diff options
| author | jkim <jkim@FreeBSD.org> | 2015-06-11 19:00:55 +0000 |
|---|---|---|
| committer | jkim <jkim@FreeBSD.org> | 2015-06-11 19:00:55 +0000 |
| commit | d675e841ef78a78bab5972d63fa3d8d15ecdbb19 (patch) | |
| tree | af421c8f5f156e1b4b26149d5c4964d037dd0454 | |
| parent | aec7d82113b7de83f7ac3f9470fde49813358dec (diff) | |
| download | FreeBSD-src-d675e841ef78a78bab5972d63fa3d8d15ecdbb19.zip FreeBSD-src-d675e841ef78a78bab5972d63fa3d8d15ecdbb19.tar.gz | |
Merge OpenSSL 1.0.1n.
542 files changed, 3155 insertions, 1662 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES index 74179ab..2565187 100644 --- a/crypto/openssl/CHANGES +++ b/crypto/openssl/CHANGES @@ -2,6 +2,77 @@ OpenSSL CHANGES _______________ + Changes between 1.0.1m and 1.0.1n [11 Jun 2015] + + *) Malformed ECParameters causes infinite loop + + When processing an ECParameters structure OpenSSL enters an infinite loop + if the curve specified is over a specially malformed binary polynomial + field. + + This can be used to perform denial of service against any + system which processes public keys, certificate requests or + certificates. This includes TLS clients and TLS servers with + client authentication enabled. + + This issue was reported to OpenSSL by Joseph Barr-Pixton. + (CVE-2015-1788) + [Andy Polyakov] + + *) Exploitable out-of-bounds read in X509_cmp_time + + X509_cmp_time does not properly check the length of the ASN1_TIME + string and can read a few bytes out of bounds. In addition, + X509_cmp_time accepts an arbitrary number of fractional seconds in the + time string. + + An attacker can use this to craft malformed certificates and CRLs of + various sizes and potentially cause a segmentation fault, resulting in + a DoS on applications that verify certificates or CRLs. TLS clients + that verify CRLs are affected. TLS clients and servers with client + authentication enabled may be affected if they use custom verification + callbacks. + + This issue was reported to OpenSSL by Robert Swiecki (Google), and + independently by Hanno Böck. + (CVE-2015-1789) + [Emilia Käsper] + + *) PKCS7 crash with missing EnvelopedContent + + The PKCS#7 parsing code does not handle missing inner EncryptedContent + correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs + with missing content and trigger a NULL pointer dereference on parsing. + + Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 + structures from untrusted sources are affected. OpenSSL clients and + servers are not affected. + + This issue was reported to OpenSSL by Michal Zalewski (Google). + (CVE-2015-1790) + [Emilia Käsper] + + *) CMS verify infinite loop with unknown hash function + + When verifying a signedData message the CMS code can enter an infinite loop + if presented with an unknown hash function OID. This can be used to perform + denial of service against any system which verifies signedData messages using + the CMS code. + This issue was reported to OpenSSL by Johannes Bauer. + (CVE-2015-1792) + [Stephen Henson] + + *) Race condition handling NewSessionTicket + + If a NewSessionTicket is received by a multi-threaded client when attempting to + reuse a previous ticket then a race condition can occur potentially leading to + a double free of the ticket data. + (CVE-2015-1791) + [Matt Caswell] + + *) Reject DH handshakes with parameters shorter than 768 bits. + [Kurt Roeckx and Emilia Kasper] + Changes between 1.0.1l and 1.0.1m [19 Mar 2015] *) Segmentation fault in ASN1_TYPE_cmp fix diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure index d7ecf97..60ec378 100755 --- a/crypto/openssl/Configure +++ b/crypto/openssl/Configure @@ -230,12 +230,12 @@ my %table=( #### SPARC Solaris with GNU C setups "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv8-gcc","gcc:-mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc "solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", #### -"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Solaris with Sun C setups @@ -252,7 +252,7 @@ my %table=( #### SunOS configs, assuming sparc for the gcc one. #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::", -"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::", +"sunos-gcc","gcc:-O3 -mcpu=v8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::", #### IRIX 5.x configs # -mips2 flag is added by ./config when appropriate. @@ -379,7 +379,7 @@ my %table=( #### SPARC Linux setups # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently # assisted with debugging of following two configs. -"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # it's a real mess with -mcpu=ultrasparc option under Linux, but # -Wa,-Av8plus should do the trick no matter what. "linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -413,7 +413,7 @@ my %table=( "BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it diff --git a/crypto/openssl/Makefile b/crypto/openssl/Makefile index d3f31f0..c01d470 100644 --- a/crypto/openssl/Makefile +++ b/crypto/openssl/Makefile @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.1m +VERSION=1.0.1n MAJOR=1 MINOR=0.1 SHLIB_VERSION_NUMBER=1.0.0 @@ -186,7 +186,7 @@ WTARFILE= $(NAME)-win.tar EXHEADER= e_os2.h HEADER= e_os.h -all: Makefile build_all openssl.pc libssl.pc libcrypto.pc +all: Makefile build_all # as we stick to -e, CLEARENV ensures that local variables in lower # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn @@ -272,7 +272,10 @@ reflect: sub_all: build_all build_all: build_libs build_apps build_tests build_tools -build_libs: build_crypto build_ssl build_engines +build_libs: build_libcrypto build_libssl openssl.pc + +build_libcrypto: build_crypto build_engines libcrypto.pc +build_libssl: build_ssl libssl.pc build_crypto: @dir=crypto; target=all; $(BUILD_ONE_CMD) @@ -461,6 +464,9 @@ tests: rehash report: @$(PERL) util/selftest.pl +update: errors stacks util/libeay.num util/ssleay.num TABLE + @set -e; target=update; $(RECURSIVE_BUILD_CMD) + depend: @set -e; target=depend; $(RECURSIVE_BUILD_CMD) @@ -485,26 +491,10 @@ util/libeay.num:: util/ssleay.num:: $(PERL) util/mkdef.pl ssl update -crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h - $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h -crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num - $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h -crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num - $(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h - -apps/openssl-vms.cnf: apps/openssl.cnf - $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf - -crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl - $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h - - TABLE: Configure (echo 'Output of `Configure TABLE'"':"; \ $(PERL) Configure TABLE) > TABLE -update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend - # Build distribution tar-file. As the list of files returned by "find" is # pretty long, on several platforms a "too many arguments" error or similar # would occur. Therefore the list of files is temporarily stored into a file diff --git a/crypto/openssl/Makefile.org b/crypto/openssl/Makefile.org index c0e16bb..89e8062 100644 --- a/crypto/openssl/Makefile.org +++ b/crypto/openssl/Makefile.org @@ -184,7 +184,7 @@ WTARFILE= $(NAME)-win.tar EXHEADER= e_os2.h HEADER= e_os.h -all: Makefile build_all openssl.pc libssl.pc libcrypto.pc +all: Makefile build_all # as we stick to -e, CLEARENV ensures that local variables in lower # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn @@ -270,7 +270,10 @@ reflect: sub_all: build_all build_all: build_libs build_apps build_tests build_tools -build_libs: build_crypto build_ssl build_engines +build_libs: build_libcrypto build_libssl openssl.pc + +build_libcrypto: build_crypto build_engines libcrypto.pc +build_libssl: build_ssl libssl.pc build_crypto: @dir=crypto; target=all; $(BUILD_ONE_CMD) @@ -459,6 +462,9 @@ tests: rehash report: @$(PERL) util/selftest.pl +update: errors stacks util/libeay.num util/ssleay.num TABLE + @set -e; target=update; $(RECURSIVE_BUILD_CMD) + depend: @set -e; target=depend; $(RECURSIVE_BUILD_CMD) @@ -483,26 +489,10 @@ util/libeay.num:: util/ssleay.num:: $(PERL) util/mkdef.pl ssl update -crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h - $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h -crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num - $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h -crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num - $(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h - -apps/openssl-vms.cnf: apps/openssl.cnf - $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf - -crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl - $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h - - TABLE: Configure (echo 'Output of `Configure TABLE'"':"; \ $(PERL) Configure TABLE) > TABLE -update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend - # Build distribution tar-file. As the list of files returned by "find" is # pretty long, on several platforms a "too many arguments" error or similar # would occur. Therefore the list of files is temporarily stored into a file diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS index 12616d2..e866e94 100644 --- a/crypto/openssl/NEWS +++ b/crypto/openssl/NEWS @@ -5,6 +5,14 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015] + + o Malformed ECParameters causes infinite loop (CVE-2015-1788) + o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) + o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) + o CMS verify infinite loop with unknown hash function (CVE-2015-1792) + o Race condition handling NewSessionTicket (CVE-2015-1791) + Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015] o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286) diff --git a/crypto/openssl/README b/crypto/openssl/README index ecdcfb2..8718a24 100644 --- a/crypto/openssl/README +++ b/crypto/openssl/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.1m 19 Mar 2015 + OpenSSL 1.0.1n 11 Jun 2015 Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/openssl/apps/Makefile b/crypto/openssl/apps/Makefile index 72657ea..cafe554 100644 --- a/crypto/openssl/apps/Makefile +++ b/crypto/openssl/apps/Makefile @@ -94,6 +94,9 @@ req: sreq.o $(A_OBJ) $(DLIBCRYPTO) sreq.o: req.c $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c +openssl-vms.cnf: openssl.cnf + $(PERL) $(TOP)/VMS/VMSify-conf.pl < openssl.cnf > openssl-vms.cnf + files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -127,12 +130,12 @@ links: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ - fi +update: openssl-vms.cnf local_depend + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new @@ -144,10 +147,10 @@ clean: rm -f req $(DLIBSSL): - (cd ..; $(MAKE) DIRS=ssl all) + (cd ..; $(MAKE) build_libssl) $(DLIBCRYPTO): - (cd ..; $(MAKE) DIRS=crypto all) + (cd ..; $(MAKE) build_libcrypto) $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) $(RM) $(EXE) diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c index 9862afd..6801238 100644 --- a/crypto/openssl/apps/apps.c +++ b/crypto/openssl/apps/apps.c @@ -572,7 +572,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) char *prompt = NULL; prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); - if(!prompt) { + if (!prompt) { BIO_printf(bio_err, "Out of memory\n"); UI_free(ui); return 0; @@ -586,7 +586,7 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) PW_MIN_LENGTH, bufsiz - 1); if (ok >= 0 && verify) { buff = (char *)OPENSSL_malloc(bufsiz); - if(!buff) { + if (!buff) { BIO_printf(bio_err, "Out of memory\n"); UI_free(ui); OPENSSL_free(prompt); @@ -2238,6 +2238,8 @@ int args_verify(char ***pargs, int *pargc, flags |= X509_V_FLAG_NOTIFY_POLICY; else if (!strcmp(arg, "-check_ss_sig")) flags |= X509_V_FLAG_CHECK_SS_SIGNATURE; + else if (!strcmp(arg, "-no_alt_chains")) + flags |= X509_V_FLAG_NO_ALT_CHAINS; else return 0; diff --git a/crypto/openssl/apps/asn1pars.c b/crypto/openssl/apps/asn1pars.c index 7a0f169..11b0787 100644 --- a/crypto/openssl/apps/asn1pars.c +++ b/crypto/openssl/apps/asn1pars.c @@ -375,7 +375,7 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf) { CONF *cnf = NULL; int len; - long errline; + long errline = 0; unsigned char *p; ASN1_TYPE *atyp = NULL; diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c index 5d29a64..97ad0c1 100644 --- a/crypto/openssl/apps/ca.c +++ b/crypto/openssl/apps/ca.c @@ -558,7 +558,7 @@ int MAIN(int argc, char **argv) #ifdef OPENSSL_SYS_VMS len = strlen(s) + sizeof(CONFIG_FILE); tofree = OPENSSL_malloc(len); - if(!tofree) { + if (!tofree) { BIO_printf(bio_err, "Out of memory\n"); goto err; } @@ -566,7 +566,7 @@ int MAIN(int argc, char **argv) #else len = strlen(s) + sizeof(CONFIG_FILE) + 1; tofree = OPENSSL_malloc(len); - if(!tofree) { + if (!tofree) { BIO_printf(bio_err, "Out of memory\n"); goto err; } @@ -2803,7 +2803,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME *comp_time = NULL; tmp = BUF_strdup(str); - if(!tmp) { + if (!tmp) { BIO_printf(bio_err, "memory allocation failure\n"); goto err; } @@ -2825,7 +2825,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, if (prevtm) { *prevtm = ASN1_UTCTIME_new(); - if(!*prevtm) { + if (!*prevtm) { BIO_printf(bio_err, "memory allocation failure\n"); goto err; } @@ -2869,7 +2869,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, goto err; } comp_time = ASN1_GENERALIZEDTIME_new(); - if(!comp_time) { + if (!comp_time) { BIO_printf(bio_err, "memory allocation failure\n"); goto err; } diff --git a/crypto/openssl/apps/cms.c b/crypto/openssl/apps/cms.c index 0cc4b46..d7645c0 100644 --- a/crypto/openssl/apps/cms.c +++ b/crypto/openssl/apps/cms.c @@ -581,6 +581,8 @@ int MAIN(int argc, char **argv) "-CApath dir trusted certificates directory\n"); BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); BIO_printf(bio_err, + "-no_alt_chains only ever use the first certificate chain found\n"); + BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); BIO_printf(bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); diff --git a/crypto/openssl/apps/dhparam.c b/crypto/openssl/apps/dhparam.c index f86311c..d3b6d58 100644 --- a/crypto/openssl/apps/dhparam.c +++ b/crypto/openssl/apps/dhparam.c @@ -130,7 +130,7 @@ # undef PROG # define PROG dhparam_main -# define DEFBITS 512 +# define DEFBITS 2048 /*- * -inform arg - input format - default PEM (DER or PEM) @@ -254,7 +254,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, " -5 generate parameters using 5 as the generator value\n"); BIO_printf(bio_err, - " numbits number of bits in to generate (default 512)\n"); + " numbits number of bits in to generate (default 2048)\n"); # ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n"); diff --git a/crypto/openssl/apps/enc.c b/crypto/openssl/apps/enc.c index 5c2cf7a..7b7c70b 100644 --- a/crypto/openssl/apps/enc.c +++ b/crypto/openssl/apps/enc.c @@ -548,9 +548,14 @@ int MAIN(int argc, char **argv) else OPENSSL_cleanse(str, strlen(str)); } - if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) { - BIO_printf(bio_err, "invalid hex iv value\n"); - goto end; + if (hiv != NULL) { + int siz = EVP_CIPHER_iv_length(cipher); + if (siz == 0) { + BIO_printf(bio_err, "warning: iv not use by this cipher\n"); + } else if (!set_hex(hiv, iv, sizeof iv)) { + BIO_printf(bio_err, "invalid hex iv value\n"); + goto end; + } } if ((hiv == NULL) && (str == NULL) && EVP_CIPHER_iv_length(cipher) != 0) { @@ -562,7 +567,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "iv undefined\n"); goto end; } - if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) { + if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) { BIO_printf(bio_err, "invalid hex key value\n"); goto end; } diff --git a/crypto/openssl/apps/gendh.c b/crypto/openssl/apps/gendh.c index adaa101..fef6f1b 100644 --- a/crypto/openssl/apps/gendh.c +++ b/crypto/openssl/apps/gendh.c @@ -80,7 +80,7 @@ # include <openssl/x509.h> # include <openssl/pem.h> -# define DEFBITS 512 +# define DEFBITS 2048 # undef PROG # define PROG gendh_main diff --git a/crypto/openssl/apps/ocsp.c b/crypto/openssl/apps/ocsp.c index 71def26..572f064 100644 --- a/crypto/openssl/apps/ocsp.c +++ b/crypto/openssl/apps/ocsp.c @@ -519,6 +519,8 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); BIO_printf(bio_err, + "-no_alt_chains only ever use the first certificate chain found\n"); + BIO_printf(bio_err, "-VAfile file validator certificates file\n"); BIO_printf(bio_err, "-validity_period n maximum validity discrepancy in seconds\n"); diff --git a/crypto/openssl/apps/s_cb.c b/crypto/openssl/apps/s_cb.c index 7918500..fabf9cf 100644 --- a/crypto/openssl/apps/s_cb.c +++ b/crypto/openssl/apps/s_cb.c @@ -111,6 +111,7 @@ #include <stdio.h> #include <stdlib.h> +#include <string.h> /* for memcpy() */ #define USE_SOCKETS #define NON_MAIN #include "apps.h" @@ -747,7 +748,7 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, /* Initialize a random secret */ if (!cookie_initialized) { - if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) { + if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) { BIO_printf(bio_err, "error setting random cookie secret\n"); return 0; } diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c index ef41cec..28737b6 100644 --- a/crypto/openssl/apps/s_client.c +++ b/crypto/openssl/apps/s_client.c @@ -323,6 +323,8 @@ static void sc_usage(void) BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err, + " -no_alt_chains - only ever use the first certificate chain found\n"); + BIO_printf(bio_err, " -reconnect - Drop and re-make the connection with the same Session-ID\n"); BIO_printf(bio_err, " -pause - sleep(1) after each read(2) and write(2) system call\n"); @@ -547,7 +549,7 @@ static char *MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg) PW_CB_DATA cb_tmp; int l; - if(!pass) { + if (!pass) { BIO_printf(bio_err, "Malloc failure\n"); return NULL; } @@ -1177,13 +1179,12 @@ int MAIN(int argc, char **argv) if (!set_cert_key_stuff(ctx, cert, key)) goto end; - if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || - (!SSL_CTX_set_default_verify_paths(ctx))) { - /* - * BIO_printf(bio_err,"error setting default verify locations\n"); - */ + if ((CAfile || CApath) + && !SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) { + ERR_print_errors(bio_err); + } + if (!SSL_CTX_set_default_verify_paths(ctx)) { ERR_print_errors(bio_err); - /* goto end; */ } #ifndef OPENSSL_NO_TLSEXT if (servername != NULL) { diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c index bcf5c33..b58e5e0 100644 --- a/crypto/openssl/apps/s_server.c +++ b/crypto/openssl/apps/s_server.c @@ -219,7 +219,7 @@ static int generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len); #ifndef OPENSSL_NO_DH static DH *load_dh_param(const char *dhfile); -static DH *get_dh512(void); +static DH *get_dh2048(void); #endif #ifdef MONOLITH @@ -227,30 +227,48 @@ static void s_server_init(void); #endif #ifndef OPENSSL_NO_DH -static unsigned char dh512_p[] = { - 0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89, 0xD0, 0xE4, 0xAF, 0x75, - 0x6F, 0x4C, 0xCA, 0x92, 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F, - 0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED, 0x57, 0x46, 0x50, 0xD3, - 0x69, 0x99, 0xDB, 0x29, 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12, - 0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6, 0xD8, 0x00, 0x3E, 0x7C, - 0x47, 0x74, 0xE8, 0x33, +static unsigned char dh2048_p[] = { + 0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6, + 0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1, + 0x6E,0xB9,0x4B,0x38,0x20,0xDA,0x01,0xA7,0x56,0xA3,0x14,0xE9, + 0x8F,0x40,0x55,0xF3,0xD0,0x07,0xC6,0xCB,0x43,0xA9,0x94,0xAD, + 0xF7,0x4C,0x64,0x86,0x49,0xF8,0x0C,0x83,0xBD,0x65,0xE9,0x17, + 0xD4,0xA1,0xD3,0x50,0xF8,0xF5,0x59,0x5F,0xDC,0x76,0x52,0x4F, + 0x3D,0x3D,0x8D,0xDB,0xCE,0x99,0xE1,0x57,0x92,0x59,0xCD,0xFD, + 0xB8,0xAE,0x74,0x4F,0xC5,0xFC,0x76,0xBC,0x83,0xC5,0x47,0x30, + 0x61,0xCE,0x7C,0xC9,0x66,0xFF,0x15,0xF9,0xBB,0xFD,0x91,0x5E, + 0xC7,0x01,0xAA,0xD3,0x5B,0x9E,0x8D,0xA0,0xA5,0x72,0x3A,0xD4, + 0x1A,0xF0,0xBF,0x46,0x00,0x58,0x2B,0xE5,0xF4,0x88,0xFD,0x58, + 0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,0x91,0x07,0x36,0x6B, + 0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,0x88,0xB3,0x1C,0x7C, + 0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,0x43,0xF0,0xA5,0x5B, + 0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,0x38,0xD3,0x34,0xFD, + 0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,0xDE,0x33,0x21,0x2C, + 0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C, + 0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29, + 0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B, + 0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C, + 0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55, + 0xE9,0x32,0x0B,0x3B, }; -static unsigned char dh512_g[] = { +static unsigned char dh2048_g[] = { 0x02, }; -static DH *get_dh512(void) +DH *get_dh2048() { - DH *dh = NULL; + DH *dh; if ((dh = DH_new()) == NULL) - return (NULL); - dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); - dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); - if ((dh->p == NULL) || (dh->g == NULL)) - return (NULL); - return (dh); + return NULL; + dh->p=BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL); + dh->g=BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL); + if (dh->p == NULL || dh->g == NULL) { + DH_free(dh); + return NULL; + } + return dh; } #endif @@ -523,6 +541,8 @@ static void sv_usage(void) BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err, + " -no_alt_chains - only ever use the first certificate chain found\n"); + BIO_printf(bio_err, " -nocert - Don't use any certificates (Anon-DH)\n"); BIO_printf(bio_err, " -cipher arg - play with 'openssl ciphers' to see what goes here\n"); @@ -720,7 +740,7 @@ static int ebcdic_write(BIO *b, const char *in, int inl) num = inl; wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num); - if(!wbuf) + if (!wbuf) return 0; OPENSSL_free(b->ptr); @@ -998,7 +1018,7 @@ int MAIN(int argc, char *argv[]) int off = 0; int no_tmp_rsa = 0, no_dhe = 0, nocert = 0; #ifndef OPENSSL_NO_ECDH - int no_ecdhe; + int no_ecdhe = 0; #endif int state = 0; const SSL_METHOD *meth = NULL; @@ -1654,7 +1674,11 @@ int MAIN(int argc, char *argv[]) BIO_printf(bio_s_out, "Setting temp DH parameters\n"); } else { BIO_printf(bio_s_out, "Using default temp DH parameters\n"); - dh = get_dh512(); + dh = get_dh2048(); + if (dh == NULL) { + ERR_print_errors(bio_err); + goto end; + } } (void)BIO_flush(bio_s_out); @@ -2251,8 +2275,10 @@ static int sv_body(char *hostname, int s, unsigned char *context) ret = 1; goto err; } - l += k; - i -= k; + if (k > 0) { + l += k; + i -= k; + } if (i <= 0) break; } @@ -2916,7 +2942,8 @@ static int generate_session_id(const SSL *ssl, unsigned char *id, { unsigned int count = 0; do { - RAND_pseudo_bytes(id, *id_len); + if (RAND_pseudo_bytes(id, *id_len) < 0) + return 0; /* * Prefix the session_id with the required prefix. NB: If our prefix * is too long, clip it - but there will be worse effects anyway, eg. diff --git a/crypto/openssl/apps/s_time.c b/crypto/openssl/apps/s_time.c index a40997a..38788f7 100644 --- a/crypto/openssl/apps/s_time.c +++ b/crypto/openssl/apps/s_time.c @@ -302,7 +302,7 @@ static int parseArgs(int argc, char **argv) if (--argc < 1) goto bad; maxTime = atoi(*(++argv)); - if(maxTime <= 0) { + if (maxTime <= 0) { BIO_printf(bio_err, "time must be > 0\n"); badop = 1; } diff --git a/crypto/openssl/apps/smime.c b/crypto/openssl/apps/smime.c index 7b351f6..53e43c5 100644 --- a/crypto/openssl/apps/smime.c +++ b/crypto/openssl/apps/smime.c @@ -442,6 +442,8 @@ int MAIN(int argc, char **argv) "-CApath dir trusted certificates directory\n"); BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); BIO_printf(bio_err, + "-no_alt_chains only ever use the first certificate chain found\n"); + BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); BIO_printf(bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); diff --git a/crypto/openssl/apps/srp.c b/crypto/openssl/apps/srp.c index c679448..c0ff417 100644 --- a/crypto/openssl/apps/srp.c +++ b/crypto/openssl/apps/srp.c @@ -435,7 +435,7 @@ int MAIN(int argc, char **argv) # ifdef OPENSSL_SYS_VMS len = strlen(s) + sizeof(CONFIG_FILE); tofree = OPENSSL_malloc(len); - if(!tofree) { + if (!tofree) { BIO_printf(bio_err, "Out of memory\n"); goto err; } @@ -443,7 +443,7 @@ int MAIN(int argc, char **argv) # else len = strlen(s) + sizeof(CONFIG_FILE) + 1; tofree = OPENSSL_malloc(len); - if(!tofree) { + if (!tofree) { BIO_printf(bio_err, "Out of memory\n"); goto err; } diff --git a/crypto/openssl/apps/verify.c b/crypto/openssl/apps/verify.c index 7295c76..e29f9bb 100644 --- a/crypto/openssl/apps/verify.c +++ b/crypto/openssl/apps/verify.c @@ -227,7 +227,7 @@ int MAIN(int argc, char **argv) if (ret == 1) { BIO_printf(bio_err, "usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]"); - BIO_printf(bio_err, " [-attime timestamp]"); + BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " [-engine e]"); #endif diff --git a/crypto/openssl/crypto/Makefile b/crypto/openssl/crypto/Makefile index b839b55..11f517a 100644 --- a/crypto/openssl/crypto/Makefile +++ b/crypto/openssl/crypto/Makefile @@ -126,12 +126,17 @@ install: lint: @target=lint; $(RECURSIVE_MAKE) -depend: +update: local_depend + @[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) ) + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +depend: local_depend + @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) ) + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: @[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC) @[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h - @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) ) - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi clean: rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff diff --git a/crypto/openssl/crypto/aes/Makefile b/crypto/openssl/crypto/aes/Makefile index 45ede0a..b3a9581 100644 --- a/crypto/openssl/crypto/aes/Makefile +++ b/crypto/openssl/crypto/aes/Makefile @@ -106,6 +106,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/asn1/Makefile b/crypto/openssl/crypto/asn1/Makefile index f778700..d774f78 100644 --- a/crypto/openssl/crypto/asn1/Makefile +++ b/crypto/openssl/crypto/asn1/Makefile @@ -93,6 +93,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/asn1/a_int.c b/crypto/openssl/crypto/asn1/a_int.c index 70c2b8e..7e26704 100644 --- a/crypto/openssl/crypto/asn1/a_int.c +++ b/crypto/openssl/crypto/asn1/a_int.c @@ -124,6 +124,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) else { ret = a->length; i = a->data[0]; + if (ret == 1 && i == 0) + neg = 0; if (!neg && (i > 127)) { pad = 1; pb = 0; @@ -162,7 +164,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) p += a->length - 1; i = a->length; /* Copy zeros to destination as long as source is zero */ - while (!*n) { + while (!*n && i > 1) { *(p--) = 0; n--; i--; @@ -419,7 +421,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR); goto err; } - if (BN_is_negative(bn)) + if (BN_is_negative(bn) && !BN_is_zero(bn)) ret->type = V_ASN1_NEG_INTEGER; else ret->type = V_ASN1_INTEGER; diff --git a/crypto/openssl/crypto/asn1/asn1_gen.c b/crypto/openssl/crypto/asn1/asn1_gen.c index 11b582d..6574923 100644 --- a/crypto/openssl/crypto/asn1/asn1_gen.c +++ b/crypto/openssl/crypto/asn1/asn1_gen.c @@ -74,6 +74,8 @@ #define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val} #define ASN1_FLAG_EXP_MAX 20 +/* Maximum number of nested sequences */ +#define ASN1_GEN_SEQ_MAX_DEPTH 50 /* Input formats */ @@ -110,13 +112,16 @@ typedef struct { int exp_count; } tag_exp_arg; +static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth, + int *perr); static int bitstr_cb(const char *elem, int len, void *bitstr); static int asn1_cb(const char *elem, int len, void *bitstr); static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok); static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass); -static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf); +static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, + int depth, int *perr); static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype); static int asn1_str2tag(const char *tagstr, int len); @@ -133,6 +138,16 @@ ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf) ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) { + int err = 0; + ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err); + if (err) + ASN1err(ASN1_F_ASN1_GENERATE_V3, err); + return ret; +} + +static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth, + int *perr) +{ ASN1_TYPE *ret; tag_exp_arg asn1_tags; tag_exp_type *etmp; @@ -152,17 +167,22 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) asn1_tags.imp_class = -1; asn1_tags.format = ASN1_GEN_FORMAT_ASCII; asn1_tags.exp_count = 0; - if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) + if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) { + *perr = ASN1_R_UNKNOWN_TAG; return NULL; + } if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET)) { if (!cnf) { - ASN1err(ASN1_F_ASN1_GENERATE_V3, - ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG); + *perr = ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG; return NULL; } - ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf); + if (depth >= ASN1_GEN_SEQ_MAX_DEPTH) { + *perr = ASN1_R_ILLEGAL_NESTED_TAGGING; + return NULL; + } + ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf, depth, perr); } else ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype); @@ -280,7 +300,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) int tmp_tag, tmp_class; if (elem == NULL) - return 0; + return -1; for (i = 0, p = elem; i < len; p++, i++) { /* Look for the ':' in name value pairs */ @@ -353,7 +373,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) break; case ASN1_GEN_FLAG_FORMAT: - if(!vstart) { + if (!vstart) { ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT); return -1; } @@ -435,7 +455,8 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) /* Handle multiple types: SET and SEQUENCE */ -static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf) +static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, + int depth, int *perr) { ASN1_TYPE *ret = NULL; STACK_OF(ASN1_TYPE) *sk = NULL; @@ -454,7 +475,8 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf) goto bad; for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { ASN1_TYPE *typ = - ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf); + generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf, + depth + 1, perr); if (!typ) goto bad; if (!sk_ASN1_TYPE_push(sk, typ)) diff --git a/crypto/openssl/crypto/asn1/asn_mime.c b/crypto/openssl/crypto/asn1/asn_mime.c index 7e2f28e..96110c5 100644 --- a/crypto/openssl/crypto/asn1/asn_mime.c +++ b/crypto/openssl/crypto/asn1/asn_mime.c @@ -289,7 +289,8 @@ int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, if ((flags & SMIME_DETACHED) && data) { /* We want multipart/signed */ /* Generate a random boundary */ - RAND_pseudo_bytes((unsigned char *)bound, 32); + if (RAND_pseudo_bytes((unsigned char *)bound, 32) < 0) + return 0; for (i = 0; i < 32; i++) { c = bound[i] & 0xf; if (c < 10) diff --git a/crypto/openssl/crypto/asn1/bio_ndef.c b/crypto/openssl/crypto/asn1/bio_ndef.c index 4a73ca9..31949b8 100644 --- a/crypto/openssl/crypto/asn1/bio_ndef.c +++ b/crypto/openssl/crypto/asn1/bio_ndef.c @@ -162,7 +162,7 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); p = OPENSSL_malloc(derlen); - if(!p) + if (!p) return 0; ndef_aux->derbuf = p; @@ -232,7 +232,7 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg) derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); p = OPENSSL_malloc(derlen); - if(!p) + if (!p) return 0; ndef_aux->derbuf = p; diff --git a/crypto/openssl/crypto/asn1/tasn_new.c b/crypto/openssl/crypto/asn1/tasn_new.c index 7d2964f..b0c73be 100644 --- a/crypto/openssl/crypto/asn1/tasn_new.c +++ b/crypto/openssl/crypto/asn1/tasn_new.c @@ -100,9 +100,6 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, else asn1_cb = 0; - if (!combine) - *pval = NULL; - #ifdef CRYPTO_MDEBUG if (it->sname) CRYPTO_push_info(it->sname); diff --git a/crypto/openssl/crypto/asn1/tasn_prn.c b/crypto/openssl/crypto/asn1/tasn_prn.c index 7c54f9d..5e7d53e 100644 --- a/crypto/openssl/crypto/asn1/tasn_prn.c +++ b/crypto/openssl/crypto/asn1/tasn_prn.c @@ -290,7 +290,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { const ASN1_TEMPLATE *seqtt; seqtt = asn1_do_adb(fld, tt, 1); - if(!seqtt) + if (!seqtt) return 0; tmpfld = asn1_get_field_ptr(fld, seqtt); if (!asn1_template_print_ctx(out, tmpfld, diff --git a/crypto/openssl/crypto/asn1/x_x509.c b/crypto/openssl/crypto/asn1/x_x509.c index d51b76e..f56e837 100644 --- a/crypto/openssl/crypto/asn1/x_x509.c +++ b/crypto/openssl/crypto/asn1/x_x509.c @@ -177,7 +177,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) /* Save start position */ q = *pp; - if(!a || *a == NULL) { + if (!a || *a == NULL) { freeret = 1; } ret = d2i_X509(a, pp, length); @@ -192,7 +192,7 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) goto err; return ret; err: - if(freeret) { + if (freeret) { X509_free(ret); if (a) *a = NULL; diff --git a/crypto/openssl/crypto/bf/Makefile b/crypto/openssl/crypto/bf/Makefile index d01bfaa..6dd2015 100644 --- a/crypto/openssl/crypto/bf/Makefile +++ b/crypto/openssl/crypto/bf/Makefile @@ -72,6 +72,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/bio/Makefile b/crypto/openssl/crypto/bio/Makefile index c395d80..ef526f6 100644 --- a/crypto/openssl/crypto/bio/Makefile +++ b/crypto/openssl/crypto/bio/Makefile @@ -73,6 +73,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/bio/b_print.c b/crypto/openssl/crypto/bio/b_print.c index c2cf6e6..7c81e25 100644 --- a/crypto/openssl/crypto/bio/b_print.c +++ b/crypto/openssl/crypto/bio/b_print.c @@ -704,32 +704,29 @@ doapr_outch(char **sbuffer, /* If we haven't at least one buffer, someone has doe a big booboo */ assert(*sbuffer != NULL || buffer != NULL); - if (buffer) { - while (*currlen >= *maxlen) { - if (*buffer == NULL) { - if (*maxlen == 0) - *maxlen = 1024; - *buffer = OPENSSL_malloc(*maxlen); - if(!*buffer) { - /* Panic! Can't really do anything sensible. Just return */ - return; - } - if (*currlen > 0) { - assert(*sbuffer != NULL); - memcpy(*buffer, *sbuffer, *currlen); - } - *sbuffer = NULL; - } else { - *maxlen += 1024; - *buffer = OPENSSL_realloc(*buffer, *maxlen); - if(!*buffer) { - /* Panic! Can't really do anything sensible. Just return */ - return; - } + /* |currlen| must always be <= |*maxlen| */ + assert(*currlen <= *maxlen); + + if (buffer && *currlen == *maxlen) { + *maxlen += 1024; + if (*buffer == NULL) { + *buffer = OPENSSL_malloc(*maxlen); + if (!*buffer) { + /* Panic! Can't really do anything sensible. Just return */ + return; + } + if (*currlen > 0) { + assert(*sbuffer != NULL); + memcpy(*buffer, *sbuffer, *currlen); + } + *sbuffer = NULL; + } else { + *buffer = OPENSSL_realloc(*buffer, *maxlen); + if (!*buffer) { + /* Panic! Can't really do anything sensible. Just return */ + return; } } - /* What to do if *buffer is NULL? */ - assert(*sbuffer != NULL || *buffer != NULL); } if (*currlen < *maxlen) { diff --git a/crypto/openssl/crypto/bio/bf_nbio.c b/crypto/openssl/crypto/bio/bf_nbio.c index da88a8a..a04f32a 100644 --- a/crypto/openssl/crypto/bio/bf_nbio.c +++ b/crypto/openssl/crypto/bio/bf_nbio.c @@ -139,7 +139,8 @@ static int nbiof_read(BIO *b, char *out, int outl) BIO_clear_retry_flags(b); #if 1 - RAND_pseudo_bytes(&n, 1); + if (RAND_pseudo_bytes(&n, 1) < 0) + return -1; num = (n & 0x07); if (outl > num) @@ -178,7 +179,8 @@ static int nbiof_write(BIO *b, const char *in, int inl) num = nt->lwn; nt->lwn = 0; } else { - RAND_pseudo_bytes(&n, 1); + if (RAND_pseudo_bytes(&n, 1) < 0) + return -1; num = (n & 7); } diff --git a/crypto/openssl/crypto/bio/bio_lib.c b/crypto/openssl/crypto/bio/bio_lib.c index 5267010..07934f8 100644 --- a/crypto/openssl/crypto/bio/bio_lib.c +++ b/crypto/openssl/crypto/bio/bio_lib.c @@ -536,8 +536,10 @@ BIO *BIO_dup_chain(BIO *in) /* copy app data */ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data, - &bio->ex_data)) + &bio->ex_data)) { + BIO_free(new_bio); goto err; + } if (ret == NULL) { eoc = new_bio; @@ -549,8 +551,8 @@ BIO *BIO_dup_chain(BIO *in) } return (ret); err: - if (ret != NULL) - BIO_free(ret); + BIO_free_all(ret); + return (NULL); } diff --git a/crypto/openssl/crypto/bio/bss_dgram.c b/crypto/openssl/crypto/bio/bss_dgram.c index b495db2..e3e3dd0 100644 --- a/crypto/openssl/crypto/bio/bss_dgram.c +++ b/crypto/openssl/crypto/bio/bss_dgram.c @@ -299,16 +299,17 @@ static void dgram_adjust_rcv_timeout(BIO *b) /* Calculate time left until timer expires */ memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval)); - timeleft.tv_sec -= timenow.tv_sec; - timeleft.tv_usec -= timenow.tv_usec; - if (timeleft.tv_usec < 0) { + if (timeleft.tv_usec < timenow.tv_usec) { + timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec; timeleft.tv_sec--; - timeleft.tv_usec += 1000000; + } else { + timeleft.tv_usec -= timenow.tv_usec; } - - if (timeleft.tv_sec < 0) { + if (timeleft.tv_sec < timenow.tv_sec) { timeleft.tv_sec = 0; timeleft.tv_usec = 1; + } else { + timeleft.tv_sec -= timenow.tv_sec; } /* @@ -953,7 +954,7 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) */ sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); authchunks = OPENSSL_malloc(sockopt_len); - if(!authchunks) { + if (!authchunks) { BIO_vfree(bio); return (NULL); } @@ -1293,7 +1294,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); authchunks = OPENSSL_malloc(optlen); if (!authchunks) { - BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_ERROR); + BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE); return -1; } memset(authchunks, 0, sizeof(optlen)); @@ -1364,8 +1365,8 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) { char *tmp; data->saved_message.bio = b; - if(!(tmp = OPENSSL_malloc(inl))) { - BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_ERROR); + if (!(tmp = OPENSSL_malloc(inl))) { + BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE); return -1; } if (data->saved_message.data) diff --git a/crypto/openssl/crypto/bn/Makefile b/crypto/openssl/crypto/bn/Makefile index 6dd136b..3d0158c 100644 --- a/crypto/openssl/crypto/bn/Makefile +++ b/crypto/openssl/crypto/bn/Makefile @@ -167,6 +167,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: bn_prime.h depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/bn/bn.h b/crypto/openssl/crypto/bn/bn.h index 7d57e98..47d8c71 100644 --- a/crypto/openssl/crypto/bn/bn.h +++ b/crypto/openssl/crypto/bn/bn.h @@ -797,6 +797,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num); * wouldn't be constructed with top!=dmax. */ \ BN_ULONG *_not_const; \ memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ + /* Debug only - safe to ignore error return */ \ RAND_pseudo_bytes(&_tmp_char, 1); \ memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ @@ -910,6 +911,7 @@ void ERR_load_BN_strings(void); # define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 # define BN_F_BN_GF2M_MOD_SQR 136 # define BN_F_BN_GF2M_MOD_SQRT 137 +# define BN_F_BN_LSHIFT 145 # define BN_F_BN_MOD_EXP2_MONT 118 # define BN_F_BN_MOD_EXP_MONT 109 # define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 @@ -925,12 +927,14 @@ void ERR_load_BN_strings(void); # define BN_F_BN_NEW 113 # define BN_F_BN_RAND 114 # define BN_F_BN_RAND_RANGE 122 +# define BN_F_BN_RSHIFT 146 # define BN_F_BN_USUB 115 /* Reason codes. */ # define BN_R_ARG2_LT_ARG3 100 # define BN_R_BAD_RECIPROCAL 101 # define BN_R_BIGNUM_TOO_LONG 114 +# define BN_R_BITS_TOO_SMALL 118 # define BN_R_CALLED_WITH_EVEN_MODULUS 102 # define BN_R_DIV_BY_ZERO 103 # define BN_R_ENCODING_ERROR 104 @@ -938,6 +942,7 @@ void ERR_load_BN_strings(void); # define BN_R_INPUT_NOT_REDUCED 110 # define BN_R_INVALID_LENGTH 106 # define BN_R_INVALID_RANGE 115 +# define BN_R_INVALID_SHIFT 119 # define BN_R_NOT_A_SQUARE 111 # define BN_R_NOT_INITIALIZED 107 # define BN_R_NO_INVERSE 108 diff --git a/crypto/openssl/crypto/bn/bn_err.c b/crypto/openssl/crypto/bn/bn_err.c index faa7e22..e7a7038 100644 --- a/crypto/openssl/crypto/bn/bn_err.c +++ b/crypto/openssl/crypto/bn/bn_err.c @@ -1,6 +1,6 @@ /* crypto/bn/bn_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -94,6 +94,7 @@ static ERR_STRING_DATA BN_str_functs[] = { {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"}, + {ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"}, {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"}, {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"}, {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"}, @@ -109,6 +110,7 @@ static ERR_STRING_DATA BN_str_functs[] = { {ERR_FUNC(BN_F_BN_NEW), "BN_new"}, {ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, + {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"}, {ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, {0, NULL} }; @@ -117,6 +119,7 @@ static ERR_STRING_DATA BN_str_reasons[] = { {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"}, {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"}, {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"}, + {ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"}, {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"}, {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"}, {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"}, @@ -125,6 +128,7 @@ static ERR_STRING_DATA BN_str_reasons[] = { {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"}, {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"}, {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"}, + {ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"}, {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"}, {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"}, {ERR_REASON(BN_R_NO_INVERSE), "no inverse"}, diff --git a/crypto/openssl/crypto/bn/bn_gf2m.c b/crypto/openssl/crypto/bn/bn_gf2m.c index aeee49a..a0ba8de 100644 --- a/crypto/openssl/crypto/bn/bn_gf2m.c +++ b/crypto/openssl/crypto/bn/bn_gf2m.c @@ -694,9 +694,10 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) } # else { - int i, ubits = BN_num_bits(u), vbits = BN_num_bits(v), /* v is copy - * of p */ - top = p->top; + int i; + int ubits = BN_num_bits(u); + int vbits = BN_num_bits(v); /* v is copy of p */ + int top = p->top; BN_ULONG *udp, *bdp, *vdp, *cdp; bn_wexpand(u, top); @@ -740,8 +741,12 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) ubits--; } - if (ubits <= BN_BITS2 && udp[0] == 1) - break; + if (ubits <= BN_BITS2) { + if (udp[0] == 0) /* poly was reducible */ + goto err; + if (udp[0] == 1) + break; + } if (ubits < vbits) { i = ubits; diff --git a/crypto/openssl/crypto/bn/bn_lcl.h b/crypto/openssl/crypto/bn/bn_lcl.h index 1059d1d..904a723 100644 --- a/crypto/openssl/crypto/bn/bn_lcl.h +++ b/crypto/openssl/crypto/bn/bn_lcl.h @@ -276,7 +276,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, # endif # elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) # if defined(__GNUC__) && __GNUC__>=2 -# if __GNUC__>=4 && __GNUC_MINOR__>=4 +# if __GNUC__>4 || (__GNUC__>=4 && __GNUC_MINOR__>=4) /* "h" constraint is no more since 4.4 */ # define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64) # define BN_UMULT_LOHI(low,high,a,b) ({ \ diff --git a/crypto/openssl/crypto/bn/bn_print.c b/crypto/openssl/crypto/bn/bn_print.c index 4dcaae3..ab10b95 100644 --- a/crypto/openssl/crypto/bn/bn_print.c +++ b/crypto/openssl/crypto/bn/bn_print.c @@ -71,7 +71,12 @@ char *BN_bn2hex(const BIGNUM *a) char *buf; char *p; - buf = (char *)OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); + if (a->neg && BN_is_zero(a)) { + /* "-0" == 3 bytes including NULL terminator */ + buf = OPENSSL_malloc(3); + } else { + buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); + } if (buf == NULL) { BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE); goto err; diff --git a/crypto/openssl/crypto/bn/bn_rand.c b/crypto/openssl/crypto/bn/bn_rand.c index 7ac71ec..f9fb2e9 100644 --- a/crypto/openssl/crypto/bn/bn_rand.c +++ b/crypto/openssl/crypto/bn/bn_rand.c @@ -121,6 +121,11 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) int ret = 0, bit, bytes, mask; time_t tim; + if (bits < 0 || (bits == 1 && top > 0)) { + BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL); + return 0; + } + if (bits == 0) { BN_zero(rnd); return 1; @@ -157,7 +162,8 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) unsigned char c; for (i = 0; i < bytes; i++) { - RAND_pseudo_bytes(&c, 1); + if (RAND_pseudo_bytes(&c, 1) < 0) + goto err; if (c >= 128 && i > 0) buf[i] = buf[i - 1]; else if (c < 42) @@ -168,7 +174,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) } #endif - if (top != -1) { + if (top >= 0) { if (top) { if (bit == 0) { buf[0] = 1; diff --git a/crypto/openssl/crypto/bn/bn_shift.c b/crypto/openssl/crypto/bn/bn_shift.c index 4f3e8ff..9673d9a 100644 --- a/crypto/openssl/crypto/bn/bn_shift.c +++ b/crypto/openssl/crypto/bn/bn_shift.c @@ -137,6 +137,11 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) bn_check_top(r); bn_check_top(a); + if (n < 0) { + BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT); + return 0; + } + r->neg = a->neg; nw = n / BN_BITS2; if (bn_wexpand(r, a->top + nw + 1) == NULL) @@ -174,6 +179,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) bn_check_top(r); bn_check_top(a); + if (n < 0) { + BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT); + return 0; + } + nw = n / BN_BITS2; rb = n % BN_BITS2; lb = BN_BITS2 - rb; diff --git a/crypto/openssl/crypto/buffer/Makefile b/crypto/openssl/crypto/buffer/Makefile index 2efba47..352efb8 100644 --- a/crypto/openssl/crypto/buffer/Makefile +++ b/crypto/openssl/crypto/buffer/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/buffer/buffer.c b/crypto/openssl/crypto/buffer/buffer.c index d287e34..eff3e08 100644 --- a/crypto/openssl/crypto/buffer/buffer.c +++ b/crypto/openssl/crypto/buffer/buffer.c @@ -88,7 +88,7 @@ void BUF_MEM_free(BUF_MEM *a) return; if (a->data != NULL) { - memset(a->data, 0, (unsigned int)a->max); + OPENSSL_cleanse(a->data, a->max); OPENSSL_free(a->data); } OPENSSL_free(a); diff --git a/crypto/openssl/crypto/camellia/Makefile b/crypto/openssl/crypto/camellia/Makefile index 6ce6fc9..228f1dc 100644 --- a/crypto/openssl/crypto/camellia/Makefile +++ b/crypto/openssl/crypto/camellia/Makefile @@ -73,6 +73,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/cast/Makefile b/crypto/openssl/crypto/cast/Makefile index f3f4859..4c4b5e9 100644 --- a/crypto/openssl/crypto/cast/Makefile +++ b/crypto/openssl/crypto/cast/Makefile @@ -69,6 +69,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/cmac/Makefile b/crypto/openssl/crypto/cmac/Makefile index 54e7cc3..6a28408 100644 --- a/crypto/openssl/crypto/cmac/Makefile +++ b/crypto/openssl/crypto/cmac/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/cmac/cmac.c b/crypto/openssl/crypto/cmac/cmac.c index c5597a3..774e6dc 100644 --- a/crypto/openssl/crypto/cmac/cmac.c +++ b/crypto/openssl/crypto/cmac/cmac.c @@ -126,6 +126,8 @@ EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx) void CMAC_CTX_free(CMAC_CTX *ctx) { + if (!ctx) + return; CMAC_CTX_cleanup(ctx); OPENSSL_free(ctx); } diff --git a/crypto/openssl/crypto/cms/Makefile b/crypto/openssl/crypto/cms/Makefile index 9820adb..b124b5d 100644 --- a/crypto/openssl/crypto/cms/Makefile +++ b/crypto/openssl/crypto/cms/Makefile @@ -67,6 +67,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/cms/cms_pwri.c b/crypto/openssl/crypto/cms/cms_pwri.c index 076b545..a8322dc 100644 --- a/crypto/openssl/crypto/cms/cms_pwri.c +++ b/crypto/openssl/crypto/cms/cms_pwri.c @@ -231,7 +231,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, return 0; } tmp = OPENSSL_malloc(inlen); - if(!tmp) + if (!tmp) return 0; /* setup IV by decrypting last two blocks */ EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl, @@ -297,8 +297,9 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen, out[3] = in[2] ^ 0xFF; memcpy(out + 4, in, inlen); /* Add random padding to end */ - if (olen > inlen + 4) - RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen); + if (olen > inlen + 4 + && RAND_pseudo_bytes(out + 4 + inlen, olen - 4 - inlen) < 0) + return 0; /* Encrypt twice */ EVP_EncryptUpdate(ctx, out, &dummy, out, olen); EVP_EncryptUpdate(ctx, out, &dummy, out, olen); diff --git a/crypto/openssl/crypto/cms/cms_smime.c b/crypto/openssl/crypto/cms/cms_smime.c index 8851603..8b37560 100644 --- a/crypto/openssl/crypto/cms/cms_smime.c +++ b/crypto/openssl/crypto/cms/cms_smime.c @@ -131,7 +131,7 @@ static void do_free_upto(BIO *f, BIO *upto) BIO_free(f); f = tbio; } - while (f != upto); + while (f && f != upto); } else BIO_free_all(f); } diff --git a/crypto/openssl/crypto/comp/Makefile b/crypto/openssl/crypto/comp/Makefile index efda832..a1e9464 100644 --- a/crypto/openssl/crypto/comp/Makefile +++ b/crypto/openssl/crypto/comp/Makefile @@ -64,6 +64,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/openssl/crypto/conf/Makefile b/crypto/openssl/crypto/conf/Makefile index 78bb324..d5f5c58 100644 --- a/crypto/openssl/crypto/conf/Makefile +++ b/crypto/openssl/crypto/conf/Makefile @@ -64,6 +64,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/openssl/crypto/cryptlib.c b/crypto/openssl/crypto/cryptlib.c index 6353bbe..c654a5c 100644 --- a/crypto/openssl/crypto/cryptlib.c +++ b/crypto/openssl/crypto/cryptlib.c @@ -806,8 +806,6 @@ int OPENSSL_isservice(void) if (_OPENSSL_isservice.p != (void *)-1) return (*_OPENSSL_isservice.f) (); - (void)GetDesktopWindow(); /* return value is ignored */ - h = GetProcessWindowStation(); if (h == NULL) return -1; diff --git a/crypto/openssl/crypto/des/Makefile b/crypto/openssl/crypto/des/Makefile index a6e1001..fbc77c1 100644 --- a/crypto/openssl/crypto/des/Makefile +++ b/crypto/openssl/crypto/des/Makefile @@ -94,6 +94,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/des/des.c b/crypto/openssl/crypto/des/des.c index 2bff281..586aed7 100644 --- a/crypto/openssl/crypto/des/des.c +++ b/crypto/openssl/crypto/des/des.c @@ -455,8 +455,10 @@ void doencryption(void) rem = l % 8; len = l - rem; if (feof(DES_IN)) { - for (i = 7 - rem; i > 0; i--) - RAND_pseudo_bytes(buf + l++, 1); + for (i = 7 - rem; i > 0; i--) { + if (RAND_pseudo_bytes(buf + l++, 1) < 0) + goto problems; + } buf[l++] = rem; ex = 1; len += rem; diff --git a/crypto/openssl/crypto/des/enc_writ.c b/crypto/openssl/crypto/des/enc_writ.c index b4eecc3..bfaabde 100644 --- a/crypto/openssl/crypto/des/enc_writ.c +++ b/crypto/openssl/crypto/des/enc_writ.c @@ -96,6 +96,9 @@ int DES_enc_write(int fd, const void *_buf, int len, const unsigned char *cp; static int start = 1; + if (len < 0) + return -1; + if (outbuf == NULL) { outbuf = OPENSSL_malloc(BSIZE + HDRSIZE); if (outbuf == NULL) @@ -132,7 +135,9 @@ int DES_enc_write(int fd, const void *_buf, int len, if (len < 8) { cp = shortbuf; memcpy(shortbuf, buf, len); - RAND_pseudo_bytes(shortbuf + len, 8 - len); + if (RAND_pseudo_bytes(shortbuf + len, 8 - len) < 0) { + return -1; + } rnum = 8; } else { cp = buf; diff --git a/crypto/openssl/crypto/dh/Makefile b/crypto/openssl/crypto/dh/Makefile index f23b4f7..6d574f4 100644 --- a/crypto/openssl/crypto/dh/Makefile +++ b/crypto/openssl/crypto/dh/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/dh/dh_ameth.c b/crypto/openssl/crypto/dh/dh_ameth.c index 1dec109..873eb2e 100644 --- a/crypto/openssl/crypto/dh/dh_ameth.c +++ b/crypto/openssl/crypto/dh/dh_ameth.c @@ -135,7 +135,7 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) dh = pkey->pkey.dh; str = ASN1_STRING_new(); - if(!str) { + if (!str) { DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/openssl/crypto/dsa/Makefile b/crypto/openssl/crypto/dsa/Makefile index 5fef4ca..8109201 100644 --- a/crypto/openssl/crypto/dsa/Makefile +++ b/crypto/openssl/crypto/dsa/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/dsa/dsa_gen.c b/crypto/openssl/crypto/dsa/dsa_gen.c index c808ab6..d686ab0 100644 --- a/crypto/openssl/crypto/dsa/dsa_gen.c +++ b/crypto/openssl/crypto/dsa/dsa_gen.c @@ -202,7 +202,8 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, goto err; if (!seed_len) { - RAND_pseudo_bytes(seed, qsize); + if (RAND_pseudo_bytes(seed, qsize) < 0) + goto err; seed_is_random = 1; } else { seed_is_random = 0; diff --git a/crypto/openssl/crypto/dsa/dsa_ossl.c b/crypto/openssl/crypto/dsa/dsa_ossl.c index b30eab0..6edb26d 100644 --- a/crypto/openssl/crypto/dsa/dsa_ossl.c +++ b/crypto/openssl/crypto/dsa/dsa_ossl.c @@ -106,23 +106,23 @@ static DSA_METHOD openssl_dsa_meth = { #define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \ do { \ int _tmp_res53; \ - if((dsa)->meth->dsa_mod_exp) \ + if ((dsa)->meth->dsa_mod_exp) \ _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \ (a2), (p2), (m), (ctx), (in_mont)); \ else \ _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \ (m), (ctx), (in_mont)); \ - if(!_tmp_res53) err_instr; \ + if (!_tmp_res53) err_instr; \ } while(0) #define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \ do { \ int _tmp_res53; \ - if((dsa)->meth->bn_mod_exp) \ + if ((dsa)->meth->bn_mod_exp) \ _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \ (m), (ctx), (m_ctx)); \ else \ _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \ - if(!_tmp_res53) err_instr; \ + if (!_tmp_res53) err_instr; \ } while(0) const DSA_METHOD *DSA_OpenSSL(void) diff --git a/crypto/openssl/crypto/dso/Makefile b/crypto/openssl/crypto/dso/Makefile index fb2709e..36b8ead 100644 --- a/crypto/openssl/crypto/dso/Makefile +++ b/crypto/openssl/crypto/dso/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/dso/dso_lib.c b/crypto/openssl/crypto/dso/dso_lib.c index d2a48bb..09b8eaf 100644 --- a/crypto/openssl/crypto/dso/dso_lib.c +++ b/crypto/openssl/crypto/dso/dso_lib.c @@ -285,7 +285,7 @@ DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname) * honest. For one thing, I think I have to return a negative value for any * error because possible DSO_ctrl() commands may return values such as * "size"s that can legitimately be zero (making the standard - * "if(DSO_cmd(...))" form that works almost everywhere else fail at odd + * "if (DSO_cmd(...))" form that works almost everywhere else fail at odd * times. I'd prefer "output" values to be passed by reference and the return * value as success/failure like usual ... but we conform when we must... :-) */ diff --git a/crypto/openssl/crypto/ec/Makefile b/crypto/openssl/crypto/ec/Makefile index f85fc84..2753b28 100644 --- a/crypto/openssl/crypto/ec/Makefile +++ b/crypto/openssl/crypto/ec/Makefile @@ -70,6 +70,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/ec/ec2_oct.c b/crypto/openssl/crypto/ec/ec2_oct.c index c245d88..0d04cc6 100644 --- a/crypto/openssl/crypto/ec/ec2_oct.c +++ b/crypto/openssl/crypto/ec/ec2_oct.c @@ -387,7 +387,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } /* test required by X9.62 */ - if (!EC_POINT_is_on_curve(group, point, ctx)) { + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/crypto/openssl/crypto/ec/ec_asn1.c b/crypto/openssl/crypto/ec/ec_asn1.c index b4b0e9f..4ad8494 100644 --- a/crypto/openssl/crypto/ec/ec_asn1.c +++ b/crypto/openssl/crypto/ec/ec_asn1.c @@ -1114,7 +1114,7 @@ int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out) { int ret = 0, ok = 0; unsigned char *buffer = NULL; - size_t buf_len = 0, tmp_len; + size_t buf_len = 0, tmp_len, bn_len; EC_PRIVATEKEY *priv_key = NULL; if (a == NULL || a->group == NULL || a->priv_key == NULL || @@ -1130,18 +1130,32 @@ int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out) priv_key->version = a->version; - buf_len = (size_t)BN_num_bytes(a->priv_key); + bn_len = (size_t)BN_num_bytes(a->priv_key); + + /* Octetstring may need leading zeros if BN is to short */ + + buf_len = (EC_GROUP_get_degree(a->group) + 7) / 8; + + if (bn_len > buf_len) { + ECerr(EC_F_I2D_ECPRIVATEKEY, EC_R_BUFFER_TOO_SMALL); + goto err; + } + buffer = OPENSSL_malloc(buf_len); if (buffer == NULL) { ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE); goto err; } - if (!BN_bn2bin(a->priv_key, buffer)) { + if (!BN_bn2bin(a->priv_key, buffer + buf_len - bn_len)) { ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB); goto err; } + if (buf_len - bn_len > 0) { + memset(buffer, 0, buf_len - bn_len); + } + if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len)) { ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB); goto err; diff --git a/crypto/openssl/crypto/ec/ec_check.c b/crypto/openssl/crypto/ec/ec_check.c index d3f5349..dd6f0ac 100644 --- a/crypto/openssl/crypto/ec/ec_check.c +++ b/crypto/openssl/crypto/ec/ec_check.c @@ -85,7 +85,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR); goto err; } - if (!EC_POINT_is_on_curve(group, group->generator, ctx)) { + if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) { ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/crypto/openssl/crypto/ec/ec_key.c b/crypto/openssl/crypto/ec/ec_key.c index ebdffc8..55ce3fe 100644 --- a/crypto/openssl/crypto/ec/ec_key.c +++ b/crypto/openssl/crypto/ec/ec_key.c @@ -314,7 +314,7 @@ int EC_KEY_check_key(const EC_KEY *eckey) goto err; /* testing whether the pub_key is on the elliptic curve */ - if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) { + if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) { ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/crypto/openssl/crypto/ec/ec_lcl.h b/crypto/openssl/crypto/ec/ec_lcl.h index 319e651..d79ed1e 100644 --- a/crypto/openssl/crypto/ec/ec_lcl.h +++ b/crypto/openssl/crypto/ec/ec_lcl.h @@ -451,14 +451,6 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); int ec_GF2m_have_precompute_mult(const EC_GROUP *group); -/* method functions in ec2_mult.c */ -int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], const BIGNUM *scalars[], - BN_CTX *); -int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); -int ec_GF2m_have_precompute_mult(const EC_GROUP *group); - #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 /* method functions in ecp_nistp224.c */ int ec_GFp_nistp224_group_init(EC_GROUP *group); diff --git a/crypto/openssl/crypto/ec/ec_lib.c b/crypto/openssl/crypto/ec/ec_lib.c index 9a54f41..e227520 100644 --- a/crypto/openssl/crypto/ec/ec_lib.c +++ b/crypto/openssl/crypto/ec/ec_lib.c @@ -934,6 +934,13 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) return group->meth->is_at_infinity(group, point); } +/* + * Check whether an EC_POINT is on the curve or not. Note that the return + * value for this function should NOT be treated as a boolean. Return values: + * 1: The point is on the curve + * 0: The point is not on the curve + * -1: An error occurred + */ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) { diff --git a/crypto/openssl/crypto/ec/eck_prn.c b/crypto/openssl/crypto/ec/eck_prn.c index a911a0a..5ef12ec 100644 --- a/crypto/openssl/crypto/ec/eck_prn.c +++ b/crypto/openssl/crypto/ec/eck_prn.c @@ -338,12 +338,14 @@ static int print_bin(BIO *fp, const char *name, const unsigned char *buf, if (buf == NULL) return 1; - if (off) { + if (off > 0) { if (off > 128) off = 128; memset(str, ' ', off); if (BIO_write(fp, str, off) <= 0) return 0; + } else { + off = 0; } if (BIO_printf(fp, "%s", name) <= 0) diff --git a/crypto/openssl/crypto/ec/ecp_oct.c b/crypto/openssl/crypto/ec/ecp_oct.c index e5cec8b..1bc3f39 100644 --- a/crypto/openssl/crypto/ec/ecp_oct.c +++ b/crypto/openssl/crypto/ec/ecp_oct.c @@ -413,7 +413,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } /* test required by X9.62 */ - if (!EC_POINT_is_on_curve(group, point, ctx)) { + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); goto err; } diff --git a/crypto/openssl/crypto/ec/ectest.c b/crypto/openssl/crypto/ec/ectest.c index a18b327..fede530 100644 --- a/crypto/openssl/crypto/ec/ectest.c +++ b/crypto/openssl/crypto/ec/ectest.c @@ -412,7 +412,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, Q, ctx)) { + if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) { if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT; fprintf(stderr, "Point is not on curve: x = 0x"); @@ -544,7 +544,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT; @@ -593,7 +593,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT; @@ -646,7 +646,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn (&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) @@ -705,7 +705,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E" "84F3B9CAC2FC632551")) @@ -761,7 +761,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) @@ -820,7 +820,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5" @@ -864,7 +864,7 @@ static void prime_field_tests(void) ABORT; if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ @@ -1008,7 +1008,7 @@ static void prime_field_tests(void) # define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \ if (!BN_hex2bn(&x, _x)) ABORT; \ if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \ - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \ if (!BN_hex2bn(&cof, _cof)) ABORT; \ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ @@ -1026,7 +1026,7 @@ static void prime_field_tests(void) if (!BN_hex2bn(&x, _x)) ABORT; \ if (!BN_hex2bn(&y, _y)) ABORT; \ if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \ - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \ + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; \ if (!BN_hex2bn(&z, _order)) ABORT; \ if (!BN_hex2bn(&cof, _cof)) ABORT; \ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \ @@ -1157,7 +1157,7 @@ static void char2_field_tests(void) if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT; # endif - if (!EC_POINT_is_on_curve(group, Q, ctx)) { + if (EC_POINT_is_on_curve(group, Q, ctx) <= 0) { /* Change test based on whether binary point compression is enabled or not. */ # ifdef OPENSSL_EC_BIN_PT_COMP if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) @@ -1378,7 +1378,7 @@ static void char2_field_tests(void) ABORT; if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) + if (EC_POINT_is_on_curve(group, P, ctx) <= 0) ABORT; if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ diff --git a/crypto/openssl/crypto/ecdh/Makefile b/crypto/openssl/crypto/ecdh/Makefile index ba05fea..f076635 100644 --- a/crypto/openssl/crypto/ecdh/Makefile +++ b/crypto/openssl/crypto/ecdh/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/ecdsa/Makefile b/crypto/openssl/crypto/ecdsa/Makefile index e89e0c0..4ce00e8 100644 --- a/crypto/openssl/crypto/ecdsa/Makefile +++ b/crypto/openssl/crypto/ecdsa/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/ecdsa/ecdsatest.c b/crypto/openssl/crypto/ecdsa/ecdsatest.c index b2d78f3..0f301f8 100644 --- a/crypto/openssl/crypto/ecdsa/ecdsatest.c +++ b/crypto/openssl/crypto/ecdsa/ecdsatest.c @@ -296,8 +296,8 @@ int test_builtin(BIO *out) int nid, ret = 0; /* fill digest values with some random data */ - if (!RAND_pseudo_bytes(digest, 20) || - !RAND_pseudo_bytes(wrong_digest, 20)) { + if (RAND_pseudo_bytes(digest, 20) <= 0 || + RAND_pseudo_bytes(wrong_digest, 20) <= 0) { BIO_printf(out, "ERROR: unable to get random data\n"); goto builtin_err; } diff --git a/crypto/openssl/crypto/engine/Makefile b/crypto/openssl/crypto/engine/Makefile index d29bdd0..8ceb747 100644 --- a/crypto/openssl/crypto/engine/Makefile +++ b/crypto/openssl/crypto/engine/Makefile @@ -71,6 +71,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/engine/eng_table.c b/crypto/openssl/crypto/engine/eng_table.c index 2e1a7e8..27d31f7 100644 --- a/crypto/openssl/crypto/engine/eng_table.c +++ b/crypto/openssl/crypto/engine/eng_table.c @@ -351,6 +351,8 @@ void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, ENGINE_PILE_DOALL dall; dall.cb = cb; dall.arg = arg; - lh_ENGINE_PILE_doall_arg(&table->piles, LHASH_DOALL_ARG_FN(int_cb), - ENGINE_PILE_DOALL, &dall); + if (table) + lh_ENGINE_PILE_doall_arg(&table->piles, + LHASH_DOALL_ARG_FN(int_cb), + ENGINE_PILE_DOALL, &dall); } diff --git a/crypto/openssl/crypto/err/Makefile b/crypto/openssl/crypto/err/Makefile index 862b23b..b6f3ef1 100644 --- a/crypto/openssl/crypto/err/Makefile +++ b/crypto/openssl/crypto/err/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/evp/Makefile b/crypto/openssl/crypto/evp/Makefile index ef75678..ed1502d 100644 --- a/crypto/openssl/crypto/evp/Makefile +++ b/crypto/openssl/crypto/evp/Makefile @@ -86,6 +86,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/openssl/crypto/evp/bio_ok.c b/crypto/openssl/crypto/evp/bio_ok.c index a455034..5c32e35 100644 --- a/crypto/openssl/crypto/evp/bio_ok.c +++ b/crypto/openssl/crypto/evp/bio_ok.c @@ -491,7 +491,8 @@ static int sig_out(BIO *b) * FIXME: there's absolutely no guarantee this makes any sense at all, * particularly now EVP_MD_CTX has been restructured. */ - RAND_pseudo_bytes(md->md_data, md->digest->md_size); + if (RAND_pseudo_bytes(md->md_data, md->digest->md_size) < 0) + goto berr; memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size); longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size); ctx->buf_len += md->digest->md_size; diff --git a/crypto/openssl/crypto/evp/e_aes.c b/crypto/openssl/crypto/evp/e_aes.c index 245c18a..1ede7bd 100644 --- a/crypto/openssl/crypto/evp/e_aes.c +++ b/crypto/openssl/crypto/evp/e_aes.c @@ -50,6 +50,7 @@ #include <openssl/opensslconf.h> #ifndef OPENSSL_NO_AES +#include <openssl/crypto.h> # include <openssl/evp.h> # include <openssl/err.h> # include <string.h> @@ -753,7 +754,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_AEAD_TLS1_AAD: /* Save the AAD for later use */ - if (arg != 13) + if (arg != EVP_AEAD_TLS1_AAD_LEN) return 0; memcpy(c->buf, ptr, arg); gctx->tls_aad_len = arg; @@ -914,7 +915,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, /* Retrieve tag */ CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN); /* If tag mismatch wipe buffer */ - if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { + if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { OPENSSL_cleanse(out, len); goto err; } @@ -1259,7 +1260,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { unsigned char tag[16]; if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { - if (!memcmp(tag, ctx->buf, cctx->M)) + if (!CRYPTO_memcmp(tag, ctx->buf, cctx->M)) rv = len; } } diff --git a/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c index 3f8a5ae..d1f5928 100644 --- a/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -503,7 +503,12 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, case EVP_CTRL_AEAD_TLS1_AAD: { unsigned char *p = ptr; - unsigned int len = p[arg - 2] << 8 | p[arg - 1]; + unsigned int len; + + if (arg != EVP_AEAD_TLS1_AAD_LEN) + return -1; + + len = p[arg - 2] << 8 | p[arg - 1]; if (ctx->encrypt) { key->payload_length = len; @@ -520,8 +525,6 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) - len); } else { - if (arg > 13) - arg = 13; memcpy(key->aux.tls_aad, ptr, arg); key->payload_length = arg; diff --git a/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c b/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c index 80735d3..2da1117 100644 --- a/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c +++ b/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c @@ -54,6 +54,7 @@ #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5) +# include <openssl/crypto.h> # include <openssl/evp.h> # include <openssl/objects.h> # include <openssl/rc4.h> @@ -210,7 +211,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH); MD5_Final(mac, &key->md); - if (memcmp(out + plen, mac, MD5_DIGEST_LENGTH)) + if (CRYPTO_memcmp(out + plen, mac, MD5_DIGEST_LENGTH)) return 0; } else { MD5_Update(&key->md, out + md5_off, len - md5_off); @@ -258,7 +259,12 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, case EVP_CTRL_AEAD_TLS1_AAD: { unsigned char *p = ptr; - unsigned int len = p[arg - 2] << 8 | p[arg - 1]; + unsigned int len; + + if (arg != EVP_AEAD_TLS1_AAD_LEN) + return -1; + + len = p[arg - 2] << 8 | p[arg - 1]; if (!ctx->encrypt) { len -= MD5_DIGEST_LENGTH; diff --git a/crypto/openssl/crypto/evp/encode.c b/crypto/openssl/crypto/evp/encode.c index d1d8a07..5c5988f 100644 --- a/crypto/openssl/crypto/evp/encode.c +++ b/crypto/openssl/crypto/evp/encode.c @@ -137,7 +137,7 @@ void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, unsigned int total = 0; *outl = 0; - if (inl == 0) + if (inl <= 0) return; OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); if ((ctx->num + inl) < ctx->length) { diff --git a/crypto/openssl/crypto/evp/evp.h b/crypto/openssl/crypto/evp/evp.h index b00997b..6cf98ac 100644 --- a/crypto/openssl/crypto/evp/evp.h +++ b/crypto/openssl/crypto/evp/evp.h @@ -103,7 +103,6 @@ # define EVP_PKS_RSA 0x0100 # define EVP_PKS_DSA 0x0200 # define EVP_PKS_EC 0x0400 -# define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ # define EVP_PKEY_NONE NID_undef # define EVP_PKEY_RSA NID_rsaEncryption @@ -409,6 +408,9 @@ struct evp_cipher_st { /* Set the GCM invocation field, decrypt only */ # define EVP_CTRL_GCM_SET_IV_INV 0x18 +/* RFC 5246 defines additional data to be 13 bytes in length */ +# define EVP_AEAD_TLS1_AAD_LEN 13 + /* GCM TLS constants */ /* Length of fixed part of IV derived from PRF */ # define EVP_GCM_TLS_FIXED_IV_LEN 4 diff --git a/crypto/openssl/crypto/evp/p_seal.c b/crypto/openssl/crypto/evp/p_seal.c index caabbf4..ba9dfff 100644 --- a/crypto/openssl/crypto/evp/p_seal.c +++ b/crypto/openssl/crypto/evp/p_seal.c @@ -82,8 +82,9 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, return 1; if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) return 0; - if (EVP_CIPHER_CTX_iv_length(ctx)) - RAND_pseudo_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)); + if (EVP_CIPHER_CTX_iv_length(ctx) + && RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0) + return 0; if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) return 0; diff --git a/crypto/openssl/crypto/hmac/Makefile b/crypto/openssl/crypto/hmac/Makefile index 0e91709..52e39e5 100644 --- a/crypto/openssl/crypto/hmac/Makefile +++ b/crypto/openssl/crypto/hmac/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/hmac/hmac.c b/crypto/openssl/crypto/hmac/hmac.c index 5477816..5925467 100644 --- a/crypto/openssl/crypto/hmac/hmac.c +++ b/crypto/openssl/crypto/hmac/hmac.c @@ -91,8 +91,14 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, if (md != NULL) { reset = 1; ctx->md = md; - } else + } else if (ctx->md) { md = ctx->md; + } else { + return 0; + } + + if (!ctx->key_init && key == NULL) + return 0; if (key != NULL) { reset = 1; @@ -107,13 +113,15 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, &ctx->key_length)) goto err; } else { - OPENSSL_assert(len >= 0 && len <= (int)sizeof(ctx->key)); + if (len < 0 || len > (int)sizeof(ctx->key)) + return 0; memcpy(ctx->key, key, len); ctx->key_length = len; } if (ctx->key_length != HMAC_MAX_MD_CBLOCK) memset(&ctx->key[ctx->key_length], 0, HMAC_MAX_MD_CBLOCK - ctx->key_length); + ctx->key_init = 1; } if (reset) { @@ -151,6 +159,9 @@ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) if (FIPS_mode() && !ctx->i_ctx.engine) return FIPS_hmac_update(ctx, data, len); #endif + if (!ctx->key_init) + return 0; + return EVP_DigestUpdate(&ctx->md_ctx, data, len); } @@ -163,6 +174,9 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) return FIPS_hmac_final(ctx, md, len); #endif + if (!ctx->key_init) + goto err; + if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i)) goto err; if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx)) @@ -181,6 +195,8 @@ void HMAC_CTX_init(HMAC_CTX *ctx) EVP_MD_CTX_init(&ctx->i_ctx); EVP_MD_CTX_init(&ctx->o_ctx); EVP_MD_CTX_init(&ctx->md_ctx); + ctx->key_init = 0; + ctx->md = NULL; } int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) @@ -191,8 +207,11 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) goto err; if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx)) goto err; - memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK); - dctx->key_length = sctx->key_length; + dctx->key_init = sctx->key_init; + if (sctx->key_init) { + memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK); + dctx->key_length = sctx->key_length; + } dctx->md = sctx->md; return 1; err: @@ -232,6 +251,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, HMAC_CTX_cleanup(&c); return md; err: + HMAC_CTX_cleanup(&c); return NULL; } diff --git a/crypto/openssl/crypto/hmac/hmac.h b/crypto/openssl/crypto/hmac/hmac.h index b8b55cd..f8e9f5e 100644 --- a/crypto/openssl/crypto/hmac/hmac.h +++ b/crypto/openssl/crypto/hmac/hmac.h @@ -79,6 +79,7 @@ typedef struct hmac_ctx_st { EVP_MD_CTX o_ctx; unsigned int key_length; unsigned char key[HMAC_MAX_MD_CBLOCK]; + int key_init; } HMAC_CTX; # define HMAC_size(e) (EVP_MD_size((e)->md)) diff --git a/crypto/openssl/crypto/hmac/hmactest.c b/crypto/openssl/crypto/hmac/hmactest.c index 3d130a0..86b6c25 100644 --- a/crypto/openssl/crypto/hmac/hmactest.c +++ b/crypto/openssl/crypto/hmac/hmactest.c @@ -85,7 +85,7 @@ static struct test_st { unsigned char data[64]; int data_len; unsigned char *digest; -} test[4] = { +} test[8] = { { "", 0, "More text test vectors to stuff up EBCDIC machines :-)", 54, (unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86", @@ -113,10 +113,27 @@ static struct test_st { 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd }, 50, (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6", }, + { + "", 0, "My test data", 12, + (unsigned char *)"61afdecb95429ef494d61fdee15990cabf0826fc" + }, + { + "", 0, "My test data", 12, + (unsigned char *)"2274b195d90ce8e03406f4b526a47e0787a88a65479938f1a5baa3ce0f079776" + }, + { + "123456", 6, "My test data", 12, + (unsigned char *)"bab53058ae861a7f191abe2d0145cbb123776a6369ee3f9d79ce455667e411dd" + }, + { + "12345", 5, "My test data again", 12, + (unsigned char *)"7dbe8c764c068e3bcd6e6b0fbcd5e6fc197b15bb" + } }; # endif -static char *pt(unsigned char *md); +static char *pt(unsigned char *md, unsigned int len); + int main(int argc, char *argv[]) { # ifndef OPENSSL_NO_MD5 @@ -124,6 +141,9 @@ int main(int argc, char *argv[]) char *p; # endif int err = 0; + HMAC_CTX ctx, ctx2; + unsigned char buf[EVP_MAX_MD_SIZE]; + unsigned int len; # ifdef OPENSSL_NO_MD5 printf("test skipped: MD5 disabled\n"); @@ -139,27 +159,167 @@ int main(int argc, char *argv[]) for (i = 0; i < 4; i++) { p = pt(HMAC(EVP_md5(), test[i].key, test[i].key_len, - test[i].data, test[i].data_len, NULL, NULL)); + test[i].data, test[i].data_len, NULL, NULL), + MD5_DIGEST_LENGTH); if (strcmp(p, (char *)test[i].digest) != 0) { - printf("error calculating HMAC on %d entry'\n", i); + printf("Error calculating HMAC on %d entry'\n", i); printf("got %s instead of %s\n", p, test[i].digest); err++; } else printf("test %d ok\n", i); } # endif /* OPENSSL_NO_MD5 */ + +/* test4 */ + HMAC_CTX_init(&ctx); + if (HMAC_Init_ex(&ctx, NULL, 0, NULL, NULL)) { + printf("Should fail to initialise HMAC with empty MD and key (test 4)\n"); + err++; + goto test5; + } + if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + printf("Should fail HMAC_Update with ctx not set up (test 4)\n"); + err++; + goto test5; + } + if (HMAC_Init_ex(&ctx, NULL, 0, EVP_sha1(), NULL)) { + printf("Should fail to initialise HMAC with empty key (test 4)\n"); + err++; + goto test5; + } + if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + printf("Should fail HMAC_Update with ctx not set up (test 4)\n"); + err++; + goto test5; + } + printf("test 4 ok\n"); +test5: + HMAC_CTX_init(&ctx); + if (HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, NULL, NULL)) { + printf("Should fail to initialise HMAC with empty MD (test 5)\n"); + err++; + goto test6; + } + if (HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + printf("Should fail HMAC_Update with ctx not set up (test 5)\n"); + err++; + goto test6; + } + if (HMAC_Init_ex(&ctx, test[4].key, -1, EVP_sha1(), NULL)) { + printf("Should fail to initialise HMAC with invalid key len(test 5)\n"); + err++; + goto test6; + } + if (!HMAC_Init_ex(&ctx, test[4].key, test[4].key_len, EVP_sha1(), NULL)) { + printf("Failed to initialise HMAC (test 5)\n"); + err++; + goto test6; + } + if (!HMAC_Update(&ctx, test[4].data, test[4].data_len)) { + printf("Error updating HMAC with data (test 5)\n"); + err++; + goto test6; + } + if (!HMAC_Final(&ctx, buf, &len)) { + printf("Error finalising data (test 5)\n"); + err++; + goto test6; + } + p = pt(buf, len); + if (strcmp(p, (char *)test[4].digest) != 0) { + printf("Error calculating interim HMAC on test 5\n"); + printf("got %s instead of %s\n", p, test[4].digest); + err++; + goto test6; + } + if (!HMAC_Init_ex(&ctx, NULL, 0, EVP_sha256(), NULL)) { + printf("Failed to reinitialise HMAC (test 5)\n"); + err++; + goto test6; + } + if (!HMAC_Update(&ctx, test[5].data, test[5].data_len)) { + printf("Error updating HMAC with data (sha256) (test 5)\n"); + err++; + goto test6; + } + if (!HMAC_Final(&ctx, buf, &len)) { + printf("Error finalising data (sha256) (test 5)\n"); + err++; + goto test6; + } + p = pt(buf, len); + if (strcmp(p, (char *)test[5].digest) != 0) { + printf("Error calculating 2nd interim HMAC on test 5\n"); + printf("got %s instead of %s\n", p, test[5].digest); + err++; + goto test6; + } + if (!HMAC_Init_ex(&ctx, test[6].key, test[6].key_len, NULL, NULL)) { + printf("Failed to reinitialise HMAC with key (test 5)\n"); + err++; + goto test6; + } + if (!HMAC_Update(&ctx, test[6].data, test[6].data_len)) { + printf("Error updating HMAC with data (new key) (test 5)\n"); + err++; + goto test6; + } + if (!HMAC_Final(&ctx, buf, &len)) { + printf("Error finalising data (new key) (test 5)\n"); + err++; + goto test6; + } + p = pt(buf, len); + if (strcmp(p, (char *)test[6].digest) != 0) { + printf("error calculating HMAC on test 5\n"); + printf("got %s instead of %s\n", p, test[6].digest); + err++; + } else { + printf("test 5 ok\n"); + } +test6: + HMAC_CTX_init(&ctx); + if (!HMAC_Init_ex(&ctx, test[7].key, test[7].key_len, EVP_sha1(), NULL)) { + printf("Failed to initialise HMAC (test 6)\n"); + err++; + goto end; + } + if (!HMAC_Update(&ctx, test[7].data, test[7].data_len)) { + printf("Error updating HMAC with data (test 6)\n"); + err++; + goto end; + } + if (!HMAC_CTX_copy(&ctx2, &ctx)) { + printf("Failed to copy HMAC_CTX (test 6)\n"); + err++; + goto end; + } + if (!HMAC_Final(&ctx2, buf, &len)) { + printf("Error finalising data (test 6)\n"); + err++; + goto end; + } + p = pt(buf, len); + if (strcmp(p, (char *)test[7].digest) != 0) { + printf("Error calculating HMAC on test 6\n"); + printf("got %s instead of %s\n", p, test[7].digest); + err++; + } else { + printf("test 6 ok\n"); + } +end: EXIT(err); return (0); } # ifndef OPENSSL_NO_MD5 -static char *pt(unsigned char *md) +static char *pt(unsigned char *md, unsigned int len) { - int i; + unsigned int i; static char buf[80]; - for (i = 0; i < MD5_DIGEST_LENGTH; i++) + for (i = 0; i < len; i++) sprintf(&(buf[i * 2]), "%02x", md[i]); return (buf); } diff --git a/crypto/openssl/crypto/idea/Makefile b/crypto/openssl/crypto/idea/Makefile index 8af0acd..3dc23e4 100644 --- a/crypto/openssl/crypto/idea/Makefile +++ b/crypto/openssl/crypto/idea/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/jpake/Makefile b/crypto/openssl/crypto/jpake/Makefile index 110c49c..5193fd9 100644 --- a/crypto/openssl/crypto/jpake/Makefile +++ b/crypto/openssl/crypto/jpake/Makefile @@ -32,6 +32,8 @@ install: chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ done; +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/krb5/Makefile b/crypto/openssl/crypto/krb5/Makefile index 1407739..8b9a01a 100644 --- a/crypto/openssl/crypto/krb5/Makefile +++ b/crypto/openssl/crypto/krb5/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/openssl/crypto/lhash/Makefile b/crypto/openssl/crypto/lhash/Makefile index 82bddac..c7f4365 100644 --- a/crypto/openssl/crypto/lhash/Makefile +++ b/crypto/openssl/crypto/lhash/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/md2/Makefile b/crypto/openssl/crypto/md2/Makefile index 17f878a..b630110 100644 --- a/crypto/openssl/crypto/md2/Makefile +++ b/crypto/openssl/crypto/md2/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/md32_common.h b/crypto/openssl/crypto/md32_common.h index c1efb45..1823833 100644 --- a/crypto/openssl/crypto/md32_common.h +++ b/crypto/openssl/crypto/md32_common.h @@ -142,8 +142,10 @@ */ #undef ROTATE #ifndef PEDANTIC -# if defined(_MSC_VER) || defined(__ICC) +# if defined(_MSC_VER) # define ROTATE(a,n) _lrotl(a,n) +# elif defined(__ICC) +# define ROTATE(a,n) _rotl(a,n) # elif defined(__MWERKS__) # if defined(__POWERPC__) # define ROTATE(a,n) __rlwinm(a,n,0,31) diff --git a/crypto/openssl/crypto/md4/Makefile b/crypto/openssl/crypto/md4/Makefile index e6f1e44..3ee4361 100644 --- a/crypto/openssl/crypto/md4/Makefile +++ b/crypto/openssl/crypto/md4/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/md5/Makefile b/crypto/openssl/crypto/md5/Makefile index b9e2ce9..0f87dbd 100644 --- a/crypto/openssl/crypto/md5/Makefile +++ b/crypto/openssl/crypto/md5/Makefile @@ -76,6 +76,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/mdc2/Makefile b/crypto/openssl/crypto/mdc2/Makefile index 1415531..c2d0c5b 100644 --- a/crypto/openssl/crypto/mdc2/Makefile +++ b/crypto/openssl/crypto/mdc2/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/mem.c b/crypto/openssl/crypto/mem.c index 2ce3e89..fdad49b 100644 --- a/crypto/openssl/crypto/mem.c +++ b/crypto/openssl/crypto/mem.c @@ -365,6 +365,9 @@ char *CRYPTO_strdup(const char *str, const char *file, int line) { char *ret = CRYPTO_malloc(strlen(str) + 1, file, line); + if (ret == NULL) + return NULL; + strcpy(ret, str); return ret; } diff --git a/crypto/openssl/crypto/modes/Makefile b/crypto/openssl/crypto/modes/Makefile index 3d8bafd..e278fa6 100644 --- a/crypto/openssl/crypto/modes/Makefile +++ b/crypto/openssl/crypto/modes/Makefile @@ -89,6 +89,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/modes/gcm128.c b/crypto/openssl/crypto/modes/gcm128.c index f69f2c9..0ee569f 100644 --- a/crypto/openssl/crypto/modes/gcm128.c +++ b/crypto/openssl/crypto/modes/gcm128.c @@ -1622,7 +1622,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, ctx->Xi.u[1] ^= ctx->EK0.u[1]; if (tag && len <= sizeof(ctx->Xi)) - return memcmp(ctx->Xi.c, tag, len); + return CRYPTO_memcmp(ctx->Xi.c, tag, len); else return -1; } diff --git a/crypto/openssl/crypto/objects/Makefile b/crypto/openssl/crypto/objects/Makefile index a8aedbd..f93d2f9 100644 --- a/crypto/openssl/crypto/objects/Makefile +++ b/crypto/openssl/crypto/objects/Makefile @@ -74,6 +74,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: obj_dat.h obj_mac.h obj_xref.h depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/objects/o_names.c b/crypto/openssl/crypto/objects/o_names.c index c6774f4..2485992 100644 --- a/crypto/openssl/crypto/objects/o_names.c +++ b/crypto/openssl/crypto/objects/o_names.c @@ -313,7 +313,7 @@ void OBJ_NAME_do_all_sorted(int type, d.names = OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh) * sizeof *d.names); /* Really should return an error if !d.names...but its a void function! */ - if(d.names) { + if (d.names) { d.n = 0; OBJ_NAME_do_all(type, do_all_sorted_fn, &d); diff --git a/crypto/openssl/crypto/objects/obj_dat.c b/crypto/openssl/crypto/objects/obj_dat.c index e42a1c1..aca382a 100644 --- a/crypto/openssl/crypto/objects/obj_dat.c +++ b/crypto/openssl/crypto/objects/obj_dat.c @@ -142,7 +142,7 @@ static unsigned long added_obj_hash(const ADDED_OBJ *ca) return 0; } ret &= 0x3fffffffL; - ret |= ca->type << 30L; + ret |= ((unsigned long)ca->type) << 30L; return (ret); } @@ -400,6 +400,8 @@ static int obj_cmp(const ASN1_OBJECT *const *ap, const unsigned int *bp) j = (a->length - b->length); if (j) return (j); + if (a->length == 0) + return 0; return (memcmp(a->data, b->data, a->length)); } @@ -415,6 +417,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a) if (a->nid != 0) return (a->nid); + if (a->length == 0) + return NID_undef; + if (added != NULL) { ad.type = ADDED_DATA; ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */ diff --git a/crypto/openssl/crypto/objects/objects.README b/crypto/openssl/crypto/objects/objects.README index 4d74550..cb1d216 100644 --- a/crypto/openssl/crypto/objects/objects.README +++ b/crypto/openssl/crypto/objects/objects.README @@ -8,9 +8,9 @@ The basic syntax for adding an object is as follows: 1 2 3 4 : shortName : Long Name - If the long name doesn't contain spaces, or no short name - exists, the long name is used as basis for the base name - in C. Otherwise, the short name is used. + If Long Name contains only word characters and hyphen-minus + (0x2D) or full stop (0x2E) then Long Name is used as basis + for the base name in C. Otherwise, the shortName is used. The base name (let's call it 'base') will then be used to create the C macros SN_base, LN_base, NID_base and OBJ_base. @@ -22,7 +22,7 @@ Then there are some extra commands: !Alias foo 1 2 3 4 - This juts makes a name foo for an OID. The C macro + This just makes a name foo for an OID. The C macro OBJ_foo will be created as a result. !Cname foo diff --git a/crypto/openssl/crypto/objects/objects.pl b/crypto/openssl/crypto/objects/objects.pl index d0ed459..389dc34 100644 --- a/crypto/openssl/crypto/objects/objects.pl +++ b/crypto/openssl/crypto/objects/objects.pl @@ -67,7 +67,7 @@ while (<IN>) $myoid = &process_oid($myoid); } - if ($Cname eq "" && !($myln =~ / /)) + if ($Cname eq "" && ($myln =~ /^[_A-Za-z][\w.-]*$/ )) { $Cname = $myln; $Cname =~ s/\./_/g; diff --git a/crypto/openssl/crypto/ocsp/Makefile b/crypto/openssl/crypto/ocsp/Makefile index 60c414c..96a1b15 100644 --- a/crypto/openssl/crypto/ocsp/Makefile +++ b/crypto/openssl/crypto/ocsp/Makefile @@ -64,6 +64,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/openssl/crypto/ocsp/ocsp_ext.c b/crypto/openssl/crypto/ocsp/ocsp_ext.c index 849cb2f..c19648c 100644 --- a/crypto/openssl/crypto/ocsp/ocsp_ext.c +++ b/crypto/openssl/crypto/ocsp/ocsp_ext.c @@ -361,8 +361,8 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL); if (val) memcpy(tmpval, val, len); - else - RAND_pseudo_bytes(tmpval, len); + else if (RAND_pseudo_bytes(tmpval, len) < 0) + goto err; if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, &os, 0, X509V3_ADD_REPLACE)) goto err; diff --git a/crypto/openssl/crypto/ocsp/ocsp_vfy.c b/crypto/openssl/crypto/ocsp/ocsp_vfy.c index 6c0ccb5..d4a257c 100644 --- a/crypto/openssl/crypto/ocsp/ocsp_vfy.c +++ b/crypto/openssl/crypto/ocsp/ocsp_vfy.c @@ -83,6 +83,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, { X509 *signer, *x; STACK_OF(X509) *chain = NULL; + STACK_OF(X509) *untrusted = NULL; X509_STORE_CTX ctx; int i, ret = 0; ret = ocsp_find_signer(&signer, bs, certs, st, flags); @@ -107,10 +108,20 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, } if (!(flags & OCSP_NOVERIFY)) { int init_res; - if (flags & OCSP_NOCHAIN) - init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); - else - init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); + if (flags & OCSP_NOCHAIN) { + untrusted = NULL; + } else if (bs->certs && certs) { + untrusted = sk_X509_dup(bs->certs); + for (i = 0; i < sk_X509_num(certs); i++) { + if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) { + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE); + goto end; + } + } + } else { + untrusted = bs->certs; + } + init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted); if (!init_res) { ret = -1; OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB); @@ -161,6 +172,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, end: if (chain) sk_X509_pop_free(chain, X509_free); + if (bs->certs && certs) + sk_X509_free(untrusted); return ret; } diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/openssl/crypto/opensslv.h index 5ecd215..320e568 100644 --- a/crypto/openssl/crypto/opensslv.h +++ b/crypto/openssl/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x100010dfL +# define OPENSSL_VERSION_NUMBER 0x100010efL # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1m-fips 19 Mar 2015" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1n-fips 11 Jun 2015" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1m-freebsd 19 Mar 2015" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1n-freebsd 11 Jun 2015" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/openssl/crypto/pem/Makefile b/crypto/openssl/crypto/pem/Makefile index 2cc7801..7a930ee 100644 --- a/crypto/openssl/crypto/pem/Makefile +++ b/crypto/openssl/crypto/pem/Makefile @@ -64,6 +64,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/openssl/crypto/pem/pem_lib.c b/crypto/openssl/crypto/pem/pem_lib.c index febb53e..5507161 100644 --- a/crypto/openssl/crypto/pem/pem_lib.c +++ b/crypto/openssl/crypto/pem/pem_lib.c @@ -435,7 +435,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, pem_password_cb *callback, void *u) { - int i, j, o, klen; + int i = 0, j, o, klen; long len; EVP_CIPHER_CTX ctx; unsigned char key[EVP_MAX_KEY_LENGTH]; diff --git a/crypto/openssl/crypto/pem/pem_pk8.c b/crypto/openssl/crypto/pem/pem_pk8.c index b98c76c..5747c73 100644 --- a/crypto/openssl/crypto/pem/pem_pk8.c +++ b/crypto/openssl/crypto/pem/pem_pk8.c @@ -138,6 +138,8 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, if (kstr == buf) OPENSSL_cleanse(buf, klen); PKCS8_PRIV_KEY_INFO_free(p8inf); + if (p8 == NULL) + return 0; if (isder) ret = i2d_PKCS8_bio(bp, p8); else diff --git a/crypto/openssl/crypto/pkcs12/Makefile b/crypto/openssl/crypto/pkcs12/Makefile index 3a7498f..be5f8c5 100644 --- a/crypto/openssl/crypto/pkcs12/Makefile +++ b/crypto/openssl/crypto/pkcs12/Makefile @@ -67,6 +67,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/pkcs12/p12_mutl.c b/crypto/openssl/crypto/pkcs12/p12_mutl.c index 256b210..5ab4bf2 100644 --- a/crypto/openssl/crypto/pkcs12/p12_mutl.c +++ b/crypto/openssl/crypto/pkcs12/p12_mutl.c @@ -60,6 +60,7 @@ #ifndef OPENSSL_NO_HMAC # include <stdio.h> # include "cryptlib.h" +# include <openssl/crypto.h> # include <openssl/hmac.h> # include <openssl/rand.h> # include <openssl/pkcs12.h> @@ -123,7 +124,7 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) return 0; } if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) - || memcmp(mac, p12->mac->dinfo->digest->data, maclen)) + || CRYPTO_memcmp(mac, p12->mac->dinfo->digest->data, maclen)) return 0; return 1; } diff --git a/crypto/openssl/crypto/pkcs7/Makefile b/crypto/openssl/crypto/pkcs7/Makefile index effe05f..decf5e0 100644 --- a/crypto/openssl/crypto/pkcs7/Makefile +++ b/crypto/openssl/crypto/pkcs7/Makefile @@ -68,6 +68,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/pkcs7/pk7_doit.c b/crypto/openssl/crypto/pkcs7/pk7_doit.c index 31a1b98..c8d7db0 100644 --- a/crypto/openssl/crypto/pkcs7/pk7_doit.c +++ b/crypto/openssl/crypto/pkcs7/pk7_doit.c @@ -445,6 +445,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) switch (i) { case NID_pkcs7_signed: + /* + * p7->d.sign->contents is a PKCS7 structure consisting of a contentType + * field and optional content. + * data_body is NULL if that structure has no (=detached) content + * or if the contentType is wrong (i.e., not "data"). + */ data_body = PKCS7_get_octet_string(p7->d.sign->contents); if (!PKCS7_is_detached(p7) && data_body == NULL) { PKCS7err(PKCS7_F_PKCS7_DATADECODE, @@ -456,6 +462,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) case NID_pkcs7_signedAndEnveloped: rsk = p7->d.signed_and_enveloped->recipientinfo; md_sk = p7->d.signed_and_enveloped->md_algs; + /* data_body is NULL if the optional EncryptedContent is missing. */ data_body = p7->d.signed_and_enveloped->enc_data->enc_data; enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm; evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); @@ -468,6 +475,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) case NID_pkcs7_enveloped: rsk = p7->d.enveloped->recipientinfo; enc_alg = p7->d.enveloped->enc_data->algorithm; + /* data_body is NULL if the optional EncryptedContent is missing. */ data_body = p7->d.enveloped->enc_data->enc_data; evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); if (evp_cipher == NULL) { @@ -481,6 +489,12 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) goto err; } + /* Detached content must be supplied via in_bio instead. */ + if (data_body == NULL && in_bio == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); + goto err; + } + /* We will be checking the signature */ if (md_sk != NULL) { for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) { @@ -623,7 +637,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) etmp = NULL; } #if 1 - if (PKCS7_is_detached(p7) || (in_bio != NULL)) { + if (in_bio != NULL) { bio = in_bio; } else { # if 0 diff --git a/crypto/openssl/crypto/pqueue/Makefile b/crypto/openssl/crypto/pqueue/Makefile index fb36a0c..a59b5a9 100644 --- a/crypto/openssl/crypto/pqueue/Makefile +++ b/crypto/openssl/crypto/pqueue/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/rand/Makefile b/crypto/openssl/crypto/rand/Makefile index 27694aa..df44369 100644 --- a/crypto/openssl/crypto/rand/Makefile +++ b/crypto/openssl/crypto/rand/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/rc2/Makefile b/crypto/openssl/crypto/rc2/Makefile index 8a9d49a..b3727a4 100644 --- a/crypto/openssl/crypto/rc2/Makefile +++ b/crypto/openssl/crypto/rc2/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/rc4/Makefile b/crypto/openssl/crypto/rc4/Makefile index 1614d47..f3d6e0d 100644 --- a/crypto/openssl/crypto/rc4/Makefile +++ b/crypto/openssl/crypto/rc4/Makefile @@ -89,6 +89,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/rc5/Makefile b/crypto/openssl/crypto/rc5/Makefile index 8a8b00e..6ca0037 100644 --- a/crypto/openssl/crypto/rc5/Makefile +++ b/crypto/openssl/crypto/rc5/Makefile @@ -69,6 +69,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/ripemd/Makefile b/crypto/openssl/crypto/ripemd/Makefile index 25140b2..1c3f094 100644 --- a/crypto/openssl/crypto/ripemd/Makefile +++ b/crypto/openssl/crypto/ripemd/Makefile @@ -69,6 +69,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/rsa/Makefile b/crypto/openssl/crypto/rsa/Makefile index e8121a4..79c7c42 100644 --- a/crypto/openssl/crypto/rsa/Makefile +++ b/crypto/openssl/crypto/rsa/Makefile @@ -67,6 +67,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/rsa/rsa_pmeth.c b/crypto/openssl/crypto/rsa/rsa_pmeth.c index d61d6e8..6a7c67c 100644 --- a/crypto/openssl/crypto/rsa/rsa_pmeth.c +++ b/crypto/openssl/crypto/rsa/rsa_pmeth.c @@ -228,8 +228,14 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, return ret; ret = sltmp; } else if (rctx->pad_mode == RSA_X931_PADDING) { - if (!setup_tbuf(rctx, ctx)) + if ((size_t)EVP_PKEY_size(ctx->pkey) < tbslen + 1) { + RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_KEY_SIZE_TOO_SMALL); + return -1; + } + if (!setup_tbuf(rctx, ctx)) { + RSAerr(RSA_F_PKEY_RSA_SIGN, ERR_R_MALLOC_FAILURE); return -1; + } memcpy(rctx->tbuf, tbs, tbslen); rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(rctx->md)); ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, diff --git a/crypto/openssl/crypto/seed/Makefile b/crypto/openssl/crypto/seed/Makefile index 4bc55e4..70d3d45 100644 --- a/crypto/openssl/crypto/seed/Makefile +++ b/crypto/openssl/crypto/seed/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/sha/Makefile b/crypto/openssl/crypto/sha/Makefile index 2eb2b7a..ceb8094 100644 --- a/crypto/openssl/crypto/sha/Makefile +++ b/crypto/openssl/crypto/sha/Makefile @@ -117,6 +117,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/srp/Makefile b/crypto/openssl/crypto/srp/Makefile index 41859d4..7639533 100644 --- a/crypto/openssl/crypto/srp/Makefile +++ b/crypto/openssl/crypto/srp/Makefile @@ -61,6 +61,8 @@ srptest: top srptest.c $(LIB) lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/srp/srp_vfy.c b/crypto/openssl/crypto/srp/srp_vfy.c index 701b5cd..50f75d7 100644 --- a/crypto/openssl/crypto/srp/srp_vfy.c +++ b/crypto/openssl/crypto/srp/srp_vfy.c @@ -497,7 +497,8 @@ SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username) if (!SRP_user_pwd_set_ids(user, username, NULL)) goto err; - RAND_pseudo_bytes(digv, SHA_DIGEST_LENGTH); + if (RAND_pseudo_bytes(digv, SHA_DIGEST_LENGTH) < 0) + goto err; EVP_MD_CTX_init(&ctxt); EVP_DigestInit_ex(&ctxt, EVP_sha1(), NULL); EVP_DigestUpdate(&ctxt, vb->seed_key, strlen(vb->seed_key)); @@ -549,7 +550,8 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, } if (*salt == NULL) { - RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN); + if (RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN) < 0) + goto err; s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); } else { @@ -609,7 +611,8 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, srp_bn_print(g); if (*salt == NULL) { - RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN); + if (RAND_pseudo_bytes(tmp2, SRP_RANDOM_SALT_LEN) < 0) + goto err; *salt = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); } diff --git a/crypto/openssl/crypto/stack/Makefile b/crypto/openssl/crypto/stack/Makefile index 5327692..b069c93 100644 --- a/crypto/openssl/crypto/stack/Makefile +++ b/crypto/openssl/crypto/stack/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/store/Makefile b/crypto/openssl/crypto/store/Makefile index 0dcfd78..5bc7ca7 100644 --- a/crypto/openssl/crypto/store/Makefile +++ b/crypto/openssl/crypto/store/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/threads/th-lock.c b/crypto/openssl/crypto/threads/th-lock.c index 28884c2..cc8cf25 100644 --- a/crypto/openssl/crypto/threads/th-lock.c +++ b/crypto/openssl/crypto/threads/th-lock.c @@ -117,7 +117,7 @@ void CRYPTO_thread_setup(void) int i; lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE)); - if(!lock_cs) { + if (!lock_cs) { /* Nothing we can do about this...void function! */ return; } @@ -172,7 +172,7 @@ void CRYPTO_thread_setup(void) # else lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(rwlock_t)); # endif - if(!lock_cs) { + if (!lock_cs) { /* Nothing we can do about this...void function! */ return; } @@ -260,7 +260,7 @@ void CRYPTO_thread_setup(void) char filename[20]; lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *)); - if(!lock_cs) { + if (!lock_cs) { /* Nothing we can do about this...void function! */ return; } @@ -328,11 +328,11 @@ void CRYPTO_thread_setup(void) lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); - if(!lock_cs || !lock_count) { + if (!lock_cs || !lock_count) { /* Nothing we can do about this...void function! */ - if(lock_cs) + if (lock_cs) OPENSSL_free(lock_cs); - if(lock_count) + if (lock_count) OPENSSL_free(lock_count); return; } diff --git a/crypto/openssl/crypto/ts/Makefile b/crypto/openssl/crypto/ts/Makefile index c182345..cf991ef 100644 --- a/crypto/openssl/crypto/ts/Makefile +++ b/crypto/openssl/crypto/ts/Makefile @@ -73,6 +73,8 @@ tags: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/openssl/crypto/txt_db/Makefile b/crypto/openssl/crypto/txt_db/Makefile index e6f3033..4f70b19 100644 --- a/crypto/openssl/crypto/txt_db/Makefile +++ b/crypto/openssl/crypto/txt_db/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/ui/Makefile b/crypto/openssl/crypto/ui/Makefile index a685659..b28fcca 100644 --- a/crypto/openssl/crypto/ui/Makefile +++ b/crypto/openssl/crypto/ui/Makefile @@ -65,6 +65,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/whrlpool/Makefile b/crypto/openssl/crypto/whrlpool/Makefile index f4d46e4..befd6d6 100644 --- a/crypto/openssl/crypto/whrlpool/Makefile +++ b/crypto/openssl/crypto/whrlpool/Makefile @@ -74,6 +74,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/x509/Makefile b/crypto/openssl/crypto/x509/Makefile index 72c8227..af3c255 100644 --- a/crypto/openssl/crypto/x509/Makefile +++ b/crypto/openssl/crypto/x509/Makefile @@ -71,6 +71,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/x509/x509_lu.c b/crypto/openssl/crypto/x509/x509_lu.c index a910636..8415d1d 100644 --- a/crypto/openssl/crypto/x509/x509_lu.c +++ b/crypto/openssl/crypto/x509/x509_lu.c @@ -216,6 +216,8 @@ X509_STORE *X509_STORE_new(void) static void cleanup(X509_OBJECT *a) { + if (!a) + return; if (a->type == X509_LU_X509) { X509_free(a->data.x509); } else if (a->type == X509_LU_CRL) { diff --git a/crypto/openssl/crypto/x509/x509_vfy.c b/crypto/openssl/crypto/x509/x509_vfy.c index 136bfbd..16db4c0 100644 --- a/crypto/openssl/crypto/x509/x509_vfy.c +++ b/crypto/openssl/crypto/x509/x509_vfy.c @@ -151,11 +151,11 @@ static int x509_subject_cmp(X509 **a, X509 **b) int X509_verify_cert(X509_STORE_CTX *ctx) { - X509 *x, *xtmp, *chain_ss = NULL; + X509 *x, *xtmp, *xtmp2, *chain_ss = NULL; int bad_chain = 0; X509_VERIFY_PARAM *param = ctx->param; int depth, i, ok = 0; - int num; + int num, j, retry; int (*cb) (int xok, X509_STORE_CTX *xctx); STACK_OF(X509) *sktmp = NULL; if (ctx->cert == NULL) { @@ -224,85 +224,118 @@ int X509_verify_cert(X509_STORE_CTX *ctx) break; } + /* Remember how many untrusted certs we have */ + j = num; /* * at this point, chain should contain a list of untrusted certificates. * We now need to add at least one trusted one, if possible, otherwise we * complain. */ - /* - * Examine last certificate in chain and see if it is self signed. - */ - - i = sk_X509_num(ctx->chain); - x = sk_X509_value(ctx->chain, i - 1); - if (ctx->check_issued(ctx, x, x)) { - /* we have a self signed certificate */ - if (sk_X509_num(ctx->chain) == 1) { - /* - * We have a single self signed certificate: see if we can find - * it in the store. We must have an exact match to avoid possible - * impersonation. - */ - ok = ctx->get_issuer(&xtmp, ctx, x); - if ((ok <= 0) || X509_cmp(x, xtmp)) { - ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; - ctx->current_cert = x; - ctx->error_depth = i - 1; - if (ok == 1) - X509_free(xtmp); - bad_chain = 1; - ok = cb(0, ctx); - if (!ok) - goto end; + do { + /* + * Examine last certificate in chain and see if it is self signed. + */ + i = sk_X509_num(ctx->chain); + x = sk_X509_value(ctx->chain, i - 1); + if (ctx->check_issued(ctx, x, x)) { + /* we have a self signed certificate */ + if (sk_X509_num(ctx->chain) == 1) { + /* + * We have a single self signed certificate: see if we can + * find it in the store. We must have an exact match to avoid + * possible impersonation. + */ + ok = ctx->get_issuer(&xtmp, ctx, x); + if ((ok <= 0) || X509_cmp(x, xtmp)) { + ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; + ctx->current_cert = x; + ctx->error_depth = i - 1; + if (ok == 1) + X509_free(xtmp); + bad_chain = 1; + ok = cb(0, ctx); + if (!ok) + goto end; + } else { + /* + * We have a match: replace certificate with store + * version so we get any trust settings. + */ + X509_free(x); + x = xtmp; + (void)sk_X509_set(ctx->chain, i - 1, x); + ctx->last_untrusted = 0; + } } else { /* - * We have a match: replace certificate with store version so - * we get any trust settings. + * extract and save self signed certificate for later use */ - X509_free(x); - x = xtmp; - (void)sk_X509_set(ctx->chain, i - 1, x); - ctx->last_untrusted = 0; + chain_ss = sk_X509_pop(ctx->chain); + ctx->last_untrusted--; + num--; + j--; + x = sk_X509_value(ctx->chain, num - 1); } - } else { - /* - * extract and save self signed certificate for later use - */ - chain_ss = sk_X509_pop(ctx->chain); - ctx->last_untrusted--; - num--; - x = sk_X509_value(ctx->chain, num - 1); } - } - - /* We now lookup certs from the certificate store */ - for (;;) { - /* If we have enough, we break */ - if (depth < num) - break; - - /* If we are self signed, we break */ - if (ctx->check_issued(ctx, x, x)) - break; - - ok = ctx->get_issuer(&xtmp, ctx, x); + /* We now lookup certs from the certificate store */ + for (;;) { + /* If we have enough, we break */ + if (depth < num) + break; + /* If we are self signed, we break */ + if (ctx->check_issued(ctx, x, x)) + break; + ok = ctx->get_issuer(&xtmp, ctx, x); + if (ok < 0) + return ok; + if (ok == 0) + break; + x = xtmp; + if (!sk_X509_push(ctx->chain, x)) { + X509_free(xtmp); + X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); + return 0; + } + num++; + } - if (ok < 0) - return ok; - if (ok == 0) - break; + /* + * If we haven't got a least one certificate from our store then check + * if there is an alternative chain that could be used. We only do this + * if the user hasn't switched off alternate chain checking + */ + retry = 0; + if (j == ctx->last_untrusted && + !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { + while (j-- > 1) { + xtmp2 = sk_X509_value(ctx->chain, j - 1); + ok = ctx->get_issuer(&xtmp, ctx, xtmp2); + if (ok < 0) + goto end; + /* Check if we found an alternate chain */ + if (ok > 0) { + /* + * Free up the found cert we'll add it again later + */ + X509_free(xtmp); - x = xtmp; - if (!sk_X509_push(ctx->chain, x)) { - X509_free(xtmp); - X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); - return 0; + /* + * Dump all the certs above this point - we've found an + * alternate chain + */ + while (num > j) { + xtmp = sk_X509_pop(ctx->chain); + X509_free(xtmp); + num--; + ctx->last_untrusted--; + } + retry = 1; + break; + } + } } - num++; - } - - /* we now have our chain, lets check it... */ + } while (retry); /* Is last certificate looked up self signed? */ if (!ctx->check_issued(ctx, x, x)) { @@ -1604,47 +1637,84 @@ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) ASN1_TIME atm; long offset; char buff1[24], buff2[24], *p; - int i, j; + int i, j, remaining; p = buff1; - i = ctm->length; + remaining = ctm->length; str = (char *)ctm->data; + /* + * Note that the following (historical) code allows much more slack in the + * time format than RFC5280. In RFC5280, the representation is fixed: + * UTCTime: YYMMDDHHMMSSZ + * GeneralizedTime: YYYYMMDDHHMMSSZ + */ if (ctm->type == V_ASN1_UTCTIME) { - if ((i < 11) || (i > 17)) + /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */ + int min_length = sizeof("YYMMDDHHMMZ") - 1; + int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1; + if (remaining < min_length || remaining > max_length) return 0; memcpy(p, str, 10); p += 10; str += 10; + remaining -= 10; } else { - if (i < 13) + /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */ + int min_length = sizeof("YYYYMMDDHHMMZ") - 1; + int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1; + if (remaining < min_length || remaining > max_length) return 0; memcpy(p, str, 12); p += 12; str += 12; + remaining -= 12; } if ((*str == 'Z') || (*str == '-') || (*str == '+')) { *(p++) = '0'; *(p++) = '0'; } else { + /* SS (seconds) */ + if (remaining < 2) + return 0; *(p++) = *(str++); *(p++) = *(str++); - /* Skip any fractional seconds... */ - if (*str == '.') { + remaining -= 2; + /* + * Skip any (up to three) fractional seconds... + * TODO(emilia): in RFC5280, fractional seconds are forbidden. + * Can we just kill them altogether? + */ + if (remaining && *str == '.') { str++; - while ((*str >= '0') && (*str <= '9')) - str++; + remaining--; + for (i = 0; i < 3 && remaining; i++, str++, remaining--) { + if (*str < '0' || *str > '9') + break; + } } } *(p++) = 'Z'; *(p++) = '\0'; - if (*str == 'Z') + /* We now need either a terminating 'Z' or an offset. */ + if (!remaining) + return 0; + if (*str == 'Z') { + if (remaining != 1) + return 0; offset = 0; - else { + } else { + /* (+-)HHMM */ if ((*str != '+') && (*str != '-')) return 0; + /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */ + if (remaining != 5) + return 0; + if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' || + str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9') + return 0; offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60; offset += (str[3] - '0') * 10 + (str[4] - '0'); if (*str == '-') @@ -1921,6 +1991,8 @@ X509_STORE_CTX *X509_STORE_CTX_new(void) void X509_STORE_CTX_free(X509_STORE_CTX *ctx) { + if (!ctx) + return; X509_STORE_CTX_cleanup(ctx); OPENSSL_free(ctx); } diff --git a/crypto/openssl/crypto/x509/x509_vfy.h b/crypto/openssl/crypto/x509/x509_vfy.h index 1f8c0ec..aacdf55 100644 --- a/crypto/openssl/crypto/x509/x509_vfy.h +++ b/crypto/openssl/crypto/x509/x509_vfy.h @@ -405,6 +405,12 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_V_FLAG_USE_DELTAS 0x2000 /* Check selfsigned CA signature */ # define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 +/* + * If the initial chain is not trusted, do not attempt to build an alternative + * chain. Alternate chain checking was introduced in 1.0.1n/1.0.2b. Setting + * this flag will force the behaviour to match that of previous versions. + */ +# define X509_V_FLAG_NO_ALT_CHAINS 0x100000 # define X509_VP_FLAG_DEFAULT 0x1 # define X509_VP_FLAG_OVERWRITE 0x2 diff --git a/crypto/openssl/crypto/x509/x509_vpm.c b/crypto/openssl/crypto/x509/x509_vpm.c index d054366..6b0bf8a 100644 --- a/crypto/openssl/crypto/x509/x509_vpm.c +++ b/crypto/openssl/crypto/x509/x509_vpm.c @@ -100,6 +100,8 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) { + if (param == NULL) + return; x509_verify_param_zero(param); OPENSSL_free(param); } diff --git a/crypto/openssl/crypto/x509/x509type.c b/crypto/openssl/crypto/x509/x509type.c index 0331752..9219f75 100644 --- a/crypto/openssl/crypto/x509/x509type.c +++ b/crypto/openssl/crypto/x509/x509type.c @@ -121,9 +121,6 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) } } - /* /8 because it's 1024 bits we look for, not bytes */ - if (EVP_PKEY_size(pk) <= 1024 / 8) - ret |= EVP_PKT_EXP; if (pkey == NULL) EVP_PKEY_free(pk); return (ret); diff --git a/crypto/openssl/crypto/x509v3/Makefile b/crypto/openssl/crypto/x509v3/Makefile index 556ef35..05125ab 100644 --- a/crypto/openssl/crypto/x509v3/Makefile +++ b/crypto/openssl/crypto/x509v3/Makefile @@ -71,6 +71,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/openssl/crypto/x509v3/v3_alt.c b/crypto/openssl/crypto/x509v3/v3_alt.c index 807867b..22ec202 100644 --- a/crypto/openssl/crypto/x509v3/v3_alt.c +++ b/crypto/openssl/crypto/x509v3/v3_alt.c @@ -584,24 +584,26 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) { - int ret; - STACK_OF(CONF_VALUE) *sk; - X509_NAME *nm; + int ret = 0; + STACK_OF(CONF_VALUE) *sk = NULL; + X509_NAME *nm = NULL; if (!(nm = X509_NAME_new())) - return 0; + goto err; sk = X509V3_get_section(ctx, value); if (!sk) { X509V3err(X509V3_F_DO_DIRNAME, X509V3_R_SECTION_NOT_FOUND); ERR_add_error_data(2, "section=", value); - X509_NAME_free(nm); - return 0; + goto err; } /* FIXME: should allow other character types... */ ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC); if (!ret) - X509_NAME_free(nm); + goto err; gen->d.dirn = nm; - X509V3_section_free(ctx, sk); +err: + if (ret == 0) + X509_NAME_free(nm); + X509V3_section_free(ctx, sk); return ret; } diff --git a/crypto/openssl/crypto/x509v3/v3_cpols.c b/crypto/openssl/crypto/x509v3/v3_cpols.c index dca6ab2..0febc1b 100644 --- a/crypto/openssl/crypto/x509v3/v3_cpols.c +++ b/crypto/openssl/crypto/x509v3/v3_cpols.c @@ -230,11 +230,11 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, goto merr; if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) goto merr; - if(!(qual->pqualid = OBJ_nid2obj(NID_id_qt_cps))) { + if (!(qual->pqualid = OBJ_nid2obj(NID_id_qt_cps))) { X509V3err(X509V3_F_POLICY_SECTION, ERR_R_INTERNAL_ERROR); goto err; } - if(!(qual->d.cpsuri = M_ASN1_IA5STRING_new())) + if (!(qual->d.cpsuri = M_ASN1_IA5STRING_new())) goto merr; if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, strlen(cnf->value))) @@ -294,7 +294,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, POLICYQUALINFO *qual; if (!(qual = POLICYQUALINFO_new())) goto merr; - if(!(qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice))) { + if (!(qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice))) { X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_INTERNAL_ERROR); goto err; } @@ -304,7 +304,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { cnf = sk_CONF_VALUE_value(unot, i); if (!strcmp(cnf->name, "explicitText")) { - if(!(not->exptext = M_ASN1_VISIBLESTRING_new())) + if (!(not->exptext = M_ASN1_VISIBLESTRING_new())) goto merr; if (!ASN1_STRING_set(not->exptext, cnf->value, strlen(cnf->value))) diff --git a/crypto/openssl/crypto/x509v3/v3_utl.c b/crypto/openssl/crypto/x509v3/v3_utl.c index 65dd1e2..94aaebb 100644 --- a/crypto/openssl/crypto/x509v3/v3_utl.c +++ b/crypto/openssl/crypto/x509v3/v3_utl.c @@ -285,6 +285,10 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) int state; /* We are going to modify the line so copy it first */ linebuf = BUF_strdup(line); + if (linebuf == NULL) { + X509V3err(X509V3_F_X509V3_PARSE_LIST, ERR_R_MALLOC_FAILURE); + goto err; + } state = HDR_NAME; ntmp = NULL; /* Go through all characters */ diff --git a/crypto/openssl/doc/apps/cms.pod b/crypto/openssl/doc/apps/cms.pod index 75b6988..9a24082 100644 --- a/crypto/openssl/doc/apps/cms.pod +++ b/crypto/openssl/doc/apps/cms.pod @@ -35,6 +35,7 @@ B<openssl> B<cms> [B<-print>] [B<-CAfile file>] [B<-CApath dir>] +[B<-no_alt_chains>] [B<-md digest>] [B<-[cipher]>] [B<-nointern>] @@ -406,7 +407,7 @@ portion of a message so they may be included manually. If signing then many S/MIME mail clients check the signers certificate's email address matches that specified in the From: address. -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig> +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains> Set various certificate chain valiadition option. See the L<B<verify>|verify(1)> manual page for details. @@ -614,4 +615,6 @@ The use of multiple B<-signer> options and the B<-resign> command were first added in OpenSSL 1.0.0 +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. + =cut diff --git a/crypto/openssl/doc/apps/config.pod b/crypto/openssl/doc/apps/config.pod index 51fff37..bdc9b46 100644 --- a/crypto/openssl/doc/apps/config.pod +++ b/crypto/openssl/doc/apps/config.pod @@ -277,6 +277,59 @@ priority and B</tmp> used if neither is defined: # The above value is used if TEMP isn't in the environment tmpfile=${ENV::TEMP}/tmp.filename +Simple OpenSSL library configuration example to enter FIPS mode: + + # Default appname: should match "appname" parameter (if any) + # supplied to CONF_modules_load_file et al. + openssl_conf = openssl_conf_section + + [openssl_conf_section] + # Configuration module list + alg_section = evp_sect + + [evp_sect] + # Set to "yes" to enter FIPS mode if supported + fips_mode = yes + +Note: in the above example you will get an error in non FIPS capable versions +of OpenSSL. + +More complex OpenSSL library configuration. Add OID and don't enter FIPS mode: + + # Default appname: should match "appname" parameter (if any) + # supplied to CONF_modules_load_file et al. + openssl_conf = openssl_conf_section + + [openssl_conf_section] + # Configuration module list + alg_section = evp_sect + oid_section = new_oids + + [evp_sect] + # This will have no effect as FIPS mode is off by default. + # Set to "yes" to enter FIPS mode, if supported + fips_mode = no + + [new_oids] + # New OID, just short name + newoid1 = 1.2.3.4.1 + # New OID shortname and long name + newoid2 = New OID 2 long name, 1.2.3.4.2 + +The above examples can be used with with any application supporting library +configuration if "openssl_conf" is modified to match the appropriate "appname". + +For example if the second sample file above is saved to "example.cnf" then +the command line: + + OPENSSL_CONF=example.cnf openssl asn1parse -genstr OID:1.2.3.4.1 + +will output: + + 0:d=0 hl=2 l= 4 prim: OBJECT :newoid1 + +showing that the OID "newoid1" has been added as "1.2.3.4.1". + =head1 BUGS Currently there is no way to include characters using the octal B<\nnn> diff --git a/crypto/openssl/doc/apps/dhparam.pod b/crypto/openssl/doc/apps/dhparam.pod index 6e27cf5..1cd4c76 100644 --- a/crypto/openssl/doc/apps/dhparam.pod +++ b/crypto/openssl/doc/apps/dhparam.pod @@ -71,8 +71,10 @@ check if the parameters are valid primes and generator. =item B<-2>, B<-5> -The generator to use, either 2 or 5. 2 is the default. If present then the -input file is ignored and parameters are generated instead. +The generator to use, either 2 or 5. If present then the +input file is ignored and parameters are generated instead. If not +present but B<numbits> is present, parameters are generated with the +default generator 2. =item B<-rand> I<file(s)> @@ -85,9 +87,10 @@ all others. =item I<numbits> this option specifies that a parameter set should be generated of size -I<numbits>. It must be the last option. If not present then a value of 512 -is used. If this option is present then the input file is ignored and -parameters are generated instead. +I<numbits>. It must be the last option. If this option is present then +the input file is ignored and parameters are generated instead. If +this option is not present but a generator (B<-2> or B<-5>) is +present, parameters are generated with a default length of 2048 bits. =item B<-noout> diff --git a/crypto/openssl/doc/apps/ocsp.pod b/crypto/openssl/doc/apps/ocsp.pod index 2372b37..fdb900c 100644 --- a/crypto/openssl/doc/apps/ocsp.pod +++ b/crypto/openssl/doc/apps/ocsp.pod @@ -29,6 +29,7 @@ B<openssl> B<ocsp> [B<-path>] [B<-CApath dir>] [B<-CAfile file>] +[B<-no_alt_chains>]] [B<-VAfile file>] [B<-validity_period n>] [B<-status_age n>] @@ -143,6 +144,10 @@ connection timeout to the OCSP responder in seconds file or pathname containing trusted CA certificates. These are used to verify the signature on the OCSP response. +=item B<-no_alt_chains> + +See L<B<verify>|verify(1)> manual page for details. + =item B<-verify_other file> file containing additional certificates to search when attempting to locate @@ -379,3 +384,9 @@ second file. openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem -reqin req.der -respout resp.der + +=head1 HISTORY + +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. + +=cut diff --git a/crypto/openssl/doc/apps/s_client.pod b/crypto/openssl/doc/apps/s_client.pod index b021c73..d92ec93 100644 --- a/crypto/openssl/doc/apps/s_client.pod +++ b/crypto/openssl/doc/apps/s_client.pod @@ -19,6 +19,7 @@ B<openssl> B<s_client> [B<-pass arg>] [B<-CApath directory>] [B<-CAfile filename>] +[B<-no_alt_chains>] [B<-reconnect>] [B<-pause>] [B<-showcerts>] @@ -116,7 +117,7 @@ also used when building the client certificate chain. A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain. -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig> +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains> Set various certificate chain valiadition option. See the L<B<verify>|verify(1)> manual page for details. @@ -347,4 +348,8 @@ information whenever a session is renegotiated. L<sess_id(1)|sess_id(1)>, L<s_server(1)|s_server(1)>, L<ciphers(1)|ciphers(1)> +=head1 HISTORY + +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. + =cut diff --git a/crypto/openssl/doc/apps/s_server.pod b/crypto/openssl/doc/apps/s_server.pod index 2105b60..491038e 100644 --- a/crypto/openssl/doc/apps/s_server.pod +++ b/crypto/openssl/doc/apps/s_server.pod @@ -33,6 +33,7 @@ B<openssl> B<s_server> [B<-state>] [B<-CApath directory>] [B<-CAfile filename>] +[B<-no_alt_chains>] [B<-nocert>] [B<-cipher cipherlist>] [B<-serverpref>] @@ -178,6 +179,10 @@ and to use when attempting to build the server certificate chain. The list is also used in the list of acceptable client CAs passed to the client when a certificate is requested. +=item B<-no_alt_chains> + +See the L<B<verify>|verify(1)> manual page for details. + =item B<-state> prints out the SSL session states. @@ -398,4 +403,8 @@ unknown cipher suites a client says it supports. L<sess_id(1)|sess_id(1)>, L<s_client(1)|s_client(1)>, L<ciphers(1)|ciphers(1)> +=head1 HISTORY + +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. + =cut diff --git a/crypto/openssl/doc/apps/smime.pod b/crypto/openssl/doc/apps/smime.pod index d39a59a..94a8823 100644 --- a/crypto/openssl/doc/apps/smime.pod +++ b/crypto/openssl/doc/apps/smime.pod @@ -15,6 +15,7 @@ B<openssl> B<smime> [B<-pk7out>] [B<-[cipher]>] [B<-in file>] +[B<-no_alt_chains>] [B<-certfile file>] [B<-signer file>] [B<-recip file>] @@ -259,7 +260,7 @@ portion of a message so they may be included manually. If signing then many S/MIME mail clients check the signers certificate's email address matches that specified in the From: address. -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig> +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains> Set various options of certificate chain verification. See L<B<verify>|verify(1)> manual page for details. @@ -441,5 +442,6 @@ structures may cause parsing errors. The use of multiple B<-signer> options and the B<-resign> command were first added in OpenSSL 1.0.0 +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. =cut diff --git a/crypto/openssl/doc/apps/verify.pod b/crypto/openssl/doc/apps/verify.pod index 0c8e492..18eeee0 100644 --- a/crypto/openssl/doc/apps/verify.pod +++ b/crypto/openssl/doc/apps/verify.pod @@ -22,6 +22,7 @@ B<openssl> B<verify> [B<-extended_crl>] [B<-use_deltas>] [B<-policy_print>] +[B<-no_alt_chains>] [B<-untrusted file>] [B<-help>] [B<-issuer_checks>] @@ -108,6 +109,14 @@ Set policy variable inhibit-any-policy (see RFC5280). Set policy variable inhibit-policy-mapping (see RFC5280). +=item B<-no_alt_chains> + +When building a certificate chain, if the first certificate chain found is not +trusted, then OpenSSL will continue to check to see if an alternative chain can +be found that is trusted. With this option that behaviour is suppressed so that +only the first chain found is ever used. Using this option will force the +behaviour to match that of previous OpenSSL versions. + =item B<-policy_print> Print out diagnostics related to policy processing. @@ -409,4 +418,8 @@ B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes. L<x509(1)|x509(1)> +=head1 HISTORY + +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. + =cut diff --git a/crypto/openssl/doc/crypto/BN_rand.pod b/crypto/openssl/doc/crypto/BN_rand.pod index 81f93c2..3b2796c 100644 --- a/crypto/openssl/doc/crypto/BN_rand.pod +++ b/crypto/openssl/doc/crypto/BN_rand.pod @@ -24,7 +24,8 @@ most significant bit of the random number can be zero. If B<top> is 0, it is set to 1, and if B<top> is 1, the two most significant bits of the number will be set to 1, so that the product of two such random numbers will always have 2*B<bits> length. If B<bottom> is true, the -number will be odd. +number will be odd. The value of B<bits> must be zero or greater. If B<bits> is +1 then B<top> cannot also be 1. BN_pseudo_rand() does the same, but pseudo-random numbers generated by this function are not necessarily unpredictable. They can be used for diff --git a/crypto/openssl/doc/crypto/BN_set_bit.pod b/crypto/openssl/doc/crypto/BN_set_bit.pod index b7c47b9..a32cca2 100644 --- a/crypto/openssl/doc/crypto/BN_set_bit.pod +++ b/crypto/openssl/doc/crypto/BN_set_bit.pod @@ -37,12 +37,12 @@ BN_mask_bits() truncates B<a> to an B<n> bit number shorter than B<n> bits. BN_lshift() shifts B<a> left by B<n> bits and places the result in -B<r> (C<r=a*2^n>). BN_lshift1() shifts B<a> left by one and places -the result in B<r> (C<r=2*a>). +B<r> (C<r=a*2^n>). Note that B<n> must be non-negative. BN_lshift1() shifts +B<a> left by one and places the result in B<r> (C<r=2*a>). BN_rshift() shifts B<a> right by B<n> bits and places the result in -B<r> (C<r=a/2^n>). BN_rshift1() shifts B<a> right by one and places -the result in B<r> (C<r=a/2>). +B<r> (C<r=a/2^n>). Note that B<n> must be non-negative. BN_rshift1() shifts +B<a> right by one and places the result in B<r> (C<r=a/2>). For the shift functions, B<r> and B<a> may be the same variable. diff --git a/crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index 46cac2b..9d86d46 100644 --- a/crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/crypto/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -133,6 +133,12 @@ verification. If this flag is set then additional status codes will be sent to the verification callback and it B<must> be prepared to handle such cases without assuming they are hard errors. +The B<X509_V_FLAG_NO_ALT_CHAINS> flag suppresses checking for alternative +chains. By default, when building a certificate chain, if the first certificate +chain found is not trusted, then OpenSSL will continue to check to see if an +alternative chain can be found that is trusted. With this flag set the behaviour +will match that of OpenSSL versions prior to 1.0.1n and 1.0.2b. + =head1 NOTES The above functions should be used to manipulate verification parameters @@ -166,6 +172,6 @@ L<X509_verify_cert(3)|X509_verify_cert(3)> =head1 HISTORY -TBA +The B<X509_V_FLAG_NO_ALT_CHAINS> flag was added in OpenSSL 1.0.1n and 1.0.2b =cut diff --git a/crypto/openssl/doc/crypto/pem.pod b/crypto/openssl/doc/crypto/pem.pod index 21e9fe3..763eb6f 100644 --- a/crypto/openssl/doc/crypto/pem.pod +++ b/crypto/openssl/doc/crypto/pem.pod @@ -2,7 +2,29 @@ =head1 NAME -PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines +PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, +PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, +PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, +PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, +PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, +PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, +PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, +PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, +PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, +PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, +PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, +PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, +PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, +PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, +PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, +PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, +PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, +PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, +PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, +PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, +PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, +PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, +PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines =head1 SYNOPSIS @@ -239,7 +261,8 @@ SubjectPublicKeyInfo structure and an error occurs if the public key is not DSA. The B<DSAparams> functions process DSA parameters using a DSA -structure. The parameters are encoded using a foobar structure. +structure. The parameters are encoded using a Dss-Parms structure +as defined in RFC2459. The B<DHparams> functions process DH parameters using a DH structure. The parameters are encoded using a PKCS#3 DHparameter diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod index 7a27eef..b754c16 100644 --- a/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod +++ b/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod @@ -61,12 +61,12 @@ negotiation is being saved. If "strong" primes were used to generate the DH parameters, it is not strictly necessary to generate a new key for each handshake but it does improve forward -secrecy. If it is not assured, that "strong" primes were used (see especially -the section about DSA parameters below), SSL_OP_SINGLE_DH_USE must be used -in order to prevent small subgroup attacks. Always using SSL_OP_SINGLE_DH_USE -has an impact on the computer time needed during negotiation, but it is not -very large, so application authors/users should consider to always enable -this option. +secrecy. If it is not assured that "strong" primes were used, +SSL_OP_SINGLE_DH_USE must be used in order to prevent small subgroup +attacks. Always using SSL_OP_SINGLE_DH_USE has an impact on the +computer time needed during negotiation, but it is not very large, so +application authors/users should consider always enabling this option. +The option is required to implement perfect forward secrecy (PFS). As generating DH parameters is extremely time consuming, an application should not generate the parameters on the fly but supply the parameters. @@ -74,82 +74,62 @@ DH parameters can be reused, as the actual key is newly generated during the negotiation. The risk in reusing DH parameters is that an attacker may specialize on a very often used DH group. Applications should therefore generate their own DH parameters during the installation process using the -openssl L<dhparam(1)|dhparam(1)> application. In order to reduce the computer -time needed for this generation, it is possible to use DSA parameters -instead (see L<dhparam(1)|dhparam(1)>), but in this case SSL_OP_SINGLE_DH_USE -is mandatory. +openssl L<dhparam(1)|dhparam(1)> application. This application +guarantees that "strong" primes are used. -Application authors may compile in DH parameters. Files dh512.pem, -dh1024.pem, dh2048.pem, and dh4096.pem in the 'apps' directory of current +Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current version of the OpenSSL distribution contain the 'SKIP' DH parameters, which use safe primes and were generated verifiably pseudo-randomly. These files can be converted into C code using the B<-C> option of the -L<dhparam(1)|dhparam(1)> application. -Authors may also generate their own set of parameters using -L<dhparam(1)|dhparam(1)>, but a user may not be sure how the parameters were -generated. The generation of DH parameters during installation is therefore -recommended. +L<dhparam(1)|dhparam(1)> application. Generation of custom DH +parameters during installation should still be preferred to stop an +attacker from specializing on a commonly used group. Files dh1024.pem +and dh512.pem contain old parameters that must not be used by +applications. An application may either directly specify the DH parameters or -can supply the DH parameters via a callback function. The callback approach -has the advantage, that the callback may supply DH parameters for different -key lengths. +can supply the DH parameters via a callback function. -The B<tmp_dh_callback> is called with the B<keylength> needed and -the B<is_export> information. The B<is_export> flag is set, when the -ephemeral DH key exchange is performed with an export cipher. +Previous versions of the callback used B<is_export> and B<keylength> +parameters to control parameter generation for export and non-export +cipher suites. Modern servers that do not support export ciphersuites +are advised to either use SSL_CTX_set_tmp_dh() in combination with +SSL_OP_SINGLE_DH_USE, or alternatively, use the callback but ignore +B<keylength> and B<is_export> and simply supply at least 2048-bit +parameters in the callback. =head1 EXAMPLES -Handle DH parameters for key lengths of 512 and 1024 bits. (Error handling +Setup DH parameters with a key length of 2048 bits. (Error handling partly left out.) - ... - /* Set up ephemeral DH stuff */ - DH *dh_512 = NULL; - DH *dh_1024 = NULL; - FILE *paramfile; + Command-line parameter generation: + $ openssl dhparam -out dh_param_2048.pem 2048 + + Code for setting up parameters during server initialization: ... - /* "openssl dhparam -out dh_param_512.pem -2 512" */ - paramfile = fopen("dh_param_512.pem", "r"); + SSL_CTX ctx = SSL_CTX_new(); + ... + + /* Set up ephemeral DH parameters. */ + DH *dh_2048 = NULL; + FILE *paramfile; + paramfile = fopen("dh_param_2048.pem", "r"); if (paramfile) { - dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); + dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); fclose(paramfile); + } else { + /* Error. */ } - /* "openssl dhparam -out dh_param_1024.pem -2 1024" */ - paramfile = fopen("dh_param_1024.pem", "r"); - if (paramfile) { - dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); - fclose(paramfile); + if (dh_2048 == NULL) { + /* Error. */ } - ... - - /* "openssl dhparam -C -2 512" etc... */ - DH *get_dh512() { ... } - DH *get_dh1024() { ... } - - DH *tmp_dh_callback(SSL *s, int is_export, int keylength) - { - DH *dh_tmp=NULL; - - switch (keylength) { - case 512: - if (!dh_512) - dh_512 = get_dh512(); - dh_tmp = dh_512; - break; - case 1024: - if (!dh_1024) - dh_1024 = get_dh1024(); - dh_tmp = dh_1024; - break; - default: - /* Generating a key on the fly is very costly, so use what is there */ - setup_dh_parameters_like_above(); - } - return(dh_tmp); + if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) { + /* Error. */ } + SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE); + ... =head1 RETURN VALUES diff --git a/crypto/openssl/e_os2.h b/crypto/openssl/e_os2.h index d400ac7..2b1b78f 100644 --- a/crypto/openssl/e_os2.h +++ b/crypto/openssl/e_os2.h @@ -109,6 +109,12 @@ extern "C" { # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WIN32 # endif +# if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64) +# undef OPENSSL_SYS_UNIX +# if !defined(OPENSSL_SYS_WIN64) +# define OPENSSL_SYS_WIN64 +# endif +# endif # if defined(OPENSSL_SYSNAME_WINNT) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WINNT @@ -121,7 +127,7 @@ extern "C" { # endif /* Anything that tries to look like Microsoft is "Windows" */ -# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WINDOWS # ifndef OPENSSL_SYS_MSDOS diff --git a/crypto/openssl/engines/Makefile b/crypto/openssl/engines/Makefile index 2fa9534..23bd2f3 100644 --- a/crypto/openssl/engines/Makefile +++ b/crypto/openssl/engines/Makefile @@ -146,12 +146,15 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff @target=lint; $(RECURSIVE_MAKE) -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - fi - @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) +update: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + @[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) ) + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) ) +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/crypto/openssl/engines/ccgost/Makefile b/crypto/openssl/engines/ccgost/Makefile index d661c10..4e183a4 100644 --- a/crypto/openssl/engines/ccgost/Makefile +++ b/crypto/openssl/engines/ccgost/Makefile @@ -66,12 +66,13 @@ links: tests: -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC); \ - fi +update: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) files: @@ -262,8 +263,9 @@ gost_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h gost_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h gost_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h gost_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -gost_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -gost_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +gost_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h +gost_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +gost_sign.o: ../../include/openssl/objects.h gost_sign.o: ../../include/openssl/opensslconf.h gost_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h gost_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h diff --git a/crypto/openssl/engines/ccgost/e_gost_err.c b/crypto/openssl/engines/ccgost/e_gost_err.c index 3201b64..80ef58f 100644 --- a/crypto/openssl/engines/ccgost/e_gost_err.c +++ b/crypto/openssl/engines/ccgost/e_gost_err.c @@ -1,6 +1,6 @@ /* e_gost_err.c */ /* ==================================================================== - * Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -90,6 +90,7 @@ static ERR_STRING_DATA GOST_str_functs[] = { {ERR_FUNC(GOST_F_GOST_IMIT_CTRL), "GOST_IMIT_CTRL"}, {ERR_FUNC(GOST_F_GOST_IMIT_FINAL), "GOST_IMIT_FINAL"}, {ERR_FUNC(GOST_F_GOST_IMIT_UPDATE), "GOST_IMIT_UPDATE"}, + {ERR_FUNC(GOST_F_GOST_SIGN_KEYGEN), "GOST_SIGN_KEYGEN"}, {ERR_FUNC(GOST_F_PARAM_COPY_GOST01), "PARAM_COPY_GOST01"}, {ERR_FUNC(GOST_F_PARAM_COPY_GOST94), "PARAM_COPY_GOST94"}, {ERR_FUNC(GOST_F_PKEY_GOST01CP_DECRYPT), "PKEY_GOST01CP_DECRYPT"}, diff --git a/crypto/openssl/engines/ccgost/e_gost_err.h b/crypto/openssl/engines/ccgost/e_gost_err.h index 92be558..a2018ec 100644 --- a/crypto/openssl/engines/ccgost/e_gost_err.h +++ b/crypto/openssl/engines/ccgost/e_gost_err.h @@ -90,6 +90,7 @@ void ERR_GOST_error(int function, int reason, char *file, int line); # define GOST_F_GOST_IMIT_CTRL 114 # define GOST_F_GOST_IMIT_FINAL 140 # define GOST_F_GOST_IMIT_UPDATE 115 +# define GOST_F_GOST_SIGN_KEYGEN 142 # define GOST_F_PARAM_COPY_GOST01 116 # define GOST_F_PARAM_COPY_GOST94 117 # define GOST_F_PKEY_GOST01CP_DECRYPT 118 diff --git a/crypto/openssl/engines/ccgost/gost2001.c b/crypto/openssl/engines/ccgost/gost2001.c index 2b96694..9536295 100644 --- a/crypto/openssl/engines/ccgost/gost2001.c +++ b/crypto/openssl/engines/ccgost/gost2001.c @@ -41,6 +41,11 @@ int fill_GOST2001_params(EC_KEY *eckey, int nid) BN_CTX *ctx = BN_CTX_new(); int ok = 0; + if(!ctx) { + GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE); + goto err; + } + BN_CTX_start(ctx); p = BN_CTX_get(ctx); a = BN_CTX_get(ctx); @@ -48,6 +53,10 @@ int fill_GOST2001_params(EC_KEY *eckey, int nid) x = BN_CTX_get(ctx); y = BN_CTX_get(ctx); q = BN_CTX_get(ctx); + if(!p || !a || !b || !x || !y || !q) { + GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE); + goto err; + } while (params->nid != NID_undef && params->nid != nid) params++; if (params->nid == NID_undef) { @@ -55,18 +64,33 @@ int fill_GOST2001_params(EC_KEY *eckey, int nid) GOST_R_UNSUPPORTED_PARAMETER_SET); goto err; } - BN_hex2bn(&p, params->p); - BN_hex2bn(&a, params->a); - BN_hex2bn(&b, params->b); + if(!BN_hex2bn(&p, params->p) + || !BN_hex2bn(&a, params->a) + || !BN_hex2bn(&b, params->b)) { + GOSTerr(GOST_F_FILL_GOST2001_PARAMS, + ERR_R_INTERNAL_ERROR); + goto err; + } grp = EC_GROUP_new_curve_GFp(p, a, b, ctx); + if(!grp) { + GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE); + goto err; + } P = EC_POINT_new(grp); + if(!P) { + GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_MALLOC_FAILURE); + goto err; + } - BN_hex2bn(&x, params->x); - BN_hex2bn(&y, params->y); - EC_POINT_set_affine_coordinates_GFp(grp, P, x, y, ctx); - BN_hex2bn(&q, params->q); + if(!BN_hex2bn(&x, params->x) + || !BN_hex2bn(&y, params->y) + || !EC_POINT_set_affine_coordinates_GFp(grp, P, x, y, ctx) + || !BN_hex2bn(&q, params->q)) { + GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_INTERNAL_ERROR); + goto err; + } #ifdef DEBUG_KEYS fprintf(stderr, "Set params index %d oid %s\nq=", (params - R3410_2001_paramset), OBJ_nid2sn(params->nid)); @@ -74,16 +98,23 @@ int fill_GOST2001_params(EC_KEY *eckey, int nid) fprintf(stderr, "\n"); #endif - EC_GROUP_set_generator(grp, P, q, NULL); + if(!EC_GROUP_set_generator(grp, P, q, NULL)) { + GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_INTERNAL_ERROR); + goto err; + } EC_GROUP_set_curve_name(grp, params->nid); - - EC_KEY_set_group(eckey, grp); + if(!EC_KEY_set_group(eckey, grp)) { + GOSTerr(GOST_F_FILL_GOST2001_PARAMS, ERR_R_INTERNAL_ERROR); + goto err; + } ok = 1; err: - EC_POINT_free(P); - EC_GROUP_free(grp); - BN_CTX_end(ctx); - BN_CTX_free(ctx); + if (P) EC_POINT_free(P); + if (grp) EC_GROUP_free(grp); + if (ctx) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } return ok; } @@ -94,7 +125,7 @@ int fill_GOST2001_params(EC_KEY *eckey, int nid) */ DSA_SIG *gost2001_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) { - DSA_SIG *newsig = NULL; + DSA_SIG *newsig = NULL, *ret = NULL; BIGNUM *md = hashsum2bn(dgst); BIGNUM *order = NULL; const EC_GROUP *group; @@ -103,6 +134,10 @@ DSA_SIG *gost2001_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) NULL, *e = NULL; EC_POINT *C = NULL; BN_CTX *ctx = BN_CTX_new(); + if(!ctx || !md) { + GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } BN_CTX_start(ctx); OPENSSL_assert(dlen == 32); newsig = DSA_SIG_new(); @@ -111,11 +146,25 @@ DSA_SIG *gost2001_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) goto err; } group = EC_KEY_get0_group(eckey); + if(!group) { + GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR); + goto err; + } order = BN_CTX_get(ctx); - EC_GROUP_get_order(group, order, ctx); + if(!order || !EC_GROUP_get_order(group, order, ctx)) { + GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR); + goto err; + } priv_key = EC_KEY_get0_private_key(eckey); + if(!priv_key) { + GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR); + goto err; + } e = BN_CTX_get(ctx); - BN_mod(e, md, order, ctx); + if(!e || !BN_mod(e, md, order, ctx)) { + GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR); + goto err; + } #ifdef DEBUG_SIGN fprintf(stderr, "digest as bignum="); BN_print_fp(stderr, md); @@ -128,55 +177,80 @@ DSA_SIG *gost2001_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) } k = BN_CTX_get(ctx); C = EC_POINT_new(group); + if(!k || !C) { + GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } do { do { if (!BN_rand_range(k, order)) { GOSTerr(GOST_F_GOST2001_DO_SIGN, GOST_R_RANDOM_NUMBER_GENERATOR_FAILED); - DSA_SIG_free(newsig); - newsig = NULL; goto err; } if (!EC_POINT_mul(group, C, k, NULL, NULL, ctx)) { GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB); - DSA_SIG_free(newsig); - newsig = NULL; goto err; } if (!X) X = BN_CTX_get(ctx); + if (!r) + r = BN_CTX_get(ctx); + if (!X || !r) { + GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } if (!EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx)) { GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_EC_LIB); - DSA_SIG_free(newsig); - newsig = NULL; goto err; } - if (!r) - r = BN_CTX_get(ctx); - BN_nnmod(r, X, order, ctx); + + if(!BN_nnmod(r, X, order, ctx)) { + GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR); + goto err; + } } while (BN_is_zero(r)); /* s = (r*priv_key+k*e) mod order */ if (!tmp) tmp = BN_CTX_get(ctx); - BN_mod_mul(tmp, priv_key, r, order, ctx); if (!tmp2) tmp2 = BN_CTX_get(ctx); - BN_mod_mul(tmp2, k, e, order, ctx); if (!s) s = BN_CTX_get(ctx); - BN_mod_add(s, tmp, tmp2, order, ctx); + if (!tmp || !tmp2 || !s) { + GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + + if(!BN_mod_mul(tmp, priv_key, r, order, ctx) + || !BN_mod_mul(tmp2, k, e, order, ctx) + || !BN_mod_add(s, tmp, tmp2, order, ctx)) { + GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_INTERNAL_ERROR); + goto err; + } } while (BN_is_zero(s)); newsig->s = BN_dup(s); newsig->r = BN_dup(r); + if(!newsig->s || !newsig->r) { + GOSTerr(GOST_F_GOST2001_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + + ret = newsig; err: - BN_CTX_end(ctx); - BN_CTX_free(ctx); - EC_POINT_free(C); - BN_free(md); - return newsig; + if(ctx) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + if (C) EC_POINT_free(C); + if (md) BN_free(md); + if (!ret && newsig) { + DSA_SIG_free(newsig); + } + return ret; } /* @@ -196,6 +270,11 @@ int gost2001_do_verify(const unsigned char *dgst, int dgst_len, const EC_POINT *pub_key = NULL; int ok = 0; + if(!ctx || !group) { + GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR); + goto err; + } + BN_CTX_start(ctx); order = BN_CTX_get(ctx); e = BN_CTX_get(ctx); @@ -205,9 +284,17 @@ int gost2001_do_verify(const unsigned char *dgst, int dgst_len, X = BN_CTX_get(ctx); R = BN_CTX_get(ctx); v = BN_CTX_get(ctx); + if(!order || !e || !z1 || !z2 || !tmp || !X || !R || !v) { + GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } - EC_GROUP_get_order(group, order, ctx); pub_key = EC_KEY_get0_public_key(ec); + if(!pub_key || !EC_GROUP_get_order(group, order, ctx)) { + GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR); + goto err; + } + if (BN_is_zero(sig->s) || BN_is_zero(sig->r) || (BN_cmp(sig->s, order) >= 1) || (BN_cmp(sig->r, order) >= 1)) { GOSTerr(GOST_F_GOST2001_DO_VERIFY, @@ -217,19 +304,28 @@ int gost2001_do_verify(const unsigned char *dgst, int dgst_len, } md = hashsum2bn(dgst); - BN_mod(e, md, order, ctx); + if(!md || !BN_mod(e, md, order, ctx)) { + GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR); + goto err; + } #ifdef DEBUG_SIGN fprintf(stderr, "digest as bignum: "); BN_print_fp(stderr, md); fprintf(stderr, "\ndigest mod q: "); BN_print_fp(stderr, e); #endif - if (BN_is_zero(e)) - BN_one(e); + if (BN_is_zero(e) && !BN_one(e)) { + GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR); + goto err; + } v = BN_mod_inverse(v, e, order, ctx); - BN_mod_mul(z1, sig->s, v, order, ctx); - BN_sub(tmp, order, sig->r); - BN_mod_mul(z2, tmp, v, order, ctx); + if(!v + || !BN_mod_mul(z1, sig->s, v, order, ctx) + || !BN_sub(tmp, order, sig->r) + || !BN_mod_mul(z2, tmp, v, order, ctx)) { + GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR); + goto err; + } #ifdef DEBUG_SIGN fprintf(stderr, "\nInverted digest value: "); BN_print_fp(stderr, v); @@ -239,6 +335,10 @@ int gost2001_do_verify(const unsigned char *dgst, int dgst_len, BN_print_fp(stderr, z2); #endif C = EC_POINT_new(group); + if (!C) { + GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } if (!EC_POINT_mul(group, C, z1, pub_key, z2, ctx)) { GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB); goto err; @@ -247,7 +347,10 @@ int gost2001_do_verify(const unsigned char *dgst, int dgst_len, GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB); goto err; } - BN_mod(R, X, order, ctx); + if(!BN_mod(R, X, order, ctx)) { + GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_INTERNAL_ERROR); + goto err; + } #ifdef DEBUG_SIGN fprintf(stderr, "\nX="); BN_print_fp(stderr, X); @@ -261,10 +364,12 @@ int gost2001_do_verify(const unsigned char *dgst, int dgst_len, ok = 1; } err: - EC_POINT_free(C); - BN_CTX_end(ctx); - BN_CTX_free(ctx); - BN_free(md); + if (C) EC_POINT_free(C); + if (ctx) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + if (md) BN_free(md); return ok; } @@ -287,6 +392,10 @@ int gost2001_compute_public(EC_KEY *ec) return 0; } ctx = BN_CTX_new(); + if(!ctx) { + GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE); + goto err; + } BN_CTX_start(ctx); if (!(priv_key = EC_KEY_get0_private_key(ec))) { GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB); @@ -294,6 +403,10 @@ int gost2001_compute_public(EC_KEY *ec) } pub_key = EC_POINT_new(group); + if(!pub_key) { + GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE); + goto err; + } if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) { GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB); goto err; @@ -304,9 +417,11 @@ int gost2001_compute_public(EC_KEY *ec) } ok = 256; err: - BN_CTX_end(ctx); - EC_POINT_free(pub_key); - BN_CTX_free(ctx); + if (pub_key) EC_POINT_free(pub_key); + if (ctx) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } return ok; } @@ -320,7 +435,13 @@ int gost2001_keygen(EC_KEY *ec) { BIGNUM *order = BN_new(), *d = BN_new(); const EC_GROUP *group = EC_KEY_get0_group(ec); - EC_GROUP_get_order(group, order, NULL); + + if(!group || !EC_GROUP_get_order(group, order, NULL)) { + GOSTerr(GOST_F_GOST2001_KEYGEN, ERR_R_INTERNAL_ERROR); + BN_free(d); + BN_free(order); + return 0; + } do { if (!BN_rand_range(d, order)) { @@ -332,7 +453,13 @@ int gost2001_keygen(EC_KEY *ec) } } while (BN_is_zero(d)); - EC_KEY_set_private_key(ec, d); + + if(!EC_KEY_set_private_key(ec, d)) { + GOSTerr(GOST_F_GOST2001_KEYGEN, ERR_R_INTERNAL_ERROR); + BN_free(d); + BN_free(order); + return 0; + } BN_free(d); BN_free(order); return gost2001_compute_public(ec); diff --git a/crypto/openssl/engines/ccgost/gost94_keyx.c b/crypto/openssl/engines/ccgost/gost94_keyx.c index 85f4bc8..ce57f17 100644 --- a/crypto/openssl/engines/ccgost/gost94_keyx.c +++ b/crypto/openssl/engines/ccgost/gost94_keyx.c @@ -104,6 +104,7 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); gost_ctx cctx; int key_is_ephemeral = 1; + int tmp_outlen; EVP_PKEY *mykey = EVP_PKEY_CTX_get0_peerkey(ctx); /* Do not use vizir cipher parameters with cryptopro */ @@ -174,12 +175,13 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, } ASN1_OBJECT_free(gkt->key_agreement_info->cipher); gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid); - *outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL); - if (*outlen <= 0) { + tmp_outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL); + if (tmp_outlen <= 0) { GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO); goto err; } + *outlen = tmp_outlen; if (!key_is_ephemeral) { /* Set control "public key from client certificate used" */ if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= diff --git a/crypto/openssl/engines/ccgost/gost_ameth.c b/crypto/openssl/engines/ccgost/gost_ameth.c index 713a0fa..b7c5354 100644 --- a/crypto/openssl/engines/ccgost/gost_ameth.c +++ b/crypto/openssl/engines/ccgost/gost_ameth.c @@ -115,7 +115,10 @@ static int decode_gost_algor_params(EVP_PKEY *pkey, X509_ALGOR *palg) } param_nid = OBJ_obj2nid(gkp->key_params); GOST_KEY_PARAMS_free(gkp); - EVP_PKEY_set_type(pkey, pkey_nid); + if(!EVP_PKEY_set_type(pkey, pkey_nid)) { + GOSTerr(GOST_F_DECODE_GOST_ALGOR_PARAMS, ERR_R_INTERNAL_ERROR); + return 0; + } switch (pkey_nid) { case NID_id_GostR3410_94: { @@ -552,9 +555,19 @@ static int param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from) } if (!eto) { eto = EC_KEY_new(); - EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto); + if(!eto) { + GOSTerr(GOST_F_PARAM_COPY_GOST01, ERR_R_MALLOC_FAILURE); + return 0; + } + if(!EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto)) { + GOSTerr(GOST_F_PARAM_COPY_GOST01, ERR_R_INTERNAL_ERROR); + return 0; + } + } + if(!EC_KEY_set_group(eto, EC_KEY_get0_group(efrom))) { + GOSTerr(GOST_F_PARAM_COPY_GOST01, ERR_R_INTERNAL_ERROR); + return 0; } - EC_KEY_set_group(eto, EC_KEY_get0_group(efrom)); if (EC_KEY_get0_private_key(eto)) { gost2001_compute_public(eto); } @@ -729,8 +742,21 @@ static int pub_encode_gost01(X509_PUBKEY *pub, const EVP_PKEY *pk) } X = BN_new(); Y = BN_new(); - EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec), - pub_key, X, Y, NULL); + if(!X || !Y) { + GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_MALLOC_FAILURE); + if(X) BN_free(X); + if(Y) BN_free(Y); + BN_free(order); + return 0; + } + if(!EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec), + pub_key, X, Y, NULL)) { + GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_INTERNAL_ERROR); + BN_free(X); + BN_free(Y); + BN_free(order); + return 0; + } data_len = 2 * BN_num_bytes(order); BN_free(order); databuf = OPENSSL_malloc(data_len); diff --git a/crypto/openssl/engines/ccgost/gost_pmeth.c b/crypto/openssl/engines/ccgost/gost_pmeth.c index 9af7b06..b6275b2 100644 --- a/crypto/openssl/engines/ccgost/gost_pmeth.c +++ b/crypto/openssl/engines/ccgost/gost_pmeth.c @@ -502,7 +502,7 @@ static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx, long keylen; int ret; unsigned char *keybuf = string_to_hex(value, &keylen); - if (keylen != 32) { + if (!keybuf || keylen != 32) { GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR, GOST_R_INVALID_MAC_KEY_LENGTH); OPENSSL_free(keybuf); diff --git a/crypto/openssl/engines/ccgost/gost_sign.c b/crypto/openssl/engines/ccgost/gost_sign.c index 0116e47..07ad921 100644 --- a/crypto/openssl/engines/ccgost/gost_sign.c +++ b/crypto/openssl/engines/ccgost/gost_sign.c @@ -12,6 +12,7 @@ #include <openssl/bn.h> #include <openssl/dsa.h> #include <openssl/evp.h> +#include <openssl/err.h> #include "gost_params.h" #include "gost_lcl.h" @@ -52,11 +53,16 @@ void dump_dsa_sig(const char *message, DSA_SIG *sig) DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { BIGNUM *k = NULL, *tmp = NULL, *tmp2 = NULL; - DSA_SIG *newsig = DSA_SIG_new(); + DSA_SIG *newsig = NULL, *ret = NULL; BIGNUM *md = hashsum2bn(dgst); /* check if H(M) mod q is zero */ BN_CTX *ctx = BN_CTX_new(); + if(!ctx) { + GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } BN_CTX_start(ctx); + newsig = DSA_SIG_new(); if (!newsig) { GOSTerr(GOST_F_GOST_DO_SIGN, GOST_R_NO_MEMORY); goto err; @@ -64,6 +70,10 @@ DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) tmp = BN_CTX_get(ctx); k = BN_CTX_get(ctx); tmp2 = BN_CTX_get(ctx); + if(!tmp || !k || !tmp2) { + GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } BN_mod(tmp, md, dsa->q, ctx); if (BN_is_zero(tmp)) { BN_one(md); @@ -76,24 +86,41 @@ DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) BN_rand_range(k, dsa->q); /* generate r = (a^x mod p) mod q */ BN_mod_exp(tmp, dsa->g, k, dsa->p, ctx); - if (!(newsig->r)) + if (!(newsig->r)) { newsig->r = BN_new(); + if(!newsig->r) { + GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + } BN_mod(newsig->r, tmp, dsa->q, ctx); } while (BN_is_zero(newsig->r)); /* generate s = (xr + k(Hm)) mod q */ BN_mod_mul(tmp, dsa->priv_key, newsig->r, dsa->q, ctx); BN_mod_mul(tmp2, k, md, dsa->q, ctx); - if (!newsig->s) + if (!newsig->s) { newsig->s = BN_new(); + if(!newsig->s) { + GOSTerr(GOST_F_GOST_DO_SIGN, ERR_R_MALLOC_FAILURE); + goto err; + } + } BN_mod_add(newsig->s, tmp, tmp2, dsa->q, ctx); } while (BN_is_zero(newsig->s)); + + ret = newsig; err: BN_free(md); - BN_CTX_end(ctx); - BN_CTX_free(ctx); - return newsig; + if(ctx) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + if(!ret && newsig) { + DSA_SIG_free(newsig); + } + return ret; } /* @@ -135,17 +162,21 @@ int pack_sign_cp(DSA_SIG *s, int order, unsigned char *sig, size_t *siglen) int gost_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) { - BIGNUM *md, *tmp = NULL; + BIGNUM *md = NULL, *tmp = NULL; BIGNUM *q2 = NULL; BIGNUM *u = NULL, *v = NULL, *z1 = NULL, *z2 = NULL; BIGNUM *tmp2 = NULL, *tmp3 = NULL; - int ok; + int ok = 0; BN_CTX *ctx = BN_CTX_new(); + if(!ctx) { + GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } BN_CTX_start(ctx); if (BN_cmp(sig->s, dsa->q) >= 1 || BN_cmp(sig->r, dsa->q) >= 1) { GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q); - return 0; + goto err; } md = hashsum2bn(dgst); @@ -157,6 +188,10 @@ int gost_do_verify(const unsigned char *dgst, int dgst_len, tmp2 = BN_CTX_get(ctx); tmp3 = BN_CTX_get(ctx); u = BN_CTX_get(ctx); + if(!tmp || !v || !q2 || !z1 || !z2 || !tmp2 || !tmp3 || !u) { + GOSTerr(GOST_F_GOST_DO_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } BN_mod(tmp, md, dsa->q, ctx); if (BN_is_zero(tmp)) { @@ -172,15 +207,18 @@ int gost_do_verify(const unsigned char *dgst, int dgst_len, BN_mod_exp(tmp2, dsa->pub_key, z2, dsa->p, ctx); BN_mod_mul(tmp3, tmp, tmp2, dsa->p, ctx); BN_mod(u, tmp3, dsa->q, ctx); - ok = BN_cmp(u, sig->r); + ok = (BN_cmp(u, sig->r) == 0); - BN_free(md); - BN_CTX_end(ctx); - BN_CTX_free(ctx); - if (ok != 0) { + if (!ok) { GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH); } - return (ok == 0); +err: + if(md) BN_free(md); + if(ctx) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + return ok; } /* @@ -190,13 +228,24 @@ int gost_do_verify(const unsigned char *dgst, int dgst_len, int gost94_compute_public(DSA *dsa) { /* Now fill algorithm parameters with correct values */ - BN_CTX *ctx = BN_CTX_new(); + BN_CTX *ctx; if (!dsa->g) { GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, GOST_R_KEY_IS_NOT_INITALIZED); return 0; } - /* Compute public key y = a^x mod p */ + ctx = BN_CTX_new(); + if(!ctx) { + GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE); + return 0; + } + dsa->pub_key = BN_new(); + if(!dsa->pub_key) { + GOSTerr(GOST_F_GOST94_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE); + BN_CTX_free(ctx); + return 0; + } + /* Compute public key y = a^x mod p */ BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx); BN_CTX_free(ctx); return 1; @@ -243,6 +292,10 @@ int fill_GOST94_params(DSA *dsa, int nid) int gost_sign_keygen(DSA *dsa) { dsa->priv_key = BN_new(); + if(!dsa->priv_key) { + GOSTerr(GOST_F_GOST_SIGN_KEYGEN, ERR_R_MALLOC_FAILURE); + return 0; + } BN_rand_range(dsa->priv_key, dsa->q); return gost94_compute_public(dsa); } diff --git a/crypto/openssl/engines/e_sureware.c b/crypto/openssl/engines/e_sureware.c index 1005dfc..8a23763 100644 --- a/crypto/openssl/engines/e_sureware.c +++ b/crypto/openssl/engines/e_sureware.c @@ -712,10 +712,12 @@ static EVP_PKEY *sureware_load_public(ENGINE *e, const char *key_id, /* set public big nums */ rsatmp->e = BN_new(); rsatmp->n = BN_new(); + if(!rsatmp->e || !rsatmp->n) + goto err; bn_expand2(rsatmp->e, el / sizeof(BN_ULONG)); bn_expand2(rsatmp->n, el / sizeof(BN_ULONG)); - if (!rsatmp->e || rsatmp->e->dmax != (int)(el / sizeof(BN_ULONG)) || - !rsatmp->n || rsatmp->n->dmax != (int)(el / sizeof(BN_ULONG))) + if (rsatmp->e->dmax != (int)(el / sizeof(BN_ULONG)) || + rsatmp->n->dmax != (int)(el / sizeof(BN_ULONG))) goto err; ret = p_surewarehk_Load_Rsa_Pubkey(msg, key_id, el, (unsigned long *)rsatmp->n->d, @@ -752,15 +754,16 @@ static EVP_PKEY *sureware_load_public(ENGINE *e, const char *key_id, dsatmp->p = BN_new(); dsatmp->q = BN_new(); dsatmp->g = BN_new(); + if(!dsatmp->pub_key || !dsatmp->p || !dsatmp->q || !dsatmp->g) + goto err; bn_expand2(dsatmp->pub_key, el / sizeof(BN_ULONG)); bn_expand2(dsatmp->p, el / sizeof(BN_ULONG)); bn_expand2(dsatmp->q, 20 / sizeof(BN_ULONG)); bn_expand2(dsatmp->g, el / sizeof(BN_ULONG)); - if (!dsatmp->pub_key - || dsatmp->pub_key->dmax != (int)(el / sizeof(BN_ULONG)) - || !dsatmp->p || dsatmp->p->dmax != (int)(el / sizeof(BN_ULONG)) - || !dsatmp->q || dsatmp->q->dmax != 20 / sizeof(BN_ULONG) - || !dsatmp->g || dsatmp->g->dmax != (int)(el / sizeof(BN_ULONG))) + if (dsatmp->pub_key->dmax != (int)(el / sizeof(BN_ULONG)) + || dsatmp->p->dmax != (int)(el / sizeof(BN_ULONG)) + || dsatmp->q->dmax != 20 / sizeof(BN_ULONG) + || dsatmp->g->dmax != (int)(el / sizeof(BN_ULONG))) goto err; ret = p_surewarehk_Load_Dsa_Pubkey(msg, key_id, el, @@ -1038,10 +1041,12 @@ static DSA_SIG *surewarehk_dsa_do_sign(const unsigned char *from, int flen, } psign->r = BN_new(); psign->s = BN_new(); + if(!psign->r || !psign->s) + goto err; bn_expand2(psign->r, 20 / sizeof(BN_ULONG)); bn_expand2(psign->s, 20 / sizeof(BN_ULONG)); - if (!psign->r || psign->r->dmax != 20 / sizeof(BN_ULONG) || - !psign->s || psign->s->dmax != 20 / sizeof(BN_ULONG)) + if (psign->r->dmax != 20 / sizeof(BN_ULONG) || + psign->s->dmax != 20 / sizeof(BN_ULONG)) goto err; ret = p_surewarehk_Dsa_Sign(msg, flen, from, (unsigned long *)psign->r->d, @@ -1070,9 +1075,9 @@ static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, char msg[64] = "ENGINE_modexp"; if (!p_surewarehk_Mod_Exp) { SUREWAREerr(SUREWARE_F_SUREWAREHK_MODEXP, ENGINE_R_NOT_INITIALISED); - } else { + } else if (r) { bn_expand2(r, m->top); - if (r && r->dmax == m->top) { + if (r->dmax == m->top) { /* do it */ ret = p_surewarehk_Mod_Exp(msg, m->top * sizeof(BN_ULONG), diff --git a/crypto/openssl/ssl/Makefile b/crypto/openssl/ssl/Makefile index 8dd390e..29d9e45 100644 --- a/crypto/openssl/ssl/Makefile +++ b/crypto/openssl/ssl/Makefile @@ -89,12 +89,13 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC); \ - fi +update: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new @@ -507,26 +508,27 @@ s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c s2_pkt.o: ssl_locl.h -s2_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h -s2_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h -s2_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -s2_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s2_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s2_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s2_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s2_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s2_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s2_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s2_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s2_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s2_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s2_srvr.o: ../include/openssl/x509_vfy.h s2_srvr.c ssl_locl.h +s2_srvr.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h +s2_srvr.o: ../include/openssl/bio.h ../include/openssl/buffer.h +s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h +s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h +s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s2_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +s2_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h +s2_srvr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s2_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s2_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s2_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s2_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s2_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s2_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_srvr.c +s2_srvr.o: ssl_locl.h s3_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_both.o: ../include/openssl/buffer.h ../include/openssl/comp.h s3_both.o: ../include/openssl/crypto.h ../include/openssl/dsa.h diff --git a/crypto/openssl/ssl/d1_both.c b/crypto/openssl/ssl/d1_both.c index c18ec03..8dd8ea3 100644 --- a/crypto/openssl/ssl/d1_both.c +++ b/crypto/openssl/ssl/d1_both.c @@ -485,6 +485,12 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) return i; } + if (mt >= 0 && s->s3->tmp.message_type != mt) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } + p = (unsigned char *)s->init_buf->data; msg_len = msg_hdr->msg_len; @@ -869,6 +875,20 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) /* parse the message fragment header */ dtls1_get_message_header(wire, &msg_hdr); + len = msg_hdr.msg_len; + frag_off = msg_hdr.frag_off; + frag_len = msg_hdr.frag_len; + + /* + * We must have at least frag_len bytes left in the record to be read. + * Fragments must not span records. + */ + if (frag_len > s->s3->rrec.length) { + al = SSL3_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_BAD_LENGTH); + goto f_err; + } + /* * if this is a future (or stale) message it gets buffered * (or dropped)--no further processing at this time @@ -879,10 +899,6 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) && !(s->d1->listen && msg_hdr.seq == 1)) return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); - len = msg_hdr.msg_len; - frag_off = msg_hdr.frag_off; - frag_len = msg_hdr.frag_len; - if (frag_len && frag_len < len) return dtls1_reassemble_fragment(s, &msg_hdr, ok); @@ -913,17 +929,16 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max))) goto f_err; - /* XDTLS: ressurect this when restart is in place */ - s->state = stn; - if (frag_len > 0) { unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[frag_off], frag_len, 0); + /* - * XDTLS: fix this--message fragments cannot span multiple packets + * This shouldn't ever fail due to NBIO because we already checked + * that we have enough data in the record */ if (i <= 0) { s->rwstate = SSL_READING; @@ -944,6 +959,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) } *ok = 1; + s->state = stn; /* * Note that s->init_num is *not* used as current offset in @@ -1540,7 +1556,10 @@ int dtls1_process_heartbeat(SSL *s) memcpy(bp, pl, payload); bp += payload; /* Random padding */ - RAND_pseudo_bytes(bp, padding); + if (RAND_pseudo_bytes(bp, padding) < 0) { + OPENSSL_free(buffer); + return -1; + } r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); @@ -1574,7 +1593,7 @@ int dtls1_process_heartbeat(SSL *s) int dtls1_heartbeat(SSL *s) { unsigned char *buf, *p; - int ret; + int ret = -1; unsigned int payload = 18; /* Sequence number + random bytes */ unsigned int padding = 16; /* Use minimum padding */ @@ -1622,10 +1641,12 @@ int dtls1_heartbeat(SSL *s) /* Sequence number */ s2n(s->tlsext_hb_seq, p); /* 16 random bytes */ - RAND_pseudo_bytes(p, 16); + if (RAND_pseudo_bytes(p, 16) < 0) + goto err; p += 16; /* Random padding */ - RAND_pseudo_bytes(p, padding); + if (RAND_pseudo_bytes(p, padding) < 0) + goto err; ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding); if (ret >= 0) { @@ -1638,6 +1659,7 @@ int dtls1_heartbeat(SSL *s) s->tlsext_hb_pending = 1; } +err: OPENSSL_free(buf); return ret; diff --git a/crypto/openssl/ssl/d1_clnt.c b/crypto/openssl/ssl/d1_clnt.c index 1394781..377c1e6 100644 --- a/crypto/openssl/ssl/d1_clnt.c +++ b/crypto/openssl/ssl/d1_clnt.c @@ -212,6 +212,7 @@ int dtls1_connect(SSL *s) (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00)) { SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR); ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -221,10 +222,12 @@ int dtls1_connect(SSL *s) if (s->init_buf == NULL) { if ((buf = BUF_MEM_new()) == NULL) { ret = -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf = buf; @@ -233,12 +236,14 @@ int dtls1_connect(SSL *s) if (!ssl3_setup_buffers(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } /* setup buffing BIO */ if (!ssl_init_wbio_buffer(s, 0)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -417,6 +422,7 @@ int dtls1_connect(SSL *s) */ if (!ssl3_check_cert_and_algorithm(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } break; @@ -548,6 +554,7 @@ int dtls1_connect(SSL *s) #endif if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -555,6 +562,7 @@ int dtls1_connect(SSL *s) SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } #ifndef OPENSSL_NO_SCTP @@ -735,6 +743,7 @@ int dtls1_connect(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE); ret = -1; @@ -945,6 +954,7 @@ static int dtls1_get_hello_verify(SSL *s) f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); + s->state = SSL_ST_ERR; return -1; } diff --git a/crypto/openssl/ssl/d1_lib.c b/crypto/openssl/ssl/d1_lib.c index 94acb15..011d7b7 100644 --- a/crypto/openssl/ssl/d1_lib.c +++ b/crypto/openssl/ssl/d1_lib.c @@ -496,6 +496,9 @@ int dtls1_listen(SSL *s, struct sockaddr *client) { int ret; + /* Ensure there is no state left over from a previous invocation */ + SSL_clear(s); + SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); s->d1->listen = 1; diff --git a/crypto/openssl/ssl/d1_pkt.c b/crypto/openssl/ssl/d1_pkt.c index 7b49a7d..d659ed4 100644 --- a/crypto/openssl/ssl/d1_pkt.c +++ b/crypto/openssl/ssl/d1_pkt.c @@ -1065,7 +1065,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) (s->d1->handshake_fragment[3] != 0)) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST); - goto err; + goto f_err; } /* diff --git a/crypto/openssl/ssl/d1_srvr.c b/crypto/openssl/ssl/d1_srvr.c index c4ec9fe..41c7dc5 100644 --- a/crypto/openssl/ssl/d1_srvr.c +++ b/crypto/openssl/ssl/d1_srvr.c @@ -224,11 +224,13 @@ int dtls1_accept(SSL *s) if (s->init_buf == NULL) { if ((buf = BUF_MEM_new()) == NULL) { ret = -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { BUF_MEM_free(buf); ret = -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf = buf; @@ -236,6 +238,7 @@ int dtls1_accept(SSL *s) if (!ssl3_setup_buffers(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -257,6 +260,7 @@ int dtls1_accept(SSL *s) #endif if (!ssl_init_wbio_buffer(s, 1)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -470,7 +474,7 @@ int dtls1_accept(SSL *s) #ifndef OPENSSL_NO_PSK || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint) #endif - || (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) + || (alg_k & SSL_kEDH) || (alg_k & SSL_kEECDH) || ((alg_k & SSL_kRSA) && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL @@ -665,15 +669,6 @@ int dtls1_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: - /* - * This *should* be the first time we enable CCS, but be - * extra careful about surrounding code changes. We need - * to set this here because we don't know if we're - * expecting a CertificateVerify or not. - */ - if (!s->s3->change_cipher_spec) - s->d1->change_cipher_spec_ok = 1; - /* we should decide if we expected this one */ ret = ssl3_get_cert_verify(s); if (ret <= 0) goto end; @@ -690,11 +685,10 @@ int dtls1_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: /* - * Enable CCS for resumed handshakes. - * In a full handshake, we end up here through - * SSL3_ST_SR_CERT_VRFY_B, so change_cipher_spec_ok was - * already set. Receiving a CCS clears the flag, so make - * sure not to re-enable it to ban duplicates. + * Enable CCS. Receiving a CCS clears the flag, so make + * sure not to re-enable it to ban duplicates. This *should* be the + * first time we have received one - but we check anyway to be + * cautious. * s->s3->change_cipher_spec is set when a CCS is * processed in d1_pkt.c, and remains set until * the client's Finished message is read. @@ -744,6 +738,7 @@ int dtls1_accept(SSL *s) s->session->cipher = s->s3->tmp.new_cipher; if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -772,6 +767,7 @@ int dtls1_accept(SSL *s) SSL3_CHANGE_CIPHER_SERVER_WRITE)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -852,6 +848,7 @@ int dtls1_accept(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE); ret = -1; @@ -932,6 +929,7 @@ int dtls1_send_hello_verify_request(SSL *s) &(s->d1->cookie_len)) == 0) { SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return 0; } diff --git a/crypto/openssl/ssl/s2_pkt.c b/crypto/openssl/ssl/s2_pkt.c index 614b9a3..7a61888 100644 --- a/crypto/openssl/ssl/s2_pkt.c +++ b/crypto/openssl/ssl/s2_pkt.c @@ -576,6 +576,20 @@ static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len) s->s2->padding = p; s->s2->mac_data = &(s->s2->wbuf[3]); s->s2->wact_data = &(s->s2->wbuf[3 + mac_size]); + + /* + * It would be clearer to write this as follows: + * if (mac_size + len + p > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER) + * However |len| is user input that could in theory be very large. We + * know |mac_size| and |p| are small, so to avoid any possibility of + * overflow we write it like this. + * + * In theory this should never fail because the logic above should have + * modified |len| if it is too big. But we are being cautious. + */ + if (len > (SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER - (mac_size + p))) { + return -1; + } /* we copy the data into s->s2->wbuf */ memcpy(s->s2->wact_data, buf, len); if (p) diff --git a/crypto/openssl/ssl/s2_srvr.c b/crypto/openssl/ssl/s2_srvr.c index 19bb48c..4289272 100644 --- a/crypto/openssl/ssl/s2_srvr.c +++ b/crypto/openssl/ssl/s2_srvr.c @@ -111,6 +111,7 @@ #include "ssl_locl.h" #ifndef OPENSSL_NO_SSL2 +#include "../crypto/constant_time_locl.h" # include <stdio.h> # include <openssl/bio.h> # include <openssl/rand.h> @@ -372,12 +373,15 @@ int ssl2_accept(SSL *s) static int get_client_master_key(SSL *s) { int is_export, i, n, keya; - unsigned int ek; + unsigned int num_encrypted_key_bytes, key_length; unsigned long len; unsigned char *p; const SSL_CIPHER *cp; const EVP_CIPHER *c; const EVP_MD *md; + unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH]; + unsigned char decrypt_good; + size_t j; p = (unsigned char *)s->init_buf->data; if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A) { @@ -465,12 +469,6 @@ static int get_client_master_key(SSL *s) return (0); } - if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC) { - is_export = 1; - ek = 8; - } else - ek = 5; - /* * The format of the CLIENT-MASTER-KEY message is * 1 byte message type @@ -484,12 +482,27 @@ static int get_client_master_key(SSL *s) * * If the cipher is an export cipher, then the encrypted key bytes * are a fixed portion of the total key (5 or 8 bytes). The size of - * this portion is in |ek|. If the cipher is not an export cipher, - * then the entire key material is encrypted (i.e., clear key length - * must be zero). + * this portion is in |num_encrypted_key_bytes|. If the cipher is not an + * export cipher, then the entire key material is encrypted (i.e., clear + * key length must be zero). */ - if ((!is_export && s->s2->tmp.clear != 0) || - (is_export && s->s2->tmp.clear + ek != (unsigned int)EVP_CIPHER_key_length(c))) { + key_length = (unsigned int)EVP_CIPHER_key_length(c); + if (key_length > SSL_MAX_MASTER_KEY_LENGTH) { + ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); + return -1; + } + + if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC) { + is_export = 1; + num_encrypted_key_bytes = 8; + } else if (is_export) { + num_encrypted_key_bytes = 5; + } else { + num_encrypted_key_bytes = key_length; + } + + if (s->s2->tmp.clear + num_encrypted_key_bytes != key_length) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH); return -1; @@ -499,64 +512,49 @@ static int get_client_master_key(SSL *s) * Decryption can't be expanding, so if we don't have enough encrypted * bytes to fit the key in the buffer, stop now. */ - if ((is_export && s->s2->tmp.enc < ek) || - (!is_export && s->s2->tmp.enc < (unsigned int)EVP_CIPHER_key_length(c))) { + if (s->s2->tmp.enc < num_encrypted_key_bytes) { ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT); return -1; } + /* + * We must not leak whether a decryption failure occurs because of + * Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246, + * section 7.4.7.1). The code follows that advice of the TLS RFC and + * generates a random premaster secret for the case that the decrypt + * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1 + */ + + /* + * should be RAND_bytes, but we cannot work around a failure. + */ + if (RAND_pseudo_bytes(rand_premaster_secret, + (int)num_encrypted_key_bytes) <= 0) + return 0; + i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc, &(p[s->s2->tmp.clear]), &(p[s->s2->tmp.clear]), (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING : RSA_PKCS1_PADDING); - - /* bad decrypt */ -# if 1 + ERR_clear_error(); /* * If a bad decrypt, continue with protocol but with a random master * secret (Bleichenbacher attack) */ - if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c)) - || (is_export && i != (int)ek))) { - ERR_clear_error(); - if (is_export) - i = ek; - else - i = EVP_CIPHER_key_length(c); - if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0) - return 0; - } -# else - if (i < 0) { - error = 1; - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_BAD_RSA_DECRYPT); - } - /* incorrect number of key bytes for non export cipher */ - else if ((!is_export && (i != EVP_CIPHER_key_length(c))) - || (is_export && ((i != ek) || (s->s2->tmp.clear + i != - EVP_CIPHER_key_length(c))))) { - error = 1; - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_WRONG_NUMBER_OF_KEY_BITS); - } - if (error) { - ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); - return (-1); + decrypt_good = constant_time_eq_int_8(i, (int)num_encrypted_key_bytes); + for (j = 0; j < num_encrypted_key_bytes; j++) { + p[s->s2->tmp.clear + j] = + constant_time_select_8(decrypt_good, p[s->s2->tmp.clear + j], + rand_premaster_secret[j]); } -# endif - if (is_export) - i = EVP_CIPHER_key_length(c); + s->session->master_key_length = (int)key_length; + memcpy(s->session->master_key, p, key_length); + OPENSSL_cleanse(p, key_length); - if (i > SSL_MAX_MASTER_KEY_LENGTH) { - ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); - SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR); - return -1; - } - s->session->master_key_length = i; - memcpy(s->session->master_key, p, (unsigned int)i); - return (1); + return 1; } static int get_client_hello(SSL *s) diff --git a/crypto/openssl/ssl/s3_both.c b/crypto/openssl/ssl/s3_both.c index 77374f4..107b460 100644 --- a/crypto/openssl/ssl/s3_both.c +++ b/crypto/openssl/ssl/s3_both.c @@ -169,7 +169,7 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) i = s->method->ssl3_enc->final_finish_mac(s, sender, slen, s->s3->tmp.finish_md); - if (i == 0) + if (i <= 0) return 0; s->s3->tmp.finish_md_len = i; memcpy(p, s->s3->tmp.finish_md, i); diff --git a/crypto/openssl/ssl/s3_cbc.c b/crypto/openssl/ssl/s3_cbc.c index 598d27e..2fb71f2 100644 --- a/crypto/openssl/ssl/s3_cbc.c +++ b/crypto/openssl/ssl/s3_cbc.c @@ -149,7 +149,7 @@ int tls1_cbc_remove_padding(const SSL *s, */ if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) { /* First packet is even in size, so check */ - if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) && + if ((CRYPTO_memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) && !(padding_length & 1)) { s->s3->flags |= TLS1_FLAGS_TLS_PADDING_BUG; } @@ -639,12 +639,22 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, if (k > 0) { if (is_sslv3) { + unsigned overhang; + /* * The SSLv3 header is larger than a single block. overhang is * the number of bytes beyond a single block that the header - * consumes: either 7 bytes (SHA1) or 11 bytes (MD5). + * consumes: either 7 bytes (SHA1) or 11 bytes (MD5). There are no + * ciphersuites in SSLv3 that are not SHA1 or MD5 based and + * therefore we can be confident that the header_length will be + * greater than |md_block_size|. However we add a sanity check just + * in case */ - unsigned overhang = header_length - md_block_size; + if (header_length <= md_block_size) { + /* Should never happen */ + return; + } + overhang = header_length - md_block_size; md_transform(md_state.c, header); memcpy(first_block, header + md_block_size, overhang); memcpy(first_block + overhang, data, md_block_size - overhang); diff --git a/crypto/openssl/ssl/s3_clnt.c b/crypto/openssl/ssl/s3_clnt.c index 0e5acec..0879a0f 100644 --- a/crypto/openssl/ssl/s3_clnt.c +++ b/crypto/openssl/ssl/s3_clnt.c @@ -168,6 +168,9 @@ #endif static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b); +#ifndef OPENSSL_NO_TLSEXT +static int ssl3_check_finished(SSL *s); +#endif #ifndef OPENSSL_NO_SSL3_METHOD static const SSL_METHOD *ssl3_get_client_method(int ver) @@ -235,6 +238,7 @@ int ssl3_connect(SSL *s) if ((s->version & 0xff00) != 0x0300) { SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; ret = -1; goto end; } @@ -245,10 +249,12 @@ int ssl3_connect(SSL *s) if (s->init_buf == NULL) { if ((buf = BUF_MEM_new()) == NULL) { ret = -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf = buf; @@ -263,6 +269,7 @@ int ssl3_connect(SSL *s) /* setup buffing BIO */ if (!ssl_init_wbio_buffer(s, 0)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -317,12 +324,24 @@ int ssl3_connect(SSL *s) case SSL3_ST_CR_CERT_A: case SSL3_ST_CR_CERT_B: +#ifndef OPENSSL_NO_TLSEXT + /* Noop (ret = 0) for everything but EAP-FAST. */ + ret = ssl3_check_finished(s); + if (ret < 0) + goto end; + if (ret == 1) { + s->hit = 1; + s->state = SSL3_ST_CR_FINISHED_A; + s->init_num = 0; + break; + } +#endif /* Check if it is anon DH/ECDH, SRP auth */ /* or PSK */ if (! (s->s3->tmp. new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) -&& !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { + && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { ret = ssl3_get_server_certificate(s); if (ret <= 0) goto end; @@ -358,6 +377,7 @@ int ssl3_connect(SSL *s) */ if (!ssl3_check_cert_and_algorithm(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } break; @@ -381,6 +401,7 @@ int ssl3_connect(SSL *s) if ((ret = SRP_Calc_A_param(s)) <= 0) { SSLerr(SSL_F_SSL3_CONNECT, SSL_R_SRP_A_CALC); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + s->state = SSL_ST_ERR; goto end; } } @@ -472,6 +493,7 @@ int ssl3_connect(SSL *s) #endif if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -479,6 +501,7 @@ int ssl3_connect(SSL *s) SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -553,7 +576,8 @@ int ssl3_connect(SSL *s) case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_B: - s->s3->flags |= SSL3_FLAGS_CCS_OK; + if (!s->s3->change_cipher_spec) + s->s3->flags |= SSL3_FLAGS_CCS_OK; ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A, SSL3_ST_CR_FINISHED_B); if (ret <= 0) @@ -612,6 +636,7 @@ int ssl3_connect(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_SSL3_CONNECT, SSL_R_UNKNOWN_STATE); ret = -1; @@ -658,9 +683,17 @@ int ssl3_client_hello(SSL *s) buf = (unsigned char *)s->init_buf->data; if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { SSL_SESSION *sess = s->session; - if ((sess == NULL) || - (sess->ssl_version != s->version) || - !sess->session_id_length || (sess->not_resumable)) { + if ((sess == NULL) || (sess->ssl_version != s->version) || +#ifdef OPENSSL_NO_TLSEXT + !sess->session_id_length || +#else + /* + * In the case of EAP-FAST, we can have a pre-shared + * "ticket" without a session ID. + */ + (!sess->session_id_length && !sess->tlsext_tick) || +#endif + (sess->not_resumable)) { if (!ssl_get_new_session(s, 0)) goto err; } @@ -798,6 +831,7 @@ int ssl3_client_hello(SSL *s) /* SSL3_ST_CW_CLNT_HELLO_B */ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); err: + s->state = SSL_ST_ERR; return (-1); } @@ -867,10 +901,19 @@ int ssl3_get_server_hello(SSL *s) } #ifndef OPENSSL_NO_TLSEXT /* - * check if we want to resume the session based on external pre-shared - * secret + * Check if we can resume the session based on external pre-shared secret. + * EAP-FAST (RFC 4851) supports two types of session resumption. + * Resumption based on server-side state works with session IDs. + * Resumption based on pre-shared Protected Access Credentials (PACs) + * works by overriding the SessionTicket extension at the application + * layer, and does not send a session ID. (We do not know whether EAP-FAST + * servers would honour the session ID.) Therefore, the session ID alone + * is not a reliable indicator of session resumption, so we first check if + * we can resume, and later peek at the next handshake message to see if the + * server wants to resume. */ - if (s->version >= TLS1_VERSION && s->tls_session_secret_cb) { + if (s->version >= TLS1_VERSION && s->tls_session_secret_cb && + s->session->tlsext_tick) { SSL_CIPHER *pref_cipher = NULL; s->session->master_key_length = sizeof(s->session->master_key); if (s->tls_session_secret_cb(s, s->session->master_key, @@ -879,12 +922,15 @@ int ssl3_get_server_hello(SSL *s) s->tls_session_secret_cb_arg)) { s->session->cipher = pref_cipher ? pref_cipher : ssl_get_cipher_by_char(s, p + j); - s->hit = 1; + } else { + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR); + al = SSL_AD_INTERNAL_ERROR; + goto f_err; } } #endif /* OPENSSL_NO_TLSEXT */ - if (!s->hit && j != 0 && j == s->session->session_id_length + if (j != 0 && j == s->session->session_id_length && memcmp(p, s->session->session_id, j) == 0) { if (s->sid_ctx_length != s->session->sid_ctx_length || memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) { @@ -895,12 +941,13 @@ int ssl3_get_server_hello(SSL *s) goto f_err; } s->hit = 1; - } - /* a miss or crap from the other end */ - if (!s->hit) { + } else { /* - * If we were trying for session-id reuse, make a new SSL_SESSION so - * we don't stuff up other people + * If we were trying for session-id reuse but the server + * didn't echo the ID, make a new SSL_SESSION. + * In the case of EAP-FAST and PAC, we do not send a session ID, + * so the PAC-based session secret is always preserved. It'll be + * overwritten if the server refuses resumption. */ if (s->session->session_id_length > 0) { if (!ssl_get_new_session(s, 0)) { @@ -1045,6 +1092,7 @@ int ssl3_get_server_hello(SSL *s) f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: + s->state = SSL_ST_ERR; return (-1); } @@ -1223,8 +1271,10 @@ int ssl3_get_server_certificate(SSL *s) if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - } err: + s->state = SSL_ST_ERR; + } + EVP_PKEY_free(pkey); X509_free(x); sk_X509_pop_free(sk, X509_free); @@ -1546,6 +1596,13 @@ int ssl3_get_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto err; } + + if (EVP_PKEY_bits(pkey) <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } + s->session->sess_cert->peer_rsa_tmp = rsa; rsa = NULL; } @@ -1894,6 +1951,7 @@ int ssl3_get_key_exchange(SSL *s) EC_KEY_free(ecdh); #endif EVP_MD_CTX_cleanup(&md_ctx); + s->state = SSL_ST_ERR; return (-1); } @@ -2050,7 +2108,10 @@ int ssl3_get_certificate_request(SSL *s) ca_sk = NULL; ret = 1; + goto done; err: + s->state = SSL_ST_ERR; + done: if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); return (ret); @@ -2085,6 +2146,38 @@ int ssl3_get_new_session_ticket(SSL *s) } p = d = (unsigned char *)s->init_msg; + + if (s->session->session_id_length > 0) { + int i = s->session_ctx->session_cache_mode; + SSL_SESSION *new_sess; + /* + * We reused an existing session, so we need to replace it with a new + * one + */ + if (i & SSL_SESS_CACHE_CLIENT) { + /* + * Remove the old session from the cache + */ + if (i & SSL_SESS_CACHE_NO_INTERNAL_STORE) { + if (s->session_ctx->remove_session_cb != NULL) + s->session_ctx->remove_session_cb(s->session_ctx, + s->session); + } else { + /* We carry on if this fails */ + SSL_CTX_remove_session(s->session_ctx, s->session); + } + } + + if ((new_sess = ssl_session_dup(s->session, 0)) == 0) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); + goto f_err; + } + + SSL_SESSION_free(s->session); + s->session = new_sess; + } + n2l(p, s->session->tlsext_tick_lifetime_hint); n2s(p, ticklen); /* ticket_lifetime_hint + ticket_length + ticket */ @@ -2127,6 +2220,7 @@ int ssl3_get_new_session_ticket(SSL *s) f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: + s->state = SSL_ST_ERR; return (-1); } @@ -2187,6 +2281,7 @@ int ssl3_get_cert_status(SSL *s) return 1; f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); + s->state = SSL_ST_ERR; return (-1); } #endif @@ -2208,6 +2303,7 @@ int ssl3_get_server_done(SSL *s) /* should contain no data */ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH); + s->state = SSL_ST_ERR; return -1; } ret = 1; @@ -2506,8 +2602,6 @@ int ssl3_send_client_key_exchange(SSL *s) n += 2; DH_free(dh_clnt); - - /* perhaps clean things up a bit EAY EAY EAY EAY */ } #endif @@ -2729,7 +2823,10 @@ int ssl3_send_client_key_exchange(SSL *s) EVP_PKEY_encrypt_init(pkey_ctx); /* Generate session key */ - RAND_bytes(premaster_secret, 32); + if (RAND_bytes(premaster_secret, 32) <= 0) { + EVP_PKEY_CTX_free(pkey_ctx); + goto err; + } /* * If we have client certificate, use its secret as peer key */ @@ -2948,6 +3045,7 @@ int ssl3_send_client_key_exchange(SSL *s) EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); #endif + s->state = SSL_ST_ERR; return (-1); } @@ -3081,6 +3179,7 @@ int ssl3_send_client_verify(SSL *s) err: EVP_MD_CTX_cleanup(&mctx); EVP_PKEY_CTX_free(pctx); + s->state = SSL_ST_ERR; return (-1); } @@ -3149,6 +3248,7 @@ int ssl3_send_client_certificate(SSL *s) if (!l) { SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return 0; } s->init_num = (int)l; @@ -3165,6 +3265,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) int i, idx; long alg_k, alg_a; EVP_PKEY *pkey = NULL; + int pkey_bits; SESS_CERT *sc; #ifndef OPENSSL_NO_RSA RSA *rsa; @@ -3172,6 +3273,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) #ifndef OPENSSL_NO_DH DH *dh; #endif + int al = SSL_AD_HANDSHAKE_FAILURE; alg_k = s->s3->tmp.new_cipher->algorithm_mkey; alg_a = s->s3->tmp.new_cipher->algorithm_auth; @@ -3207,6 +3309,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) } #endif pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509); + pkey_bits = EVP_PKEY_bits(pkey); i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey); EVP_PKEY_free(pkey); @@ -3224,38 +3327,71 @@ int ssl3_check_cert_and_algorithm(SSL *s) } #endif #ifndef OPENSSL_NO_RSA - if ((alg_k & SSL_kRSA) && - !(has_bits(i, EVP_PK_RSA | EVP_PKT_ENC) || (rsa != NULL))) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, - SSL_R_MISSING_RSA_ENCRYPTING_CERT); - goto f_err; + if (alg_k & SSL_kRSA) { + if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && + !has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_RSA_ENCRYPTING_CERT); + goto f_err; + } else if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) { + if (pkey_bits <= SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { + if (!has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_RSA_ENCRYPTING_CERT); + goto f_err; + } + if (rsa != NULL) { + /* server key exchange is not allowed. */ + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR); + goto f_err; + } + } + } } #endif #ifndef OPENSSL_NO_DH - if ((alg_k & SSL_kEDH) && - !(has_bits(i, EVP_PK_DH | EVP_PKT_EXCH) || (dh != NULL))) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_KEY); + if ((alg_k & SSL_kEDH) && dh == NULL) { + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR); goto f_err; - } else if ((alg_k & SSL_kDHr) && !has_bits(i, EVP_PK_DH | EVP_PKS_RSA)) { + } + if ((alg_k & SSL_kDHr) && !has_bits(i, EVP_PK_DH | EVP_PKS_RSA)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_RSA_CERT); goto f_err; } # ifndef OPENSSL_NO_DSA - else if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH | EVP_PKS_DSA)) { + if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH | EVP_PKS_DSA)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_DSA_CERT); goto f_err; } # endif -#endif - if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PKT_EXP)) { + /* Check DHE only: static DH not implemented. */ + if (alg_k & SSL_kEDH) { + int dh_size = BN_num_bits(dh->p); + if ((!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 768) + || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 512)) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_DH_KEY_TOO_SMALL); + goto f_err; + } + } +#endif /* !OPENSSL_NO_DH */ + + if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && + pkey_bits > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { #ifndef OPENSSL_NO_RSA if (alg_k & SSL_kRSA) { - if (rsa == NULL - || RSA_size(rsa) * 8 > + if (rsa == NULL) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_EXPORT_TMP_RSA_KEY); + goto f_err; + } else if (BN_num_bits(rsa->n) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { + /* We have a temporary RSA key but it's too large. */ + al = SSL_AD_EXPORT_RESTRICTION; SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_EXPORT_TMP_RSA_KEY); goto f_err; @@ -3263,14 +3399,21 @@ int ssl3_check_cert_and_algorithm(SSL *s) } else #endif #ifndef OPENSSL_NO_DH - if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) { - if (dh == NULL - || DH_size(dh) * 8 > + if (alg_k & SSL_kEDH) { + if (BN_num_bits(dh->p) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { + /* We have a temporary DH key but it's too large. */ + al = SSL_AD_EXPORT_RESTRICTION; SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_EXPORT_TMP_DH_KEY); goto f_err; } + } else if (alg_k & (SSL_kDHr | SSL_kDHd)) { + /* The cert should have had an export DH key. */ + al = SSL_AD_EXPORT_RESTRICTION; + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, + SSL_R_MISSING_EXPORT_TMP_DH_KEY); + goto f_err; } else #endif { @@ -3281,12 +3424,62 @@ int ssl3_check_cert_and_algorithm(SSL *s) } return (1); f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + ssl3_send_alert(s, SSL3_AL_FATAL, al); err: return (0); } -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) +#ifndef OPENSSL_NO_TLSEXT +/* + * Normally, we can tell if the server is resuming the session from + * the session ID. EAP-FAST (RFC 4851), however, relies on the next server + * message after the ServerHello to determine if the server is resuming. + * Therefore, we allow EAP-FAST to peek ahead. + * ssl3_check_finished returns 1 if we are resuming from an external + * pre-shared secret, we have a "ticket" and the next server handshake message + * is Finished; and 0 otherwise. It returns -1 upon an error. + */ +static int ssl3_check_finished(SSL *s) +{ + int ok = 0; + + if (s->version < TLS1_VERSION || !s->tls_session_secret_cb || + !s->session->tlsext_tick) + return 0; + + /* Need to permit this temporarily, in case the next message is Finished. */ + s->s3->flags |= SSL3_FLAGS_CCS_OK; + /* + * This function is called when we might get a Certificate message instead, + * so permit appropriate message length. + * We ignore the return value as we're only interested in the message type + * and not its length. + */ + s->method->ssl_get_message(s, + SSL3_ST_CR_CERT_A, + SSL3_ST_CR_CERT_B, + -1, s->max_cert_list, &ok); + s->s3->flags &= ~SSL3_FLAGS_CCS_OK; + + if (!ok) + return -1; + + s->s3->tmp.reuse_message = 1; + + if (s->s3->tmp.message_type == SSL3_MT_FINISHED) + return 1; + + /* If we're not done, then the CCS arrived early and we should bail. */ + if (s->s3->change_cipher_spec) { + SSLerr(SSL_F_SSL3_CHECK_FINISHED, SSL_R_CCS_RECEIVED_EARLY); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE); + return -1; + } + + return 0; +} + +# ifndef OPENSSL_NO_NEXTPROTONEG int ssl3_send_next_proto(SSL *s) { unsigned int len, padding_len; @@ -3309,8 +3502,8 @@ int ssl3_send_next_proto(SSL *s) return ssl3_do_write(s, SSL3_RT_HANDSHAKE); } -#endif /* !OPENSSL_NO_TLSEXT && - * !OPENSSL_NO_NEXTPROTONEG */ +#endif /* !OPENSSL_NO_NEXTPROTONEG */ +#endif /* !OPENSSL_NO_TLSEXT */ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) { diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c index 7c9f20c..25cf929 100644 --- a/crypto/openssl/ssl/s3_pkt.c +++ b/crypto/openssl/ssl/s3_pkt.c @@ -347,11 +347,22 @@ static int ssl3_get_record(SSL *s) if (version != s->version) { SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); if ((s->version & 0xFF00) == (version & 0xFF00) - && !s->enc_write_ctx && !s->write_hash) + && !s->enc_write_ctx && !s->write_hash) { + if (rr->type == SSL3_RT_ALERT) { + /* + * The record is using an incorrect version number, but + * what we've got appears to be an alert. We haven't + * read the body yet to check whether its a fatal or + * not - but chances are it is. We probably shouldn't + * send a fatal alert back. We'll just end. + */ + goto err; + } /* * Send back error using their minor version number :-) */ s->version = (unsigned short)version; + } al = SSL_AD_PROTOCOL_VERSION; goto f_err; } diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c index b8f91bc..9aa3292 100644 --- a/crypto/openssl/ssl/s3_srvr.c +++ b/crypto/openssl/ssl/s3_srvr.c @@ -266,6 +266,7 @@ int ssl3_accept(SSL *s) if ((s->version >> 8) != 3) { SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } s->type = SSL_ST_ACCEPT; @@ -273,11 +274,13 @@ int ssl3_accept(SSL *s) if (s->init_buf == NULL) { if ((buf = BUF_MEM_new()) == NULL) { ret = -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { BUF_MEM_free(buf); ret = -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf = buf; @@ -285,6 +288,7 @@ int ssl3_accept(SSL *s) if (!ssl3_setup_buffers(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -303,6 +307,7 @@ int ssl3_accept(SSL *s) */ if (!ssl_init_wbio_buffer(s, 1)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -320,6 +325,7 @@ int ssl3_accept(SSL *s) SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); ret = -1; + s->state = SSL_ST_ERR; goto end; } else { /* @@ -379,6 +385,7 @@ int ssl3_accept(SSL *s) SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_CLIENTHELLO_TLSEXT); ret = SSL_TLSEXT_ERR_ALERT_FATAL; ret = -1; + s->state = SSL_ST_ERR; goto end; } } @@ -529,9 +536,12 @@ int ssl3_accept(SSL *s) skip = 1; s->s3->tmp.cert_request = 0; s->state = SSL3_ST_SW_SRVR_DONE_A; - if (s->s3->handshake_buffer) - if (!ssl3_digest_cached_records(s)) + if (s->s3->handshake_buffer) { + if (!ssl3_digest_cached_records(s)) { + s->state = SSL_ST_ERR; return -1; + } + } } else { s->s3->tmp.cert_request = 1; ret = ssl3_send_certificate_request(s); @@ -629,11 +639,14 @@ int ssl3_accept(SSL *s) */ if (!s->s3->handshake_buffer) { SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; - if (!ssl3_digest_cached_records(s)) + if (!ssl3_digest_cached_records(s)) { + s->state = SSL_ST_ERR; return -1; + } } else { int offset = 0; int dgst_num; @@ -647,9 +660,12 @@ int ssl3_accept(SSL *s) * CertificateVerify should be generalized. But it is next * step */ - if (s->s3->handshake_buffer) - if (!ssl3_digest_cached_records(s)) + if (s->s3->handshake_buffer) { + if (!ssl3_digest_cached_records(s)) { + s->state = SSL_ST_ERR; return -1; + } + } for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST; dgst_num++) if (s->s3->handshake_dgst[dgst_num]) { int dgst_size; @@ -665,6 +681,7 @@ int ssl3_accept(SSL *s) dgst_size = EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]); if (dgst_size < 0) { + s->state = SSL_ST_ERR; ret = -1; goto end; } @@ -675,15 +692,6 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: - /* - * This *should* be the first time we enable CCS, but be - * extra careful about surrounding code changes. We need - * to set this here because we don't know if we're - * expecting a CertificateVerify or not. - */ - if (!s->s3->change_cipher_spec) - s->s3->flags |= SSL3_FLAGS_CCS_OK; - /* we should decide if we expected this one */ ret = ssl3_get_cert_verify(s); if (ret <= 0) goto end; @@ -703,11 +711,10 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_NEXT_PROTO_A: case SSL3_ST_SR_NEXT_PROTO_B: /* - * Enable CCS for resumed handshakes with NPN. - * In a full handshake with NPN, we end up here through - * SSL3_ST_SR_CERT_VRFY_B, where SSL3_FLAGS_CCS_OK was - * already set. Receiving a CCS clears the flag, so make - * sure not to re-enable it to ban duplicates. + * Enable CCS for NPN. Receiving a CCS clears the flag, so make + * sure not to re-enable it to ban duplicates. This *should* be the + * first time we have received one - but we check anyway to be + * cautious. * s->s3->change_cipher_spec is set when a CCS is * processed in s3_pkt.c, and remains set until * the client's Finished message is read. @@ -726,10 +733,8 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: /* - * Enable CCS for resumed handshakes without NPN. - * In a full handshake, we end up here through - * SSL3_ST_SR_CERT_VRFY_B, where SSL3_FLAGS_CCS_OK was - * already set. Receiving a CCS clears the flag, so make + * Enable CCS for handshakes without NPN. In NPN the CCS flag has + * already been set. Receiving a CCS clears the flag, so make * sure not to re-enable it to ban duplicates. * s->s3->change_cipher_spec is set when a CCS is * processed in s3_pkt.c, and remains set until @@ -779,6 +784,7 @@ int ssl3_accept(SSL *s) s->session->cipher = s->s3->tmp.new_cipher; if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -795,6 +801,7 @@ int ssl3_accept(SSL *s) SSL3_CHANGE_CIPHER_SERVER_WRITE)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -857,6 +864,7 @@ int ssl3_accept(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNKNOWN_STATE); ret = -1; @@ -992,6 +1000,16 @@ int ssl3_get_client_hello(SSL *s) d = p = (unsigned char *)s->init_msg; /* + * 2 bytes for client version, SSL3_RANDOM_SIZE bytes for random, 1 byte + * for session id length + */ + if (n < 2 + SSL3_RANDOM_SIZE + 1) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + + /* * use version from inside client hello, not from record header (may * differ: see RFC 2246, Appendix E, second paragraph) */ @@ -1022,6 +1040,12 @@ int ssl3_get_client_hello(SSL *s) unsigned int session_length, cookie_length; session_length = *(p + SSL3_RANDOM_SIZE); + + if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1); if (cookie_length == 0) @@ -1035,6 +1059,12 @@ int ssl3_get_client_hello(SSL *s) /* get the session-id */ j = *(p++); + if (p + j > d + n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + s->hit = 0; /* * Versions before 0.9.7 always allow clients to resume sessions in @@ -1079,8 +1109,19 @@ int ssl3_get_client_hello(SSL *s) if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) { /* cookie stuff */ + if (p + 1 > d + n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } cookie_len = *(p++); + if (p + cookie_len > d + n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + /* * The ClientHello may contain a cookie even if the * HelloVerify message has not been sent--make sure that it @@ -1121,27 +1162,33 @@ int ssl3_get_client_hello(SSL *s) p += cookie_len; } + if (p + 2 > d + n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } n2s(p, i); - if ((i == 0) && (j != 0)) { - /* we need a cipher if we are not resuming a session */ + + if (i == 0) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED); goto f_err; } - if ((p + i) >= (d + n)) { + + /* i bytes of cipher data + 1 byte for compression length later */ + if ((p + i + 1) > (d + n)) { /* not enough data */ al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); goto f_err; } - if ((i > 0) && (ssl_bytes_to_cipher_list(s, p, i, &(ciphers)) - == NULL)) { + if (ssl_bytes_to_cipher_list(s, p, i, &(ciphers)) == NULL) { goto err; } p += i; /* If it is a hit, check that the cipher is in the list */ - if ((s->hit) && (i > 0)) { + if (s->hit) { j = 0; id = s->session->cipher->id; @@ -1377,8 +1424,8 @@ int ssl3_get_client_hello(SSL *s) sk_SSL_CIPHER_free(s->session->ciphers); s->session->ciphers = ciphers; if (ciphers == NULL) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_PASSED); + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); goto f_err; } ciphers = NULL; @@ -1450,8 +1497,10 @@ int ssl3_get_client_hello(SSL *s) if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - } err: + s->state = SSL_ST_ERR; + } + if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers); return (ret); @@ -1468,8 +1517,10 @@ int ssl3_send_server_hello(SSL *s) buf = (unsigned char *)s->init_buf->data; #ifdef OPENSSL_NO_TLSEXT p = s->s3->server_random; - if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) + if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) { + s->state = SSL_ST_ERR; return -1; + } #endif /* Do the message type and length last */ d = p = &(buf[4]); @@ -1504,6 +1555,7 @@ int ssl3_send_server_hello(SSL *s) sl = s->session->session_id_length; if (sl > (int)sizeof(s->session->session_id)) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } *(p++) = sl; @@ -1526,6 +1578,7 @@ int ssl3_send_server_hello(SSL *s) #ifndef OPENSSL_NO_TLSEXT if (ssl_prepare_serverhello_tlsext(s) <= 0) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT); + s->state = SSL_ST_ERR; return -1; } if ((p = @@ -1533,6 +1586,7 @@ int ssl3_send_server_hello(SSL *s) buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } #endif @@ -2016,6 +2070,7 @@ int ssl3_send_server_key_exchange(SSL *s) BN_CTX_free(bn_ctx); #endif EVP_MD_CTX_cleanup(&md_ctx); + s->state = SSL_ST_ERR; return (-1); } @@ -2113,6 +2168,7 @@ int ssl3_send_certificate_request(SSL *s) /* SSL3_ST_SW_CERT_REQ_B */ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); err: + s->state = SSL_ST_ERR; return (-1); } @@ -2367,6 +2423,7 @@ int ssl3_get_client_key_exchange(SSL *s) int padl, outl; krb5_timestamp authtime = 0; krb5_ticket_times ttimes; + int kerr = 0; EVP_CIPHER_CTX_init(&ciph_ctx); @@ -2470,23 +2527,27 @@ int ssl3_get_client_key_exchange(SSL *s) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DECRYPTION_FAILED); - goto err; + kerr = 1; + goto kclean; } if (outl > SSL_MAX_MASTER_KEY_LENGTH) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG); - goto err; + kerr = 1; + goto kclean; } if (!EVP_DecryptFinal_ex(&ciph_ctx, &(pms[outl]), &padl)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DECRYPTION_FAILED); - goto err; + kerr = 1; + goto kclean; } outl += padl; if (outl > SSL_MAX_MASTER_KEY_LENGTH) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG); - goto err; + kerr = 1; + goto kclean; } if (!((pms[0] == (s->client_version >> 8)) && (pms[1] == (s->client_version & 0xff)))) { @@ -2503,7 +2564,8 @@ int ssl3_get_client_key_exchange(SSL *s) if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_AD_DECODE_ERROR); - goto err; + kerr = 1; + goto kclean; } } @@ -2529,6 +2591,11 @@ int ssl3_get_client_key_exchange(SSL *s) * kssl_ctx = kssl_ctx_free(kssl_ctx); * if (s->kssl_ctx) s->kssl_ctx = NULL; */ + + kclean: + OPENSSL_cleanse(pms, sizeof(pms)); + if (kerr) + goto err; } else #endif /* OPENSSL_NO_KRB5 */ @@ -2847,6 +2914,7 @@ int ssl3_get_client_key_exchange(SSL *s) s-> session->master_key, premaster_secret, 32); + OPENSSL_cleanse(premaster_secret, sizeof(premaster_secret)); /* Check if pubkey from client certificate was used */ if (EVP_PKEY_CTX_ctrl (pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2, NULL) > 0) @@ -2879,6 +2947,7 @@ int ssl3_get_client_key_exchange(SSL *s) EC_KEY_free(srvr_ecdh); BN_CTX_free(bn_ctx); #endif + s->state = SSL_ST_ERR; return (-1); } @@ -2894,39 +2963,31 @@ int ssl3_get_cert_verify(SSL *s) EVP_MD_CTX mctx; EVP_MD_CTX_init(&mctx); + /* + * We should only process a CertificateVerify message if we have received + * a Certificate from the client. If so then |s->session->peer| will be non + * NULL. In some instances a CertificateVerify message is not required even + * if the peer has sent a Certificate (e.g. such as in the case of static + * DH). In that case the ClientKeyExchange processing will skip the + * CertificateVerify state so we should not arrive here. + */ + if (s->session->peer == NULL) { + ret = 1; + goto end; + } + n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A, SSL3_ST_SR_CERT_VRFY_B, - -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok); + SSL3_MT_CERTIFICATE_VERIFY, + SSL3_RT_MAX_PLAIN_LENGTH, &ok); if (!ok) return ((int)n); - if (s->session->peer != NULL) { - peer = s->session->peer; - pkey = X509_get_pubkey(peer); - type = X509_certificate_type(peer, pkey); - } else { - peer = NULL; - pkey = NULL; - } - - if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) { - s->s3->tmp.reuse_message = 1; - if (peer != NULL) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_MISSING_VERIFY_MESSAGE); - goto f_err; - } - ret = 1; - goto end; - } - - if (peer == NULL) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_NO_CLIENT_CERT_RECEIVED); - al = SSL_AD_UNEXPECTED_MESSAGE; - goto f_err; - } + peer = s->session->peer; + pkey = X509_get_pubkey(peer); + type = X509_certificate_type(peer, pkey); if (!(type & EVP_PKT_SIGN)) { SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, @@ -2935,12 +2996,6 @@ int ssl3_get_cert_verify(SSL *s) goto f_err; } - if (s->s3->change_cipher_spec) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_CCS_RECEIVED_EARLY); - al = SSL_AD_UNEXPECTED_MESSAGE; - goto f_err; - } - /* we now have a signature that we need to verify */ p = (unsigned char *)s->init_msg; /* Check for broken implementations of GOST ciphersuites */ @@ -3093,6 +3148,7 @@ int ssl3_get_cert_verify(SSL *s) if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); + s->state = SSL_ST_ERR; } end: if (s->s3->handshake_buffer) { @@ -3251,8 +3307,10 @@ int ssl3_get_client_certificate(SSL *s) if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - } err: + s->state = SSL_ST_ERR; + } + if (x != NULL) X509_free(x); if (sk != NULL) @@ -3273,6 +3331,7 @@ int ssl3_send_server_certificate(SSL *s) (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5)) { SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return (0); } } @@ -3280,6 +3339,7 @@ int ssl3_send_server_certificate(SSL *s) l = ssl3_output_cert_chain(s, x); if (!l) { SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return (0); } s->state = SSL3_ST_SW_CERT_B; @@ -3315,11 +3375,15 @@ int ssl3_send_newsession_ticket(SSL *s) * Some length values are 16 bits, so forget it if session is too * long */ - if (slen_full == 0 || slen_full > 0xFF00) + if (slen_full == 0 || slen_full > 0xFF00) { + s->state = SSL_ST_ERR; return -1; + } senc = OPENSSL_malloc(slen_full); - if (!senc) + if (!senc) { + s->state = SSL_ST_ERR; return -1; + } EVP_CIPHER_CTX_init(&ctx); HMAC_CTX_init(&hctx); @@ -3442,6 +3506,7 @@ int ssl3_send_newsession_ticket(SSL *s) OPENSSL_free(senc); EVP_CIPHER_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&hctx); + s->state = SSL_ST_ERR; return -1; } @@ -3455,8 +3520,10 @@ int ssl3_send_cert_status(SSL *s) * 1 (ocsp response type) + 3 (ocsp response length) * + (ocsp response) */ - if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) + if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) { + s->state = SSL_ST_ERR; return -1; + } p = (unsigned char *)s->init_buf->data; @@ -3499,6 +3566,7 @@ int ssl3_get_next_proto(SSL *s) if (!s->s3->next_proto_neg_seen) { SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION); + s->state = SSL_ST_ERR; return -1; } @@ -3518,11 +3586,14 @@ int ssl3_get_next_proto(SSL *s) */ if (!s->s3->change_cipher_spec) { SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS); + s->state = SSL_ST_ERR; return -1; } - if (n < 2) + if (n < 2) { + s->state = SSL_ST_ERR; return 0; /* The body must be > 1 bytes long */ + } p = (unsigned char *)s->init_msg; @@ -3534,15 +3605,20 @@ int ssl3_get_next_proto(SSL *s) * uint8 padding[padding_len]; */ proto_len = p[0]; - if (proto_len + 2 > s->init_num) + if (proto_len + 2 > s->init_num) { + s->state = SSL_ST_ERR; return 0; + } padding_len = p[proto_len + 1]; - if (proto_len + padding_len + 2 != s->init_num) + if (proto_len + padding_len + 2 != s->init_num) { + s->state = SSL_ST_ERR; return 0; + } s->next_proto_negotiated = OPENSSL_malloc(proto_len); if (!s->next_proto_negotiated) { SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_MALLOC_FAILURE); + s->state = SSL_ST_ERR; return 0; } memcpy(s->next_proto_negotiated, p + 1, proto_len); diff --git a/crypto/openssl/ssl/ssl.h b/crypto/openssl/ssl/ssl.h index b93b67b..d2ab0c0 100644 --- a/crypto/openssl/ssl/ssl.h +++ b/crypto/openssl/ssl/ssl.h @@ -1544,6 +1544,7 @@ extern "C" { # define SSL_ST_BEFORE 0x4000 # define SSL_ST_OK 0x03 # define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) +# define SSL_ST_ERR 0x05 # define SSL_CB_LOOP 0x01 # define SSL_CB_EXIT 0x02 @@ -2303,6 +2304,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 # define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 # define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 +# define SSL_F_SSL3_CHECK_FINISHED 339 # define SSL_F_SSL3_CLIENT_HELLO 131 # define SSL_F_SSL3_CONNECT 132 # define SSL_F_SSL3_CTRL 213 @@ -2408,6 +2410,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_READ 223 # define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 # define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 +# define SSL_F_SSL_SESSION_DUP 348 # define SSL_F_SSL_SESSION_NEW 189 # define SSL_F_SSL_SESSION_PRINT_FP 190 # define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 @@ -2522,6 +2525,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_DATA_LENGTH_TOO_LONG 146 # define SSL_R_DECRYPTION_FAILED 147 # define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +# define SSL_R_DH_KEY_TOO_SMALL 372 # define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 # define SSL_R_DIGEST_CHECK_FAILED 149 # define SSL_R_DTLS_MESSAGE_TOO_BIG 334 diff --git a/crypto/openssl/ssl/ssl_err.c b/crypto/openssl/ssl/ssl_err.c index ac7312e..88621b7 100644 --- a/crypto/openssl/ssl/ssl_err.c +++ b/crypto/openssl/ssl/ssl_err.c @@ -160,6 +160,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"}, {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"}, + {ERR_FUNC(SSL_F_SSL3_CHECK_FINISHED), "SSL3_CHECK_FINISHED"}, {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"}, {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, @@ -298,6 +299,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"}, {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"}, {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"}, + {ERR_FUNC(SSL_F_SSL_SESSION_DUP), "ssl_session_dup"}, {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"}, {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"}, {ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT), @@ -440,6 +442,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = { {ERR_REASON(SSL_R_DECRYPTION_FAILED), "decryption failed"}, {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), "decryption failed or bad record mac"}, + {ERR_REASON(SSL_R_DH_KEY_TOO_SMALL), "dh key too small"}, {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), "dh public value length is wrong"}, {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED), "digest check failed"}, diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c index dead126..e11746a 100644 --- a/crypto/openssl/ssl/ssl_lib.c +++ b/crypto/openssl/ssl/ssl_lib.c @@ -1440,9 +1440,13 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); return (NULL); } - if ((skp == NULL) || (*skp == NULL)) + if ((skp == NULL) || (*skp == NULL)) { sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */ - else { + if(sk == NULL) { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); + return NULL; + } + } else { sk = *skp; sk_SSL_CIPHER_zero(sk); } diff --git a/crypto/openssl/ssl/ssl_locl.h b/crypto/openssl/ssl/ssl_locl.h index aff3b65..a7f3f8d 100644 --- a/crypto/openssl/ssl/ssl_locl.h +++ b/crypto/openssl/ssl/ssl_locl.h @@ -865,6 +865,7 @@ int ssl_set_peer_cert_type(SESS_CERT *c, int type); int ssl_get_new_session(SSL *s, int session); int ssl_get_prev_session(SSL *s, unsigned char *session, int len, const unsigned char *limit); +SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket); int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, diff --git a/crypto/openssl/ssl/ssl_sess.c b/crypto/openssl/ssl/ssl_sess.c index fb4e8c5..1ad9dc7 100644 --- a/crypto/openssl/ssl/ssl_sess.c +++ b/crypto/openssl/ssl/ssl_sess.c @@ -227,6 +227,130 @@ SSL_SESSION *SSL_SESSION_new(void) return (ss); } +/* + * Create a new SSL_SESSION and duplicate the contents of |src| into it. If + * ticket == 0 then no ticket information is duplicated, otherwise it is. + */ +SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket) +{ + SSL_SESSION *dest; + + dest = OPENSSL_malloc(sizeof(*src)); + if (dest == NULL) { + goto err; + } + memcpy(dest, src, sizeof(*dest)); + + /* + * Set the various pointers to NULL so that we can call SSL_SESSION_free in + * the case of an error whilst halfway through constructing dest + */ +#ifndef OPENSSL_NO_PSK + dest->psk_identity_hint = NULL; + dest->psk_identity = NULL; +#endif + dest->ciphers = NULL; +#ifndef OPENSSL_NO_TLSEXT + dest->tlsext_hostname = NULL; +# ifndef OPENSSL_NO_EC + dest->tlsext_ecpointformatlist = NULL; + dest->tlsext_ellipticcurvelist = NULL; +# endif +#endif + dest->tlsext_tick = NULL; +#ifndef OPENSSL_NO_SRP + dest->srp_username = NULL; +#endif + memset(&dest->ex_data, 0, sizeof(dest->ex_data)); + + /* We deliberately don't copy the prev and next pointers */ + dest->prev = NULL; + dest->next = NULL; + + dest->references = 1; + + if (src->sess_cert != NULL) + CRYPTO_add(&src->sess_cert->references, 1, CRYPTO_LOCK_SSL_SESS_CERT); + + if (src->peer != NULL) + CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509); + +#ifndef OPENSSL_NO_PSK + if (src->psk_identity_hint) { + dest->psk_identity_hint = BUF_strdup(src->psk_identity_hint); + if (dest->psk_identity_hint == NULL) { + goto err; + } + } + if (src->psk_identity) { + dest->psk_identity = BUF_strdup(src->psk_identity); + if (dest->psk_identity == NULL) { + goto err; + } + } +#endif + + if(src->ciphers != NULL) { + dest->ciphers = sk_SSL_CIPHER_dup(src->ciphers); + if (dest->ciphers == NULL) + goto err; + } + + if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, + &dest->ex_data, &src->ex_data)) { + goto err; + } + +#ifndef OPENSSL_NO_TLSEXT + if (src->tlsext_hostname) { + dest->tlsext_hostname = BUF_strdup(src->tlsext_hostname); + if (dest->tlsext_hostname == NULL) { + goto err; + } + } +# ifndef OPENSSL_NO_EC + if (src->tlsext_ecpointformatlist) { + dest->tlsext_ecpointformatlist = + BUF_memdup(src->tlsext_ecpointformatlist, + src->tlsext_ecpointformatlist_length); + if (dest->tlsext_ecpointformatlist == NULL) + goto err; + } + if (src->tlsext_ellipticcurvelist) { + dest->tlsext_ellipticcurvelist = + BUF_memdup(src->tlsext_ellipticcurvelist, + src->tlsext_ellipticcurvelist_length); + if (dest->tlsext_ellipticcurvelist == NULL) + goto err; + } +# endif +#endif + + if (ticket != 0) { + dest->tlsext_tick = BUF_memdup(src->tlsext_tick, src->tlsext_ticklen); + if(dest->tlsext_tick == NULL) + goto err; + } else { + dest->tlsext_tick_lifetime_hint = 0; + dest->tlsext_ticklen = 0; + } + +#ifndef OPENSSL_NO_SRP + if (src->srp_username) { + dest->srp_username = BUF_strdup(src->srp_username); + if (dest->srp_username == NULL) { + goto err; + } + } +#endif + + return dest; +err: + SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE); + SSL_SESSION_free(dest); + return NULL; +} + const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) { @@ -478,9 +602,14 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, int r; #endif - if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) + if (len < 0 || len > SSL_MAX_SSL_SESSION_ID_LENGTH) goto err; + if (session_id + len > limit) { + fatal = 1; + goto err; + } + if (len == 0) try_session_cache = 0; diff --git a/crypto/openssl/ssl/ssl_stat.c b/crypto/openssl/ssl/ssl_stat.c index d725d78..1b9069f 100644 --- a/crypto/openssl/ssl/ssl_stat.c +++ b/crypto/openssl/ssl/ssl_stat.c @@ -117,6 +117,9 @@ const char *SSL_state_string_long(const SSL *s) case SSL_ST_OK | SSL_ST_ACCEPT: str = "ok/accept SSL initialization"; break; + case SSL_ST_ERR: + str = "error"; + break; #ifndef OPENSSL_NO_SSL2 case SSL2_ST_CLIENT_START_ENCRYPTION: str = "SSLv2 client start encryption"; @@ -496,6 +499,9 @@ const char *SSL_state_string(const SSL *s) case SSL_ST_OK: str = "SSLOK "; break; + case SSL_ST_ERR: + str = "SSLERR"; + break; #ifndef OPENSSL_NO_SSL2 case SSL2_ST_CLIENT_START_ENCRYPTION: str = "2CSENC"; diff --git a/crypto/openssl/ssl/ssltest.c b/crypto/openssl/ssl/ssltest.c index 8efbff7..6a0c293 100644 --- a/crypto/openssl/ssl/ssltest.c +++ b/crypto/openssl/ssl/ssltest.c @@ -336,7 +336,9 @@ static void sv_usage(void) " -bytes <val> - number of bytes to swap between client/server\n"); #ifndef OPENSSL_NO_DH fprintf(stderr, - " -dhe1024 - use 1024 bit key (safe prime) for DHE\n"); + " -dhe512 - use 512 bit key for DHE (to test failure)\n"); + fprintf(stderr, + " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n"); fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); fprintf(stderr, " -no_dhe - disable DHE\n"); @@ -531,7 +533,7 @@ int main(int argc, char *argv[]) long bytes = 256L; #ifndef OPENSSL_NO_DH DH *dh; - int dhe1024 = 0, dhe1024dsa = 0; + int dhe512 = 0, dhe1024dsa = 0; #endif #ifndef OPENSSL_NO_ECDH EC_KEY *ecdh = NULL; @@ -611,19 +613,19 @@ int main(int argc, char *argv[]) debug = 1; else if (strcmp(*argv, "-reuse") == 0) reuse = 1; - else if (strcmp(*argv, "-dhe1024") == 0) { + else if (strcmp(*argv, "-dhe512") == 0) { #ifndef OPENSSL_NO_DH - dhe1024 = 1; + dhe512 = 1; #else fprintf(stderr, - "ignoring -dhe1024, since I'm compiled without DH\n"); + "ignoring -dhe512, since I'm compiled without DH\n"); #endif } else if (strcmp(*argv, "-dhe1024dsa") == 0) { #ifndef OPENSSL_NO_DH dhe1024dsa = 1; #else fprintf(stderr, - "ignoring -dhe1024, since I'm compiled without DH\n"); + "ignoring -dhe1024dsa, since I'm compiled without DH\n"); #endif } else if (strcmp(*argv, "-no_dhe") == 0) no_dhe = 1; @@ -905,10 +907,10 @@ int main(int argc, char *argv[]) */ SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); dh = get_dh1024dsa(); - } else if (dhe1024) - dh = get_dh1024(); - else + } else if (dhe512) dh = get_dh512(); + else + dh = get_dh1024(); SSL_CTX_set_tmp_dh(s_ctx, dh); DH_free(dh); } diff --git a/crypto/openssl/ssl/t1_enc.c b/crypto/openssl/ssl/t1_enc.c index 4e2845f..8f45294 100644 --- a/crypto/openssl/ssl/t1_enc.c +++ b/crypto/openssl/ssl/t1_enc.c @@ -261,7 +261,7 @@ static int tls1_PRF(long digest_mask, if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) count++; } - if(!count) { + if (!count) { /* Should never happen */ SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR); goto err; @@ -785,7 +785,7 @@ int tls1_enc(SSL *s, int send) bs = EVP_CIPHER_block_size(ds->cipher); if (EVP_CIPHER_flags(ds->cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { - unsigned char buf[13], *seq; + unsigned char buf[EVP_AEAD_TLS1_AAD_LEN], *seq; seq = send ? s->s3->write_sequence : s->s3->read_sequence; @@ -809,7 +809,10 @@ int tls1_enc(SSL *s, int send) buf[10] = (unsigned char)(s->version); buf[11] = rec->length >> 8; buf[12] = rec->length & 0xff; - pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD, 13, buf); + pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD, + EVP_AEAD_TLS1_AAD_LEN, buf); + if (pad <= 0) + return -1; if (send) { l += pad; rec->length += pad; diff --git a/crypto/openssl/ssl/t1_lib.c b/crypto/openssl/ssl/t1_lib.c index 243a70f..c2d7d72 100644 --- a/crypto/openssl/ssl/t1_lib.c +++ b/crypto/openssl/ssl/t1_lib.c @@ -1016,19 +1016,23 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, s->srtp_profile = NULL; - if (data >= (d + n - 2)) - goto ri_check; + if (data >= (d + n - 2)) { + if (data != d + n) + goto err; + else + goto ri_check; + } n2s(data, len); if (data > (d + n - len)) - goto ri_check; + goto err; while (data <= (d + n - 4)) { n2s(data, type); n2s(data, size); if (data + size > (d + n)) - goto ri_check; + goto err; # if 0 fprintf(stderr, "Received extension type %d size %d\n", type, size); # endif @@ -1064,16 +1068,12 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int servname_type; int dsize; - if (size < 2) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (size < 2) + goto err; n2s(data, dsize); size -= 2; - if (dsize > size) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize > size) + goto err; sdata = data; while (dsize > 3) { @@ -1081,18 +1081,16 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, n2s(sdata, len); dsize -= 3; - if (len > dsize) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (len > dsize) + goto err; + if (s->servername_done == 0) switch (servname_type) { case TLSEXT_NAMETYPE_host_name: if (!s->hit) { - if (s->session->tlsext_hostname) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (s->session->tlsext_hostname) + goto err; + if (len > TLSEXT_MAXLEN_host_name) { *al = TLS1_AD_UNRECOGNIZED_NAME; return 0; @@ -1126,31 +1124,23 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, dsize -= len; } - if (dsize != 0) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize != 0) + goto err; } # ifndef OPENSSL_NO_SRP else if (type == TLSEXT_TYPE_srp) { - if (size <= 0 || ((len = data[0])) != (size - 1)) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - if (s->srp_ctx.login != NULL) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (size == 0 || ((len = data[0])) != (size - 1)) + goto err; + if (s->srp_ctx.login != NULL) + goto err; if ((s->srp_ctx.login = OPENSSL_malloc(len + 1)) == NULL) return -1; memcpy(s->srp_ctx.login, &data[1], len); s->srp_ctx.login[len] = '\0'; - if (strlen(s->srp_ctx.login) != len) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (strlen(s->srp_ctx.login) != len) + goto err; } # endif @@ -1159,10 +1149,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); - if (ecpointformatlist_length != size - 1) { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } + if (ecpointformatlist_length != size - 1) + goto err; if (!s->hit) { if (s->session->tlsext_ecpointformatlist) { OPENSSL_free(s->session->tlsext_ecpointformatlist); @@ -1196,15 +1184,13 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, if (ellipticcurvelist_length != size - 2 || ellipticcurvelist_length < 1 || /* Each NamedCurve is 2 bytes. */ - ellipticcurvelist_length & 1) { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } + ellipticcurvelist_length & 1) + goto err; + if (!s->hit) { - if (s->session->tlsext_ellipticcurvelist) { - *al = TLS1_AD_DECODE_ERROR; - return 0; - } + if (s->session->tlsext_ellipticcurvelist) + goto err; + s->session->tlsext_ellipticcurvelist_length = 0; if ((s->session->tlsext_ellipticcurvelist = OPENSSL_malloc(ellipticcurvelist_length)) == NULL) { @@ -1273,28 +1259,20 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, renegotiate_seen = 1; } else if (type == TLSEXT_TYPE_signature_algorithms) { int dsize; - if (sigalg_seen || size < 2) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (sigalg_seen || size < 2) + goto err; sigalg_seen = 1; n2s(data, dsize); size -= 2; - if (dsize != size || dsize & 1) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - if (!tls1_process_sigalgs(s, data, dsize)) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize != size || dsize & 1) + goto err; + if (!tls1_process_sigalgs(s, data, dsize)) + goto err; } else if (type == TLSEXT_TYPE_status_request && s->version != DTLS1_VERSION) { - if (size < 5) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (size < 5) + goto err; s->tlsext_status_type = *data++; size--; @@ -1304,35 +1282,26 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, /* Read in responder_id_list */ n2s(data, dsize); size -= 2; - if (dsize > size) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize > size) + goto err; while (dsize > 0) { OCSP_RESPID *id; int idsize; - if (dsize < 4) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize < 4) + goto err; n2s(data, idsize); dsize -= 2 + idsize; size -= 2 + idsize; - if (dsize < 0) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize < 0) + goto err; sdata = data; data += idsize; id = d2i_OCSP_RESPID(NULL, &sdata, idsize); - if (!id) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (!id) + goto err; if (data != sdata) { OCSP_RESPID_free(id); - *al = SSL_AD_DECODE_ERROR; - return 0; + goto err; } if (!s->tlsext_ocsp_ids && !(s->tlsext_ocsp_ids = @@ -1349,16 +1318,12 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, } /* Read in request_extensions */ - if (size < 2) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (size < 2) + goto err; n2s(data, dsize); size -= 2; - if (dsize != size) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (dsize != size) + goto err; sdata = data; if (dsize > 0) { if (s->tlsext_ocsp_exts) { @@ -1368,10 +1333,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, s->tlsext_ocsp_exts = d2i_X509_EXTENSIONS(NULL, &sdata, dsize); - if (!s->tlsext_ocsp_exts || (data + dsize != sdata)) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } + if (!s->tlsext_ocsp_exts || (data + dsize != sdata)) + goto err; } } /* @@ -1432,6 +1395,10 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, data += size; } + /* Spurious data on the end */ + if (data != d + n) + goto err; + *p = data; ri_check: @@ -1447,6 +1414,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, } return 1; +err: + *al = SSL_AD_DECODE_ERROR; + return 0; } # ifndef OPENSSL_NO_NEXTPROTONEG @@ -2612,7 +2582,10 @@ int tls1_process_heartbeat(SSL *s) memcpy(bp, pl, payload); bp += payload; /* Random padding */ - RAND_pseudo_bytes(bp, padding); + if (RAND_pseudo_bytes(bp, padding) < 0) { + OPENSSL_free(buffer); + return -1; + } r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); @@ -2647,7 +2620,7 @@ int tls1_process_heartbeat(SSL *s) int tls1_heartbeat(SSL *s) { unsigned char *buf, *p; - int ret; + int ret = -1; unsigned int payload = 18; /* Sequence number + random bytes */ unsigned int padding = 16; /* Use minimum padding */ @@ -2695,10 +2668,16 @@ int tls1_heartbeat(SSL *s) /* Sequence number */ s2n(s->tlsext_hb_seq, p); /* 16 random bytes */ - RAND_pseudo_bytes(p, 16); + if (RAND_pseudo_bytes(p, 16) < 0) { + SSLerr(SSL_F_TLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR); + goto err; + } p += 16; /* Random padding */ - RAND_pseudo_bytes(p, padding); + if (RAND_pseudo_bytes(p, padding) < 0) { + SSLerr(SSL_F_TLS1_HEARTBEAT, ERR_R_INTERNAL_ERROR); + goto err; + } ret = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding); if (ret >= 0) { @@ -2710,6 +2689,7 @@ int tls1_heartbeat(SSL *s) s->tlsext_hb_pending = 1; } +err: OPENSSL_free(buf); return ret; diff --git a/crypto/openssl/ssl/tls_srp.c b/crypto/openssl/ssl/tls_srp.c index d36cfa0..bb719ba 100644 --- a/crypto/openssl/ssl/tls_srp.c +++ b/crypto/openssl/ssl/tls_srp.c @@ -454,7 +454,8 @@ int SRP_Calc_A_param(SSL *s) { unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH]; - RAND_bytes(rnd, sizeof(rnd)); + if (RAND_bytes(rnd, sizeof(rnd)) <= 0) + return -1; s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a); OPENSSL_cleanse(rnd, sizeof(rnd)); diff --git a/crypto/openssl/util/mk1mf.pl b/crypto/openssl/util/mk1mf.pl index 550ef9f..1eee7aa 100755 --- a/crypto/openssl/util/mk1mf.pl +++ b/crypto/openssl/util/mk1mf.pl @@ -326,7 +326,7 @@ open(IN,"<$infile") || die "unable to open $infile:$!\n"; $_=<IN>; for (;;) { - chop; + s/\s*$//; # was chop, didn't work in mixture of perls for Windows... ($key,$val)=/^([^=]+)=(.*)/; if ($key eq "RELATIVE_DIRECTORY") diff --git a/crypto/openssl/util/mkerr.pl b/crypto/openssl/util/mkerr.pl index 8d2fdbc..d87c4fd 100644 --- a/crypto/openssl/util/mkerr.pl +++ b/crypto/openssl/util/mkerr.pl @@ -534,14 +534,21 @@ EOF # First, read any existing reason string definitions: my %err_reason_strings; if (open(IN,"<$cfile")) { + my $line = ""; while (<IN>) { - if (/\b(${lib}_R_\w*)\b.*\"(.*)\"/) { - $err_reason_strings{$1} = $2; - } - if (/\b${lib}_F_(\w*)\b.*\"(.*)\"/) { - if (!exists $ftrans{$1} && ($1 ne $2)) { - print STDERR "WARNING: Mismatched function string $2\n"; - $ftrans{$1} = $2; + chomp; + $_ = $line . $_; + $line = ""; + if (/{ERR_(FUNC|REASON)\(/) { + if (/\b(${lib}_R_\w*)\b.*\"(.*)\"/) { + $err_reason_strings{$1} = $2; + } elsif (/\b${lib}_F_(\w*)\b.*\"(.*)\"/) { + if (!exists $ftrans{$1} && ($1 ne $2)) { + print STDERR "WARNING: Mismatched function string $2\n"; + $ftrans{$1} = $2; + } + } else { + $line = $_; } } } diff --git a/crypto/openssl/util/pl/BC-32.pl b/crypto/openssl/util/pl/BC-32.pl index b41bb45..6d03664 100644 --- a/crypto/openssl/util/pl/BC-32.pl +++ b/crypto/openssl/util/pl/BC-32.pl @@ -130,7 +130,7 @@ sub do_link_rule local($ret,$_); $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($targer); + $n=&bname($target); $ret.="$target: $files $dep_libs\n"; $ret.="\t\$(LINK) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n\n"; return($ret); diff --git a/crypto/openssl/util/pl/VC-32.pl b/crypto/openssl/util/pl/VC-32.pl index 3705fc7..b597998 100644 --- a/crypto/openssl/util/pl/VC-32.pl +++ b/crypto/openssl/util/pl/VC-32.pl @@ -341,7 +341,7 @@ sub do_link_rule my($target,$files,$dep_libs,$libs,$standalone)=@_; local($ret,$_); $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($targer); + $n=&bname($target); $ret.="$target: $files $dep_libs\n"; if ($standalone == 1) { diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc index ec7dabe..4edd9c4 100644 --- a/secure/lib/libcrypto/Makefile.inc +++ b/secure/lib/libcrypto/Makefile.inc @@ -3,8 +3,8 @@ .include <bsd.own.mk> # OpenSSL version used for manual page generation -OPENSSL_VER= 1.0.1m -OPENSSL_DATE= 2015-03-19 +OPENSSL_VER= 1.0.1n +OPENSSL_DATE= 2015-06-11 LCRYPTO_SRC= ${.CURDIR}/../../../crypto/openssl LCRYPTO_DOC= ${.CURDIR}/../../../crypto/openssl/doc diff --git a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 index 4713d60..f8ddae4 100644 --- a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 +++ b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_OBJECT_new 3" -.TH ASN1_OBJECT_new 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ASN1_OBJECT_new 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_STRING_length.3 b/secure/lib/libcrypto/man/ASN1_STRING_length.3 index 6f94768..2a282b9 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_length.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_length.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_length 3" -.TH ASN1_STRING_length 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ASN1_STRING_length 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/ASN1_STRING_new.3 index 3311e84..9c4853d 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_new.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_new 3" -.TH ASN1_STRING_new 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ASN1_STRING_new 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 index 2a95bbd..222dbf2 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_print_ex 3" -.TH ASN1_STRING_print_ex 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ASN1_STRING_print_ex 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 b/secure/lib/libcrypto/man/ASN1_generate_nconf.3 index 40d7a40..49b2704 100644 --- a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 +++ b/secure/lib/libcrypto/man/ASN1_generate_nconf.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_generate_nconf 3" -.TH ASN1_generate_nconf 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ASN1_generate_nconf 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_ctrl.3 b/secure/lib/libcrypto/man/BIO_ctrl.3 index c7c995c..d043fdb 100644 --- a/secure/lib/libcrypto/man/BIO_ctrl.3 +++ b/secure/lib/libcrypto/man/BIO_ctrl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_ctrl 3" -.TH BIO_ctrl 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BIO_ctrl 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_base64.3 b/secure/lib/libcrypto/man/BIO_f_base64.3 index f0f0302..405522a 100644 --- a/secure/lib/libcrypto/man/BIO_f_base64.3 +++ b/secure/lib/libcrypto/man/BIO_f_base64.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_base64 3" -.TH BIO_f_base64 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BIO_f_base64 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_buffer.3 b/secure/lib/libcrypto/man/BIO_f_buffer.3 index 6a2b76a..f43c230 100644 --- a/secure/lib/libcrypto/man/BIO_f_buffer.3 +++ b/secure/lib/libcrypto/man/BIO_f_buffer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_buffer 3" -.TH BIO_f_buffer 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BIO_f_buffer 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_cipher.3 b/secure/lib/libcrypto/man/BIO_f_cipher.3 index 1f0a61f..ed53b1c 100644 --- a/secure/lib/libcrypto/man/BIO_f_cipher.3 +++ b/secure/lib/libcrypto/man/BIO_f_cipher.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_cipher 3" -.TH BIO_f_cipher 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BIO_f_cipher 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_md.3 b/secure/lib/libcrypto/man/BIO_f_md.3 index 955b0ce..0bbe98a3 100644 --- a/secure/lib/libcrypto/man/BIO_f_md.3 +++ b/secure/lib/libcrypto/man/BIO_f_md.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_md 3" -.TH BIO_f_md 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BIO_f_md 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_null.3 b/secure/lib/libcrypto/man/BIO_f_null.3 index 1e5328e..4cb2c3c 100644 --- a/secure/lib/libcrypto/man/BIO_f_null.3 +++ b/secure/lib/libcrypto/man/BIO_f_null.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_null 3" -.TH BIO_f_null 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BIO_f_null 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3 index 8cb1819..b3e26ff 100644 --- a/secure/lib/libcrypto/man/BIO_f_ssl.3 +++ b/secure/lib/libcrypto/man/BIO_f_ssl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_ssl 3" -.TH BIO_f_ssl 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BIO_f_ssl 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_find_type.3 b/secure/lib/libcrypto/man/BIO_find_type.3 index cfc8fc8..7e2b197 100644 --- a/secure/lib/libcrypto/man/BIO_find_type.3 +++ b/secure/lib/libcrypto/man/BIO_find_type.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_find_type 3" -.TH BIO_find_type 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BIO_find_type 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_new.3 b/secure/lib/libcrypto/man/BIO_new.3 index 509b11d..9461417 100644 --- a/secure/lib/libcrypto/man/BIO_new.3 +++ b/secure/lib/libcrypto/man/BIO_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_new 3" -.TH BIO_new 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BIO_new 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_new_CMS.3 b/secure/lib/libcrypto/man/BIO_new_CMS.3 index bc75f5a..1fe63b7 100644 --- a/secure/lib/libcrypto/man/BIO_new_CMS.3 +++ b/secure/lib/libcrypto/man/BIO_new_CMS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_new_CMS 3" -.TH BIO_new_CMS 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BIO_new_CMS 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_push.3 b/secure/lib/libcrypto/man/BIO_push.3 index 603ad52..0ea870d 100644 --- a/secure/lib/libcrypto/man/BIO_push.3 +++ b/secure/lib/libcrypto/man/BIO_push.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_push 3" -.TH BIO_push 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BIO_push 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_read.3 b/secure/lib/libcrypto/man/BIO_read.3 index ac34461..091ccd7 100644 --- a/secure/lib/libcrypto/man/BIO_read.3 +++ b/secure/lib/libcrypto/man/BIO_read.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_read 3" -.TH BIO_read 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BIO_read 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_accept.3 b/secure/lib/libcrypto/man/BIO_s_accept.3 index 317d2ae..8c11672 100644 --- a/secure/lib/libcrypto/man/BIO_s_accept.3 +++ b/secure/lib/libcrypto/man/BIO_s_accept.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_accept 3" -.TH BIO_s_accept 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BIO_s_accept 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_bio.3 b/secure/lib/libcrypto/man/BIO_s_bio.3 index f4064d2..2277fb9 100644 --- a/secure/lib/libcrypto/man/BIO_s_bio.3 +++ b/secure/lib/libcrypto/man/BIO_s_bio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_bio 3" -.TH BIO_s_bio 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BIO_s_bio 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_connect.3 b/secure/lib/libcrypto/man/BIO_s_connect.3 index 0e6388c..c124242 100644 --- a/secure/lib/libcrypto/man/BIO_s_connect.3 +++ b/secure/lib/libcrypto/man/BIO_s_connect.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_connect 3" -.TH BIO_s_connect 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BIO_s_connect 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_fd.3 b/secure/lib/libcrypto/man/BIO_s_fd.3 index 9e521a6..bac9561 100644 --- a/secure/lib/libcrypto/man/BIO_s_fd.3 +++ b/secure/lib/libcrypto/man/BIO_s_fd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_fd 3" -.TH BIO_s_fd 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BIO_s_fd 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_file.3 b/secure/lib/libcrypto/man/BIO_s_file.3 index a22b488..415be84 100644 --- a/secure/lib/libcrypto/man/BIO_s_file.3 +++ b/secure/lib/libcrypto/man/BIO_s_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_file 3" -.TH BIO_s_file 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BIO_s_file 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_mem.3 b/secure/lib/libcrypto/man/BIO_s_mem.3 index bc3c6fd..145b936 100644 --- a/secure/lib/libcrypto/man/BIO_s_mem.3 +++ b/secure/lib/libcrypto/man/BIO_s_mem.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_mem 3" -.TH BIO_s_mem 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BIO_s_mem 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_null.3 b/secure/lib/libcrypto/man/BIO_s_null.3 index c645820..1da4a91 100644 --- a/secure/lib/libcrypto/man/BIO_s_null.3 +++ b/secure/lib/libcrypto/man/BIO_s_null.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_null 3" -.TH BIO_s_null 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BIO_s_null 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_socket.3 b/secure/lib/libcrypto/man/BIO_s_socket.3 index 9e85993..cda3e53 100644 --- a/secure/lib/libcrypto/man/BIO_s_socket.3 +++ b/secure/lib/libcrypto/man/BIO_s_socket.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_socket 3" -.TH BIO_s_socket 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BIO_s_socket 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_set_callback.3 b/secure/lib/libcrypto/man/BIO_set_callback.3 index cedca3a..285bda2 100644 --- a/secure/lib/libcrypto/man/BIO_set_callback.3 +++ b/secure/lib/libcrypto/man/BIO_set_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_set_callback 3" -.TH BIO_set_callback 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BIO_set_callback 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_should_retry.3 b/secure/lib/libcrypto/man/BIO_should_retry.3 index 21c079c..f6e27d6 100644 --- a/secure/lib/libcrypto/man/BIO_should_retry.3 +++ b/secure/lib/libcrypto/man/BIO_should_retry.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BIO_should_retry 3" -.TH BIO_should_retry 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BIO_should_retry 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_BLINDING_new.3 b/secure/lib/libcrypto/man/BN_BLINDING_new.3 index b5d4d8f..380227d 100644 --- a/secure/lib/libcrypto/man/BN_BLINDING_new.3 +++ b/secure/lib/libcrypto/man/BN_BLINDING_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_BLINDING_new 3" -.TH BN_BLINDING_new 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BN_BLINDING_new 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_CTX_new.3 b/secure/lib/libcrypto/man/BN_CTX_new.3 index faaba94..3ebb6d1 100644 --- a/secure/lib/libcrypto/man/BN_CTX_new.3 +++ b/secure/lib/libcrypto/man/BN_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_new 3" -.TH BN_CTX_new 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BN_CTX_new 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_CTX_start.3 b/secure/lib/libcrypto/man/BN_CTX_start.3 index d939512..f2fa496 100644 --- a/secure/lib/libcrypto/man/BN_CTX_start.3 +++ b/secure/lib/libcrypto/man/BN_CTX_start.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_start 3" -.TH BN_CTX_start 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BN_CTX_start 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_add.3 b/secure/lib/libcrypto/man/BN_add.3 index 52becbf..3919b54 100644 --- a/secure/lib/libcrypto/man/BN_add.3 +++ b/secure/lib/libcrypto/man/BN_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_add 3" -.TH BN_add 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BN_add 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_add_word.3 b/secure/lib/libcrypto/man/BN_add_word.3 index cd58500..2fc1dda 100644 --- a/secure/lib/libcrypto/man/BN_add_word.3 +++ b/secure/lib/libcrypto/man/BN_add_word.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_add_word 3" -.TH BN_add_word 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BN_add_word 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_bn2bin.3 b/secure/lib/libcrypto/man/BN_bn2bin.3 index 50f7d5e..a876ce1 100644 --- a/secure/lib/libcrypto/man/BN_bn2bin.3 +++ b/secure/lib/libcrypto/man/BN_bn2bin.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_bn2bin 3" -.TH BN_bn2bin 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BN_bn2bin 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_cmp.3 b/secure/lib/libcrypto/man/BN_cmp.3 index 5037c95..5230ed9 100644 --- a/secure/lib/libcrypto/man/BN_cmp.3 +++ b/secure/lib/libcrypto/man/BN_cmp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_cmp 3" -.TH BN_cmp 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BN_cmp 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_copy.3 b/secure/lib/libcrypto/man/BN_copy.3 index 22506bf..1d34b19 100644 --- a/secure/lib/libcrypto/man/BN_copy.3 +++ b/secure/lib/libcrypto/man/BN_copy.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_copy 3" -.TH BN_copy 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BN_copy 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_generate_prime.3 b/secure/lib/libcrypto/man/BN_generate_prime.3 index d7666a7..478a13e 100644 --- a/secure/lib/libcrypto/man/BN_generate_prime.3 +++ b/secure/lib/libcrypto/man/BN_generate_prime.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_generate_prime 3" -.TH BN_generate_prime 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BN_generate_prime 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_mod_inverse.3 b/secure/lib/libcrypto/man/BN_mod_inverse.3 index 67d8093..0087a06 100644 --- a/secure/lib/libcrypto/man/BN_mod_inverse.3 +++ b/secure/lib/libcrypto/man/BN_mod_inverse.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_inverse 3" -.TH BN_mod_inverse 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BN_mod_inverse 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 index b720639..9ab7b98 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_mul_montgomery 3" -.TH BN_mod_mul_montgomery 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BN_mod_mul_montgomery 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 index 4868b16..08fabf0 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_mul_reciprocal 3" -.TH BN_mod_mul_reciprocal 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BN_mod_mul_reciprocal 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_new.3 b/secure/lib/libcrypto/man/BN_new.3 index 6f02a16..a742b77 100644 --- a/secure/lib/libcrypto/man/BN_new.3 +++ b/secure/lib/libcrypto/man/BN_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_new 3" -.TH BN_new 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BN_new 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/BN_num_bytes.3 index 5d35707..c3db9ca 100644 --- a/secure/lib/libcrypto/man/BN_num_bytes.3 +++ b/secure/lib/libcrypto/man/BN_num_bytes.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_num_bytes 3" -.TH BN_num_bytes 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BN_num_bytes 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_rand.3 b/secure/lib/libcrypto/man/BN_rand.3 index 7531b02..0c6cb25 100644 --- a/secure/lib/libcrypto/man/BN_rand.3 +++ b/secure/lib/libcrypto/man/BN_rand.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_rand 3" -.TH BN_rand 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BN_rand 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,7 +161,8 @@ most significant bit of the random number can be zero. If \fBtop\fR is 0, it is set to 1, and if \fBtop\fR is 1, the two most significant bits of the number will be set to 1, so that the product of two such random numbers will always have 2*\fBbits\fR length. If \fBbottom\fR is true, the -number will be odd. +number will be odd. The value of \fBbits\fR must be zero or greater. If \fBbits\fR is +1 then \fBtop\fR cannot also be 1. .PP \&\fIBN_pseudo_rand()\fR does the same, but pseudo-random numbers generated by this function are not necessarily unpredictable. They can be used for diff --git a/secure/lib/libcrypto/man/BN_set_bit.3 b/secure/lib/libcrypto/man/BN_set_bit.3 index 9c474f6..838a75c 100644 --- a/secure/lib/libcrypto/man/BN_set_bit.3 +++ b/secure/lib/libcrypto/man/BN_set_bit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_set_bit 3" -.TH BN_set_bit 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BN_set_bit 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -174,12 +174,12 @@ error occurs if \fBa\fR is shorter than \fBn\fR bits. shorter than \fBn\fR bits. .PP \&\fIBN_lshift()\fR shifts \fBa\fR left by \fBn\fR bits and places the result in -\&\fBr\fR (\f(CW\*(C`r=a*2^n\*(C'\fR). \fIBN_lshift1()\fR shifts \fBa\fR left by one and places -the result in \fBr\fR (\f(CW\*(C`r=2*a\*(C'\fR). +\&\fBr\fR (\f(CW\*(C`r=a*2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fIBN_lshift1()\fR shifts +\&\fBa\fR left by one and places the result in \fBr\fR (\f(CW\*(C`r=2*a\*(C'\fR). .PP \&\fIBN_rshift()\fR shifts \fBa\fR right by \fBn\fR bits and places the result in -\&\fBr\fR (\f(CW\*(C`r=a/2^n\*(C'\fR). \fIBN_rshift1()\fR shifts \fBa\fR right by one and places -the result in \fBr\fR (\f(CW\*(C`r=a/2\*(C'\fR). +\&\fBr\fR (\f(CW\*(C`r=a/2^n\*(C'\fR). Note that \fBn\fR must be non-negative. \fIBN_rshift1()\fR shifts +\&\fBa\fR right by one and places the result in \fBr\fR (\f(CW\*(C`r=a/2\*(C'\fR). .PP For the shift functions, \fBr\fR and \fBa\fR may be the same variable. .SH "RETURN VALUES" diff --git a/secure/lib/libcrypto/man/BN_swap.3 b/secure/lib/libcrypto/man/BN_swap.3 index 9778b2a..7afb45f 100644 --- a/secure/lib/libcrypto/man/BN_swap.3 +++ b/secure/lib/libcrypto/man/BN_swap.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_swap 3" -.TH BN_swap 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BN_swap 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_zero.3 b/secure/lib/libcrypto/man/BN_zero.3 index 48d3c4c..dde7300 100644 --- a/secure/lib/libcrypto/man/BN_zero.3 +++ b/secure/lib/libcrypto/man/BN_zero.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BN_zero 3" -.TH BN_zero 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH BN_zero 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_add0_cert.3 b/secure/lib/libcrypto/man/CMS_add0_cert.3 index d485194..fe1bc8c 100644 --- a/secure/lib/libcrypto/man/CMS_add0_cert.3 +++ b/secure/lib/libcrypto/man/CMS_add0_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_add0_cert 3" -.TH CMS_add0_cert 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CMS_add0_cert 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 index f302a1d..a654ef1 100644 --- a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 +++ b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_add1_recipient_cert 3" -.TH CMS_add1_recipient_cert 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CMS_add1_recipient_cert 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_add1_signer.3 b/secure/lib/libcrypto/man/CMS_add1_signer.3 index 5e4a1d9..04e13a8 100644 --- a/secure/lib/libcrypto/man/CMS_add1_signer.3 +++ b/secure/lib/libcrypto/man/CMS_add1_signer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_add1_signer 3" -.TH CMS_add1_signer 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CMS_add1_signer 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_compress.3 b/secure/lib/libcrypto/man/CMS_compress.3 index 5e4083f..e09d825 100644 --- a/secure/lib/libcrypto/man/CMS_compress.3 +++ b/secure/lib/libcrypto/man/CMS_compress.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_compress 3" -.TH CMS_compress 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CMS_compress 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_decrypt.3 b/secure/lib/libcrypto/man/CMS_decrypt.3 index e482061..20d1cd2 100644 --- a/secure/lib/libcrypto/man/CMS_decrypt.3 +++ b/secure/lib/libcrypto/man/CMS_decrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_decrypt 3" -.TH CMS_decrypt 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CMS_decrypt 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_encrypt.3 b/secure/lib/libcrypto/man/CMS_encrypt.3 index 96d7b88..48baeaa 100644 --- a/secure/lib/libcrypto/man/CMS_encrypt.3 +++ b/secure/lib/libcrypto/man/CMS_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_encrypt 3" -.TH CMS_encrypt 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CMS_encrypt 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_final.3 b/secure/lib/libcrypto/man/CMS_final.3 index 8dd11fe..5f44b45 100644 --- a/secure/lib/libcrypto/man/CMS_final.3 +++ b/secure/lib/libcrypto/man/CMS_final.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_final 3" -.TH CMS_final 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CMS_final 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 index c019edb..1310e49 100644 --- a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 +++ b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get0_RecipientInfos 3" -.TH CMS_get0_RecipientInfos 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CMS_get0_RecipientInfos 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 index f77d2a5..569bf6c 100644 --- a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 +++ b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get0_SignerInfos 3" -.TH CMS_get0_SignerInfos 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CMS_get0_SignerInfos 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_get0_type.3 b/secure/lib/libcrypto/man/CMS_get0_type.3 index 8192327..7f38787 100644 --- a/secure/lib/libcrypto/man/CMS_get0_type.3 +++ b/secure/lib/libcrypto/man/CMS_get0_type.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get0_type 3" -.TH CMS_get0_type 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CMS_get0_type 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 index d567f2d..0217be7 100644 --- a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 +++ b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get1_ReceiptRequest 3" -.TH CMS_get1_ReceiptRequest 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CMS_get1_ReceiptRequest 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_sign.3 b/secure/lib/libcrypto/man/CMS_sign.3 index e470246..f8617b2 100644 --- a/secure/lib/libcrypto/man/CMS_sign.3 +++ b/secure/lib/libcrypto/man/CMS_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_sign 3" -.TH CMS_sign 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CMS_sign 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_sign_receipt.3 b/secure/lib/libcrypto/man/CMS_sign_receipt.3 index 12b1613..19a9770 100644 --- a/secure/lib/libcrypto/man/CMS_sign_receipt.3 +++ b/secure/lib/libcrypto/man/CMS_sign_receipt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_sign_receipt 3" -.TH CMS_sign_receipt 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CMS_sign_receipt 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_uncompress.3 b/secure/lib/libcrypto/man/CMS_uncompress.3 index 0152329..e9066f5 100644 --- a/secure/lib/libcrypto/man/CMS_uncompress.3 +++ b/secure/lib/libcrypto/man/CMS_uncompress.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_uncompress 3" -.TH CMS_uncompress 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CMS_uncompress 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_verify.3 b/secure/lib/libcrypto/man/CMS_verify.3 index f484c7f..16cfbf2 100644 --- a/secure/lib/libcrypto/man/CMS_verify.3 +++ b/secure/lib/libcrypto/man/CMS_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_verify 3" -.TH CMS_verify 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CMS_verify 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_verify_receipt.3 b/secure/lib/libcrypto/man/CMS_verify_receipt.3 index 7b6981c..14cc921 100644 --- a/secure/lib/libcrypto/man/CMS_verify_receipt.3 +++ b/secure/lib/libcrypto/man/CMS_verify_receipt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS_verify_receipt 3" -.TH CMS_verify_receipt 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CMS_verify_receipt 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CONF_modules_free.3 b/secure/lib/libcrypto/man/CONF_modules_free.3 index 120867d..95c35b2 100644 --- a/secure/lib/libcrypto/man/CONF_modules_free.3 +++ b/secure/lib/libcrypto/man/CONF_modules_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CONF_modules_free 3" -.TH CONF_modules_free 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CONF_modules_free 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CONF_modules_load_file.3 b/secure/lib/libcrypto/man/CONF_modules_load_file.3 index 1d2a69c..f602c7b 100644 --- a/secure/lib/libcrypto/man/CONF_modules_load_file.3 +++ b/secure/lib/libcrypto/man/CONF_modules_load_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CONF_modules_load_file 3" -.TH CONF_modules_load_file 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CONF_modules_load_file 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 index 58a92b1..7eb39da 100644 --- a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 +++ b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CRYPTO_set_ex_data 3" -.TH CRYPTO_set_ex_data 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CRYPTO_set_ex_data 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_generate_key.3 b/secure/lib/libcrypto/man/DH_generate_key.3 index d251cf2..5f214f9 100644 --- a/secure/lib/libcrypto/man/DH_generate_key.3 +++ b/secure/lib/libcrypto/man/DH_generate_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_generate_key 3" -.TH DH_generate_key 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH DH_generate_key 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_generate_parameters.3 b/secure/lib/libcrypto/man/DH_generate_parameters.3 index bb320a4..ffe03c8 100644 --- a/secure/lib/libcrypto/man/DH_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DH_generate_parameters.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_generate_parameters 3" -.TH DH_generate_parameters 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH DH_generate_parameters 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 b/secure/lib/libcrypto/man/DH_get_ex_new_index.3 index cf9baf1..7141ca9 100644 --- a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/DH_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_get_ex_new_index 3" -.TH DH_get_ex_new_index 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH DH_get_ex_new_index 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/DH_new.3 index 064a94a..a57057e 100644 --- a/secure/lib/libcrypto/man/DH_new.3 +++ b/secure/lib/libcrypto/man/DH_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_new 3" -.TH DH_new 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH DH_new 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_set_method.3 b/secure/lib/libcrypto/man/DH_set_method.3 index 61ee98e..041d780 100644 --- a/secure/lib/libcrypto/man/DH_set_method.3 +++ b/secure/lib/libcrypto/man/DH_set_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_set_method 3" -.TH DH_set_method 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH DH_set_method 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_size.3 b/secure/lib/libcrypto/man/DH_size.3 index 020db13..e4b370a 100644 --- a/secure/lib/libcrypto/man/DH_size.3 +++ b/secure/lib/libcrypto/man/DH_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DH_size 3" -.TH DH_size 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH DH_size 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_SIG_new.3 b/secure/lib/libcrypto/man/DSA_SIG_new.3 index eb6d5f1..18a1f80 100644 --- a/secure/lib/libcrypto/man/DSA_SIG_new.3 +++ b/secure/lib/libcrypto/man/DSA_SIG_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_SIG_new 3" -.TH DSA_SIG_new 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH DSA_SIG_new 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/DSA_do_sign.3 index 99a4669..a070179 100644 --- a/secure/lib/libcrypto/man/DSA_do_sign.3 +++ b/secure/lib/libcrypto/man/DSA_do_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_do_sign 3" -.TH DSA_do_sign 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH DSA_do_sign 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_dup_DH.3 b/secure/lib/libcrypto/man/DSA_dup_DH.3 index 3dd705e..e25e8d2 100644 --- a/secure/lib/libcrypto/man/DSA_dup_DH.3 +++ b/secure/lib/libcrypto/man/DSA_dup_DH.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_dup_DH 3" -.TH DSA_dup_DH 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH DSA_dup_DH 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_generate_key.3 b/secure/lib/libcrypto/man/DSA_generate_key.3 index b9570ea..3764180 100644 --- a/secure/lib/libcrypto/man/DSA_generate_key.3 +++ b/secure/lib/libcrypto/man/DSA_generate_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_generate_key 3" -.TH DSA_generate_key 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH DSA_generate_key 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/DSA_generate_parameters.3 index 3aeecf1..8b0502e 100644 --- a/secure/lib/libcrypto/man/DSA_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DSA_generate_parameters.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_generate_parameters 3" -.TH DSA_generate_parameters 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH DSA_generate_parameters 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 index 1bd5264..1a0c9ea 100644 --- a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_get_ex_new_index 3" -.TH DSA_get_ex_new_index 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH DSA_get_ex_new_index 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_new.3 b/secure/lib/libcrypto/man/DSA_new.3 index 63f4d7a..95ad08b 100644 --- a/secure/lib/libcrypto/man/DSA_new.3 +++ b/secure/lib/libcrypto/man/DSA_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_new 3" -.TH DSA_new 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH DSA_new 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_set_method.3 b/secure/lib/libcrypto/man/DSA_set_method.3 index f8520dd..e36a344 100644 --- a/secure/lib/libcrypto/man/DSA_set_method.3 +++ b/secure/lib/libcrypto/man/DSA_set_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_set_method 3" -.TH DSA_set_method 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH DSA_set_method 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_sign.3 b/secure/lib/libcrypto/man/DSA_sign.3 index 20aecab..a12b753 100644 --- a/secure/lib/libcrypto/man/DSA_sign.3 +++ b/secure/lib/libcrypto/man/DSA_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_sign 3" -.TH DSA_sign 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH DSA_sign 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_size.3 b/secure/lib/libcrypto/man/DSA_size.3 index c556c71..94f61fc 100644 --- a/secure/lib/libcrypto/man/DSA_size.3 +++ b/secure/lib/libcrypto/man/DSA_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA_size 3" -.TH DSA_size 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH DSA_size 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/ERR_GET_LIB.3 index eab80a6..95fed64 100644 --- a/secure/lib/libcrypto/man/ERR_GET_LIB.3 +++ b/secure/lib/libcrypto/man/ERR_GET_LIB.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_GET_LIB 3" -.TH ERR_GET_LIB 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ERR_GET_LIB 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/ERR_clear_error.3 index 670d206..d67e875 100644 --- a/secure/lib/libcrypto/man/ERR_clear_error.3 +++ b/secure/lib/libcrypto/man/ERR_clear_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_clear_error 3" -.TH ERR_clear_error 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ERR_clear_error 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_error_string.3 b/secure/lib/libcrypto/man/ERR_error_string.3 index e29d933..29ae6bf 100644 --- a/secure/lib/libcrypto/man/ERR_error_string.3 +++ b/secure/lib/libcrypto/man/ERR_error_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_error_string 3" -.TH ERR_error_string 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ERR_error_string 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_get_error.3 b/secure/lib/libcrypto/man/ERR_get_error.3 index c82d9c7..913f4c8 100644 --- a/secure/lib/libcrypto/man/ERR_get_error.3 +++ b/secure/lib/libcrypto/man/ERR_get_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_get_error 3" -.TH ERR_get_error 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ERR_get_error 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 index 2947c96..fbc36d8 100644 --- a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_load_crypto_strings 3" -.TH ERR_load_crypto_strings 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ERR_load_crypto_strings 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_load_strings.3 b/secure/lib/libcrypto/man/ERR_load_strings.3 index 5fc34d5..91f62b0 100644 --- a/secure/lib/libcrypto/man/ERR_load_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_strings.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_load_strings 3" -.TH ERR_load_strings 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ERR_load_strings 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/ERR_print_errors.3 index 6135132..4995823 100644 --- a/secure/lib/libcrypto/man/ERR_print_errors.3 +++ b/secure/lib/libcrypto/man/ERR_print_errors.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_print_errors 3" -.TH ERR_print_errors 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ERR_print_errors 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_put_error.3 b/secure/lib/libcrypto/man/ERR_put_error.3 index ad95314..89aeae0 100644 --- a/secure/lib/libcrypto/man/ERR_put_error.3 +++ b/secure/lib/libcrypto/man/ERR_put_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_put_error 3" -.TH ERR_put_error 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ERR_put_error 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_remove_state.3 b/secure/lib/libcrypto/man/ERR_remove_state.3 index 8f9716a..b13d431 100644 --- a/secure/lib/libcrypto/man/ERR_remove_state.3 +++ b/secure/lib/libcrypto/man/ERR_remove_state.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_remove_state 3" -.TH ERR_remove_state 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ERR_remove_state 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_set_mark.3 b/secure/lib/libcrypto/man/ERR_set_mark.3 index e0aa667..6cc434a 100644 --- a/secure/lib/libcrypto/man/ERR_set_mark.3 +++ b/secure/lib/libcrypto/man/ERR_set_mark.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERR_set_mark 3" -.TH ERR_set_mark 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ERR_set_mark 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/EVP_BytesToKey.3 index e07f3d3..78089bc 100644 --- a/secure/lib/libcrypto/man/EVP_BytesToKey.3 +++ b/secure/lib/libcrypto/man/EVP_BytesToKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_BytesToKey 3" -.TH EVP_BytesToKey 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EVP_BytesToKey 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_DigestInit.3 b/secure/lib/libcrypto/man/EVP_DigestInit.3 index a22f9ee..ec328ad 100644 --- a/secure/lib/libcrypto/man/EVP_DigestInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DigestInit 3" -.TH EVP_DigestInit 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EVP_DigestInit 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_DigestSignInit.3 b/secure/lib/libcrypto/man/EVP_DigestSignInit.3 index d88e8f4..8a4c4ac 100644 --- a/secure/lib/libcrypto/man/EVP_DigestSignInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestSignInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DigestSignInit 3" -.TH EVP_DigestSignInit 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EVP_DigestSignInit 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 index ec72af3..ff926e2 100644 --- a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DigestVerifyInit 3" -.TH EVP_DigestVerifyInit 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EVP_DigestVerifyInit 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/EVP_EncryptInit.3 index 9e38ba7..e3e8acf 100644 --- a/secure/lib/libcrypto/man/EVP_EncryptInit.3 +++ b/secure/lib/libcrypto/man/EVP_EncryptInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_EncryptInit 3" -.TH EVP_EncryptInit 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EVP_EncryptInit 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_OpenInit.3 b/secure/lib/libcrypto/man/EVP_OpenInit.3 index 994f33b..0b8490b 100644 --- a/secure/lib/libcrypto/man/EVP_OpenInit.3 +++ b/secure/lib/libcrypto/man/EVP_OpenInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_OpenInit 3" -.TH EVP_OpenInit 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EVP_OpenInit 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 index ed0f239..efea756 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_ctrl 3" -.TH EVP_PKEY_CTX_ctrl 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EVP_PKEY_CTX_ctrl 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 index b3ce806..ab81b07 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_new 3" -.TH EVP_PKEY_CTX_new 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EVP_PKEY_CTX_new 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 index a8610f6..629853f 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_cmp 3" -.TH EVP_PKEY_cmp 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EVP_PKEY_cmp 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 index f8c6124..67b2809 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_decrypt 3" -.TH EVP_PKEY_decrypt 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EVP_PKEY_decrypt 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_derive.3 b/secure/lib/libcrypto/man/EVP_PKEY_derive.3 index 9ba3c87..ce0cc4c 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_derive.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_derive.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_derive 3" -.TH EVP_PKEY_derive 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EVP_PKEY_derive 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 index 45a7bb5..86269ff 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_encrypt 3" -.TH EVP_PKEY_encrypt 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EVP_PKEY_encrypt 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 index d7baaed..28b685e 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_get_default_digest 3" -.TH EVP_PKEY_get_default_digest 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EVP_PKEY_get_default_digest 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 index 9876ca2..0532a37 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_keygen 3" -.TH EVP_PKEY_keygen 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EVP_PKEY_keygen 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_new.3 index 2915985..951aa1f 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_new.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_new 3" -.TH EVP_PKEY_new 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EVP_PKEY_new 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 index 15fccb2..cd60fba 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_print_private 3" -.TH EVP_PKEY_print_private 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EVP_PKEY_print_private 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 index 7867f04..6a61d2e 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_set1_RSA 3" -.TH EVP_PKEY_set1_RSA 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EVP_PKEY_set1_RSA 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_sign.3 b/secure/lib/libcrypto/man/EVP_PKEY_sign.3 index b2546c5..75f370c 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_sign.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_sign 3" -.TH EVP_PKEY_sign 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EVP_PKEY_sign 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify.3 index 3b7e9c2..fc33de1 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_verify.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_verify 3" -.TH EVP_PKEY_verify 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EVP_PKEY_verify 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 index ff6c291..52206fa 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_verify_recover 3" -.TH EVP_PKEY_verify_recover 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EVP_PKEY_verify_recover 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_SealInit.3 b/secure/lib/libcrypto/man/EVP_SealInit.3 index 90360a7..d891d35 100644 --- a/secure/lib/libcrypto/man/EVP_SealInit.3 +++ b/secure/lib/libcrypto/man/EVP_SealInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SealInit 3" -.TH EVP_SealInit 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EVP_SealInit 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_SignInit.3 b/secure/lib/libcrypto/man/EVP_SignInit.3 index 81b65a6d..31965c0 100644 --- a/secure/lib/libcrypto/man/EVP_SignInit.3 +++ b/secure/lib/libcrypto/man/EVP_SignInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SignInit 3" -.TH EVP_SignInit 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EVP_SignInit 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/EVP_VerifyInit.3 index b3ac2a2..2092bf8 100644 --- a/secure/lib/libcrypto/man/EVP_VerifyInit.3 +++ b/secure/lib/libcrypto/man/EVP_VerifyInit.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EVP_VerifyInit 3" -.TH EVP_VerifyInit 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EVP_VerifyInit 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OBJ_nid2obj.3 b/secure/lib/libcrypto/man/OBJ_nid2obj.3 index 3818446..9de0e3a 100644 --- a/secure/lib/libcrypto/man/OBJ_nid2obj.3 +++ b/secure/lib/libcrypto/man/OBJ_nid2obj.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OBJ_nid2obj 3" -.TH OBJ_nid2obj 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH OBJ_nid2obj 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_Applink.3 b/secure/lib/libcrypto/man/OPENSSL_Applink.3 index 16d8aed..0491697 100644 --- a/secure/lib/libcrypto/man/OPENSSL_Applink.3 +++ b/secure/lib/libcrypto/man/OPENSSL_Applink.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_Applink 3" -.TH OPENSSL_Applink 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH OPENSSL_Applink 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 index ccbf32a..c60a894 100644 --- a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 +++ b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_VERSION_NUMBER 3" -.TH OPENSSL_VERSION_NUMBER 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH OPENSSL_VERSION_NUMBER 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_config.3 b/secure/lib/libcrypto/man/OPENSSL_config.3 index 12b3086..89ee222 100644 --- a/secure/lib/libcrypto/man/OPENSSL_config.3 +++ b/secure/lib/libcrypto/man/OPENSSL_config.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_config 3" -.TH OPENSSL_config 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH OPENSSL_config 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 index 04395cf..f47b129 100644 --- a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 +++ b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_ia32cap 3" -.TH OPENSSL_ia32cap 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH OPENSSL_ia32cap 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 index 29cf323..ef58f4b 100644 --- a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 +++ b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_load_builtin_modules 3" -.TH OPENSSL_load_builtin_modules 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH OPENSSL_load_builtin_modules 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 index 8a32af2..197b9d6 100644 --- a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 +++ b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OpenSSL_add_all_algorithms 3" -.TH OpenSSL_add_all_algorithms 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH OpenSSL_add_all_algorithms 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 index 47ed7e6..5ebe6d6 100644 --- a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 +++ b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PEM_write_bio_CMS_stream 3" -.TH PEM_write_bio_CMS_stream 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH PEM_write_bio_CMS_stream 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 index 7c1f68cd..9a98814 100644 --- a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 +++ b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PEM_write_bio_PKCS7_stream 3" -.TH PEM_write_bio_PKCS7_stream 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH PEM_write_bio_PKCS7_stream 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS12_create.3 b/secure/lib/libcrypto/man/PKCS12_create.3 index 22360a4..46fce7a 100644 --- a/secure/lib/libcrypto/man/PKCS12_create.3 +++ b/secure/lib/libcrypto/man/PKCS12_create.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_create 3" -.TH PKCS12_create 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH PKCS12_create 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS12_parse.3 b/secure/lib/libcrypto/man/PKCS12_parse.3 index b572784..f918ce3 100644 --- a/secure/lib/libcrypto/man/PKCS12_parse.3 +++ b/secure/lib/libcrypto/man/PKCS12_parse.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_parse 3" -.TH PKCS12_parse 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH PKCS12_parse 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_decrypt.3 b/secure/lib/libcrypto/man/PKCS7_decrypt.3 index ebe751a..18ae9b0 100644 --- a/secure/lib/libcrypto/man/PKCS7_decrypt.3 +++ b/secure/lib/libcrypto/man/PKCS7_decrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_decrypt 3" -.TH PKCS7_decrypt 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH PKCS7_decrypt 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_encrypt.3 b/secure/lib/libcrypto/man/PKCS7_encrypt.3 index d8519e1..1bb8ed7 100644 --- a/secure/lib/libcrypto/man/PKCS7_encrypt.3 +++ b/secure/lib/libcrypto/man/PKCS7_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_encrypt 3" -.TH PKCS7_encrypt 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH PKCS7_encrypt 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_sign.3 b/secure/lib/libcrypto/man/PKCS7_sign.3 index 271352d..7d83036 100644 --- a/secure/lib/libcrypto/man/PKCS7_sign.3 +++ b/secure/lib/libcrypto/man/PKCS7_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_sign 3" -.TH PKCS7_sign 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH PKCS7_sign 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 index 1ba1493..4a18faf 100644 --- a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 +++ b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_sign_add_signer 3" -.TH PKCS7_sign_add_signer 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH PKCS7_sign_add_signer 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_verify.3 b/secure/lib/libcrypto/man/PKCS7_verify.3 index 9e5afdc..3add439 100644 --- a/secure/lib/libcrypto/man/PKCS7_verify.3 +++ b/secure/lib/libcrypto/man/PKCS7_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_verify 3" -.TH PKCS7_verify 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH PKCS7_verify 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_add.3 b/secure/lib/libcrypto/man/RAND_add.3 index 43bed0c..af10a98 100644 --- a/secure/lib/libcrypto/man/RAND_add.3 +++ b/secure/lib/libcrypto/man/RAND_add.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_add 3" -.TH RAND_add 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH RAND_add 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_bytes.3 b/secure/lib/libcrypto/man/RAND_bytes.3 index a66177f..11494dc 100644 --- a/secure/lib/libcrypto/man/RAND_bytes.3 +++ b/secure/lib/libcrypto/man/RAND_bytes.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_bytes 3" -.TH RAND_bytes 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH RAND_bytes 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_cleanup.3 b/secure/lib/libcrypto/man/RAND_cleanup.3 index 21f9392..4edc18f 100644 --- a/secure/lib/libcrypto/man/RAND_cleanup.3 +++ b/secure/lib/libcrypto/man/RAND_cleanup.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_cleanup 3" -.TH RAND_cleanup 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH RAND_cleanup 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_egd.3 b/secure/lib/libcrypto/man/RAND_egd.3 index a131fbb..ae1ae48 100644 --- a/secure/lib/libcrypto/man/RAND_egd.3 +++ b/secure/lib/libcrypto/man/RAND_egd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_egd 3" -.TH RAND_egd 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH RAND_egd 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_load_file.3 b/secure/lib/libcrypto/man/RAND_load_file.3 index 73757cc..e193b47 100644 --- a/secure/lib/libcrypto/man/RAND_load_file.3 +++ b/secure/lib/libcrypto/man/RAND_load_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_load_file 3" -.TH RAND_load_file 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH RAND_load_file 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/RAND_set_rand_method.3 index dfbc1e4..0b893ea 100644 --- a/secure/lib/libcrypto/man/RAND_set_rand_method.3 +++ b/secure/lib/libcrypto/man/RAND_set_rand_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND_set_rand_method 3" -.TH RAND_set_rand_method 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH RAND_set_rand_method 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_blinding_on.3 b/secure/lib/libcrypto/man/RSA_blinding_on.3 index 42ef106..ac03bd9 100644 --- a/secure/lib/libcrypto/man/RSA_blinding_on.3 +++ b/secure/lib/libcrypto/man/RSA_blinding_on.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_blinding_on 3" -.TH RSA_blinding_on 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH RSA_blinding_on 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3 index 2ae54f6..d108449 100644 --- a/secure/lib/libcrypto/man/RSA_check_key.3 +++ b/secure/lib/libcrypto/man/RSA_check_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_check_key 3" -.TH RSA_check_key 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH RSA_check_key 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_generate_key.3 b/secure/lib/libcrypto/man/RSA_generate_key.3 index 9d16c21..bfe3d4c 100644 --- a/secure/lib/libcrypto/man/RSA_generate_key.3 +++ b/secure/lib/libcrypto/man/RSA_generate_key.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_generate_key 3" -.TH RSA_generate_key 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH RSA_generate_key 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 index f83aaa9..b3535a6 100644 --- a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_get_ex_new_index 3" -.TH RSA_get_ex_new_index 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH RSA_get_ex_new_index 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_new.3 b/secure/lib/libcrypto/man/RSA_new.3 index 0a6bfab..4c5e76a 100644 --- a/secure/lib/libcrypto/man/RSA_new.3 +++ b/secure/lib/libcrypto/man/RSA_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_new 3" -.TH RSA_new 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH RSA_new 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 index b109d58..d128da0 100644 --- a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 +++ b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_padding_add_PKCS1_type_1 3" -.TH RSA_padding_add_PKCS1_type_1 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH RSA_padding_add_PKCS1_type_1 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_print.3 b/secure/lib/libcrypto/man/RSA_print.3 index f6fd9b6..632c5a5 100644 --- a/secure/lib/libcrypto/man/RSA_print.3 +++ b/secure/lib/libcrypto/man/RSA_print.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_print 3" -.TH RSA_print 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH RSA_print 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/RSA_private_encrypt.3 index e0baf93..9fee570 100644 --- a/secure/lib/libcrypto/man/RSA_private_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_private_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_private_encrypt 3" -.TH RSA_private_encrypt 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH RSA_private_encrypt 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/RSA_public_encrypt.3 index 6f71f1b..c926cba 100644 --- a/secure/lib/libcrypto/man/RSA_public_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_public_encrypt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_public_encrypt 3" -.TH RSA_public_encrypt 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH RSA_public_encrypt 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_set_method.3 b/secure/lib/libcrypto/man/RSA_set_method.3 index 57258a9..1fda7a4 100644 --- a/secure/lib/libcrypto/man/RSA_set_method.3 +++ b/secure/lib/libcrypto/man/RSA_set_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_set_method 3" -.TH RSA_set_method 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH RSA_set_method 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_sign.3 b/secure/lib/libcrypto/man/RSA_sign.3 index 22070c0..f34873d 100644 --- a/secure/lib/libcrypto/man/RSA_sign.3 +++ b/secure/lib/libcrypto/man/RSA_sign.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_sign 3" -.TH RSA_sign 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH RSA_sign 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 index 320ba35..eaa0396 100644 --- a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 +++ b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_sign_ASN1_OCTET_STRING 3" -.TH RSA_sign_ASN1_OCTET_STRING 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH RSA_sign_ASN1_OCTET_STRING 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_size.3 b/secure/lib/libcrypto/man/RSA_size.3 index 003f1b2..3ab417a 100644 --- a/secure/lib/libcrypto/man/RSA_size.3 +++ b/secure/lib/libcrypto/man/RSA_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA_size 3" -.TH RSA_size 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH RSA_size 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SMIME_read_CMS.3 b/secure/lib/libcrypto/man/SMIME_read_CMS.3 index f32e000..7f830e2 100644 --- a/secure/lib/libcrypto/man/SMIME_read_CMS.3 +++ b/secure/lib/libcrypto/man/SMIME_read_CMS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_read_CMS 3" -.TH SMIME_read_CMS 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SMIME_read_CMS 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 index e989e9a..c2fef35 100644 --- a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 +++ b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_read_PKCS7 3" -.TH SMIME_read_PKCS7 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SMIME_read_PKCS7 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SMIME_write_CMS.3 b/secure/lib/libcrypto/man/SMIME_write_CMS.3 index bf99bc3..998883d 100644 --- a/secure/lib/libcrypto/man/SMIME_write_CMS.3 +++ b/secure/lib/libcrypto/man/SMIME_write_CMS.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_write_CMS 3" -.TH SMIME_write_CMS 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SMIME_write_CMS 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 index 53a56a9..067d31a 100644 --- a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 +++ b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_write_PKCS7 3" -.TH SMIME_write_PKCS7 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SMIME_write_PKCS7 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 index d2f2201..8c01ec5 100644 --- a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 +++ b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_ENTRY_get_object 3" -.TH X509_NAME_ENTRY_get_object 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH X509_NAME_ENTRY_get_object 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 index b09ad9a..860a7ad 100644 --- a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 +++ b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_add_entry_by_txt 3" -.TH X509_NAME_add_entry_by_txt 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH X509_NAME_add_entry_by_txt 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 index 7e6e431..354b019 100644 --- a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 +++ b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_get_index_by_NID 3" -.TH X509_NAME_get_index_by_NID 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH X509_NAME_get_index_by_NID 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 index d0caf7b..81e337e 100644 --- a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 +++ b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_print_ex 3" -.TH X509_NAME_print_ex 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH X509_NAME_print_ex 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 index 5a5c162..ddc718e 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_get_error 3" -.TH X509_STORE_CTX_get_error 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH X509_STORE_CTX_get_error 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 index e1458a5..9d089fc 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_get_ex_new_index 3" -.TH X509_STORE_CTX_get_ex_new_index 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH X509_STORE_CTX_get_ex_new_index 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 index 58caefb..15b5205 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_new 3" -.TH X509_STORE_CTX_new 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH X509_STORE_CTX_new 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 index 9884656..50a33f0 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_set_verify_cb 3" -.TH X509_STORE_CTX_set_verify_cb 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH X509_STORE_CTX_set_verify_cb 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 index 931917e..f2dc313 100644 --- a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 +++ b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_set_verify_cb_func 3" -.TH X509_STORE_set_verify_cb_func 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH X509_STORE_set_verify_cb_func 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 index 4bc4952..6ec9951 100644 --- a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 +++ b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_VERIFY_PARAM_set_flags 3" -.TH X509_VERIFY_PARAM_set_flags 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH X509_VERIFY_PARAM_set_flags 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -267,6 +267,12 @@ issuer checks. It is \fBnot\fR needed unless you are logging certificate verification. If this flag is set then additional status codes will be sent to the verification callback and it \fBmust\fR be prepared to handle such cases without assuming they are hard errors. +.PP +The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag suppresses checking for alternative +chains. By default, when building a certificate chain, if the first certificate +chain found is not trusted, then OpenSSL will continue to check to see if an +alternative chain can be found that is trusted. With this flag set the behaviour +will match that of OpenSSL versions prior to 1.0.1n and 1.0.2b. .SH "NOTES" .IX Header "NOTES" The above functions should be used to manipulate verification parameters @@ -298,4 +304,4 @@ connections associated with an \fB\s-1SSL_CTX\s0\fR structure \fBctx\fR: \&\fIX509_verify_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1TBA\s0 +The \fBX509_V_FLAG_NO_ALT_CHAINS\fR flag was added in OpenSSL 1.0.1n and 1.0.2b diff --git a/secure/lib/libcrypto/man/X509_new.3 b/secure/lib/libcrypto/man/X509_new.3 index 488ef7b..2ea6d1e 100644 --- a/secure/lib/libcrypto/man/X509_new.3 +++ b/secure/lib/libcrypto/man/X509_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_new 3" -.TH X509_new 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH X509_new 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_verify_cert.3 b/secure/lib/libcrypto/man/X509_verify_cert.3 index 4b3de8d..f40318c 100644 --- a/secure/lib/libcrypto/man/X509_verify_cert.3 +++ b/secure/lib/libcrypto/man/X509_verify_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509_verify_cert 3" -.TH X509_verify_cert 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH X509_verify_cert 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/bio.3 b/secure/lib/libcrypto/man/bio.3 index b8e57ad..b844f07 100644 --- a/secure/lib/libcrypto/man/bio.3 +++ b/secure/lib/libcrypto/man/bio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "bio 3" -.TH bio 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH bio 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/blowfish.3 b/secure/lib/libcrypto/man/blowfish.3 index ac91199..287dc46 100644 --- a/secure/lib/libcrypto/man/blowfish.3 +++ b/secure/lib/libcrypto/man/blowfish.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "blowfish 3" -.TH blowfish 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH blowfish 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/bn.3 b/secure/lib/libcrypto/man/bn.3 index 75ff5e1..e3d6a53 100644 --- a/secure/lib/libcrypto/man/bn.3 +++ b/secure/lib/libcrypto/man/bn.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "bn 3" -.TH bn 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH bn 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/bn_internal.3 b/secure/lib/libcrypto/man/bn_internal.3 index f353f19..a8873ef 100644 --- a/secure/lib/libcrypto/man/bn_internal.3 +++ b/secure/lib/libcrypto/man/bn_internal.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "bn_internal 3" -.TH bn_internal 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH bn_internal 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/buffer.3 b/secure/lib/libcrypto/man/buffer.3 index 800b6a4..49bb855 100644 --- a/secure/lib/libcrypto/man/buffer.3 +++ b/secure/lib/libcrypto/man/buffer.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "buffer 3" -.TH buffer 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH buffer 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/crypto.3 b/secure/lib/libcrypto/man/crypto.3 index 0767acf..cbb96ce 100644 --- a/secure/lib/libcrypto/man/crypto.3 +++ b/secure/lib/libcrypto/man/crypto.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "crypto 3" -.TH crypto 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH crypto 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 index 4736f53..1773a37 100644 --- a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 +++ b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_ASN1_OBJECT 3" -.TH d2i_ASN1_OBJECT 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH d2i_ASN1_OBJECT 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3 b/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3 index 21abe69..f23fc72 100644 --- a/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3 +++ b/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_CMS_ContentInfo 3" -.TH d2i_CMS_ContentInfo 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH d2i_CMS_ContentInfo 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_DHparams.3 b/secure/lib/libcrypto/man/d2i_DHparams.3 index db5b4da..165c61f 100644 --- a/secure/lib/libcrypto/man/d2i_DHparams.3 +++ b/secure/lib/libcrypto/man/d2i_DHparams.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_DHparams 3" -.TH d2i_DHparams 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH d2i_DHparams 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 index 1d834fa..c6e3aa6 100644 --- a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 +++ b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_DSAPublicKey 3" -.TH d2i_DSAPublicKey 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH d2i_DSAPublicKey 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_ECPrivateKey.3 b/secure/lib/libcrypto/man/d2i_ECPrivateKey.3 index 52406fc..514b2f7 100644 --- a/secure/lib/libcrypto/man/d2i_ECPrivateKey.3 +++ b/secure/lib/libcrypto/man/d2i_ECPrivateKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_ECPrivateKey 3" -.TH d2i_ECPrivateKey 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH d2i_ECPrivateKey 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 index 23807f6..8b7cb5d 100644 --- a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 +++ b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_PKCS8PrivateKey 3" -.TH d2i_PKCS8PrivateKey 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH d2i_PKCS8PrivateKey 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 index 57c7c1a..74e059a 100644 --- a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 +++ b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_RSAPublicKey 3" -.TH d2i_RSAPublicKey 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH d2i_RSAPublicKey 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509.3 b/secure/lib/libcrypto/man/d2i_X509.3 index e5f63a8..cd8cce1 100644 --- a/secure/lib/libcrypto/man/d2i_X509.3 +++ b/secure/lib/libcrypto/man/d2i_X509.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509 3" -.TH d2i_X509 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH d2i_X509 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 index cb32b70..8db4463 100644 --- a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 +++ b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_ALGOR 3" -.TH d2i_X509_ALGOR 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH d2i_X509_ALGOR 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509_CRL.3 b/secure/lib/libcrypto/man/d2i_X509_CRL.3 index af0cbcc..9651a5c 100644 --- a/secure/lib/libcrypto/man/d2i_X509_CRL.3 +++ b/secure/lib/libcrypto/man/d2i_X509_CRL.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_CRL 3" -.TH d2i_X509_CRL 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH d2i_X509_CRL 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509_NAME.3 b/secure/lib/libcrypto/man/d2i_X509_NAME.3 index f93ed16..64a7398 100644 --- a/secure/lib/libcrypto/man/d2i_X509_NAME.3 +++ b/secure/lib/libcrypto/man/d2i_X509_NAME.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_NAME 3" -.TH d2i_X509_NAME 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH d2i_X509_NAME 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509_REQ.3 b/secure/lib/libcrypto/man/d2i_X509_REQ.3 index c88463a..2c7238f 100644 --- a/secure/lib/libcrypto/man/d2i_X509_REQ.3 +++ b/secure/lib/libcrypto/man/d2i_X509_REQ.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_REQ 3" -.TH d2i_X509_REQ 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH d2i_X509_REQ 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509_SIG.3 b/secure/lib/libcrypto/man/d2i_X509_SIG.3 index efac791..2a3fe29 100644 --- a/secure/lib/libcrypto/man/d2i_X509_SIG.3 +++ b/secure/lib/libcrypto/man/d2i_X509_SIG.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_SIG 3" -.TH d2i_X509_SIG 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH d2i_X509_SIG 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/des.3 b/secure/lib/libcrypto/man/des.3 index 97a1a57..ccc7244 100644 --- a/secure/lib/libcrypto/man/des.3 +++ b/secure/lib/libcrypto/man/des.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "des 3" -.TH des 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH des 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/dh.3 b/secure/lib/libcrypto/man/dh.3 index 11c203b..59a8e46 100644 --- a/secure/lib/libcrypto/man/dh.3 +++ b/secure/lib/libcrypto/man/dh.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "dh 3" -.TH dh 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH dh 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/dsa.3 b/secure/lib/libcrypto/man/dsa.3 index 45b843d..da6ee1f 100644 --- a/secure/lib/libcrypto/man/dsa.3 +++ b/secure/lib/libcrypto/man/dsa.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "dsa 3" -.TH dsa 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH dsa 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ecdsa.3 b/secure/lib/libcrypto/man/ecdsa.3 index 2ef80ab..5f5850b 100644 --- a/secure/lib/libcrypto/man/ecdsa.3 +++ b/secure/lib/libcrypto/man/ecdsa.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ecdsa 3" -.TH ecdsa 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ecdsa 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/engine.3 b/secure/lib/libcrypto/man/engine.3 index cf1f60b..d264c12 100644 --- a/secure/lib/libcrypto/man/engine.3 +++ b/secure/lib/libcrypto/man/engine.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "engine 3" -.TH engine 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH engine 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/err.3 b/secure/lib/libcrypto/man/err.3 index 2e6ed82..659f111 100644 --- a/secure/lib/libcrypto/man/err.3 +++ b/secure/lib/libcrypto/man/err.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "err 3" -.TH err 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH err 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/evp.3 b/secure/lib/libcrypto/man/evp.3 index fd783a9..5568e3e 100644 --- a/secure/lib/libcrypto/man/evp.3 +++ b/secure/lib/libcrypto/man/evp.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "evp 3" -.TH evp 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH evp 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/hmac.3 b/secure/lib/libcrypto/man/hmac.3 index 3dde3c5..1e5c4e1 100644 --- a/secure/lib/libcrypto/man/hmac.3 +++ b/secure/lib/libcrypto/man/hmac.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "hmac 3" -.TH hmac 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH hmac 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 index d57687f..7d9a5ee 100644 --- a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 +++ b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "i2d_CMS_bio_stream 3" -.TH i2d_CMS_bio_stream 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH i2d_CMS_bio_stream 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 index 2f53509..6a201be 100644 --- a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 +++ b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "i2d_PKCS7_bio_stream 3" -.TH i2d_PKCS7_bio_stream 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH i2d_PKCS7_bio_stream 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/lh_stats.3 b/secure/lib/libcrypto/man/lh_stats.3 index 695be74..79f7aea 100644 --- a/secure/lib/libcrypto/man/lh_stats.3 +++ b/secure/lib/libcrypto/man/lh_stats.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "lh_stats 3" -.TH lh_stats 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH lh_stats 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/lhash.3 b/secure/lib/libcrypto/man/lhash.3 index 0c53c25..8480536 100644 --- a/secure/lib/libcrypto/man/lhash.3 +++ b/secure/lib/libcrypto/man/lhash.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "lhash 3" -.TH lhash 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH lhash 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/md5.3 b/secure/lib/libcrypto/man/md5.3 index 22fdfe6..cd0ae65 100644 --- a/secure/lib/libcrypto/man/md5.3 +++ b/secure/lib/libcrypto/man/md5.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "md5 3" -.TH md5 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH md5 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/mdc2.3 b/secure/lib/libcrypto/man/mdc2.3 index a52058b..c944a28 100644 --- a/secure/lib/libcrypto/man/mdc2.3 +++ b/secure/lib/libcrypto/man/mdc2.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "mdc2 3" -.TH mdc2 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH mdc2 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/pem.3 b/secure/lib/libcrypto/man/pem.3 index 54fc0b4..0f7a249 100644 --- a/secure/lib/libcrypto/man/pem.3 +++ b/secure/lib/libcrypto/man/pem.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,13 +133,35 @@ .\" ======================================================================== .\" .IX Title "pem 3" -.TH pem 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH pem 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE \- PEM routines +PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, +PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, +PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, +PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, +PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, +PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, +PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, +PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, +PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, +PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, +PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, +PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, +PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, +PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, +PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, +PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, +PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, +PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, +PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, +PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, +PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, +PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, +PEM_write_NETSCAPE_CERT_SEQUENCE \- PEM routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -376,7 +398,8 @@ SubjectPublicKeyInfo structure and an error occurs if the public key is not \s-1DSA.\s0 .PP The \fBDSAparams\fR functions process \s-1DSA\s0 parameters using a \s-1DSA\s0 -structure. The parameters are encoded using a foobar structure. +structure. The parameters are encoded using a Dss-Parms structure +as defined in \s-1RFC2459.\s0 .PP The \fBDHparams\fR functions process \s-1DH\s0 parameters using a \s-1DH\s0 structure. The parameters are encoded using a PKCS#3 DHparameter diff --git a/secure/lib/libcrypto/man/rand.3 b/secure/lib/libcrypto/man/rand.3 index 12906f1..38c1b13 100644 --- a/secure/lib/libcrypto/man/rand.3 +++ b/secure/lib/libcrypto/man/rand.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "rand 3" -.TH rand 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH rand 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/rc4.3 b/secure/lib/libcrypto/man/rc4.3 index 4afd32d..f81900f 100644 --- a/secure/lib/libcrypto/man/rc4.3 +++ b/secure/lib/libcrypto/man/rc4.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "rc4 3" -.TH rc4 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH rc4 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ripemd.3 b/secure/lib/libcrypto/man/ripemd.3 index 42b9d51..538c4ae 100644 --- a/secure/lib/libcrypto/man/ripemd.3 +++ b/secure/lib/libcrypto/man/ripemd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ripemd 3" -.TH ripemd 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ripemd 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/rsa.3 b/secure/lib/libcrypto/man/rsa.3 index a129469..7d3fd5f 100644 --- a/secure/lib/libcrypto/man/rsa.3 +++ b/secure/lib/libcrypto/man/rsa.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "rsa 3" -.TH rsa 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH rsa 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/sha.3 b/secure/lib/libcrypto/man/sha.3 index 1895ffe..ff28aee 100644 --- a/secure/lib/libcrypto/man/sha.3 +++ b/secure/lib/libcrypto/man/sha.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "sha 3" -.TH sha 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH sha 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/threads.3 b/secure/lib/libcrypto/man/threads.3 index 1133b50..5ae3140 100644 --- a/secure/lib/libcrypto/man/threads.3 +++ b/secure/lib/libcrypto/man/threads.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "threads 3" -.TH threads 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH threads 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ui.3 b/secure/lib/libcrypto/man/ui.3 index 4a30de4..da2e869 100644 --- a/secure/lib/libcrypto/man/ui.3 +++ b/secure/lib/libcrypto/man/ui.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ui 3" -.TH ui 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ui 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ui_compat.3 b/secure/lib/libcrypto/man/ui_compat.3 index 9fb7b8d..0d6474b 100644 --- a/secure/lib/libcrypto/man/ui_compat.3 +++ b/secure/lib/libcrypto/man/ui_compat.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ui_compat 3" -.TH ui_compat 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ui_compat 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/x509.3 b/secure/lib/libcrypto/man/x509.3 index 94183f5..c6e53fd 100644 --- a/secure/lib/libcrypto/man/x509.3 +++ b/secure/lib/libcrypto/man/x509.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "x509 3" -.TH x509 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH x509 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 index f69ccfb..e06e551 100644 --- a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 +++ b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CIPHER_get_name 3" -.TH SSL_CIPHER_get_name 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CIPHER_get_name 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 index 7d89651..eeb0032 100644 --- a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 +++ b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_COMP_add_compression_method 3" -.TH SSL_COMP_add_compression_method 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_COMP_add_compression_method 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 index dc94ce2..7abceb7 100644 --- a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 +++ b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_add_extra_chain_cert 3" -.TH SSL_CTX_add_extra_chain_cert 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_add_extra_chain_cert 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_add_session.3 b/secure/lib/libssl/man/SSL_CTX_add_session.3 index 1d6597e..6580f52 100644 --- a/secure/lib/libssl/man/SSL_CTX_add_session.3 +++ b/secure/lib/libssl/man/SSL_CTX_add_session.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_add_session 3" -.TH SSL_CTX_add_session 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_add_session 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_ctrl.3 b/secure/lib/libssl/man/SSL_CTX_ctrl.3 index f04af7d..209c9fd 100644 --- a/secure/lib/libssl/man/SSL_CTX_ctrl.3 +++ b/secure/lib/libssl/man/SSL_CTX_ctrl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_ctrl 3" -.TH SSL_CTX_ctrl 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_ctrl 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 index 7998fe9..fdc2c1b 100644 --- a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 +++ b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_flush_sessions 3" -.TH SSL_CTX_flush_sessions 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_flush_sessions 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_free.3 b/secure/lib/libssl/man/SSL_CTX_free.3 index 3a1f10d..95042de 100644 --- a/secure/lib/libssl/man/SSL_CTX_free.3 +++ b/secure/lib/libssl/man/SSL_CTX_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_free 3" -.TH SSL_CTX_free 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_free 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 index 7bd322d..6269dba 100644 --- a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_get_ex_new_index 3" -.TH SSL_CTX_get_ex_new_index 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_get_ex_new_index 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 index f14c8ab..aa8d1d1 100644 --- a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_get_verify_mode 3" -.TH SSL_CTX_get_verify_mode 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_get_verify_mode 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 index 132bf20..4045495 100644 --- a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 +++ b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_load_verify_locations 3" -.TH SSL_CTX_load_verify_locations 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_load_verify_locations 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_new.3 b/secure/lib/libssl/man/SSL_CTX_new.3 index 937c857..a08a427 100644 --- a/secure/lib/libssl/man/SSL_CTX_new.3 +++ b/secure/lib/libssl/man/SSL_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_new 3" -.TH SSL_CTX_new 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_new 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_sess_number.3 b/secure/lib/libssl/man/SSL_CTX_sess_number.3 index 4567fec..7330020 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_number.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_number.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_number 3" -.TH SSL_CTX_sess_number 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_sess_number 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 index 3a5196f..bf944ac 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_set_cache_size 3" -.TH SSL_CTX_sess_set_cache_size 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_sess_set_cache_size 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 index e112111..54f6623 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_set_get_cb 3" -.TH SSL_CTX_sess_set_get_cb 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_sess_set_get_cb 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_sessions.3 b/secure/lib/libssl/man/SSL_CTX_sessions.3 index 40e1d79..6303c16 100644 --- a/secure/lib/libssl/man/SSL_CTX_sessions.3 +++ b/secure/lib/libssl/man/SSL_CTX_sessions.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sessions 3" -.TH SSL_CTX_sessions 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_sessions 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 index 561c2ad..bbe6fd0 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cert_store 3" -.TH SSL_CTX_set_cert_store 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_set_cert_store 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 index af153fd..10e26fc 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cert_verify_callback 3" -.TH SSL_CTX_set_cert_verify_callback 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_set_cert_verify_callback 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 index 94ea8f9..8ffcb4b 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cipher_list 3" -.TH SSL_CTX_set_cipher_list 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_set_cipher_list 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 index 04460df..571c04c 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_client_CA_list 3" -.TH SSL_CTX_set_client_CA_list 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_set_client_CA_list 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 index 429a587..2f4d921 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_client_cert_cb 3" -.TH SSL_CTX_set_client_cert_cb 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_set_client_cert_cb 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 index 4c7c6d8..815d8a7 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_default_passwd_cb 3" -.TH SSL_CTX_set_default_passwd_cb 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_set_default_passwd_cb 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 index bc58395..0fc9fb6 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_generate_session_id 3" -.TH SSL_CTX_set_generate_session_id 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_set_generate_session_id 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 index 3c110ec..b6ea11e 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_info_callback 3" -.TH SSL_CTX_set_info_callback 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_set_info_callback 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 index 4394128..841e4fd 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_max_cert_list 3" -.TH SSL_CTX_set_max_cert_list 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_set_max_cert_list 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_mode.3 index c14c1d9..b81011f 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_mode.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_mode 3" -.TH SSL_CTX_set_mode 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_set_mode 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 index d36e01f..9e311a9 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_msg_callback 3" -.TH SSL_CTX_set_msg_callback 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_set_msg_callback 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_options.3 b/secure/lib/libssl/man/SSL_CTX_set_options.3 index 627ff1b..17c1113 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_options.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_options.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_options 3" -.TH SSL_CTX_set_options 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_set_options 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 index 67d6640..8852b43 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_psk_client_callback 3" -.TH SSL_CTX_set_psk_client_callback 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_set_psk_client_callback 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 index 1c63297..7db0903 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_quiet_shutdown 3" -.TH SSL_CTX_set_quiet_shutdown 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_set_quiet_shutdown 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 b/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 index 85f724a..f9290f9 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_read_ahead 3" -.TH SSL_CTX_set_read_ahead 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_set_read_ahead 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 index d82f1ea..d8d49d3 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_session_cache_mode 3" -.TH SSL_CTX_set_session_cache_mode 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_set_session_cache_mode 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 index 901dd82..6f96fc8 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_session_id_context 3" -.TH SSL_CTX_set_session_id_context 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_set_session_id_context 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 index 225ef46..b3e0c46 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_ssl_version 3" -.TH SSL_CTX_set_ssl_version 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_set_ssl_version 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 index 2ead376..0faadc9 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_timeout 3" -.TH SSL_CTX_set_timeout 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_set_timeout 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 index bf73bd6..2268961 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tlsext_ticket_key_cb 3" -.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 index 4d80acd..c2c5c4b 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tmp_dh_callback 3" -.TH SSL_CTX_set_tmp_dh_callback 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_set_tmp_dh_callback 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -197,12 +197,12 @@ negotiation is being saved. .PP If \*(L"strong\*(R" primes were used to generate the \s-1DH\s0 parameters, it is not strictly necessary to generate a new key for each handshake but it does improve forward -secrecy. If it is not assured, that \*(L"strong\*(R" primes were used (see especially -the section about \s-1DSA\s0 parameters below), \s-1SSL_OP_SINGLE_DH_USE\s0 must be used -in order to prevent small subgroup attacks. Always using \s-1SSL_OP_SINGLE_DH_USE\s0 -has an impact on the computer time needed during negotiation, but it is not -very large, so application authors/users should consider to always enable -this option. +secrecy. If it is not assured that \*(L"strong\*(R" primes were used, +\&\s-1SSL_OP_SINGLE_DH_USE\s0 must be used in order to prevent small subgroup +attacks. Always using \s-1SSL_OP_SINGLE_DH_USE\s0 has an impact on the +computer time needed during negotiation, but it is not very large, so +application authors/users should consider always enabling this option. +The option is required to implement perfect forward secrecy (\s-1PFS\s0). .PP As generating \s-1DH\s0 parameters is extremely time consuming, an application should not generate the parameters on the fly but supply the parameters. @@ -210,82 +210,62 @@ should not generate the parameters on the fly but supply the parameters. the negotiation. The risk in reusing \s-1DH\s0 parameters is that an attacker may specialize on a very often used \s-1DH\s0 group. Applications should therefore generate their own \s-1DH\s0 parameters during the installation process using the -openssl \fIdhparam\fR\|(1) application. In order to reduce the computer -time needed for this generation, it is possible to use \s-1DSA\s0 parameters -instead (see \fIdhparam\fR\|(1)), but in this case \s-1SSL_OP_SINGLE_DH_USE\s0 -is mandatory. +openssl \fIdhparam\fR\|(1) application. This application +guarantees that \*(L"strong\*(R" primes are used. .PP -Application authors may compile in \s-1DH\s0 parameters. Files dh512.pem, -dh1024.pem, dh2048.pem, and dh4096.pem in the 'apps' directory of current +Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters, which use safe primes and were generated verifiably pseudo-randomly. These files can be converted into C code using the \fB\-C\fR option of the -\&\fIdhparam\fR\|(1) application. -Authors may also generate their own set of parameters using -\&\fIdhparam\fR\|(1), but a user may not be sure how the parameters were -generated. The generation of \s-1DH\s0 parameters during installation is therefore -recommended. +\&\fIdhparam\fR\|(1) application. Generation of custom \s-1DH\s0 +parameters during installation should still be preferred to stop an +attacker from specializing on a commonly used group. Files dh1024.pem +and dh512.pem contain old parameters that must not be used by +applications. .PP An application may either directly specify the \s-1DH\s0 parameters or -can supply the \s-1DH\s0 parameters via a callback function. The callback approach -has the advantage, that the callback may supply \s-1DH\s0 parameters for different -key lengths. +can supply the \s-1DH\s0 parameters via a callback function. .PP -The \fBtmp_dh_callback\fR is called with the \fBkeylength\fR needed and -the \fBis_export\fR information. The \fBis_export\fR flag is set, when the -ephemeral \s-1DH\s0 key exchange is performed with an export cipher. +Previous versions of the callback used \fBis_export\fR and \fBkeylength\fR +parameters to control parameter generation for export and non-export +cipher suites. Modern servers that do not support export ciphersuites +are advised to either use \fISSL_CTX_set_tmp_dh()\fR in combination with +\&\s-1SSL_OP_SINGLE_DH_USE,\s0 or alternatively, use the callback but ignore +\&\fBkeylength\fR and \fBis_export\fR and simply supply at least 2048\-bit +parameters in the callback. .SH "EXAMPLES" .IX Header "EXAMPLES" -Handle \s-1DH\s0 parameters for key lengths of 512 and 1024 bits. (Error handling +Setup \s-1DH\s0 parameters with a key length of 2048 bits. (Error handling partly left out.) .PP -.Vb 5 -\& ... -\& /* Set up ephemeral DH stuff */ -\& DH *dh_512 = NULL; -\& DH *dh_1024 = NULL; -\& FILE *paramfile; +.Vb 2 +\& Command\-line parameter generation: +\& $ openssl dhparam \-out dh_param_2048.pem 2048 \& +\& Code for setting up parameters during server initialization: +\& +\& ... +\& SSL_CTX ctx = SSL_CTX_new(); \& ... -\& /* "openssl dhparam \-out dh_param_512.pem \-2 512" */ -\& paramfile = fopen("dh_param_512.pem", "r"); +\& +\& /* Set up ephemeral DH parameters. */ +\& DH *dh_2048 = NULL; +\& FILE *paramfile; +\& paramfile = fopen("dh_param_2048.pem", "r"); \& if (paramfile) { -\& dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); +\& dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); \& fclose(paramfile); +\& } else { +\& /* Error. */ \& } -\& /* "openssl dhparam \-out dh_param_1024.pem \-2 1024" */ -\& paramfile = fopen("dh_param_1024.pem", "r"); -\& if (paramfile) { -\& dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); -\& fclose(paramfile); +\& if (dh_2048 == NULL) { +\& /* Error. */ \& } -\& ... -\& -\& /* "openssl dhparam \-C \-2 512" etc... */ -\& DH *get_dh512() { ... } -\& DH *get_dh1024() { ... } -\& -\& DH *tmp_dh_callback(SSL *s, int is_export, int keylength) -\& { -\& DH *dh_tmp=NULL; -\& -\& switch (keylength) { -\& case 512: -\& if (!dh_512) -\& dh_512 = get_dh512(); -\& dh_tmp = dh_512; -\& break; -\& case 1024: -\& if (!dh_1024) -\& dh_1024 = get_dh1024(); -\& dh_tmp = dh_1024; -\& break; -\& default: -\& /* Generating a key on the fly is very costly, so use what is there */ -\& setup_dh_parameters_like_above(); -\& } -\& return(dh_tmp); +\& if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) { +\& /* Error. */ \& } +\& SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE); +\& ... .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 index 55bd191..f24a327 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tmp_rsa_callback 3" -.TH SSL_CTX_set_tmp_rsa_callback 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_set_tmp_rsa_callback 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_verify.3 b/secure/lib/libssl/man/SSL_CTX_set_verify.3 index 923446d..e7304a7 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_verify.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_verify.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_verify 3" -.TH SSL_CTX_set_verify 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_set_verify 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 index 78ead25..da83555 100644 --- a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 +++ b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_use_certificate 3" -.TH SSL_CTX_use_certificate 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_use_certificate 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 b/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 index 7c5ea3b..f248b24 100644 --- a/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 +++ b/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_use_psk_identity_hint 3" -.TH SSL_CTX_use_psk_identity_hint 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_CTX_use_psk_identity_hint 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_SESSION_free.3 b/secure/lib/libssl/man/SSL_SESSION_free.3 index 98b777b..637c5c8 100644 --- a/secure/lib/libssl/man/SSL_SESSION_free.3 +++ b/secure/lib/libssl/man/SSL_SESSION_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_free 3" -.TH SSL_SESSION_free 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_SESSION_free 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 index 1bdb354..f578216 100644 --- a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_get_ex_new_index 3" -.TH SSL_SESSION_get_ex_new_index 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_SESSION_get_ex_new_index 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_SESSION_get_time.3 b/secure/lib/libssl/man/SSL_SESSION_get_time.3 index 1076c8c..c9f0351 100644 --- a/secure/lib/libssl/man/SSL_SESSION_get_time.3 +++ b/secure/lib/libssl/man/SSL_SESSION_get_time.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_get_time 3" -.TH SSL_SESSION_get_time 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_SESSION_get_time 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_accept.3 b/secure/lib/libssl/man/SSL_accept.3 index 60d1284..ac612c9 100644 --- a/secure/lib/libssl/man/SSL_accept.3 +++ b/secure/lib/libssl/man/SSL_accept.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_accept 3" -.TH SSL_accept 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_accept 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_alert_type_string.3 b/secure/lib/libssl/man/SSL_alert_type_string.3 index d75509f..a5224d9 100644 --- a/secure/lib/libssl/man/SSL_alert_type_string.3 +++ b/secure/lib/libssl/man/SSL_alert_type_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_alert_type_string 3" -.TH SSL_alert_type_string 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_alert_type_string 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_clear.3 b/secure/lib/libssl/man/SSL_clear.3 index 309810d..82b07a6 100644 --- a/secure/lib/libssl/man/SSL_clear.3 +++ b/secure/lib/libssl/man/SSL_clear.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_clear 3" -.TH SSL_clear 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_clear 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_connect.3 b/secure/lib/libssl/man/SSL_connect.3 index abeba2d..8cc40ac 100644 --- a/secure/lib/libssl/man/SSL_connect.3 +++ b/secure/lib/libssl/man/SSL_connect.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_connect 3" -.TH SSL_connect 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_connect 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_do_handshake.3 b/secure/lib/libssl/man/SSL_do_handshake.3 index 61ab31e..64cef6d 100644 --- a/secure/lib/libssl/man/SSL_do_handshake.3 +++ b/secure/lib/libssl/man/SSL_do_handshake.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_do_handshake 3" -.TH SSL_do_handshake 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_do_handshake 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_free.3 b/secure/lib/libssl/man/SSL_free.3 index 7d5e22e..792270a 100644 --- a/secure/lib/libssl/man/SSL_free.3 +++ b/secure/lib/libssl/man/SSL_free.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_free 3" -.TH SSL_free 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_free 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 index ec42719..8655fd3 100644 --- a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 +++ b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_SSL_CTX 3" -.TH SSL_get_SSL_CTX 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_get_SSL_CTX 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_ciphers.3 b/secure/lib/libssl/man/SSL_get_ciphers.3 index 4786c94..cf3c748 100644 --- a/secure/lib/libssl/man/SSL_get_ciphers.3 +++ b/secure/lib/libssl/man/SSL_get_ciphers.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ciphers 3" -.TH SSL_get_ciphers 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_get_ciphers 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_client_CA_list.3 b/secure/lib/libssl/man/SSL_get_client_CA_list.3 index 38a1dc7..f2e80d2 100644 --- a/secure/lib/libssl/man/SSL_get_client_CA_list.3 +++ b/secure/lib/libssl/man/SSL_get_client_CA_list.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_client_CA_list 3" -.TH SSL_get_client_CA_list 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_get_client_CA_list 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_current_cipher.3 b/secure/lib/libssl/man/SSL_get_current_cipher.3 index 13ddc98..bad99e4 100644 --- a/secure/lib/libssl/man/SSL_get_current_cipher.3 +++ b/secure/lib/libssl/man/SSL_get_current_cipher.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_current_cipher 3" -.TH SSL_get_current_cipher 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_get_current_cipher 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_default_timeout.3 b/secure/lib/libssl/man/SSL_get_default_timeout.3 index 2c2e15d..174dc40 100644 --- a/secure/lib/libssl/man/SSL_get_default_timeout.3 +++ b/secure/lib/libssl/man/SSL_get_default_timeout.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_default_timeout 3" -.TH SSL_get_default_timeout 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_get_default_timeout 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_error.3 b/secure/lib/libssl/man/SSL_get_error.3 index dead724..14e6bc5 100644 --- a/secure/lib/libssl/man/SSL_get_error.3 +++ b/secure/lib/libssl/man/SSL_get_error.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_error 3" -.TH SSL_get_error 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_get_error 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 index 78035a7..ac9a8dc 100644 --- a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 +++ b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3" -.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_get_ex_new_index.3 index 18cc8a3..b5aa7cb 100644 --- a/secure/lib/libssl/man/SSL_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_get_ex_new_index.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ex_new_index 3" -.TH SSL_get_ex_new_index 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_get_ex_new_index 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_fd.3 b/secure/lib/libssl/man/SSL_get_fd.3 index 3ef8028..a0e1de9 100644 --- a/secure/lib/libssl/man/SSL_get_fd.3 +++ b/secure/lib/libssl/man/SSL_get_fd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_fd 3" -.TH SSL_get_fd 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_get_fd 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 index 71febc7..6375479 100644 --- a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 +++ b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_peer_cert_chain 3" -.TH SSL_get_peer_cert_chain 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_get_peer_cert_chain 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_peer_certificate.3 b/secure/lib/libssl/man/SSL_get_peer_certificate.3 index fc00428..6e92ada 100644 --- a/secure/lib/libssl/man/SSL_get_peer_certificate.3 +++ b/secure/lib/libssl/man/SSL_get_peer_certificate.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_peer_certificate 3" -.TH SSL_get_peer_certificate 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_get_peer_certificate 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_psk_identity.3 b/secure/lib/libssl/man/SSL_get_psk_identity.3 index c0c1b70..ba80d70 100644 --- a/secure/lib/libssl/man/SSL_get_psk_identity.3 +++ b/secure/lib/libssl/man/SSL_get_psk_identity.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_psk_identity 3" -.TH SSL_get_psk_identity 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_get_psk_identity 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_rbio.3 b/secure/lib/libssl/man/SSL_get_rbio.3 index cb85024..9691afd 100644 --- a/secure/lib/libssl/man/SSL_get_rbio.3 +++ b/secure/lib/libssl/man/SSL_get_rbio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_rbio 3" -.TH SSL_get_rbio 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_get_rbio 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_session.3 b/secure/lib/libssl/man/SSL_get_session.3 index 4ba0908..3ec794b 100644 --- a/secure/lib/libssl/man/SSL_get_session.3 +++ b/secure/lib/libssl/man/SSL_get_session.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_session 3" -.TH SSL_get_session 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_get_session 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_verify_result.3 b/secure/lib/libssl/man/SSL_get_verify_result.3 index b5d6f94..c44c534 100644 --- a/secure/lib/libssl/man/SSL_get_verify_result.3 +++ b/secure/lib/libssl/man/SSL_get_verify_result.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_verify_result 3" -.TH SSL_get_verify_result 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_get_verify_result 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_version.3 b/secure/lib/libssl/man/SSL_get_version.3 index c01e1cf..aa77570 100644 --- a/secure/lib/libssl/man/SSL_get_version.3 +++ b/secure/lib/libssl/man/SSL_get_version.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_version 3" -.TH SSL_get_version 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_get_version 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_library_init.3 b/secure/lib/libssl/man/SSL_library_init.3 index 30969d3..211753c 100644 --- a/secure/lib/libssl/man/SSL_library_init.3 +++ b/secure/lib/libssl/man/SSL_library_init.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_library_init 3" -.TH SSL_library_init 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_library_init 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_load_client_CA_file.3 b/secure/lib/libssl/man/SSL_load_client_CA_file.3 index ebe51bf..11bfacd 100644 --- a/secure/lib/libssl/man/SSL_load_client_CA_file.3 +++ b/secure/lib/libssl/man/SSL_load_client_CA_file.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_load_client_CA_file 3" -.TH SSL_load_client_CA_file 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_load_client_CA_file 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_new.3 b/secure/lib/libssl/man/SSL_new.3 index 4459826..14cb73b 100644 --- a/secure/lib/libssl/man/SSL_new.3 +++ b/secure/lib/libssl/man/SSL_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_new 3" -.TH SSL_new 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_new 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_pending.3 b/secure/lib/libssl/man/SSL_pending.3 index 4eda613..3b6583e 100644 --- a/secure/lib/libssl/man/SSL_pending.3 +++ b/secure/lib/libssl/man/SSL_pending.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_pending 3" -.TH SSL_pending 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_pending 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_read.3 b/secure/lib/libssl/man/SSL_read.3 index 4a2fde0..f7e7bea 100644 --- a/secure/lib/libssl/man/SSL_read.3 +++ b/secure/lib/libssl/man/SSL_read.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_read 3" -.TH SSL_read 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_read 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_rstate_string.3 b/secure/lib/libssl/man/SSL_rstate_string.3 index 1a60a40..eaf9288 100644 --- a/secure/lib/libssl/man/SSL_rstate_string.3 +++ b/secure/lib/libssl/man/SSL_rstate_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_rstate_string 3" -.TH SSL_rstate_string 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_rstate_string 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_session_reused.3 b/secure/lib/libssl/man/SSL_session_reused.3 index fdcd4f8..7b21d7f 100644 --- a/secure/lib/libssl/man/SSL_session_reused.3 +++ b/secure/lib/libssl/man/SSL_session_reused.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_session_reused 3" -.TH SSL_session_reused 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_session_reused 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_bio.3 b/secure/lib/libssl/man/SSL_set_bio.3 index 8ada003..f841f26 100644 --- a/secure/lib/libssl/man/SSL_set_bio.3 +++ b/secure/lib/libssl/man/SSL_set_bio.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_bio 3" -.TH SSL_set_bio 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_set_bio 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_connect_state.3 b/secure/lib/libssl/man/SSL_set_connect_state.3 index 20791d8..7692ee9 100644 --- a/secure/lib/libssl/man/SSL_set_connect_state.3 +++ b/secure/lib/libssl/man/SSL_set_connect_state.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_connect_state 3" -.TH SSL_set_connect_state 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_set_connect_state 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_fd.3 b/secure/lib/libssl/man/SSL_set_fd.3 index aa6a36d..3e5c868 100644 --- a/secure/lib/libssl/man/SSL_set_fd.3 +++ b/secure/lib/libssl/man/SSL_set_fd.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_fd 3" -.TH SSL_set_fd 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_set_fd 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_session.3 b/secure/lib/libssl/man/SSL_set_session.3 index 2276d78..f0eb37d 100644 --- a/secure/lib/libssl/man/SSL_set_session.3 +++ b/secure/lib/libssl/man/SSL_set_session.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_session 3" -.TH SSL_set_session 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_set_session 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_shutdown.3 b/secure/lib/libssl/man/SSL_set_shutdown.3 index 874bac1..384d3f9 100644 --- a/secure/lib/libssl/man/SSL_set_shutdown.3 +++ b/secure/lib/libssl/man/SSL_set_shutdown.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_shutdown 3" -.TH SSL_set_shutdown 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_set_shutdown 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_verify_result.3 b/secure/lib/libssl/man/SSL_set_verify_result.3 index 48739ba..bbca503 100644 --- a/secure/lib/libssl/man/SSL_set_verify_result.3 +++ b/secure/lib/libssl/man/SSL_set_verify_result.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_verify_result 3" -.TH SSL_set_verify_result 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_set_verify_result 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_shutdown.3 b/secure/lib/libssl/man/SSL_shutdown.3 index 036d2e7..1c74cb9 100644 --- a/secure/lib/libssl/man/SSL_shutdown.3 +++ b/secure/lib/libssl/man/SSL_shutdown.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_shutdown 3" -.TH SSL_shutdown 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_shutdown 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_state_string.3 b/secure/lib/libssl/man/SSL_state_string.3 index cc6eab1..c6b89aa 100644 --- a/secure/lib/libssl/man/SSL_state_string.3 +++ b/secure/lib/libssl/man/SSL_state_string.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_state_string 3" -.TH SSL_state_string 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_state_string 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_want.3 b/secure/lib/libssl/man/SSL_want.3 index 9b43446..e5c47a0 100644 --- a/secure/lib/libssl/man/SSL_want.3 +++ b/secure/lib/libssl/man/SSL_want.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_want 3" -.TH SSL_want 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_want 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_write.3 b/secure/lib/libssl/man/SSL_write.3 index f56625c..a37612c 100644 --- a/secure/lib/libssl/man/SSL_write.3 +++ b/secure/lib/libssl/man/SSL_write.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_write 3" -.TH SSL_write 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SSL_write 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/d2i_SSL_SESSION.3 b/secure/lib/libssl/man/d2i_SSL_SESSION.3 index 6d25af6..7e687aa 100644 --- a/secure/lib/libssl/man/d2i_SSL_SESSION.3 +++ b/secure/lib/libssl/man/d2i_SSL_SESSION.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "d2i_SSL_SESSION 3" -.TH d2i_SSL_SESSION 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH d2i_SSL_SESSION 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/ssl.3 b/secure/lib/libssl/man/ssl.3 index e84383f..f746ec1 100644 --- a/secure/lib/libssl/man/ssl.3 +++ b/secure/lib/libssl/man/ssl.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ssl 3" -.TH ssl 3 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ssl 3 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/CA.pl.1 b/secure/usr.bin/openssl/man/CA.pl.1 index 87627d6..5359c1f 100644 --- a/secure/usr.bin/openssl/man/CA.pl.1 +++ b/secure/usr.bin/openssl/man/CA.pl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CA.PL 1" -.TH CA.PL 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CA.PL 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/asn1parse.1 b/secure/usr.bin/openssl/man/asn1parse.1 index afea978f..1921143 100644 --- a/secure/usr.bin/openssl/man/asn1parse.1 +++ b/secure/usr.bin/openssl/man/asn1parse.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ASN1PARSE 1" -.TH ASN1PARSE 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ASN1PARSE 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/c_rehash.1 b/secure/usr.bin/openssl/man/c_rehash.1 index 0a34ccd..8efdff8 100644 --- a/secure/usr.bin/openssl/man/c_rehash.1 +++ b/secure/usr.bin/openssl/man/c_rehash.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "C_REHASH 1" -.TH C_REHASH 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH C_REHASH 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ca.1 b/secure/usr.bin/openssl/man/ca.1 index 1697883..e5d5fd3 100644 --- a/secure/usr.bin/openssl/man/ca.1 +++ b/secure/usr.bin/openssl/man/ca.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CA 1" -.TH CA 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CA 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ciphers.1 b/secure/usr.bin/openssl/man/ciphers.1 index f1e2e32..fb8ef67 100644 --- a/secure/usr.bin/openssl/man/ciphers.1 +++ b/secure/usr.bin/openssl/man/ciphers.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CIPHERS 1" -.TH CIPHERS 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CIPHERS 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/cms.1 b/secure/usr.bin/openssl/man/cms.1 index 55d7cf1..eb0c26b 100644 --- a/secure/usr.bin/openssl/man/cms.1 +++ b/secure/usr.bin/openssl/man/cms.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CMS 1" -.TH CMS 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CMS 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -171,6 +171,7 @@ cms \- CMS utility [\fB\-print\fR] [\fB\-CAfile file\fR] [\fB\-CApath dir\fR] +[\fB\-no_alt_chains\fR] [\fB\-md digest\fR] [\fB\-[cipher]\fR] [\fB\-nointern\fR] @@ -482,8 +483,8 @@ the relevant mail headers. These are included outside the signed portion of a message so they may be included manually. If signing then many S/MIME mail clients check the signers certificate's email address matches that specified in the From: address. -.IP "\fB\-purpose, \-ignore_critical, \-issuer_checks, \-crl_check, \-crl_check_all, \-policy_check, \-extended_crl, \-x509_strict, \-policy \-check_ss_sig\fR" 4 -.IX Item "-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig" +.IP "\fB\-purpose, \-ignore_critical, \-issuer_checks, \-crl_check, \-crl_check_all, \-policy_check, \-extended_crl, \-x509_strict, \-policy \-check_ss_sig \-no_alt_chains\fR" 4 +.IX Item "-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains" Set various certificate chain valiadition option. See the \&\fBverify\fR manual page for details. .SH "NOTES" @@ -698,3 +699,5 @@ No revocation checking is done on the signer's certificate. .IX Header "HISTORY" The use of multiple \fB\-signer\fR options and the \fB\-resign\fR command were first added in OpenSSL 1.0.0 +.PP +The \-no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. diff --git a/secure/usr.bin/openssl/man/crl.1 b/secure/usr.bin/openssl/man/crl.1 index 70c3067..7bfecd0 100644 --- a/secure/usr.bin/openssl/man/crl.1 +++ b/secure/usr.bin/openssl/man/crl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CRL 1" -.TH CRL 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CRL 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/crl2pkcs7.1 b/secure/usr.bin/openssl/man/crl2pkcs7.1 index 98f792e..c8f286b 100644 --- a/secure/usr.bin/openssl/man/crl2pkcs7.1 +++ b/secure/usr.bin/openssl/man/crl2pkcs7.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "CRL2PKCS7 1" -.TH CRL2PKCS7 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH CRL2PKCS7 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/dgst.1 b/secure/usr.bin/openssl/man/dgst.1 index 4565e7e..58fbaeb 100644 --- a/secure/usr.bin/openssl/man/dgst.1 +++ b/secure/usr.bin/openssl/man/dgst.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DGST 1" -.TH DGST 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH DGST 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/dhparam.1 b/secure/usr.bin/openssl/man/dhparam.1 index d377080..3359d4b 100644 --- a/secure/usr.bin/openssl/man/dhparam.1 +++ b/secure/usr.bin/openssl/man/dhparam.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DHPARAM 1" -.TH DHPARAM 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH DHPARAM 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -197,8 +197,10 @@ avoid small-subgroup attacks that may be possible otherwise. check if the parameters are valid primes and generator. .IP "\fB\-2\fR, \fB\-5\fR" 4 .IX Item "-2, -5" -The generator to use, either 2 or 5. 2 is the default. If present then the -input file is ignored and parameters are generated instead. +The generator to use, either 2 or 5. If present then the +input file is ignored and parameters are generated instead. If not +present but \fBnumbits\fR is present, parameters are generated with the +default generator 2. .IP "\fB\-rand\fR \fIfile(s)\fR" 4 .IX Item "-rand file(s)" a file or files containing random data used to seed the random number @@ -209,9 +211,10 @@ all others. .IP "\fInumbits\fR" 4 .IX Item "numbits" this option specifies that a parameter set should be generated of size -\&\fInumbits\fR. It must be the last option. If not present then a value of 512 -is used. If this option is present then the input file is ignored and -parameters are generated instead. +\&\fInumbits\fR. It must be the last option. If this option is present then +the input file is ignored and parameters are generated instead. If +this option is not present but a generator (\fB\-2\fR or \fB\-5\fR) is +present, parameters are generated with a default length of 2048 bits. .IP "\fB\-noout\fR" 4 .IX Item "-noout" this option inhibits the output of the encoded version of the parameters. diff --git a/secure/usr.bin/openssl/man/dsa.1 b/secure/usr.bin/openssl/man/dsa.1 index db8fff6..166c1f3 100644 --- a/secure/usr.bin/openssl/man/dsa.1 +++ b/secure/usr.bin/openssl/man/dsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSA 1" -.TH DSA 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH DSA 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/dsaparam.1 b/secure/usr.bin/openssl/man/dsaparam.1 index 21f2f28..a784d18 100644 --- a/secure/usr.bin/openssl/man/dsaparam.1 +++ b/secure/usr.bin/openssl/man/dsaparam.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "DSAPARAM 1" -.TH DSAPARAM 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH DSAPARAM 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ec.1 b/secure/usr.bin/openssl/man/ec.1 index d9e7499..a44285c 100644 --- a/secure/usr.bin/openssl/man/ec.1 +++ b/secure/usr.bin/openssl/man/ec.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EC 1" -.TH EC 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH EC 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ecparam.1 b/secure/usr.bin/openssl/man/ecparam.1 index bd29211..a6e8cb1 100644 --- a/secure/usr.bin/openssl/man/ecparam.1 +++ b/secure/usr.bin/openssl/man/ecparam.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ECPARAM 1" -.TH ECPARAM 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ECPARAM 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/enc.1 b/secure/usr.bin/openssl/man/enc.1 index 4fce370..c897ff5 100644 --- a/secure/usr.bin/openssl/man/enc.1 +++ b/secure/usr.bin/openssl/man/enc.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ENC 1" -.TH ENC 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ENC 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/errstr.1 b/secure/usr.bin/openssl/man/errstr.1 index eef9e67..be39d38 100644 --- a/secure/usr.bin/openssl/man/errstr.1 +++ b/secure/usr.bin/openssl/man/errstr.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "ERRSTR 1" -.TH ERRSTR 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH ERRSTR 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/gendsa.1 b/secure/usr.bin/openssl/man/gendsa.1 index d7489c0..5dbde1c 100644 --- a/secure/usr.bin/openssl/man/gendsa.1 +++ b/secure/usr.bin/openssl/man/gendsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "GENDSA 1" -.TH GENDSA 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH GENDSA 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/genpkey.1 b/secure/usr.bin/openssl/man/genpkey.1 index 209f4b7..f40910e 100644 --- a/secure/usr.bin/openssl/man/genpkey.1 +++ b/secure/usr.bin/openssl/man/genpkey.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "GENPKEY 1" -.TH GENPKEY 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH GENPKEY 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1 index 4b50ce1..09edbff 100644 --- a/secure/usr.bin/openssl/man/genrsa.1 +++ b/secure/usr.bin/openssl/man/genrsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "GENRSA 1" -.TH GENRSA 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH GENRSA 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/nseq.1 b/secure/usr.bin/openssl/man/nseq.1 index d1c1561..1d38330 100644 --- a/secure/usr.bin/openssl/man/nseq.1 +++ b/secure/usr.bin/openssl/man/nseq.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "NSEQ 1" -.TH NSEQ 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH NSEQ 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1 index 87735ff..1aa8f3b 100644 --- a/secure/usr.bin/openssl/man/ocsp.1 +++ b/secure/usr.bin/openssl/man/ocsp.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OCSP 1" -.TH OCSP 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH OCSP 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -165,6 +165,7 @@ ocsp \- Online Certificate Status Protocol utility [\fB\-path\fR] [\fB\-CApath dir\fR] [\fB\-CAfile file\fR] +[\fB\-no_alt_chains\fR]] [\fB\-VAfile file\fR] [\fB\-validity_period n\fR] [\fB\-status_age n\fR] @@ -261,6 +262,9 @@ connection timeout to the \s-1OCSP\s0 responder in seconds .IX Item "-CAfile file, -CApath pathname" file or pathname containing trusted \s-1CA\s0 certificates. These are used to verify the signature on the \s-1OCSP\s0 response. +.IP "\fB\-no_alt_chains\fR" 4 +.IX Item "-no_alt_chains" +See \fBverify\fR manual page for details. .IP "\fB\-verify_other file\fR" 4 .IX Item "-verify_other file" file containing additional certificates to search when attempting to locate @@ -483,3 +487,6 @@ second file. \& openssl ocsp \-index demoCA/index.txt \-rsigner rcert.pem \-CA demoCA/cacert.pem \& \-reqin req.der \-respout resp.der .Ve +.SH "HISTORY" +.IX Header "HISTORY" +The \-no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1 index b0477a9..89be2a7 100644 --- a/secure/usr.bin/openssl/man/openssl.1 +++ b/secure/usr.bin/openssl/man/openssl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL 1" -.TH OPENSSL 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH OPENSSL 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/passwd.1 b/secure/usr.bin/openssl/man/passwd.1 index e3804dc..8e34dce 100644 --- a/secure/usr.bin/openssl/man/passwd.1 +++ b/secure/usr.bin/openssl/man/passwd.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PASSWD 1" -.TH PASSWD 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH PASSWD 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkcs12.1 b/secure/usr.bin/openssl/man/pkcs12.1 index a93795e..7057833 100644 --- a/secure/usr.bin/openssl/man/pkcs12.1 +++ b/secure/usr.bin/openssl/man/pkcs12.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12 1" -.TH PKCS12 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH PKCS12 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkcs7.1 b/secure/usr.bin/openssl/man/pkcs7.1 index cdc7ac7..bcabf62 100644 --- a/secure/usr.bin/openssl/man/pkcs7.1 +++ b/secure/usr.bin/openssl/man/pkcs7.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7 1" -.TH PKCS7 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH PKCS7 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkcs8.1 b/secure/usr.bin/openssl/man/pkcs8.1 index fb6ade1..28c42d1 100644 --- a/secure/usr.bin/openssl/man/pkcs8.1 +++ b/secure/usr.bin/openssl/man/pkcs8.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKCS8 1" -.TH PKCS8 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH PKCS8 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkey.1 b/secure/usr.bin/openssl/man/pkey.1 index b5f23ef..c3b5f3b 100644 --- a/secure/usr.bin/openssl/man/pkey.1 +++ b/secure/usr.bin/openssl/man/pkey.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKEY 1" -.TH PKEY 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH PKEY 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkeyparam.1 b/secure/usr.bin/openssl/man/pkeyparam.1 index af35471..408789c 100644 --- a/secure/usr.bin/openssl/man/pkeyparam.1 +++ b/secure/usr.bin/openssl/man/pkeyparam.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKEYPARAM 1" -.TH PKEYPARAM 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH PKEYPARAM 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkeyutl.1 b/secure/usr.bin/openssl/man/pkeyutl.1 index fa4d67b..bba7c75 100644 --- a/secure/usr.bin/openssl/man/pkeyutl.1 +++ b/secure/usr.bin/openssl/man/pkeyutl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "PKEYUTL 1" -.TH PKEYUTL 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH PKEYUTL 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/rand.1 b/secure/usr.bin/openssl/man/rand.1 index 0b37959..2226250 100644 --- a/secure/usr.bin/openssl/man/rand.1 +++ b/secure/usr.bin/openssl/man/rand.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RAND 1" -.TH RAND 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH RAND 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/req.1 b/secure/usr.bin/openssl/man/req.1 index b3b1ec8..da765c4 100644 --- a/secure/usr.bin/openssl/man/req.1 +++ b/secure/usr.bin/openssl/man/req.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "REQ 1" -.TH REQ 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH REQ 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/rsa.1 b/secure/usr.bin/openssl/man/rsa.1 index 0e398b6..574b4c8 100644 --- a/secure/usr.bin/openssl/man/rsa.1 +++ b/secure/usr.bin/openssl/man/rsa.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSA 1" -.TH RSA 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH RSA 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/rsautl.1 b/secure/usr.bin/openssl/man/rsautl.1 index 83c9e09..fee011f 100644 --- a/secure/usr.bin/openssl/man/rsautl.1 +++ b/secure/usr.bin/openssl/man/rsautl.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "RSAUTL 1" -.TH RSAUTL 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH RSAUTL 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/s_client.1 b/secure/usr.bin/openssl/man/s_client.1 index 13c74ef..5de678c 100644 --- a/secure/usr.bin/openssl/man/s_client.1 +++ b/secure/usr.bin/openssl/man/s_client.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "S_CLIENT 1" -.TH S_CLIENT 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH S_CLIENT 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,6 +154,7 @@ s_client \- SSL/TLS client program [\fB\-pass arg\fR] [\fB\-CApath directory\fR] [\fB\-CAfile filename\fR] +[\fB\-no_alt_chains\fR] [\fB\-reconnect\fR] [\fB\-pause\fR] [\fB\-showcerts\fR] @@ -236,8 +237,8 @@ also used when building the client certificate chain. .IX Item "-CAfile file" A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain. -.IP "\fB\-purpose, \-ignore_critical, \-issuer_checks, \-crl_check, \-crl_check_all, \-policy_check, \-extended_crl, \-x509_strict, \-policy \-check_ss_sig\fR" 4 -.IX Item "-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig" +.IP "\fB\-purpose, \-ignore_critical, \-issuer_checks, \-crl_check, \-crl_check_all, \-policy_check, \-extended_crl, \-x509_strict, \-policy \-check_ss_sig \-no_alt_chains\fR" 4 +.IX Item "-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains" Set various certificate chain valiadition option. See the \&\fBverify\fR manual page for details. .IP "\fB\-reconnect\fR" 4 @@ -434,3 +435,6 @@ information whenever a session is renegotiated. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIsess_id\fR\|(1), \fIs_server\fR\|(1), \fIciphers\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The \-no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1 index 781954a..f20e4ca 100644 --- a/secure/usr.bin/openssl/man/s_server.1 +++ b/secure/usr.bin/openssl/man/s_server.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "S_SERVER 1" -.TH S_SERVER 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH S_SERVER 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -168,6 +168,7 @@ s_server \- SSL/TLS server program [\fB\-state\fR] [\fB\-CApath directory\fR] [\fB\-CAfile filename\fR] +[\fB\-no_alt_chains\fR] [\fB\-nocert\fR] [\fB\-cipher cipherlist\fR] [\fB\-serverpref\fR] @@ -291,6 +292,9 @@ A file containing trusted certificates to use during client authentication and to use when attempting to build the server certificate chain. The list is also used in the list of acceptable client CAs passed to the client when a certificate is requested. +.IP "\fB\-no_alt_chains\fR" 4 +.IX Item "-no_alt_chains" +See the \fBverify\fR manual page for details. .IP "\fB\-state\fR" 4 .IX Item "-state" prints out the \s-1SSL\s0 session states. @@ -470,3 +474,6 @@ unknown cipher suites a client says it supports. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIsess_id\fR\|(1), \fIs_client\fR\|(1), \fIciphers\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The \-no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. diff --git a/secure/usr.bin/openssl/man/s_time.1 b/secure/usr.bin/openssl/man/s_time.1 index 89bb20d..dc607ac 100644 --- a/secure/usr.bin/openssl/man/s_time.1 +++ b/secure/usr.bin/openssl/man/s_time.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "S_TIME 1" -.TH S_TIME 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH S_TIME 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/sess_id.1 b/secure/usr.bin/openssl/man/sess_id.1 index d45369d..cb96183 100644 --- a/secure/usr.bin/openssl/man/sess_id.1 +++ b/secure/usr.bin/openssl/man/sess_id.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SESS_ID 1" -.TH SESS_ID 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SESS_ID 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/smime.1 b/secure/usr.bin/openssl/man/smime.1 index 10bb4e2..2b62689 100644 --- a/secure/usr.bin/openssl/man/smime.1 +++ b/secure/usr.bin/openssl/man/smime.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SMIME 1" -.TH SMIME 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SMIME 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,6 +151,7 @@ smime \- S/MIME utility [\fB\-pk7out\fR] [\fB\-[cipher]\fR] [\fB\-in file\fR] +[\fB\-no_alt_chains\fR] [\fB\-certfile file\fR] [\fB\-signer file\fR] [\fB\-recip file\fR] @@ -356,8 +357,8 @@ the relevant mail headers. These are included outside the signed portion of a message so they may be included manually. If signing then many S/MIME mail clients check the signers certificate's email address matches that specified in the From: address. -.IP "\fB\-purpose, \-ignore_critical, \-issuer_checks, \-crl_check, \-crl_check_all, \-policy_check, \-extended_crl, \-x509_strict, \-policy \-check_ss_sig\fR" 4 -.IX Item "-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig" +.IP "\fB\-purpose, \-ignore_critical, \-issuer_checks, \-crl_check, \-crl_check_all, \-policy_check, \-extended_crl, \-x509_strict, \-policy \-check_ss_sig \-no_alt_chains\fR" 4 +.IX Item "-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains" Set various options of certificate chain verification. See \&\fBverify\fR manual page for details. .SH "NOTES" @@ -548,3 +549,5 @@ structures may cause parsing errors. .IX Header "HISTORY" The use of multiple \fB\-signer\fR options and the \fB\-resign\fR command were first added in OpenSSL 1.0.0 +.PP +The \-no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. diff --git a/secure/usr.bin/openssl/man/speed.1 b/secure/usr.bin/openssl/man/speed.1 index c427c2b..9568f7d 100644 --- a/secure/usr.bin/openssl/man/speed.1 +++ b/secure/usr.bin/openssl/man/speed.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SPEED 1" -.TH SPEED 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SPEED 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/spkac.1 b/secure/usr.bin/openssl/man/spkac.1 index 91c175f..ee1a96b 100644 --- a/secure/usr.bin/openssl/man/spkac.1 +++ b/secure/usr.bin/openssl/man/spkac.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SPKAC 1" -.TH SPKAC 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH SPKAC 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ts.1 b/secure/usr.bin/openssl/man/ts.1 index 0ae61eb..e1ab7d6 100644 --- a/secure/usr.bin/openssl/man/ts.1 +++ b/secure/usr.bin/openssl/man/ts.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "TS 1" -.TH TS 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH TS 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/tsget.1 b/secure/usr.bin/openssl/man/tsget.1 index 019b5f3..99a9917 100644 --- a/secure/usr.bin/openssl/man/tsget.1 +++ b/secure/usr.bin/openssl/man/tsget.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "TSGET 1" -.TH TSGET 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH TSGET 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/verify.1 b/secure/usr.bin/openssl/man/verify.1 index 2c3106f..5826a69 100644 --- a/secure/usr.bin/openssl/man/verify.1 +++ b/secure/usr.bin/openssl/man/verify.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "VERIFY 1" -.TH VERIFY 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH VERIFY 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -158,6 +158,7 @@ verify \- Utility to verify certificates. [\fB\-extended_crl\fR] [\fB\-use_deltas\fR] [\fB\-policy_print\fR] +[\fB\-no_alt_chains\fR] [\fB\-untrusted file\fR] [\fB\-help\fR] [\fB\-issuer_checks\fR] @@ -227,6 +228,13 @@ Set policy variable inhibit-any-policy (see \s-1RFC5280\s0). .IP "\fB\-inhibit_map\fR" 4 .IX Item "-inhibit_map" Set policy variable inhibit-policy-mapping (see \s-1RFC5280\s0). +.IP "\fB\-no_alt_chains\fR" 4 +.IX Item "-no_alt_chains" +When building a certificate chain, if the first certificate chain found is not +trusted, then OpenSSL will continue to check to see if an alternative chain can +be found that is trusted. With this option that behaviour is suppressed so that +only the first chain found is ever used. Using this option will force the +behaviour to match that of previous OpenSSL versions. .IP "\fB\-policy_print\fR" 4 .IX Item "-policy_print" Print out diagnostics related to policy processing. @@ -477,3 +485,6 @@ Previous versions of this documentation swapped the meaning of the .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIx509\fR\|(1) +.SH "HISTORY" +.IX Header "HISTORY" +The \-no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. diff --git a/secure/usr.bin/openssl/man/version.1 b/secure/usr.bin/openssl/man/version.1 index 5188c0a..0b18a1f 100644 --- a/secure/usr.bin/openssl/man/version.1 +++ b/secure/usr.bin/openssl/man/version.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "VERSION 1" -.TH VERSION 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH VERSION 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/x509.1 b/secure/usr.bin/openssl/man/x509.1 index 46ea514..1a400a7 100644 --- a/secure/usr.bin/openssl/man/x509.1 +++ b/secure/usr.bin/openssl/man/x509.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509 1" -.TH X509 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH X509 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/x509v3_config.1 b/secure/usr.bin/openssl/man/x509v3_config.1 index 5d331fc..6a94ebb 100644 --- a/secure/usr.bin/openssl/man/x509v3_config.1 +++ b/secure/usr.bin/openssl/man/x509v3_config.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "X509V3_CONFIG 1" -.TH X509V3_CONFIG 1 "2015-03-19" "1.0.1m" "OpenSSL" +.TH X509V3_CONFIG 1 "2015-06-11" "1.0.1n" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l |
