Annotation of /trunk/openssl/patches/openssl-0.9.7m-fix-manpages.patch
Parent Directory | Revision Log
Revision 153 -
(hide annotations)
(download)
Tue May 8 20:52:56 2007 UTC (17 years, 4 months ago) by niro
File size: 79092 byte(s)
Tue May 8 20:52:56 2007 UTC (17 years, 4 months ago) by niro
File size: 79092 byte(s)
-import
1 | niro | 153 | diff -Naur openssl-0.9.7m/crypto/rand/md_rand.c openssl-0.9.7m-man-fixed/crypto/rand/md_rand.c |
2 | --- openssl-0.9.7m/crypto/rand/md_rand.c 2007-01-21 17:02:21.000000000 +0100 | ||
3 | +++ openssl-0.9.7m-man-fixed/crypto/rand/md_rand.c 2007-03-22 22:24:37.000000000 +0100 | ||
4 | @@ -197,7 +197,7 @@ | ||
5 | int do_not_lock; | ||
6 | |||
7 | /* | ||
8 | - * (Based on the rand(3) manpage) | ||
9 | + * (Based on the openssl_rand(3) manpage) | ||
10 | * | ||
11 | * The input is chopped up into units of 20 bytes (or less for | ||
12 | * the last block). Each of these blocks is run through the hash | ||
13 | @@ -360,7 +360,7 @@ | ||
14 | num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2); | ||
15 | |||
16 | /* | ||
17 | - * (Based on the rand(3) manpage:) | ||
18 | + * (Based on the openssl_rand(3) manpage) | ||
19 | * | ||
20 | * For each group of 10 bytes (or less), we do the following: | ||
21 | * | ||
22 | diff -Naur openssl-0.9.7m/doc/apps/openssl-passwd.pod openssl-0.9.7m-man-fixed/doc/apps/openssl-passwd.pod | ||
23 | --- openssl-0.9.7m/doc/apps/openssl-passwd.pod 1970-01-01 01:00:00.000000000 +0100 | ||
24 | +++ openssl-0.9.7m-man-fixed/doc/apps/openssl-passwd.pod 2007-03-22 22:24:37.000000000 +0100 | ||
25 | @@ -0,0 +1,82 @@ | ||
26 | +=pod | ||
27 | + | ||
28 | +=head1 NAME | ||
29 | + | ||
30 | +openssl-passwd - compute password hashes | ||
31 | + | ||
32 | +=head1 SYNOPSIS | ||
33 | + | ||
34 | +B<openssl passwd> | ||
35 | +[B<-crypt>] | ||
36 | +[B<-1>] | ||
37 | +[B<-apr1>] | ||
38 | +[B<-salt> I<string>] | ||
39 | +[B<-in> I<file>] | ||
40 | +[B<-stdin>] | ||
41 | +[B<-noverify>] | ||
42 | +[B<-quiet>] | ||
43 | +[B<-table>] | ||
44 | +{I<password>} | ||
45 | + | ||
46 | +=head1 DESCRIPTION | ||
47 | + | ||
48 | +The B<passwd> command computes the hash of a password typed at | ||
49 | +run-time or the hash of each password in a list. The password list is | ||
50 | +taken from the named file for option B<-in file>, from stdin for | ||
51 | +option B<-stdin>, or from the command line, or from the terminal otherwise. | ||
52 | +The Unix standard algorithm B<crypt> and the MD5-based BSD password | ||
53 | +algorithm B<1> and its Apache variant B<apr1> are available. | ||
54 | + | ||
55 | +=head1 OPTIONS | ||
56 | + | ||
57 | +=over 4 | ||
58 | + | ||
59 | +=item B<-crypt> | ||
60 | + | ||
61 | +Use the B<crypt> algorithm (default). | ||
62 | + | ||
63 | +=item B<-1> | ||
64 | + | ||
65 | +Use the MD5 based BSD password algorithm B<1>. | ||
66 | + | ||
67 | +=item B<-apr1> | ||
68 | + | ||
69 | +Use the B<apr1> algorithm (Apache variant of the BSD algorithm). | ||
70 | + | ||
71 | +=item B<-salt> I<string> | ||
72 | + | ||
73 | +Use the specified salt. | ||
74 | +When reading a password from the terminal, this implies B<-noverify>. | ||
75 | + | ||
76 | +=item B<-in> I<file> | ||
77 | + | ||
78 | +Read passwords from I<file>. | ||
79 | + | ||
80 | +=item B<-stdin> | ||
81 | + | ||
82 | +Read passwords from B<stdin>. | ||
83 | + | ||
84 | +=item B<-noverify> | ||
85 | + | ||
86 | +Don't verify when reading a password from the terminal. | ||
87 | + | ||
88 | +=item B<-quiet> | ||
89 | + | ||
90 | +Don't output warnings when passwords given at the command line are truncated. | ||
91 | + | ||
92 | +=item B<-table> | ||
93 | + | ||
94 | +In the output list, prepend the cleartext password and a TAB character | ||
95 | +to each password hash. | ||
96 | + | ||
97 | +=back | ||
98 | + | ||
99 | +=head1 EXAMPLES | ||
100 | + | ||
101 | +B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>. | ||
102 | + | ||
103 | +B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>. | ||
104 | + | ||
105 | +B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>. | ||
106 | + | ||
107 | +=cut | ||
108 | diff -Naur openssl-0.9.7m/doc/apps/openssl.pod openssl-0.9.7m-man-fixed/doc/apps/openssl.pod | ||
109 | --- openssl-0.9.7m/doc/apps/openssl.pod 2004-01-04 20:03:51.000000000 +0100 | ||
110 | +++ openssl-0.9.7m-man-fixed/doc/apps/openssl.pod 2007-03-22 22:24:37.000000000 +0100 | ||
111 | @@ -125,7 +125,7 @@ | ||
112 | |||
113 | Online Certificate Status Protocol utility. | ||
114 | |||
115 | -=item L<B<passwd>|passwd(1)> | ||
116 | +=item L<B<passwd>|openssl-passwd(1)> | ||
117 | |||
118 | Generation of hashed passwords. | ||
119 | |||
120 | @@ -325,7 +325,7 @@ | ||
121 | L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>, | ||
122 | L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, | ||
123 | L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>, | ||
124 | -L<passwd(1)|passwd(1)>, | ||
125 | +L<openssl-passwd(1)|openssl-passwd(1)>, | ||
126 | L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>, | ||
127 | L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>, | ||
128 | L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>, | ||
129 | diff -Naur openssl-0.9.7m/doc/apps/passwd.pod openssl-0.9.7m-man-fixed/doc/apps/passwd.pod | ||
130 | --- openssl-0.9.7m/doc/apps/passwd.pod 2002-10-04 02:03:37.000000000 +0200 | ||
131 | +++ openssl-0.9.7m-man-fixed/doc/apps/passwd.pod 1970-01-01 01:00:00.000000000 +0100 | ||
132 | @@ -1,82 +0,0 @@ | ||
133 | -=pod | ||
134 | - | ||
135 | -=head1 NAME | ||
136 | - | ||
137 | -passwd - compute password hashes | ||
138 | - | ||
139 | -=head1 SYNOPSIS | ||
140 | - | ||
141 | -B<openssl passwd> | ||
142 | -[B<-crypt>] | ||
143 | -[B<-1>] | ||
144 | -[B<-apr1>] | ||
145 | -[B<-salt> I<string>] | ||
146 | -[B<-in> I<file>] | ||
147 | -[B<-stdin>] | ||
148 | -[B<-noverify>] | ||
149 | -[B<-quiet>] | ||
150 | -[B<-table>] | ||
151 | -{I<password>} | ||
152 | - | ||
153 | -=head1 DESCRIPTION | ||
154 | - | ||
155 | -The B<passwd> command computes the hash of a password typed at | ||
156 | -run-time or the hash of each password in a list. The password list is | ||
157 | -taken from the named file for option B<-in file>, from stdin for | ||
158 | -option B<-stdin>, or from the command line, or from the terminal otherwise. | ||
159 | -The Unix standard algorithm B<crypt> and the MD5-based BSD password | ||
160 | -algorithm B<1> and its Apache variant B<apr1> are available. | ||
161 | - | ||
162 | -=head1 OPTIONS | ||
163 | - | ||
164 | -=over 4 | ||
165 | - | ||
166 | -=item B<-crypt> | ||
167 | - | ||
168 | -Use the B<crypt> algorithm (default). | ||
169 | - | ||
170 | -=item B<-1> | ||
171 | - | ||
172 | -Use the MD5 based BSD password algorithm B<1>. | ||
173 | - | ||
174 | -=item B<-apr1> | ||
175 | - | ||
176 | -Use the B<apr1> algorithm (Apache variant of the BSD algorithm). | ||
177 | - | ||
178 | -=item B<-salt> I<string> | ||
179 | - | ||
180 | -Use the specified salt. | ||
181 | -When reading a password from the terminal, this implies B<-noverify>. | ||
182 | - | ||
183 | -=item B<-in> I<file> | ||
184 | - | ||
185 | -Read passwords from I<file>. | ||
186 | - | ||
187 | -=item B<-stdin> | ||
188 | - | ||
189 | -Read passwords from B<stdin>. | ||
190 | - | ||
191 | -=item B<-noverify> | ||
192 | - | ||
193 | -Don't verify when reading a password from the terminal. | ||
194 | - | ||
195 | -=item B<-quiet> | ||
196 | - | ||
197 | -Don't output warnings when passwords given at the command line are truncated. | ||
198 | - | ||
199 | -=item B<-table> | ||
200 | - | ||
201 | -In the output list, prepend the cleartext password and a TAB character | ||
202 | -to each password hash. | ||
203 | - | ||
204 | -=back | ||
205 | - | ||
206 | -=head1 EXAMPLES | ||
207 | - | ||
208 | -B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>. | ||
209 | - | ||
210 | -B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>. | ||
211 | - | ||
212 | -B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>. | ||
213 | - | ||
214 | -=cut | ||
215 | diff -Naur openssl-0.9.7m/doc/crypto/BN_generate_prime.pod openssl-0.9.7m-man-fixed/doc/crypto/BN_generate_prime.pod | ||
216 | --- openssl-0.9.7m/doc/crypto/BN_generate_prime.pod 2003-01-13 14:16:46.000000000 +0100 | ||
217 | +++ openssl-0.9.7m-man-fixed/doc/crypto/BN_generate_prime.pod 2007-03-22 22:24:37.000000000 +0100 | ||
218 | @@ -90,7 +90,7 @@ | ||
219 | |||
220 | =head1 SEE ALSO | ||
221 | |||
222 | -L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)> | ||
223 | +L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)> | ||
224 | |||
225 | =head1 HISTORY | ||
226 | |||
227 | diff -Naur openssl-0.9.7m/doc/crypto/bn.pod openssl-0.9.7m-man-fixed/doc/crypto/bn.pod | ||
228 | --- openssl-0.9.7m/doc/crypto/bn.pod 2001-09-03 14:58:16.000000000 +0200 | ||
229 | +++ openssl-0.9.7m-man-fixed/doc/crypto/bn.pod 2007-03-22 22:24:37.000000000 +0100 | ||
230 | @@ -145,7 +145,7 @@ | ||
231 | =head1 SEE ALSO | ||
232 | |||
233 | L<bn_internal(3)|bn_internal(3)>, | ||
234 | -L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, | ||
235 | +L<dh(3)|dh(3)>, L<openssl_err(3)|openssl_err(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, | ||
236 | L<BN_new(3)|BN_new(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>, | ||
237 | L<BN_copy(3)|BN_copy(3)>, L<BN_swap(3)|BN_swap(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>, | ||
238 | L<BN_add(3)|BN_add(3)>, L<BN_add_word(3)|BN_add_word(3)>, | ||
239 | diff -Naur openssl-0.9.7m/doc/crypto/BN_rand.pod openssl-0.9.7m-man-fixed/doc/crypto/BN_rand.pod | ||
240 | --- openssl-0.9.7m/doc/crypto/BN_rand.pod 2002-09-25 15:34:35.000000000 +0200 | ||
241 | +++ openssl-0.9.7m-man-fixed/doc/crypto/BN_rand.pod 2007-03-22 22:24:37.000000000 +0100 | ||
242 | @@ -45,7 +45,7 @@ | ||
243 | |||
244 | =head1 SEE ALSO | ||
245 | |||
246 | -L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, | ||
247 | +L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, | ||
248 | L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)> | ||
249 | |||
250 | =head1 HISTORY | ||
251 | diff -Naur openssl-0.9.7m/doc/crypto/CONF_modules_free.pod openssl-0.9.7m-man-fixed/doc/crypto/CONF_modules_free.pod | ||
252 | --- openssl-0.9.7m/doc/crypto/CONF_modules_free.pod 2004-03-02 13:46:09.000000000 +0100 | ||
253 | +++ openssl-0.9.7m-man-fixed/doc/crypto/CONF_modules_free.pod 2007-03-22 22:24:37.000000000 +0100 | ||
254 | @@ -37,7 +37,7 @@ | ||
255 | =head1 SEE ALSO | ||
256 | |||
257 | L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>, | ||
258 | -L<CONF_modules_load_file(3), CONF_modules_load_file(3)> | ||
259 | +L<CONF_modules_load_file(3)|CONF_modules_load_file(3)> | ||
260 | |||
261 | =head1 HISTORY | ||
262 | |||
263 | diff -Naur openssl-0.9.7m/doc/crypto/CONF_modules_load_file.pod openssl-0.9.7m-man-fixed/doc/crypto/CONF_modules_load_file.pod | ||
264 | --- openssl-0.9.7m/doc/crypto/CONF_modules_load_file.pod 2004-03-02 13:46:09.000000000 +0100 | ||
265 | +++ openssl-0.9.7m-man-fixed/doc/crypto/CONF_modules_load_file.pod 2007-03-22 22:24:37.000000000 +0100 | ||
266 | @@ -51,7 +51,7 @@ | ||
267 | =head1 SEE ALSO | ||
268 | |||
269 | L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>, | ||
270 | -L<CONF_free(3), CONF_free(3)>, L<err(3),err(3)> | ||
271 | +L<CONF_free(3)|CONF_free(3)>, L<openssl_err(3)|openssl_err(3)> | ||
272 | |||
273 | =head1 HISTORY | ||
274 | |||
275 | diff -Naur openssl-0.9.7m/doc/crypto/crypto.pod openssl-0.9.7m-man-fixed/doc/crypto/crypto.pod | ||
276 | --- openssl-0.9.7m/doc/crypto/crypto.pod 2002-10-09 19:14:40.000000000 +0200 | ||
277 | +++ openssl-0.9.7m-man-fixed/doc/crypto/crypto.pod 2007-03-22 22:24:37.000000000 +0100 | ||
278 | @@ -46,7 +46,7 @@ | ||
279 | |||
280 | =item AUXILIARY FUNCTIONS | ||
281 | |||
282 | -L<err(3)|err(3)>, L<threads(3)|threads(3)>, L<rand(3)|rand(3)>, | ||
283 | +L<openssl_err(3)|openssl_err(3)>, L<openssl_threads(3)|openssl_threads(3)>, L<openssl_rand(3)|openssl_rand(3)>, | ||
284 | L<OPENSSL_VERSION_NUMBER(3)|OPENSSL_VERSION_NUMBER(3)> | ||
285 | |||
286 | =item INPUT/OUTPUT, DATA ENCODING | ||
287 | diff -Naur openssl-0.9.7m/doc/crypto/des.pod openssl-0.9.7m-man-fixed/doc/crypto/des.pod | ||
288 | --- openssl-0.9.7m/doc/crypto/des.pod 2003-10-01 17:02:48.000000000 +0200 | ||
289 | +++ openssl-0.9.7m-man-fixed/doc/crypto/des.pod 2007-03-22 22:24:37.000000000 +0100 | ||
290 | @@ -115,7 +115,7 @@ | ||
291 | the key; it is used to speed the encryption process. | ||
292 | |||
293 | DES_random_key() generates a random key. The PRNG must be seeded | ||
294 | -prior to using this function (see L<rand(3)|rand(3)>). If the PRNG | ||
295 | +prior to using this function (see L<openssl_rand(3)|openssl_rand(3)>). If the PRNG | ||
296 | could not generate a secure key, 0 is returned. | ||
297 | |||
298 | Before a DES key can be used, it must be converted into the | ||
299 | @@ -317,7 +317,7 @@ | ||
300 | |||
301 | =head1 SEE ALSO | ||
302 | |||
303 | -crypt(3), L<des_modes(7)|des_modes(7)>, L<evp(3)|evp(3)>, L<rand(3)|rand(3)> | ||
304 | +crypt(3), L<des_modes(7)|des_modes(7)>, L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)> | ||
305 | |||
306 | =head1 HISTORY | ||
307 | |||
308 | diff -Naur openssl-0.9.7m/doc/crypto/DH_generate_key.pod openssl-0.9.7m-man-fixed/doc/crypto/DH_generate_key.pod | ||
309 | --- openssl-0.9.7m/doc/crypto/DH_generate_key.pod 2002-09-25 15:34:35.000000000 +0200 | ||
310 | +++ openssl-0.9.7m-man-fixed/doc/crypto/DH_generate_key.pod 2007-03-22 22:24:37.000000000 +0100 | ||
311 | @@ -40,7 +40,7 @@ | ||
312 | |||
313 | =head1 SEE ALSO | ||
314 | |||
315 | -L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)> | ||
316 | +L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<DH_size(3)|DH_size(3)> | ||
317 | |||
318 | =head1 HISTORY | ||
319 | |||
320 | diff -Naur openssl-0.9.7m/doc/crypto/DH_generate_parameters.pod openssl-0.9.7m-man-fixed/doc/crypto/DH_generate_parameters.pod | ||
321 | --- openssl-0.9.7m/doc/crypto/DH_generate_parameters.pod 2002-09-25 15:34:35.000000000 +0200 | ||
322 | +++ openssl-0.9.7m-man-fixed/doc/crypto/DH_generate_parameters.pod 2007-03-22 22:24:37.000000000 +0100 | ||
323 | @@ -59,7 +59,7 @@ | ||
324 | |||
325 | =head1 SEE ALSO | ||
326 | |||
327 | -L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, | ||
328 | +L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, | ||
329 | L<DH_free(3)|DH_free(3)> | ||
330 | |||
331 | =head1 HISTORY | ||
332 | diff -Naur openssl-0.9.7m/doc/crypto/dh.pod openssl-0.9.7m-man-fixed/doc/crypto/dh.pod | ||
333 | --- openssl-0.9.7m/doc/crypto/dh.pod 2002-08-05 18:28:58.000000000 +0200 | ||
334 | +++ openssl-0.9.7m-man-fixed/doc/crypto/dh.pod 2007-03-22 22:24:37.000000000 +0100 | ||
335 | @@ -67,8 +67,8 @@ | ||
336 | |||
337 | =head1 SEE ALSO | ||
338 | |||
339 | -L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, | ||
340 | -L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>, | ||
341 | +L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<openssl_err(3)|openssl_err(3)>, | ||
342 | +L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>, | ||
343 | L<DH_set_method(3)|DH_set_method(3)>, L<DH_new(3)|DH_new(3)>, | ||
344 | L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>, | ||
345 | L<DH_generate_parameters(3)|DH_generate_parameters(3)>, | ||
346 | diff -Naur openssl-0.9.7m/doc/crypto/DSA_do_sign.pod openssl-0.9.7m-man-fixed/doc/crypto/DSA_do_sign.pod | ||
347 | --- openssl-0.9.7m/doc/crypto/DSA_do_sign.pod 2002-09-25 15:34:35.000000000 +0200 | ||
348 | +++ openssl-0.9.7m-man-fixed/doc/crypto/DSA_do_sign.pod 2007-03-22 22:24:37.000000000 +0100 | ||
349 | @@ -36,7 +36,7 @@ | ||
350 | |||
351 | =head1 SEE ALSO | ||
352 | |||
353 | -L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, | ||
354 | +L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, | ||
355 | L<DSA_SIG_new(3)|DSA_SIG_new(3)>, | ||
356 | L<DSA_sign(3)|DSA_sign(3)> | ||
357 | |||
358 | diff -Naur openssl-0.9.7m/doc/crypto/DSA_generate_key.pod openssl-0.9.7m-man-fixed/doc/crypto/DSA_generate_key.pod | ||
359 | --- openssl-0.9.7m/doc/crypto/DSA_generate_key.pod 2002-09-25 15:34:35.000000000 +0200 | ||
360 | +++ openssl-0.9.7m-man-fixed/doc/crypto/DSA_generate_key.pod 2007-03-22 22:24:37.000000000 +0100 | ||
361 | @@ -24,7 +24,7 @@ | ||
362 | |||
363 | =head1 SEE ALSO | ||
364 | |||
365 | -L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, | ||
366 | +L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, | ||
367 | L<DSA_generate_parameters(3)|DSA_generate_parameters(3)> | ||
368 | |||
369 | =head1 HISTORY | ||
370 | diff -Naur openssl-0.9.7m/doc/crypto/DSA_generate_parameters.pod openssl-0.9.7m-man-fixed/doc/crypto/DSA_generate_parameters.pod | ||
371 | --- openssl-0.9.7m/doc/crypto/DSA_generate_parameters.pod 2002-09-25 15:34:36.000000000 +0200 | ||
372 | +++ openssl-0.9.7m-man-fixed/doc/crypto/DSA_generate_parameters.pod 2007-03-22 22:24:37.000000000 +0100 | ||
373 | @@ -90,7 +90,7 @@ | ||
374 | |||
375 | =head1 SEE ALSO | ||
376 | |||
377 | -L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, | ||
378 | +L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, | ||
379 | L<DSA_free(3)|DSA_free(3)> | ||
380 | |||
381 | =head1 HISTORY | ||
382 | diff -Naur openssl-0.9.7m/doc/crypto/dsa.pod openssl-0.9.7m-man-fixed/doc/crypto/dsa.pod | ||
383 | --- openssl-0.9.7m/doc/crypto/dsa.pod 2002-08-05 18:28:58.000000000 +0200 | ||
384 | +++ openssl-0.9.7m-man-fixed/doc/crypto/dsa.pod 2007-03-22 22:24:37.000000000 +0100 | ||
385 | @@ -100,7 +100,7 @@ | ||
386 | |||
387 | =head1 SEE ALSO | ||
388 | |||
389 | -L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, | ||
390 | +L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<openssl_err(3)|openssl_err(3)>, L<openssl_rand(3)|openssl_rand(3)>, | ||
391 | L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<engine(3)|engine(3)>, | ||
392 | L<DSA_new(3)|DSA_new(3)>, | ||
393 | L<DSA_size(3)|DSA_size(3)>, | ||
394 | diff -Naur openssl-0.9.7m/doc/crypto/DSA_sign.pod openssl-0.9.7m-man-fixed/doc/crypto/DSA_sign.pod | ||
395 | --- openssl-0.9.7m/doc/crypto/DSA_sign.pod 2002-09-25 15:34:36.000000000 +0200 | ||
396 | +++ openssl-0.9.7m-man-fixed/doc/crypto/DSA_sign.pod 2007-03-22 22:24:37.000000000 +0100 | ||
397 | @@ -55,7 +55,7 @@ | ||
398 | |||
399 | =head1 SEE ALSO | ||
400 | |||
401 | -L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, | ||
402 | +L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, | ||
403 | L<DSA_do_sign(3)|DSA_do_sign(3)> | ||
404 | |||
405 | =head1 HISTORY | ||
406 | diff -Naur openssl-0.9.7m/doc/crypto/engine.pod openssl-0.9.7m-man-fixed/doc/crypto/engine.pod | ||
407 | --- openssl-0.9.7m/doc/crypto/engine.pod 2002-12-15 22:20:25.000000000 +0100 | ||
408 | +++ openssl-0.9.7m-man-fixed/doc/crypto/engine.pod 2007-03-22 22:24:37.000000000 +0100 | ||
409 | @@ -615,7 +615,7 @@ | ||
410 | |||
411 | =head1 SEE ALSO | ||
412 | |||
413 | -L<rsa(3)|rsa(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<rand(3)|rand(3)>, | ||
414 | +L<rsa(3)|rsa(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<openssl_rand(3)|openssl_rand(3)>, | ||
415 | L<RSA_new_method(3)|RSA_new_method(3)> | ||
416 | |||
417 | =cut | ||
418 | diff -Naur openssl-0.9.7m/doc/crypto/ERR_clear_error.pod openssl-0.9.7m-man-fixed/doc/crypto/ERR_clear_error.pod | ||
419 | --- openssl-0.9.7m/doc/crypto/ERR_clear_error.pod 2000-02-01 02:36:58.000000000 +0100 | ||
420 | +++ openssl-0.9.7m-man-fixed/doc/crypto/ERR_clear_error.pod 2007-03-22 22:24:37.000000000 +0100 | ||
421 | @@ -20,7 +20,7 @@ | ||
422 | |||
423 | =head1 SEE ALSO | ||
424 | |||
425 | -L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> | ||
426 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> | ||
427 | |||
428 | =head1 HISTORY | ||
429 | |||
430 | diff -Naur openssl-0.9.7m/doc/crypto/ERR_error_string.pod openssl-0.9.7m-man-fixed/doc/crypto/ERR_error_string.pod | ||
431 | --- openssl-0.9.7m/doc/crypto/ERR_error_string.pod 2004-11-14 16:11:16.000000000 +0100 | ||
432 | +++ openssl-0.9.7m-man-fixed/doc/crypto/ERR_error_string.pod 2007-03-22 22:24:37.000000000 +0100 | ||
433 | @@ -60,7 +60,7 @@ | ||
434 | |||
435 | =head1 SEE ALSO | ||
436 | |||
437 | -L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, | ||
438 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, | ||
439 | L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, | ||
440 | L<SSL_load_error_strings(3)|SSL_load_error_strings(3)> | ||
441 | L<ERR_print_errors(3)|ERR_print_errors(3)> | ||
442 | diff -Naur openssl-0.9.7m/doc/crypto/ERR_get_error.pod openssl-0.9.7m-man-fixed/doc/crypto/ERR_get_error.pod | ||
443 | --- openssl-0.9.7m/doc/crypto/ERR_get_error.pod 2002-11-29 15:22:04.000000000 +0100 | ||
444 | +++ openssl-0.9.7m-man-fixed/doc/crypto/ERR_get_error.pod 2007-03-22 22:24:37.000000000 +0100 | ||
445 | @@ -61,7 +61,7 @@ | ||
446 | |||
447 | =head1 SEE ALSO | ||
448 | |||
449 | -L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, | ||
450 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, | ||
451 | L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> | ||
452 | |||
453 | =head1 HISTORY | ||
454 | diff -Naur openssl-0.9.7m/doc/crypto/ERR_GET_LIB.pod openssl-0.9.7m-man-fixed/doc/crypto/ERR_GET_LIB.pod | ||
455 | --- openssl-0.9.7m/doc/crypto/ERR_GET_LIB.pod 2000-02-01 02:36:58.000000000 +0100 | ||
456 | +++ openssl-0.9.7m-man-fixed/doc/crypto/ERR_GET_LIB.pod 2007-03-22 22:24:37.000000000 +0100 | ||
457 | @@ -41,7 +41,7 @@ | ||
458 | |||
459 | =head1 SEE ALSO | ||
460 | |||
461 | -L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> | ||
462 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> | ||
463 | |||
464 | =head1 HISTORY | ||
465 | |||
466 | diff -Naur openssl-0.9.7m/doc/crypto/ERR_load_crypto_strings.pod openssl-0.9.7m-man-fixed/doc/crypto/ERR_load_crypto_strings.pod | ||
467 | --- openssl-0.9.7m/doc/crypto/ERR_load_crypto_strings.pod 2000-02-24 12:55:08.000000000 +0100 | ||
468 | +++ openssl-0.9.7m-man-fixed/doc/crypto/ERR_load_crypto_strings.pod 2007-03-22 22:24:37.000000000 +0100 | ||
469 | @@ -35,7 +35,7 @@ | ||
470 | |||
471 | =head1 SEE ALSO | ||
472 | |||
473 | -L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)> | ||
474 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_error_string(3)|ERR_error_string(3)> | ||
475 | |||
476 | =head1 HISTORY | ||
477 | |||
478 | diff -Naur openssl-0.9.7m/doc/crypto/ERR_load_strings.pod openssl-0.9.7m-man-fixed/doc/crypto/ERR_load_strings.pod | ||
479 | --- openssl-0.9.7m/doc/crypto/ERR_load_strings.pod 2000-02-24 12:55:08.000000000 +0100 | ||
480 | +++ openssl-0.9.7m-man-fixed/doc/crypto/ERR_load_strings.pod 2007-03-22 22:24:37.000000000 +0100 | ||
481 | @@ -43,7 +43,7 @@ | ||
482 | |||
483 | =head1 SEE ALSO | ||
484 | |||
485 | -L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> | ||
486 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> | ||
487 | |||
488 | =head1 HISTORY | ||
489 | |||
490 | diff -Naur openssl-0.9.7m/doc/crypto/err.pod openssl-0.9.7m-man-fixed/doc/crypto/err.pod | ||
491 | --- openssl-0.9.7m/doc/crypto/err.pod 2002-07-10 21:34:38.000000000 +0200 | ||
492 | +++ openssl-0.9.7m-man-fixed/doc/crypto/err.pod 1970-01-01 01:00:00.000000000 +0100 | ||
493 | @@ -1,187 +0,0 @@ | ||
494 | -=pod | ||
495 | - | ||
496 | -=head1 NAME | ||
497 | - | ||
498 | -err - error codes | ||
499 | - | ||
500 | -=head1 SYNOPSIS | ||
501 | - | ||
502 | - #include <openssl/err.h> | ||
503 | - | ||
504 | - unsigned long ERR_get_error(void); | ||
505 | - unsigned long ERR_peek_error(void); | ||
506 | - unsigned long ERR_get_error_line(const char **file, int *line); | ||
507 | - unsigned long ERR_peek_error_line(const char **file, int *line); | ||
508 | - unsigned long ERR_get_error_line_data(const char **file, int *line, | ||
509 | - const char **data, int *flags); | ||
510 | - unsigned long ERR_peek_error_line_data(const char **file, int *line, | ||
511 | - const char **data, int *flags); | ||
512 | - | ||
513 | - int ERR_GET_LIB(unsigned long e); | ||
514 | - int ERR_GET_FUNC(unsigned long e); | ||
515 | - int ERR_GET_REASON(unsigned long e); | ||
516 | - | ||
517 | - void ERR_clear_error(void); | ||
518 | - | ||
519 | - char *ERR_error_string(unsigned long e, char *buf); | ||
520 | - const char *ERR_lib_error_string(unsigned long e); | ||
521 | - const char *ERR_func_error_string(unsigned long e); | ||
522 | - const char *ERR_reason_error_string(unsigned long e); | ||
523 | - | ||
524 | - void ERR_print_errors(BIO *bp); | ||
525 | - void ERR_print_errors_fp(FILE *fp); | ||
526 | - | ||
527 | - void ERR_load_crypto_strings(void); | ||
528 | - void ERR_free_strings(void); | ||
529 | - | ||
530 | - void ERR_remove_state(unsigned long pid); | ||
531 | - | ||
532 | - void ERR_put_error(int lib, int func, int reason, const char *file, | ||
533 | - int line); | ||
534 | - void ERR_add_error_data(int num, ...); | ||
535 | - | ||
536 | - void ERR_load_strings(int lib,ERR_STRING_DATA str[]); | ||
537 | - unsigned long ERR_PACK(int lib, int func, int reason); | ||
538 | - int ERR_get_next_error_library(void); | ||
539 | - | ||
540 | -=head1 DESCRIPTION | ||
541 | - | ||
542 | -When a call to the OpenSSL library fails, this is usually signalled | ||
543 | -by the return value, and an error code is stored in an error queue | ||
544 | -associated with the current thread. The B<err> library provides | ||
545 | -functions to obtain these error codes and textual error messages. | ||
546 | - | ||
547 | -The L<ERR_get_error(3)|ERR_get_error(3)> manpage describes how to | ||
548 | -access error codes. | ||
549 | - | ||
550 | -Error codes contain information about where the error occurred, and | ||
551 | -what went wrong. L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> describes how to | ||
552 | -extract this information. A method to obtain human-readable error | ||
553 | -messages is described in L<ERR_error_string(3)|ERR_error_string(3)>. | ||
554 | - | ||
555 | -L<ERR_clear_error(3)|ERR_clear_error(3)> can be used to clear the | ||
556 | -error queue. | ||
557 | - | ||
558 | -Note that L<ERR_remove_state(3)|ERR_remove_state(3)> should be used to | ||
559 | -avoid memory leaks when threads are terminated. | ||
560 | - | ||
561 | -=head1 ADDING NEW ERROR CODES TO OPENSSL | ||
562 | - | ||
563 | -See L<ERR_put_error(3)> if you want to record error codes in the | ||
564 | -OpenSSL error system from within your application. | ||
565 | - | ||
566 | -The remainder of this section is of interest only if you want to add | ||
567 | -new error codes to OpenSSL or add error codes from external libraries. | ||
568 | - | ||
569 | -=head2 Reporting errors | ||
570 | - | ||
571 | -Each sub-library has a specific macro XXXerr() that is used to report | ||
572 | -errors. Its first argument is a function code B<XXX_F_...>, the second | ||
573 | -argument is a reason code B<XXX_R_...>. Function codes are derived | ||
574 | -from the function names; reason codes consist of textual error | ||
575 | -descriptions. For example, the function ssl23_read() reports a | ||
576 | -"handshake failure" as follows: | ||
577 | - | ||
578 | - SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE); | ||
579 | - | ||
580 | -Function and reason codes should consist of upper case characters, | ||
581 | -numbers and underscores only. The error file generation script translates | ||
582 | -function codes into function names by looking in the header files | ||
583 | -for an appropriate function name, if none is found it just uses | ||
584 | -the capitalized form such as "SSL23_READ" in the above example. | ||
585 | - | ||
586 | -The trailing section of a reason code (after the "_R_") is translated | ||
587 | -into lower case and underscores changed to spaces. | ||
588 | - | ||
589 | -When you are using new function or reason codes, run B<make errors>. | ||
590 | -The necessary B<#define>s will then automatically be added to the | ||
591 | -sub-library's header file. | ||
592 | - | ||
593 | -Although a library will normally report errors using its own specific | ||
594 | -XXXerr macro, another library's macro can be used. This is normally | ||
595 | -only done when a library wants to include ASN1 code which must use | ||
596 | -the ASN1err() macro. | ||
597 | - | ||
598 | -=head2 Adding new libraries | ||
599 | - | ||
600 | -When adding a new sub-library to OpenSSL, assign it a library number | ||
601 | -B<ERR_LIB_XXX>, define a macro XXXerr() (both in B<err.h>), add its | ||
602 | -name to B<ERR_str_libraries[]> (in B<crypto/err/err.c>), and add | ||
603 | -C<ERR_load_XXX_strings()> to the ERR_load_crypto_strings() function | ||
604 | -(in B<crypto/err/err_all.c>). Finally, add an entry | ||
605 | - | ||
606 | - L XXX xxx.h xxx_err.c | ||
607 | - | ||
608 | -to B<crypto/err/openssl.ec>, and add B<xxx_err.c> to the Makefile. | ||
609 | -Running B<make errors> will then generate a file B<xxx_err.c>, and | ||
610 | -add all error codes used in the library to B<xxx.h>. | ||
611 | - | ||
612 | -Additionally the library include file must have a certain form. | ||
613 | -Typically it will initially look like this: | ||
614 | - | ||
615 | - #ifndef HEADER_XXX_H | ||
616 | - #define HEADER_XXX_H | ||
617 | - | ||
618 | - #ifdef __cplusplus | ||
619 | - extern "C" { | ||
620 | - #endif | ||
621 | - | ||
622 | - /* Include files */ | ||
623 | - | ||
624 | - #include <openssl/bio.h> | ||
625 | - #include <openssl/x509.h> | ||
626 | - | ||
627 | - /* Macros, structures and function prototypes */ | ||
628 | - | ||
629 | - | ||
630 | - /* BEGIN ERROR CODES */ | ||
631 | - | ||
632 | -The B<BEGIN ERROR CODES> sequence is used by the error code | ||
633 | -generation script as the point to place new error codes, any text | ||
634 | -after this point will be overwritten when B<make errors> is run. | ||
635 | -The closing #endif etc will be automatically added by the script. | ||
636 | - | ||
637 | -The generated C error code file B<xxx_err.c> will load the header | ||
638 | -files B<stdio.h>, B<openssl/err.h> and B<openssl/xxx.h> so the | ||
639 | -header file must load any additional header files containing any | ||
640 | -definitions it uses. | ||
641 | - | ||
642 | -=head1 USING ERROR CODES IN EXTERNAL LIBRARIES | ||
643 | - | ||
644 | -It is also possible to use OpenSSL's error code scheme in external | ||
645 | -libraries. The library needs to load its own codes and call the OpenSSL | ||
646 | -error code insertion script B<mkerr.pl> explicitly to add codes to | ||
647 | -the header file and generate the C error code file. This will normally | ||
648 | -be done if the external library needs to generate new ASN1 structures | ||
649 | -but it can also be used to add more general purpose error code handling. | ||
650 | - | ||
651 | -TBA more details | ||
652 | - | ||
653 | -=head1 INTERNALS | ||
654 | - | ||
655 | -The error queues are stored in a hash table with one B<ERR_STATE> | ||
656 | -entry for each pid. ERR_get_state() returns the current thread's | ||
657 | -B<ERR_STATE>. An B<ERR_STATE> can hold up to B<ERR_NUM_ERRORS> error | ||
658 | -codes. When more error codes are added, the old ones are overwritten, | ||
659 | -on the assumption that the most recent errors are most important. | ||
660 | - | ||
661 | -Error strings are also stored in hash table. The hash tables can | ||
662 | -be obtained by calling ERR_get_err_state_table(void) and | ||
663 | -ERR_get_string_table(void) respectively. | ||
664 | - | ||
665 | -=head1 SEE ALSO | ||
666 | - | ||
667 | -L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>, | ||
668 | -L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>, | ||
669 | -L<ERR_get_error(3)|ERR_get_error(3)>, | ||
670 | -L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>, | ||
671 | -L<ERR_clear_error(3)|ERR_clear_error(3)>, | ||
672 | -L<ERR_error_string(3)|ERR_error_string(3)>, | ||
673 | -L<ERR_print_errors(3)|ERR_print_errors(3)>, | ||
674 | -L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, | ||
675 | -L<ERR_remove_state(3)|ERR_remove_state(3)>, | ||
676 | -L<ERR_put_error(3)|ERR_put_error(3)>, | ||
677 | -L<ERR_load_strings(3)|ERR_load_strings(3)>, | ||
678 | -L<SSL_get_error(3)|SSL_get_error(3)> | ||
679 | - | ||
680 | -=cut | ||
681 | diff -Naur openssl-0.9.7m/doc/crypto/ERR_print_errors.pod openssl-0.9.7m-man-fixed/doc/crypto/ERR_print_errors.pod | ||
682 | --- openssl-0.9.7m/doc/crypto/ERR_print_errors.pod 2000-02-01 02:36:59.000000000 +0100 | ||
683 | +++ openssl-0.9.7m-man-fixed/doc/crypto/ERR_print_errors.pod 2007-03-22 22:24:37.000000000 +0100 | ||
684 | @@ -38,7 +38,7 @@ | ||
685 | |||
686 | =head1 SEE ALSO | ||
687 | |||
688 | -L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, | ||
689 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, | ||
690 | L<ERR_get_error(3)|ERR_get_error(3)>, | ||
691 | L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, | ||
692 | L<SSL_load_error_strings(3)|SSL_load_error_strings(3)> | ||
693 | diff -Naur openssl-0.9.7m/doc/crypto/ERR_put_error.pod openssl-0.9.7m-man-fixed/doc/crypto/ERR_put_error.pod | ||
694 | --- openssl-0.9.7m/doc/crypto/ERR_put_error.pod 2000-02-24 12:55:08.000000000 +0100 | ||
695 | +++ openssl-0.9.7m-man-fixed/doc/crypto/ERR_put_error.pod 2007-03-22 22:24:37.000000000 +0100 | ||
696 | @@ -34,7 +34,7 @@ | ||
697 | |||
698 | =head1 SEE ALSO | ||
699 | |||
700 | -L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> | ||
701 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> | ||
702 | |||
703 | =head1 HISTORY | ||
704 | |||
705 | diff -Naur openssl-0.9.7m/doc/crypto/ERR_remove_state.pod openssl-0.9.7m-man-fixed/doc/crypto/ERR_remove_state.pod | ||
706 | --- openssl-0.9.7m/doc/crypto/ERR_remove_state.pod 2000-05-19 09:54:42.000000000 +0200 | ||
707 | +++ openssl-0.9.7m-man-fixed/doc/crypto/ERR_remove_state.pod 2007-03-22 22:24:37.000000000 +0100 | ||
708 | @@ -25,7 +25,7 @@ | ||
709 | |||
710 | =head1 SEE ALSO | ||
711 | |||
712 | -L<err(3)|err(3)> | ||
713 | +L<openssl_err(3)|openssl_err(3)> | ||
714 | |||
715 | =head1 HISTORY | ||
716 | |||
717 | diff -Naur openssl-0.9.7m/doc/crypto/EVP_BytesToKey.pod openssl-0.9.7m-man-fixed/doc/crypto/EVP_BytesToKey.pod | ||
718 | --- openssl-0.9.7m/doc/crypto/EVP_BytesToKey.pod 2003-09-30 19:22:21.000000000 +0200 | ||
719 | +++ openssl-0.9.7m-man-fixed/doc/crypto/EVP_BytesToKey.pod 2007-03-22 22:24:37.000000000 +0100 | ||
720 | @@ -59,7 +59,7 @@ | ||
721 | |||
722 | =head1 SEE ALSO | ||
723 | |||
724 | -L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, | ||
725 | +L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)>, | ||
726 | L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, | ||
727 | |||
728 | =head1 HISTORY | ||
729 | diff -Naur openssl-0.9.7m/doc/crypto/EVP_OpenInit.pod openssl-0.9.7m-man-fixed/doc/crypto/EVP_OpenInit.pod | ||
730 | --- openssl-0.9.7m/doc/crypto/EVP_OpenInit.pod 2000-09-23 09:16:14.000000000 +0200 | ||
731 | +++ openssl-0.9.7m-man-fixed/doc/crypto/EVP_OpenInit.pod 2007-03-22 22:24:37.000000000 +0100 | ||
732 | @@ -54,7 +54,7 @@ | ||
733 | |||
734 | =head1 SEE ALSO | ||
735 | |||
736 | -L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, | ||
737 | +L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)>, | ||
738 | L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, | ||
739 | L<EVP_SealInit(3)|EVP_SealInit(3)> | ||
740 | |||
741 | diff -Naur openssl-0.9.7m/doc/crypto/EVP_SealInit.pod openssl-0.9.7m-man-fixed/doc/crypto/EVP_SealInit.pod | ||
742 | --- openssl-0.9.7m/doc/crypto/EVP_SealInit.pod 2005-03-29 19:48:34.000000000 +0200 | ||
743 | +++ openssl-0.9.7m-man-fixed/doc/crypto/EVP_SealInit.pod 2007-03-22 22:24:37.000000000 +0100 | ||
744 | @@ -74,7 +74,7 @@ | ||
745 | |||
746 | =head1 SEE ALSO | ||
747 | |||
748 | -L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, | ||
749 | +L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)>, | ||
750 | L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, | ||
751 | L<EVP_OpenInit(3)|EVP_OpenInit(3)> | ||
752 | |||
753 | diff -Naur openssl-0.9.7m/doc/crypto/EVP_SealInit.pod.orig openssl-0.9.7m-man-fixed/doc/crypto/EVP_SealInit.pod.orig | ||
754 | --- openssl-0.9.7m/doc/crypto/EVP_SealInit.pod.orig 1970-01-01 01:00:00.000000000 +0100 | ||
755 | +++ openssl-0.9.7m-man-fixed/doc/crypto/EVP_SealInit.pod.orig 2005-03-29 19:48:34.000000000 +0200 | ||
756 | @@ -0,0 +1,85 @@ | ||
757 | +=pod | ||
758 | + | ||
759 | +=head1 NAME | ||
760 | + | ||
761 | +EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption | ||
762 | + | ||
763 | +=head1 SYNOPSIS | ||
764 | + | ||
765 | + #include <openssl/evp.h> | ||
766 | + | ||
767 | + int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, | ||
768 | + unsigned char **ek, int *ekl, unsigned char *iv, | ||
769 | + EVP_PKEY **pubk, int npubk); | ||
770 | + int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
771 | + int *outl, unsigned char *in, int inl); | ||
772 | + int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
773 | + int *outl); | ||
774 | + | ||
775 | +=head1 DESCRIPTION | ||
776 | + | ||
777 | +The EVP envelope routines are a high level interface to envelope | ||
778 | +encryption. They generate a random key and IV (if required) then | ||
779 | +"envelope" it by using public key encryption. Data can then be | ||
780 | +encrypted using this key. | ||
781 | + | ||
782 | +EVP_SealInit() initializes a cipher context B<ctx> for encryption | ||
783 | +with cipher B<type> using a random secret key and IV. B<type> is normally | ||
784 | +supplied by a function such as EVP_des_cbc(). The secret key is encrypted | ||
785 | +using one or more public keys, this allows the same encrypted data to be | ||
786 | +decrypted using any of the corresponding private keys. B<ek> is an array of | ||
787 | +buffers where the public key encrypted secret key will be written, each buffer | ||
788 | +must contain enough room for the corresponding encrypted key: that is | ||
789 | +B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual | ||
790 | +size of each encrypted secret key is written to the array B<ekl>. B<pubk> is | ||
791 | +an array of B<npubk> public keys. | ||
792 | + | ||
793 | +The B<iv> parameter is a buffer where the generated IV is written to. It must | ||
794 | +contain enough room for the corresponding cipher's IV, as determined by (for | ||
795 | +example) EVP_CIPHER_iv_length(type). | ||
796 | + | ||
797 | +If the cipher does not require an IV then the B<iv> parameter is ignored | ||
798 | +and can be B<NULL>. | ||
799 | + | ||
800 | +EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties | ||
801 | +as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as | ||
802 | +documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual | ||
803 | +page. | ||
804 | + | ||
805 | +=head1 RETURN VALUES | ||
806 | + | ||
807 | +EVP_SealInit() returns 0 on error or B<npubk> if successful. | ||
808 | + | ||
809 | +EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for | ||
810 | +failure. | ||
811 | + | ||
812 | +=head1 NOTES | ||
813 | + | ||
814 | +Because a random secret key is generated the random number generator | ||
815 | +must be seeded before calling EVP_SealInit(). | ||
816 | + | ||
817 | +The public key must be RSA because it is the only OpenSSL public key | ||
818 | +algorithm that supports key transport. | ||
819 | + | ||
820 | +Envelope encryption is the usual method of using public key encryption | ||
821 | +on large amounts of data, this is because public key encryption is slow | ||
822 | +but symmetric encryption is fast. So symmetric encryption is used for | ||
823 | +bulk encryption and the small random symmetric key used is transferred | ||
824 | +using public key encryption. | ||
825 | + | ||
826 | +It is possible to call EVP_SealInit() twice in the same way as | ||
827 | +EVP_EncryptInit(). The first call should have B<npubk> set to 0 | ||
828 | +and (after setting any cipher parameters) it should be called again | ||
829 | +with B<type> set to NULL. | ||
830 | + | ||
831 | +=head1 SEE ALSO | ||
832 | + | ||
833 | +L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, | ||
834 | +L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, | ||
835 | +L<EVP_OpenInit(3)|EVP_OpenInit(3)> | ||
836 | + | ||
837 | +=head1 HISTORY | ||
838 | + | ||
839 | +EVP_SealFinal() did not return a value before OpenSSL 0.9.7. | ||
840 | + | ||
841 | +=cut | ||
842 | diff -Naur openssl-0.9.7m/doc/crypto/EVP_SignInit.pod openssl-0.9.7m-man-fixed/doc/crypto/EVP_SignInit.pod | ||
843 | --- openssl-0.9.7m/doc/crypto/EVP_SignInit.pod 2005-03-22 18:57:43.000000000 +0100 | ||
844 | +++ openssl-0.9.7m-man-fixed/doc/crypto/EVP_SignInit.pod 2007-03-22 22:24:37.000000000 +0100 | ||
845 | @@ -80,7 +80,7 @@ | ||
846 | =head1 SEE ALSO | ||
847 | |||
848 | L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>, | ||
849 | -L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, | ||
850 | +L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<openssl_err(3)|openssl_err(3)>, | ||
851 | L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, | ||
852 | L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, | ||
853 | L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> | ||
854 | diff -Naur openssl-0.9.7m/doc/crypto/EVP_SignInit.pod.orig openssl-0.9.7m-man-fixed/doc/crypto/EVP_SignInit.pod.orig | ||
855 | --- openssl-0.9.7m/doc/crypto/EVP_SignInit.pod.orig 1970-01-01 01:00:00.000000000 +0100 | ||
856 | +++ openssl-0.9.7m-man-fixed/doc/crypto/EVP_SignInit.pod.orig 2005-03-22 18:57:43.000000000 +0100 | ||
857 | @@ -0,0 +1,95 @@ | ||
858 | +=pod | ||
859 | + | ||
860 | +=head1 NAME | ||
861 | + | ||
862 | +EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions | ||
863 | + | ||
864 | +=head1 SYNOPSIS | ||
865 | + | ||
866 | + #include <openssl/evp.h> | ||
867 | + | ||
868 | + int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); | ||
869 | + int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); | ||
870 | + int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey); | ||
871 | + | ||
872 | + void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); | ||
873 | + | ||
874 | + int EVP_PKEY_size(EVP_PKEY *pkey); | ||
875 | + | ||
876 | +=head1 DESCRIPTION | ||
877 | + | ||
878 | +The EVP signature routines are a high level interface to digital | ||
879 | +signatures. | ||
880 | + | ||
881 | +EVP_SignInit_ex() sets up signing context B<ctx> to use digest | ||
882 | +B<type> from ENGINE B<impl>. B<ctx> must be initialized with | ||
883 | +EVP_MD_CTX_init() before calling this function. | ||
884 | + | ||
885 | +EVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the | ||
886 | +signature context B<ctx>. This function can be called several times on the | ||
887 | +same B<ctx> to include additional data. | ||
888 | + | ||
889 | +EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> and | ||
890 | +places the signature in B<sig>. The number of bytes of data written (i.e. the | ||
891 | +length of the signature) will be written to the integer at B<s>, at most | ||
892 | +EVP_PKEY_size(pkey) bytes will be written. | ||
893 | + | ||
894 | +EVP_SignInit() initializes a signing context B<ctx> to use the default | ||
895 | +implementation of digest B<type>. | ||
896 | + | ||
897 | +EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual | ||
898 | +signature returned by EVP_SignFinal() may be smaller. | ||
899 | + | ||
900 | +=head1 RETURN VALUES | ||
901 | + | ||
902 | +EVP_SignInit_ex(), EVP_SignUpdate() and EVP_SignFinal() return 1 | ||
903 | +for success and 0 for failure. | ||
904 | + | ||
905 | +EVP_PKEY_size() returns the maximum size of a signature in bytes. | ||
906 | + | ||
907 | +The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. | ||
908 | + | ||
909 | +=head1 NOTES | ||
910 | + | ||
911 | +The B<EVP> interface to digital signatures should almost always be used in | ||
912 | +preference to the low level interfaces. This is because the code then becomes | ||
913 | +transparent to the algorithm used and much more flexible. | ||
914 | + | ||
915 | +Due to the link between message digests and public key algorithms the correct | ||
916 | +digest algorithm must be used with the correct public key type. A list of | ||
917 | +algorithms and associated public key algorithms appears in | ||
918 | +L<EVP_DigestInit(3)|EVP_DigestInit(3)>. | ||
919 | + | ||
920 | +When signing with DSA private keys the random number generator must be seeded | ||
921 | +or the operation will fail. The random number generator does not need to be | ||
922 | +seeded for RSA signatures. | ||
923 | + | ||
924 | +The call to EVP_SignFinal() internally finalizes a copy of the digest context. | ||
925 | +This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called | ||
926 | +later to digest and sign additional data. | ||
927 | + | ||
928 | +Since only a copy of the digest context is ever finalized the context must | ||
929 | +be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak | ||
930 | +will occur. | ||
931 | + | ||
932 | +=head1 BUGS | ||
933 | + | ||
934 | +Older versions of this documentation wrongly stated that calls to | ||
935 | +EVP_SignUpdate() could not be made after calling EVP_SignFinal(). | ||
936 | + | ||
937 | +=head1 SEE ALSO | ||
938 | + | ||
939 | +L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>, | ||
940 | +L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, | ||
941 | +L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, | ||
942 | +L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, | ||
943 | +L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> | ||
944 | + | ||
945 | +=head1 HISTORY | ||
946 | + | ||
947 | +EVP_SignInit(), EVP_SignUpdate() and EVP_SignFinal() are | ||
948 | +available in all versions of SSLeay and OpenSSL. | ||
949 | + | ||
950 | +EVP_SignInit_ex() was added in OpenSSL 0.9.7. | ||
951 | + | ||
952 | +=cut | ||
953 | diff -Naur openssl-0.9.7m/doc/crypto/EVP_VerifyInit.pod openssl-0.9.7m-man-fixed/doc/crypto/EVP_VerifyInit.pod | ||
954 | --- openssl-0.9.7m/doc/crypto/EVP_VerifyInit.pod 2002-07-10 21:34:38.000000000 +0200 | ||
955 | +++ openssl-0.9.7m-man-fixed/doc/crypto/EVP_VerifyInit.pod 2007-03-22 22:24:37.000000000 +0100 | ||
956 | @@ -71,7 +71,7 @@ | ||
957 | |||
958 | L<evp(3)|evp(3)>, | ||
959 | L<EVP_SignInit(3)|EVP_SignInit(3)>, | ||
960 | -L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, | ||
961 | +L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<openssl_err(3)|openssl_err(3)>, | ||
962 | L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, | ||
963 | L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, | ||
964 | L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> | ||
965 | diff -Naur openssl-0.9.7m/doc/crypto/OPENSSL_config.pod openssl-0.9.7m-man-fixed/doc/crypto/OPENSSL_config.pod | ||
966 | --- openssl-0.9.7m/doc/crypto/OPENSSL_config.pod 2005-06-03 01:16:33.000000000 +0200 | ||
967 | +++ openssl-0.9.7m-man-fixed/doc/crypto/OPENSSL_config.pod 2007-03-22 22:24:37.000000000 +0100 | ||
968 | @@ -73,7 +73,7 @@ | ||
969 | =head1 SEE ALSO | ||
970 | |||
971 | L<conf(5)|conf(5)>, L<CONF_load_modules_file(3)|CONF_load_modules_file(3)>, | ||
972 | -L<CONF_modules_free(3),CONF_modules_free(3)> | ||
973 | +L<CONF_modules_free(3)|CONF_modules_free(3)> | ||
974 | |||
975 | =head1 HISTORY | ||
976 | |||
977 | diff -Naur openssl-0.9.7m/doc/crypto/openssl_err.pod openssl-0.9.7m-man-fixed/doc/crypto/openssl_err.pod | ||
978 | --- openssl-0.9.7m/doc/crypto/openssl_err.pod 1970-01-01 01:00:00.000000000 +0100 | ||
979 | +++ openssl-0.9.7m-man-fixed/doc/crypto/openssl_err.pod 2007-03-22 22:24:37.000000000 +0100 | ||
980 | @@ -0,0 +1,187 @@ | ||
981 | +=pod | ||
982 | + | ||
983 | +=head1 NAME | ||
984 | + | ||
985 | +openssl_err - error codes | ||
986 | + | ||
987 | +=head1 SYNOPSIS | ||
988 | + | ||
989 | + #include <openssl/err.h> | ||
990 | + | ||
991 | + unsigned long ERR_get_error(void); | ||
992 | + unsigned long ERR_peek_error(void); | ||
993 | + unsigned long ERR_get_error_line(const char **file, int *line); | ||
994 | + unsigned long ERR_peek_error_line(const char **file, int *line); | ||
995 | + unsigned long ERR_get_error_line_data(const char **file, int *line, | ||
996 | + const char **data, int *flags); | ||
997 | + unsigned long ERR_peek_error_line_data(const char **file, int *line, | ||
998 | + const char **data, int *flags); | ||
999 | + | ||
1000 | + int ERR_GET_LIB(unsigned long e); | ||
1001 | + int ERR_GET_FUNC(unsigned long e); | ||
1002 | + int ERR_GET_REASON(unsigned long e); | ||
1003 | + | ||
1004 | + void ERR_clear_error(void); | ||
1005 | + | ||
1006 | + char *ERR_error_string(unsigned long e, char *buf); | ||
1007 | + const char *ERR_lib_error_string(unsigned long e); | ||
1008 | + const char *ERR_func_error_string(unsigned long e); | ||
1009 | + const char *ERR_reason_error_string(unsigned long e); | ||
1010 | + | ||
1011 | + void ERR_print_errors(BIO *bp); | ||
1012 | + void ERR_print_errors_fp(FILE *fp); | ||
1013 | + | ||
1014 | + void ERR_load_crypto_strings(void); | ||
1015 | + void ERR_free_strings(void); | ||
1016 | + | ||
1017 | + void ERR_remove_state(unsigned long pid); | ||
1018 | + | ||
1019 | + void ERR_put_error(int lib, int func, int reason, const char *file, | ||
1020 | + int line); | ||
1021 | + void ERR_add_error_data(int num, ...); | ||
1022 | + | ||
1023 | + void ERR_load_strings(int lib,ERR_STRING_DATA str[]); | ||
1024 | + unsigned long ERR_PACK(int lib, int func, int reason); | ||
1025 | + int ERR_get_next_error_library(void); | ||
1026 | + | ||
1027 | +=head1 DESCRIPTION | ||
1028 | + | ||
1029 | +When a call to the OpenSSL library fails, this is usually signalled | ||
1030 | +by the return value, and an error code is stored in an error queue | ||
1031 | +associated with the current thread. The B<err> library provides | ||
1032 | +functions to obtain these error codes and textual error messages. | ||
1033 | + | ||
1034 | +The L<ERR_get_error(3)|ERR_get_error(3)> manpage describes how to | ||
1035 | +access error codes. | ||
1036 | + | ||
1037 | +Error codes contain information about where the error occurred, and | ||
1038 | +what went wrong. L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> describes how to | ||
1039 | +extract this information. A method to obtain human-readable error | ||
1040 | +messages is described in L<ERR_error_string(3)|ERR_error_string(3)>. | ||
1041 | + | ||
1042 | +L<ERR_clear_error(3)|ERR_clear_error(3)> can be used to clear the | ||
1043 | +error queue. | ||
1044 | + | ||
1045 | +Note that L<ERR_remove_state(3)|ERR_remove_state(3)> should be used to | ||
1046 | +avoid memory leaks when threads are terminated. | ||
1047 | + | ||
1048 | +=head1 ADDING NEW ERROR CODES TO OPENSSL | ||
1049 | + | ||
1050 | +See L<ERR_put_error(3)> if you want to record error codes in the | ||
1051 | +OpenSSL error system from within your application. | ||
1052 | + | ||
1053 | +The remainder of this section is of interest only if you want to add | ||
1054 | +new error codes to OpenSSL or add error codes from external libraries. | ||
1055 | + | ||
1056 | +=head2 Reporting errors | ||
1057 | + | ||
1058 | +Each sub-library has a specific macro XXXerr() that is used to report | ||
1059 | +errors. Its first argument is a function code B<XXX_F_...>, the second | ||
1060 | +argument is a reason code B<XXX_R_...>. Function codes are derived | ||
1061 | +from the function names; reason codes consist of textual error | ||
1062 | +descriptions. For example, the function ssl23_read() reports a | ||
1063 | +"handshake failure" as follows: | ||
1064 | + | ||
1065 | + SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE); | ||
1066 | + | ||
1067 | +Function and reason codes should consist of upper case characters, | ||
1068 | +numbers and underscores only. The error file generation script translates | ||
1069 | +function codes into function names by looking in the header files | ||
1070 | +for an appropriate function name, if none is found it just uses | ||
1071 | +the capitalized form such as "SSL23_READ" in the above example. | ||
1072 | + | ||
1073 | +The trailing section of a reason code (after the "_R_") is translated | ||
1074 | +into lower case and underscores changed to spaces. | ||
1075 | + | ||
1076 | +When you are using new function or reason codes, run B<make errors>. | ||
1077 | +The necessary B<#define>s will then automatically be added to the | ||
1078 | +sub-library's header file. | ||
1079 | + | ||
1080 | +Although a library will normally report errors using its own specific | ||
1081 | +XXXerr macro, another library's macro can be used. This is normally | ||
1082 | +only done when a library wants to include ASN1 code which must use | ||
1083 | +the ASN1err() macro. | ||
1084 | + | ||
1085 | +=head2 Adding new libraries | ||
1086 | + | ||
1087 | +When adding a new sub-library to OpenSSL, assign it a library number | ||
1088 | +B<ERR_LIB_XXX>, define a macro XXXerr() (both in B<err.h>), add its | ||
1089 | +name to B<ERR_str_libraries[]> (in B<crypto/err/err.c>), and add | ||
1090 | +C<ERR_load_XXX_strings()> to the ERR_load_crypto_strings() function | ||
1091 | +(in B<crypto/err/err_all.c>). Finally, add an entry | ||
1092 | + | ||
1093 | + L XXX xxx.h xxx_err.c | ||
1094 | + | ||
1095 | +to B<crypto/err/openssl.ec>, and add B<xxx_err.c> to the Makefile. | ||
1096 | +Running B<make errors> will then generate a file B<xxx_err.c>, and | ||
1097 | +add all error codes used in the library to B<xxx.h>. | ||
1098 | + | ||
1099 | +Additionally the library include file must have a certain form. | ||
1100 | +Typically it will initially look like this: | ||
1101 | + | ||
1102 | + #ifndef HEADER_XXX_H | ||
1103 | + #define HEADER_XXX_H | ||
1104 | + | ||
1105 | + #ifdef __cplusplus | ||
1106 | + extern "C" { | ||
1107 | + #endif | ||
1108 | + | ||
1109 | + /* Include files */ | ||
1110 | + | ||
1111 | + #include <openssl/bio.h> | ||
1112 | + #include <openssl/x509.h> | ||
1113 | + | ||
1114 | + /* Macros, structures and function prototypes */ | ||
1115 | + | ||
1116 | + | ||
1117 | + /* BEGIN ERROR CODES */ | ||
1118 | + | ||
1119 | +The B<BEGIN ERROR CODES> sequence is used by the error code | ||
1120 | +generation script as the point to place new error codes, any text | ||
1121 | +after this point will be overwritten when B<make errors> is run. | ||
1122 | +The closing #endif etc will be automatically added by the script. | ||
1123 | + | ||
1124 | +The generated C error code file B<xxx_err.c> will load the header | ||
1125 | +files B<stdio.h>, B<openssl/err.h> and B<openssl/xxx.h> so the | ||
1126 | +header file must load any additional header files containing any | ||
1127 | +definitions it uses. | ||
1128 | + | ||
1129 | +=head1 USING ERROR CODES IN EXTERNAL LIBRARIES | ||
1130 | + | ||
1131 | +It is also possible to use OpenSSL's error code scheme in external | ||
1132 | +libraries. The library needs to load its own codes and call the OpenSSL | ||
1133 | +error code insertion script B<mkerr.pl> explicitly to add codes to | ||
1134 | +the header file and generate the C error code file. This will normally | ||
1135 | +be done if the external library needs to generate new ASN1 structures | ||
1136 | +but it can also be used to add more general purpose error code handling. | ||
1137 | + | ||
1138 | +TBA more details | ||
1139 | + | ||
1140 | +=head1 INTERNALS | ||
1141 | + | ||
1142 | +The error queues are stored in a hash table with one B<ERR_STATE> | ||
1143 | +entry for each pid. ERR_get_state() returns the current thread's | ||
1144 | +B<ERR_STATE>. An B<ERR_STATE> can hold up to B<ERR_NUM_ERRORS> error | ||
1145 | +codes. When more error codes are added, the old ones are overwritten, | ||
1146 | +on the assumption that the most recent errors are most important. | ||
1147 | + | ||
1148 | +Error strings are also stored in hash table. The hash tables can | ||
1149 | +be obtained by calling ERR_get_err_state_table(void) and | ||
1150 | +ERR_get_string_table(void) respectively. | ||
1151 | + | ||
1152 | +=head1 SEE ALSO | ||
1153 | + | ||
1154 | +L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>, | ||
1155 | +L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>, | ||
1156 | +L<ERR_get_error(3)|ERR_get_error(3)>, | ||
1157 | +L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>, | ||
1158 | +L<ERR_clear_error(3)|ERR_clear_error(3)>, | ||
1159 | +L<ERR_error_string(3)|ERR_error_string(3)>, | ||
1160 | +L<ERR_print_errors(3)|ERR_print_errors(3)>, | ||
1161 | +L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, | ||
1162 | +L<ERR_remove_state(3)|ERR_remove_state(3)>, | ||
1163 | +L<ERR_put_error(3)|ERR_put_error(3)>, | ||
1164 | +L<ERR_load_strings(3)|ERR_load_strings(3)>, | ||
1165 | +L<SSL_get_error(3)|SSL_get_error(3)> | ||
1166 | + | ||
1167 | +=cut | ||
1168 | diff -Naur openssl-0.9.7m/doc/crypto/openssl_rand.pod openssl-0.9.7m-man-fixed/doc/crypto/openssl_rand.pod | ||
1169 | --- openssl-0.9.7m/doc/crypto/openssl_rand.pod 1970-01-01 01:00:00.000000000 +0100 | ||
1170 | +++ openssl-0.9.7m-man-fixed/doc/crypto/openssl_rand.pod 2007-03-22 22:24:37.000000000 +0100 | ||
1171 | @@ -0,0 +1,175 @@ | ||
1172 | +=pod | ||
1173 | + | ||
1174 | +=head1 NAME | ||
1175 | + | ||
1176 | +openssl_rand - pseudo-random number generator | ||
1177 | + | ||
1178 | +=head1 SYNOPSIS | ||
1179 | + | ||
1180 | + #include <openssl/rand.h> | ||
1181 | + | ||
1182 | + int RAND_set_rand_engine(ENGINE *engine); | ||
1183 | + | ||
1184 | + int RAND_bytes(unsigned char *buf, int num); | ||
1185 | + int RAND_pseudo_bytes(unsigned char *buf, int num); | ||
1186 | + | ||
1187 | + void RAND_seed(const void *buf, int num); | ||
1188 | + void RAND_add(const void *buf, int num, int entropy); | ||
1189 | + int RAND_status(void); | ||
1190 | + | ||
1191 | + int RAND_load_file(const char *file, long max_bytes); | ||
1192 | + int RAND_write_file(const char *file); | ||
1193 | + const char *RAND_file_name(char *file, size_t num); | ||
1194 | + | ||
1195 | + int RAND_egd(const char *path); | ||
1196 | + | ||
1197 | + void RAND_set_rand_method(const RAND_METHOD *meth); | ||
1198 | + const RAND_METHOD *RAND_get_rand_method(void); | ||
1199 | + RAND_METHOD *RAND_SSLeay(void); | ||
1200 | + | ||
1201 | + void RAND_cleanup(void); | ||
1202 | + | ||
1203 | + /* For Win32 only */ | ||
1204 | + void RAND_screen(void); | ||
1205 | + int RAND_event(UINT, WPARAM, LPARAM); | ||
1206 | + | ||
1207 | +=head1 DESCRIPTION | ||
1208 | + | ||
1209 | +Since the introduction of the ENGINE API, the recommended way of controlling | ||
1210 | +default implementations is by using the ENGINE API functions. The default | ||
1211 | +B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by | ||
1212 | +RAND_get_rand_method(), is only used if no ENGINE has been set as the default | ||
1213 | +"rand" implementation. Hence, these two functions are no longer the recommened | ||
1214 | +way to control defaults. | ||
1215 | + | ||
1216 | +If an alternative B<RAND_METHOD> implementation is being used (either set | ||
1217 | +directly or as provided by an ENGINE module), then it is entirely responsible | ||
1218 | +for the generation and management of a cryptographically secure PRNG stream. The | ||
1219 | +mechanisms described below relate solely to the software PRNG implementation | ||
1220 | +built in to OpenSSL and used by default. | ||
1221 | + | ||
1222 | +These functions implement a cryptographically secure pseudo-random | ||
1223 | +number generator (PRNG). It is used by other library functions for | ||
1224 | +example to generate random keys, and applications can use it when they | ||
1225 | +need randomness. | ||
1226 | + | ||
1227 | +A cryptographic PRNG must be seeded with unpredictable data such as | ||
1228 | +mouse movements or keys pressed at random by the user. This is | ||
1229 | +described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file | ||
1230 | +(see L<RAND_load_file(3)|RAND_load_file(3)>) to avoid having to go through the | ||
1231 | +seeding process whenever the application is started. | ||
1232 | + | ||
1233 | +L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the | ||
1234 | +PRNG. | ||
1235 | + | ||
1236 | +=head1 INTERNALS | ||
1237 | + | ||
1238 | +The RAND_SSLeay() method implements a PRNG based on a cryptographic | ||
1239 | +hash function. | ||
1240 | + | ||
1241 | +The following description of its design is based on the SSLeay | ||
1242 | +documentation: | ||
1243 | + | ||
1244 | +First up I will state the things I believe I need for a good RNG. | ||
1245 | + | ||
1246 | +=over 4 | ||
1247 | + | ||
1248 | +=item 1 | ||
1249 | + | ||
1250 | +A good hashing algorithm to mix things up and to convert the RNG 'state' | ||
1251 | +to random numbers. | ||
1252 | + | ||
1253 | +=item 2 | ||
1254 | + | ||
1255 | +An initial source of random 'state'. | ||
1256 | + | ||
1257 | +=item 3 | ||
1258 | + | ||
1259 | +The state should be very large. If the RNG is being used to generate | ||
1260 | +4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum). | ||
1261 | +If your RNG state only has 128 bits, you are obviously limiting the | ||
1262 | +search space to 128 bits, not 2048. I'm probably getting a little | ||
1263 | +carried away on this last point but it does indicate that it may not be | ||
1264 | +a bad idea to keep quite a lot of RNG state. It should be easier to | ||
1265 | +break a cipher than guess the RNG seed data. | ||
1266 | + | ||
1267 | +=item 4 | ||
1268 | + | ||
1269 | +Any RNG seed data should influence all subsequent random numbers | ||
1270 | +generated. This implies that any random seed data entered will have | ||
1271 | +an influence on all subsequent random numbers generated. | ||
1272 | + | ||
1273 | +=item 5 | ||
1274 | + | ||
1275 | +When using data to seed the RNG state, the data used should not be | ||
1276 | +extractable from the RNG state. I believe this should be a | ||
1277 | +requirement because one possible source of 'secret' semi random | ||
1278 | +data would be a private key or a password. This data must | ||
1279 | +not be disclosed by either subsequent random numbers or a | ||
1280 | +'core' dump left by a program crash. | ||
1281 | + | ||
1282 | +=item 6 | ||
1283 | + | ||
1284 | +Given the same initial 'state', 2 systems should deviate in their RNG state | ||
1285 | +(and hence the random numbers generated) over time if at all possible. | ||
1286 | + | ||
1287 | +=item 7 | ||
1288 | + | ||
1289 | +Given the random number output stream, it should not be possible to determine | ||
1290 | +the RNG state or the next random number. | ||
1291 | + | ||
1292 | +=back | ||
1293 | + | ||
1294 | +The algorithm is as follows. | ||
1295 | + | ||
1296 | +There is global state made up of a 1023 byte buffer (the 'state'), a | ||
1297 | +working hash value ('md'), and a counter ('count'). | ||
1298 | + | ||
1299 | +Whenever seed data is added, it is inserted into the 'state' as | ||
1300 | +follows. | ||
1301 | + | ||
1302 | +The input is chopped up into units of 20 bytes (or less for | ||
1303 | +the last block). Each of these blocks is run through the hash | ||
1304 | +function as follows: The data passed to the hash function | ||
1305 | +is the current 'md', the same number of bytes from the 'state' | ||
1306 | +(the location determined by in incremented looping index) as | ||
1307 | +the current 'block', the new key data 'block', and 'count' | ||
1308 | +(which is incremented after each use). | ||
1309 | +The result of this is kept in 'md' and also xored into the | ||
1310 | +'state' at the same locations that were used as input into the | ||
1311 | +hash function. I | ||
1312 | +believe this system addresses points 1 (hash function; currently | ||
1313 | +SHA-1), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash | ||
1314 | +function and xor). | ||
1315 | + | ||
1316 | +When bytes are extracted from the RNG, the following process is used. | ||
1317 | +For each group of 10 bytes (or less), we do the following: | ||
1318 | + | ||
1319 | +Input into the hash function the local 'md' (which is initialized from | ||
1320 | +the global 'md' before any bytes are generated), the bytes that are to | ||
1321 | +be overwritten by the random bytes, and bytes from the 'state' | ||
1322 | +(incrementing looping index). From this digest output (which is kept | ||
1323 | +in 'md'), the top (up to) 10 bytes are returned to the caller and the | ||
1324 | +bottom 10 bytes are xored into the 'state'. | ||
1325 | + | ||
1326 | +Finally, after we have finished 'num' random bytes for the caller, | ||
1327 | +'count' (which is incremented) and the local and global 'md' are fed | ||
1328 | +into the hash function and the results are kept in the global 'md'. | ||
1329 | + | ||
1330 | +I believe the above addressed points 1 (use of SHA-1), 6 (by hashing | ||
1331 | +into the 'state' the 'old' data from the caller that is about to be | ||
1332 | +overwritten) and 7 (by not using the 10 bytes given to the caller to | ||
1333 | +update the 'state', but they are used to update 'md'). | ||
1334 | + | ||
1335 | +So of the points raised, only 2 is not addressed (but see | ||
1336 | +L<RAND_add(3)|RAND_add(3)>). | ||
1337 | + | ||
1338 | +=head1 SEE ALSO | ||
1339 | + | ||
1340 | +L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>, | ||
1341 | +L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_egd(3)|RAND_egd(3)>, | ||
1342 | +L<RAND_bytes(3)|RAND_bytes(3)>, | ||
1343 | +L<RAND_set_rand_method(3)|RAND_set_rand_method(3)>, | ||
1344 | +L<RAND_cleanup(3)|RAND_cleanup(3)> | ||
1345 | + | ||
1346 | +=cut | ||
1347 | diff -Naur openssl-0.9.7m/doc/crypto/openssl_threads.pod openssl-0.9.7m-man-fixed/doc/crypto/openssl_threads.pod | ||
1348 | --- openssl-0.9.7m/doc/crypto/openssl_threads.pod 1970-01-01 01:00:00.000000000 +0100 | ||
1349 | +++ openssl-0.9.7m-man-fixed/doc/crypto/openssl_threads.pod 2007-03-22 22:24:37.000000000 +0100 | ||
1350 | @@ -0,0 +1,175 @@ | ||
1351 | +=pod | ||
1352 | + | ||
1353 | +=head1 NAME | ||
1354 | + | ||
1355 | +CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks, | ||
1356 | +CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback, | ||
1357 | +CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid, | ||
1358 | +CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support | ||
1359 | + | ||
1360 | +=head1 SYNOPSIS | ||
1361 | + | ||
1362 | + #include <openssl/crypto.h> | ||
1363 | + | ||
1364 | + void CRYPTO_set_locking_callback(void (*locking_function)(int mode, | ||
1365 | + int n, const char *file, int line)); | ||
1366 | + | ||
1367 | + void CRYPTO_set_id_callback(unsigned long (*id_function)(void)); | ||
1368 | + | ||
1369 | + int CRYPTO_num_locks(void); | ||
1370 | + | ||
1371 | + | ||
1372 | + /* struct CRYPTO_dynlock_value needs to be defined by the user */ | ||
1373 | + struct CRYPTO_dynlock_value; | ||
1374 | + | ||
1375 | + void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value * | ||
1376 | + (*dyn_create_function)(char *file, int line)); | ||
1377 | + void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function) | ||
1378 | + (int mode, struct CRYPTO_dynlock_value *l, | ||
1379 | + const char *file, int line)); | ||
1380 | + void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function) | ||
1381 | + (struct CRYPTO_dynlock_value *l, const char *file, int line)); | ||
1382 | + | ||
1383 | + int CRYPTO_get_new_dynlockid(void); | ||
1384 | + | ||
1385 | + void CRYPTO_destroy_dynlockid(int i); | ||
1386 | + | ||
1387 | + void CRYPTO_lock(int mode, int n, const char *file, int line); | ||
1388 | + | ||
1389 | + #define CRYPTO_w_lock(type) \ | ||
1390 | + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) | ||
1391 | + #define CRYPTO_w_unlock(type) \ | ||
1392 | + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) | ||
1393 | + #define CRYPTO_r_lock(type) \ | ||
1394 | + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) | ||
1395 | + #define CRYPTO_r_unlock(type) \ | ||
1396 | + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) | ||
1397 | + #define CRYPTO_add(addr,amount,type) \ | ||
1398 | + CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) | ||
1399 | + | ||
1400 | +=head1 DESCRIPTION | ||
1401 | + | ||
1402 | +OpenSSL can safely be used in multi-threaded applications provided | ||
1403 | +that at least two callback functions are set. | ||
1404 | + | ||
1405 | +locking_function(int mode, int n, const char *file, int line) is | ||
1406 | +needed to perform locking on shared data structures. | ||
1407 | +(Note that OpenSSL uses a number of global data structures that | ||
1408 | +will be implicitly shared whenever multiple threads use OpenSSL.) | ||
1409 | +Multi-threaded applications will crash at random if it is not set. | ||
1410 | + | ||
1411 | +locking_function() must be able to handle up to CRYPTO_num_locks() | ||
1412 | +different mutex locks. It sets the B<n>-th lock if B<mode> & | ||
1413 | +B<CRYPTO_LOCK>, and releases it otherwise. | ||
1414 | + | ||
1415 | +B<file> and B<line> are the file number of the function setting the | ||
1416 | +lock. They can be useful for debugging. | ||
1417 | + | ||
1418 | +id_function(void) is a function that returns a thread ID, for example | ||
1419 | +pthread_self() if it returns an integer (see NOTES below). It isn't | ||
1420 | +needed on Windows nor on platforms where getpid() returns a different | ||
1421 | +ID for each thread (see NOTES below). | ||
1422 | + | ||
1423 | +Additionally, OpenSSL supports dynamic locks, and sometimes, some parts | ||
1424 | +of OpenSSL need it for better performance. To enable this, the following | ||
1425 | +is required: | ||
1426 | + | ||
1427 | +=over 4 | ||
1428 | + | ||
1429 | +=item * | ||
1430 | +Three additional callback function, dyn_create_function, dyn_lock_function | ||
1431 | +and dyn_destroy_function. | ||
1432 | + | ||
1433 | +=item * | ||
1434 | +A structure defined with the data that each lock needs to handle. | ||
1435 | + | ||
1436 | +=back | ||
1437 | + | ||
1438 | +struct CRYPTO_dynlock_value has to be defined to contain whatever structure | ||
1439 | +is needed to handle locks. | ||
1440 | + | ||
1441 | +dyn_create_function(const char *file, int line) is needed to create a | ||
1442 | +lock. Multi-threaded applications might crash at random if it is not set. | ||
1443 | + | ||
1444 | +dyn_lock_function(int mode, CRYPTO_dynlock *l, const char *file, int line) | ||
1445 | +is needed to perform locking off dynamic lock numbered n. Multi-threaded | ||
1446 | +applications might crash at random if it is not set. | ||
1447 | + | ||
1448 | +dyn_destroy_function(CRYPTO_dynlock *l, const char *file, int line) is | ||
1449 | +needed to destroy the lock l. Multi-threaded applications might crash at | ||
1450 | +random if it is not set. | ||
1451 | + | ||
1452 | +CRYPTO_get_new_dynlockid() is used to create locks. It will call | ||
1453 | +dyn_create_function for the actual creation. | ||
1454 | + | ||
1455 | +CRYPTO_destroy_dynlockid() is used to destroy locks. It will call | ||
1456 | +dyn_destroy_function for the actual destruction. | ||
1457 | + | ||
1458 | +CRYPTO_lock() is used to lock and unlock the locks. mode is a bitfield | ||
1459 | +describing what should be done with the lock. n is the number of the | ||
1460 | +lock as returned from CRYPTO_get_new_dynlockid(). mode can be combined | ||
1461 | +from the following values. These values are pairwise exclusive, with | ||
1462 | +undefined behaviour if misused (for example, CRYPTO_READ and CRYPTO_WRITE | ||
1463 | +should not be used together): | ||
1464 | + | ||
1465 | + CRYPTO_LOCK 0x01 | ||
1466 | + CRYPTO_UNLOCK 0x02 | ||
1467 | + CRYPTO_READ 0x04 | ||
1468 | + CRYPTO_WRITE 0x08 | ||
1469 | + | ||
1470 | +=head1 RETURN VALUES | ||
1471 | + | ||
1472 | +CRYPTO_num_locks() returns the required number of locks. | ||
1473 | + | ||
1474 | +CRYPTO_get_new_dynlockid() returns the index to the newly created lock. | ||
1475 | + | ||
1476 | +The other functions return no values. | ||
1477 | + | ||
1478 | +=head1 NOTES | ||
1479 | + | ||
1480 | +You can find out if OpenSSL was configured with thread support: | ||
1481 | + | ||
1482 | + #define OPENSSL_THREAD_DEFINES | ||
1483 | + #include <openssl/opensslconf.h> | ||
1484 | + #if defined(OPENSSL_THREADS) | ||
1485 | + // thread support enabled | ||
1486 | + #else | ||
1487 | + // no thread support | ||
1488 | + #endif | ||
1489 | + | ||
1490 | +Also, dynamic locks are currently not used internally by OpenSSL, but | ||
1491 | +may do so in the future. | ||
1492 | + | ||
1493 | +Defining id_function(void) has it's own issues. Generally speaking, | ||
1494 | +pthread_self() should be used, even on platforms where getpid() gives | ||
1495 | +different answers in each thread, since that may depend on the machine | ||
1496 | +the program is run on, not the machine where the program is being | ||
1497 | +compiled. For instance, Red Hat 8 Linux and earlier used | ||
1498 | +LinuxThreads, whose getpid() returns a different value for each | ||
1499 | +thread. Red Hat 9 Linux and later use NPTL, which is | ||
1500 | +Posix-conformant, and has a getpid() that returns the same value for | ||
1501 | +all threads in a process. A program compiled on Red Hat 8 and run on | ||
1502 | +Red Hat 9 will therefore see getpid() returning the same value for | ||
1503 | +all threads. | ||
1504 | + | ||
1505 | +There is still the issue of platforms where pthread_self() returns | ||
1506 | +something other than an integer. This is a bit unusual, and this | ||
1507 | +manual has no cookbook solution for that case. | ||
1508 | + | ||
1509 | +=head1 EXAMPLES | ||
1510 | + | ||
1511 | +B<crypto/threads/mttest.c> shows examples of the callback functions on | ||
1512 | +Solaris, Irix and Win32. | ||
1513 | + | ||
1514 | +=head1 HISTORY | ||
1515 | + | ||
1516 | +CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() are | ||
1517 | +available in all versions of SSLeay and OpenSSL. | ||
1518 | +CRYPTO_num_locks() was added in OpenSSL 0.9.4. | ||
1519 | +All functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev. | ||
1520 | + | ||
1521 | +=head1 SEE ALSO | ||
1522 | + | ||
1523 | +L<crypto(3)|crypto(3)> | ||
1524 | + | ||
1525 | +=cut | ||
1526 | diff -Naur openssl-0.9.7m/doc/crypto/RAND_add.pod openssl-0.9.7m-man-fixed/doc/crypto/RAND_add.pod | ||
1527 | --- openssl-0.9.7m/doc/crypto/RAND_add.pod 2000-03-22 16:30:03.000000000 +0100 | ||
1528 | +++ openssl-0.9.7m-man-fixed/doc/crypto/RAND_add.pod 2007-03-22 22:24:37.000000000 +0100 | ||
1529 | @@ -65,7 +65,7 @@ | ||
1530 | |||
1531 | =head1 SEE ALSO | ||
1532 | |||
1533 | -L<rand(3)|rand(3)>, L<RAND_egd(3)|RAND_egd(3)>, | ||
1534 | +L<openssl_rand(3)|openssl_rand(3)>, L<RAND_egd(3)|RAND_egd(3)>, | ||
1535 | L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> | ||
1536 | |||
1537 | =head1 HISTORY | ||
1538 | diff -Naur openssl-0.9.7m/doc/crypto/RAND_bytes.pod openssl-0.9.7m-man-fixed/doc/crypto/RAND_bytes.pod | ||
1539 | --- openssl-0.9.7m/doc/crypto/RAND_bytes.pod 2002-09-25 15:34:36.000000000 +0200 | ||
1540 | +++ openssl-0.9.7m-man-fixed/doc/crypto/RAND_bytes.pod 2007-03-22 22:24:37.000000000 +0100 | ||
1541 | @@ -35,7 +35,7 @@ | ||
1542 | |||
1543 | =head1 SEE ALSO | ||
1544 | |||
1545 | -L<rand(3)|rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, | ||
1546 | +L<openssl_rand(3)|openssl_rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, | ||
1547 | L<RAND_add(3)|RAND_add(3)> | ||
1548 | |||
1549 | =head1 HISTORY | ||
1550 | diff -Naur openssl-0.9.7m/doc/crypto/RAND_cleanup.pod openssl-0.9.7m-man-fixed/doc/crypto/RAND_cleanup.pod | ||
1551 | --- openssl-0.9.7m/doc/crypto/RAND_cleanup.pod 2000-01-27 02:25:06.000000000 +0100 | ||
1552 | +++ openssl-0.9.7m-man-fixed/doc/crypto/RAND_cleanup.pod 2007-03-22 22:24:37.000000000 +0100 | ||
1553 | @@ -20,7 +20,7 @@ | ||
1554 | |||
1555 | =head1 SEE ALSO | ||
1556 | |||
1557 | -L<rand(3)|rand(3)> | ||
1558 | +L<openssl_rand(3)|openssl_rand(3)> | ||
1559 | |||
1560 | =head1 HISTORY | ||
1561 | |||
1562 | diff -Naur openssl-0.9.7m/doc/crypto/RAND_egd.pod openssl-0.9.7m-man-fixed/doc/crypto/RAND_egd.pod | ||
1563 | --- openssl-0.9.7m/doc/crypto/RAND_egd.pod 2007-01-12 19:48:00.000000000 +0100 | ||
1564 | +++ openssl-0.9.7m-man-fixed/doc/crypto/RAND_egd.pod 2007-03-22 22:24:37.000000000 +0100 | ||
1565 | @@ -69,7 +69,7 @@ | ||
1566 | |||
1567 | =head1 SEE ALSO | ||
1568 | |||
1569 | -L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, | ||
1570 | +L<openssl_rand(3)|openssl_rand(3)>, L<RAND_add(3)|RAND_add(3)>, | ||
1571 | L<RAND_cleanup(3)|RAND_cleanup(3)> | ||
1572 | |||
1573 | =head1 HISTORY | ||
1574 | diff -Naur openssl-0.9.7m/doc/crypto/RAND_load_file.pod openssl-0.9.7m-man-fixed/doc/crypto/RAND_load_file.pod | ||
1575 | --- openssl-0.9.7m/doc/crypto/RAND_load_file.pod 2001-03-21 16:25:56.000000000 +0100 | ||
1576 | +++ openssl-0.9.7m-man-fixed/doc/crypto/RAND_load_file.pod 2007-03-22 22:24:37.000000000 +0100 | ||
1577 | @@ -43,7 +43,7 @@ | ||
1578 | |||
1579 | =head1 SEE ALSO | ||
1580 | |||
1581 | -L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> | ||
1582 | +L<openssl_rand(3)|openssl_rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> | ||
1583 | |||
1584 | =head1 HISTORY | ||
1585 | |||
1586 | diff -Naur openssl-0.9.7m/doc/crypto/rand.pod openssl-0.9.7m-man-fixed/doc/crypto/rand.pod | ||
1587 | --- openssl-0.9.7m/doc/crypto/rand.pod 2002-08-05 18:28:59.000000000 +0200 | ||
1588 | +++ openssl-0.9.7m-man-fixed/doc/crypto/rand.pod 1970-01-01 01:00:00.000000000 +0100 | ||
1589 | @@ -1,175 +0,0 @@ | ||
1590 | -=pod | ||
1591 | - | ||
1592 | -=head1 NAME | ||
1593 | - | ||
1594 | -rand - pseudo-random number generator | ||
1595 | - | ||
1596 | -=head1 SYNOPSIS | ||
1597 | - | ||
1598 | - #include <openssl/rand.h> | ||
1599 | - | ||
1600 | - int RAND_set_rand_engine(ENGINE *engine); | ||
1601 | - | ||
1602 | - int RAND_bytes(unsigned char *buf, int num); | ||
1603 | - int RAND_pseudo_bytes(unsigned char *buf, int num); | ||
1604 | - | ||
1605 | - void RAND_seed(const void *buf, int num); | ||
1606 | - void RAND_add(const void *buf, int num, int entropy); | ||
1607 | - int RAND_status(void); | ||
1608 | - | ||
1609 | - int RAND_load_file(const char *file, long max_bytes); | ||
1610 | - int RAND_write_file(const char *file); | ||
1611 | - const char *RAND_file_name(char *file, size_t num); | ||
1612 | - | ||
1613 | - int RAND_egd(const char *path); | ||
1614 | - | ||
1615 | - void RAND_set_rand_method(const RAND_METHOD *meth); | ||
1616 | - const RAND_METHOD *RAND_get_rand_method(void); | ||
1617 | - RAND_METHOD *RAND_SSLeay(void); | ||
1618 | - | ||
1619 | - void RAND_cleanup(void); | ||
1620 | - | ||
1621 | - /* For Win32 only */ | ||
1622 | - void RAND_screen(void); | ||
1623 | - int RAND_event(UINT, WPARAM, LPARAM); | ||
1624 | - | ||
1625 | -=head1 DESCRIPTION | ||
1626 | - | ||
1627 | -Since the introduction of the ENGINE API, the recommended way of controlling | ||
1628 | -default implementations is by using the ENGINE API functions. The default | ||
1629 | -B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by | ||
1630 | -RAND_get_rand_method(), is only used if no ENGINE has been set as the default | ||
1631 | -"rand" implementation. Hence, these two functions are no longer the recommened | ||
1632 | -way to control defaults. | ||
1633 | - | ||
1634 | -If an alternative B<RAND_METHOD> implementation is being used (either set | ||
1635 | -directly or as provided by an ENGINE module), then it is entirely responsible | ||
1636 | -for the generation and management of a cryptographically secure PRNG stream. The | ||
1637 | -mechanisms described below relate solely to the software PRNG implementation | ||
1638 | -built in to OpenSSL and used by default. | ||
1639 | - | ||
1640 | -These functions implement a cryptographically secure pseudo-random | ||
1641 | -number generator (PRNG). It is used by other library functions for | ||
1642 | -example to generate random keys, and applications can use it when they | ||
1643 | -need randomness. | ||
1644 | - | ||
1645 | -A cryptographic PRNG must be seeded with unpredictable data such as | ||
1646 | -mouse movements or keys pressed at random by the user. This is | ||
1647 | -described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file | ||
1648 | -(see L<RAND_load_file(3)|RAND_load_file(3)>) to avoid having to go through the | ||
1649 | -seeding process whenever the application is started. | ||
1650 | - | ||
1651 | -L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the | ||
1652 | -PRNG. | ||
1653 | - | ||
1654 | -=head1 INTERNALS | ||
1655 | - | ||
1656 | -The RAND_SSLeay() method implements a PRNG based on a cryptographic | ||
1657 | -hash function. | ||
1658 | - | ||
1659 | -The following description of its design is based on the SSLeay | ||
1660 | -documentation: | ||
1661 | - | ||
1662 | -First up I will state the things I believe I need for a good RNG. | ||
1663 | - | ||
1664 | -=over 4 | ||
1665 | - | ||
1666 | -=item 1 | ||
1667 | - | ||
1668 | -A good hashing algorithm to mix things up and to convert the RNG 'state' | ||
1669 | -to random numbers. | ||
1670 | - | ||
1671 | -=item 2 | ||
1672 | - | ||
1673 | -An initial source of random 'state'. | ||
1674 | - | ||
1675 | -=item 3 | ||
1676 | - | ||
1677 | -The state should be very large. If the RNG is being used to generate | ||
1678 | -4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum). | ||
1679 | -If your RNG state only has 128 bits, you are obviously limiting the | ||
1680 | -search space to 128 bits, not 2048. I'm probably getting a little | ||
1681 | -carried away on this last point but it does indicate that it may not be | ||
1682 | -a bad idea to keep quite a lot of RNG state. It should be easier to | ||
1683 | -break a cipher than guess the RNG seed data. | ||
1684 | - | ||
1685 | -=item 4 | ||
1686 | - | ||
1687 | -Any RNG seed data should influence all subsequent random numbers | ||
1688 | -generated. This implies that any random seed data entered will have | ||
1689 | -an influence on all subsequent random numbers generated. | ||
1690 | - | ||
1691 | -=item 5 | ||
1692 | - | ||
1693 | -When using data to seed the RNG state, the data used should not be | ||
1694 | -extractable from the RNG state. I believe this should be a | ||
1695 | -requirement because one possible source of 'secret' semi random | ||
1696 | -data would be a private key or a password. This data must | ||
1697 | -not be disclosed by either subsequent random numbers or a | ||
1698 | -'core' dump left by a program crash. | ||
1699 | - | ||
1700 | -=item 6 | ||
1701 | - | ||
1702 | -Given the same initial 'state', 2 systems should deviate in their RNG state | ||
1703 | -(and hence the random numbers generated) over time if at all possible. | ||
1704 | - | ||
1705 | -=item 7 | ||
1706 | - | ||
1707 | -Given the random number output stream, it should not be possible to determine | ||
1708 | -the RNG state or the next random number. | ||
1709 | - | ||
1710 | -=back | ||
1711 | - | ||
1712 | -The algorithm is as follows. | ||
1713 | - | ||
1714 | -There is global state made up of a 1023 byte buffer (the 'state'), a | ||
1715 | -working hash value ('md'), and a counter ('count'). | ||
1716 | - | ||
1717 | -Whenever seed data is added, it is inserted into the 'state' as | ||
1718 | -follows. | ||
1719 | - | ||
1720 | -The input is chopped up into units of 20 bytes (or less for | ||
1721 | -the last block). Each of these blocks is run through the hash | ||
1722 | -function as follows: The data passed to the hash function | ||
1723 | -is the current 'md', the same number of bytes from the 'state' | ||
1724 | -(the location determined by in incremented looping index) as | ||
1725 | -the current 'block', the new key data 'block', and 'count' | ||
1726 | -(which is incremented after each use). | ||
1727 | -The result of this is kept in 'md' and also xored into the | ||
1728 | -'state' at the same locations that were used as input into the | ||
1729 | -hash function. I | ||
1730 | -believe this system addresses points 1 (hash function; currently | ||
1731 | -SHA-1), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash | ||
1732 | -function and xor). | ||
1733 | - | ||
1734 | -When bytes are extracted from the RNG, the following process is used. | ||
1735 | -For each group of 10 bytes (or less), we do the following: | ||
1736 | - | ||
1737 | -Input into the hash function the local 'md' (which is initialized from | ||
1738 | -the global 'md' before any bytes are generated), the bytes that are to | ||
1739 | -be overwritten by the random bytes, and bytes from the 'state' | ||
1740 | -(incrementing looping index). From this digest output (which is kept | ||
1741 | -in 'md'), the top (up to) 10 bytes are returned to the caller and the | ||
1742 | -bottom 10 bytes are xored into the 'state'. | ||
1743 | - | ||
1744 | -Finally, after we have finished 'num' random bytes for the caller, | ||
1745 | -'count' (which is incremented) and the local and global 'md' are fed | ||
1746 | -into the hash function and the results are kept in the global 'md'. | ||
1747 | - | ||
1748 | -I believe the above addressed points 1 (use of SHA-1), 6 (by hashing | ||
1749 | -into the 'state' the 'old' data from the caller that is about to be | ||
1750 | -overwritten) and 7 (by not using the 10 bytes given to the caller to | ||
1751 | -update the 'state', but they are used to update 'md'). | ||
1752 | - | ||
1753 | -So of the points raised, only 2 is not addressed (but see | ||
1754 | -L<RAND_add(3)|RAND_add(3)>). | ||
1755 | - | ||
1756 | -=head1 SEE ALSO | ||
1757 | - | ||
1758 | -L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>, | ||
1759 | -L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_egd(3)|RAND_egd(3)>, | ||
1760 | -L<RAND_bytes(3)|RAND_bytes(3)>, | ||
1761 | -L<RAND_set_rand_method(3)|RAND_set_rand_method(3)>, | ||
1762 | -L<RAND_cleanup(3)|RAND_cleanup(3)> | ||
1763 | - | ||
1764 | -=cut | ||
1765 | diff -Naur openssl-0.9.7m/doc/crypto/RAND_set_rand_method.pod openssl-0.9.7m-man-fixed/doc/crypto/RAND_set_rand_method.pod | ||
1766 | --- openssl-0.9.7m/doc/crypto/RAND_set_rand_method.pod 2002-08-05 18:28:58.000000000 +0200 | ||
1767 | +++ openssl-0.9.7m-man-fixed/doc/crypto/RAND_set_rand_method.pod 2007-03-22 22:24:37.000000000 +0100 | ||
1768 | @@ -67,7 +67,7 @@ | ||
1769 | |||
1770 | =head1 SEE ALSO | ||
1771 | |||
1772 | -L<rand(3)|rand(3)>, L<engine(3)|engine(3)> | ||
1773 | +L<openssl_rand(3)|openssl_rand(3)>, L<engine(3)|engine(3)> | ||
1774 | |||
1775 | =head1 HISTORY | ||
1776 | |||
1777 | diff -Naur openssl-0.9.7m/doc/crypto/RSA_blinding_on.pod openssl-0.9.7m-man-fixed/doc/crypto/RSA_blinding_on.pod | ||
1778 | --- openssl-0.9.7m/doc/crypto/RSA_blinding_on.pod 2000-02-24 12:55:10.000000000 +0100 | ||
1779 | +++ openssl-0.9.7m-man-fixed/doc/crypto/RSA_blinding_on.pod 2007-03-22 22:24:37.000000000 +0100 | ||
1780 | @@ -34,7 +34,7 @@ | ||
1781 | |||
1782 | =head1 SEE ALSO | ||
1783 | |||
1784 | -L<rsa(3)|rsa(3)>, L<rand(3)|rand(3)> | ||
1785 | +L<rsa(3)|rsa(3)>, L<openssl_rand(3)|openssl_rand(3)> | ||
1786 | |||
1787 | =head1 HISTORY | ||
1788 | |||
1789 | diff -Naur openssl-0.9.7m/doc/crypto/RSA_generate_key.pod openssl-0.9.7m-man-fixed/doc/crypto/RSA_generate_key.pod | ||
1790 | --- openssl-0.9.7m/doc/crypto/RSA_generate_key.pod 2002-09-25 15:34:36.000000000 +0200 | ||
1791 | +++ openssl-0.9.7m-man-fixed/doc/crypto/RSA_generate_key.pod 2007-03-22 22:24:37.000000000 +0100 | ||
1792 | @@ -59,7 +59,7 @@ | ||
1793 | |||
1794 | =head1 SEE ALSO | ||
1795 | |||
1796 | -L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, | ||
1797 | +L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, | ||
1798 | L<RSA_free(3)|RSA_free(3)> | ||
1799 | |||
1800 | =head1 HISTORY | ||
1801 | diff -Naur openssl-0.9.7m/doc/crypto/rsa.pod openssl-0.9.7m-man-fixed/doc/crypto/rsa.pod | ||
1802 | --- openssl-0.9.7m/doc/crypto/rsa.pod 2002-08-04 23:10:05.000000000 +0200 | ||
1803 | +++ openssl-0.9.7m-man-fixed/doc/crypto/rsa.pod 2007-03-22 22:24:37.000000000 +0100 | ||
1804 | @@ -108,7 +108,7 @@ | ||
1805 | =head1 SEE ALSO | ||
1806 | |||
1807 | L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, | ||
1808 | -L<rand(3)|rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>, | ||
1809 | +L<openssl_rand(3)|openssl_rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>, | ||
1810 | L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>, | ||
1811 | L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>, | ||
1812 | L<RSA_generate_key(3)|RSA_generate_key(3)>, | ||
1813 | diff -Naur openssl-0.9.7m/doc/crypto/RSA_public_encrypt.pod openssl-0.9.7m-man-fixed/doc/crypto/RSA_public_encrypt.pod | ||
1814 | --- openssl-0.9.7m/doc/crypto/RSA_public_encrypt.pod 2004-03-23 22:01:42.000000000 +0100 | ||
1815 | +++ openssl-0.9.7m-man-fixed/doc/crypto/RSA_public_encrypt.pod 2007-03-22 22:24:37.000000000 +0100 | ||
1816 | @@ -73,7 +73,7 @@ | ||
1817 | |||
1818 | =head1 SEE ALSO | ||
1819 | |||
1820 | -L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, | ||
1821 | +L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, | ||
1822 | L<RSA_size(3)|RSA_size(3)> | ||
1823 | |||
1824 | =head1 HISTORY | ||
1825 | diff -Naur openssl-0.9.7m/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod openssl-0.9.7m-man-fixed/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod | ||
1826 | --- openssl-0.9.7m/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod 2002-09-25 15:34:37.000000000 +0200 | ||
1827 | +++ openssl-0.9.7m-man-fixed/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod 2007-03-22 22:24:37.000000000 +0100 | ||
1828 | @@ -48,7 +48,7 @@ | ||
1829 | =head1 SEE ALSO | ||
1830 | |||
1831 | L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>, | ||
1832 | -L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, | ||
1833 | +L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, | ||
1834 | L<RSA_verify(3)|RSA_verify(3)> | ||
1835 | |||
1836 | =head1 HISTORY | ||
1837 | diff -Naur openssl-0.9.7m/doc/crypto/threads.pod openssl-0.9.7m-man-fixed/doc/crypto/threads.pod | ||
1838 | --- openssl-0.9.7m/doc/crypto/threads.pod 2005-06-18 07:52:20.000000000 +0200 | ||
1839 | +++ openssl-0.9.7m-man-fixed/doc/crypto/threads.pod 1970-01-01 01:00:00.000000000 +0100 | ||
1840 | @@ -1,175 +0,0 @@ | ||
1841 | -=pod | ||
1842 | - | ||
1843 | -=head1 NAME | ||
1844 | - | ||
1845 | -CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks, | ||
1846 | -CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback, | ||
1847 | -CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid, | ||
1848 | -CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support | ||
1849 | - | ||
1850 | -=head1 SYNOPSIS | ||
1851 | - | ||
1852 | - #include <openssl/crypto.h> | ||
1853 | - | ||
1854 | - void CRYPTO_set_locking_callback(void (*locking_function)(int mode, | ||
1855 | - int n, const char *file, int line)); | ||
1856 | - | ||
1857 | - void CRYPTO_set_id_callback(unsigned long (*id_function)(void)); | ||
1858 | - | ||
1859 | - int CRYPTO_num_locks(void); | ||
1860 | - | ||
1861 | - | ||
1862 | - /* struct CRYPTO_dynlock_value needs to be defined by the user */ | ||
1863 | - struct CRYPTO_dynlock_value; | ||
1864 | - | ||
1865 | - void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value * | ||
1866 | - (*dyn_create_function)(char *file, int line)); | ||
1867 | - void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function) | ||
1868 | - (int mode, struct CRYPTO_dynlock_value *l, | ||
1869 | - const char *file, int line)); | ||
1870 | - void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function) | ||
1871 | - (struct CRYPTO_dynlock_value *l, const char *file, int line)); | ||
1872 | - | ||
1873 | - int CRYPTO_get_new_dynlockid(void); | ||
1874 | - | ||
1875 | - void CRYPTO_destroy_dynlockid(int i); | ||
1876 | - | ||
1877 | - void CRYPTO_lock(int mode, int n, const char *file, int line); | ||
1878 | - | ||
1879 | - #define CRYPTO_w_lock(type) \ | ||
1880 | - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) | ||
1881 | - #define CRYPTO_w_unlock(type) \ | ||
1882 | - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) | ||
1883 | - #define CRYPTO_r_lock(type) \ | ||
1884 | - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) | ||
1885 | - #define CRYPTO_r_unlock(type) \ | ||
1886 | - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) | ||
1887 | - #define CRYPTO_add(addr,amount,type) \ | ||
1888 | - CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) | ||
1889 | - | ||
1890 | -=head1 DESCRIPTION | ||
1891 | - | ||
1892 | -OpenSSL can safely be used in multi-threaded applications provided | ||
1893 | -that at least two callback functions are set. | ||
1894 | - | ||
1895 | -locking_function(int mode, int n, const char *file, int line) is | ||
1896 | -needed to perform locking on shared data structures. | ||
1897 | -(Note that OpenSSL uses a number of global data structures that | ||
1898 | -will be implicitly shared whenever multiple threads use OpenSSL.) | ||
1899 | -Multi-threaded applications will crash at random if it is not set. | ||
1900 | - | ||
1901 | -locking_function() must be able to handle up to CRYPTO_num_locks() | ||
1902 | -different mutex locks. It sets the B<n>-th lock if B<mode> & | ||
1903 | -B<CRYPTO_LOCK>, and releases it otherwise. | ||
1904 | - | ||
1905 | -B<file> and B<line> are the file number of the function setting the | ||
1906 | -lock. They can be useful for debugging. | ||
1907 | - | ||
1908 | -id_function(void) is a function that returns a thread ID, for example | ||
1909 | -pthread_self() if it returns an integer (see NOTES below). It isn't | ||
1910 | -needed on Windows nor on platforms where getpid() returns a different | ||
1911 | -ID for each thread (see NOTES below). | ||
1912 | - | ||
1913 | -Additionally, OpenSSL supports dynamic locks, and sometimes, some parts | ||
1914 | -of OpenSSL need it for better performance. To enable this, the following | ||
1915 | -is required: | ||
1916 | - | ||
1917 | -=over 4 | ||
1918 | - | ||
1919 | -=item * | ||
1920 | -Three additional callback function, dyn_create_function, dyn_lock_function | ||
1921 | -and dyn_destroy_function. | ||
1922 | - | ||
1923 | -=item * | ||
1924 | -A structure defined with the data that each lock needs to handle. | ||
1925 | - | ||
1926 | -=back | ||
1927 | - | ||
1928 | -struct CRYPTO_dynlock_value has to be defined to contain whatever structure | ||
1929 | -is needed to handle locks. | ||
1930 | - | ||
1931 | -dyn_create_function(const char *file, int line) is needed to create a | ||
1932 | -lock. Multi-threaded applications might crash at random if it is not set. | ||
1933 | - | ||
1934 | -dyn_lock_function(int mode, CRYPTO_dynlock *l, const char *file, int line) | ||
1935 | -is needed to perform locking off dynamic lock numbered n. Multi-threaded | ||
1936 | -applications might crash at random if it is not set. | ||
1937 | - | ||
1938 | -dyn_destroy_function(CRYPTO_dynlock *l, const char *file, int line) is | ||
1939 | -needed to destroy the lock l. Multi-threaded applications might crash at | ||
1940 | -random if it is not set. | ||
1941 | - | ||
1942 | -CRYPTO_get_new_dynlockid() is used to create locks. It will call | ||
1943 | -dyn_create_function for the actual creation. | ||
1944 | - | ||
1945 | -CRYPTO_destroy_dynlockid() is used to destroy locks. It will call | ||
1946 | -dyn_destroy_function for the actual destruction. | ||
1947 | - | ||
1948 | -CRYPTO_lock() is used to lock and unlock the locks. mode is a bitfield | ||
1949 | -describing what should be done with the lock. n is the number of the | ||
1950 | -lock as returned from CRYPTO_get_new_dynlockid(). mode can be combined | ||
1951 | -from the following values. These values are pairwise exclusive, with | ||
1952 | -undefined behaviour if misused (for example, CRYPTO_READ and CRYPTO_WRITE | ||
1953 | -should not be used together): | ||
1954 | - | ||
1955 | - CRYPTO_LOCK 0x01 | ||
1956 | - CRYPTO_UNLOCK 0x02 | ||
1957 | - CRYPTO_READ 0x04 | ||
1958 | - CRYPTO_WRITE 0x08 | ||
1959 | - | ||
1960 | -=head1 RETURN VALUES | ||
1961 | - | ||
1962 | -CRYPTO_num_locks() returns the required number of locks. | ||
1963 | - | ||
1964 | -CRYPTO_get_new_dynlockid() returns the index to the newly created lock. | ||
1965 | - | ||
1966 | -The other functions return no values. | ||
1967 | - | ||
1968 | -=head1 NOTES | ||
1969 | - | ||
1970 | -You can find out if OpenSSL was configured with thread support: | ||
1971 | - | ||
1972 | - #define OPENSSL_THREAD_DEFINES | ||
1973 | - #include <openssl/opensslconf.h> | ||
1974 | - #if defined(OPENSSL_THREADS) | ||
1975 | - // thread support enabled | ||
1976 | - #else | ||
1977 | - // no thread support | ||
1978 | - #endif | ||
1979 | - | ||
1980 | -Also, dynamic locks are currently not used internally by OpenSSL, but | ||
1981 | -may do so in the future. | ||
1982 | - | ||
1983 | -Defining id_function(void) has it's own issues. Generally speaking, | ||
1984 | -pthread_self() should be used, even on platforms where getpid() gives | ||
1985 | -different answers in each thread, since that may depend on the machine | ||
1986 | -the program is run on, not the machine where the program is being | ||
1987 | -compiled. For instance, Red Hat 8 Linux and earlier used | ||
1988 | -LinuxThreads, whose getpid() returns a different value for each | ||
1989 | -thread. Red Hat 9 Linux and later use NPTL, which is | ||
1990 | -Posix-conformant, and has a getpid() that returns the same value for | ||
1991 | -all threads in a process. A program compiled on Red Hat 8 and run on | ||
1992 | -Red Hat 9 will therefore see getpid() returning the same value for | ||
1993 | -all threads. | ||
1994 | - | ||
1995 | -There is still the issue of platforms where pthread_self() returns | ||
1996 | -something other than an integer. This is a bit unusual, and this | ||
1997 | -manual has no cookbook solution for that case. | ||
1998 | - | ||
1999 | -=head1 EXAMPLES | ||
2000 | - | ||
2001 | -B<crypto/threads/mttest.c> shows examples of the callback functions on | ||
2002 | -Solaris, Irix and Win32. | ||
2003 | - | ||
2004 | -=head1 HISTORY | ||
2005 | - | ||
2006 | -CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() are | ||
2007 | -available in all versions of SSLeay and OpenSSL. | ||
2008 | -CRYPTO_num_locks() was added in OpenSSL 0.9.4. | ||
2009 | -All functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev. | ||
2010 | - | ||
2011 | -=head1 SEE ALSO | ||
2012 | - | ||
2013 | -L<crypto(3)|crypto(3)> | ||
2014 | - | ||
2015 | -=cut | ||
2016 | diff -Naur openssl-0.9.7m/doc/crypto/X509_NAME_ENTRY_get_object.pod openssl-0.9.7m-man-fixed/doc/crypto/X509_NAME_ENTRY_get_object.pod | ||
2017 | --- openssl-0.9.7m/doc/crypto/X509_NAME_ENTRY_get_object.pod 2005-03-30 11:47:11.000000000 +0200 | ||
2018 | +++ openssl-0.9.7m-man-fixed/doc/crypto/X509_NAME_ENTRY_get_object.pod 2007-03-22 22:24:37.000000000 +0100 | ||
2019 | @@ -63,7 +63,7 @@ | ||
2020 | =head1 SEE ALSO | ||
2021 | |||
2022 | L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>, | ||
2023 | -L<OBJ_nid2obj(3),OBJ_nid2obj(3)> | ||
2024 | +L<OBJ_nid2obj(3)|OBJ_nid2obj(3)> | ||
2025 | |||
2026 | =head1 HISTORY | ||
2027 | |||
2028 | diff -Naur openssl-0.9.7m/doc/ssl/SSL_get_error.pod openssl-0.9.7m-man-fixed/doc/ssl/SSL_get_error.pod | ||
2029 | --- openssl-0.9.7m/doc/ssl/SSL_get_error.pod 2005-03-30 11:47:12.000000000 +0200 | ||
2030 | +++ openssl-0.9.7m-man-fixed/doc/ssl/SSL_get_error.pod 2007-03-22 22:24:37.000000000 +0100 | ||
2031 | @@ -105,7 +105,7 @@ | ||
2032 | |||
2033 | =head1 SEE ALSO | ||
2034 | |||
2035 | -L<ssl(3)|ssl(3)>, L<err(3)|err(3)> | ||
2036 | +L<ssl(3)|ssl(3)>, L<openssl_err(3)|openssl_err(3)> | ||
2037 | |||
2038 | =head1 HISTORY | ||
2039 | |||
2040 | diff -Naur openssl-0.9.7m/doc/ssl/SSL_want.pod openssl-0.9.7m-man-fixed/doc/ssl/SSL_want.pod | ||
2041 | --- openssl-0.9.7m/doc/ssl/SSL_want.pod 2005-03-30 11:47:12.000000000 +0200 | ||
2042 | +++ openssl-0.9.7m-man-fixed/doc/ssl/SSL_want.pod 2007-03-22 22:24:37.000000000 +0100 | ||
2043 | @@ -72,6 +72,6 @@ | ||
2044 | |||
2045 | =head1 SEE ALSO | ||
2046 | |||
2047 | -L<ssl(3)|ssl(3)>, L<err(3)|err(3)>, L<SSL_get_error(3)|SSL_get_error(3)> | ||
2048 | +L<ssl(3)|ssl(3)>, L<openssl_err(3)|openssl_err(3)>, L<SSL_get_error(3)|SSL_get_error(3)> | ||
2049 | |||
2050 | =cut | ||
2051 | diff -Naur openssl-0.9.7m/FAQ openssl-0.9.7m-man-fixed/FAQ | ||
2052 | --- openssl-0.9.7m/FAQ 2007-02-23 13:07:19.000000000 +0100 | ||
2053 | +++ openssl-0.9.7m-man-fixed/FAQ 2007-03-22 22:25:48.000000000 +0100 | ||
2054 | @@ -609,7 +609,7 @@ | ||
2055 | |||
2056 | Multi-threaded applications must provide two callback functions to | ||
2057 | OpenSSL by calling CRYPTO_set_locking_callback() and | ||
2058 | -CRYPTO_set_id_callback(). This is described in the threads(3) | ||
2059 | +CRYPTO_set_id_callback(). This is described in the openssl_threads(3) | ||
2060 | manpage. | ||
2061 | |||
2062 | * I've compiled a program under Windows and it crashes: why? |