Upgrade to OpenSSL 0.9.8b.

1 files changed, 21 insertions, 7 deletions

diff --git a/secure/lib/libcrypto/man/PKCS7_sign.3 b/secure/lib/libcrypto/man/PKCS7_sign.3
index 1f3c1f08c529..275b9a732fbb 100644
--- a/secure/lib/libcrypto/man/PKCS7_sign.3
+++ b/secure/lib/libcrypto/man/PKCS7_sign.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14
+.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -129,7 +129,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS7_sign 3"
-.TH PKCS7_sign 3 "2005-02-24" "0.9.7d" "OpenSSL"
+.TH PKCS7_sign 3 "2006-07-29" "0.9.8b" "OpenSSL"
 .SH "NAME"
 PKCS7_sign \- create a PKCS#7 signedData structure
 .SH "SYNOPSIS"
@@ -176,6 +176,23 @@ omitted.
 If present the SMIMECapabilities attribute indicates support for the following
 algorithms: triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. If any
 of these algorithms is disabled then it will not be included.
+.PP
+If the flags \fB\s-1PKCS7_PARTSIGN\s0\fR is set then the returned \fB\s-1PKCS7\s0\fR structure
+is just initialized ready to perform the signing operation. The signing
+is however \fBnot\fR performed and the data to be signed is not read from
+the \fBdata\fR parameter. Signing is deferred until after the data has been
+written. In this way data can be signed in a single pass. Currently the
+flag \fB\s-1PKCS7_DETACHED\s0\fR \fBmust\fR also be set.
+.SH "NOTES"
+.IX Header "NOTES"
+Currently the flag \fB\s-1PKCS7_PARTSIGN\s0\fR is only supported for detached
+data. If this flag is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR
+complete and outputting its contents via a function that does not
+properly finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable 
+results.
+.PP
+At present only the \fISMIME_write_PKCS7()\fR function properly finalizes the
+structure.
 .SH "BUGS"
 .IX Header "BUGS"
 \&\fIPKCS7_sign()\fR is somewhat limited. It does not support multiple signers, some
@@ -188,11 +205,6 @@ When the signed data is not detached it will be stored in memory within the
 signed due to memory restraints. There should be a way to sign data without
 having to hold it all in memory, this would however require fairly major
 revisions of the OpenSSL \s-1ASN1\s0 code.
-.PP
-Clear text signing does not store the content in memory but the way \fIPKCS7_sign()\fR
-operates means that two passes of the data must typically be made: one to compute
-the signatures and a second to output the data along with the signature. There
-should be a way to process the data with only a single pass.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 \&\fIPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred.
@@ -203,3 +215,5 @@ The error can be obtained from \fIERR_get_error\fR\|(3).
 .SH "HISTORY"
 .IX Header "HISTORY"
 \&\fIPKCS7_sign()\fR was added to OpenSSL 0.9.5
+.PP
+The \fB\s-1PKCS7_PARTSIGN\s0\fR flag was added in OpenSSL 0.9.8