Contents of /trunk/openssl/patches/openssl-1.0.0a-fix-manpages.patch
Parent Directory | Revision Log
Revision 1085 -
(show annotations)
(download)
Tue Aug 17 22:46:32 2010 UTC (14 years, 1 month ago) by niro
File size: 66859 byte(s)
Tue Aug 17 22:46:32 2010 UTC (14 years, 1 month ago) by niro
File size: 66859 byte(s)
fixed
1 | --- crypto/rand/md_rand.c 2009-01-03 10:25:32.000000000 +0100 |
2 | +++ crypto/rand/md_rand.c 2010-04-01 00:45:00.746327192 +0200 |
3 | @@ -196,7 +196,7 @@ |
4 | int do_not_lock; |
5 | |
6 | /* |
7 | - * (Based on the rand(3) manpage) |
8 | + * (Based on the openssl_rand(3) manpage) |
9 | * |
10 | * The input is chopped up into units of 20 bytes (or less for |
11 | * the last block). Each of these blocks is run through the hash |
12 | @@ -361,7 +361,7 @@ |
13 | num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2); |
14 | |
15 | /* |
16 | - * (Based on the rand(3) manpage:) |
17 | + * (Based on the openssl_rand(3) manpage) |
18 | * |
19 | * For each group of 10 bytes (or less), we do the following: |
20 | * |
21 | --- doc/apps/openssl-passwd.pod 1970-01-01 01:00:00.000000000 +0100 |
22 | +++ doc/apps/openssl-passwd.pod 2010-04-01 00:45:00.796327220 +0200 |
23 | @@ -0,0 +1,82 @@ |
24 | +=pod |
25 | + |
26 | +=head1 NAME |
27 | + |
28 | +openssl-passwd - compute password hashes |
29 | + |
30 | +=head1 SYNOPSIS |
31 | + |
32 | +B<openssl passwd> |
33 | +[B<-crypt>] |
34 | +[B<-1>] |
35 | +[B<-apr1>] |
36 | +[B<-salt> I<string>] |
37 | +[B<-in> I<file>] |
38 | +[B<-stdin>] |
39 | +[B<-noverify>] |
40 | +[B<-quiet>] |
41 | +[B<-table>] |
42 | +{I<password>} |
43 | + |
44 | +=head1 DESCRIPTION |
45 | + |
46 | +The B<passwd> command computes the hash of a password typed at |
47 | +run-time or the hash of each password in a list. The password list is |
48 | +taken from the named file for option B<-in file>, from stdin for |
49 | +option B<-stdin>, or from the command line, or from the terminal otherwise. |
50 | +The Unix standard algorithm B<crypt> and the MD5-based BSD password |
51 | +algorithm B<1> and its Apache variant B<apr1> are available. |
52 | + |
53 | +=head1 OPTIONS |
54 | + |
55 | +=over 4 |
56 | + |
57 | +=item B<-crypt> |
58 | + |
59 | +Use the B<crypt> algorithm (default). |
60 | + |
61 | +=item B<-1> |
62 | + |
63 | +Use the MD5 based BSD password algorithm B<1>. |
64 | + |
65 | +=item B<-apr1> |
66 | + |
67 | +Use the B<apr1> algorithm (Apache variant of the BSD algorithm). |
68 | + |
69 | +=item B<-salt> I<string> |
70 | + |
71 | +Use the specified salt. |
72 | +When reading a password from the terminal, this implies B<-noverify>. |
73 | + |
74 | +=item B<-in> I<file> |
75 | + |
76 | +Read passwords from I<file>. |
77 | + |
78 | +=item B<-stdin> |
79 | + |
80 | +Read passwords from B<stdin>. |
81 | + |
82 | +=item B<-noverify> |
83 | + |
84 | +Don't verify when reading a password from the terminal. |
85 | + |
86 | +=item B<-quiet> |
87 | + |
88 | +Don't output warnings when passwords given at the command line are truncated. |
89 | + |
90 | +=item B<-table> |
91 | + |
92 | +In the output list, prepend the cleartext password and a TAB character |
93 | +to each password hash. |
94 | + |
95 | +=back |
96 | + |
97 | +=head1 EXAMPLES |
98 | + |
99 | +B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>. |
100 | + |
101 | +B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>. |
102 | + |
103 | +B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>. |
104 | + |
105 | +=cut |
106 | --- doc/apps/openssl.pod 2010-01-21 19:46:28.000000000 +0100 |
107 | +++ doc/apps/openssl.pod 2010-04-01 00:45:00.796327220 +0200 |
108 | @@ -163,7 +163,7 @@ |
109 | |
110 | Online Certificate Status Protocol utility. |
111 | |
112 | -=item L<B<passwd>|passwd(1)> |
113 | +=item L<B<passwd>|openssl-passwd(1)> |
114 | |
115 | Generation of hashed passwords. |
116 | |
117 | @@ -401,7 +401,7 @@ |
118 | L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>, |
119 | L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, L<genpkey(1)|genpkey(1)>, |
120 | L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>, |
121 | -L<passwd(1)|passwd(1)>, |
122 | +L<openssl-passwd(1)|openssl-passwd(1)>, |
123 | L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>, |
124 | L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>, |
125 | L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>, |
126 | --- doc/apps/passwd.pod 2002-10-04 14:59:00.000000000 +0200 |
127 | +++ doc/apps/passwd.pod 1970-01-01 01:00:00.000000000 +0100 |
128 | @@ -1,82 +0,0 @@ |
129 | -=pod |
130 | - |
131 | -=head1 NAME |
132 | - |
133 | -passwd - compute password hashes |
134 | - |
135 | -=head1 SYNOPSIS |
136 | - |
137 | -B<openssl passwd> |
138 | -[B<-crypt>] |
139 | -[B<-1>] |
140 | -[B<-apr1>] |
141 | -[B<-salt> I<string>] |
142 | -[B<-in> I<file>] |
143 | -[B<-stdin>] |
144 | -[B<-noverify>] |
145 | -[B<-quiet>] |
146 | -[B<-table>] |
147 | -{I<password>} |
148 | - |
149 | -=head1 DESCRIPTION |
150 | - |
151 | -The B<passwd> command computes the hash of a password typed at |
152 | -run-time or the hash of each password in a list. The password list is |
153 | -taken from the named file for option B<-in file>, from stdin for |
154 | -option B<-stdin>, or from the command line, or from the terminal otherwise. |
155 | -The Unix standard algorithm B<crypt> and the MD5-based BSD password |
156 | -algorithm B<1> and its Apache variant B<apr1> are available. |
157 | - |
158 | -=head1 OPTIONS |
159 | - |
160 | -=over 4 |
161 | - |
162 | -=item B<-crypt> |
163 | - |
164 | -Use the B<crypt> algorithm (default). |
165 | - |
166 | -=item B<-1> |
167 | - |
168 | -Use the MD5 based BSD password algorithm B<1>. |
169 | - |
170 | -=item B<-apr1> |
171 | - |
172 | -Use the B<apr1> algorithm (Apache variant of the BSD algorithm). |
173 | - |
174 | -=item B<-salt> I<string> |
175 | - |
176 | -Use the specified salt. |
177 | -When reading a password from the terminal, this implies B<-noverify>. |
178 | - |
179 | -=item B<-in> I<file> |
180 | - |
181 | -Read passwords from I<file>. |
182 | - |
183 | -=item B<-stdin> |
184 | - |
185 | -Read passwords from B<stdin>. |
186 | - |
187 | -=item B<-noverify> |
188 | - |
189 | -Don't verify when reading a password from the terminal. |
190 | - |
191 | -=item B<-quiet> |
192 | - |
193 | -Don't output warnings when passwords given at the command line are truncated. |
194 | - |
195 | -=item B<-table> |
196 | - |
197 | -In the output list, prepend the cleartext password and a TAB character |
198 | -to each password hash. |
199 | - |
200 | -=back |
201 | - |
202 | -=head1 EXAMPLES |
203 | - |
204 | -B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>. |
205 | - |
206 | -B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>. |
207 | - |
208 | -B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>. |
209 | - |
210 | -=cut |
211 | --- doc/crypto/BN_generate_prime.pod 2003-01-13 14:18:22.000000000 +0100 |
212 | +++ doc/crypto/BN_generate_prime.pod 2010-04-01 00:45:00.824035190 +0200 |
213 | @@ -90,7 +90,7 @@ |
214 | |
215 | =head1 SEE ALSO |
216 | |
217 | -L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)> |
218 | +L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)> |
219 | |
220 | =head1 HISTORY |
221 | |
222 | --- doc/crypto/bn.pod 2008-07-03 21:59:24.000000000 +0200 |
223 | +++ doc/crypto/bn.pod 2010-04-01 00:45:01.022993777 +0200 |
224 | @@ -167,7 +167,7 @@ |
225 | =head1 SEE ALSO |
226 | |
227 | L<bn_internal(3)|bn_internal(3)>, |
228 | -L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, |
229 | +L<dh(3)|dh(3)>, L<openssl_err(3)|openssl_err(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, |
230 | L<BN_new(3)|BN_new(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>, |
231 | L<BN_copy(3)|BN_copy(3)>, L<BN_swap(3)|BN_swap(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>, |
232 | L<BN_add(3)|BN_add(3)>, L<BN_add_word(3)|BN_add_word(3)>, |
233 | --- doc/crypto/BN_rand.pod 2002-09-25 15:33:26.000000000 +0200 |
234 | +++ doc/crypto/BN_rand.pod 2010-04-01 00:45:00.824035190 +0200 |
235 | @@ -45,7 +45,7 @@ |
236 | |
237 | =head1 SEE ALSO |
238 | |
239 | -L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, |
240 | +L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, |
241 | L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)> |
242 | |
243 | =head1 HISTORY |
244 | --- doc/crypto/CONF_modules_free.pod 2006-12-21 22:13:27.000000000 +0100 |
245 | +++ doc/crypto/CONF_modules_free.pod 2010-04-01 00:45:00.827162198 +0200 |
246 | @@ -37,7 +37,7 @@ |
247 | =head1 SEE ALSO |
248 | |
249 | L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>, |
250 | -L<CONF_modules_load_file(3), CONF_modules_load_file(3)> |
251 | +L<CONF_modules_load_file(3)|CONF_modules_load_file(3)> |
252 | |
253 | =head1 HISTORY |
254 | |
255 | --- doc/crypto/CONF_modules_load_file.pod 2004-03-02 14:31:32.000000000 +0100 |
256 | +++ doc/crypto/CONF_modules_load_file.pod 2010-04-01 00:45:00.833827289 +0200 |
257 | @@ -51,7 +51,7 @@ |
258 | =head1 SEE ALSO |
259 | |
260 | L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>, |
261 | -L<CONF_free(3), CONF_free(3)>, L<err(3),err(3)> |
262 | +L<CONF_free(3)|CONF_free(3)>, L<openssl_err(3)|openssl_err(3)> |
263 | |
264 | =head1 HISTORY |
265 | |
266 | --- doc/crypto/crypto.pod 2002-10-06 14:59:25.000000000 +0200 |
267 | +++ doc/crypto/crypto.pod 2010-04-01 00:45:01.029660428 +0200 |
268 | @@ -46,7 +46,7 @@ |
269 | |
270 | =item AUXILIARY FUNCTIONS |
271 | |
272 | -L<err(3)|err(3)>, L<threads(3)|threads(3)>, L<rand(3)|rand(3)>, |
273 | +L<openssl_err(3)|openssl_err(3)>, L<openssl_threads(3)|openssl_threads(3)>, L<openssl_rand(3)|openssl_rand(3)>, |
274 | L<OPENSSL_VERSION_NUMBER(3)|OPENSSL_VERSION_NUMBER(3)> |
275 | |
276 | =item INPUT/OUTPUT, DATA ENCODING |
277 | --- doc/crypto/des.pod 2003-10-01 17:02:45.000000000 +0200 |
278 | +++ doc/crypto/des.pod 2010-04-01 00:45:01.036327160 +0200 |
279 | @@ -115,7 +115,7 @@ |
280 | the key; it is used to speed the encryption process. |
281 | |
282 | DES_random_key() generates a random key. The PRNG must be seeded |
283 | -prior to using this function (see L<rand(3)|rand(3)>). If the PRNG |
284 | +prior to using this function (see L<openssl_rand(3)|openssl_rand(3)>). If the PRNG |
285 | could not generate a secure key, 0 is returned. |
286 | |
287 | Before a DES key can be used, it must be converted into the |
288 | @@ -317,7 +317,7 @@ |
289 | |
290 | =head1 SEE ALSO |
291 | |
292 | -crypt(3), L<des_modes(7)|des_modes(7)>, L<evp(3)|evp(3)>, L<rand(3)|rand(3)> |
293 | +crypt(3), L<des_modes(7)|des_modes(7)>, L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)> |
294 | |
295 | =head1 HISTORY |
296 | |
297 | --- doc/crypto/DH_generate_key.pod 2002-09-25 15:33:27.000000000 +0200 |
298 | +++ doc/crypto/DH_generate_key.pod 2010-04-01 00:45:00.840494142 +0200 |
299 | @@ -40,7 +40,7 @@ |
300 | |
301 | =head1 SEE ALSO |
302 | |
303 | -L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)> |
304 | +L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<DH_size(3)|DH_size(3)> |
305 | |
306 | =head1 HISTORY |
307 | |
308 | --- doc/crypto/DH_generate_parameters.pod 2002-09-25 15:33:27.000000000 +0200 |
309 | +++ doc/crypto/DH_generate_parameters.pod 2010-04-01 00:45:00.847161913 +0200 |
310 | @@ -59,7 +59,7 @@ |
311 | |
312 | =head1 SEE ALSO |
313 | |
314 | -L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, |
315 | +L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, |
316 | L<DH_free(3)|DH_free(3)> |
317 | |
318 | =head1 HISTORY |
319 | --- doc/crypto/dh.pod 2002-08-05 18:27:01.000000000 +0200 |
320 | +++ doc/crypto/dh.pod 2010-04-01 00:45:01.036327160 +0200 |
321 | @@ -67,8 +67,8 @@ |
322 | |
323 | =head1 SEE ALSO |
324 | |
325 | -L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, |
326 | -L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>, |
327 | +L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<openssl_err(3)|openssl_err(3)>, |
328 | +L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>, |
329 | L<DH_set_method(3)|DH_set_method(3)>, L<DH_new(3)|DH_new(3)>, |
330 | L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>, |
331 | L<DH_generate_parameters(3)|DH_generate_parameters(3)>, |
332 | --- doc/crypto/DSA_do_sign.pod 2002-09-25 15:33:27.000000000 +0200 |
333 | +++ doc/crypto/DSA_do_sign.pod 2010-04-01 00:45:00.847161913 +0200 |
334 | @@ -36,7 +36,7 @@ |
335 | |
336 | =head1 SEE ALSO |
337 | |
338 | -L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, |
339 | +L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, |
340 | L<DSA_SIG_new(3)|DSA_SIG_new(3)>, |
341 | L<DSA_sign(3)|DSA_sign(3)> |
342 | |
343 | --- doc/crypto/DSA_generate_key.pod 2002-09-25 15:33:27.000000000 +0200 |
344 | +++ doc/crypto/DSA_generate_key.pod 2010-04-01 00:45:00.847161913 +0200 |
345 | @@ -24,7 +24,7 @@ |
346 | |
347 | =head1 SEE ALSO |
348 | |
349 | -L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, |
350 | +L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, |
351 | L<DSA_generate_parameters(3)|DSA_generate_parameters(3)> |
352 | |
353 | =head1 HISTORY |
354 | --- doc/crypto/DSA_generate_parameters.pod 2002-09-25 15:33:27.000000000 +0200 |
355 | +++ doc/crypto/DSA_generate_parameters.pod 2010-04-01 00:45:00.847161913 +0200 |
356 | @@ -90,7 +90,7 @@ |
357 | |
358 | =head1 SEE ALSO |
359 | |
360 | -L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, |
361 | +L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, |
362 | L<DSA_free(3)|DSA_free(3)> |
363 | |
364 | =head1 HISTORY |
365 | --- doc/crypto/dsa.pod 2002-08-05 18:27:01.000000000 +0200 |
366 | +++ doc/crypto/dsa.pod 2010-04-01 00:45:01.042994012 +0200 |
367 | @@ -100,7 +100,7 @@ |
368 | |
369 | =head1 SEE ALSO |
370 | |
371 | -L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, |
372 | +L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<openssl_err(3)|openssl_err(3)>, L<openssl_rand(3)|openssl_rand(3)>, |
373 | L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<engine(3)|engine(3)>, |
374 | L<DSA_new(3)|DSA_new(3)>, |
375 | L<DSA_size(3)|DSA_size(3)>, |
376 | --- doc/crypto/DSA_sign.pod 2002-09-25 15:33:27.000000000 +0200 |
377 | +++ doc/crypto/DSA_sign.pod 2010-04-01 00:45:00.847161913 +0200 |
378 | @@ -55,7 +55,7 @@ |
379 | |
380 | =head1 SEE ALSO |
381 | |
382 | -L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, |
383 | +L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, |
384 | L<DSA_do_sign(3)|DSA_do_sign(3)> |
385 | |
386 | =head1 HISTORY |
387 | --- doc/crypto/engine.pod 2007-11-19 10:18:03.000000000 +0100 |
388 | +++ doc/crypto/engine.pod 2010-04-01 00:45:01.049660583 +0200 |
389 | @@ -594,6 +594,6 @@ |
390 | |
391 | =head1 SEE ALSO |
392 | |
393 | -L<rsa(3)|rsa(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<rand(3)|rand(3)> |
394 | +L<rsa(3)|rsa(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<openssl_rand(3)|openssl_rand(3)> |
395 | |
396 | =cut |
397 | --- doc/crypto/ERR_clear_error.pod 2000-02-01 02:36:58.000000000 +0100 |
398 | +++ doc/crypto/ERR_clear_error.pod 2010-04-01 00:45:00.857161750 +0200 |
399 | @@ -20,7 +20,7 @@ |
400 | |
401 | =head1 SEE ALSO |
402 | |
403 | -L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> |
404 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> |
405 | |
406 | =head1 HISTORY |
407 | |
408 | --- doc/crypto/ERR_error_string.pod 2004-11-14 16:11:37.000000000 +0100 |
409 | +++ doc/crypto/ERR_error_string.pod 2010-04-01 00:45:00.863828202 +0200 |
410 | @@ -60,7 +60,7 @@ |
411 | |
412 | =head1 SEE ALSO |
413 | |
414 | -L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, |
415 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, |
416 | L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, |
417 | L<SSL_load_error_strings(3)|SSL_load_error_strings(3)> |
418 | L<ERR_print_errors(3)|ERR_print_errors(3)> |
419 | --- doc/crypto/ERR_get_error.pod 2002-11-29 15:21:54.000000000 +0100 |
420 | +++ doc/crypto/ERR_get_error.pod 2010-04-01 00:45:00.870494614 +0200 |
421 | @@ -61,7 +61,7 @@ |
422 | |
423 | =head1 SEE ALSO |
424 | |
425 | -L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, |
426 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, |
427 | L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> |
428 | |
429 | =head1 HISTORY |
430 | --- doc/crypto/ERR_GET_LIB.pod 2000-02-01 02:36:58.000000000 +0100 |
431 | +++ doc/crypto/ERR_GET_LIB.pod 2010-04-01 00:45:00.850495218 +0200 |
432 | @@ -41,7 +41,7 @@ |
433 | |
434 | =head1 SEE ALSO |
435 | |
436 | -L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> |
437 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> |
438 | |
439 | =head1 HISTORY |
440 | |
441 | --- doc/crypto/ERR_load_crypto_strings.pod 2000-02-24 12:55:08.000000000 +0100 |
442 | +++ doc/crypto/ERR_load_crypto_strings.pod 2010-04-01 00:45:00.873827919 +0200 |
443 | @@ -35,7 +35,7 @@ |
444 | |
445 | =head1 SEE ALSO |
446 | |
447 | -L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)> |
448 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_error_string(3)|ERR_error_string(3)> |
449 | |
450 | =head1 HISTORY |
451 | |
452 | --- doc/crypto/ERR_load_strings.pod 2000-02-24 12:55:08.000000000 +0100 |
453 | +++ doc/crypto/ERR_load_strings.pod 2010-04-01 00:45:00.876327759 +0200 |
454 | @@ -43,7 +43,7 @@ |
455 | |
456 | =head1 SEE ALSO |
457 | |
458 | -L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> |
459 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> |
460 | |
461 | =head1 HISTORY |
462 | |
463 | --- doc/crypto/err.pod 2002-07-10 21:35:46.000000000 +0200 |
464 | +++ doc/crypto/err.pod 1970-01-01 01:00:00.000000000 +0100 |
465 | @@ -1,187 +0,0 @@ |
466 | -=pod |
467 | - |
468 | -=head1 NAME |
469 | - |
470 | -err - error codes |
471 | - |
472 | -=head1 SYNOPSIS |
473 | - |
474 | - #include <openssl/err.h> |
475 | - |
476 | - unsigned long ERR_get_error(void); |
477 | - unsigned long ERR_peek_error(void); |
478 | - unsigned long ERR_get_error_line(const char **file, int *line); |
479 | - unsigned long ERR_peek_error_line(const char **file, int *line); |
480 | - unsigned long ERR_get_error_line_data(const char **file, int *line, |
481 | - const char **data, int *flags); |
482 | - unsigned long ERR_peek_error_line_data(const char **file, int *line, |
483 | - const char **data, int *flags); |
484 | - |
485 | - int ERR_GET_LIB(unsigned long e); |
486 | - int ERR_GET_FUNC(unsigned long e); |
487 | - int ERR_GET_REASON(unsigned long e); |
488 | - |
489 | - void ERR_clear_error(void); |
490 | - |
491 | - char *ERR_error_string(unsigned long e, char *buf); |
492 | - const char *ERR_lib_error_string(unsigned long e); |
493 | - const char *ERR_func_error_string(unsigned long e); |
494 | - const char *ERR_reason_error_string(unsigned long e); |
495 | - |
496 | - void ERR_print_errors(BIO *bp); |
497 | - void ERR_print_errors_fp(FILE *fp); |
498 | - |
499 | - void ERR_load_crypto_strings(void); |
500 | - void ERR_free_strings(void); |
501 | - |
502 | - void ERR_remove_state(unsigned long pid); |
503 | - |
504 | - void ERR_put_error(int lib, int func, int reason, const char *file, |
505 | - int line); |
506 | - void ERR_add_error_data(int num, ...); |
507 | - |
508 | - void ERR_load_strings(int lib,ERR_STRING_DATA str[]); |
509 | - unsigned long ERR_PACK(int lib, int func, int reason); |
510 | - int ERR_get_next_error_library(void); |
511 | - |
512 | -=head1 DESCRIPTION |
513 | - |
514 | -When a call to the OpenSSL library fails, this is usually signalled |
515 | -by the return value, and an error code is stored in an error queue |
516 | -associated with the current thread. The B<err> library provides |
517 | -functions to obtain these error codes and textual error messages. |
518 | - |
519 | -The L<ERR_get_error(3)|ERR_get_error(3)> manpage describes how to |
520 | -access error codes. |
521 | - |
522 | -Error codes contain information about where the error occurred, and |
523 | -what went wrong. L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> describes how to |
524 | -extract this information. A method to obtain human-readable error |
525 | -messages is described in L<ERR_error_string(3)|ERR_error_string(3)>. |
526 | - |
527 | -L<ERR_clear_error(3)|ERR_clear_error(3)> can be used to clear the |
528 | -error queue. |
529 | - |
530 | -Note that L<ERR_remove_state(3)|ERR_remove_state(3)> should be used to |
531 | -avoid memory leaks when threads are terminated. |
532 | - |
533 | -=head1 ADDING NEW ERROR CODES TO OPENSSL |
534 | - |
535 | -See L<ERR_put_error(3)> if you want to record error codes in the |
536 | -OpenSSL error system from within your application. |
537 | - |
538 | -The remainder of this section is of interest only if you want to add |
539 | -new error codes to OpenSSL or add error codes from external libraries. |
540 | - |
541 | -=head2 Reporting errors |
542 | - |
543 | -Each sub-library has a specific macro XXXerr() that is used to report |
544 | -errors. Its first argument is a function code B<XXX_F_...>, the second |
545 | -argument is a reason code B<XXX_R_...>. Function codes are derived |
546 | -from the function names; reason codes consist of textual error |
547 | -descriptions. For example, the function ssl23_read() reports a |
548 | -"handshake failure" as follows: |
549 | - |
550 | - SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE); |
551 | - |
552 | -Function and reason codes should consist of upper case characters, |
553 | -numbers and underscores only. The error file generation script translates |
554 | -function codes into function names by looking in the header files |
555 | -for an appropriate function name, if none is found it just uses |
556 | -the capitalized form such as "SSL23_READ" in the above example. |
557 | - |
558 | -The trailing section of a reason code (after the "_R_") is translated |
559 | -into lower case and underscores changed to spaces. |
560 | - |
561 | -When you are using new function or reason codes, run B<make errors>. |
562 | -The necessary B<#define>s will then automatically be added to the |
563 | -sub-library's header file. |
564 | - |
565 | -Although a library will normally report errors using its own specific |
566 | -XXXerr macro, another library's macro can be used. This is normally |
567 | -only done when a library wants to include ASN1 code which must use |
568 | -the ASN1err() macro. |
569 | - |
570 | -=head2 Adding new libraries |
571 | - |
572 | -When adding a new sub-library to OpenSSL, assign it a library number |
573 | -B<ERR_LIB_XXX>, define a macro XXXerr() (both in B<err.h>), add its |
574 | -name to B<ERR_str_libraries[]> (in B<crypto/err/err.c>), and add |
575 | -C<ERR_load_XXX_strings()> to the ERR_load_crypto_strings() function |
576 | -(in B<crypto/err/err_all.c>). Finally, add an entry |
577 | - |
578 | - L XXX xxx.h xxx_err.c |
579 | - |
580 | -to B<crypto/err/openssl.ec>, and add B<xxx_err.c> to the Makefile. |
581 | -Running B<make errors> will then generate a file B<xxx_err.c>, and |
582 | -add all error codes used in the library to B<xxx.h>. |
583 | - |
584 | -Additionally the library include file must have a certain form. |
585 | -Typically it will initially look like this: |
586 | - |
587 | - #ifndef HEADER_XXX_H |
588 | - #define HEADER_XXX_H |
589 | - |
590 | - #ifdef __cplusplus |
591 | - extern "C" { |
592 | - #endif |
593 | - |
594 | - /* Include files */ |
595 | - |
596 | - #include <openssl/bio.h> |
597 | - #include <openssl/x509.h> |
598 | - |
599 | - /* Macros, structures and function prototypes */ |
600 | - |
601 | - |
602 | - /* BEGIN ERROR CODES */ |
603 | - |
604 | -The B<BEGIN ERROR CODES> sequence is used by the error code |
605 | -generation script as the point to place new error codes, any text |
606 | -after this point will be overwritten when B<make errors> is run. |
607 | -The closing #endif etc will be automatically added by the script. |
608 | - |
609 | -The generated C error code file B<xxx_err.c> will load the header |
610 | -files B<stdio.h>, B<openssl/err.h> and B<openssl/xxx.h> so the |
611 | -header file must load any additional header files containing any |
612 | -definitions it uses. |
613 | - |
614 | -=head1 USING ERROR CODES IN EXTERNAL LIBRARIES |
615 | - |
616 | -It is also possible to use OpenSSL's error code scheme in external |
617 | -libraries. The library needs to load its own codes and call the OpenSSL |
618 | -error code insertion script B<mkerr.pl> explicitly to add codes to |
619 | -the header file and generate the C error code file. This will normally |
620 | -be done if the external library needs to generate new ASN1 structures |
621 | -but it can also be used to add more general purpose error code handling. |
622 | - |
623 | -TBA more details |
624 | - |
625 | -=head1 INTERNALS |
626 | - |
627 | -The error queues are stored in a hash table with one B<ERR_STATE> |
628 | -entry for each pid. ERR_get_state() returns the current thread's |
629 | -B<ERR_STATE>. An B<ERR_STATE> can hold up to B<ERR_NUM_ERRORS> error |
630 | -codes. When more error codes are added, the old ones are overwritten, |
631 | -on the assumption that the most recent errors are most important. |
632 | - |
633 | -Error strings are also stored in hash table. The hash tables can |
634 | -be obtained by calling ERR_get_err_state_table(void) and |
635 | -ERR_get_string_table(void) respectively. |
636 | - |
637 | -=head1 SEE ALSO |
638 | - |
639 | -L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>, |
640 | -L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>, |
641 | -L<ERR_get_error(3)|ERR_get_error(3)>, |
642 | -L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>, |
643 | -L<ERR_clear_error(3)|ERR_clear_error(3)>, |
644 | -L<ERR_error_string(3)|ERR_error_string(3)>, |
645 | -L<ERR_print_errors(3)|ERR_print_errors(3)>, |
646 | -L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, |
647 | -L<ERR_remove_state(3)|ERR_remove_state(3)>, |
648 | -L<ERR_put_error(3)|ERR_put_error(3)>, |
649 | -L<ERR_load_strings(3)|ERR_load_strings(3)>, |
650 | -L<SSL_get_error(3)|SSL_get_error(3)> |
651 | - |
652 | -=cut |
653 | --- doc/crypto/ERR_print_errors.pod 2000-02-01 02:36:59.000000000 +0100 |
654 | +++ doc/crypto/ERR_print_errors.pod 2010-04-01 00:45:00.879660945 +0200 |
655 | @@ -38,7 +38,7 @@ |
656 | |
657 | =head1 SEE ALSO |
658 | |
659 | -L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, |
660 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, |
661 | L<ERR_get_error(3)|ERR_get_error(3)>, |
662 | L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, |
663 | L<SSL_load_error_strings(3)|SSL_load_error_strings(3)> |
664 | --- doc/crypto/ERR_put_error.pod 2000-02-24 12:55:08.000000000 +0100 |
665 | +++ doc/crypto/ERR_put_error.pod 2010-04-01 00:45:00.886327158 +0200 |
666 | @@ -34,7 +34,7 @@ |
667 | |
668 | =head1 SEE ALSO |
669 | |
670 | -L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> |
671 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> |
672 | |
673 | =head1 HISTORY |
674 | |
675 | --- doc/crypto/ERR_remove_state.pod 2000-05-19 09:54:42.000000000 +0200 |
676 | +++ doc/crypto/ERR_remove_state.pod 2010-04-01 00:45:00.892994288 +0200 |
677 | @@ -25,7 +25,7 @@ |
678 | |
679 | =head1 SEE ALSO |
680 | |
681 | -L<err(3)|err(3)> |
682 | +L<openssl_err(3)|openssl_err(3)> |
683 | |
684 | =head1 HISTORY |
685 | |
686 | --- doc/crypto/EVP_BytesToKey.pod 2004-11-25 18:47:30.000000000 +0100 |
687 | +++ doc/crypto/EVP_BytesToKey.pod 2010-04-01 00:45:00.899660540 +0200 |
688 | @@ -59,7 +59,7 @@ |
689 | |
690 | =head1 SEE ALSO |
691 | |
692 | -L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, |
693 | +L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)>, |
694 | L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> |
695 | |
696 | =head1 HISTORY |
697 | --- doc/crypto/EVP_OpenInit.pod 2000-09-23 09:16:14.000000000 +0200 |
698 | +++ doc/crypto/EVP_OpenInit.pod 2010-04-01 00:45:00.906327633 +0200 |
699 | @@ -54,7 +54,7 @@ |
700 | |
701 | =head1 SEE ALSO |
702 | |
703 | -L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, |
704 | +L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)>, |
705 | L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, |
706 | L<EVP_SealInit(3)|EVP_SealInit(3)> |
707 | |
708 | --- doc/crypto/EVP_SealInit.pod 2005-03-29 19:50:08.000000000 +0200 |
709 | +++ doc/crypto/EVP_SealInit.pod 2010-04-01 00:45:00.912995642 +0200 |
710 | @@ -74,7 +74,7 @@ |
711 | |
712 | =head1 SEE ALSO |
713 | |
714 | -L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, |
715 | +L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)>, |
716 | L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, |
717 | L<EVP_OpenInit(3)|EVP_OpenInit(3)> |
718 | |
719 | --- doc/crypto/EVP_SignInit.pod 2006-07-12 14:31:29.000000000 +0200 |
720 | +++ doc/crypto/EVP_SignInit.pod 2010-04-01 00:45:00.919661935 +0200 |
721 | @@ -89,7 +89,7 @@ |
722 | =head1 SEE ALSO |
723 | |
724 | L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>, |
725 | -L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, |
726 | +L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<openssl_err(3)|openssl_err(3)>, |
727 | L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, |
728 | L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, |
729 | L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> |
730 | --- doc/crypto/EVP_VerifyInit.pod 2006-07-12 14:31:30.000000000 +0200 |
731 | +++ doc/crypto/EVP_VerifyInit.pod 2010-04-01 00:45:00.926327388 +0200 |
732 | @@ -80,7 +80,7 @@ |
733 | |
734 | L<evp(3)|evp(3)>, |
735 | L<EVP_SignInit(3)|EVP_SignInit(3)>, |
736 | -L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, |
737 | +L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<openssl_err(3)|openssl_err(3)>, |
738 | L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, |
739 | L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, |
740 | L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> |
741 | --- doc/crypto/OPENSSL_config.pod 2005-06-03 01:19:56.000000000 +0200 |
742 | +++ doc/crypto/OPENSSL_config.pod 2010-04-01 00:45:00.932995118 +0200 |
743 | @@ -73,7 +73,7 @@ |
744 | =head1 SEE ALSO |
745 | |
746 | L<conf(5)|conf(5)>, L<CONF_load_modules_file(3)|CONF_load_modules_file(3)>, |
747 | -L<CONF_modules_free(3),CONF_modules_free(3)> |
748 | +L<CONF_modules_free(3)|CONF_modules_free(3)> |
749 | |
750 | =head1 HISTORY |
751 | |
752 | --- doc/crypto/openssl_err.pod 1970-01-01 01:00:00.000000000 +0100 |
753 | +++ doc/crypto/openssl_err.pod 2010-04-01 00:45:01.059660101 +0200 |
754 | @@ -0,0 +1,187 @@ |
755 | +=pod |
756 | + |
757 | +=head1 NAME |
758 | + |
759 | +openssl_err - error codes |
760 | + |
761 | +=head1 SYNOPSIS |
762 | + |
763 | + #include <openssl/err.h> |
764 | + |
765 | + unsigned long ERR_get_error(void); |
766 | + unsigned long ERR_peek_error(void); |
767 | + unsigned long ERR_get_error_line(const char **file, int *line); |
768 | + unsigned long ERR_peek_error_line(const char **file, int *line); |
769 | + unsigned long ERR_get_error_line_data(const char **file, int *line, |
770 | + const char **data, int *flags); |
771 | + unsigned long ERR_peek_error_line_data(const char **file, int *line, |
772 | + const char **data, int *flags); |
773 | + |
774 | + int ERR_GET_LIB(unsigned long e); |
775 | + int ERR_GET_FUNC(unsigned long e); |
776 | + int ERR_GET_REASON(unsigned long e); |
777 | + |
778 | + void ERR_clear_error(void); |
779 | + |
780 | + char *ERR_error_string(unsigned long e, char *buf); |
781 | + const char *ERR_lib_error_string(unsigned long e); |
782 | + const char *ERR_func_error_string(unsigned long e); |
783 | + const char *ERR_reason_error_string(unsigned long e); |
784 | + |
785 | + void ERR_print_errors(BIO *bp); |
786 | + void ERR_print_errors_fp(FILE *fp); |
787 | + |
788 | + void ERR_load_crypto_strings(void); |
789 | + void ERR_free_strings(void); |
790 | + |
791 | + void ERR_remove_state(unsigned long pid); |
792 | + |
793 | + void ERR_put_error(int lib, int func, int reason, const char *file, |
794 | + int line); |
795 | + void ERR_add_error_data(int num, ...); |
796 | + |
797 | + void ERR_load_strings(int lib,ERR_STRING_DATA str[]); |
798 | + unsigned long ERR_PACK(int lib, int func, int reason); |
799 | + int ERR_get_next_error_library(void); |
800 | + |
801 | +=head1 DESCRIPTION |
802 | + |
803 | +When a call to the OpenSSL library fails, this is usually signalled |
804 | +by the return value, and an error code is stored in an error queue |
805 | +associated with the current thread. The B<err> library provides |
806 | +functions to obtain these error codes and textual error messages. |
807 | + |
808 | +The L<ERR_get_error(3)|ERR_get_error(3)> manpage describes how to |
809 | +access error codes. |
810 | + |
811 | +Error codes contain information about where the error occurred, and |
812 | +what went wrong. L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> describes how to |
813 | +extract this information. A method to obtain human-readable error |
814 | +messages is described in L<ERR_error_string(3)|ERR_error_string(3)>. |
815 | + |
816 | +L<ERR_clear_error(3)|ERR_clear_error(3)> can be used to clear the |
817 | +error queue. |
818 | + |
819 | +Note that L<ERR_remove_state(3)|ERR_remove_state(3)> should be used to |
820 | +avoid memory leaks when threads are terminated. |
821 | + |
822 | +=head1 ADDING NEW ERROR CODES TO OPENSSL |
823 | + |
824 | +See L<ERR_put_error(3)> if you want to record error codes in the |
825 | +OpenSSL error system from within your application. |
826 | + |
827 | +The remainder of this section is of interest only if you want to add |
828 | +new error codes to OpenSSL or add error codes from external libraries. |
829 | + |
830 | +=head2 Reporting errors |
831 | + |
832 | +Each sub-library has a specific macro XXXerr() that is used to report |
833 | +errors. Its first argument is a function code B<XXX_F_...>, the second |
834 | +argument is a reason code B<XXX_R_...>. Function codes are derived |
835 | +from the function names; reason codes consist of textual error |
836 | +descriptions. For example, the function ssl23_read() reports a |
837 | +"handshake failure" as follows: |
838 | + |
839 | + SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE); |
840 | + |
841 | +Function and reason codes should consist of upper case characters, |
842 | +numbers and underscores only. The error file generation script translates |
843 | +function codes into function names by looking in the header files |
844 | +for an appropriate function name, if none is found it just uses |
845 | +the capitalized form such as "SSL23_READ" in the above example. |
846 | + |
847 | +The trailing section of a reason code (after the "_R_") is translated |
848 | +into lower case and underscores changed to spaces. |
849 | + |
850 | +When you are using new function or reason codes, run B<make errors>. |
851 | +The necessary B<#define>s will then automatically be added to the |
852 | +sub-library's header file. |
853 | + |
854 | +Although a library will normally report errors using its own specific |
855 | +XXXerr macro, another library's macro can be used. This is normally |
856 | +only done when a library wants to include ASN1 code which must use |
857 | +the ASN1err() macro. |
858 | + |
859 | +=head2 Adding new libraries |
860 | + |
861 | +When adding a new sub-library to OpenSSL, assign it a library number |
862 | +B<ERR_LIB_XXX>, define a macro XXXerr() (both in B<err.h>), add its |
863 | +name to B<ERR_str_libraries[]> (in B<crypto/err/err.c>), and add |
864 | +C<ERR_load_XXX_strings()> to the ERR_load_crypto_strings() function |
865 | +(in B<crypto/err/err_all.c>). Finally, add an entry |
866 | + |
867 | + L XXX xxx.h xxx_err.c |
868 | + |
869 | +to B<crypto/err/openssl.ec>, and add B<xxx_err.c> to the Makefile. |
870 | +Running B<make errors> will then generate a file B<xxx_err.c>, and |
871 | +add all error codes used in the library to B<xxx.h>. |
872 | + |
873 | +Additionally the library include file must have a certain form. |
874 | +Typically it will initially look like this: |
875 | + |
876 | + #ifndef HEADER_XXX_H |
877 | + #define HEADER_XXX_H |
878 | + |
879 | + #ifdef __cplusplus |
880 | + extern "C" { |
881 | + #endif |
882 | + |
883 | + /* Include files */ |
884 | + |
885 | + #include <openssl/bio.h> |
886 | + #include <openssl/x509.h> |
887 | + |
888 | + /* Macros, structures and function prototypes */ |
889 | + |
890 | + |
891 | + /* BEGIN ERROR CODES */ |
892 | + |
893 | +The B<BEGIN ERROR CODES> sequence is used by the error code |
894 | +generation script as the point to place new error codes, any text |
895 | +after this point will be overwritten when B<make errors> is run. |
896 | +The closing #endif etc will be automatically added by the script. |
897 | + |
898 | +The generated C error code file B<xxx_err.c> will load the header |
899 | +files B<stdio.h>, B<openssl/err.h> and B<openssl/xxx.h> so the |
900 | +header file must load any additional header files containing any |
901 | +definitions it uses. |
902 | + |
903 | +=head1 USING ERROR CODES IN EXTERNAL LIBRARIES |
904 | + |
905 | +It is also possible to use OpenSSL's error code scheme in external |
906 | +libraries. The library needs to load its own codes and call the OpenSSL |
907 | +error code insertion script B<mkerr.pl> explicitly to add codes to |
908 | +the header file and generate the C error code file. This will normally |
909 | +be done if the external library needs to generate new ASN1 structures |
910 | +but it can also be used to add more general purpose error code handling. |
911 | + |
912 | +TBA more details |
913 | + |
914 | +=head1 INTERNALS |
915 | + |
916 | +The error queues are stored in a hash table with one B<ERR_STATE> |
917 | +entry for each pid. ERR_get_state() returns the current thread's |
918 | +B<ERR_STATE>. An B<ERR_STATE> can hold up to B<ERR_NUM_ERRORS> error |
919 | +codes. When more error codes are added, the old ones are overwritten, |
920 | +on the assumption that the most recent errors are most important. |
921 | + |
922 | +Error strings are also stored in hash table. The hash tables can |
923 | +be obtained by calling ERR_get_err_state_table(void) and |
924 | +ERR_get_string_table(void) respectively. |
925 | + |
926 | +=head1 SEE ALSO |
927 | + |
928 | +L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>, |
929 | +L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>, |
930 | +L<ERR_get_error(3)|ERR_get_error(3)>, |
931 | +L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>, |
932 | +L<ERR_clear_error(3)|ERR_clear_error(3)>, |
933 | +L<ERR_error_string(3)|ERR_error_string(3)>, |
934 | +L<ERR_print_errors(3)|ERR_print_errors(3)>, |
935 | +L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, |
936 | +L<ERR_remove_state(3)|ERR_remove_state(3)>, |
937 | +L<ERR_put_error(3)|ERR_put_error(3)>, |
938 | +L<ERR_load_strings(3)|ERR_load_strings(3)>, |
939 | +L<SSL_get_error(3)|SSL_get_error(3)> |
940 | + |
941 | +=cut |
942 | --- doc/crypto/openssl_rand.pod 1970-01-01 01:00:00.000000000 +0100 |
943 | +++ doc/crypto/openssl_rand.pod 2010-04-01 00:45:01.059660101 +0200 |
944 | @@ -0,0 +1,175 @@ |
945 | +=pod |
946 | + |
947 | +=head1 NAME |
948 | + |
949 | +openssl_rand - pseudo-random number generator |
950 | + |
951 | +=head1 SYNOPSIS |
952 | + |
953 | + #include <openssl/rand.h> |
954 | + |
955 | + int RAND_set_rand_engine(ENGINE *engine); |
956 | + |
957 | + int RAND_bytes(unsigned char *buf, int num); |
958 | + int RAND_pseudo_bytes(unsigned char *buf, int num); |
959 | + |
960 | + void RAND_seed(const void *buf, int num); |
961 | + void RAND_add(const void *buf, int num, int entropy); |
962 | + int RAND_status(void); |
963 | + |
964 | + int RAND_load_file(const char *file, long max_bytes); |
965 | + int RAND_write_file(const char *file); |
966 | + const char *RAND_file_name(char *file, size_t num); |
967 | + |
968 | + int RAND_egd(const char *path); |
969 | + |
970 | + void RAND_set_rand_method(const RAND_METHOD *meth); |
971 | + const RAND_METHOD *RAND_get_rand_method(void); |
972 | + RAND_METHOD *RAND_SSLeay(void); |
973 | + |
974 | + void RAND_cleanup(void); |
975 | + |
976 | + /* For Win32 only */ |
977 | + void RAND_screen(void); |
978 | + int RAND_event(UINT, WPARAM, LPARAM); |
979 | + |
980 | +=head1 DESCRIPTION |
981 | + |
982 | +Since the introduction of the ENGINE API, the recommended way of controlling |
983 | +default implementations is by using the ENGINE API functions. The default |
984 | +B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by |
985 | +RAND_get_rand_method(), is only used if no ENGINE has been set as the default |
986 | +"rand" implementation. Hence, these two functions are no longer the recommened |
987 | +way to control defaults. |
988 | + |
989 | +If an alternative B<RAND_METHOD> implementation is being used (either set |
990 | +directly or as provided by an ENGINE module), then it is entirely responsible |
991 | +for the generation and management of a cryptographically secure PRNG stream. The |
992 | +mechanisms described below relate solely to the software PRNG implementation |
993 | +built in to OpenSSL and used by default. |
994 | + |
995 | +These functions implement a cryptographically secure pseudo-random |
996 | +number generator (PRNG). It is used by other library functions for |
997 | +example to generate random keys, and applications can use it when they |
998 | +need randomness. |
999 | + |
1000 | +A cryptographic PRNG must be seeded with unpredictable data such as |
1001 | +mouse movements or keys pressed at random by the user. This is |
1002 | +described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file |
1003 | +(see L<RAND_load_file(3)|RAND_load_file(3)>) to avoid having to go through the |
1004 | +seeding process whenever the application is started. |
1005 | + |
1006 | +L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the |
1007 | +PRNG. |
1008 | + |
1009 | +=head1 INTERNALS |
1010 | + |
1011 | +The RAND_SSLeay() method implements a PRNG based on a cryptographic |
1012 | +hash function. |
1013 | + |
1014 | +The following description of its design is based on the SSLeay |
1015 | +documentation: |
1016 | + |
1017 | +First up I will state the things I believe I need for a good RNG. |
1018 | + |
1019 | +=over 4 |
1020 | + |
1021 | +=item 1 |
1022 | + |
1023 | +A good hashing algorithm to mix things up and to convert the RNG 'state' |
1024 | +to random numbers. |
1025 | + |
1026 | +=item 2 |
1027 | + |
1028 | +An initial source of random 'state'. |
1029 | + |
1030 | +=item 3 |
1031 | + |
1032 | +The state should be very large. If the RNG is being used to generate |
1033 | +4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum). |
1034 | +If your RNG state only has 128 bits, you are obviously limiting the |
1035 | +search space to 128 bits, not 2048. I'm probably getting a little |
1036 | +carried away on this last point but it does indicate that it may not be |
1037 | +a bad idea to keep quite a lot of RNG state. It should be easier to |
1038 | +break a cipher than guess the RNG seed data. |
1039 | + |
1040 | +=item 4 |
1041 | + |
1042 | +Any RNG seed data should influence all subsequent random numbers |
1043 | +generated. This implies that any random seed data entered will have |
1044 | +an influence on all subsequent random numbers generated. |
1045 | + |
1046 | +=item 5 |
1047 | + |
1048 | +When using data to seed the RNG state, the data used should not be |
1049 | +extractable from the RNG state. I believe this should be a |
1050 | +requirement because one possible source of 'secret' semi random |
1051 | +data would be a private key or a password. This data must |
1052 | +not be disclosed by either subsequent random numbers or a |
1053 | +'core' dump left by a program crash. |
1054 | + |
1055 | +=item 6 |
1056 | + |
1057 | +Given the same initial 'state', 2 systems should deviate in their RNG state |
1058 | +(and hence the random numbers generated) over time if at all possible. |
1059 | + |
1060 | +=item 7 |
1061 | + |
1062 | +Given the random number output stream, it should not be possible to determine |
1063 | +the RNG state or the next random number. |
1064 | + |
1065 | +=back |
1066 | + |
1067 | +The algorithm is as follows. |
1068 | + |
1069 | +There is global state made up of a 1023 byte buffer (the 'state'), a |
1070 | +working hash value ('md'), and a counter ('count'). |
1071 | + |
1072 | +Whenever seed data is added, it is inserted into the 'state' as |
1073 | +follows. |
1074 | + |
1075 | +The input is chopped up into units of 20 bytes (or less for |
1076 | +the last block). Each of these blocks is run through the hash |
1077 | +function as follows: The data passed to the hash function |
1078 | +is the current 'md', the same number of bytes from the 'state' |
1079 | +(the location determined by in incremented looping index) as |
1080 | +the current 'block', the new key data 'block', and 'count' |
1081 | +(which is incremented after each use). |
1082 | +The result of this is kept in 'md' and also xored into the |
1083 | +'state' at the same locations that were used as input into the |
1084 | +hash function. I |
1085 | +believe this system addresses points 1 (hash function; currently |
1086 | +SHA-1), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash |
1087 | +function and xor). |
1088 | + |
1089 | +When bytes are extracted from the RNG, the following process is used. |
1090 | +For each group of 10 bytes (or less), we do the following: |
1091 | + |
1092 | +Input into the hash function the local 'md' (which is initialized from |
1093 | +the global 'md' before any bytes are generated), the bytes that are to |
1094 | +be overwritten by the random bytes, and bytes from the 'state' |
1095 | +(incrementing looping index). From this digest output (which is kept |
1096 | +in 'md'), the top (up to) 10 bytes are returned to the caller and the |
1097 | +bottom 10 bytes are xored into the 'state'. |
1098 | + |
1099 | +Finally, after we have finished 'num' random bytes for the caller, |
1100 | +'count' (which is incremented) and the local and global 'md' are fed |
1101 | +into the hash function and the results are kept in the global 'md'. |
1102 | + |
1103 | +I believe the above addressed points 1 (use of SHA-1), 6 (by hashing |
1104 | +into the 'state' the 'old' data from the caller that is about to be |
1105 | +overwritten) and 7 (by not using the 10 bytes given to the caller to |
1106 | +update the 'state', but they are used to update 'md'). |
1107 | + |
1108 | +So of the points raised, only 2 is not addressed (but see |
1109 | +L<RAND_add(3)|RAND_add(3)>). |
1110 | + |
1111 | +=head1 SEE ALSO |
1112 | + |
1113 | +L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>, |
1114 | +L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_egd(3)|RAND_egd(3)>, |
1115 | +L<RAND_bytes(3)|RAND_bytes(3)>, |
1116 | +L<RAND_set_rand_method(3)|RAND_set_rand_method(3)>, |
1117 | +L<RAND_cleanup(3)|RAND_cleanup(3)> |
1118 | + |
1119 | +=cut |
1120 | --- doc/crypto/openssl_threads.pod 1970-01-01 01:00:00.000000000 +0100 |
1121 | +++ doc/crypto/openssl_threads.pod 2009-10-01 01:40:52.000000000 +0200 |
1122 | @@ -0,0 +1,210 @@ |
1123 | +=pod |
1124 | + |
1125 | +=head1 NAME |
1126 | + |
1127 | +CRYPTO_THREADID_set_callback, CRYPTO_THREADID_get_callback, |
1128 | +CRYPTO_THREADID_current, CRYPTO_THREADID_cmp, CRYPTO_THREADID_cpy, |
1129 | +CRYPTO_THREADID_hash, CRYPTO_set_locking_callback, CRYPTO_num_locks, |
1130 | +CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback, |
1131 | +CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid, |
1132 | +CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support |
1133 | + |
1134 | +=head1 SYNOPSIS |
1135 | + |
1136 | + #include <openssl/crypto.h> |
1137 | + |
1138 | + /* Don't use this structure directly. */ |
1139 | + typedef struct crypto_threadid_st |
1140 | + { |
1141 | + void *ptr; |
1142 | + unsigned long val; |
1143 | + } CRYPTO_THREADID; |
1144 | + /* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ |
1145 | + void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val); |
1146 | + void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr); |
1147 | + int CRYPTO_THREADID_set_callback(void (*threadid_func)(CRYPTO_THREADID *)); |
1148 | + void (*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *); |
1149 | + void CRYPTO_THREADID_current(CRYPTO_THREADID *id); |
1150 | + int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, |
1151 | + const CRYPTO_THREADID *b); |
1152 | + void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, |
1153 | + const CRYPTO_THREADID *src); |
1154 | + unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id); |
1155 | + |
1156 | + int CRYPTO_num_locks(void); |
1157 | + |
1158 | + /* struct CRYPTO_dynlock_value needs to be defined by the user */ |
1159 | + struct CRYPTO_dynlock_value; |
1160 | + |
1161 | + void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value * |
1162 | + (*dyn_create_function)(char *file, int line)); |
1163 | + void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function) |
1164 | + (int mode, struct CRYPTO_dynlock_value *l, |
1165 | + const char *file, int line)); |
1166 | + void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function) |
1167 | + (struct CRYPTO_dynlock_value *l, const char *file, int line)); |
1168 | + |
1169 | + int CRYPTO_get_new_dynlockid(void); |
1170 | + |
1171 | + void CRYPTO_destroy_dynlockid(int i); |
1172 | + |
1173 | + void CRYPTO_lock(int mode, int n, const char *file, int line); |
1174 | + |
1175 | + #define CRYPTO_w_lock(type) \ |
1176 | + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) |
1177 | + #define CRYPTO_w_unlock(type) \ |
1178 | + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) |
1179 | + #define CRYPTO_r_lock(type) \ |
1180 | + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) |
1181 | + #define CRYPTO_r_unlock(type) \ |
1182 | + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) |
1183 | + #define CRYPTO_add(addr,amount,type) \ |
1184 | + CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) |
1185 | + |
1186 | +=head1 DESCRIPTION |
1187 | + |
1188 | +OpenSSL can safely be used in multi-threaded applications provided |
1189 | +that at least two callback functions are set, locking_function and |
1190 | +threadid_func. |
1191 | + |
1192 | +locking_function(int mode, int n, const char *file, int line) is |
1193 | +needed to perform locking on shared data structures. |
1194 | +(Note that OpenSSL uses a number of global data structures that |
1195 | +will be implicitly shared whenever multiple threads use OpenSSL.) |
1196 | +Multi-threaded applications will crash at random if it is not set. |
1197 | + |
1198 | +locking_function() must be able to handle up to CRYPTO_num_locks() |
1199 | +different mutex locks. It sets the B<n>-th lock if B<mode> & |
1200 | +B<CRYPTO_LOCK>, and releases it otherwise. |
1201 | + |
1202 | +B<file> and B<line> are the file number of the function setting the |
1203 | +lock. They can be useful for debugging. |
1204 | + |
1205 | +threadid_func(CRYPTO_THREADID *id) is needed to record the currently-executing |
1206 | +thread's identifier into B<id>. The implementation of this callback should not |
1207 | +fill in B<id> directly, but should use CRYPTO_THREADID_set_numeric() if thread |
1208 | +IDs are numeric, or CRYPTO_THREADID_set_pointer() if they are pointer-based. |
1209 | +If the application does not register such a callback using |
1210 | +CRYPTO_THREADID_set_callback(), then a default implementation is used - on |
1211 | +Windows and BeOS this uses the system's default thread identifying APIs, and on |
1212 | +all other platforms it uses the address of B<errno>. The latter is satisfactory |
1213 | +for thread-safety if and only if the platform has a thread-local error number |
1214 | +facility. |
1215 | + |
1216 | +Once threadid_func() is registered, or if the built-in default implementation is |
1217 | +to be used; |
1218 | + |
1219 | +=over 4 |
1220 | + |
1221 | +=item * |
1222 | +CRYPTO_THREADID_current() records the currently-executing thread ID into the |
1223 | +given B<id> object. |
1224 | + |
1225 | +=item * |
1226 | +CRYPTO_THREADID_cmp() compares two thread IDs (returning zero for equality, ie. |
1227 | +the same semantics as memcmp()). |
1228 | + |
1229 | +=item * |
1230 | +CRYPTO_THREADID_cpy() duplicates a thread ID value, |
1231 | + |
1232 | +=item * |
1233 | +CRYPTO_THREADID_hash() returns a numeric value usable as a hash-table key. This |
1234 | +is usually the exact numeric or pointer-based thread ID used internally, however |
1235 | +this also handles the unusual case where pointers are larger than 'long' |
1236 | +variables and the platform's thread IDs are pointer-based - in this case, mixing |
1237 | +is done to attempt to produce a unique numeric value even though it is not as |
1238 | +wide as the platform's true thread IDs. |
1239 | + |
1240 | +=back |
1241 | + |
1242 | +Additionally, OpenSSL supports dynamic locks, and sometimes, some parts |
1243 | +of OpenSSL need it for better performance. To enable this, the following |
1244 | +is required: |
1245 | + |
1246 | +=over 4 |
1247 | + |
1248 | +=item * |
1249 | +Three additional callback function, dyn_create_function, dyn_lock_function |
1250 | +and dyn_destroy_function. |
1251 | + |
1252 | +=item * |
1253 | +A structure defined with the data that each lock needs to handle. |
1254 | + |
1255 | +=back |
1256 | + |
1257 | +struct CRYPTO_dynlock_value has to be defined to contain whatever structure |
1258 | +is needed to handle locks. |
1259 | + |
1260 | +dyn_create_function(const char *file, int line) is needed to create a |
1261 | +lock. Multi-threaded applications might crash at random if it is not set. |
1262 | + |
1263 | +dyn_lock_function(int mode, CRYPTO_dynlock *l, const char *file, int line) |
1264 | +is needed to perform locking off dynamic lock numbered n. Multi-threaded |
1265 | +applications might crash at random if it is not set. |
1266 | + |
1267 | +dyn_destroy_function(CRYPTO_dynlock *l, const char *file, int line) is |
1268 | +needed to destroy the lock l. Multi-threaded applications might crash at |
1269 | +random if it is not set. |
1270 | + |
1271 | +CRYPTO_get_new_dynlockid() is used to create locks. It will call |
1272 | +dyn_create_function for the actual creation. |
1273 | + |
1274 | +CRYPTO_destroy_dynlockid() is used to destroy locks. It will call |
1275 | +dyn_destroy_function for the actual destruction. |
1276 | + |
1277 | +CRYPTO_lock() is used to lock and unlock the locks. mode is a bitfield |
1278 | +describing what should be done with the lock. n is the number of the |
1279 | +lock as returned from CRYPTO_get_new_dynlockid(). mode can be combined |
1280 | +from the following values. These values are pairwise exclusive, with |
1281 | +undefined behaviour if misused (for example, CRYPTO_READ and CRYPTO_WRITE |
1282 | +should not be used together): |
1283 | + |
1284 | + CRYPTO_LOCK 0x01 |
1285 | + CRYPTO_UNLOCK 0x02 |
1286 | + CRYPTO_READ 0x04 |
1287 | + CRYPTO_WRITE 0x08 |
1288 | + |
1289 | +=head1 RETURN VALUES |
1290 | + |
1291 | +CRYPTO_num_locks() returns the required number of locks. |
1292 | + |
1293 | +CRYPTO_get_new_dynlockid() returns the index to the newly created lock. |
1294 | + |
1295 | +The other functions return no values. |
1296 | + |
1297 | +=head1 NOTES |
1298 | + |
1299 | +You can find out if OpenSSL was configured with thread support: |
1300 | + |
1301 | + #define OPENSSL_THREAD_DEFINES |
1302 | + #include <openssl/opensslconf.h> |
1303 | + #if defined(OPENSSL_THREADS) |
1304 | + // thread support enabled |
1305 | + #else |
1306 | + // no thread support |
1307 | + #endif |
1308 | + |
1309 | +Also, dynamic locks are currently not used internally by OpenSSL, but |
1310 | +may do so in the future. |
1311 | + |
1312 | +=head1 EXAMPLES |
1313 | + |
1314 | +B<crypto/threads/mttest.c> shows examples of the callback functions on |
1315 | +Solaris, Irix and Win32. |
1316 | + |
1317 | +=head1 HISTORY |
1318 | + |
1319 | +CRYPTO_set_locking_callback() is |
1320 | +available in all versions of SSLeay and OpenSSL. |
1321 | +CRYPTO_num_locks() was added in OpenSSL 0.9.4. |
1322 | +All functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev. |
1323 | +B<CRYPTO_THREADID> and associated functions were introduced in OpenSSL 1.0.0 |
1324 | +to replace (actually, deprecate) the previous CRYPTO_set_id_callback(), |
1325 | +CRYPTO_get_id_callback(), and CRYPTO_thread_id() functions which assumed |
1326 | +thread IDs to always be represented by 'unsigned long'. |
1327 | + |
1328 | +=head1 SEE ALSO |
1329 | + |
1330 | +L<crypto(3)|crypto(3)> |
1331 | + |
1332 | +=cut |
1333 | --- doc/crypto/RAND_add.pod 2000-03-22 16:30:03.000000000 +0100 |
1334 | +++ doc/crypto/RAND_add.pod 2010-04-01 00:45:00.939660251 +0200 |
1335 | @@ -65,7 +65,7 @@ |
1336 | |
1337 | =head1 SEE ALSO |
1338 | |
1339 | -L<rand(3)|rand(3)>, L<RAND_egd(3)|RAND_egd(3)>, |
1340 | +L<openssl_rand(3)|openssl_rand(3)>, L<RAND_egd(3)|RAND_egd(3)>, |
1341 | L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> |
1342 | |
1343 | =head1 HISTORY |
1344 | --- doc/crypto/RAND_bytes.pod 2007-09-24 13:01:18.000000000 +0200 |
1345 | +++ doc/crypto/RAND_bytes.pod 2010-04-01 00:45:00.946326823 +0200 |
1346 | @@ -38,7 +38,7 @@ |
1347 | |
1348 | =head1 SEE ALSO |
1349 | |
1350 | -L<rand(3)|rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, |
1351 | +L<openssl_rand(3)|openssl_rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, |
1352 | L<RAND_add(3)|RAND_add(3)> |
1353 | |
1354 | =head1 HISTORY |
1355 | --- doc/crypto/RAND_cleanup.pod 2000-01-27 02:25:06.000000000 +0100 |
1356 | +++ doc/crypto/RAND_cleanup.pod 2010-04-01 00:45:00.952993593 +0200 |
1357 | @@ -20,7 +20,7 @@ |
1358 | |
1359 | =head1 SEE ALSO |
1360 | |
1361 | -L<rand(3)|rand(3)> |
1362 | +L<openssl_rand(3)|openssl_rand(3)> |
1363 | |
1364 | =head1 HISTORY |
1365 | |
1366 | --- doc/crypto/RAND_egd.pod 2008-11-10 12:26:44.000000000 +0100 |
1367 | +++ doc/crypto/RAND_egd.pod 2010-04-01 00:45:00.959660646 +0200 |
1368 | @@ -72,7 +72,7 @@ |
1369 | |
1370 | =head1 SEE ALSO |
1371 | |
1372 | -L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, |
1373 | +L<openssl_rand(3)|openssl_rand(3)>, L<RAND_add(3)|RAND_add(3)>, |
1374 | L<RAND_cleanup(3)|RAND_cleanup(3)> |
1375 | |
1376 | =head1 HISTORY |
1377 | --- doc/crypto/RAND_load_file.pod 2001-03-21 16:25:56.000000000 +0100 |
1378 | +++ doc/crypto/RAND_load_file.pod 2010-04-01 00:45:00.976327494 +0200 |
1379 | @@ -43,7 +43,7 @@ |
1380 | |
1381 | =head1 SEE ALSO |
1382 | |
1383 | -L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> |
1384 | +L<openssl_rand(3)|openssl_rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> |
1385 | |
1386 | =head1 HISTORY |
1387 | |
1388 | --- doc/crypto/rand.pod 2002-08-05 18:27:01.000000000 +0200 |
1389 | +++ doc/crypto/rand.pod 1970-01-01 01:00:00.000000000 +0100 |
1390 | @@ -1,175 +0,0 @@ |
1391 | -=pod |
1392 | - |
1393 | -=head1 NAME |
1394 | - |
1395 | -rand - pseudo-random number generator |
1396 | - |
1397 | -=head1 SYNOPSIS |
1398 | - |
1399 | - #include <openssl/rand.h> |
1400 | - |
1401 | - int RAND_set_rand_engine(ENGINE *engine); |
1402 | - |
1403 | - int RAND_bytes(unsigned char *buf, int num); |
1404 | - int RAND_pseudo_bytes(unsigned char *buf, int num); |
1405 | - |
1406 | - void RAND_seed(const void *buf, int num); |
1407 | - void RAND_add(const void *buf, int num, int entropy); |
1408 | - int RAND_status(void); |
1409 | - |
1410 | - int RAND_load_file(const char *file, long max_bytes); |
1411 | - int RAND_write_file(const char *file); |
1412 | - const char *RAND_file_name(char *file, size_t num); |
1413 | - |
1414 | - int RAND_egd(const char *path); |
1415 | - |
1416 | - void RAND_set_rand_method(const RAND_METHOD *meth); |
1417 | - const RAND_METHOD *RAND_get_rand_method(void); |
1418 | - RAND_METHOD *RAND_SSLeay(void); |
1419 | - |
1420 | - void RAND_cleanup(void); |
1421 | - |
1422 | - /* For Win32 only */ |
1423 | - void RAND_screen(void); |
1424 | - int RAND_event(UINT, WPARAM, LPARAM); |
1425 | - |
1426 | -=head1 DESCRIPTION |
1427 | - |
1428 | -Since the introduction of the ENGINE API, the recommended way of controlling |
1429 | -default implementations is by using the ENGINE API functions. The default |
1430 | -B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by |
1431 | -RAND_get_rand_method(), is only used if no ENGINE has been set as the default |
1432 | -"rand" implementation. Hence, these two functions are no longer the recommened |
1433 | -way to control defaults. |
1434 | - |
1435 | -If an alternative B<RAND_METHOD> implementation is being used (either set |
1436 | -directly or as provided by an ENGINE module), then it is entirely responsible |
1437 | -for the generation and management of a cryptographically secure PRNG stream. The |
1438 | -mechanisms described below relate solely to the software PRNG implementation |
1439 | -built in to OpenSSL and used by default. |
1440 | - |
1441 | -These functions implement a cryptographically secure pseudo-random |
1442 | -number generator (PRNG). It is used by other library functions for |
1443 | -example to generate random keys, and applications can use it when they |
1444 | -need randomness. |
1445 | - |
1446 | -A cryptographic PRNG must be seeded with unpredictable data such as |
1447 | -mouse movements or keys pressed at random by the user. This is |
1448 | -described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file |
1449 | -(see L<RAND_load_file(3)|RAND_load_file(3)>) to avoid having to go through the |
1450 | -seeding process whenever the application is started. |
1451 | - |
1452 | -L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the |
1453 | -PRNG. |
1454 | - |
1455 | -=head1 INTERNALS |
1456 | - |
1457 | -The RAND_SSLeay() method implements a PRNG based on a cryptographic |
1458 | -hash function. |
1459 | - |
1460 | -The following description of its design is based on the SSLeay |
1461 | -documentation: |
1462 | - |
1463 | -First up I will state the things I believe I need for a good RNG. |
1464 | - |
1465 | -=over 4 |
1466 | - |
1467 | -=item 1 |
1468 | - |
1469 | -A good hashing algorithm to mix things up and to convert the RNG 'state' |
1470 | -to random numbers. |
1471 | - |
1472 | -=item 2 |
1473 | - |
1474 | -An initial source of random 'state'. |
1475 | - |
1476 | -=item 3 |
1477 | - |
1478 | -The state should be very large. If the RNG is being used to generate |
1479 | -4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum). |
1480 | -If your RNG state only has 128 bits, you are obviously limiting the |
1481 | -search space to 128 bits, not 2048. I'm probably getting a little |
1482 | -carried away on this last point but it does indicate that it may not be |
1483 | -a bad idea to keep quite a lot of RNG state. It should be easier to |
1484 | -break a cipher than guess the RNG seed data. |
1485 | - |
1486 | -=item 4 |
1487 | - |
1488 | -Any RNG seed data should influence all subsequent random numbers |
1489 | -generated. This implies that any random seed data entered will have |
1490 | -an influence on all subsequent random numbers generated. |
1491 | - |
1492 | -=item 5 |
1493 | - |
1494 | -When using data to seed the RNG state, the data used should not be |
1495 | -extractable from the RNG state. I believe this should be a |
1496 | -requirement because one possible source of 'secret' semi random |
1497 | -data would be a private key or a password. This data must |
1498 | -not be disclosed by either subsequent random numbers or a |
1499 | -'core' dump left by a program crash. |
1500 | - |
1501 | -=item 6 |
1502 | - |
1503 | -Given the same initial 'state', 2 systems should deviate in their RNG state |
1504 | -(and hence the random numbers generated) over time if at all possible. |
1505 | - |
1506 | -=item 7 |
1507 | - |
1508 | -Given the random number output stream, it should not be possible to determine |
1509 | -the RNG state or the next random number. |
1510 | - |
1511 | -=back |
1512 | - |
1513 | -The algorithm is as follows. |
1514 | - |
1515 | -There is global state made up of a 1023 byte buffer (the 'state'), a |
1516 | -working hash value ('md'), and a counter ('count'). |
1517 | - |
1518 | -Whenever seed data is added, it is inserted into the 'state' as |
1519 | -follows. |
1520 | - |
1521 | -The input is chopped up into units of 20 bytes (or less for |
1522 | -the last block). Each of these blocks is run through the hash |
1523 | -function as follows: The data passed to the hash function |
1524 | -is the current 'md', the same number of bytes from the 'state' |
1525 | -(the location determined by in incremented looping index) as |
1526 | -the current 'block', the new key data 'block', and 'count' |
1527 | -(which is incremented after each use). |
1528 | -The result of this is kept in 'md' and also xored into the |
1529 | -'state' at the same locations that were used as input into the |
1530 | -hash function. I |
1531 | -believe this system addresses points 1 (hash function; currently |
1532 | -SHA-1), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash |
1533 | -function and xor). |
1534 | - |
1535 | -When bytes are extracted from the RNG, the following process is used. |
1536 | -For each group of 10 bytes (or less), we do the following: |
1537 | - |
1538 | -Input into the hash function the local 'md' (which is initialized from |
1539 | -the global 'md' before any bytes are generated), the bytes that are to |
1540 | -be overwritten by the random bytes, and bytes from the 'state' |
1541 | -(incrementing looping index). From this digest output (which is kept |
1542 | -in 'md'), the top (up to) 10 bytes are returned to the caller and the |
1543 | -bottom 10 bytes are xored into the 'state'. |
1544 | - |
1545 | -Finally, after we have finished 'num' random bytes for the caller, |
1546 | -'count' (which is incremented) and the local and global 'md' are fed |
1547 | -into the hash function and the results are kept in the global 'md'. |
1548 | - |
1549 | -I believe the above addressed points 1 (use of SHA-1), 6 (by hashing |
1550 | -into the 'state' the 'old' data from the caller that is about to be |
1551 | -overwritten) and 7 (by not using the 10 bytes given to the caller to |
1552 | -update the 'state', but they are used to update 'md'). |
1553 | - |
1554 | -So of the points raised, only 2 is not addressed (but see |
1555 | -L<RAND_add(3)|RAND_add(3)>). |
1556 | - |
1557 | -=head1 SEE ALSO |
1558 | - |
1559 | -L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>, |
1560 | -L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_egd(3)|RAND_egd(3)>, |
1561 | -L<RAND_bytes(3)|RAND_bytes(3)>, |
1562 | -L<RAND_set_rand_method(3)|RAND_set_rand_method(3)>, |
1563 | -L<RAND_cleanup(3)|RAND_cleanup(3)> |
1564 | - |
1565 | -=cut |
1566 | --- doc/crypto/RAND_set_rand_method.pod 2007-11-19 10:18:03.000000000 +0100 |
1567 | +++ doc/crypto/RAND_set_rand_method.pod 2010-04-01 00:45:00.982994946 +0200 |
1568 | @@ -67,7 +67,7 @@ |
1569 | |
1570 | =head1 SEE ALSO |
1571 | |
1572 | -L<rand(3)|rand(3)>, L<engine(3)|engine(3)> |
1573 | +L<openssl_rand(3)|openssl_rand(3)>, L<engine(3)|engine(3)> |
1574 | |
1575 | =head1 HISTORY |
1576 | |
1577 | --- doc/crypto/RSA_blinding_on.pod 2000-02-24 12:55:10.000000000 +0100 |
1578 | +++ doc/crypto/RSA_blinding_on.pod 2010-04-01 00:45:00.989661318 +0200 |
1579 | @@ -34,7 +34,7 @@ |
1580 | |
1581 | =head1 SEE ALSO |
1582 | |
1583 | -L<rsa(3)|rsa(3)>, L<rand(3)|rand(3)> |
1584 | +L<rsa(3)|rsa(3)>, L<openssl_rand(3)|openssl_rand(3)> |
1585 | |
1586 | =head1 HISTORY |
1587 | |
1588 | --- doc/crypto/RSA_generate_key.pod 2002-09-25 15:33:27.000000000 +0200 |
1589 | +++ doc/crypto/RSA_generate_key.pod 2010-04-01 00:45:00.996327969 +0200 |
1590 | @@ -59,7 +59,7 @@ |
1591 | |
1592 | =head1 SEE ALSO |
1593 | |
1594 | -L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, |
1595 | +L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, |
1596 | L<RSA_free(3)|RSA_free(3)> |
1597 | |
1598 | =head1 HISTORY |
1599 | --- doc/crypto/rsa.pod 2002-08-04 23:08:36.000000000 +0200 |
1600 | +++ doc/crypto/rsa.pod 2010-04-01 00:45:01.062995006 +0200 |
1601 | @@ -108,7 +108,7 @@ |
1602 | =head1 SEE ALSO |
1603 | |
1604 | L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, |
1605 | -L<rand(3)|rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>, |
1606 | +L<openssl_rand(3)|openssl_rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>, |
1607 | L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>, |
1608 | L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>, |
1609 | L<RSA_generate_key(3)|RSA_generate_key(3)>, |
1610 | --- doc/crypto/RSA_public_encrypt.pod 2004-03-23 22:01:34.000000000 +0100 |
1611 | +++ doc/crypto/RSA_public_encrypt.pod 2010-04-01 00:45:01.002994781 +0200 |
1612 | @@ -73,7 +73,7 @@ |
1613 | |
1614 | =head1 SEE ALSO |
1615 | |
1616 | -L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, |
1617 | +L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, |
1618 | L<RSA_size(3)|RSA_size(3)> |
1619 | |
1620 | =head1 HISTORY |
1621 | --- doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod 2002-09-25 15:33:28.000000000 +0200 |
1622 | +++ doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod 2010-04-01 00:45:01.009660553 +0200 |
1623 | @@ -48,7 +48,7 @@ |
1624 | =head1 SEE ALSO |
1625 | |
1626 | L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>, |
1627 | -L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, |
1628 | +L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, |
1629 | L<RSA_verify(3)|RSA_verify(3)> |
1630 | |
1631 | =head1 HISTORY |
1632 | --- doc/crypto/threads.pod 2009-10-01 01:40:52.000000000 +0200 |
1633 | +++ doc/crypto/threads.pod 1970-01-01 01:00:00.000000000 +0100 |
1634 | @@ -1,210 +0,0 @@ |
1635 | -=pod |
1636 | - |
1637 | -=head1 NAME |
1638 | - |
1639 | -CRYPTO_THREADID_set_callback, CRYPTO_THREADID_get_callback, |
1640 | -CRYPTO_THREADID_current, CRYPTO_THREADID_cmp, CRYPTO_THREADID_cpy, |
1641 | -CRYPTO_THREADID_hash, CRYPTO_set_locking_callback, CRYPTO_num_locks, |
1642 | -CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback, |
1643 | -CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid, |
1644 | -CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support |
1645 | - |
1646 | -=head1 SYNOPSIS |
1647 | - |
1648 | - #include <openssl/crypto.h> |
1649 | - |
1650 | - /* Don't use this structure directly. */ |
1651 | - typedef struct crypto_threadid_st |
1652 | - { |
1653 | - void *ptr; |
1654 | - unsigned long val; |
1655 | - } CRYPTO_THREADID; |
1656 | - /* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ |
1657 | - void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val); |
1658 | - void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr); |
1659 | - int CRYPTO_THREADID_set_callback(void (*threadid_func)(CRYPTO_THREADID *)); |
1660 | - void (*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *); |
1661 | - void CRYPTO_THREADID_current(CRYPTO_THREADID *id); |
1662 | - int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, |
1663 | - const CRYPTO_THREADID *b); |
1664 | - void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, |
1665 | - const CRYPTO_THREADID *src); |
1666 | - unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id); |
1667 | - |
1668 | - int CRYPTO_num_locks(void); |
1669 | - |
1670 | - /* struct CRYPTO_dynlock_value needs to be defined by the user */ |
1671 | - struct CRYPTO_dynlock_value; |
1672 | - |
1673 | - void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value * |
1674 | - (*dyn_create_function)(char *file, int line)); |
1675 | - void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function) |
1676 | - (int mode, struct CRYPTO_dynlock_value *l, |
1677 | - const char *file, int line)); |
1678 | - void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function) |
1679 | - (struct CRYPTO_dynlock_value *l, const char *file, int line)); |
1680 | - |
1681 | - int CRYPTO_get_new_dynlockid(void); |
1682 | - |
1683 | - void CRYPTO_destroy_dynlockid(int i); |
1684 | - |
1685 | - void CRYPTO_lock(int mode, int n, const char *file, int line); |
1686 | - |
1687 | - #define CRYPTO_w_lock(type) \ |
1688 | - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) |
1689 | - #define CRYPTO_w_unlock(type) \ |
1690 | - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) |
1691 | - #define CRYPTO_r_lock(type) \ |
1692 | - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) |
1693 | - #define CRYPTO_r_unlock(type) \ |
1694 | - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) |
1695 | - #define CRYPTO_add(addr,amount,type) \ |
1696 | - CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) |
1697 | - |
1698 | -=head1 DESCRIPTION |
1699 | - |
1700 | -OpenSSL can safely be used in multi-threaded applications provided |
1701 | -that at least two callback functions are set, locking_function and |
1702 | -threadid_func. |
1703 | - |
1704 | -locking_function(int mode, int n, const char *file, int line) is |
1705 | -needed to perform locking on shared data structures. |
1706 | -(Note that OpenSSL uses a number of global data structures that |
1707 | -will be implicitly shared whenever multiple threads use OpenSSL.) |
1708 | -Multi-threaded applications will crash at random if it is not set. |
1709 | - |
1710 | -locking_function() must be able to handle up to CRYPTO_num_locks() |
1711 | -different mutex locks. It sets the B<n>-th lock if B<mode> & |
1712 | -B<CRYPTO_LOCK>, and releases it otherwise. |
1713 | - |
1714 | -B<file> and B<line> are the file number of the function setting the |
1715 | -lock. They can be useful for debugging. |
1716 | - |
1717 | -threadid_func(CRYPTO_THREADID *id) is needed to record the currently-executing |
1718 | -thread's identifier into B<id>. The implementation of this callback should not |
1719 | -fill in B<id> directly, but should use CRYPTO_THREADID_set_numeric() if thread |
1720 | -IDs are numeric, or CRYPTO_THREADID_set_pointer() if they are pointer-based. |
1721 | -If the application does not register such a callback using |
1722 | -CRYPTO_THREADID_set_callback(), then a default implementation is used - on |
1723 | -Windows and BeOS this uses the system's default thread identifying APIs, and on |
1724 | -all other platforms it uses the address of B<errno>. The latter is satisfactory |
1725 | -for thread-safety if and only if the platform has a thread-local error number |
1726 | -facility. |
1727 | - |
1728 | -Once threadid_func() is registered, or if the built-in default implementation is |
1729 | -to be used; |
1730 | - |
1731 | -=over 4 |
1732 | - |
1733 | -=item * |
1734 | -CRYPTO_THREADID_current() records the currently-executing thread ID into the |
1735 | -given B<id> object. |
1736 | - |
1737 | -=item * |
1738 | -CRYPTO_THREADID_cmp() compares two thread IDs (returning zero for equality, ie. |
1739 | -the same semantics as memcmp()). |
1740 | - |
1741 | -=item * |
1742 | -CRYPTO_THREADID_cpy() duplicates a thread ID value, |
1743 | - |
1744 | -=item * |
1745 | -CRYPTO_THREADID_hash() returns a numeric value usable as a hash-table key. This |
1746 | -is usually the exact numeric or pointer-based thread ID used internally, however |
1747 | -this also handles the unusual case where pointers are larger than 'long' |
1748 | -variables and the platform's thread IDs are pointer-based - in this case, mixing |
1749 | -is done to attempt to produce a unique numeric value even though it is not as |
1750 | -wide as the platform's true thread IDs. |
1751 | - |
1752 | -=back |
1753 | - |
1754 | -Additionally, OpenSSL supports dynamic locks, and sometimes, some parts |
1755 | -of OpenSSL need it for better performance. To enable this, the following |
1756 | -is required: |
1757 | - |
1758 | -=over 4 |
1759 | - |
1760 | -=item * |
1761 | -Three additional callback function, dyn_create_function, dyn_lock_function |
1762 | -and dyn_destroy_function. |
1763 | - |
1764 | -=item * |
1765 | -A structure defined with the data that each lock needs to handle. |
1766 | - |
1767 | -=back |
1768 | - |
1769 | -struct CRYPTO_dynlock_value has to be defined to contain whatever structure |
1770 | -is needed to handle locks. |
1771 | - |
1772 | -dyn_create_function(const char *file, int line) is needed to create a |
1773 | -lock. Multi-threaded applications might crash at random if it is not set. |
1774 | - |
1775 | -dyn_lock_function(int mode, CRYPTO_dynlock *l, const char *file, int line) |
1776 | -is needed to perform locking off dynamic lock numbered n. Multi-threaded |
1777 | -applications might crash at random if it is not set. |
1778 | - |
1779 | -dyn_destroy_function(CRYPTO_dynlock *l, const char *file, int line) is |
1780 | -needed to destroy the lock l. Multi-threaded applications might crash at |
1781 | -random if it is not set. |
1782 | - |
1783 | -CRYPTO_get_new_dynlockid() is used to create locks. It will call |
1784 | -dyn_create_function for the actual creation. |
1785 | - |
1786 | -CRYPTO_destroy_dynlockid() is used to destroy locks. It will call |
1787 | -dyn_destroy_function for the actual destruction. |
1788 | - |
1789 | -CRYPTO_lock() is used to lock and unlock the locks. mode is a bitfield |
1790 | -describing what should be done with the lock. n is the number of the |
1791 | -lock as returned from CRYPTO_get_new_dynlockid(). mode can be combined |
1792 | -from the following values. These values are pairwise exclusive, with |
1793 | -undefined behaviour if misused (for example, CRYPTO_READ and CRYPTO_WRITE |
1794 | -should not be used together): |
1795 | - |
1796 | - CRYPTO_LOCK 0x01 |
1797 | - CRYPTO_UNLOCK 0x02 |
1798 | - CRYPTO_READ 0x04 |
1799 | - CRYPTO_WRITE 0x08 |
1800 | - |
1801 | -=head1 RETURN VALUES |
1802 | - |
1803 | -CRYPTO_num_locks() returns the required number of locks. |
1804 | - |
1805 | -CRYPTO_get_new_dynlockid() returns the index to the newly created lock. |
1806 | - |
1807 | -The other functions return no values. |
1808 | - |
1809 | -=head1 NOTES |
1810 | - |
1811 | -You can find out if OpenSSL was configured with thread support: |
1812 | - |
1813 | - #define OPENSSL_THREAD_DEFINES |
1814 | - #include <openssl/opensslconf.h> |
1815 | - #if defined(OPENSSL_THREADS) |
1816 | - // thread support enabled |
1817 | - #else |
1818 | - // no thread support |
1819 | - #endif |
1820 | - |
1821 | -Also, dynamic locks are currently not used internally by OpenSSL, but |
1822 | -may do so in the future. |
1823 | - |
1824 | -=head1 EXAMPLES |
1825 | - |
1826 | -B<crypto/threads/mttest.c> shows examples of the callback functions on |
1827 | -Solaris, Irix and Win32. |
1828 | - |
1829 | -=head1 HISTORY |
1830 | - |
1831 | -CRYPTO_set_locking_callback() is |
1832 | -available in all versions of SSLeay and OpenSSL. |
1833 | -CRYPTO_num_locks() was added in OpenSSL 0.9.4. |
1834 | -All functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev. |
1835 | -B<CRYPTO_THREADID> and associated functions were introduced in OpenSSL 1.0.0 |
1836 | -to replace (actually, deprecate) the previous CRYPTO_set_id_callback(), |
1837 | -CRYPTO_get_id_callback(), and CRYPTO_thread_id() functions which assumed |
1838 | -thread IDs to always be represented by 'unsigned long'. |
1839 | - |
1840 | -=head1 SEE ALSO |
1841 | - |
1842 | -L<crypto(3)|crypto(3)> |
1843 | - |
1844 | -=cut |
1845 | --- doc/crypto/X509_NAME_ENTRY_get_object.pod 2006-05-14 13:27:59.000000000 +0200 |
1846 | +++ doc/crypto/X509_NAME_ENTRY_get_object.pod 2010-04-01 00:45:01.016327524 +0200 |
1847 | @@ -65,7 +65,7 @@ |
1848 | =head1 SEE ALSO |
1849 | |
1850 | L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>, |
1851 | -L<OBJ_nid2obj(3),OBJ_nid2obj(3)> |
1852 | +L<OBJ_nid2obj(3)|OBJ_nid2obj(3)> |
1853 | |
1854 | =head1 HISTORY |
1855 | |
1856 | --- doc/ssl/SSL_get_error.pod 2005-03-30 13:50:14.000000000 +0200 |
1857 | +++ doc/ssl/SSL_get_error.pod 2010-04-01 00:45:03.069662282 +0200 |
1858 | @@ -105,7 +105,7 @@ |
1859 | |
1860 | =head1 SEE ALSO |
1861 | |
1862 | -L<ssl(3)|ssl(3)>, L<err(3)|err(3)> |
1863 | +L<ssl(3)|ssl(3)>, L<openssl_err(3)|openssl_err(3)> |
1864 | |
1865 | =head1 HISTORY |
1866 | |
1867 | --- doc/ssl/SSL_want.pod 2005-03-30 13:50:14.000000000 +0200 |
1868 | +++ doc/ssl/SSL_want.pod 2010-04-01 00:45:03.082993225 +0200 |
1869 | @@ -72,6 +72,6 @@ |
1870 | |
1871 | =head1 SEE ALSO |
1872 | |
1873 | -L<ssl(3)|ssl(3)>, L<err(3)|err(3)>, L<SSL_get_error(3)|SSL_get_error(3)> |
1874 | +L<ssl(3)|ssl(3)>, L<openssl_err(3)|openssl_err(3)>, L<SSL_get_error(3)|SSL_get_error(3)> |
1875 | |
1876 | =cut |
1877 | --- FAQ 2010-03-29 15:11:53.000000000 +0200 |
1878 | +++ FAQ 2010-04-01 00:46:00.593821225 +0200 |
1879 | @@ -724,7 +724,7 @@ |
1880 | CRYPTO_set_id_callback(), for all versions of OpenSSL up to and |
1881 | including 0.9.8[abc...]. As of version 0.9.9, CRYPTO_set_id_callback() |
1882 | and associated APIs are deprecated by CRYPTO_THREADID_set_callback() |
1883 | -and friends. This is described in the threads(3) manpage. |
1884 | +and friends. This is described in the openssl_threads(3) manpage. |
1885 | |
1886 | * I've compiled a program under Windows and it crashes: why? |
1887 |