuf)); -- -- if (readlen <= 0) -- { -- if (readlen < 0) -- perror("read"); -- -- break; -- } -- -- EVP_OpenUpdate(&ectx, buf, &buflen, ebuf, readlen); -- write(STDOUT, buf, buflen); -- } -- -- EVP_OpenFinal(&ectx, buf, &buflen); -- -- write(STDOUT, buf, buflen); -- -- EVP_PKEY_free(privateKey); -- free(encryptKey); --} -- -- -Index: crypto/openssl/demos/maurice/example2.c -=================================================================== ---- crypto/openssl/demos/maurice/example2.c (revision 279126) -+++ crypto/openssl/demos/maurice/example2.c (working copy) -@@ -1,75 +0,0 @@ --/* NOCW */ --/* -- Please read the README file for condition of use, before -- using this software. -- -- Maurice Gittens <mgittens@gits.nl> January 1997 --*/ -- --#include <stdlib.h> --#include <stdio.h> --#include <strings.h> -- --#include <openssl/rsa.h> --#include <openssl/evp.h> --#include <openssl/objects.h> --#include <openssl/x509.h> --#include <openssl/err.h> --#include <openssl/pem.h> --#include <openssl/ssl.h> -- --#include "loadkeys.h" -- --#define PUBFILE "cert.pem" --#define PRIVFILE "privkey.pem" --#define STDIN 0 --#define STDOUT 1 -- --int main() --{ -- char *ct = "This the clear text"; -- char *buf; -- char *buf2; -- EVP_PKEY *pubKey; -- EVP_PKEY *privKey; -- int len; -- -- ERR_load_crypto_strings(); -- -- privKey = ReadPrivateKey(PRIVFILE); -- if (!privKey) -- { -- ERR_print_errors_fp (stderr); -- exit (1); -- } -- -- pubKey = ReadPublicKey(PUBFILE); -- if(!pubKey) -- { -- EVP_PKEY_free(privKey); -- fprintf(stderr,"Error: can't load public key"); -- exit(1); -- } -- -- /* No error checking */ -- buf = malloc(EVP_PKEY_size(pubKey)); -- buf2 = malloc(EVP_PKEY_size(pubKey)); -- -- len = RSA_public_encrypt(strlen(ct)+1, ct, buf, pubKey->pkey.rsa,RSA_PKCS1_PADDING); -- -- if (len != EVP_PKEY_size(pubKey)) -- { -- fprintf(stderr,"Error: ciphertext should match length of key\n"); -- exit(1); -- } -- -- RSA_private_decrypt(len, buf, buf2, privKey->pkey.rsa,RSA_PKCS1_PADDING); -- -- printf("%s\n", buf2); -- -- EVP_PKEY_free(privKey); -- EVP_PKEY_free(pubKey); -- free(buf); -- free(buf2); -- return 0; --} -Index: crypto/openssl/demos/maurice/example3.c -=================================================================== ---- crypto/openssl/demos/maurice/example3.c (revision 279126) -+++ crypto/openssl/demos/maurice/example3.c (working copy) -@@ -1,87 +0,0 @@ --/* NOCW */ --/* -- Please read the README file for condition of use, before -- using this software. -- -- Maurice Gittens <mgittens@gits.nl> January 1997 -- --*/ -- --#include <stdio.h> --#include <unistd.h> --#include <fcntl.h> --#include <sys/stat.h> --#include <openssl/evp.h> -- --#define STDIN 0 --#define STDOUT 1 --#define BUFLEN 512 --#define INIT_VECTOR "12345678" --#define ENCRYPT 1 --#define DECRYPT 0 --#define ALG EVP_des_ede3_cbc() -- --static const char *usage = "Usage: example3 [-d] password\n"; -- --void do_cipher(char *,int); -- --int main(int argc, char *argv[]) --{ -- if ((argc == 2)) -- { -- do_cipher(argv[1],ENCRYPT); -- } -- else if ((argc == 3) && !strcmp(argv[1],"-d")) -- { -- do_cipher(argv[2],DECRYPT); -- } -- else -- { -- fprintf(stderr,"%s", usage); -- exit(1); -- } -- -- return 0; --} -- --void do_cipher(char *pw, int operation) --{ -- char buf[BUFLEN]; -- char ebuf[BUFLEN + 8]; -- unsigned int ebuflen; /* rc; */ -- unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH]; -- /* unsigned int ekeylen, net_ekeylen; */ -- EVP_CIPHER_CTX ectx; -- -- memcpy(iv, INIT_VECTOR, sizeof(iv)); -- -- EVP_BytesToKey(ALG, EVP_md5(), "salu", pw, strlen(pw), 1, key, iv); -- -- EVP_CIPHER_CTX_init(&ectx); -- EVP_CipherInit_ex(&ectx, ALG, NULL, key, iv, operation); -- -- while(1) -- { -- int readlen = read(STDIN, buf, sizeof(buf)); -- -- if (readlen <= 0) -- { -- if (!readlen) -- break; -- else -- { -- perror("read"); -- exit(1); -- } -- } -- -- EVP_CipherUpdate(&ectx, ebuf, &ebuflen, buf, readlen); -- -- write(STDOUT, ebuf, ebuflen); -- } -- -- EVP_CipherFinal_ex(&ectx, ebuf, &ebuflen); -- EVP_CIPHER_CTX_cleanup(&ectx); -- -- write(STDOUT, ebuf, ebuflen); --} -Index: crypto/openssl/demos/maurice/example4.c -=================================================================== ---- crypto/openssl/demos/maurice/example4.c (revision 279126) -+++ crypto/openssl/demos/maurice/example4.c (working copy) -@@ -1,123 +0,0 @@ --/* NOCW */ --/* -- Please read the README file for condition of use, before -- using this software. -- -- Maurice Gittens <mgittens@gits.nl> January 1997 -- --*/ -- --#include <stdio.h> --#include <unistd.h> --#include <fcntl.h> --#include <sys/stat.h> --#include <openssl/evp.h> -- --#define STDIN 0 --#define STDOUT 1 --#define BUFLEN 512 -- --static const char *usage = "Usage: example4 [-d]\n"; -- --void do_encode(void); --void do_decode(void); -- --int main(int argc, char *argv[]) --{ -- if ((argc == 1)) -- { -- do_encode(); -- } -- else if ((argc == 2) && !strcmp(argv[1],"-d")) -- { -- do_decode(); -- } -- else -- { -- fprintf(stderr,"%s", usage); -- exit(1); -- } -- -- return 0; --} -- --void do_encode() --{ -- char buf[BUFLEN]; -- char ebuf[BUFLEN+24]; -- unsigned int ebuflen; -- EVP_ENCODE_CTX ectx; -- -- EVP_EncodeInit(&ectx); -- -- while(1) -- { -- int readlen = read(STDIN, buf, sizeof(buf)); -- -- if (readlen <= 0) -- { -- if (!readlen) -- break; -- else -- { -- perror("read"); -- exit(1); -- } -- } -- -- EVP_EncodeUpdate(&ectx, ebuf, &ebuflen, buf, readlen); -- -- write(STDOUT, ebuf, ebuflen); -- } -- -- EVP_EncodeFinal(&ectx, ebuf, &ebuflen); -- -- write(STDOUT, ebuf, ebuflen); --} -- --void do_decode() --{ -- char buf[BUFLEN]; -- char ebuf[BUFLEN+24]; -- unsigned int ebuflen; -- EVP_ENCODE_CTX ectx; -- -- EVP_DecodeInit(&ectx); -- -- while(1) -- { -- int readlen = read(STDIN, buf, sizeof(buf)); -- int rc; -- -- if (readlen <= 0) -- { -- if (!readlen) -- break; -- else -- { -- perror("read"); -- exit(1); -- } -- } -- -- rc = EVP_DecodeUpdate(&ectx, ebuf, &ebuflen, buf, readlen); -- if (rc <= 0) -- { -- if (!rc) -- { -- write(STDOUT, ebuf, ebuflen); -- break; -- } -- -- fprintf(stderr, "Error: decoding message\n"); -- return; -- } -- -- write(STDOUT, ebuf, ebuflen); -- } -- -- EVP_DecodeFinal(&ectx, ebuf, &ebuflen); -- -- write(STDOUT, ebuf, ebuflen); --} -- -Index: crypto/openssl/demos/maurice/loadkeys.c -=================================================================== ---- crypto/openssl/demos/maurice/loadkeys.c (revision 279126) -+++ crypto/openssl/demos/maurice/loadkeys.c (working copy) -@@ -1,72 +0,0 @@ --/* NOCW */ --/* -- Please read the README file for condition of use, before -- using this software. -- -- Maurice Gittens <mgittens@gits.nl> January 1997 -- --*/ -- --#include <unistd.h> --#include <stdio.h> --#include <netinet/in.h> --#include <fcntl.h> --#include <strings.h> --#include <stdlib.h> -- --#include <openssl/rsa.h> --#include <openssl/evp.h> --#include <openssl/objects.h> --#include <openssl/x509.h> --#include <openssl/err.h> --#include <openssl/pem.h> --#include <openssl/ssl.h> -- --EVP_PKEY * ReadPublicKey(const char *certfile) --{ -- FILE *fp = fopen (certfile, "r"); -- X509 *x509; -- EVP_PKEY *pkey; -- -- if (!fp) -- return NULL; -- -- x509 = PEM_read_X509(fp, NULL, 0, NULL); -- -- if (x509 == NULL) -- { -- ERR_print_errors_fp (stderr); -- return NULL; -- } -- -- fclose (fp); -- -- pkey=X509_extract_key(x509); -- -- X509_free(x509); -- -- if (pkey == NULL) -- ERR_print_errors_fp (stderr); -- -- return pkey; --} -- --EVP_PKEY *ReadPrivateKey(const char *keyfile) --{ -- FILE *fp = fopen(keyfile, "r"); -- EVP_PKEY *pkey; -- -- if (!fp) -- return NULL; -- -- pkey = PEM_read_PrivateKey(fp, NULL, 0, NULL); -- -- fclose (fp); -- -- if (pkey == NULL) -- ERR_print_errors_fp (stderr); -- -- return pkey; --} -- -- -Index: crypto/openssl/demos/maurice/loadkeys.h -=================================================================== ---- crypto/openssl/demos/maurice/loadkeys.h (revision 279126) -+++ crypto/openssl/demos/maurice/loadkeys.h (working copy) -@@ -1,19 +0,0 @@ --/* NOCW */ --/* -- Please read the README file for condition of use, before -- using this software. -- -- Maurice Gittens <mgittens@gits.nl> January 1997 -- --*/ -- --#ifndef LOADKEYS_H_SEEN --#define LOADKEYS_H_SEEN -- --#include <openssl/evp.h> -- --EVP_PKEY * ReadPublicKey(const char *certfile); --EVP_PKEY *ReadPrivateKey(const char *keyfile); -- --#endif -- -Index: crypto/openssl/demos/maurice/privkey.pem -=================================================================== ---- crypto/openssl/demos/maurice/privkey.pem (revision 279126) -+++ crypto/openssl/demos/maurice/privkey.pem (working copy) -@@ -1,27 +0,0 @@ -------BEGIN RSA PRIVATE KEY----- --MIIEpAIBAAKCAQEA3YKg/qmNagJ+eNYzdZuCAUsSgOprm4Oe467c89BxfEvqA1e0 --zLpEW7hLSdP2Ocw9Eh/aWCYnvLyrpG1i0ZFaR5+AQMG5+uMe71J4RiZDZR3ya7// --wIFmFM2BMpHx+FF9DhcfJ/zHUf0cc0HlZkM8Z6MJuV42UFCx6EK9XMYr7Kks/mr+ --QCZknrm/LR370EhbgiqOq6TVe18mhIqaaV7BceKpWUwqdvf99M8/084wcmJlHOnp --7tL8RAAe4IBX6UGz8ETlD3c7Gh9XXpQdw6X6r0GMTDBrKwCEUgxkDKhbFxbRHvjq --cgFHmrkhlflx7XzSk1QMxZzo5UAoxaDKsakg+QIDAQABAoIBAQC0hnh083PnuJ6g --Flob+B+stCUhYWtPc6ZzgphaMD+9ABV4oescipWZdooNYiyikBwZgFIvUvFBtTXh --rLBDgUVlZ81beUb7/EvC2aBh818rsotWW0Sw/ARY4d7wetcL/EWBzUA8E5vR6wlb --uZGelR9OiyYqp2h2bj1/v5yaVnuHxBeBj5clTHtPMXc+/70iUNBDMZ0ruZTdSwll --e0DH8pp/5USYewlrKtRIJT7elC8LFMqEz4OpNvfaR2OEY0FatYYmSvQPNwV8/Eor --XlNzRi9qD0uXbVexaAgQZ3/KZuAzUbOgwJZZXEAOGkZ/J1n08jljPXdU0o7bHhNl --7siHbuEBAoGBAP53IvvJkhnH8Akf6E6sXelZkPKHnwDwfywDAiIhXza9DB1DViRS --bZUB5gzcxmLGalex5+LcwZmsqFO5NXZ8SQeE9p0YT8yJsX4J1w9JzSvsWJBS2vyW --Kbt21oG6JAGrWSGMIfxKpuahtWLf4JpGjftti0qIVQ60GKEPc1/xE2PZAoGBAN7Y --nRPaUaqcIwbnH9kovOKwZ/PWREy1ecr3YXj65VYTnwSJHD0+CJa/DX8eB/G4AoNA --Y2LPbq0Xu3+7SaUsO45VkaZuJmNwheUQ4tmyd/YdnVZ0AHXx1tvpR7QeO0WjnlNK --mR+x00fetrff2Ypahs0wtU0Xf3F8ORgVB8jnxBIhAoGAcwf0PpI+g30Im3dbEsWE --poogpiJ81HXjZ0fs3PTtD9eh9FCOTlkcxHFZR5M980TyqbX4t2tH8WpFpaNh8a/5 --a3bF7PoiiLnuDKXyHC0mnKZ42rU53VkcgGwWSAqXYFHPNwUcD+rHTBbp4kqGQ/eF --E5XPk9/RY5YyVAyiAUr/kvECgYBvW1Ua75SxqbZDI8mhbZ79tGMt0NtubZz/1KCL --oOxrGAD1dkJ7Q/1svunSpMIZgvcWeV1wqfFHY72ZNZC2jiTwmkffH9nlBPyTm92Q --JYOWo/PUmMEGLyRL3gWrtxOtV/as7nEYCndmyZ8KwTxmy5fi/z0J2f0gS5AIPbIX --LeGnoQKBgQDapjz9K4HWR5AMxyga4eiLIrmADySP846uz3eZIvTJQZ+6TAamvnno --KbnU21cGq5HBBtxqQvGswLPGW9rZAgykHHJmYBUp0xv4+I4qHfXyD7QNmvq+Vxjj --V2tgIafEpaf2ZsfM7BZeZz8MzeGcDwyrHtIO1FQiYN5Qz9Hq68XmVA== -------END RSA PRIVATE KEY----- -Index: crypto/openssl/doc/apps/asn1parse.pod -=================================================================== ---- crypto/openssl/doc/apps/asn1parse.pod (revision 279126) -+++ crypto/openssl/doc/apps/asn1parse.pod (working copy) -@@ -15,6 +15,8 @@ B<openssl> B<asn1parse> - [B<-length number>] - [B<-i>] - [B<-oid filename>] -+[B<-dump>] -+[B<-dlimit num>] - [B<-strparse offset>] - [B<-genstr string>] - [B<-genconf file>] -@@ -64,6 +66,14 @@ indents the output according to the "depth" of the - a file containing additional OBJECT IDENTIFIERs (OIDs). The format of this - file is described in the NOTES section below. - -+=item B<-dump> -+ -+dump unknown data in hex format. -+ -+=item B<-dlimit num> -+ -+like B<-dump>, but only the first B<num> bytes are output. -+ - =item B<-strparse offset> - - parse the contents octets of the ASN.1 object starting at B<offset>. This -Index: crypto/openssl/doc/apps/ca.pod -=================================================================== ---- crypto/openssl/doc/apps/ca.pod (revision 279126) -+++ crypto/openssl/doc/apps/ca.pod (working copy) -@@ -13,6 +13,8 @@ B<openssl> B<ca> - [B<-name section>] - [B<-gencrl>] - [B<-revoke file>] -+[B<-status serial>] -+[B<-updatedb>] - [B<-crl_reason reason>] - [B<-crl_hold instruction>] - [B<-crl_compromise time>] -@@ -26,6 +28,7 @@ B<openssl> B<ca> - [B<-md arg>] - [B<-policy arg>] - [B<-keyfile arg>] -+[B<-keyform PEM|DER>] - [B<-key arg>] - [B<-passin arg>] - [B<-cert file>] -@@ -83,7 +86,7 @@ a single self signed certificate to be signed by t - - a file containing a single Netscape signed public key and challenge - and additional field values to be signed by the CA. See the B<SPKAC FORMAT> --section for information on the required format. -+section for information on the required input and output format. - - =item B<-infiles> - -@@ -94,7 +97,7 @@ are assumed to be the names of files containing ce - - the output file to output certificates to. The default is standard - output. The certificate details will also be printed out to this --file. -+file in PEM format (except that B<-spkac> outputs DER format). - - =item B<-outdir directory> - -@@ -110,6 +113,11 @@ the CA certificate file. - - the private key to sign requests with. - -+=item B<-keyform PEM|DER> -+ -+the format of the data in the private key file. -+The default is PEM. -+ - =item B<-key password> - - the password used to encrypt the private key. Since on some -@@ -265,6 +273,15 @@ the number of hours before the next CRL is due. - - a filename containing a certificate to revoke. - -+=item B<-status serial> -+ -+displays the revocation status of the certificate with the specified -+serial number and exits. -+ -+=item B<-updatedb> -+ -+Updates the database index to purge expired certificates. -+ - =item B<-crl_reason reason> - - revocation reason, where B<reason> is one of: B<unspecified>, B<keyCompromise>, -@@ -495,6 +512,10 @@ the SPKAC and also the required DN components as n - If you need to include the same component twice then it can be - preceded by a number and a '.'. - -+When processing SPKAC format, the output is DER if the B<-out> -+flag is used, but PEM format if sending to stdout or the B<-outdir> -+flag is used. -+ - =head1 EXAMPLES - - Note: these examples assume that the B<ca> directory structure is -Index: crypto/openssl/doc/apps/crl.pod -=================================================================== ---- crypto/openssl/doc/apps/crl.pod (revision 279126) -+++ crypto/openssl/doc/apps/crl.pod (working copy) -@@ -12,6 +12,7 @@ B<openssl> B<crl> - [B<-text>] - [B<-in filename>] - [B<-out filename>] -+[B<-nameopt option>] - [B<-noout>] - [B<-hash>] - [B<-issuer>] -@@ -53,6 +54,11 @@ default. - - print out the CRL in text form. - -+=item B<-nameopt option> -+ -+option which determines how the subject or issuer names are displayed. See -+the description of B<-nameopt> in L<x509(1)|x509(1)>. -+ - =item B<-noout> - - don't output the encoded version of the CRL. -Index: crypto/openssl/doc/apps/dhparam.pod -=================================================================== ---- crypto/openssl/doc/apps/dhparam.pod (revision 279126) -+++ crypto/openssl/doc/apps/dhparam.pod (working copy) -@@ -12,6 +12,7 @@ B<openssl dhparam> - [B<-in> I<filename>] - [B<-out> I<filename>] - [B<-dsaparam>] -+[B<-check>] - [B<-noout>] - [B<-text>] - [B<-C>] -@@ -64,6 +65,10 @@ exchange more efficient. Beware that with such DS - parameters, a fresh DH key should be created for each use to - avoid small-subgroup attacks that may be possible otherwise. - -+=item B<-check> -+ -+check if the parameters are valid primes and generator. -+ - =item B<-2>, B<-5> - - The generator to use, either 2 or 5. 2 is the default. If present then the -Index: crypto/openssl/doc/apps/dsa.pod -=================================================================== ---- crypto/openssl/doc/apps/dsa.pod (revision 279126) -+++ crypto/openssl/doc/apps/dsa.pod (working copy) -@@ -13,6 +13,12 @@ B<openssl> B<dsa> - [B<-passin arg>] - [B<-out filename>] - [B<-passout arg>] -+[B<-aes128>] -+[B<-aes192>] -+[B<-aes256>] -+[B<-camellia128>] -+[B<-camellia192>] -+[B<-camellia256>] - [B<-des>] - [B<-des3>] - [B<-idea>] -@@ -74,10 +80,10 @@ filename. - the output file password source. For more information about the format of B<arg> - see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. - --=item B<-des|-des3|-idea> -+=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> - --These options encrypt the private key with the DES, triple DES, or the --IDEA ciphers respectively before outputting it. A pass phrase is prompted for. -+These options encrypt the private key with the specified -+cipher before outputting it. A pass phrase is prompted for. - If none of these options is specified the key is written in plain text. This - means that using the B<dsa> utility to read in an encrypted key with no - encryption option can be used to remove the pass phrase from a key, or by -Index: crypto/openssl/doc/apps/ecparam.pod -=================================================================== ---- crypto/openssl/doc/apps/ecparam.pod (revision 279126) -+++ crypto/openssl/doc/apps/ecparam.pod (working copy) -@@ -16,7 +16,7 @@ B<openssl ecparam> - [B<-C>] - [B<-check>] - [B<-name arg>] --[B<-list_curve>] -+[B<-list_curves>] - [B<-conv_form arg>] - [B<-param_enc arg>] - [B<-no_seed>] -Index: crypto/openssl/doc/apps/gendsa.pod -=================================================================== ---- crypto/openssl/doc/apps/gendsa.pod (revision 279126) -+++ crypto/openssl/doc/apps/gendsa.pod (working copy) -@@ -8,6 +8,12 @@ gendsa - generate a DSA private key from a set of - - B<openssl> B<gendsa> - [B<-out filename>] -+[B<-aes128>] -+[B<-aes192>] -+[B<-aes256>] -+[B<-camellia128>] -+[B<-camellia192>] -+[B<-camellia256>] - [B<-des>] - [B<-des3>] - [B<-idea>] -@@ -24,10 +30,10 @@ The B<gendsa> command generates a DSA private key - - =over 4 - --=item B<-des|-des3|-idea> -+=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> - --These options encrypt the private key with the DES, triple DES, or the --IDEA ciphers respectively before outputting it. A pass phrase is prompted for. -+These options encrypt the private key with specified -+cipher before outputting it. A pass phrase is prompted for. - If none of these options is specified no encryption is used. - - =item B<-rand file(s)> -Index: crypto/openssl/doc/apps/genrsa.pod -=================================================================== ---- crypto/openssl/doc/apps/genrsa.pod (revision 279126) -+++ crypto/openssl/doc/apps/genrsa.pod (working copy) -@@ -9,6 +9,18 @@ genrsa - generate an RSA private key - B<openssl> B<genrsa> - [B<-out filename>] - [B<-passout arg>] -+[B<-aes128>] -+[B<-aes128>] -+[B<-aes192>] -+[B<-aes256>] -+[B<-camellia128>] -+[B<-camellia192>] -+[B<-camellia256>] -+[B<-aes192>] -+[B<-aes256>] -+[B<-camellia128>] -+[B<-camellia192>] -+[B<-camellia256>] - [B<-des>] - [B<-des3>] - [B<-idea>] -@@ -36,10 +48,10 @@ used. - the output file password source. For more information about the format of B<arg> - see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. - --=item B<-des|-des3|-idea> -+=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> - --These options encrypt the private key with the DES, triple DES, or the --IDEA ciphers respectively before outputting it. If none of these options is -+These options encrypt the private key with specified -+cipher before outputting it. If none of these options is - specified no encryption is used. If encryption is used a pass phrase is prompted - for if it is not supplied via the B<-passout> argument. - -Index: crypto/openssl/doc/apps/rsa.pod -=================================================================== ---- crypto/openssl/doc/apps/rsa.pod (revision 279126) -+++ crypto/openssl/doc/apps/rsa.pod (working copy) -@@ -15,6 +15,12 @@ B<openssl> B<rsa> - [B<-out filename>] - [B<-passout arg>] - [B<-sgckey>] -+[B<-aes128>] -+[B<-aes192>] -+[B<-aes256>] -+[B<-camellia128>] -+[B<-camellia192>] -+[B<-camellia256>] - [B<-des>] - [B<-des3>] - [B<-idea>] -@@ -80,10 +86,10 @@ see the B<PASS PHRASE ARGUMENTS> section in L<open - use the modified NET algorithm used with some versions of Microsoft IIS and SGC - keys. - --=item B<-des|-des3|-idea> -+=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> - --These options encrypt the private key with the DES, triple DES, or the --IDEA ciphers respectively before outputting it. A pass phrase is prompted for. -+These options encrypt the private key with the specified -+cipher before outputting it. A pass phrase is prompted for. - If none of these options is specified the key is written in plain text. This - means that using the B<rsa> utility to read in an encrypted key with no - encryption option can be used to remove the pass phrase from a key, or by -Index: crypto/openssl/doc/apps/s_client.pod -=================================================================== ---- crypto/openssl/doc/apps/s_client.pod (revision 279126) -+++ crypto/openssl/doc/apps/s_client.pod (working copy) -@@ -17,6 +17,22 @@ B<openssl> B<s_client> - [B<-pass arg>] - [B<-CApath directory>] - [B<-CAfile filename>] -+[B<-attime timestamp>] -+[B<-check_ss_sig>] -+[B<-crl_check>] -+[B<-crl_check_all>] -+[B<-explicit_policy>] -+[B<-ignore_critical>] -+[B<-inhibit_any>] -+[B<-inhibit_map>] -+[B<-issuer_checks>] -+[B<-policy arg>] -+[B<-policy_check>] -+[B<-policy_print>] -+[B<-purpose purpose>] -+[B<-use_deltas>] -+[B<-verify_depth num>] -+[B<-x509_strict>] - [B<-reconnect>] - [B<-pause>] - [B<-showcerts>] -@@ -38,6 +54,7 @@ B<openssl> B<s_client> - [B<-bugs>] - [B<-cipher cipherlist>] - [B<-starttls protocol>] -+[B<-xmpphost hostname>] - [B<-engine id>] - [B<-tlsextdebug>] - [B<-no_ticket>] -@@ -53,6 +70,11 @@ SSL servers. - - =head1 OPTIONS - -+In addition to the options below the B<s_client> utility also supports the -+common and client only options documented in the -+in the L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)/SUPPORTED COMMAND LINE COMMANDS> -+manual page. -+ - =over 4 - - =item B<-connect host:port> -@@ -102,6 +124,15 @@ also used when building the client certificate cha - A file containing trusted certificates to use during server authentication - and to use when attempting to build the client certificate chain. - -+=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>, -+B<explicit_policy>, B<-ignore_critical>, B<-inhibit_any>, -+B<-inhibit_map>, B<-issuer_checks>, B<-policy>, -+B<-policy_check>, B<-policy_print>, B<-purpose>, -+B<-use_deltas>, B<-verify_depth>, B<-x509_strict> -+ -+Set various certificate chain valiadition options. See the -+L<B<verify>|verify(1)> manual page for details. -+ - =item B<-reconnect> - - reconnects to the same server 5 times using the same session ID, this can -@@ -192,18 +223,22 @@ command for more information. - - send the protocol-specific message(s) to switch to TLS for communication. - B<protocol> is a keyword for the intended protocol. Currently, the only --supported keywords are "smtp", "pop3", "imap", and "ftp". -+supported keywords are "smtp", "pop3", "imap", "ftp" and "xmpp". - -+=item B<-xmpphost hostname> -+ -+This option, when used with "-starttls xmpp", specifies the host for the -+"to" attribute of the stream element. -+If this option is not specified, then the host specified with "-connect" -+will be used. -+ - =item B<-tlsextdebug> - --print out a hex dump of any TLS extensions received from the server. Note: this --option is only available if extension support is explicitly enabled at compile --time -+print out a hex dump of any TLS extensions received from the server. - - =item B<-no_ticket> - --disable RFC4507bis session ticket support. Note: this option is only available --if extension support is explicitly enabled at compile time -+disable RFC4507bis session ticket support. - - =item B<-sess_out filename> - -@@ -216,7 +251,7 @@ connection from this session. - - =item B<-engine id> - --specifying an engine (by it's unique B<id> string) will cause B<s_client> -+specifying an engine (by its unique B<id> string) will cause B<s_client> - to attempt to obtain a functional reference to the specified engine, - thus initialising it if needed. The engine will then be set as the default - for all available algorithms. -@@ -278,8 +313,11 @@ Since the SSLv23 client hello cannot include compr - these will only be supported if its use is disabled, for example by using the - B<-no_sslv2> option. - --TLS extensions are only supported in OpenSSL 0.9.8 if they are explictly --enabled at compile time using for example the B<enable-tlsext> switch. -+The B<s_client> utility is a test tool and is designed to continue the -+handshake after any certificate verification errors. As a result it will -+accept any certificate chain (trusted or not) sent by the peer. None test -+applications should B<not> do this as it makes them vulnerable to a MITM -+attack. - - =head1 BUGS - -@@ -288,9 +326,6 @@ the techniques used are rather old, the C source o - hard to read and not a model of how things should be done. A typical - SSL client program would be much simpler. - --The B<-verify> option should really exit if the server verification --fails. -- - The B<-prexit> option is a bit of a hack. We should really report - information whenever a session is renegotiated. - -Index: crypto/openssl/doc/apps/s_server.pod -=================================================================== ---- crypto/openssl/doc/apps/s_server.pod (revision 279126) -+++ crypto/openssl/doc/apps/s_server.pod (working copy) -@@ -35,6 +35,7 @@ B<openssl> B<s_server> - [B<-CAfile filename>] - [B<-nocert>] - [B<-cipher cipherlist>] -+[B<-serverpref>] - [B<-quiet>] - [B<-no_tmp_rsa>] - [B<-ssl2>] -@@ -144,6 +145,9 @@ the client. With the B<-verify> option a certifica - client does not have to send one, with the B<-Verify> option the client - must supply a certificate or an error occurs. - -+If the ciphersuite cannot request a client certificate (for example an -+anonymous ciphersuite or PSK) this option has no effect. -+ - =item B<-crl_check>, B<-crl_check_all> - - Check the peer certificate has not been revoked by its CA. -@@ -215,6 +219,10 @@ also included in the server list is used. Because - the preference order, the order of the server cipherlist irrelevant. See - the B<ciphers> command for more information. - -+=item B<-serverpref> -+ -+use the server's cipher preferences, rather than the client's preferences. -+ - =item B<-tlsextdebug> - - print out a hex dump of any TLS extensions received from the server. -Index: crypto/openssl/doc/apps/verify.pod -=================================================================== ---- crypto/openssl/doc/apps/verify.pod (revision 279126) -+++ crypto/openssl/doc/apps/verify.pod (working copy) -@@ -7,13 +7,27 @@ verify - Utility to verify certificates. - =head1 SYNOPSIS - - B<openssl> B<verify> -+[B<-CAfile file>] - [B<-CApath directory>] --[B<-CAfile file>] -+[B<-attime timestamp>] -+[B<-check_ss_sig>] -+[B<-crl_check>] -+[B<-crl_check_all>] -+[B<-explicit_policy>] -+[B<-help>] -+[B<-ignore_critical>] -+[B<-inhibit_any>] -+[B<-inhibit_map>] -+[B<-issuer_checks>] -+[B<-policy arg>] -+[B<-policy_check>] -+[B<-policy_print>] - [B<-purpose purpose>] - [B<-untrusted file>] --[B<-help>] --[B<-issuer_checks>] -+[B<-use_deltas>] - [B<-verbose>] -+[B<-verify_depth num>] -+[B<-x509_strict>] - [B<->] - [certificates] - -@@ -26,6 +40,11 @@ The B<verify> command verifies certificate chains. - - =over 4 - -+=item B<-CAfile file> -+ -+A file of trusted certificates. The file should contain multiple certificates -+in PEM format concatenated together. -+ - =item B<-CApath directory> - - A directory of trusted certificates. The certificates should have names -@@ -34,56 +53,113 @@ form ("hash" is the hashed certificate subject nam - of the B<x509> utility). Under Unix the B<c_rehash> script will automatically - create symbolic links to a directory of certificates. - --=item B<-CAfile file> -+=item B<-attime timestamp> - --A file of trusted certificates. The file should contain multiple certificates --in PEM format concatenated together. -+Perform validation checks using time specified by B<timestamp> and not -+current system time. B<timestamp> is the number of seconds since -+01.01.1970 (UNIX time). - --=item B<-untrusted file> -+=item B<-check_ss_sig> - --A file of untrusted certificates. The file should contain multiple certificates -+Verify the signature on the self-signed root CA. This is disabled by default -+because it doesn't add any security. - --=item B<-purpose purpose> -+=item B<-crl_check> - --the intended use for the certificate. Without this option no chain verification --will be done. Currently accepted uses are B<sslclient>, B<sslserver>, --B<nssslserver>, B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION> --section for more information. -+Checks end entity certificate validity by attempting to look up a valid CRL. -+If a valid CRL cannot be found an error occurs. - -+=item B<-crl_check_all> -+ -+Checks the validity of B<all> certificates in the chain by attempting -+to look up valid CRLs. -+ -+=item B<-explicit_policy> -+ -+Set policy variable require-explicit-policy (see RFC5280). -+ - =item B<-help> - --prints out a usage message. -+Print out a usage message. - --=item B<-verbose> -+=item B<-ignore_critical> - --print extra information about the operations being performed. -+Normally if an unhandled critical extension is present which is not -+supported by OpenSSL the certificate is rejected (as required by RFC5280). -+If this option is set critical extensions are ignored. - -+=item B<-inhibit_any> -+ -+Set policy variable inhibit-any-policy (see RFC5280). -+ -+=item B<-inhibit_map> -+ -+Set policy variable inhibit-policy-mapping (see RFC5280). -+ - =item B<-issuer_checks> - --print out diagnostics relating to searches for the issuer certificate --of the current certificate. This shows why each candidate issuer --certificate was rejected. However the presence of rejection messages --does not itself imply that anything is wrong: during the normal --verify process several rejections may take place. -+Print out diagnostics relating to searches for the issuer certificate of the -+current certificate. This shows why each candidate issuer certificate was -+rejected. The presence of rejection messages does not itself imply that -+anything is wrong; during the normal verification process, several -+rejections may take place. - --=item B<-check_ss_sig> -+=item B<-policy arg> - --Verify the signature on the self-signed root CA. This is disabled by default --because it doesn't add any security. -+Enable policy processing and add B<arg> to the user-initial-policy-set (see -+RFC5280). The policy B<arg> can be an object name an OID in numeric form. -+This argument can appear more than once. - -+=item B<-policy_check> -+ -+Enables certificate policy processing. -+ -+=item B<-policy_print> -+ -+Print out diagnostics related to policy processing. -+ -+=item B<-purpose purpose> -+ -+The intended use for the certificate. If this option is not specified, -+B<verify> will not consider certificate purpose during chain verification. -+Currently accepted uses are B<sslclient>, B<sslserver>, B<nssslserver>, -+B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION> section for more -+information. -+ -+=item B<-untrusted file> -+ -+A file of untrusted certificates. The file should contain multiple certificates -+in PEM format concatenated together. -+ -+=item B<-use_deltas> -+ -+Enable support for delta CRLs. -+ -+=item B<-verbose> -+ -+Print extra information about the operations being performed. -+ -+=item B<-verify_depth num> -+ -+Limit the maximum depth of the certificate chain to B<num> certificates. -+ -+=item B<-x509_strict> -+ -+For strict X.509 compliance, disable non-compliant workarounds for broken -+certificates. -+ - =item B<-> - --marks the last option. All arguments following this are assumed to be -+Indicates the last option. All arguments following this are assumed to be - certificate files. This is useful if the first certificate filename begins - with a B<->. - - =item B<certificates> - --one or more certificates to verify. If no certificate filenames are included --then an attempt is made to read a certificate from standard input. They should --all be in PEM format. -+One or more certificates to verify. If no certificates are given, B<verify> -+will attempt to read a certificate from standard input. Certificates must be -+in PEM format. - -- - =back - - =head1 VERIFY OPERATION -@@ -176,7 +252,7 @@ normally means the list of trusted certificates is - - =item B<3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL> - --the CRL of a certificate could not be found. Unused. -+the CRL of a certificate could not be found. - - =item B<4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature> - -@@ -199,7 +275,7 @@ the signature of the certificate is invalid. - - =item B<8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure> - --the signature of the certificate is invalid. Unused. -+the signature of the certificate is invalid. - - =item B<9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid> - -@@ -211,11 +287,11 @@ the certificate has expired: that is the notAfter - - =item B<11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid> - --the CRL is not yet valid. Unused. -+the CRL is not yet valid. - - =item B<12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired> - --the CRL has expired. Unused. -+the CRL has expired. - - =item B<13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field> - -@@ -227,11 +303,11 @@ the certificate notAfter field contains an invalid - - =item B<15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field> - --the CRL lastUpdate field contains an invalid time. Unused. -+the CRL lastUpdate field contains an invalid time. - - =item B<16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field> - --the CRL nextUpdate field contains an invalid time. Unused. -+the CRL nextUpdate field contains an invalid time. - - =item B<17 X509_V_ERR_OUT_OF_MEM: out of memory> - -@@ -263,7 +339,7 @@ the certificate chain length is greater than the s - - =item B<23 X509_V_ERR_CERT_REVOKED: certificate revoked> - --the certificate has been revoked. Unused. -+the certificate has been revoked. - - =item B<24 X509_V_ERR_INVALID_CA: invalid CA certificate> - -@@ -320,7 +396,7 @@ an application specific error. Unused. - Although the issuer checks are a considerable improvement over the old technique they still - suffer from limitations in the underlying X509_LOOKUP API. One consequence of this is that - trusted certificates with matching subject name must either appear in a file (as specified by the --B<-CAfile> option) or a directory (as specified by B<-CApath>. If they occur in both then only -+B<-CAfile> option) or a directory (as specified by B<-CApath>). If they occur in both then only - the certificates in the file will be recognised. - - Previous versions of OpenSSL assume certificates with matching subject name are identical and -Index: crypto/openssl/doc/apps/x509.pod -=================================================================== ---- crypto/openssl/doc/apps/x509.pod (revision 279126) -+++ crypto/openssl/doc/apps/x509.pod (working copy) -@@ -19,6 +19,7 @@ B<openssl> B<x509> - [B<-hash>] - [B<-subject_hash>] - [B<-issuer_hash>] -+[B<-ocspid>] - [B<-subject>] - [B<-issuer>] - [B<-nameopt option>] -@@ -27,6 +28,7 @@ B<openssl> B<x509> - [B<-enddate>] - [B<-purpose>] - [B<-dates>] -+[B<-checkend num>] - [B<-modulus>] - [B<-fingerprint>] - [B<-alias>] -@@ -40,6 +42,7 @@ B<openssl> B<x509> - [B<-days arg>] - [B<-set_serial n>] - [B<-signkey filename>] -+[B<-passin arg>] - [B<-x509toreq>] - [B<-req>] - [B<-CA filename>] -@@ -47,6 +50,7 @@ B<openssl> B<x509> - [B<-CAcreateserial>] - [B<-CAserial filename>] - [B<-text>] -+[B<-certopt option>] - [B<-C>] - [B<-md2|-md5|-sha1|-mdc2>] - [B<-clrext>] -@@ -153,6 +157,10 @@ name. - - outputs the "hash" of the certificate issuer name. - -+=item B<-ocspid> -+ -+outputs the OCSP hash values for the subject name and public key. -+ - =item B<-hash> - - synonym for "-subject_hash" for backward compatibility reasons. -@@ -188,6 +196,11 @@ prints out the expiry date of the certificate, tha - - prints out the start and expiry dates of a certificate. - -+=item B<-checkend arg> -+ -+checks if the certificate expires within the next B<arg> seconds and exits -+non-zero if yes it will expire or zero if not. -+ - =item B<-fingerprint> - - prints out the digest of the DER encoded version of the whole certificate -@@ -293,6 +306,11 @@ If the input is a certificate request then a self - is created using the supplied private key using the subject name in - the request. - -+=item B<-passin arg> -+ -+the key password source. For more information about the format of B<arg> -+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. -+ - =item B<-clrext> - - delete any extensions from a certificate. This option is used when a -@@ -446,7 +464,7 @@ using the format \UXXXX for 16 bits and \WXXXXXXXX - Also if this option is off any UTF8Strings will be converted to their - character form first. - --=item B<no_type> -+=item B<ignore_type> - - this option does not attempt to interpret multibyte characters in any - way. That is their content octets are merely dumped as though one octet -Index: crypto/openssl/doc/apps/x509v3_config.pod -=================================================================== ---- crypto/openssl/doc/apps/x509v3_config.pod (revision 279126) -+++ crypto/openssl/doc/apps/x509v3_config.pod (working copy) -@@ -52,7 +52,7 @@ use is defined by the extension code itself: check - policies extension for an example. - - If an extension type is unsupported then the I<arbitrary> extension syntax --must be used, see the L<ARBITRART EXTENSIONS|/"ARBITRARY EXTENSIONS"> section for more details. -+must be used, see the L<ARBITRARY EXTENSIONS|/"ARBITRARY EXTENSIONS"> section for more details. - - =head1 STANDARD EXTENSIONS - -@@ -174,11 +174,11 @@ The IP address used in the B<IP> options can be in - - The value of B<dirName> should point to a section containing the distinguished - name to use as a set of name value pairs. Multi values AVAs can be formed by --preceeding the name with a B<+> character. -+preceding the name with a B<+> character. - - otherName can include arbitrary data associated with an OID: the value - should be the OID followed by a semicolon and the content in standard --ASN1_generate_nconf() format. -+L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)> format. - - Examples: - -@@ -226,21 +226,82 @@ Example: - - =head2 CRL distribution points. - --This is a multi-valued extension that supports all the literal options of --subject alternative name. Of the few software packages that currently interpret --this extension most only interpret the URI option. -+This is a multi-valued extension whose options can be either in name:value pair -+using the same form as subject alternative name or a single value representing -+a section name containing all the distribution point fields. - --Currently each option will set a new DistributionPoint with the fullName --field set to the given value. -+For a name:value pair a new DistributionPoint with the fullName field set to -+the given value both the cRLissuer and reasons fields are omitted in this case. - --Other fields like cRLissuer and reasons cannot currently be set or displayed: --at this time no examples were available that used these fields. -+In the single option case the section indicated contains values for each -+field. In this section: - --Examples: -+If the name is "fullname" the value field should contain the full name -+of the distribution point in the same format as subject alternative name. - -+If the name is "relativename" then the value field should contain a section -+name whose contents represent a DN fragment to be placed in this field. -+ -+The name "CRLIssuer" if present should contain a value for this field in -+subject alternative name format. -+ -+If the name is "reasons" the value field should consist of a comma -+separated field containing the reasons. Valid reasons are: "keyCompromise", -+"CACompromise", "affiliationChanged", "superseded", "cessationOfOperation", -+"certificateHold", "privilegeWithdrawn" and "AACompromise". -+ -+ -+Simple examples: -+ - crlDistributionPoints=URI:http://myhost.com/myca.crl - crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl - -+Full distribution point example: -+ -+ crlDistributionPoints=crldp1_section -+ -+ [crldp1_section] -+ -+ fullname=URI:http://myhost.com/myca.crl -+ CRLissuer=dirName:issuer_sect -+ reasons=keyCompromise, CACompromise -+ -+ [issuer_sect] -+ C=UK -+ O=Organisation -+ CN=Some Name -+ -+=head2 Issuing Distribution Point -+ -+This extension should only appear in CRLs. It is a multi valued extension -+whose syntax is similar to the "section" pointed to by the CRL distribution -+points extension with a few differences. -+ -+The names "reasons" and "CRLissuer" are not recognized. -+ -+The name "onlysomereasons" is accepted which sets this field. The value is -+in the same format as the CRL distribution point "reasons" field. -+ -+The names "onlyuser", "onlyCA", "onlyAA" and "indirectCRL" are also accepted -+the values should be a boolean value (TRUE or FALSE) to indicate the value of -+the corresponding field. -+ -+Example: -+ -+ issuingDistributionPoint=critical, @idp_section -+ -+ [idp_section] -+ -+ fullname=URI:http://myhost.com/myca.crl -+ indirectCRL=TRUE -+ onlysomereasons=keyCompromise, CACompromise -+ -+ [issuer_sect] -+ C=UK -+ O=Organisation -+ CN=Some Name -+ -+ - =head2 Certificate Policies. - - This is a I<raw> extension. All the fields of this extension can be set by -@@ -330,6 +391,16 @@ Examples: - - nameConstraints=excluded;email:.com - -+ -+=head2 OCSP No Check -+ -+The OCSP No Check extension is a string extension but its value is ignored. -+ -+Example: -+ -+ noCheck = ignored -+ -+ - =head1 DEPRECATED EXTENSIONS - - The following extensions are non standard, Netscape specific and largely -@@ -370,7 +441,8 @@ the data is formatted correctly for the given exte - There are two ways to encode arbitrary extensions. - - The first way is to use the word ASN1 followed by the extension content --using the same syntax as ASN1_generate_nconf(). For example: -+using the same syntax as L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)>. -+For example: - - 1.2.3.4=critical,ASN1:UTF8String:Some random data - -@@ -450,7 +522,8 @@ for arbitrary extensions was added in OpenSSL 0.9. - - =head1 SEE ALSO - --L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)> -+L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)>, -+L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)> - - - =cut -Index: crypto/openssl/doc/crypto/ASN1_generate_nconf.pod -=================================================================== ---- crypto/openssl/doc/crypto/ASN1_generate_nconf.pod (revision 279126) -+++ crypto/openssl/doc/crypto/ASN1_generate_nconf.pod (working copy) -@@ -61,7 +61,7 @@ Encode the B<NULL> type, the B<value> string must - =item B<INTEGER>, B<INT> - - Encodes an ASN1 B<INTEGER> type. The B<value> string represents --the value of the integer, it can be preceeded by a minus sign and -+the value of the integer, it can be preceded by a minus sign and - is normally interpreted as a decimal value unless the prefix B<0x> - is included. - -@@ -103,7 +103,8 @@ bits is set to zero. - =item B<UNIVERSALSTRING>, B<UNIV>, B<IA5>, B<IA5STRING>, B<UTF8>, - B<UTF8String>, B<BMP>, B<BMPSTRING>, B<VISIBLESTRING>, - B<VISIBLE>, B<PRINTABLESTRING>, B<PRINTABLE>, B<T61>, --B<T61STRING>, B<TELETEXSTRING>, B<GeneralString> -+B<T61STRING>, B<TELETEXSTRING>, B<GeneralString>, B<NUMERICSTRING>, -+B<NUMERIC> - - These encode the corresponding string types. B<value> represents the - contents of this structure. The format can be B<ASCII> or B<UTF8>. -Index: crypto/openssl/doc/crypto/BIO_f_base64.pod -=================================================================== ---- crypto/openssl/doc/crypto/BIO_f_base64.pod (revision 279126) -+++ crypto/openssl/doc/crypto/BIO_f_base64.pod (working copy) -@@ -46,11 +46,11 @@ to standard output: - - b64 = BIO_new(BIO_f_base64()); - bio = BIO_new_fp(stdout, BIO_NOCLOSE); -- bio = BIO_push(b64, bio); -- BIO_write(bio, message, strlen(message)); -- BIO_flush(bio); -+ BIO_push(b64, bio); -+ BIO_write(b64, message, strlen(message)); -+ BIO_flush(b64); - -- BIO_free_all(bio); -+ BIO_free_all(b64); - - Read Base64 encoded data from standard input and write the decoded - data to standard output: -@@ -62,11 +62,12 @@ data to standard output: - b64 = BIO_new(BIO_f_base64()); - bio = BIO_new_fp(stdin, BIO_NOCLOSE); - bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); -- bio = BIO_push(b64, bio); -- while((inlen = BIO_read(bio, inbuf, 512)) > 0) -+ BIO_push(b64, bio); -+ while((inlen = BIO_read(b64, inbuf, 512)) > 0) - BIO_write(bio_out, inbuf, inlen); - -- BIO_free_all(bio); -+ BIO_flush(bio_out); -+ BIO_free_all(b64); - - =head1 BUGS - -Index: crypto/openssl/doc/crypto/BIO_push.pod -=================================================================== ---- crypto/openssl/doc/crypto/BIO_push.pod (revision 279126) -+++ crypto/openssl/doc/crypto/BIO_push.pod (working copy) -@@ -40,7 +40,7 @@ If the call: - - BIO_push(b64, f); - --is made then the new chain will be B<b64-chain>. After making the calls -+is made then the new chain will be B<b64-f>. After making the calls - - BIO_push(md2, b64); - BIO_push(md1, md2); -Index: crypto/openssl/doc/crypto/ERR_get_error.pod -=================================================================== ---- crypto/openssl/doc/crypto/ERR_get_error.pod (revision 279126) -+++ crypto/openssl/doc/crypto/ERR_get_error.pod (working copy) -@@ -49,10 +49,10 @@ additionally store the file name and line number w - the error occurred in *B<file> and *B<line>, unless these are B<NULL>. - - ERR_get_error_line_data(), ERR_peek_error_line_data() and --ERR_get_last_error_line_data() store additional data and flags -+ERR_peek_last_error_line_data() store additional data and flags - associated with the error code in *B<data> - and *B<flags>, unless these are B<NULL>. *B<data> contains a string --if *B<flags>&B<ERR_TXT_STRING> is true. -+if *B<flags>&B<ERR_TXT_STRING> is true. - - An application B<MUST NOT> free the *B<data> pointer (or any other pointers - returned by these functions) with OPENSSL_free() as freeing is handled -Index: crypto/openssl/doc/crypto/RSA_set_method.pod -=================================================================== ---- crypto/openssl/doc/crypto/RSA_set_method.pod (revision 279126) -+++ crypto/openssl/doc/crypto/RSA_set_method.pod (working copy) -@@ -125,14 +125,18 @@ the default method is used. - /* sign. For backward compatibility, this is used only - * if (flags & RSA_FLAG_SIGN_VER) - */ -- int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len, -- unsigned char *sigret, unsigned int *siglen, RSA *rsa); -- -+ int (*rsa_sign)(int type, -+ const unsigned char *m, unsigned int m_length, -+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa); - /* verify. For backward compatibility, this is used only - * if (flags & RSA_FLAG_SIGN_VER) - */ -- int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len, -- unsigned char *sigbuf, unsigned int siglen, RSA *rsa); -+ int (*rsa_verify)(int dtype, -+ const unsigned char *m, unsigned int m_length, -+ const unsigned char *sigbuf, unsigned int siglen, -+ const RSA *rsa); -+ /* keygen. If NULL builtin RSA key generation will be used */ -+ int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); - - } RSA_METHOD; - -Index: crypto/openssl/doc/crypto/RSA_sign.pod -=================================================================== ---- crypto/openssl/doc/crypto/RSA_sign.pod (revision 279126) -+++ crypto/openssl/doc/crypto/RSA_sign.pod (working copy) -@@ -20,6 +20,10 @@ RSA_sign() signs the message digest B<m> of size B - private key B<rsa> as specified in PKCS #1 v2.0. It stores the - signature in B<sigret> and the signature size in B<siglen>. B<sigret> - must point to RSA_size(B<rsa>) bytes of memory. -+Note that PKCS #1 adds meta-data, placing limits on the size of the -+key that can be used. -+See L<RSA_private_encrypt(3)|RSA_private_encrypt(3)> for lower-level -+operations. - - B<type> denotes the message digest algorithm that was used to generate - B<m>. It usually is one of B<NID_sha1>, B<NID_ripemd160> and B<NID_md5>; -Index: crypto/openssl/doc/crypto/des.pod -=================================================================== ---- crypto/openssl/doc/crypto/des.pod (revision 279126) -+++ crypto/openssl/doc/crypto/des.pod (working copy) -@@ -135,9 +135,8 @@ depend on a global variable. - - DES_set_odd_parity() sets the parity of the passed I<key> to odd. - --DES_is_weak_key() returns 1 is the passed key is a weak key, 0 if it --is ok. The probability that a randomly generated key is weak is --1/2^52, so it is not really worth checking for them. -+DES_is_weak_key() returns 1 if the passed key is a weak key, 0 if it -+is ok. - - The following routines mostly operate on an input and output stream of - I<DES_cblock>s. -@@ -181,7 +180,7 @@ of 24 bytes. This is much better than CBC DES. - - DES_ede3_cbc_encrypt() implements outer triple CBC DES encryption with - three keys. This means that each DES operation inside the CBC mode is --really an C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL. -+an C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL. - - The DES_ede2_cbc_encrypt() macro implements two-key Triple-DES by - reusing I<ks1> for the final encryption. C<C=E(ks1,D(ks2,E(ks1,M)))>. -Index: crypto/openssl/doc/crypto/err.pod -=================================================================== ---- crypto/openssl/doc/crypto/err.pod (revision 279126) -+++ crypto/openssl/doc/crypto/err.pod (working copy) -@@ -171,7 +171,6 @@ ERR_get_string_table(void) respectively. - - =head1 SEE ALSO - --L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>, - L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>, - L<ERR_get_error(3)|ERR_get_error(3)>, - L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>, -Index: crypto/openssl/doc/crypto/pem.pod -=================================================================== ---- crypto/openssl/doc/crypto/pem.pod (revision 279126) -+++ crypto/openssl/doc/crypto/pem.pod (working copy) -@@ -450,9 +450,9 @@ byte B<salt> encoded as a set of hexadecimal digit - - After this is the base64 encoded encrypted data. - --The encryption key is determined using EVP_bytestokey(), using B<salt> and an -+The encryption key is determined using EVP_BytesToKey(), using B<salt> and an - iteration count of 1. The IV used is the value of B<salt> and *not* the IV --returned by EVP_bytestokey(). -+returned by EVP_BytesToKey(). - - =head1 BUGS - -@@ -474,3 +474,7 @@ The read routines return either a pointer to the s - if an error occurred. - - The write routines return 1 for success or 0 for failure. -+ -+=head1 SEE ALSO -+ -+L<EVP_get_cipherbyname(3)|EVP_get_cipherbyname>, L<EVP_BytesToKey(3)|EVP_BytesToKey(3)> -Index: crypto/openssl/doc/crypto/ui.pod -=================================================================== ---- crypto/openssl/doc/crypto/ui.pod (revision 279126) -+++ crypto/openssl/doc/crypto/ui.pod (working copy) -@@ -119,7 +119,7 @@ verification will fail. - UI_add_input_boolean() adds a prompt to the UI that's supposed to be answered - in a boolean way, with a single character for yes and a different character - for no. A set of characters that can be used to cancel the prompt is given --as well. The prompt itself is really divided in two, one part being the -+as well. The prompt itself is divided in two, one part being the - descriptive text (given through the I<prompt> argument) and one describing - the possible answers (given through the I<action_desc> argument). - -Index: crypto/openssl/doc/fingerprints.txt -=================================================================== ---- crypto/openssl/doc/fingerprints.txt (revision 279126) -+++ crypto/openssl/doc/fingerprints.txt (working copy) -@@ -4,12 +4,11 @@ OpenSSL releases are signed with PGP/GnuPG keys. - signatures in separate files in the same location you find the - distributions themselves. The normal file name is the same as the - distribution file, with '.asc' added. For example, the signature for --the distribution of OpenSSL 0.9.7f, openssl-0.9.7f.tar.gz, is found in --the file openssl-0.9.7f.tar.gz.asc. -+the distribution of OpenSSL 1.0.1h, openssl-1.0.1h.tar.gz, is found in -+the file openssl-1.0.1h.tar.gz.asc. - - The following is the list of fingerprints for the keys that are --currently in use (have been used since summer 2004) to sign OpenSSL --distributions: -+currently in use to sign OpenSSL distributions: - - pub 1024D/F709453B 2003-10-20 - Key fingerprint = C4CA B749 C34F 7F4C C04F DAC9 A7AF 9E78 F709 453B -@@ -34,10 +33,6 @@ uid Mark Cox <mjc@redhat.com> - uid Mark Cox <mark@awe.com> - uid Mark Cox <mjc@apache.org> - --pub 1024R/26BB437D 1997-04-28 -- Key fingerprint = 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5 --uid Ralf S. Engelschall <rse@engelschall.com> -- - pub 1024R/9C58A66D 1997-04-03 - Key fingerprint = 13 D0 B8 9D 37 30 C3 ED AC 9C 24 7D 45 8C 17 67 - uid jaenicke@openssl.org -@@ -62,3 +57,7 @@ uid Bodo Moeller <3moeller@inform - uid Bodo Moeller <Bodo_Moeller@public.uni-hamburg.de> - uid Bodo Moeller <3moeller@rzdspc5.informatik.uni-hamburg.de> - -+pub 2048R/0E604491 2013-04-30 -+ Key fingerprint = 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491 -+uid Matt Caswell <frodo@baggins.org> -+ -Index: crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod -=================================================================== ---- crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod (revision 279126) -+++ crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod (working copy) -@@ -23,8 +23,12 @@ SSL_CIPHER_get_bits() returns the number of secret - B<alg_bits> is not NULL, it contains the number of bits processed by the - chosen algorithm. If B<cipher> is NULL, 0 is returned. - --SSL_CIPHER_get_version() returns the protocol version for B<cipher>, currently --"SSLv2", "SSLv3", or "TLSv1". If B<cipher> is NULL, "(NONE)" is returned. -+SSL_CIPHER_get_version() returns string which indicates the SSL/TLS protocol -+version that first defined the cipher. -+This is currently B<SSLv2> or B<TLSv1/SSLv3>. -+In some cases it should possibly return "TLSv1.2" but does not; -+use SSL_CIPHER_description() instead. -+If B<cipher> is NULL, "(NONE)" is returned. - - SSL_CIPHER_description() returns a textual description of the cipher used - into the buffer B<buf> of length B<len> provided. B<len> must be at least -@@ -52,7 +56,8 @@ Textual representation of the cipher name. - - =item <protocol version> - --Protocol version: B<SSLv2>, B<SSLv3>. The TLSv1 ciphers are flagged with SSLv3. -+Protocol version: B<SSLv2>, B<SSLv3>, B<TLSv1.2>. The TLSv1.0 ciphers are -+flagged with SSLv3. No new ciphers were added by TLSv1.1. - - =item Kx=<key exchange> - -@@ -91,6 +96,10 @@ Some examples for the output of SSL_CIPHER_descrip - RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 - EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export - -+A comp[lete list can be retrieved by invoking the following command: -+ -+ openssl ciphers -v ALL -+ - =head1 BUGS - - If SSL_CIPHER_description() is called with B<cipher> being NULL, the -Index: crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod -=================================================================== ---- crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod (revision 279126) -+++ crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod (working copy) -@@ -24,6 +24,16 @@ the library will try to complete the chain from th - certificates in the trusted CA storage, see - L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>. - -+The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be freed by the library when the B<SSL_CTX> is destroyed. An application B<should not> free the B<x509> object. -+ -+=head1 RESTRICTIONS -+ -+Only one set of extra chain certificates can be specified per SSL_CTX -+structure. Different chains for different certificates (for example if both -+RSA and DSA certificates are specified by the same server) or different SSL -+structures with the same parent SSL_CTX cannot be specified using this -+function. -+ - =head1 RETURN VALUES - - SSL_CTX_add_extra_chain_cert() returns 1 on success. Check out the -Index: crypto/openssl/doc/ssl/SSL_CTX_add_session.pod -=================================================================== ---- crypto/openssl/doc/ssl/SSL_CTX_add_session.pod (revision 279126) -+++ crypto/openssl/doc/ssl/SSL_CTX_add_session.pod (working copy) -@@ -41,7 +41,7 @@ If a server SSL_CTX is configured with the SSL_SES - flag then the internal cache will not be populated automatically by new - sessions negotiated by the SSL/TLS implementation, even though the internal - cache will be searched automatically for session-resume requests (the --latter can be surpressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the -+latter can be suppressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the - application can use SSL_CTX_add_session() directly to have full control - over the sessions that can be resumed if desired. - -Index: crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod -=================================================================== ---- crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod (revision 279126) -+++ crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod (working copy) -@@ -35,7 +35,7 @@ the chosen B<ssl>, overriding the setting valid fo - =head1 NOTES - - When a TLS/SSL server requests a client certificate (see --B<SSL_CTX_set_verify_options()>), it sends a list of CAs, for which -+B<SSL_CTX_set_verify(3)>), it sends a list of CAs, for which - it will accept certificates, to the client. - - This list must explicitly be set using SSL_CTX_set_client_CA_list() for -Index: crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod -=================================================================== ---- crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod (revision 279126) -+++ crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod (working copy) -@@ -29,7 +29,7 @@ using the B<x509> and B<pkey> arguments and "1" mu - certificate will be installed into B<ssl>, see the NOTES and BUGS sections. - If no certificate should be set, "0" has to be returned and no certificate - will be sent. A negative return value will suspend the handshake and the --handshake function will return immediatly. L<SSL_get_error(3)|SSL_get_error(3)> -+handshake function will return immediately. L<SSL_get_error(3)|SSL_get_error(3)> - will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was - suspended. The next call to the handshake function will again lead to the call - of client_cert_cb(). It is the job of the client_cert_cb() to store information -Index: crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod -=================================================================== ---- crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod (revision 279126) -+++ crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod (working copy) -@@ -61,12 +61,16 @@ deal with read/write operations returning without - flag SSL_MODE_AUTO_RETRY will cause read/write operations to only - return after the handshake and successful completion. - --=item SSL_MODE_FALLBACK_SCSV -+=item SSL_MODE_SEND_FALLBACK_SCSV - - Send TLS_FALLBACK_SCSV in the ClientHello. --To be set by applications that reconnect with a downgraded protocol -+To be set only by applications that reconnect with a downgraded protocol - version; see draft-ietf-tls-downgrade-scsv-00 for details. - -+DO NOT ENABLE THIS if your application attempts a normal handshake. -+Only use this in explicit fallback retries, following the guidance -+in draft-ietf-tls-downgrade-scsv-00. -+ - =back - - =head1 RETURN VALUES -Index: crypto/openssl/doc/ssl/SSL_CTX_set_options.pod -=================================================================== ---- crypto/openssl/doc/ssl/SSL_CTX_set_options.pod (revision 279126) -+++ crypto/openssl/doc/ssl/SSL_CTX_set_options.pod (working copy) -@@ -243,7 +243,7 @@ Connections and renegotiation are always permitted - - =head2 Unpatched client and patched OpenSSL server - --The initial connection suceeds but client renegotiation is denied by the -+The initial connection succeeds but client renegotiation is denied by the - server with a B<no_renegotiation> warning alert if TLS v1.0 is used or a fatal - B<handshake_failure> alert in SSL v3.0. - -Index: crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod -=================================================================== ---- crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod (revision 0) -+++ crypto/openssl/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod (working copy) -@@ -0,0 +1,195 @@ -+=pod -+ -+=head1 NAME -+ -+SSL_CTX_set_tlsext_ticket_key_cb - set a callback for session ticket processing -+ -+=head1 SYNOPSIS -+ -+ #include <openssl/tls1.h> -+ -+ long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx, -+ int (*cb)(SSL *s, unsigned char key_name[16], -+ unsigned char iv[EVP_MAX_IV_LENGTH], -+ EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)); -+ -+=head1 DESCRIPTION -+ -+SSL_CTX_set_tlsext_ticket_key_cb() sets a callback fuction I<cb> for handling -+session tickets for the ssl context I<sslctx>. Session tickets, defined in -+RFC5077 provide an enhanced session resumption capability where the server -+implementation is not required to maintain per session state. It only applies -+to TLS and there is no SSLv3 implementation. -+ -+The callback is available when the OpenSSL library was built without -+I<OPENSSL_NO_TLSEXT> being defined. -+ -+The callback function I<cb> will be called for every client instigated TLS -+session when session ticket extension is presented in the TLS hello -+message. It is the responsibility of this function to create or retrieve the -+cryptographic parameters and to maintain their state. -+ -+The OpenSSL library uses your callback function to help implement a common TLS -+ticket construction state according to RFC5077 Section 4 such that per session -+state is unnecessary and a small set of cryptographic variables needs to be -+maintained by the callback function implementation. -+ -+In order to reuse a session, a TLS client must send the a session ticket -+extension to the server. The client can only send exactly one session ticket. -+The server, through the callback function, either agrees to reuse the session -+ticket information or it starts a full TLS handshake to create a new session -+ticket. -+ -+Before the callback function is started I<ctx> and I<hctx> have been -+initialised with EVP_CIPHER_CTX_init and HMAC_CTX_init respectively. -+ -+For new sessions tickets, when the client doesn't present a session ticket, or -+an attempted retreival of the ticket failed, or a renew option was indicated, -+the callback function will be called with I<enc> equal to 1. The OpenSSL -+library expects that the function will set an arbitary I<name>, initialize -+I<iv>, and set the cipher context I<ctx> and the hash context I<hctx>. -+ -+The I<name> is 16 characters long and is used as a key identifier. -+ -+The I<iv> length is the length of the IV of the corresponding cipher. The -+maximum IV length is L<EVP_MAX_IV_LENGTH> bytes defined in B<evp.h>. -+ -+The initialization vector I<iv> should be a random value. The cipher context -+I<ctx> should use the initialisation vector I<iv>. The cipher context can be -+set using L<EVP_EncryptInit_ex>. The hmac context can be set using L<HMAC_Init_ex>. -+ -+When the client presents a session ticket, the callback function with be called -+with I<enc> set to 0 indicating that the I<cb> function should retreive a set -+of parameters. In this case I<name> and I<iv> have already been parsed out of -+the session ticket. The OpenSSL library expects that the I<name> will be used -+to retrieve a cryptographic parameters and that the cryptographic context -+I<ctx> will be set with the retreived parameters and the initialization vector -+I<iv>. using a function like L<EVP_DecryptInit_ex>. The I<hctx> needs to be set -+using L<HMAC_Init_ex>. -+ -+If the I<name> is still valid but a renewal of the ticket is required the -+callback function should return 2. The library will call the callback again -+with an arguement of enc equal to 1 to set the new ticket. -+ -+The return value of the I<cb> function is used by OpenSSL to determine what -+further processing will occur. The following return values have meaning: -+ -+=over 4 -+ -+=item Z<>2 -+ -+This indicates that the I<ctx> and I<hctx> have been set and the session can -+continue on those parameters. Additionally it indicates that the session -+ticket is in a renewal period and should be replaced. The OpenSSL library will -+call I<cb> again with an enc argument of 1 to set the new ticket (see RFC5077 -+3.3 paragraph 2). -+ -+=item Z<>1 -+ -+This indicates that the I<ctx> and I<hctx> have been set and the session can -+continue on those parameters. -+ -+=item Z<>0 -+ -+This indicates that it was not possible to set/retrieve a session ticket and -+the SSL/TLS session will continue by by negiotationing a set of cryptographic -+parameters or using the alternate SSL/TLS resumption mechanism, session ids. -+ -+If called with enc equal to 0 the library will call the I<cb> again to get -+a new set of parameters. -+ -+=item less than 0 -+ -+This indicates an error. -+ -+=back -+ -+=head1 NOTES -+ -+Session resumption shortcuts the TLS so that the client certificate -+negiotation don't occur. It makes up for this by storing client certificate -+an all other negotiated state information encrypted within the ticket. In a -+resumed session the applications will have all this state information available -+exactly as if a full negiotation had occured. -+ -+If an attacker can obtain the key used to encrypt a session ticket, they can -+obtain the master secret for any ticket using that key and decrypt any traffic -+using that session: even if the ciphersuite supports forward secrecy. As -+a result applications may wish to use multiple keys and avoid using long term -+keys stored in files. -+ -+Applications can use longer keys to maintain a consistent level of security. -+For example if a ciphersuite uses 256 bit ciphers but only a 128 bit ticket key -+the overall security is only 128 bits because breaking the ticket key will -+enable an attacker to obtain the session keys. -+ -+=head1 EXAMPLES -+ -+Reference Implemention: -+ SSL_CTX_set_tlsext_ticket_key_cb(SSL,ssl_tlsext_ticket_key_cb); -+ .... -+ -+ static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) -+ { -+ if (enc) { /* create new session */ -+ if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) ) { -+ return -1; /* insufficient random */ -+ } -+ -+ key = currentkey(); /* something that you need to implement */ -+ if ( !key ) { -+ /* current key doesn't exist or isn't valid */ -+ key = createkey(); /* something that you need to implement. -+ * createkey needs to initialise, a name, -+ * an aes_key, a hmac_key and optionally -+ * an expire time. */ -+ if ( !key ) { /* key couldn't be created */ -+ return 0; -+ } -+ } -+ memcpy(key_name, key->name, 16); -+ -+ EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv); -+ HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL); -+ -+ return 1; -+ -+ } else { /* retrieve session */ -+ key = findkey(name); -+ -+ if (!key || key->expire < now() ) { -+ return 0; -+ } -+ -+ HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL); -+ EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->aes_key, iv ); -+ -+ if (key->expire < ( now() - RENEW_TIME ) ) { -+ /* return 2 - this session will get a new ticket even though the current is still valid */ -+ return 2; -+ } -+ return 1; -+ -+ } -+ } -+ -+ -+ -+=head1 RETURN VALUES -+ -+returns 0 to indicate the callback function was set. -+ -+=head1 SEE ALSO -+ -+L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>, -+L<SSL_session_reused(3)|SSL_session_reused(3)>, -+L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>, -+L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>, -+L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>, -+L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>, -+ -+=head1 HISTORY -+ -+This function was introduced in OpenSSL 0.9.8h -+ -+=cut -Index: crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod -=================================================================== ---- crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod (revision 279126) -+++ crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod (working copy) -@@ -12,12 +12,10 @@ SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, S - DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); - long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh); - -- void SSL_set_tmp_dh_callback(SSL_CTX *ctx, -+ void SSL_set_tmp_dh_callback(SSL *ctx, - DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); - long SSL_set_tmp_dh(SSL *ssl, DH *dh) - -- DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); -- - =head1 DESCRIPTION - - SSL_CTX_set_tmp_dh_callback() sets the callback function for B<ctx> to be -@@ -81,7 +79,7 @@ instead (see L<dhparam(1)|dhparam(1)>), but in thi - is mandatory. - - Application authors may compile in DH parameters. Files dh512.pem, --dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current -+dh1024.pem, dh2048.pem, and dh4096.pem in the 'apps' directory of current - version of the OpenSSL distribution contain the 'SKIP' DH parameters, - which use safe primes and were generated verifiably pseudo-randomly. - These files can be converted into C code using the B<-C> option of the -Index: crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod -=================================================================== ---- crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod (revision 279126) -+++ crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod (working copy) -@@ -109,8 +109,8 @@ certificates would not be present, most likely a - X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY will be issued. - The depth count is "level 0:peer certificate", "level 1: CA certificate", - "level 2: higher level CA certificate", and so on. Setting the maximum --depth to 2 allows the levels 0, 1, and 2. The default depth limit is 9, --allowing for the peer certificate and additional 9 CA certificates. -+depth to 2 allows the levels 0, 1, and 2. The default depth limit is 100, -+allowing for the peer certificate and additional 100 CA certificates. - - The B<verify_callback> function is used to control the behaviour when the - SSL_VERIFY_PEER flag is set. It must be supplied by the application and -Index: crypto/openssl/doc/ssl/SSL_get_version.pod -=================================================================== ---- crypto/openssl/doc/ssl/SSL_get_version.pod (revision 279126) -+++ crypto/openssl/doc/ssl/SSL_get_version.pod (working copy) -@@ -12,12 +12,12 @@ SSL_get_version - get the protocol version of a co - - =head1 DESCRIPTION - --SSL_get_cipher_version() returns the name of the protocol used for the -+SSL_get_version() returns the name of the protocol used for the - connection B<ssl>. - - =head1 RETURN VALUES - --The following strings can occur: -+The following strings can be returned: - - =over 4 - -@@ -31,8 +31,16 @@ The connection uses the SSLv3 protocol. - - =item TLSv1 - --The connection uses the TLSv1 protocol. -+The connection uses the TLSv1.0 protocol. - -+=item TLSv1.1 -+ -+The connection uses the TLSv1.1 protocol. -+ -+=item TLSv1.2 -+ -+The connection uses the TLSv1.2 protocol. -+ - =item unknown - - This indicates that no version has been set (no connection established). -Index: crypto/openssl/doc/ssl/SSL_shutdown.pod -=================================================================== ---- crypto/openssl/doc/ssl/SSL_shutdown.pod (revision 279126) -+++ crypto/openssl/doc/ssl/SSL_shutdown.pod (working copy) -@@ -104,7 +104,7 @@ erroneous SSL_ERROR_SYSCALL may be flagged even th - The shutdown was successfully completed. The "close notify" alert was sent - and the peer's "close notify" alert was received. - --=item -1 -+=item Z<>-1 - - The shutdown was not successful because a fatal error occurred either - at the protocol level or a connection failure occurred. It can also occur if -Index: crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod -=================================================================== ---- crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod (revision 279126) -+++ crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod (working copy) -@@ -48,6 +48,16 @@ known limit on the size of the created ASN1 repres - amount of space should be obtained by first calling i2d_SSL_SESSION() with - B<pp=NULL>, and obtain the size needed, then allocate the memory and - call i2d_SSL_SESSION() again. -+Note that this will advance the value contained in B<*pp> so it is necessary -+to save a copy of the original allocation. -+For example: -+ int i,j; -+ char *p, *temp; -+ i = i2d_SSL_SESSION(sess, NULL); -+ p = temp = malloc(i); -+ j = i2d_SSL_SESSION(sess, &temp); -+ assert(i == j); -+ assert(p+i == temp); - - =head1 RETURN VALUES - -Index: crypto/openssl/e_os.h -=================================================================== ---- crypto/openssl/e_os.h (revision 279126) -+++ crypto/openssl/e_os.h (working copy) -@@ -275,7 +275,7 @@ extern "C" { - # ifdef _WIN64 - # define strlen(s) _strlen31(s) - /* cut strings to 2GB */ --static unsigned int _strlen31(const char *str) -+static __inline unsigned int _strlen31(const char *str) - { - unsigned int len=0; - while (*str && len<0x80000000U) str++, len++; -@@ -360,7 +360,7 @@ extern "C" { - # define DEFAULT_HOME "C:" - # endif - --#else /* The non-microsoft world world */ -+#else /* The non-microsoft world */ - - # ifdef OPENSSL_SYS_VMS - # define VMS 1 -@@ -702,9 +702,25 @@ struct servent *getservbyname(const char *name, co - #endif - /* end vxworks */ - -+#if !defined(inline) && !defined(__cplusplus) -+# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L -+ /* do nothing, inline works */ -+# elif defined(__GNUC__) && __GNUC__>=2 -+# define inline __inline__ -+# elif defined(_MSC_VER) -+ /* -+ * Visual Studio: inline is available in C++ only, however -+ * __inline is available for C, see -+ * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx -+ */ -+# define inline __inline -+# else -+# define inline -+# endif -+#endif -+ - #ifdef __cplusplus - } - #endif - - #endif -- -Index: crypto/openssl/openssl.spec -=================================================================== ---- crypto/openssl/openssl.spec (revision 279126) -+++ crypto/openssl/openssl.spec (working copy) -@@ -6,7 +6,7 @@ Release: 1 - - Summary: Secure Sockets Layer and cryptography libraries and tools - Name: openssl --Version: 0.9.8za -+Version: 0.9.8zd - Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz - License: OpenSSL - Group: System Environment/Libraries -Index: crypto/openssl/ssl/Makefile -=================================================================== ---- crypto/openssl/ssl/Makefile (revision 279126) -+++ crypto/openssl/ssl/Makefile (working copy) -@@ -545,27 +545,28 @@ s3_both.o: ../include/openssl/ssl23.h ../include/o - s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h - s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h - s3_both.o: ../include/openssl/x509_vfy.h s3_both.c ssl_locl.h --s3_cbc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h --s3_cbc.o: ../include/openssl/bn.h ../include/openssl/buffer.h --s3_cbc.o: ../include/openssl/comp.h ../include/openssl/crypto.h --s3_cbc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h --s3_cbc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h --s3_cbc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h --s3_cbc.o: ../include/openssl/err.h ../include/openssl/evp.h --s3_cbc.o: ../include/openssl/fips.h ../include/openssl/hmac.h --s3_cbc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h --s3_cbc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h --s3_cbc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h --s3_cbc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h --s3_cbc.o: ../include/openssl/pem.h ../include/openssl/pem2.h --s3_cbc.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h --s3_cbc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h --s3_cbc.o: ../include/openssl/safestack.h ../include/openssl/sha.h --s3_cbc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h --s3_cbc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h --s3_cbc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h --s3_cbc.o: ../include/openssl/tls1.h ../include/openssl/x509.h --s3_cbc.o: ../include/openssl/x509_vfy.h s3_cbc.c ssl_locl.h -+s3_cbc.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h -+s3_cbc.o: ../include/openssl/bio.h ../include/openssl/bn.h -+s3_cbc.o: ../include/openssl/buffer.h ../include/openssl/comp.h -+s3_cbc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h -+s3_cbc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -+s3_cbc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -+s3_cbc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -+s3_cbc.o: ../include/openssl/evp.h ../include/openssl/fips.h -+s3_cbc.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -+s3_cbc.o: ../include/openssl/lhash.h ../include/openssl/md5.h -+s3_cbc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -+s3_cbc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -+s3_cbc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -+s3_cbc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -+s3_cbc.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -+s3_cbc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -+s3_cbc.o: ../include/openssl/sha.h ../include/openssl/ssl.h -+s3_cbc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -+s3_cbc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -+s3_cbc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -+s3_cbc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_cbc.c -+s3_cbc.o: ssl_locl.h - s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h - s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h - s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h -@@ -674,29 +675,29 @@ s3_pkt.o: ../include/openssl/ssl3.h ../include/ope - s3_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h - s3_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_pkt.c - s3_pkt.o: ssl_locl.h --s3_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h --s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h --s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h --s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h --s3_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h --s3_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h --s3_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h --s3_srvr.o: ../include/openssl/evp.h ../include/openssl/fips.h --s3_srvr.o: ../include/openssl/hmac.h ../include/openssl/krb5_asn.h --s3_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h --s3_srvr.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h --s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h --s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h --s3_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h --s3_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h --s3_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h --s3_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h --s3_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h --s3_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h --s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h --s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h --s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h --s3_srvr.o: s3_srvr.c ssl_locl.h -+s3_srvr.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h -+s3_srvr.o: ../include/openssl/bio.h ../include/openssl/bn.h -+s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h -+s3_srvr.o: ../include/openssl/crypto.h ../include/openssl/dh.h -+s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h -+s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -+s3_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -+s3_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h -+s3_srvr.o: ../include/openssl/fips.h ../include/openssl/hmac.h -+s3_srvr.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h -+s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md5.h -+s3_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -+s3_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -+s3_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -+s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -+s3_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h -+s3_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h -+s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -+s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -+s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -+s3_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -+s3_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -+s3_srvr.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_srvr.c ssl_locl.h - ssl_algs.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h - ssl_algs.o: ../include/openssl/bn.h ../include/openssl/buffer.h - ssl_algs.o: ../include/openssl/comp.h ../include/openssl/crypto.h -Index: crypto/openssl/ssl/d1_both.c -=================================================================== ---- crypto/openssl/ssl/d1_both.c (revision 279126) -+++ crypto/openssl/ssl/d1_both.c (working copy) -@@ -1195,6 +1195,8 @@ dtls1_buffer_message(SSL *s, int is_ccs) - OPENSSL_assert(s->init_off == 0); - - frag = dtls1_hm_fragment_new(s->init_num, 0); -+ if (!frag) -+ return 0; - - memcpy(frag->fragment, s->init_buf->data, s->init_num); - -Index: crypto/openssl/ssl/d1_srvr.c -=================================================================== ---- crypto/openssl/ssl/d1_srvr.c (revision 279126) -+++ crypto/openssl/ssl/d1_srvr.c (working copy) -@@ -468,10 +468,11 @@ int dtls1_accept(SSL *s) - s->state = SSL3_ST_SR_CLNT_HELLO_C; - } - else { -- /* could be sent for a DH cert, even if we -- * have not asked for it :-) */ -- ret=ssl3_get_client_certificate(s); -- if (ret <= 0) goto end; -+ if (s->s3->tmp.cert_request) -+ { -+ ret=ssl3_get_client_certificate(s); -+ if (ret <= 0) goto end; -+ } - s->init_num=0; - s->state=SSL3_ST_SR_KEY_EXCH_A; - } -Index: crypto/openssl/ssl/s23_lib.c -=================================================================== ---- crypto/openssl/ssl/s23_lib.c (revision 279126) -+++ crypto/openssl/ssl/s23_lib.c (working copy) -@@ -112,6 +112,9 @@ int ssl23_put_cipher_by_char(const SSL_CIPHER *c, - long l; - - /* We can write SSLv2 and SSLv3 ciphers */ -+ /* but no ECC ciphers */ -+ if (c->algorithms & (SSL_ECDH|SSL_aECDSA)) -+ return 0; - if (p != NULL) - { - l=c->id; -Index: crypto/openssl/ssl/s3_cbc.c -=================================================================== ---- crypto/openssl/ssl/s3_cbc.c (revision 279126) -+++ crypto/openssl/ssl/s3_cbc.c (working copy) -@@ -53,6 +53,7 @@ - * - */ - -+#include "../crypto/constant_time_locl.h" - #include "ssl_locl.h" - - #include <openssl/md5.h> -@@ -67,37 +68,6 @@ - * supported by TLS.) */ - #define MAX_HASH_BLOCK_SIZE 128 - --/* Some utility functions are needed: -- * -- * These macros return the given value with the MSB copied to all the other -- * bits. They use the fact that arithmetic shift shifts-in the sign bit. -- * However, this is not ensured by the C standard so you may need to replace -- * them with something else on odd CPUs. */ --#define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) ) --#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x))) -- --/* constant_time_lt returns 0xff if a<b and 0x00 otherwise. */ --static unsigned constant_time_lt(unsigned a, unsigned b) -- { -- a -= b; -- return DUPLICATE_MSB_TO_ALL(a); -- } -- --/* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */ --static unsigned constant_time_ge(unsigned a, unsigned b) -- { -- a -= b; -- return DUPLICATE_MSB_TO_ALL(~a); -- } -- --/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */ --static unsigned char constant_time_eq_8(unsigned a, unsigned b) -- { -- unsigned c = a ^ b; -- c--; -- return DUPLICATE_MSB_TO_ALL_8(c); -- } -- - /* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC - * record in |rec| by updating |rec->length| in constant time. - * -@@ -126,8 +96,8 @@ int ssl3_cbc_remove_padding(const SSL* s, - padding_length = good & (padding_length+1); - rec->length -= padding_length; - rec->type |= padding_length<<8; /* kludge: pass padding length */ -- return (int)((good & 1) | (~good & -1)); --} -+ return constant_time_select_int(good, 1, -1); -+ } - - /* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC - * record in |rec| in constant time and returns 1 if the padding is valid and -@@ -201,7 +171,7 @@ int tls1_cbc_remove_padding(const SSL* s, - - for (i = 0; i < to_check; i++) - { -- unsigned char mask = constant_time_ge(padding_length, i); -+ unsigned char mask = constant_time_ge_8(padding_length, i); - unsigned char b = rec->data[rec->length-1-i]; - /* The final |padding_length+1| bytes should all have the value - * |padding_length|. Therefore the XOR should be zero. */ -@@ -209,20 +179,14 @@ int tls1_cbc_remove_padding(const SSL* s, - } - - /* If any of the final |padding_length+1| bytes had the wrong value, -- * one or more of the lower eight bits of |good| will be cleared. We -- * AND the bottom 8 bits together and duplicate the result to all the -- * bits. */ -- good &= good >> 4; -- good &= good >> 2; -- good &= good >> 1; -- good <<= sizeof(good)*8-1; -- good = DUPLICATE_MSB_TO_ALL(good); -- -+ * one or more of the lower eight bits of |good| will be cleared. -+ */ -+ good = constant_time_eq(0xff, good & 0xff); - padding_length = good & (padding_length+1); - rec->length -= padding_length; - rec->type |= padding_length<<8; /* kludge: pass padding length */ - -- return (int)((good & 1) | (~good & -1)); -+ return constant_time_select_int(good, 1, -1); - } - - /* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in -@@ -289,8 +253,8 @@ void ssl3_cbc_copy_mac(unsigned char* out, - memset(rotated_mac, 0, md_size); - for (i = scan_start, j = 0; i < orig_len; i++) - { -- unsigned char mac_started = constant_time_ge(i, mac_start); -- unsigned char mac_ended = constant_time_ge(i, mac_end); -+ unsigned char mac_started = constant_time_ge_8(i, mac_start); -+ unsigned char mac_ended = constant_time_ge_8(i, mac_end); - unsigned char b = rec->data[i]; - rotated_mac[j++] |= b & mac_started & ~mac_ended; - j &= constant_time_lt(j,md_size); -@@ -676,12 +640,12 @@ void ssl3_cbc_digest_record( - b = data[k-header_length]; - k++; - -- is_past_c = is_block_a & constant_time_ge(j, c); -- is_past_cp1 = is_block_a & constant_time_ge(j, c+1); -+ is_past_c = is_block_a & constant_time_ge_8(j, c); -+ is_past_cp1 = is_block_a & constant_time_ge_8(j, c+1); - /* If this is the block containing the end of the - * application data, and we are at the offset for the - * 0x80 value, then overwrite b with 0x80. */ -- b = (b&~is_past_c) | (0x80&is_past_c); -+ b = constant_time_select_8(is_past_c, 0x80, b); - /* If this the the block containing the end of the - * application data and we're past the 0x80 value then - * just write zero. */ -@@ -697,7 +661,8 @@ void ssl3_cbc_digest_record( - if (j >= md_block_size - md_length_size) - { - /* If this is index_b, write a length byte. */ -- b = (b&~is_block_b) | (is_block_b&length_bytes[j-(md_block_size-md_length_size)]); -+ b = constant_time_select_8( -+ is_block_b, length_bytes[j-(md_block_size-md_length_size)], b); - } - block[j] = b; - } -Index: crypto/openssl/ssl/s3_clnt.c -=================================================================== ---- crypto/openssl/ssl/s3_clnt.c (revision 279126) -+++ crypto/openssl/ssl/s3_clnt.c (working copy) -@@ -442,6 +442,7 @@ int ssl3_connect(SSL *s) - s->method->ssl3_enc->client_finished_label, - s->method->ssl3_enc->client_finished_label_len); - if (ret <= 0) goto end; -+ s->s3->flags |= SSL3_FLAGS_CCS_OK; - s->state=SSL3_ST_CW_FLUSH; - - /* clear flags */ -@@ -1094,8 +1095,8 @@ int ssl3_get_key_exchange(SSL *s) - #endif - EVP_MD_CTX md_ctx; - unsigned char *param,*p; -- int al,i,j,param_len,ok; -- long n,alg; -+ int al,j,ok; -+ long i,param_len,n,alg; - EVP_PKEY *pkey=NULL; - #ifndef OPENSSL_NO_RSA - RSA *rsa=NULL; -@@ -1172,8 +1173,10 @@ int ssl3_get_key_exchange(SSL *s) - s->session->sess_cert=ssl_sess_cert_new(); - } - -+ /* Total length of the parameters including the length prefix */ - param_len=0; - -+ al=SSL_AD_DECODE_ERROR; - #ifndef OPENSSL_NO_RSA - if (alg & SSL_kRSA) - { -@@ -1189,14 +1192,23 @@ int ssl3_get_key_exchange(SSL *s) - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); - goto err; - } -- n2s(p,i); -- param_len=i+2; -+ -+ param_len = 2; - if (param_len > n) - { -- al=SSL_AD_DECODE_ERROR; -+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, -+ SSL_R_LENGTH_TOO_SHORT); -+ goto f_err; -+ } -+ n2s(p,i); -+ -+ if (i > n - param_len) -+ { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH); - goto f_err; - } -+ param_len += i; -+ - if (!(rsa->n=BN_bin2bn(p,i,rsa->n))) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); -@@ -1204,14 +1216,23 @@ int ssl3_get_key_exchange(SSL *s) - } - p+=i; - -+ if (2 > n - param_len) -+ { -+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, -+ SSL_R_LENGTH_TOO_SHORT); -+ goto f_err; -+ } -+ param_len += 2; -+ - n2s(p,i); -- param_len+=i+2; -- if (param_len > n) -+ -+ if (i > n - param_len) - { -- al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH); - goto f_err; - } -+ param_len += i; -+ - if (!(rsa->e=BN_bin2bn(p,i,rsa->e))) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); -@@ -1243,14 +1264,23 @@ int ssl3_get_key_exchange(SSL *s) - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB); - goto err; - } -- n2s(p,i); -- param_len=i+2; -+ -+ param_len = 2; - if (param_len > n) - { -- al=SSL_AD_DECODE_ERROR; -+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, -+ SSL_R_LENGTH_TOO_SHORT); -+ goto f_err; -+ } -+ n2s(p,i); -+ -+ if (i > n - param_len) -+ { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH); - goto f_err; - } -+ param_len += i; -+ - if (!(dh->p=BN_bin2bn(p,i,NULL))) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); -@@ -1258,14 +1288,23 @@ int ssl3_get_key_exchange(SSL *s) - } - p+=i; - -+ if (2 > n - param_len) -+ { -+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, -+ SSL_R_LENGTH_TOO_SHORT); -+ goto f_err; -+ } -+ param_len += 2; -+ - n2s(p,i); -- param_len+=i+2; -- if (param_len > n) -+ -+ if (i > n - param_len) - { -- al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH); - goto f_err; - } -+ param_len += i; -+ - if (!(dh->g=BN_bin2bn(p,i,NULL))) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); -@@ -1273,14 +1312,23 @@ int ssl3_get_key_exchange(SSL *s) - } - p+=i; - -+ if (2 > n - param_len) -+ { -+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, -+ SSL_R_LENGTH_TOO_SHORT); -+ goto f_err; -+ } -+ param_len += 2; -+ - n2s(p,i); -- param_len+=i+2; -- if (param_len > n) -+ -+ if (i > n - param_len) - { -- al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH); - goto f_err; - } -+ param_len += i; -+ - if (!(dh->pub_key=BN_bin2bn(p,i,NULL))) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); -@@ -1332,13 +1380,20 @@ int ssl3_get_key_exchange(SSL *s) - */ - - /* XXX: For now we only support named (not generic) curves -- * and the ECParameters in this case is just three bytes. -+ * and the ECParameters in this case is just three bytes. We -+ * also need one byte for the length of the encoded point - */ -- param_len=3; -- if ((param_len > n) || -- (*p != NAMED_CURVE_TYPE) || -- ((curve_nid = curve_id2nid(*(p + 2))) == 0)) -+ param_len=4; -+ if (param_len > n) - { -+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, -+ SSL_R_LENGTH_TOO_SHORT); -+ goto f_err; -+ } -+ -+ if ((*p != NAMED_CURVE_TYPE) || -+ ((curve_nid = curve_id2nid(*(p + 2))) == 0)) -+ { - al=SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); - goto f_err; -@@ -1379,15 +1434,15 @@ int ssl3_get_key_exchange(SSL *s) - - encoded_pt_len = *p; /* length of encoded point */ - p+=1; -- param_len += (1 + encoded_pt_len); -- if ((param_len > n) || -+ -+ if ((encoded_pt_len > n - param_len) || - (EC_POINT_oct2point(group, srvr_ecpoint, - p, encoded_pt_len, bn_ctx) == 0)) - { -- al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT); - goto f_err; - } -+ param_len += encoded_pt_len; - - n-=param_len; - p+=encoded_pt_len; -@@ -1438,10 +1493,10 @@ int ssl3_get_key_exchange(SSL *s) - n-=2; - j=EVP_PKEY_size(pkey); - -+ /* Check signature length. If n is 0 then signature is empty */ - if ((i != n) || (n > j) || (n <= 0)) - { - /* wrong packet length */ -- al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH); - goto f_err; - } -@@ -1450,6 +1505,7 @@ int ssl3_get_key_exchange(SSL *s) - if (pkey->type == EVP_PKEY_RSA) - { - int num; -+ unsigned int size; - - j=0; - q=md_buf; -@@ -1462,9 +1518,9 @@ int ssl3_get_key_exchange(SSL *s) - EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx,param,param_len); -- EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i); -- q+=i; -- j+=i; -+ EVP_DigestFinal_ex(&md_ctx,q,&size); -+ q+=size; -+ j+=size; - } - i=RSA_verify(NID_md5_sha1, md_buf, j, p, n, - pkey->pkey.rsa); -@@ -1535,7 +1591,6 @@ int ssl3_get_key_exchange(SSL *s) - } - if (n != 0) - { -- al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE); - goto f_err; - } -Index: crypto/openssl/ssl/s3_pkt.c -=================================================================== ---- crypto/openssl/ssl/s3_pkt.c (revision 279126) -+++ crypto/openssl/ssl/s3_pkt.c (working copy) -@@ -110,6 +110,7 @@ - */ - - #include <stdio.h> -+#include <limits.h> - #include <errno.h> - #define USE_SOCKETS - #include "ssl_locl.h" -@@ -230,6 +231,12 @@ int ssl3_read_n(SSL *s, int n, int max, int extend - return(n); - } - -+/* MAX_EMPTY_RECORDS defines the number of consecutive, empty records that will -+ * be processed per call to ssl3_get_record. Without this limit an attacker -+ * could send empty records at a faster rate than we can process and cause -+ * ssl3_get_record to loop forever. */ -+#define MAX_EMPTY_RECORDS 32 -+ - /* Call this to get a new input record. - * It will return <= 0 if more data is needed, normally due to an error - * or non-blocking IO. -@@ -250,6 +257,7 @@ static int ssl3_get_record(SSL *s) - short version; - unsigned mac_size, orig_len; - size_t extra; -+ unsigned empty_record_count = 0; - - rr= &(s->s3->rrec); - sess=s->session; -@@ -477,7 +485,17 @@ printf("\n"); - s->packet_length=0; - - /* just read a 0 length packet */ -- if (rr->length == 0) goto again; -+ if (rr->length == 0) -+ { -+ empty_record_count++; -+ if (empty_record_count > MAX_EMPTY_RECORDS) -+ { -+ al=SSL_AD_UNEXPECTED_MESSAGE; -+ SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_RECORD_TOO_SMALL); -+ goto f_err; -+ } -+ goto again; -+ } - - return(1); - -@@ -535,7 +553,7 @@ int ssl3_write_bytes(SSL *s, int type, const void - int i,tot; - - s->rwstate=SSL_NOTHING; -- OPENSSL_assert(s->s3->wnum < INT_MAX); -+ OPENSSL_assert(s->s3->wnum <= INT_MAX); - tot=s->s3->wnum; - s->s3->wnum=0; - -@@ -839,7 +857,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned cha - if (!ssl3_setup_buffers(s)) - return(-1); - -- if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) || -+ if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE)) || - (peek && (type != SSL3_RT_APPLICATION_DATA))) - { - SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); -Index: crypto/openssl/ssl/s3_srvr.c -=================================================================== ---- crypto/openssl/ssl/s3_srvr.c (revision 279126) -+++ crypto/openssl/ssl/s3_srvr.c (working copy) -@@ -128,6 +128,7 @@ - #include <stdio.h> - #include "ssl_locl.h" - #include "kssl_lcl.h" -+#include "../crypto/constant_time_locl.h" - #include <openssl/buffer.h> - #include <openssl/rand.h> - #include <openssl/objects.h> -@@ -1816,6 +1817,10 @@ int ssl3_get_client_key_exchange(SSL *s) - #ifndef OPENSSL_NO_RSA - if (l & SSL_kRSA) - { -+ unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH]; -+ int decrypt_len; -+ unsigned char decrypt_good, version_good; -+ - /* FIX THIS UP EAY EAY EAY EAY */ - if (s->s3->tmp.use_rsa_tmp) - { -@@ -1864,54 +1869,61 @@ int ssl3_get_client_key_exchange(SSL *s) - n=i; - } - -- i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); -+ /* We must not leak whether a decryption failure occurs because -+ * of Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see -+ * RFC 2246, section 7.4.7.1). The code follows that advice of -+ * the TLS RFC and generates a random premaster secret for the -+ * case that the decrypt fails. See -+ * https://tools.ietf.org/html/rfc5246#section-7.4.7.1 */ - -- al = -1; -- -- if (i != SSL_MAX_MASTER_KEY_LENGTH) -+ /* should be RAND_bytes, but we cannot work around a failure. */ -+ if (RAND_pseudo_bytes(rand_premaster_secret, -+ sizeof(rand_premaster_secret)) <= 0) -+ goto err; -+ decrypt_len = RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); -+ ERR_clear_error(); -+ -+ /* decrypt_len should be SSL_MAX_MASTER_KEY_LENGTH. -+ * decrypt_good will be 0xff if so and zero otherwise. */ -+ decrypt_good = constant_time_eq_int_8(decrypt_len, SSL_MAX_MASTER_KEY_LENGTH); -+ -+ /* If the version in the decrypted pre-master secret is correct -+ * then version_good will be 0xff, otherwise it'll be zero. -+ * The Klima-Pokorny-Rosa extension of Bleichenbacher's attack -+ * (http://eprint.iacr.org/2003/052/) exploits the version -+ * number check as a "bad version oracle". Thus version checks -+ * are done in constant time and are treated like any other -+ * decryption error. */ -+ version_good = constant_time_eq_8(p[0], (unsigned)(s->client_version>>8)); -+ version_good &= constant_time_eq_8(p[1], (unsigned)(s->client_version&0xff)); -+ -+ /* The premaster secret must contain the same version number as -+ * the ClientHello to detect version rollback attacks -+ * (strangely, the protocol does not offer such protection for -+ * DH ciphersuites). However, buggy clients exist that send the -+ * negotiated protocol version instead if the server does not -+ * support the requested protocol version. If -+ * SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */ -+ if (s->options & SSL_OP_TLS_ROLLBACK_BUG) - { -- al=SSL_AD_DECODE_ERROR; -- /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */ -+ unsigned char workaround_good; -+ workaround_good = constant_time_eq_8(p[0], (unsigned)(s->version>>8)); -+ workaround_good &= constant_time_eq_8(p[1], (unsigned)(s->version&0xff)); -+ version_good |= workaround_good; - } - -- if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) -+ /* Both decryption and version must be good for decrypt_good -+ * to remain non-zero (0xff). */ -+ decrypt_good &= version_good; -+ -+ /* Now copy rand_premaster_secret over p using -+ * decrypt_good_mask. */ -+ for (i = 0; i < (int) sizeof(rand_premaster_secret); i++) - { -- /* The premaster secret must contain the same version number as the -- * ClientHello to detect version rollback attacks (strangely, the -- * protocol does not offer such protection for DH ciphersuites). -- * However, buggy clients exist that send the negotiated protocol -- * version instead if the server does not support the requested -- * protocol version. -- * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */ -- if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) && -- (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) -- { -- al=SSL_AD_DECODE_ERROR; -- /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */ -- -- /* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack -- * (http://eprint.iacr.org/2003/052/) exploits the version -- * number check as a "bad version oracle" -- an alert would -- * reveal that the plaintext corresponding to some ciphertext -- * made up by the adversary is properly formatted except -- * that the version number is wrong. To avoid such attacks, -- * we should treat this just like any other decryption error. */ -- } -+ p[i] = constant_time_select_8(decrypt_good, p[i], -+ rand_premaster_secret[i]); - } - -- if (al != -1) -- { -- /* Some decryption failure -- use random value instead as countermeasure -- * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding -- * (see RFC 2246, section 7.4.7.1). */ -- ERR_clear_error(); -- i = SSL_MAX_MASTER_KEY_LENGTH; -- p[0] = s->client_version >> 8; -- p[1] = s->client_version & 0xff; -- if (RAND_pseudo_bytes(p+2, i-2) <= 0) /* should be RAND_bytes, but we cannot work around a failure */ -- goto err; -- } -- - s->session->master_key_length= - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, -@@ -2368,7 +2380,7 @@ int ssl3_get_cert_verify(SSL *s) - SSL3_ST_SR_CERT_VRFY_A, - SSL3_ST_SR_CERT_VRFY_B, - -1, -- 514, /* 514? */ -+ SSL3_RT_MAX_PLAIN_LENGTH, - &ok); - - if (!ok) return((int)n); -Index: crypto/openssl/ssl/ssl.h -=================================================================== ---- crypto/openssl/ssl/ssl.h (revision 279126) -+++ crypto/openssl/ssl/ssl.h (working copy) -@@ -563,8 +563,13 @@ typedef struct ssl_session_st - /* Don't attempt to automatically build certificate chain */ - #define SSL_MODE_NO_AUTO_CHAIN 0x00000008L - /* Send TLS_FALLBACK_SCSV in the ClientHello. -- * To be set by applications that reconnect with a downgraded protocol -- * version; see draft-ietf-tls-downgrade-scsv-00 for details. */ -+ * To be set only by applications that reconnect with a downgraded protocol -+ * version; see draft-ietf-tls-downgrade-scsv-00 for details. -+ * -+ * DO NOT ENABLE THIS if your application attempts a normal handshake. -+ * Only use this in explicit fallback retries, following the guidance -+ * in draft-ietf-tls-downgrade-scsv-00. -+ */ - #define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L - - -Index: crypto/openssl/ssl/ssl_ciph.c -=================================================================== ---- crypto/openssl/ssl/ssl_ciph.c (revision 279126) -+++ crypto/openssl/ssl/ssl_ciph.c (working copy) -@@ -390,7 +390,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const - break; - } - -- if ((i < 0) || (i > SSL_ENC_NUM_IDX)) -+ if ((i < 0) || (i >= SSL_ENC_NUM_IDX)) - *enc=NULL; - else - { -@@ -412,7 +412,7 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const - i= -1; - break; - } -- if ((i < 0) || (i > SSL_MD_NUM_IDX)) -+ if ((i < 0) || (i >= SSL_MD_NUM_IDX)) - *md=NULL; - else - *md=ssl_digest_methods[i]; -Index: crypto/openssl/ssl/ssl_lib.c -=================================================================== ---- crypto/openssl/ssl/ssl_lib.c (revision 279126) -+++ crypto/openssl/ssl/ssl_lib.c (working copy) -@@ -1401,6 +1401,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INAPPROPRIATE_FALLBACK); - goto err; - } -+ p += n; - continue; - } - -Index: crypto/openssl/ssl/ssl_stat.c -=================================================================== ---- crypto/openssl/ssl/ssl_stat.c (revision 279126) -+++ crypto/openssl/ssl/ssl_stat.c (working copy) -@@ -186,7 +186,6 @@ case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certi - case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break; - #endif - --#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) - /* SSLv2/v3 compatibility states */ - /* client */ - case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break; -@@ -196,7 +195,6 @@ case SSL23_ST_CR_SRVR_HELLO_B: str="SSLv2/v3 read - /* server */ - case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break; - case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break; --#endif - - /* DTLS */ - case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break; -@@ -340,7 +338,6 @@ case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break - case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break; - #endif - --#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) - /* SSLv2/v3 compatibility states */ - /* client */ - case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break; -@@ -350,7 +347,7 @@ case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; bre - /* server */ - case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break; - case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break; --#endif -+ - /* DTLS */ - case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break; - case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break; -Index: crypto/openssl/ssl/t1_lib.c -=================================================================== ---- crypto/openssl/ssl/t1_lib.c (revision 279126) -+++ crypto/openssl/ssl/t1_lib.c (working copy) -@@ -1117,7 +1117,11 @@ static int tls_decrypt_ticket(SSL *s, const unsign - } - EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen); - if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) -+ { -+ EVP_CIPHER_CTX_cleanup(&ctx); -+ OPENSSL_free(sdec); - goto tickerr; -+ } - slen += mlen; - EVP_CIPHER_CTX_cleanup(&ctx); - p = sdec; -Index: crypto/openssl/test/Makefile -=================================================================== ---- crypto/openssl/test/Makefile (revision 279126) -+++ crypto/openssl/test/Makefile (working copy) -@@ -72,6 +72,7 @@ FIPS_DSATEST= fips_dsatest - FIPS_DSSVS= fips_dssvs - FIPS_RNGVS= fips_rngvs - FIPS_TEST_SUITE=fips_test_suite -+CONSTTIMETEST= constant_time_test - - TESTS= alltests - -@@ -88,7 +89,8 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(EC - $(FIPS_HMACTEST)$(EXE_EXT) $(FIPS_RSAVTEST)$(EXE_EXT) \ - $(FIPS_RSASTEST)$(EXE_EXT) $(FIPS_RSAGTEST)$(EXE_EXT) \ - $(FIPS_DSSVS)$(EXE_EXT) $(FIPS_DSATEST)$(EXE_EXT) \ -- $(FIPS_RNGVS)$(EXE_EXT) $(FIPS_TEST_SUITE)$(EXE_EXT) jpaketest$(EXE_EXT) -+ $(FIPS_RNGVS)$(EXE_EXT) $(FIPS_TEST_SUITE)$(EXE_EXT) \ -+ jpaketest$(EXE_EXT) $(CONSTTIMETEST)$(EXE_EXT) - - # $(METHTEST)$(EXE_EXT) - -@@ -105,7 +107,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECD - $(FIPS_AESTEST).o $(FIPS_HMACTEST).o $(FIPS_RSAVTEST).o \ - $(FIPS_RSASTEST).o $(FIPS_RSAGTEST).o \ - $(FIPS_DSSVS).o $(FIPS_DSATEST).o $(FIPS_RNGVS).o $(FIPS_TEST_SUITE).o \ -- jpaketest.o -+ jpaketest.o $(CONSTTIMETEST).o - - SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ - $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ -@@ -119,7 +121,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECD - $(FIPS_AESTEST).c $(FIPS_HMACTEST).c $(FIPS_RSAVTEST).c \ - $(FIPS_RSASTEST).c $(FIPS_RSAGTEST).c \ - $(FIPS_DSSVS).c $(FIPS_DSATEST).c $(FIPS_RNGVS).c $(FIPS_TEST_SUITE).c \ -- jpaketest.c -+ jpaketest.c $(CONSTTIMETEST).c - - EXHEADER= - HEADER= $(EXHEADER) -@@ -161,7 +163,8 @@ alltests: \ - test_rand test_bn test_ec test_ecdsa test_ecdh \ - test_enc test_x509 test_rsa test_crl test_sid \ - test_gen test_req test_pkcs7 test_verify test_dh test_dsa \ -- test_ss test_ca test_engine test_evp test_ssl test_ige test_jpake -+ test_ss test_ca test_engine test_evp test_ssl test_ige test_jpake \ -+ test_constant_time - - test_evp: - ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt -@@ -333,6 +336,10 @@ test_jpake: jpaketest$(EXE_EXT) - @echo "Test JPAKE" - ../util/shlib_wrap.sh ./jpaketest - -+test_constant_time: $(CONSTTIMETEST)$(EXE_EXT) -+ @echo "Test constant time utilites" -+ ../util/shlib_wrap.sh ./$(CONSTTIMETEST) -+ - lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -@@ -527,6 +534,9 @@ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO) - jpaketest$(EXE_EXT): jpaketest.o $(DLIBCRYPTO) - @target=jpaketest; $(BUILD_CMD) - -+$(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o -+ @target=$(CONSTTIMETEST) $(BUILD_CMD) -+ - #$(AESTEST).o: $(AESTEST).c - # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c - -@@ -561,6 +571,9 @@ bntest.o: ../include/openssl/symhacks.h ../include - bntest.o: ../include/openssl/x509_vfy.h bntest.c - casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h - casttest.o: ../include/openssl/opensslconf.h casttest.c -+constant_time_test.o: ../crypto/constant_time_locl.h ../e_os.h -+constant_time_test.o: ../include/openssl/e_os2.h -+constant_time_test.o: ../include/openssl/opensslconf.h constant_time_test.c - destest.o: ../include/openssl/des.h ../include/openssl/des_old.h - destest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h - destest.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -Index: crypto/openssl/test/constant_time_test.c -=================================================================== ---- crypto/openssl/test/constant_time_test.c (revision 0) -+++ crypto/openssl/test/constant_time_test.c (working copy) -@@ -0,0 +1 @@ -+link ../crypto/constant_time_test.c -\ No newline at end of file -Index: crypto/openssl/util/mk1mf.pl -=================================================================== ---- crypto/openssl/util/mk1mf.pl (revision 279126) -+++ crypto/openssl/util/mk1mf.pl (working copy) -@@ -786,12 +786,6 @@ foreach (values %lib_nam) - $lib_obj=$lib_obj{$_}; - local($slib)=$shlib; - -- if (($_ eq "SSL") && $no_ssl2 && $no_ssl3) -- { -- $rules.="\$(O_SSL):\n\n"; -- next; -- } -- - if ((!$fips && ($_ eq "CRYPTO")) || ($fips && ($_ eq "FIPS"))) - { - if ($cpuid_asm_obj ne "") -Index: crypto/openssl/util/mkerr.pl -=================================================================== ---- crypto/openssl/util/mkerr.pl (revision 279126) -+++ crypto/openssl/util/mkerr.pl (working copy) -@@ -698,7 +698,7 @@ foreach (keys %rcodes) { - push (@runref, $_) unless exists $urcodes{$_}; - } - --if($debug && defined(@funref) ) { -+if($debug && @funref) { - print STDERR "The following function codes were not referenced:\n"; - foreach(sort @funref) - { -@@ -706,7 +706,7 @@ foreach (keys %rcodes) { - } - } - --if($debug && defined(@runref) ) { -+if($debug && @runref) { - print STDERR "The following reason codes were not referenced:\n"; - foreach(sort @runref) - { -Index: secure/lib/libcrypto/Makefile -=================================================================== ---- secure/lib/libcrypto/Makefile (revision 279126) -+++ secure/lib/libcrypto/Makefile (working copy) -@@ -239,8 +239,8 @@ SRCS+= p12_add.c p12_asn.c p12_attr.c p12_crpt.c p - INCS+= pkcs12.h pkcs7.h - - # pkcs7 --SRCS+= example.c pk7_asn1.c pk7_attr.c pk7_dgst.c pk7_doit.c \ -- pk7_lib.c pk7_mime.c pk7_smime.c pkcs7err.c -+SRCS+= pk7_asn1.c pk7_attr.c pk7_dgst.c pk7_doit.c pk7_lib.c \ -+ pk7_mime.c pk7_smime.c pkcs7err.c - - # pqueue - SRCS+= pqueue.c -Index: secure/lib/libcrypto/Makefile.inc -=================================================================== ---- secure/lib/libcrypto/Makefile.inc (revision 279126) -+++ secure/lib/libcrypto/Makefile.inc (working copy) -@@ -3,8 +3,8 @@ - .include <bsd.own.mk> - - # OpenSSL version used for manual page generation --OPENSSL_VER= 0.9.8za --OPENSSL_DATE= 2014-06-05 -+OPENSSL_VER= 0.9.8zd -+OPENSSL_DATE= 2015-01-08 - - LCRYPTO_SRC= ${.CURDIR}/../../../crypto/openssl - LCRYPTO_DOC= ${.CURDIR}/../../../crypto/openssl/doc -Index: secure/lib/libcrypto/man/ASN1_OBJECT_new.3 -=================================================================== ---- secure/lib/libcrypto/man/ASN1_OBJECT_new.3 (revision 279126) -+++ secure/lib/libcrypto/man/ASN1_OBJECT_new.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ASN1_OBJECT_new 3" --.TH ASN1_OBJECT_new 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ASN1_OBJECT_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -142,7 +151,7 @@ ASN1_OBJECT_new, ASN1_OBJECT_free, \- object alloc - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" - The \s-1ASN1_OBJECT\s0 allocation routines, allocate and free an --\&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0. -+\&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1 OBJECT IDENTIFIER.\s0 - .PP - \&\fIASN1_OBJECT_new()\fR allocates and initializes a \s-1ASN1_OBJECT\s0 structure. - .PP -Index: secure/lib/libcrypto/man/ASN1_STRING_length.3 -=================================================================== ---- secure/lib/libcrypto/man/ASN1_STRING_length.3 (revision 279126) -+++ secure/lib/libcrypto/man/ASN1_STRING_length.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ASN1_STRING_length 3" --.TH ASN1_STRING_length 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ASN1_STRING_length 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -193,7 +202,7 @@ utility functions should be used instead. - In general it cannot be assumed that the data returned by \fIASN1_STRING_data()\fR - is null terminated or does not contain embedded nulls. The actual format - of the data will depend on the actual string type itself: for example --for and IA5String the data will be \s-1ASCII\s0, for a BMPString two bytes per -+for and IA5String the data will be \s-1ASCII,\s0 for a BMPString two bytes per - character in big endian format, UTF8String will be in \s-1UTF8\s0 format. - .PP - Similar care should be take to ensure the data is in the correct format -Index: secure/lib/libcrypto/man/ASN1_STRING_new.3 -=================================================================== ---- secure/lib/libcrypto/man/ASN1_STRING_new.3 (revision 279126) -+++ secure/lib/libcrypto/man/ASN1_STRING_new.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ASN1_STRING_new 3" --.TH ASN1_STRING_new 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ASN1_STRING_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 -=================================================================== ---- secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 (revision 279126) -+++ secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ASN1_STRING_print_ex 3" --.TH ASN1_STRING_print_ex 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ASN1_STRING_print_ex 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -150,7 +159,7 @@ the options \fBflags\fR. \fIASN1_STRING_print_ex_f - to \fBfp\fR instead. - .PP - \&\fIASN1_STRING_print()\fR prints \fBstr\fR to \fBout\fR but using a different format to --\&\fIASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR\s0, \s-1LF\s0) -+\&\fIASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR, LF\s0) - with '.'. - .SH "NOTES" - .IX Header "NOTES" -@@ -157,7 +166,7 @@ with '.'. - \&\fIASN1_STRING_print()\fR is a legacy function which should be avoided in new applications. - .PP - Although there are a large number of options frequently \fB\s-1ASN1_STRFLGS_RFC2253\s0\fR is --suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLGS_RFC2253\s0 & ~ASN1_STRFLGS_ESC_MSB\fR. -+suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLGS_RFC2253 &\s0 ~ASN1_STRFLGS_ESC_MSB\fR. - .PP - The complete set of supported options for \fBflags\fR is listed below. - .PP -@@ -189,7 +198,7 @@ all: everything is assumed to be one byte per char - debugging purposes and can result in confusing output in multi character strings. - .PP - If \fB\s-1ASN1_STRFLGS_SHOW_TYPE\s0\fR is set then the string type itself is printed out --before its value (for example \*(L"\s-1BMPSTRING\s0\*(R"), this actually uses \fIASN1_tag2str()\fR. -+before its value (for example \*(L"\s-1BMPSTRING\*(R"\s0), this actually uses \fIASN1_tag2str()\fR. - .PP - The content of a string instead of being interpreted can be \*(L"dumped\*(R": this just - outputs the value of the string using the form #XXXX using hex format for each -@@ -197,7 +206,7 @@ octet. - .PP - If \fB\s-1ASN1_STRFLGS_DUMP_ALL\s0\fR is set then any type is dumped. - .PP --Normally non character string types (such as \s-1OCTET\s0 \s-1STRING\s0) are assumed to be -+Normally non character string types (such as \s-1OCTET STRING\s0) are assumed to be - one byte per character, if \fB\s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0\fR is set then they will - be dumped instead. - .PP -@@ -205,10 +214,10 @@ When a type is dumped normally just the content oc - \&\fB\s-1ASN1_STRFLGS_DUMP_DER\s0\fR is set then the complete encoding is dumped - instead (including tag and length octets). - .PP --\&\fB\s-1ASN1_STRFLGS_RFC2253\s0\fR includes all the flags required by \s-1RFC2253\s0. It is -+\&\fB\s-1ASN1_STRFLGS_RFC2253\s0\fR includes all the flags required by \s-1RFC2253.\s0 It is - equivalent to: - \s-1ASN1_STRFLGS_ESC_2253\s0 | \s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | -- \s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0 \s-1ASN1_STRFLGS_DUMP_DER\s0 -+ \s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER\s0 - .SH "SEE ALSO" - .IX Header "SEE ALSO" - \&\fIX509_NAME_print_ex\fR\|(3), -Index: secure/lib/libcrypto/man/ASN1_generate_nconf.3 -=================================================================== ---- secure/lib/libcrypto/man/ASN1_generate_nconf.3 (revision 279126) -+++ secure/lib/libcrypto/man/ASN1_generate_nconf.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ASN1_generate_nconf 3" --.TH ASN1_generate_nconf 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ASN1_generate_nconf 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -162,7 +171,7 @@ is: - That is zero or more comma separated modifiers followed by a type - followed by an optional colon and a value. The formats of \fBtype\fR, - \&\fBvalue\fR and \fBmodifier\fR are explained below. --.SS "\s-1SUPPORTED\s0 \s-1TYPES\s0" -+.SS "\s-1SUPPORTED TYPES\s0" - .IX Subsection "SUPPORTED TYPES" - The supported types are listed below. Unless otherwise specified - only the \fB\s-1ASCII\s0\fR format is permissible. -@@ -177,46 +186,46 @@ are acceptable. - Encode the \fB\s-1NULL\s0\fR type, the \fBvalue\fR string must not be present. - .IP "\fB\s-1INTEGER\s0\fR, \fB\s-1INT\s0\fR" 2 - .IX Item "INTEGER, INT" --Encodes an \s-1ASN1\s0 \fB\s-1INTEGER\s0\fR type. The \fBvalue\fR string represents --the value of the integer, it can be preceeded by a minus sign and -+Encodes an \s-1ASN1 \s0\fB\s-1INTEGER\s0\fR type. The \fBvalue\fR string represents -+the value of the integer, it can be preceded by a minus sign and - is normally interpreted as a decimal value unless the prefix \fB0x\fR - is included. - .IP "\fB\s-1ENUMERATED\s0\fR, \fB\s-1ENUM\s0\fR" 2 - .IX Item "ENUMERATED, ENUM" --Encodes the \s-1ASN1\s0 \fB\s-1ENUMERATED\s0\fR type, it is otherwise identical to -+Encodes the \s-1ASN1 \s0\fB\s-1ENUMERATED\s0\fR type, it is otherwise identical to - \&\fB\s-1INTEGER\s0\fR. - .IP "\fB\s-1OBJECT\s0\fR, \fB\s-1OID\s0\fR" 2 - .IX Item "OBJECT, OID" --Encodes an \s-1ASN1\s0 \fB\s-1OBJECT\s0 \s-1IDENTIFIER\s0\fR, the \fBvalue\fR string can be -+Encodes an \s-1ASN1 \s0\fB\s-1OBJECT IDENTIFIER\s0\fR, the \fBvalue\fR string can be - a short name, a long name or numerical format. - .IP "\fB\s-1UTCTIME\s0\fR, \fB\s-1UTC\s0\fR" 2 - .IX Item "UTCTIME, UTC" --Encodes an \s-1ASN1\s0 \fBUTCTime\fR structure, the value should be in -+Encodes an \s-1ASN1 \s0\fBUTCTime\fR structure, the value should be in - the format \fB\s-1YYMMDDHHMMSSZ\s0\fR. - .IP "\fB\s-1GENERALIZEDTIME\s0\fR, \fB\s-1GENTIME\s0\fR" 2 - .IX Item "GENERALIZEDTIME, GENTIME" --Encodes an \s-1ASN1\s0 \fBGeneralizedTime\fR structure, the value should be in -+Encodes an \s-1ASN1 \s0\fBGeneralizedTime\fR structure, the value should be in - the format \fB\s-1YYYYMMDDHHMMSSZ\s0\fR. - .IP "\fB\s-1OCTETSTRING\s0\fR, \fB\s-1OCT\s0\fR" 2 - .IX Item "OCTETSTRING, OCT" --Encodes an \s-1ASN1\s0 \fB\s-1OCTET\s0 \s-1STRING\s0\fR. \fBvalue\fR represents the contents -+Encodes an \s-1ASN1 \s0\fB\s-1OCTET STRING\s0\fR. \fBvalue\fR represents the contents - of this structure, the format strings \fB\s-1ASCII\s0\fR and \fB\s-1HEX\s0\fR can be - used to specify the format of \fBvalue\fR. - .IP "\fB\s-1BITSTRING\s0\fR, \fB\s-1BITSTR\s0\fR" 2 - .IX Item "BITSTRING, BITSTR" --Encodes an \s-1ASN1\s0 \fB\s-1BIT\s0 \s-1STRING\s0\fR. \fBvalue\fR represents the contents -+Encodes an \s-1ASN1 \s0\fB\s-1BIT STRING\s0\fR. \fBvalue\fR represents the contents - of this structure, the format strings \fB\s-1ASCII\s0\fR, \fB\s-1HEX\s0\fR and \fB\s-1BITLIST\s0\fR - can be used to specify the format of \fBvalue\fR. - .Sp - If the format is anything other than \fB\s-1BITLIST\s0\fR the number of unused - bits is set to zero. --.IP "\fB\s-1UNIVERSALSTRING\s0\fR, \fB\s-1UNIV\s0\fR, \fB\s-1IA5\s0\fR, \fB\s-1IA5STRING\s0\fR, \fB\s-1UTF8\s0\fR, \fBUTF8String\fR, \fB\s-1BMP\s0\fR, \fB\s-1BMPSTRING\s0\fR, \fB\s-1VISIBLESTRING\s0\fR, \fB\s-1VISIBLE\s0\fR, \fB\s-1PRINTABLESTRING\s0\fR, \fB\s-1PRINTABLE\s0\fR, \fBT61\fR, \fBT61STRING\fR, \fB\s-1TELETEXSTRING\s0\fR, \fBGeneralString\fR" 2 --.IX Item "UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, UTF8String, BMP, BMPSTRING, VISIBLESTRING, VISIBLE, PRINTABLESTRING, PRINTABLE, T61, T61STRING, TELETEXSTRING, GeneralString" -+.IP "\fB\s-1UNIVERSALSTRING\s0\fR, \fB\s-1UNIV\s0\fR, \fB\s-1IA5\s0\fR, \fB\s-1IA5STRING\s0\fR, \fB\s-1UTF8\s0\fR, \fBUTF8String\fR, \fB\s-1BMP\s0\fR, \fB\s-1BMPSTRING\s0\fR, \fB\s-1VISIBLESTRING\s0\fR, \fB\s-1VISIBLE\s0\fR, \fB\s-1PRINTABLESTRING\s0\fR, \fB\s-1PRINTABLE\s0\fR, \fBT61\fR, \fBT61STRING\fR, \fB\s-1TELETEXSTRING\s0\fR, \fBGeneralString\fR, \fB\s-1NUMERICSTRING\s0\fR, \fB\s-1NUMERIC\s0\fR" 2 -+.IX Item "UNIVERSALSTRING, UNIV, IA5, IA5STRING, UTF8, UTF8String, BMP, BMPSTRING, VISIBLESTRING, VISIBLE, PRINTABLESTRING, PRINTABLE, T61, T61STRING, TELETEXSTRING, GeneralString, NUMERICSTRING, NUMERIC" - These encode the corresponding string types. \fBvalue\fR represents the - contents of this structure. The format can be \fB\s-1ASCII\s0\fR or \fB\s-1UTF8\s0\fR. - .IP "\fB\s-1SEQUENCE\s0\fR, \fB\s-1SEQ\s0\fR, \fB\s-1SET\s0\fR" 2 - .IX Item "SEQUENCE, SEQ, SET" --Formats the result as an \s-1ASN1\s0 \fB\s-1SEQUENCE\s0\fR or \fB\s-1SET\s0\fR type. \fBvalue\fR -+Formats the result as an \s-1ASN1 \s0\fB\s-1SEQUENCE\s0\fR or \fB\s-1SET\s0\fR type. \fBvalue\fR - should be a section name which will contain the contents. The - field names in the section are ignored and the values are in the - generated string format. If \fBvalue\fR is absent then an empty \s-1SEQUENCE\s0 -@@ -233,9 +242,9 @@ Add an explicit tag to the following structure. Th - should be followed by a colon and the tag value to use as a - decimal value. - .Sp --By following the number with \fBU\fR, \fBA\fR, \fBP\fR or \fBC\fR \s-1UNIVERSAL\s0, --\&\s-1APPLICATION\s0, \s-1PRIVATE\s0 or \s-1CONTEXT\s0 \s-1SPECIFIC\s0 tagging can be used, --the default is \s-1CONTEXT\s0 \s-1SPECIFIC\s0. -+By following the number with \fBU\fR, \fBA\fR, \fBP\fR or \fBC\fR \s-1UNIVERSAL, -+APPLICATION, PRIVATE\s0 or \s-1CONTEXT SPECIFIC\s0 tagging can be used, -+the default is \s-1CONTEXT SPECIFIC.\s0 - .IP "\fB\s-1IMPLICIT\s0\fR, \fB\s-1IMP\s0\fR" 2 - .IX Item "IMPLICIT, IMP" - This is the same as \fB\s-1EXPLICIT\s0\fR except \s-1IMPLICIT\s0 tagging is used -@@ -242,8 +251,8 @@ This is the same as \fB\s-1EXPLICIT\s0\fR except \ - instead. - .IP "\fB\s-1OCTWRAP\s0\fR, \fB\s-1SEQWRAP\s0\fR, \fB\s-1SETWRAP\s0\fR, \fB\s-1BITWRAP\s0\fR" 2 - .IX Item "OCTWRAP, SEQWRAP, SETWRAP, BITWRAP" --The following structure is surrounded by an \s-1OCTET\s0 \s-1STRING\s0, a \s-1SEQUENCE\s0, --a \s-1SET\s0 or a \s-1BIT\s0 \s-1STRING\s0 respectively. For a \s-1BIT\s0 \s-1STRING\s0 the number of unused -+The following structure is surrounded by an \s-1OCTET STRING,\s0 a \s-1SEQUENCE,\s0 -+a \s-1SET\s0 or a \s-1BIT STRING\s0 respectively. For a \s-1BIT STRING\s0 the number of unused - bits is set to zero. - .IP "\fB\s-1FORMAT\s0\fR" 2 - .IX Item "FORMAT" -@@ -252,8 +261,8 @@ by a colon and one of the strings \fB\s-1ASCII\s0\ - .Sp - If no format specifier is included then \fB\s-1ASCII\s0\fR is used. If \fB\s-1UTF8\s0\fR is - specified then the value string must be a valid \fB\s-1UTF8\s0\fR string. For \fB\s-1HEX\s0\fR the --output must be a set of hex digits. \fB\s-1BITLIST\s0\fR (which is only valid for a \s-1BIT\s0 --\&\s-1STRING\s0) is a comma separated list of the indices of the set bits, all other -+output must be a set of hex digits. \fB\s-1BITLIST\s0\fR (which is only valid for a \s-1BIT -+STRING\s0) is a comma separated list of the indices of the set bits, all other - bits are zero. - .SH "EXAMPLES" - .IX Header "EXAMPLES" -Index: secure/lib/libcrypto/man/BIO_ctrl.3 -=================================================================== ---- secure/lib/libcrypto/man/BIO_ctrl.3 (revision 279126) -+++ secure/lib/libcrypto/man/BIO_ctrl.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BIO_ctrl 3" --.TH BIO_ctrl 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BIO_ctrl 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -164,7 +173,7 @@ BIO_get_info_callback, BIO_set_info_callback \- BI - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" - \&\fIBIO_ctrl()\fR, \fIBIO_callback_ctrl()\fR, \fIBIO_ptr_ctrl()\fR and \fIBIO_int_ctrl()\fR --are \s-1BIO\s0 \*(L"control\*(R" operations taking arguments of various types. -+are \s-1BIO \s0\*(L"control\*(R" operations taking arguments of various types. - These functions are not normally called directly, various macros - are used instead. The standard macros are described below, macros - specific to a particular type of \s-1BIO\s0 are described in the specific -@@ -178,16 +187,16 @@ start of the file. - \&\fIBIO_seek()\fR resets a file related \s-1BIO\s0's (that is file descriptor and - \&\s-1FILE\s0 BIOs) file position pointer to \fBofs\fR bytes from start of file. - .PP --\&\fIBIO_tell()\fR returns the current file position of a file related \s-1BIO\s0. -+\&\fIBIO_tell()\fR returns the current file position of a file related \s-1BIO.\s0 - .PP - \&\fIBIO_flush()\fR normally writes out any internally buffered data, in some - cases it is used to signal \s-1EOF\s0 and that no more data will be written. - .PP --\&\fIBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF\s0, the precise meaning of --\&\*(L"\s-1EOF\s0\*(R" varies according to the \s-1BIO\s0 type. -+\&\fIBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF,\s0 the precise meaning of -+\&\*(L"\s-1EOF\*(R"\s0 varies according to the \s-1BIO\s0 type. - .PP --\&\fIBIO_set_close()\fR sets the \s-1BIO\s0 \fBb\fR close flag to \fBflag\fR. \fBflag\fR can --take the value \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0. Typically \s-1BIO_CLOSE\s0 is used -+\&\fIBIO_set_close()\fR sets the \s-1BIO \s0\fBb\fR close flag to \fBflag\fR. \fBflag\fR can -+take the value \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 Typically \s-1BIO_CLOSE\s0 is used - in a source/sink \s-1BIO\s0 to indicate that the underlying I/O stream should - be closed when the \s-1BIO\s0 is freed. - .PP -@@ -213,7 +222,7 @@ for success and \-1 for failure. - .PP - \&\fIBIO_set_close()\fR always returns 1. - .PP --\&\fIBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0. -+\&\fIBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 - .PP - \&\fIBIO_pending()\fR, \fIBIO_ctrl_pending()\fR, \fIBIO_wpending()\fR and \fIBIO_ctrl_wpending()\fR - return the amount of pending data. -@@ -234,10 +243,10 @@ Filter BIOs if they do not internally handle a par - operation usually pass the operation to the next \s-1BIO\s0 in the chain. - This often means there is no need to locate the required \s-1BIO\s0 for - a particular operation, it can be called on a chain and it will --be automatically passed to the relevant \s-1BIO\s0. However this can cause -+be automatically passed to the relevant \s-1BIO.\s0 However this can cause - unexpected results: for example no current filter BIOs implement - \&\fIBIO_seek()\fR, but this may still succeed if the chain ends in a \s-1FILE\s0 --or file descriptor \s-1BIO\s0. -+or file descriptor \s-1BIO.\s0 - .PP - Source/sink BIOs return an 0 if they do not recognize the \fIBIO_ctrl()\fR - operation. -Index: secure/lib/libcrypto/man/BIO_f_base64.3 -=================================================================== ---- secure/lib/libcrypto/man/BIO_f_base64.3 (revision 279126) -+++ secure/lib/libcrypto/man/BIO_f_base64.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BIO_f_base64 3" --.TH BIO_f_base64 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BIO_f_base64 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -149,7 +158,7 @@ Base64 BIOs do not support \fIBIO_gets()\fR or \fI - .PP - \&\fIBIO_flush()\fR on a base64 \s-1BIO\s0 that is being written through is - used to signal that no more data is to be encoded: this is used --to flush the final block through the \s-1BIO\s0. -+to flush the final block through the \s-1BIO.\s0 - .PP - The flag \s-1BIO_FLAGS_BASE64_NO_NL\s0 can be set with \fIBIO_set_flags()\fR - to encode the data all on one line or expect the data to be all -@@ -172,11 +181,11 @@ to standard output: - \& - \& b64 = BIO_new(BIO_f_base64()); - \& bio = BIO_new_fp(stdout, BIO_NOCLOSE); --\& bio = BIO_push(b64, bio); --\& BIO_write(bio, message, strlen(message)); --\& BIO_flush(bio); -+\& BIO_push(b64, bio); -+\& BIO_write(b64, message, strlen(message)); -+\& BIO_flush(b64); - \& --\& BIO_free_all(bio); -+\& BIO_free_all(b64); - .Ve - .PP - Read Base64 encoded data from standard input and write the decoded -@@ -190,11 +199,12 @@ data to standard output: - \& b64 = BIO_new(BIO_f_base64()); - \& bio = BIO_new_fp(stdin, BIO_NOCLOSE); - \& bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); --\& bio = BIO_push(b64, bio); --\& while((inlen = BIO_read(bio, inbuf, 512)) > 0) -+\& BIO_push(b64, bio); -+\& while((inlen = BIO_read(b64, inbuf, 512)) > 0) - \& BIO_write(bio_out, inbuf, inlen); - \& --\& BIO_free_all(bio); -+\& BIO_flush(bio_out); -+\& BIO_free_all(b64); - .Ve - .SH "BUGS" - .IX Header "BUGS" -@@ -202,7 +212,7 @@ The ambiguity of \s-1EOF\s0 in base64 encoded data - data following the base64 encoded block to be misinterpreted. - .PP - There should be some way of specifying a test that the \s-1BIO\s0 can perform --to reliably determine \s-1EOF\s0 (for example a \s-1MIME\s0 boundary). -+to reliably determine \s-1EOF \s0(for example a \s-1MIME\s0 boundary). - .SH "SEE ALSO" - .IX Header "SEE ALSO" - \&\s-1TBA\s0 -Index: secure/lib/libcrypto/man/BIO_f_buffer.3 -=================================================================== ---- secure/lib/libcrypto/man/BIO_f_buffer.3 (revision 279126) -+++ secure/lib/libcrypto/man/BIO_f_buffer.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BIO_f_buffer 3" --.TH BIO_f_buffer 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BIO_f_buffer 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -159,7 +168,7 @@ Calling \fIBIO_reset()\fR on a buffering \s-1BIO\s - .PP - \&\fIBIO_set_read_buffer_size()\fR, \fIBIO_set_write_buffer_size()\fR and \fIBIO_set_buffer_size()\fR - set the read, write or both read and write buffer sizes to \fBsize\fR. The initial --buffer size is \s-1DEFAULT_BUFFER_SIZE\s0, currently 4096. Any attempt to reduce the -+buffer size is \s-1DEFAULT_BUFFER_SIZE,\s0 currently 4096. Any attempt to reduce the - buffer size below \s-1DEFAULT_BUFFER_SIZE\s0 is ignored. Any buffered data is cleared - when the buffer is resized. - .PP -Index: secure/lib/libcrypto/man/BIO_f_cipher.3 -=================================================================== ---- secure/lib/libcrypto/man/BIO_f_cipher.3 (revision 279126) -+++ secure/lib/libcrypto/man/BIO_f_cipher.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BIO_f_cipher 3" --.TH BIO_f_cipher 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BIO_f_cipher 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -154,10 +163,10 @@ Cipher BIOs do not support \fIBIO_gets()\fR or \fI - .PP - \&\fIBIO_flush()\fR on an encryption \s-1BIO\s0 that is being written through is - used to signal that no more data is to be encrypted: this is used --to flush and possibly pad the final block through the \s-1BIO\s0. -+to flush and possibly pad the final block through the \s-1BIO.\s0 - .PP --\&\fIBIO_set_cipher()\fR sets the cipher of \s-1BIO\s0 \fBb\fR to \fBcipher\fR using key \fBkey\fR --and \s-1IV\s0 \fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for -+\&\fIBIO_set_cipher()\fR sets the cipher of \s-1BIO \s0\fBb\fR to \fBcipher\fR using key \fBkey\fR -+and \s-1IV \s0\fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for - decryption. - .PP - When reading from an encryption \s-1BIO\s0 the final block is automatically -@@ -172,7 +181,7 @@ with the standard cipher routines to set it up. Th - .SH "NOTES" - .IX Header "NOTES" - When encrypting \fIBIO_flush()\fR \fBmust\fR be called to flush the final block --through the \s-1BIO\s0. If it is not then the final block will fail a subsequent -+through the \s-1BIO.\s0 If it is not then the final block will fail a subsequent - decrypt. - .PP - When decrypting an error on the final block is signalled by a zero -@@ -181,7 +190,7 @@ by \s-1EOF\s0 will also return zero for the final - should be called to determine if the decrypt was successful. - .PP - As always, if \fIBIO_gets()\fR or \fIBIO_puts()\fR support is needed then it can --be achieved by preceding the cipher \s-1BIO\s0 with a buffering \s-1BIO\s0. -+be achieved by preceding the cipher \s-1BIO\s0 with a buffering \s-1BIO.\s0 - .SH "RETURN VALUES" - .IX Header "RETURN VALUES" - \&\fIBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. -Index: secure/lib/libcrypto/man/BIO_f_md.3 -=================================================================== ---- secure/lib/libcrypto/man/BIO_f_md.3 (revision 279126) -+++ secure/lib/libcrypto/man/BIO_f_md.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BIO_f_md 3" --.TH BIO_f_md 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BIO_f_md 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -156,9 +165,9 @@ Any data written or read through a digest \s-1BIO\ - digest calculation and returns the digest value. \fIBIO_puts()\fR is - not supported. - .PP --\&\fIBIO_reset()\fR reinitialises a digest \s-1BIO\s0. -+\&\fIBIO_reset()\fR reinitialises a digest \s-1BIO.\s0 - .PP --\&\fIBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this -+\&\fIBIO_set_md()\fR sets the message digest of \s-1BIO \s0\fBb\fR to \fBmd\fR: this - must be called to initialize a digest \s-1BIO\s0 before any data is - passed through it. It is a \fIBIO_ctrl()\fR macro. - .PP -@@ -183,7 +192,7 @@ data is passed through it. - .PP - If an application needs to call \fIBIO_gets()\fR or \fIBIO_puts()\fR through - a chain containing digest BIOs then this can be done by prepending --a buffering \s-1BIO\s0. -+a buffering \s-1BIO.\s0 - .SH "RETURN VALUES" - .IX Header "RETURN VALUES" - \&\fIBIO_f_md()\fR returns the digest \s-1BIO\s0 method. -Index: secure/lib/libcrypto/man/BIO_f_null.3 -=================================================================== ---- secure/lib/libcrypto/man/BIO_f_null.3 (revision 279126) -+++ secure/lib/libcrypto/man/BIO_f_null.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BIO_f_null 3" --.TH BIO_f_null 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BIO_f_null 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/BIO_f_ssl.3 -=================================================================== ---- secure/lib/libcrypto/man/BIO_f_ssl.3 (revision 279126) -+++ secure/lib/libcrypto/man/BIO_f_ssl.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BIO_f_ssl 3" --.TH BIO_f_ssl 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BIO_f_ssl 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -162,32 +171,32 @@ BIO_ssl_shutdown \- SSL BIO - .Ve - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" --\&\fIBIO_f_ssl()\fR returns the \s-1SSL\s0 \s-1BIO\s0 method. This is a filter \s-1BIO\s0 which --is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO\s0 \*(L"flavour\*(R" to --\&\s-1SSL\s0 I/O. -+\&\fIBIO_f_ssl()\fR returns the \s-1SSL BIO\s0 method. This is a filter \s-1BIO\s0 which -+is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO \s0\*(L"flavour\*(R" to -+\&\s-1SSL I/O. \s0 - .PP --I/O performed on an \s-1SSL\s0 \s-1BIO\s0 communicates using the \s-1SSL\s0 protocol with -+I/O performed on an \s-1SSL BIO\s0 communicates using the \s-1SSL\s0 protocol with - the SSLs read and write BIOs. If an \s-1SSL\s0 connection is not established - then an attempt is made to establish one on the first I/O call. - .PP --If a \s-1BIO\s0 is appended to an \s-1SSL\s0 \s-1BIO\s0 using \fIBIO_push()\fR it is automatically -+If a \s-1BIO\s0 is appended to an \s-1SSL BIO\s0 using \fIBIO_push()\fR it is automatically - used as the \s-1SSL\s0 BIOs read and write BIOs. - .PP --Calling \fIBIO_reset()\fR on an \s-1SSL\s0 \s-1BIO\s0 closes down any current \s-1SSL\s0 connection -+Calling \fIBIO_reset()\fR on an \s-1SSL BIO\s0 closes down any current \s-1SSL\s0 connection - by calling \fISSL_shutdown()\fR. \fIBIO_reset()\fR is then sent to the next \s-1BIO\s0 in - the chain: this will typically disconnect the underlying transport. --The \s-1SSL\s0 \s-1BIO\s0 is then reset to the initial accept or connect state. -+The \s-1SSL BIO\s0 is then reset to the initial accept or connect state. - .PP --If the close flag is set when an \s-1SSL\s0 \s-1BIO\s0 is freed then the internal -+If the close flag is set when an \s-1SSL BIO\s0 is freed then the internal - \&\s-1SSL\s0 structure is also freed using \fISSL_free()\fR. - .PP --\&\fIBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR to \fBssl\fR using -+\&\fIBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO \s0\fBb\fR to \fBssl\fR using - the close flag \fBc\fR. - .PP --\&\fIBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR, it can then be -+\&\fIBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO \s0\fBb\fR, it can then be - manipulated using the standard \s-1SSL\s0 library functions. - .PP --\&\fIBIO_set_ssl_mode()\fR sets the \s-1SSL\s0 \s-1BIO\s0 mode to \fBclient\fR. If \fBclient\fR -+\&\fIBIO_set_ssl_mode()\fR sets the \s-1SSL BIO\s0 mode to \fBclient\fR. If \fBclient\fR - is 1 client mode is set. If \fBclient\fR is 0 server mode is set. - .PP - \&\fIBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count -@@ -202,15 +211,15 @@ automatically renegotiated. - \&\fIBIO_get_num_renegotiates()\fR returns the total number of session - renegotiations due to I/O or timeout. - .PP --\&\fIBIO_new_ssl()\fR allocates an \s-1SSL\s0 \s-1BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using -+\&\fIBIO_new_ssl()\fR allocates an \s-1SSL BIO\s0 using \s-1SSL_CTX \s0\fBctx\fR and using - client mode if \fBclient\fR is non zero. - .PP - \&\fIBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an --\&\s-1SSL\s0 \s-1BIO\s0 (using \fBctx\fR) followed by a connect \s-1BIO\s0. -+\&\s-1SSL BIO \s0(using \fBctx\fR) followed by a connect \s-1BIO.\s0 - .PP - \&\fIBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting --of a buffering \s-1BIO\s0, an \s-1SSL\s0 \s-1BIO\s0 (using \fBctx\fR) and a connect --\&\s-1BIO\s0. -+of a buffering \s-1BIO,\s0 an \s-1SSL BIO \s0(using \fBctx\fR) and a connect -+\&\s-1BIO.\s0 - .PP - \&\fIBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between - \&\s-1BIO\s0 chains \fBfrom\fR and \fBto\fR. It does this by locating the -@@ -218,7 +227,7 @@ client mode if \fBclient\fR is non zero. - the internal \s-1SSL\s0 pointer. - .PP - \&\fIBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0 --chain \fBbio\fR. It does this by locating the \s-1SSL\s0 \s-1BIO\s0 in the -+chain \fBbio\fR. It does this by locating the \s-1SSL BIO\s0 in the - chain and calling \fISSL_shutdown()\fR on its internal \s-1SSL\s0 - pointer. - .PP -@@ -239,7 +248,7 @@ case where this happens is when \s-1SGC\s0 or step - .PP - In OpenSSL 0.9.6 and later the \s-1SSL\s0 flag \s-1SSL_AUTO_RETRY\s0 can be - set to disable this behaviour. That is when this flag is set --an \s-1SSL\s0 \s-1BIO\s0 using a blocking transport will never request a -+an \s-1SSL BIO\s0 using a blocking transport will never request a - retry. - .PP - Since unknown \fIBIO_ctrl()\fR operations are sent through filter -@@ -323,7 +332,7 @@ unencrypted example in \fIBIO_s_connect\fR\|(3). - .Ve - .PP - Here is a simple server example. It makes use of a buffering --\&\s-1BIO\s0 to allow lines to be read from the \s-1SSL\s0 \s-1BIO\s0 using BIO_gets. -+\&\s-1BIO\s0 to allow lines to be read from the \s-1SSL BIO\s0 using BIO_gets. - It creates a pseudo web page containing the actual request from - a client and also echoes the request to standard output. - .PP -Index: secure/lib/libcrypto/man/BIO_find_type.3 -=================================================================== ---- secure/lib/libcrypto/man/BIO_find_type.3 (revision 279126) -+++ secure/lib/libcrypto/man/BIO_find_type.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BIO_find_type 3" --.TH BIO_find_type 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BIO_find_type 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -169,7 +178,7 @@ BIO_find_type, BIO_next \- BIO chain traversal - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" - The \fIBIO_find_type()\fR searches for a \s-1BIO\s0 of a given type in a chain, starting --at \s-1BIO\s0 \fBb\fR. If \fBtype\fR is a specific type (such as \s-1BIO_TYPE_MEM\s0) then a search -+at \s-1BIO \s0\fBb\fR. If \fBtype\fR is a specific type (such as \s-1BIO_TYPE_MEM\s0) then a search - is made for a \s-1BIO\s0 of that type. If \fBtype\fR is a general type (such as - \&\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR) then the next matching \s-1BIO\s0 of the given general type is - searched for. \fIBIO_find_type()\fR returns the next matching \s-1BIO\s0 or \s-1NULL\s0 if none is -@@ -181,7 +190,7 @@ Note: not all the \fBBIO_TYPE_*\fR types above hav - in a chain or used in conjunction with \fIBIO_find_type()\fR to find all BIOs of a - certain type. - .PP --\&\fIBIO_method_type()\fR returns the type of a \s-1BIO\s0. -+\&\fIBIO_method_type()\fR returns the type of a \s-1BIO.\s0 - .SH "RETURN VALUES" - .IX Header "RETURN VALUES" - \&\fIBIO_find_type()\fR returns a matching \s-1BIO\s0 or \s-1NULL\s0 for no match. -@@ -188,7 +197,7 @@ certain type. - .PP - \&\fIBIO_next()\fR returns the next \s-1BIO\s0 in a chain. - .PP --\&\fIBIO_method_type()\fR returns the type of the \s-1BIO\s0 \fBb\fR. -+\&\fIBIO_method_type()\fR returns the type of the \s-1BIO \s0\fBb\fR. - .SH "NOTES" - .IX Header "NOTES" - \&\fIBIO_next()\fR was added to OpenSSL 0.9.6 to provide a 'clean' way to traverse a \s-1BIO\s0 -Index: secure/lib/libcrypto/man/BIO_new.3 -=================================================================== ---- secure/lib/libcrypto/man/BIO_new.3 (revision 279126) -+++ secure/lib/libcrypto/man/BIO_new.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BIO_new 3" --.TH BIO_new 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BIO_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -146,9 +155,9 @@ BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_al - .IX Header "DESCRIPTION" - The \fIBIO_new()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR. - .PP --\&\fIBIO_set()\fR sets the method of an already existing \s-1BIO\s0. -+\&\fIBIO_set()\fR sets the method of an already existing \s-1BIO.\s0 - .PP --\&\fIBIO_free()\fR frees up a single \s-1BIO\s0, \fIBIO_vfree()\fR also frees up a single \s-1BIO\s0 -+\&\fIBIO_free()\fR frees up a single \s-1BIO,\s0 \fIBIO_vfree()\fR also frees up a single \s-1BIO\s0 - but it does not return a value. Calling \fIBIO_free()\fR may also have some effect - on the underlying I/O structure, for example it may close the file being - referred to under certain circumstances. For more details see the individual -@@ -176,7 +185,7 @@ Calling \fIBIO_free_all()\fR a single \s-1BIO\s0 h - on it other than the discarded return value. - .PP - Normally the \fBtype\fR argument is supplied by a function which returns a --pointer to a \s-1BIO_METHOD\s0. There is a naming convention for such functions: -+pointer to a \s-1BIO_METHOD.\s0 There is a naming convention for such functions: - a source/sink \s-1BIO\s0 is normally called BIO_s_*() and a filter \s-1BIO\s0 - BIO_f_*(); - .SH "EXAMPLE" -Index: secure/lib/libcrypto/man/BIO_push.3 -=================================================================== ---- secure/lib/libcrypto/man/BIO_push.3 (revision 279126) -+++ secure/lib/libcrypto/man/BIO_push.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BIO_push 3" --.TH BIO_push 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BIO_push 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -141,11 +150,11 @@ BIO_push, BIO_pop \- add and remove BIOs from a ch - .Ve - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" --The \fIBIO_push()\fR function appends the \s-1BIO\s0 \fBappend\fR to \fBb\fR, it returns -+The \fIBIO_push()\fR function appends the \s-1BIO \s0\fBappend\fR to \fBb\fR, it returns - \&\fBb\fR. - .PP --\&\fIBIO_pop()\fR removes the \s-1BIO\s0 \fBb\fR from a chain and returns the next \s-1BIO\s0 --in the chain, or \s-1NULL\s0 if there is no next \s-1BIO\s0. The removed \s-1BIO\s0 then -+\&\fIBIO_pop()\fR removes the \s-1BIO \s0\fBb\fR from a chain and returns the next \s-1BIO\s0 -+in the chain, or \s-1NULL\s0 if there is no next \s-1BIO.\s0 The removed \s-1BIO\s0 then - becomes a single \s-1BIO\s0 with no association with the original chain, - it can thus be freed or attached to a different chain. - .SH "NOTES" -@@ -160,7 +169,7 @@ be noted in the descriptions of individual BIOs. - .SH "EXAMPLES" - .IX Header "EXAMPLES" - For these examples suppose \fBmd1\fR and \fBmd2\fR are digest BIOs, \fBb64\fR is --a base64 \s-1BIO\s0 and \fBf\fR is a file \s-1BIO\s0. -+a base64 \s-1BIO\s0 and \fBf\fR is a file \s-1BIO.\s0 - .PP - If the call: - .PP -@@ -168,7 +177,7 @@ If the call: - \& BIO_push(b64, f); - .Ve - .PP --is made then the new chain will be \fBb64\-chain\fR. After making the calls -+is made then the new chain will be \fBb64\-f\fR. After making the calls - .PP - .Vb 2 - \& BIO_push(md2, b64); -@@ -193,7 +202,7 @@ be written to \fBmd1\fR as before. - \&\fIBIO_push()\fR returns the end of the chain, \fBb\fR. - .PP - \&\fIBIO_pop()\fR returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next --\&\s-1BIO\s0. -+\&\s-1BIO.\s0 - .SH "SEE ALSO" - .IX Header "SEE ALSO" - \&\s-1TBA\s0 -Index: secure/lib/libcrypto/man/BIO_read.3 -=================================================================== ---- secure/lib/libcrypto/man/BIO_read.3 (revision 279126) -+++ secure/lib/libcrypto/man/BIO_read.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BIO_read 3" --.TH BIO_read 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BIO_read 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -143,7 +152,7 @@ BIO_read, BIO_write, BIO_gets, BIO_puts \- BIO I/O - .Ve - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" --\&\fIBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO\s0 \fBb\fR and places -+\&\fIBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO \s0\fBb\fR and places - the data in \fBbuf\fR. - .PP - \&\fIBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data -@@ -152,9 +161,9 @@ from the \s-1BIO\s0 of maximum length \fBlen\fR. T - however, for example \fIBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and - return the digest and other BIOs may not support \fIBIO_gets()\fR at all. - .PP --\&\fIBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO\s0 \fBb\fR. -+\&\fIBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO \s0\fBb\fR. - .PP --\&\fIBIO_puts()\fR attempts to write a null terminated string \fBbuf\fR to \s-1BIO\s0 \fBb\fR -+\&\fIBIO_puts()\fR attempts to write a null terminated string \fBbuf\fR to \s-1BIO \s0\fBb\fR - .SH "RETURN VALUES" - .IX Header "RETURN VALUES" - All these functions return either the amount of data successfully read or -@@ -182,7 +191,7 @@ See \fIBIO_should_retry\fR\|(3) for details of how - determine the cause of a retry and other I/O issues. - .PP - If the \fIBIO_gets()\fR function is not supported by a \s-1BIO\s0 then it possible to --work around this by adding a buffering \s-1BIO\s0 \fIBIO_f_buffer\fR\|(3) -+work around this by adding a buffering \s-1BIO \s0\fIBIO_f_buffer\fR\|(3) - to the chain. - .SH "SEE ALSO" - .IX Header "SEE ALSO" -Index: secure/lib/libcrypto/man/BIO_s_accept.3 -=================================================================== ---- secure/lib/libcrypto/man/BIO_s_accept.3 (revision 279126) -+++ secure/lib/libcrypto/man/BIO_s_accept.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BIO_s_accept 3" --.TH BIO_s_accept 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BIO_s_accept 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -203,18 +212,18 @@ a single call: that is it creates a new accept \s- - \&\fIBIO_set_accept_bios()\fR can be used to set a chain of BIOs which - will be duplicated and prepended to the chain when an incoming - connection is received. This is useful if, for example, a --buffering or \s-1SSL\s0 \s-1BIO\s0 is required for each connection. The -+buffering or \s-1SSL BIO\s0 is required for each connection. The - chain of BIOs must not be freed after this call, they will - be automatically freed when the accept \s-1BIO\s0 is freed. - .PP - \&\fIBIO_set_bind_mode()\fR and \fIBIO_get_bind_mode()\fR set and retrieve --the current bind mode. If \s-1BIO_BIND_NORMAL\s0 (the default) is set -+the current bind mode. If \s-1BIO_BIND_NORMAL \s0(the default) is set - then another socket cannot be bound to the same port. If - \&\s-1BIO_BIND_REUSEADDR\s0 is set then other sockets can bind to the - same port. If \s-1BIO_BIND_REUSEADDR_IF_UNUSED\s0 is set then and --attempt is first made to use \s-1BIO_BIN_NORMAL\s0, if this fails -+attempt is first made to use \s-1BIO_BIN_NORMAL,\s0 if this fails - and the port is not in use then a second attempt is made --using \s-1BIO_BIND_REUSEADDR\s0. -+using \s-1BIO_BIND_REUSEADDR.\s0 - .PP - \&\fIBIO_do_accept()\fR serves two functions. When it is first - called, after the accept \s-1BIO\s0 has been setup, it will attempt -@@ -235,7 +244,7 @@ an initial accept socket will await an incoming co - perform I/O on it. - .PP - If any additional BIOs have been set using \fIBIO_set_accept_bios()\fR --then they are placed between the socket and the accept \s-1BIO\s0, -+then they are placed between the socket and the accept \s-1BIO,\s0 - that is the chain will be accept\->otherbios\->socket. - .PP - If a server wishes to process multiple connections (as is normally -@@ -261,7 +270,7 @@ and freeing up the accept \s-1BIO\s0 after the ini - .PP - If the underlying accept socket is non-blocking and \fIBIO_do_accept()\fR is - called to await an incoming connection it is possible for --\&\fIBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT\s0. If this happens -+\&\fIBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT.\s0 If this happens - then it is an indication that an accept attempt would block: the application - should take appropriate action to wait until the underlying socket has - accepted a connection and retry the call. -Index: secure/lib/libcrypto/man/BIO_s_bio.3 -=================================================================== ---- secure/lib/libcrypto/man/BIO_s_bio.3 (revision 279126) -+++ secure/lib/libcrypto/man/BIO_s_bio.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BIO_s_bio 3" --.TH BIO_s_bio 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BIO_s_bio 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -170,7 +179,7 @@ Since \s-1BIO\s0 chains typically end in a source/ - one half of a \s-1BIO\s0 pair and have all the data processed by the chain under application - control. - .PP --One typical use of \s-1BIO\s0 pairs is to place \s-1TLS/SSL\s0 I/O under application control, this -+One typical use of \s-1BIO\s0 pairs is to place \s-1TLS/SSL I/O\s0 under application control, this - can be used when the application wishes to use a non standard transport for - \&\s-1TLS/SSL\s0 or the normal socket routines are inappropriate. - .PP -@@ -190,12 +199,12 @@ determine the amount of pending data in the read o - \&\fIBIO_destroy_pair()\fR destroys the association between two connected BIOs. Freeing - up any half of the pair will automatically destroy the association. - .PP --\&\fIBIO_shutdown_wr()\fR is used to close down a \s-1BIO\s0 \fBb\fR. After this call no further --writes on \s-1BIO\s0 \fBb\fR are allowed (they will return an error). Reads on the other -+\&\fIBIO_shutdown_wr()\fR is used to close down a \s-1BIO \s0\fBb\fR. After this call no further -+writes on \s-1BIO \s0\fBb\fR are allowed (they will return an error). Reads on the other - half of the pair will return any pending data or \s-1EOF\s0 when all pending data has - been read. - .PP --\&\fIBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO\s0 \fBb\fR to \fBsize\fR. -+\&\fIBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO \s0\fBb\fR to \fBsize\fR. - If the size is not initialized a default value is used. This is currently - 17K, sufficient for a maximum size \s-1TLS\s0 record. - .PP -@@ -205,11 +214,11 @@ If the size is not initialized a default value is - \&\fIBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR - with write buffer sizes \fBwritebuf1\fR and \fBwritebuf2\fR. If either size is - zero then the default size is used. \fIBIO_new_bio_pair()\fR does not check whether --\&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO\s0, the values are overwritten, -+\&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO,\s0 the values are overwritten, - \&\fIBIO_free()\fR is not called. - .PP - \&\fIBIO_get_write_guarantee()\fR and \fIBIO_ctrl_get_write_guarantee()\fR return the maximum --length of data that can be currently written to the \s-1BIO\s0. Writes larger than this -+length of data that can be currently written to the \s-1BIO.\s0 Writes larger than this - value will return a value from \fIBIO_write()\fR less than the amount requested or if the - buffer is full request a retry. \fIBIO_ctrl_get_write_guarantee()\fR is a function - whereas \fIBIO_get_write_guarantee()\fR is a macro. -Index: secure/lib/libcrypto/man/BIO_s_connect.3 -=================================================================== ---- secure/lib/libcrypto/man/BIO_s_connect.3 (revision 279126) -+++ secure/lib/libcrypto/man/BIO_s_connect.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BIO_s_connect 3" --.TH BIO_s_connect 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BIO_s_connect 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -180,7 +189,7 @@ Calling \fIBIO_reset()\fR on a connect \s-1BIO\s0 - connection and reset the \s-1BIO\s0 into a state where it can connect - to the same host again. - .PP --\&\fIBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL\s0, -+\&\fIBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL,\s0 - it also returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of - type (int *). - .PP -@@ -220,7 +229,7 @@ non blocking I/O is set during the connect process - \&\fIBIO_new_connect()\fR combines \fIBIO_new()\fR and \fIBIO_set_conn_hostname()\fR into - a single call: that is it creates a new connect \s-1BIO\s0 with \fBname\fR. - .PP --\&\fIBIO_do_connect()\fR attempts to connect the supplied \s-1BIO\s0. It returns 1 -+\&\fIBIO_do_connect()\fR attempts to connect the supplied \s-1BIO.\s0 It returns 1 - if the connection was established successfully. A zero or negative - value is returned if the connection could not be established, the - call \fIBIO_should_retry()\fR should be used for non blocking connect BIOs -@@ -250,7 +259,7 @@ If non blocking I/O is set then retries will be re - .PP - It addition to \fIBIO_should_read()\fR and \fIBIO_should_write()\fR it is also - possible for \fIBIO_should_io_special()\fR to be true during the initial --connection process with the reason \s-1BIO_RR_CONNECT\s0. If this is returned -+connection process with the reason \s-1BIO_RR_CONNECT.\s0 If this is returned - then this is an indication that a connection attempt would block, - the application should then take appropriate action to wait until - the underlying socket has connected and retry the call. -Index: secure/lib/libcrypto/man/BIO_s_fd.3 -=================================================================== ---- secure/lib/libcrypto/man/BIO_s_fd.3 (revision 279126) -+++ secure/lib/libcrypto/man/BIO_s_fd.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BIO_s_fd 3" --.TH BIO_s_fd 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BIO_s_fd 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -162,10 +171,10 @@ using lseek(fd, ofs, 0). - .PP - \&\fIBIO_tell()\fR returns the current file position by calling lseek(fd, 0, 1). - .PP --\&\fIBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close -+\&\fIBIO_set_fd()\fR sets the file descriptor of \s-1BIO \s0\fBb\fR to \fBfd\fR and the close - flag to \fBc\fR. - .PP --\&\fIBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL\s0, it also -+\&\fIBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL,\s0 it also - returns the file descriptor. If \fBc\fR is not \s-1NULL\s0 it should be of type - (int *). - .PP -Index: secure/lib/libcrypto/man/BIO_s_file.3 -=================================================================== ---- secure/lib/libcrypto/man/BIO_s_file.3 (revision 279126) -+++ secure/lib/libcrypto/man/BIO_s_file.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BIO_s_file 3" --.TH BIO_s_file 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BIO_s_file 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -154,7 +163,7 @@ BIO_rw_filename \- FILE bio - .IX Header "DESCRIPTION" - \&\fIBIO_s_file()\fR returns the \s-1BIO\s0 file method. As its name implies it - is a wrapper round the stdio \s-1FILE\s0 structure and it is a --source/sink \s-1BIO\s0. -+source/sink \s-1BIO.\s0 - .PP - Calls to \fIBIO_read()\fR and \fIBIO_write()\fR read and write data to the - underlying stream. \fIBIO_gets()\fR and \fIBIO_puts()\fR are supported on file BIOs. -@@ -175,10 +184,10 @@ is freed. - .PP - \&\fIBIO_new_file()\fR creates a new file \s-1BIO\s0 with mode \fBmode\fR the meaning - of \fBmode\fR is the same as the stdio function \fIfopen()\fR. The \s-1BIO_CLOSE\s0 --flag is set on the returned \s-1BIO\s0. -+flag is set on the returned \s-1BIO.\s0 - .PP - \&\fIBIO_new_fp()\fR creates a file \s-1BIO\s0 wrapping \fBstream\fR. Flags can be: --\&\s-1BIO_CLOSE\s0, \s-1BIO_NOCLOSE\s0 (the close flag) \s-1BIO_FP_TEXT\s0 (sets the underlying -+\&\s-1BIO_CLOSE, BIO_NOCLOSE \s0(the close flag) \s-1BIO_FP_TEXT \s0(sets the underlying - stream to text mode, default is binary: this only has any effect under - Win32). - .PP -@@ -185,7 +194,7 @@ Win32). - \&\fIBIO_set_fp()\fR set the fp of a file \s-1BIO\s0 to \fBfp\fR. \fBflags\fR has the same - meaning as in \fIBIO_new_fp()\fR, it is a macro. - .PP --\&\fIBIO_get_fp()\fR retrieves the fp of a file \s-1BIO\s0, it is a macro. -+\&\fIBIO_get_fp()\fR retrieves the fp of a file \s-1BIO,\s0 it is a macro. - .PP - \&\fIBIO_seek()\fR is a macro that sets the position pointer to \fBoffset\fR bytes - from the start of file. -@@ -193,7 +202,7 @@ from the start of file. - \&\fIBIO_tell()\fR returns the value of the position pointer. - .PP - \&\fIBIO_read_filename()\fR, \fIBIO_write_filename()\fR, \fIBIO_append_filename()\fR and --\&\fIBIO_rw_filename()\fR set the file \s-1BIO\s0 \fBb\fR to use file \fBname\fR for -+\&\fIBIO_rw_filename()\fR set the file \s-1BIO \s0\fBb\fR to use file \fBname\fR for - reading, writing, append or read write respectively. - .SH "NOTES" - .IX Header "NOTES" -@@ -201,10 +210,10 @@ When wrapping stdout, stdin or stderr the underlyi - normally be closed so the \s-1BIO_NOCLOSE\s0 flag should be set. - .PP - Because the file \s-1BIO\s0 calls the underlying stdio functions any quirks --in stdio behaviour will be mirrored by the corresponding \s-1BIO\s0. -+in stdio behaviour will be mirrored by the corresponding \s-1BIO.\s0 - .SH "EXAMPLES" - .IX Header "EXAMPLES" --File \s-1BIO\s0 \*(L"hello world\*(R": -+File \s-1BIO \s0\*(L"hello world\*(R": - .PP - .Vb 3 - \& BIO *bio_out; -Index: secure/lib/libcrypto/man/BIO_s_mem.3 -=================================================================== ---- secure/lib/libcrypto/man/BIO_s_mem.3 (revision 279126) -+++ secure/lib/libcrypto/man/BIO_s_mem.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BIO_s_mem 3" --.TH BIO_s_mem 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BIO_s_mem 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -156,7 +165,7 @@ as appropriate to accommodate the stored data. - .PP - Any data written to a memory \s-1BIO\s0 can be recalled by reading from it. - Unless the memory \s-1BIO\s0 is read only any data read from it is deleted from --the \s-1BIO\s0. -+the \s-1BIO.\s0 - .PP - Memory BIOs support \fIBIO_gets()\fR and \fIBIO_puts()\fR. - .PP -@@ -167,12 +176,12 @@ Calling \fIBIO_reset()\fR on a read write memory \ - read only \s-1BIO\s0 it restores the \s-1BIO\s0 to its original state and the read only - data can be read again. - .PP --\&\fIBIO_eof()\fR is true if no data is in the \s-1BIO\s0. -+\&\fIBIO_eof()\fR is true if no data is in the \s-1BIO.\s0 - .PP - \&\fIBIO_ctrl_pending()\fR returns the number of bytes currently stored. - .PP --\&\fIBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO\s0 \fBb\fR when it is --empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF\s0 (that is -+\&\fIBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO \s0\fBb\fR when it is -+empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF \s0(that is - it will return zero and BIO_should_retry(b) will be false. If \fBv\fR is non - zero then it will return \fBv\fR when it is empty and it will set the read retry - flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal -@@ -182,7 +191,7 @@ positive return value \fBv\fR should be set to a n - and returns the total amount of data available. It is implemented as a macro. - .PP - \&\fIBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the --close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0. -+close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 - It is a macro. - .PP - \&\fIBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in \fBpp\fR. It is -@@ -192,7 +201,7 @@ a macro. - if \fBlen\fR is \-1 then the \fBbuf\fR is assumed to be null terminated and its - length is determined by \fBstrlen\fR. The \s-1BIO\s0 is set to a read only state and - as a result cannot be written to. This is useful when some data needs to be --made available from a static area of memory in the form of a \s-1BIO\s0. The -+made available from a static area of memory in the form of a \s-1BIO.\s0 The - supplied data is read directly from the supplied buffer: it is \fBnot\fR copied - first, so the supplied area of memory must be unchanged until the \s-1BIO\s0 is freed. - .SH "NOTES" -@@ -207,7 +216,7 @@ memory \s-1BIO\s0 avoids this problem. If the \s-1 - a buffering \s-1BIO\s0 to the chain will speed up the process. - .SH "BUGS" - .IX Header "BUGS" --There should be an option to set the maximum size of a memory \s-1BIO\s0. -+There should be an option to set the maximum size of a memory \s-1BIO.\s0 - .PP - There should be a way to \*(L"rewind\*(R" a read write \s-1BIO\s0 without destroying - its contents. -Index: secure/lib/libcrypto/man/BIO_s_null.3 -=================================================================== ---- secure/lib/libcrypto/man/BIO_s_null.3 (revision 279126) -+++ secure/lib/libcrypto/man/BIO_s_null.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BIO_s_null 3" --.TH BIO_s_null 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BIO_s_null 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -141,7 +150,7 @@ BIO_s_null \- null data sink - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" - \&\fIBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. Data written to --the null sink is discarded, reads return \s-1EOF\s0. -+the null sink is discarded, reads return \s-1EOF.\s0 - .SH "NOTES" - .IX Header "NOTES" - A null sink \s-1BIO\s0 behaves in a similar manner to the Unix /dev/null -Index: secure/lib/libcrypto/man/BIO_s_socket.3 -=================================================================== ---- secure/lib/libcrypto/man/BIO_s_socket.3 (revision 279126) -+++ secure/lib/libcrypto/man/BIO_s_socket.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BIO_s_socket 3" --.TH BIO_s_socket 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BIO_s_socket 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -154,10 +163,10 @@ round the platform's socket routines. - If the close flag is set then the socket is shut down and closed - when the \s-1BIO\s0 is freed. - .PP --\&\fIBIO_set_fd()\fR sets the socket of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close -+\&\fIBIO_set_fd()\fR sets the socket of \s-1BIO \s0\fBb\fR to \fBfd\fR and the close - flag to \fBclose_flag\fR. - .PP --\&\fIBIO_get_fd()\fR places the socket in \fBc\fR if it is not \s-1NULL\s0, it also -+\&\fIBIO_get_fd()\fR places the socket in \fBc\fR if it is not \s-1NULL,\s0 it also - returns the socket. If \fBc\fR is not \s-1NULL\s0 it should be of type (int *). - .PP - \&\fIBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR. -Index: secure/lib/libcrypto/man/BIO_set_callback.3 -=================================================================== ---- secure/lib/libcrypto/man/BIO_set_callback.3 (revision 279126) -+++ secure/lib/libcrypto/man/BIO_set_callback.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BIO_set_callback 3" --.TH BIO_set_callback 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BIO_set_callback 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -170,7 +179,7 @@ The \s-1BIO\s0 the callback is attached to is pass - .PP - \&\fBoper\fR is set to the operation being performed. For some operations - the callback is called twice, once before and once after the actual --operation, the latter case has \fBoper\fR or'ed with \s-1BIO_CB_RETURN\s0. -+operation, the latter case has \fBoper\fR or'ed with \s-1BIO_CB_RETURN.\s0 - .PP - The meaning of the arguments \fBargp\fR, \fBargi\fR and \fBargl\fR depends on - the value of \fBoper\fR, that is the operation being performed. -@@ -189,26 +198,26 @@ value returned to the application. - .IX Header "CALLBACK OPERATIONS" - .IP "\fBBIO_free(b)\fR" 4 - .IX Item "BIO_free(b)" --callback(b, \s-1BIO_CB_FREE\s0, \s-1NULL\s0, 0L, 0L, 1L) is called before the -+callback(b, \s-1BIO_CB_FREE, NULL, 0L, 0L, 1L\s0) is called before the - free operation. - .IP "\fBBIO_read(b, out, outl)\fR" 4 - .IX Item "BIO_read(b, out, outl)" --callback(b, \s-1BIO_CB_READ\s0, out, outl, 0L, 1L) is called before -+callback(b, \s-1BIO_CB_READ,\s0 out, outl, 0L, 1L) is called before - the read and callback(b, BIO_CB_READ|BIO_CB_RETURN, out, outl, 0L, retvalue) - after. - .IP "\fBBIO_write(b, in, inl)\fR" 4 - .IX Item "BIO_write(b, in, inl)" --callback(b, \s-1BIO_CB_WRITE\s0, in, inl, 0L, 1L) is called before -+callback(b, \s-1BIO_CB_WRITE,\s0 in, inl, 0L, 1L) is called before - the write and callback(b, BIO_CB_WRITE|BIO_CB_RETURN, in, inl, 0L, retvalue) - after. - .IP "\fBBIO_gets(b, out, outl)\fR" 4 - .IX Item "BIO_gets(b, out, outl)" --callback(b, \s-1BIO_CB_GETS\s0, out, outl, 0L, 1L) is called before -+callback(b, \s-1BIO_CB_GETS,\s0 out, outl, 0L, 1L) is called before - the operation and callback(b, BIO_CB_GETS|BIO_CB_RETURN, out, outl, 0L, retvalue) - after. - .IP "\fBBIO_puts(b, in)\fR" 4 - .IX Item "BIO_puts(b, in)" --callback(b, \s-1BIO_CB_WRITE\s0, in, 0, 0L, 1L) is called before -+callback(b, \s-1BIO_CB_WRITE,\s0 in, 0, 0L, 1L) is called before - the operation and callback(b, BIO_CB_WRITE|BIO_CB_RETURN, in, 0, 0L, retvalue) - after. - .IP "\fBBIO_ctrl(\s-1BIO\s0 *b, int cmd, long larg, void *parg)\fR" 4 -Index: secure/lib/libcrypto/man/BIO_should_retry.3 -=================================================================== ---- secure/lib/libcrypto/man/BIO_should_retry.3 (revision 279126) -+++ secure/lib/libcrypto/man/BIO_should_retry.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BIO_should_retry 3" --.TH BIO_should_retry 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BIO_should_retry 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -185,7 +194,7 @@ the reason code and the action that should be take - the type of \s-1BIO\s0 that resulted in this condition. - .PP - \&\fIBIO_get_retry_reason()\fR returns the reason for a special condition if --passed the relevant \s-1BIO\s0, for example as returned by \fIBIO_get_retry_BIO()\fR. -+passed the relevant \s-1BIO,\s0 for example as returned by \fIBIO_get_retry_BIO()\fR. - .SH "NOTES" - .IX Header "NOTES" - If \fIBIO_should_retry()\fR returns false then the precise \*(L"error condition\*(R" -@@ -193,7 +202,7 @@ depends on the \s-1BIO\s0 type that caused it and - operation. For example if a call to \fIBIO_read()\fR on a socket \s-1BIO\s0 returns - 0 and \fIBIO_should_retry()\fR is false then the cause will be that the - connection closed. A similar condition on a file \s-1BIO\s0 will mean that it --has reached \s-1EOF\s0. Some \s-1BIO\s0 types may place additional information on -+has reached \s-1EOF.\s0 Some \s-1BIO\s0 types may place additional information on - the error queue. For more details see the individual \s-1BIO\s0 type manual - pages. - .PP -@@ -201,7 +210,7 @@ If the underlying I/O structure is in a blocking m - \&\s-1BIO\s0 types will not request a retry, because the underlying I/O - calls will not. If the application knows that the \s-1BIO\s0 type will never - signal a retry then it need not call \fIBIO_should_retry()\fR after a failed --\&\s-1BIO\s0 I/O call. This is typically done with file BIOs. -+\&\s-1BIO I/O\s0 call. This is typically done with file BIOs. - .PP - \&\s-1SSL\s0 BIOs are the only current exception to this rule: they can request a - retry even if the underlying I/O structure is blocking, if a handshake -Index: secure/lib/libcrypto/man/BN_BLINDING_new.3 -=================================================================== ---- secure/lib/libcrypto/man/BN_BLINDING_new.3 (revision 279126) -+++ secure/lib/libcrypto/man/BN_BLINDING_new.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BN_BLINDING_new 3" --.TH BN_BLINDING_new 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BN_BLINDING_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -180,7 +189,7 @@ the inverse blinding. - .PP - \&\fIBN_BLINDING_convert()\fR and \fIBN_BLINDING_invert()\fR are wrapper - functions for \fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR --with \fBr\fR set to \s-1NULL\s0. -+with \fBr\fR set to \s-1NULL.\s0 - .PP - \&\fIBN_BLINDING_set_thread_id()\fR and \fIBN_BLINDING_get_thread_id()\fR - set and get the \*(L"thread id\*(R" value of the \fB\s-1BN_BLINDING\s0\fR structure, -Index: secure/lib/libcrypto/man/BN_CTX_new.3 -=================================================================== ---- secure/lib/libcrypto/man/BN_CTX_new.3 (revision 279126) -+++ secure/lib/libcrypto/man/BN_CTX_new.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BN_CTX_new 3" --.TH BN_CTX_new 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BN_CTX_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/BN_CTX_start.3 -=================================================================== ---- secure/lib/libcrypto/man/BN_CTX_start.3 (revision 279126) -+++ secure/lib/libcrypto/man/BN_CTX_start.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BN_CTX_start 3" --.TH BN_CTX_start 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BN_CTX_start 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/BN_add.3 -=================================================================== ---- secure/lib/libcrypto/man/BN_add.3 (revision 279126) -+++ secure/lib/libcrypto/man/BN_add.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BN_add 3" --.TH BN_add 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BN_add 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/BN_add_word.3 -=================================================================== ---- secure/lib/libcrypto/man/BN_add_word.3 (revision 279126) -+++ secure/lib/libcrypto/man/BN_add_word.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BN_add_word 3" --.TH BN_add_word 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BN_add_word 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/BN_bn2bin.3 -=================================================================== ---- secure/lib/libcrypto/man/BN_bn2bin.3 (revision 279126) -+++ secure/lib/libcrypto/man/BN_bn2bin.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BN_bn2bin 3" --.TH BN_bn2bin 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BN_bn2bin 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -159,7 +168,7 @@ memory. - .PP - \&\fIBN_bin2bn()\fR converts the positive integer in big-endian form of length - \&\fBlen\fR at \fBs\fR into a \fB\s-1BIGNUM\s0\fR and places it in \fBret\fR. If \fBret\fR is --\&\s-1NULL\s0, a new \fB\s-1BIGNUM\s0\fR is created. -+\&\s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created. - .PP - \&\fIBN_bn2hex()\fR and \fIBN_bn2dec()\fR return printable strings containing the - hexadecimal and decimal encoding of \fBa\fR respectively. For negative -@@ -167,8 +176,8 @@ numbers, the string is prefaced with a leading '\- - freed later using \fIOPENSSL_free()\fR. - .PP - \&\fIBN_hex2bn()\fR converts the string \fBstr\fR containing a hexadecimal number --to a \fB\s-1BIGNUM\s0\fR and stores it in **\fBbn\fR. If *\fBbn\fR is \s-1NULL\s0, a new --\&\fB\s-1BIGNUM\s0\fR is created. If \fBbn\fR is \s-1NULL\s0, it only computes the number's -+to a \fB\s-1BIGNUM\s0\fR and stores it in **\fBbn\fR. If *\fBbn\fR is \s-1NULL,\s0 a new -+\&\fB\s-1BIGNUM\s0\fR is created. If \fBbn\fR is \s-1NULL,\s0 it only computes the number's - length in hexadecimal digits. If the string starts with '\-', the - number is negative. \fIBN_dec2bn()\fR is the same using the decimal system. - .PP -@@ -188,7 +197,7 @@ calling BN_bn2mpi(\fBa\fR, \s-1NULL\s0). - .PP - \&\fIBN_mpi2bn()\fR converts the \fBlen\fR bytes long representation at \fBs\fR to - a \fB\s-1BIGNUM\s0\fR and stores it at \fBret\fR, or in a newly allocated \fB\s-1BIGNUM\s0\fR --if \fBret\fR is \s-1NULL\s0. -+if \fBret\fR is \s-1NULL.\s0 - .SH "RETURN VALUES" - .IX Header "RETURN VALUES" - \&\fIBN_bn2bin()\fR returns the length of the big-endian number placed at \fBto\fR. -Index: secure/lib/libcrypto/man/BN_cmp.3 -=================================================================== ---- secure/lib/libcrypto/man/BN_cmp.3 (revision 279126) -+++ secure/lib/libcrypto/man/BN_cmp.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BN_cmp 3" --.TH BN_cmp 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BN_cmp 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/BN_copy.3 -=================================================================== ---- secure/lib/libcrypto/man/BN_copy.3 (revision 279126) -+++ secure/lib/libcrypto/man/BN_copy.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BN_copy 3" --.TH BN_copy 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BN_copy 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/BN_generate_prime.3 -=================================================================== ---- secure/lib/libcrypto/man/BN_generate_prime.3 (revision 279126) -+++ secure/lib/libcrypto/man/BN_generate_prime.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BN_generate_prime 3" --.TH BN_generate_prime 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BN_generate_prime 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/BN_mod_inverse.3 -=================================================================== ---- secure/lib/libcrypto/man/BN_mod_inverse.3 (revision 279126) -+++ secure/lib/libcrypto/man/BN_mod_inverse.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BN_mod_inverse 3" --.TH BN_mod_inverse 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BN_mod_inverse 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -142,7 +151,7 @@ BN_mod_inverse \- compute inverse modulo n - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" - \&\fIBN_mod_inverse()\fR computes the inverse of \fBa\fR modulo \fBn\fR --places the result in \fBr\fR (\f(CW\*(C`(a*r)%n==1\*(C'\fR). If \fBr\fR is \s-1NULL\s0, -+places the result in \fBr\fR (\f(CW\*(C`(a*r)%n==1\*(C'\fR). If \fBr\fR is \s-1NULL,\s0 - a new \fB\s-1BIGNUM\s0\fR is created. - .PP - \&\fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary -Index: secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 -=================================================================== ---- secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 (revision 279126) -+++ secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BN_mod_mul_montgomery 3" --.TH BN_mod_mul_montgomery 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BN_mod_mul_montgomery 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 -=================================================================== ---- secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 (revision 279126) -+++ secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BN_mod_mul_reciprocal 3" --.TH BN_mod_mul_reciprocal 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BN_mod_mul_reciprocal 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/BN_new.3 -=================================================================== ---- secure/lib/libcrypto/man/BN_new.3 (revision 279126) -+++ secure/lib/libcrypto/man/BN_new.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BN_new 3" --.TH BN_new 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BN_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/BN_num_bytes.3 -=================================================================== ---- secure/lib/libcrypto/man/BN_num_bytes.3 (revision 279126) -+++ secure/lib/libcrypto/man/BN_num_bytes.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BN_num_bytes 3" --.TH BN_num_bytes 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BN_num_bytes 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/BN_rand.3 -=================================================================== ---- secure/lib/libcrypto/man/BN_rand.3 (revision 279126) -+++ secure/lib/libcrypto/man/BN_rand.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BN_rand 3" --.TH BN_rand 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BN_rand 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/BN_set_bit.3 -=================================================================== ---- secure/lib/libcrypto/man/BN_set_bit.3 (revision 279126) -+++ secure/lib/libcrypto/man/BN_set_bit.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BN_set_bit 3" --.TH BN_set_bit 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BN_set_bit 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/BN_swap.3 -=================================================================== ---- secure/lib/libcrypto/man/BN_swap.3 (revision 279126) -+++ secure/lib/libcrypto/man/BN_swap.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BN_swap 3" --.TH BN_swap 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BN_swap 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/BN_zero.3 -=================================================================== ---- secure/lib/libcrypto/man/BN_zero.3 (revision 279126) -+++ secure/lib/libcrypto/man/BN_zero.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "BN_zero 3" --.TH BN_zero 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH BN_zero 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/CONF_modules_free.3 -=================================================================== ---- secure/lib/libcrypto/man/CONF_modules_free.3 (revision 279126) -+++ secure/lib/libcrypto/man/CONF_modules_free.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "CONF_modules_free 3" --.TH CONF_modules_free 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH CONF_modules_free 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/CONF_modules_load_file.3 -=================================================================== ---- secure/lib/libcrypto/man/CONF_modules_load_file.3 (revision 279126) -+++ secure/lib/libcrypto/man/CONF_modules_load_file.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "CONF_modules_load_file 3" --.TH CONF_modules_load_file 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH CONF_modules_load_file 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 -=================================================================== ---- secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 (revision 279126) -+++ secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "CRYPTO_set_ex_data 3" --.TH CRYPTO_set_ex_data 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH CRYPTO_set_ex_data 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/DH_generate_key.3 -=================================================================== ---- secure/lib/libcrypto/man/DH_generate_key.3 (revision 279126) -+++ secure/lib/libcrypto/man/DH_generate_key.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "DH_generate_key 3" --.TH DH_generate_key 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH DH_generate_key 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/DH_generate_parameters.3 -=================================================================== ---- secure/lib/libcrypto/man/DH_generate_parameters.3 (revision 279126) -+++ secure/lib/libcrypto/man/DH_generate_parameters.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "DH_generate_parameters 3" --.TH DH_generate_parameters 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH DH_generate_parameters 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -191,4 +200,4 @@ a usable generator. - The \fBcb_arg\fR argument to \fIDH_generate_parameters()\fR was added in SSLeay 0.9.0. - .PP - In versions before OpenSSL 0.9.5, \s-1DH_CHECK_P_NOT_STRONG_PRIME\s0 is used --instead of \s-1DH_CHECK_P_NOT_SAFE_PRIME\s0. -+instead of \s-1DH_CHECK_P_NOT_SAFE_PRIME.\s0 -Index: secure/lib/libcrypto/man/DH_get_ex_new_index.3 -=================================================================== ---- secure/lib/libcrypto/man/DH_get_ex_new_index.3 (revision 279126) -+++ secure/lib/libcrypto/man/DH_get_ex_new_index.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "DH_get_ex_new_index 3" --.TH DH_get_ex_new_index 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH DH_get_ex_new_index 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/DH_new.3 -=================================================================== ---- secure/lib/libcrypto/man/DH_new.3 (revision 279126) -+++ secure/lib/libcrypto/man/DH_new.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "DH_new 3" --.TH DH_new 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH DH_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/DH_set_method.3 -=================================================================== ---- secure/lib/libcrypto/man/DH_set_method.3 (revision 279126) -+++ secure/lib/libcrypto/man/DH_set_method.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "DH_set_method 3" --.TH DH_set_method 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH DH_set_method 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -153,7 +162,7 @@ DH_set_method, DH_new_method, DH_OpenSSL \- select - A \fB\s-1DH_METHOD\s0\fR specifies the functions that OpenSSL uses for Diffie-Hellman - operations. By modifying the method, alternative implementations - such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for --important information about how these \s-1DH\s0 \s-1API\s0 functions are affected by the use -+important information about how these \s-1DH API\s0 functions are affected by the use - of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. - .PP - Initially, the default \s-1DH_METHOD\s0 is the OpenSSL internal implementation, as -@@ -161,15 +170,15 @@ returned by \fIDH_OpenSSL()\fR. - .PP - \&\fIDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0 - structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set --as a default for \s-1DH\s0, so this function is no longer recommended. -+as a default for \s-1DH,\s0 so this function is no longer recommended. - .PP --\&\fIDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD\s0. --However, the meaningfulness of this result is dependent on whether the \s-1ENGINE\s0 --\&\s-1API\s0 is being used, so this function is no longer recommended. -+\&\fIDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD.\s0 -+However, the meaningfulness of this result is dependent on whether the \s-1ENGINE -+API\s0 is being used, so this function is no longer recommended. - .PP - \&\fIDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR. - This will replace the \s-1DH_METHOD\s0 used by the \s-1DH\s0 key and if the previous method --was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will be released during the -+was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the - change. It is possible to have \s-1DH\s0 keys that only work with certain \s-1DH_METHOD\s0 - implementations (eg. from an \s-1ENGINE\s0 module that supports embedded - hardware-protected keys), and in such cases attempting to change the \s-1DH_METHOD\s0 -@@ -176,7 +185,7 @@ hardware-protected keys), and in such cases attemp - for the key can have unexpected results. - .PP - \&\fIDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will --be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL\s0, the default \s-1ENGINE\s0 for \s-1DH\s0 -+be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default \s-1ENGINE\s0 for \s-1DH\s0 - operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0 controlled by - \&\fIDH_set_default_method()\fR is used. - .SH "THE DH_METHOD STRUCTURE" -@@ -227,10 +236,10 @@ returns a pointer to the newly allocated structure - .SH "NOTES" - .IX Header "NOTES" - As of version 0.9.7, \s-1DH_METHOD\s0 implementations are grouped together with other --algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a --default \s-1ENGINE\s0 is specified for \s-1DH\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function, --that will override any \s-1DH\s0 defaults set using the \s-1DH\s0 \s-1API\s0 (ie. --\&\fIDH_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way -+algorithmic APIs (eg. \s-1RSA_METHOD, EVP_CIPHER,\s0 etc) in \fB\s-1ENGINE\s0\fR modules. If a -+default \s-1ENGINE\s0 is specified for \s-1DH\s0 functionality using an \s-1ENGINE API\s0 function, -+that will override any \s-1DH\s0 defaults set using the \s-1DH API \s0(ie. -+\&\fIDH_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way - to control default implementations for use in \s-1DH\s0 and other cryptographic - algorithms. - .SH "SEE ALSO" -@@ -245,8 +254,8 @@ algorithms. - \&\fIDH_set_default_method()\fR and \fIDH_get_default_method()\fR respectively, and - \&\fIDH_set_method()\fR and \fIDH_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than - \&\fB\s-1DH_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For --0.9.7, the handling of defaults in the \s-1ENGINE\s0 \s-1API\s0 was restructured so that this -+0.9.7, the handling of defaults in the \s-1ENGINE API\s0 was restructured so that this - change was reversed, and behaviour of the other functions resembled more closely --the previous behaviour. The behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now --transparently overrides the behaviour of defaults in the \s-1DH\s0 \s-1API\s0 without -+the previous behaviour. The behaviour of defaults in the \s-1ENGINE API\s0 now -+transparently overrides the behaviour of defaults in the \s-1DH API\s0 without - requiring changing these function prototypes. -Index: secure/lib/libcrypto/man/DH_size.3 -=================================================================== ---- secure/lib/libcrypto/man/DH_size.3 (revision 279126) -+++ secure/lib/libcrypto/man/DH_size.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "DH_size 3" --.TH DH_size 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH DH_size 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/DSA_SIG_new.3 -=================================================================== ---- secure/lib/libcrypto/man/DSA_SIG_new.3 (revision 279126) -+++ secure/lib/libcrypto/man/DSA_SIG_new.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "DSA_SIG_new 3" --.TH DSA_SIG_new 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH DSA_SIG_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/DSA_do_sign.3 -=================================================================== ---- secure/lib/libcrypto/man/DSA_do_sign.3 (revision 279126) -+++ secure/lib/libcrypto/man/DSA_do_sign.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "DSA_do_sign 3" --.TH DSA_do_sign 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH DSA_do_sign 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/DSA_dup_DH.3 -=================================================================== ---- secure/lib/libcrypto/man/DSA_dup_DH.3 (revision 279126) -+++ secure/lib/libcrypto/man/DSA_dup_DH.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "DSA_dup_DH 3" --.TH DSA_dup_DH 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH DSA_dup_DH 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/DSA_generate_key.3 -=================================================================== ---- secure/lib/libcrypto/man/DSA_generate_key.3 (revision 279126) -+++ secure/lib/libcrypto/man/DSA_generate_key.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "DSA_generate_key 3" --.TH DSA_generate_key 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH DSA_generate_key 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/DSA_generate_parameters.3 -=================================================================== ---- secure/lib/libcrypto/man/DSA_generate_parameters.3 (revision 279126) -+++ secure/lib/libcrypto/man/DSA_generate_parameters.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "DSA_generate_parameters 3" --.TH DSA_generate_parameters 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH DSA_generate_parameters 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -143,7 +152,7 @@ DSA_generate_parameters \- generate DSA parameters - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" - \&\fIDSA_generate_parameters()\fR generates primes p and q and a generator g --for use in the \s-1DSA\s0. -+for use in the \s-1DSA.\s0 - .PP - \&\fBbits\fR is the length of the prime to be generated; the \s-1DSS\s0 allows a - maximum of 1024 bits. -Index: secure/lib/libcrypto/man/DSA_get_ex_new_index.3 -=================================================================== ---- secure/lib/libcrypto/man/DSA_get_ex_new_index.3 (revision 279126) -+++ secure/lib/libcrypto/man/DSA_get_ex_new_index.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "DSA_get_ex_new_index 3" --.TH DSA_get_ex_new_index 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH DSA_get_ex_new_index 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/DSA_new.3 -=================================================================== ---- secure/lib/libcrypto/man/DSA_new.3 (revision 279126) -+++ secure/lib/libcrypto/man/DSA_new.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "DSA_new 3" --.TH DSA_new 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH DSA_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/DSA_set_method.3 -=================================================================== ---- secure/lib/libcrypto/man/DSA_set_method.3 (revision 279126) -+++ secure/lib/libcrypto/man/DSA_set_method.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "DSA_set_method 3" --.TH DSA_set_method 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH DSA_set_method 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -153,7 +162,7 @@ DSA_set_method, DSA_new_method, DSA_OpenSSL \- sel - A \fB\s-1DSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1DSA\s0 - operations. By modifying the method, alternative implementations - such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for --important information about how these \s-1DSA\s0 \s-1API\s0 functions are affected by the use -+important information about how these \s-1DSA API\s0 functions are affected by the use - of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. - .PP - Initially, the default \s-1DSA_METHOD\s0 is the OpenSSL internal implementation, -@@ -161,16 +170,16 @@ as returned by \fIDSA_OpenSSL()\fR. - .PP - \&\fIDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0 - structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has --been set as a default for \s-1DSA\s0, so this function is no longer recommended. -+been set as a default for \s-1DSA,\s0 so this function is no longer recommended. - .PP - \&\fIDSA_get_default_method()\fR returns a pointer to the current default --\&\s-1DSA_METHOD\s0. However, the meaningfulness of this result is dependent on --whether the \s-1ENGINE\s0 \s-1API\s0 is being used, so this function is no longer -+\&\s-1DSA_METHOD.\s0 However, the meaningfulness of this result is dependent on -+whether the \s-1ENGINE API\s0 is being used, so this function is no longer - recommended. - .PP - \&\fIDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key - \&\fBrsa\fR. This will replace the \s-1DSA_METHOD\s0 used by the \s-1DSA\s0 key and if the --previous method was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will -+previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will - be released during the change. It is possible to have \s-1DSA\s0 keys that only - work with certain \s-1DSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module - that supports embedded hardware-protected keys), and in such cases -@@ -178,7 +187,7 @@ attempting to change the \s-1DSA_METHOD\s0 for the - results. - .PP - \&\fIDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR --will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL\s0, the default engine -+will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default engine - for \s-1DSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DSA_METHOD\s0 - controlled by \fIDSA_set_default_method()\fR is used. - .SH "THE DSA_METHOD STRUCTURE" -@@ -241,10 +250,10 @@ fails. Otherwise it returns a pointer to the newly - .SH "NOTES" - .IX Header "NOTES" - As of version 0.9.7, \s-1DSA_METHOD\s0 implementations are grouped together with other --algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a --default \s-1ENGINE\s0 is specified for \s-1DSA\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function, --that will override any \s-1DSA\s0 defaults set using the \s-1DSA\s0 \s-1API\s0 (ie. --\&\fIDSA_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way -+algorithmic APIs (eg. \s-1RSA_METHOD, EVP_CIPHER,\s0 etc) in \fB\s-1ENGINE\s0\fR modules. If a -+default \s-1ENGINE\s0 is specified for \s-1DSA\s0 functionality using an \s-1ENGINE API\s0 function, -+that will override any \s-1DSA\s0 defaults set using the \s-1DSA API \s0(ie. -+\&\fIDSA_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way - to control default implementations for use in \s-1DSA\s0 and other cryptographic - algorithms. - .SH "SEE ALSO" -@@ -259,8 +268,8 @@ algorithms. - \&\fIDSA_set_default_method()\fR and \fIDSA_get_default_method()\fR respectively, and - \&\fIDSA_set_method()\fR and \fIDSA_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than - \&\fB\s-1DSA_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For --0.9.7, the handling of defaults in the \s-1ENGINE\s0 \s-1API\s0 was restructured so that this -+0.9.7, the handling of defaults in the \s-1ENGINE API\s0 was restructured so that this - change was reversed, and behaviour of the other functions resembled more closely --the previous behaviour. The behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now --transparently overrides the behaviour of defaults in the \s-1DSA\s0 \s-1API\s0 without -+the previous behaviour. The behaviour of defaults in the \s-1ENGINE API\s0 now -+transparently overrides the behaviour of defaults in the \s-1DSA API\s0 without - requiring changing these function prototypes. -Index: secure/lib/libcrypto/man/DSA_sign.3 -=================================================================== ---- secure/lib/libcrypto/man/DSA_sign.3 (revision 279126) -+++ secure/lib/libcrypto/man/DSA_sign.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "DSA_sign 3" --.TH DSA_sign 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH DSA_sign 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -148,7 +157,7 @@ DSA_sign, DSA_sign_setup, DSA_verify \- DSA signat - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" - \&\fIDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message --digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN\s0.1 \s-1DER\s0 -+digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN.1 DER\s0 - encoding at \fBsigret\fR. The length of the signature is places in - *\fBsiglen\fR. \fBsigret\fR must point to DSA_size(\fBdsa\fR) bytes of memory. - .PP -@@ -156,9 +165,9 @@ encoding at \fBsigret\fR. The length of the signat - operation in case signature generation is time-critical. It expects - \&\fBdsa\fR to contain \s-1DSA\s0 parameters. It places the precomputed values - in newly allocated \fB\s-1BIGNUM\s0\fRs at *\fBkinvp\fR and *\fBrp\fR, after freeing --the old ones unless *\fBkinvp\fR and *\fBrp\fR are \s-1NULL\s0. These values may -+the old ones unless *\fBkinvp\fR and *\fBrp\fR are \s-1NULL.\s0 These values may - be passed to \fIDSA_sign()\fR in \fBdsa\->kinv\fR and \fBdsa\->r\fR. --\&\fBctx\fR is a pre-allocated \fB\s-1BN_CTX\s0\fR or \s-1NULL\s0. -+\&\fBctx\fR is a pre-allocated \fB\s-1BN_CTX\s0\fR or \s-1NULL.\s0 - .PP - \&\fIDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR - matches a given message digest \fBdgst\fR of size \fBlen\fR. -@@ -176,8 +185,8 @@ signature and \-1 on error. The error codes can be - \&\fIERR_get_error\fR\|(3). - .SH "CONFORMING TO" - .IX Header "CONFORMING TO" --\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186 (Digital Signature --Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30 -+\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186 \s0(Digital Signature -+Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0 - .SH "SEE ALSO" - .IX Header "SEE ALSO" - \&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3), -Index: secure/lib/libcrypto/man/DSA_size.3 -=================================================================== ---- secure/lib/libcrypto/man/DSA_size.3 (revision 279126) -+++ secure/lib/libcrypto/man/DSA_size.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "DSA_size 3" --.TH DSA_size 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH DSA_size 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -140,7 +149,7 @@ DSA_size \- get DSA signature size - .Ve - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" --This function returns the size of an \s-1ASN\s0.1 encoded \s-1DSA\s0 signature in -+This function returns the size of an \s-1ASN.1\s0 encoded \s-1DSA\s0 signature in - bytes. It can be used to determine how much memory must be allocated - for a \s-1DSA\s0 signature. - .PP -Index: secure/lib/libcrypto/man/ERR_GET_LIB.3 -=================================================================== ---- secure/lib/libcrypto/man/ERR_GET_LIB.3 (revision 279126) -+++ secure/lib/libcrypto/man/ERR_GET_LIB.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ERR_GET_LIB 3" --.TH ERR_GET_LIB 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ERR_GET_LIB 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -157,7 +166,7 @@ reason codes are unique within each sub-library. - libraries may use the same value to signal different functions and - reasons. - .PP --\&\fB\s-1ERR_R_\s0...\fR reason codes such as \fB\s-1ERR_R_MALLOC_FAILURE\s0\fR are globally -+\&\fB\s-1ERR_R_...\s0\fR reason codes such as \fB\s-1ERR_R_MALLOC_FAILURE\s0\fR are globally - unique. However, when checking for sub-library specific reason codes, - be sure to also compare the library number. - .PP -Index: secure/lib/libcrypto/man/ERR_clear_error.3 -=================================================================== ---- secure/lib/libcrypto/man/ERR_clear_error.3 (revision 279126) -+++ secure/lib/libcrypto/man/ERR_clear_error.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ERR_clear_error 3" --.TH ERR_clear_error 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ERR_clear_error 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/ERR_error_string.3 -=================================================================== ---- secure/lib/libcrypto/man/ERR_error_string.3 (revision 279126) -+++ secure/lib/libcrypto/man/ERR_error_string.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ERR_error_string 3" --.TH ERR_error_string 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ERR_error_string 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/ERR_get_error.3 -=================================================================== ---- secure/lib/libcrypto/man/ERR_get_error.3 (revision 279126) -+++ secure/lib/libcrypto/man/ERR_get_error.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ERR_get_error 3" --.TH ERR_get_error 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ERR_get_error 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -177,12 +186,12 @@ additionally store the file name and line number w - the error occurred in *\fBfile\fR and *\fBline\fR, unless these are \fB\s-1NULL\s0\fR. - .PP - \&\fIERR_get_error_line_data()\fR, \fIERR_peek_error_line_data()\fR and --\&\fIERR_get_last_error_line_data()\fR store additional data and flags -+\&\fIERR_peek_last_error_line_data()\fR store additional data and flags - associated with the error code in *\fBdata\fR - and *\fBflags\fR, unless these are \fB\s-1NULL\s0\fR. *\fBdata\fR contains a string - if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR is true. - .PP --An application \fB\s-1MUST\s0 \s-1NOT\s0\fR free the *\fBdata\fR pointer (or any other pointers -+An application \fB\s-1MUST NOT\s0\fR free the *\fBdata\fR pointer (or any other pointers - returned by these functions) with \fIOPENSSL_free()\fR as freeing is handled - automatically by the error library. - .SH "RETURN VALUES" -Index: secure/lib/libcrypto/man/ERR_load_crypto_strings.3 -=================================================================== ---- secure/lib/libcrypto/man/ERR_load_crypto_strings.3 (revision 279126) -+++ secure/lib/libcrypto/man/ERR_load_crypto_strings.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ERR_load_crypto_strings 3" --.TH ERR_load_crypto_strings 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ERR_load_crypto_strings 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/ERR_load_strings.3 -=================================================================== ---- secure/lib/libcrypto/man/ERR_load_strings.3 (revision 279126) -+++ secure/lib/libcrypto/man/ERR_load_strings.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ERR_load_strings 3" --.TH ERR_load_strings 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ERR_load_strings 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/ERR_print_errors.3 -=================================================================== ---- secure/lib/libcrypto/man/ERR_print_errors.3 (revision 279126) -+++ secure/lib/libcrypto/man/ERR_print_errors.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ERR_print_errors 3" --.TH ERR_print_errors 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ERR_print_errors 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/ERR_put_error.3 -=================================================================== ---- secure/lib/libcrypto/man/ERR_put_error.3 (revision 279126) -+++ secure/lib/libcrypto/man/ERR_put_error.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ERR_put_error 3" --.TH ERR_put_error 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ERR_put_error 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/ERR_remove_state.3 -=================================================================== ---- secure/lib/libcrypto/man/ERR_remove_state.3 (revision 279126) -+++ secure/lib/libcrypto/man/ERR_remove_state.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ERR_remove_state 3" --.TH ERR_remove_state 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ERR_remove_state 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/ERR_set_mark.3 -=================================================================== ---- secure/lib/libcrypto/man/ERR_set_mark.3 (revision 279126) -+++ secure/lib/libcrypto/man/ERR_set_mark.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ERR_set_mark 3" --.TH ERR_set_mark 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ERR_set_mark 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/EVP_BytesToKey.3 -=================================================================== ---- secure/lib/libcrypto/man/EVP_BytesToKey.3 (revision 279126) -+++ secure/lib/libcrypto/man/EVP_BytesToKey.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "EVP_BytesToKey 3" --.TH EVP_BytesToKey 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH EVP_BytesToKey 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -168,7 +177,7 @@ v2.0 for key derivation. - .SH "KEY DERIVATION ALGORITHM" - .IX Header "KEY DERIVATION ALGORITHM" - The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until --enough data is available for the key and \s-1IV\s0. D_i is defined as: -+enough data is available for the key and \s-1IV.\s0 D_i is defined as: - .PP - .Vb 1 - \& D_i = HASH^count(D_(i\-1) || data || salt) -@@ -179,7 +188,7 @@ algorithm in use, HASH^1(data) is simply \s-1HASH\ - is \s-1HASH\s0(\s-1HASH\s0(data)) and so on. - .PP - The initial bytes are used for the key and the subsequent bytes for --the \s-1IV\s0. -+the \s-1IV.\s0 - .SH "RETURN VALUES" - .IX Header "RETURN VALUES" - \&\fIEVP_BytesToKey()\fR returns the size of the derived key in bytes. -Index: secure/lib/libcrypto/man/EVP_DigestInit.3 -=================================================================== ---- secure/lib/libcrypto/man/EVP_DigestInit.3 (revision 279126) -+++ secure/lib/libcrypto/man/EVP_DigestInit.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "EVP_DigestInit 3" --.TH EVP_DigestInit 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH EVP_DigestInit 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -197,7 +206,7 @@ The \s-1EVP\s0 digest routines are a high level in - \&\fIEVP_MD_CTX_create()\fR allocates, initializes and returns a digest context. - .PP - \&\fIEVP_DigestInit_ex()\fR sets up digest context \fBctx\fR to use a digest --\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized before calling this -+\&\fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized before calling this - function. \fBtype\fR will typically be supplied by a functionsuch as \fIEVP_sha1()\fR. - If \fBimpl\fR is \s-1NULL\s0 then the default implementation of digest \fBtype\fR is used. - .PP -@@ -242,7 +251,7 @@ hash. - \&\fIEVP_MD_block_size()\fR and \fIEVP_MD_CTX_block_size()\fR return the block size of the - message digest when passed an \fB\s-1EVP_MD\s0\fR or an \fB\s-1EVP_MD_CTX\s0\fR structure. - .PP --\&\fIEVP_MD_type()\fR and \fIEVP_MD_CTX_type()\fR return the \s-1NID\s0 of the \s-1OBJECT\s0 \s-1IDENTIFIER\s0 -+\&\fIEVP_MD_type()\fR and \fIEVP_MD_CTX_type()\fR return the \s-1NID\s0 of the \s-1OBJECT IDENTIFIER\s0 - representing the given message digest when passed an \fB\s-1EVP_MD\s0\fR structure. - For example EVP_MD_type(\fIEVP_sha1()\fR) returns \fBNID_sha1\fR. This function is - normally used when setting \s-1ASN1\s0 OIDs. -@@ -256,11 +265,11 @@ return \fBNID_sha1WithRSAEncryption\fR. This \*(L" - algorithms may not be retained in future versions of OpenSSL. - .PP - \&\fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR --return \fB\s-1EVP_MD\s0\fR structures for the \s-1MD2\s0, \s-1MD5\s0, \s-1SHA\s0, \s-1SHA1\s0, \s-1MDC2\s0 and \s-1RIPEMD160\s0 digest -+return \fB\s-1EVP_MD\s0\fR structures for the \s-1MD2, MD5, SHA, SHA1, MDC2\s0 and \s-1RIPEMD160\s0 digest - algorithms respectively. The associated signature algorithm is \s-1RSA\s0 in each case. - .PP - \&\fIEVP_dss()\fR and \fIEVP_dss1()\fR return \fB\s-1EVP_MD\s0\fR structures for \s-1SHA\s0 and \s-1SHA1\s0 digest --algorithms but using \s-1DSS\s0 (\s-1DSA\s0) for the signature algorithm. -+algorithms but using \s-1DSS \s0(\s-1DSA\s0) for the signature algorithm. - .PP - \&\fIEVP_md_null()\fR is a \*(L"null\*(R" message digest that does nothing: i.e. the hash it - returns is of zero length. -@@ -277,7 +286,7 @@ success and 0 for failure. - \&\fIEVP_MD_CTX_copy_ex()\fR returns 1 if successful or 0 for failure. - .PP - \&\fIEVP_MD_type()\fR, \fIEVP_MD_pkey_type()\fR and \fIEVP_MD_type()\fR return the \s-1NID\s0 of the --corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 or NID_undef if none exists. -+corresponding \s-1OBJECT IDENTIFIER\s0 or NID_undef if none exists. - .PP - \&\fIEVP_MD_size()\fR, \fIEVP_MD_block_size()\fR, EVP_MD_CTX_size(e), \fIEVP_MD_size()\fR, - \&\fIEVP_MD_CTX_block_size()\fR and \fIEVP_MD_block_size()\fR return the digest or block -Index: secure/lib/libcrypto/man/EVP_EncryptInit.3 -=================================================================== ---- secure/lib/libcrypto/man/EVP_EncryptInit.3 (revision 279126) -+++ secure/lib/libcrypto/man/EVP_EncryptInit.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "EVP_EncryptInit 3" --.TH EVP_EncryptInit 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH EVP_EncryptInit 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -227,7 +236,7 @@ symmetric ciphers. - \&\fIEVP_CIPHER_CTX_init()\fR initializes cipher contex \fBctx\fR. - .PP - \&\fIEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption --with cipher \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized -+with cipher \fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized - before calling this function. \fBtype\fR is normally supplied - by a function such as \fIEVP_des_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the - default implementation is used. \fBkey\fR is the symmetric key to use -@@ -235,7 +244,7 @@ and \fBiv\fR is the \s-1IV\s0 to use (if necessary - used for the key and \s-1IV\s0 depends on the cipher. It is possible to set - all parameters to \s-1NULL\s0 except \fBtype\fR in an initial call and supply - the remaining parameters in subsequent calls, all of which have \fBtype\fR --set to \s-1NULL\s0. This is done when the default cipher parameters are not -+set to \s-1NULL.\s0 This is done when the default cipher parameters are not - appropriate. - .PP - \&\fIEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and -@@ -294,8 +303,8 @@ return an \s-1EVP_CIPHER\s0 structure when passed - .PP - \&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return the \s-1NID\s0 of a cipher when - passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The actual \s-1NID\s0 --value is an internal value which may not have a corresponding \s-1OBJECT\s0 --\&\s-1IDENTIFIER\s0. -+value is an internal value which may not have a corresponding \s-1OBJECT -+IDENTIFIER.\s0 - .PP - \&\fIEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. By default - encryption operations are padded using standard block padding and the -@@ -317,7 +326,7 @@ length to any value other than the fixed value is - .PP - \&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 - length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR. --It will return zero if the cipher does not use an \s-1IV\s0. The constant -+It will return zero if the cipher does not use an \s-1IV. \s0 The constant - \&\fB\s-1EVP_MAX_IV_LENGTH\s0\fR is the maximum \s-1IV\s0 length for all ciphers. - .PP - \&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block -@@ -326,9 +335,9 @@ structure. The constant \fB\s-1EVP_MAX_IV_LENGTH\s - length for all ciphers. - .PP - \&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the type of the passed --cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 of the cipher \s-1OBJECT\s0 --\&\s-1IDENTIFIER\s0 as such it ignores the cipher parameters and 40 bit \s-1RC2\s0 and --128 bit \s-1RC2\s0 have the same \s-1NID\s0. If the cipher does not have an object -+cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 of the cipher \s-1OBJECT -+IDENTIFIER\s0 as such it ignores the cipher parameters and 40 bit \s-1RC2\s0 and -+128 bit \s-1RC2\s0 have the same \s-1NID.\s0 If the cipher does not have an object - identifier or does not have \s-1ASN1\s0 support this function will return - \&\fBNID_undef\fR. - .PP -@@ -336,13 +345,13 @@ identifier or does not have \s-1ASN1\s0 support th - an \fB\s-1EVP_CIPHER_CTX\s0\fR structure. - .PP - \&\fIEVP_CIPHER_mode()\fR and \fIEVP_CIPHER_CTX_mode()\fR return the block cipher mode: --\&\s-1EVP_CIPH_ECB_MODE\s0, \s-1EVP_CIPH_CBC_MODE\s0, \s-1EVP_CIPH_CFB_MODE\s0 or --\&\s-1EVP_CIPH_OFB_MODE\s0. If the cipher is a stream cipher then -+\&\s-1EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE\s0 or -+\&\s-1EVP_CIPH_OFB_MODE.\s0 If the cipher is a stream cipher then - \&\s-1EVP_CIPH_STREAM_CIPHER\s0 is returned. - .PP - \&\fIEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based - on the passed cipher. This will typically include any parameters and an --\&\s-1IV\s0. The cipher \s-1IV\s0 (if any) must be set when this call is made. This call -+\&\s-1IV.\s0 The cipher \s-1IV \s0(if any) must be set when this call is made. This call - should be made before the cipher is actually \*(L"used\*(R" (before any - \&\fIEVP_EncryptUpdate()\fR, \fIEVP_DecryptUpdate()\fR calls for example). This function - may fail if the cipher does not have any \s-1ASN1\s0 support. -@@ -349,11 +358,11 @@ may fail if the cipher does not have any \s-1ASN1\ - .PP - \&\fIEVP_CIPHER_asn1_to_param()\fR sets the cipher parameters based on an \s-1ASN1\s0 - AlgorithmIdentifier \*(L"parameter\*(R". The precise effect depends on the cipher --In the case of \s-1RC2\s0, for example, it will set the \s-1IV\s0 and effective key length. -+In the case of \s-1RC2,\s0 for example, it will set the \s-1IV\s0 and effective key length. - This function should be called after the base cipher type is set but before - the key is set. For example \fIEVP_CipherInit()\fR will be called with the \s-1IV\s0 and --key set to \s-1NULL\s0, \fIEVP_CIPHER_asn1_to_param()\fR will be called and finally --\&\fIEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL\s0. It is -+key set to \s-1NULL,\s0 \fIEVP_CIPHER_asn1_to_param()\fR will be called and finally -+\&\fIEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL.\s0 It is - possible for this function to fail if the cipher does not have any \s-1ASN1\s0 support - or the parameters cannot be set (for example the \s-1RC2\s0 effective key length - is not supported. -@@ -377,7 +386,7 @@ return 1 for success and 0 for failure. - \&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR - return an \fB\s-1EVP_CIPHER\s0\fR structure or \s-1NULL\s0 on error. - .PP --\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return a \s-1NID\s0. -+\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return a \s-1NID.\s0 - .PP - \&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block - size. -@@ -388,10 +397,10 @@ length. - \&\fIEVP_CIPHER_CTX_set_padding()\fR always returns 1. - .PP - \&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 --length or zero if the cipher does not use an \s-1IV\s0. -+length or zero if the cipher does not use an \s-1IV.\s0 - .PP - \&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the \s-1NID\s0 of the cipher's --\&\s-1OBJECT\s0 \s-1IDENTIFIER\s0 or NID_undef if it has no defined \s-1OBJECT\s0 \s-1IDENTIFIER\s0. -+\&\s-1OBJECT IDENTIFIER\s0 or NID_undef if it has no defined \s-1OBJECT IDENTIFIER.\s0 - .PP - \&\fIEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure. - .PP -@@ -405,13 +414,13 @@ All algorithms have a fixed key length unless othe - Null cipher: does nothing. - .IP "EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)" 4 - .IX Item "EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)" --\&\s-1DES\s0 in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. -+\&\s-1DES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. - .IP "EVP_des_ede_cbc(void), \fIEVP_des_ede()\fR, EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)" 4 --.IX Item "EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)" --Two key triple \s-1DES\s0 in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. -+.IX Item "EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)" -+Two key triple \s-1DES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. - .IP "EVP_des_ede3_cbc(void), \fIEVP_des_ede3()\fR, EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)" 4 --.IX Item "EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)" --Three key triple \s-1DES\s0 in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. -+.IX Item "EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)" -+Three key triple \s-1DES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. - .IP "EVP_desx_cbc(void)" 4 - .IX Item "EVP_desx_cbc(void)" - \&\s-1DESX\s0 algorithm in \s-1CBC\s0 mode. -@@ -424,10 +433,10 @@ Null cipher: does nothing. - and the \fIEVP_CIPHER_CTX_set_key_length()\fR function. - .IP "\fIEVP_idea_cbc()\fR EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void)" 4 - .IX Item "EVP_idea_cbc() EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void)" --\&\s-1IDEA\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. -+\&\s-1IDEA\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. - .IP "EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void)" 4 - .IX Item "EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void)" --\&\s-1RC2\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key -+\&\s-1RC2\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key - length cipher with an additional parameter called \*(L"effective key bits\*(R" or \*(L"effective key length\*(R". - By default both are set to 128 bits. - .IP "EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void)" 4 -@@ -437,15 +446,15 @@ These are obsolete and new code should use \fIEVP_ - \&\fIEVP_CIPHER_CTX_ctrl()\fR to set the key length and effective key length. - .IP "EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);" 4 - .IX Item "EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);" --Blowfish encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key -+Blowfish encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key - length cipher. - .IP "EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void)" 4 - .IX Item "EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void)" --\&\s-1CAST\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key -+\&\s-1CAST\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key - length cipher. - .IP "EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void)" 4 - .IX Item "EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void)" --\&\s-1RC5\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key length -+\&\s-1RC5\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key length - cipher with an additional \*(L"number of rounds\*(R" parameter. By default the key length is set to 128 - bits and 12 rounds. - .SH "NOTES" -@@ -487,7 +496,7 @@ unpredictable. This is because it has become stand - generic key as a fixed unsigned char array containing \s-1EVP_MAX_KEY_LENGTH\s0 bytes. - .PP - The \s-1ASN1\s0 code is incomplete (and sometimes inaccurate) it has only been tested --for certain common S/MIME ciphers (\s-1RC2\s0, \s-1DES\s0, triple \s-1DES\s0) in \s-1CBC\s0 mode. -+for certain common S/MIME ciphers (\s-1RC2, DES,\s0 triple \s-1DES\s0) in \s-1CBC\s0 mode. - .SH "EXAMPLES" - .IX Header "EXAMPLES" - Get the number of rounds used in \s-1RC5:\s0 -@@ -570,7 +579,7 @@ utility with the command line: - \& S<openssl bf \-in cipher.bin \-K 000102030405060708090A0B0C0D0E0F \-iv 0102030405060708 \-d> - .Ve - .PP --General encryption, decryption function example using \s-1FILE\s0 I/O and \s-1RC2\s0 with an -+General encryption, decryption function example using \s-1FILE I/O\s0 and \s-1RC2\s0 with an - 80 bit key: - .PP - .Vb 10 -Index: secure/lib/libcrypto/man/EVP_OpenInit.3 -=================================================================== ---- secure/lib/libcrypto/man/EVP_OpenInit.3 (revision 279126) -+++ secure/lib/libcrypto/man/EVP_OpenInit.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "EVP_OpenInit 3" --.TH EVP_OpenInit 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH EVP_OpenInit 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -163,7 +172,7 @@ page. - It is possible to call \fIEVP_OpenInit()\fR twice in the same way as - \&\fIEVP_DecryptInit()\fR. The first call should have \fBpriv\fR set to \s-1NULL\s0 - and (after setting any cipher parameters) it should be called again --with \fBtype\fR set to \s-1NULL\s0. -+with \fBtype\fR set to \s-1NULL.\s0 - .PP - If the cipher passed in the \fBtype\fR parameter is a variable length - cipher then the key length will be set to the value of the recovered -Index: secure/lib/libcrypto/man/EVP_PKEY_new.3 -=================================================================== ---- secure/lib/libcrypto/man/EVP_PKEY_new.3 (revision 279126) -+++ secure/lib/libcrypto/man/EVP_PKEY_new.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "EVP_PKEY_new 3" --.TH EVP_PKEY_new 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH EVP_PKEY_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 -=================================================================== ---- secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 (revision 279126) -+++ secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "EVP_PKEY_set1_RSA 3" --.TH EVP_PKEY_set1_RSA 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH EVP_PKEY_set1_RSA 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -172,8 +181,8 @@ will be freed when the parent \fBpkey\fR is freed. - .PP - \&\fIEVP_PKEY_type()\fR returns the type of key corresponding to the value - \&\fBtype\fR. The type of a key can be obtained with --EVP_PKEY_type(pkey\->type). The return value will be \s-1EVP_PKEY_RSA\s0, --\&\s-1EVP_PKEY_DSA\s0, \s-1EVP_PKEY_DH\s0 or \s-1EVP_PKEY_EC\s0 for the corresponding -+EVP_PKEY_type(pkey\->type). The return value will be \s-1EVP_PKEY_RSA, -+EVP_PKEY_DSA, EVP_PKEY_DH\s0 or \s-1EVP_PKEY_EC\s0 for the corresponding - key types or NID_undef if the key type is unassigned. - .SH "NOTES" - .IX Header "NOTES" -Index: secure/lib/libcrypto/man/EVP_SealInit.3 -=================================================================== ---- secure/lib/libcrypto/man/EVP_SealInit.3 (revision 279126) -+++ secure/lib/libcrypto/man/EVP_SealInit.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "EVP_SealInit 3" --.TH EVP_SealInit 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH EVP_SealInit 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -147,12 +156,12 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- EVP - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" - The \s-1EVP\s0 envelope routines are a high level interface to envelope --encryption. They generate a random key and \s-1IV\s0 (if required) then -+encryption. They generate a random key and \s-1IV \s0(if required) then - \&\*(L"envelope\*(R" it by using public key encryption. Data can then be - encrypted using this key. - .PP - \&\fIEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption --with cipher \fBtype\fR using a random secret key and \s-1IV\s0. \fBtype\fR is normally -+with cipher \fBtype\fR using a random secret key and \s-1IV. \s0\fBtype\fR is normally - supplied by a function such as \fIEVP_des_cbc()\fR. The secret key is encrypted - using one or more public keys, this allows the same encrypted data to be - decrypted using any of the corresponding private keys. \fBek\fR is an array of -@@ -163,7 +172,7 @@ size of each encrypted secret key is written to th - an array of \fBnpubk\fR public keys. - .PP - The \fBiv\fR parameter is a buffer where the generated \s-1IV\s0 is written to. It must --contain enough room for the corresponding cipher's \s-1IV\s0, as determined by (for -+contain enough room for the corresponding cipher's \s-1IV,\s0 as determined by (for - example) EVP_CIPHER_iv_length(type). - .PP - If the cipher does not require an \s-1IV\s0 then the \fBiv\fR parameter is ignored -@@ -196,7 +205,7 @@ using public key encryption. - It is possible to call \fIEVP_SealInit()\fR twice in the same way as - \&\fIEVP_EncryptInit()\fR. The first call should have \fBnpubk\fR set to 0 - and (after setting any cipher parameters) it should be called again --with \fBtype\fR set to \s-1NULL\s0. -+with \fBtype\fR set to \s-1NULL.\s0 - .SH "SEE ALSO" - .IX Header "SEE ALSO" - \&\fIevp\fR\|(3), \fIrand\fR\|(3), -Index: secure/lib/libcrypto/man/EVP_SignInit.3 -=================================================================== ---- secure/lib/libcrypto/man/EVP_SignInit.3 (revision 279126) -+++ secure/lib/libcrypto/man/EVP_SignInit.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "EVP_SignInit 3" --.TH EVP_SignInit 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH EVP_SignInit 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -150,7 +159,7 @@ The \s-1EVP\s0 signature routines are a high level - signatures. - .PP - \&\fIEVP_SignInit_ex()\fR sets up signing context \fBctx\fR to use digest --\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized with -+\&\fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized with - \&\fIEVP_MD_CTX_init()\fR before calling this function. - .PP - \&\fIEVP_SignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the -Index: secure/lib/libcrypto/man/EVP_VerifyInit.3 -=================================================================== ---- secure/lib/libcrypto/man/EVP_VerifyInit.3 (revision 279126) -+++ secure/lib/libcrypto/man/EVP_VerifyInit.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "EVP_VerifyInit 3" --.TH EVP_VerifyInit 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH EVP_VerifyInit 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -148,7 +157,7 @@ The \s-1EVP\s0 signature verification routines are - signatures. - .PP - \&\fIEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest --\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized by calling -+\&\fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized by calling - \&\fIEVP_MD_CTX_init()\fR before calling this function. - .PP - \&\fIEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the -Index: secure/lib/libcrypto/man/OBJ_nid2obj.3 -=================================================================== ---- secure/lib/libcrypto/man/OBJ_nid2obj.3 (revision 279126) -+++ secure/lib/libcrypto/man/OBJ_nid2obj.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "OBJ_nid2obj 3" --.TH OBJ_nid2obj 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH OBJ_nid2obj 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -160,9 +169,9 @@ functions - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" - The \s-1ASN1\s0 object utility functions process \s-1ASN1_OBJECT\s0 structures which are --a representation of the \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0 (\s-1OID\s0) type. -+a representation of the \s-1ASN1 OBJECT IDENTIFIER \s0(\s-1OID\s0) type. - .PP --\&\fIOBJ_nid2obj()\fR, \fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR convert the \s-1NID\s0 \fBn\fR to -+\&\fIOBJ_nid2obj()\fR, \fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR convert the \s-1NID \s0\fBn\fR to - an \s-1ASN1_OBJECT\s0 structure, its long name and its short name respectively, - or \fB\s-1NULL\s0\fR is an error occurred. - .PP -@@ -223,7 +232,7 @@ Objects which are not in the table have the \s-1NI - .PP - Objects do not need to be in the internal tables to be processed, - the functions \fIOBJ_txt2obj()\fR and \fIOBJ_obj2txt()\fR can process the numerical --form of an \s-1OID\s0. -+form of an \s-1OID.\s0 - .SH "EXAMPLES" - .IX Header "EXAMPLES" - Create an object for \fBcommonName\fR: -Index: secure/lib/libcrypto/man/OPENSSL_Applink.3 -=================================================================== ---- secure/lib/libcrypto/man/OPENSSL_Applink.3 (revision 279126) -+++ secure/lib/libcrypto/man/OPENSSL_Applink.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "OPENSSL_Applink 3" --.TH OPENSSL_Applink 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH OPENSSL_Applink 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 -=================================================================== ---- secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 (revision 279126) -+++ secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "OPENSSL_VERSION_NUMBER 3" --.TH OPENSSL_VERSION_NUMBER 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH OPENSSL_VERSION_NUMBER 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -205,8 +214,8 @@ The \*(L"Configure\*(R" target of the library buil - if available or \*(L"platform: information not available\*(R" otherwise. - .IP "\s-1SSLEAY_DIR\s0" 4 - .IX Item "SSLEAY_DIR" --The \*(L"\s-1OPENSSLDIR\s0\*(R" setting of the library build in the form \*(L"\s-1OPENSSLDIR:\s0 \*(R"..."\*(L" --if available or \*(R"\s-1OPENSSLDIR:\s0 N/A" otherwise. -+The \*(L"\s-1OPENSSLDIR\*(R"\s0 setting of the library build in the form \*(L"\s-1OPENSSLDIR: \*(R"..."\*(L"\s0 -+if available or \*(R"\s-1OPENSSLDIR: N/A"\s0 otherwise. - .PP - For an unknown \fBt\fR, the text \*(L"not available\*(R" is returned. - .SH "RETURN VALUE" -Index: secure/lib/libcrypto/man/OPENSSL_config.3 -=================================================================== ---- secure/lib/libcrypto/man/OPENSSL_config.3 (revision 279126) -+++ secure/lib/libcrypto/man/OPENSSL_config.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "OPENSSL_config 3" --.TH OPENSSL_config 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH OPENSSL_config 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/OPENSSL_ia32cap.3 -=================================================================== ---- secure/lib/libcrypto/man/OPENSSL_ia32cap.3 (revision 279126) -+++ secure/lib/libcrypto/man/OPENSSL_ia32cap.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "OPENSSL_ia32cap 3" --.TH OPENSSL_ia32cap 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH OPENSSL_ia32cap 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -159,7 +168,7 @@ significant, namely: - .PP - For example, clearing bit #26 at run-time disables high-performance - \&\s-1SSE2\s0 code present in the crypto library. You might have to do this if --target OpenSSL application is executed on \s-1SSE2\s0 capable \s-1CPU\s0, but under -+target OpenSSL application is executed on \s-1SSE2\s0 capable \s-1CPU,\s0 but under - control of \s-1OS\s0 which does not support \s-1SSE2\s0 extentions. Even though you - can manipulate the value programmatically, you most likely will find it - more appropriate to set up an environment variable with the same name -Index: secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 -=================================================================== ---- secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 (revision 279126) -+++ secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "OPENSSL_load_builtin_modules 3" --.TH OPENSSL_load_builtin_modules 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH OPENSSL_load_builtin_modules 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -146,7 +155,7 @@ The function \fIOPENSSL_load_builtin_modules()\fR - configuration modules to the internal list. They can then be used by the - OpenSSL configuration code. - .PP --\&\fIASN1_add_oid_module()\fR adds just the \s-1ASN1\s0 \s-1OBJECT\s0 module. -+\&\fIASN1_add_oid_module()\fR adds just the \s-1ASN1 OBJECT\s0 module. - .PP - \&\fIENGINE_add_conf_module()\fR adds just the \s-1ENGINE\s0 configuration module. - .SH "NOTES" -Index: secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 -=================================================================== ---- secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 (revision 279126) -+++ secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "OpenSSL_add_all_algorithms 3" --.TH OpenSSL_add_all_algorithms 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH OpenSSL_add_all_algorithms 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -171,7 +180,7 @@ needs to lookup algorithms. - .PP - The cipher and digest lookup functions are used in many parts of the library. If - the table is not initialized several functions will misbehave and complain they --cannot find algorithms. This includes the \s-1PEM\s0, PKCS#12, \s-1SSL\s0 and S/MIME libraries. -+cannot find algorithms. This includes the \s-1PEM,\s0 PKCS#12, \s-1SSL\s0 and S/MIME libraries. - This is a common query in the OpenSSL mailing lists. - .PP - Calling \fIOpenSSL_add_all_algorithms()\fR links in all algorithms: as a result a -Index: secure/lib/libcrypto/man/PKCS12_create.3 -=================================================================== ---- secure/lib/libcrypto/man/PKCS12_create.3 (revision 279126) -+++ secure/lib/libcrypto/man/PKCS12_create.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "PKCS12_create 3" --.TH PKCS12_create 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH PKCS12_create 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -158,15 +167,15 @@ The parameters \fBnid_key\fR, \fBnid_cert\fR, \fBi - can all be set to zero and sensible defaults will be used. - .PP - These defaults are: 40 bit \s-1RC2\s0 encryption for certificates, triple \s-1DES\s0 --encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER\s0 --(currently 2048) and a \s-1MAC\s0 iteration count of 1. -+encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER -+\&\s0(currently 2048) and a \s-1MAC\s0 iteration count of 1. - .PP - The default \s-1MAC\s0 iteration count is 1 in order to retain compatibility with - old software which did not interpret \s-1MAC\s0 iteration counts. If such compatibility --is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER\s0. -+is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER.\s0 - .PP - \&\fBkeytype\fR adds a flag to the store private key. This is a non standard extension --that is only currently interpreted by \s-1MSIE\s0. If set to zero the flag is omitted, -+that is only currently interpreted by \s-1MSIE.\s0 If set to zero the flag is omitted, - if set to \fB\s-1KEY_SIG\s0\fR the key can be used for signing only, if set to \fB\s-1KEY_EX\s0\fR - it can be used for signing and encryption. This option was useful for old - export grade software which could use signing only keys of arbitrary size but -Index: secure/lib/libcrypto/man/PKCS12_parse.3 -=================================================================== ---- secure/lib/libcrypto/man/PKCS12_parse.3 (revision 279126) -+++ secure/lib/libcrypto/man/PKCS12_parse.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "PKCS12_parse 3" --.TH PKCS12_parse 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH PKCS12_parse 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/PKCS7_decrypt.3 -=================================================================== ---- secure/lib/libcrypto/man/PKCS7_decrypt.3 (revision 279126) -+++ secure/lib/libcrypto/man/PKCS7_decrypt.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "PKCS7_decrypt 3" --.TH PKCS7_decrypt 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH PKCS7_decrypt 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/PKCS7_encrypt.3 -=================================================================== ---- secure/lib/libcrypto/man/PKCS7_encrypt.3 (revision 279126) -+++ secure/lib/libcrypto/man/PKCS7_encrypt.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "PKCS7_encrypt 3" --.TH PKCS7_encrypt 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH PKCS7_encrypt 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -153,7 +162,7 @@ be signed using the \s-1RSA\s0 algorithm. - most clients will support it. - .PP - Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 bit --\&\s-1RC2\s0. These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR respectively. -+\&\s-1RC2.\s0 These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR respectively. - .PP - The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of its - parameters. -Index: secure/lib/libcrypto/man/PKCS7_sign.3 -=================================================================== ---- secure/lib/libcrypto/man/PKCS7_sign.3 (revision 279126) -+++ secure/lib/libcrypto/man/PKCS7_sign.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "PKCS7_sign 3" --.TH PKCS7_sign 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH PKCS7_sign 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -145,7 +154,7 @@ is the certificate to sign with, \fBpkey\fR is the - \&\fBcerts\fR is an optional additional set of certificates to include in the - PKCS#7 structure (for example any intermediate CAs in the chain). - .PP --The data to be signed is read from \s-1BIO\s0 \fBdata\fR. -+The data to be signed is read from \s-1BIO \s0\fBdata\fR. - .PP - \&\fBflags\fR is an optional set of flags. - .SH "NOTES" -@@ -177,7 +186,7 @@ will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is - omitted. - .PP - If present the SMIMECapabilities attribute indicates support for the following --algorithms: triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. If any -+algorithms: triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any - of these algorithms is disabled then it will not be included. - .PP - If the flags \fB\s-1PKCS7_PARTSIGN\s0\fR is set then the returned \fB\s-1PKCS7\s0\fR structure -Index: secure/lib/libcrypto/man/PKCS7_verify.3 -=================================================================== ---- secure/lib/libcrypto/man/PKCS7_verify.3 (revision 279126) -+++ secure/lib/libcrypto/man/PKCS7_verify.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "PKCS7_verify 3" --.TH PKCS7_verify 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH PKCS7_verify 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -147,7 +156,7 @@ structure to verify. \fBcerts\fR is a set of certi - the signer's certificate. \fBstore\fR is a trusted certficate store (used for - chain verification). \fBindata\fR is the signed data if the content is not - present in \fBp7\fR (that is it is detached). The content is written to \fBout\fR --if it is not \s-1NULL\s0. -+if it is not \s-1NULL.\s0 - .PP - \&\fBflags\fR is an optional set of flags, which can be used to modify the verify - operation. -Index: secure/lib/libcrypto/man/RAND_add.3 -=================================================================== ---- secure/lib/libcrypto/man/RAND_add.3 (revision 279126) -+++ secure/lib/libcrypto/man/RAND_add.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "RAND_add 3" --.TH RAND_add 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH RAND_add 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -156,7 +165,7 @@ key presses, mouse movements) and certain hardware - \&\fBentropy\fR argument is (the lower bound of) an estimate of how much - randomness is contained in \fBbuf\fR, measured in bytes. Details about - sources of randomness and how to estimate their entropy can be found --in the literature, e.g. \s-1RFC\s0 1750. -+in the literature, e.g. \s-1RFC 1750.\s0 - .PP - \&\fIRAND_add()\fR may be called with sensitive data such as user entered - passwords. The seed values cannot be recovered from the \s-1PRNG\s0 output. -@@ -174,11 +183,11 @@ or \fIRAND_load_file\fR\|(3). - movements and other user interaction. It should be called with the - \&\fBiMsg\fR, \fBwParam\fR and \fBlParam\fR arguments of \fIall\fR messages sent to - the window procedure. It will estimate the entropy contained in the --event message (if any), and add it to the \s-1PRNG\s0. The program can then -+event message (if any), and add it to the \s-1PRNG.\s0 The program can then - process the messages as usual. - .PP - The \fIRAND_screen()\fR function is available for the convenience of Windows --programmers. It adds the current contents of the screen to the \s-1PRNG\s0. -+programmers. It adds the current contents of the screen to the \s-1PRNG.\s0 - For applications that can catch Windows events, seeding the \s-1PRNG\s0 by - calling \fIRAND_event()\fR is a significantly better source of - randomness. It should be noted that both methods cannot be used on -Index: secure/lib/libcrypto/man/RAND_bytes.3 -=================================================================== ---- secure/lib/libcrypto/man/RAND_bytes.3 (revision 279126) -+++ secure/lib/libcrypto/man/RAND_bytes.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "RAND_bytes 3" --.TH RAND_bytes 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH RAND_bytes 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/RAND_cleanup.3 -=================================================================== ---- secure/lib/libcrypto/man/RAND_cleanup.3 (revision 279126) -+++ secure/lib/libcrypto/man/RAND_cleanup.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "RAND_cleanup 3" --.TH RAND_cleanup 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH RAND_cleanup 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -140,7 +149,7 @@ RAND_cleanup \- erase the PRNG state - .Ve - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" --\&\fIRAND_cleanup()\fR erases the memory used by the \s-1PRNG\s0. -+\&\fIRAND_cleanup()\fR erases the memory used by the \s-1PRNG.\s0 - .SH "RETURN VALUE" - .IX Header "RETURN VALUE" - \&\fIRAND_cleanup()\fR returns no value. -Index: secure/lib/libcrypto/man/RAND_egd.3 -=================================================================== ---- secure/lib/libcrypto/man/RAND_egd.3 (revision 279126) -+++ secure/lib/libcrypto/man/RAND_egd.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "RAND_egd 3" --.TH RAND_egd 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH RAND_egd 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -145,12 +154,12 @@ RAND_egd \- query entropy gathering daemon - .IX Header "DESCRIPTION" - \&\fIRAND_egd()\fR queries the entropy gathering daemon \s-1EGD\s0 on socket \fBpath\fR. - It queries 255 bytes and uses \fIRAND_add\fR\|(3) to seed the --OpenSSL built-in \s-1PRNG\s0. RAND_egd(path) is a wrapper for -+OpenSSL built-in \s-1PRNG.\s0 RAND_egd(path) is a wrapper for - RAND_egd_bytes(path, 255); - .PP - \&\fIRAND_egd_bytes()\fR queries the entropy gathering daemon \s-1EGD\s0 on socket \fBpath\fR. - It queries \fBbytes\fR bytes and uses \fIRAND_add\fR\|(3) to seed the --OpenSSL built-in \s-1PRNG\s0. -+OpenSSL built-in \s-1PRNG.\s0 - This function is more flexible than \fIRAND_egd()\fR. - When only one secret key must - be generated, it is not necessary to request the full amount 255 bytes from -@@ -159,7 +168,7 @@ that can be retrieved from \s-1EGD\s0 over time is - .PP - \&\fIRAND_query_egd_bytes()\fR performs the actual query of the \s-1EGD\s0 daemon on socket - \&\fBpath\fR. If \fBbuf\fR is given, \fBbytes\fR bytes are queried and written into --\&\fBbuf\fR. If \fBbuf\fR is \s-1NULL\s0, \fBbytes\fR bytes are queried and used to seed the -+\&\fBbuf\fR. If \fBbuf\fR is \s-1NULL, \s0\fBbytes\fR bytes are queried and used to seed the - OpenSSL built-in \s-1PRNG\s0 using \fIRAND_add\fR\|(3). - .SH "NOTES" - .IX Header "NOTES" -@@ -191,7 +200,7 @@ is located at /var/run/egd\-pool, /dev/egd\-pool o - .IX Header "RETURN VALUE" - \&\fIRAND_egd()\fR and \fIRAND_egd_bytes()\fR return the number of bytes read from the - daemon on success, and \-1 if the connection failed or the daemon did not --return enough data to fully seed the \s-1PRNG\s0. -+return enough data to fully seed the \s-1PRNG.\s0 - .PP - \&\fIRAND_query_egd_bytes()\fR returns the number of bytes read from the daemon on - success, and \-1 if the connection failed. The \s-1PRNG\s0 state is not considered. -Index: secure/lib/libcrypto/man/RAND_load_file.3 -=================================================================== ---- secure/lib/libcrypto/man/RAND_load_file.3 (revision 279126) -+++ secure/lib/libcrypto/man/RAND_load_file.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "RAND_load_file 3" --.TH RAND_load_file 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH RAND_load_file 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -151,7 +160,7 @@ set, \f(CW$HOME\fR/.rnd otherwise. If \f(CW$HOME\f - too small for the path name, an error occurs. - .PP - \&\fIRAND_load_file()\fR reads a number of bytes from file \fBfilename\fR and --adds them to the \s-1PRNG\s0. If \fBmax_bytes\fR is non-negative, -+adds them to the \s-1PRNG.\s0 If \fBmax_bytes\fR is non-negative, - up to to \fBmax_bytes\fR are read; starting with OpenSSL 0.9.5, - if \fBmax_bytes\fR is \-1, the complete file is read. - .PP -Index: secure/lib/libcrypto/man/RAND_set_rand_method.3 -=================================================================== ---- secure/lib/libcrypto/man/RAND_set_rand_method.3 (revision 279126) -+++ secure/lib/libcrypto/man/RAND_set_rand_method.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "RAND_set_rand_method 3" --.TH RAND_set_rand_method 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH RAND_set_rand_method 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -147,7 +156,7 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_S - A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random number - generation. By modifying the method, alternative implementations such as - hardware RNGs may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for important --information about how these \s-1RAND\s0 \s-1API\s0 functions are affected by the use of -+information about how these \s-1RAND API\s0 functions are affected by the use of - \&\fB\s-1ENGINE\s0\fR \s-1API\s0 calls. - .PP - Initially, the default \s-1RAND_METHOD\s0 is the OpenSSL internal implementation, as -@@ -154,12 +163,12 @@ Initially, the default \s-1RAND_METHOD\s0 is the O - returned by \fIRAND_SSLeay()\fR. - .PP - \&\fIRAND_set_default_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use. \fB\s-1NB\s0\fR: This is --true only whilst no \s-1ENGINE\s0 has been set as a default for \s-1RAND\s0, so this function -+true only whilst no \s-1ENGINE\s0 has been set as a default for \s-1RAND,\s0 so this function - is no longer recommended. - .PP --\&\fIRAND_get_default_method()\fR returns a pointer to the current \s-1RAND_METHOD\s0. --However, the meaningfulness of this result is dependent on whether the \s-1ENGINE\s0 --\&\s-1API\s0 is being used, so this function is no longer recommended. -+\&\fIRAND_get_default_method()\fR returns a pointer to the current \s-1RAND_METHOD.\s0 -+However, the meaningfulness of this result is dependent on whether the \s-1ENGINE -+API\s0 is being used, so this function is no longer recommended. - .SH "THE RAND_METHOD STRUCTURE" - .IX Header "THE RAND_METHOD STRUCTURE" - .Vb 9 -@@ -185,10 +194,10 @@ Each component may be \s-1NULL\s0 if the function - .SH "NOTES" - .IX Header "NOTES" - As of version 0.9.7, \s-1RAND_METHOD\s0 implementations are grouped together with other --algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a --default \s-1ENGINE\s0 is specified for \s-1RAND\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function, --that will override any \s-1RAND\s0 defaults set using the \s-1RAND\s0 \s-1API\s0 (ie. --\&\fIRAND_set_rand_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way -+algorithmic APIs (eg. \s-1RSA_METHOD, EVP_CIPHER,\s0 etc) in \fB\s-1ENGINE\s0\fR modules. If a -+default \s-1ENGINE\s0 is specified for \s-1RAND\s0 functionality using an \s-1ENGINE API\s0 function, -+that will override any \s-1RAND\s0 defaults set using the \s-1RAND API \s0(ie. -+\&\fIRAND_set_rand_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way - to control default implementations for use in \s-1RAND\s0 and other cryptographic - algorithms. - .SH "SEE ALSO" -@@ -201,6 +210,6 @@ available in all versions of OpenSSL. - .PP - In the engine version of version 0.9.6, \fIRAND_set_rand_method()\fR was altered to - take an \s-1ENGINE\s0 pointer as its argument. As of version 0.9.7, that has been --reverted as the \s-1ENGINE\s0 \s-1API\s0 transparently overrides \s-1RAND\s0 defaults if used, --otherwise \s-1RAND\s0 \s-1API\s0 functions work as before. \fIRAND_set_rand_engine()\fR was also -+reverted as the \s-1ENGINE API\s0 transparently overrides \s-1RAND\s0 defaults if used, -+otherwise \s-1RAND API\s0 functions work as before. \fIRAND_set_rand_engine()\fR was also - introduced in version 0.9.7. -Index: secure/lib/libcrypto/man/RSA_blinding_on.3 -=================================================================== ---- secure/lib/libcrypto/man/RSA_blinding_on.3 (revision 279126) -+++ secure/lib/libcrypto/man/RSA_blinding_on.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "RSA_blinding_on 3" --.TH RSA_blinding_on 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH RSA_blinding_on 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/RSA_check_key.3 -=================================================================== ---- secure/lib/libcrypto/man/RSA_check_key.3 (revision 279126) -+++ secure/lib/libcrypto/man/RSA_check_key.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "RSA_check_key 3" --.TH RSA_check_key 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH RSA_check_key 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -173,7 +182,7 @@ acceleration or analysis purposes, then in all lik - is complete and untouched, but this can't be assumed in the general case. - .SH "BUGS" - .IX Header "BUGS" --A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA\s0 \s-1API\s0 functions might need -+A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA API\s0 functions might need - to be considered. Right now \fIRSA_check_key()\fR simply uses the \s-1RSA\s0 structure - elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and - completely violating encapsulation and object-orientation in the process). -Index: secure/lib/libcrypto/man/RSA_generate_key.3 -=================================================================== ---- secure/lib/libcrypto/man/RSA_generate_key.3 (revision 279126) -+++ secure/lib/libcrypto/man/RSA_generate_key.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "RSA_generate_key 3" --.TH RSA_generate_key 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH RSA_generate_key 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/RSA_get_ex_new_index.3 -=================================================================== ---- secure/lib/libcrypto/man/RSA_get_ex_new_index.3 (revision 279126) -+++ secure/lib/libcrypto/man/RSA_get_ex_new_index.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "RSA_get_ex_new_index 3" --.TH RSA_get_ex_new_index 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH RSA_get_ex_new_index 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -166,7 +175,7 @@ The \fB\f(BIRSA_get_ex_new_index()\fB\fR function - new application specific data. It takes three optional function pointers which - are called when the parent structure (in this case an \s-1RSA\s0 structure) is - initially created, when it is copied and when it is freed up. If any or all of --these function pointer arguments are not used they should be set to \s-1NULL\s0. The -+these function pointer arguments are not used they should be set to \s-1NULL.\s0 The - precise manner in which these function pointers are called is described in more - detail below. \fB\f(BIRSA_get_ex_new_index()\fB\fR also takes additional long and pointer - parameters which will be passed to the supplied functions but which otherwise -Index: secure/lib/libcrypto/man/RSA_new.3 -=================================================================== ---- secure/lib/libcrypto/man/RSA_new.3 (revision 279126) -+++ secure/lib/libcrypto/man/RSA_new.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "RSA_new 3" --.TH RSA_new 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH RSA_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 -=================================================================== ---- secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 (revision 279126) -+++ secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "RSA_padding_add_PKCS1_type_1 3" --.TH RSA_padding_add_PKCS1_type_1 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH RSA_padding_add_PKCS1_type_1 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/RSA_print.3 -=================================================================== ---- secure/lib/libcrypto/man/RSA_print.3 (revision 279126) -+++ secure/lib/libcrypto/man/RSA_print.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "RSA_print 3" --.TH RSA_print 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH RSA_print 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/RSA_private_encrypt.3 -=================================================================== ---- secure/lib/libcrypto/man/RSA_private_encrypt.3 (revision 279126) -+++ secure/lib/libcrypto/man/RSA_private_encrypt.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "RSA_private_encrypt 3" --.TH RSA_private_encrypt 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH RSA_private_encrypt 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/RSA_public_encrypt.3 -=================================================================== ---- secure/lib/libcrypto/man/RSA_public_encrypt.3 (revision 279126) -+++ secure/lib/libcrypto/man/RSA_public_encrypt.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "RSA_public_encrypt 3" --.TH RSA_public_encrypt 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH RSA_public_encrypt 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -154,7 +163,7 @@ session key) using the public key \fBrsa\fR and st - \&\s-1PKCS\s0 #1 v1.5 padding. This currently is the most widely used mode. - .IP "\s-1RSA_PKCS1_OAEP_PADDING\s0" 4 - .IX Item "RSA_PKCS1_OAEP_PADDING" --EME-OAEP as defined in \s-1PKCS\s0 #1 v2.0 with \s-1SHA\-1\s0, \s-1MGF1\s0 and an empty -+EME-OAEP as defined in \s-1PKCS\s0 #1 v2.0 with \s-1SHA\-1, MGF1\s0 and an empty - encoding parameter. This mode is recommended for all new applications. - .IP "\s-1RSA_SSLV23_PADDING\s0" 4 - .IX Item "RSA_SSLV23_PADDING" -@@ -168,7 +177,7 @@ Encrypting user data directly with \s-1RSA\s0 is i - .PP - \&\fBflen\fR must be less than RSA_size(\fBrsa\fR) \- 11 for the \s-1PKCS\s0 #1 v1.5 - based padding modes, less than RSA_size(\fBrsa\fR) \- 41 for --\&\s-1RSA_PKCS1_OAEP_PADDING\s0 and exactly RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING\s0. -+\&\s-1RSA_PKCS1_OAEP_PADDING\s0 and exactly RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING.\s0 - The random number generator must be seeded prior to calling - \&\fIRSA_public_encrypt()\fR. - .PP -@@ -187,7 +196,7 @@ On error, \-1 is returned; the error codes can be - obtained by \fIERR_get_error\fR\|(3). - .SH "CONFORMING TO" - .IX Header "CONFORMING TO" --\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0 -+\&\s-1SSL, PKCS\s0 #1 v2.0 - .SH "SEE ALSO" - .IX Header "SEE ALSO" - \&\fIERR_get_error\fR\|(3), \fIrand\fR\|(3), \fIrsa\fR\|(3), -Index: secure/lib/libcrypto/man/RSA_set_method.3 -=================================================================== ---- secure/lib/libcrypto/man/RSA_set_method.3 (revision 279126) -+++ secure/lib/libcrypto/man/RSA_set_method.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "RSA_set_method 3" --.TH RSA_set_method 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH RSA_set_method 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -159,7 +168,7 @@ RSA_new_method \- select RSA method - An \fB\s-1RSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1RSA\s0 - operations. By modifying the method, alternative implementations such as - hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for --important information about how these \s-1RSA\s0 \s-1API\s0 functions are affected by the -+important information about how these \s-1RSA API\s0 functions are affected by the - use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. - .PP - Initially, the default \s-1RSA_METHOD\s0 is the OpenSSL internal implementation, -@@ -167,16 +176,16 @@ as returned by \fIRSA_PKCS1_SSLeay()\fR. - .PP - \&\fIRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0 - structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has --been set as a default for \s-1RSA\s0, so this function is no longer recommended. -+been set as a default for \s-1RSA,\s0 so this function is no longer recommended. - .PP - \&\fIRSA_get_default_method()\fR returns a pointer to the current default --\&\s-1RSA_METHOD\s0. However, the meaningfulness of this result is dependent on --whether the \s-1ENGINE\s0 \s-1API\s0 is being used, so this function is no longer -+\&\s-1RSA_METHOD.\s0 However, the meaningfulness of this result is dependent on -+whether the \s-1ENGINE API\s0 is being used, so this function is no longer - recommended. - .PP - \&\fIRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key - \&\fBrsa\fR. This will replace the \s-1RSA_METHOD\s0 used by the \s-1RSA\s0 key and if the --previous method was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will -+previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will - be released during the change. It is possible to have \s-1RSA\s0 keys that only - work with certain \s-1RSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module - that supports embedded hardware-protected keys), and in such cases -@@ -190,10 +199,10 @@ it is, the return value can only be guaranteed to - \&\fIRSA_set_method()\fR. - .PP - \&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current --\&\s-1RSA_METHOD\s0. See the \s-1BUGS\s0 section. -+\&\s-1RSA_METHOD.\s0 See the \s-1BUGS\s0 section. - .PP - \&\fIRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that --\&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL\s0, the -+\&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the - default \s-1ENGINE\s0 for \s-1RSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, - the \s-1RSA_METHOD\s0 controlled by \fIRSA_set_default_method()\fR is used. - .PP -@@ -253,14 +262,18 @@ the default method is used. - \& /* sign. For backward compatibility, this is used only - \& * if (flags & RSA_FLAG_SIGN_VER) - \& */ --\& int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len, --\& unsigned char *sigret, unsigned int *siglen, RSA *rsa); --\& -+\& int (*rsa_sign)(int type, -+\& const unsigned char *m, unsigned int m_length, -+\& unsigned char *sigret, unsigned int *siglen, const RSA *rsa); - \& /* verify. For backward compatibility, this is used only - \& * if (flags & RSA_FLAG_SIGN_VER) - \& */ --\& int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len, --\& unsigned char *sigbuf, unsigned int siglen, RSA *rsa); -+\& int (*rsa_verify)(int dtype, -+\& const unsigned char *m, unsigned int m_length, -+\& const unsigned char *sigbuf, unsigned int siglen, -+\& const RSA *rsa); -+\& /* keygen. If NULL builtin RSA key generation will be used */ -+\& int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); - \& - \& } RSA_METHOD; - .Ve -@@ -273,7 +286,7 @@ and \fIRSA_get_method()\fR return pointers to the - .PP - \&\fIRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation - that was replaced. However, this return value should probably be ignored --because if it was supplied by an \s-1ENGINE\s0, the pointer could be invalidated -+because if it was supplied by an \s-1ENGINE,\s0 the pointer could be invalidated - at any time if the \s-1ENGINE\s0 is unloaded (in fact it could be unloaded as a - result of the \fIRSA_set_method()\fR function releasing its handle to the - \&\s-1ENGINE\s0). For this reason, the return type may be replaced with a \fBvoid\fR -@@ -285,10 +298,10 @@ it returns a pointer to the newly allocated struct - .SH "NOTES" - .IX Header "NOTES" - As of version 0.9.7, \s-1RSA_METHOD\s0 implementations are grouped together with --other algorithmic APIs (eg. \s-1DSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) into \fB\s-1ENGINE\s0\fR -+other algorithmic APIs (eg. \s-1DSA_METHOD, EVP_CIPHER,\s0 etc) into \fB\s-1ENGINE\s0\fR - modules. If a default \s-1ENGINE\s0 is specified for \s-1RSA\s0 functionality using an --\&\s-1ENGINE\s0 \s-1API\s0 function, that will override any \s-1RSA\s0 defaults set using the \s-1RSA\s0 --\&\s-1API\s0 (ie. \fIRSA_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the -+\&\s-1ENGINE API\s0 function, that will override any \s-1RSA\s0 defaults set using the \s-1RSA -+API \s0(ie. \fIRSA_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the - recommended way to control default implementations for use in \s-1RSA\s0 and other - cryptographic algorithms. - .SH "BUGS" -@@ -316,9 +329,9 @@ added in OpenSSL 0.9.4. - replaced \fIRSA_set_default_method()\fR and \fIRSA_get_default_method()\fR - respectively, and \fIRSA_set_method()\fR and \fIRSA_new_method()\fR were altered to use - \&\fB\s-1ENGINE\s0\fRs rather than \fB\s-1RSA_METHOD\s0\fRs during development of the engine --version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the \s-1ENGINE\s0 --\&\s-1API\s0 was restructured so that this change was reversed, and behaviour of the -+version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the \s-1ENGINE -+API\s0 was restructured so that this change was reversed, and behaviour of the - other functions resembled more closely the previous behaviour. The --behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now transparently overrides the --behaviour of defaults in the \s-1RSA\s0 \s-1API\s0 without requiring changing these -+behaviour of defaults in the \s-1ENGINE API\s0 now transparently overrides the -+behaviour of defaults in the \s-1RSA API\s0 without requiring changing these - function prototypes. -Index: secure/lib/libcrypto/man/RSA_sign.3 -=================================================================== ---- secure/lib/libcrypto/man/RSA_sign.3 (revision 279126) -+++ secure/lib/libcrypto/man/RSA_sign.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "RSA_sign 3" --.TH RSA_sign 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH RSA_sign 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -148,6 +157,10 @@ RSA_sign, RSA_verify \- RSA signatures - private key \fBrsa\fR as specified in \s-1PKCS\s0 #1 v2.0. It stores the - signature in \fBsigret\fR and the signature size in \fBsiglen\fR. \fBsigret\fR - must point to RSA_size(\fBrsa\fR) bytes of memory. -+Note that \s-1PKCS\s0 #1 adds meta-data, placing limits on the size of the -+key that can be used. -+See \fIRSA_private_encrypt\fR\|(3) for lower-level -+operations. - .PP - \&\fBtype\fR denotes the message digest algorithm that was used to generate - \&\fBm\fR. It usually is one of \fBNID_sha1\fR, \fBNID_ripemd160\fR and \fBNID_md5\fR; -@@ -171,7 +184,7 @@ Certain signatures with an improper algorithm iden - for compatibility with SSLeay 0.4.5 :\-) - .SH "CONFORMING TO" - .IX Header "CONFORMING TO" --\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0 -+\&\s-1SSL, PKCS\s0 #1 v2.0 - .SH "SEE ALSO" - .IX Header "SEE ALSO" - \&\fIERR_get_error\fR\|(3), \fIobjects\fR\|(3), -Index: secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 -=================================================================== ---- secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 (revision 279126) -+++ secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "RSA_sign_ASN1_OCTET_STRING 3" --.TH RSA_sign_ASN1_OCTET_STRING 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH RSA_sign_ASN1_OCTET_STRING 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/RSA_size.3 -=================================================================== ---- secure/lib/libcrypto/man/RSA_size.3 (revision 279126) -+++ secure/lib/libcrypto/man/RSA_size.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "RSA_size 3" --.TH RSA_size 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH RSA_size 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/SMIME_read_PKCS7.3 -=================================================================== ---- secure/lib/libcrypto/man/SMIME_read_PKCS7.3 (revision 279126) -+++ secure/lib/libcrypto/man/SMIME_read_PKCS7.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SMIME_read_PKCS7 3" --.TH SMIME_read_PKCS7 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SMIME_read_PKCS7 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/SMIME_write_PKCS7.3 -=================================================================== ---- secure/lib/libcrypto/man/SMIME_write_PKCS7.3 (revision 279126) -+++ secure/lib/libcrypto/man/SMIME_write_PKCS7.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SMIME_write_PKCS7 3" --.TH SMIME_write_PKCS7 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SMIME_write_PKCS7 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 -=================================================================== ---- secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 (revision 279126) -+++ secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "X509_NAME_ENTRY_get_object 3" --.TH X509_NAME_ENTRY_get_object 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH X509_NAME_ENTRY_get_object 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 -=================================================================== ---- secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 (revision 279126) -+++ secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "X509_NAME_add_entry_by_txt 3" --.TH X509_NAME_add_entry_by_txt 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH X509_NAME_add_entry_by_txt 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -151,7 +160,7 @@ X509_NAME_add_entry, X509_NAME_delete_entry \- X50 - .IX Header "DESCRIPTION" - \&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR and - \&\fIX509_NAME_add_entry_by_NID()\fR add a field whose name is defined --by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID\s0 \fBnid\fR respectively. -+by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID \s0\fBnid\fR respectively. - The field value to be added is in \fBbytes\fR of length \fBlen\fR. If - \&\fBlen\fR is \-1 then the field length is calculated internally using - strlen(bytes). -Index: secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 -=================================================================== ---- secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 (revision 279126) -+++ secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "X509_NAME_get_index_by_NID 3" --.TH X509_NAME_get_index_by_NID 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH X509_NAME_get_index_by_NID 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -151,7 +160,7 @@ X509_NAME lookup and enumeration functions - .IX Header "DESCRIPTION" - These functions allow an \fBX509_NAME\fR structure to be examined. The - \&\fBX509_NAME\fR structure is the same as the \fBName\fR type defined in --\&\s-1RFC2459\s0 (and elsewhere) and used for example in certificate subject -+\&\s-1RFC2459 \s0(and elsewhere) and used for example in certificate subject - and issuer names. - .PP - \&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR retrieve -Index: secure/lib/libcrypto/man/X509_NAME_print_ex.3 -=================================================================== ---- secure/lib/libcrypto/man/X509_NAME_print_ex.3 (revision 279126) -+++ secure/lib/libcrypto/man/X509_NAME_print_ex.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "X509_NAME_print_ex 3" --.TH X509_NAME_print_ex 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH X509_NAME_print_ex 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -144,7 +153,7 @@ X509_NAME_oneline \- X509_NAME printing routines. - .Ve - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" --\&\fIX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO\s0 \fBout\fR. Each -+\&\fIX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO \s0\fBout\fR. Each - line (for multiline formats) is indented by \fBindent\fR spaces. The output format - can be extensively customised by use of the \fBflags\fR parameter. - .PP -@@ -169,7 +178,7 @@ Although there are a large number of possible flag - \&\fB\s-1XN_FLAG_ONELINE\s0\fR, \fB\s-1XN_FLAG_MULTILINE\s0\fR or \fB\s-1XN_FLAG_RFC2253\s0\fR will suffice. - As noted on the \fIASN1_STRING_print_ex\fR\|(3) manual page - for \s-1UTF8\s0 terminals the \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR should be unset: so for example --\&\fB\s-1XN_FLAG_ONELINE\s0 & ~ASN1_STRFLGS_ESC_MSB\fR would be used. -+\&\fB\s-1XN_FLAG_ONELINE &\s0 ~ASN1_STRFLGS_ESC_MSB\fR would be used. - .PP - The complete set of the flags supported by \fIX509_NAME_print_ex()\fR is listed below. - .PP -@@ -178,7 +187,7 @@ Several options can be ored together. - The options \fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR, \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR, - \&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR and \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR determine the field separators - to use. Two distinct separators are used between distinct RelativeDistinguishedName --components and separate values in the same \s-1RDN\s0 for a multi-valued \s-1RDN\s0. Multi-valued -+components and separate values in the same \s-1RDN\s0 for a multi-valued \s-1RDN.\s0 Multi-valued - RDNs are currently very rare so the second separator will hardly ever be used. - .PP - \&\fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR uses comma and plus as separators. \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR -Index: secure/lib/libcrypto/man/X509_new.3 -=================================================================== ---- secure/lib/libcrypto/man/X509_new.3 (revision 279126) -+++ secure/lib/libcrypto/man/X509_new.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "X509_new 3" --.TH X509_new 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH X509_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/bio.3 -=================================================================== ---- secure/lib/libcrypto/man/bio.3 (revision 279126) -+++ secure/lib/libcrypto/man/bio.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "bio 3" --.TH bio 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH bio 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -145,10 +154,10 @@ details from an application. If an application use - I/O it can transparently handle \s-1SSL\s0 connections, unencrypted network - connections and file I/O. - .PP --There are two type of \s-1BIO\s0, a source/sink \s-1BIO\s0 and a filter \s-1BIO\s0. -+There are two type of \s-1BIO,\s0 a source/sink \s-1BIO\s0 and a filter \s-1BIO.\s0 - .PP - As its name implies a source/sink \s-1BIO\s0 is a source and/or sink of data, --examples include a socket \s-1BIO\s0 and a file \s-1BIO\s0. -+examples include a socket \s-1BIO\s0 and a file \s-1BIO.\s0 - .PP - A filter \s-1BIO\s0 takes data from one \s-1BIO\s0 and passes it through to - another, or the application. The data may be left unmodified (for -Index: secure/lib/libcrypto/man/blowfish.3 -=================================================================== ---- secure/lib/libcrypto/man/blowfish.3 (revision 279126) -+++ secure/lib/libcrypto/man/blowfish.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "blowfish 3" --.TH blowfish 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH blowfish 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -161,9 +170,9 @@ by Counterpane (see http://www.counterpane.com/blo - Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data. - It uses a variable size key, but typically, 128 bit (16 byte) keys are - considered good for strong encryption. Blowfish can be used in the same --modes as \s-1DES\s0 (see \fIdes_modes\fR\|(7)). Blowfish is currently one --of the faster block ciphers. It is quite a bit faster than \s-1DES\s0, and much --faster than \s-1IDEA\s0 or \s-1RC2\s0. -+modes as \s-1DES \s0(see \fIdes_modes\fR\|(7)). Blowfish is currently one -+of the faster block ciphers. It is quite a bit faster than \s-1DES,\s0 and much -+faster than \s-1IDEA\s0 or \s-1RC2.\s0 - .PP - Blowfish consists of a key setup phase and the actual encryption or decryption - phase. -@@ -183,7 +192,7 @@ all operate on variable length data. They all tak - \&\fBivec\fR which needs to be passed along into the next call of the same function - for the same message. \fBivec\fR may be initialized with anything, but the - recipient needs to know what it was initialized with, or it won't be able --to decrypt. Some programs and protocols simplify this, like \s-1SSH\s0, where -+to decrypt. Some programs and protocols simplify this, like \s-1SSH,\s0 where - \&\fBivec\fR is simply initialized to zero. - \&\fIBF_cbc_encrypt()\fR operates on data that is a multiple of 8 bytes long, while - \&\fIBF_cfb64_encrypt()\fR and \fIBF_ofb64_encrypt()\fR are used to encrypt an variable -Index: secure/lib/libcrypto/man/bn.3 -=================================================================== ---- secure/lib/libcrypto/man/bn.3 (revision 279126) -+++ secure/lib/libcrypto/man/bn.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "bn 3" --.TH bn 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH bn 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/bn_internal.3 -=================================================================== ---- secure/lib/libcrypto/man/bn_internal.3 (revision 279126) -+++ secure/lib/libcrypto/man/bn_internal.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "bn_internal 3" --.TH bn_internal 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH bn_internal 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/buffer.3 -=================================================================== ---- secure/lib/libcrypto/man/buffer.3 (revision 279126) -+++ secure/lib/libcrypto/man/buffer.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "buffer 3" --.TH buffer 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH buffer 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/crypto.3 -=================================================================== ---- secure/lib/libcrypto/man/crypto.3 (revision 279126) -+++ secure/lib/libcrypto/man/crypto.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "crypto 3" --.TH crypto 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH crypto 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -137,8 +146,8 @@ crypto \- OpenSSL cryptographic library - .IX Header "DESCRIPTION" - The OpenSSL \fBcrypto\fR library implements a wide range of cryptographic - algorithms used in various Internet standards. The services provided --by this library are used by the OpenSSL implementations of \s-1SSL\s0, \s-1TLS\s0 --and S/MIME, and they have also been used to implement \s-1SSH\s0, OpenPGP, and -+by this library are used by the OpenSSL implementations of \s-1SSL, TLS\s0 -+and S/MIME, and they have also been used to implement \s-1SSH,\s0 OpenPGP, and - other cryptographic standards. - .SH "OVERVIEW" - .IX Header "OVERVIEW" -@@ -148,30 +157,30 @@ individual algorithms. - The functionality includes symmetric encryption, public key - cryptography and key agreement, certificate handling, cryptographic - hash functions and a cryptographic pseudo-random number generator. --.IP "\s-1SYMMETRIC\s0 \s-1CIPHERS\s0" 4 -+.IP "\s-1SYMMETRIC CIPHERS\s0" 4 - .IX Item "SYMMETRIC CIPHERS" - \&\fIblowfish\fR\|(3), \fIcast\fR\|(3), \fIdes\fR\|(3), - \&\fIidea\fR\|(3), \fIrc2\fR\|(3), \fIrc4\fR\|(3), \fIrc5\fR\|(3) --.IP "\s-1PUBLIC\s0 \s-1KEY\s0 \s-1CRYPTOGRAPHY\s0 \s-1AND\s0 \s-1KEY\s0 \s-1AGREEMENT\s0" 4 -+.IP "\s-1PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT\s0" 4 - .IX Item "PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT" - \&\fIdsa\fR\|(3), \fIdh\fR\|(3), \fIrsa\fR\|(3) - .IP "\s-1CERTIFICATES\s0" 4 - .IX Item "CERTIFICATES" - \&\fIx509\fR\|(3), \fIx509v3\fR\|(3) --.IP "\s-1AUTHENTICATION\s0 \s-1CODES\s0, \s-1HASH\s0 \s-1FUNCTIONS\s0" 4 -+.IP "\s-1AUTHENTICATION CODES, HASH FUNCTIONS\s0" 4 - .IX Item "AUTHENTICATION CODES, HASH FUNCTIONS" - \&\fIhmac\fR\|(3), \fImd2\fR\|(3), \fImd4\fR\|(3), - \&\fImd5\fR\|(3), \fImdc2\fR\|(3), \fIripemd\fR\|(3), - \&\fIsha\fR\|(3) --.IP "\s-1AUXILIARY\s0 \s-1FUNCTIONS\s0" 4 -+.IP "\s-1AUXILIARY FUNCTIONS\s0" 4 - .IX Item "AUXILIARY FUNCTIONS" - \&\fIerr\fR\|(3), \fIthreads\fR\|(3), \fIrand\fR\|(3), - \&\s-1\fIOPENSSL_VERSION_NUMBER\s0\fR\|(3) --.IP "\s-1INPUT/OUTPUT\s0, \s-1DATA\s0 \s-1ENCODING\s0" 4 -+.IP "\s-1INPUT/OUTPUT, DATA ENCODING\s0" 4 - .IX Item "INPUT/OUTPUT, DATA ENCODING" - \&\fIasn1\fR\|(3), \fIbio\fR\|(3), \fIevp\fR\|(3), \fIpem\fR\|(3), - \&\fIpkcs7\fR\|(3), \fIpkcs12\fR\|(3) --.IP "\s-1INTERNAL\s0 \s-1FUNCTIONS\s0" 4 -+.IP "\s-1INTERNAL FUNCTIONS\s0" 4 - .IX Item "INTERNAL FUNCTIONS" - \&\fIbn\fR\|(3), \fIbuffer\fR\|(3), \fIlhash\fR\|(3), - \&\fIobjects\fR\|(3), \fIstack\fR\|(3), -Index: secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 -=================================================================== ---- secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 (revision 279126) -+++ secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "d2i_ASN1_OBJECT 3" --.TH d2i_ASN1_OBJECT 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH d2i_ASN1_OBJECT 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -141,7 +150,7 @@ d2i_ASN1_OBJECT, i2d_ASN1_OBJECT \- ASN1 OBJECT ID - .Ve - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" --These functions decode and encode an \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0. -+These functions decode and encode an \s-1ASN1 OBJECT IDENTIFIER.\s0 - .PP - Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR - described in the \fId2i_X509\fR\|(3) manual page. -Index: secure/lib/libcrypto/man/d2i_DHparams.3 -=================================================================== ---- secure/lib/libcrypto/man/d2i_DHparams.3 (revision 279126) -+++ secure/lib/libcrypto/man/d2i_DHparams.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "d2i_DHparams 3" --.TH d2i_DHparams 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH d2i_DHparams 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/d2i_DSAPublicKey.3 -=================================================================== ---- secure/lib/libcrypto/man/d2i_DSAPublicKey.3 (revision 279126) -+++ secure/lib/libcrypto/man/d2i_DSAPublicKey.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "d2i_DSAPublicKey 3" --.TH d2i_DSAPublicKey 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH d2i_DSAPublicKey 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -171,10 +180,10 @@ a SubjectPublicKeyInfo (certificate public key) st - components. - .PP - \&\fId2i_DSAparams()\fR, \fIi2d_DSAparams()\fR decode and encode the \s-1DSA\s0 parameters using --a \fBDss-Parms\fR structure as defined in \s-1RFC2459\s0. -+a \fBDss-Parms\fR structure as defined in \s-1RFC2459.\s0 - .PP - \&\fId2i_DSA_SIG()\fR, \fIi2d_DSA_SIG()\fR decode and encode a \s-1DSA\s0 signature using a --\&\fBDss-Sig-Value\fR structure as defined in \s-1RFC2459\s0. -+\&\fBDss-Sig-Value\fR structure as defined in \s-1RFC2459.\s0 - .PP - The usage of all of these functions is similar to the \fId2i_X509()\fR and - \&\fIi2d_X509()\fR described in the \fId2i_X509\fR\|(3) manual page. -Index: secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 -=================================================================== ---- secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 (revision 279126) -+++ secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "d2i_PKCS8PrivateKey 3" --.TH d2i_PKCS8PrivateKey 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH d2i_PKCS8PrivateKey 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/d2i_RSAPublicKey.3 -=================================================================== ---- secure/lib/libcrypto/man/d2i_RSAPublicKey.3 (revision 279126) -+++ secure/lib/libcrypto/man/d2i_RSAPublicKey.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "d2i_RSAPublicKey 3" --.TH d2i_RSAPublicKey 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH d2i_RSAPublicKey 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/d2i_X509.3 -=================================================================== ---- secure/lib/libcrypto/man/d2i_X509.3 (revision 279126) -+++ secure/lib/libcrypto/man/d2i_X509.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "d2i_X509 3" --.TH d2i_X509 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH d2i_X509 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -172,23 +181,23 @@ case \fB*out\fR is not incremented and it points t - data just written. - .PP - \&\fId2i_X509_bio()\fR is similar to \fId2i_X509()\fR except it attempts --to parse data from \s-1BIO\s0 \fBbp\fR. -+to parse data from \s-1BIO \s0\fBbp\fR. - .PP - \&\fId2i_X509_fp()\fR is similar to \fId2i_X509()\fR except it attempts - to parse data from \s-1FILE\s0 pointer \fBfp\fR. - .PP - \&\fIi2d_X509_bio()\fR is similar to \fIi2d_X509()\fR except it writes --the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it -+the encoding of the structure \fBx\fR to \s-1BIO \s0\fBbp\fR and it - returns 1 for success and 0 for failure. - .PP - \&\fIi2d_X509_fp()\fR is similar to \fIi2d_X509()\fR except it writes --the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it -+the encoding of the structure \fBx\fR to \s-1BIO \s0\fBbp\fR and it - returns 1 for success and 0 for failure. - .SH "NOTES" - .IX Header "NOTES" - The letters \fBi\fR and \fBd\fR in for example \fBi2d_X509\fR stand for --\&\*(L"internal\*(R" (that is an internal C structure) and \*(L"\s-1DER\s0\*(R". So that --\&\fBi2d_X509\fR converts from internal to \s-1DER\s0. -+\&\*(L"internal\*(R" (that is an internal C structure) and \*(L"\s-1DER\*(R".\s0 So that -+\&\fBi2d_X509\fR converts from internal to \s-1DER.\s0 - .PP - The functions can also understand \fB\s-1BER\s0\fR forms. - .PP -Index: secure/lib/libcrypto/man/d2i_X509_ALGOR.3 -=================================================================== ---- secure/lib/libcrypto/man/d2i_X509_ALGOR.3 (revision 279126) -+++ secure/lib/libcrypto/man/d2i_X509_ALGOR.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "d2i_X509_ALGOR 3" --.TH d2i_X509_ALGOR 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH d2i_X509_ALGOR 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/d2i_X509_CRL.3 -=================================================================== ---- secure/lib/libcrypto/man/d2i_X509_CRL.3 (revision 279126) -+++ secure/lib/libcrypto/man/d2i_X509_CRL.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "d2i_X509_CRL 3" --.TH d2i_X509_CRL 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH d2i_X509_CRL 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -148,7 +157,7 @@ i2d_X509_CRL_bio, i2d_X509_CRL_fp \- PKCS#10 certi - .Ve - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" --These functions decode and encode an X509 \s-1CRL\s0 (certificate revocation -+These functions decode and encode an X509 \s-1CRL \s0(certificate revocation - list). - .PP - Othewise the functions behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR -Index: secure/lib/libcrypto/man/d2i_X509_NAME.3 -=================================================================== ---- secure/lib/libcrypto/man/d2i_X509_NAME.3 (revision 279126) -+++ secure/lib/libcrypto/man/d2i_X509_NAME.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "d2i_X509_NAME 3" --.TH d2i_X509_NAME 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH d2i_X509_NAME 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -142,7 +151,7 @@ d2i_X509_NAME, i2d_X509_NAME \- X509_NAME encoding - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" - These functions decode and encode an \fBX509_NAME\fR structure which is the --the same as the \fBName\fR type defined in \s-1RFC2459\s0 (and elsewhere) and used -+the same as the \fBName\fR type defined in \s-1RFC2459 \s0(and elsewhere) and used - for example in certificate subject and issuer names. - .PP - Othewise the functions behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR -Index: secure/lib/libcrypto/man/d2i_X509_REQ.3 -=================================================================== ---- secure/lib/libcrypto/man/d2i_X509_REQ.3 (revision 279126) -+++ secure/lib/libcrypto/man/d2i_X509_REQ.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "d2i_X509_REQ 3" --.TH d2i_X509_REQ 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH d2i_X509_REQ 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/d2i_X509_SIG.3 -=================================================================== ---- secure/lib/libcrypto/man/d2i_X509_SIG.3 (revision 279126) -+++ secure/lib/libcrypto/man/d2i_X509_SIG.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "d2i_X509_SIG 3" --.TH d2i_X509_SIG 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH d2i_X509_SIG 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/des.3 -=================================================================== ---- secure/lib/libcrypto/man/des.3 (revision 279126) -+++ secure/lib/libcrypto/man/des.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "des 3" --.TH des 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH des 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -263,9 +272,8 @@ depend on a global variable. - .PP - \&\fIDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd. - .PP --\&\fIDES_is_weak_key()\fR returns 1 is the passed key is a weak key, 0 if it --is ok. The probability that a randomly generated key is weak is --1/2^52, so it is not really worth checking for them. -+\&\fIDES_is_weak_key()\fR returns 1 if the passed key is a weak key, 0 if it -+is ok. - .PP - The following routines mostly operate on an input and output stream of - \&\fIDES_cblock\fRs. -@@ -293,7 +301,7 @@ The macro \fIDES_ecb2_encrypt()\fR is provided to - encryption by using \fIks1\fR for the final encryption. - .PP - \&\fIDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR --(\s-1CBC\s0) mode of \s-1DES\s0. If the \fIencrypt\fR argument is non-zero, the -+(\s-1CBC\s0) mode of \s-1DES. \s0 If the \fIencrypt\fR argument is non-zero, the - routine cipher-block-chain encrypts the cleartext data pointed to by - the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR - argument, using the key schedule provided by the \fIschedule\fR argument, -@@ -302,14 +310,14 @@ and initialization vector provided by the \fIivec\ - last block is copied to a temporary area and zero filled. The output - is always an integral multiple of eight bytes. - .PP --\&\fIDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES\s0. It uses \fIinw\fR and -+\&\fIDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES. \s0 It uses \fIinw\fR and - \&\fIoutw\fR to 'whiten' the encryption. \fIinw\fR and \fIoutw\fR are secret - (unlike the iv) and are as such, part of the key. So the key is sort --of 24 bytes. This is much better than \s-1CBC\s0 \s-1DES\s0. -+of 24 bytes. This is much better than \s-1CBC DES.\s0 - .PP --\&\fIDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC\s0 \s-1DES\s0 encryption with -+\&\fIDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC DES\s0 encryption with - three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is --really an \f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL\s0. -+an \f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL.\s0 - .PP - The \fIDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by - reusing \fIks1\fR for the final encryption. \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR. -@@ -324,7 +332,7 @@ method takes an array of characters as input and o - characters. It does not require any padding to 8 character groups. - Note: the \fIivec\fR variable is changed and the new changed value needs to - be passed to the next call to this function. Since this function runs --a complete \s-1DES\s0 \s-1ECB\s0 encryption per \fInumbits\fR, this function is only -+a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only - suggested for use when sending small numbers of characters. - .PP - \&\fIDES_cfb64_encrypt()\fR -@@ -333,7 +341,7 @@ useful you ask? Because this routine will allow y - arbitrary number of bytes, no 8 byte padding. Each call to this - routine will encrypt the input bytes to output and then update ivec - and num. num contains 'how far' we are though ivec. If this does --not make much sense, read more about cfb mode of \s-1DES\s0 :\-). -+not make much sense, read more about cfb mode of \s-1DES :\-\s0). - .PP - \&\fIDES_ede3_cfb64_encrypt()\fR and \fIDES_ede2_cfb64_encrypt()\fR is the same as - \&\fIDES_cfb64_encrypt()\fR except that Triple-DES is used. -@@ -343,7 +351,7 @@ takes an array of characters as input and outputs - characters. It does not require any padding to 8 character groups. - Note: the \fIivec\fR variable is changed and the new changed value needs to - be passed to the next call to this function. Since this function runs --a complete \s-1DES\s0 \s-1ECB\s0 encryption per numbits, this function is only -+a complete \s-1DES ECB\s0 encryption per numbits, this function is only - suggested for use when sending small numbers of characters. - .PP - \&\fIDES_ofb64_encrypt()\fR is the same as \fIDES_cfb64_encrypt()\fR using Output -@@ -397,7 +405,7 @@ the key schedule and \fIiv\fR for the initial vect - \&\fBWarning:\fR The data format used by \fIDES_enc_write()\fR and \fIDES_enc_read()\fR - has a cryptographic weakness: When asked to write more than \s-1MAXWRITE\s0 - bytes, \fIDES_enc_write()\fR will split the data into several chunks that --are all encrypted using the same \s-1IV\s0. So don't use these functions -+are all encrypted using the same \s-1IV. \s0 So don't use these functions - unless you are sure you know what you do (in which case you might not - want to use them anyway). They cannot handle non-blocking sockets. - \&\fIDES_enc_read()\fR uses an internal state and thus cannot be used on -@@ -435,7 +443,7 @@ get ugly! - The same applies for \fIDES_string_to_2key()\fR. - .SH "CONFORMING TO" - .IX Header "CONFORMING TO" --\&\s-1ANSI\s0 X3.106 -+\&\s-1ANSI X3.106\s0 - .PP - The \fBdes\fR library was written to be source code compatible with - the \s-1MIT\s0 Kerberos library. -Index: secure/lib/libcrypto/man/dh.3 -=================================================================== ---- secure/lib/libcrypto/man/dh.3 (revision 279126) -+++ secure/lib/libcrypto/man/dh.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "dh 3" --.TH dh 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH dh 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/dsa.3 -=================================================================== ---- secure/lib/libcrypto/man/dsa.3 (revision 279126) -+++ secure/lib/libcrypto/man/dsa.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "dsa 3" --.TH dsa 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH dsa 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -213,7 +222,7 @@ The \fB\s-1DSA\s0\fR structure consists of several - \& DSA; - .Ve - .PP --In public keys, \fBpriv_key\fR is \s-1NULL\s0. -+In public keys, \fBpriv_key\fR is \s-1NULL.\s0 - .PP - Note that \s-1DSA\s0 keys may use non-standard \fB\s-1DSA_METHOD\s0\fR implementations, - either directly or by the use of \fB\s-1ENGINE\s0\fR modules. In some cases (eg. an -@@ -224,8 +233,8 @@ structure elements directly and instead use \s-1AP - modify keys. - .SH "CONFORMING TO" - .IX Header "CONFORMING TO" --\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186 (Digital Signature --Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30 -+\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186 \s0(Digital Signature -+Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0 - .SH "SEE ALSO" - .IX Header "SEE ALSO" - \&\fIbn\fR\|(3), \fIdh\fR\|(3), \fIerr\fR\|(3), \fIrand\fR\|(3), -Index: secure/lib/libcrypto/man/ecdsa.3 -=================================================================== ---- secure/lib/libcrypto/man/ecdsa.3 (revision 279126) -+++ secure/lib/libcrypto/man/ecdsa.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ecdsa 3" --.TH ecdsa 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ecdsa 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -178,7 +187,7 @@ ecdsa \- Elliptic Curve Digital Signature Algorith - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" - The \fB\s-1ECDSA_SIG\s0\fR structure consists of two BIGNUMs for the --r and s value of a \s-1ECDSA\s0 signature (see X9.62 or \s-1FIPS\s0 186\-2). -+r and s value of a \s-1ECDSA\s0 signature (see X9.62 or \s-1FIPS 186\-2\s0). - .PP - .Vb 5 - \& struct -@@ -195,7 +204,7 @@ function also allocates the BIGNUMs) and initializ - .PP - \&\fIi2d_ECDSA_SIG()\fR creates the \s-1DER\s0 encoding of the \s-1ECDSA\s0 signature - \&\fBsig\fR and writes the encoded signature to \fB*pp\fR (note: if \fBpp\fR --is \s-1NULL\s0 \fBi2d_ECDSA_SIG\fR returns the expected length in bytes of -+is \s-1NULL \s0\fBi2d_ECDSA_SIG\fR returns the expected length in bytes of - the \s-1DER\s0 encoded signature). \fBi2d_ECDSA_SIG\fR returns the length - of the \s-1DER\s0 encoded signature (or 0 on error). - .PP -@@ -214,7 +223,7 @@ values or returned in \fBkinv\fR and \fBrp\fR and - later call to \fBECDSA_sign_ex\fR or \fBECDSA_do_sign_ex\fR. - .PP - \&\fIECDSA_sign()\fR is wrapper function for ECDSA_sign_ex with \fBkinv\fR --and \fBrp\fR set to \s-1NULL\s0. -+and \fBrp\fR set to \s-1NULL.\s0 - .PP - \&\fIECDSA_sign_ex()\fR computes a digital signature of the \fBdgstlen\fR bytes - hash value \fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR and the optional -@@ -229,7 +238,7 @@ is ignored. - The parameter \fBtype\fR is ignored. - .PP - \&\fIECDSA_do_sign()\fR is wrapper function for ECDSA_do_sign_ex with \fBkinv\fR --and \fBrp\fR set to \s-1NULL\s0. -+and \fBrp\fR set to \s-1NULL.\s0 - .PP - \&\fIECDSA_do_sign_ex()\fR computes a digital signature of the \fBdgst_len\fR - bytes hash value \fBdgst\fR using the private key \fBeckey\fR and the -@@ -327,8 +336,8 @@ and finally evaluate the return value: - .Ve - .SH "CONFORMING TO" - .IX Header "CONFORMING TO" --\&\s-1ANSI\s0 X9.62, \s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186\-2 --(Digital Signature Standard, \s-1DSS\s0) -+\&\s-1ANSI X9.62, US\s0 Federal Information Processing Standard \s-1FIPS 186\-2 -+\&\s0(Digital Signature Standard, \s-1DSS\s0) - .SH "SEE ALSO" - .IX Header "SEE ALSO" - \&\fIdsa\fR\|(3), \fIrsa\fR\|(3) -Index: secure/lib/libcrypto/man/engine.3 -=================================================================== ---- secure/lib/libcrypto/man/engine.3 (revision 279126) -+++ secure/lib/libcrypto/man/engine.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "engine 3" --.TH engine 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH engine 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -308,7 +317,7 @@ implementation includes the following abstractions - .Ve - .SS "Reference counting and handles" - .IX Subsection "Reference counting and handles" --Due to the modular nature of the \s-1ENGINE\s0 \s-1API\s0, pointers to ENGINEs need to be -+Due to the modular nature of the \s-1ENGINE API,\s0 pointers to ENGINEs need to be - treated as handles \- ie. not only as pointers, but also as references to - the underlying \s-1ENGINE\s0 object. Ie. one should obtain a new reference when - making copies of an \s-1ENGINE\s0 pointer if the copies will be used (and -@@ -330,7 +339,7 @@ specialised form of structural reference, because - implicitly contains a structural reference as well \- however to avoid - difficult-to-find programming bugs, it is recommended to treat the two - kinds of reference independently. If you have a functional reference to an --\&\s-1ENGINE\s0, you have a guarantee that the \s-1ENGINE\s0 has been initialised ready to -+\&\s-1ENGINE,\s0 you have a guarantee that the \s-1ENGINE\s0 has been initialised ready to - perform cryptographic operations and will remain uninitialised - until after you have released your reference. - .PP -@@ -338,12 +347,12 @@ until after you have released your reference. - .PP - This basic type of reference is used for instantiating new ENGINEs, - iterating across OpenSSL's internal linked-list of loaded --ENGINEs, reading information about an \s-1ENGINE\s0, etc. Essentially a structural -+ENGINEs, reading information about an \s-1ENGINE,\s0 etc. Essentially a structural - reference is sufficient if you only need to query or manipulate the data of - an \s-1ENGINE\s0 implementation rather than use its functionality. - .PP - The \fIENGINE_new()\fR function returns a structural reference to a new (empty) --\&\s-1ENGINE\s0 object. There are other \s-1ENGINE\s0 \s-1API\s0 functions that return structural -+\&\s-1ENGINE\s0 object. There are other \s-1ENGINE API\s0 functions that return structural - references such as; \fIENGINE_by_id()\fR, \fIENGINE_get_first()\fR, \fIENGINE_get_last()\fR, - \&\fIENGINE_get_next()\fR, \fIENGINE_get_prev()\fR. All structural references should be - released by a corresponding to call to the \fIENGINE_free()\fR function \- the -@@ -350,7 +359,7 @@ released by a corresponding to call to the \fIENGI - \&\s-1ENGINE\s0 object itself will only actually be cleaned up and deallocated when - the last structural reference is released. - .PP --It should also be noted that many \s-1ENGINE\s0 \s-1API\s0 function calls that accept a -+It should also be noted that many \s-1ENGINE API\s0 function calls that accept a - structural reference will internally obtain another reference \- typically - this happens whenever the supplied \s-1ENGINE\s0 will be needed by OpenSSL after - the function has returned. Eg. the function to add a new \s-1ENGINE\s0 to -@@ -375,7 +384,7 @@ the openssl/engine.h header file includes some hin - As mentioned, functional references exist when the cryptographic - functionality of an \s-1ENGINE\s0 is required to be available. A functional - reference can be obtained in one of two ways; from an existing structural --reference to the required \s-1ENGINE\s0, or by asking OpenSSL for the default -+reference to the required \s-1ENGINE,\s0 or by asking OpenSSL for the default - operational \s-1ENGINE\s0 for a given cryptographic purpose. - .PP - To obtain a functional reference from an existing structural reference, -@@ -383,7 +392,7 @@ call the \fIENGINE_init()\fR function. This return - already operational and couldn't be successfully initialised (eg. lack of - system drivers, no special hardware attached, etc), otherwise it will - return non-zero to indicate that the \s-1ENGINE\s0 is now operational and will --have allocated a new \fBfunctional\fR reference to the \s-1ENGINE\s0. All functional -+have allocated a new \fBfunctional\fR reference to the \s-1ENGINE.\s0 All functional - references are released by calling \fIENGINE_finish()\fR (which removes the - implicit structural reference as well). - .PP -@@ -392,7 +401,7 @@ default implementation for a given task, eg. by \f - \&\fIENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next - section, though they are not usually required by application programmers as - they are used automatically when creating and using the relevant --algorithm-specific types in OpenSSL, such as \s-1RSA\s0, \s-1DSA\s0, \s-1EVP_CIPHER_CTX\s0, etc. -+algorithm-specific types in OpenSSL, such as \s-1RSA, DSA, EVP_CIPHER_CTX,\s0 etc. - .SS "Default implementations" - .IX Subsection "Default implementations" - For each supported abstraction, the \s-1ENGINE\s0 code maintains an internal table -@@ -401,7 +410,7 @@ abstraction and which should be used by default. T - registered in the tables and indexed by an 'nid' value, because - abstractions like \s-1EVP_CIPHER\s0 and \s-1EVP_DIGEST\s0 support many distinct - algorithms and modes, and ENGINEs can support arbitrarily many of them. --In the case of other abstractions like \s-1RSA\s0, \s-1DSA\s0, etc, there is only one -+In the case of other abstractions like \s-1RSA, DSA,\s0 etc, there is only one - \&\*(L"algorithm\*(R" so all implementations implicitly register using the same 'nid' - index. - .PP -@@ -410,15 +419,15 @@ when calling RSA_new_method(\s-1NULL\s0)), a \*(L" - \&\s-1ENGINE\s0 subsystem to process the corresponding state table and return a - functional reference to an initialised \s-1ENGINE\s0 whose implementation should be - used. If no \s-1ENGINE\s0 should (or can) be used, it will return \s-1NULL\s0 and the caller --will operate with a \s-1NULL\s0 \s-1ENGINE\s0 handle \- this usually equates to using the -+will operate with a \s-1NULL ENGINE\s0 handle \- this usually equates to using the - conventional software implementation. In the latter case, OpenSSL will from --then on behave the way it used to before the \s-1ENGINE\s0 \s-1API\s0 existed. -+then on behave the way it used to before the \s-1ENGINE API\s0 existed. - .PP - Each state table has a flag to note whether it has processed this - \&\*(L"get_default\*(R" query since the table was last modified, because to process - this question it must iterate across all the registered ENGINEs in the - table trying to initialise each of them in turn, in case one of them is --operational. If it returns a functional reference to an \s-1ENGINE\s0, it will -+operational. If it returns a functional reference to an \s-1ENGINE,\s0 it will - also cache another reference to speed up processing future queries (without - needing to iterate across the table). Likewise, it will cache a \s-1NULL\s0 - response if no \s-1ENGINE\s0 was available so that future queries won't repeat the -@@ -429,7 +438,7 @@ instead the only way for the state table to return - \&\*(L"get_default\*(R" query will be if one is expressly set in the table. Eg. - \&\fIENGINE_set_default_RSA()\fR does the same job as \fIENGINE_register_RSA()\fR except - that it also sets the state table's cached response for the \*(L"get_default\*(R" --query. In the case of abstractions like \s-1EVP_CIPHER\s0, where implementations are -+query. In the case of abstractions like \s-1EVP_CIPHER,\s0 where implementations are - indexed by 'nid', these flags and cached-responses are distinct for each 'nid' - value. - .SS "Application requirements" -@@ -440,7 +449,7 @@ available to the user. The first thing to consider - programmer wishes to make alternative \s-1ENGINE\s0 modules available to the - application and user. OpenSSL maintains an internal linked list of - \&\*(L"visible\*(R" ENGINEs from which it has to operate \- at start-up, this list is --empty and in fact if an application does not call any \s-1ENGINE\s0 \s-1API\s0 calls and -+empty and in fact if an application does not call any \s-1ENGINE API\s0 calls and - it uses static linking against openssl, then the resulting application - binary will not contain any alternative \s-1ENGINE\s0 code at all. So the first - consideration is whether any/all available \s-1ENGINE\s0 implementations should be -@@ -468,13 +477,13 @@ mention an important \s-1API\s0 function; - \& void ENGINE_cleanup(void); - .Ve - .PP --If no \s-1ENGINE\s0 \s-1API\s0 functions are called at all in an application, then there -+If no \s-1ENGINE API\s0 functions are called at all in an application, then there - are no inherent memory leaks to worry about from the \s-1ENGINE\s0 functionality, - however if any ENGINEs are loaded, even if they are never registered or - used, it is necessary to use the \fIENGINE_cleanup()\fR function to - correspondingly cleanup before program exit, if the caller wishes to avoid - memory leaks. This mechanism uses an internal callback registration table --so that any \s-1ENGINE\s0 \s-1API\s0 functionality that knows it requires cleanup can -+so that any \s-1ENGINE API\s0 functionality that knows it requires cleanup can - register its cleanup details to be called during \fIENGINE_cleanup()\fR. This - approach allows \fIENGINE_cleanup()\fR to clean up after any \s-1ENGINE\s0 functionality - at all that your program uses, yet doesn't automatically create linker -@@ -499,9 +508,9 @@ source code to openssl's builtin utilities as guid - \&\fIUsing a specific \s-1ENGINE\s0 implementation\fR - .PP - Here we'll assume an application has been configured by its user or admin --to want to use the \*(L"\s-1ACME\s0\*(R" \s-1ENGINE\s0 if it is available in the version of -+to want to use the \*(L"\s-1ACME\*(R" ENGINE\s0 if it is available in the version of - OpenSSL the application was compiled with. If it is available, it should be --used by default for all \s-1RSA\s0, \s-1DSA\s0, and symmetric cipher operation, otherwise -+used by default for all \s-1RSA, DSA,\s0 and symmetric cipher operation, otherwise - OpenSSL should use its builtin software as per usual. The following code - illustrates how to approach this; - .PP -@@ -574,7 +583,7 @@ so that it can be initialised for use. This could - driver or config files it needs to load, required network addresses, - smart-card identifiers, passwords to initialise protected devices, - logging information, etc etc. This class of commands typically needs to be --passed to an \s-1ENGINE\s0 \fBbefore\fR attempting to initialise it, ie. before -+passed to an \s-1ENGINE \s0\fBbefore\fR attempting to initialise it, ie. before - calling \fIENGINE_init()\fR. The other class of commands consist of settings or - operations that tweak certain behaviour or cause certain operations to take - place, and these commands may work either before or after \fIENGINE_init()\fR, or -@@ -589,8 +598,8 @@ name of the \s-1ENGINE\s0 it wishes to use, a tabl - initialisation, and another table for use after initialisation. Note that - the string-pairs used for control commands consist of a command \*(L"name\*(R" - followed by the command \*(L"parameter\*(R" \- the parameter could be \s-1NULL\s0 in some --cases but the name can not. This function should initialise the \s-1ENGINE\s0 --(issuing the \*(L"pre\*(R" commands beforehand and the \*(L"post\*(R" commands afterwards) -+cases but the name can not. This function should initialise the \s-1ENGINE -+\&\s0(issuing the \*(L"pre\*(R" commands beforehand and the \*(L"post\*(R" commands afterwards) - and set it as the default for everything except \s-1RAND\s0 and then return a - boolean success or failure. - .PP -@@ -639,7 +648,7 @@ failure if the \s-1ENGINE\s0 supported the given c - executing it, if the \s-1ENGINE\s0 doesn't support the command name it will simply - return success without doing anything. In this case we assume the user is - only supplying commands specific to the given \s-1ENGINE\s0 so we set this to --\&\s-1FALSE\s0. -+\&\s-1FALSE.\s0 - .PP - \&\fIDiscovering supported control commands\fR - .PP -@@ -647,14 +656,14 @@ It is possible to discover at run-time the names, - and input parameters of the control commands supported by an \s-1ENGINE\s0 using a - structural reference. Note that some control commands are defined by OpenSSL - itself and it will intercept and handle these control commands on behalf of the --\&\s-1ENGINE\s0, ie. the \s-1ENGINE\s0's \fIctrl()\fR handler is not used for the control command. --openssl/engine.h defines an index, \s-1ENGINE_CMD_BASE\s0, that all control commands -+\&\s-1ENGINE,\s0 ie. the \s-1ENGINE\s0's \fIctrl()\fR handler is not used for the control command. -+openssl/engine.h defines an index, \s-1ENGINE_CMD_BASE,\s0 that all control commands - implemented by ENGINEs should be numbered from. Any command value lower than - this symbol is considered a \*(L"generic\*(R" command is handled directly by the - OpenSSL core routines. - .PP - It is using these \*(L"core\*(R" control commands that one can discover the control --commands implemented by a given \s-1ENGINE\s0, specifically the commands; -+commands implemented by a given \s-1ENGINE,\s0 specifically the commands; - .PP - .Vb 9 - \& #define ENGINE_HAS_CTRL_FUNCTION 10 -@@ -693,7 +702,7 @@ OpenSSL framework code will work with the followin - .PP - If the \s-1ENGINE\s0's array of control commands is empty then all other commands will - fail, otherwise; \s-1ENGINE_CTRL_GET_FIRST_CMD_TYPE\s0 returns the identifier of --the first command supported by the \s-1ENGINE\s0, \s-1ENGINE_GET_NEXT_CMD_TYPE\s0 takes the -+the first command supported by the \s-1ENGINE, ENGINE_GET_NEXT_CMD_TYPE\s0 takes the - identifier of a command supported by the \s-1ENGINE\s0 and returns the next command - identifier or fails if there are no more, \s-1ENGINE_CMD_FROM_NAME\s0 takes a string - name for a command and returns the corresponding identifier or fails if no such -@@ -714,18 +723,18 @@ possible values; - If the \s-1ENGINE_CMD_FLAG_INTERNAL\s0 flag is set, then any other flags are purely - informational to the caller \- this flag will prevent the command being usable - for any higher-level \s-1ENGINE\s0 functions such as \fIENGINE_ctrl_cmd_string()\fR. --\&\*(L"\s-1INTERNAL\s0\*(R" commands are not intended to be exposed to text-based configuration -+\&\*(L"\s-1INTERNAL\*(R"\s0 commands are not intended to be exposed to text-based configuration - by applications, administrations, users, etc. These can support arbitrary - operations via \fIENGINE_ctrl()\fR, including passing to and/or from the control - commands data of any arbitrary type. These commands are supported in the - discovery mechanisms simply to allow applications determinie if an \s-1ENGINE\s0 - supports certain specific commands it might want to use (eg. application \*(L"foo\*(R" --might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\s0\*(R" \- -+might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\*(R" \-\s0 - and \s-1ENGINE\s0 could therefore decide whether or not to support this \*(L"foo\*(R"\-specific - extension). - .SS "Future developments" - .IX Subsection "Future developments" --The \s-1ENGINE\s0 \s-1API\s0 and internal architecture is currently being reviewed. Slated for -+The \s-1ENGINE API\s0 and internal architecture is currently being reviewed. Slated for - possible release in 0.9.8 is support for transparent loading of \*(L"dynamic\*(R" - ENGINEs (built as self-contained shared-libraries). This would allow \s-1ENGINE\s0 - implementations to be provided independently of OpenSSL libraries and/or -Index: secure/lib/libcrypto/man/err.3 -=================================================================== ---- secure/lib/libcrypto/man/err.3 (revision 279126) -+++ secure/lib/libcrypto/man/err.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "err 3" --.TH err 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH err 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -202,8 +211,8 @@ new error codes to OpenSSL or add error codes from - .SS "Reporting errors" - .IX Subsection "Reporting errors" - Each sub-library has a specific macro \fIXXXerr()\fR that is used to report --errors. Its first argument is a function code \fB\s-1XXX_F_\s0...\fR, the second --argument is a reason code \fB\s-1XXX_R_\s0...\fR. Function codes are derived -+errors. Its first argument is a function code \fB\s-1XXX_F_...\s0\fR, the second -+argument is a reason code \fB\s-1XXX_R_...\s0\fR. Function codes are derived - from the function names; reason codes consist of textual error - descriptions. For example, the function \fIssl23_read()\fR reports a - \&\*(L"handshake failure\*(R" as follows: -@@ -216,7 +225,7 @@ Function and reason codes should consist of upper - numbers and underscores only. The error file generation script translates - function codes into function names by looking in the header files - for an appropriate function name, if none is found it just uses --the capitalized form such as \*(L"\s-1SSL23_READ\s0\*(R" in the above example. -+the capitalized form such as \*(L"\s-1SSL23_READ\*(R"\s0 in the above example. - .PP - The trailing section of a reason code (after the \*(L"_R_\*(R") is translated - into lower case and underscores changed to spaces. -@@ -267,7 +276,7 @@ Typically it will initially look like this: - \& /* BEGIN ERROR CODES */ - .Ve - .PP --The \fB\s-1BEGIN\s0 \s-1ERROR\s0 \s-1CODES\s0\fR sequence is used by the error code -+The \fB\s-1BEGIN ERROR CODES\s0\fR sequence is used by the error code - generation script as the point to place new error codes, any text - after this point will be overwritten when \fBmake errors\fR is run. - The closing #endif etc will be automatically added by the script. -@@ -299,7 +308,6 @@ be obtained by calling ERR_get_err_state_table(voi - ERR_get_string_table(void) respectively. - .SH "SEE ALSO" - .IX Header "SEE ALSO" --\&\fICRYPTO_set_id_callback\fR\|(3), - \&\fICRYPTO_set_locking_callback\fR\|(3), - \&\fIERR_get_error\fR\|(3), - \&\s-1\fIERR_GET_LIB\s0\fR\|(3), -Index: secure/lib/libcrypto/man/evp.3 -=================================================================== ---- secure/lib/libcrypto/man/evp.3 (revision 279126) -+++ secure/lib/libcrypto/man/evp.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "evp 3" --.TH evp 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH evp 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/hmac.3 -=================================================================== ---- secure/lib/libcrypto/man/hmac.3 (revision 279126) -+++ secure/lib/libcrypto/man/hmac.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "hmac 3" --.TH hmac 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH hmac 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -155,7 +164,7 @@ authentication code - .Ve - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" --\&\s-1HMAC\s0 is a \s-1MAC\s0 (message authentication code), i.e. a keyed hash -+\&\s-1HMAC\s0 is a \s-1MAC \s0(message authentication code), i.e. a keyed hash - function used for message authentication, which is based on a hash - function. - .PP -@@ -165,7 +174,7 @@ function. - .PP - It places the result in \fBmd\fR (which must have space for the output of - the hash function, which is no more than \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes). --If \fBmd\fR is \s-1NULL\s0, the digest is placed in a static array. The size of -+If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. The size of - the output is placed in \fBmd_len\fR, unless it is \fB\s-1NULL\s0\fR. - .PP - \&\fBevp_md\fR can be \fIEVP_sha1()\fR, \fIEVP_ripemd160()\fR etc. -@@ -189,7 +198,7 @@ long. It is deprecated and only included for backw - with OpenSSL 0.9.6b. - .PP - \&\fIHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use --the function \fBevp_md\fR and key \fBkey\fR. Either can be \s-1NULL\s0, in which -+the function \fBevp_md\fR and key \fBkey\fR. Either can be \s-1NULL,\s0 in which - case the existing one will be reused. \fIHMAC_CTX_init()\fR must have been - called before the first use of an \fB\s-1HMAC_CTX\s0\fR in this - function. \fBN.B. \f(BIHMAC_Init()\fB had this undocumented behaviour in -@@ -209,7 +218,7 @@ must have space for the hash function output. - \&\fIHMAC_CTX_cleanup()\fR do not return values. - .SH "CONFORMING TO" - .IX Header "CONFORMING TO" --\&\s-1RFC\s0 2104 -+\&\s-1RFC 2104\s0 - .SH "SEE ALSO" - .IX Header "SEE ALSO" - \&\fIsha\fR\|(3), \fIevp\fR\|(3) -Index: secure/lib/libcrypto/man/lh_stats.3 -=================================================================== ---- secure/lib/libcrypto/man/lh_stats.3 (revision 279126) -+++ secure/lib/libcrypto/man/lh_stats.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "lh_stats 3" --.TH lh_stats 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH lh_stats 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/lhash.3 -=================================================================== ---- secure/lib/libcrypto/man/lhash.3 (revision 279126) -+++ secure/lib/libcrypto/man/lhash.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "lhash 3" --.TH lhash 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH lhash 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -354,7 +363,7 @@ the wrapper functions without \*(L"const\*(R" type - Callers that only have \*(L"const\*(R" access to data they're indexing in a - table, yet declare callbacks without constant types (or cast the - \&\*(L"const\*(R" away themselves), are therefore creating their own risks/bugs --without being encouraged to do so by the \s-1API\s0. On a related note, -+without being encouraged to do so by the \s-1API. \s0 On a related note, - those auditing code should pay special attention to any instances of - DECLARE/IMPLEMENT_LHASH_DOALL_[\s-1ARG_\s0]_FN macros that provide types - without any \*(L"const\*(R" qualifiers. -@@ -419,6 +428,6 @@ The \fBlhash\fR library is available in all versio - This manpage is derived from the SSLeay documentation. - .PP - In OpenSSL 0.9.7, all lhash functions that were passed function pointers --were changed for better type safety, and the function types \s-1LHASH_COMP_FN_TYPE\s0, --\&\s-1LHASH_HASH_FN_TYPE\s0, \s-1LHASH_DOALL_FN_TYPE\s0 and \s-1LHASH_DOALL_ARG_FN_TYPE\s0 -+were changed for better type safety, and the function types \s-1LHASH_COMP_FN_TYPE, -+LHASH_HASH_FN_TYPE, LHASH_DOALL_FN_TYPE\s0 and \s-1LHASH_DOALL_ARG_FN_TYPE \s0 - became available. -Index: secure/lib/libcrypto/man/md5.3 -=================================================================== ---- secure/lib/libcrypto/man/md5.3 (revision 279126) -+++ secure/lib/libcrypto/man/md5.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "md5 3" --.TH md5 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH md5 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -169,12 +178,12 @@ MD4_Final, MD5_Init, MD5_Update, MD5_Final \- MD2, - .Ve - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" --\&\s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 are cryptographic hash functions with a 128 bit output. -+\&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are cryptographic hash functions with a 128 bit output. - .PP --\&\s-1\fIMD2\s0()\fR, \s-1\fIMD4\s0()\fR, and \s-1\fIMD5\s0()\fR compute the \s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 message digest -+\&\s-1\fIMD2\s0()\fR, \s-1\fIMD4\s0()\fR, and \s-1\fIMD5\s0()\fR compute the \s-1MD2, MD4,\s0 and \s-1MD5\s0 message digest - of the \fBn\fR bytes at \fBd\fR and place it in \fBmd\fR (which must have space - for \s-1MD2_DIGEST_LENGTH\s0 == \s-1MD4_DIGEST_LENGTH\s0 == \s-1MD5_DIGEST_LENGTH\s0 == 16 --bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest is placed in a static -+bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static - array. - .PP - The following functions may be used if the message is not completely -@@ -196,7 +205,7 @@ Applications should use the higher level functions - etc. instead of calling the hash functions directly. - .SH "NOTE" - .IX Header "NOTE" --\&\s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 are recommended only for compatibility with existing -+\&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are recommended only for compatibility with existing - applications. In new applications, \s-1SHA\-1\s0 or \s-1RIPEMD\-160\s0 should be - preferred. - .SH "RETURN VALUES" -@@ -208,7 +217,7 @@ preferred. - success, 0 otherwise. - .SH "CONFORMING TO" - .IX Header "CONFORMING TO" --\&\s-1RFC\s0 1319, \s-1RFC\s0 1320, \s-1RFC\s0 1321 -+\&\s-1RFC 1319, RFC 1320, RFC 1321\s0 - .SH "SEE ALSO" - .IX Header "SEE ALSO" - \&\fIsha\fR\|(3), \fIripemd\fR\|(3), \fIEVP_DigestInit\fR\|(3) -Index: secure/lib/libcrypto/man/mdc2.3 -=================================================================== ---- secure/lib/libcrypto/man/mdc2.3 (revision 279126) -+++ secure/lib/libcrypto/man/mdc2.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "mdc2 3" --.TH mdc2 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH mdc2 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -148,11 +157,11 @@ MDC2, MDC2_Init, MDC2_Update, MDC2_Final \- MDC2 h - .IX Header "DESCRIPTION" - \&\s-1MDC2\s0 is a method to construct hash functions with 128 bit output from - block ciphers. These functions are an implementation of \s-1MDC2\s0 with --\&\s-1DES\s0. -+\&\s-1DES.\s0 - .PP - \&\s-1\fIMDC2\s0()\fR computes the \s-1MDC2\s0 message digest of the \fBn\fR - bytes at \fBd\fR and places it in \fBmd\fR (which must have space for --\&\s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest -+\&\s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest - is placed in a static array. - .PP - The following functions may be used if the message is not completely -@@ -176,7 +185,7 @@ hash functions directly. - \&\fIMDC2_Init()\fR, \fIMDC2_Update()\fR and \fIMDC2_Final()\fR return 1 for success, 0 otherwise. - .SH "CONFORMING TO" - .IX Header "CONFORMING TO" --\&\s-1ISO/IEC\s0 10118\-2, with \s-1DES\s0 -+\&\s-1ISO/IEC 10118\-2,\s0 with \s-1DES\s0 - .SH "SEE ALSO" - .IX Header "SEE ALSO" - \&\fIsha\fR\|(3), \fIEVP_DigestInit\fR\|(3) -Index: secure/lib/libcrypto/man/pem.3 -=================================================================== ---- secure/lib/libcrypto/man/pem.3 (revision 279126) -+++ secure/lib/libcrypto/man/pem.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "pem 3" --.TH pem 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH pem 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -313,7 +322,7 @@ this sense \s-1PEM\s0 format is simply base64 enco - by header lines. - .PP - For more details about the meaning of arguments see the --\&\fB\s-1PEM\s0 \s-1FUNCTION\s0 \s-1ARGUMENTS\s0\fR section. -+\&\fB\s-1PEM FUNCTION ARGUMENTS\s0\fR section. - .PP - Each operation has four functions associated with it. For - clarity the term "\fBfoobar\fR functions" will be used to collectively -@@ -338,7 +347,7 @@ encryption is used and a PKCS#8 PrivateKeyInfo str - also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however - it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm - to use is specified in the \fBnid\fR parameter and should be the \s-1NID\s0 of the --corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 (see \s-1NOTES\s0 section). -+corresponding \s-1OBJECT IDENTIFIER \s0(see \s-1NOTES\s0 section). - .PP - The \fB\s-1PUBKEY\s0\fR functions process a public key using an \s-1EVP_PKEY\s0 - structure. The public key is encoded as a SubjectPublicKeyInfo -@@ -346,7 +355,7 @@ structure. - .PP - The \fBRSAPrivateKey\fR functions process an \s-1RSA\s0 private key using an - \&\s-1RSA\s0 structure. It handles the same formats as the \fBPrivateKey\fR --functions but an error occurs if the private key is not \s-1RSA\s0. -+functions but an error occurs if the private key is not \s-1RSA.\s0 - .PP - The \fBRSAPublicKey\fR functions process an \s-1RSA\s0 public key using an - \&\s-1RSA\s0 structure. The public key is encoded using a PKCS#1 RSAPublicKey -@@ -355,16 +364,16 @@ structure. - The \fB\s-1RSA_PUBKEY\s0\fR functions also process an \s-1RSA\s0 public key using - an \s-1RSA\s0 structure. However the public key is encoded using a - SubjectPublicKeyInfo structure and an error occurs if the public --key is not \s-1RSA\s0. -+key is not \s-1RSA.\s0 - .PP - The \fBDSAPrivateKey\fR functions process a \s-1DSA\s0 private key using a - \&\s-1DSA\s0 structure. It handles the same formats as the \fBPrivateKey\fR --functions but an error occurs if the private key is not \s-1DSA\s0. -+functions but an error occurs if the private key is not \s-1DSA.\s0 - .PP - The \fB\s-1DSA_PUBKEY\s0\fR functions process a \s-1DSA\s0 public key using - a \s-1DSA\s0 structure. The public key is encoded using a - SubjectPublicKeyInfo structure and an error occurs if the public --key is not \s-1DSA\s0. -+key is not \s-1DSA.\s0 - .PP - The \fBDSAparams\fR functions process \s-1DSA\s0 parameters using a \s-1DSA\s0 - structure. The parameters are encoded using a foobar structure. -@@ -382,8 +391,8 @@ an X509 structure. - .PP - The \fBX509_REQ\fR and \fBX509_REQ_NEW\fR functions process a PKCS#10 - certificate request using an X509_REQ structure. The \fBX509_REQ\fR --write functions use \fB\s-1CERTIFICATE\s0 \s-1REQUEST\s0\fR in the header whereas --the \fBX509_REQ_NEW\fR functions use \fB\s-1NEW\s0 \s-1CERTIFICATE\s0 \s-1REQUEST\s0\fR -+write functions use \fB\s-1CERTIFICATE REQUEST\s0\fR in the header whereas -+the \fBX509_REQ_NEW\fR functions use \fB\s-1NEW CERTIFICATE REQUEST\s0\fR - (as required by some CAs). The \fBX509_REQ\fR read functions will - handle either form so there are no \fBX509_REQ_NEW\fR read functions. - .PP -@@ -453,7 +462,7 @@ an error occurred. - .SH "EXAMPLES" - .IX Header "EXAMPLES" - Although the \s-1PEM\s0 routines take several arguments in almost all applications --most of them are set to 0 or \s-1NULL\s0. -+most of them are set to 0 or \s-1NULL.\s0 - .PP - Read a certificate in \s-1PEM\s0 format from a \s-1BIO:\s0 - .PP -@@ -598,9 +607,9 @@ byte \fBsalt\fR encoded as a set of hexadecimal di - .PP - After this is the base64 encoded encrypted data. - .PP --The encryption key is determined using \fIEVP_bytestokey()\fR, using \fBsalt\fR and an -+The encryption key is determined using \fIEVP_BytesToKey()\fR, using \fBsalt\fR and an - iteration count of 1. The \s-1IV\s0 used is the value of \fBsalt\fR and *not* the \s-1IV\s0 --returned by \fIEVP_bytestokey()\fR. -+returned by \fIEVP_BytesToKey()\fR. - .SH "BUGS" - .IX Header "BUGS" - The \s-1PEM\s0 read routines in some versions of OpenSSL will not correctly reuse -@@ -624,3 +633,6 @@ The read routines return either a pointer to the s - if an error occurred. - .PP - The write routines return 1 for success or 0 for failure. -+.SH "SEE ALSO" -+.IX Header "SEE ALSO" -+\&\fIEVP_get_cipherbyname\fR\|(3), \fIEVP_BytesToKey\fR\|(3) -Index: secure/lib/libcrypto/man/rand.3 -=================================================================== ---- secure/lib/libcrypto/man/rand.3 (revision 279126) -+++ secure/lib/libcrypto/man/rand.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "rand 3" --.TH rand 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH rand 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -163,8 +172,8 @@ rand \- pseudo\-random number generator - .Ve - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" --Since the introduction of the \s-1ENGINE\s0 \s-1API\s0, the recommended way of controlling --default implementations is by using the \s-1ENGINE\s0 \s-1API\s0 functions. The default -+Since the introduction of the \s-1ENGINE API,\s0 the recommended way of controlling -+default implementations is by using the \s-1ENGINE API\s0 functions. The default - \&\fB\s-1RAND_METHOD\s0\fR, as set by \fIRAND_set_rand_method()\fR and returned by - \&\fIRAND_get_rand_method()\fR, is only used if no \s-1ENGINE\s0 has been set as the default - \&\*(L"rand\*(R" implementation. Hence, these two functions are no longer the recommened -@@ -188,7 +197,7 @@ described in \fIRAND_add\fR\|(3). Its state can be - seeding process whenever the application is started. - .PP - \&\fIRAND_bytes\fR\|(3) describes how to obtain random data from the --\&\s-1PRNG\s0. -+\&\s-1PRNG. \s0 - .SH "INTERNALS" - .IX Header "INTERNALS" - The \fIRAND_SSLeay()\fR method implements a \s-1PRNG\s0 based on a cryptographic -@@ -197,9 +206,9 @@ hash function. - The following description of its design is based on the SSLeay - documentation: - .PP --First up I will state the things I believe I need for a good \s-1RNG\s0. -+First up I will state the things I believe I need for a good \s-1RNG.\s0 - .IP "1." 4 --A good hashing algorithm to mix things up and to convert the \s-1RNG\s0 'state' -+A good hashing algorithm to mix things up and to convert the \s-1RNG \s0'state' - to random numbers. - .IP "2." 4 - An initial source of random 'state'. -@@ -251,7 +260,7 @@ believe this system addresses points 1 (hash funct - \&\s-1SHA\-1\s0), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash - function and xor). - .PP --When bytes are extracted from the \s-1RNG\s0, the following process is used. -+When bytes are extracted from the \s-1RNG,\s0 the following process is used. - For each group of 10 bytes (or less), we do the following: - .PP - Input into the hash function the local 'md' (which is initialized from -Index: secure/lib/libcrypto/man/rc4.3 -=================================================================== ---- secure/lib/libcrypto/man/rc4.3 (revision 279126) -+++ secure/lib/libcrypto/man/rc4.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "rc4 3" --.TH rc4 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH rc4 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libcrypto/man/ripemd.3 -=================================================================== ---- secure/lib/libcrypto/man/ripemd.3 (revision 279126) -+++ secure/lib/libcrypto/man/ripemd.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ripemd 3" --.TH ripemd 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ripemd 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -152,7 +161,7 @@ RIPEMD\-160 hash function - .PP - \&\s-1\fIRIPEMD160\s0()\fR computes the \s-1RIPEMD\-160\s0 message digest of the \fBn\fR - bytes at \fBd\fR and places it in \fBmd\fR (which must have space for --\&\s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest -+\&\s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest - is placed in a static array. - .PP - The following functions may be used if the message is not completely -@@ -178,7 +187,7 @@ hash functions directly. - success, 0 otherwise. - .SH "CONFORMING TO" - .IX Header "CONFORMING TO" --\&\s-1ISO/IEC\s0 10118\-3 (draft) (??) -+\&\s-1ISO/IEC 10118\-3 \s0(draft) (??) - .SH "SEE ALSO" - .IX Header "SEE ALSO" - \&\fIsha\fR\|(3), \fIhmac\fR\|(3), \fIEVP_DigestInit\fR\|(3) -Index: secure/lib/libcrypto/man/rsa.3 -=================================================================== ---- secure/lib/libcrypto/man/rsa.3 (revision 279126) -+++ secure/lib/libcrypto/man/rsa.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "rsa 3" --.TH rsa 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH rsa 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -191,7 +200,7 @@ rsa \- RSA public key cryptosystem - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" - These functions implement \s-1RSA\s0 public key encryption and signatures --as defined in \s-1PKCS\s0 #1 v2.0 [\s-1RFC\s0 2437]. -+as defined in \s-1PKCS\s0 #1 v2.0 [\s-1RFC 2437\s0]. - .PP - The \fB\s-1RSA\s0\fR structure consists of several \s-1BIGNUM\s0 components. It can - contain public as well as private \s-1RSA\s0 keys: -@@ -228,7 +237,7 @@ structure elements directly and instead use \s-1AP - modify keys. - .SH "CONFORMING TO" - .IX Header "CONFORMING TO" --\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0 -+\&\s-1SSL, PKCS\s0 #1 v2.0 - .SH "PATENTS" - .IX Header "PATENTS" - \&\s-1RSA\s0 was covered by a \s-1US\s0 patent which expired in September 2000. -Index: secure/lib/libcrypto/man/sha.3 -=================================================================== ---- secure/lib/libcrypto/man/sha.3 (revision 279126) -+++ secure/lib/libcrypto/man/sha.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "sha 3" --.TH sha 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH sha 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -146,12 +155,12 @@ SHA1, SHA1_Init, SHA1_Update, SHA1_Final \- Secure - .Ve - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" --\&\s-1SHA\-1\s0 (Secure Hash Algorithm) is a cryptographic hash function with a -+\&\s-1SHA\-1 \s0(Secure Hash Algorithm) is a cryptographic hash function with a - 160 bit output. - .PP - \&\s-1\fISHA1\s0()\fR computes the \s-1SHA\-1\s0 message digest of the \fBn\fR - bytes at \fBd\fR and places it in \fBmd\fR (which must have space for --\&\s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest -+\&\s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest - is placed in a static array. - .PP - The following functions may be used if the message is not completely -@@ -169,7 +178,7 @@ Applications should use the higher level functions - \&\fIEVP_DigestInit\fR\|(3) - etc. instead of calling the hash functions directly. - .PP --The predecessor of \s-1SHA\-1\s0, \s-1SHA\s0, is also implemented, but it should be -+The predecessor of \s-1SHA\-1, SHA,\s0 is also implemented, but it should be - used only when backward compatibility is required. - .SH "RETURN VALUES" - .IX Header "RETURN VALUES" -@@ -178,11 +187,11 @@ used only when backward compatibility is required. - \&\fISHA1_Init()\fR, \fISHA1_Update()\fR and \fISHA1_Final()\fR return 1 for success, 0 otherwise. - .SH "CONFORMING TO" - .IX Header "CONFORMING TO" --\&\s-1SHA:\s0 \s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 \s-1PUB\s0 180 (Secure Hash -+\&\s-1SHA: US\s0 Federal Information Processing Standard \s-1FIPS PUB 180 \s0(Secure Hash - Standard), --\&\s-1SHA\-1:\s0 \s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 \s-1PUB\s0 180\-1 (Secure Hash -+\&\s-1SHA\-1: US\s0 Federal Information Processing Standard \s-1FIPS PUB 180\-1 \s0(Secure Hash - Standard), --\&\s-1ANSI\s0 X9.30 -+\&\s-1ANSI X9.30\s0 - .SH "SEE ALSO" - .IX Header "SEE ALSO" - \&\fIripemd\fR\|(3), \fIhmac\fR\|(3), \fIEVP_DigestInit\fR\|(3) -Index: secure/lib/libcrypto/man/threads.3 -=================================================================== ---- secure/lib/libcrypto/man/threads.3 (revision 279126) -+++ secure/lib/libcrypto/man/threads.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "threads 3" --.TH threads 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH threads 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -193,7 +202,7 @@ different mutex locks. It sets the \fBn\fR\-th loc - \&\fBfile\fR and \fBline\fR are the file number of the function setting the - lock. They can be useful for debugging. - .PP --id_function(void) is a function that returns a thread \s-1ID\s0, for example -+id_function(void) is a function that returns a thread \s-1ID,\s0 for example - \&\fIpthread_self()\fR if it returns an integer (see \s-1NOTES\s0 below). It isn't - needed on Windows nor on platforms where \fIgetpid()\fR returns a different - \&\s-1ID\s0 for each thread (see \s-1NOTES\s0 below). -@@ -270,7 +279,7 @@ different answers in each thread, since that may d - the program is run on, not the machine where the program is being - compiled. For instance, Red Hat 8 Linux and earlier used - LinuxThreads, whose \fIgetpid()\fR returns a different value for each --thread. Red Hat 9 Linux and later use \s-1NPTL\s0, which is -+thread. Red Hat 9 Linux and later use \s-1NPTL,\s0 which is - Posix-conformant, and has a \fIgetpid()\fR that returns the same value for - all threads in a process. A program compiled on Red Hat 8 and run on - Red Hat 9 will therefore see \fIgetpid()\fR returning the same value for -Index: secure/lib/libcrypto/man/ui.3 -=================================================================== ---- secure/lib/libcrypto/man/ui.3 (revision 279126) -+++ secure/lib/libcrypto/man/ui.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ui 3" --.TH ui 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ui 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -201,9 +210,9 @@ prompt the user for text-based information. Throu - imaginable, be it plain text prompting, through dialog boxes or from a - cell phone. - .PP --All the functions work through a context of the type \s-1UI\s0. This context -+All the functions work through a context of the type \s-1UI. \s0 This context - contains all the information needed to prompt correctly as well as a --reference to a \s-1UI_METHOD\s0, which is an ordered vector of functions that -+reference to a \s-1UI_METHOD,\s0 which is an ordered vector of functions that - carry out the actual prompting. - .PP - The first thing to do is to create a \s-1UI\s0 with \fIUI_new()\fR or \fIUI_new_method()\fR, -@@ -222,10 +231,10 @@ result with \fIUI_get0_result()\fR. - The functions are as follows: - .PP - \&\fIUI_new()\fR creates a new \s-1UI\s0 using the default \s-1UI\s0 method. When done with --this \s-1UI\s0, it should be freed using \fIUI_free()\fR. -+this \s-1UI,\s0 it should be freed using \fIUI_free()\fR. - .PP - \&\fIUI_new_method()\fR creates a new \s-1UI\s0 using the given \s-1UI\s0 method. When done with --this \s-1UI\s0, it should be freed using \fIUI_free()\fR. -+this \s-1UI,\s0 it should be freed using \fIUI_free()\fR. - .PP - \&\fIUI_OpenSSL()\fR returns the built-in \s-1UI\s0 method (note: not the default one, - since the default can be changed. See further on). This method is the -@@ -235,7 +244,7 @@ most problems when porting. - \&\fIUI_free()\fR removes a \s-1UI\s0 from memory, along with all other pieces of memory - that's connected to it, like duplicated input strings, results and others. - .PP --\&\fIUI_add_input_string()\fR and \fIUI_add_verify_string()\fR add a prompt to the \s-1UI\s0, -+\&\fIUI_add_input_string()\fR and \fIUI_add_verify_string()\fR add a prompt to the \s-1UI,\s0 - as well as flags and a result buffer and the desired minimum and maximum - sizes of the result. The given information is used to prompt for - information, for example a password, and to verify a password (i.e. having -@@ -247,7 +256,7 @@ verification will fail. - \&\fIUI_add_input_boolean()\fR adds a prompt to the \s-1UI\s0 that's supposed to be answered - in a boolean way, with a single character for yes and a different character - for no. A set of characters that can be used to cancel the prompt is given --as well. The prompt itself is really divided in two, one part being the -+as well. The prompt itself is divided in two, one part being the - descriptive text (given through the \fIprompt\fR argument) and one describing - the possible answers (given through the \fIaction_desc\fR argument). - .PP -@@ -257,10 +266,10 @@ The difference between the two is only conceptual. - there's no technical difference between them. Other methods may make a - difference between them, however. - .PP --The flags currently supported are \s-1UI_INPUT_FLAG_ECHO\s0, which is relevant for -+The flags currently supported are \s-1UI_INPUT_FLAG_ECHO,\s0 which is relevant for - \&\fIUI_add_input_string()\fR and will have the users response be echoed (when - prompting for a password, this flag should obviously not be used, and --\&\s-1UI_INPUT_FLAG_DEFAULT_PWD\s0, which means that a default password of some -+\&\s-1UI_INPUT_FLAG_DEFAULT_PWD,\s0 which means that a default password of some - sort will be used (completely depending on the application and the \s-1UI\s0 - method). - .PP -@@ -293,9 +302,9 @@ the information indexed by \fIi\fR. - and prompting and returns. - .PP - \&\fIUI_ctrl()\fR adds extra control for the application author. For now, it --understands two commands: \s-1UI_CTRL_PRINT_ERRORS\s0, which makes \fIUI_process()\fR --print the OpenSSL error stack as part of processing the \s-1UI\s0, and --\&\s-1UI_CTRL_IS_REDOABLE\s0, which returns a flag saying if the used \s-1UI\s0 can -+understands two commands: \s-1UI_CTRL_PRINT_ERRORS,\s0 which makes \fIUI_process()\fR -+print the OpenSSL error stack as part of processing the \s-1UI,\s0 and -+\&\s-1UI_CTRL_IS_REDOABLE,\s0 which returns a flag saying if the used \s-1UI\s0 can - be used again or not. - .PP - \&\fIUI_set_default_method()\fR changes the default \s-1UI\s0 method to the one given. -@@ -302,9 +311,9 @@ be used again or not. - .PP - \&\fIUI_get_default_method()\fR returns a pointer to the current default \s-1UI\s0 method. - .PP --\&\fIUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI\s0. -+\&\fIUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI.\s0 - .PP --\&\fIUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI\s0. -+\&\fIUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI.\s0 - .SH "SEE ALSO" - .IX Header "SEE ALSO" - \&\fIui_create\fR\|(3), \fIui_compat\fR\|(3) -Index: secure/lib/libcrypto/man/ui_compat.3 -=================================================================== ---- secure/lib/libcrypto/man/ui_compat.3 (revision 279126) -+++ secure/lib/libcrypto/man/ui_compat.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ui_compat 3" --.TH ui_compat 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ui_compat 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -147,7 +156,7 @@ Compatibility user interface functions - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" - The \s-1DES\s0 library contained a few routines to prompt for passwords. These --aren't necessarely dependent on \s-1DES\s0, and have therefore become part of the -+aren't necessarely dependent on \s-1DES,\s0 and have therefore become part of the - \&\s-1UI\s0 compatibility library. - .PP - \&\fIdes_read_pw()\fR writes the string specified by \fIprompt\fR to standard output -Index: secure/lib/libcrypto/man/x509.3 -=================================================================== ---- secure/lib/libcrypto/man/x509.3 (revision 279126) -+++ secure/lib/libcrypto/man/x509.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "x509 3" --.TH x509 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH x509 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -139,15 +148,15 @@ x509 \- X.509 certificate handling - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" - A X.509 certificate is a structured grouping of information about --an individual, a device, or anything one can imagine. A X.509 \s-1CRL\s0 --(certificate revocation list) is a tool to help determine if a -+an individual, a device, or anything one can imagine. A X.509 \s-1CRL -+\&\s0(certificate revocation list) is a tool to help determine if a - certificate is still valid. The exact definition of those can be --found in the X.509 document from ITU-T, or in \s-1RFC3280\s0 from \s-1PKIX\s0. -+found in the X.509 document from ITU-T, or in \s-1RFC3280\s0 from \s-1PKIX.\s0 - In OpenSSL, the type X509 is used to express such a certificate, and --the type X509_CRL is used to express a \s-1CRL\s0. -+the type X509_CRL is used to express a \s-1CRL.\s0 - .PP - A related structure is a certificate request, defined in PKCS#10 from --\&\s-1RSA\s0 Security, Inc, also reflected in \s-1RFC2896\s0. In OpenSSL, the type -+\&\s-1RSA\s0 Security, Inc, also reflected in \s-1RFC2896. \s0 In OpenSSL, the type - X509_REQ is used to express such a certificate request. - .PP - To handle some complex parts of a certificate, there are the types -@@ -155,7 +164,7 @@ X509_NAME (to express a certificate name), X509_AT - a certificate attributes), X509_EXTENSION (to express a certificate - extension) and a few more. - .PP --Finally, there's the supertype X509_INFO, which can contain a \s-1CRL\s0, a -+Finally, there's the supertype X509_INFO, which can contain a \s-1CRL,\s0 a - certificate and a corresponding private key. - .PP - \&\fBX509_\fR\fI...\fR, \fBd2i_X509_\fR\fI...\fR and \fBi2d_X509_\fR\fI...\fR handle X.509 -Index: secure/lib/libssl/Makefile.man -=================================================================== ---- secure/lib/libssl/Makefile.man (revision 279126) -+++ secure/lib/libssl/Makefile.man (working copy) -@@ -32,6 +32,7 @@ MAN+= SSL_CTX_set_session_cache_mode.3 - MAN+= SSL_CTX_set_session_id_context.3 - MAN+= SSL_CTX_set_ssl_version.3 - MAN+= SSL_CTX_set_timeout.3 -+MAN+= SSL_CTX_set_tlsext_ticket_key_cb.3 - MAN+= SSL_CTX_set_tmp_dh_callback.3 - MAN+= SSL_CTX_set_tmp_rsa_callback.3 - MAN+= SSL_CTX_set_verify.3 -Index: secure/lib/libssl/man/SSL_CIPHER_get_name.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CIPHER_get_name.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CIPHER_get_name.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CIPHER_get_name 3" --.TH SSL_CIPHER_get_name 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CIPHER_get_name 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -144,20 +153,24 @@ SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPH - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" - \&\fISSL_CIPHER_get_name()\fR returns a pointer to the name of \fBcipher\fR. If the --argument is the \s-1NULL\s0 pointer, a pointer to the constant value \*(L"\s-1NONE\s0\*(R" is -+argument is the \s-1NULL\s0 pointer, a pointer to the constant value \*(L"\s-1NONE\*(R"\s0 is - returned. - .PP - \&\fISSL_CIPHER_get_bits()\fR returns the number of secret bits used for \fBcipher\fR. If --\&\fBalg_bits\fR is not \s-1NULL\s0, it contains the number of bits processed by the --chosen algorithm. If \fBcipher\fR is \s-1NULL\s0, 0 is returned. -+\&\fBalg_bits\fR is not \s-1NULL,\s0 it contains the number of bits processed by the -+chosen algorithm. If \fBcipher\fR is \s-1NULL, 0\s0 is returned. - .PP --\&\fISSL_CIPHER_get_version()\fR returns the protocol version for \fBcipher\fR, currently --\&\*(L"SSLv2\*(R", \*(L"SSLv3\*(R", or \*(L"TLSv1\*(R". If \fBcipher\fR is \s-1NULL\s0, \*(L"(\s-1NONE\s0)\*(R" is returned. -+\&\fISSL_CIPHER_get_version()\fR returns string which indicates the \s-1SSL/TLS\s0 protocol -+version that first defined the cipher. -+This is currently \fBSSLv2\fR or \fBTLSv1/SSLv3\fR. -+In some cases it should possibly return \*(L"TLSv1.2\*(R" but does not; -+use \fISSL_CIPHER_description()\fR instead. -+If \fBcipher\fR is \s-1NULL, \*(L"\s0(\s-1NONE\s0)\*(R" is returned. - .PP - \&\fISSL_CIPHER_description()\fR returns a textual description of the cipher used - into the buffer \fBbuf\fR of length \fBlen\fR provided. \fBlen\fR must be at least - 128 bytes, otherwise a pointer to the string \*(L"Buffer too small\*(R" is --returned. If \fBbuf\fR is \s-1NULL\s0, a buffer of 128 bytes is allocated using -+returned. If \fBbuf\fR is \s-1NULL,\s0 a buffer of 128 bytes is allocated using - \&\fIOPENSSL_malloc()\fR. If the allocation fails, a pointer to the string - \&\*(L"OPENSSL_malloc Error\*(R" is returned. - .SH "NOTES" -@@ -175,7 +188,8 @@ sequence: - Textual representation of the cipher name. - .IP "<protocol version>" 4 - .IX Item "<protocol version>" --Protocol version: \fBSSLv2\fR, \fBSSLv3\fR. The TLSv1 ciphers are flagged with SSLv3. -+Protocol version: \fBSSLv2\fR, \fBSSLv3\fR, \fBTLSv1.2\fR. The TLSv1.0 ciphers are -+flagged with SSLv3. No new ciphers were added by TLSv1.1. - .IP "Kx=<key exchange>" 4 - .IX Item "Kx=<key exchange>" - Key exchange method: \fB\s-1RSA\s0\fR (for export ciphers as \fB\s-1RSA\s0(512)\fR or -@@ -207,9 +221,15 @@ Some examples for the output of \fISSL_CIPHER_desc - \& RC4\-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 - \& EXP\-RC4\-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export - .Ve -+.PP -+A comp[lete list can be retrieved by invoking the following command: -+.PP -+.Vb 1 -+\& openssl ciphers \-v ALL -+.Ve - .SH "BUGS" - .IX Header "BUGS" --If \fISSL_CIPHER_description()\fR is called with \fBcipher\fR being \s-1NULL\s0, the -+If \fISSL_CIPHER_description()\fR is called with \fBcipher\fR being \s-1NULL,\s0 the - library crashes. - .PP - If \fISSL_CIPHER_description()\fR cannot handle a built-in cipher, the according -Index: secure/lib/libssl/man/SSL_COMP_add_compression_method.3 -=================================================================== ---- secure/lib/libssl/man/SSL_COMP_add_compression_method.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_COMP_add_compression_method.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_COMP_add_compression_method 3" --.TH SSL_COMP_add_compression_method 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_COMP_add_compression_method 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -147,7 +156,7 @@ It cannot be set for specific \s-1SSL_CTX\s0 or \s - .SH "NOTES" - .IX Header "NOTES" - The \s-1TLS\s0 standard (or SSLv3) allows the integration of compression methods --into the communication. The \s-1TLS\s0 \s-1RFC\s0 does however not specify compression -+into the communication. The \s-1TLS RFC\s0 does however not specify compression - methods or their corresponding identifiers, so there is currently no compatible - way to integrate compression with unknown peers. It is therefore currently not - recommended to integrate compression into applications. Applications for -Index: secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_add_extra_chain_cert 3" --.TH SSL_CTX_add_extra_chain_cert 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_add_extra_chain_cert 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -150,6 +159,15 @@ these certificates explicitly specified. If no cha - the library will try to complete the chain from the available \s-1CA\s0 - certificates in the trusted \s-1CA\s0 storage, see - \&\fISSL_CTX_load_verify_locations\fR\|(3). -+.PP -+The \fBx509\fR certificate provided to \fISSL_CTX_add_extra_chain_cert()\fR will be freed by the library when the \fB\s-1SSL_CTX\s0\fR is destroyed. An application \fBshould not\fR free the \fBx509\fR object. -+.SH "RESTRICTIONS" -+.IX Header "RESTRICTIONS" -+Only one set of extra chain certificates can be specified per \s-1SSL_CTX\s0 -+structure. Different chains for different certificates (for example if both -+\&\s-1RSA\s0 and \s-1DSA\s0 certificates are specified by the same server) or different \s-1SSL\s0 -+structures with the same parent \s-1SSL_CTX\s0 cannot be specified using this -+function. - .SH "RETURN VALUES" - .IX Header "RETURN VALUES" - \&\fISSL_CTX_add_extra_chain_cert()\fR returns 1 on success. Check out the -Index: secure/lib/libssl/man/SSL_CTX_add_session.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_add_session.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_add_session.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_add_session 3" --.TH SSL_CTX_add_session 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_add_session 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -168,7 +177,7 @@ If a server \s-1SSL_CTX\s0 is configured with the - flag then the internal cache will not be populated automatically by new - sessions negotiated by the \s-1SSL/TLS\s0 implementation, even though the internal - cache will be searched automatically for session-resume requests (the --latter can be surpressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the -+latter can be suppressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the - application can use \fISSL_CTX_add_session()\fR directly to have full control - over the sessions that can be resumed if desired. - .SH "RETURN VALUES" -Index: secure/lib/libssl/man/SSL_CTX_ctrl.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_ctrl.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_ctrl.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_ctrl 3" --.TH SSL_CTX_ctrl 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_ctrl 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_CTX_flush_sessions.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_flush_sessions.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_flush_sessions.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_flush_sessions 3" --.TH SSL_CTX_flush_sessions 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_flush_sessions 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_CTX_free.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_free.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_free.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_free 3" --.TH SSL_CTX_free 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_free 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_get_ex_new_index 3" --.TH SSL_CTX_get_ex_new_index 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_get_ex_new_index 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_get_verify_mode 3" --.TH SSL_CTX_get_verify_mode 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_get_verify_mode 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_load_verify_locations 3" --.TH SSL_CTX_load_verify_locations 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_load_verify_locations 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -147,7 +156,7 @@ which \s-1CA\s0 certificates for verification purp - available via \fBCAfile\fR and \fBCApath\fR are trusted. - .SH "NOTES" - .IX Header "NOTES" --If \fBCAfile\fR is not \s-1NULL\s0, it points to a file of \s-1CA\s0 certificates in \s-1PEM\s0 -+If \fBCAfile\fR is not \s-1NULL,\s0 it points to a file of \s-1CA\s0 certificates in \s-1PEM\s0 - format. The file can contain several \s-1CA\s0 certificates identified by - .PP - .Vb 3 -@@ -162,7 +171,7 @@ which can be used e.g. for descriptions of the cer - The \fBCAfile\fR is processed on execution of the \fISSL_CTX_load_verify_locations()\fR - function. - .PP --If \fBCApath\fR is not \s-1NULL\s0, it points to a directory containing \s-1CA\s0 certificates -+If \fBCApath\fR is not \s-1NULL,\s0 it points to a directory containing \s-1CA\s0 certificates - in \s-1PEM\s0 format. The files each contain one \s-1CA\s0 certificate. The files are - looked up by the \s-1CA\s0 subject name hash value, which must hence be available. - If more than one \s-1CA\s0 certificate with the same name hash value exist, the -Index: secure/lib/libssl/man/SSL_CTX_new.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_new.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_new.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_new 3" --.TH SSL_CTX_new 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_CTX_sess_number.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_sess_number.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_sess_number.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_sess_number 3" --.TH SSL_CTX_sess_number 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_sess_number 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_sess_set_cache_size 3" --.TH SSL_CTX_sess_set_cache_size 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_sess_set_cache_size 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -147,7 +156,7 @@ of context \fBctx\fR to \fBt\fR. - \&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid session cache size. - .SH "NOTES" - .IX Header "NOTES" --The internal session cache size is \s-1SSL_SESSION_CACHE_MAX_SIZE_DEFAULT\s0, -+The internal session cache size is \s-1SSL_SESSION_CACHE_MAX_SIZE_DEFAULT,\s0 - currently 1024*20, so that up to 20000 sessions can be held. This size - can be modified using the \fISSL_CTX_sess_set_cache_size()\fR call. A special - case is the size 0, which is used for unlimited size. -Index: secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_sess_set_get_cb 3" --.TH SSL_CTX_sess_set_get_cb 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_sess_set_get_cb 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_CTX_sessions.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_sessions.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_sessions.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_sessions 3" --.TH SSL_CTX_sessions 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_sessions 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_CTX_set_cert_store.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_set_cert_store.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_set_cert_store.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_set_cert_store 3" --.TH SSL_CTX_set_cert_store 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_set_cert_store 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_set_cert_verify_callback 3" --.TH SSL_CTX_set_cert_verify_callback 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_set_cert_verify_callback 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -150,7 +159,7 @@ function is called. If the application does not ex - verification callback function, the built-in verification function is used. - If a verification callback \fIcallback\fR is specified via - \&\fISSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called --instead. By setting \fIcallback\fR to \s-1NULL\s0, the default behaviour is restored. -+instead. By setting \fIcallback\fR to \s-1NULL,\s0 the default behaviour is restored. - .PP - When the verification must be performed, \fIcallback\fR will be called with - the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The -Index: secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_set_cipher_list 3" --.TH SSL_CTX_set_cipher_list 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_set_cipher_list 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_set_client_CA_list 3" --.TH SSL_CTX_set_client_CA_list 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_set_client_CA_list 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -162,7 +171,7 @@ the chosen \fBssl\fR, overriding the setting valid - .SH "NOTES" - .IX Header "NOTES" - When a \s-1TLS/SSL\s0 server requests a client certificate (see --\&\fB\f(BISSL_CTX_set_verify_options()\fB\fR), it sends a list of CAs, for which -+\&\fB\f(BISSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which - it will accept certificates, to the client. - .PP - This list must explicitly be set using \fISSL_CTX_set_client_CA_list()\fR for -Index: secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_set_client_cert_cb 3" --.TH SSL_CTX_set_client_cert_cb 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_set_client_cert_cb 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -146,7 +155,7 @@ SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cer - called when a client certificate is requested by a server and no certificate - was yet set for the \s-1SSL\s0 object. - .PP --When \fB\f(BIclient_cert_cb()\fB\fR is \s-1NULL\s0, no callback function is used. -+When \fB\f(BIclient_cert_cb()\fB\fR is \s-1NULL,\s0 no callback function is used. - .PP - \&\fISSL_CTX_get_client_cert_cb()\fR returns a pointer to the currently set callback - function. -@@ -157,7 +166,7 @@ using the \fBx509\fR and \fBpkey\fR arguments and - certificate will be installed into \fBssl\fR, see the \s-1NOTES\s0 and \s-1BUGS\s0 sections. - If no certificate should be set, \*(L"0\*(R" has to be returned and no certificate - will be sent. A negative return value will suspend the handshake and the --handshake function will return immediatly. \fISSL_get_error\fR\|(3) -+handshake function will return immediately. \fISSL_get_error\fR\|(3) - will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was - suspended. The next call to the handshake function will again lead to the call - of \fIclient_cert_cb()\fR. It is the job of the \fIclient_cert_cb()\fR to store information -Index: secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_set_default_passwd_cb 3" --.TH SSL_CTX_set_default_passwd_cb 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_set_default_passwd_cb 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_set_generate_session_id 3" --.TH SSL_CTX_set_generate_session_id 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_set_generate_session_id 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_CTX_set_info_callback.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_set_info_callback.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_set_info_callback.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_set_info_callback 3" --.TH SSL_CTX_set_info_callback 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_set_info_callback 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -148,11 +157,11 @@ SSL_CTX_set_info_callback, SSL_CTX_get_info_callba - obtain state information for \s-1SSL\s0 objects created from \fBctx\fR during connection - setup and use. The setting for \fBctx\fR is overridden from the setting for - a specific \s-1SSL\s0 object, if specified. --When \fBcallback\fR is \s-1NULL\s0, not callback function is used. -+When \fBcallback\fR is \s-1NULL,\s0 not callback function is used. - .PP - \&\fISSL_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to - obtain state information for \fBssl\fR during connection setup and use. --When \fBcallback\fR is \s-1NULL\s0, the callback setting currently valid for -+When \fBcallback\fR is \s-1NULL,\s0 the callback setting currently valid for - \&\fBctx\fR is used. - .PP - \&\fISSL_CTX_get_info_callback()\fR returns a pointer to the currently set information -@@ -189,25 +198,25 @@ Callback has been called during write operation. - .IP "\s-1SSL_CB_ALERT\s0" 4 - .IX Item "SSL_CB_ALERT" - Callback has been called due to an alert being sent or received. --.IP "\s-1SSL_CB_READ_ALERT\s0 (SSL_CB_ALERT|SSL_CB_READ)" 4 --.IX Item "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)" -+.IP "\s-1SSL_CB_READ_ALERT \s0(SSL_CB_ALERT|SSL_CB_READ)" 4 -+.IX Item "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)" - .PD 0 --.IP "\s-1SSL_CB_WRITE_ALERT\s0 (SSL_CB_ALERT|SSL_CB_WRITE)" 4 --.IX Item "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)" --.IP "\s-1SSL_CB_ACCEPT_LOOP\s0 (SSL_ST_ACCEPT|SSL_CB_LOOP)" 4 --.IX Item "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)" --.IP "\s-1SSL_CB_ACCEPT_EXIT\s0 (SSL_ST_ACCEPT|SSL_CB_EXIT)" 4 --.IX Item "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)" --.IP "\s-1SSL_CB_CONNECT_LOOP\s0 (SSL_ST_CONNECT|SSL_CB_LOOP)" 4 --.IX Item "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)" --.IP "\s-1SSL_CB_CONNECT_EXIT\s0 (SSL_ST_CONNECT|SSL_CB_EXIT)" 4 --.IX Item "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)" -+.IP "\s-1SSL_CB_WRITE_ALERT \s0(SSL_CB_ALERT|SSL_CB_WRITE)" 4 -+.IX Item "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)" -+.IP "\s-1SSL_CB_ACCEPT_LOOP \s0(SSL_ST_ACCEPT|SSL_CB_LOOP)" 4 -+.IX Item "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)" -+.IP "\s-1SSL_CB_ACCEPT_EXIT \s0(SSL_ST_ACCEPT|SSL_CB_EXIT)" 4 -+.IX Item "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)" -+.IP "\s-1SSL_CB_CONNECT_LOOP \s0(SSL_ST_CONNECT|SSL_CB_LOOP)" 4 -+.IX Item "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)" -+.IP "\s-1SSL_CB_CONNECT_EXIT \s0(SSL_ST_CONNECT|SSL_CB_EXIT)" 4 -+.IX Item "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)" - .IP "\s-1SSL_CB_HANDSHAKE_START\s0" 4 - .IX Item "SSL_CB_HANDSHAKE_START" - .PD - Callback has been called because a new handshake is started. --.IP "\s-1SSL_CB_HANDSHAKE_DONE\s0 0x20" 4 --.IX Item "SSL_CB_HANDSHAKE_DONE 0x20" -+.IP "\s-1SSL_CB_HANDSHAKE_DONE \s0 0x20" 4 -+.IX Item "SSL_CB_HANDSHAKE_DONE 0x20" - Callback has been called because a handshake is finished. - .PP - The current state information can be obtained using the -@@ -223,7 +232,7 @@ The \fBret\fR information can be evaluated using t - .SH "EXAMPLES" - .IX Header "EXAMPLES" - The following example callback function prints state strings, information --about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO\s0. -+about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO.\s0 - .PP - .Vb 4 - \& void apps_ssl_info_callback(SSL *s, int where, int ret) -Index: secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_set_max_cert_list 3" --.TH SSL_CTX_set_max_cert_list 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_set_max_cert_list 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_CTX_set_mode.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_set_mode.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_set_mode.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_set_mode 3" --.TH SSL_CTX_set_mode 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_set_mode 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -175,7 +184,7 @@ non-blocking \fIwrite()\fR. - Never bother the application with retries if the transport is blocking. - If a renegotiation take place during normal operation, a - \&\fISSL_read\fR\|(3) or \fISSL_write\fR\|(3) would return --with \-1 and indicate the need to retry with \s-1SSL_ERROR_WANT_READ\s0. -+with \-1 and indicate the need to retry with \s-1SSL_ERROR_WANT_READ.\s0 - In a non-blocking environment applications must be prepared to handle - incomplete read/write operations. - In a blocking environment, applications are not always prepared to -@@ -182,6 +191,15 @@ In a blocking environment, applications are not al - deal with read/write operations returning without success report. The - flag \s-1SSL_MODE_AUTO_RETRY\s0 will cause read/write operations to only - return after the handshake and successful completion. -+.IP "\s-1SSL_MODE_SEND_FALLBACK_SCSV\s0" 4 -+.IX Item "SSL_MODE_SEND_FALLBACK_SCSV" -+Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello. -+To be set only by applications that reconnect with a downgraded protocol -+version; see draft\-ietf\-tls\-downgrade\-scsv\-00 for details. -+.Sp -+\&\s-1DO NOT ENABLE THIS\s0 if your application attempts a normal handshake. -+Only use this in explicit fallback retries, following the guidance -+in draft\-ietf\-tls\-downgrade\-scsv\-00. - .SH "RETURN VALUES" - .IX Header "RETURN VALUES" - \&\fISSL_CTX_set_mode()\fR and \fISSL_set_mode()\fR return the new mode bitmask -Index: secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_set_msg_callback 3" --.TH SSL_CTX_set_msg_callback 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_set_msg_callback 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -167,12 +176,12 @@ when a protocol message has been sent. - .IX Item "version" - The protocol version according to which the protocol message is - interpreted by the library. Currently, this is one of --\&\fB\s-1SSL2_VERSION\s0\fR, \fB\s-1SSL3_VERSION\s0\fR and \fB\s-1TLS1_VERSION\s0\fR (for \s-1SSL\s0 2.0, \s-1SSL\s0 --3.0 and \s-1TLS\s0 1.0, respectively). -+\&\fB\s-1SSL2_VERSION\s0\fR, \fB\s-1SSL3_VERSION\s0\fR and \fB\s-1TLS1_VERSION\s0\fR (for \s-1SSL 2.0, SSL -+3.0\s0 and \s-1TLS 1.0,\s0 respectively). - .IP "\fIcontent_type\fR" 4 - .IX Item "content_type" --In the case of \s-1SSL\s0 2.0, this is always \fB0\fR. In the case of \s-1SSL\s0 3.0 --or \s-1TLS\s0 1.0, this is one of the \fBContentType\fR values defined in the -+In the case of \s-1SSL 2.0,\s0 this is always \fB0\fR. In the case of \s-1SSL 3.0\s0 -+or \s-1TLS 1.0,\s0 this is one of the \fBContentType\fR values defined in the - protocol specification (\fBchange_cipher_spec(20)\fR, \fBalert(21)\fR, - \&\fBhandshake(22)\fR; but never \fBapplication_data(23)\fR because the - callback will only be called for protocol messages). -@@ -201,7 +210,7 @@ processed. - .PP - Due to automatic protocol version negotiation, \fIversion\fR is not - necessarily the protocol version used by the sender of the message: If --a \s-1TLS\s0 1.0 ClientHello message is received by an \s-1SSL\s0 3.0\-only server, -+a \s-1TLS 1.0\s0 ClientHello message is received by an \s-1SSL 3\s0.0\-only server, - \&\fIversion\fR will be \fB\s-1SSL3_VERSION\s0\fR. - .SH "SEE ALSO" - .IX Header "SEE ALSO" -Index: secure/lib/libssl/man/SSL_CTX_set_options.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_set_options.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_set_options.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_set_options 3" --.TH SSL_CTX_set_options 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_set_options 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -209,8 +218,8 @@ As of OpenSSL 0.9.8q and 1.0.0c, this option has n - \&... - .IP "\s-1SSL_OP_SAFARI_ECDHE_ECDSA_BUG\s0" 4 - .IX Item "SSL_OP_SAFARI_ECDHE_ECDSA_BUG" --Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on \s-1OS\s0 X. --\&\s-1OS\s0 X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. -+Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on \s-1OS X. -+OS X 10.8..10.8.3\s0 has broken support for ECDHE-ECDSA ciphers. - .IP "\s-1SSL_OP_SSLEAY_080_CLIENT_DH_BUG\s0" 4 - .IX Item "SSL_OP_SSLEAY_080_CLIENT_DH_BUG" - \&... -@@ -222,7 +231,7 @@ As of OpenSSL 0.9.8q and 1.0.0c, this option has n - \&... - .IP "\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0" 4 - .IX Item "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS" --Disables a countermeasure against a \s-1SSL\s0 3.0/TLS 1.0 protocol -+Disables a countermeasure against a \s-1SSL 3.0/TLS 1.0\s0 protocol - vulnerability affecting \s-1CBC\s0 ciphers, which cannot be handled by some - broken \s-1SSL\s0 implementations. This option has no effect for connections - using other ciphers. -@@ -259,15 +268,7 @@ a new \s-1DH\s0 key during each handshake but it i - temporary/ephemeral \s-1DH\s0 parameters are used. - .IP "\s-1SSL_OP_EPHEMERAL_RSA\s0" 4 - .IX Item "SSL_OP_EPHEMERAL_RSA" --Always use ephemeral (temporary) \s-1RSA\s0 key when doing \s-1RSA\s0 operations --(see \fISSL_CTX_set_tmp_rsa_callback\fR\|(3)). --According to the specifications this is only done, when a \s-1RSA\s0 key --can only be used for signature operations (namely under export ciphers --with restricted \s-1RSA\s0 keylength). By setting this option, ephemeral --\&\s-1RSA\s0 keys are always used. This option breaks compatibility with the --\&\s-1SSL/TLS\s0 specifications and may lead to interoperability problems with --clients and should therefore never be used. Ciphers with \s-1EDH\s0 (ephemeral --Diffie-Hellman) key exchange should be used instead. -+This option is no longer implemented and is treated as no op. - .IP "\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0" 4 - .IX Item "SSL_OP_CIPHER_SERVER_PREFERENCE" - When choosing a cipher, use the server's preferences instead of the client -@@ -314,16 +315,16 @@ not be used by clients or servers. - .IP "\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0" 4 - .IX Item "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION" - Allow legacy insecure renegotiation between OpenSSL and unpatched clients or --servers. See the \fB\s-1SECURE\s0 \s-1RENEGOTIATION\s0\fR section for more details. -+servers. See the \fB\s-1SECURE RENEGOTIATION\s0\fR section for more details. - .IP "\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0" 4 - .IX Item "SSL_OP_LEGACY_SERVER_CONNECT" - Allow legacy insecure renegotiation between OpenSSL and unpatched servers - \&\fBonly\fR: this option is currently set by default. See the --\&\fB\s-1SECURE\s0 \s-1RENEGOTIATION\s0\fR section for more details. -+\&\fB\s-1SECURE RENEGOTIATION\s0\fR section for more details. - .SH "SECURE RENEGOTIATION" - .IX Header "SECURE RENEGOTIATION" - OpenSSL 0.9.8m and later always attempts to use secure renegotiation as --described in \s-1RFC5746\s0. This counters the prefix attack described in -+described in \s-1RFC5746.\s0 This counters the prefix attack described in - \&\s-1CVE\-2009\-3555\s0 and elsewhere. - .PP - The deprecated and highly broken SSLv2 protocol does not support -@@ -341,7 +342,7 @@ renegotiation implementation. - Connections and renegotiation are always permitted by OpenSSL implementations. - .SS "Unpatched client and patched OpenSSL server" - .IX Subsection "Unpatched client and patched OpenSSL server" --The initial connection suceeds but client renegotiation is denied by the -+The initial connection succeeds but client renegotiation is denied by the - server with a \fBno_renegotiation\fR warning alert if \s-1TLS\s0 v1.0 is used or a fatal - \&\fBhandshake_failure\fR alert in \s-1SSL\s0 v3.0. - .PP -Index: secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_set_quiet_shutdown 3" --.TH SSL_CTX_set_quiet_shutdown 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_set_quiet_shutdown 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_set_session_cache_mode 3" --.TH SSL_CTX_set_session_cache_mode 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_set_session_cache_mode 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -207,10 +216,10 @@ As automatic lookup only applies for \s-1SSL/TLS\s - clients. - .IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0" 4 - .IX Item "SSL_SESS_CACHE_NO_INTERNAL_STORE" --Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER\s0, -+Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER,\s0 - sessions negotiated in an \s-1SSL/TLS\s0 handshake may be cached for possible reuse. - Normally a new session is added to the internal cache as well as any external --session caching (callback) that is configured for the \s-1SSL_CTX\s0. This flag will -+session caching (callback) that is configured for the \s-1SSL_CTX.\s0 This flag will - prevent sessions being stored in the internal cache (though the application can - add them manually using \fISSL_CTX_add_session\fR\|(3)). Note: - in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful -@@ -222,7 +231,7 @@ prevents these additions to the internal cache as - Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and - \&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 at the same time. - .PP --The default mode is \s-1SSL_SESS_CACHE_SERVER\s0. -+The default mode is \s-1SSL_SESS_CACHE_SERVER.\s0 - .SH "RETURN VALUES" - .IX Header "RETURN VALUES" - \&\fISSL_CTX_set_session_cache_mode()\fR returns the previously set cache mode. -Index: secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_set_session_id_context 3" --.TH SSL_CTX_set_session_id_context 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_set_session_id_context 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_set_ssl_version 3" --.TH SSL_CTX_set_ssl_version 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_set_ssl_version 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -143,12 +152,12 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_g - .Ve - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" --\&\fISSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects -+\&\fISSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL \s0\fBmethod\fR for \s-1SSL\s0 objects - newly created from this \fBctx\fR. \s-1SSL\s0 objects already created with - \&\fISSL_new\fR\|(3) are not affected, except when - \&\fISSL_clear\fR\|(3) is being called. - .PP --\&\fISSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR -+\&\fISSL_set_ssl_method()\fR sets a new \s-1TLS/SSL \s0\fBmethod\fR for a particular \fBssl\fR - object. It may be reset, when \fISSL_clear()\fR is called. - .PP - \&\fISSL_get_ssl_method()\fR returns a function pointer to the \s-1TLS/SSL\s0 method -Index: secure/lib/libssl/man/SSL_CTX_set_timeout.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_set_timeout.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_set_timeout.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_set_timeout 3" --.TH SSL_CTX_set_timeout 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_set_timeout 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 (revision 0) -+++ secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 (working copy) -@@ -0,0 +1,316 @@ -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) -+.\" -+.\" Standard preamble: -+.\" ======================================================================== -+.de Sp \" Vertical space (when we can't use .PP) -+.if t .sp .5v -+.if n .sp -+.. -+.de Vb \" Begin verbatim text -+.ft CW -+.nf -+.ne \\$1 -+.. -+.de Ve \" End verbatim text -+.ft R -+.fi -+.. -+.\" Set up some character translations and predefined strings. \*(-- will -+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -+.\" double quote, and \*(R" will give a right double quote. \*(C+ will -+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -+.\" nothing in troff, for use with C<>. -+.tr \(*W- -+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -+.ie n \{\ -+. ds -- \(*W- -+. ds PI pi -+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -+. ds L" "" -+. ds R" "" -+. ds C` "" -+. ds C' "" -+'br\} -+.el\{\ -+. ds -- \|\(em\| -+. ds PI \(*p -+. ds L" `` -+. ds R" '' -+. ds C` -+. ds C' -+'br\} -+.\" -+.\" Escape single quotes in literal strings from groff's Unicode transform. -+.ie \n(.g .ds Aq \(aq -+.el .ds Aq ' -+.\" -+.\" If the F register is turned on, we'll generate index entries on stderr for -+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -+.\" entries marked with X<> in POD. Of course, you'll have to process the -+.\" output yourself in some meaningful fashion. -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX -+.. -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" -+.. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} -+.\} -+.rr rF -+.\" -+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -+.\" Fear. Run. Save yourself. No user-serviceable parts. -+. \" fudge factors for nroff and troff -+.if n \{\ -+. ds #H 0 -+. ds #V .8m -+. ds #F .3m -+. ds #[ \f1 -+. ds #] \fP -+.\} -+.if t \{\ -+. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -+. ds #V .6m -+. ds #F 0 -+. ds #[ \& -+. ds #] \& -+.\} -+. \" simple accents for nroff and troff -+.if n \{\ -+. ds ' \& -+. ds ` \& -+. ds ^ \& -+. ds , \& -+. ds ~ ~ -+. ds / -+.\} -+.if t \{\ -+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -+.\} -+. \" troff and (daisy-wheel) nroff accents -+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -+.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -+.ds ae a\h'-(\w'a'u*4/10)'e -+.ds Ae A\h'-(\w'A'u*4/10)'E -+. \" corrections for vroff -+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -+. \" for low resolution devices (crt and lpr) -+.if \n(.H>23 .if \n(.V>19 \ -+\{\ -+. ds : e -+. ds 8 ss -+. ds o a -+. ds d- d\h'-1'\(ga -+. ds D- D\h'-1'\(hy -+. ds th \o'bp' -+. ds Th \o'LP' -+. ds ae ae -+. ds Ae AE -+.\} -+.rm #[ #] #H #V #F C -+.\" ======================================================================== -+.\" -+.IX Title "SSL_CTX_set_tlsext_ticket_key_cb 3" -+.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2015-01-08" "0.9.8zd" "OpenSSL" -+.\" For nroff, turn off justification. Always turn off hyphenation; it makes -+.\" way too many mistakes in technical documents. -+.if n .ad l -+.nh -+.SH "NAME" -+SSL_CTX_set_tlsext_ticket_key_cb \- set a callback for session ticket processing -+.SH "SYNOPSIS" -+.IX Header "SYNOPSIS" -+.Vb 1 -+\& #include <openssl/tls1.h> -+\& -+\& long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx, -+\& int (*cb)(SSL *s, unsigned char key_name[16], -+\& unsigned char iv[EVP_MAX_IV_LENGTH], -+\& EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)); -+.Ve -+.SH "DESCRIPTION" -+.IX Header "DESCRIPTION" -+\&\fISSL_CTX_set_tlsext_ticket_key_cb()\fR sets a callback fuction \fIcb\fR for handling -+session tickets for the ssl context \fIsslctx\fR. Session tickets, defined in -+\&\s-1RFC5077\s0 provide an enhanced session resumption capability where the server -+implementation is not required to maintain per session state. It only applies -+to \s-1TLS\s0 and there is no SSLv3 implementation. -+.PP -+The callback is available when the OpenSSL library was built without -+\&\fI\s-1OPENSSL_NO_TLSEXT\s0\fR being defined. -+.PP -+The callback function \fIcb\fR will be called for every client instigated \s-1TLS\s0 -+session when session ticket extension is presented in the \s-1TLS\s0 hello -+message. It is the responsibility of this function to create or retrieve the -+cryptographic parameters and to maintain their state. -+.PP -+The OpenSSL library uses your callback function to help implement a common \s-1TLS \s0 -+ticket construction state according to \s-1RFC5077\s0 Section 4 such that per session -+state is unnecessary and a small set of cryptographic variables needs to be -+maintained by the callback function implementation. -+.PP -+In order to reuse a session, a \s-1TLS\s0 client must send the a session ticket -+extension to the server. The client can only send exactly one session ticket. -+The server, through the callback function, either agrees to reuse the session -+ticket information or it starts a full \s-1TLS\s0 handshake to create a new session -+ticket. -+.PP -+Before the callback function is started \fIctx\fR and \fIhctx\fR have been -+initialised with EVP_CIPHER_CTX_init and HMAC_CTX_init respectively. -+.PP -+For new sessions tickets, when the client doesn't present a session ticket, or -+an attempted retreival of the ticket failed, or a renew option was indicated, -+the callback function will be called with \fIenc\fR equal to 1. The OpenSSL -+library expects that the function will set an arbitary \fIname\fR, initialize -+\&\fIiv\fR, and set the cipher context \fIctx\fR and the hash context \fIhctx\fR. -+.PP -+The \fIname\fR is 16 characters long and is used as a key identifier. -+.PP -+The \fIiv\fR length is the length of the \s-1IV\s0 of the corresponding cipher. The -+maximum \s-1IV\s0 length is \s-1EVP_MAX_IV_LENGTH\s0 bytes defined in \fBevp.h\fR. -+.PP -+The initialization vector \fIiv\fR should be a random value. The cipher context -+\&\fIctx\fR should use the initialisation vector \fIiv\fR. The cipher context can be -+set using EVP_EncryptInit_ex. The hmac context can be set using HMAC_Init_ex. -+.PP -+When the client presents a session ticket, the callback function with be called -+with \fIenc\fR set to 0 indicating that the \fIcb\fR function should retreive a set -+of parameters. In this case \fIname\fR and \fIiv\fR have already been parsed out of -+the session ticket. The OpenSSL library expects that the \fIname\fR will be used -+to retrieve a cryptographic parameters and that the cryptographic context -+\&\fIctx\fR will be set with the retreived parameters and the initialization vector -+\&\fIiv\fR. using a function like EVP_DecryptInit_ex. The \fIhctx\fR needs to be set -+using HMAC_Init_ex. -+.PP -+If the \fIname\fR is still valid but a renewal of the ticket is required the -+callback function should return 2. The library will call the callback again -+with an arguement of enc equal to 1 to set the new ticket. -+.PP -+The return value of the \fIcb\fR function is used by OpenSSL to determine what -+further processing will occur. The following return values have meaning: -+.IP "2" 4 -+.IX Item "2" -+This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can -+continue on those parameters. Additionally it indicates that the session -+ticket is in a renewal period and should be replaced. The OpenSSL library will -+call \fIcb\fR again with an enc argument of 1 to set the new ticket (see \s-1RFC5077 -+3.3\s0 paragraph 2). -+.IP "1" 4 -+.IX Item "1" -+This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can -+continue on those parameters. -+.IP "0" 4 -+This indicates that it was not possible to set/retrieve a session ticket and -+the \s-1SSL/TLS\s0 session will continue by by negiotationing a set of cryptographic -+parameters or using the alternate \s-1SSL/TLS\s0 resumption mechanism, session ids. -+.Sp -+If called with enc equal to 0 the library will call the \fIcb\fR again to get -+a new set of parameters. -+.IP "less than 0" 4 -+.IX Item "less than 0" -+This indicates an error. -+.SH "NOTES" -+.IX Header "NOTES" -+Session resumption shortcuts the \s-1TLS\s0 so that the client certificate -+negiotation don't occur. It makes up for this by storing client certificate -+an all other negotiated state information encrypted within the ticket. In a -+resumed session the applications will have all this state information available -+exactly as if a full negiotation had occured. -+.PP -+If an attacker can obtain the key used to encrypt a session ticket, they can -+obtain the master secret for any ticket using that key and decrypt any traffic -+using that session: even if the ciphersuite supports forward secrecy. As -+a result applications may wish to use multiple keys and avoid using long term -+keys stored in files. -+.PP -+Applications can use longer keys to maintain a consistent level of security. -+For example if a ciphersuite uses 256 bit ciphers but only a 128 bit ticket key -+the overall security is only 128 bits because breaking the ticket key will -+enable an attacker to obtain the session keys. -+.SH "EXAMPLES" -+.IX Header "EXAMPLES" -+Reference Implemention: -+ SSL_CTX_set_tlsext_ticket_key_cb(\s-1SSL\s0,ssl_tlsext_ticket_key_cb); -+ .... -+.PP -+.Vb 6 -+\& static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) -+\& { -+\& if (enc) { /* create new session */ -+\& if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) ) { -+\& return \-1; /* insufficient random */ -+\& } -+\& -+\& key = currentkey(); /* something that you need to implement */ -+\& if ( !key ) { -+\& /* current key doesn\*(Aqt exist or isn\*(Aqt valid */ -+\& key = createkey(); /* something that you need to implement. -+\& * createkey needs to initialise, a name, -+\& * an aes_key, a hmac_key and optionally -+\& * an expire time. */ -+\& if ( !key ) { /* key couldn\*(Aqt be created */ -+\& return 0; -+\& } -+\& } -+\& memcpy(key_name, key\->name, 16); -+\& -+\& EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv); -+\& HMAC_Init_ex(&hctx, key\->hmac_key, 16, EVP_sha256(), NULL); -+\& -+\& return 1; -+\& -+\& } else { /* retrieve session */ -+\& key = findkey(name); -+\& -+\& if (!key || key\->expire < now() ) { -+\& return 0; -+\& } -+\& -+\& HMAC_Init_ex(&hctx, key\->hmac_key, 16, EVP_sha256(), NULL); -+\& EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv ); -+\& -+\& if (key\->expire < ( now() \- RENEW_TIME ) ) { -+\& /* return 2 \- this session will get a new ticket even though the current is still valid */ -+\& return 2; -+\& } -+\& return 1; -+\& -+\& } -+\& } -+.Ve -+.SH "RETURN VALUES" -+.IX Header "RETURN VALUES" -+returns 0 to indicate the callback function was set. -+.SH "SEE ALSO" -+.IX Header "SEE ALSO" -+\&\fIssl\fR\|(3), \fISSL_set_session\fR\|(3), -+\&\fISSL_session_reused\fR\|(3), -+\&\fISSL_CTX_add_session\fR\|(3), -+\&\fISSL_CTX_sess_number\fR\|(3), -+\&\fISSL_CTX_sess_set_get_cb\fR\|(3), -+\&\fISSL_CTX_set_session_id_context\fR\|(3), -+.SH "HISTORY" -+.IX Header "HISTORY" -+This function was introduced in OpenSSL 0.9.8h -Index: secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_set_tmp_dh_callback 3" --.TH SSL_CTX_set_tmp_dh_callback 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_set_tmp_dh_callback 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -140,11 +149,9 @@ SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, S - \& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); - \& long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh); - \& --\& void SSL_set_tmp_dh_callback(SSL_CTX *ctx, -+\& void SSL_set_tmp_dh_callback(SSL *ctx, - \& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); - \& long SSL_set_tmp_dh(SSL *ssl, DH *dh) --\& --\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); - .Ve - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" -@@ -208,7 +215,7 @@ instead (see \fIdhparam\fR\|(1)), but in this case - is mandatory. - .PP - Application authors may compile in \s-1DH\s0 parameters. Files dh512.pem, --dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current -+dh1024.pem, dh2048.pem, and dh4096.pem in the 'apps' directory of current - version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters, - which use safe primes and were generated verifiably pseudo-randomly. - These files can be converted into C code using the \fB\-C\fR option of the -Index: secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_set_tmp_rsa_callback 3" --.TH SSL_CTX_set_tmp_rsa_callback 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_set_tmp_rsa_callback 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -197,26 +206,19 @@ the \s-1TLS\s0 standard, when the \s-1RSA\s0 key c - for export ciphers. Using ephemeral \s-1RSA\s0 key exchange for other purposes - violates the standard and can break interoperability with clients. - It is therefore strongly recommended to not use ephemeral \s-1RSA\s0 key --exchange and use \s-1EDH\s0 (Ephemeral Diffie-Hellman) key exchange instead -+exchange and use \s-1EDH \s0(Ephemeral Diffie-Hellman) key exchange instead - in order to achieve forward secrecy (see - \&\fISSL_CTX_set_tmp_dh_callback\fR\|(3)). - .PP --On OpenSSL servers ephemeral \s-1RSA\s0 key exchange is therefore disabled by default --and must be explicitly enabled using the \s-1SSL_OP_EPHEMERAL_RSA\s0 option of --\&\fISSL_CTX_set_options\fR\|(3), violating the \s-1TLS/SSL\s0 --standard. When ephemeral \s-1RSA\s0 key exchange is required for export ciphers, --it will automatically be used without this option! -+An application may either directly specify the key or can supply the key via a -+callback function. The callback approach has the advantage, that the callback -+may generate the key only in case it is actually needed. As the generation of a -+\&\s-1RSA\s0 key is however costly, it will lead to a significant delay in the handshake -+procedure. Another advantage of the callback function is that it can supply -+keys of different size while the explicit setting of the key is only useful for -+key size of 512 bits to satisfy the export restricted ciphers and does give -+away key length if a longer key would be allowed. - .PP --An application may either directly specify the key or can supply the key via --a callback function. The callback approach has the advantage, that the --callback may generate the key only in case it is actually needed. As the --generation of a \s-1RSA\s0 key is however costly, it will lead to a significant --delay in the handshake procedure. Another advantage of the callback function --is that it can supply keys of different size (e.g. for \s-1SSL_OP_EPHEMERAL_RSA\s0 --usage) while the explicit setting of the key is only useful for key size of --512 bits to satisfy the export restricted ciphers and does give away key length --if a longer key would be allowed. --.PP - The \fBtmp_rsa_callback\fR is called with the \fBkeylength\fR needed and - the \fBis_export\fR information. The \fBis_export\fR flag is set, when the - ephemeral \s-1RSA\s0 key exchange is performed with an export cipher. -Index: secure/lib/libssl/man/SSL_CTX_set_verify.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_set_verify.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_set_verify.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_set_verify 3" --.TH SSL_CTX_set_verify 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_set_verify 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -197,7 +206,7 @@ anonymous cipher is used, \s-1SSL_VERIFY_PEER\s0 i - .IX Item "SSL_VERIFY_FAIL_IF_NO_PEER_CERT" - \&\fBServer mode:\fR if the client did not return a certificate, the \s-1TLS/SSL\s0 - handshake is immediately terminated with a \*(L"handshake failure\*(R" alert. --This flag must be used together with \s-1SSL_VERIFY_PEER\s0. -+This flag must be used together with \s-1SSL_VERIFY_PEER.\s0 - .Sp - \&\fBClient mode:\fR ignored - .IP "\s-1SSL_VERIFY_CLIENT_ONCE\s0" 4 -@@ -204,7 +213,7 @@ handshake is immediately terminated with a \*(L"ha - .IX Item "SSL_VERIFY_CLIENT_ONCE" - \&\fBServer mode:\fR only request a client certificate on the initial \s-1TLS/SSL\s0 - handshake. Do not ask for a client certificate again in case of a --renegotiation. This flag must be used together with \s-1SSL_VERIFY_PEER\s0. -+renegotiation. This flag must be used together with \s-1SSL_VERIFY_PEER.\s0 - .Sp - \&\fBClient mode:\fR ignored - .PP -@@ -228,8 +237,8 @@ certificates would not be present, most likely a - X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY will be issued. - The depth count is \*(L"level 0:peer certificate\*(R", \*(L"level 1: \s-1CA\s0 certificate\*(R", - \&\*(L"level 2: higher level \s-1CA\s0 certificate\*(R", and so on. Setting the maximum --depth to 2 allows the levels 0, 1, and 2. The default depth limit is 9, --allowing for the peer certificate and additional 9 \s-1CA\s0 certificates. -+depth to 2 allows the levels 0, 1, and 2. The default depth limit is 100, -+allowing for the peer certificate and additional 100 \s-1CA\s0 certificates. - .PP - The \fBverify_callback\fR function is used to control the behaviour when the - \&\s-1SSL_VERIFY_PEER\s0 flag is set. It must be supplied by the application and -Index: secure/lib/libssl/man/SSL_CTX_use_certificate.3 -=================================================================== ---- secure/lib/libssl/man/SSL_CTX_use_certificate.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_CTX_use_certificate.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_CTX_use_certificate 3" --.TH SSL_CTX_use_certificate 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_CTX_use_certificate 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -189,7 +198,7 @@ the memory location \fBd\fR (with length \fBlen\fR - .PP - \&\fISSL_CTX_use_certificate_file()\fR loads the first certificate stored in \fBfile\fR - into \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified --from the known types \s-1SSL_FILETYPE_PEM\s0, \s-1SSL_FILETYPE_ASN1\s0. -+from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0 - \&\fISSL_use_certificate_file()\fR loads the certificate from \fBfile\fR into \fBssl\fR. - See the \s-1NOTES\s0 section on why \fISSL_CTX_use_certificate_chain_file()\fR - should be preferred. -@@ -198,7 +207,7 @@ should be preferred. - \&\fBfile\fR into \fBctx\fR. The certificates must be in \s-1PEM\s0 format and must - be sorted starting with the subject's certificate (actual client or server - certificate), followed by intermediate \s-1CA\s0 certificates if applicable, and --ending at the highest level (root) \s-1CA\s0. -+ending at the highest level (root) \s-1CA.\s0 - There is no corresponding function working on a single \s-1SSL\s0 object. - .PP - \&\fISSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR. -@@ -220,7 +229,7 @@ key to \fBssl\fR. - .PP - \&\fISSL_CTX_use_PrivateKey_file()\fR adds the first private key found in - \&\fBfile\fR to \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified --from the known types \s-1SSL_FILETYPE_PEM\s0, \s-1SSL_FILETYPE_ASN1\s0. -+from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0 - \&\fISSL_CTX_use_RSAPrivateKey_file()\fR adds the first private \s-1RSA\s0 key found in - \&\fBfile\fR to \fBctx\fR. \fISSL_use_PrivateKey_file()\fR adds the first private key found - in \fBfile\fR to \fBssl\fR; \fISSL_use_RSAPrivateKey_file()\fR adds the first private -@@ -237,11 +246,11 @@ this \fBssl\fR, the last item added into \fBctx\fR - .IX Header "NOTES" - The internal certificate store of OpenSSL can hold two private key/certificate - pairs at a time: one key/certificate of type \s-1RSA\s0 and one key/certificate --of type \s-1DSA\s0. The certificate used depends on the cipher select, see -+of type \s-1DSA.\s0 The certificate used depends on the cipher select, see - also \fISSL_CTX_set_cipher_list\fR\|(3). - .PP - When reading certificates and private keys from file, files of type --\&\s-1SSL_FILETYPE_ASN1\s0 (also known as \fB\s-1DER\s0\fR, binary encoding) can only contain -+\&\s-1SSL_FILETYPE_ASN1 \s0(also known as \fB\s-1DER\s0\fR, binary encoding) can only contain - one certificate or private key, consequently - \&\fISSL_CTX_use_certificate_chain_file()\fR is only applicable to \s-1PEM\s0 formatting. - Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item. -Index: secure/lib/libssl/man/SSL_SESSION_free.3 -=================================================================== ---- secure/lib/libssl/man/SSL_SESSION_free.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_SESSION_free.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_SESSION_free 3" --.TH SSL_SESSION_free 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_SESSION_free 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 -=================================================================== ---- secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_SESSION_get_ex_new_index 3" --.TH SSL_SESSION_get_ex_new_index 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_SESSION_get_ex_new_index 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_SESSION_get_time.3 -=================================================================== ---- secure/lib/libssl/man/SSL_SESSION_get_time.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_SESSION_get_time.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_SESSION_get_time 3" --.TH SSL_SESSION_get_time 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_SESSION_get_time 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_accept.3 -=================================================================== ---- secure/lib/libssl/man/SSL_accept.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_accept.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_accept 3" --.TH SSL_accept 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_accept 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -145,11 +154,11 @@ The communication channel must already have been s - \&\fBssl\fR by setting an underlying \fB\s-1BIO\s0\fR. - .SH "NOTES" - .IX Header "NOTES" --The behaviour of \fISSL_accept()\fR depends on the underlying \s-1BIO\s0. -+The behaviour of \fISSL_accept()\fR depends on the underlying \s-1BIO. \s0 - .PP - If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_accept()\fR will only return once the --handshake has been finished or an error occurred, except for \s-1SGC\s0 (Server --Gated Cryptography). For \s-1SGC\s0, \fISSL_accept()\fR may return with \-1, but -+handshake has been finished or an error occurred, except for \s-1SGC \s0(Server -+Gated Cryptography). For \s-1SGC,\s0 \fISSL_accept()\fR may return with \-1, but - \&\fISSL_get_error()\fR will yield \fB\s-1SSL_ERROR_WANT_READ/WRITE\s0\fR and \fISSL_accept()\fR - should be called again. - .PP -@@ -160,9 +169,9 @@ In this case a call to \fISSL_get_error()\fR with - return value of \fISSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or - \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after - taking appropriate action to satisfy the needs of \fISSL_accept()\fR. --The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, -+The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, - nothing is to be done, but \fIselect()\fR can be used to check for the required --condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written -+condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written - into or retrieved out of the \s-1BIO\s0 before being able to continue. - .SH "RETURN VALUES" - .IX Header "RETURN VALUES" -Index: secure/lib/libssl/man/SSL_alert_type_string.3 -=================================================================== ---- secure/lib/libssl/man/SSL_alert_type_string.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_alert_type_string.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_alert_type_string 3" --.TH SSL_alert_type_string 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_alert_type_string 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -171,7 +180,7 @@ receiving side may cancel the connection on recept - alert on it discretion. - .PP - Several alert messages must be sent as fatal alert messages as specified --by the \s-1TLS\s0 \s-1RFC\s0. A fatal alert always leads to a connection abort. -+by the \s-1TLS RFC. A\s0 fatal alert always leads to a connection abort. - .SH "RETURN VALUES" - .IX Header "RETURN VALUES" - The following strings can occur for \fISSL_alert_type_string()\fR or -@@ -192,131 +201,131 @@ Probably \fBvalue\fR does not contain a correct al - .PP - The following strings can occur for \fISSL_alert_desc_string()\fR or - \&\fISSL_alert_desc_string_long()\fR: --.ie n .IP """\s-1CN\s0""/""close notify""" 4 --.el .IP "``\s-1CN\s0''/``close notify''" 4 -+.ie n .IP """\s-1CN""/\s0""close notify""" 4 -+.el .IP "``\s-1CN''/\s0``close notify''" 4 - .IX Item "CN/close notify" - The connection shall be closed. This is a warning alert. --.ie n .IP """\s-1UM\s0""/""unexpected message""" 4 --.el .IP "``\s-1UM\s0''/``unexpected message''" 4 -+.ie n .IP """\s-1UM""/\s0""unexpected message""" 4 -+.el .IP "``\s-1UM''/\s0``unexpected message''" 4 - .IX Item "UM/unexpected message" - An inappropriate message was received. This alert is always fatal - and should never be observed in communication between proper - implementations. --.ie n .IP """\s-1BM\s0""/""bad record mac""" 4 --.el .IP "``\s-1BM\s0''/``bad record mac''" 4 -+.ie n .IP """\s-1BM""/\s0""bad record mac""" 4 -+.el .IP "``\s-1BM''/\s0``bad record mac''" 4 - .IX Item "BM/bad record mac" - This alert is returned if a record is received with an incorrect --\&\s-1MAC\s0. This message is always fatal. --.ie n .IP """\s-1DF\s0""/""decompression failure""" 4 --.el .IP "``\s-1DF\s0''/``decompression failure''" 4 -+\&\s-1MAC.\s0 This message is always fatal. -+.ie n .IP """\s-1DF""/\s0""decompression failure""" 4 -+.el .IP "``\s-1DF''/\s0``decompression failure''" 4 - .IX Item "DF/decompression failure" - The decompression function received improper input (e.g. data - that would expand to excessive length). This message is always - fatal. --.ie n .IP """\s-1HF\s0""/""handshake failure""" 4 --.el .IP "``\s-1HF\s0''/``handshake failure''" 4 -+.ie n .IP """\s-1HF""/\s0""handshake failure""" 4 -+.el .IP "``\s-1HF''/\s0``handshake failure''" 4 - .IX Item "HF/handshake failure" - Reception of a handshake_failure alert message indicates that the - sender was unable to negotiate an acceptable set of security - parameters given the options available. This is a fatal error. --.ie n .IP """\s-1NC\s0""/""no certificate""" 4 --.el .IP "``\s-1NC\s0''/``no certificate''" 4 -+.ie n .IP """\s-1NC""/\s0""no certificate""" 4 -+.el .IP "``\s-1NC''/\s0``no certificate''" 4 - .IX Item "NC/no certificate" - A client, that was asked to send a certificate, does not send a certificate - (SSLv3 only). --.ie n .IP """\s-1BC\s0""/""bad certificate""" 4 --.el .IP "``\s-1BC\s0''/``bad certificate''" 4 -+.ie n .IP """\s-1BC""/\s0""bad certificate""" 4 -+.el .IP "``\s-1BC''/\s0``bad certificate''" 4 - .IX Item "BC/bad certificate" - A certificate was corrupt, contained signatures that did not - verify correctly, etc --.ie n .IP """\s-1UC\s0""/""unsupported certificate""" 4 --.el .IP "``\s-1UC\s0''/``unsupported certificate''" 4 -+.ie n .IP """\s-1UC""/\s0""unsupported certificate""" 4 -+.el .IP "``\s-1UC''/\s0``unsupported certificate''" 4 - .IX Item "UC/unsupported certificate" - A certificate was of an unsupported type. --.ie n .IP """\s-1CR\s0""/""certificate revoked""" 4 --.el .IP "``\s-1CR\s0''/``certificate revoked''" 4 -+.ie n .IP """\s-1CR""/\s0""certificate revoked""" 4 -+.el .IP "``\s-1CR''/\s0``certificate revoked''" 4 - .IX Item "CR/certificate revoked" - A certificate was revoked by its signer. --.ie n .IP """\s-1CE\s0""/""certificate expired""" 4 --.el .IP "``\s-1CE\s0''/``certificate expired''" 4 -+.ie n .IP """\s-1CE""/\s0""certificate expired""" 4 -+.el .IP "``\s-1CE''/\s0``certificate expired''" 4 - .IX Item "CE/certificate expired" - A certificate has expired or is not currently valid. --.ie n .IP """\s-1CU\s0""/""certificate unknown""" 4 --.el .IP "``\s-1CU\s0''/``certificate unknown''" 4 -+.ie n .IP """\s-1CU""/\s0""certificate unknown""" 4 -+.el .IP "``\s-1CU''/\s0``certificate unknown''" 4 - .IX Item "CU/certificate unknown" - Some other (unspecified) issue arose in processing the - certificate, rendering it unacceptable. --.ie n .IP """\s-1IP\s0""/""illegal parameter""" 4 --.el .IP "``\s-1IP\s0''/``illegal parameter''" 4 -+.ie n .IP """\s-1IP""/\s0""illegal parameter""" 4 -+.el .IP "``\s-1IP''/\s0``illegal parameter''" 4 - .IX Item "IP/illegal parameter" - A field in the handshake was out of range or inconsistent with - other fields. This is always fatal. --.ie n .IP """\s-1DC\s0""/""decryption failed""" 4 --.el .IP "``\s-1DC\s0''/``decryption failed''" 4 -+.ie n .IP """\s-1DC""/\s0""decryption failed""" 4 -+.el .IP "``\s-1DC''/\s0``decryption failed''" 4 - .IX Item "DC/decryption failed" - A TLSCiphertext decrypted in an invalid way: either it wasn't an - even multiple of the block length or its padding values, when - checked, weren't correct. This message is always fatal. --.ie n .IP """\s-1RO\s0""/""record overflow""" 4 --.el .IP "``\s-1RO\s0''/``record overflow''" 4 -+.ie n .IP """\s-1RO""/\s0""record overflow""" 4 -+.el .IP "``\s-1RO''/\s0``record overflow''" 4 - .IX Item "RO/record overflow" - A TLSCiphertext record was received which had a length more than - 2^14+2048 bytes, or a record decrypted to a TLSCompressed record - with more than 2^14+1024 bytes. This message is always fatal. --.ie n .IP """\s-1CA\s0""/""unknown \s-1CA\s0""" 4 --.el .IP "``\s-1CA\s0''/``unknown \s-1CA\s0''" 4 -+.ie n .IP """\s-1CA""/\s0""unknown \s-1CA""\s0" 4 -+.el .IP "``\s-1CA''/\s0``unknown \s-1CA''\s0" 4 - .IX Item "CA/unknown CA" - A valid certificate chain or partial chain was received, but the - certificate was not accepted because the \s-1CA\s0 certificate could not --be located or couldn't be matched with a known, trusted \s-1CA\s0. This -+be located or couldn't be matched with a known, trusted \s-1CA. \s0 This - message is always fatal. --.ie n .IP """\s-1AD\s0""/""access denied""" 4 --.el .IP "``\s-1AD\s0''/``access denied''" 4 -+.ie n .IP """\s-1AD""/\s0""access denied""" 4 -+.el .IP "``\s-1AD''/\s0``access denied''" 4 - .IX Item "AD/access denied" - A valid certificate was received, but when access control was - applied, the sender decided not to proceed with negotiation. - This message is always fatal. --.ie n .IP """\s-1DE\s0""/""decode error""" 4 --.el .IP "``\s-1DE\s0''/``decode error''" 4 -+.ie n .IP """\s-1DE""/\s0""decode error""" 4 -+.el .IP "``\s-1DE''/\s0``decode error''" 4 - .IX Item "DE/decode error" - A message could not be decoded because some field was out of the - specified range or the length of the message was incorrect. This - message is always fatal. --.ie n .IP """\s-1CY\s0""/""decrypt error""" 4 --.el .IP "``\s-1CY\s0''/``decrypt error''" 4 -+.ie n .IP """\s-1CY""/\s0""decrypt error""" 4 -+.el .IP "``\s-1CY''/\s0``decrypt error''" 4 - .IX Item "CY/decrypt error" - A handshake cryptographic operation failed, including being - unable to correctly verify a signature, decrypt a key exchange, - or validate a finished message. --.ie n .IP """\s-1ER\s0""/""export restriction""" 4 --.el .IP "``\s-1ER\s0''/``export restriction''" 4 -+.ie n .IP """\s-1ER""/\s0""export restriction""" 4 -+.el .IP "``\s-1ER''/\s0``export restriction''" 4 - .IX Item "ER/export restriction" - A negotiation not in compliance with export restrictions was - detected; for example, attempting to transfer a 1024 bit - ephemeral \s-1RSA\s0 key for the \s-1RSA_EXPORT\s0 handshake method. This - message is always fatal. --.ie n .IP """\s-1PV\s0""/""protocol version""" 4 --.el .IP "``\s-1PV\s0''/``protocol version''" 4 -+.ie n .IP """\s-1PV""/\s0""protocol version""" 4 -+.el .IP "``\s-1PV''/\s0``protocol version''" 4 - .IX Item "PV/protocol version" - The protocol version the client has attempted to negotiate is - recognized, but not supported. (For example, old protocol - versions might be avoided for security reasons). This message is - always fatal. --.ie n .IP """\s-1IS\s0""/""insufficient security""" 4 --.el .IP "``\s-1IS\s0''/``insufficient security''" 4 -+.ie n .IP """\s-1IS""/\s0""insufficient security""" 4 -+.el .IP "``\s-1IS''/\s0``insufficient security''" 4 - .IX Item "IS/insufficient security" - Returned instead of handshake_failure when a negotiation has - failed specifically because the server requires ciphers more - secure than those supported by the client. This message is always - fatal. --.ie n .IP """\s-1IE\s0""/""internal error""" 4 --.el .IP "``\s-1IE\s0''/``internal error''" 4 -+.ie n .IP """\s-1IE""/\s0""internal error""" 4 -+.el .IP "``\s-1IE''/\s0``internal error''" 4 - .IX Item "IE/internal error" - An internal error unrelated to the peer or the correctness of the - protocol makes it impossible to continue (such as a memory - allocation failure). This message is always fatal. --.ie n .IP """\s-1US\s0""/""user canceled""" 4 --.el .IP "``\s-1US\s0''/``user canceled''" 4 -+.ie n .IP """\s-1US""/\s0""user canceled""" 4 -+.el .IP "``\s-1US''/\s0``user canceled''" 4 - .IX Item "US/user canceled" - This handshake is being canceled for some reason unrelated to a - protocol failure. If the user cancels an operation after the -@@ -323,8 +332,8 @@ protocol failure. If the user cancels an operation - handshake is complete, just closing the connection by sending a - close_notify is more appropriate. This alert should be followed - by a close_notify. This message is generally a warning. --.ie n .IP """\s-1NR\s0""/""no renegotiation""" 4 --.el .IP "``\s-1NR\s0''/``no renegotiation''" 4 -+.ie n .IP """\s-1NR""/\s0""no renegotiation""" 4 -+.el .IP "``\s-1NR''/\s0``no renegotiation''" 4 - .IX Item "NR/no renegotiation" - Sent by the client in response to a hello request or by the - server in response to a client hello after initial handshaking. -@@ -337,8 +346,8 @@ satisfy a request; the process might receive secur - (key length, authentication, etc.) at startup and it might be - difficult to communicate changes to these parameters after that - point. This message is always a warning. --.ie n .IP """\s-1UK\s0""/""unknown""" 4 --.el .IP "``\s-1UK\s0''/``unknown''" 4 -+.ie n .IP """\s-1UK""/\s0""unknown""" 4 -+.el .IP "``\s-1UK''/\s0``unknown''" 4 - .IX Item "UK/unknown" - This indicates that no description is available for this alert type. - Probably \fBvalue\fR does not contain a correct alert message. -Index: secure/lib/libssl/man/SSL_clear.3 -=================================================================== ---- secure/lib/libssl/man/SSL_clear.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_clear.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_clear 3" --.TH SSL_clear 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_clear 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -147,7 +156,7 @@ BIOs) are kept. - SSL_clear is used to prepare an \s-1SSL\s0 object for a new connection. While all - settings are kept, a side effect is the handling of the current \s-1SSL\s0 session. - If a session is still \fBopen\fR, it is considered bad and will be removed --from the session cache, as required by \s-1RFC2246\s0. A session is considered open, -+from the session cache, as required by \s-1RFC2246. A\s0 session is considered open, - if \fISSL_shutdown\fR\|(3) was not called for the connection - or at least \fISSL_set_shutdown\fR\|(3) was used to - set the \s-1SSL_SENT_SHUTDOWN\s0 state. -Index: secure/lib/libssl/man/SSL_connect.3 -=================================================================== ---- secure/lib/libssl/man/SSL_connect.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_connect.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_connect 3" --.TH SSL_connect 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_connect 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -145,7 +154,7 @@ channel must already have been set and assigned to - underlying \fB\s-1BIO\s0\fR. - .SH "NOTES" - .IX Header "NOTES" --The behaviour of \fISSL_connect()\fR depends on the underlying \s-1BIO\s0. -+The behaviour of \fISSL_connect()\fR depends on the underlying \s-1BIO. \s0 - .PP - If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_connect()\fR will only return once the - handshake has been finished or an error occurred. -@@ -157,9 +166,9 @@ In this case a call to \fISSL_get_error()\fR with - return value of \fISSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or - \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after - taking appropriate action to satisfy the needs of \fISSL_connect()\fR. --The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, -+The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, - nothing is to be done, but \fIselect()\fR can be used to check for the required --condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written -+condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written - into or retrieved out of the \s-1BIO\s0 before being able to continue. - .SH "RETURN VALUES" - .IX Header "RETURN VALUES" -Index: secure/lib/libssl/man/SSL_do_handshake.3 -=================================================================== ---- secure/lib/libssl/man/SSL_do_handshake.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_do_handshake.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_do_handshake 3" --.TH SSL_do_handshake 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_do_handshake 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -147,11 +156,11 @@ routines may have to be explicitly set in advance - \&\fISSL_set_accept_state\fR\|(3). - .SH "NOTES" - .IX Header "NOTES" --The behaviour of \fISSL_do_handshake()\fR depends on the underlying \s-1BIO\s0. -+The behaviour of \fISSL_do_handshake()\fR depends on the underlying \s-1BIO.\s0 - .PP - If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_do_handshake()\fR will only return --once the handshake has been finished or an error occurred, except for \s-1SGC\s0 --(Server Gated Cryptography). For \s-1SGC\s0, \fISSL_do_handshake()\fR may return with \-1, -+once the handshake has been finished or an error occurred, except for \s-1SGC -+\&\s0(Server Gated Cryptography). For \s-1SGC,\s0 \fISSL_do_handshake()\fR may return with \-1, - but \fISSL_get_error()\fR will yield \fB\s-1SSL_ERROR_WANT_READ/WRITE\s0\fR and - \&\fISSL_do_handshake()\fR should be called again. - .PP -@@ -161,9 +170,9 @@ to continue the handshake. In this case a call to - return value of \fISSL_do_handshake()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or - \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after - taking appropriate action to satisfy the needs of \fISSL_do_handshake()\fR. --The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, -+The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, - nothing is to be done, but \fIselect()\fR can be used to check for the required --condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written -+condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written - into or retrieved out of the \s-1BIO\s0 before being able to continue. - .SH "RETURN VALUES" - .IX Header "RETURN VALUES" -Index: secure/lib/libssl/man/SSL_free.3 -=================================================================== ---- secure/lib/libssl/man/SSL_free.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_free.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_free 3" --.TH SSL_free 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_free 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -146,7 +155,7 @@ reference count has reached 0. - .SH "NOTES" - .IX Header "NOTES" - \&\fISSL_free()\fR also calls the \fIfree()\fRing procedures for indirectly affected items, if --applicable: the buffering \s-1BIO\s0, the read and write BIOs, -+applicable: the buffering \s-1BIO,\s0 the read and write BIOs, - cipher lists specially created for this \fBssl\fR, the \fB\s-1SSL_SESSION\s0\fR. - Do not explicitly free these indirectly freed up items before or after - calling \fISSL_free()\fR, as trying to free things twice may lead to program -@@ -158,7 +167,7 @@ session cache. If the session is considered bad, b - \&\fISSL_shutdown\fR\|(3) was not called for the connection - and \fISSL_set_shutdown\fR\|(3) was not used to set the - \&\s-1SSL_SENT_SHUTDOWN\s0 state, the session will also be removed --from the session cache as required by \s-1RFC2246\s0. -+from the session cache as required by \s-1RFC2246.\s0 - .SH "RETURN VALUES" - .IX Header "RETURN VALUES" - \&\fISSL_free()\fR does not provide diagnostic information. -Index: secure/lib/libssl/man/SSL_get_SSL_CTX.3 -=================================================================== ---- secure/lib/libssl/man/SSL_get_SSL_CTX.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_get_SSL_CTX.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_get_SSL_CTX 3" --.TH SSL_get_SSL_CTX 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_get_SSL_CTX 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_get_ciphers.3 -=================================================================== ---- secure/lib/libssl/man/SSL_get_ciphers.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_get_ciphers.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_get_ciphers 3" --.TH SSL_get_ciphers 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_get_ciphers 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -146,7 +155,7 @@ sorted by preference. If \fBssl\fR is \s-1NULL\s0 - is returned. - .PP - \&\fISSL_get_cipher_list()\fR returns a pointer to the name of the \s-1SSL_CIPHER\s0 --listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL\s0, no ciphers are -+listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL,\s0 no ciphers are - available, or there are less ciphers than \fBpriority\fR available, \s-1NULL\s0 - is returned. - .SH "NOTES" -Index: secure/lib/libssl/man/SSL_get_client_CA_list.3 -=================================================================== ---- secure/lib/libssl/man/SSL_get_client_CA_list.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_get_client_CA_list.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_get_client_CA_list 3" --.TH SSL_get_client_CA_list 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_get_client_CA_list 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_get_current_cipher.3 -=================================================================== ---- secure/lib/libssl/man/SSL_get_current_cipher.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_get_current_cipher.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_get_current_cipher 3" --.TH SSL_get_current_cipher 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_get_current_cipher 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -160,7 +169,7 @@ macro to obtain the number of secret/algorithm bit - See \fISSL_CIPHER_get_name\fR\|(3) for more details. - .SH "RETURN VALUES" - .IX Header "RETURN VALUES" --\&\fISSL_get_current_cipher()\fR returns the cipher actually used or \s-1NULL\s0, when -+\&\fISSL_get_current_cipher()\fR returns the cipher actually used or \s-1NULL,\s0 when - no session has been established. - .SH "SEE ALSO" - .IX Header "SEE ALSO" -Index: secure/lib/libssl/man/SSL_get_default_timeout.3 -=================================================================== ---- secure/lib/libssl/man/SSL_get_default_timeout.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_get_default_timeout.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_get_default_timeout 3" --.TH SSL_get_default_timeout 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_get_default_timeout 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_get_error.3 -=================================================================== ---- secure/lib/libssl/man/SSL_get_error.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_get_error.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_get_error 3" --.TH SSL_get_error 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_get_error 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -143,14 +152,14 @@ SSL_get_error \- obtain result code for TLS/SSL I/ - \&\fISSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R" - statement) for a preceding call to \fISSL_connect()\fR, \fISSL_accept()\fR, \fISSL_do_handshake()\fR, - \&\fISSL_read()\fR, \fISSL_peek()\fR, or \fISSL_write()\fR on \fBssl\fR. The value returned by --that \s-1TLS/SSL\s0 I/O function must be passed to \fISSL_get_error()\fR in parameter -+that \s-1TLS/SSL I/O\s0 function must be passed to \fISSL_get_error()\fR in parameter - \&\fBret\fR. - .PP - In addition to \fBssl\fR and \fBret\fR, \fISSL_get_error()\fR inspects the - current thread's OpenSSL error queue. Thus, \fISSL_get_error()\fR must be --used in the same thread that performed the \s-1TLS/SSL\s0 I/O operation, and no -+used in the same thread that performed the \s-1TLS/SSL I/O\s0 operation, and no - other OpenSSL function calls should appear in between. The current --thread's error queue must be empty before the \s-1TLS/SSL\s0 I/O operation is -+thread's error queue must be empty before the \s-1TLS/SSL I/O\s0 operation is - attempted, or \fISSL_get_error()\fR will not work reliably. - .SH "RETURN VALUES" - .IX Header "RETURN VALUES" -@@ -157,19 +166,19 @@ attempted, or \fISSL_get_error()\fR will not work - The following return values can currently occur: - .IP "\s-1SSL_ERROR_NONE\s0" 4 - .IX Item "SSL_ERROR_NONE" --The \s-1TLS/SSL\s0 I/O operation completed. This result code is returned -+The \s-1TLS/SSL I/O\s0 operation completed. This result code is returned - if and only if \fBret > 0\fR. - .IP "\s-1SSL_ERROR_ZERO_RETURN\s0" 4 - .IX Item "SSL_ERROR_ZERO_RETURN" --The \s-1TLS/SSL\s0 connection has been closed. If the protocol version is \s-1SSL\s0 3.0 --or \s-1TLS\s0 1.0, this result code is returned only if a closure -+The \s-1TLS/SSL\s0 connection has been closed. If the protocol version is \s-1SSL 3.0\s0 -+or \s-1TLS 1.0,\s0 this result code is returned only if a closure - alert has occurred in the protocol, i.e. if the connection has been - closed cleanly. Note that in this case \fB\s-1SSL_ERROR_ZERO_RETURN\s0\fR - does not necessarily indicate that the underlying transport - has been closed. --.IP "\s-1SSL_ERROR_WANT_READ\s0, \s-1SSL_ERROR_WANT_WRITE\s0" 4 -+.IP "\s-1SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE\s0" 4 - .IX Item "SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE" --The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be -+The operation did not complete; the same \s-1TLS/SSL I/O\s0 function should be - called again later. If, by then, the underlying \fB\s-1BIO\s0\fR has data - available for reading (if the result code is \fB\s-1SSL_ERROR_WANT_READ\s0\fR) - or allows writing data (\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR), then some \s-1TLS/SSL\s0 -@@ -182,21 +191,21 @@ protocol level. - .Sp - For socket \fB\s-1BIO\s0\fRs (e.g. when \fISSL_set_fd()\fR was used), \fIselect()\fR or - \&\fIpoll()\fR on the underlying socket can be used to find out when the --\&\s-1TLS/SSL\s0 I/O function should be retried. -+\&\s-1TLS/SSL I/O\s0 function should be retried. - .Sp --Caveat: Any \s-1TLS/SSL\s0 I/O function can lead to either of -+Caveat: Any \s-1TLS/SSL I/O\s0 function can lead to either of - \&\fB\s-1SSL_ERROR_WANT_READ\s0\fR and \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. In particular, - \&\fISSL_read()\fR or \fISSL_peek()\fR may want to write data and \fISSL_write()\fR may want - to read data. This is mainly because \s-1TLS/SSL\s0 handshakes may occur at any - time during the protocol (initiated by either the client or the server); - \&\fISSL_read()\fR, \fISSL_peek()\fR, and \fISSL_write()\fR will handle any pending handshakes. --.IP "\s-1SSL_ERROR_WANT_CONNECT\s0, \s-1SSL_ERROR_WANT_ACCEPT\s0" 4 -+.IP "\s-1SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT\s0" 4 - .IX Item "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT" --The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be -+The operation did not complete; the same \s-1TLS/SSL I/O\s0 function should be - called again later. The underlying \s-1BIO\s0 was not connected yet to the peer - and the call would block in \fIconnect()\fR/\fIaccept()\fR. The \s-1SSL\s0 function should be - called again when the connection is established. These messages can only --appear with a \fIBIO_s_connect()\fR or \fIBIO_s_accept()\fR \s-1BIO\s0, respectively. -+appear with a \fIBIO_s_connect()\fR or \fIBIO_s_accept()\fR \s-1BIO,\s0 respectively. - In order to find out, when the connection has been successfully established, - on many platforms \fIselect()\fR or \fIpoll()\fR for writing on the socket file descriptor - can be used. -@@ -204,7 +213,7 @@ can be used. - .IX Item "SSL_ERROR_WANT_X509_LOOKUP" - The operation did not complete because an application callback set by - \&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again. --The \s-1TLS/SSL\s0 I/O function should be called again later. -+The \s-1TLS/SSL I/O\s0 function should be called again later. - Details depend on the application. - .IP "\s-1SSL_ERROR_SYSCALL\s0" 4 - .IX Item "SSL_ERROR_SYSCALL" -Index: secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 -=================================================================== ---- secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3" --.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_get_ex_new_index.3 -=================================================================== ---- secure/lib/libssl/man/SSL_get_ex_new_index.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_get_ex_new_index.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_get_ex_new_index 3" --.TH SSL_get_ex_new_index 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_get_ex_new_index 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_get_fd.3 -=================================================================== ---- secure/lib/libssl/man/SSL_get_fd.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_get_fd.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_get_fd 3" --.TH SSL_get_fd 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_get_fd 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_get_peer_cert_chain.3 -=================================================================== ---- secure/lib/libssl/man/SSL_get_peer_cert_chain.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_get_peer_cert_chain.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_get_peer_cert_chain 3" --.TH SSL_get_peer_cert_chain 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_get_peer_cert_chain 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_get_peer_certificate.3 -=================================================================== ---- secure/lib/libssl/man/SSL_get_peer_certificate.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_get_peer_certificate.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_get_peer_certificate 3" --.TH SSL_get_peer_certificate 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_get_peer_certificate 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_get_rbio.3 -=================================================================== ---- secure/lib/libssl/man/SSL_get_rbio.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_get_rbio.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_get_rbio 3" --.TH SSL_get_rbio 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_get_rbio 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_get_session.3 -=================================================================== ---- secure/lib/libssl/man/SSL_get_session.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_get_session.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_get_session 3" --.TH SSL_get_session 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_get_session 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_get_verify_result.3 -=================================================================== ---- secure/lib/libssl/man/SSL_get_verify_result.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_get_verify_result.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_get_verify_result 3" --.TH SSL_get_verify_result 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_get_verify_result 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_get_version.3 -=================================================================== ---- secure/lib/libssl/man/SSL_get_version.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_get_version.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_get_version 3" --.TH SSL_get_version 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_get_version 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -140,11 +149,11 @@ SSL_get_version \- get the protocol version of a c - .Ve - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" --\&\fISSL_get_cipher_version()\fR returns the name of the protocol used for the -+\&\fISSL_get_version()\fR returns the name of the protocol used for the - connection \fBssl\fR. - .SH "RETURN VALUES" - .IX Header "RETURN VALUES" --The following strings can occur: -+The following strings can be returned: - .IP "SSLv2" 4 - .IX Item "SSLv2" - The connection uses the SSLv2 protocol. -@@ -153,7 +162,13 @@ The connection uses the SSLv2 protocol. - The connection uses the SSLv3 protocol. - .IP "TLSv1" 4 - .IX Item "TLSv1" --The connection uses the TLSv1 protocol. -+The connection uses the TLSv1.0 protocol. -+.IP "TLSv1.1" 4 -+.IX Item "TLSv1.1" -+The connection uses the TLSv1.1 protocol. -+.IP "TLSv1.2" 4 -+.IX Item "TLSv1.2" -+The connection uses the TLSv1.2 protocol. - .IP "unknown" 4 - .IX Item "unknown" - This indicates that no version has been set (no connection established). -Index: secure/lib/libssl/man/SSL_library_init.3 -=================================================================== ---- secure/lib/libssl/man/SSL_library_init.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_library_init.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_library_init 3" --.TH SSL_library_init 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_library_init 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -153,7 +162,7 @@ for \fISSL_library_init()\fR. - .SH "WARNING" - .IX Header "WARNING" - \&\fISSL_library_init()\fR adds ciphers and digests used directly and indirectly by --\&\s-1SSL/TLS\s0. -+\&\s-1SSL/TLS.\s0 - .SH "EXAMPLES" - .IX Header "EXAMPLES" - A typical \s-1TLS/SSL\s0 application will start with the library initialization, -Index: secure/lib/libssl/man/SSL_load_client_CA_file.3 -=================================================================== ---- secure/lib/libssl/man/SSL_load_client_CA_file.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_load_client_CA_file.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_load_client_CA_file 3" --.TH SSL_load_client_CA_file 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_load_client_CA_file 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_new.3 -=================================================================== ---- secure/lib/libssl/man/SSL_new.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_new.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_new 3" --.TH SSL_new 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_new 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_pending.3 -=================================================================== ---- secure/lib/libssl/man/SSL_pending.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_pending.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_pending 3" --.TH SSL_pending 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_pending 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_read.3 -=================================================================== ---- secure/lib/libssl/man/SSL_read.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_read.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_read 3" --.TH SSL_read 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_read 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -149,7 +158,7 @@ not already explicitly performed by \fISSL_connect - \&\fISSL_accept\fR\|(3). If the - peer requests a re-negotiation, it will be performed transparently during - the \fISSL_read()\fR operation. The behaviour of \fISSL_read()\fR depends on the --underlying \s-1BIO\s0. -+underlying \s-1BIO. \s0 - .PP - For the transparent negotiation to succeed, the \fBssl\fR must have been - initialized to client or server mode. This is being done by calling -@@ -186,9 +195,9 @@ return value of \fISSL_read()\fR will yield \fB\s- - \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a - call to \fISSL_read()\fR can also cause write operations! The calling process - then must repeat the call after taking appropriate action to satisfy the --needs of \fISSL_read()\fR. The action depends on the underlying \s-1BIO\s0. When using a -+needs of \fISSL_read()\fR. The action depends on the underlying \s-1BIO.\s0 When using a - non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check --for the required condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data -+for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data - must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. - .PP - \&\fISSL_pending\fR\|(3) can be used to find out whether there -Index: secure/lib/libssl/man/SSL_rstate_string.3 -=================================================================== ---- secure/lib/libssl/man/SSL_rstate_string.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_rstate_string.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_rstate_string 3" --.TH SSL_rstate_string 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_rstate_string 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -150,7 +159,7 @@ the \s-1SSL\s0 object \fBssl\fR. - .IX Header "NOTES" - When performing a read operation, the \s-1SSL/TLS\s0 engine must parse the record, - consisting of header and body. When working in a blocking environment, --SSL_rstate_string[_long]() should always return \*(L"\s-1RD\s0\*(R"/\*(L"read done\*(R". -+SSL_rstate_string[_long]() should always return \*(L"\s-1RD\*(R"/\s0\*(L"read done\*(R". - .PP - This function should only seldom be needed in applications. - .SH "RETURN VALUES" -@@ -157,16 +166,16 @@ This function should only seldom be needed in appl - .IX Header "RETURN VALUES" - \&\fISSL_rstate_string()\fR and \fISSL_rstate_string_long()\fR can return the following - values: --.ie n .IP """\s-1RH\s0""/""read header""" 4 --.el .IP "``\s-1RH\s0''/``read header''" 4 -+.ie n .IP """\s-1RH""/\s0""read header""" 4 -+.el .IP "``\s-1RH''/\s0``read header''" 4 - .IX Item "RH/read header" - The header of the record is being evaluated. --.ie n .IP """\s-1RB\s0""/""read body""" 4 --.el .IP "``\s-1RB\s0''/``read body''" 4 -+.ie n .IP """\s-1RB""/\s0""read body""" 4 -+.el .IP "``\s-1RB''/\s0``read body''" 4 - .IX Item "RB/read body" - The body of the record is being evaluated. --.ie n .IP """\s-1RD\s0""/""read done""" 4 --.el .IP "``\s-1RD\s0''/``read done''" 4 -+.ie n .IP """\s-1RD""/\s0""read done""" 4 -+.el .IP "``\s-1RD''/\s0``read done''" 4 - .IX Item "RD/read done" - The record has been completely processed. - .ie n .IP """unknown""/""unknown""" 4 -Index: secure/lib/libssl/man/SSL_session_reused.3 -=================================================================== ---- secure/lib/libssl/man/SSL_session_reused.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_session_reused.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_session_reused 3" --.TH SSL_session_reused 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_session_reused 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_set_bio.3 -=================================================================== ---- secure/lib/libssl/man/SSL_set_bio.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_set_bio.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_set_bio 3" --.TH SSL_set_bio 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_set_bio 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -141,7 +150,7 @@ SSL_set_bio \- connect the SSL object with a BIO - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" - \&\fISSL_set_bio()\fR connects the BIOs \fBrbio\fR and \fBwbio\fR for the read and write --operations of the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. -+operations of the \s-1TLS/SSL \s0(encrypted) side of \fBssl\fR. - .PP - The \s-1SSL\s0 engine inherits the behaviour of \fBrbio\fR and \fBwbio\fR, respectively. - If a \s-1BIO\s0 is non-blocking, the \fBssl\fR will also have non-blocking behaviour. -Index: secure/lib/libssl/man/SSL_set_connect_state.3 -=================================================================== ---- secure/lib/libssl/man/SSL_set_connect_state.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_set_connect_state.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_set_connect_state 3" --.TH SSL_set_connect_state 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_set_connect_state 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_set_fd.3 -=================================================================== ---- secure/lib/libssl/man/SSL_set_fd.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_set_fd.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_set_fd 3" --.TH SSL_set_fd 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_set_fd 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -143,7 +152,7 @@ SSL_set_fd \- connect the SSL object with a file d - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" - \&\fISSL_set_fd()\fR sets the file descriptor \fBfd\fR as the input/output facility --for the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. \fBfd\fR will typically be the -+for the \s-1TLS/SSL \s0(encrypted) side of \fBssl\fR. \fBfd\fR will typically be the - socket file descriptor of a network connection. - .PP - When performing the operation, a \fBsocket \s-1BIO\s0\fR is automatically created to -Index: secure/lib/libssl/man/SSL_set_session.3 -=================================================================== ---- secure/lib/libssl/man/SSL_set_session.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_set_session.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_set_session 3" --.TH SSL_set_session 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_set_session 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_set_shutdown.3 -=================================================================== ---- secure/lib/libssl/man/SSL_set_shutdown.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_set_shutdown.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_set_shutdown 3" --.TH SSL_set_shutdown 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_set_shutdown 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -164,9 +173,9 @@ or a fatal error. - The shutdown state of the connection is used to determine the state of - the ssl session. If the session is still open, when - \&\fISSL_clear\fR\|(3) or \fISSL_free\fR\|(3) is called, --it is considered bad and removed according to \s-1RFC2246\s0. --The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN\s0 --(according to the \s-1TLS\s0 \s-1RFC\s0, it is acceptable to only send the \*(L"close notify\*(R" -+it is considered bad and removed according to \s-1RFC2246.\s0 -+The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN -+\&\s0(according to the \s-1TLS RFC,\s0 it is acceptable to only send the \*(L"close notify\*(R" - alert but to not wait for the peer's answer, when the underlying connection - is closed). - \&\fISSL_set_shutdown()\fR can be used to set this state without sending a -Index: secure/lib/libssl/man/SSL_set_verify_result.3 -=================================================================== ---- secure/lib/libssl/man/SSL_set_verify_result.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_set_verify_result.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_set_verify_result 3" --.TH SSL_set_verify_result 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_set_verify_result 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_shutdown.3 -=================================================================== ---- secure/lib/libssl/man/SSL_shutdown.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_shutdown.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_shutdown 3" --.TH SSL_shutdown 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_shutdown 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -176,7 +185,7 @@ complete (return value of the first call is 0). As - specially handled in the SSLv2 protocol, \fISSL_shutdown()\fR will succeed on - the first call. - .PP --The behaviour of \fISSL_shutdown()\fR additionally depends on the underlying \s-1BIO\s0. -+The behaviour of \fISSL_shutdown()\fR additionally depends on the underlying \s-1BIO. \s0 - .PP - If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_shutdown()\fR will only return once the - handshake step has been finished or an error occurred. -@@ -187,9 +196,9 @@ to continue the handshake. In this case a call to - return value of \fISSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or - \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after - taking appropriate action to satisfy the needs of \fISSL_shutdown()\fR. --The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, -+The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket, - nothing is to be done, but \fIselect()\fR can be used to check for the required --condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written -+condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written - into or retrieved out of the \s-1BIO\s0 before being able to continue. - .PP - \&\fISSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R" -Index: secure/lib/libssl/man/SSL_state_string.3 -=================================================================== ---- secure/lib/libssl/man/SSL_state_string.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_state_string.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_state_string 3" --.TH SSL_state_string 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_state_string 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/lib/libssl/man/SSL_want.3 -=================================================================== ---- secure/lib/libssl/man/SSL_want.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_want.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_want 3" --.TH SSL_want 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_want 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -171,19 +180,19 @@ There is no data to be written or to be read. - There are data in the \s-1SSL\s0 buffer that must be written to the underlying - \&\fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. - A call to \fISSL_get_error\fR\|(3) should return --\&\s-1SSL_ERROR_WANT_WRITE\s0. -+\&\s-1SSL_ERROR_WANT_WRITE.\s0 - .IP "\s-1SSL_READING\s0" 4 - .IX Item "SSL_READING" - More data must be read from the underlying \fB\s-1BIO\s0\fR layer in order to - complete the actual SSL_*() operation. - A call to \fISSL_get_error\fR\|(3) should return --\&\s-1SSL_ERROR_WANT_READ\s0. -+\&\s-1SSL_ERROR_WANT_READ.\s0 - .IP "\s-1SSL_X509_LOOKUP\s0" 4 - .IX Item "SSL_X509_LOOKUP" - The operation did not complete because an application callback set by - \&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again. - A call to \fISSL_get_error\fR\|(3) should return --\&\s-1SSL_ERROR_WANT_X509_LOOKUP\s0. -+\&\s-1SSL_ERROR_WANT_X509_LOOKUP.\s0 - .PP - \&\fISSL_want_nothing()\fR, \fISSL_want_read()\fR, \fISSL_want_write()\fR, \fISSL_want_x509_lookup()\fR - return 1, when the corresponding condition is true or 0 otherwise. -Index: secure/lib/libssl/man/SSL_write.3 -=================================================================== ---- secure/lib/libssl/man/SSL_write.3 (revision 279126) -+++ secure/lib/libssl/man/SSL_write.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SSL_write 3" --.TH SSL_write 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SSL_write 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -149,7 +158,7 @@ not already explicitly performed by \fISSL_connect - \&\fISSL_accept\fR\|(3). If the - peer requests a re-negotiation, it will be performed transparently during - the \fISSL_write()\fR operation. The behaviour of \fISSL_write()\fR depends on the --underlying \s-1BIO\s0. -+underlying \s-1BIO. \s0 - .PP - For the transparent negotiation to succeed, the \fBssl\fR must have been - initialized to client or server mode. This is being done by calling -@@ -170,9 +179,9 @@ return value of \fISSL_write()\fR will yield \fB\s - \&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a - call to \fISSL_write()\fR can also cause read operations! The calling process - then must repeat the call after taking appropriate action to satisfy the --needs of \fISSL_write()\fR. The action depends on the underlying \s-1BIO\s0. When using a -+needs of \fISSL_write()\fR. The action depends on the underlying \s-1BIO.\s0 When using a - non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check --for the required condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data -+for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data - must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. - .PP - \&\fISSL_write()\fR will only return with success, when the complete contents -Index: secure/lib/libssl/man/d2i_SSL_SESSION.3 -=================================================================== ---- secure/lib/libssl/man/d2i_SSL_SESSION.3 (revision 279126) -+++ secure/lib/libssl/man/d2i_SSL_SESSION.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "d2i_SSL_SESSION 3" --.TH d2i_SSL_SESSION 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH d2i_SSL_SESSION 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -175,6 +184,16 @@ known limit on the size of the created \s-1ASN1\s0 - amount of space should be obtained by first calling \fIi2d_SSL_SESSION()\fR with - \&\fBpp=NULL\fR, and obtain the size needed, then allocate the memory and - call \fIi2d_SSL_SESSION()\fR again. -+Note that this will advance the value contained in \fB*pp\fR so it is necessary -+to save a copy of the original allocation. -+For example: -+ int i,j; -+ char *p, *temp; -+ i = i2d_SSL_SESSION(sess, \s-1NULL\s0); -+ p = temp = malloc(i); -+ j = i2d_SSL_SESSION(sess, &temp); -+ assert(i == j); -+ assert(p+i == temp); - .SH "RETURN VALUES" - .IX Header "RETURN VALUES" - \&\fId2i_SSL_SESSION()\fR returns a pointer to the newly allocated \s-1SSL_SESSION\s0 -Index: secure/lib/libssl/man/ssl.3 -=================================================================== ---- secure/lib/libssl/man/ssl.3 (revision 279126) -+++ secure/lib/libssl/man/ssl.3 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ssl 3" --.TH ssl 3 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ssl 3 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -187,7 +196,7 @@ connection: \fB\s-1SSL_CIPHER\s0\fRs, client and s - .IP "\fB\s-1SSL\s0\fR (\s-1SSL\s0 Connection)" 4 - .IX Item "SSL (SSL Connection)" - That's the main \s-1SSL/TLS\s0 structure which is created by a server or client per --established connection. This actually is the core structure in the \s-1SSL\s0 \s-1API\s0. -+established connection. This actually is the core structure in the \s-1SSL API.\s0 - Under run-time the application usually deals with this structure which has - links to mostly all other structures. - .SH "HEADER FILES" -@@ -196,10 +205,10 @@ Currently the OpenSSL \fBssl\fR library provides t - containing the prototypes for the data structures and and functions: - .IP "\fBssl.h\fR" 4 - .IX Item "ssl.h" --That's the common header file for the \s-1SSL/TLS\s0 \s-1API\s0. Include it into your -+That's the common header file for the \s-1SSL/TLS API. \s0 Include it into your - program to make the \s-1API\s0 of the \fBssl\fR library available. It internally - includes both more private \s-1SSL\s0 headers and headers from the \fBcrypto\fR library. --Whenever you need hard-core details on the internals of the \s-1SSL\s0 \s-1API\s0, look -+Whenever you need hard-core details on the internals of the \s-1SSL API,\s0 look - inside this header file. - .IP "\fBssl2.h\fR" 4 - .IX Item "ssl2.h" -@@ -226,7 +235,7 @@ it's already included by ssl.h\fR. - .IX Header "API FUNCTIONS" - Currently the OpenSSL \fBssl\fR library exports 214 \s-1API\s0 functions. - They are documented in the following: --.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1PROTOCOL\s0 \s-1METHODS\s0" -+.SS "\s-1DEALING WITH PROTOCOL METHODS\s0" - .IX Subsection "DEALING WITH PROTOCOL METHODS" - Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 - protocol methods defined in \fB\s-1SSL_METHOD\s0\fR structures. -@@ -257,7 +266,7 @@ Constructor for the TLSv1 \s-1SSL_METHOD\s0 struct - .IP "\s-1SSL_METHOD\s0 *\fBTLSv1_method\fR(void);" 4 - .IX Item "SSL_METHOD *TLSv1_method(void);" - Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for combined client and server. --.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1CIPHERS\s0" -+.SS "\s-1DEALING WITH CIPHERS\s0" - .IX Subsection "DEALING WITH CIPHERS" - Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 - ciphers defined in \fB\s-1SSL_CIPHER\s0\fR structures. -@@ -280,7 +289,7 @@ definitions in the header files. - Returns a string like "\f(CW\*(C`TLSv1/SSLv3\*(C'\fR\*(L" or \*(R"\f(CW\*(C`SSLv2\*(C'\fR" which indicates the - \&\s-1SSL/TLS\s0 protocol version to which \fIcipher\fR belongs (i.e. where it was defined - in the specification the first time). --.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1PROTOCOL\s0 \s-1CONTEXTS\s0" -+.SS "\s-1DEALING WITH PROTOCOL CONTEXTS\s0" - .IX Subsection "DEALING WITH PROTOCOL CONTEXTS" - Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 - protocol context defined in the \fB\s-1SSL_CTX\s0\fR structure. -@@ -453,7 +462,7 @@ session instead of a context. - .IP "int \fBSSL_CTX_use_certificate_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 - .IX Item "int SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type);" - .PD --.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1SESSIONS\s0" -+.SS "\s-1DEALING WITH SESSIONS\s0" - .IX Subsection "DEALING WITH SESSIONS" - Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 - sessions defined in the \fB\s-1SSL_SESSION\s0\fR structures. -@@ -489,7 +498,7 @@ sessions defined in the \fB\s-1SSL_SESSION\s0\fR s - .IP "long \fBSSL_SESSION_set_timeout\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 - .IX Item "long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);" - .PD --.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1CONNECTIONS\s0" -+.SS "\s-1DEALING WITH CONNECTIONS\s0" - .IX Subsection "DEALING WITH CONNECTIONS" - Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 - connection defined in the \fB\s-1SSL\s0\fR structure. -Index: secure/usr.bin/openssl/man/CA.pl.1 -=================================================================== ---- secure/usr.bin/openssl/man/CA.pl.1 (revision 279126) -+++ secure/usr.bin/openssl/man/CA.pl.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "CA.PL 1" --.TH CA.PL 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH CA.PL 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -196,7 +205,7 @@ to standard output. - .IX Item "-signCA" - this option is the same as the \fB\-signreq\fR option except it uses the configuration - file section \fBv3_ca\fR and so makes the signed request a valid \s-1CA\s0 certificate. This --is useful when creating intermediate \s-1CA\s0 from a root \s-1CA\s0. -+is useful when creating intermediate \s-1CA\s0 from a root \s-1CA.\s0 - .IP "\fB\-signcert\fR" 4 - .IX Item "-signcert" - this option is the same as \fB\-sign\fR except it expects a self signed certificate -@@ -216,7 +225,7 @@ Create a \s-1CA\s0 hierarchy: - \& CA.pl \-newca - .Ve - .PP --Complete certificate creation example: create a \s-1CA\s0, create a request, sign -+Complete certificate creation example: create a \s-1CA,\s0 create a request, sign - the request and finally create a PKCS#12 file containing it. - .PP - .Vb 4 -@@ -237,7 +246,7 @@ Create some \s-1DSA\s0 parameters: - \& openssl dsaparam \-out dsap.pem 1024 - .Ve - .PP --Create a \s-1DSA\s0 \s-1CA\s0 certificate and private key: -+Create a \s-1DSA CA\s0 certificate and private key: - .PP - .Vb 1 - \& openssl req \-x509 \-newkey dsa:dsap.pem \-keyout cacert.pem \-out cacert.pem -Index: secure/usr.bin/openssl/man/asn1parse.1 -=================================================================== ---- secure/usr.bin/openssl/man/asn1parse.1 (revision 279126) -+++ secure/usr.bin/openssl/man/asn1parse.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ASN1PARSE 1" --.TH ASN1PARSE 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ASN1PARSE 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -142,13 +151,15 @@ asn1parse \- ASN.1 parsing tool - [\fB\-length number\fR] - [\fB\-i\fR] - [\fB\-oid filename\fR] -+[\fB\-dump\fR] -+[\fB\-dlimit num\fR] - [\fB\-strparse offset\fR] - [\fB\-genstr string\fR] - [\fB\-genconf file\fR] - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" --The \fBasn1parse\fR command is a diagnostic utility that can parse \s-1ASN\s0.1 --structures. It can also be used to extract data from \s-1ASN\s0.1 formatted data. -+The \fBasn1parse\fR command is a diagnostic utility that can parse \s-1ASN.1\s0 -+structures. It can also be used to extract data from \s-1ASN.1\s0 formatted data. - .SH "OPTIONS" - .IX Header "OPTIONS" - .IP "\fB\-inform\fR \fBDER|PEM\fR" 4 -@@ -179,9 +190,15 @@ indents the output according to the \*(L"depth\*(R - .IX Item "-oid filename" - a file containing additional \s-1OBJECT\s0 IDENTIFIERs (OIDs). The format of this - file is described in the \s-1NOTES\s0 section below. -+.IP "\fB\-dump\fR" 4 -+.IX Item "-dump" -+dump unknown data in hex format. -+.IP "\fB\-dlimit num\fR" 4 -+.IX Item "-dlimit num" -+like \fB\-dump\fR, but only the first \fBnum\fR bytes are output. - .IP "\fB\-strparse offset\fR" 4 - .IX Item "-strparse offset" --parse the contents octets of the \s-1ASN\s0.1 object starting at \fBoffset\fR. This -+parse the contents octets of the \s-1ASN.1\s0 object starting at \fBoffset\fR. This - option can be used multiple times to \*(L"drill down\*(R" into a nested structure. - .IP "\fB\-genstr string\fR, \fB\-genconf file\fR" 4 - .IX Item "-genstr string, -genconf file" -@@ -218,15 +235,15 @@ The output will typically contain lines like this: - .PP - This example is part of a self signed certificate. Each line starts with the - offset in decimal. \fBd=XX\fR specifies the current depth. The depth is increased --within the scope of any \s-1SET\s0 or \s-1SEQUENCE\s0. \fBhl=XX\fR gives the header length -+within the scope of any \s-1SET\s0 or \s-1SEQUENCE. \s0\fBhl=XX\fR gives the header length - (tag and length octets) of the current type. \fBl=XX\fR gives the length of - the contents octets. - .PP - The \fB\-i\fR option can be used to make the output more readable. - .PP --Some knowledge of the \s-1ASN\s0.1 structure is needed to interpret the output. -+Some knowledge of the \s-1ASN.1\s0 structure is needed to interpret the output. - .PP --In this example the \s-1BIT\s0 \s-1STRING\s0 at offset 229 is the certificate public key. -+In this example the \s-1BIT STRING\s0 at offset 229 is the certificate public key. - The contents octets of this will contain the public key information. This can - be examined using the option \fB\-strparse 229\fR to yield: - .PP -@@ -291,4 +308,4 @@ Example config file: - .SH "BUGS" - .IX Header "BUGS" - There should be options to change the format of output lines. The output of some --\&\s-1ASN\s0.1 types is not well handled (if at all). -+\&\s-1ASN.1\s0 types is not well handled (if at all). -Index: secure/usr.bin/openssl/man/ca.1 -=================================================================== ---- secure/usr.bin/openssl/man/ca.1 (revision 279126) -+++ secure/usr.bin/openssl/man/ca.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "CA 1" --.TH CA 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH CA 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -139,6 +148,8 @@ ca \- sample minimal CA application - [\fB\-name section\fR] - [\fB\-gencrl\fR] - [\fB\-revoke file\fR] -+[\fB\-status serial\fR] -+[\fB\-updatedb\fR] - [\fB\-crl_reason reason\fR] - [\fB\-crl_hold instruction\fR] - [\fB\-crl_compromise time\fR] -@@ -152,6 +163,7 @@ ca \- sample minimal CA application - [\fB\-md arg\fR] - [\fB\-policy arg\fR] - [\fB\-keyfile arg\fR] -+[\fB\-keyform PEM|DER\fR] - [\fB\-key arg\fR] - [\fB\-passin arg\fR] - [\fB\-cert file\fR] -@@ -193,15 +205,15 @@ specifies the configuration file section to use (o - .IP "\fB\-in filename\fR" 4 - .IX Item "-in filename" - an input filename containing a single certificate request to be --signed by the \s-1CA\s0. -+signed by the \s-1CA.\s0 - .IP "\fB\-ss_cert filename\fR" 4 - .IX Item "-ss_cert filename" --a single self signed certificate to be signed by the \s-1CA\s0. -+a single self signed certificate to be signed by the \s-1CA.\s0 - .IP "\fB\-spkac filename\fR" 4 - .IX Item "-spkac filename" - a file containing a single Netscape signed public key and challenge --and additional field values to be signed by the \s-1CA\s0. See the \fB\s-1SPKAC\s0 \s-1FORMAT\s0\fR --section for information on the required format. -+and additional field values to be signed by the \s-1CA.\s0 See the \fB\s-1SPKAC FORMAT\s0\fR -+section for information on the required input and output format. - .IP "\fB\-infiles\fR" 4 - .IX Item "-infiles" - if present this should be the last option, all subsequent arguments -@@ -210,7 +222,7 @@ are assumed to be the names of files containing ce - .IX Item "-out filename" - the output file to output certificates to. The default is standard - output. The certificate details will also be printed out to this --file. -+file in \s-1PEM\s0 format (except that \fB\-spkac\fR outputs \s-1DER\s0 format). - .IP "\fB\-outdir directory\fR" 4 - .IX Item "-outdir directory" - the directory to output certificates to. The certificate will be -@@ -222,6 +234,10 @@ the \s-1CA\s0 certificate file. - .IP "\fB\-keyfile filename\fR" 4 - .IX Item "-keyfile filename" - the private key to sign requests with. -+.IP "\fB\-keyform PEM|DER\fR" 4 -+.IX Item "-keyform PEM|DER" -+the format of the data in the private key file. -+The default is \s-1PEM.\s0 - .IP "\fB\-key password\fR" 4 - .IX Item "-key password" - the password used to encrypt the private key. Since on some -@@ -243,7 +259,7 @@ self-signed certificate. - .IP "\fB\-passin arg\fR" 4 - .IX Item "-passin arg" - the key password source. For more information about the format of \fBarg\fR --see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). - .IP "\fB\-verbose\fR" 4 - .IX Item "-verbose" - this prints extra details about the operations being performed. -@@ -253,11 +269,11 @@ don't output the text form of a certificate to the - .IP "\fB\-startdate date\fR" 4 - .IX Item "-startdate date" - this allows the start date to be explicitly set. The format of the --date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure). -+date is \s-1YYMMDDHHMMSSZ \s0(the same as an \s-1ASN1\s0 UTCTime structure). - .IP "\fB\-enddate date\fR" 4 - .IX Item "-enddate date" - this allows the expiry date to be explicitly set. The format of the --date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure). -+date is \s-1YYMMDDHHMMSSZ \s0(the same as an \s-1ASN1\s0 UTCTime structure). - .IP "\fB\-days arg\fR" 4 - .IX Item "-days arg" - the number of days to certify the certificate for. -@@ -267,9 +283,9 @@ the message digest to use. Possible values include - This option also applies to CRLs. - .IP "\fB\-policy arg\fR" 4 - .IX Item "-policy arg" --this option defines the \s-1CA\s0 \*(L"policy\*(R" to use. This is a section in -+this option defines the \s-1CA \s0\*(L"policy\*(R" to use. This is a section in - the configuration file which decides which fields should be mandatory --or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section -+or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY FORMAT\s0\fR section - for more information. - .IP "\fB\-msie_hack\fR" 4 - .IX Item "-msie_hack" -@@ -288,7 +304,7 @@ DNs match the order of the request. This is not ne - .IP "\fB\-noemailDN\fR" 4 - .IX Item "-noemailDN" - The \s-1DN\s0 of a certificate can contain the \s-1EMAIL\s0 field if present in the --request \s-1DN\s0, however it is good policy just having the e\-mail set into -+request \s-1DN,\s0 however it is good policy just having the e\-mail set into - the altName extension of the certificate. When this option is set the - \&\s-1EMAIL\s0 field is removed from the certificate' subject and set only in - the, eventually present, extensions. The \fBemail_in_dn\fR keyword can be -@@ -323,7 +339,7 @@ characters may be escaped by \e (backslash), no sp - .IP "\fB\-utf8\fR" 4 - .IX Item "-utf8" - this option causes field values to be interpreted as \s-1UTF8\s0 strings, by --default they are interpreted as \s-1ASCII\s0. This means that the field -+default they are interpreted as \s-1ASCII.\s0 This means that the field - values, whether prompted from a terminal or obtained from a - configuration file, must be valid \s-1UTF8\s0 strings. - .IP "\fB\-multivalue\-rdn\fR" 4 -@@ -349,6 +365,13 @@ the number of hours before the next \s-1CRL\s0 is - .IP "\fB\-revoke filename\fR" 4 - .IX Item "-revoke filename" - a filename containing a certificate to revoke. -+.IP "\fB\-status serial\fR" 4 -+.IX Item "-status serial" -+displays the revocation status of the certificate with the specified -+serial number and exits. -+.IP "\fB\-updatedb\fR" 4 -+.IX Item "-updatedb" -+Updates the database index to purge expired certificates. - .IP "\fB\-crl_reason reason\fR" 4 - .IX Item "-crl_reason reason" - revocation reason, where \fBreason\fR is one of: \fBunspecified\fR, \fBkeyCompromise\fR, -@@ -361,7 +384,7 @@ in delta CRLs which are not currently implemented. - .IP "\fB\-crl_hold instruction\fR" 4 - .IX Item "-crl_hold instruction" - This sets the \s-1CRL\s0 revocation reason code to \fBcertificateHold\fR and the hold --instruction to \fBinstruction\fR which must be an \s-1OID\s0. Although any \s-1OID\s0 can be -+instruction to \fBinstruction\fR which must be an \s-1OID.\s0 Although any \s-1OID\s0 can be - used only \fBholdInstructionNone\fR (the use of which is discouraged by \s-1RFC2459\s0) - \&\fBholdInstructionCallIssuer\fR or \fBholdInstructionReject\fR will normally be used. - .IP "\fB\-crl_compromise time\fR" 4 -@@ -389,8 +412,8 @@ be used must be named in the \fBdefault_ca\fR opti - of the configuration file (or in the default section of the - configuration file). Besides \fBdefault_ca\fR, the following options are - read directly from the \fBca\fR section: -- \s-1RANDFILE\s0 -- preserve -+ \s-1RANDFILE -+\&\s0 preserve - msie_hack - With the exception of \fB\s-1RANDFILE\s0\fR, this is probably a bug and may - change in future releases. -@@ -403,7 +426,7 @@ the configuration file or the command line equival - any) used. - .IP "\fBoid_file\fR" 4 - .IX Item "oid_file" --This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR. -+This specifies a file containing additional \fB\s-1OBJECT IDENTIFIERS\s0\fR. - Each line of the file should consist of the numerical form of the - object identifier followed by white space then the short name followed - by white space and finally the long name. -@@ -446,7 +469,7 @@ present. - .IX Item "default_crl_hours default_crl_days" - the same as the \fB\-crlhours\fR and the \fB\-crldays\fR options. These - will only be used if neither command line option is present. At --least one of these must be present to generate a \s-1CRL\s0. -+least one of these must be present to generate a \s-1CRL.\s0 - .IP "\fBdefault_md\fR" 4 - .IX Item "default_md" - the same as the \fB\-md\fR option. The message digest to use. Mandatory. -@@ -485,13 +508,13 @@ the same as \fB\-preserveDN\fR - .IX Item "email_in_dn" - the same as \fB\-noemailDN\fR. If you want the \s-1EMAIL\s0 field to be removed - from the \s-1DN\s0 of the certificate simply set this to 'no'. If not present --the default is to allow for the \s-1EMAIL\s0 filed in the certificate's \s-1DN\s0. -+the default is to allow for the \s-1EMAIL\s0 filed in the certificate's \s-1DN.\s0 - .IP "\fBmsie_hack\fR" 4 - .IX Item "msie_hack" - the same as \fB\-msie_hack\fR - .IP "\fBpolicy\fR" 4 - .IX Item "policy" --the same as \fB\-policy\fR. Mandatory. See the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section -+the same as \fB\-policy\fR. Mandatory. See the \fB\s-1POLICY FORMAT\s0\fR section - for more information. - .IP "\fBname_opt\fR, \fBcert_opt\fR" 4 - .IX Item "name_opt, cert_opt" -@@ -542,6 +565,10 @@ The file should contain the variable \s-1SPKAC\s0 - the \s-1SPKAC\s0 and also the required \s-1DN\s0 components as name value pairs. - If you need to include the same component twice then it can be - preceded by a number and a '.'. -+.PP -+When processing \s-1SPKAC\s0 format, the output is \s-1DER\s0 if the \fB\-out\fR -+flag is used, but \s-1PEM\s0 format if sending to stdout or the \fB\-outdir\fR -+flag is used. - .SH "EXAMPLES" - .IX Header "EXAMPLES" - Note: these examples assume that the \fBca\fR directory structure is -@@ -679,7 +706,7 @@ exposed at either a command or interface level so - .PP - Any fields in a request that are not present in a policy are silently - deleted. This does not happen if the \fB\-preserveDN\fR option is used. To --enforce the absence of the \s-1EMAIL\s0 field within the \s-1DN\s0, as suggested by -+enforce the absence of the \s-1EMAIL\s0 field within the \s-1DN,\s0 as suggested by - RFCs, regardless the contents of the request' subject the \fB\-noemailDN\fR - option can be used. The behaviour should be more friendly and - configurable. -@@ -691,7 +718,7 @@ create an empty file. - The \fBca\fR command is quirky and at times downright unfriendly. - .PP - The \fBca\fR utility was originally meant as an example of how to do things --in a \s-1CA\s0. It was not supposed to be used as a full blown \s-1CA\s0 itself: -+in a \s-1CA.\s0 It was not supposed to be used as a full blown \s-1CA\s0 itself: - nevertheless some people are using it for this purpose. - .PP - The \fBca\fR command is effectively a single user command: no locking is -Index: secure/usr.bin/openssl/man/ciphers.1 -=================================================================== ---- secure/usr.bin/openssl/man/ciphers.1 (revision 279126) -+++ secure/usr.bin/openssl/man/ciphers.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "CIPHERS 1" --.TH CIPHERS 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH CIPHERS 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -187,7 +196,7 @@ algorithms. - .PP - Lists of cipher suites can be combined in a single cipher string using the - \&\fB+\fR character. This is used as a logical \fBand\fR operation. For example --\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1\s0 \fBand\fR the \s-1DES\s0 -+\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1 \s0\fBand\fR the \s-1DES\s0 - algorithms. - .PP - Each cipher string can be optionally preceded by the characters \fB!\fR, -@@ -253,7 +262,7 @@ export encryption algorithms. Including 40 and 56 - with support for experimental ciphers. - .IP "\fBeNULL\fR, \fB\s-1NULL\s0\fR" 4 - .IX Item "eNULL, NULL" --the \*(L"\s-1NULL\s0\*(R" ciphers that is those offering no encryption. Because these offer no -+the \*(L"\s-1NULL\*(R"\s0 ciphers that is those offering no encryption. Because these offer no - encryption at all and are a security risk they are disabled unless explicitly - included. - .IP "\fBaNULL\fR" 4 -@@ -290,46 +299,46 @@ ciphers suites using \s-1FORTEZZA\s0 key exchange, - \&\s-1TLS\s0 v1.0, \s-1SSL\s0 v3.0 or \s-1SSL\s0 v2.0 cipher suites respectively. - .IP "\fB\s-1DH\s0\fR" 4 - .IX Item "DH" --cipher suites using \s-1DH\s0, including anonymous \s-1DH\s0. -+cipher suites using \s-1DH,\s0 including anonymous \s-1DH.\s0 - .IP "\fB\s-1ADH\s0\fR" 4 - .IX Item "ADH" - anonymous \s-1DH\s0 cipher suites. - .IP "\fB\s-1AES\s0\fR" 4 - .IX Item "AES" --cipher suites using \s-1AES\s0. -+cipher suites using \s-1AES.\s0 - .IP "\fB\s-1CAMELLIA\s0\fR" 4 - .IX Item "CAMELLIA" - cipher suites using Camellia. - .IP "\fB3DES\fR" 4 - .IX Item "3DES" --cipher suites using triple \s-1DES\s0. -+cipher suites using triple \s-1DES.\s0 - .IP "\fB\s-1DES\s0\fR" 4 - .IX Item "DES" --cipher suites using \s-1DES\s0 (not triple \s-1DES\s0). -+cipher suites using \s-1DES \s0(not triple \s-1DES\s0). - .IP "\fB\s-1RC4\s0\fR" 4 - .IX Item "RC4" --cipher suites using \s-1RC4\s0. -+cipher suites using \s-1RC4.\s0 - .IP "\fB\s-1RC2\s0\fR" 4 - .IX Item "RC2" --cipher suites using \s-1RC2\s0. -+cipher suites using \s-1RC2.\s0 - .IP "\fB\s-1IDEA\s0\fR" 4 - .IX Item "IDEA" --cipher suites using \s-1IDEA\s0. -+cipher suites using \s-1IDEA.\s0 - .IP "\fB\s-1SEED\s0\fR" 4 - .IX Item "SEED" --cipher suites using \s-1SEED\s0. -+cipher suites using \s-1SEED.\s0 - .IP "\fB\s-1MD5\s0\fR" 4 - .IX Item "MD5" --cipher suites using \s-1MD5\s0. -+cipher suites using \s-1MD5.\s0 - .IP "\fB\s-1SHA1\s0\fR, \fB\s-1SHA\s0\fR" 4 - .IX Item "SHA1, SHA" --cipher suites using \s-1SHA1\s0. -+cipher suites using \s-1SHA1.\s0 - .SH "CIPHER SUITE NAMES" - .IX Header "CIPHER SUITE NAMES" - The following lists give the \s-1SSL\s0 or \s-1TLS\s0 cipher suites names from the - relevant specification and their OpenSSL equivalents. It should be noted, - that several cipher suite names do not include the authentication used, --e.g. \s-1DES\-CBC3\-SHA\s0. In these cases, \s-1RSA\s0 authentication is used. -+e.g. \s-1DES\-CBC3\-SHA.\s0 In these cases, \s-1RSA\s0 authentication is used. - .SS "\s-1SSL\s0 v3.0 cipher suites." - .IX Subsection "SSL v3.0 cipher suites." - .Vb 10 -@@ -400,7 +409,7 @@ that several cipher suite names do not include the - \& TLS_DH_anon_WITH_DES_CBC_SHA ADH\-DES\-CBC\-SHA - \& TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH\-DES\-CBC3\-SHA - .Ve --.SS "\s-1AES\s0 ciphersuites from \s-1RFC3268\s0, extending \s-1TLS\s0 v1.0" -+.SS "\s-1AES\s0 ciphersuites from \s-1RFC3268,\s0 extending \s-1TLS\s0 v1.0" - .IX Subsection "AES ciphersuites from RFC3268, extending TLS v1.0" - .Vb 2 - \& TLS_RSA_WITH_AES_128_CBC_SHA AES128\-SHA -@@ -419,7 +428,7 @@ that several cipher suite names do not include the - \& TLS_DH_anon_WITH_AES_128_CBC_SHA ADH\-AES128\-SHA - \& TLS_DH_anon_WITH_AES_256_CBC_SHA ADH\-AES256\-SHA - .Ve --.SS "Camellia ciphersuites from \s-1RFC4132\s0, extending \s-1TLS\s0 v1.0" -+.SS "Camellia ciphersuites from \s-1RFC4132,\s0 extending \s-1TLS\s0 v1.0" - .IX Subsection "Camellia ciphersuites from RFC4132, extending TLS v1.0" - .Vb 2 - \& TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128\-SHA -@@ -438,7 +447,7 @@ that several cipher suite names do not include the - \& TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH\-CAMELLIA128\-SHA - \& TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH\-CAMELLIA256\-SHA - .Ve --.SS "\s-1SEED\s0 ciphersuites from \s-1RFC4162\s0, extending \s-1TLS\s0 v1.0" -+.SS "\s-1SEED\s0 ciphersuites from \s-1RFC4162,\s0 extending \s-1TLS\s0 v1.0" - .IX Subsection "SEED ciphersuites from RFC4162, extending TLS v1.0" - .Vb 1 - \& TLS_RSA_WITH_SEED_CBC_SHA SEED\-SHA -Index: secure/usr.bin/openssl/man/crl.1 -=================================================================== ---- secure/usr.bin/openssl/man/crl.1 (revision 279126) -+++ secure/usr.bin/openssl/man/crl.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "CRL 1" --.TH CRL 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH CRL 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -139,6 +148,7 @@ crl \- CRL utility - [\fB\-text\fR] - [\fB\-in filename\fR] - [\fB\-out filename\fR] -+[\fB\-nameopt option\fR] - [\fB\-noout\fR] - [\fB\-hash\fR] - [\fB\-issuer\fR] -@@ -171,9 +181,13 @@ default. - .IP "\fB\-text\fR" 4 - .IX Item "-text" - print out the \s-1CRL\s0 in text form. -+.IP "\fB\-nameopt option\fR" 4 -+.IX Item "-nameopt option" -+option which determines how the subject or issuer names are displayed. See -+the description of \fB\-nameopt\fR in \fIx509\fR\|(1). - .IP "\fB\-noout\fR" 4 - .IX Item "-noout" --don't output the encoded version of the \s-1CRL\s0. -+don't output the encoded version of the \s-1CRL.\s0 - .IP "\fB\-hash\fR" 4 - .IX Item "-hash" - output a hash of the issuer name. This can be use to lookup CRLs in -@@ -199,7 +213,7 @@ is a hash of each subject name (using \fBx509 \-ha - to each certificate. - .SH "NOTES" - .IX Header "NOTES" --The \s-1PEM\s0 \s-1CRL\s0 format uses the header and footer lines: -+The \s-1PEM CRL\s0 format uses the header and footer lines: - .PP - .Vb 2 - \& \-\-\-\-\-BEGIN X509 CRL\-\-\-\-\- -Index: secure/usr.bin/openssl/man/crl2pkcs7.1 -=================================================================== ---- secure/usr.bin/openssl/man/crl2pkcs7.1 (revision 279126) -+++ secure/usr.bin/openssl/man/crl2pkcs7.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "CRL2PKCS7 1" --.TH CRL2PKCS7 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH CRL2PKCS7 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -193,7 +202,7 @@ different certificates: - .SH "NOTES" - .IX Header "NOTES" - The output file is a PKCS#7 signed data structure containing no signers and --just certificates and an optional \s-1CRL\s0. -+just certificates and an optional \s-1CRL.\s0 - .PP - This utility can be used to send certificates and CAs to Netscape as part of - the certificate enrollment process. This involves sending the \s-1DER\s0 encoded output -Index: secure/usr.bin/openssl/man/dgst.1 -=================================================================== ---- secure/usr.bin/openssl/man/dgst.1 (revision 279126) -+++ secure/usr.bin/openssl/man/dgst.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "DGST 1" --.TH DGST 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH DGST 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -181,11 +190,11 @@ digitally sign the digest using the private key in - .IP "\fB\-passin arg\fR" 4 - .IX Item "-passin arg" - the private key password source. For more information about the format of \fBarg\fR --see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). - .IP "\fB\-verify filename\fR" 4 - .IX Item "-verify filename" - verify the signature using the public key in \*(L"filename\*(R". --The output is either \*(L"Verification \s-1OK\s0\*(R" or \*(L"Verification Failure\*(R". -+The output is either \*(L"Verification \s-1OK\*(R"\s0 or \*(L"Verification Failure\*(R". - .IP "\fB\-prverify filename\fR" 4 - .IX Item "-prverify filename" - verify the signature using the the private key in \*(L"filename\*(R". -@@ -208,7 +217,7 @@ file or files to digest. If no files are specified - used. - .SH "NOTES" - .IX Header "NOTES" --The digest of choice for all new applications is \s-1SHA1\s0. Other digests are -+The digest of choice for all new applications is \s-1SHA1.\s0 Other digests are - however still widely used. - .PP - If you wish to sign or verify data using the \s-1DSA\s0 algorithm then the dss1 -@@ -215,7 +224,7 @@ If you wish to sign or verify data using the \s-1D - digest must be used. - .PP - A source of random numbers is required for certain signing algorithms, in --particular \s-1DSA\s0. -+particular \s-1DSA.\s0 - .PP - The signing and verify options should only be used if a single file is - being signed or verified. -Index: secure/usr.bin/openssl/man/dhparam.1 -=================================================================== ---- secure/usr.bin/openssl/man/dhparam.1 (revision 279126) -+++ secure/usr.bin/openssl/man/dhparam.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "DHPARAM 1" --.TH DHPARAM 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH DHPARAM 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -139,6 +148,7 @@ dhparam \- DH parameter manipulation and generatio - [\fB\-in\fR \fIfilename\fR] - [\fB\-out\fR \fIfilename\fR] - [\fB\-dsaparam\fR] -+[\fB\-check\fR] - [\fB\-noout\fR] - [\fB\-text\fR] - [\fB\-C\fR] -@@ -154,7 +164,7 @@ This command is used to manipulate \s-1DH\s0 param - .IX Header "OPTIONS" - .IP "\fB\-inform DER|PEM\fR" 4 - .IX Item "-inform DER|PEM" --This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded -+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded - form compatible with the PKCS#3 DHparameter structure. The \s-1PEM\s0 form is the - default format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with - additional header and footer lines. -@@ -182,6 +192,9 @@ and the recommended exponent length is shorter, wh - exchange more efficient. Beware that with such DSA-style \s-1DH\s0 - parameters, a fresh \s-1DH\s0 key should be created for each use to - avoid small-subgroup attacks that may be possible otherwise. -+.IP "\fB\-check\fR" 4 -+.IX Item "-check" -+check if the parameters are valid primes and generator. - .IP "\fB\-2\fR, \fB\-5\fR" 4 - .IX Item "-2, -5" - The generator to use, either 2 or 5. 2 is the default. If present then the -@@ -230,8 +243,8 @@ versions of OpenSSL. - \& \-\-\-\-\-END DH PARAMETERS\-\-\-\-\- - .Ve - .PP --OpenSSL currently only supports the older PKCS#3 \s-1DH\s0, not the newer X9.42 --\&\s-1DH\s0. -+OpenSSL currently only supports the older PKCS#3 \s-1DH,\s0 not the newer X9.42 -+\&\s-1DH.\s0 - .PP - This program manipulates \s-1DH\s0 parameters not keys. - .SH "BUGS" -Index: secure/usr.bin/openssl/man/dsa.1 -=================================================================== ---- secure/usr.bin/openssl/man/dsa.1 (revision 279126) -+++ secure/usr.bin/openssl/man/dsa.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "DSA 1" --.TH DSA 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH DSA 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -140,6 +149,12 @@ dsa \- DSA key processing - [\fB\-passin arg\fR] - [\fB\-out filename\fR] - [\fB\-passout arg\fR] -+[\fB\-aes128\fR] -+[\fB\-aes192\fR] -+[\fB\-aes256\fR] -+[\fB\-camellia128\fR] -+[\fB\-camellia192\fR] -+[\fB\-camellia256\fR] - [\fB\-des\fR] - [\fB\-des3\fR] - [\fB\-idea\fR] -@@ -160,10 +175,10 @@ applications should use the more secure PKCS#8 for - .IP "\fB\-inform DER|PEM\fR" 4 - .IX Item "-inform DER|PEM" - This specifies the input format. The \fB\s-1DER\s0\fR option with a private key uses --an \s-1ASN1\s0 \s-1DER\s0 encoded form of an \s-1ASN\s0.1 \s-1SEQUENCE\s0 consisting of the values of -+an \s-1ASN1 DER\s0 encoded form of an \s-1ASN.1 SEQUENCE\s0 consisting of the values of - version (currently zero), p, q, g, the public and private key components --respectively as \s-1ASN\s0.1 INTEGERs. When used with a public key it uses a --SubjectPublicKeyInfo structure: it is an error if the key is not \s-1DSA\s0. -+respectively as \s-1ASN.1\s0 INTEGERs. When used with a public key it uses a -+SubjectPublicKeyInfo structure: it is an error if the key is not \s-1DSA.\s0 - .Sp - The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 - encoded with additional header and footer lines. In the case of a private key -@@ -180,7 +195,7 @@ prompted for. - .IP "\fB\-passin arg\fR" 4 - .IX Item "-passin arg" - the input file password source. For more information about the format of \fBarg\fR --see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). - .IP "\fB\-out filename\fR" 4 - .IX Item "-out filename" - This specifies the output filename to write a key to or standard output by -@@ -190,11 +205,11 @@ filename. - .IP "\fB\-passout arg\fR" 4 - .IX Item "-passout arg" - the output file password source. For more information about the format of \fBarg\fR --see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). --.IP "\fB\-des|\-des3|\-idea\fR" 4 --.IX Item "-des|-des3|-idea" --These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the --\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for. -+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -+.IP "\fB\-aes128|\-aes192|\-aes256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4 -+.IX Item "-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea" -+These options encrypt the private key with the specified -+cipher before outputting it. A pass phrase is prompted for. - If none of these options is specified the key is written in plain text. This - means that using the \fBdsa\fR utility to read in an encrypted key with no - encryption option can be used to remove the pass phrase from a key, or by -Index: secure/usr.bin/openssl/man/dsaparam.1 -=================================================================== ---- secure/usr.bin/openssl/man/dsaparam.1 (revision 279126) -+++ secure/usr.bin/openssl/man/dsaparam.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "DSAPARAM 1" --.TH DSAPARAM 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH DSAPARAM 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -152,8 +161,8 @@ This command is used to manipulate or generate \s- - .IX Header "OPTIONS" - .IP "\fB\-inform DER|PEM\fR" 4 - .IX Item "-inform DER|PEM" --This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded --form compatible with \s-1RFC2459\s0 (\s-1PKIX\s0) DSS-Parms that is a \s-1SEQUENCE\s0 consisting -+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded -+form compatible with \s-1RFC2459 \s0(\s-1PKIX\s0) DSS-Parms that is a \s-1SEQUENCE\s0 consisting - of p, q and g respectively. The \s-1PEM\s0 form is the default format: it consists - of the \fB\s-1DER\s0\fR format base64 encoded with additional header and footer lines. - .IP "\fB\-outform DER|PEM\fR" 4 -Index: secure/usr.bin/openssl/man/ec.1 -=================================================================== ---- secure/usr.bin/openssl/man/ec.1 (revision 279126) -+++ secure/usr.bin/openssl/man/ec.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "EC 1" --.TH EC 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH EC 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -155,7 +164,7 @@ ec \- EC key processing - .IX Header "DESCRIPTION" - The \fBec\fR command processes \s-1EC\s0 keys. They can be converted between various - forms and their components printed out. \fBNote\fR OpenSSL uses the --private key format specified in '\s-1SEC\s0 1: Elliptic Curve Cryptography' -+private key format specified in '\s-1SEC 1:\s0 Elliptic Curve Cryptography' - (http://www.secg.org/). To convert a OpenSSL \s-1EC\s0 private key into the - PKCS#8 private key format use the \fBpkcs8\fR command. - .SH "COMMAND OPTIONS" -@@ -163,8 +172,8 @@ PKCS#8 private key format use the \fBpkcs8\fR comm - .IP "\fB\-inform DER|PEM\fR" 4 - .IX Item "-inform DER|PEM" - This specifies the input format. The \fB\s-1DER\s0\fR option with a private key uses --an \s-1ASN\s0.1 \s-1DER\s0 encoded \s-1SEC1\s0 private key. When used with a public key it --uses the SubjectPublicKeyInfo structur as specified in \s-1RFC\s0 3280. -+an \s-1ASN.1 DER\s0 encoded \s-1SEC1\s0 private key. When used with a public key it -+uses the SubjectPublicKeyInfo structur as specified in \s-1RFC 3280.\s0 - The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 - encoded with additional header and footer lines. In the case of a private key - PKCS#8 format is also accepted. -@@ -180,7 +189,7 @@ prompted for. - .IP "\fB\-passin arg\fR" 4 - .IX Item "-passin arg" - the input file password source. For more information about the format of \fBarg\fR --see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). - .IP "\fB\-out filename\fR" 4 - .IX Item "-out filename" - This specifies the output filename to write a key to or standard output by -@@ -190,10 +199,10 @@ filename. - .IP "\fB\-passout arg\fR" 4 - .IX Item "-passout arg" - the output file password source. For more information about the format of \fBarg\fR --see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). - .IP "\fB\-des|\-des3|\-idea\fR" 4 - .IX Item "-des|-des3|-idea" --These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, \s-1IDEA\s0 or -+These options encrypt the private key with the \s-1DES,\s0 triple \s-1DES, IDEA\s0 or - any other cipher supported by OpenSSL before outputting it. A pass phrase is - prompted for. - If none of these options is specified the key is written in plain text. This -@@ -232,10 +241,10 @@ the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_CO - .IX Item "-param_enc arg" - This specifies how the elliptic curve parameters are encoded. - Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are --specified by a \s-1OID\s0, or \fBexplicit\fR where the ec parameters are --explicitly given (see \s-1RFC\s0 3279 for the definition of the -+specified by a \s-1OID,\s0 or \fBexplicit\fR where the ec parameters are -+explicitly given (see \s-1RFC 3279\s0 for the definition of the - \&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR. --\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC\s0 3279, -+\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC 3279,\s0 - is currently not implemented in OpenSSL. - .IP "\fB\-engine id\fR" 4 - .IX Item "-engine id" -Index: secure/usr.bin/openssl/man/ecparam.1 -=================================================================== ---- secure/usr.bin/openssl/man/ecparam.1 (revision 279126) -+++ secure/usr.bin/openssl/man/ecparam.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ECPARAM 1" --.TH ECPARAM 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ECPARAM 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -143,7 +152,7 @@ ecparam \- EC parameter manipulation and generatio - [\fB\-C\fR] - [\fB\-check\fR] - [\fB\-name arg\fR] --[\fB\-list_curve\fR] -+[\fB\-list_curves\fR] - [\fB\-conv_form arg\fR] - [\fB\-param_enc arg\fR] - [\fB\-no_seed\fR] -@@ -157,8 +166,8 @@ This command is used to manipulate or generate \s- - .IX Header "OPTIONS" - .IP "\fB\-inform DER|PEM\fR" 4 - .IX Item "-inform DER|PEM" --This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN\s0.1 \s-1DER\s0 encoded --form compatible with \s-1RFC\s0 3279 EcpkParameters. The \s-1PEM\s0 form is the default -+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN.1 DER\s0 encoded -+form compatible with \s-1RFC 3279\s0 EcpkParameters. The \s-1PEM\s0 form is the default - format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with additional - header and footer lines. - .IP "\fB\-outform DER|PEM\fR" 4 -@@ -208,15 +217,15 @@ the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_CO - .IX Item "-param_enc arg" - This specifies how the elliptic curve parameters are encoded. - Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are --specified by a \s-1OID\s0, or \fBexplicit\fR where the ec parameters are --explicitly given (see \s-1RFC\s0 3279 for the definition of the -+specified by a \s-1OID,\s0 or \fBexplicit\fR where the ec parameters are -+explicitly given (see \s-1RFC 3279\s0 for the definition of the - \&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR. --\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC\s0 3279, -+\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC 3279,\s0 - is currently not implemented in OpenSSL. - .IP "\fB\-no_seed\fR" 4 - .IX Item "-no_seed" - This option inhibits that the 'seed' for the parameter generation --is included in the ECParameters structure (see \s-1RFC\s0 3279). -+is included in the ECParameters structure (see \s-1RFC 3279\s0). - .IP "\fB\-genkey\fR" 4 - .IX Item "-genkey" - This option will generate a \s-1EC\s0 private key using the specified parameters. -Index: secure/usr.bin/openssl/man/enc.1 -=================================================================== ---- secure/usr.bin/openssl/man/enc.1 (revision 279126) -+++ secure/usr.bin/openssl/man/enc.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ENC 1" --.TH ENC 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ENC 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -167,13 +176,13 @@ the output filename, standard output by default. - .IP "\fB\-pass arg\fR" 4 - .IX Item "-pass arg" - the password source. For more information about the format of \fBarg\fR --see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). - .IP "\fB\-salt\fR" 4 - .IX Item "-salt" - use a salt in the key derivation routines. This is the default. - .IP "\fB\-nosalt\fR" 4 - .IX Item "-nosalt" --don't use a salt in the key derivation routines. This option \fB\s-1SHOULD\s0 \s-1NOT\s0\fR be -+don't use a salt in the key derivation routines. This option \fB\s-1SHOULD NOT\s0\fR be - used except for test purposes or compatibility with ancient versions of OpenSSL - and SSLeay. - .IP "\fB\-e\fR" 4 -Index: secure/usr.bin/openssl/man/errstr.1 -=================================================================== ---- secure/usr.bin/openssl/man/errstr.1 (revision 279126) -+++ secure/usr.bin/openssl/man/errstr.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "ERRSTR 1" --.TH ERRSTR 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH ERRSTR 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/usr.bin/openssl/man/gendsa.1 -=================================================================== ---- secure/usr.bin/openssl/man/gendsa.1 (revision 279126) -+++ secure/usr.bin/openssl/man/gendsa.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "GENDSA 1" --.TH GENDSA 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH GENDSA 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -135,6 +144,12 @@ gendsa \- generate a DSA private key from a set of - .IX Header "SYNOPSIS" - \&\fBopenssl\fR \fBgendsa\fR - [\fB\-out filename\fR] -+[\fB\-aes128\fR] -+[\fB\-aes192\fR] -+[\fB\-aes256\fR] -+[\fB\-camellia128\fR] -+[\fB\-camellia192\fR] -+[\fB\-camellia256\fR] - [\fB\-des\fR] - [\fB\-des3\fR] - [\fB\-idea\fR] -@@ -147,10 +162,10 @@ The \fBgendsa\fR command generates a \s-1DSA\s0 pr - (which will be typically generated by the \fBopenssl dsaparam\fR command). - .SH "OPTIONS" - .IX Header "OPTIONS" --.IP "\fB\-des|\-des3|\-idea\fR" 4 --.IX Item "-des|-des3|-idea" --These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the --\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for. -+.IP "\fB\-aes128|\-aes192|\-aes256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4 -+.IX Item "-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea" -+These options encrypt the private key with specified -+cipher before outputting it. A pass phrase is prompted for. - If none of these options is specified no encryption is used. - .IP "\fB\-rand file(s)\fR" 4 - .IX Item "-rand file(s)" -Index: secure/usr.bin/openssl/man/genrsa.1 -=================================================================== ---- secure/usr.bin/openssl/man/genrsa.1 (revision 279126) -+++ secure/usr.bin/openssl/man/genrsa.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "GENRSA 1" --.TH GENRSA 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH GENRSA 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -136,6 +145,18 @@ genrsa \- generate an RSA private key - \&\fBopenssl\fR \fBgenrsa\fR - [\fB\-out filename\fR] - [\fB\-passout arg\fR] -+[\fB\-aes128\fR] -+[\fB\-aes128\fR] -+[\fB\-aes192\fR] -+[\fB\-aes256\fR] -+[\fB\-camellia128\fR] -+[\fB\-camellia192\fR] -+[\fB\-camellia256\fR] -+[\fB\-aes192\fR] -+[\fB\-aes256\fR] -+[\fB\-camellia128\fR] -+[\fB\-camellia192\fR] -+[\fB\-camellia256\fR] - [\fB\-des\fR] - [\fB\-des3\fR] - [\fB\-idea\fR] -@@ -156,11 +177,11 @@ used. - .IP "\fB\-passout arg\fR" 4 - .IX Item "-passout arg" - the output file password source. For more information about the format of \fBarg\fR --see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). --.IP "\fB\-des|\-des3|\-idea\fR" 4 --.IX Item "-des|-des3|-idea" --These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the --\&\s-1IDEA\s0 ciphers respectively before outputting it. If none of these options is -+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -+.IP "\fB\-aes128|\-aes192|\-aes256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4 -+.IX Item "-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea" -+These options encrypt the private key with specified -+cipher before outputting it. If none of these options is - specified no encryption is used. If encryption is used a pass phrase is prompted - for if it is not supplied via the \fB\-passout\fR argument. - .IP "\fB\-F4|\-3\fR" 4 -Index: secure/usr.bin/openssl/man/nseq.1 -=================================================================== ---- secure/usr.bin/openssl/man/nseq.1 (revision 279126) -+++ secure/usr.bin/openssl/man/nseq.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "NSEQ 1" --.TH NSEQ 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH NSEQ 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/usr.bin/openssl/man/ocsp.1 -=================================================================== ---- secure/usr.bin/openssl/man/ocsp.1 (revision 279126) -+++ secure/usr.bin/openssl/man/ocsp.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "OCSP 1" --.TH OCSP 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH OCSP 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -181,7 +190,7 @@ ocsp \- Online Certificate Status Protocol utility - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" - The Online Certificate Status Protocol (\s-1OCSP\s0) enables applications to --determine the (revocation) state of an identified certificate (\s-1RFC\s0 2560). -+determine the (revocation) state of an identified certificate (\s-1RFC 2560\s0). - .PP - The \fBocsp\fR command performs many common \s-1OCSP\s0 tasks. It can be used - to print out requests and responses, create requests and send queries -@@ -237,7 +246,7 @@ if \s-1OCSP\s0 request or response creation is imp - with \fBserial\fR, \fBcert\fR and \fBhost\fR options). - .IP "\fB\-url responder_url\fR" 4 - .IX Item "-url responder_url" --specify the responder \s-1URL\s0. Both \s-1HTTP\s0 and \s-1HTTPS\s0 (\s-1SSL/TLS\s0) URLs can be specified. -+specify the responder \s-1URL.\s0 Both \s-1HTTP\s0 and \s-1HTTPS \s0(\s-1SSL/TLS\s0) URLs can be specified. - .IP "\fB\-host hostname:port\fR, \fB\-path pathname\fR" 4 - .IX Item "-host hostname:port, -path pathname" - if the \fBhost\fR option is present then the \s-1OCSP\s0 request is sent to the host -@@ -334,7 +343,7 @@ Additional certificates to include in the \s-1OCSP - Don't include any certificates in the \s-1OCSP\s0 response. - .IP "\fB\-resp_key_id\fR" 4 - .IX Item "-resp_key_id" --Identify the signer certificate using the key \s-1ID\s0, default is to use the subject name. -+Identify the signer certificate using the key \s-1ID,\s0 default is to use the subject name. - .IP "\fB\-rkey file\fR" 4 - .IX Item "-rkey file" - The private key to sign \s-1OCSP\s0 responses with: if not present the file specified in the -@@ -353,7 +362,7 @@ Number of minutes or days when fresh revocation in - omitted meaning fresh revocation information is immediately available. - .SH "OCSP Response verification." - .IX Header "OCSP Response verification." --\&\s-1OCSP\s0 Response follows the rules specified in \s-1RFC2560\s0. -+\&\s-1OCSP\s0 Response follows the rules specified in \s-1RFC2560.\s0 - .PP - Initially the \s-1OCSP\s0 responder certificate is located and the signature on - the \s-1OCSP\s0 request checked using the responder certificate's public key. -Index: secure/usr.bin/openssl/man/openssl.1 -=================================================================== ---- secure/usr.bin/openssl/man/openssl.1 (revision 279126) -+++ secure/usr.bin/openssl/man/openssl.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "OPENSSL 1" --.TH OPENSSL 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH OPENSSL 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -180,11 +189,11 @@ same name, this provides an easy way for shell scr - availability of ciphers in the \fBopenssl\fR program. (\fBno\-\fR\fI\s-1XXX\s0\fR is - not able to detect pseudo-commands such as \fBquit\fR, - \&\fBlist\-\fR\fI...\fR\fB\-commands\fR, or \fBno\-\fR\fI\s-1XXX\s0\fR itself.) --.SS "\s-1STANDARD\s0 \s-1COMMANDS\s0" -+.SS "\s-1STANDARD COMMANDS\s0" - .IX Subsection "STANDARD COMMANDS" - .IP "\fBasn1parse\fR" 10 - .IX Item "asn1parse" --Parse an \s-1ASN\s0.1 sequence. -+Parse an \s-1ASN.1\s0 sequence. - .IP "\fBca\fR" 10 - .IX Item "ca" - Certificate Authority (\s-1CA\s0) Management. -@@ -256,13 +265,13 @@ X.509 Certificate Signing Request (\s-1CSR\s0) Man - .IP "\fBs_client\fR" 10 - .IX Item "s_client" - This implements a generic \s-1SSL/TLS\s0 client which can establish a transparent --connection to a remote server speaking \s-1SSL/TLS\s0. It's intended for testing -+connection to a remote server speaking \s-1SSL/TLS.\s0 It's intended for testing - purposes only and provides only rudimentary interface functionality but - internally uses mostly all functionality of the OpenSSL \fBssl\fR library. - .IP "\fBs_server\fR" 10 - .IX Item "s_server" - This implements a generic \s-1SSL/TLS\s0 server which accepts connections from remote --clients speaking \s-1SSL/TLS\s0. It's intended for testing purposes only and provides -+clients speaking \s-1SSL/TLS.\s0 It's intended for testing purposes only and provides - only rudimentary interface functionality but internally uses mostly all - functionality of the OpenSSL \fBssl\fR library. It provides both an own command - line oriented protocol for testing \s-1SSL\s0 functions and a simple \s-1HTTP\s0 response -@@ -288,7 +297,7 @@ OpenSSL Version Information. - .IP "\fBx509\fR" 10 - .IX Item "x509" - X.509 Certificate Data Management. --.SS "\s-1MESSAGE\s0 \s-1DIGEST\s0 \s-1COMMANDS\s0" -+.SS "\s-1MESSAGE DIGEST COMMANDS\s0" - .IX Subsection "MESSAGE DIGEST COMMANDS" - .IP "\fBmd2\fR" 10 - .IX Item "md2" -@@ -320,7 +329,7 @@ X.509 Certificate Data Management. - .IP "\fBsha512\fR" 10 - .IX Item "sha512" - \&\s-1SHA\-512\s0 Digest --.SS "\s-1ENCODING\s0 \s-1AND\s0 \s-1CIPHER\s0 \s-1COMMANDS\s0" -+.SS "\s-1ENCODING AND CIPHER COMMANDS\s0" - .IX Subsection "ENCODING AND CIPHER COMMANDS" - .IP "\fBbase64\fR" 10 - .IX Item "base64" -Index: secure/usr.bin/openssl/man/passwd.1 -=================================================================== ---- secure/usr.bin/openssl/man/passwd.1 (revision 279126) -+++ secure/usr.bin/openssl/man/passwd.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "PASSWD 1" --.TH PASSWD 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH PASSWD 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/usr.bin/openssl/man/pkcs12.1 -=================================================================== ---- secure/usr.bin/openssl/man/pkcs12.1 (revision 279126) -+++ secure/usr.bin/openssl/man/pkcs12.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "PKCS12 1" --.TH PKCS12 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH PKCS12 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -188,12 +197,12 @@ They are all written in \s-1PEM\s0 format. - .IP "\fB\-pass arg\fR, \fB\-passin arg\fR" 4 - .IX Item "-pass arg, -passin arg" - the PKCS#12 file (i.e. input file) password source. For more information about the --format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in -+format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in - \&\fIopenssl\fR\|(1). - .IP "\fB\-passout arg\fR" 4 - .IX Item "-passout arg" - pass phrase source to encrypt any outputed private keys with. For more information --about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in -+about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in - \&\fIopenssl\fR\|(1). - .IP "\fB\-noout\fR" 4 - .IX Item "-noout" -@@ -271,12 +280,12 @@ displays them. - .IP "\fB\-pass arg\fR, \fB\-passout arg\fR" 4 - .IX Item "-pass arg, -passout arg" - the PKCS#12 file (i.e. output file) password source. For more information about --the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in -+the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in - \&\fIopenssl\fR\|(1). - .IP "\fB\-passin password\fR" 4 - .IX Item "-passin password" - pass phrase source to decrypt any input private keys with. For more information --about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in -+about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in - \&\fIopenssl\fR\|(1). - .IP "\fB\-chain\fR" 4 - .IX Item "-chain" -@@ -285,9 +294,9 @@ certificate chain of the user certificate. The sta - for this search. If the search fails it is considered a fatal error. - .IP "\fB\-descert\fR" 4 - .IX Item "-descert" --encrypt the certificate using triple \s-1DES\s0, this may render the PKCS#12 -+encrypt the certificate using triple \s-1DES,\s0 this may render the PKCS#12 - file unreadable by some \*(L"export grade\*(R" software. By default the private --key is encrypted using triple \s-1DES\s0 and the certificate using 40 bit \s-1RC2\s0. -+key is encrypted using triple \s-1DES\s0 and the certificate using 40 bit \s-1RC2.\s0 - .IP "\fB\-keypbe alg\fR, \fB\-certpbe alg\fR" 4 - .IX Item "-keypbe alg, -certpbe alg" - these options allow the algorithm used to encrypt the private key and -@@ -302,12 +311,12 @@ This option is only interpreted by \s-1MSIE\s0 and - encryption purposes but arbitrary length keys for signing. The \fB\-keysig\fR - option marks the key for signing only. Signing only keys can be used for - S/MIME signing, authenticode (ActiveX control signing) and \s-1SSL\s0 client --authentication, however due to a bug only \s-1MSIE\s0 5.0 and later support -+authentication, however due to a bug only \s-1MSIE 5.0\s0 and later support - the use of signing only keys for \s-1SSL\s0 client authentication. - .IP "\fB\-nomaciter\fR, \fB\-noiter\fR" 4 - .IX Item "-nomaciter, -noiter" - these options affect the iteration counts on the \s-1MAC\s0 and key algorithms. --Unless you wish to produce files compatible with \s-1MSIE\s0 4.0 you should leave -+Unless you wish to produce files compatible with \s-1MSIE 4.0\s0 you should leave - these options alone. - .Sp - To discourage attacks by using large dictionaries of common passwords the -@@ -319,7 +328,7 @@ By default both \s-1MAC\s0 and encryption iteratio - these options the \s-1MAC\s0 and encryption iteration counts can be set to 1, since - this reduces the file security you should not use these options unless you - really have to. Most software supports both \s-1MAC\s0 and key iteration counts. --\&\s-1MSIE\s0 4.0 doesn't support \s-1MAC\s0 iteration counts so it needs the \fB\-nomaciter\fR -+\&\s-1MSIE 4.0\s0 doesn't support \s-1MAC\s0 iteration counts so it needs the \fB\-nomaciter\fR - option. - .IP "\fB\-maciter\fR" 4 - .IX Item "-maciter" -@@ -353,7 +362,7 @@ The \fB\-keypbe\fR and \fB\-certpbe\fR algorithms - algorithms for private keys and certificates to be specified. Normally - the defaults are fine but occasionally software can't handle triple \s-1DES\s0 - encrypted private keys, then the option \fB\-keypbe \s-1PBE\-SHA1\-RC2\-40\s0\fR can --be used to reduce the private key encryption to 40 bit \s-1RC2\s0. A complete -+be used to reduce the private key encryption to 40 bit \s-1RC2. A\s0 complete - description of all algorithms is contained in the \fBpkcs8\fR manual page. - .SH "EXAMPLES" - .IX Header "EXAMPLES" -Index: secure/usr.bin/openssl/man/pkcs7.1 -=================================================================== ---- secure/usr.bin/openssl/man/pkcs7.1 (revision 279126) -+++ secure/usr.bin/openssl/man/pkcs7.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "PKCS7 1" --.TH PKCS7 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH PKCS7 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -215,7 +224,7 @@ For compatibility with some CAs it will also accep - There is no option to print out all the fields of a PKCS#7 file. - .PP - This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in \s-1RFC2315\s0 they --cannot currently parse, for example, the new \s-1CMS\s0 as described in \s-1RFC2630\s0. -+cannot currently parse, for example, the new \s-1CMS\s0 as described in \s-1RFC2630.\s0 - .SH "SEE ALSO" - .IX Header "SEE ALSO" - \&\fIcrl2pkcs7\fR\|(1) -Index: secure/usr.bin/openssl/man/pkcs8.1 -=================================================================== ---- secure/usr.bin/openssl/man/pkcs8.1 (revision 279126) -+++ secure/usr.bin/openssl/man/pkcs8.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "PKCS8 1" --.TH PKCS8 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH PKCS8 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -180,7 +189,7 @@ prompted for. - .IP "\fB\-passin arg\fR" 4 - .IX Item "-passin arg" - the input file password source. For more information about the format of \fBarg\fR --see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). - .IP "\fB\-out filename\fR" 4 - .IX Item "-out filename" - This specifies the output filename to write a key to or standard output by -@@ -190,7 +199,7 @@ filename. - .IP "\fB\-passout arg\fR" 4 - .IX Item "-passout arg" - the output file password source. For more information about the format of \fBarg\fR --see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). - .IP "\fB\-nocrypt\fR" 4 - .IX Item "-nocrypt" - PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo -@@ -202,15 +211,15 @@ code signing software used unencrypted private key - .IP "\fB\-nooct\fR" 4 - .IX Item "-nooct" - This option generates \s-1RSA\s0 private keys in a broken format that some software --uses. Specifically the private key should be enclosed in a \s-1OCTET\s0 \s-1STRING\s0 -+uses. Specifically the private key should be enclosed in a \s-1OCTET STRING\s0 - but some software just includes the structure itself without the --surrounding \s-1OCTET\s0 \s-1STRING\s0. -+surrounding \s-1OCTET STRING.\s0 - .IP "\fB\-embed\fR" 4 - .IX Item "-embed" - This option generates \s-1DSA\s0 keys in a broken format. The \s-1DSA\s0 parameters are --embedded inside the PrivateKey structure. In this form the \s-1OCTET\s0 \s-1STRING\s0 --contains an \s-1ASN1\s0 \s-1SEQUENCE\s0 consisting of two structures: a \s-1SEQUENCE\s0 containing --the parameters and an \s-1ASN1\s0 \s-1INTEGER\s0 containing the private key. -+embedded inside the PrivateKey structure. In this form the \s-1OCTET STRING\s0 -+contains an \s-1ASN1 SEQUENCE\s0 consisting of two structures: a \s-1SEQUENCE\s0 containing -+the parameters and an \s-1ASN1 INTEGER\s0 containing the private key. - .IP "\fB\-nsdb\fR" 4 - .IX Item "-nsdb" - This option generates \s-1DSA\s0 keys in a broken format compatible with Netscape -@@ -276,17 +285,17 @@ level whereas the traditional format includes them - Various algorithms can be used with the \fB\-v1\fR command line option, - including PKCS#5 v1.5 and PKCS#12. These are described in more detail - below. --.IP "\fB\s-1PBE\-MD2\-DES\s0 \s-1PBE\-MD5\-DES\s0\fR" 4 -+.IP "\fB\s-1PBE\-MD2\-DES PBE\-MD5\-DES\s0\fR" 4 - .IX Item "PBE-MD2-DES PBE-MD5-DES" - These algorithms were included in the original PKCS#5 v1.5 specification. --They only offer 56 bits of protection since they both use \s-1DES\s0. --.IP "\fB\s-1PBE\-SHA1\-RC2\-64\s0 \s-1PBE\-MD2\-RC2\-64\s0 \s-1PBE\-MD5\-RC2\-64\s0 \s-1PBE\-SHA1\-DES\s0\fR" 4 -+They only offer 56 bits of protection since they both use \s-1DES.\s0 -+.IP "\fB\s-1PBE\-SHA1\-RC2\-64 PBE\-MD2\-RC2\-64 PBE\-MD5\-RC2\-64 PBE\-SHA1\-DES\s0\fR" 4 - .IX Item "PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES" - These algorithms are not mentioned in the original PKCS#5 v1.5 specification - but they use the same key derivation algorithm and are supported by some - software. They are mentioned in PKCS#5 v2.0. They use either 64 bit \s-1RC2\s0 or --56 bit \s-1DES\s0. --.IP "\fB\s-1PBE\-SHA1\-RC4\-128\s0 \s-1PBE\-SHA1\-RC4\-40\s0 \s-1PBE\-SHA1\-3DES\s0 \s-1PBE\-SHA1\-2DES\s0 \s-1PBE\-SHA1\-RC2\-128\s0 \s-1PBE\-SHA1\-RC2\-40\s0\fR" 4 -+56 bit \s-1DES.\s0 -+.IP "\fB\s-1PBE\-SHA1\-RC4\-128 PBE\-SHA1\-RC4\-40 PBE\-SHA1\-3DES PBE\-SHA1\-2DES PBE\-SHA1\-RC2\-128 PBE\-SHA1\-RC2\-40\s0\fR" 4 - .IX Item "PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40" - These algorithms use the PKCS#12 password based encryption algorithm and - allow strong encryption algorithms like triple \s-1DES\s0 or 128 bit \s-1RC2\s0 to be used. -@@ -327,13 +336,13 @@ Convert a private key from any PKCS#8 format to tr - .SH "STANDARDS" - .IX Header "STANDARDS" - Test vectors from this PKCS#5 v2.0 implementation were posted to the --pkcs-tng mailing list using triple \s-1DES\s0, \s-1DES\s0 and \s-1RC2\s0 with high iteration -+pkcs-tng mailing list using triple \s-1DES, DES\s0 and \s-1RC2\s0 with high iteration - counts, several people confirmed that they could decrypt the private - keys produced and Therefore it can be assumed that the PKCS#5 v2.0 - implementation is reasonably accurate at least as far as these - algorithms are concerned. - .PP --The format of PKCS#8 \s-1DSA\s0 (and other) private keys is not well documented: -+The format of PKCS#8 \s-1DSA \s0(and other) private keys is not well documented: - it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default \s-1DSA\s0 - PKCS#8 private key format complies with this standard. - .SH "BUGS" -Index: secure/usr.bin/openssl/man/rand.1 -=================================================================== ---- secure/usr.bin/openssl/man/rand.1 (revision 279126) -+++ secure/usr.bin/openssl/man/rand.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "RAND 1" --.TH RAND 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH RAND 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/usr.bin/openssl/man/req.1 -=================================================================== ---- secure/usr.bin/openssl/man/req.1 (revision 279126) -+++ secure/usr.bin/openssl/man/req.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "REQ 1" --.TH REQ 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH REQ 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -178,7 +187,7 @@ for use as root CAs for example. - .IX Header "COMMAND OPTIONS" - .IP "\fB\-inform DER|PEM\fR" 4 - .IX Item "-inform DER|PEM" --This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded -+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded - form compatible with the PKCS#10. The \fB\s-1PEM\s0\fR form is the default format: it - consists of the \fB\s-1DER\s0\fR format base64 encoded with additional header and - footer lines. -@@ -194,7 +203,7 @@ options (\fB\-new\fR and \fB\-newkey\fR) are not s - .IP "\fB\-passin arg\fR" 4 - .IX Item "-passin arg" - the input file password source. For more information about the format of \fBarg\fR --see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). - .IP "\fB\-out filename\fR" 4 - .IX Item "-out filename" - This specifies the output filename to write to or standard output by -@@ -202,7 +211,7 @@ default. - .IP "\fB\-passout arg\fR" 4 - .IX Item "-passout arg" - the output file password source. For more information about the format of \fBarg\fR --see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). - .IP "\fB\-text\fR" 4 - .IX Item "-text" - prints out the certificate request in text form. -@@ -263,7 +272,7 @@ will not be encrypted. - .IX Item "-[md5|sha1|md2|mdc2]" - this specifies the message digest to sign the request with. This - overrides the digest algorithm specified in the configuration file. --This option is ignored for \s-1DSA\s0 requests: they always use \s-1SHA1\s0. -+This option is ignored for \s-1DSA\s0 requests: they always use \s-1SHA1.\s0 - .IP "\fB\-config filename\fR" 4 - .IX Item "-config filename" - this allows an alternative configuration file to be specified, -@@ -287,7 +296,7 @@ If \-multi\-rdn is not used then the \s-1UID\s0 va - .IX Item "-x509" - this option outputs a self signed certificate instead of a certificate - request. This is typically used to generate a test certificate or --a self signed root \s-1CA\s0. The extensions added to the certificate -+a self signed root \s-1CA.\s0 The extensions added to the certificate - (if any) are specified in the configuration file. Unless specified - using the \fBset_serial\fR option \fB0\fR will be used for the serial - number. -@@ -314,7 +323,7 @@ a variety of purposes. - .IP "\fB\-utf8\fR" 4 - .IX Item "-utf8" - this option causes field values to be interpreted as \s-1UTF8\s0 strings, by --default they are interpreted as \s-1ASCII\s0. This means that the field -+default they are interpreted as \s-1ASCII.\s0 This means that the field - values, whether prompted from a terminal or obtained from a - configuration file, must be valid \s-1UTF8\s0 strings. - .IP "\fB\-nameopt option\fR" 4 -@@ -331,10 +340,10 @@ accept requests containing no attributes in an inv - option produces this invalid format. - .Sp - More precisely the \fBAttributes\fR in a PKCS#10 certificate request --are defined as a \fB\s-1SET\s0 \s-1OF\s0 Attribute\fR. They are \fBnot \s-1OPTIONAL\s0\fR so -+are defined as a \fB\s-1SET OF\s0 Attribute\fR. They are \fBnot \s-1OPTIONAL\s0\fR so - if no attributes are present then they should be encoded as an --empty \fB\s-1SET\s0 \s-1OF\s0\fR. The invalid form does not include the empty --\&\fB\s-1SET\s0 \s-1OF\s0\fR whereas the correct form does. -+empty \fB\s-1SET OF\s0\fR. The invalid form does not include the empty -+\&\fB\s-1SET OF\s0\fR whereas the correct form does. - .Sp - It should be noted that very few CAs still require the use of this option. - .IP "\fB\-newhdr\fR" 4 -@@ -379,7 +388,7 @@ specified the key is written to standard output. T - overridden by the \fB\-keyout\fR option. - .IP "\fBoid_file\fR" 4 - .IX Item "oid_file" --This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR. -+This specifies a file containing additional \fB\s-1OBJECT IDENTIFIERS\s0\fR. - Each line of the file should consist of the numerical form of the - object identifier followed by white space then the short name followed - by white space and finally the long name. -@@ -412,7 +421,7 @@ fields. Most users will not need to change this op - It can be set to several values \fBdefault\fR which is also the default - option uses PrintableStrings, T61Strings and BMPStrings if the - \&\fBpkix\fR value is used then only PrintableStrings and BMPStrings will --be used. This follows the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0. If the -+be used. This follows the \s-1PKIX\s0 recommendation in \s-1RFC2459.\s0 If the - \&\fButf8only\fR option is used then only UTF8Strings will be used: this - is the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0 after 2003. Finally the \fBnombstr\fR - option just uses PrintableStrings and T61Strings: certain software has -@@ -435,7 +444,7 @@ expected format of the \fBdistinguished_name\fR an - .IP "\fButf8\fR" 4 - .IX Item "utf8" - if set to the value \fByes\fR then field values to be interpreted as \s-1UTF8\s0 --strings, by default they are interpreted as \s-1ASCII\s0. This means that -+strings, by default they are interpreted as \s-1ASCII.\s0 This means that - the field values, whether prompted from a terminal or obtained from a - configuration file, must be valid \s-1UTF8\s0 strings. - .IP "\fBattributes\fR" 4 -@@ -488,7 +497,7 @@ on the field being used (for example countryName c - two characters long and must fit in a PrintableString). - .PP - Some fields (such as organizationName) can be used more than once --in a \s-1DN\s0. This presents a problem because configuration files will -+in a \s-1DN.\s0 This presents a problem because configuration files will - not recognize the same name occurring twice. To avoid this problem - if the fieldName contains some characters followed by a full stop - they will be ignored. So for example a second organizationName can -@@ -663,7 +672,7 @@ Another puzzling message is this: - .Ve - .PP - this is displayed when no attributes are present and the request includes --the correct empty \fB\s-1SET\s0 \s-1OF\s0\fR structure (the \s-1DER\s0 encoding of which is 0xa0 -+the correct empty \fB\s-1SET OF\s0\fR structure (the \s-1DER\s0 encoding of which is 0xa0 - 0x00). If you just see: - .PP - .Vb 1 -@@ -670,7 +679,7 @@ this is displayed when no attributes are present a - \& Attributes: - .Ve - .PP --then the \fB\s-1SET\s0 \s-1OF\s0\fR is missing and the encoding is technically invalid (but -+then the \fB\s-1SET OF\s0\fR is missing and the encoding is technically invalid (but - it is tolerated). See the description of the command line option \fB\-asn1\-kludge\fR - for more information. - .SH "ENVIRONMENT VARIABLES" -@@ -682,7 +691,7 @@ environment variable serves the same purpose but i - .SH "BUGS" - .IX Header "BUGS" - OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively --treats them as \s-1ISO\-8859\-1\s0 (Latin 1), Netscape and \s-1MSIE\s0 have similar behaviour. -+treats them as \s-1ISO\-8859\-1 \s0(Latin 1), Netscape and \s-1MSIE\s0 have similar behaviour. - This can cause problems if you need characters that aren't available in - PrintableStrings and you don't want to or can't use BMPStrings. - .PP -Index: secure/usr.bin/openssl/man/rsa.1 -=================================================================== ---- secure/usr.bin/openssl/man/rsa.1 (revision 279126) -+++ secure/usr.bin/openssl/man/rsa.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "RSA 1" --.TH RSA 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH RSA 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -141,6 +150,12 @@ rsa \- RSA key processing tool - [\fB\-out filename\fR] - [\fB\-passout arg\fR] - [\fB\-sgckey\fR] -+[\fB\-aes128\fR] -+[\fB\-aes192\fR] -+[\fB\-aes256\fR] -+[\fB\-camellia128\fR] -+[\fB\-camellia192\fR] -+[\fB\-camellia256\fR] - [\fB\-des\fR] - [\fB\-des3\fR] - [\fB\-idea\fR] -@@ -162,7 +177,7 @@ utility. - .IX Header "COMMAND OPTIONS" - .IP "\fB\-inform DER|NET|PEM\fR" 4 - .IX Item "-inform DER|NET|PEM" --This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded -+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded - form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format. - The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 - encoded with additional header and footer lines. On input PKCS#8 format private -@@ -180,7 +195,7 @@ prompted for. - .IP "\fB\-passin arg\fR" 4 - .IX Item "-passin arg" - the input file password source. For more information about the format of \fBarg\fR --see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). - .IP "\fB\-out filename\fR" 4 - .IX Item "-out filename" - This specifies the output filename to write a key to or standard output if this -@@ -190,15 +205,15 @@ filename. - .IP "\fB\-passout password\fR" 4 - .IX Item "-passout password" - the output file password source. For more information about the format of \fBarg\fR --see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). - .IP "\fB\-sgckey\fR" 4 - .IX Item "-sgckey" - use the modified \s-1NET\s0 algorithm used with some versions of Microsoft \s-1IIS\s0 and \s-1SGC\s0 - keys. --.IP "\fB\-des|\-des3|\-idea\fR" 4 --.IX Item "-des|-des3|-idea" --These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the --\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for. -+.IP "\fB\-aes128|\-aes192|\-aes256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4 -+.IX Item "-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea" -+These options encrypt the private key with the specified -+cipher before outputting it. A pass phrase is prompted for. - If none of these options is specified the key is written in plain text. This - means that using the \fBrsa\fR utility to read in an encrypted key with no - encryption option can be used to remove the pass phrase from a key, or by -@@ -249,13 +264,13 @@ The \s-1PEM\s0 public key format uses the header a - .Ve - .PP - The \fB\s-1NET\s0\fR form is a format compatible with older Netscape servers --and Microsoft \s-1IIS\s0 .key files, this uses unsalted \s-1RC4\s0 for its encryption. -+and Microsoft \s-1IIS \s0.key files, this uses unsalted \s-1RC4\s0 for its encryption. - It is not very secure and so should only be used when necessary. - .PP - Some newer version of \s-1IIS\s0 have additional data in the exported .key - files. To use these with the utility, view the file with a binary editor - and look for the string \*(L"private-key\*(R", then trace back to the byte --sequence 0x30, 0x82 (this is an \s-1ASN1\s0 \s-1SEQUENCE\s0). Copy all the data -+sequence 0x30, 0x82 (this is an \s-1ASN1 SEQUENCE\s0). Copy all the data - from this point onwards to another file and use that as the input - to the \fBrsa\fR utility with the \fB\-inform \s-1NET\s0\fR option. If you get - an error after entering the password try the \fB\-sgckey\fR option. -Index: secure/usr.bin/openssl/man/rsautl.1 -=================================================================== ---- secure/usr.bin/openssl/man/rsautl.1 (revision 279126) -+++ secure/usr.bin/openssl/man/rsautl.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "RSAUTL 1" --.TH RSAUTL 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH RSAUTL 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -186,7 +195,7 @@ encrypt the input data using an \s-1RSA\s0 public - decrypt the input data using an \s-1RSA\s0 private key. - .IP "\fB\-pkcs, \-oaep, \-ssl, \-raw\fR" 4 - .IX Item "-pkcs, -oaep, -ssl, -raw" --the padding to use: PKCS#1 v1.5 (the default), PKCS#1 \s-1OAEP\s0, -+the padding to use: PKCS#1 v1.5 (the default), PKCS#1 \s-1OAEP,\s0 - special padding used in \s-1SSL\s0 v2 backwards compatible handshakes, - or no padding, respectively. - For signatures, only \fB\-pkcs\fR and \fB\-raw\fR can be used. -@@ -261,7 +270,7 @@ example in certs/pca\-cert.pem . Running \fBasn1pa - \& 614:d=1 hl=3 l= 129 prim: BIT STRING - .Ve - .PP --The final \s-1BIT\s0 \s-1STRING\s0 contains the actual signature. It can be extracted with: -+The final \s-1BIT STRING\s0 contains the actual signature. It can be extracted with: - .PP - .Vb 1 - \& openssl asn1parse \-in pca\-cert.pem \-out sig \-noout \-strparse 614 -Index: secure/usr.bin/openssl/man/s_client.1 -=================================================================== ---- secure/usr.bin/openssl/man/s_client.1 (revision 279126) -+++ secure/usr.bin/openssl/man/s_client.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "S_CLIENT 1" --.TH S_CLIENT 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH S_CLIENT 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -143,6 +152,22 @@ s_client \- SSL/TLS client program - [\fB\-pass arg\fR] - [\fB\-CApath directory\fR] - [\fB\-CAfile filename\fR] -+[\fB\-attime timestamp\fR] -+[\fB\-check_ss_sig\fR] -+[\fB\-crl_check\fR] -+[\fB\-crl_check_all\fR] -+[\fB\-explicit_policy\fR] -+[\fB\-ignore_critical\fR] -+[\fB\-inhibit_any\fR] -+[\fB\-inhibit_map\fR] -+[\fB\-issuer_checks\fR] -+[\fB\-policy arg\fR] -+[\fB\-policy_check\fR] -+[\fB\-policy_print\fR] -+[\fB\-purpose purpose\fR] -+[\fB\-use_deltas\fR] -+[\fB\-verify_depth num\fR] -+[\fB\-x509_strict\fR] - [\fB\-reconnect\fR] - [\fB\-pause\fR] - [\fB\-showcerts\fR] -@@ -160,9 +185,11 @@ s_client \- SSL/TLS client program - [\fB\-no_ssl2\fR] - [\fB\-no_ssl3\fR] - [\fB\-no_tls1\fR] -+[\fB\-fallback_scsv\fR] - [\fB\-bugs\fR] - [\fB\-cipher cipherlist\fR] - [\fB\-starttls protocol\fR] -+[\fB\-xmpphost hostname\fR] - [\fB\-engine id\fR] - [\fB\-tlsextdebug\fR] - [\fB\-no_ticket\fR] -@@ -172,10 +199,14 @@ s_client \- SSL/TLS client program - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" - The \fBs_client\fR command implements a generic \s-1SSL/TLS\s0 client which connects --to a remote host using \s-1SSL/TLS\s0. It is a \fIvery\fR useful diagnostic tool for -+to a remote host using \s-1SSL/TLS.\s0 It is a \fIvery\fR useful diagnostic tool for - \&\s-1SSL\s0 servers. - .SH "OPTIONS" - .IX Header "OPTIONS" -+In addition to the options below the \fBs_client\fR utility also supports the -+common and client only options documented in the -+in the \fISSL_CONF_cmd\fR\|(3) -+manual page. - .IP "\fB\-connect host:port\fR" 4 - .IX Item "-connect host:port" - This specifies the host and optional port to connect to. If not specified -@@ -186,7 +217,7 @@ The certificate to use, if one is requested by the - not to use a certificate. - .IP "\fB\-certform format\fR" 4 - .IX Item "-certform format" --The certificate format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default. -+The certificate format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default. - .IP "\fB\-key keyfile\fR" 4 - .IX Item "-key keyfile" - The private key to use. If not specified then the certificate file will -@@ -193,11 +224,11 @@ The private key to use. If not specified then the - be used. - .IP "\fB\-keyform format\fR" 4 - .IX Item "-keyform format" --The private format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default. -+The private format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default. - .IP "\fB\-pass arg\fR" 4 - .IX Item "-pass arg" - the private key password source. For more information about the format of \fBarg\fR --see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). - .IP "\fB\-verify depth\fR" 4 - .IX Item "-verify depth" - The verify depth to use. This specifies the maximum length of the -@@ -214,9 +245,13 @@ also used when building the client certificate cha - .IX Item "-CAfile file" - A file containing trusted certificates to use during server authentication - and to use when attempting to build the client certificate chain. -+.IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fBexplicit_policy\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-issuer_checks\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-use_deltas\fR, \fB\-verify_depth\fR, \fB\-x509_strict\fR" 4 -+.IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, explicit_policy, -ignore_critical, -inhibit_any, -inhibit_map, -issuer_checks, -policy, -policy_check, -policy_print, -purpose, -use_deltas, -verify_depth, -x509_strict" -+Set various certificate chain valiadition options. See the -+\&\fBverify\fR manual page for details. - .IP "\fB\-reconnect\fR" 4 - .IX Item "-reconnect" --reconnects to the same server 5 times using the same session \s-1ID\s0, this can -+reconnects to the same server 5 times using the same session \s-1ID,\s0 this can - be used as a test that session caching is working. - .IP "\fB\-pause\fR" 4 - .IX Item "-pause" -@@ -232,7 +267,7 @@ to print out information even if the connection fa - will only be printed out once if the connection succeeds. This option is useful - because the cipher in use may be renegotiated or the connection may fail - because a client certificate is required or is requested only after an --attempt is made to access a certain \s-1URL\s0. Note: the output produced by this -+attempt is made to access a certain \s-1URL.\s0 Note: the output produced by this - option is not always accurate because a connection might never have been - established. - .IP "\fB\-state\fR" 4 -@@ -268,10 +303,12 @@ these options disable the use of certain \s-1SSL\s - the initial handshake uses a method which should be compatible with all - servers and permit them to use \s-1SSL\s0 v3, \s-1SSL\s0 v2 or \s-1TLS\s0 as appropriate. - .Sp --Unfortunately there are a lot of ancient and broken servers in use which -+Unfortunately there are still ancient and broken servers in use which - cannot handle this technique and will fail to connect. Some servers only --work if \s-1TLS\s0 is turned off with the \fB\-no_tls\fR option others will only --support \s-1SSL\s0 v2 and may need the \fB\-ssl2\fR option. -+work if \s-1TLS\s0 is turned off. -+.IP "\fB\-fallback_scsv\fR" 4 -+.IX Item "-fallback_scsv" -+Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello. - .IP "\fB\-bugs\fR" 4 - .IX Item "-bugs" - there are several known bug in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this -@@ -286,16 +323,19 @@ command for more information. - .IX Item "-starttls protocol" - send the protocol-specific message(s) to switch to \s-1TLS\s0 for communication. - \&\fBprotocol\fR is a keyword for the intended protocol. Currently, the only --supported keywords are \*(L"smtp\*(R", \*(L"pop3\*(R", \*(L"imap\*(R", and \*(L"ftp\*(R". -+supported keywords are \*(L"smtp\*(R", \*(L"pop3\*(R", \*(L"imap\*(R", \*(L"ftp\*(R" and \*(L"xmpp\*(R". -+.IP "\fB\-xmpphost hostname\fR" 4 -+.IX Item "-xmpphost hostname" -+This option, when used with \*(L"\-starttls xmpp\*(R", specifies the host for the -+\&\*(L"to\*(R" attribute of the stream element. -+If this option is not specified, then the host specified with \*(L"\-connect\*(R" -+will be used. - .IP "\fB\-tlsextdebug\fR" 4 - .IX Item "-tlsextdebug" --print out a hex dump of any \s-1TLS\s0 extensions received from the server. Note: this --option is only available if extension support is explicitly enabled at compile --time -+print out a hex dump of any \s-1TLS\s0 extensions received from the server. - .IP "\fB\-no_ticket\fR" 4 - .IX Item "-no_ticket" --disable RFC4507bis session ticket support. Note: this option is only available --if extension support is explicitly enabled at compile time -+disable RFC4507bis session ticket support. - .IP "\fB\-sess_out filename\fR" 4 - .IX Item "-sess_out filename" - output \s-1SSL\s0 session to \fBfilename\fR -@@ -305,7 +345,7 @@ load \s-1SSL\s0 session from \fBfilename\fR. The c - connection from this session. - .IP "\fB\-engine id\fR" 4 - .IX Item "-engine id" --specifying an engine (by it's unique \fBid\fR string) will cause \fBs_client\fR -+specifying an engine (by its unique \fBid\fR string) will cause \fBs_client\fR - to attempt to obtain a functional reference to the specified engine, - thus initialising it if needed. The engine will then be set as the default - for all available algorithms. -@@ -326,7 +366,7 @@ have been given), the session will be renegotiated - connection will be closed down. - .SH "NOTES" - .IX Header "NOTES" --\&\fBs_client\fR can be used to debug \s-1SSL\s0 servers. To connect to an \s-1SSL\s0 \s-1HTTP\s0 -+\&\fBs_client\fR can be used to debug \s-1SSL\s0 servers. To connect to an \s-1SSL HTTP\s0 - server the command: - .PP - .Vb 1 -@@ -334,7 +374,7 @@ server the command: - .Ve - .PP - would typically be used (https uses port 443). If the connection succeeds --then an \s-1HTTP\s0 command can be given such as \*(L"\s-1GET\s0 /\*(R" to retrieve a web page. -+then an \s-1HTTP\s0 command can be given such as \*(L"\s-1GET /\*(R"\s0 to retrieve a web page. - .PP - If the handshake fails then there are several possible causes, if it is - nothing obvious like no client certificate then the \fB\-bugs\fR, \fB\-ssl2\fR, -@@ -364,8 +404,11 @@ Since the SSLv23 client hello cannot include compr - these will only be supported if its use is disabled, for example by using the - \&\fB\-no_sslv2\fR option. - .PP --\&\s-1TLS\s0 extensions are only supported in OpenSSL 0.9.8 if they are explictly --enabled at compile time using for example the \fBenable-tlsext\fR switch. -+The \fBs_client\fR utility is a test tool and is designed to continue the -+handshake after any certificate verification errors. As a result it will -+accept any certificate chain (trusted or not) sent by the peer. None test -+applications should \fBnot\fR do this as it makes them vulnerable to a \s-1MITM\s0 -+attack. - .SH "BUGS" - .IX Header "BUGS" - Because this program has a lot of options and also because some of -@@ -373,9 +416,6 @@ the techniques used are rather old, the C source o - hard to read and not a model of how things should be done. A typical - \&\s-1SSL\s0 client program would be much simpler. - .PP --The \fB\-verify\fR option should really exit if the server verification --fails. --.PP - The \fB\-prexit\fR option is a bit of a hack. We should really report - information whenever a session is renegotiated. - .SH "SEE ALSO" -Index: secure/usr.bin/openssl/man/s_server.1 -=================================================================== ---- secure/usr.bin/openssl/man/s_server.1 (revision 279126) -+++ secure/usr.bin/openssl/man/s_server.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "S_SERVER 1" --.TH S_SERVER 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH S_SERVER 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -161,6 +170,7 @@ s_server \- SSL/TLS server program - [\fB\-CAfile filename\fR] - [\fB\-nocert\fR] - [\fB\-cipher cipherlist\fR] -+[\fB\-serverpref\fR] - [\fB\-quiet\fR] - [\fB\-no_tmp_rsa\fR] - [\fB\-ssl2\fR] -@@ -183,7 +193,7 @@ s_server \- SSL/TLS server program - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" - The \fBs_server\fR command implements a generic \s-1SSL/TLS\s0 server which listens --for connections on a given port using \s-1SSL/TLS\s0. -+for connections on a given port using \s-1SSL/TLS.\s0 - .SH "OPTIONS" - .IX Header "OPTIONS" - .IP "\fB\-accept port\fR" 4 -@@ -197,11 +207,11 @@ is not present a default value will be used. - .IX Item "-cert certname" - The certificate to use, most servers cipher suites require the use of a - certificate and some require a certificate with a certain public key type: --for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS\s0 --(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used. -+for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS -+\&\s0(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used. - .IP "\fB\-certform format\fR" 4 - .IX Item "-certform format" --The certificate format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default. -+The certificate format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default. - .IP "\fB\-key keyfile\fR" 4 - .IX Item "-key keyfile" - The private key to use. If not specified then the certificate file will -@@ -208,11 +218,11 @@ The private key to use. If not specified then the - be used. - .IP "\fB\-keyform format\fR" 4 - .IX Item "-keyform format" --The private format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default. -+The private format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default. - .IP "\fB\-pass arg\fR" 4 - .IX Item "-pass arg" - the private key password source. For more information about the format of \fBarg\fR --see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). - .IP "\fB\-dcert filename\fR, \fB\-dkey keyname\fR" 4 - .IX Item "-dcert filename, -dkey keyname" - specify an additional certificate and private key, these behave in the -@@ -220,7 +230,7 @@ same manner as the \fB\-cert\fR and \fB\-key\fR op - if they are not specified (no additional certificate and key is used). As - noted above some cipher suites require a certificate containing a key of - a certain type. Some cipher suites need a certificate carrying an \s-1RSA\s0 key --and some a \s-1DSS\s0 (\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys -+and some a \s-1DSS \s0(\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys - a server can support clients which only support \s-1RSA\s0 or \s-1DSS\s0 cipher suites - by using an appropriate certificate. - .IP "\fB\-dcertform format\fR, \fB\-dkeyform format\fR, \fB\-dpass arg\fR" 4 -@@ -252,9 +262,12 @@ client certificate chain and makes the server requ - the client. With the \fB\-verify\fR option a certificate is requested but the - client does not have to send one, with the \fB\-Verify\fR option the client - must supply a certificate or an error occurs. -+.Sp -+If the ciphersuite cannot request a client certificate (for example an -+anonymous ciphersuite or \s-1PSK\s0) this option has no effect. - .IP "\fB\-crl_check\fR, \fB\-crl_check_all\fR" 4 - .IX Item "-crl_check, -crl_check_all" --Check the peer certificate has not been revoked by its \s-1CA\s0. -+Check the peer certificate has not been revoked by its \s-1CA.\s0 - The \s-1CRL\s0(s) are appended to the certificate file. With the \fB\-crl_check_all\fR - option all CRLs of all CAs in the chain are checked. - .IP "\fB\-CApath directory\fR" 4 -@@ -285,7 +298,7 @@ tests non blocking I/O - turns on non blocking I/O - .IP "\fB\-crlf\fR" 4 - .IX Item "-crlf" --this option translated a line feed from the terminal into \s-1CR+LF\s0. -+this option translated a line feed from the terminal into \s-1CR+LF.\s0 - .IP "\fB\-quiet\fR" 4 - .IX Item "-quiet" - inhibit printing of session and certificate information. -@@ -309,6 +322,9 @@ the client sends a list of supported ciphers the f - also included in the server list is used. Because the client specifies - the preference order, the order of the server cipherlist irrelevant. See - the \fBciphers\fR command for more information. -+.IP "\fB\-serverpref\fR" 4 -+.IX Item "-serverpref" -+use the server's cipher preferences, rather than the client's preferences. - .IP "\fB\-tlsextdebug\fR" 4 - .IX Item "-tlsextdebug" - print out a hex dump of any \s-1TLS\s0 extensions received from the server. -Index: secure/usr.bin/openssl/man/s_time.1 -=================================================================== ---- secure/usr.bin/openssl/man/s_time.1 (revision 279126) -+++ secure/usr.bin/openssl/man/s_time.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "S_TIME 1" --.TH S_TIME 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH S_TIME 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -152,7 +161,7 @@ s_time \- SSL/TLS performance timing program - .SH "DESCRIPTION" - .IX Header "DESCRIPTION" - The \fBs_client\fR command implements a generic \s-1SSL/TLS\s0 client which connects to a --remote host using \s-1SSL/TLS\s0. It can request a page from the server and includes -+remote host using \s-1SSL/TLS.\s0 It can request a page from the server and includes - the time to transfer the payload data in its timing measurements. It measures - the number of connections within a given timeframe, the amount of data - transferred (if any), and calculates the average time spent for one connection. -@@ -234,7 +243,7 @@ and the link speed determine how many connections - .SH "NOTES" - .IX Header "NOTES" - \&\fBs_client\fR can be used to measure the performance of an \s-1SSL\s0 connection. --To connect to an \s-1SSL\s0 \s-1HTTP\s0 server and get the default page the command -+To connect to an \s-1SSL HTTP\s0 server and get the default page the command - .PP - .Vb 1 - \& openssl s_time \-connect servername:443 \-www / \-CApath yourdir \-CAfile yourfile.pem \-cipher commoncipher [\-ssl3] -Index: secure/usr.bin/openssl/man/sess_id.1 -=================================================================== ---- secure/usr.bin/openssl/man/sess_id.1 (revision 279126) -+++ secure/usr.bin/openssl/man/sess_id.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SESS_ID 1" --.TH SESS_ID 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SESS_ID 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -150,7 +159,7 @@ needs some knowledge of the \s-1SSL\s0 protocol to - not need to use it. - .IP "\fB\-inform DER|PEM\fR" 4 - .IX Item "-inform DER|PEM" --This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded -+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded - format containing session details. The precise format can vary from one version - to the next. The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR - format base64 encoded with additional header and footer lines. -@@ -180,7 +189,7 @@ this option prevents output of the encoded version - .IP "\fB\-context \s-1ID\s0\fR" 4 - .IX Item "-context ID" - this option can set the session id so the output session information uses the --supplied \s-1ID\s0. The \s-1ID\s0 can be any string of characters. This option wont normally -+supplied \s-1ID.\s0 The \s-1ID\s0 can be any string of characters. This option wont normally - be used. - .SH "OUTPUT" - .IX Header "OUTPUT" -Index: secure/usr.bin/openssl/man/smime.1 -=================================================================== ---- secure/usr.bin/openssl/man/smime.1 (revision 279126) -+++ secure/usr.bin/openssl/man/smime.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SMIME 1" --.TH SMIME 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SMIME 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -230,7 +239,7 @@ is S/MIME and it uses the multipart/signed \s-1MIM - .IX Item "-text" - this option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied - message if encrypting or signing. If decrypting or verifying it strips --off text headers: if the decrypted or verified message is not of \s-1MIME\s0 -+off text headers: if the decrypted or verified message is not of \s-1MIME \s0 - type text/plain then an error occurs. - .IP "\fB\-CAfile file\fR" 4 - .IX Item "-CAfile file" -@@ -243,8 +252,8 @@ is a hash of each subject name (using \fBx509 \-ha - to each certificate. - .IP "\fB\-des \-des3 \-rc2\-40 \-rc2\-64 \-rc2\-128 \-aes128 \-aes192 \-aes256 \-camellia128 \-camellia192 \-camellia256\fR" 4 - .IX Item "-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256 -camellia128 -camellia192 -camellia256" --the encryption algorithm to use. \s-1DES\s0 (56 bits), triple \s-1DES\s0 (168 bits), --40, 64 or 128 bit \s-1RC2\s0, 128, 192 or 256 bit \s-1AES\s0, or 128, 192 or 256 bit Camellia respectively. -+the encryption algorithm to use. \s-1DES \s0(56 bits), triple \s-1DES \s0(168 bits), -+40, 64 or 128 bit \s-1RC2, 128, 192\s0 or 256 bit \s-1AES,\s0 or 128, 192 or 256 bit Camellia respectively. - If not specified triple \s-1DES\s0 is used. Only used with \fB\-encrypt\fR. - .IP "\fB\-nointern\fR" 4 - .IX Item "-nointern" -@@ -308,7 +317,7 @@ the \fB\-recip\fR or \fB\-signer\fR file. - .IP "\fB\-passin arg\fR" 4 - .IX Item "-passin arg" - the private key password source. For more information about the format of \fBarg\fR --see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). - .IP "\fB\-rand file(s)\fR" 4 - .IX Item "-rand file(s)" - a file or files containing random data used to seed the random number -Index: secure/usr.bin/openssl/man/speed.1 -=================================================================== ---- secure/usr.bin/openssl/man/speed.1 (revision 279126) -+++ secure/usr.bin/openssl/man/speed.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SPEED 1" --.TH SPEED 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SPEED 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/usr.bin/openssl/man/spkac.1 -=================================================================== ---- secure/usr.bin/openssl/man/spkac.1 (revision 279126) -+++ secure/usr.bin/openssl/man/spkac.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "SPKAC 1" --.TH SPKAC 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH SPKAC 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -168,7 +177,7 @@ present. - .IP "\fB\-passin password\fR" 4 - .IX Item "-passin password" - the input file password source. For more information about the format of \fBarg\fR --see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). - .IP "\fB\-challenge string\fR" 4 - .IX Item "-challenge string" - specifies the challenge string if an \s-1SPKAC\s0 is being created. -@@ -175,23 +184,23 @@ specifies the challenge string if an \s-1SPKAC\s0 - .IP "\fB\-spkac spkacname\fR" 4 - .IX Item "-spkac spkacname" - allows an alternative name form the variable containing the --\&\s-1SPKAC\s0. The default is \*(L"\s-1SPKAC\s0\*(R". This option affects both -+\&\s-1SPKAC.\s0 The default is \*(L"\s-1SPKAC\*(R".\s0 This option affects both - generated and input \s-1SPKAC\s0 files. - .IP "\fB\-spksect section\fR" 4 - .IX Item "-spksect section" - allows an alternative name form the section containing the --\&\s-1SPKAC\s0. The default is the default section. -+\&\s-1SPKAC.\s0 The default is the default section. - .IP "\fB\-noout\fR" 4 - .IX Item "-noout" --don't output the text version of the \s-1SPKAC\s0 (not used if an -+don't output the text version of the \s-1SPKAC \s0(not used if an - \&\s-1SPKAC\s0 is being created). - .IP "\fB\-pubkey\fR" 4 - .IX Item "-pubkey" --output the public key of an \s-1SPKAC\s0 (not used if an \s-1SPKAC\s0 is -+output the public key of an \s-1SPKAC \s0(not used if an \s-1SPKAC\s0 is - being created). - .IP "\fB\-verify\fR" 4 - .IX Item "-verify" --verifies the digital signature on the supplied \s-1SPKAC\s0. -+verifies the digital signature on the supplied \s-1SPKAC.\s0 - .IP "\fB\-engine id\fR" 4 - .IX Item "-engine id" - specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR -@@ -218,7 +227,7 @@ Create an \s-1SPKAC\s0 using the challenge string - \& openssl spkac \-key key.pem \-challenge hello \-out spkac.cnf - .Ve - .PP --Example of an \s-1SPKAC\s0, (long lines split up for clarity): -+Example of an \s-1SPKAC, \s0(long lines split up for clarity): - .PP - .Vb 5 - \& SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\e -Index: secure/usr.bin/openssl/man/verify.1 -=================================================================== ---- secure/usr.bin/openssl/man/verify.1 (revision 279126) -+++ secure/usr.bin/openssl/man/verify.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "VERIFY 1" --.TH VERIFY 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH VERIFY 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -134,13 +143,27 @@ verify \- Utility to verify certificates. - .SH "SYNOPSIS" - .IX Header "SYNOPSIS" - \&\fBopenssl\fR \fBverify\fR -+[\fB\-CAfile file\fR] - [\fB\-CApath directory\fR] --[\fB\-CAfile file\fR] -+[\fB\-attime timestamp\fR] -+[\fB\-check_ss_sig\fR] -+[\fB\-crl_check\fR] -+[\fB\-crl_check_all\fR] -+[\fB\-explicit_policy\fR] -+[\fB\-help\fR] -+[\fB\-ignore_critical\fR] -+[\fB\-inhibit_any\fR] -+[\fB\-inhibit_map\fR] -+[\fB\-issuer_checks\fR] -+[\fB\-policy arg\fR] -+[\fB\-policy_check\fR] -+[\fB\-policy_print\fR] - [\fB\-purpose purpose\fR] - [\fB\-untrusted file\fR] --[\fB\-help\fR] --[\fB\-issuer_checks\fR] -+[\fB\-use_deltas\fR] - [\fB\-verbose\fR] -+[\fB\-verify_depth num\fR] -+[\fB\-x509_strict\fR] - [\fB\-\fR] - [certificates] - .SH "DESCRIPTION" -@@ -148,6 +171,10 @@ verify \- Utility to verify certificates. - The \fBverify\fR command verifies certificate chains. - .SH "COMMAND OPTIONS" - .IX Header "COMMAND OPTIONS" -+.IP "\fB\-CAfile file\fR" 4 -+.IX Item "-CAfile file" -+A file of trusted certificates. The file should contain multiple certificates -+in \s-1PEM\s0 format concatenated together. - .IP "\fB\-CApath directory\fR" 4 - .IX Item "-CApath directory" - A directory of trusted certificates. The certificates should have names -@@ -155,46 +182,92 @@ of the form: hash.0 or have symbolic links to them - form (\*(L"hash\*(R" is the hashed certificate subject name: see the \fB\-hash\fR option - of the \fBx509\fR utility). Under Unix the \fBc_rehash\fR script will automatically - create symbolic links to a directory of certificates. --.IP "\fB\-CAfile file\fR" 4 --.IX Item "-CAfile file" --A file of trusted certificates. The file should contain multiple certificates --in \s-1PEM\s0 format concatenated together. -+.IP "\fB\-attime timestamp\fR" 4 -+.IX Item "-attime timestamp" -+Perform validation checks using time specified by \fBtimestamp\fR and not -+current system time. \fBtimestamp\fR is the number of seconds since -+01.01.1970 (\s-1UNIX\s0 time). -+.IP "\fB\-check_ss_sig\fR" 4 -+.IX Item "-check_ss_sig" -+Verify the signature on the self-signed root \s-1CA.\s0 This is disabled by default -+because it doesn't add any security. -+.IP "\fB\-crl_check\fR" 4 -+.IX Item "-crl_check" -+Checks end entity certificate validity by attempting to look up a valid \s-1CRL.\s0 -+If a valid \s-1CRL\s0 cannot be found an error occurs. -+.IP "\fB\-crl_check_all\fR" 4 -+.IX Item "-crl_check_all" -+Checks the validity of \fBall\fR certificates in the chain by attempting -+to look up valid CRLs. -+.IP "\fB\-explicit_policy\fR" 4 -+.IX Item "-explicit_policy" -+Set policy variable require-explicit-policy (see \s-1RFC5280\s0). -+.IP "\fB\-help\fR" 4 -+.IX Item "-help" -+Print out a usage message. -+.IP "\fB\-ignore_critical\fR" 4 -+.IX Item "-ignore_critical" -+Normally if an unhandled critical extension is present which is not -+supported by OpenSSL the certificate is rejected (as required by \s-1RFC5280\s0). -+If this option is set critical extensions are ignored. -+.IP "\fB\-inhibit_any\fR" 4 -+.IX Item "-inhibit_any" -+Set policy variable inhibit-any-policy (see \s-1RFC5280\s0). -+.IP "\fB\-inhibit_map\fR" 4 -+.IX Item "-inhibit_map" -+Set policy variable inhibit-policy-mapping (see \s-1RFC5280\s0). -+.IP "\fB\-issuer_checks\fR" 4 -+.IX Item "-issuer_checks" -+Print out diagnostics relating to searches for the issuer certificate of the -+current certificate. This shows why each candidate issuer certificate was -+rejected. The presence of rejection messages does not itself imply that -+anything is wrong; during the normal verification process, several -+rejections may take place. -+.IP "\fB\-policy arg\fR" 4 -+.IX Item "-policy arg" -+Enable policy processing and add \fBarg\fR to the user-initial-policy-set (see -+\&\s-1RFC5280\s0). The policy \fBarg\fR can be an object name an \s-1OID\s0 in numeric form. -+This argument can appear more than once. -+.IP "\fB\-policy_check\fR" 4 -+.IX Item "-policy_check" -+Enables certificate policy processing. -+.IP "\fB\-policy_print\fR" 4 -+.IX Item "-policy_print" -+Print out diagnostics related to policy processing. -+.IP "\fB\-purpose purpose\fR" 4 -+.IX Item "-purpose purpose" -+The intended use for the certificate. If this option is not specified, -+\&\fBverify\fR will not consider certificate purpose during chain verification. -+Currently accepted uses are \fBsslclient\fR, \fBsslserver\fR, \fBnssslserver\fR, -+\&\fBsmimesign\fR, \fBsmimeencrypt\fR. See the \fB\s-1VERIFY OPERATION\s0\fR section for more -+information. - .IP "\fB\-untrusted file\fR" 4 - .IX Item "-untrusted file" - A file of untrusted certificates. The file should contain multiple certificates --.IP "\fB\-purpose purpose\fR" 4 --.IX Item "-purpose purpose" --the intended use for the certificate. Without this option no chain verification --will be done. Currently accepted uses are \fBsslclient\fR, \fBsslserver\fR, --\&\fBnssslserver\fR, \fBsmimesign\fR, \fBsmimeencrypt\fR. See the \fB\s-1VERIFY\s0 \s-1OPERATION\s0\fR --section for more information. --.IP "\fB\-help\fR" 4 --.IX Item "-help" --prints out a usage message. -+in \s-1PEM\s0 format concatenated together. -+.IP "\fB\-use_deltas\fR" 4 -+.IX Item "-use_deltas" -+Enable support for delta CRLs. - .IP "\fB\-verbose\fR" 4 - .IX Item "-verbose" --print extra information about the operations being performed. --.IP "\fB\-issuer_checks\fR" 4 --.IX Item "-issuer_checks" --print out diagnostics relating to searches for the issuer certificate --of the current certificate. This shows why each candidate issuer --certificate was rejected. However the presence of rejection messages --does not itself imply that anything is wrong: during the normal --verify process several rejections may take place. --.IP "\fB\-check_ss_sig\fR" 4 --.IX Item "-check_ss_sig" --Verify the signature on the self-signed root \s-1CA\s0. This is disabled by default --because it doesn't add any security. -+Print extra information about the operations being performed. -+.IP "\fB\-verify_depth num\fR" 4 -+.IX Item "-verify_depth num" -+Limit the maximum depth of the certificate chain to \fBnum\fR certificates. -+.IP "\fB\-x509_strict\fR" 4 -+.IX Item "-x509_strict" -+For strict X.509 compliance, disable non-compliant workarounds for broken -+certificates. - .IP "\fB\-\fR" 4 - .IX Item "-" --marks the last option. All arguments following this are assumed to be -+Indicates the last option. All arguments following this are assumed to be - certificate files. This is useful if the first certificate filename begins - with a \fB\-\fR. - .IP "\fBcertificates\fR" 4 - .IX Item "certificates" --one or more certificates to verify. If no certificate filenames are included --then an attempt is made to read a certificate from standard input. They should --all be in \s-1PEM\s0 format. -+One or more certificates to verify. If no certificates are given, \fBverify\fR -+will attempt to read a certificate from standard input. Certificates must be -+in \s-1PEM\s0 format. - .SH "VERIFY OPERATION" - .IX Header "VERIFY OPERATION" - The \fBverify\fR program uses the same functions as the internal \s-1SSL\s0 and S/MIME -@@ -210,10 +283,10 @@ determined. - The verify operation consists of a number of separate steps. - .PP - Firstly a certificate chain is built up starting from the supplied certificate --and ending in the root \s-1CA\s0. It is an error if the whole chain cannot be built -+and ending in the root \s-1CA.\s0 It is an error if the whole chain cannot be built - up. The chain is built up by looking up the issuers certificate of the current - certificate. If a certificate is found which is its own issuer it is assumed --to be the root \s-1CA\s0. -+to be the root \s-1CA.\s0 - .PP - The process of 'looking up the issuers certificate' itself involves a number - of steps. In versions of OpenSSL before 0.9.5a the first certificate whose -@@ -237,9 +310,9 @@ consistency with the supplied purpose. If the \fB\ - then no checks are done. The supplied or \*(L"leaf\*(R" certificate must have extensions - compatible with the supplied purpose and all other certificates must also be valid - \&\s-1CA\s0 certificates. The precise extensions required are described in more detail in --the \fB\s-1CERTIFICATE\s0 \s-1EXTENSIONS\s0\fR section of the \fBx509\fR utility. -+the \fB\s-1CERTIFICATE EXTENSIONS\s0\fR section of the \fBx509\fR utility. - .PP --The third operation is to check the trust settings on the root \s-1CA\s0. The root -+The third operation is to check the trust settings on the root \s-1CA.\s0 The root - \&\s-1CA\s0 should be trusted for the supplied purpose. For compatibility with previous - versions of SSLeay and OpenSSL a certificate with no trust settings is considered - to be valid for all purposes. -@@ -281,7 +354,7 @@ the issuer certificate of a looked up certificate - normally means the list of trusted certificates is not complete. - .IP "\fB3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate \s-1CRL\s0\fR" 4 - .IX Item "3 X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL" --the \s-1CRL\s0 of a certificate could not be found. Unused. -+the \s-1CRL\s0 of a certificate could not be found. - .IP "\fB4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature\fR" 4 - .IX Item "4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature" - the certificate signature could not be decrypted. This means that the actual signature value -@@ -299,7 +372,7 @@ the public key in the certificate SubjectPublicKey - the signature of the certificate is invalid. - .IP "\fB8 X509_V_ERR_CRL_SIGNATURE_FAILURE: \s-1CRL\s0 signature failure\fR" 4 - .IX Item "8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure" --the signature of the certificate is invalid. Unused. -+the signature of the certificate is invalid. - .IP "\fB9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid\fR" 4 - .IX Item "9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid" - the certificate is not yet valid: the notBefore date is after the current time. -@@ -308,10 +381,10 @@ the certificate is not yet valid: the notBefore da - the certificate has expired: that is the notAfter date is before the current time. - .IP "\fB11 X509_V_ERR_CRL_NOT_YET_VALID: \s-1CRL\s0 is not yet valid\fR" 4 - .IX Item "11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid" --the \s-1CRL\s0 is not yet valid. Unused. -+the \s-1CRL\s0 is not yet valid. - .IP "\fB12 X509_V_ERR_CRL_HAS_EXPIRED: \s-1CRL\s0 has expired\fR" 4 - .IX Item "12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired" --the \s-1CRL\s0 has expired. Unused. -+the \s-1CRL\s0 has expired. - .IP "\fB13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field\fR" 4 - .IX Item "13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field" - the certificate notBefore field contains an invalid time. -@@ -320,10 +393,10 @@ the certificate notBefore field contains an invali - the certificate notAfter field contains an invalid time. - .IP "\fB15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in \s-1CRL\s0's lastUpdate field\fR" 4 - .IX Item "15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field" --the \s-1CRL\s0 lastUpdate field contains an invalid time. Unused. -+the \s-1CRL\s0 lastUpdate field contains an invalid time. - .IP "\fB16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in \s-1CRL\s0's nextUpdate field\fR" 4 - .IX Item "16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field" --the \s-1CRL\s0 nextUpdate field contains an invalid time. Unused. -+the \s-1CRL\s0 nextUpdate field contains an invalid time. - .IP "\fB17 X509_V_ERR_OUT_OF_MEM: out of memory\fR" 4 - .IX Item "17 X509_V_ERR_OUT_OF_MEM: out of memory" - an error occurred trying to allocate memory. This should never happen. -@@ -348,7 +421,7 @@ self signed. - the certificate chain length is greater than the supplied maximum depth. Unused. - .IP "\fB23 X509_V_ERR_CERT_REVOKED: certificate revoked\fR" 4 - .IX Item "23 X509_V_ERR_CERT_REVOKED: certificate revoked" --the certificate has been revoked. Unused. -+the certificate has been revoked. - .IP "\fB24 X509_V_ERR_INVALID_CA: invalid \s-1CA\s0 certificate\fR" 4 - .IX Item "24 X509_V_ERR_INVALID_CA: invalid CA certificate" - a \s-1CA\s0 certificate is invalid. Either it is not a \s-1CA\s0 or its extensions are not consistent -@@ -390,9 +463,9 @@ an application specific error. Unused. - .SH "BUGS" - .IX Header "BUGS" - Although the issuer checks are a considerable improvement over the old technique they still --suffer from limitations in the underlying X509_LOOKUP \s-1API\s0. One consequence of this is that -+suffer from limitations in the underlying X509_LOOKUP \s-1API.\s0 One consequence of this is that - trusted certificates with matching subject name must either appear in a file (as specified by the --\&\fB\-CAfile\fR option) or a directory (as specified by \fB\-CApath\fR. If they occur in both then only -+\&\fB\-CAfile\fR option) or a directory (as specified by \fB\-CApath\fR). If they occur in both then only - the certificates in the file will be recognised. - .PP - Previous versions of OpenSSL assume certificates with matching subject name are identical and -Index: secure/usr.bin/openssl/man/version.1 -=================================================================== ---- secure/usr.bin/openssl/man/version.1 (revision 279126) -+++ secure/usr.bin/openssl/man/version.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "VERSION 1" --.TH VERSION 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH VERSION 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -Index: secure/usr.bin/openssl/man/x509.1 -=================================================================== ---- secure/usr.bin/openssl/man/x509.1 (revision 279126) -+++ secure/usr.bin/openssl/man/x509.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "X509 1" --.TH X509 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH X509 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -145,6 +154,7 @@ x509 \- Certificate display and signing utility - [\fB\-hash\fR] - [\fB\-subject_hash\fR] - [\fB\-issuer_hash\fR] -+[\fB\-ocspid\fR] - [\fB\-subject\fR] - [\fB\-issuer\fR] - [\fB\-nameopt option\fR] -@@ -153,6 +163,7 @@ x509 \- Certificate display and signing utility - [\fB\-enddate\fR] - [\fB\-purpose\fR] - [\fB\-dates\fR] -+[\fB\-checkend num\fR] - [\fB\-modulus\fR] - [\fB\-fingerprint\fR] - [\fB\-alias\fR] -@@ -166,6 +177,7 @@ x509 \- Certificate display and signing utility - [\fB\-days arg\fR] - [\fB\-set_serial n\fR] - [\fB\-signkey filename\fR] -+[\fB\-passin arg\fR] - [\fB\-x509toreq\fR] - [\fB\-req\fR] - [\fB\-CA filename\fR] -@@ -173,6 +185,7 @@ x509 \- Certificate display and signing utility - [\fB\-CAcreateserial\fR] - [\fB\-CAserial filename\fR] - [\fB\-text\fR] -+[\fB\-certopt option\fR] - [\fB\-C\fR] - [\fB\-md2|\-md5|\-sha1|\-mdc2\fR] - [\fB\-clrext\fR] -@@ -183,7 +196,7 @@ x509 \- Certificate display and signing utility - .IX Header "DESCRIPTION" - The \fBx509\fR command is a multi purpose certificate utility. It can be - used to display certificate information, convert certificates to --various forms, sign certificate requests like a \*(L"mini \s-1CA\s0\*(R" or edit -+various forms, sign certificate requests like a \*(L"mini \s-1CA\*(R"\s0 or edit - certificate trust settings. - .PP - Since there are a large number of options they will split up into -@@ -190,7 +203,7 @@ Since there are a large number of options they wil - various sections. - .SH "OPTIONS" - .IX Header "OPTIONS" --.SS "\s-1INPUT\s0, \s-1OUTPUT\s0 \s-1AND\s0 \s-1GENERAL\s0 \s-1PURPOSE\s0 \s-1OPTIONS\s0" -+.SS "\s-1INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS\s0" - .IX Subsection "INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS" - .IP "\fB\-inform DER|PEM|NET\fR" 4 - .IX Item "-inform DER|PEM|NET" -@@ -224,10 +237,10 @@ specifying an engine (by it's unique \fBid\fR stri - to attempt to obtain a functional reference to the specified engine, - thus initialising it if needed. The engine will then be set as the default - for all available algorithms. --.SS "\s-1DISPLAY\s0 \s-1OPTIONS\s0" -+.SS "\s-1DISPLAY OPTIONS\s0" - .IX Subsection "DISPLAY OPTIONS" - Note: the \fB\-alias\fR and \fB\-purpose\fR options are also display options --but are described in the \fB\s-1TRUST\s0 \s-1SETTINGS\s0\fR section. -+but are described in the \fB\s-1TRUST SETTINGS\s0\fR section. - .IP "\fB\-text\fR" 4 - .IX Item "-text" - prints out the certificate in text form. Full details are output including the -@@ -237,7 +250,7 @@ any extensions present and any trust settings. - .IX Item "-certopt option" - customise the output format used with \fB\-text\fR. The \fBoption\fR argument can be - a single option or multiple options separated by commas. The \fB\-certopt\fR switch --may be also be used more than once to set multiple options. See the \fB\s-1TEXT\s0 \s-1OPTIONS\s0\fR -+may be also be used more than once to set multiple options. See the \fB\s-1TEXT OPTIONS\s0\fR - section for more information. - .IP "\fB\-noout\fR" 4 - .IX Item "-noout" -@@ -257,6 +270,9 @@ name. - .IP "\fB\-issuer_hash\fR" 4 - .IX Item "-issuer_hash" - outputs the \*(L"hash\*(R" of the certificate issuer name. -+.IP "\fB\-ocspid\fR" 4 -+.IX Item "-ocspid" -+outputs the \s-1OCSP\s0 hash values for the subject name and public key. - .IP "\fB\-hash\fR" 4 - .IX Item "-hash" - synonym for \*(L"\-subject_hash\*(R" for backward compatibility reasons. -@@ -271,7 +287,7 @@ outputs the issuer name. - option which determines how the subject or issuer names are displayed. The - \&\fBoption\fR argument can be a single option or multiple options separated by - commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to --set multiple options. See the \fB\s-1NAME\s0 \s-1OPTIONS\s0\fR section for more information. -+set multiple options. See the \fB\s-1NAME OPTIONS\s0\fR section for more information. - .IP "\fB\-email\fR" 4 - .IX Item "-email" - outputs the email address(es) if any. -@@ -284,6 +300,10 @@ prints out the expiry date of the certificate, tha - .IP "\fB\-dates\fR" 4 - .IX Item "-dates" - prints out the start and expiry dates of a certificate. -+.IP "\fB\-checkend arg\fR" 4 -+.IX Item "-checkend arg" -+checks if the certificate expires within the next \fBarg\fR seconds and exits -+non-zero if yes it will expire or zero if not. - .IP "\fB\-fingerprint\fR" 4 - .IX Item "-fingerprint" - prints out the digest of the \s-1DER\s0 encoded version of the whole certificate -@@ -291,7 +311,7 @@ prints out the digest of the \s-1DER\s0 encoded ve - .IP "\fB\-C\fR" 4 - .IX Item "-C" - this outputs the certificate in the form of a C source file. --.SS "\s-1TRUST\s0 \s-1SETTINGS\s0" -+.SS "\s-1TRUST SETTINGS\s0" - .IX Subsection "TRUST SETTINGS" - Please note these options are currently experimental and may well change. - .PP -@@ -304,7 +324,7 @@ must be \*(L"trusted\*(R". By default a trusted ce - locally and must be a root \s-1CA:\s0 any certificate chain ending in this \s-1CA\s0 - is then usable for any purpose. - .PP --Trust settings currently are only used with a root \s-1CA\s0. They allow a finer -+Trust settings currently are only used with a root \s-1CA.\s0 They allow a finer - control over the purposes the root \s-1CA\s0 can be used for. For example a \s-1CA\s0 - may be trusted for \s-1SSL\s0 client but not \s-1SSL\s0 server use. - .PP -@@ -346,12 +366,12 @@ option. - .IP "\fB\-purpose\fR" 4 - .IX Item "-purpose" - this option performs tests on the certificate extensions and outputs --the results. For a more complete description see the \fB\s-1CERTIFICATE\s0 --\&\s-1EXTENSIONS\s0\fR section. --.SS "\s-1SIGNING\s0 \s-1OPTIONS\s0" -+the results. For a more complete description see the \fB\s-1CERTIFICATE -+EXTENSIONS\s0\fR section. -+.SS "\s-1SIGNING OPTIONS\s0" - .IX Subsection "SIGNING OPTIONS" - The \fBx509\fR utility can be used to sign certificates and requests: it --can thus behave like a \*(L"mini \s-1CA\s0\*(R". -+can thus behave like a \*(L"mini \s-1CA\*(R".\s0 - .IP "\fB\-signkey filename\fR" 4 - .IX Item "-signkey filename" - this option causes the input file to be self signed using the supplied -@@ -367,6 +387,10 @@ the \fB\-clrext\fR option is supplied. - If the input is a certificate request then a self signed certificate - is created using the supplied private key using the subject name in - the request. -+.IP "\fB\-passin arg\fR" 4 -+.IX Item "-passin arg" -+the key password source. For more information about the format of \fBarg\fR -+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). - .IP "\fB\-clrext\fR" 4 - .IX Item "-clrext" - delete any extensions from a certificate. This option is used when a -@@ -401,7 +425,7 @@ serial numbers can also be specified but their use - .IP "\fB\-CA filename\fR" 4 - .IX Item "-CA filename" - specifies the \s-1CA\s0 certificate to be used for signing. When this option is --present \fBx509\fR behaves like a \*(L"mini \s-1CA\s0\*(R". The input file is signed by this -+present \fBx509\fR behaves like a \*(L"mini \s-1CA\*(R".\s0 The input file is signed by this - \&\s-1CA\s0 using this option: that is its issuer name is set to the subject name - of the \s-1CA\s0 and it is digitally signed using the CAs private key. - .Sp -@@ -440,7 +464,7 @@ the section to add certificate extensions from. If - specified then the extensions should either be contained in the unnamed - (default) section or the default section should contain a variable called - \&\*(L"extensions\*(R" which contains the section to use. --.SS "\s-1NAME\s0 \s-1OPTIONS\s0" -+.SS "\s-1NAME OPTIONS\s0" - .IX Subsection "NAME OPTIONS" - The \fBnameopt\fR command line switch determines how the subject and issuer - names are displayed. If no \fBnameopt\fR switch is present the default \*(L"oneline\*(R" -@@ -457,7 +481,7 @@ displays names compatible with \s-1RFC2253\s0 equi - \&\fBsep_comma_plus\fR, \fBdn_rev\fR and \fBsname\fR. - .IP "\fBoneline\fR" 4 - .IX Item "oneline" --a oneline format which is more readable than \s-1RFC2253\s0. It is equivalent to -+a oneline format which is more readable than \s-1RFC2253.\s0 It is equivalent to - specifying the \fBesc_2253\fR, \fBesc_ctrl\fR, \fBesc_msb\fR, \fButf8\fR, \fBdump_nostr\fR, - \&\fBdump_der\fR, \fBuse_quote\fR, \fBsep_comma_plus_space\fR, \fBspace_eq\fR and \fBsname\fR - options. -@@ -486,7 +510,7 @@ escapes some characters by surrounding the whole s - without the option all escaping is done with the \fB\e\fR character. - .IP "\fButf8\fR" 4 - .IX Item "utf8" --convert all strings to \s-1UTF8\s0 format first. This is required by \s-1RFC2253\s0. If -+convert all strings to \s-1UTF8\s0 format first. This is required by \s-1RFC2253.\s0 If - you are lucky enough to have a \s-1UTF8\s0 compatible terminal then the use - of this option (and \fBnot\fR setting \fBesc_msb\fR) may result in the correct - display of multibyte (international) characters. Is this option is not -@@ -494,8 +518,8 @@ present then multibyte characters larger than 0xff - using the format \eUXXXX for 16 bits and \eWXXXXXXXX for 32 bits. - Also if this option is off any UTF8Strings will be converted to their - character form first. --.IP "\fBno_type\fR" 4 --.IX Item "no_type" -+.IP "\fBignore_type\fR" 4 -+.IX Item "ignore_type" - this option does not attempt to interpret multibyte characters in any - way. That is their content octets are merely dumped as though one octet - represents each character. This is useful for diagnostic purposes but -@@ -508,11 +532,11 @@ field contents. For example \*(L"\s-1BMPSTRING:\s0 - .IX Item "dump_der" - when this option is set any fields that need to be hexdumped will - be dumped using the \s-1DER\s0 encoding of the field. Otherwise just the --content octets will be displayed. Both options use the \s-1RFC2253\s0 --\&\fB#XXXX...\fR format. -+content octets will be displayed. Both options use the \s-1RFC2253 -+\&\s0\fB#XXXX...\fR format. - .IP "\fBdump_nostr\fR" 4 - .IX Item "dump_nostr" --dump non character string types (for example \s-1OCTET\s0 \s-1STRING\s0) if this -+dump non character string types (for example \s-1OCTET STRING\s0) if this - option is not set then non character string types will be displayed - as though each content octet represents a single character. - .IP "\fBdump_all\fR" 4 -@@ -533,7 +557,7 @@ the \s-1RDN\s0 separator and a spaced \fB+\fR for - indents the fields by four characters. - .IP "\fBdn_rev\fR" 4 - .IX Item "dn_rev" --reverse the fields of the \s-1DN\s0. This is required by \s-1RFC2253\s0. As a side -+reverse the fields of the \s-1DN.\s0 This is required by \s-1RFC2253.\s0 As a side - effect this also reverses the order of multiple AVAs but this is - permissible. - .IP "\fBnofname\fR, \fBsname\fR, \fBlname\fR, \fBoid\fR" 4 -@@ -551,7 +575,7 @@ align field values for a more readable output. Onl - .IX Item "space_eq" - places spaces round the \fB=\fR character which follows the field - name. --.SS "\s-1TEXT\s0 \s-1OPTIONS\s0" -+.SS "\s-1TEXT OPTIONS\s0" - .IX Subsection "TEXT OPTIONS" - As well as customising the name output format, it is also possible to - customise the actual fields printed using the \fBcertopt\fR options when -@@ -685,7 +709,7 @@ certificate extensions: - .Ve - .PP - Set a certificate to be trusted for \s-1SSL\s0 client use and change set its alias to --\&\*(L"Steve's Class 1 \s-1CA\s0\*(R" -+\&\*(L"Steve's Class 1 \s-1CA\*(R"\s0 - .PP - .Vb 2 - \& openssl x509 \-in cert.pem \-addtrust clientAuth \e -@@ -724,7 +748,7 @@ This is commonly called a \*(L"fingerprint\*(R". B - digests the fingerprint of a certificate is unique to that certificate and - two certificates with the same fingerprint can be considered to be the same. - .PP --The Netscape fingerprint uses \s-1MD5\s0 whereas \s-1MSIE\s0 uses \s-1SHA1\s0. -+The Netscape fingerprint uses \s-1MD5\s0 whereas \s-1MSIE\s0 uses \s-1SHA1.\s0 - .PP - The \fB\-email\fR option searches the subject name and the subject alternative - name extension. Only unique email addresses will be printed out: it will -@@ -740,12 +764,12 @@ The same code is used when verifying untrusted cer - so this section is useful if a chain is rejected by the verify code. - .PP - The basicConstraints extension \s-1CA\s0 flag is used to determine whether the --certificate can be used as a \s-1CA\s0. If the \s-1CA\s0 flag is true then it is a \s-1CA\s0, --if the \s-1CA\s0 flag is false then it is not a \s-1CA\s0. \fBAll\fR CAs should have the -+certificate can be used as a \s-1CA.\s0 If the \s-1CA\s0 flag is true then it is a \s-1CA,\s0 -+if the \s-1CA\s0 flag is false then it is not a \s-1CA. \s0\fBAll\fR CAs should have the - \&\s-1CA\s0 flag set to true. - .PP - If the basicConstraints extension is absent then the certificate is --considered to be a \*(L"possible \s-1CA\s0\*(R" other extensions are checked according -+considered to be a \*(L"possible \s-1CA\*(R"\s0 other extensions are checked according - to the intended use of the certificate. A warning is given in this case - because the certificate should really not be regarded as a \s-1CA:\s0 however - it is allowed to be a \s-1CA\s0 to work around some broken software. -@@ -769,14 +793,14 @@ basicConstraints and keyUsage and V1 certificates - .IP "\fB\s-1SSL\s0 Client\fR" 4 - .IX Item "SSL Client" - The extended key usage extension must be absent or include the \*(L"web client --authentication\*(R" \s-1OID\s0. keyUsage must be absent or it must have the -+authentication\*(R" \s-1OID. \s0 keyUsage must be absent or it must have the - digitalSignature bit set. Netscape certificate type must be absent or it must - have the \s-1SSL\s0 client bit set. - .IP "\fB\s-1SSL\s0 Client \s-1CA\s0\fR" 4 - .IX Item "SSL Client CA" - The extended key usage extension must be absent or include the \*(L"web client --authentication\*(R" \s-1OID\s0. Netscape certificate type must be absent or it must have --the \s-1SSL\s0 \s-1CA\s0 bit set: this is used as a work around if the basicConstraints -+authentication\*(R" \s-1OID.\s0 Netscape certificate type must be absent or it must have -+the \s-1SSL CA\s0 bit set: this is used as a work around if the basicConstraints - extension is absent. - .IP "\fB\s-1SSL\s0 Server\fR" 4 - .IX Item "SSL Server" -@@ -788,7 +812,7 @@ Netscape certificate type must be absent or have t - .IX Item "SSL Server CA" - The extended key usage extension must be absent or include the \*(L"web server - authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. Netscape certificate type must --be absent or the \s-1SSL\s0 \s-1CA\s0 bit must be set: this is used as a work around if the -+be absent or the \s-1SSL CA\s0 bit must be set: this is used as a work around if the - basicConstraints extension is absent. - .IP "\fBNetscape \s-1SSL\s0 Server\fR" 4 - .IX Item "Netscape SSL Server" -@@ -799,7 +823,7 @@ Otherwise it is the same as a normal \s-1SSL\s0 se - .IP "\fBCommon S/MIME Client Tests\fR" 4 - .IX Item "Common S/MIME Client Tests" - The extended key usage extension must be absent or include the \*(L"email --protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or should have the -+protection\*(R" \s-1OID.\s0 Netscape certificate type must be absent or should have the - S/MIME bit set. If the S/MIME bit is not set in netscape certificate type - then the \s-1SSL\s0 client bit is tolerated as an alternative but a warning is shown: - this is because some Verisign certificates don't set the S/MIME bit. -@@ -814,7 +838,7 @@ if the keyUsage extension is present. - .IP "\fBS/MIME \s-1CA\s0\fR" 4 - .IX Item "S/MIME CA" - The extended key usage extension must be absent or include the \*(L"email --protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or must have the -+protection\*(R" \s-1OID.\s0 Netscape certificate type must be absent or must have the - S/MIME \s-1CA\s0 bit set: this is used as a work around if the basicConstraints - extension is absent. - .IP "\fB\s-1CRL\s0 Signing\fR" 4 -@@ -837,7 +861,7 @@ be checked. - There should be options to explicitly set such things as start and end - dates rather than an offset from the current time. - .PP --The code to implement the verify behaviour described in the \fB\s-1TRUST\s0 \s-1SETTINGS\s0\fR -+The code to implement the verify behaviour described in the \fB\s-1TRUST SETTINGS\s0\fR - is currently being developed. It thus describes the intended behaviour rather - than the current behaviour. It is hoped that it will represent reality in - OpenSSL 0.9.5 and later. -@@ -847,4 +871,4 @@ OpenSSL 0.9.5 and later. - \&\fIgendsa\fR\|(1), \fIverify\fR\|(1) - .SH "HISTORY" - .IX Header "HISTORY" --Before OpenSSL 0.9.8, the default digest for \s-1RSA\s0 keys was \s-1MD5\s0. -+Before OpenSSL 0.9.8, the default digest for \s-1RSA\s0 keys was \s-1MD5.\s0 -Index: secure/usr.bin/openssl/man/x509v3_config.1 -=================================================================== ---- secure/usr.bin/openssl/man/x509v3_config.1 (revision 279126) -+++ secure/usr.bin/openssl/man/x509v3_config.1 (working copy) -@@ -1,4 +1,4 @@ --.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) - .\" - .\" Standard preamble: - .\" ======================================================================== -@@ -38,6 +38,8 @@ - . ds PI \(*p - . ds L" `` - . ds R" '' -+. ds C` -+. ds C' - 'br\} - .\" - .\" Escape single quotes in literal strings from groff's Unicode transform. -@@ -48,17 +50,24 @@ - .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index - .\" entries marked with X<> in POD. Of course, you'll have to process the - .\" output yourself in some meaningful fashion. --.ie \nF \{\ --. de IX --. tm Index:\\$1\t\\n%\t"\\$2" -+.\" -+.\" Avoid warning from groff about undefined register 'F'. -+.de IX - .. --. nr % 0 --. rr F --.\} --.el \{\ --. de IX -+.nr rF 0 -+.if \n(.g .if rF .nr rF 1 -+.if (\n(rF:(\n(.g==0)) \{ -+. if \nF \{ -+. de IX -+. tm Index:\\$1\t\\n%\t"\\$2" - .. -+. if !\nF==2 \{ -+. nr % 0 -+. nr F 2 -+. \} -+. \} - .\} -+.rr rF - .\" - .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). - .\" Fear. Run. Save yourself. No user-serviceable parts. -@@ -124,7 +133,7 @@ - .\" ======================================================================== - .\" - .IX Title "X509V3_CONFIG 1" --.TH X509V3_CONFIG 1 "2014-06-05" "0.9.8za" "OpenSSL" -+.TH X509V3_CONFIG 1 "2015-01-08" "0.9.8zd" "OpenSSL" - .\" For nroff, turn off justification. Always turn off hyphenation; it makes - .\" way too many mistakes in technical documents. - .if n .ad l -@@ -185,7 +194,7 @@ use is defined by the extension code itself: check - policies extension for an example. - .PP - If an extension type is unsupported then the \fIarbitrary\fR extension syntax --must be used, see the \s-1ARBITRART\s0 \s-1EXTENSIONS\s0 section for more details. -+must be used, see the \s-1ARBITRARY EXTENSIONS\s0 section for more details. - .SH "STANDARD EXTENSIONS" - .IX Header "STANDARD EXTENSIONS" - The following sections describe each supported extension in detail. -@@ -207,7 +216,7 @@ For example: - .Ve - .PP - A \s-1CA\s0 certificate \fBmust\fR include the basicConstraints value with the \s-1CA\s0 field --set to \s-1TRUE\s0. An end user certificate must either set \s-1CA\s0 to \s-1FALSE\s0 or exclude the -+set to \s-1TRUE.\s0 An end user certificate must either set \s-1CA\s0 to \s-1FALSE\s0 or exclude the - extension entirely. Some software may require the inclusion of basicConstraints - with \s-1CA\s0 set to \s-1FALSE\s0 for end entity certificates. - .PP -@@ -237,7 +246,7 @@ the certificate public key can be used for, - .PP - These can either be object short names of the dotted numerical form of OIDs. - While any \s-1OID\s0 can be used only certain values make sense. In particular the --following \s-1PKIX\s0, \s-1NS\s0 and \s-1MS\s0 values are meaningful: -+following \s-1PKIX, NS\s0 and \s-1MS\s0 values are meaningful: - .PP - .Vb 10 - \& Value Meaning -@@ -296,7 +305,7 @@ Example: - The subject alternative name extension allows various literal values to be - included in the configuration file. These include \fBemail\fR (an email address) - \&\fB\s-1URI\s0\fR a uniform resource indicator, \fB\s-1DNS\s0\fR (a \s-1DNS\s0 domain name), \fB\s-1RID\s0\fR (a --registered \s-1ID:\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0), \fB\s-1IP\s0\fR (an \s-1IP\s0 address), \fBdirName\fR -+registered \s-1ID: OBJECT IDENTIFIER\s0), \fB\s-1IP\s0\fR (an \s-1IP\s0 address), \fBdirName\fR - (a distinguished name) and otherName. - .PP - The email option include a special 'copy' value. This will automatically -@@ -307,11 +316,11 @@ The \s-1IP\s0 address used in the \fB\s-1IP\s0\fR - .PP - The value of \fBdirName\fR should point to a section containing the distinguished - name to use as a set of name value pairs. Multi values AVAs can be formed by --preceeding the name with a \fB+\fR character. -+preceding the name with a \fB+\fR character. - .PP - otherName can include arbitrary data associated with an \s-1OID:\s0 the value - should be the \s-1OID\s0 followed by a semicolon and the content in standard --\&\fIASN1_generate_nconf()\fR format. -+\&\fIASN1_generate_nconf\fR\|(3) format. - .PP - Examples: - .PP -@@ -346,7 +355,7 @@ Example: - .SS "Authority Info Access." - .IX Subsection "Authority Info Access." - The authority information access extension gives details about how to access --certain information relating to the \s-1CA\s0. Its syntax is accessOID;location -+certain information relating to the \s-1CA.\s0 Its syntax is accessOID;location - where \fIlocation\fR has the same syntax as subject alternative name (except - that email:copy is not supported). accessOID can be any valid \s-1OID\s0 but only - certain values are meaningful, for example \s-1OCSP\s0 and caIssuers. -@@ -359,22 +368,84 @@ Example: - .Ve - .SS "\s-1CRL\s0 distribution points." - .IX Subsection "CRL distribution points." --This is a multi-valued extension that supports all the literal options of --subject alternative name. Of the few software packages that currently interpret --this extension most only interpret the \s-1URI\s0 option. -+This is a multi-valued extension whose options can be either in name:value pair -+using the same form as subject alternative name or a single value representing -+a section name containing all the distribution point fields. - .PP --Currently each option will set a new DistributionPoint with the fullName --field set to the given value. -+For a name:value pair a new DistributionPoint with the fullName field set to -+the given value both the cRLissuer and reasons fields are omitted in this case. - .PP --Other fields like cRLissuer and reasons cannot currently be set or displayed: --at this time no examples were available that used these fields. -+In the single option case the section indicated contains values for each -+field. In this section: - .PP --Examples: -+If the name is \*(L"fullname\*(R" the value field should contain the full name -+of the distribution point in the same format as subject alternative name. - .PP -+If the name is \*(L"relativename\*(R" then the value field should contain a section -+name whose contents represent a \s-1DN\s0 fragment to be placed in this field. -+.PP -+The name \*(L"CRLIssuer\*(R" if present should contain a value for this field in -+subject alternative name format. -+.PP -+If the name is \*(L"reasons\*(R" the value field should consist of a comma -+separated field containing the reasons. Valid reasons are: \*(L"keyCompromise\*(R", -+\&\*(L"CACompromise\*(R", \*(L"affiliationChanged\*(R", \*(L"superseded\*(R", \*(L"cessationOfOperation\*(R", -+\&\*(L"certificateHold\*(R", \*(L"privilegeWithdrawn\*(R" and \*(L"AACompromise\*(R". -+.PP -+Simple examples: -+.PP - .Vb 2 - \& crlDistributionPoints=URI:http://myhost.com/myca.crl - \& crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl - .Ve -+.PP -+Full distribution point example: -+.PP -+.Vb 1 -+\& crlDistributionPoints=crldp1_section -+\& -+\& [crldp1_section] -+\& -+\& fullname=URI:http://myhost.com/myca.crl -+\& CRLissuer=dirName:issuer_sect -+\& reasons=keyCompromise, CACompromise -+\& -+\& [issuer_sect] -+\& C=UK -+\& O=Organisation -+\& CN=Some Name -+.Ve -+.SS "Issuing Distribution Point" -+.IX Subsection "Issuing Distribution Point" -+This extension should only appear in CRLs. It is a multi valued extension -+whose syntax is similar to the \*(L"section\*(R" pointed to by the \s-1CRL\s0 distribution -+points extension with a few differences. -+.PP -+The names \*(L"reasons\*(R" and \*(L"CRLissuer\*(R" are not recognized. -+.PP -+The name \*(L"onlysomereasons\*(R" is accepted which sets this field. The value is -+in the same format as the \s-1CRL\s0 distribution point \*(L"reasons\*(R" field. -+.PP -+The names \*(L"onlyuser\*(R", \*(L"onlyCA\*(R", \*(L"onlyAA\*(R" and \*(L"indirectCRL\*(R" are also accepted -+the values should be a boolean value (\s-1TRUE\s0 or \s-1FALSE\s0) to indicate the value of -+the corresponding field. -+.PP -+Example: -+.PP -+.Vb 1 -+\& issuingDistributionPoint=critical, @idp_section -+\& -+\& [idp_section] -+\& -+\& fullname=URI:http://myhost.com/myca.crl -+\& indirectCRL=TRUE -+\& onlysomereasons=keyCompromise, CACompromise -+\& -+\& [issuer_sect] -+\& C=UK -+\& O=Organisation -+\& CN=Some Name -+.Ve - .SS "Certificate Policies." - .IX Subsection "Certificate Policies." - This is a \fIraw\fR extension. All the fields of this extension can be set by -@@ -381,7 +452,7 @@ This is a \fIraw\fR extension. All the fields of t - using the appropriate syntax. - .PP - If you follow the \s-1PKIX\s0 recommendations and just using one \s-1OID\s0 then you just --include the value of that \s-1OID\s0. Multiple OIDs can be set separated by commas, -+include the value of that \s-1OID.\s0 Multiple OIDs can be set separated by commas, - for example: - .PP - .Vb 1 -@@ -472,6 +543,15 @@ Examples: - \& - \& nameConstraints=excluded;email:.com - .Ve -+.SS "\s-1OCSP\s0 No Check" -+.IX Subsection "OCSP No Check" -+The \s-1OCSP\s0 No Check extension is a string extension but its value is ignored. -+.PP -+Example: -+.PP -+.Vb 1 -+\& noCheck = ignored -+.Ve - .SH "DEPRECATED EXTENSIONS" - .IX Header "DEPRECATED EXTENSIONS" - The following extensions are non standard, Netscape specific and largely -@@ -509,7 +589,8 @@ the data is formatted correctly for the given exte - There are two ways to encode arbitrary extensions. - .PP - The first way is to use the word \s-1ASN1\s0 followed by the extension content --using the same syntax as \fIASN1_generate_nconf()\fR. For example: -+using the same syntax as \fIASN1_generate_nconf\fR\|(3). -+For example: - .PP - .Vb 1 - \& 1.2.3.4=critical,ASN1:UTF8String:Some random data -@@ -598,4 +679,5 @@ The \fBdirectoryName\fR and \fBotherName\fR option - for arbitrary extensions was added in OpenSSL 0.9.8 - .SH "SEE ALSO" - .IX Header "SEE ALSO" --\&\fIreq\fR\|(1), \fIca\fR\|(1), \fIx509\fR\|(1) -+\&\fIreq\fR\|(1), \fIca\fR\|(1), \fIx509\fR\|(1), -+\&\fIASN1_generate_nconf\fR\|(3) |