summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjkim <jkim@FreeBSD.org>2015-01-08 23:42:41 +0000
committerjkim <jkim@FreeBSD.org>2015-01-08 23:42:41 +0000
commit4f9b1cef1a6825f03178937e0feb39a2b2d046c8 (patch)
tree6c2f3cb14d70e0247fe500835bed3d3588c3025e
parentcfd5b20c8bb6e3677ef84152d28058c0ead0de39 (diff)
parenta350427e88bc6ff288594c964ca0f57464062eb0 (diff)
downloadFreeBSD-src-4f9b1cef1a6825f03178937e0feb39a2b2d046c8.zip
FreeBSD-src-4f9b1cef1a6825f03178937e0feb39a2b2d046c8.tar.gz
Merge OpenSSL 1.0.1k.
-rw-r--r--crypto/openssl/CHANGES130
-rwxr-xr-xcrypto/openssl/Configure5
-rw-r--r--crypto/openssl/Makefile2
-rw-r--r--crypto/openssl/NEWS11
-rw-r--r--crypto/openssl/README2
-rw-r--r--crypto/openssl/apps/ca.c2
-rw-r--r--crypto/openssl/apps/dgst.c2
-rw-r--r--crypto/openssl/apps/ocsp.c98
-rw-r--r--crypto/openssl/apps/openssl.c5
-rw-r--r--crypto/openssl/apps/s_client.c22
-rw-r--r--crypto/openssl/apps/s_server.c22
-rw-r--r--crypto/openssl/apps/s_time.c6
-rw-r--r--crypto/openssl/apps/speed.c23
-rw-r--r--crypto/openssl/crypto/Makefile7
-rwxr-xr-xcrypto/openssl/crypto/aes/asm/aes-mips.pl2
-rw-r--r--crypto/openssl/crypto/asn1/a_bitstr.c7
-rw-r--r--crypto/openssl/crypto/asn1/a_type.c2
-rw-r--r--crypto/openssl/crypto/asn1/a_verify.c12
-rw-r--r--crypto/openssl/crypto/asn1/asn1.h4
-rw-r--r--crypto/openssl/crypto/asn1/asn1_err.c4
-rw-r--r--crypto/openssl/crypto/asn1/tasn_dec.c8
-rw-r--r--crypto/openssl/crypto/asn1/x_algor.c11
-rw-r--r--crypto/openssl/crypto/asn1/x_name.c2
-rw-r--r--crypto/openssl/crypto/bio/bio.h4
-rw-r--r--crypto/openssl/crypto/bio/bss_dgram.c158
-rwxr-xr-xcrypto/openssl/crypto/bn/asm/mips.pl611
-rw-r--r--crypto/openssl/crypto/bn/asm/mips3.s2201
-rw-r--r--crypto/openssl/crypto/bn/asm/x86_64-gcc.c34
-rw-r--r--crypto/openssl/crypto/bn/bn.h4
-rw-r--r--crypto/openssl/crypto/bn/bn_asm.c16
-rw-r--r--crypto/openssl/crypto/bn/bn_ctx.c2
-rw-r--r--crypto/openssl/crypto/bn/bn_div.c8
-rw-r--r--crypto/openssl/crypto/bn/bntest.c178
-rw-r--r--crypto/openssl/crypto/constant_time_locl.h18
-rw-r--r--crypto/openssl/crypto/cversion.c15
-rw-r--r--crypto/openssl/crypto/dsa/dsa_asn1.c14
-rw-r--r--crypto/openssl/crypto/dso/dso_dlfcn.c6
-rw-r--r--crypto/openssl/crypto/ec/ec_lib.c2
-rw-r--r--crypto/openssl/crypto/ec/ec_mult.c7
-rw-r--r--crypto/openssl/crypto/ec/ec_pmeth.c6
-rw-r--r--crypto/openssl/crypto/ec/ecp_nistp256.c1
-rw-r--r--crypto/openssl/crypto/ec/ectest.c4
-rw-r--r--crypto/openssl/crypto/ecdsa/Makefile13
-rw-r--r--crypto/openssl/crypto/ecdsa/ecs_vrf.c15
-rw-r--r--crypto/openssl/crypto/engine/eng_dyn.c3
-rw-r--r--crypto/openssl/crypto/evp/Makefile2
-rw-r--r--crypto/openssl/crypto/evp/e_des3.c22
-rw-r--r--crypto/openssl/crypto/evp/evp_enc.c58
-rw-r--r--crypto/openssl/crypto/md32_common.h6
-rw-r--r--crypto/openssl/crypto/mem.c12
-rw-r--r--crypto/openssl/crypto/objects/obj_xref.h3
-rwxr-xr-xcrypto/openssl/crypto/objects/objxref.pl5
-rw-r--r--crypto/openssl/crypto/opensslv.h6
-rwxr-xr-xcrypto/openssl/crypto/sha/asm/sha1-mips.pl2
-rwxr-xr-xcrypto/openssl/crypto/sha/asm/sha512-mips.pl2
-rw-r--r--crypto/openssl/crypto/ts/ts_rsp_sign.c2
-rw-r--r--crypto/openssl/crypto/x509/x509.h1
-rw-r--r--crypto/openssl/crypto/x509/x509_vpm.c2
-rw-r--r--crypto/openssl/crypto/x509/x_all.c2
-rw-r--r--crypto/openssl/doc/HOWTO/certificates.txt75
-rw-r--r--crypto/openssl/doc/HOWTO/proxy_certificates.txt206
-rw-r--r--crypto/openssl/doc/apps/dgst.pod11
-rw-r--r--crypto/openssl/doc/apps/ocsp.pod4
-rw-r--r--crypto/openssl/doc/crypto/EVP_EncryptInit.pod2
-rw-r--r--crypto/openssl/doc/crypto/EVP_PKEY_encrypt.pod12
-rw-r--r--crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod12
-rw-r--r--crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod4
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod10
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_options.pod10
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod23
-rw-r--r--crypto/openssl/e_os.h27
-rw-r--r--crypto/openssl/engines/e_padlock.c2
-rw-r--r--crypto/openssl/ssl/d1_both.c162
-rw-r--r--crypto/openssl/ssl/d1_clnt.c25
-rw-r--r--crypto/openssl/ssl/d1_enc.c3
-rw-r--r--crypto/openssl/ssl/d1_lib.c38
-rw-r--r--crypto/openssl/ssl/d1_pkt.c37
-rw-r--r--crypto/openssl/ssl/d1_srvr.c53
-rw-r--r--crypto/openssl/ssl/dtls1.h8
-rw-r--r--crypto/openssl/ssl/kssl.c72
-rw-r--r--crypto/openssl/ssl/s23_srvr.c7
-rw-r--r--crypto/openssl/ssl/s2_enc.c12
-rw-r--r--crypto/openssl/ssl/s2_pkt.c9
-rw-r--r--crypto/openssl/ssl/s2_srvr.c22
-rw-r--r--crypto/openssl/ssl/s3_both.c1
-rw-r--r--crypto/openssl/ssl/s3_clnt.c131
-rw-r--r--crypto/openssl/ssl/s3_enc.c3
-rw-r--r--crypto/openssl/ssl/s3_lib.c16
-rw-r--r--crypto/openssl/ssl/s3_meth.c5
-rw-r--r--crypto/openssl/ssl/s3_pkt.c5
-rw-r--r--crypto/openssl/ssl/s3_srvr.c143
-rw-r--r--crypto/openssl/ssl/srtp.h4
-rw-r--r--crypto/openssl/ssl/ssl.h28
-rw-r--r--crypto/openssl/ssl/ssl3.h13
-rw-r--r--crypto/openssl/ssl/ssl_cert.c29
-rw-r--r--crypto/openssl/ssl/ssl_ciph.c12
-rw-r--r--crypto/openssl/ssl/ssl_lib.c46
-rw-r--r--crypto/openssl/ssl/ssl_locl.h7
-rw-r--r--crypto/openssl/ssl/ssl_sess.c16
-rw-r--r--crypto/openssl/ssl/ssltest.c77
-rw-r--r--crypto/openssl/ssl/t1_enc.c70
-rw-r--r--crypto/openssl/ssl/t1_lib.c38
-rw-r--r--crypto/openssl/util/libeay.num1
-rwxr-xr-xcrypto/openssl/util/mk1mf.pl16
-rwxr-xr-xcrypto/openssl/util/mkbuildinf.pl35
-rwxr-xr-xcrypto/openssl/util/mkdef.pl6
-rw-r--r--crypto/openssl/util/pl/netware.pl2
-rw-r--r--crypto/openssl/util/ssleay.num6
-rw-r--r--secure/lib/libcrypto/Makefile.inc4
-rw-r--r--secure/lib/libcrypto/man/ASN1_OBJECT_new.331
-rw-r--r--secure/lib/libcrypto/man/ASN1_STRING_length.331
-rw-r--r--secure/lib/libcrypto/man/ASN1_STRING_new.329
-rw-r--r--secure/lib/libcrypto/man/ASN1_STRING_print_ex.341
-rw-r--r--secure/lib/libcrypto/man/ASN1_generate_nconf.361
-rw-r--r--secure/lib/libcrypto/man/BIO_ctrl.347
-rw-r--r--secure/lib/libcrypto/man/BIO_f_base64.333
-rw-r--r--secure/lib/libcrypto/man/BIO_f_buffer.331
-rw-r--r--secure/lib/libcrypto/man/BIO_f_cipher.339
-rw-r--r--secure/lib/libcrypto/man/BIO_f_md.335
-rw-r--r--secure/lib/libcrypto/man/BIO_f_null.329
-rw-r--r--secure/lib/libcrypto/man/BIO_f_ssl.369
-rw-r--r--secure/lib/libcrypto/man/BIO_find_type.335
-rw-r--r--secure/lib/libcrypto/man/BIO_new.335
-rw-r--r--secure/lib/libcrypto/man/BIO_new_CMS.333
-rw-r--r--secure/lib/libcrypto/man/BIO_push.339
-rw-r--r--secure/lib/libcrypto/man/BIO_read.337
-rw-r--r--secure/lib/libcrypto/man/BIO_s_accept.341
-rw-r--r--secure/lib/libcrypto/man/BIO_s_bio.341
-rw-r--r--secure/lib/libcrypto/man/BIO_s_connect.335
-rw-r--r--secure/lib/libcrypto/man/BIO_s_fd.333
-rw-r--r--secure/lib/libcrypto/man/BIO_s_file.345
-rw-r--r--secure/lib/libcrypto/man/BIO_s_mem.343
-rw-r--r--secure/lib/libcrypto/man/BIO_s_null.331
-rw-r--r--secure/lib/libcrypto/man/BIO_s_socket.333
-rw-r--r--secure/lib/libcrypto/man/BIO_set_callback.341
-rw-r--r--secure/lib/libcrypto/man/BIO_should_retry.335
-rw-r--r--secure/lib/libcrypto/man/BN_BLINDING_new.331
-rw-r--r--secure/lib/libcrypto/man/BN_CTX_new.329
-rw-r--r--secure/lib/libcrypto/man/BN_CTX_start.329
-rw-r--r--secure/lib/libcrypto/man/BN_add.329
-rw-r--r--secure/lib/libcrypto/man/BN_add_word.329
-rw-r--r--secure/lib/libcrypto/man/BN_bn2bin.337
-rw-r--r--secure/lib/libcrypto/man/BN_cmp.329
-rw-r--r--secure/lib/libcrypto/man/BN_copy.329
-rw-r--r--secure/lib/libcrypto/man/BN_generate_prime.329
-rw-r--r--secure/lib/libcrypto/man/BN_mod_inverse.331
-rw-r--r--secure/lib/libcrypto/man/BN_mod_mul_montgomery.329
-rw-r--r--secure/lib/libcrypto/man/BN_mod_mul_reciprocal.329
-rw-r--r--secure/lib/libcrypto/man/BN_new.329
-rw-r--r--secure/lib/libcrypto/man/BN_num_bytes.329
-rw-r--r--secure/lib/libcrypto/man/BN_rand.329
-rw-r--r--secure/lib/libcrypto/man/BN_set_bit.329
-rw-r--r--secure/lib/libcrypto/man/BN_swap.329
-rw-r--r--secure/lib/libcrypto/man/BN_zero.329
-rw-r--r--secure/lib/libcrypto/man/CMS_add0_cert.331
-rw-r--r--secure/lib/libcrypto/man/CMS_add1_recipient_cert.329
-rw-r--r--secure/lib/libcrypto/man/CMS_add1_signer.335
-rw-r--r--secure/lib/libcrypto/man/CMS_compress.333
-rw-r--r--secure/lib/libcrypto/man/CMS_decrypt.335
-rw-r--r--secure/lib/libcrypto/man/CMS_encrypt.333
-rw-r--r--secure/lib/libcrypto/man/CMS_final.331
-rw-r--r--secure/lib/libcrypto/man/CMS_get0_RecipientInfos.345
-rw-r--r--secure/lib/libcrypto/man/CMS_get0_SignerInfos.331
-rw-r--r--secure/lib/libcrypto/man/CMS_get0_type.329
-rw-r--r--secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.333
-rw-r--r--secure/lib/libcrypto/man/CMS_sign.339
-rw-r--r--secure/lib/libcrypto/man/CMS_sign_receipt.329
-rw-r--r--secure/lib/libcrypto/man/CMS_uncompress.331
-rw-r--r--secure/lib/libcrypto/man/CMS_verify.331
-rw-r--r--secure/lib/libcrypto/man/CMS_verify_receipt.329
-rw-r--r--secure/lib/libcrypto/man/CONF_modules_free.329
-rw-r--r--secure/lib/libcrypto/man/CONF_modules_load_file.329
-rw-r--r--secure/lib/libcrypto/man/CRYPTO_set_ex_data.329
-rw-r--r--secure/lib/libcrypto/man/DH_generate_key.329
-rw-r--r--secure/lib/libcrypto/man/DH_generate_parameters.331
-rw-r--r--secure/lib/libcrypto/man/DH_get_ex_new_index.329
-rw-r--r--secure/lib/libcrypto/man/DH_new.329
-rw-r--r--secure/lib/libcrypto/man/DH_set_method.357
-rw-r--r--secure/lib/libcrypto/man/DH_size.329
-rw-r--r--secure/lib/libcrypto/man/DSA_SIG_new.329
-rw-r--r--secure/lib/libcrypto/man/DSA_do_sign.329
-rw-r--r--secure/lib/libcrypto/man/DSA_dup_DH.329
-rw-r--r--secure/lib/libcrypto/man/DSA_generate_key.329
-rw-r--r--secure/lib/libcrypto/man/DSA_generate_parameters.331
-rw-r--r--secure/lib/libcrypto/man/DSA_get_ex_new_index.329
-rw-r--r--secure/lib/libcrypto/man/DSA_new.329
-rw-r--r--secure/lib/libcrypto/man/DSA_set_method.355
-rw-r--r--secure/lib/libcrypto/man/DSA_sign.339
-rw-r--r--secure/lib/libcrypto/man/DSA_size.331
-rw-r--r--secure/lib/libcrypto/man/ERR_GET_LIB.331
-rw-r--r--secure/lib/libcrypto/man/ERR_clear_error.329
-rw-r--r--secure/lib/libcrypto/man/ERR_error_string.329
-rw-r--r--secure/lib/libcrypto/man/ERR_get_error.331
-rw-r--r--secure/lib/libcrypto/man/ERR_load_crypto_strings.329
-rw-r--r--secure/lib/libcrypto/man/ERR_load_strings.329
-rw-r--r--secure/lib/libcrypto/man/ERR_print_errors.329
-rw-r--r--secure/lib/libcrypto/man/ERR_put_error.329
-rw-r--r--secure/lib/libcrypto/man/ERR_remove_state.329
-rw-r--r--secure/lib/libcrypto/man/ERR_set_mark.329
-rw-r--r--secure/lib/libcrypto/man/EVP_BytesToKey.333
-rw-r--r--secure/lib/libcrypto/man/EVP_DigestInit.341
-rw-r--r--secure/lib/libcrypto/man/EVP_DigestSignInit.333
-rw-r--r--secure/lib/libcrypto/man/EVP_DigestVerifyInit.333
-rw-r--r--secure/lib/libcrypto/man/EVP_EncryptInit.389
-rw-r--r--secure/lib/libcrypto/man/EVP_OpenInit.331
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.333
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_CTX_new.335
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_cmp.329
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_decrypt.331
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_derive.329
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_encrypt.343
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.329
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_keygen.329
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_new.329
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_print_private.331
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.333
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_sign.329
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_verify.329
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_verify_recover.329
-rw-r--r--secure/lib/libcrypto/man/EVP_SealInit.337
-rw-r--r--secure/lib/libcrypto/man/EVP_SignInit.331
-rw-r--r--secure/lib/libcrypto/man/EVP_VerifyInit.331
-rw-r--r--secure/lib/libcrypto/man/OBJ_nid2obj.335
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_Applink.329
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.333
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_config.329
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_ia32cap.331
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.331
-rw-r--r--secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.331
-rw-r--r--secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.329
-rw-r--r--secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.329
-rw-r--r--secure/lib/libcrypto/man/PKCS12_create.337
-rw-r--r--secure/lib/libcrypto/man/PKCS12_parse.329
-rw-r--r--secure/lib/libcrypto/man/PKCS7_decrypt.329
-rw-r--r--secure/lib/libcrypto/man/PKCS7_encrypt.335
-rw-r--r--secure/lib/libcrypto/man/PKCS7_sign.337
-rw-r--r--secure/lib/libcrypto/man/PKCS7_sign_add_signer.331
-rw-r--r--secure/lib/libcrypto/man/PKCS7_verify.331
-rw-r--r--secure/lib/libcrypto/man/RAND_add.335
-rw-r--r--secure/lib/libcrypto/man/RAND_bytes.329
-rw-r--r--secure/lib/libcrypto/man/RAND_cleanup.331
-rw-r--r--secure/lib/libcrypto/man/RAND_egd.337
-rw-r--r--secure/lib/libcrypto/man/RAND_load_file.331
-rw-r--r--secure/lib/libcrypto/man/RAND_set_rand_method.351
-rw-r--r--secure/lib/libcrypto/man/RSA_blinding_on.329
-rw-r--r--secure/lib/libcrypto/man/RSA_check_key.331
-rw-r--r--secure/lib/libcrypto/man/RSA_generate_key.329
-rw-r--r--secure/lib/libcrypto/man/RSA_get_ex_new_index.331
-rw-r--r--secure/lib/libcrypto/man/RSA_new.329
-rw-r--r--secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.329
-rw-r--r--secure/lib/libcrypto/man/RSA_print.329
-rw-r--r--secure/lib/libcrypto/man/RSA_private_encrypt.329
-rw-r--r--secure/lib/libcrypto/man/RSA_public_encrypt.335
-rw-r--r--secure/lib/libcrypto/man/RSA_set_method.359
-rw-r--r--secure/lib/libcrypto/man/RSA_sign.331
-rw-r--r--secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.329
-rw-r--r--secure/lib/libcrypto/man/RSA_size.329
-rw-r--r--secure/lib/libcrypto/man/SMIME_read_CMS.335
-rw-r--r--secure/lib/libcrypto/man/SMIME_read_PKCS7.329
-rw-r--r--secure/lib/libcrypto/man/SMIME_write_CMS.329
-rw-r--r--secure/lib/libcrypto/man/SMIME_write_PKCS7.329
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.329
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.343
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.335
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_print_ex.335
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_CTX_get_error.333
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.329
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_CTX_new.329
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.329
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.329
-rw-r--r--secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.333
-rw-r--r--secure/lib/libcrypto/man/X509_new.329
-rw-r--r--secure/lib/libcrypto/man/X509_verify_cert.329
-rw-r--r--secure/lib/libcrypto/man/bio.333
-rw-r--r--secure/lib/libcrypto/man/blowfish.337
-rw-r--r--secure/lib/libcrypto/man/bn.329
-rw-r--r--secure/lib/libcrypto/man/bn_internal.329
-rw-r--r--secure/lib/libcrypto/man/buffer.329
-rw-r--r--secure/lib/libcrypto/man/crypto.345
-rw-r--r--secure/lib/libcrypto/man/d2i_ASN1_OBJECT.331
-rw-r--r--secure/lib/libcrypto/man/d2i_DHparams.329
-rw-r--r--secure/lib/libcrypto/man/d2i_DSAPublicKey.333
-rw-r--r--secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.329
-rw-r--r--secure/lib/libcrypto/man/d2i_RSAPublicKey.329
-rw-r--r--secure/lib/libcrypto/man/d2i_X509.339
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_ALGOR.329
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_CRL.331
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_NAME.331
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_REQ.329
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_SIG.329
-rw-r--r--secure/lib/libcrypto/man/des.349
-rw-r--r--secure/lib/libcrypto/man/dh.329
-rw-r--r--secure/lib/libcrypto/man/dsa.335
-rw-r--r--secure/lib/libcrypto/man/ecdsa.341
-rw-r--r--secure/lib/libcrypto/man/engine.387
-rw-r--r--secure/lib/libcrypto/man/err.337
-rw-r--r--secure/lib/libcrypto/man/evp.329
-rw-r--r--secure/lib/libcrypto/man/hmac.337
-rw-r--r--secure/lib/libcrypto/man/i2d_CMS_bio_stream.329
-rw-r--r--secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.329
-rw-r--r--secure/lib/libcrypto/man/lh_stats.329
-rw-r--r--secure/lib/libcrypto/man/lhash.335
-rw-r--r--secure/lib/libcrypto/man/md5.339
-rw-r--r--secure/lib/libcrypto/man/mdc2.335
-rw-r--r--secure/lib/libcrypto/man/pem.347
-rw-r--r--secure/lib/libcrypto/man/rand.341
-rw-r--r--secure/lib/libcrypto/man/rc4.329
-rw-r--r--secure/lib/libcrypto/man/ripemd.333
-rw-r--r--secure/lib/libcrypto/man/rsa.333
-rw-r--r--secure/lib/libcrypto/man/sha.341
-rw-r--r--secure/lib/libcrypto/man/threads.329
-rw-r--r--secure/lib/libcrypto/man/ui.353
-rw-r--r--secure/lib/libcrypto/man/ui_compat.331
-rw-r--r--secure/lib/libcrypto/man/x509.341
-rw-r--r--secure/lib/libssl/man/SSL_CIPHER_get_name.341
-rw-r--r--secure/lib/libssl/man/SSL_COMP_add_compression_method.331
-rw-r--r--secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.329
-rw-r--r--secure/lib/libssl/man/SSL_CTX_add_session.329
-rw-r--r--secure/lib/libssl/man/SSL_CTX_ctrl.329
-rw-r--r--secure/lib/libssl/man/SSL_CTX_flush_sessions.329
-rw-r--r--secure/lib/libssl/man/SSL_CTX_free.329
-rw-r--r--secure/lib/libssl/man/SSL_CTX_get_ex_new_index.329
-rw-r--r--secure/lib/libssl/man/SSL_CTX_get_verify_mode.329
-rw-r--r--secure/lib/libssl/man/SSL_CTX_load_verify_locations.333
-rw-r--r--secure/lib/libssl/man/SSL_CTX_new.329
-rw-r--r--secure/lib/libssl/man/SSL_CTX_sess_number.329
-rw-r--r--secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.331
-rw-r--r--secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.329
-rw-r--r--secure/lib/libssl/man/SSL_CTX_sessions.329
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_cert_store.329
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.331
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_cipher_list.329
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_client_CA_list.329
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.331
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.329
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_generate_session_id.329
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_info_callback.363
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_max_cert_list.329
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_mode.344
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_msg_callback.339
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_options.351
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.329
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.329
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.335
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_session_id_context.329
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_ssl_version.333
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_timeout.329
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.335
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.329
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.354
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_verify.333
-rw-r--r--secure/lib/libssl/man/SSL_CTX_use_certificate.339
-rw-r--r--secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.329
-rw-r--r--secure/lib/libssl/man/SSL_SESSION_free.329
-rw-r--r--secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.329
-rw-r--r--secure/lib/libssl/man/SSL_SESSION_get_time.329
-rw-r--r--secure/lib/libssl/man/SSL_accept.339
-rw-r--r--secure/lib/libssl/man/SSL_alert_type_string.3139
-rw-r--r--secure/lib/libssl/man/SSL_clear.331
-rw-r--r--secure/lib/libssl/man/SSL_connect.335
-rw-r--r--secure/lib/libssl/man/SSL_do_handshake.339
-rw-r--r--secure/lib/libssl/man/SSL_free.333
-rw-r--r--secure/lib/libssl/man/SSL_get_SSL_CTX.329
-rw-r--r--secure/lib/libssl/man/SSL_get_ciphers.331
-rw-r--r--secure/lib/libssl/man/SSL_get_client_CA_list.329
-rw-r--r--secure/lib/libssl/man/SSL_get_current_cipher.331
-rw-r--r--secure/lib/libssl/man/SSL_get_default_timeout.329
-rw-r--r--secure/lib/libssl/man/SSL_get_error.357
-rw-r--r--secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.329
-rw-r--r--secure/lib/libssl/man/SSL_get_ex_new_index.329
-rw-r--r--secure/lib/libssl/man/SSL_get_fd.329
-rw-r--r--secure/lib/libssl/man/SSL_get_peer_cert_chain.329
-rw-r--r--secure/lib/libssl/man/SSL_get_peer_certificate.329
-rw-r--r--secure/lib/libssl/man/SSL_get_psk_identity.329
-rw-r--r--secure/lib/libssl/man/SSL_get_rbio.329
-rw-r--r--secure/lib/libssl/man/SSL_get_session.329
-rw-r--r--secure/lib/libssl/man/SSL_get_verify_result.329
-rw-r--r--secure/lib/libssl/man/SSL_get_version.329
-rw-r--r--secure/lib/libssl/man/SSL_library_init.331
-rw-r--r--secure/lib/libssl/man/SSL_load_client_CA_file.329
-rw-r--r--secure/lib/libssl/man/SSL_new.329
-rw-r--r--secure/lib/libssl/man/SSL_pending.329
-rw-r--r--secure/lib/libssl/man/SSL_read.335
-rw-r--r--secure/lib/libssl/man/SSL_rstate_string.343
-rw-r--r--secure/lib/libssl/man/SSL_session_reused.329
-rw-r--r--secure/lib/libssl/man/SSL_set_bio.331
-rw-r--r--secure/lib/libssl/man/SSL_set_connect_state.329
-rw-r--r--secure/lib/libssl/man/SSL_set_fd.331
-rw-r--r--secure/lib/libssl/man/SSL_set_session.329
-rw-r--r--secure/lib/libssl/man/SSL_set_shutdown.335
-rw-r--r--secure/lib/libssl/man/SSL_set_verify_result.329
-rw-r--r--secure/lib/libssl/man/SSL_shutdown.335
-rw-r--r--secure/lib/libssl/man/SSL_state_string.329
-rw-r--r--secure/lib/libssl/man/SSL_want.335
-rw-r--r--secure/lib/libssl/man/SSL_write.335
-rw-r--r--secure/lib/libssl/man/d2i_SSL_SESSION.329
-rw-r--r--secure/lib/libssl/man/ssl.345
-rw-r--r--secure/usr.bin/openssl/man/CA.pl.135
-rw-r--r--secure/usr.bin/openssl/man/asn1parse.143
-rw-r--r--secure/usr.bin/openssl/man/c_rehash.131
-rw-r--r--secure/usr.bin/openssl/man/ca.169
-rw-r--r--secure/usr.bin/openssl/man/ciphers.185
-rw-r--r--secure/usr.bin/openssl/man/cms.155
-rw-r--r--secure/usr.bin/openssl/man/crl.133
-rw-r--r--secure/usr.bin/openssl/man/crl2pkcs7.131
-rw-r--r--secure/usr.bin/openssl/man/dgst.158
-rw-r--r--secure/usr.bin/openssl/man/dhparam.135
-rw-r--r--secure/usr.bin/openssl/man/dsa.139
-rw-r--r--secure/usr.bin/openssl/man/dsaparam.133
-rw-r--r--secure/usr.bin/openssl/man/ec.147
-rw-r--r--secure/usr.bin/openssl/man/ecparam.141
-rw-r--r--secure/usr.bin/openssl/man/enc.135
-rw-r--r--secure/usr.bin/openssl/man/errstr.129
-rw-r--r--secure/usr.bin/openssl/man/gendsa.129
-rw-r--r--secure/usr.bin/openssl/man/genpkey.143
-rw-r--r--secure/usr.bin/openssl/man/genrsa.131
-rw-r--r--secure/usr.bin/openssl/man/nseq.129
-rw-r--r--secure/usr.bin/openssl/man/ocsp.140
-rw-r--r--secure/usr.bin/openssl/man/openssl.145
-rw-r--r--secure/usr.bin/openssl/man/passwd.129
-rw-r--r--secure/usr.bin/openssl/man/pkcs12.149
-rw-r--r--secure/usr.bin/openssl/man/pkcs7.131
-rw-r--r--secure/usr.bin/openssl/man/pkcs8.157
-rw-r--r--secure/usr.bin/openssl/man/pkey.135
-rw-r--r--secure/usr.bin/openssl/man/pkeyparam.129
-rw-r--r--secure/usr.bin/openssl/man/pkeyutl.141
-rw-r--r--secure/usr.bin/openssl/man/rand.129
-rw-r--r--secure/usr.bin/openssl/man/req.169
-rw-r--r--secure/usr.bin/openssl/man/rsa.141
-rw-r--r--secure/usr.bin/openssl/man/rsautl.133
-rw-r--r--secure/usr.bin/openssl/man/s_client.149
-rw-r--r--secure/usr.bin/openssl/man/s_server.147
-rw-r--r--secure/usr.bin/openssl/man/s_time.133
-rw-r--r--secure/usr.bin/openssl/man/sess_id.133
-rw-r--r--secure/usr.bin/openssl/man/smime.141
-rw-r--r--secure/usr.bin/openssl/man/speed.129
-rw-r--r--secure/usr.bin/openssl/man/spkac.143
-rw-r--r--secure/usr.bin/openssl/man/ts.165
-rw-r--r--secure/usr.bin/openssl/man/tsget.141
-rw-r--r--secure/usr.bin/openssl/man/verify.145
-rw-r--r--secure/usr.bin/openssl/man/version.129
-rw-r--r--secure/usr.bin/openssl/man/x509.1101
-rw-r--r--secure/usr.bin/openssl/man/x509v3_config.141
443 files changed, 9107 insertions, 7955 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index 277b46f..117ba6d 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -2,6 +2,136 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.1j and 1.0.1k [8 Jan 2015]
+
+ *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS
+ message can cause a segmentation fault in OpenSSL due to a NULL pointer
+ dereference. This could lead to a Denial Of Service attack. Thanks to
+ Markus Stenberg of Cisco Systems, Inc. for reporting this issue.
+ (CVE-2014-3571)
+ [Steve Henson]
+
+ *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the
+ dtls1_buffer_record function under certain conditions. In particular this
+ could occur if an attacker sent repeated DTLS records with the same
+ sequence number but for the next epoch. The memory leak could be exploited
+ by an attacker in a Denial of Service attack through memory exhaustion.
+ Thanks to Chris Mueller for reporting this issue.
+ (CVE-2015-0206)
+ [Matt Caswell]
+
+ *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is
+ built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl
+ method would be set to NULL which could later result in a NULL pointer
+ dereference. Thanks to Frank Schmirler for reporting this issue.
+ (CVE-2014-3569)
+ [Kurt Roeckx]
+
+ *) Abort handshake if server key exchange message is omitted for ephemeral
+ ECDH ciphersuites.
+
+ Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for
+ reporting this issue.
+ (CVE-2014-3572)
+ [Steve Henson]
+
+ *) Remove non-export ephemeral RSA code on client and server. This code
+ violated the TLS standard by allowing the use of temporary RSA keys in
+ non-export ciphersuites and could be used by a server to effectively
+ downgrade the RSA key length used to a value smaller than the server
+ certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at
+ INRIA or reporting this issue.
+ (CVE-2015-0204)
+ [Steve Henson]
+
+ *) Fixed issue where DH client certificates are accepted without verification.
+ An OpenSSL server will accept a DH certificate for client authentication
+ without the certificate verify message. This effectively allows a client to
+ authenticate without the use of a private key. This only affects servers
+ which trust a client certificate authority which issues certificates
+ containing DH keys: these are extremely rare and hardly ever encountered.
+ Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting
+ this issue.
+ (CVE-2015-0205)
+ [Steve Henson]
+
+ *) Ensure that the session ID context of an SSL is updated when its
+ SSL_CTX is updated via SSL_set_SSL_CTX.
+
+ The session ID context is typically set from the parent SSL_CTX,
+ and can vary with the CTX.
+ [Adam Langley]
+
+ *) Fix various certificate fingerprint issues.
+
+ By using non-DER or invalid encodings outside the signed portion of a
+ certificate the fingerprint can be changed without breaking the signature.
+ Although no details of the signed portion of the certificate can be changed
+ this can cause problems with some applications: e.g. those using the
+ certificate fingerprint for blacklists.
+
+ 1. Reject signatures with non zero unused bits.
+
+ If the BIT STRING containing the signature has non zero unused bits reject
+ the signature. All current signature algorithms require zero unused bits.
+
+ 2. Check certificate algorithm consistency.
+
+ Check the AlgorithmIdentifier inside TBS matches the one in the
+ certificate signature. NB: this will result in signature failure
+ errors for some broken certificates.
+
+ Thanks to Konrad Kraszewski from Google for reporting this issue.
+
+ 3. Check DSA/ECDSA signatures use DER.
+
+ Reencode DSA/ECDSA signatures and compare with the original received
+ signature. Return an error if there is a mismatch.
+
+ This will reject various cases including garbage after signature
+ (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
+ program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
+ (negative or with leading zeroes).
+
+ Further analysis was conducted and fixes were developed by Stephen Henson
+ of the OpenSSL core team.
+
+ (CVE-2014-8275)
+ [Steve Henson]
+
+ *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect
+ results on some platforms, including x86_64. This bug occurs at random
+ with a very low probability, and is not known to be exploitable in any
+ way, though its exact impact is difficult to determine. Thanks to Pieter
+ Wuille (Blockstream) who reported this issue and also suggested an initial
+ fix. Further analysis was conducted by the OpenSSL development team and
+ Adam Langley of Google. The final fix was developed by Andy Polyakov of
+ the OpenSSL core team.
+ (CVE-2014-3570)
+ [Andy Polyakov]
+
+ *) Do not resume sessions on the server if the negotiated protocol
+ version does not match the session's version. Resuming with a different
+ version, while not strictly forbidden by the RFC, is of questionable
+ sanity and breaks all known clients.
+ [David Benjamin, Emilia Käsper]
+
+ *) Tighten handling of the ChangeCipherSpec (CCS) message: reject
+ early CCS messages during renegotiation. (Note that because
+ renegotiation is encrypted, this early CCS was not exploitable.)
+ [Emilia Käsper]
+
+ *) Tighten client-side session ticket handling during renegotiation:
+ ensure that the client only accepts a session ticket if the server sends
+ the extension anew in the ServerHello. Previously, a TLS client would
+ reuse the old extension state and thus accept a session ticket if one was
+ announced in the initial ServerHello.
+
+ Similarly, ensure that the client requires a session ticket if one
+ was advertised in the ServerHello. Previously, a TLS client would
+ ignore a missing NewSessionTicket message.
+ [Emilia Käsper]
+
Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
*) SRTP Memory Leak.
diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure
index 6f0da76..541be9e 100755
--- a/crypto/openssl/Configure
+++ b/crypto/openssl/Configure
@@ -804,6 +804,11 @@ PROCESS_ARGS:
{
$disabled{"tls1"} = "option(tls)"
}
+ elsif ($1 eq "ssl3-method")
+ {
+ $disabled{"ssl3-method"} = "option(ssl)";
+ $disabled{"ssl3"} = "option(ssl)";
+ }
else
{
$disabled{$1} = "option";
diff --git a/crypto/openssl/Makefile b/crypto/openssl/Makefile
index d475c12..6282bde 100644
--- a/crypto/openssl/Makefile
+++ b/crypto/openssl/Makefile
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.1j
+VERSION=1.0.1k
MAJOR=1
MINOR=0.1
SHLIB_VERSION_NUMBER=1.0.0
diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS
index 512a667..8596913 100644
--- a/crypto/openssl/NEWS
+++ b/crypto/openssl/NEWS
@@ -5,6 +5,17 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015]
+
+ o Fix for CVE-2014-3571
+ o Fix for CVE-2015-0206
+ o Fix for CVE-2014-3569
+ o Fix for CVE-2014-3572
+ o Fix for CVE-2015-0204
+ o Fix for CVE-2015-0205
+ o Fix for CVE-2014-8275
+ o Fix for CVE-2014-3570
+
Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014]
o Fix for CVE-2014-3513
diff --git a/crypto/openssl/README b/crypto/openssl/README
index cb90c9f..df2734d 100644
--- a/crypto/openssl/README
+++ b/crypto/openssl/README
@@ -1,5 +1,5 @@
- OpenSSL 1.0.1j 15 Oct 2014
+ OpenSSL 1.0.1k 8 Jan 2015
Copyright (c) 1998-2011 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c
index 9c25026..613f5be 100644
--- a/crypto/openssl/apps/ca.c
+++ b/crypto/openssl/apps/ca.c
@@ -703,7 +703,7 @@ bad:
ERR_clear_error();
#ifdef RL_DEBUG
if (!p)
- BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p);
+ BIO_printf(bio_err, "DEBUG: unique_subject undefined\n");
#endif
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n",
diff --git a/crypto/openssl/apps/dgst.c b/crypto/openssl/apps/dgst.c
index f4aec77..e31a6b1 100644
--- a/crypto/openssl/apps/dgst.c
+++ b/crypto/openssl/apps/dgst.c
@@ -273,6 +273,8 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"-d to output debug info\n");
BIO_printf(bio_err,"-hex output as hex dump\n");
BIO_printf(bio_err,"-binary output in binary form\n");
+ BIO_printf(bio_err,"-hmac arg set the HMAC key to arg\n");
+ BIO_printf(bio_err,"-non-fips-allow allow use of non FIPS digest\n");
BIO_printf(bio_err,"-sign file sign digest using private key in file\n");
BIO_printf(bio_err,"-verify file verify a signature using public key in file\n");
BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n");
diff --git a/crypto/openssl/apps/ocsp.c b/crypto/openssl/apps/ocsp.c
index 04263ff..8883afc 100644
--- a/crypto/openssl/apps/ocsp.c
+++ b/crypto/openssl/apps/ocsp.c
@@ -583,51 +583,52 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "OCSP utility\n");
BIO_printf (bio_err, "Usage ocsp [options]\n");
BIO_printf (bio_err, "where options are\n");
- BIO_printf (bio_err, "-out file output filename\n");
- BIO_printf (bio_err, "-issuer file issuer certificate\n");
- BIO_printf (bio_err, "-cert file certificate to check\n");
- BIO_printf (bio_err, "-serial n serial number to check\n");
- BIO_printf (bio_err, "-signer file certificate to sign OCSP request with\n");
- BIO_printf (bio_err, "-signkey file private key to sign OCSP request with\n");
- BIO_printf (bio_err, "-sign_other file additional certificates to include in signed request\n");
- BIO_printf (bio_err, "-no_certs don't include any certificates in signed request\n");
- BIO_printf (bio_err, "-req_text print text form of request\n");
- BIO_printf (bio_err, "-resp_text print text form of response\n");
- BIO_printf (bio_err, "-text print text form of request and response\n");
- BIO_printf (bio_err, "-reqout file write DER encoded OCSP request to \"file\"\n");
- BIO_printf (bio_err, "-respout file write DER encoded OCSP reponse to \"file\"\n");
- BIO_printf (bio_err, "-reqin file read DER encoded OCSP request from \"file\"\n");
- BIO_printf (bio_err, "-respin file read DER encoded OCSP reponse from \"file\"\n");
- BIO_printf (bio_err, "-nonce add OCSP nonce to request\n");
- BIO_printf (bio_err, "-no_nonce don't add OCSP nonce to request\n");
- BIO_printf (bio_err, "-url URL OCSP responder URL\n");
- BIO_printf (bio_err, "-host host:n send OCSP request to host on port n\n");
- BIO_printf (bio_err, "-path path to use in OCSP request\n");
- BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
- BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
- BIO_printf (bio_err, "-VAfile file validator certificates file\n");
- BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
- BIO_printf (bio_err, "-status_age n maximum status age in seconds\n");
- BIO_printf (bio_err, "-noverify don't verify response at all\n");
- BIO_printf (bio_err, "-verify_other file additional certificates to search for signer\n");
- BIO_printf (bio_err, "-trust_other don't verify additional certificates\n");
- BIO_printf (bio_err, "-no_intern don't search certificates contained in response for signer\n");
+ BIO_printf (bio_err, "-out file output filename\n");
+ BIO_printf (bio_err, "-issuer file issuer certificate\n");
+ BIO_printf (bio_err, "-cert file certificate to check\n");
+ BIO_printf (bio_err, "-serial n serial number to check\n");
+ BIO_printf (bio_err, "-signer file certificate to sign OCSP request with\n");
+ BIO_printf (bio_err, "-signkey file private key to sign OCSP request with\n");
+ BIO_printf (bio_err, "-sign_other file additional certificates to include in signed request\n");
+ BIO_printf (bio_err, "-no_certs don't include any certificates in signed request\n");
+ BIO_printf (bio_err, "-req_text print text form of request\n");
+ BIO_printf (bio_err, "-resp_text print text form of response\n");
+ BIO_printf (bio_err, "-text print text form of request and response\n");
+ BIO_printf (bio_err, "-reqout file write DER encoded OCSP request to \"file\"\n");
+ BIO_printf (bio_err, "-respout file write DER encoded OCSP reponse to \"file\"\n");
+ BIO_printf (bio_err, "-reqin file read DER encoded OCSP request from \"file\"\n");
+ BIO_printf (bio_err, "-respin file read DER encoded OCSP reponse from \"file\"\n");
+ BIO_printf (bio_err, "-nonce add OCSP nonce to request\n");
+ BIO_printf (bio_err, "-no_nonce don't add OCSP nonce to request\n");
+ BIO_printf (bio_err, "-url URL OCSP responder URL\n");
+ BIO_printf (bio_err, "-host host:n send OCSP request to host on port n\n");
+ BIO_printf (bio_err, "-path path to use in OCSP request\n");
+ BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
+ BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf (bio_err, "-VAfile file validator certificates file\n");
+ BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
+ BIO_printf (bio_err, "-status_age n maximum status age in seconds\n");
+ BIO_printf (bio_err, "-noverify don't verify response at all\n");
+ BIO_printf (bio_err, "-verify_other file additional certificates to search for signer\n");
+ BIO_printf (bio_err, "-trust_other don't verify additional certificates\n");
+ BIO_printf (bio_err, "-no_intern don't search certificates contained in response for signer\n");
BIO_printf (bio_err, "-no_signature_verify don't check signature on response\n");
- BIO_printf (bio_err, "-no_cert_verify don't check signing certificate\n");
- BIO_printf (bio_err, "-no_chain don't chain verify response\n");
- BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n");
- BIO_printf (bio_err, "-port num port to run responder on\n");
- BIO_printf (bio_err, "-index file certificate status index file\n");
- BIO_printf (bio_err, "-CA file CA certificate\n");
- BIO_printf (bio_err, "-rsigner file responder certificate to sign responses with\n");
- BIO_printf (bio_err, "-rkey file responder key to sign responses with\n");
- BIO_printf (bio_err, "-rother file other certificates to include in response\n");
- BIO_printf (bio_err, "-resp_no_certs don't include any certificates in response\n");
- BIO_printf (bio_err, "-nmin n number of minutes before next update\n");
- BIO_printf (bio_err, "-ndays n number of days before next update\n");
- BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n");
- BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n");
- BIO_printf (bio_err, "-<dgst alg> use specified digest in the request\n");
+ BIO_printf (bio_err, "-no_cert_verify don't check signing certificate\n");
+ BIO_printf (bio_err, "-no_chain don't chain verify response\n");
+ BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n");
+ BIO_printf (bio_err, "-port num port to run responder on\n");
+ BIO_printf (bio_err, "-index file certificate status index file\n");
+ BIO_printf (bio_err, "-CA file CA certificate\n");
+ BIO_printf (bio_err, "-rsigner file responder certificate to sign responses with\n");
+ BIO_printf (bio_err, "-rkey file responder key to sign responses with\n");
+ BIO_printf (bio_err, "-rother file other certificates to include in response\n");
+ BIO_printf (bio_err, "-resp_no_certs don't include any certificates in response\n");
+ BIO_printf (bio_err, "-nmin n number of minutes before next update\n");
+ BIO_printf (bio_err, "-ndays n number of days before next update\n");
+ BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n");
+ BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n");
+ BIO_printf (bio_err, "-<dgst alg> use specified digest in the request\n");
+ BIO_printf (bio_err, "-timeout n timeout connection to OCSP responder after n seconds\n");
goto end;
}
@@ -1398,16 +1399,7 @@ OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
if (use_ssl == 1)
{
BIO *sbio;
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
ctx = SSL_CTX_new(SSLv23_client_method());
-#elif !defined(OPENSSL_NO_SSL3)
- ctx = SSL_CTX_new(SSLv3_client_method());
-#elif !defined(OPENSSL_NO_SSL2)
- ctx = SSL_CTX_new(SSLv2_client_method());
-#else
- BIO_printf(err, "SSL is disabled\n");
- goto end;
-#endif
if (ctx == NULL)
{
BIO_printf(err, "Error creating SSL context.\n");
diff --git a/crypto/openssl/apps/openssl.c b/crypto/openssl/apps/openssl.c
index 71e1e48..5372459 100644
--- a/crypto/openssl/apps/openssl.c
+++ b/crypto/openssl/apps/openssl.c
@@ -435,9 +435,7 @@ end:
if (prog != NULL) lh_FUNCTION_free(prog);
if (arg.data != NULL) OPENSSL_free(arg.data);
- apps_shutdown();
- CRYPTO_mem_leaks(bio_err);
if (bio_err != NULL)
{
BIO_free(bio_err);
@@ -450,6 +448,9 @@ end:
OPENSSL_free(Argv);
}
#endif
+ apps_shutdown();
+ CRYPTO_mem_leaks(bio_err);
+
OPENSSL_EXIT(ret);
}
diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c
index c2e160c..19545e2 100644
--- a/crypto/openssl/apps/s_client.c
+++ b/crypto/openssl/apps/s_client.c
@@ -329,10 +329,12 @@ static void sc_usage(void)
BIO_printf(bio_err," -srppass arg - password for 'user'\n");
BIO_printf(bio_err," -srp_lateuser - SRP username into second ClientHello message\n");
BIO_printf(bio_err," -srp_moregroups - Tolerate other than the known g N values.\n");
- BIO_printf(bio_err," -srp_strength int - minimal mength in bits for N (default %d).\n",SRP_MINIMAL_N);
+ BIO_printf(bio_err," -srp_strength int - minimal length in bits for N (default %d).\n",SRP_MINIMAL_N);
#endif
BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
+#ifndef OPENSSL_NO_SSL3_METHOD
BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
+#endif
BIO_printf(bio_err," -tls1_2 - just use TLSv1.2\n");
BIO_printf(bio_err," -tls1_1 - just use TLSv1.1\n");
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
@@ -807,7 +809,7 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-ssl2") == 0)
meth=SSLv2_client_method();
#endif
-#ifndef OPENSSL_NO_SSL3
+#ifndef OPENSSL_NO_SSL3_METHOD
else if (strcmp(*argv,"-ssl3") == 0)
meth=SSLv3_client_method();
#endif
@@ -1319,10 +1321,22 @@ re_start:
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
}
- if (socket_mtu > 28)
+ if (socket_mtu)
{
+ if(socket_mtu < DTLS_get_link_min_mtu(con))
+ {
+ BIO_printf(bio_err,"MTU too small. Must be at least %ld\n",
+ DTLS_get_link_min_mtu(con));
+ BIO_free(sbio);
+ goto shut;
+ }
SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
- SSL_set_mtu(con, socket_mtu - 28);
+ if(!DTLS_set_link_mtu(con, socket_mtu))
+ {
+ BIO_printf(bio_err, "Failed to set MTU\n");
+ BIO_free(sbio);
+ goto shut;
+ }
}
else
/* want to do MTU discovery */
diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c
index fe7ad88..f47328a 100644
--- a/crypto/openssl/apps/s_server.c
+++ b/crypto/openssl/apps/s_server.c
@@ -515,7 +515,9 @@ static void sv_usage(void)
BIO_printf(bio_err," -srpuserseed string - A seed string for a default user salt.\n");
#endif
BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");
+#ifndef OPENSSL_NO_SSL3_METHOD
BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n");
+#endif
BIO_printf(bio_err," -tls1_2 - Just talk TLSv1.2\n");
BIO_printf(bio_err," -tls1_1 - Just talk TLSv1.1\n");
BIO_printf(bio_err," -tls1 - Just talk TLSv1\n");
@@ -1251,7 +1253,7 @@ int MAIN(int argc, char *argv[])
else if (strcmp(*argv,"-ssl2") == 0)
{ meth=SSLv2_server_method(); }
#endif
-#ifndef OPENSSL_NO_SSL3
+#ifndef OPENSSL_NO_SSL3_METHOD
else if (strcmp(*argv,"-ssl3") == 0)
{ meth=SSLv3_server_method(); }
#endif
@@ -2049,10 +2051,24 @@ static int sv_body(char *hostname, int s, unsigned char *context)
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
}
- if (socket_mtu > 28)
+ if (socket_mtu)
{
+ if(socket_mtu < DTLS_get_link_min_mtu(con))
+ {
+ BIO_printf(bio_err,"MTU too small. Must be at least %ld\n",
+ DTLS_get_link_min_mtu(con));
+ ret = -1;
+ BIO_free(sbio);
+ goto err;
+ }
SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
- SSL_set_mtu(con, socket_mtu - 28);
+ if(!DTLS_set_link_mtu(con, socket_mtu))
+ {
+ BIO_printf(bio_err, "Failed to set MTU\n");
+ ret = -1;
+ BIO_free(sbio);
+ goto err;
+ }
}
else
/* want to do MTU discovery */
diff --git a/crypto/openssl/apps/s_time.c b/crypto/openssl/apps/s_time.c
index b823c33..81dad53 100644
--- a/crypto/openssl/apps/s_time.c
+++ b/crypto/openssl/apps/s_time.c
@@ -349,13 +349,7 @@ int MAIN(int argc, char **argv)
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
s_time_meth=SSLv23_client_method();
-#elif !defined(OPENSSL_NO_SSL3)
- s_time_meth=SSLv3_client_method();
-#elif !defined(OPENSSL_NO_SSL2)
- s_time_meth=SSLv2_client_method();
-#endif
/* parse the command line arguments */
if( parseArgs( argc, argv ) < 0 )
diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c
index 9886ca3..24d4122 100644
--- a/crypto/openssl/apps/speed.c
+++ b/crypto/openssl/apps/speed.c
@@ -225,7 +225,7 @@
#undef BUFSIZE
#define BUFSIZE ((long)1024*8+1)
-int run=0;
+static volatile int run=0;
static int mr=0;
static int usertime=1;
@@ -2739,27 +2739,6 @@ static int do_multi(int multi)
else
rsa_results[k][1]=d;
}
- else if(!strncmp(buf,"+F2:",4))
- {
- int k;
- double d;
-
- p=buf+4;
- k=atoi(sstrsep(&p,sep));
- sstrsep(&p,sep);
-
- d=atof(sstrsep(&p,sep));
- if(n)
- rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
- else
- rsa_results[k][0]=d;
-
- d=atof(sstrsep(&p,sep));
- if(n)
- rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
- else
- rsa_results[k][1]=d;
- }
#ifndef OPENSSL_NO_DSA
else if(!strncmp(buf,"+F3:",4))
{
diff --git a/crypto/openssl/crypto/Makefile b/crypto/openssl/crypto/Makefile
index b57dd78..d21b88d 100644
--- a/crypto/openssl/crypto/Makefile
+++ b/crypto/openssl/crypto/Makefile
@@ -56,12 +56,7 @@ top:
all: shared
buildinf.h: ../Makefile
- ( echo "#ifndef MK1MF_BUILD"; \
- echo ' /* auto-generated by crypto/Makefile for crypto/cversion.c */'; \
- echo ' #define CFLAGS "$(CC) $(CFLAG)"'; \
- echo ' #define PLATFORM "$(PLATFORM)"'; \
- echo " #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
- echo '#endif' ) >buildinf.h
+ $(PERL) $(TOP)/util/mkbuildinf.pl "$(CFLAGS)" "$(PLATFORM)" >buildinf.h
x86cpuid.s: x86cpuid.pl perlasm/x86asm.pl
$(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
diff --git a/crypto/openssl/crypto/aes/asm/aes-mips.pl b/crypto/openssl/crypto/aes/asm/aes-mips.pl
index e523954..537c8d3 100755
--- a/crypto/openssl/crypto/aes/asm/aes-mips.pl
+++ b/crypto/openssl/crypto/aes/asm/aes-mips.pl
@@ -70,7 +70,7 @@ $pf = ($flavour =~ /nubi/i) ? $t0 : $t2;
#
######################################################################
-$big_endian=(`echo MIPSEL | $ENV{CC} -E -P -`=~/MIPSEL/)?1:0;
+$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC});
for (@ARGV) { $output=$_ if (/^\w[\w\-]*\.\w+$/); }
open STDOUT,">$output";
diff --git a/crypto/openssl/crypto/asn1/a_bitstr.c b/crypto/openssl/crypto/asn1/a_bitstr.c
index 3417996..4117a67 100644
--- a/crypto/openssl/crypto/asn1/a_bitstr.c
+++ b/crypto/openssl/crypto/asn1/a_bitstr.c
@@ -136,11 +136,16 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
p= *pp;
i= *(p++);
+ if (i > 7)
+ {
+ i=ASN1_R_INVALID_BIT_STRING_BITS_LEFT;
+ goto err;
+ }
/* We do this to preserve the settings. If we modify
* the settings, via the _set_bit function, we will recalculate
* on output */
ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */
- ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */
+ ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|i); /* set */
if (len-- > 1) /* using one because of the bits left byte */
{
diff --git a/crypto/openssl/crypto/asn1/a_type.c b/crypto/openssl/crypto/asn1/a_type.c
index a45d2f9..5e1bc76 100644
--- a/crypto/openssl/crypto/asn1/a_type.c
+++ b/crypto/openssl/crypto/asn1/a_type.c
@@ -113,7 +113,7 @@ IMPLEMENT_STACK_OF(ASN1_TYPE)
IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
/* Returns 0 if they are equal, != 0 otherwise. */
-int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b)
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
{
int result = -1;
diff --git a/crypto/openssl/crypto/asn1/a_verify.c b/crypto/openssl/crypto/asn1/a_verify.c
index fc84cd3..78dde1d 100644
--- a/crypto/openssl/crypto/asn1/a_verify.c
+++ b/crypto/openssl/crypto/asn1/a_verify.c
@@ -90,6 +90,12 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
goto err;
}
+
+ if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
+ {
+ ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+ goto err;
+ }
inl=i2d(data,NULL);
buf_in=OPENSSL_malloc((unsigned int)inl);
@@ -146,6 +152,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
return -1;
}
+ if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+ return -1;
+ }
+
EVP_MD_CTX_init(&ctx);
/* Convert signature OID into digest and public key OIDs */
diff --git a/crypto/openssl/crypto/asn1/asn1.h b/crypto/openssl/crypto/asn1/asn1.h
index 220a0c8..3c45d5d 100644
--- a/crypto/openssl/crypto/asn1/asn1.h
+++ b/crypto/openssl/crypto/asn1/asn1.h
@@ -776,7 +776,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
int ASN1_TYPE_get(ASN1_TYPE *a);
void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
-int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b);
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
ASN1_OBJECT * ASN1_OBJECT_new(void );
void ASN1_OBJECT_free(ASN1_OBJECT *a);
@@ -1329,6 +1329,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_ILLEGAL_TIME_VALUE 184
#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185
#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128
+#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220
#define ASN1_R_INVALID_BMPSTRING_LENGTH 129
#define ASN1_R_INVALID_DIGIT 130
#define ASN1_R_INVALID_MIME_TYPE 205
@@ -1378,6 +1379,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_TIME_NOT_ASCII_FORMAT 193
#define ASN1_R_TOO_LONG 155
#define ASN1_R_TYPE_NOT_CONSTRUCTED 156
+#define ASN1_R_TYPE_NOT_PRIMITIVE 218
#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157
#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158
#define ASN1_R_UNEXPECTED_EOC 159
diff --git a/crypto/openssl/crypto/asn1/asn1_err.c b/crypto/openssl/crypto/asn1/asn1_err.c
index aa60203..568a841 100644
--- a/crypto/openssl/crypto/asn1/asn1_err.c
+++ b/crypto/openssl/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
/* crypto/asn1/asn1_err.c */
/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -246,6 +246,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
{ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE) ,"illegal time value"},
{ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"},
{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
+{ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),"invalid bit string bits left"},
{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
{ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"},
{ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"},
@@ -295,6 +296,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
{ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT),"time not ascii format"},
{ERR_REASON(ASN1_R_TOO_LONG) ,"too long"},
{ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"},
+{ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE) ,"type not primitive"},
{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
{ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"},
diff --git a/crypto/openssl/crypto/asn1/tasn_dec.c b/crypto/openssl/crypto/asn1/tasn_dec.c
index 87d7dfd..2cbfa81 100644
--- a/crypto/openssl/crypto/asn1/tasn_dec.c
+++ b/crypto/openssl/crypto/asn1/tasn_dec.c
@@ -870,6 +870,14 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
}
else if (cst)
{
+ if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
+ || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER
+ || utype == V_ASN1_ENUMERATED)
+ {
+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+ ASN1_R_TYPE_NOT_PRIMITIVE);
+ return 0;
+ }
buf.length = 0;
buf.max = 0;
buf.data = NULL;
diff --git a/crypto/openssl/crypto/asn1/x_algor.c b/crypto/openssl/crypto/asn1/x_algor.c
index 274e456..57cc956 100644
--- a/crypto/openssl/crypto/asn1/x_algor.c
+++ b/crypto/openssl/crypto/asn1/x_algor.c
@@ -142,3 +142,14 @@ void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
}
+
+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b)
+ {
+ int rv;
+ rv = OBJ_cmp(a->algorithm, b->algorithm);
+ if (rv)
+ return rv;
+ if (!a->parameter && !b->parameter)
+ return 0;
+ return ASN1_TYPE_cmp(a->parameter, b->parameter);
+ }
diff --git a/crypto/openssl/crypto/asn1/x_name.c b/crypto/openssl/crypto/asn1/x_name.c
index d7c2318..22da570 100644
--- a/crypto/openssl/crypto/asn1/x_name.c
+++ b/crypto/openssl/crypto/asn1/x_name.c
@@ -350,6 +350,8 @@ static int x509_name_canon(X509_NAME *a)
set = entry->set;
}
tmpentry = X509_NAME_ENTRY_new();
+ if (!tmpentry)
+ goto err;
tmpentry->object = OBJ_dup(entry->object);
if (!asn1_string_canon(tmpentry->value, entry->value))
goto err;
diff --git a/crypto/openssl/crypto/bio/bio.h b/crypto/openssl/crypto/bio/bio.h
index 05699ab..32eba71 100644
--- a/crypto/openssl/crypto/bio/bio.h
+++ b/crypto/openssl/crypto/bio/bio.h
@@ -175,6 +175,8 @@ extern "C" {
#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake timeout to
* adjust socket timeouts */
+#define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49
+
#ifndef OPENSSL_NO_SCTP
/* SCTP stuff */
#define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50
@@ -607,6 +609,8 @@ int BIO_ctrl_reset_read_request(BIO *b);
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer)
#define BIO_dgram_set_peer(b,peer) \
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)
+#define BIO_dgram_get_mtu_overhead(b) \
+ (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
/* These two aren't currently implemented */
/* int BIO_get_ex_num(BIO *bio); */
diff --git a/crypto/openssl/crypto/bio/bss_dgram.c b/crypto/openssl/crypto/bio/bss_dgram.c
index d9967e7..0decf94 100644
--- a/crypto/openssl/crypto/bio/bss_dgram.c
+++ b/crypto/openssl/crypto/bio/bss_dgram.c
@@ -454,6 +454,36 @@ static int dgram_write(BIO *b, const char *in, int inl)
return(ret);
}
+static long dgram_get_mtu_overhead(bio_dgram_data *data)
+ {
+ long ret;
+
+ switch (data->peer.sa.sa_family)
+ {
+ case AF_INET:
+ /* Assume this is UDP - 20 bytes for IP, 8 bytes for UDP */
+ ret = 28;
+ break;
+#if OPENSSL_USE_IPV6
+ case AF_INET6:
+#ifdef IN6_IS_ADDR_V4MAPPED
+ if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
+ /* Assume this is UDP - 20 bytes for IP, 8 bytes for UDP */
+ ret = 28;
+ else
+#endif
+ /* Assume this is UDP - 40 bytes for IP, 8 bytes for UDP */
+ ret = 48;
+ break;
+#endif
+ default:
+ /* We don't know. Go with the historical default */
+ ret = 28;
+ break;
+ }
+ return ret;
+ }
+
static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
{
long ret=1;
@@ -630,23 +660,24 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
#endif
break;
case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
+ ret = -dgram_get_mtu_overhead(data);
switch (data->peer.sa.sa_family)
{
case AF_INET:
- ret = 576 - 20 - 8;
+ ret += 576;
break;
#if OPENSSL_USE_IPV6
case AF_INET6:
#ifdef IN6_IS_ADDR_V4MAPPED
if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
- ret = 576 - 20 - 8;
+ ret += 576;
else
#endif
- ret = 1280 - 40 - 8;
+ ret += 1280;
break;
#endif
default:
- ret = 576 - 20 - 8;
+ ret += 576;
break;
}
break;
@@ -847,6 +878,9 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
ret = 0;
break;
#endif
+ case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
+ ret = dgram_get_mtu_overhead(data);
+ break;
default:
ret=0;
break;
@@ -893,10 +927,18 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
/* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */
auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE;
ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, sizeof(struct sctp_authchunk));
- OPENSSL_assert(ret >= 0);
+ if (ret < 0)
+ {
+ BIO_vfree(bio);
+ return(NULL);
+ }
auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE;
ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, sizeof(struct sctp_authchunk));
- OPENSSL_assert(ret >= 0);
+ if (ret < 0)
+ {
+ BIO_vfree(bio);
+ return(NULL);
+ }
/* Test if activation was successful. When using accept(),
* SCTP-AUTH has to be activated for the listening socket
@@ -905,7 +947,13 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
authchunks = OPENSSL_malloc(sockopt_len);
memset(authchunks, 0, sizeof(sockopt_len));
ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, &sockopt_len);
- OPENSSL_assert(ret >= 0);
+
+ if (ret < 0)
+ {
+ OPENSSL_free(authchunks);
+ BIO_vfree(bio);
+ return(NULL);
+ }
for (p = (unsigned char*) authchunks->gauth_chunks;
p < (unsigned char*) authchunks + sockopt_len;
@@ -927,16 +975,28 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
event.se_type = SCTP_AUTHENTICATION_EVENT;
event.se_on = 1;
ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event));
- OPENSSL_assert(ret >= 0);
+ if (ret < 0)
+ {
+ BIO_vfree(bio);
+ return(NULL);
+ }
#else
sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe);
ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len);
- OPENSSL_assert(ret >= 0);
+ if (ret < 0)
+ {
+ BIO_vfree(bio);
+ return(NULL);
+ }
event.sctp_authentication_event = 1;
ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe));
- OPENSSL_assert(ret >= 0);
+ if (ret < 0)
+ {
+ BIO_vfree(bio);
+ return(NULL);
+ }
#endif
#endif
@@ -944,7 +1004,11 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
* larger than the max record size of 2^14 + 2048 + 13
*/
ret = setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval, sizeof(optval));
- OPENSSL_assert(ret >= 0);
+ if (ret < 0)
+ {
+ BIO_vfree(bio);
+ return(NULL);
+ }
return(bio);
}
@@ -982,7 +1046,12 @@ static int dgram_sctp_free(BIO *a)
return 0;
data = (bio_dgram_sctp_data *)a->ptr;
- if(data != NULL) OPENSSL_free(data);
+ if(data != NULL)
+ {
+ if(data->saved_message.data != NULL)
+ OPENSSL_free(data->saved_message.data);
+ OPENSSL_free(data);
+ }
return(1);
}
@@ -1034,6 +1103,13 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
msg.msg_flags = 0;
n = recvmsg(b->num, &msg, 0);
+ if (n <= 0)
+ {
+ if (n < 0)
+ ret = n;
+ break;
+ }
+
if (msg.msg_controllen > 0)
{
for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg))
@@ -1073,13 +1149,6 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
}
}
- if (n <= 0)
- {
- if (n < 0)
- ret = n;
- break;
- }
-
if (msg.msg_flags & MSG_NOTIFICATION)
{
snp = (union sctp_notification*) out;
@@ -1099,6 +1168,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
dgram_sctp_write(data->saved_message.bio, data->saved_message.data,
data->saved_message.length);
OPENSSL_free(data->saved_message.data);
+ data->saved_message.data = NULL;
data->saved_message.length = 0;
}
@@ -1109,16 +1179,28 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
event.se_type = SCTP_SENDER_DRY_EVENT;
event.se_on = 0;
i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event));
- OPENSSL_assert(i >= 0);
+ if (i < 0)
+ {
+ ret = i;
+ break;
+ }
#else
eventsize = sizeof(struct sctp_event_subscribe);
i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize);
- OPENSSL_assert(i >= 0);
+ if (i < 0)
+ {
+ ret = i;
+ break;
+ }
event.sctp_sender_dry_event = 0;
i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe));
- OPENSSL_assert(i >= 0);
+ if (i < 0)
+ {
+ ret = i;
+ break;
+ }
#endif
}
@@ -1151,8 +1233,8 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
*/
optlen = (socklen_t) sizeof(int);
ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen);
- OPENSSL_assert(ret >= 0);
- OPENSSL_assert(optval >= 18445);
+ if (ret >= 0)
+ OPENSSL_assert(optval >= 18445);
/* Test if SCTP doesn't partially deliver below
* max record size (2^14 + 2048 + 13)
@@ -1160,8 +1242,8 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
optlen = (socklen_t) sizeof(int);
ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT,
&optval, &optlen);
- OPENSSL_assert(ret >= 0);
- OPENSSL_assert(optval >= 18445);
+ if (ret >= 0)
+ OPENSSL_assert(optval >= 18445);
/* Partially delivered notification??? Probably a bug.... */
OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION));
@@ -1195,15 +1277,15 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
authchunks = OPENSSL_malloc(optlen);
memset(authchunks, 0, sizeof(optlen));
ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen);
- OPENSSL_assert(ii >= 0);
- for (p = (unsigned char*) authchunks->gauth_chunks;
- p < (unsigned char*) authchunks + optlen;
- p += sizeof(uint8_t))
- {
- if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) auth_data = 1;
- if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) auth_forward = 1;
- }
+ if (ii >= 0)
+ for (p = (unsigned char*) authchunks->gauth_chunks;
+ p < (unsigned char*) authchunks + optlen;
+ p += sizeof(uint8_t))
+ {
+ if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) auth_data = 1;
+ if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) auth_forward = 1;
+ }
OPENSSL_free(authchunks);
@@ -1258,9 +1340,11 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl)
if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b))
{
data->saved_message.bio = b;
- data->saved_message.length = inl;
+ if (data->saved_message.data)
+ OPENSSL_free(data->saved_message.data);
data->saved_message.data = OPENSSL_malloc(inl);
memcpy(data->saved_message.data, in, inl);
+ data->saved_message.length = inl;
return inl;
}
@@ -1367,6 +1451,10 @@ static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
* Returns always 1.
*/
break;
+ case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
+ /* We allow transport protocol fragmentation so this is irrelevant */
+ ret = 0;
+ break;
case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
if (num > 0)
data->in_handshake = 1;
diff --git a/crypto/openssl/crypto/bn/asm/mips.pl b/crypto/openssl/crypto/bn/asm/mips.pl
index d2f3ef7..215c9a7 100755
--- a/crypto/openssl/crypto/bn/asm/mips.pl
+++ b/crypto/openssl/crypto/bn/asm/mips.pl
@@ -1872,6 +1872,41 @@ ___
($a_4,$a_5,$a_6,$a_7)=($b_0,$b_1,$b_2,$b_3);
+sub add_c2 () {
+my ($hi,$lo,$c0,$c1,$c2,
+ $warm, # !$warm denotes first call with specific sequence of
+ # $c_[XYZ] when there is no Z-carry to accumulate yet;
+ $an,$bn # these two are arguments for multiplication which
+ # result is used in *next* step [which is why it's
+ # commented as "forward multiplication" below];
+ )=@_;
+$code.=<<___;
+ mflo $lo
+ mfhi $hi
+ $ADDU $c0,$lo
+ sltu $at,$c0,$lo
+ $MULTU $an,$bn # forward multiplication
+ $ADDU $c0,$lo
+ $ADDU $at,$hi
+ sltu $lo,$c0,$lo
+ $ADDU $c1,$at
+ $ADDU $hi,$lo
+___
+$code.=<<___ if (!$warm);
+ sltu $c2,$c1,$at
+ $ADDU $c1,$hi
+ sltu $hi,$c1,$hi
+ $ADDU $c2,$hi
+___
+$code.=<<___ if ($warm);
+ sltu $at,$c1,$at
+ $ADDU $c1,$hi
+ $ADDU $c2,$at
+ sltu $hi,$c1,$hi
+ $ADDU $c2,$hi
+___
+}
+
$code.=<<___;
.align 5
@@ -1920,21 +1955,10 @@ $code.=<<___;
sltu $at,$c_2,$t_1
$ADDU $c_3,$t_2,$at
$ST $c_2,$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_2,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_1,$a_1 # mul_add_c(a[1],b[1],c3,c1,c2);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_3,$t_1
- sltu $at,$c_3,$t_1
- $ADDU $t_2,$at
- $ADDU $c_1,$t_2
- sltu $at,$c_1,$t_2
- $ADDU $c_2,$at
+___
+ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+ $a_1,$a_1); # mul_add_c(a[1],b[1],c3,c1,c2);
+$code.=<<___;
mflo $t_1
mfhi $t_2
$ADDU $c_3,$t_1
@@ -1945,67 +1969,19 @@ $code.=<<___;
sltu $at,$c_1,$t_2
$ADDU $c_2,$at
$ST $c_3,2*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_3,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_1,$a_2 # mul_add_c2(a[1],b[2],c1,c2,c3);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_1,$t_1
- sltu $at,$c_1,$t_1
- $ADDU $t_2,$at
- $ADDU $c_2,$t_2
- sltu $at,$c_2,$t_2
- $ADDU $c_3,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_3,$at
- $MULTU $a_4,$a_0 # mul_add_c2(a[4],b[0],c2,c3,c1);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_1,$t_1
- sltu $at,$c_1,$t_1
- $ADDU $t_2,$at
- $ADDU $c_2,$t_2
- sltu $at,$c_2,$t_2
- $ADDU $c_3,$at
+___
+ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
+ $a_1,$a_2); # mul_add_c2(a[1],b[2],c1,c2,c3);
+ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+ $a_4,$a_0); # mul_add_c2(a[4],b[0],c2,c3,c1);
+$code.=<<___;
$ST $c_1,3*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_1,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_3,$a_1 # mul_add_c2(a[3],b[1],c2,c3,c1);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_2,$t_1
- sltu $at,$c_2,$t_1
- $ADDU $t_2,$at
- $ADDU $c_3,$t_2
- sltu $at,$c_3,$t_2
- $ADDU $c_1,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_1,$at
- $MULTU $a_2,$a_2 # mul_add_c(a[2],b[2],c2,c3,c1);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_2,$t_1
- sltu $at,$c_2,$t_1
- $ADDU $t_2,$at
- $ADDU $c_3,$t_2
- sltu $at,$c_3,$t_2
- $ADDU $c_1,$at
+___
+ &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
+ $a_3,$a_1); # mul_add_c2(a[3],b[1],c2,c3,c1);
+ &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
+ $a_2,$a_2); # mul_add_c(a[2],b[2],c2,c3,c1);
+$code.=<<___;
mflo $t_1
mfhi $t_2
$ADDU $c_2,$t_1
@@ -2016,97 +1992,23 @@ $code.=<<___;
sltu $at,$c_3,$t_2
$ADDU $c_1,$at
$ST $c_2,4*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_2,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_1,$a_4 # mul_add_c2(a[1],b[4],c3,c1,c2);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_3,$t_1
- sltu $at,$c_3,$t_1
- $ADDU $t_2,$at
- $ADDU $c_1,$t_2
- sltu $at,$c_1,$t_2
- $ADDU $c_2,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_2,$at
- $MULTU $a_2,$a_3 # mul_add_c2(a[2],b[3],c3,c1,c2);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_3,$t_1
- sltu $at,$c_3,$t_1
- $ADDU $t_2,$at
- $ADDU $c_1,$t_2
- sltu $at,$c_1,$t_2
- $ADDU $c_2,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $MULTU $a_6,$a_0 # mul_add_c2(a[6],b[0],c1,c2,c3);
- $ADDU $c_2,$at
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_3,$t_1
- sltu $at,$c_3,$t_1
- $ADDU $t_2,$at
- $ADDU $c_1,$t_2
- sltu $at,$c_1,$t_2
- $ADDU $c_2,$at
+___
+ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+ $a_1,$a_4); # mul_add_c2(a[1],b[4],c3,c1,c2);
+ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
+ $a_2,$a_3); # mul_add_c2(a[2],b[3],c3,c1,c2);
+ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
+ $a_6,$a_0); # mul_add_c2(a[6],b[0],c1,c2,c3);
+$code.=<<___;
$ST $c_3,5*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_3,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_5,$a_1 # mul_add_c2(a[5],b[1],c1,c2,c3);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_1,$t_1
- sltu $at,$c_1,$t_1
- $ADDU $t_2,$at
- $ADDU $c_2,$t_2
- sltu $at,$c_2,$t_2
- $ADDU $c_3,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_3,$at
- $MULTU $a_4,$a_2 # mul_add_c2(a[4],b[2],c1,c2,c3);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_1,$t_1
- sltu $at,$c_1,$t_1
- $ADDU $t_2,$at
- $ADDU $c_2,$t_2
- sltu $at,$c_2,$t_2
- $ADDU $c_3,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_3,$at
- $MULTU $a_3,$a_3 # mul_add_c(a[3],b[3],c1,c2,c3);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_1,$t_1
- sltu $at,$c_1,$t_1
- $ADDU $t_2,$at
- $ADDU $c_2,$t_2
- sltu $at,$c_2,$t_2
- $ADDU $c_3,$at
+___
+ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
+ $a_5,$a_1); # mul_add_c2(a[5],b[1],c1,c2,c3);
+ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+ $a_4,$a_2); # mul_add_c2(a[4],b[2],c1,c2,c3);
+ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+ $a_3,$a_3); # mul_add_c(a[3],b[3],c1,c2,c3);
+$code.=<<___;
mflo $t_1
mfhi $t_2
$ADDU $c_1,$t_1
@@ -2117,112 +2019,25 @@ $code.=<<___;
sltu $at,$c_2,$t_2
$ADDU $c_3,$at
$ST $c_1,6*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_1,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_1,$a_6 # mul_add_c2(a[1],b[6],c2,c3,c1);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_2,$t_1
- sltu $at,$c_2,$t_1
- $ADDU $t_2,$at
- $ADDU $c_3,$t_2
- sltu $at,$c_3,$t_2
- $ADDU $c_1,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_1,$at
- $MULTU $a_2,$a_5 # mul_add_c2(a[2],b[5],c2,c3,c1);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_2,$t_1
- sltu $at,$c_2,$t_1
- $ADDU $t_2,$at
- $ADDU $c_3,$t_2
- sltu $at,$c_3,$t_2
- $ADDU $c_1,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_1,$at
- $MULTU $a_3,$a_4 # mul_add_c2(a[3],b[4],c2,c3,c1);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_2,$t_1
- sltu $at,$c_2,$t_1
- $ADDU $t_2,$at
- $ADDU $c_3,$t_2
- sltu $at,$c_3,$t_2
- $ADDU $c_1,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_1,$at
- $MULTU $a_7,$a_1 # mul_add_c2(a[7],b[1],c3,c1,c2);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_2,$t_1
- sltu $at,$c_2,$t_1
- $ADDU $t_2,$at
- $ADDU $c_3,$t_2
- sltu $at,$c_3,$t_2
- $ADDU $c_1,$at
+___
+ &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
+ $a_1,$a_6); # mul_add_c2(a[1],b[6],c2,c3,c1);
+ &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
+ $a_2,$a_5); # mul_add_c2(a[2],b[5],c2,c3,c1);
+ &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
+ $a_3,$a_4); # mul_add_c2(a[3],b[4],c2,c3,c1);
+ &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
+ $a_7,$a_1); # mul_add_c2(a[7],b[1],c3,c1,c2);
+$code.=<<___;
$ST $c_2,7*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_2,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_6,$a_2 # mul_add_c2(a[6],b[2],c3,c1,c2);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_3,$t_1
- sltu $at,$c_3,$t_1
- $ADDU $t_2,$at
- $ADDU $c_1,$t_2
- sltu $at,$c_1,$t_2
- $ADDU $c_2,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_2,$at
- $MULTU $a_5,$a_3 # mul_add_c2(a[5],b[3],c3,c1,c2);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_3,$t_1
- sltu $at,$c_3,$t_1
- $ADDU $t_2,$at
- $ADDU $c_1,$t_2
- sltu $at,$c_1,$t_2
- $ADDU $c_2,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_2,$at
- $MULTU $a_4,$a_4 # mul_add_c(a[4],b[4],c3,c1,c2);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_3,$t_1
- sltu $at,$c_3,$t_1
- $ADDU $t_2,$at
- $ADDU $c_1,$t_2
- sltu $at,$c_1,$t_2
- $ADDU $c_2,$at
+___
+ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+ $a_6,$a_2); # mul_add_c2(a[6],b[2],c3,c1,c2);
+ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
+ $a_5,$a_3); # mul_add_c2(a[5],b[3],c3,c1,c2);
+ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
+ $a_4,$a_4); # mul_add_c(a[4],b[4],c3,c1,c2);
+$code.=<<___;
mflo $t_1
mfhi $t_2
$ADDU $c_3,$t_1
@@ -2233,82 +2048,21 @@ $code.=<<___;
sltu $at,$c_1,$t_2
$ADDU $c_2,$at
$ST $c_3,8*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_3,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_3,$a_6 # mul_add_c2(a[3],b[6],c1,c2,c3);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_1,$t_1
- sltu $at,$c_1,$t_1
- $ADDU $t_2,$at
- $ADDU $c_2,$t_2
- sltu $at,$c_2,$t_2
- $ADDU $c_3,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_3,$at
- $MULTU $a_4,$a_5 # mul_add_c2(a[4],b[5],c1,c2,c3);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_1,$t_1
- sltu $at,$c_1,$t_1
- $ADDU $t_2,$at
- $ADDU $c_2,$t_2
- sltu $at,$c_2,$t_2
- $ADDU $c_3,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_3,$at
- $MULTU $a_7,$a_3 # mul_add_c2(a[7],b[3],c2,c3,c1);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_1,$t_1
- sltu $at,$c_1,$t_1
- $ADDU $t_2,$at
- $ADDU $c_2,$t_2
- sltu $at,$c_2,$t_2
- $ADDU $c_3,$at
+___
+ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
+ $a_3,$a_6); # mul_add_c2(a[3],b[6],c1,c2,c3);
+ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+ $a_4,$a_5); # mul_add_c2(a[4],b[5],c1,c2,c3);
+ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+ $a_7,$a_3); # mul_add_c2(a[7],b[3],c2,c3,c1);
+$code.=<<___;
$ST $c_1,9*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_1,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_6,$a_4 # mul_add_c2(a[6],b[4],c2,c3,c1);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_2,$t_1
- sltu $at,$c_2,$t_1
- $ADDU $t_2,$at
- $ADDU $c_3,$t_2
- sltu $at,$c_3,$t_2
- $ADDU $c_1,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_1,$at
- $MULTU $a_5,$a_5 # mul_add_c(a[5],b[5],c2,c3,c1);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_2,$t_1
- sltu $at,$c_2,$t_1
- $ADDU $t_2,$at
- $ADDU $c_3,$t_2
- sltu $at,$c_3,$t_2
- $ADDU $c_1,$at
+___
+ &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
+ $a_6,$a_4); # mul_add_c2(a[6],b[4],c2,c3,c1);
+ &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
+ $a_5,$a_5); # mul_add_c(a[5],b[5],c2,c3,c1);
+$code.=<<___;
mflo $t_1
mfhi $t_2
$ADDU $c_2,$t_1
@@ -2319,52 +2073,17 @@ $code.=<<___;
sltu $at,$c_3,$t_2
$ADDU $c_1,$at
$ST $c_2,10*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_2,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_5,$a_6 # mul_add_c2(a[5],b[6],c3,c1,c2);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_3,$t_1
- sltu $at,$c_3,$t_1
- $ADDU $t_2,$at
- $ADDU $c_1,$t_2
- sltu $at,$c_1,$t_2
- $ADDU $c_2,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_2,$at
- $MULTU $a_7,$a_5 # mul_add_c2(a[7],b[5],c1,c2,c3);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_3,$t_1
- sltu $at,$c_3,$t_1
- $ADDU $t_2,$at
- $ADDU $c_1,$t_2
- sltu $at,$c_1,$t_2
- $ADDU $c_2,$at
+___
+ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+ $a_5,$a_6); # mul_add_c2(a[5],b[6],c3,c1,c2);
+ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
+ $a_7,$a_5); # mul_add_c2(a[7],b[5],c1,c2,c3);
+$code.=<<___;
$ST $c_3,11*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_3,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_6,$a_6 # mul_add_c(a[6],b[6],c1,c2,c3);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_1,$t_1
- sltu $at,$c_1,$t_1
- $ADDU $t_2,$at
- $ADDU $c_2,$t_2
- sltu $at,$c_2,$t_2
- $ADDU $c_3,$at
+___
+ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
+ $a_6,$a_6); # mul_add_c(a[6],b[6],c1,c2,c3);
+$code.=<<___;
mflo $t_1
mfhi $t_2
$ADDU $c_1,$t_1
@@ -2375,21 +2094,10 @@ $code.=<<___;
sltu $at,$c_2,$t_2
$ADDU $c_3,$at
$ST $c_1,12*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_1,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_7,$a_7 # mul_add_c(a[7],b[7],c3,c1,c2);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_2,$t_1
- sltu $at,$c_2,$t_1
- $ADDU $t_2,$at
- $ADDU $c_3,$t_2
- sltu $at,$c_3,$t_2
- $ADDU $c_1,$at
+___
+ &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
+ $a_7,$a_7); # mul_add_c(a[7],b[7],c3,c1,c2);
+$code.=<<___;
$ST $c_2,13*$BNSZ($a0)
mflo $t_1
@@ -2457,21 +2165,10 @@ $code.=<<___;
sltu $at,$c_2,$t_1
$ADDU $c_3,$t_2,$at
$ST $c_2,$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_2,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_1,$a_1 # mul_add_c(a[1],b[1],c3,c1,c2);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_3,$t_1
- sltu $at,$c_3,$t_1
- $ADDU $t_2,$at
- $ADDU $c_1,$t_2
- sltu $at,$c_1,$t_2
- $ADDU $c_2,$at
+___
+ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+ $a_1,$a_1); # mul_add_c(a[1],b[1],c3,c1,c2);
+$code.=<<___;
mflo $t_1
mfhi $t_2
$ADDU $c_3,$t_1
@@ -2482,52 +2179,17 @@ $code.=<<___;
sltu $at,$c_1,$t_2
$ADDU $c_2,$at
$ST $c_3,2*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_3,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_1,$a_2 # mul_add_c(a2[1],b[2],c1,c2,c3);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_1,$t_1
- sltu $at,$c_1,$t_1
- $ADDU $t_2,$at
- $ADDU $c_2,$t_2
- sltu $at,$c_2,$t_2
- $ADDU $c_3,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_3,$at
- $MULTU $a_3,$a_1 # mul_add_c2(a[3],b[1],c2,c3,c1);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_1,$t_1
- sltu $at,$c_1,$t_1
- $ADDU $t_2,$at
- $ADDU $c_2,$t_2
- sltu $at,$c_2,$t_2
- $ADDU $c_3,$at
+___
+ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
+ $a_1,$a_2); # mul_add_c2(a2[1],b[2],c1,c2,c3);
+ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+ $a_3,$a_1); # mul_add_c2(a[3],b[1],c2,c3,c1);
+$code.=<<___;
$ST $c_1,3*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_1,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_2,$a_2 # mul_add_c(a[2],b[2],c2,c3,c1);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_2,$t_1
- sltu $at,$c_2,$t_1
- $ADDU $t_2,$at
- $ADDU $c_3,$t_2
- sltu $at,$c_3,$t_2
- $ADDU $c_1,$at
+___
+ &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
+ $a_2,$a_2); # mul_add_c(a[2],b[2],c2,c3,c1);
+$code.=<<___;
mflo $t_1
mfhi $t_2
$ADDU $c_2,$t_1
@@ -2538,21 +2200,10 @@ $code.=<<___;
sltu $at,$c_3,$t_2
$ADDU $c_1,$at
$ST $c_2,4*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_2,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_3,$a_3 # mul_add_c(a[3],b[3],c1,c2,c3);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_3,$t_1
- sltu $at,$c_3,$t_1
- $ADDU $t_2,$at
- $ADDU $c_1,$t_2
- sltu $at,$c_1,$t_2
- $ADDU $c_2,$at
+___
+ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+ $a_3,$a_3); # mul_add_c(a[3],b[3],c1,c2,c3);
+$code.=<<___;
$ST $c_3,5*$BNSZ($a0)
mflo $t_1
diff --git a/crypto/openssl/crypto/bn/asm/mips3.s b/crypto/openssl/crypto/bn/asm/mips3.s
deleted file mode 100644
index dca4105..0000000
--- a/crypto/openssl/crypto/bn/asm/mips3.s
+++ /dev/null
@@ -1,2201 +0,0 @@
-.rdata
-.asciiz "mips3.s, Version 1.1"
-.asciiz "MIPS III/IV ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
-
-/*
- * ====================================================================
- * Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
- * project.
- *
- * Rights for redistribution and usage in source and binary forms are
- * granted according to the OpenSSL license. Warranty of any kind is
- * disclaimed.
- * ====================================================================
- */
-
-/*
- * This is my modest contributon to the OpenSSL project (see
- * http://www.openssl.org/ for more information about it) and is
- * a drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c
- * module. For updates see http://fy.chalmers.se/~appro/hpe/.
- *
- * The module is designed to work with either of the "new" MIPS ABI(5),
- * namely N32 or N64, offered by IRIX 6.x. It's not ment to work under
- * IRIX 5.x not only because it doesn't support new ABIs but also
- * because 5.x kernels put R4x00 CPU into 32-bit mode and all those
- * 64-bit instructions (daddu, dmultu, etc.) found below gonna only
- * cause illegal instruction exception:-(
- *
- * In addition the code depends on preprocessor flags set up by MIPSpro
- * compiler driver (either as or cc) and therefore (probably?) can't be
- * compiled by the GNU assembler. GNU C driver manages fine though...
- * I mean as long as -mmips-as is specified or is the default option,
- * because then it simply invokes /usr/bin/as which in turn takes
- * perfect care of the preprocessor definitions. Another neat feature
- * offered by the MIPSpro assembler is an optimization pass. This gave
- * me the opportunity to have the code looking more regular as all those
- * architecture dependent instruction rescheduling details were left to
- * the assembler. Cool, huh?
- *
- * Performance improvement is astonishing! 'apps/openssl speed rsa dsa'
- * goes way over 3 times faster!
- *
- * <appro@fy.chalmers.se>
- */
-#include <asm.h>
-#include <regdef.h>
-
-#if _MIPS_ISA>=4
-#define MOVNZ(cond,dst,src) \
- movn dst,src,cond
-#else
-#define MOVNZ(cond,dst,src) \
- .set noreorder; \
- bnezl cond,.+8; \
- move dst,src; \
- .set reorder
-#endif
-
-.text
-
-.set noat
-.set reorder
-
-#define MINUS4 v1
-
-.align 5
-LEAF(bn_mul_add_words)
- .set noreorder
- bgtzl a2,.L_bn_mul_add_words_proceed
- ld t0,0(a1)
- jr ra
- move v0,zero
- .set reorder
-
-.L_bn_mul_add_words_proceed:
- li MINUS4,-4
- and ta0,a2,MINUS4
- move v0,zero
- beqz ta0,.L_bn_mul_add_words_tail
-
-.L_bn_mul_add_words_loop:
- dmultu t0,a3
- ld t1,0(a0)
- ld t2,8(a1)
- ld t3,8(a0)
- ld ta0,16(a1)
- ld ta1,16(a0)
- daddu t1,v0
- sltu v0,t1,v0 /* All manuals say it "compares 32-bit
- * values", but it seems to work fine
- * even on 64-bit registers. */
- mflo AT
- mfhi t0
- daddu t1,AT
- daddu v0,t0
- sltu AT,t1,AT
- sd t1,0(a0)
- daddu v0,AT
-
- dmultu t2,a3
- ld ta2,24(a1)
- ld ta3,24(a0)
- daddu t3,v0
- sltu v0,t3,v0
- mflo AT
- mfhi t2
- daddu t3,AT
- daddu v0,t2
- sltu AT,t3,AT
- sd t3,8(a0)
- daddu v0,AT
-
- dmultu ta0,a3
- subu a2,4
- PTR_ADD a0,32
- PTR_ADD a1,32
- daddu ta1,v0
- sltu v0,ta1,v0
- mflo AT
- mfhi ta0
- daddu ta1,AT
- daddu v0,ta0
- sltu AT,ta1,AT
- sd ta1,-16(a0)
- daddu v0,AT
-
-
- dmultu ta2,a3
- and ta0,a2,MINUS4
- daddu ta3,v0
- sltu v0,ta3,v0
- mflo AT
- mfhi ta2
- daddu ta3,AT
- daddu v0,ta2
- sltu AT,ta3,AT
- sd ta3,-8(a0)
- daddu v0,AT
- .set noreorder
- bgtzl ta0,.L_bn_mul_add_words_loop
- ld t0,0(a1)
-
- bnezl a2,.L_bn_mul_add_words_tail
- ld t0,0(a1)
- .set reorder
-
-.L_bn_mul_add_words_return:
- jr ra
-
-.L_bn_mul_add_words_tail:
- dmultu t0,a3
- ld t1,0(a0)
- subu a2,1
- daddu t1,v0
- sltu v0,t1,v0
- mflo AT
- mfhi t0
- daddu t1,AT
- daddu v0,t0
- sltu AT,t1,AT
- sd t1,0(a0)
- daddu v0,AT
- beqz a2,.L_bn_mul_add_words_return
-
- ld t0,8(a1)
- dmultu t0,a3
- ld t1,8(a0)
- subu a2,1
- daddu t1,v0
- sltu v0,t1,v0
- mflo AT
- mfhi t0
- daddu t1,AT
- daddu v0,t0
- sltu AT,t1,AT
- sd t1,8(a0)
- daddu v0,AT
- beqz a2,.L_bn_mul_add_words_return
-
- ld t0,16(a1)
- dmultu t0,a3
- ld t1,16(a0)
- daddu t1,v0
- sltu v0,t1,v0
- mflo AT
- mfhi t0
- daddu t1,AT
- daddu v0,t0
- sltu AT,t1,AT
- sd t1,16(a0)
- daddu v0,AT
- jr ra
-END(bn_mul_add_words)
-
-.align 5
-LEAF(bn_mul_words)
- .set noreorder
- bgtzl a2,.L_bn_mul_words_proceed
- ld t0,0(a1)
- jr ra
- move v0,zero
- .set reorder
-
-.L_bn_mul_words_proceed:
- li MINUS4,-4
- and ta0,a2,MINUS4
- move v0,zero
- beqz ta0,.L_bn_mul_words_tail
-
-.L_bn_mul_words_loop:
- dmultu t0,a3
- ld t2,8(a1)
- ld ta0,16(a1)
- ld ta2,24(a1)
- mflo AT
- mfhi t0
- daddu v0,AT
- sltu t1,v0,AT
- sd v0,0(a0)
- daddu v0,t1,t0
-
- dmultu t2,a3
- subu a2,4
- PTR_ADD a0,32
- PTR_ADD a1,32
- mflo AT
- mfhi t2
- daddu v0,AT
- sltu t3,v0,AT
- sd v0,-24(a0)
- daddu v0,t3,t2
-
- dmultu ta0,a3
- mflo AT
- mfhi ta0
- daddu v0,AT
- sltu ta1,v0,AT
- sd v0,-16(a0)
- daddu v0,ta1,ta0
-
-
- dmultu ta2,a3
- and ta0,a2,MINUS4
- mflo AT
- mfhi ta2
- daddu v0,AT
- sltu ta3,v0,AT
- sd v0,-8(a0)
- daddu v0,ta3,ta2
- .set noreorder
- bgtzl ta0,.L_bn_mul_words_loop
- ld t0,0(a1)
-
- bnezl a2,.L_bn_mul_words_tail
- ld t0,0(a1)
- .set reorder
-
-.L_bn_mul_words_return:
- jr ra
-
-.L_bn_mul_words_tail:
- dmultu t0,a3
- subu a2,1
- mflo AT
- mfhi t0
- daddu v0,AT
- sltu t1,v0,AT
- sd v0,0(a0)
- daddu v0,t1,t0
- beqz a2,.L_bn_mul_words_return
-
- ld t0,8(a1)
- dmultu t0,a3
- subu a2,1
- mflo AT
- mfhi t0
- daddu v0,AT
- sltu t1,v0,AT
- sd v0,8(a0)
- daddu v0,t1,t0
- beqz a2,.L_bn_mul_words_return
-
- ld t0,16(a1)
- dmultu t0,a3
- mflo AT
- mfhi t0
- daddu v0,AT
- sltu t1,v0,AT
- sd v0,16(a0)
- daddu v0,t1,t0
- jr ra
-END(bn_mul_words)
-
-.align 5
-LEAF(bn_sqr_words)
- .set noreorder
- bgtzl a2,.L_bn_sqr_words_proceed
- ld t0,0(a1)
- jr ra
- move v0,zero
- .set reorder
-
-.L_bn_sqr_words_proceed:
- li MINUS4,-4
- and ta0,a2,MINUS4
- move v0,zero
- beqz ta0,.L_bn_sqr_words_tail
-
-.L_bn_sqr_words_loop:
- dmultu t0,t0
- ld t2,8(a1)
- ld ta0,16(a1)
- ld ta2,24(a1)
- mflo t1
- mfhi t0
- sd t1,0(a0)
- sd t0,8(a0)
-
- dmultu t2,t2
- subu a2,4
- PTR_ADD a0,64
- PTR_ADD a1,32
- mflo t3
- mfhi t2
- sd t3,-48(a0)
- sd t2,-40(a0)
-
- dmultu ta0,ta0
- mflo ta1
- mfhi ta0
- sd ta1,-32(a0)
- sd ta0,-24(a0)
-
-
- dmultu ta2,ta2
- and ta0,a2,MINUS4
- mflo ta3
- mfhi ta2
- sd ta3,-16(a0)
- sd ta2,-8(a0)
-
- .set noreorder
- bgtzl ta0,.L_bn_sqr_words_loop
- ld t0,0(a1)
-
- bnezl a2,.L_bn_sqr_words_tail
- ld t0,0(a1)
- .set reorder
-
-.L_bn_sqr_words_return:
- move v0,zero
- jr ra
-
-.L_bn_sqr_words_tail:
- dmultu t0,t0
- subu a2,1
- mflo t1
- mfhi t0
- sd t1,0(a0)
- sd t0,8(a0)
- beqz a2,.L_bn_sqr_words_return
-
- ld t0,8(a1)
- dmultu t0,t0
- subu a2,1
- mflo t1
- mfhi t0
- sd t1,16(a0)
- sd t0,24(a0)
- beqz a2,.L_bn_sqr_words_return
-
- ld t0,16(a1)
- dmultu t0,t0
- mflo t1
- mfhi t0
- sd t1,32(a0)
- sd t0,40(a0)
- jr ra
-END(bn_sqr_words)
-
-.align 5
-LEAF(bn_add_words)
- .set noreorder
- bgtzl a3,.L_bn_add_words_proceed
- ld t0,0(a1)
- jr ra
- move v0,zero
- .set reorder
-
-.L_bn_add_words_proceed:
- li MINUS4,-4
- and AT,a3,MINUS4
- move v0,zero
- beqz AT,.L_bn_add_words_tail
-
-.L_bn_add_words_loop:
- ld ta0,0(a2)
- subu a3,4
- ld t1,8(a1)
- and AT,a3,MINUS4
- ld t2,16(a1)
- PTR_ADD a2,32
- ld t3,24(a1)
- PTR_ADD a0,32
- ld ta1,-24(a2)
- PTR_ADD a1,32
- ld ta2,-16(a2)
- ld ta3,-8(a2)
- daddu ta0,t0
- sltu t8,ta0,t0
- daddu t0,ta0,v0
- sltu v0,t0,ta0
- sd t0,-32(a0)
- daddu v0,t8
-
- daddu ta1,t1
- sltu t9,ta1,t1
- daddu t1,ta1,v0
- sltu v0,t1,ta1
- sd t1,-24(a0)
- daddu v0,t9
-
- daddu ta2,t2
- sltu t8,ta2,t2
- daddu t2,ta2,v0
- sltu v0,t2,ta2
- sd t2,-16(a0)
- daddu v0,t8
-
- daddu ta3,t3
- sltu t9,ta3,t3
- daddu t3,ta3,v0
- sltu v0,t3,ta3
- sd t3,-8(a0)
- daddu v0,t9
-
- .set noreorder
- bgtzl AT,.L_bn_add_words_loop
- ld t0,0(a1)
-
- bnezl a3,.L_bn_add_words_tail
- ld t0,0(a1)
- .set reorder
-
-.L_bn_add_words_return:
- jr ra
-
-.L_bn_add_words_tail:
- ld ta0,0(a2)
- daddu ta0,t0
- subu a3,1
- sltu t8,ta0,t0
- daddu t0,ta0,v0
- sltu v0,t0,ta0
- sd t0,0(a0)
- daddu v0,t8
- beqz a3,.L_bn_add_words_return
-
- ld t1,8(a1)
- ld ta1,8(a2)
- daddu ta1,t1
- subu a3,1
- sltu t9,ta1,t1
- daddu t1,ta1,v0
- sltu v0,t1,ta1
- sd t1,8(a0)
- daddu v0,t9
- beqz a3,.L_bn_add_words_return
-
- ld t2,16(a1)
- ld ta2,16(a2)
- daddu ta2,t2
- sltu t8,ta2,t2
- daddu t2,ta2,v0
- sltu v0,t2,ta2
- sd t2,16(a0)
- daddu v0,t8
- jr ra
-END(bn_add_words)
-
-.align 5
-LEAF(bn_sub_words)
- .set noreorder
- bgtzl a3,.L_bn_sub_words_proceed
- ld t0,0(a1)
- jr ra
- move v0,zero
- .set reorder
-
-.L_bn_sub_words_proceed:
- li MINUS4,-4
- and AT,a3,MINUS4
- move v0,zero
- beqz AT,.L_bn_sub_words_tail
-
-.L_bn_sub_words_loop:
- ld ta0,0(a2)
- subu a3,4
- ld t1,8(a1)
- and AT,a3,MINUS4
- ld t2,16(a1)
- PTR_ADD a2,32
- ld t3,24(a1)
- PTR_ADD a0,32
- ld ta1,-24(a2)
- PTR_ADD a1,32
- ld ta2,-16(a2)
- ld ta3,-8(a2)
- sltu t8,t0,ta0
- dsubu t0,ta0
- dsubu ta0,t0,v0
- sd ta0,-32(a0)
- MOVNZ (t0,v0,t8)
-
- sltu t9,t1,ta1
- dsubu t1,ta1
- dsubu ta1,t1,v0
- sd ta1,-24(a0)
- MOVNZ (t1,v0,t9)
-
-
- sltu t8,t2,ta2
- dsubu t2,ta2
- dsubu ta2,t2,v0
- sd ta2,-16(a0)
- MOVNZ (t2,v0,t8)
-
- sltu t9,t3,ta3
- dsubu t3,ta3
- dsubu ta3,t3,v0
- sd ta3,-8(a0)
- MOVNZ (t3,v0,t9)
-
- .set noreorder
- bgtzl AT,.L_bn_sub_words_loop
- ld t0,0(a1)
-
- bnezl a3,.L_bn_sub_words_tail
- ld t0,0(a1)
- .set reorder
-
-.L_bn_sub_words_return:
- jr ra
-
-.L_bn_sub_words_tail:
- ld ta0,0(a2)
- subu a3,1
- sltu t8,t0,ta0
- dsubu t0,ta0
- dsubu ta0,t0,v0
- MOVNZ (t0,v0,t8)
- sd ta0,0(a0)
- beqz a3,.L_bn_sub_words_return
-
- ld t1,8(a1)
- subu a3,1
- ld ta1,8(a2)
- sltu t9,t1,ta1
- dsubu t1,ta1
- dsubu ta1,t1,v0
- MOVNZ (t1,v0,t9)
- sd ta1,8(a0)
- beqz a3,.L_bn_sub_words_return
-
- ld t2,16(a1)
- ld ta2,16(a2)
- sltu t8,t2,ta2
- dsubu t2,ta2
- dsubu ta2,t2,v0
- MOVNZ (t2,v0,t8)
- sd ta2,16(a0)
- jr ra
-END(bn_sub_words)
-
-#undef MINUS4
-
-.align 5
-LEAF(bn_div_3_words)
- .set reorder
- move a3,a0 /* we know that bn_div_words doesn't
- * touch a3, ta2, ta3 and preserves a2
- * so that we can save two arguments
- * and return address in registers
- * instead of stack:-)
- */
- ld a0,(a3)
- move ta2,a1
- ld a1,-8(a3)
- bne a0,a2,.L_bn_div_3_words_proceed
- li v0,-1
- jr ra
-.L_bn_div_3_words_proceed:
- move ta3,ra
- bal bn_div_words
- move ra,ta3
- dmultu ta2,v0
- ld t2,-16(a3)
- move ta0,zero
- mfhi t1
- mflo t0
- sltu t8,t1,v1
-.L_bn_div_3_words_inner_loop:
- bnez t8,.L_bn_div_3_words_inner_loop_done
- sgeu AT,t2,t0
- seq t9,t1,v1
- and AT,t9
- sltu t3,t0,ta2
- daddu v1,a2
- dsubu t1,t3
- dsubu t0,ta2
- sltu t8,t1,v1
- sltu ta0,v1,a2
- or t8,ta0
- .set noreorder
- beqzl AT,.L_bn_div_3_words_inner_loop
- dsubu v0,1
- .set reorder
-.L_bn_div_3_words_inner_loop_done:
- jr ra
-END(bn_div_3_words)
-
-.align 5
-LEAF(bn_div_words)
- .set noreorder
- bnezl a2,.L_bn_div_words_proceed
- move v1,zero
- jr ra
- li v0,-1 /* I'd rather signal div-by-zero
- * which can be done with 'break 7' */
-
-.L_bn_div_words_proceed:
- bltz a2,.L_bn_div_words_body
- move t9,v1
- dsll a2,1
- bgtz a2,.-4
- addu t9,1
-
- .set reorder
- negu t1,t9
- li t2,-1
- dsll t2,t1
- and t2,a0
- dsrl AT,a1,t1
- .set noreorder
- bnezl t2,.+8
- break 6 /* signal overflow */
- .set reorder
- dsll a0,t9
- dsll a1,t9
- or a0,AT
-
-#define QT ta0
-#define HH ta1
-#define DH v1
-.L_bn_div_words_body:
- dsrl DH,a2,32
- sgeu AT,a0,a2
- .set noreorder
- bnezl AT,.+8
- dsubu a0,a2
- .set reorder
-
- li QT,-1
- dsrl HH,a0,32
- dsrl QT,32 /* q=0xffffffff */
- beq DH,HH,.L_bn_div_words_skip_div1
- ddivu zero,a0,DH
- mflo QT
-.L_bn_div_words_skip_div1:
- dmultu a2,QT
- dsll t3,a0,32
- dsrl AT,a1,32
- or t3,AT
- mflo t0
- mfhi t1
-.L_bn_div_words_inner_loop1:
- sltu t2,t3,t0
- seq t8,HH,t1
- sltu AT,HH,t1
- and t2,t8
- sltu v0,t0,a2
- or AT,t2
- .set noreorder
- beqz AT,.L_bn_div_words_inner_loop1_done
- dsubu t1,v0
- dsubu t0,a2
- b .L_bn_div_words_inner_loop1
- dsubu QT,1
- .set reorder
-.L_bn_div_words_inner_loop1_done:
-
- dsll a1,32
- dsubu a0,t3,t0
- dsll v0,QT,32
-
- li QT,-1
- dsrl HH,a0,32
- dsrl QT,32 /* q=0xffffffff */
- beq DH,HH,.L_bn_div_words_skip_div2
- ddivu zero,a0,DH
- mflo QT
-.L_bn_div_words_skip_div2:
-#undef DH
- dmultu a2,QT
- dsll t3,a0,32
- dsrl AT,a1,32
- or t3,AT
- mflo t0
- mfhi t1
-.L_bn_div_words_inner_loop2:
- sltu t2,t3,t0
- seq t8,HH,t1
- sltu AT,HH,t1
- and t2,t8
- sltu v1,t0,a2
- or AT,t2
- .set noreorder
- beqz AT,.L_bn_div_words_inner_loop2_done
- dsubu t1,v1
- dsubu t0,a2
- b .L_bn_div_words_inner_loop2
- dsubu QT,1
- .set reorder
-.L_bn_div_words_inner_loop2_done:
-#undef HH
-
- dsubu a0,t3,t0
- or v0,QT
- dsrl v1,a0,t9 /* v1 contains remainder if anybody wants it */
- dsrl a2,t9 /* restore a2 */
- jr ra
-#undef QT
-END(bn_div_words)
-
-#define a_0 t0
-#define a_1 t1
-#define a_2 t2
-#define a_3 t3
-#define b_0 ta0
-#define b_1 ta1
-#define b_2 ta2
-#define b_3 ta3
-
-#define a_4 s0
-#define a_5 s2
-#define a_6 s4
-#define a_7 a1 /* once we load a[7] we don't need a anymore */
-#define b_4 s1
-#define b_5 s3
-#define b_6 s5
-#define b_7 a2 /* once we load b[7] we don't need b anymore */
-
-#define t_1 t8
-#define t_2 t9
-
-#define c_1 v0
-#define c_2 v1
-#define c_3 a3
-
-#define FRAME_SIZE 48
-
-.align 5
-LEAF(bn_mul_comba8)
- .set noreorder
- PTR_SUB sp,FRAME_SIZE
- .frame sp,64,ra
- .set reorder
- ld a_0,0(a1) /* If compiled with -mips3 option on
- * R5000 box assembler barks on this
- * line with "shouldn't have mult/div
- * as last instruction in bb (R10K
- * bug)" warning. If anybody out there
- * has a clue about how to circumvent
- * this do send me a note.
- * <appro@fy.chalmers.se>
- */
- ld b_0,0(a2)
- ld a_1,8(a1)
- ld a_2,16(a1)
- ld a_3,24(a1)
- ld b_1,8(a2)
- ld b_2,16(a2)
- ld b_3,24(a2)
- dmultu a_0,b_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
- sd s0,0(sp)
- sd s1,8(sp)
- sd s2,16(sp)
- sd s3,24(sp)
- sd s4,32(sp)
- sd s5,40(sp)
- mflo c_1
- mfhi c_2
-
- dmultu a_0,b_1 /* mul_add_c(a[0],b[1],c2,c3,c1); */
- ld a_4,32(a1)
- ld a_5,40(a1)
- ld a_6,48(a1)
- ld a_7,56(a1)
- ld b_4,32(a2)
- ld b_5,40(a2)
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu c_3,t_2,AT
- dmultu a_1,b_0 /* mul_add_c(a[1],b[0],c2,c3,c1); */
- ld b_6,48(a2)
- ld b_7,56(a2)
- sd c_1,0(a0) /* r[0]=c1; */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu c_1,c_3,t_2
- sd c_2,8(a0) /* r[1]=c2; */
-
- dmultu a_2,b_0 /* mul_add_c(a[2],b[0],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- dmultu a_1,b_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu c_2,c_1,t_2
- dmultu a_0,b_2 /* mul_add_c(a[0],b[2],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,16(a0) /* r[2]=c3; */
-
- dmultu a_0,b_3 /* mul_add_c(a[0],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu c_3,c_2,t_2
- dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_3,b_0 /* mul_add_c(a[3],b[0],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,24(a0) /* r[3]=c1; */
-
- dmultu a_4,b_0 /* mul_add_c(a[4],b[0],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu c_1,c_3,t_2
- dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_0,b_4 /* mul_add_c(a[0],b[4],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,32(a0) /* r[4]=c2; */
-
- dmultu a_0,b_5 /* mul_add_c(a[0],b[5],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu c_2,c_1,t_2
- dmultu a_1,b_4 /* mul_add_c(a[1],b[4],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_4,b_1 /* mul_add_c(a[4],b[1],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_5,b_0 /* mul_add_c(a[5],b[0],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,40(a0) /* r[5]=c3; */
-
- dmultu a_6,b_0 /* mul_add_c(a[6],b[0],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu c_3,c_2,t_2
- dmultu a_5,b_1 /* mul_add_c(a[5],b[1],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_4,b_2 /* mul_add_c(a[4],b[2],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_2,b_4 /* mul_add_c(a[2],b[4],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_1,b_5 /* mul_add_c(a[1],b[5],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_0,b_6 /* mul_add_c(a[0],b[6],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,48(a0) /* r[6]=c1; */
-
- dmultu a_0,b_7 /* mul_add_c(a[0],b[7],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu c_1,c_3,t_2
- dmultu a_1,b_6 /* mul_add_c(a[1],b[6],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_2,b_5 /* mul_add_c(a[2],b[5],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_3,b_4 /* mul_add_c(a[3],b[4],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_4,b_3 /* mul_add_c(a[4],b[3],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_5,b_2 /* mul_add_c(a[5],b[2],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_6,b_1 /* mul_add_c(a[6],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_7,b_0 /* mul_add_c(a[7],b[0],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,56(a0) /* r[7]=c2; */
-
- dmultu a_7,b_1 /* mul_add_c(a[7],b[1],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu c_2,c_1,t_2
- dmultu a_6,b_2 /* mul_add_c(a[6],b[2],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_5,b_3 /* mul_add_c(a[5],b[3],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_4,b_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_3,b_5 /* mul_add_c(a[3],b[5],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_2,b_6 /* mul_add_c(a[2],b[6],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_1,b_7 /* mul_add_c(a[1],b[7],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,64(a0) /* r[8]=c3; */
-
- dmultu a_2,b_7 /* mul_add_c(a[2],b[7],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu c_3,c_2,t_2
- dmultu a_3,b_6 /* mul_add_c(a[3],b[6],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_4,b_5 /* mul_add_c(a[4],b[5],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_5,b_4 /* mul_add_c(a[5],b[4],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_6,b_3 /* mul_add_c(a[6],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_7,b_2 /* mul_add_c(a[7],b[2],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,72(a0) /* r[9]=c1; */
-
- dmultu a_7,b_3 /* mul_add_c(a[7],b[3],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu c_1,c_3,t_2
- dmultu a_6,b_4 /* mul_add_c(a[6],b[4],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_5,b_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_4,b_6 /* mul_add_c(a[4],b[6],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_3,b_7 /* mul_add_c(a[3],b[7],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,80(a0) /* r[10]=c2; */
-
- dmultu a_4,b_7 /* mul_add_c(a[4],b[7],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu c_2,c_1,t_2
- dmultu a_5,b_6 /* mul_add_c(a[5],b[6],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_6,b_5 /* mul_add_c(a[6],b[5],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_7,b_4 /* mul_add_c(a[7],b[4],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,88(a0) /* r[11]=c3; */
-
- dmultu a_7,b_5 /* mul_add_c(a[7],b[5],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu c_3,c_2,t_2
- dmultu a_6,b_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_5,b_7 /* mul_add_c(a[5],b[7],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,96(a0) /* r[12]=c1; */
-
- dmultu a_6,b_7 /* mul_add_c(a[6],b[7],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu c_1,c_3,t_2
- dmultu a_7,b_6 /* mul_add_c(a[7],b[6],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,104(a0) /* r[13]=c2; */
-
- dmultu a_7,b_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */
- ld s0,0(sp)
- ld s1,8(sp)
- ld s2,16(sp)
- ld s3,24(sp)
- ld s4,32(sp)
- ld s5,40(sp)
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sd c_3,112(a0) /* r[14]=c3; */
- sd c_1,120(a0) /* r[15]=c1; */
-
- PTR_ADD sp,FRAME_SIZE
-
- jr ra
-END(bn_mul_comba8)
-
-.align 5
-LEAF(bn_mul_comba4)
- .set reorder
- ld a_0,0(a1)
- ld b_0,0(a2)
- ld a_1,8(a1)
- ld a_2,16(a1)
- dmultu a_0,b_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
- ld a_3,24(a1)
- ld b_1,8(a2)
- ld b_2,16(a2)
- ld b_3,24(a2)
- mflo c_1
- mfhi c_2
- sd c_1,0(a0)
-
- dmultu a_0,b_1 /* mul_add_c(a[0],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu c_3,t_2,AT
- dmultu a_1,b_0 /* mul_add_c(a[1],b[0],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu c_1,c_3,t_2
- sd c_2,8(a0)
-
- dmultu a_2,b_0 /* mul_add_c(a[2],b[0],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- dmultu a_1,b_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu c_2,c_1,t_2
- dmultu a_0,b_2 /* mul_add_c(a[0],b[2],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,16(a0)
-
- dmultu a_0,b_3 /* mul_add_c(a[0],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu c_3,c_2,t_2
- dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_3,b_0 /* mul_add_c(a[3],b[0],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,24(a0)
-
- dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu c_1,c_3,t_2
- dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,32(a0)
-
- dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu c_2,c_1,t_2
- dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,40(a0)
-
- dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sd c_1,48(a0)
- sd c_2,56(a0)
-
- jr ra
-END(bn_mul_comba4)
-
-#undef a_4
-#undef a_5
-#undef a_6
-#undef a_7
-#define a_4 b_0
-#define a_5 b_1
-#define a_6 b_2
-#define a_7 b_3
-
-.align 5
-LEAF(bn_sqr_comba8)
- .set reorder
- ld a_0,0(a1)
- ld a_1,8(a1)
- ld a_2,16(a1)
- ld a_3,24(a1)
-
- dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
- ld a_4,32(a1)
- ld a_5,40(a1)
- ld a_6,48(a1)
- ld a_7,56(a1)
- mflo c_1
- mfhi c_2
- sd c_1,0(a0)
-
- dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu c_3,t_2,AT
- sd c_2,8(a0)
-
- dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,16(a0)
-
- dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,24(a0)
-
- dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,32(a0)
-
- dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,40(a0)
-
- dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,48(a0)
-
- dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,56(a0)
-
- dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_4,a_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,64(a0)
-
- dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,72(a0)
-
- dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_5,a_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,80(a0)
-
- dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,88(a0)
-
- dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,96(a0)
-
- dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,104(a0)
-
- dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sd c_3,112(a0)
- sd c_1,120(a0)
-
- jr ra
-END(bn_sqr_comba8)
-
-.align 5
-LEAF(bn_sqr_comba4)
- .set reorder
- ld a_0,0(a1)
- ld a_1,8(a1)
- ld a_2,16(a1)
- ld a_3,24(a1)
- dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
- mflo c_1
- mfhi c_2
- sd c_1,0(a0)
-
- dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu c_3,t_2,AT
- sd c_2,8(a0)
-
- dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,16(a0)
-
- dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,24(a0)
-
- dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,32(a0)
-
- dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,40(a0)
-
- dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sd c_1,48(a0)
- sd c_2,56(a0)
-
- jr ra
-END(bn_sqr_comba4)
diff --git a/crypto/openssl/crypto/bn/asm/x86_64-gcc.c b/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
index 31476ab..2d39407 100644
--- a/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
+++ b/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
@@ -273,6 +273,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
+/*
+ * Keep in mind that carrying into high part of multiplication result
+ * can not overflow, because it cannot be all-ones.
+ */
#if 0
/* original macros are kept for reference purposes */
#define mul_add_c(a,b,c0,c1,c2) { \
@@ -287,10 +291,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
BN_ULONG ta=(a),tb=(b),t0; \
t1 = BN_UMULT_HIGH(ta,tb); \
t0 = ta * tb; \
- t2 = t1+t1; c2 += (t2<t1)?1:0; \
- t1 = t0+t0; t2 += (t1<t0)?1:0; \
- c0 += t1; t2 += (c0<t1)?1:0; \
+ c0 += t0; t2 = t1+((c0<t0)?1:0);\
c1 += t2; c2 += (c1<t2)?1:0; \
+ c0 += t0; t1 += (c0<t0)?1:0; \
+ c1 += t1; c2 += (c1<t1)?1:0; \
}
#else
#define mul_add_c(a,b,c0,c1,c2) do { \
@@ -328,22 +332,14 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
: "=a"(t1),"=d"(t2) \
: "a"(a),"m"(b) \
: "cc"); \
- asm ("addq %0,%0; adcq %2,%1" \
- : "+d"(t2),"+r"(c2) \
- : "g"(0) \
- : "cc"); \
- asm ("addq %0,%0; adcq %2,%1" \
- : "+a"(t1),"+d"(t2) \
- : "g"(0) \
- : "cc"); \
- asm ("addq %2,%0; adcq %3,%1" \
- : "+r"(c0),"+d"(t2) \
- : "a"(t1),"g"(0) \
- : "cc"); \
- asm ("addq %2,%0; adcq %3,%1" \
- : "+r"(c1),"+r"(c2) \
- : "d"(t2),"g"(0) \
- : "cc"); \
+ asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \
+ : "+r"(c0),"+r"(c1),"+r"(c2) \
+ : "r"(t1),"r"(t2),"g"(0) \
+ : "cc"); \
+ asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \
+ : "+r"(c0),"+r"(c1),"+r"(c2) \
+ : "r"(t1),"r"(t2),"g"(0) \
+ : "cc"); \
} while (0)
#endif
diff --git a/crypto/openssl/crypto/bn/bn.h b/crypto/openssl/crypto/bn/bn.h
index 21a1a3f..c4d6185 100644
--- a/crypto/openssl/crypto/bn/bn.h
+++ b/crypto/openssl/crypto/bn/bn.h
@@ -780,7 +780,9 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
#define bn_wcheck_size(bn, words) \
do { \
const BIGNUM *_bnum2 = (bn); \
- assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
+ assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \
+ /* avoid unused variable warning with NDEBUG */ \
+ (void)(_bnum2); \
} while(0)
#else /* !BN_DEBUG */
diff --git a/crypto/openssl/crypto/bn/bn_asm.c b/crypto/openssl/crypto/bn/bn_asm.c
index c43c91c..a33b634 100644
--- a/crypto/openssl/crypto/bn/bn_asm.c
+++ b/crypto/openssl/crypto/bn/bn_asm.c
@@ -438,6 +438,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
+/*
+ * Keep in mind that carrying into high part of multiplication result
+ * can not overflow, because it cannot be all-ones.
+ */
#ifdef BN_LLONG
#define mul_add_c(a,b,c0,c1,c2) \
t=(BN_ULLONG)a*b; \
@@ -478,10 +482,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
#define mul_add_c2(a,b,c0,c1,c2) { \
BN_ULONG ta=(a),tb=(b),t0; \
BN_UMULT_LOHI(t0,t1,ta,tb); \
- t2 = t1+t1; c2 += (t2<t1)?1:0; \
- t1 = t0+t0; t2 += (t1<t0)?1:0; \
- c0 += t1; t2 += (c0<t1)?1:0; \
+ c0 += t0; t2 = t1+((c0<t0)?1:0);\
c1 += t2; c2 += (c1<t2)?1:0; \
+ c0 += t0; t1 += (c0<t0)?1:0; \
+ c1 += t1; c2 += (c1<t1)?1:0; \
}
#define sqr_add_c(a,i,c0,c1,c2) { \
@@ -508,10 +512,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
BN_ULONG ta=(a),tb=(b),t0; \
t1 = BN_UMULT_HIGH(ta,tb); \
t0 = ta * tb; \
- t2 = t1+t1; c2 += (t2<t1)?1:0; \
- t1 = t0+t0; t2 += (t1<t0)?1:0; \
- c0 += t1; t2 += (c0<t1)?1:0; \
+ c0 += t0; t2 = t1+((c0<t0)?1:0);\
c1 += t2; c2 += (c1<t2)?1:0; \
+ c0 += t0; t1 += (c0<t0)?1:0; \
+ c1 += t1; c2 += (c1<t1)?1:0; \
}
#define sqr_add_c(a,i,c0,c1,c2) { \
diff --git a/crypto/openssl/crypto/bn/bn_ctx.c b/crypto/openssl/crypto/bn/bn_ctx.c
index 3f2256f..90aa3ae 100644
--- a/crypto/openssl/crypto/bn/bn_ctx.c
+++ b/crypto/openssl/crypto/bn/bn_ctx.c
@@ -158,7 +158,7 @@ static void ctxdbg(BN_CTX *ctx)
unsigned int bnidx = 0, fpidx = 0;
BN_POOL_ITEM *item = ctx->pool.head;
BN_STACK *stack = &ctx->stack;
- fprintf(stderr,"(%08x): ", (unsigned int)ctx);
+ fprintf(stderr,"(%16p): ", ctx);
while(bnidx < ctx->used)
{
fprintf(stderr,"%03x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
diff --git a/crypto/openssl/crypto/bn/bn_div.c b/crypto/openssl/crypto/bn/bn_div.c
index 7b24031..0ec90e8 100644
--- a/crypto/openssl/crypto/bn/bn_div.c
+++ b/crypto/openssl/crypto/bn/bn_div.c
@@ -189,15 +189,17 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
int no_branch=0;
/* Invalid zero-padding would have particularly bad consequences
- * in the case of 'num', so don't just rely on bn_check_top() for this one
+ * so don't just rely on bn_check_top() here
* (bn_check_top() works only for BN_DEBUG builds) */
- if (num->top > 0 && num->d[num->top - 1] == 0)
+ if ((num->top > 0 && num->d[num->top - 1] == 0) ||
+ (divisor->top > 0 && divisor->d[divisor->top - 1] == 0))
{
BNerr(BN_F_BN_DIV,BN_R_NOT_INITIALIZED);
return 0;
}
bn_check_top(num);
+ bn_check_top(divisor);
if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0))
{
@@ -207,7 +209,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
bn_check_top(dv);
bn_check_top(rm);
/* bn_check_top(num); */ /* 'num' has been checked already */
- bn_check_top(divisor);
+ /* bn_check_top(divisor); */ /* 'divisor' has been checked already */
if (BN_is_zero(divisor))
{
diff --git a/crypto/openssl/crypto/bn/bntest.c b/crypto/openssl/crypto/bn/bntest.c
index 06f5954..48bc633 100644
--- a/crypto/openssl/crypto/bn/bntest.c
+++ b/crypto/openssl/crypto/bn/bntest.c
@@ -107,6 +107,7 @@ int test_mod(BIO *bp,BN_CTX *ctx);
int test_mod_mul(BIO *bp,BN_CTX *ctx);
int test_mod_exp(BIO *bp,BN_CTX *ctx);
int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx);
+int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx);
int test_exp(BIO *bp,BN_CTX *ctx);
int test_gf2m_add(BIO *bp);
int test_gf2m_mod(BIO *bp);
@@ -249,6 +250,7 @@ int main(int argc, char *argv[])
message(out,"BN_mod_exp_mont_consttime");
if (!test_mod_exp_mont_consttime(out,ctx)) goto err;
+ if (!test_mod_exp_mont5(out,ctx)) goto err;
(void)BIO_flush(out);
message(out,"BN_exp");
@@ -676,44 +678,98 @@ int test_mul(BIO *bp)
int test_sqr(BIO *bp, BN_CTX *ctx)
{
- BIGNUM a,c,d,e;
- int i;
+ BIGNUM *a,*c,*d,*e;
+ int i, ret = 0;
- BN_init(&a);
- BN_init(&c);
- BN_init(&d);
- BN_init(&e);
+ a = BN_new();
+ c = BN_new();
+ d = BN_new();
+ e = BN_new();
+ if (a == NULL || c == NULL || d == NULL || e == NULL)
+ {
+ goto err;
+ }
for (i=0; i<num0; i++)
{
- BN_bntest_rand(&a,40+i*10,0,0);
- a.neg=rand_neg();
- BN_sqr(&c,&a,ctx);
+ BN_bntest_rand(a,40+i*10,0,0);
+ a->neg=rand_neg();
+ BN_sqr(c,a,ctx);
if (bp != NULL)
{
if (!results)
{
- BN_print(bp,&a);
+ BN_print(bp,a);
BIO_puts(bp," * ");
- BN_print(bp,&a);
+ BN_print(bp,a);
BIO_puts(bp," - ");
}
- BN_print(bp,&c);
+ BN_print(bp,c);
BIO_puts(bp,"\n");
}
- BN_div(&d,&e,&c,&a,ctx);
- BN_sub(&d,&d,&a);
- if(!BN_is_zero(&d) || !BN_is_zero(&e))
- {
- fprintf(stderr,"Square test failed!\n");
- return 0;
- }
+ BN_div(d,e,c,a,ctx);
+ BN_sub(d,d,a);
+ if(!BN_is_zero(d) || !BN_is_zero(e))
+ {
+ fprintf(stderr,"Square test failed!\n");
+ goto err;
+ }
}
- BN_free(&a);
- BN_free(&c);
- BN_free(&d);
- BN_free(&e);
- return(1);
+
+ /* Regression test for a BN_sqr overflow bug. */
+ BN_hex2bn(&a,
+ "80000000000000008000000000000001FFFFFFFFFFFFFFFE0000000000000000");
+ BN_sqr(c, a, ctx);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," * ");
+ BN_print(bp,a);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,c);
+ BIO_puts(bp,"\n");
+ }
+ BN_mul(d, a, a, ctx);
+ if (BN_cmp(c, d))
+ {
+ fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
+ "different results!\n");
+ goto err;
+ }
+
+ /* Regression test for a BN_sqr overflow bug. */
+ BN_hex2bn(&a,
+ "80000000000000000000000080000001FFFFFFFE000000000000000000000000");
+ BN_sqr(c, a, ctx);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," * ");
+ BN_print(bp,a);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,c);
+ BIO_puts(bp,"\n");
+ }
+ BN_mul(d, a, a, ctx);
+ if (BN_cmp(c, d))
+ {
+ fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
+ "different results!\n");
+ goto err;
+ }
+ ret = 1;
+err:
+ if (a != NULL) BN_free(a);
+ if (c != NULL) BN_free(c);
+ if (d != NULL) BN_free(d);
+ if (e != NULL) BN_free(e);
+ return ret;
}
int test_mont(BIO *bp, BN_CTX *ctx)
@@ -1012,6 +1068,80 @@ int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
return(1);
}
+/* Test constant-time modular exponentiation with 1024-bit inputs,
+ * which on x86_64 cause a different code branch to be taken.
+ */
+int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx)
+ {
+ BIGNUM *a,*p,*m,*d,*e;
+
+ BN_MONT_CTX *mont;
+
+ a=BN_new();
+ p=BN_new();
+ m=BN_new();
+ d=BN_new();
+ e=BN_new();
+
+ mont = BN_MONT_CTX_new();
+
+ BN_bntest_rand(m,1024,0,1); /* must be odd for montgomery */
+ /* Zero exponent */
+ BN_bntest_rand(a,1024,0,0);
+ BN_zero(p);
+ if(!BN_mod_exp_mont_consttime(d,a,p,m,ctx,NULL))
+ return 0;
+ if(!BN_is_one(d))
+ {
+ fprintf(stderr, "Modular exponentiation test failed!\n");
+ return 0;
+ }
+ /* Zero input */
+ BN_bntest_rand(p,1024,0,0);
+ BN_zero(a);
+ if(!BN_mod_exp_mont_consttime(d,a,p,m,ctx,NULL))
+ return 0;
+ if(!BN_is_zero(d))
+ {
+ fprintf(stderr, "Modular exponentiation test failed!\n");
+ return 0;
+ }
+ /* Craft an input whose Montgomery representation is 1,
+ * i.e., shorter than the modulus m, in order to test
+ * the const time precomputation scattering/gathering.
+ */
+ BN_one(a);
+ BN_MONT_CTX_set(mont,m,ctx);
+ if(!BN_from_montgomery(e,a,mont,ctx))
+ return 0;
+ if(!BN_mod_exp_mont_consttime(d,e,p,m,ctx,NULL))
+ return 0;
+ if(!BN_mod_exp_simple(a,e,p,m,ctx))
+ return 0;
+ if(BN_cmp(a,d) != 0)
+ {
+ fprintf(stderr,"Modular exponentiation test failed!\n");
+ return 0;
+ }
+ /* Finally, some regular test vectors. */
+ BN_bntest_rand(e,1024,0,0);
+ if(!BN_mod_exp_mont_consttime(d,e,p,m,ctx,NULL))
+ return 0;
+ if(!BN_mod_exp_simple(a,e,p,m,ctx))
+ return 0;
+ if(BN_cmp(a,d) != 0)
+ {
+ fprintf(stderr,"Modular exponentiation test failed!\n");
+ return 0;
+ }
+ BN_free(a);
+ BN_free(p);
+ BN_free(m);
+ BN_free(d);
+ BN_free(e);
+ return(1);
+ }
+
int test_exp(BIO *bp, BN_CTX *ctx)
{
BIGNUM *a,*b,*d,*e,*one;
diff --git a/crypto/openssl/crypto/constant_time_locl.h b/crypto/openssl/crypto/constant_time_locl.h
index c048393..8af98c1 100644
--- a/crypto/openssl/crypto/constant_time_locl.h
+++ b/crypto/openssl/crypto/constant_time_locl.h
@@ -129,17 +129,12 @@ static inline int constant_time_select_int(unsigned int mask, int a, int b);
static inline unsigned int constant_time_msb(unsigned int a)
{
- return (unsigned int)((int)(a) >> (sizeof(int) * 8 - 1));
+ return 0-(a >> (sizeof(a) * 8 - 1));
}
static inline unsigned int constant_time_lt(unsigned int a, unsigned int b)
{
- unsigned int lt;
- /* Case 1: msb(a) == msb(b). a < b iff the MSB of a - b is set.*/
- lt = ~(a ^ b) & (a - b);
- /* Case 2: msb(a) != msb(b). a < b iff the MSB of b is set. */
- lt |= ~a & b;
- return constant_time_msb(lt);
+ return constant_time_msb(a^((a^b)|((a-b)^b)));
}
static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b)
@@ -149,12 +144,7 @@ static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b)
static inline unsigned int constant_time_ge(unsigned int a, unsigned int b)
{
- unsigned int ge;
- /* Case 1: msb(a) == msb(b). a >= b iff the MSB of a - b is not set.*/
- ge = ~((a ^ b) | (a - b));
- /* Case 2: msb(a) != msb(b). a >= b iff the MSB of a is set. */
- ge |= a & ~b;
- return constant_time_msb(ge);
+ return ~constant_time_lt(a, b);
}
static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b)
@@ -204,7 +194,7 @@ static inline unsigned char constant_time_select_8(unsigned char mask,
return (unsigned char)(constant_time_select(mask, a, b));
}
-inline int constant_time_select_int(unsigned int mask, int a, int b)
+static inline int constant_time_select_int(unsigned int mask, int a, int b)
{
return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
}
diff --git a/crypto/openssl/crypto/cversion.c b/crypto/openssl/crypto/cversion.c
index ea9f25f..0336ada 100644
--- a/crypto/openssl/crypto/cversion.c
+++ b/crypto/openssl/crypto/cversion.c
@@ -69,10 +69,7 @@ const char *SSLeay_version(int t)
if (t == SSLEAY_BUILT_ON)
{
#ifdef DATE
- static char buf[sizeof(DATE)+11];
-
- BIO_snprintf(buf,sizeof buf,"built on: %s",DATE);
- return(buf);
+ return(DATE);
#else
return("built on: date not available");
#endif
@@ -80,10 +77,7 @@ const char *SSLeay_version(int t)
if (t == SSLEAY_CFLAGS)
{
#ifdef CFLAGS
- static char buf[sizeof(CFLAGS)+11];
-
- BIO_snprintf(buf,sizeof buf,"compiler: %s",CFLAGS);
- return(buf);
+ return(cflags);
#else
return("compiler: information not available");
#endif
@@ -91,10 +85,7 @@ const char *SSLeay_version(int t)
if (t == SSLEAY_PLATFORM)
{
#ifdef PLATFORM
- static char buf[sizeof(PLATFORM)+11];
-
- BIO_snprintf(buf,sizeof buf,"platform: %s", PLATFORM);
- return(buf);
+ return(PLATFORM);
#else
return("platform: information not available");
#endif
diff --git a/crypto/openssl/crypto/dsa/dsa_asn1.c b/crypto/openssl/crypto/dsa/dsa_asn1.c
index 6058534..473af87 100644
--- a/crypto/openssl/crypto/dsa/dsa_asn1.c
+++ b/crypto/openssl/crypto/dsa/dsa_asn1.c
@@ -176,13 +176,25 @@ int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
const unsigned char *sigbuf, int siglen, DSA *dsa)
{
DSA_SIG *s;
+ const unsigned char *p = sigbuf;
+ unsigned char *der = NULL;
+ int derlen = -1;
int ret=-1;
s = DSA_SIG_new();
if (s == NULL) return(ret);
- if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
+ if (d2i_DSA_SIG(&s,&p,siglen) == NULL) goto err;
+ /* Ensure signature uses DER and doesn't have trailing garbage */
+ derlen = i2d_DSA_SIG(s, &der);
+ if (derlen != siglen || memcmp(sigbuf, der, derlen))
+ goto err;
ret=DSA_do_verify(dgst,dgst_len,s,dsa);
err:
+ if (derlen > 0)
+ {
+ OPENSSL_cleanse(der, derlen);
+ OPENSSL_free(der);
+ }
DSA_SIG_free(s);
return(ret);
}
diff --git a/crypto/openssl/crypto/dso/dso_dlfcn.c b/crypto/openssl/crypto/dso/dso_dlfcn.c
index 4a56aac..faa9d76 100644
--- a/crypto/openssl/crypto/dso/dso_dlfcn.c
+++ b/crypto/openssl/crypto/dso/dso_dlfcn.c
@@ -60,10 +60,8 @@
that handle _GNU_SOURCE and other similar macros. Defining it later
is simply too late, because those headers are protected from re-
inclusion. */
-#ifdef __linux
-# ifndef _GNU_SOURCE
-# define _GNU_SOURCE /* make sure dladdr is declared */
-# endif
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE /* make sure dladdr is declared */
#endif
#include <stdio.h>
diff --git a/crypto/openssl/crypto/ec/ec_lib.c b/crypto/openssl/crypto/ec/ec_lib.c
index e2c4741..0992c39 100644
--- a/crypto/openssl/crypto/ec/ec_lib.c
+++ b/crypto/openssl/crypto/ec/ec_lib.c
@@ -68,7 +68,7 @@
#include "ec_lcl.h"
-static const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT;
+const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT;
/* functions for EC_GROUP objects */
diff --git a/crypto/openssl/crypto/ec/ec_mult.c b/crypto/openssl/crypto/ec/ec_mult.c
index 19f2167..e81200b 100644
--- a/crypto/openssl/crypto/ec/ec_mult.c
+++ b/crypto/openssl/crypto/ec/ec_mult.c
@@ -445,15 +445,16 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]);
wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space for pivot */
val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]);
-
+
+ /* Ensure wNAF is initialised in case we end up going to err */
+ if (wNAF) wNAF[0] = NULL; /* preliminary pivot */
+
if (!wsize || !wNAF_len || !wNAF || !val_sub)
{
ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
goto err;
}
- wNAF[0] = NULL; /* preliminary pivot */
-
/* num_val will be the total number of temporarily precomputed points */
num_val = 0;
diff --git a/crypto/openssl/crypto/ec/ec_pmeth.c b/crypto/openssl/crypto/ec/ec_pmeth.c
index 66ee397..b62b532 100644
--- a/crypto/openssl/crypto/ec/ec_pmeth.c
+++ b/crypto/openssl/crypto/ec/ec_pmeth.c
@@ -167,6 +167,7 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
return ret;
}
+#ifndef OPENSSL_NO_ECDH
static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
{
int ret;
@@ -200,6 +201,7 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
*keylen = ret;
return 1;
}
+#endif
static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
{
@@ -333,7 +335,11 @@ const EVP_PKEY_METHOD ec_pkey_meth =
0,0,
0,
+#ifndef OPENSSL_NO_ECDH
pkey_ec_derive,
+#else
+ 0,
+#endif
pkey_ec_ctrl,
pkey_ec_ctrl_str
diff --git a/crypto/openssl/crypto/ec/ecp_nistp256.c b/crypto/openssl/crypto/ec/ecp_nistp256.c
index 4bc0f5d..b884f73 100644
--- a/crypto/openssl/crypto/ec/ecp_nistp256.c
+++ b/crypto/openssl/crypto/ec/ecp_nistp256.c
@@ -113,7 +113,6 @@ typedef u64 smallfelem[NLIMBS];
/* This is the value of the prime as four 64-bit words, little-endian. */
static const u64 kPrime[4] = { 0xfffffffffffffffful, 0xffffffff, 0, 0xffffffff00000001ul };
-static const limb bottom32bits = 0xffffffff;
static const u64 bottom63bits = 0x7ffffffffffffffful;
/* bin32_to_felem takes a little-endian byte array and converts it into felem
diff --git a/crypto/openssl/crypto/ec/ectest.c b/crypto/openssl/crypto/ec/ectest.c
index d1bf980..8e4154d 100644
--- a/crypto/openssl/crypto/ec/ectest.c
+++ b/crypto/openssl/crypto/ec/ectest.c
@@ -1366,7 +1366,7 @@ static const struct nistp_test_params nistp_tests_params[] =
},
};
-void nistp_single_test(const struct nistp_test_params *test)
+static void nistp_single_test(const struct nistp_test_params *test)
{
BN_CTX *ctx;
BIGNUM *p, *a, *b, *x, *y, *n, *m, *order;
@@ -1469,7 +1469,7 @@ void nistp_single_test(const struct nistp_test_params *test)
BN_CTX_free(ctx);
}
-void nistp_tests()
+static void nistp_tests()
{
unsigned i;
diff --git a/crypto/openssl/crypto/ecdsa/Makefile b/crypto/openssl/crypto/ecdsa/Makefile
index e89e0c0..60c876d 100644
--- a/crypto/openssl/crypto/ecdsa/Makefile
+++ b/crypto/openssl/crypto/ecdsa/Makefile
@@ -126,15 +126,16 @@ ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
ecs_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ecs_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
ecs_sign.o: ecs_locl.h ecs_sign.c
-ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
+ecs_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
+ecs_vrf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ecs_vrf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+ecs_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
ecs_vrf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
ecs_vrf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
ecs_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-ecs_vrf.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_vrf.c
+ecs_vrf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ecs_locl.h ecs_vrf.c
diff --git a/crypto/openssl/crypto/ecdsa/ecs_vrf.c b/crypto/openssl/crypto/ecdsa/ecs_vrf.c
index ef9acf7..2836efe 100644
--- a/crypto/openssl/crypto/ecdsa/ecs_vrf.c
+++ b/crypto/openssl/crypto/ecdsa/ecs_vrf.c
@@ -57,6 +57,7 @@
*/
#include "ecs_locl.h"
+#include "cryptlib.h"
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
@@ -84,13 +85,25 @@ int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
{
ECDSA_SIG *s;
+ const unsigned char *p = sigbuf;
+ unsigned char *der = NULL;
+ int derlen = -1;
int ret=-1;
s = ECDSA_SIG_new();
if (s == NULL) return(ret);
- if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err;
+ if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) goto err;
+ /* Ensure signature uses DER and doesn't have trailing garbage */
+ derlen = i2d_ECDSA_SIG(s, &der);
+ if (derlen != sig_len || memcmp(sigbuf, der, derlen))
+ goto err;
ret=ECDSA_do_verify(dgst, dgst_len, s, eckey);
err:
+ if (derlen > 0)
+ {
+ OPENSSL_cleanse(der, derlen);
+ OPENSSL_free(der);
+ }
ECDSA_SIG_free(s);
return(ret);
}
diff --git a/crypto/openssl/crypto/engine/eng_dyn.c b/crypto/openssl/crypto/engine/eng_dyn.c
index 807da7a..01db455 100644
--- a/crypto/openssl/crypto/engine/eng_dyn.c
+++ b/crypto/openssl/crypto/engine/eng_dyn.c
@@ -114,9 +114,6 @@ static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {
ENGINE_CMD_FLAG_NO_INPUT},
{0, NULL, NULL, 0}
};
-static const ENGINE_CMD_DEFN dynamic_cmd_defns_empty[] = {
- {0, NULL, NULL, 0}
- };
/* Loading code stores state inside the ENGINE structure via the "ex_data"
* element. We load all our state into a single structure and use that as a
diff --git a/crypto/openssl/crypto/evp/Makefile b/crypto/openssl/crypto/evp/Makefile
index fa25bff..5d0c6b7 100644
--- a/crypto/openssl/crypto/evp/Makefile
+++ b/crypto/openssl/crypto/evp/Makefile
@@ -383,7 +383,7 @@ evp_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
evp_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-evp_enc.o: ../constant_time_locl.h ../cryptlib.h evp_enc.c evp_locl.h
+evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h
evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
diff --git a/crypto/openssl/crypto/evp/e_des3.c b/crypto/openssl/crypto/evp/e_des3.c
index 8d7b7de..7e1e8b3 100644
--- a/crypto/openssl/crypto/evp/e_des3.c
+++ b/crypto/openssl/crypto/evp/e_des3.c
@@ -124,12 +124,11 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
#ifdef KSSL_DEBUG
{
int i;
- char *cp;
- printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len);
- printf("\t iv= ");
+ fprintf(stderr,"des_ede_cbc_cipher(ctx=%p, buflen=%d)\n", ctx, ctx->buf_len);
+ fprintf(stderr,"\t iv= ");
for(i=0;i<8;i++)
- printf("%02X",ctx->iv[i]);
- printf("\n");
+ fprintf(stderr,"%02X",ctx->iv[i]);
+ fprintf(stderr,"\n");
}
#endif /* KSSL_DEBUG */
while (inl>=EVP_MAXCHUNK)
@@ -260,11 +259,14 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
#ifdef KSSL_DEBUG
{
int i;
- printf("des_ede3_init_key(ctx=%lx)\n", ctx);
- printf("\tKEY= ");
- for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n");
- printf("\t IV= ");
- for(i=0;i<8;i++) printf("%02X",iv[i]); printf("\n");
+ fprintf(stderr,"des_ede3_init_key(ctx=%p)\n", ctx);
+ fprintf(stderr,"\tKEY= ");
+ for(i=0;i<24;i++) fprintf(stderr,"%02X",key[i]); fprintf(stderr,"\n");
+ if (iv)
+ {
+ fprintf(stderr,"\t IV= ");
+ for(i=0;i<8;i++) fprintf(stderr,"%02X",iv[i]); fprintf(stderr,"\n");
+ }
}
#endif /* KSSL_DEBUG */
diff --git a/crypto/openssl/crypto/evp/evp_enc.c b/crypto/openssl/crypto/evp/evp_enc.c
index 7b1842a..2e863ac 100644
--- a/crypto/openssl/crypto/evp/evp_enc.c
+++ b/crypto/openssl/crypto/evp/evp_enc.c
@@ -67,7 +67,6 @@
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
-#include "constant_time_locl.h"
#include "evp_locl.h"
#ifdef OPENSSL_FIPS
@@ -501,21 +500,21 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
- unsigned int i, b;
- unsigned char pad, padding_good;
+ int i,n;
+ unsigned int b;
*outl=0;
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
{
- int ret = M_do_cipher(ctx, out, NULL, 0);
- if (ret < 0)
+ i = M_do_cipher(ctx, out, NULL, 0);
+ if (i < 0)
return 0;
else
- *outl = ret;
+ *outl = i;
return 1;
}
- b=(unsigned int)(ctx->cipher->block_size);
+ b=ctx->cipher->block_size;
if (ctx->flags & EVP_CIPH_NO_PADDING)
{
if(ctx->buf_len)
@@ -534,34 +533,33 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
return(0);
}
OPENSSL_assert(b <= sizeof ctx->final);
- pad=ctx->final[b-1];
-
- padding_good = (unsigned char)(~constant_time_is_zero_8(pad));
- padding_good &= constant_time_ge_8(b, pad);
-
- for (i = 1; i < b; ++i)
- {
- unsigned char is_pad_index = constant_time_lt_8(i, pad);
- unsigned char pad_byte_good = constant_time_eq_8(ctx->final[b-i-1], pad);
- padding_good &= constant_time_select_8(is_pad_index, pad_byte_good, 0xff);
- }
/*
- * At least 1 byte is always padding, so we always write b - 1
- * bytes to avoid a timing leak. The caller is required to have |b|
- * bytes space in |out| by the API contract.
+ * The following assumes that the ciphertext has been authenticated.
+ * Otherwise it provides a padding oracle.
*/
- for (i = 0; i < b - 1; ++i)
- out[i] = ctx->final[i] & padding_good;
- /* Safe cast: for a good padding, EVP_MAX_IV_LENGTH >= b >= pad */
- *outl = padding_good & ((unsigned char)(b - pad));
- return padding_good & 1;
+ n=ctx->final[b-1];
+ if (n == 0 || n > (int)b)
+ {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
+ return(0);
+ }
+ for (i=0; i<n; i++)
+ {
+ if (ctx->final[--b] != n)
+ {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
+ return(0);
+ }
+ }
+ n=ctx->cipher->block_size-n;
+ for (i=0; i<n; i++)
+ out[i]=ctx->final[i];
+ *outl=n;
}
else
- {
- *outl = 0;
- return 1;
- }
+ *outl=0;
+ return(1);
}
void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
diff --git a/crypto/openssl/crypto/md32_common.h b/crypto/openssl/crypto/md32_common.h
index bb73819..a75f136 100644
--- a/crypto/openssl/crypto/md32_common.h
+++ b/crypto/openssl/crypto/md32_common.h
@@ -225,8 +225,7 @@
#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \
l|=(((unsigned long)(*((c)++)))<<16), \
l|=(((unsigned long)(*((c)++)))<< 8), \
- l|=(((unsigned long)(*((c)++))) ), \
- l)
+ l|=(((unsigned long)(*((c)++))) ) )
#endif
#ifndef HOST_l2c
#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
@@ -262,8 +261,7 @@
#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \
l|=(((unsigned long)(*((c)++)))<< 8), \
l|=(((unsigned long)(*((c)++)))<<16), \
- l|=(((unsigned long)(*((c)++)))<<24), \
- l)
+ l|=(((unsigned long)(*((c)++)))<<24) )
#endif
#ifndef HOST_l2c
#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
diff --git a/crypto/openssl/crypto/mem.c b/crypto/openssl/crypto/mem.c
index 1cc62ea..01052cf 100644
--- a/crypto/openssl/crypto/mem.c
+++ b/crypto/openssl/crypto/mem.c
@@ -255,10 +255,12 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line)
if (num <= 0) return NULL;
- allow_customize = 0;
+ if(allow_customize)
+ allow_customize = 0;
if (malloc_debug_func != NULL)
{
- allow_customize_debug = 0;
+ if(allow_customize_debug)
+ allow_customize_debug = 0;
malloc_debug_func(NULL, num, file, line, 0);
}
ret = malloc_locked_ex_func(num,file,line);
@@ -299,10 +301,12 @@ void *CRYPTO_malloc(int num, const char *file, int line)
if (num <= 0) return NULL;
- allow_customize = 0;
+ if(allow_customize)
+ allow_customize = 0;
if (malloc_debug_func != NULL)
{
- allow_customize_debug = 0;
+ if(allow_customize_debug)
+ allow_customize_debug = 0;
malloc_debug_func(NULL, num, file, line, 0);
}
ret = malloc_ex_func(num,file,line);
diff --git a/crypto/openssl/crypto/objects/obj_xref.h b/crypto/openssl/crypto/objects/obj_xref.h
index e23938c..33cb24b 100644
--- a/crypto/openssl/crypto/objects/obj_xref.h
+++ b/crypto/openssl/crypto/objects/obj_xref.h
@@ -43,9 +43,6 @@ static const nid_triple sigoid_srt[] =
static const nid_triple * const sigoid_srt_xref[] =
{
- &sigoid_srt[29],
- &sigoid_srt[17],
- &sigoid_srt[18],
&sigoid_srt[0],
&sigoid_srt[1],
&sigoid_srt[7],
diff --git a/crypto/openssl/crypto/objects/objxref.pl b/crypto/openssl/crypto/objects/objxref.pl
index 731d3ae..6c4c832 100755
--- a/crypto/openssl/crypto/objects/objxref.pl
+++ b/crypto/openssl/crypto/objects/objxref.pl
@@ -90,7 +90,10 @@ EOF
foreach (@srt2)
{
- my $x = $xref_tbl{$_}[2];
+ my ($p1, $p2, $x) = @{$xref_tbl{$_}};
+ # If digest or signature algorithm is "undef" then the algorithm
+ # needs special handling and is excluded from the cross reference table.
+ next if $p1 eq "undef" || $p2 eq "undef";
print "\t\&sigoid_srt\[$x\],\n";
}
diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/openssl/crypto/opensslv.h
index 2f94b87..a5dd9c46 100644
--- a/crypto/openssl/crypto/opensslv.h
+++ b/crypto/openssl/crypto/opensslv.h
@@ -29,11 +29,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x100010afL
+#define OPENSSL_VERSION_NUMBER 0x100010bfL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j-fips 15 Oct 2014"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1k-fips 8 Jan 2015"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j-freebsd 15 Oct 2014"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1k-freebsd 8 Jan 2015"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/crypto/openssl/crypto/sha/asm/sha1-mips.pl b/crypto/openssl/crypto/sha/asm/sha1-mips.pl
index f1a702f..197bc6b 100755
--- a/crypto/openssl/crypto/sha/asm/sha1-mips.pl
+++ b/crypto/openssl/crypto/sha/asm/sha1-mips.pl
@@ -64,7 +64,7 @@ if ($flavour =~ /64|n32/i) {
#
######################################################################
-$big_endian=(`echo MIPSEL | $ENV{CC} -E -P -`=~/MIPSEL/)?1:0;
+$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC});
for (@ARGV) { $output=$_ if (/^\w[\w\-]*\.\w+$/); }
open STDOUT,">$output";
diff --git a/crypto/openssl/crypto/sha/asm/sha512-mips.pl b/crypto/openssl/crypto/sha/asm/sha512-mips.pl
index ffa053b..6807a2c 100755
--- a/crypto/openssl/crypto/sha/asm/sha512-mips.pl
+++ b/crypto/openssl/crypto/sha/asm/sha512-mips.pl
@@ -68,7 +68,7 @@ $pf = ($flavour =~ /nubi/i) ? $t0 : $t2;
#
######################################################################
-$big_endian=(`echo MIPSEL | $ENV{CC} -E -P -`=~/MIPSEL/)?1:0;
+$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC});
for (@ARGV) { $output=$_ if (/^\w[\w\-]*\.\w+$/); }
open STDOUT,">$output";
diff --git a/crypto/openssl/crypto/ts/ts_rsp_sign.c b/crypto/openssl/crypto/ts/ts_rsp_sign.c
index b0f023c..2c0e94e 100644
--- a/crypto/openssl/crypto/ts/ts_rsp_sign.c
+++ b/crypto/openssl/crypto/ts/ts_rsp_sign.c
@@ -977,7 +977,7 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time,
if (precision > 0)
{
/* Add fraction of seconds (leave space for dot and null). */
- BIO_snprintf(p, 2 + precision, ".%ld", usec);
+ BIO_snprintf(p, 2 + precision, ".%06ld", usec);
/* We cannot use the snprintf return value,
because it might have been truncated. */
p += strlen(p);
diff --git a/crypto/openssl/crypto/x509/x509.h b/crypto/openssl/crypto/x509/x509.h
index 092dd74..ed767f8 100644
--- a/crypto/openssl/crypto/x509/x509.h
+++ b/crypto/openssl/crypto/x509/x509.h
@@ -768,6 +768,7 @@ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
X509_ALGOR *algor);
void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
X509_NAME *X509_NAME_dup(X509_NAME *xn);
X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
diff --git a/crypto/openssl/crypto/x509/x509_vpm.c b/crypto/openssl/crypto/x509/x509_vpm.c
index dfd89d8..ba546bd 100644
--- a/crypto/openssl/crypto/x509/x509_vpm.c
+++ b/crypto/openssl/crypto/x509/x509_vpm.c
@@ -89,6 +89,8 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
{
X509_VERIFY_PARAM *param;
param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
+ if (!param)
+ return NULL;
memset(param, 0, sizeof(X509_VERIFY_PARAM));
x509_verify_param_zero(param);
return param;
diff --git a/crypto/openssl/crypto/x509/x_all.c b/crypto/openssl/crypto/x509/x_all.c
index e06602d..fef55f8 100644
--- a/crypto/openssl/crypto/x509/x_all.c
+++ b/crypto/openssl/crypto/x509/x_all.c
@@ -72,6 +72,8 @@
int X509_verify(X509 *a, EVP_PKEY *r)
{
+ if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature))
+ return 0;
return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,
a->signature,a->cert_info,r));
}
diff --git a/crypto/openssl/doc/HOWTO/certificates.txt b/crypto/openssl/doc/HOWTO/certificates.txt
index a8a34c7..65f8fc8 100644
--- a/crypto/openssl/doc/HOWTO/certificates.txt
+++ b/crypto/openssl/doc/HOWTO/certificates.txt
@@ -3,22 +3,22 @@
1. Introduction
-How you handle certificates depend a great deal on what your role is.
+How you handle certificates depends a great deal on what your role is.
Your role can be one or several of:
- - User of some client software
- - User of some server software
+ - User of some client application
+ - User of some server application
- Certificate authority
This file is for users who wish to get a certificate of their own.
-Certificate authorities should read ca.txt.
+Certificate authorities should read https://www.openssl.org/docs/apps/ca.html.
In all the cases shown below, the standard configuration file, as
compiled into openssl, will be used. You may find it in /etc/,
-/usr/local/ssl/ or somewhere else. The name is openssl.cnf, and
-is better described in another HOWTO <config.txt?>. If you want to
-use a different configuration file, use the argument '-config {file}'
-with the command shown below.
+/usr/local/ssl/ or somewhere else. By default the file is named
+openssl.cnf and is described at https://www.openssl.org/docs/apps/config.html.
+You can specify a different configuration file using the
+'-config {file}' argument with the commands shown below.
2. Relationship with keys
@@ -29,24 +29,26 @@ somewhere. With OpenSSL, public keys are easily derived from private
keys, so before you create a certificate or a certificate request, you
need to create a private key.
-Private keys are generated with 'openssl genrsa' if you want a RSA
-private key, or 'openssl gendsa' if you want a DSA private key.
-Further information on how to create private keys can be found in
-another HOWTO <keys.txt?>. The rest of this text assumes you have
-a private key in the file privkey.pem.
+Private keys are generated with 'openssl genrsa -out privkey.pem' if
+you want a RSA private key, or if you want a DSA private key:
+'openssl dsaparam -out dsaparam.pem 2048; openssl gendsa -out privkey.pem dsaparam.pem'.
+
+The private keys created by these commands are not passphrase protected;
+it might or might not be the desirable thing. Further information on how to
+create private keys can be found at https://www.openssl.org/docs/HOWTO/keys.txt.
+The rest of this text assumes you have a private key in the file privkey.pem.
3. Creating a certificate request
-To create a certificate, you need to start with a certificate
-request (or, as some certificate authorities like to put
-it, "certificate signing request", since that's exactly what they do,
-they sign it and give you the result back, thus making it authentic
-according to their policies). A certificate request can then be sent
-to a certificate authority to get it signed into a certificate, or if
-you have your own certificate authority, you may sign it yourself, or
-if you need a self-signed certificate (because you just want a test
-certificate or because you are setting up your own CA).
+To create a certificate, you need to start with a certificate request
+(or, as some certificate authorities like to put it, "certificate
+signing request", since that's exactly what they do, they sign it and
+give you the result back, thus making it authentic according to their
+policies). A certificate request is sent to a certificate authority
+to get it signed into a certificate. You can also sign the certificate
+yourself if you have your own certificate authority or create a
+self-signed certificate (typically for testing purpose).
The certificate request is created like this:
@@ -55,12 +57,14 @@ The certificate request is created like this:
Now, cert.csr can be sent to the certificate authority, if they can
handle files in PEM format. If not, use the extra argument '-outform'
followed by the keyword for the format to use (see another HOWTO
-<formats.txt?>). In some cases, that isn't sufficient and you will
-have to be more creative.
+<formats.txt?>). In some cases, -outform does not let you output the
+certificate request in the right format and you will have to use one
+of the various other commands that are exposed by openssl (or get
+creative and use a combination of tools).
-When the certificate authority has then done the checks the need to
-do (and probably gotten payment from you), they will hand over your
-new certificate to you.
+The certificate authority performs various checks (according to their
+policies) and usually waits for payment from you. Once that is
+complete, they send you your new certificate.
Section 5 will tell you more on how to handle the certificate you
received.
@@ -68,11 +72,12 @@ received.
4. Creating a self-signed test certificate
-If you don't want to deal with another certificate authority, or just
-want to create a test certificate for yourself. This is similar to
-creating a certificate request, but creates a certificate instead of
-a certificate request. This is NOT the recommended way to create a
-CA certificate, see ca.txt.
+You can create a self-signed certificate if you don't want to deal
+with a certificate authority, or if you just want to create a test
+certificate for yourself. This is similar to creating a certificate
+request, but creates a certificate instead of a certificate request.
+This is NOT the recommended way to create a CA certificate, see
+https://www.openssl.org/docs/apps/ca.html.
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
@@ -93,13 +98,13 @@ certificate and your key to various formats, most often also putting
them together into one file. The ways to do this is described in
another HOWTO <formats.txt?>, I will just mention the simplest case.
In the case of a raw DER thing in PEM format, and assuming that's all
-right for yor applications, simply concatenating the certificate and
+right for your applications, simply concatenating the certificate and
the key into a new file and using that one should be enough. With
some applications, you don't even have to do that.
-By now, you have your cetificate and your private key and can start
-using the software that depend on it.
+By now, you have your certificate and your private key and can start
+using applications that depend on it.
--
Richard Levitte
diff --git a/crypto/openssl/doc/HOWTO/proxy_certificates.txt b/crypto/openssl/doc/HOWTO/proxy_certificates.txt
index f98ec36..d78be2f 100644
--- a/crypto/openssl/doc/HOWTO/proxy_certificates.txt
+++ b/crypto/openssl/doc/HOWTO/proxy_certificates.txt
@@ -1,74 +1,69 @@
-<DRAFT!>
HOWTO proxy certificates
0. WARNING
-NONE OF THE CODE PRESENTED HERE HAVE BEEN CHECKED! They are just an
-example to show you how things can be done. There may be typos or
-type conflicts, and you will have to resolve them.
+NONE OF THE CODE PRESENTED HERE HAS BEEN CHECKED! The code is just examples to
+show you how things could be done. There might be typos or type conflicts, and
+you will have to resolve them.
1. Introduction
-Proxy certificates are defined in RFC 3820. They are really usual
-certificates with the mandatory extension proxyCertInfo.
+Proxy certificates are defined in RFC 3820. They are really usual certificates
+with the mandatory extension proxyCertInfo.
-Proxy certificates are issued by an End Entity (typically a user),
-either directly with the EE certificate as issuing certificate, or by
-extension through an already issued proxy certificate.. They are used
-to extend rights to some other entity (a computer process, typically,
-or sometimes to the user itself), so it can perform operations in the
-name of the owner of the EE certificate.
+Proxy certificates are issued by an End Entity (typically a user), either
+directly with the EE certificate as issuing certificate, or by extension through
+an already issued proxy certificate. Proxy certificates are used to extend
+rights to some other entity (a computer process, typically, or sometimes to the
+user itself). This allows the entity to perform operations on behalf of the
+owner of the EE certificate.
See http://www.ietf.org/rfc/rfc3820.txt for more information.
2. A warning about proxy certificates
-Noone seems to have tested proxy certificates with security in mind.
-Basically, to this date, it seems that proxy certificates have only
-been used in a world that's highly aware of them. What would happen
-if an unsuspecting application is to validate a chain of certificates
-that contains proxy certificates? It would usually consider the leaf
-to be the certificate to check for authorisation data, and since proxy
-certificates are controlled by the EE certificate owner alone, it's
-would be normal to consider what the EE certificate owner could do
-with them.
+No one seems to have tested proxy certificates with security in mind. To this
+date, it seems that proxy certificates have only been used in a context highly
+aware of them.
-subjectAltName and issuerAltName are forbidden in proxy certificates,
-and this is enforced in OpenSSL. The subject must be the same as the
-issuer, with one commonName added on.
+Existing applications might misbehave when trying to validate a chain of
+certificates which use a proxy certificate. They might incorrectly consider the
+leaf to be the certificate to check for authorisation data, which is controlled
+by the EE certificate owner.
-Possible threats are, as far as has been imagined so far:
+subjectAltName and issuerAltName are forbidden in proxy certificates, and this
+is enforced in OpenSSL. The subject must be the same as the issuer, with one
+commonName added on.
+
+Possible threats we can think of at this time include:
- impersonation through commonName (think server certificates).
- - use of additional extensions, possibly non-standard ones used in
- certain environments, that would grant extra or different
- authorisation rights.
+ - use of additional extensions, possibly non-standard ones used in certain
+ environments, that would grant extra or different authorisation rights.
+
+For these reasons, OpenSSL requires that the use of proxy certificates be
+explicitly allowed. Currently, this can be done using the following methods:
-For this reason, OpenSSL requires that the use of proxy certificates
-be explicitely allowed. Currently, this can be done using the
-following methods:
+ - if the application directly calls X509_verify_cert(), it can first call:
- - if the application calls X509_verify_cert() itself, it can do the
- following prior to that call (ctx is the pointer passed in the call
- to X509_verify_cert()):
+ X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
- X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
+ Where ctx is the pointer which then gets passed to X509_verify_cert().
- - in all other cases, proxy certificate validation can be enabled
- before starting the application by setting the envirnoment variable
- OPENSSL_ALLOW_PROXY_CERTS with some non-empty value.
+ - proxy certificate validation can be enabled before starting the application
+ by setting the environment variable OPENSSL_ALLOW_PROXY_CERTS.
-There are thoughts to allow proxy certificates with a line in the
-default openssl.cnf, but that's still in the future.
+In the future, it might be possible to enable proxy certificates by editing
+openssl.cnf.
-3. How to create proxy cerificates
+3. How to create proxy certificates
-It's quite easy to create proxy certificates, by taking advantage of
-the lack of checks of the 'openssl x509' application (*ahem*). But
-first, you need to create a configuration section that contains a
-definition of the proxyCertInfo extension, a little like this:
+Creating proxy certificates is quite easy, by taking advantage of a lack of
+checks in the 'openssl x509' application (*ahem*). You must first create a
+configuration section that contains a definition of the proxyCertInfo extension,
+for example:
[ v3_proxy ]
# A proxy certificate MUST NEVER be a CA certificate.
@@ -77,10 +72,10 @@ definition of the proxyCertInfo extension, a little like this:
# Usual authority key ID
authorityKeyIdentifier=keyid,issuer:always
- # Now, for the extension that marks this certificate as a proxy one
+ # The extension which marks this certificate as a proxy
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
-It's also possible to give the proxy extension in a separate section:
+It's also possible to specify the proxy extension in a separate section:
proxyCertInfo=critical,@proxy_ext
@@ -89,96 +84,85 @@ It's also possible to give the proxy extension in a separate section:
pathlen=0
policy=text:BC
-The policy value has a specific syntax, {syntag}:{string}, where the
-syntag determines what will be done with the string. The recognised
-syntags are as follows:
-
- text indicates that the string is simply the bytes, not
- encoded in any kind of way:
+The policy value has a specific syntax, {syntag}:{string}, where the syntag
+determines what will be done with the string. The following syntags are
+recognised:
- policy=text:räksmörgås
+ text indicates that the string is simply bytes, without any encoding:
- Previous versions of this design had a specific tag
- for UTF-8 text. However, since the bytes are copied
- as-is anyway, there's no need for it. Instead, use
- the text: tag, like this:
+ policy=text:räksmörgås
- policy=text:räksmörgås
+ Previous versions of this design had a specific tag for UTF-8 text.
+ However, since the bytes are copied as-is anyway, there is no need for
+ such a specific tag.
- hex indicates the string is encoded in hex, with colons
- between each byte (every second hex digit):
+ hex indicates the string is encoded in hex, with colons between each byte
+ (every second hex digit):
- policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73
+ policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73
- Previous versions of this design had a tag to insert a
- complete DER blob. However, the only legal use for
- this would be to surround the bytes that would go with
- the hex: tag with what's needed to construct a correct
- OCTET STRING. Since hex: does that, the DER tag felt
- superfluous, and was therefore removed.
+ Previous versions of this design had a tag to insert a complete DER
+ blob. However, the only legal use for this would be to surround the
+ bytes that would go with the hex: tag with whatever is needed to
+ construct a correct OCTET STRING. The DER tag therefore felt
+ superfluous, and was removed.
- file indicates that the text of the policy should really be
- taken from a file. The string is then really a file
- name. This is useful for policies that are large
- (more than a few of lines) XML documents, for example.
+ file indicates that the text of the policy should really be taken from a
+ file. The string is then really a file name. This is useful for
+ policies that are large (more than a few lines, e.g. XML documents).
The 'policy' setting can be split up in multiple lines like this:
0.policy=This is
- 1.polisy= a multi-
+ 1.policy= a multi-
2.policy=line policy.
-NOTE: the proxy policy value is the part that determines the rights
-granted to the process using the proxy certificate. The value is
-completely dependent on the application reading and interpretting it!
+NOTE: the proxy policy value is the part which determines the rights granted to
+the process using the proxy certificate. The value is completely dependent on
+the application reading and interpreting it!
-Now that you have created an extension section for your proxy
-certificate, you can now easily create a proxy certificate like this:
+Now that you have created an extension section for your proxy certificate, you
+can easily create a proxy certificate by doing:
- openssl req -new -config openssl.cnf \
- -out proxy.req -keyout proxy.key
- openssl x509 -req -CAcreateserial -in proxy.req -days 7 \
- -out proxy.crt -CA user.crt -CAkey user.key \
- -extfile openssl.cnf -extensions v3_proxy
+ openssl req -new -config openssl.cnf -out proxy.req -keyout proxy.key
+ openssl x509 -req -CAcreateserial -in proxy.req -days 7 -out proxy.crt \
+ -CA user.crt -CAkey user.key -extfile openssl.cnf -extensions v3_proxy
-It's just as easy to create a proxy certificate using another proxy
-certificate as issuer (note that I'm using a different configuration
-section for it):
+You can also create a proxy certificate using another proxy certificate as
+issuer (note: I'm using a different configuration section for it):
- openssl req -new -config openssl.cnf \
- -out proxy2.req -keyout proxy2.key
- openssl x509 -req -CAcreateserial -in proxy2.req -days 7 \
- -out proxy2.crt -CA proxy.crt -CAkey proxy.key \
- -extfile openssl.cnf -extensions v3_proxy2
+ openssl req -new -config openssl.cnf -out proxy2.req -keyout proxy2.key
+ openssl x509 -req -CAcreateserial -in proxy2.req -days 7 -out proxy2.crt \
+ -CA proxy.crt -CAkey proxy.key -extfile openssl.cnf -extensions v3_proxy2
4. How to have your application interpret the policy?
-The basic way to interpret proxy policies is to prepare some default
-rights, then do a check of the proxy certificate against the a chain
-of proxy certificates, user certificate and CA certificates, and see
-what rights came out by the end. Sounds easy, huh? It almost is.
+The basic way to interpret proxy policies is to start with some default rights,
+then compute the resulting rights by checking the proxy certificate against
+the chain of proxy certificates, user certificate and CA certificates. You then
+use the final computed rights. Sounds easy, huh? It almost is.
-The slightly complicated part is how to pass data between your
+The slightly complicated part is figuring out how to pass data between your
application and the certificate validation procedure.
You need the following ingredients:
- - a callback routing that will be called for every certificate that's
- validated. It will be called several times for each certificates,
- so you must be attentive to when it's a good time to do the proxy
- policy interpretation and check, as well as to fill in the defaults
- when the EE certificate is checked.
+ - a callback function that will be called for every certificate being
+ validated. The callback be called several times for each certificate,
+ so you must be careful to do the proxy policy interpretation at the right
+ time. You also need to fill in the defaults when the EE certificate is
+ checked.
- - a structure of data that's shared between your application code and
- the callback.
+ - a data structure that is shared between your application code and the
+ callback.
- a wrapper function that sets it all up.
- - an ex_data index function that creates an index into the generic
- ex_data store that's attached to an X509 validation context.
+ - an ex_data index function that creates an index into the generic ex_data
+ store that is attached to an X509 validation context.
-This is some cookbook code for you to fill in:
+Here is some skeleton code you can fill in:
/* In this example, I will use a view of granted rights as a bit
array, one bit for each possible right. */
@@ -210,7 +194,7 @@ This is some cookbook code for you to fill in:
static int verify_callback(int ok, X509_STORE_CTX *ctx)
{
if (ok == 1) /* It's REALLY important you keep the proxy policy
- check within this secion. It's important to know
+ check within this section. It's important to know
that when ok is 1, the certificates are checked
from top to bottom. You get the CA root first,
followed by the possible chain of intermediate
@@ -221,7 +205,7 @@ This is some cookbook code for you to fill in:
if (xs->ex_flags & EXFLAG_PROXY)
{
- YOUR_RIGHTS *rights =
+ YOUR_RIGHTS *rights =
(YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
get_proxy_auth_ex_data_idx());
PROXY_CERT_INFO_EXTENSION *pci =
@@ -250,12 +234,12 @@ This is some cookbook code for you to fill in:
bit array and fill it with the rights granted by
the current proxy certificate, then use it as a
mask on the accumulated rights bit array, and
- voilà, you now have a new accumulated rights bit
+ voilà, you now have a new accumulated rights bit
array. */
{
int i;
YOUR_RIGHTS tmp_rights;
- memset(tmp_rights.rights, 0, sizeof(tmp_rights.rights));
+ memset(tmp_rights.rights, 0, sizeof(tmp_rights.rights));
/* process_rights() is supposed to be a procedure
that takes a string and it's length, interprets
@@ -276,7 +260,7 @@ This is some cookbook code for you to fill in:
{
/* We have a EE certificate, let's use it to set default!
*/
- YOUR_RIGHTS *rights =
+ YOUR_RIGHTS *rights =
(YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
get_proxy_auth_ex_data_idx());
diff --git a/crypto/openssl/doc/apps/dgst.pod b/crypto/openssl/doc/apps/dgst.pod
index b159d91..405847a 100644
--- a/crypto/openssl/doc/apps/dgst.pod
+++ b/crypto/openssl/doc/apps/dgst.pod
@@ -13,6 +13,8 @@ B<openssl> B<dgst>
[B<-hex>]
[B<-binary>]
[B<-r>]
+[B<-hmac arg>]
+[B<-non-fips-allow>]
[B<-out filename>]
[B<-sign filename>]
[B<-keyform arg>]
@@ -62,6 +64,15 @@ output the digest or signature in binary form.
output the digest in the "coreutils" format used by programs like B<sha1sum>.
+=item B<-hmac arg>
+
+set the HMAC key to "arg".
+
+=item B<-non-fips-allow>
+
+Allow use of non FIPS digest when in FIPS mode. This has no effect when not in
+FIPS mode.
+
=item B<-out filename>
filename to output to, or standard output by default.
diff --git a/crypto/openssl/doc/apps/ocsp.pod b/crypto/openssl/doc/apps/ocsp.pod
index af2e12e..38f026a 100644
--- a/crypto/openssl/doc/apps/ocsp.pod
+++ b/crypto/openssl/doc/apps/ocsp.pod
@@ -133,6 +133,10 @@ if the B<host> option is present then the OCSP request is sent to the host
B<hostname> on port B<port>. B<path> specifies the HTTP path name to use
or "/" by default.
+=item B<-timeout seconds>
+
+connection timeout to the OCSP responder in seconds
+
=item B<-CAfile file>, B<-CApath pathname>
file or pathname containing trusted CA certificates. These are used to verify
diff --git a/crypto/openssl/doc/crypto/EVP_EncryptInit.pod b/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
index 4e22edc..ed027b3 100644
--- a/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
+++ b/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
@@ -115,7 +115,7 @@ writes the encrypted version to B<out>. This function can be called
multiple times to encrypt successive blocks of data. The amount
of data written depends on the block alignment of the encrypted data:
as a result the amount of data written may be anything from zero bytes
-to (inl + cipher_block_size - 1) so B<outl> should contain sufficient
+to (inl + cipher_block_size - 1) so B<out> should contain sufficient
room. The actual number of bytes written is placed in B<outl>.
If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts
diff --git a/crypto/openssl/doc/crypto/EVP_PKEY_encrypt.pod b/crypto/openssl/doc/crypto/EVP_PKEY_encrypt.pod
index e495a81..6799ce1 100644
--- a/crypto/openssl/doc/crypto/EVP_PKEY_encrypt.pod
+++ b/crypto/openssl/doc/crypto/EVP_PKEY_encrypt.pod
@@ -43,19 +43,23 @@ indicates the operation is not supported by the public key algorithm.
=head1 EXAMPLE
-Encrypt data using OAEP (for RSA keys):
+Encrypt data using OAEP (for RSA keys). See also L<PEM_read_PUBKEY(3)|pem(3)> or
+L<d2i_X509(3)|d2i_X509(3)> for means to load a public key. You may also simply
+set 'eng = NULL;' to start with the default OpenSSL RSA implementation:
#include <openssl/evp.h>
#include <openssl/rsa.h>
+ #include <openssl/engine.h>
EVP_PKEY_CTX *ctx;
+ ENGINE *eng;
unsigned char *out, *in;
size_t outlen, inlen;
EVP_PKEY *key;
- /* NB: assumes key in, inlen are already set up
+ /* NB: assumes eng, key, in, inlen are already set up,
* and that key is an RSA public key
*/
- ctx = EVP_PKEY_CTX_new(key);
+ ctx = EVP_PKEY_CTX_new(key,eng);
if (!ctx)
/* Error occurred */
if (EVP_PKEY_encrypt_init(ctx) <= 0)
@@ -79,6 +83,8 @@ Encrypt data using OAEP (for RSA keys):
=head1 SEE ALSO
+L<d2i_X509(3)|d2i_X509(3)>,
+L<engine(3)|engine(3)>,
L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
diff --git a/crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod b/crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod
index 1afd008..043766c 100644
--- a/crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod
+++ b/crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod
@@ -81,14 +81,14 @@ Create an B<X509_NAME> structure:
nm = X509_NAME_new();
if (nm == NULL)
/* Some error */
- if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
- "C", "UK", -1, -1, 0))
+ if (!X509_NAME_add_entry_by_txt(nm, "C", MBSTRING_ASC,
+ "UK", -1, -1, 0))
/* Error */
- if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
- "O", "Disorganized Organization", -1, -1, 0))
+ if (!X509_NAME_add_entry_by_txt(nm, "O", MBSTRING_ASC,
+ "Disorganized Organization", -1, -1, 0))
/* Error */
- if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
- "CN", "Joe Bloggs", -1, -1, 0))
+ if (!X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC,
+ "Joe Bloggs", -1, -1, 0))
/* Error */
=head1 RETURN VALUES
diff --git a/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod b/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod
index 3b1f9ff..c8a8128 100644
--- a/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod
+++ b/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod
@@ -59,6 +59,10 @@ X509_NAME_get_index_by_OBJ() should be used followed by
X509_NAME_get_entry() on any matching indices and then the
various B<X509_NAME_ENTRY> utility functions on the result.
+The list of all relevant B<NID_*> and B<OBJ_* codes> can be found in
+the source code header files E<lt>openssl/obj_mac.hE<gt> and/or
+E<lt>openssl/objects.hE<gt>.
+
=head1 EXAMPLES
Process all entries:
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod
index 8cb669d..2a5aaa5 100644
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod
+++ b/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod
@@ -71,6 +71,16 @@ SSL_CTX->freelist_max_len, which defaults to 32. Using this flag can
save around 34k per idle SSL connection.
This flag has no effect on SSL v2 connections, or on DTLS connections.
+=item SSL_MODE_SEND_FALLBACK_SCSV
+
+Send TLS_FALLBACK_SCSV in the ClientHello.
+To be set only by applications that reconnect with a downgraded protocol
+version; see draft-ietf-tls-downgrade-scsv-00 for details.
+
+DO NOT ENABLE THIS if your application attempts a normal handshake.
+Only use this in explicit fallback retries, following the guidance
+in draft-ietf-tls-downgrade-scsv-00.
+
=back
=head1 RETURN VALUES
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
index 6e6b5e6..e80a72c 100644
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
+++ b/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
@@ -158,15 +158,7 @@ temporary/ephemeral DH parameters are used.
=item SSL_OP_EPHEMERAL_RSA
-Always use ephemeral (temporary) RSA key when doing RSA operations
-(see L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>).
-According to the specifications this is only done, when a RSA key
-can only be used for signature operations (namely under export ciphers
-with restricted RSA keylength). By setting this option, ephemeral
-RSA keys are always used. This option breaks compatibility with the
-SSL/TLS specifications and may lead to interoperability problems with
-clients and should therefore never be used. Ciphers with EDH (ephemeral
-Diffie-Hellman) key exchange should be used instead.
+This option is no longer implemented and is treated as no op.
=item SSL_OP_CIPHER_SERVER_PREFERENCE
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
index 534643c..8794eb7 100644
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
+++ b/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
@@ -74,21 +74,14 @@ exchange and use EDH (Ephemeral Diffie-Hellman) key exchange instead
in order to achieve forward secrecy (see
L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
-On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default
-and must be explicitly enabled using the SSL_OP_EPHEMERAL_RSA option of
-L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, violating the TLS/SSL
-standard. When ephemeral RSA key exchange is required for export ciphers,
-it will automatically be used without this option!
-
-An application may either directly specify the key or can supply the key via
-a callback function. The callback approach has the advantage, that the
-callback may generate the key only in case it is actually needed. As the
-generation of a RSA key is however costly, it will lead to a significant
-delay in the handshake procedure. Another advantage of the callback function
-is that it can supply keys of different size (e.g. for SSL_OP_EPHEMERAL_RSA
-usage) while the explicit setting of the key is only useful for key size of
-512 bits to satisfy the export restricted ciphers and does give away key length
-if a longer key would be allowed.
+An application may either directly specify the key or can supply the key via a
+callback function. The callback approach has the advantage, that the callback
+may generate the key only in case it is actually needed. As the generation of a
+RSA key is however costly, it will lead to a significant delay in the handshake
+procedure. Another advantage of the callback function is that it can supply
+keys of different size while the explicit setting of the key is only useful for
+key size of 512 bits to satisfy the export restricted ciphers and does give
+away key length if a longer key would be allowed.
The B<tmp_rsa_callback> is called with the B<keylength> needed and
the B<is_export> information. The B<is_export> flag is set, when the
diff --git a/crypto/openssl/e_os.h b/crypto/openssl/e_os.h
index 733155e..832272e 100644
--- a/crypto/openssl/e_os.h
+++ b/crypto/openssl/e_os.h
@@ -290,7 +290,7 @@ extern "C" {
# ifdef _WIN64
# define strlen(s) _strlen31(s)
/* cut strings to 2GB */
-static unsigned int _strlen31(const char *str)
+static __inline unsigned int _strlen31(const char *str)
{
unsigned int len=0;
while (*str && len<0x80000000U) str++, len++;
@@ -375,15 +375,6 @@ static unsigned int _strlen31(const char *str)
# define check_winnt() (GetVersion() < 0x80000000)
#endif
-/*
- * Visual Studio: inline is available in C++ only, however
- * __inline is available for C, see
- * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx
- */
-#if defined(_MSC_VER) && !defined(__cplusplus) && !defined(inline)
-# define inline __inline
-#endif
-
#else /* The non-microsoft world */
# ifdef OPENSSL_SYS_VMS
@@ -741,6 +732,22 @@ struct servent *getservbyname(const char *name, const char *proto);
#include <OS.h>
#endif
+#if !defined(inline) && !defined(__cplusplus)
+# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L
+ /* do nothing, inline works */
+# elif defined(__GNUC__) && __GNUC__>=2
+# define inline __inline__
+# elif defined(_MSC_VER)
+ /*
+ * Visual Studio: inline is available in C++ only, however
+ * __inline is available for C, see
+ * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx
+ */
+# define inline __inline
+# else
+# define inline
+# endif
+#endif
#ifdef __cplusplus
}
diff --git a/crypto/openssl/engines/e_padlock.c b/crypto/openssl/engines/e_padlock.c
index 9f7a85a..5d252f6 100644
--- a/crypto/openssl/engines/e_padlock.c
+++ b/crypto/openssl/engines/e_padlock.c
@@ -384,6 +384,7 @@ padlock_available(void)
}
#ifndef OPENSSL_NO_AES
+#ifndef AES_ASM
/* Our own htonl()/ntohl() */
static inline void
padlock_bswapl(AES_KEY *ks)
@@ -397,6 +398,7 @@ padlock_bswapl(AES_KEY *ks)
}
}
#endif
+#endif
/* Force key reload from memory to the CPU microcode.
Loading EFLAGS from the stack clears EFLAGS[30]
diff --git a/crypto/openssl/ssl/d1_both.c b/crypto/openssl/ssl/d1_both.c
index 2e4250f..1b9d64b 100644
--- a/crypto/openssl/ssl/d1_both.c
+++ b/crypto/openssl/ssl/d1_both.c
@@ -156,9 +156,8 @@ static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe
static unsigned char bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
/* XDTLS: figure out the right values */
-static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
+static const unsigned int g_probable_mtu[] = {1500, 512, 256};
-static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
unsigned long frag_len);
static unsigned char *dtls1_write_message_header(SSL *s,
@@ -211,8 +210,7 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
return frag;
}
-static void
-dtls1_hm_fragment_free(hm_fragment *frag)
+void dtls1_hm_fragment_free(hm_fragment *frag)
{
if (frag->msg_header.is_ccs)
@@ -225,53 +223,50 @@ dtls1_hm_fragment_free(hm_fragment *frag)
OPENSSL_free(frag);
}
-/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
-int dtls1_do_write(SSL *s, int type)
- {
- int ret;
- int curr_mtu;
- unsigned int len, frag_off, mac_size, blocksize;
+static int dtls1_query_mtu(SSL *s)
+{
+ if(s->d1->link_mtu)
+ {
+ s->d1->mtu = s->d1->link_mtu-BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
+ s->d1->link_mtu = 0;
+ }
/* AHA! Figure out the MTU, and stick to the right size */
- if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
+ if (s->d1->mtu < dtls1_min_mtu(s))
{
- s->d1->mtu =
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
-
- /* I've seen the kernel return bogus numbers when it doesn't know
- * (initial write), so just make sure we have a reasonable number */
- if (s->d1->mtu < dtls1_min_mtu())
+ if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
{
- s->d1->mtu = 0;
- s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
- s->d1->mtu, NULL);
+ s->d1->mtu =
+ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+
+ /* I've seen the kernel return bogus numbers when it doesn't know
+ * (initial write), so just make sure we have a reasonable number */
+ if (s->d1->mtu < dtls1_min_mtu(s))
+ {
+ /* Set to min mtu */
+ s->d1->mtu = dtls1_min_mtu(s);
+ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
+ s->d1->mtu, NULL);
+ }
}
+ else
+ return 0;
}
-#if 0
- mtu = s->d1->mtu;
-
- fprintf(stderr, "using MTU = %d\n", mtu);
-
- mtu -= (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
-
- curr_mtu = mtu - BIO_wpending(SSL_get_wbio(s));
+ return 1;
+}
- if ( curr_mtu > 0)
- mtu = curr_mtu;
- else if ( ( ret = BIO_flush(SSL_get_wbio(s))) <= 0)
- return ret;
+/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
+int dtls1_do_write(SSL *s, int type)
+ {
+ int ret;
+ unsigned int curr_mtu;
+ int retry = 1;
+ unsigned int len, frag_off, mac_size, blocksize, used_len;
- if ( BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu)
- {
- ret = BIO_flush(SSL_get_wbio(s));
- if ( ret <= 0)
- return ret;
- mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
- }
-#endif
+ if(!dtls1_query_mtu(s))
+ return -1;
- OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); /* should have something reasonable now */
+ OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu(s)); /* should have something reasonable now */
if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
OPENSSL_assert(s->init_num ==
@@ -289,10 +284,15 @@ int dtls1_do_write(SSL *s, int type)
blocksize = 0;
frag_off = 0;
- while( s->init_num)
+ /* s->init_num shouldn't ever be < 0...but just in case */
+ while(s->init_num > 0)
{
- curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
- DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
+ used_len = BIO_wpending(SSL_get_wbio(s)) + DTLS1_RT_HEADER_LENGTH
+ + mac_size + blocksize;
+ if(s->d1->mtu > used_len)
+ curr_mtu = s->d1->mtu - used_len;
+ else
+ curr_mtu = 0;
if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH)
{
@@ -300,15 +300,27 @@ int dtls1_do_write(SSL *s, int type)
ret = BIO_flush(SSL_get_wbio(s));
if ( ret <= 0)
return ret;
- curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
- mac_size - blocksize;
+ used_len = DTLS1_RT_HEADER_LENGTH + mac_size + blocksize;
+ if(s->d1->mtu > used_len + DTLS1_HM_HEADER_LENGTH)
+ {
+ curr_mtu = s->d1->mtu - used_len;
+ }
+ else
+ {
+ /* Shouldn't happen */
+ return -1;
+ }
}
- if ( s->init_num > curr_mtu)
+ /* We just checked that s->init_num > 0 so this cast should be safe */
+ if (((unsigned int)s->init_num) > curr_mtu)
len = curr_mtu;
else
len = s->init_num;
+ /* Shouldn't ever happen */
+ if(len > INT_MAX)
+ len = INT_MAX;
/* XDTLS: this function is too long. split out the CCS part */
if ( type == SSL3_RT_HANDSHAKE)
@@ -319,18 +331,29 @@ int dtls1_do_write(SSL *s, int type)
s->init_off -= DTLS1_HM_HEADER_LENGTH;
s->init_num += DTLS1_HM_HEADER_LENGTH;
- if ( s->init_num > curr_mtu)
+ /* We just checked that s->init_num > 0 so this cast should be safe */
+ if (((unsigned int)s->init_num) > curr_mtu)
len = curr_mtu;
else
len = s->init_num;
}
+ /* Shouldn't ever happen */
+ if(len > INT_MAX)
+ len = INT_MAX;
+
+ if ( len < DTLS1_HM_HEADER_LENGTH )
+ {
+ /*
+ * len is so small that we really can't do anything sensible
+ * so fail
+ */
+ return -1;
+ }
dtls1_fix_message_header(s, frag_off,
len - DTLS1_HM_HEADER_LENGTH);
dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]);
-
- OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
}
ret=dtls1_write_bytes(s,type,&s->init_buf->data[s->init_off],
@@ -343,12 +366,23 @@ int dtls1_do_write(SSL *s, int type)
* is fine and wait for an alert to handle the
* retransmit
*/
- if ( BIO_ctrl(SSL_get_wbio(s),
+ if ( retry && BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 )
- s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
- BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+ {
+ if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
+ {
+ if(!dtls1_query_mtu(s))
+ return -1;
+ /* Have one more go */
+ retry = 0;
+ }
+ else
+ return -1;
+ }
else
+ {
return(-1);
+ }
}
else
{
@@ -1412,28 +1446,20 @@ dtls1_write_message_header(SSL *s, unsigned char *p)
return p;
}
-unsigned int
-dtls1_min_mtu(void)
+unsigned int
+dtls1_link_min_mtu(void)
{
return (g_probable_mtu[(sizeof(g_probable_mtu) /
sizeof(g_probable_mtu[0])) - 1]);
}
-static unsigned int
-dtls1_guess_mtu(unsigned int curr_mtu)
+unsigned int
+dtls1_min_mtu(SSL *s)
{
- unsigned int i;
-
- if ( curr_mtu == 0 )
- return g_probable_mtu[0] ;
-
- for ( i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++)
- if ( curr_mtu > g_probable_mtu[i])
- return g_probable_mtu[i];
-
- return curr_mtu;
+ return dtls1_link_min_mtu()-BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
}
+
void
dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
{
diff --git a/crypto/openssl/ssl/d1_clnt.c b/crypto/openssl/ssl/d1_clnt.c
index fd6562c..9045fb9 100644
--- a/crypto/openssl/ssl/d1_clnt.c
+++ b/crypto/openssl/ssl/d1_clnt.c
@@ -249,6 +249,9 @@ int dtls1_connect(SSL *s)
memset(s->s3->client_random,0,sizeof(s->s3->client_random));
s->d1->send_cookie = 0;
s->hit = 0;
+ s->d1->change_cipher_spec_ok = 0;
+ /* Should have been reset by ssl3_get_finished, too. */
+ s->s3->change_cipher_spec = 0;
break;
#ifndef OPENSSL_NO_SCTP
@@ -370,20 +373,6 @@ int dtls1_connect(SSL *s)
case SSL3_ST_CR_CERT_A:
case SSL3_ST_CR_CERT_B:
-#ifndef OPENSSL_NO_TLSEXT
- ret=ssl3_check_finished(s);
- if (ret <= 0) goto end;
- if (ret == 2)
- {
- s->hit = 1;
- if (s->tlsext_ticket_expected)
- s->state=SSL3_ST_CR_SESSION_TICKET_A;
- else
- s->state=SSL3_ST_CR_FINISHED_A;
- s->init_num=0;
- break;
- }
-#endif
/* Check if it is anon DH or PSK */
if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
!(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
@@ -506,7 +495,6 @@ int dtls1_connect(SSL *s)
else
#endif
s->state=SSL3_ST_CW_CHANGE_A;
- s->s3->change_cipher_spec=0;
}
s->init_num=0;
@@ -527,7 +515,6 @@ int dtls1_connect(SSL *s)
#endif
s->state=SSL3_ST_CW_CHANGE_A;
s->init_num=0;
- s->s3->change_cipher_spec=0;
break;
case SSL3_ST_CW_CHANGE_A:
@@ -1730,6 +1717,12 @@ int dtls1_send_client_certificate(SSL *s)
s->state=SSL3_ST_CW_CERT_D;
l=dtls1_output_cert_chain(s,
(s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
+ if (!l)
+ {
+ SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
+ return 0;
+ }
s->init_num=(int)l;
s->init_off=0;
diff --git a/crypto/openssl/ssl/d1_enc.c b/crypto/openssl/ssl/d1_enc.c
index 712c464..3da2b4c 100644
--- a/crypto/openssl/ssl/d1_enc.c
+++ b/crypto/openssl/ssl/d1_enc.c
@@ -241,7 +241,8 @@ int dtls1_enc(SSL *s, int send)
return 0;
}
- EVP_Cipher(ds,rec->data,rec->input,l);
+ if(EVP_Cipher(ds,rec->data,rec->input,l) < 1)
+ return -1;
#ifdef KSSL_DEBUG
{
diff --git a/crypto/openssl/ssl/d1_lib.c b/crypto/openssl/ssl/d1_lib.c
index 82ca653..14337b31 100644
--- a/crypto/openssl/ssl/d1_lib.c
+++ b/crypto/openssl/ssl/d1_lib.c
@@ -113,6 +113,9 @@ int dtls1_new(SSL *s)
d1->cookie_len = sizeof(s->d1->cookie);
}
+ d1->link_mtu = 0;
+ d1->mtu = 0;
+
if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q
|| ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q)
{
@@ -161,16 +164,14 @@ static void dtls1_clear_queues(SSL *s)
while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
{
frag = (hm_fragment *)item->data;
- OPENSSL_free(frag->fragment);
- OPENSSL_free(frag);
+ dtls1_hm_fragment_free(frag);
pitem_free(item);
}
while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
{
frag = (hm_fragment *)item->data;
- OPENSSL_free(frag->fragment);
- OPENSSL_free(frag);
+ dtls1_hm_fragment_free(frag);
pitem_free(item);
}
@@ -210,6 +211,7 @@ void dtls1_clear(SSL *s)
pqueue sent_messages;
pqueue buffered_app_data;
unsigned int mtu;
+ unsigned int link_mtu;
if (s->d1)
{
@@ -219,6 +221,7 @@ void dtls1_clear(SSL *s)
sent_messages = s->d1->sent_messages;
buffered_app_data = s->d1->buffered_app_data.q;
mtu = s->d1->mtu;
+ link_mtu = s->d1->link_mtu;
dtls1_clear_queues(s);
@@ -232,6 +235,7 @@ void dtls1_clear(SSL *s)
if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)
{
s->d1->mtu = mtu;
+ s->d1->link_mtu = link_mtu;
}
s->d1->unprocessed_rcds.q = unprocessed_rcds;
@@ -276,7 +280,22 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
/* Just one protocol version is supported so far;
* fail closed if the version is not as expected. */
return s->version == DTLS_MAX_VERSION;
-
+ case DTLS_CTRL_SET_LINK_MTU:
+ if (larg < (long)dtls1_link_min_mtu())
+ return 0;
+ s->d1->link_mtu = larg;
+ return 1;
+ case DTLS_CTRL_GET_LINK_MIN_MTU:
+ return (long)dtls1_link_min_mtu();
+ case SSL_CTRL_SET_MTU:
+ /*
+ * We may not have a BIO set yet so can't call dtls1_min_mtu()
+ * We'll have to make do with dtls1_link_min_mtu() and max overhead
+ */
+ if (larg < (long)dtls1_link_min_mtu() - DTLS1_MAX_MTU_OVERHEAD)
+ return 0;
+ s->d1->mtu = larg;
+ return larg;
default:
ret = ssl3_ctrl(s, cmd, larg, parg);
break;
@@ -415,12 +434,17 @@ void dtls1_stop_timer(SSL *s)
int dtls1_check_timeout_num(SSL *s)
{
+ unsigned int mtu;
+
s->d1->timeout.num_alerts++;
/* Reduce MTU after 2 unsuccessful retransmissions */
- if (s->d1->timeout.num_alerts > 2)
+ if (s->d1->timeout.num_alerts > 2
+ && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
{
- s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
+ mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
+ if(mtu < s->d1->mtu)
+ s->d1->mtu = mtu;
}
if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
diff --git a/crypto/openssl/ssl/d1_pkt.c b/crypto/openssl/ssl/d1_pkt.c
index 438c091..0059fe2 100644
--- a/crypto/openssl/ssl/d1_pkt.c
+++ b/crypto/openssl/ssl/d1_pkt.c
@@ -212,7 +212,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
/* Limit the size of the queue to prevent DOS attacks */
if (pqueue_size(queue->q) >= 100)
return 0;
-
+
rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
item = pitem_new(priority, rdata);
if (rdata == NULL || item == NULL)
@@ -247,18 +247,22 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
if (!ssl3_setup_buffers(s))
{
SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+ if (rdata->rbuf.buf != NULL)
+ OPENSSL_free(rdata->rbuf.buf);
OPENSSL_free(rdata);
pitem_free(item);
- return(0);
+ return(-1);
}
/* insert should not fail, since duplicates are dropped */
if (pqueue_insert(queue->q, item) == NULL)
{
SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+ if (rdata->rbuf.buf != NULL)
+ OPENSSL_free(rdata->rbuf.buf);
OPENSSL_free(rdata);
pitem_free(item);
- return(0);
+ return(-1);
}
return(1);
@@ -314,8 +318,9 @@ dtls1_process_buffered_records(SSL *s)
dtls1_get_unprocessed_record(s);
if ( ! dtls1_process_record(s))
return(0);
- dtls1_buffer_record(s, &(s->d1->processed_rcds),
- s->s3->rrec.seq_num);
+ if(dtls1_buffer_record(s, &(s->d1->processed_rcds),
+ s->s3->rrec.seq_num)<0)
+ return -1;
}
}
@@ -530,7 +535,6 @@ printf("\n");
/* we have pulled in a full packet so zero things */
s->packet_length=0;
- dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
return(1);
f_err:
@@ -563,7 +567,8 @@ int dtls1_get_record(SSL *s)
/* The epoch may have changed. If so, process all the
* pending records. This is a non-blocking operation. */
- dtls1_process_buffered_records(s);
+ if(dtls1_process_buffered_records(s)<0)
+ return -1;
/* if we're renegotiating, then there may be buffered records */
if (dtls1_get_processed_record(s))
@@ -642,8 +647,6 @@ again:
/* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
i=rr->length;
n=ssl3_read_n(s,i,i,1);
- if (n <= 0) return(n); /* error or non-blocking io */
-
/* this packet contained a partial record, dump it */
if ( n != i)
{
@@ -678,7 +681,8 @@ again:
* would be dropped unnecessarily.
*/
if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
- *p == SSL3_MT_CLIENT_HELLO) &&
+ s->packet_length > DTLS1_RT_HEADER_LENGTH &&
+ s->packet[DTLS1_RT_HEADER_LENGTH] == SSL3_MT_CLIENT_HELLO) &&
!dtls1_record_replay_check(s, bitmap))
{
rr->length = 0;
@@ -701,7 +705,9 @@ again:
{
if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
{
- dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
+ if(dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num)<0)
+ return -1;
+ dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */
}
rr->length = 0;
s->packet_length = 0;
@@ -714,6 +720,7 @@ again:
s->packet_length = 0; /* dump this record */
goto again; /* get another record */
}
+ dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */
return(1);
@@ -865,7 +872,11 @@ start:
* buffer the application data for later processing rather
* than dropping the connection.
*/
- dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num);
+ if(dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num)<0)
+ {
+ SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
rr->length = 0;
goto start;
}
@@ -1619,7 +1630,7 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
wr->length += bs;
}
- s->method->ssl3_enc->enc(s,1);
+ if(s->method->ssl3_enc->enc(s,1) < 1) goto err;
/* record length after mac and block padding */
/* if (type == SSL3_RT_APPLICATION_DATA ||
diff --git a/crypto/openssl/ssl/d1_srvr.c b/crypto/openssl/ssl/d1_srvr.c
index 4b8ba3e..da4c21e 100644
--- a/crypto/openssl/ssl/d1_srvr.c
+++ b/crypto/openssl/ssl/d1_srvr.c
@@ -233,6 +233,7 @@ int dtls1_accept(SSL *s)
}
if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
{
+ BUF_MEM_free(buf);
ret= -1;
goto end;
}
@@ -246,6 +247,9 @@ int dtls1_accept(SSL *s)
}
s->init_num=0;
+ s->d1->change_cipher_spec_ok = 0;
+ /* Should have been reset by ssl3_get_finished, too. */
+ s->s3->change_cipher_spec = 0;
if (s->state != SSL_ST_RENEGOTIATE)
{
@@ -450,24 +454,15 @@ int dtls1_accept(SSL *s)
case SSL3_ST_SW_KEY_EXCH_B:
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
- /* clear this, it may get reset by
- * send_server_key_exchange */
- if ((s->options & SSL_OP_EPHEMERAL_RSA)
-#ifndef OPENSSL_NO_KRB5
- && !(alg_k & SSL_kKRB5)
-#endif /* OPENSSL_NO_KRB5 */
- )
- /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
- * even when forbidden by protocol specs
- * (handshake may fail as clients are not required to
- * be able to handle this) */
- s->s3->tmp.use_rsa_tmp=1;
- else
- s->s3->tmp.use_rsa_tmp=0;
+ /*
+ * clear this, it may get reset by
+ * send_server_key_exchange
+ */
+ s->s3->tmp.use_rsa_tmp=0;
/* only send if a DH key exchange or
* RSA but we have a sign only certificate */
- if (s->s3->tmp.use_rsa_tmp
+ if (0
/* PSK: send ServerKeyExchange if PSK identity
* hint if provided */
#ifndef OPENSSL_NO_PSK
@@ -658,8 +653,14 @@ int dtls1_accept(SSL *s)
case SSL3_ST_SR_CERT_VRFY_A:
case SSL3_ST_SR_CERT_VRFY_B:
-
- s->d1->change_cipher_spec_ok = 1;
+ /*
+ * This *should* be the first time we enable CCS, but be
+ * extra careful about surrounding code changes. We need
+ * to set this here because we don't know if we're
+ * expecting a CertificateVerify or not.
+ */
+ if (!s->s3->change_cipher_spec)
+ s->d1->change_cipher_spec_ok = 1;
/* we should decide if we expected this one */
ret=ssl3_get_cert_verify(s);
if (ret <= 0) goto end;
@@ -675,7 +676,18 @@ int dtls1_accept(SSL *s)
case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_SR_FINISHED_B:
- s->d1->change_cipher_spec_ok = 1;
+ /*
+ * Enable CCS for resumed handshakes.
+ * In a full handshake, we end up here through
+ * SSL3_ST_SR_CERT_VRFY_B, so change_cipher_spec_ok was
+ * already set. Receiving a CCS clears the flag, so make
+ * sure not to re-enable it to ban duplicates.
+ * s->s3->change_cipher_spec is set when a CCS is
+ * processed in d1_pkt.c, and remains set until
+ * the client's Finished message is read.
+ */
+ if (!s->s3->change_cipher_spec)
+ s->d1->change_cipher_spec_ok = 1;
ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
SSL3_ST_SR_FINISHED_B);
if (ret <= 0) goto end;
@@ -1604,6 +1616,11 @@ int dtls1_send_server_certificate(SSL *s)
}
l=dtls1_output_cert_chain(s,x);
+ if (!l)
+ {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
+ return(0);
+ }
s->state=SSL3_ST_SW_CERT_B;
s->init_num=(int)l;
s->init_off=0;
diff --git a/crypto/openssl/ssl/dtls1.h b/crypto/openssl/ssl/dtls1.h
index 192c5de..33857526 100644
--- a/crypto/openssl/ssl/dtls1.h
+++ b/crypto/openssl/ssl/dtls1.h
@@ -117,6 +117,9 @@ extern "C" {
#define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP"
#endif
+/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */
+#define DTLS1_MAX_MTU_OVERHEAD 48
+
typedef struct dtls1_bitmap_st
{
unsigned long map; /* track 32 packets on 32-bit systems
@@ -231,6 +234,7 @@ typedef struct dtls1_state_st
/* Is set when listening for new connections with dtls1_listen() */
unsigned int listen;
+ unsigned int link_mtu; /* max on-the-wire DTLS packet size */
unsigned int mtu; /* max DTLS packet size */
struct hm_header_st w_msg_hdr;
@@ -252,6 +256,10 @@ typedef struct dtls1_state_st
unsigned int handshake_fragment_len;
unsigned int retransmitting;
+ /*
+ * Set when the handshake is ready to process peer's ChangeCipherSpec message.
+ * Cleared after the message has been processed.
+ */
unsigned int change_cipher_spec_ok;
#ifndef OPENSSL_NO_SCTP
diff --git a/crypto/openssl/ssl/kssl.c b/crypto/openssl/ssl/kssl.c
index fd7c67b..950a0c5 100644
--- a/crypto/openssl/ssl/kssl.c
+++ b/crypto/openssl/ssl/kssl.c
@@ -954,15 +954,15 @@ print_krb5_data(char *label, krb5_data *kdata)
{
int i;
- printf("%s[%d] ", label, kdata->length);
+ fprintf(stderr,"%s[%d] ", label, kdata->length);
for (i=0; i < (int)kdata->length; i++)
{
if (0 && isprint((int) kdata->data[i]))
- printf( "%c ", kdata->data[i]);
+ fprintf(stderr, "%c ", kdata->data[i]);
else
- printf( "%02x ", (unsigned char) kdata->data[i]);
+ fprintf(stderr, "%02x ", (unsigned char) kdata->data[i]);
}
- printf("\n");
+ fprintf(stderr,"\n");
}
@@ -973,20 +973,20 @@ print_krb5_authdata(char *label, krb5_authdata **adata)
{
if (adata == NULL)
{
- printf("%s, authdata==0\n", label);
+ fprintf(stderr,"%s, authdata==0\n", label);
return;
}
- printf("%s [%p]\n", label, (void *)adata);
+ fprintf(stderr,"%s [%p]\n", label, (void *)adata);
#if 0
{
int i;
- printf("%s[at%d:%d] ", label, adata->ad_type, adata->length);
+ fprintf(stderr,"%s[at%d:%d] ", label, adata->ad_type, adata->length);
for (i=0; i < adata->length; i++)
{
- printf((isprint(adata->contents[i]))? "%c ": "%02x",
+ fprintf(stderr,(isprint(adata->contents[i]))? "%c ": "%02x",
adata->contents[i]);
}
- printf("\n");
+ fprintf(stderr,"\n");
}
#endif
}
@@ -1001,24 +1001,24 @@ print_krb5_keyblock(char *label, krb5_keyblock *keyblk)
if (keyblk == NULL)
{
- printf("%s, keyblk==0\n", label);
+ fprintf(stderr,"%s, keyblk==0\n", label);
return;
}
#ifdef KRB5_HEIMDAL
- printf("%s\n\t[et%d:%d]: ", label, keyblk->keytype,
+ fprintf(stderr,"%s\n\t[et%d:%d]: ", label, keyblk->keytype,
keyblk->keyvalue->length);
for (i=0; i < (int)keyblk->keyvalue->length; i++)
{
- printf("%02x",(unsigned char *)(keyblk->keyvalue->contents)[i]);
+ fprintf(stderr,"%02x",(unsigned char *)(keyblk->keyvalue->contents)[i]);
}
- printf("\n");
+ fprintf(stderr,"\n");
#else
- printf("%s\n\t[et%d:%d]: ", label, keyblk->enctype, keyblk->length);
+ fprintf(stderr,"%s\n\t[et%d:%d]: ", label, keyblk->enctype, keyblk->length);
for (i=0; i < (int)keyblk->length; i++)
{
- printf("%02x",keyblk->contents[i]);
+ fprintf(stderr,"%02x",keyblk->contents[i]);
}
- printf("\n");
+ fprintf(stderr,"\n");
#endif
}
@@ -1031,17 +1031,17 @@ print_krb5_princ(char *label, krb5_principal_data *princ)
{
int i, ui, uj;
- printf("%s principal Realm: ", label);
+ fprintf(stderr,"%s principal Realm: ", label);
if (princ == NULL) return;
for (ui=0; ui < (int)princ->realm.length; ui++) putchar(princ->realm.data[ui]);
- printf(" (nametype %d) has %d strings:\n", princ->type,princ->length);
+ fprintf(stderr," (nametype %d) has %d strings:\n", princ->type,princ->length);
for (i=0; i < (int)princ->length; i++)
{
- printf("\t%d [%d]: ", i, princ->data[i].length);
+ fprintf(stderr,"\t%d [%d]: ", i, princ->data[i].length);
for (uj=0; uj < (int)princ->data[i].length; uj++) {
putchar(princ->data[i].data[uj]);
}
- printf("\n");
+ fprintf(stderr,"\n");
}
return;
}
@@ -1332,7 +1332,7 @@ kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
}
#ifdef KSSL_DEBUG
- printf("in kssl_sget_tkt(%s)\n", kstring(kssl_ctx->service_name));
+ fprintf(stderr,"in kssl_sget_tkt(%s)\n", kstring(kssl_ctx->service_name));
#endif /* KSSL_DEBUG */
if (!krb5context && (krb5rc = krb5_init_context(&krb5context)))
@@ -1481,18 +1481,18 @@ kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
#ifdef KSSL_DEBUG
{
int i; krb5_address **paddr = krb5ticket->enc_part2->caddrs;
- printf("Decrypted ticket fields:\n");
- printf("\tflags: %X, transit-type: %X",
+ fprintf(stderr,"Decrypted ticket fields:\n");
+ fprintf(stderr,"\tflags: %X, transit-type: %X",
krb5ticket->enc_part2->flags,
krb5ticket->enc_part2->transited.tr_type);
print_krb5_data("\ttransit-data: ",
&(krb5ticket->enc_part2->transited.tr_contents));
- printf("\tcaddrs: %p, authdata: %p\n",
+ fprintf(stderr,"\tcaddrs: %p, authdata: %p\n",
krb5ticket->enc_part2->caddrs,
krb5ticket->enc_part2->authorization_data);
if (paddr)
{
- printf("\tcaddrs:\n");
+ fprintf(stderr,"\tcaddrs:\n");
for (i=0; paddr[i] != NULL; i++)
{
krb5_data d;
@@ -1501,7 +1501,7 @@ kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
print_krb5_data("\t\tIP: ", &d);
}
}
- printf("\tstart/auth/end times: %d / %d / %d\n",
+ fprintf(stderr,"\tstart/auth/end times: %d / %d / %d\n",
krb5ticket->enc_part2->times.starttime,
krb5ticket->enc_part2->times.authtime,
krb5ticket->enc_part2->times.endtime);
@@ -1976,7 +1976,7 @@ krb5_error_code kssl_validate_times( krb5_timestamp atime,
if ((now - ttimes->endtime) > skew) return SSL_R_KRB5_S_TKT_EXPIRED;
#ifdef KSSL_DEBUG
- printf("kssl_validate_times: %d |<- | %d - %d | < %d ->| %d\n",
+ fprintf(stderr,"kssl_validate_times: %d |<- | %d - %d | < %d ->| %d\n",
start, atime, now, skew, ttimes->endtime);
#endif /* KSSL_DEBUG */
@@ -2027,10 +2027,10 @@ krb5_error_code kssl_check_authent(
#ifdef KSSL_DEBUG
{
unsigned int ui;
- printf("kssl_check_authent: authenticator[%d]:\n",authentp->length);
+ fprintf(stderr,"kssl_check_authent: authenticator[%d]:\n",authentp->length);
p = authentp->data;
- for (ui=0; ui < authentp->length; ui++) printf("%02x ",p[ui]);
- printf("\n");
+ for (ui=0; ui < authentp->length; ui++) fprintf(stderr,"%02x ",p[ui]);
+ fprintf(stderr,"\n");
}
#endif /* KSSL_DEBUG */
@@ -2095,9 +2095,9 @@ krb5_error_code kssl_check_authent(
#ifdef KSSL_DEBUG
{
int padl;
- printf("kssl_check_authent: decrypted authenticator[%d] =\n", outl);
- for (padl=0; padl < outl; padl++) printf("%02x ",unenc_authent[padl]);
- printf("\n");
+ fprintf(stderr,"kssl_check_authent: decrypted authenticator[%d] =\n", outl);
+ for (padl=0; padl < outl; padl++) fprintf(stderr,"%02x ",unenc_authent[padl]);
+ fprintf(stderr,"\n");
}
#endif /* KSSL_DEBUG */
@@ -2132,10 +2132,10 @@ krb5_error_code kssl_check_authent(
}
#ifdef KSSL_DEBUG
- printf("kssl_check_authent: returns %d for client time ", *atimep);
+ fprintf(stderr,"kssl_check_authent: returns %d for client time ", *atimep);
if (auth && auth->ctime && auth->ctime->length && auth->ctime->data)
- printf("%.*s\n", auth->ctime->length, auth->ctime->data);
- else printf("NULL\n");
+ fprintf(stderr,"%.*s\n", auth->ctime->length, auth->ctime->data);
+ else fprintf(stderr,"NULL\n");
#endif /* KSSL_DEBUG */
err:
diff --git a/crypto/openssl/ssl/s23_srvr.c b/crypto/openssl/ssl/s23_srvr.c
index 93ca7d5..3178815 100644
--- a/crypto/openssl/ssl/s23_srvr.c
+++ b/crypto/openssl/ssl/s23_srvr.c
@@ -192,6 +192,7 @@ int ssl23_accept(SSL *s)
}
if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
{
+ BUF_MEM_free(buf);
ret= -1;
goto end;
}
@@ -602,12 +603,14 @@ int ssl23_get_client_hello(SSL *s)
if ((type == 2) || (type == 3))
{
/* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
- s->method = ssl23_get_server_method(s->version);
- if (s->method == NULL)
+ const SSL_METHOD *new_method;
+ new_method = ssl23_get_server_method(s->version);
+ if (new_method == NULL)
{
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
goto err;
}
+ s->method = new_method;
if (!ssl_init_wbio_buffer(s,1)) goto err;
diff --git a/crypto/openssl/ssl/s2_enc.c b/crypto/openssl/ssl/s2_enc.c
index ff3395f..a35968f 100644
--- a/crypto/openssl/ssl/s2_enc.c
+++ b/crypto/openssl/ssl/s2_enc.c
@@ -117,8 +117,9 @@ err:
/* read/writes from s->s2->mac_data using length for encrypt and
* decrypt. It sets s->s2->padding and s->[rw]length
- * if we are encrypting */
-void ssl2_enc(SSL *s, int send)
+ * if we are encrypting
+ * Returns 0 on error and 1 on success */
+int ssl2_enc(SSL *s, int send)
{
EVP_CIPHER_CTX *ds;
unsigned long l;
@@ -136,7 +137,7 @@ void ssl2_enc(SSL *s, int send)
}
/* check for NULL cipher */
- if (ds == NULL) return;
+ if (ds == NULL) return 1;
bs=ds->cipher->block_size;
@@ -145,7 +146,10 @@ void ssl2_enc(SSL *s, int send)
if (bs == 8)
l=(l+7)/8*8;
- EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l);
+ if(EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l) < 1)
+ return 0;
+
+ return 1;
}
void ssl2_mac(SSL *s, unsigned char *md, int send)
diff --git a/crypto/openssl/ssl/s2_pkt.c b/crypto/openssl/ssl/s2_pkt.c
index 8bb6ab8..acd61dc 100644
--- a/crypto/openssl/ssl/s2_pkt.c
+++ b/crypto/openssl/ssl/s2_pkt.c
@@ -265,7 +265,11 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
if ((!s->s2->clear_text) &&
(s->s2->rlength >= (unsigned int)mac_size))
{
- ssl2_enc(s,0);
+ if(!ssl2_enc(s,0))
+ {
+ SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_DECRYPTION_FAILED);
+ return(-1);
+ }
s->s2->ract_data_length-=mac_size;
ssl2_mac(s,mac,0);
s->s2->ract_data_length-=s->s2->padding;
@@ -616,7 +620,8 @@ static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
s->s2->wact_data_length=len+p;
ssl2_mac(s,s->s2->mac_data,1);
s->s2->wlength+=p+mac_size;
- ssl2_enc(s,1);
+ if(ssl2_enc(s,1) < 1)
+ return -1;
}
/* package up the header */
diff --git a/crypto/openssl/ssl/s2_srvr.c b/crypto/openssl/ssl/s2_srvr.c
index 2cba426..59ced3f 100644
--- a/crypto/openssl/ssl/s2_srvr.c
+++ b/crypto/openssl/ssl/s2_srvr.c
@@ -188,13 +188,21 @@ int ssl2_accept(SSL *s)
s->version=SSL2_VERSION;
s->type=SSL_ST_ACCEPT;
- buf=s->init_buf;
- if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL))
- { ret= -1; goto end; }
- if (!BUF_MEM_grow(buf,(int)
- SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
- { ret= -1; goto end; }
- s->init_buf=buf;
+ if(s->init_buf == NULL)
+ {
+ if ((buf=BUF_MEM_new()) == NULL)
+ {
+ ret= -1;
+ goto end;
+ }
+ if (!BUF_MEM_grow(buf,(int) SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
+ {
+ BUF_MEM_free(buf);
+ ret= -1;
+ goto end;
+ }
+ s->init_buf=buf;
+ }
s->init_num=0;
s->ctx->stats.sess_accept++;
s->handshake_func=ssl2_accept;
diff --git a/crypto/openssl/ssl/s3_both.c b/crypto/openssl/ssl/s3_both.c
index 53b9390..3581fbf 100644
--- a/crypto/openssl/ssl/s3_both.c
+++ b/crypto/openssl/ssl/s3_both.c
@@ -439,6 +439,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
goto f_err;
}
*ok=1;
+ s->state = stn;
s->init_msg = s->init_buf->data + 4;
s->init_num = (int)s->s3->tmp.message_size;
return s->init_num;
diff --git a/crypto/openssl/ssl/s3_clnt.c b/crypto/openssl/ssl/s3_clnt.c
index 263e634..7692716 100644
--- a/crypto/openssl/ssl/s3_clnt.c
+++ b/crypto/openssl/ssl/s3_clnt.c
@@ -167,9 +167,9 @@
#include <openssl/engine.h>
#endif
-static const SSL_METHOD *ssl3_get_client_method(int ver);
static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
+#ifndef OPENSSL_NO_SSL3_METHOD
static const SSL_METHOD *ssl3_get_client_method(int ver)
{
if (ver == SSL3_VERSION)
@@ -182,6 +182,7 @@ IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
ssl_undefined_function,
ssl3_connect,
ssl3_get_client_method)
+#endif
int ssl3_connect(SSL *s)
{
@@ -272,6 +273,9 @@ int ssl3_connect(SSL *s)
s->state=SSL3_ST_CW_CLNT_HELLO_A;
s->ctx->stats.sess_connect++;
s->init_num=0;
+ s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
+ /* Should have been reset by ssl3_get_finished, too. */
+ s->s3->change_cipher_spec = 0;
break;
case SSL3_ST_CW_CLNT_HELLO_A:
@@ -312,20 +316,6 @@ int ssl3_connect(SSL *s)
case SSL3_ST_CR_CERT_A:
case SSL3_ST_CR_CERT_B:
-#ifndef OPENSSL_NO_TLSEXT
- ret=ssl3_check_finished(s);
- if (ret <= 0) goto end;
- if (ret == 2)
- {
- s->hit = 1;
- if (s->tlsext_ticket_expected)
- s->state=SSL3_ST_CR_SESSION_TICKET_A;
- else
- s->state=SSL3_ST_CR_FINISHED_A;
- s->init_num=0;
- break;
- }
-#endif
/* Check if it is anon DH/ECDH, SRP auth */
/* or PSK */
if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP)) &&
@@ -433,12 +423,10 @@ int ssl3_connect(SSL *s)
else
{
s->state=SSL3_ST_CW_CHANGE_A;
- s->s3->change_cipher_spec=0;
}
if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY)
{
s->state=SSL3_ST_CW_CHANGE_A;
- s->s3->change_cipher_spec=0;
}
s->init_num=0;
@@ -450,7 +438,6 @@ int ssl3_connect(SSL *s)
if (ret <= 0) goto end;
s->state=SSL3_ST_CW_CHANGE_A;
s->init_num=0;
- s->s3->change_cipher_spec=0;
break;
case SSL3_ST_CW_CHANGE_A:
@@ -510,7 +497,6 @@ int ssl3_connect(SSL *s)
s->method->ssl3_enc->client_finished_label,
s->method->ssl3_enc->client_finished_label_len);
if (ret <= 0) goto end;
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
s->state=SSL3_ST_CW_FLUSH;
/* clear flags */
@@ -559,7 +545,6 @@ int ssl3_connect(SSL *s)
case SSL3_ST_CR_FINISHED_A:
case SSL3_ST_CR_FINISHED_B:
-
s->s3->flags |= SSL3_FLAGS_CCS_OK;
ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
SSL3_ST_CR_FINISHED_B);
@@ -669,11 +654,7 @@ int ssl3_client_hello(SSL *s)
SSL_SESSION *sess = s->session;
if ((sess == NULL) ||
(sess->ssl_version != s->version) ||
-#ifdef OPENSSL_NO_TLSEXT
!sess->session_id_length ||
-#else
- (!sess->session_id_length && !sess->tlsext_tick) ||
-#endif
(sess->not_resumable))
{
if (!ssl_get_new_session(s,0))
@@ -879,6 +860,8 @@ int ssl3_get_server_hello(SSL *s)
memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE);
p+=SSL3_RANDOM_SIZE;
+ s->hit = 0;
+
/* get the session-id */
j= *(p++);
@@ -902,12 +885,12 @@ int ssl3_get_server_hello(SSL *s)
{
s->session->cipher = pref_cipher ?
pref_cipher : ssl_get_cipher_by_char(s, p+j);
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ s->hit = 1;
}
}
#endif /* OPENSSL_NO_TLSEXT */
- if (j != 0 && j == s->session->session_id_length
+ if (!s->hit && j != 0 && j == s->session->session_id_length
&& memcmp(p,s->session->session_id,j) == 0)
{
if(s->sid_ctx_length != s->session->sid_ctx_length
@@ -918,14 +901,13 @@ int ssl3_get_server_hello(SSL *s)
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
goto f_err;
}
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
s->hit=1;
}
- else /* a miss or crap from the other end */
+ /* a miss or crap from the other end */
+ if (!s->hit)
{
/* If we were trying for session-id reuse, make a new
* SSL_SESSION so we don't stuff up other people */
- s->hit=0;
if (s->session->session_id_length > 0)
{
if (!ssl_get_new_session(s,0))
@@ -1203,9 +1185,9 @@ int ssl3_get_server_certificate(SSL *s)
? 0 : 1;
#ifdef KSSL_DEBUG
- printf("pkey,x = %p, %p\n", pkey,x);
- printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
- printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name,
+ fprintf(stderr,"pkey,x = %p, %p\n", pkey,x);
+ fprintf(stderr,"ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
+ fprintf(stderr,"cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name,
s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert);
#endif /* KSSL_DEBUG */
@@ -1295,6 +1277,8 @@ int ssl3_get_key_exchange(SSL *s)
int encoded_pt_len = 0;
#endif
+ EVP_MD_CTX_init(&md_ctx);
+
/* use same message size as in ssl3_get_certificate_request()
* as ServerKeyExchange message may be skipped */
n=s->method->ssl_get_message(s,
@@ -1305,14 +1289,26 @@ int ssl3_get_key_exchange(SSL *s)
&ok);
if (!ok) return((int)n);
+ alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
+
if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
{
+ /*
+ * Can't skip server key exchange if this is an ephemeral
+ * ciphersuite.
+ */
+ if (alg_k & (SSL_kEDH|SSL_kEECDH))
+ {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ goto f_err;
+ }
#ifndef OPENSSL_NO_PSK
/* In plain PSK ciphersuite, ServerKeyExchange can be
omitted if no identity hint is sent. Set
session->sess_cert anyway to avoid problems
later.*/
- if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
+ if (alg_k & SSL_kPSK)
{
s->session->sess_cert=ssl_sess_cert_new();
if (s->ctx->psk_identity_hint)
@@ -1357,9 +1353,7 @@ int ssl3_get_key_exchange(SSL *s)
/* Total length of the parameters including the length prefix */
param_len=0;
- alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
alg_a=s->s3->tmp.new_cipher->algorithm_auth;
- EVP_MD_CTX_init(&md_ctx);
al=SSL_AD_DECODE_ERROR;
@@ -1543,6 +1537,13 @@ int ssl3_get_key_exchange(SSL *s)
#ifndef OPENSSL_NO_RSA
if (alg_k & SSL_kRSA)
{
+ /* Temporary RSA keys only allowed in export ciphersuites */
+ if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher))
+ {
+ al=SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+ goto f_err;
+ }
if ((rsa=RSA_new()) == NULL)
{
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
@@ -2174,24 +2175,13 @@ int ssl3_get_new_session_ticket(SSL *s)
n=s->method->ssl_get_message(s,
SSL3_ST_CR_SESSION_TICKET_A,
SSL3_ST_CR_SESSION_TICKET_B,
- -1,
+ SSL3_MT_NEWSESSION_TICKET,
16384,
&ok);
if (!ok)
return((int)n);
- if (s->s3->tmp.message_type == SSL3_MT_FINISHED)
- {
- s->s3->tmp.reuse_message=1;
- return(1);
- }
- if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET)
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE);
- goto f_err;
- }
if (n < 6)
{
/* need at least ticket_lifetime_hint + ticket length */
@@ -2223,7 +2213,7 @@ int ssl3_get_new_session_ticket(SSL *s)
}
memcpy(s->session->tlsext_tick, p, ticklen);
s->session->tlsext_ticklen = ticklen;
- /* There are two ways to detect a resumed ticket sesion.
+ /* There are two ways to detect a resumed ticket session.
* One is to set an appropriate session ID and then the server
* must return a match in ServerHello. This allows the normal
* client session ID matching to work and we know much
@@ -2462,7 +2452,7 @@ int ssl3_send_client_key_exchange(SSL *s)
EVP_CIPHER_CTX_init(&ciph_ctx);
#ifdef KSSL_DEBUG
- printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
+ fprintf(stderr,"ssl3_send_client_key_exchange(%lx & %lx)\n",
alg_k, SSL_kKRB5);
#endif /* KSSL_DEBUG */
@@ -2478,9 +2468,9 @@ int ssl3_send_client_key_exchange(SSL *s)
goto err;
#ifdef KSSL_DEBUG
{
- printf("kssl_cget_tkt rtn %d\n", krb5rc);
+ fprintf(stderr,"kssl_cget_tkt rtn %d\n", krb5rc);
if (krb5rc && kssl_err.text)
- printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
+ fprintf(stderr,"kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
}
#endif /* KSSL_DEBUG */
@@ -3309,6 +3299,12 @@ int ssl3_send_client_certificate(SSL *s)
s->state=SSL3_ST_CW_CERT_D;
l=ssl3_output_cert_chain(s,
(s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
+ if (!l)
+ {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
+ return 0;
+ }
s->init_num=(int)l;
s->init_off=0;
}
@@ -3478,40 +3474,9 @@ int ssl3_send_next_proto(SSL *s)
}
return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
-}
+ }
#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
-/* Check to see if handshake is full or resumed. Usually this is just a
- * case of checking to see if a cache hit has occurred. In the case of
- * session tickets we have to check the next message to be sure.
- */
-
-#ifndef OPENSSL_NO_TLSEXT
-int ssl3_check_finished(SSL *s)
- {
- int ok;
- long n;
- /* If we have no ticket it cannot be a resumed session. */
- if (!s->session->tlsext_tick)
- return 1;
- /* this function is called when we really expect a Certificate
- * message, so permit appropriate message length */
- n=s->method->ssl_get_message(s,
- SSL3_ST_CR_CERT_A,
- SSL3_ST_CR_CERT_B,
- -1,
- s->max_cert_list,
- &ok);
- if (!ok) return((int)n);
- s->s3->tmp.reuse_message = 1;
- if ((s->s3->tmp.message_type == SSL3_MT_FINISHED)
- || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
- return 2;
-
- return 1;
- }
-#endif
-
int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
{
int i = 0;
diff --git a/crypto/openssl/ssl/s3_enc.c b/crypto/openssl/ssl/s3_enc.c
index 9db45af..89c133e 100644
--- a/crypto/openssl/ssl/s3_enc.c
+++ b/crypto/openssl/ssl/s3_enc.c
@@ -535,7 +535,8 @@ int ssl3_enc(SSL *s, int send)
/* otherwise, rec->length >= bs */
}
- EVP_Cipher(ds,rec->data,rec->input,l);
+ if(EVP_Cipher(ds,rec->data,rec->input,l) < 1)
+ return -1;
if (EVP_MD_CTX_md(s->read_hash) != NULL)
mac_size = EVP_MD_CTX_size(s->read_hash);
diff --git a/crypto/openssl/ssl/s3_lib.c b/crypto/openssl/ssl/s3_lib.c
index 3f17453..e7cbef4 100644
--- a/crypto/openssl/ssl/s3_lib.c
+++ b/crypto/openssl/ssl/s3_lib.c
@@ -3810,17 +3810,17 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#endif
#ifdef CIPHER_DEBUG
- printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
+ fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
{
c=sk_SSL_CIPHER_value(srvr,i);
- printf("%p:%s\n",(void *)c,c->name);
+ fprintf(stderr, "%p:%s\n",(void *)c,c->name);
}
- printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
+ fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
{
c=sk_SSL_CIPHER_value(clnt,i);
- printf("%p:%s\n",(void *)c,c->name);
+ fprintf(stderr, "%p:%s\n",(void *)c,c->name);
}
#endif
@@ -3860,7 +3860,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#endif
#ifdef KSSL_DEBUG
-/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
+/* fprintf(stderr,"ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
#endif /* KSSL_DEBUG */
alg_k=c->algorithm_mkey;
@@ -3883,7 +3883,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
{
ok = (alg_k & emask_k) && (alg_a & emask_a);
#ifdef CIPHER_DEBUG
- printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
+ fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
(void *)c,c->name);
#endif
}
@@ -3891,7 +3891,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
{
ok = (alg_k & mask_k) && (alg_a & mask_a);
#ifdef CIPHER_DEBUG
- printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
+ fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
c->name);
#endif
}
@@ -4000,6 +4000,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
}
ok = ok && ec_ok;
}
+#ifndef OPENSSL_NO_ECDH
if (
/* if we are considering an ECC cipher suite that uses an ephemeral EC key */
(alg_k & SSL_kEECDH)
@@ -4047,6 +4048,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
}
ok = ok && ec_ok;
}
+#endif /* OPENSSL_NO_ECDH */
#endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_TLSEXT */
diff --git a/crypto/openssl/ssl/s3_meth.c b/crypto/openssl/ssl/s3_meth.c
index cdddb17..4dec703 100644
--- a/crypto/openssl/ssl/s3_meth.c
+++ b/crypto/openssl/ssl/s3_meth.c
@@ -60,7 +60,7 @@
#include <openssl/objects.h>
#include "ssl_locl.h"
-static const SSL_METHOD *ssl3_get_method(int ver);
+#ifndef OPENSSL_NO_SSL3_METHOD
static const SSL_METHOD *ssl3_get_method(int ver)
{
if (ver == SSL3_VERSION)
@@ -73,5 +73,4 @@ IMPLEMENT_ssl3_meth_func(SSLv3_method,
ssl3_accept,
ssl3_connect,
ssl3_get_method)
-
-
+#endif
diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c
index 4c9285f..1ec9e6e 100644
--- a/crypto/openssl/ssl/s3_pkt.c
+++ b/crypto/openssl/ssl/s3_pkt.c
@@ -183,6 +183,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
* at once (as long as it fits into the buffer). */
if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
{
+ if (left == 0 && extend)
+ return 0;
if (left > 0 && n > left)
n = left;
}
@@ -856,8 +858,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
wr->length += eivlen;
}
- /* ssl3_enc can only have an error on read */
- s->method->ssl3_enc->enc(s,1);
+ if(s->method->ssl3_enc->enc(s,1)<1) goto err;
/* record length after mac and block padding */
s2n(wr->length,plen);
diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c
index c23d987..fadca74 100644
--- a/crypto/openssl/ssl/s3_srvr.c
+++ b/crypto/openssl/ssl/s3_srvr.c
@@ -170,6 +170,7 @@
#endif
#include <openssl/md5.h>
+#ifndef OPENSSL_NO_SSL3_METHOD
static const SSL_METHOD *ssl3_get_server_method(int ver);
static const SSL_METHOD *ssl3_get_server_method(int ver)
@@ -180,6 +181,12 @@ static const SSL_METHOD *ssl3_get_server_method(int ver)
return(NULL);
}
+IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
+ ssl3_accept,
+ ssl_undefined_function,
+ ssl3_get_server_method)
+#endif
+
#ifndef OPENSSL_NO_SRP
static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
{
@@ -206,11 +213,6 @@ static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
}
#endif
-IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
- ssl3_accept,
- ssl_undefined_function,
- ssl3_get_server_method)
-
int ssl3_accept(SSL *s)
{
BUF_MEM *buf;
@@ -284,6 +286,7 @@ int ssl3_accept(SSL *s)
}
if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
{
+ BUF_MEM_free(buf);
ret= -1;
goto end;
}
@@ -298,6 +301,9 @@ int ssl3_accept(SSL *s)
s->init_num=0;
s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
+ s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
+ /* Should have been reset by ssl3_get_finished, too. */
+ s->s3->change_cipher_spec = 0;
if (s->state != SSL_ST_RENEGOTIATE)
{
@@ -441,20 +447,11 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SW_KEY_EXCH_B:
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
- /* clear this, it may get reset by
- * send_server_key_exchange */
- if ((s->options & SSL_OP_EPHEMERAL_RSA)
-#ifndef OPENSSL_NO_KRB5
- && !(alg_k & SSL_kKRB5)
-#endif /* OPENSSL_NO_KRB5 */
- )
- /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
- * even when forbidden by protocol specs
- * (handshake may fail as clients are not required to
- * be able to handle this) */
- s->s3->tmp.use_rsa_tmp=1;
- else
- s->s3->tmp.use_rsa_tmp=0;
+ /*
+ * clear this, it may get reset by
+ * send_server_key_exchange
+ */
+ s->s3->tmp.use_rsa_tmp=0;
/* only send if a DH key exchange, fortezza or
@@ -468,7 +465,7 @@ int ssl3_accept(SSL *s)
* server certificate contains the server's
* public key for key exchange.
*/
- if (s->s3->tmp.use_rsa_tmp
+ if (0
/* PSK: send ServerKeyExchange if PSK identity
* hint if provided */
#ifndef OPENSSL_NO_PSK
@@ -674,8 +671,14 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SR_CERT_VRFY_A:
case SSL3_ST_SR_CERT_VRFY_B:
-
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ /*
+ * This *should* be the first time we enable CCS, but be
+ * extra careful about surrounding code changes. We need
+ * to set this here because we don't know if we're
+ * expecting a CertificateVerify or not.
+ */
+ if (!s->s3->change_cipher_spec)
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
/* we should decide if we expected this one */
ret=ssl3_get_cert_verify(s);
if (ret <= 0) goto end;
@@ -694,6 +697,19 @@ int ssl3_accept(SSL *s)
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
case SSL3_ST_SR_NEXT_PROTO_A:
case SSL3_ST_SR_NEXT_PROTO_B:
+ /*
+ * Enable CCS for resumed handshakes with NPN.
+ * In a full handshake with NPN, we end up here through
+ * SSL3_ST_SR_CERT_VRFY_B, where SSL3_FLAGS_CCS_OK was
+ * already set. Receiving a CCS clears the flag, so make
+ * sure not to re-enable it to ban duplicates.
+ * s->s3->change_cipher_spec is set when a CCS is
+ * processed in s3_pkt.c, and remains set until
+ * the client's Finished message is read.
+ */
+ if (!s->s3->change_cipher_spec)
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+
ret=ssl3_get_next_proto(s);
if (ret <= 0) goto end;
s->init_num = 0;
@@ -703,7 +719,18 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_SR_FINISHED_B:
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ /*
+ * Enable CCS for resumed handshakes without NPN.
+ * In a full handshake, we end up here through
+ * SSL3_ST_SR_CERT_VRFY_B, where SSL3_FLAGS_CCS_OK was
+ * already set. Receiving a CCS clears the flag, so make
+ * sure not to re-enable it to ban duplicates.
+ * s->s3->change_cipher_spec is set when a CCS is
+ * processed in s3_pkt.c, and remains set until
+ * the client's Finished message is read.
+ */
+ if (!s->s3->change_cipher_spec)
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
SSL3_ST_SR_FINISHED_B);
if (ret <= 0) goto end;
@@ -775,7 +802,6 @@ int ssl3_accept(SSL *s)
#else
if (s->s3->next_proto_neg_seen)
{
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;
}
else
@@ -1017,7 +1043,16 @@ int ssl3_get_client_hello(SSL *s)
else
{
i=ssl_get_prev_session(s, p, j, d + n);
- if (i == 1)
+ /*
+ * Only resume if the session's version matches the negotiated
+ * version.
+ * RFC 5246 does not provide much useful advice on resumption
+ * with a different protocol version. It doesn't forbid it but
+ * the sanity of such behaviour would be questionable.
+ * In practice, clients do not accept a version mismatch and
+ * will abort the handshake with an error.
+ */
+ if (i == 1 && s->version == s->session->ssl_version)
{ /* previous session */
s->hit=1;
}
@@ -1112,14 +1147,15 @@ int ssl3_get_client_hello(SSL *s)
id=s->session->cipher->id;
#ifdef CIPHER_DEBUG
- printf("client sent %d ciphers\n",sk_num(ciphers));
+ fprintf(stderr,"client sent %d ciphers\n",sk_SSL_CIPHER_num(ciphers));
#endif
for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++)
{
c=sk_SSL_CIPHER_value(ciphers,i);
#ifdef CIPHER_DEBUG
- printf("client [%2d of %2d]:%s\n",
- i,sk_num(ciphers),SSL_CIPHER_get_name(c));
+ fprintf(stderr,"client [%2d of %2d]:%s\n",
+ i,sk_SSL_CIPHER_num(ciphers),
+ SSL_CIPHER_get_name(c));
#endif
if (c->id == id)
{
@@ -2171,6 +2207,7 @@ int ssl3_get_client_key_exchange(SSL *s)
unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
int decrypt_len;
unsigned char decrypt_good, version_good;
+ size_t j;
/* FIX THIS UP EAY EAY EAY EAY */
if (s->s3->tmp.use_rsa_tmp)
@@ -2209,8 +2246,9 @@ int ssl3_get_client_key_exchange(SSL *s)
{
if (!(s->options & SSL_OP_TLS_D5_BUG))
{
+ al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
- goto err;
+ goto f_err;
}
else
p-=2;
@@ -2219,6 +2257,20 @@ int ssl3_get_client_key_exchange(SSL *s)
n=i;
}
+ /*
+ * Reject overly short RSA ciphertext because we want to be sure
+ * that the buffer size makes it safe to iterate over the entire
+ * size of a premaster secret (SSL_MAX_MASTER_KEY_LENGTH). The
+ * actual expected size is larger due to RSA padding, but the
+ * bound is sufficient to be safe.
+ */
+ if (n < SSL_MAX_MASTER_KEY_LENGTH)
+ {
+ al = SSL_AD_DECRYPT_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
+ goto f_err;
+ }
+
/* We must not leak whether a decryption failure occurs because
* of Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see
* RFC 2246, section 7.4.7.1). The code follows that advice of
@@ -2266,19 +2318,23 @@ int ssl3_get_client_key_exchange(SSL *s)
* to remain non-zero (0xff). */
decrypt_good &= version_good;
- /* Now copy rand_premaster_secret over p using
- * decrypt_good_mask. */
- for (i = 0; i < (int) sizeof(rand_premaster_secret); i++)
+ /*
+ * Now copy rand_premaster_secret over from p using
+ * decrypt_good_mask. If decryption failed, then p does not
+ * contain valid plaintext, however, a check above guarantees
+ * it is still sufficiently large to read from.
+ */
+ for (j = 0; j < sizeof(rand_premaster_secret); j++)
{
- p[i] = constant_time_select_8(decrypt_good, p[i],
- rand_premaster_secret[i]);
+ p[j] = constant_time_select_8(decrypt_good, p[j],
+ rand_premaster_secret[j]);
}
s->session->master_key_length=
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,
- p,i);
- OPENSSL_cleanse(p,i);
+ p,sizeof(rand_premaster_secret));
+ OPENSSL_cleanse(p,sizeof(rand_premaster_secret));
}
else
#endif
@@ -2420,10 +2476,10 @@ int ssl3_get_client_key_exchange(SSL *s)
&kssl_err)) != 0)
{
#ifdef KSSL_DEBUG
- printf("kssl_sget_tkt rtn %d [%d]\n",
+ fprintf(stderr,"kssl_sget_tkt rtn %d [%d]\n",
krb5rc, kssl_err.reason);
if (kssl_err.text)
- printf("kssl_err text= %s\n", kssl_err.text);
+ fprintf(stderr,"kssl_err text= %s\n", kssl_err.text);
#endif /* KSSL_DEBUG */
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
kssl_err.reason);
@@ -2437,10 +2493,10 @@ int ssl3_get_client_key_exchange(SSL *s)
&authtime, &kssl_err)) != 0)
{
#ifdef KSSL_DEBUG
- printf("kssl_check_authent rtn %d [%d]\n",
+ fprintf(stderr,"kssl_check_authent rtn %d [%d]\n",
krb5rc, kssl_err.reason);
if (kssl_err.text)
- printf("kssl_err text= %s\n", kssl_err.text);
+ fprintf(stderr,"kssl_err text= %s\n", kssl_err.text);
#endif /* KSSL_DEBUG */
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
kssl_err.reason);
@@ -2958,7 +3014,7 @@ int ssl3_get_cert_verify(SSL *s)
if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
{
s->s3->tmp.reuse_message=1;
- if ((peer != NULL) && (type & EVP_PKT_SIGN))
+ if (peer != NULL)
{
al=SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
@@ -3362,6 +3418,11 @@ int ssl3_send_server_certificate(SSL *s)
}
l=ssl3_output_cert_chain(s,x);
+ if (!l)
+ {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
+ return(0);
+ }
s->state=SSL3_ST_SW_CERT_B;
s->init_num=(int)l;
s->init_off=0;
diff --git a/crypto/openssl/ssl/srtp.h b/crypto/openssl/ssl/srtp.h
index fe5217e..3edff41 100644
--- a/crypto/openssl/ssl/srtp.h
+++ b/crypto/openssl/ssl/srtp.h
@@ -1,4 +1,4 @@
-/* ssl/tls1.h */
+/* ssl/srtp.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -118,6 +118,8 @@
#ifndef HEADER_D1_SRTP_H
#define HEADER_D1_SRTP_H
+#include <openssl/ssl.h>
+
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/crypto/openssl/ssl/ssl.h b/crypto/openssl/ssl/ssl.h
index b78a1cc..2ba5923 100644
--- a/crypto/openssl/ssl/ssl.h
+++ b/crypto/openssl/ssl/ssl.h
@@ -596,9 +596,8 @@ struct ssl_session_st
#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
/* If set, always create a new key when using tmp_dh parameters */
#define SSL_OP_SINGLE_DH_USE 0x00100000L
-/* Set to always use the tmp_rsa key when doing RSA operations,
- * even when this violates protocol specs */
-#define SSL_OP_EPHEMERAL_RSA 0x00200000L
+/* Does nothing: retained for compatibiity */
+#define SSL_OP_EPHEMERAL_RSA 0x0
/* Set on servers to choose the cipher according to the server's
* preferences */
#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
@@ -654,8 +653,13 @@ struct ssl_session_st
#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
/* Send TLS_FALLBACK_SCSV in the ClientHello.
- * To be set by applications that reconnect with a downgraded protocol
- * version; see draft-ietf-tls-downgrade-scsv-00 for details. */
+ * To be set only by applications that reconnect with a downgraded protocol
+ * version; see draft-ietf-tls-downgrade-scsv-00 for details.
+ *
+ * DO NOT ENABLE THIS if your application attempts a normal handshake.
+ * Only use this in explicit fallback retries, following the guidance
+ * in draft-ietf-tls-downgrade-scsv-00.
+ */
#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L
/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
@@ -688,6 +692,10 @@ struct ssl_session_st
SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
#define SSL_set_mtu(ssl, mtu) \
SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
+#define DTLS_set_link_mtu(ssl, mtu) \
+ SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL)
+#define DTLS_get_link_min_mtu(ssl) \
+ SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL)
#define SSL_get_secure_renegotiation_support(ssl) \
SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
@@ -1627,6 +1635,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
#define SSL_CTRL_CHECK_PROTO_VERSION 119
+#define DTLS_CTRL_SET_LINK_MTU 120
+#define DTLS_CTRL_GET_LINK_MIN_MTU 121
#define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
@@ -1878,13 +1888,15 @@ const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
+#endif
-const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
-const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
-const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
+const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS version */
+const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available SSL/TLS version */
+const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available SSL/TLS version */
const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
diff --git a/crypto/openssl/ssl/ssl3.h b/crypto/openssl/ssl/ssl3.h
index 85f1504..6fad054 100644
--- a/crypto/openssl/ssl/ssl3.h
+++ b/crypto/openssl/ssl/ssl3.h
@@ -393,8 +393,12 @@ typedef struct ssl3_buffer_st
#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
+/*
+ * Set when the handshake is ready to process peer's ChangeCipherSpec message.
+ * Cleared after the message has been processed.
+ */
#define SSL3_FLAGS_CCS_OK 0x0080
-
+
/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
* restart a handshake because of MS SGC and so prevents us
* from restarting the handshake in a loop. It's reset on a
@@ -456,8 +460,11 @@ typedef struct ssl3_state_st
* and freed and MD_CTX-es for all required digests are stored in
* this array */
EVP_MD_CTX **handshake_dgst;
- /* this is set whenerver we see a change_cipher_spec message
- * come in when we are not looking for one */
+ /*
+ * Set whenever an expected ChangeCipherSpec message is processed.
+ * Unset when the peer's Finished message is received.
+ * Unexpected ChangeCipherSpec messages trigger a fatal alert.
+ */
int change_cipher_spec;
int warn_alert;
diff --git a/crypto/openssl/ssl/ssl_cert.c b/crypto/openssl/ssl/ssl_cert.c
index 5123a89..cef3ff4 100644
--- a/crypto/openssl/ssl/ssl_cert.c
+++ b/crypto/openssl/ssl/ssl_cert.c
@@ -286,35 +286,6 @@ CERT *ssl_cert_dup(CERT *cert)
ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,
CRYPTO_LOCK_EVP_PKEY);
-
- switch(i)
- {
- /* If there was anything special to do for
- * certain types of keys, we'd do it here.
- * (Nothing at the moment, I think.) */
-
- case SSL_PKEY_RSA_ENC:
- case SSL_PKEY_RSA_SIGN:
- /* We have an RSA key. */
- break;
-
- case SSL_PKEY_DSA_SIGN:
- /* We have a DSA key. */
- break;
-
- case SSL_PKEY_DH_RSA:
- case SSL_PKEY_DH_DSA:
- /* We have a DH key. */
- break;
-
- case SSL_PKEY_ECC:
- /* We have an ECC key */
- break;
-
- default:
- /* Can't happen. */
- SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
- }
}
}
diff --git a/crypto/openssl/ssl/ssl_ciph.c b/crypto/openssl/ssl/ssl_ciph.c
index 8188ff5..b767361 100644
--- a/crypto/openssl/ssl/ssl_ciph.c
+++ b/crypto/openssl/ssl/ssl_ciph.c
@@ -814,7 +814,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
co_list[co_list_num].active = 0;
co_list_num++;
#ifdef KSSL_DEBUG
- printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
+ fprintf(stderr,"\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
#endif /* KSSL_DEBUG */
/*
if (!sk_push(ca_list,(char *)c)) goto err;
@@ -931,7 +931,7 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
int reverse = 0;
#ifdef CIPHER_DEBUG
- printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
+ fprintf(stderr, "Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
#endif
@@ -977,7 +977,7 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
else
{
#ifdef CIPHER_DEBUG
- printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
+ fprintf(stderr, "\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
#endif
if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
@@ -997,7 +997,7 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
}
#ifdef CIPHER_DEBUG
- printf("Action = %d\n", rule);
+ fprintf(stderr, "Action = %d\n", rule);
#endif
/* add the cipher if it has not been added yet. */
@@ -1386,7 +1386,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
*/
num_of_ciphers = ssl_method->num_ciphers();
#ifdef KSSL_DEBUG
- printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
+ fprintf(stderr,"ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
#endif /* KSSL_DEBUG */
co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
if (co_list == NULL)
@@ -1513,7 +1513,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
{
sk_SSL_CIPHER_push(cipherstack, curr->cipher);
#ifdef CIPHER_DEBUG
- printf("<%s>\n",curr->cipher->name);
+ fprintf(stderr, "<%s>\n",curr->cipher->name);
#endif
}
}
diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c
index 3f66fc0..4a62b4a 100644
--- a/crypto/openssl/ssl/ssl_lib.c
+++ b/crypto/openssl/ssl/ssl_lib.c
@@ -383,13 +383,7 @@ SSL *SSL_new(SSL_CTX *ctx)
return(s);
err:
if (s != NULL)
- {
- if (s->cert != NULL)
- ssl_cert_free(s->cert);
- if (s->ctx != NULL)
- SSL_CTX_free(s->ctx); /* decrement reference count */
- OPENSSL_free(s);
- }
+ SSL_free(s);
SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
return(NULL);
}
@@ -1080,19 +1074,6 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
l=s->max_cert_list;
s->max_cert_list=larg;
return(l);
- case SSL_CTRL_SET_MTU:
-#ifndef OPENSSL_NO_DTLS1
- if (larg < (long)dtls1_min_mtu())
- return 0;
-#endif
-
- if (SSL_version(s) == DTLS1_VERSION ||
- SSL_version(s) == DTLS1_BAD_VER)
- {
- s->d1->mtu = larg;
- return larg;
- }
- return 0;
case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
return 0;
@@ -1507,6 +1488,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INAPPROPRIATE_FALLBACK);
goto err;
}
+ p += n;
continue;
}
@@ -2112,7 +2094,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
#ifdef CIPHER_DEBUG
- printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
+ fprintf(stderr,"rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp,
rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
#endif
@@ -2996,10 +2978,32 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
}
ssl_cert_free(ocert);
}
+
+ /*
+ * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
+ * so setter APIs must prevent invalid lengths from entering the system.
+ */
+ OPENSSL_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx));
+
+ /*
+ * If the session ID context matches that of the parent SSL_CTX,
+ * inherit it from the new SSL_CTX as well. If however the context does
+ * not match (i.e., it was set per-ssl with SSL_set_session_id_context),
+ * leave it unchanged.
+ */
+ if ((ssl->ctx != NULL) &&
+ (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) &&
+ (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0))
+ {
+ ssl->sid_ctx_length = ctx->sid_ctx_length;
+ memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
+ }
+
CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
if (ssl->ctx != NULL)
SSL_CTX_free(ssl->ctx); /* decrement reference count */
ssl->ctx = ctx;
+
return(ssl->ctx);
}
diff --git a/crypto/openssl/ssl/ssl_locl.h b/crypto/openssl/ssl/ssl_locl.h
index 98888d2..1b8fa8c 100644
--- a/crypto/openssl/ssl/ssl_locl.h
+++ b/crypto/openssl/ssl/ssl_locl.h
@@ -864,7 +864,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
int ssl2_enc_init(SSL *s, int client);
int ssl2_generate_key_material(SSL *s);
-void ssl2_enc(SSL *s,int send_data);
+int ssl2_enc(SSL *s,int send_data);
void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
@@ -997,7 +997,9 @@ void dtls1_stop_timer(SSL *s);
int dtls1_is_timer_expired(SSL *s);
void dtls1_double_timeout(SSL *s);
int dtls1_send_newsession_ticket(SSL *s);
-unsigned int dtls1_min_mtu(void);
+unsigned int dtls1_min_mtu(SSL *s);
+unsigned int dtls1_link_min_mtu(void);
+void dtls1_hm_fragment_free(hm_fragment *frag);
/* some client-only functions */
int ssl3_client_hello(SSL *s);
@@ -1014,7 +1016,6 @@ int ssl3_get_key_exchange(SSL *s);
int ssl3_get_server_certificate(SSL *s);
int ssl3_check_cert_and_algorithm(SSL *s);
#ifndef OPENSSL_NO_TLSEXT
-int ssl3_check_finished(SSL *s);
# ifndef OPENSSL_NO_NEXTPROTONEG
int ssl3_send_next_proto(SSL *s);
# endif
diff --git a/crypto/openssl/ssl/ssl_sess.c b/crypto/openssl/ssl/ssl_sess.c
index ad40fad..235f92d 100644
--- a/crypto/openssl/ssl/ssl_sess.c
+++ b/crypto/openssl/ssl/ssl_sess.c
@@ -335,7 +335,21 @@ int ssl_get_new_session(SSL *s, int session)
return(0);
}
#ifndef OPENSSL_NO_TLSEXT
- /* If RFC4507 ticket use empty session ID */
+ /*
+ * If RFC5077 ticket, use empty session ID (as server).
+ * Note that:
+ * (a) ssl_get_prev_session() does lookahead into the
+ * ClientHello extensions to find the session ticket.
+ * When ssl_get_prev_session() fails, s3_srvr.c calls
+ * ssl_get_new_session() in ssl3_get_client_hello().
+ * At that point, it has not yet parsed the extensions,
+ * however, because of the lookahead, it already knows
+ * whether a ticket is expected or not.
+ *
+ * (b) s3_clnt.c calls ssl_get_new_session() before parsing
+ * ServerHello extensions, and before recording the session
+ * ID received from the server, so this block is a noop.
+ */
if (s->tlsext_ticket_expected)
{
ss->session_id_length = 0;
diff --git a/crypto/openssl/ssl/ssltest.c b/crypto/openssl/ssl/ssltest.c
index 4f80be8..0888956 100644
--- a/crypto/openssl/ssl/ssltest.c
+++ b/crypto/openssl/ssl/ssltest.c
@@ -345,7 +345,7 @@ static void sv_usage(void)
#ifndef OPENSSL_NO_SSL2
fprintf(stderr," -ssl2 - use SSLv2\n");
#endif
-#ifndef OPENSSL_NO_SSL3
+#ifndef OPENSSL_NO_SSL3_METHOD
fprintf(stderr," -ssl3 - use SSLv3\n");
#endif
#ifndef OPENSSL_NO_TLS1
@@ -368,7 +368,9 @@ static void sv_usage(void)
" Use \"openssl ecparam -list_curves\" for all names\n" \
" (default is sect163r2).\n");
#endif
- fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
+ fprintf(stderr," -test_cipherlist - Verifies the order of the ssl cipher lists.\n"
+ " When this option is requested, the cipherlist\n"
+ " tests are run instead of handshake tests.\n");
}
static void print_details(SSL *c_ssl, const char *prefix)
@@ -549,6 +551,7 @@ int main(int argc, char *argv[])
#ifdef OPENSSL_FIPS
int fips_mode=0;
#endif
+ int no_protocol = 0;
verbose = 0;
debug = 0;
@@ -658,11 +661,26 @@ int main(int argc, char *argv[])
}
#endif
else if (strcmp(*argv,"-ssl2") == 0)
- ssl2=1;
+ {
+#ifdef OPENSSL_NO_SSL2
+ no_protocol = 1;
+#endif
+ ssl2 = 1;
+ }
else if (strcmp(*argv,"-tls1") == 0)
- tls1=1;
+ {
+#ifdef OPENSSL_NO_TLS1
+ no_protocol = 1;
+#endif
+ tls1 = 1;
+ }
else if (strcmp(*argv,"-ssl3") == 0)
- ssl3=1;
+ {
+#ifdef OPENSSL_NO_SSL3_METHOD
+ no_protocol = 1;
+#endif
+ ssl3 = 1;
+ }
else if (strncmp(*argv,"-num",4) == 0)
{
if (--argc < 1) goto bad;
@@ -781,15 +799,41 @@ bad:
goto end;
}
+ /*
+ * test_cipherlist prevails over protocol switch: we test the cipherlist
+ * for all enabled protocols.
+ */
if (test_cipherlist == 1)
{
/* ensure that the cipher list are correctly sorted and exit */
+ fprintf(stdout, "Testing cipherlist order only. Ignoring all "
+ "other options.\n");
if (do_test_cipherlist() == 0)
EXIT(1);
ret = 0;
goto end;
}
+ if (ssl2 + ssl3 + tls1 > 1)
+ {
+ fprintf(stderr, "At most one of -ssl2, -ssl3, or -tls1 should "
+ "be requested.\n");
+ EXIT(1);
+ }
+
+ /*
+ * Testing was requested for a compiled-out protocol (e.g. SSLv2).
+ * Ideally, we would error out, but the generic test wrapper can't know
+ * when to expect failure. So we do nothing and return success.
+ */
+ if (no_protocol)
+ {
+ fprintf(stderr, "Testing was requested for a disabled protocol. "
+ "Skipping tests.\n");
+ ret = 0;
+ goto end;
+ }
+
if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
{
fprintf(stderr, "This case cannot work. Use -f to perform "
@@ -868,30 +912,25 @@ bad:
}
#endif
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+/* At this point, ssl2/ssl3/tls1 is only set if the protocol is available.
+ * (Otherwise we exit early.)
+ * However the compiler doesn't know this, so we ifdef. */
+#ifndef OPENSSL_NO_SSL2
if (ssl2)
meth=SSLv2_method();
- else
- if (tls1)
- meth=TLSv1_method();
else
+#endif
+#ifndef OPENSSL_NO_SSL3
if (ssl3)
meth=SSLv3_method();
else
- meth=SSLv23_method();
-#else
-#ifdef OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_TLS1
if (tls1)
meth=TLSv1_method();
else
- if (ssl3)
- meth=SSLv3_method();
- else
- meth=SSLv23_method();
-#else
- meth=SSLv2_method();
-#endif
#endif
+ meth=SSLv23_method();
c_ctx=SSL_CTX_new(meth);
s_ctx=SSL_CTX_new(meth);
diff --git a/crypto/openssl/ssl/t1_enc.c b/crypto/openssl/ssl/t1_enc.c
index 1923cf3..1308c03 100644
--- a/crypto/openssl/ssl/t1_enc.c
+++ b/crypto/openssl/ssl/t1_enc.c
@@ -303,15 +303,15 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km,
s->session->master_key,s->session->master_key_length,
km,tmp,num);
#ifdef KSSL_DEBUG
- printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
+ fprintf(stderr,"tls1_generate_key_block() ==> %d byte master_key =\n\t",
s->session->master_key_length);
{
int i;
for (i=0; i < s->session->master_key_length; i++)
{
- printf("%02X", s->session->master_key[i]);
+ fprintf(stderr,"%02X", s->session->master_key[i]);
}
- printf("\n"); }
+ fprintf(stderr,"\n"); }
#endif /* KSSL_DEBUG */
return ret;
}
@@ -349,19 +349,19 @@ int tls1_change_cipher_state(SSL *s, int which)
#endif
#ifdef KSSL_DEBUG
- printf("tls1_change_cipher_state(which= %d) w/\n", which);
- printf("\talg= %ld/%ld, comp= %p\n",
+ fprintf(stderr,"tls1_change_cipher_state(which= %d) w/\n", which);
+ fprintf(stderr,"\talg= %ld/%ld, comp= %p\n",
s->s3->tmp.new_cipher->algorithm_mkey,
s->s3->tmp.new_cipher->algorithm_auth,
comp);
- printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
- printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
+ fprintf(stderr,"\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
+ fprintf(stderr,"\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
c->nid,c->block_size,c->key_len,c->iv_len);
- printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
+ fprintf(stderr,"\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
{
int i;
for (i=0; i<s->s3->tmp.key_block_length; i++)
- printf("%02x", s->s3->tmp.key_block[i]); printf("\n");
+ fprintf(stderr,"%02x", s->s3->tmp.key_block[i]); fprintf(stderr,"\n");
}
#endif /* KSSL_DEBUG */
@@ -540,11 +540,11 @@ printf("which = %04X\nmac key=",which);
#ifdef KSSL_DEBUG
{
int i;
- printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
- printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
- printf("\n");
- printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
- printf("\n");
+ fprintf(stderr,"EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
+ fprintf(stderr,"\tkey= "); for (i=0; i<c->key_len; i++) fprintf(stderr,"%02x", key[i]);
+ fprintf(stderr,"\n");
+ fprintf(stderr,"\t iv= "); for (i=0; i<c->iv_len; i++) fprintf(stderr,"%02x", iv[i]);
+ fprintf(stderr,"\n");
}
#endif /* KSSL_DEBUG */
@@ -591,7 +591,7 @@ int tls1_setup_key_block(SSL *s)
int ret=0;
#ifdef KSSL_DEBUG
- printf ("tls1_setup_key_block()\n");
+ fprintf(stderr,"tls1_setup_key_block()\n");
#endif /* KSSL_DEBUG */
if (s->s3->tmp.key_block_length != 0)
@@ -740,7 +740,7 @@ int tls1_enc(SSL *s, int send)
}
#ifdef KSSL_DEBUG
- printf("tls1_enc(%d)\n", send);
+ fprintf(stderr,"tls1_enc(%d)\n", send);
#endif /* KSSL_DEBUG */
if ((s->session == NULL) || (ds == NULL) || (enc == NULL))
@@ -812,18 +812,18 @@ int tls1_enc(SSL *s, int send)
#ifdef KSSL_DEBUG
{
unsigned long ui;
- printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
+ fprintf(stderr,"EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
ds,rec->data,rec->input,l);
- printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
+ fprintf(stderr,"\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%lu %lu], %d iv_len\n",
ds->buf_len, ds->cipher->key_len,
DES_KEY_SZ, DES_SCHEDULE_SZ,
ds->cipher->iv_len);
- printf("\t\tIV: ");
- for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
- printf("\n");
- printf("\trec->input=");
- for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
- printf("\n");
+ fprintf(stderr,"\t\tIV: ");
+ for (i=0; i<ds->cipher->iv_len; i++) fprintf(stderr,"%02X", ds->iv[i]);
+ fprintf(stderr,"\n");
+ fprintf(stderr,"\trec->input=");
+ for (ui=0; ui<l; ui++) fprintf(stderr," %02x", rec->input[ui]);
+ fprintf(stderr,"\n");
}
#endif /* KSSL_DEBUG */
@@ -848,9 +848,9 @@ int tls1_enc(SSL *s, int send)
#ifdef KSSL_DEBUG
{
unsigned long i;
- printf("\trec->data=");
+ fprintf(stderr,"\trec->data=");
for (i=0; i<l; i++)
- printf(" %02x", rec->data[i]); printf("\n");
+ fprintf(stderr," %02x", rec->data[i]); fprintf(stderr,"\n");
}
#endif /* KSSL_DEBUG */
@@ -1048,10 +1048,10 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
if (!stream_mac)
EVP_MD_CTX_cleanup(&hmac);
#ifdef TLS_DEBUG
-printf("seq=");
-{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
-printf("rec=");
-{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",rec->data[z]); printf("\n"); }
+fprintf(stderr,"seq=");
+{int z; for (z=0; z<8; z++) fprintf(stderr,"%02X ",seq[z]); fprintf(stderr,"\n"); }
+fprintf(stderr,"rec=");
+{unsigned int z; for (z=0; z<rec->length; z++) fprintf(stderr,"%02X ",rec->data[z]); fprintf(stderr,"\n"); }
#endif
if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER)
@@ -1064,7 +1064,7 @@ printf("rec=");
}
#ifdef TLS_DEBUG
-{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
+{unsigned int z; for (z=0; z<md_size; z++) fprintf(stderr,"%02X ",md[z]); fprintf(stderr,"\n"); }
#endif
return(md_size);
}
@@ -1078,7 +1078,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
#ifdef KSSL_DEBUG
- printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);
+ fprintf(stderr,"tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);
#endif /* KSSL_DEBUG */
#ifdef TLSEXT_TYPE_opaque_prf_input
@@ -1113,7 +1113,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
#endif
#ifdef KSSL_DEBUG
- printf ("tls1_generate_master_secret() complete\n");
+ fprintf(stderr,"tls1_generate_master_secret() complete\n");
#endif /* KSSL_DEBUG */
return(SSL3_MASTER_SECRET_SIZE);
}
@@ -1128,7 +1128,7 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
int rv;
#ifdef KSSL_DEBUG
- printf ("tls1_export_keying_material(%p,%p,%d,%s,%d,%p,%d)\n", s, out, olen, label, llen, context, contextlen);
+ fprintf(stderr,"tls1_export_keying_material(%p,%p,%lu,%s,%lu,%p,%lu)\n", s, out, olen, label, llen, context, contextlen);
#endif /* KSSL_DEBUG */
buff = OPENSSL_malloc(olen);
@@ -1191,7 +1191,7 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
out,buff,olen);
#ifdef KSSL_DEBUG
- printf ("tls1_export_keying_material() complete\n");
+ fprintf(stderr,"tls1_export_keying_material() complete\n");
#endif /* KSSL_DEBUG */
goto ret;
err1:
diff --git a/crypto/openssl/ssl/t1_lib.c b/crypto/openssl/ssl/t1_lib.c
index d6aff4b..179b467 100644
--- a/crypto/openssl/ssl/t1_lib.c
+++ b/crypto/openssl/ssl/t1_lib.c
@@ -204,28 +204,40 @@ static int nid_list[] =
static int pref_list[] =
{
+#ifndef OPENSSL_NO_EC2M
NID_sect571r1, /* sect571r1 (14) */
NID_sect571k1, /* sect571k1 (13) */
+#endif
NID_secp521r1, /* secp521r1 (25) */
+#ifndef OPENSSL_NO_EC2M
NID_sect409k1, /* sect409k1 (11) */
NID_sect409r1, /* sect409r1 (12) */
+#endif
NID_secp384r1, /* secp384r1 (24) */
+#ifndef OPENSSL_NO_EC2M
NID_sect283k1, /* sect283k1 (9) */
NID_sect283r1, /* sect283r1 (10) */
+#endif
NID_secp256k1, /* secp256k1 (22) */
NID_X9_62_prime256v1, /* secp256r1 (23) */
+#ifndef OPENSSL_NO_EC2M
NID_sect239k1, /* sect239k1 (8) */
NID_sect233k1, /* sect233k1 (6) */
NID_sect233r1, /* sect233r1 (7) */
+#endif
NID_secp224k1, /* secp224k1 (20) */
NID_secp224r1, /* secp224r1 (21) */
+#ifndef OPENSSL_NO_EC2M
NID_sect193r1, /* sect193r1 (4) */
NID_sect193r2, /* sect193r2 (5) */
+#endif
NID_secp192k1, /* secp192k1 (18) */
NID_X9_62_prime192v1, /* secp192r1 (19) */
+#ifndef OPENSSL_NO_EC2M
NID_sect163k1, /* sect163k1 (1) */
NID_sect163r1, /* sect163r1 (2) */
NID_sect163r2, /* sect163r2 (3) */
+#endif
NID_secp160k1, /* secp160k1 (15) */
NID_secp160r1, /* secp160r1 (16) */
NID_secp160r2, /* secp160r2 (17) */
@@ -233,7 +245,7 @@ static int pref_list[] =
int tls1_ec_curve_id2nid(int curve_id)
{
- /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
+ /* ECC curves from RFC 4492 */
if ((curve_id < 1) || ((unsigned int)curve_id >
sizeof(nid_list)/sizeof(nid_list[0])))
return 0;
@@ -242,7 +254,7 @@ int tls1_ec_curve_id2nid(int curve_id)
int tls1_ec_nid2curve_id(int nid)
{
- /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
+ /* ECC curves from RFC 4492 */
switch (nid)
{
case NID_sect163k1: /* sect163k1 (1) */
@@ -488,11 +500,6 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
s2n(TLSEXT_TYPE_elliptic_curves,ret);
s2n(s->tlsext_ellipticcurvelist_length + 2, ret);
- /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for
- * elliptic_curve_list, but the examples use two bytes.
- * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html
- * resolves this to two bytes.
- */
s2n(s->tlsext_ellipticcurvelist_length, ret);
memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
ret+=s->tlsext_ellipticcurvelist_length;
@@ -998,6 +1005,16 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
ssl_check_for_safari(s, data, d, n);
#endif /* !OPENSSL_NO_EC */
+#ifndef OPENSSL_NO_SRP
+ if (s->srp_ctx.login != NULL)
+ {
+ OPENSSL_free(s->srp_ctx.login);
+ s->srp_ctx.login = NULL;
+ }
+#endif
+
+ s->srtp_profile = NULL;
+
if (data >= (d+n-2))
goto ri_check;
n2s(data,len);
@@ -1192,7 +1209,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
ellipticcurvelist_length += (*(sdata++));
if (ellipticcurvelist_length != size - 2 ||
- ellipticcurvelist_length < 1)
+ ellipticcurvelist_length < 1 ||
+ /* Each NamedCurve is 2 bytes. */
+ ellipticcurvelist_length & 1)
{
*al = TLS1_AD_DECODE_ERROR;
return 0;
@@ -1506,6 +1525,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
#ifndef OPENSSL_NO_NEXTPROTONEG
s->s3->next_proto_neg_seen = 0;
#endif
+ s->tlsext_ticket_expected = 0;
#ifndef OPENSSL_NO_HEARTBEATS
s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
@@ -1800,7 +1820,7 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
- /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
+ /* we support all named elliptic curves in RFC 4492 */
if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);
s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
diff --git a/crypto/openssl/util/libeay.num b/crypto/openssl/util/libeay.num
index aa86b2b..3821c9c 100644
--- a/crypto/openssl/util/libeay.num
+++ b/crypto/openssl/util/libeay.num
@@ -1807,6 +1807,7 @@ ASN1_UTCTIME_get 2350 NOEXIST::FUNCTION:
X509_REQ_digest 2362 EXIST::FUNCTION:EVP
X509_CRL_digest 2391 EXIST::FUNCTION:EVP
d2i_ASN1_SET_OF_PKCS7 2397 NOEXIST::FUNCTION:
+X509_ALGOR_cmp 2398 EXIST::FUNCTION:
EVP_CIPHER_CTX_set_key_length 2399 EXIST::FUNCTION:
EVP_CIPHER_CTX_ctrl 2400 EXIST::FUNCTION:
BN_mod_exp_mont_word 2401 EXIST::FUNCTION:
diff --git a/crypto/openssl/util/mk1mf.pl b/crypto/openssl/util/mk1mf.pl
index f0c2df0..d3f5424 100755
--- a/crypto/openssl/util/mk1mf.pl
+++ b/crypto/openssl/util/mk1mf.pl
@@ -671,12 +671,6 @@ foreach (values %lib_nam)
$lib_obj=$lib_obj{$_};
local($slib)=$shlib;
- if (($_ eq "SSL") && $no_ssl2 && $no_ssl3)
- {
- $rules.="\$(O_SSL):\n\n";
- next;
- }
-
$defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj);
$lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)";
$rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib);
@@ -1077,12 +1071,17 @@ sub do_copy_rule
return($ret);
}
+# Options picked up from the OPTIONS line in the top level Makefile
+# generated by Configure.
+
sub read_options
{
# Many options are handled in a similar way. In particular
# no-xxx sets zero or more scalars to 1.
- # Process these using a hash containing the option name and
- # reference to the scalars to set.
+ # Process these using the %valid_options hash containing the option
+ # name and reference to the scalars to set. In some cases the option
+ # needs no special handling and can be ignored: this is done by
+ # setting the value to 0.
my %valid_options = (
"no-rc2" => \$no_rc2,
@@ -1116,6 +1115,7 @@ sub read_options
"gaswin" => \$gaswin,
"no-ssl2" => \$no_ssl2,
"no-ssl3" => \$no_ssl3,
+ "no-ssl3-method" => 0,
"no-tlsext" => \$no_tlsext,
"no-srp" => \$no_srp,
"no-cms" => \$no_cms,
diff --git a/crypto/openssl/util/mkbuildinf.pl b/crypto/openssl/util/mkbuildinf.pl
new file mode 100755
index 0000000..9d7b81c
--- /dev/null
+++ b/crypto/openssl/util/mkbuildinf.pl
@@ -0,0 +1,35 @@
+#!/usr/local/bin/perl
+
+my ($cflags, $platform) = @ARGV;
+
+$cflags = "compiler: $cflags";
+$date = localtime();
+print <<"END_OUTPUT";
+#ifndef MK1MF_BUILD
+ /* auto-generated by util/mkbuildinf.pl for crypto/cversion.c */
+ #define CFLAGS
+ /*
+ * Generate CFLAGS as an array of individual characters. This is a
+ * workaround for the situation where CFLAGS gets too long for a C90 string
+ * literal
+ */
+ static const char cflags[] = {
+END_OUTPUT
+my $ctr = 0;
+foreach my $c (split //, $cflags) {
+ # Max 18 characters per line
+ if (($ctr++ % 18) == 0) {
+ if ($ctr != 1) {
+ print "\n";
+ }
+ print " ";
+ }
+ print "'$c',";
+}
+print <<"END_OUTPUT";
+'\\0'
+ };
+ #define PLATFORM "platform: $platform"
+ #define DATE "built on: $date"
+#endif
+END_OUTPUT
diff --git a/crypto/openssl/util/mkdef.pl b/crypto/openssl/util/mkdef.pl
index 1eaa7b8..894f052 100755
--- a/crypto/openssl/util/mkdef.pl
+++ b/crypto/openssl/util/mkdef.pl
@@ -107,6 +107,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"CAPIENG",
# SSL v2
"SSL2",
+ # SSL v3 method
+ "SSL3_METHOD",
# JPAKE
"JPAKE",
# NEXTPROTONEG
@@ -141,7 +143,7 @@ my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc;
my $no_nextprotoneg; my $no_sctp; my $no_srtp;
-my $no_unit_test;
+my $no_unit_test; my $no_ssl3_method;
my $fips;
@@ -236,6 +238,7 @@ foreach (@ARGV, split(/ /, $options))
elsif (/^no-ec_nistp_64_gcc_128$/) { $no_nistp_gcc=1; }
elsif (/^no-nextprotoneg$/) { $no_nextprotoneg=1; }
elsif (/^no-ssl2$/) { $no_ssl2=1; }
+ elsif (/^no-ssl3-method$/) { $no_ssl3_method=1; }
elsif (/^no-capieng$/) { $no_capieng=1; }
elsif (/^no-jpake$/) { $no_jpake=1; }
elsif (/^no-srp$/) { $no_srp=1; }
@@ -1208,6 +1211,7 @@ sub is_valid
if ($keyword eq "EC_NISTP_64_GCC_128" && $no_nistp_gcc)
{ return 0; }
if ($keyword eq "SSL2" && $no_ssl2) { return 0; }
+ if ($keyword eq "SSL3_METHOD" && $no_ssl3_method) { return 0; }
if ($keyword eq "CAPIENG" && $no_capieng) { return 0; }
if ($keyword eq "JPAKE" && $no_jpake) { return 0; }
if ($keyword eq "SRP" && $no_srp) { return 0; }
diff --git a/crypto/openssl/util/pl/netware.pl b/crypto/openssl/util/pl/netware.pl
index c78bcfc..fe80a9b 100644
--- a/crypto/openssl/util/pl/netware.pl
+++ b/crypto/openssl/util/pl/netware.pl
@@ -212,7 +212,7 @@ else
# Turned off the "possible" warnings ( -w nopossible ). Metrowerks
# complained a lot about various stuff. May want to turn back
# on for further development.
- $cflags.=" -nostdinc -ir crypto -ir engines -ir apps -I$include_path \\
+ $cflags.=" -nostdinc -ir crypto -ir ssl -ir engines -ir apps -I$include_path \\
-msgstyle gcc -align 4 -processor pentium -char unsigned \\
-w on -w nolargeargs -w nopossible -w nounusedarg -w nounusedexpr \\
-w noimplicitconv -relax_pointers -nosyspath -maxerrors 20";
diff --git a/crypto/openssl/util/ssleay.num b/crypto/openssl/util/ssleay.num
index dd21e95..dd1c5e8 100644
--- a/crypto/openssl/util/ssleay.num
+++ b/crypto/openssl/util/ssleay.num
@@ -101,9 +101,9 @@ SSLv23_server_method 112 EXIST::FUNCTION:RSA
SSLv2_client_method 113 EXIST::FUNCTION:RSA,SSL2
SSLv2_method 114 EXIST::FUNCTION:RSA,SSL2
SSLv2_server_method 115 EXIST::FUNCTION:RSA,SSL2
-SSLv3_client_method 116 EXIST::FUNCTION:
-SSLv3_method 117 EXIST::FUNCTION:
-SSLv3_server_method 118 EXIST::FUNCTION:
+SSLv3_client_method 116 EXIST::FUNCTION:SSL3_METHOD
+SSLv3_method 117 EXIST::FUNCTION:SSL3_METHOD
+SSLv3_server_method 118 EXIST::FUNCTION:SSL3_METHOD
d2i_SSL_SESSION 119 EXIST::FUNCTION:
i2d_SSL_SESSION 120 EXIST::FUNCTION:
BIO_f_ssl 121 EXIST::FUNCTION:BIO
diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc
index adc9fbf..6fd7468 100644
--- a/secure/lib/libcrypto/Makefile.inc
+++ b/secure/lib/libcrypto/Makefile.inc
@@ -3,8 +3,8 @@
.include <bsd.own.mk>
# OpenSSL version used for manual page generation
-OPENSSL_VER= 1.0.1j
-OPENSSL_DATE= 2014-10-15
+OPENSSL_VER= 1.0.1k
+OPENSSL_DATE= 2015-01-08
LCRYPTO_SRC= ${.CURDIR}/../../../crypto/openssl
LCRYPTO_DOC= ${.CURDIR}/../../../crypto/openssl/doc
diff --git a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
index 71ed173..209b537 100644
--- a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
+++ b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_OBJECT_new 3"
-.TH ASN1_OBJECT_new 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ASN1_OBJECT_new 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -142,7 +151,7 @@ ASN1_OBJECT_new, ASN1_OBJECT_free, \- object allocation functions
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1ASN1_OBJECT\s0 allocation routines, allocate and free an
-\&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0.
+\&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1 OBJECT IDENTIFIER.\s0
.PP
\&\fIASN1_OBJECT_new()\fR allocates and initializes a \s-1ASN1_OBJECT\s0 structure.
.PP
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_length.3 b/secure/lib/libcrypto/man/ASN1_STRING_length.3
index 2be88a3..2d9c7f6 100644
--- a/secure/lib/libcrypto/man/ASN1_STRING_length.3
+++ b/secure/lib/libcrypto/man/ASN1_STRING_length.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_STRING_length 3"
-.TH ASN1_STRING_length 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ASN1_STRING_length 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -193,7 +202,7 @@ utility functions should be used instead.
In general it cannot be assumed that the data returned by \fIASN1_STRING_data()\fR
is null terminated or does not contain embedded nulls. The actual format
of the data will depend on the actual string type itself: for example
-for and IA5String the data will be \s-1ASCII\s0, for a BMPString two bytes per
+for and IA5String the data will be \s-1ASCII,\s0 for a BMPString two bytes per
character in big endian format, UTF8String will be in \s-1UTF8\s0 format.
.PP
Similar care should be take to ensure the data is in the correct format
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/ASN1_STRING_new.3
index 9fce1c9..aa53264 100644
--- a/secure/lib/libcrypto/man/ASN1_STRING_new.3
+++ b/secure/lib/libcrypto/man/ASN1_STRING_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_STRING_new 3"
-.TH ASN1_STRING_new 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ASN1_STRING_new 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
index ba782a8..373338e 100644
--- a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
+++ b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_STRING_print_ex 3"
-.TH ASN1_STRING_print_ex 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ASN1_STRING_print_ex 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,14 +159,14 @@ the options \fBflags\fR. \fIASN1_STRING_print_ex_fp()\fR is identical except it
to \fBfp\fR instead.
.PP
\&\fIASN1_STRING_print()\fR prints \fBstr\fR to \fBout\fR but using a different format to
-\&\fIASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR\s0, \s-1LF\s0)
+\&\fIASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR, LF\s0)
with '.'.
.SH "NOTES"
.IX Header "NOTES"
\&\fIASN1_STRING_print()\fR is a legacy function which should be avoided in new applications.
.PP
Although there are a large number of options frequently \fB\s-1ASN1_STRFLGS_RFC2253\s0\fR is
-suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLGS_RFC2253\s0 & ~ASN1_STRFLGS_ESC_MSB\fR.
+suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLGS_RFC2253 &\s0 ~ASN1_STRFLGS_ESC_MSB\fR.
.PP
The complete set of supported options for \fBflags\fR is listed below.
.PP
@@ -189,7 +198,7 @@ all: everything is assumed to be one byte per character. This is primarily for
debugging purposes and can result in confusing output in multi character strings.
.PP
If \fB\s-1ASN1_STRFLGS_SHOW_TYPE\s0\fR is set then the string type itself is printed out
-before its value (for example \*(L"\s-1BMPSTRING\s0\*(R"), this actually uses \fIASN1_tag2str()\fR.
+before its value (for example \*(L"\s-1BMPSTRING\*(R"\s0), this actually uses \fIASN1_tag2str()\fR.
.PP
The content of a string instead of being interpreted can be \*(L"dumped\*(R": this just
outputs the value of the string using the form #XXXX using hex format for each
@@ -197,7 +206,7 @@ octet.
.PP
If \fB\s-1ASN1_STRFLGS_DUMP_ALL\s0\fR is set then any type is dumped.
.PP
-Normally non character string types (such as \s-1OCTET\s0 \s-1STRING\s0) are assumed to be
+Normally non character string types (such as \s-1OCTET STRING\s0) are assumed to be
one byte per character, if \fB\s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0\fR is set then they will
be dumped instead.
.PP
@@ -205,10 +214,10 @@ When a type is dumped normally just the content octets are printed, if
\&\fB\s-1ASN1_STRFLGS_DUMP_DER\s0\fR is set then the complete encoding is dumped
instead (including tag and length octets).
.PP
-\&\fB\s-1ASN1_STRFLGS_RFC2253\s0\fR includes all the flags required by \s-1RFC2253\s0. It is
+\&\fB\s-1ASN1_STRFLGS_RFC2253\s0\fR includes all the flags required by \s-1RFC2253.\s0 It is
equivalent to:
\s-1ASN1_STRFLGS_ESC_2253\s0 | \s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 |
- \s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0 \s-1ASN1_STRFLGS_DUMP_DER\s0
+ \s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIX509_NAME_print_ex\fR\|(3),
diff --git a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 b/secure/lib/libcrypto/man/ASN1_generate_nconf.3
index 91a2fbb..7c7feac 100644
--- a/secure/lib/libcrypto/man/ASN1_generate_nconf.3
+++ b/secure/lib/libcrypto/man/ASN1_generate_nconf.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_generate_nconf 3"
-.TH ASN1_generate_nconf 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ASN1_generate_nconf 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -162,7 +171,7 @@ is:
That is zero or more comma separated modifiers followed by a type
followed by an optional colon and a value. The formats of \fBtype\fR,
\&\fBvalue\fR and \fBmodifier\fR are explained below.
-.SS "\s-1SUPPORTED\s0 \s-1TYPES\s0"
+.SS "\s-1SUPPORTED TYPES\s0"
.IX Subsection "SUPPORTED TYPES"
The supported types are listed below. Unless otherwise specified
only the \fB\s-1ASCII\s0\fR format is permissible.
@@ -177,34 +186,34 @@ are acceptable.
Encode the \fB\s-1NULL\s0\fR type, the \fBvalue\fR string must not be present.
.IP "\fB\s-1INTEGER\s0\fR, \fB\s-1INT\s0\fR" 2
.IX Item "INTEGER, INT"
-Encodes an \s-1ASN1\s0 \fB\s-1INTEGER\s0\fR type. The \fBvalue\fR string represents
+Encodes an \s-1ASN1 \s0\fB\s-1INTEGER\s0\fR type. The \fBvalue\fR string represents
the value of the integer, it can be prefaced by a minus sign and
is normally interpreted as a decimal value unless the prefix \fB0x\fR
is included.
.IP "\fB\s-1ENUMERATED\s0\fR, \fB\s-1ENUM\s0\fR" 2
.IX Item "ENUMERATED, ENUM"
-Encodes the \s-1ASN1\s0 \fB\s-1ENUMERATED\s0\fR type, it is otherwise identical to
+Encodes the \s-1ASN1 \s0\fB\s-1ENUMERATED\s0\fR type, it is otherwise identical to
\&\fB\s-1INTEGER\s0\fR.
.IP "\fB\s-1OBJECT\s0\fR, \fB\s-1OID\s0\fR" 2
.IX Item "OBJECT, OID"
-Encodes an \s-1ASN1\s0 \fB\s-1OBJECT\s0 \s-1IDENTIFIER\s0\fR, the \fBvalue\fR string can be
+Encodes an \s-1ASN1 \s0\fB\s-1OBJECT IDENTIFIER\s0\fR, the \fBvalue\fR string can be
a short name, a long name or numerical format.
.IP "\fB\s-1UTCTIME\s0\fR, \fB\s-1UTC\s0\fR" 2
.IX Item "UTCTIME, UTC"
-Encodes an \s-1ASN1\s0 \fBUTCTime\fR structure, the value should be in
+Encodes an \s-1ASN1 \s0\fBUTCTime\fR structure, the value should be in
the format \fB\s-1YYMMDDHHMMSSZ\s0\fR.
.IP "\fB\s-1GENERALIZEDTIME\s0\fR, \fB\s-1GENTIME\s0\fR" 2
.IX Item "GENERALIZEDTIME, GENTIME"
-Encodes an \s-1ASN1\s0 \fBGeneralizedTime\fR structure, the value should be in
+Encodes an \s-1ASN1 \s0\fBGeneralizedTime\fR structure, the value should be in
the format \fB\s-1YYYYMMDDHHMMSSZ\s0\fR.
.IP "\fB\s-1OCTETSTRING\s0\fR, \fB\s-1OCT\s0\fR" 2
.IX Item "OCTETSTRING, OCT"
-Encodes an \s-1ASN1\s0 \fB\s-1OCTET\s0 \s-1STRING\s0\fR. \fBvalue\fR represents the contents
+Encodes an \s-1ASN1 \s0\fB\s-1OCTET STRING\s0\fR. \fBvalue\fR represents the contents
of this structure, the format strings \fB\s-1ASCII\s0\fR and \fB\s-1HEX\s0\fR can be
used to specify the format of \fBvalue\fR.
.IP "\fB\s-1BITSTRING\s0\fR, \fB\s-1BITSTR\s0\fR" 2
.IX Item "BITSTRING, BITSTR"
-Encodes an \s-1ASN1\s0 \fB\s-1BIT\s0 \s-1STRING\s0\fR. \fBvalue\fR represents the contents
+Encodes an \s-1ASN1 \s0\fB\s-1BIT STRING\s0\fR. \fBvalue\fR represents the contents
of this structure, the format strings \fB\s-1ASCII\s0\fR, \fB\s-1HEX\s0\fR and \fB\s-1BITLIST\s0\fR
can be used to specify the format of \fBvalue\fR.
.Sp
@@ -216,7 +225,7 @@ These encode the corresponding string types. \fBvalue\fR represents the
contents of this structure. The format can be \fB\s-1ASCII\s0\fR or \fB\s-1UTF8\s0\fR.
.IP "\fB\s-1SEQUENCE\s0\fR, \fB\s-1SEQ\s0\fR, \fB\s-1SET\s0\fR" 2
.IX Item "SEQUENCE, SEQ, SET"
-Formats the result as an \s-1ASN1\s0 \fB\s-1SEQUENCE\s0\fR or \fB\s-1SET\s0\fR type. \fBvalue\fR
+Formats the result as an \s-1ASN1 \s0\fB\s-1SEQUENCE\s0\fR or \fB\s-1SET\s0\fR type. \fBvalue\fR
should be a section name which will contain the contents. The
field names in the section are ignored and the values are in the
generated string format. If \fBvalue\fR is absent then an empty \s-1SEQUENCE\s0
@@ -233,17 +242,17 @@ Add an explicit tag to the following structure. This string
should be followed by a colon and the tag value to use as a
decimal value.
.Sp
-By following the number with \fBU\fR, \fBA\fR, \fBP\fR or \fBC\fR \s-1UNIVERSAL\s0,
-\&\s-1APPLICATION\s0, \s-1PRIVATE\s0 or \s-1CONTEXT\s0 \s-1SPECIFIC\s0 tagging can be used,
-the default is \s-1CONTEXT\s0 \s-1SPECIFIC\s0.
+By following the number with \fBU\fR, \fBA\fR, \fBP\fR or \fBC\fR \s-1UNIVERSAL,
+APPLICATION, PRIVATE\s0 or \s-1CONTEXT SPECIFIC\s0 tagging can be used,
+the default is \s-1CONTEXT SPECIFIC.\s0
.IP "\fB\s-1IMPLICIT\s0\fR, \fB\s-1IMP\s0\fR" 2
.IX Item "IMPLICIT, IMP"
This is the same as \fB\s-1EXPLICIT\s0\fR except \s-1IMPLICIT\s0 tagging is used
instead.
.IP "\fB\s-1OCTWRAP\s0\fR, \fB\s-1SEQWRAP\s0\fR, \fB\s-1SETWRAP\s0\fR, \fB\s-1BITWRAP\s0\fR" 2
.IX Item "OCTWRAP, SEQWRAP, SETWRAP, BITWRAP"
-The following structure is surrounded by an \s-1OCTET\s0 \s-1STRING\s0, a \s-1SEQUENCE\s0,
-a \s-1SET\s0 or a \s-1BIT\s0 \s-1STRING\s0 respectively. For a \s-1BIT\s0 \s-1STRING\s0 the number of unused
+The following structure is surrounded by an \s-1OCTET STRING,\s0 a \s-1SEQUENCE,\s0
+a \s-1SET\s0 or a \s-1BIT STRING\s0 respectively. For a \s-1BIT STRING\s0 the number of unused
bits is set to zero.
.IP "\fB\s-1FORMAT\s0\fR" 2
.IX Item "FORMAT"
@@ -252,8 +261,8 @@ by a colon and one of the strings \fB\s-1ASCII\s0\fR, \fB\s-1UTF8\s0\fR, \fB\s-1
.Sp
If no format specifier is included then \fB\s-1ASCII\s0\fR is used. If \fB\s-1UTF8\s0\fR is
specified then the value string must be a valid \fB\s-1UTF8\s0\fR string. For \fB\s-1HEX\s0\fR the
-output must be a set of hex digits. \fB\s-1BITLIST\s0\fR (which is only valid for a \s-1BIT\s0
-\&\s-1STRING\s0) is a comma separated list of the indices of the set bits, all other
+output must be a set of hex digits. \fB\s-1BITLIST\s0\fR (which is only valid for a \s-1BIT
+STRING\s0) is a comma separated list of the indices of the set bits, all other
bits are zero.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
diff --git a/secure/lib/libcrypto/man/BIO_ctrl.3 b/secure/lib/libcrypto/man/BIO_ctrl.3
index 5471335..4f11e46 100644
--- a/secure/lib/libcrypto/man/BIO_ctrl.3
+++ b/secure/lib/libcrypto/man/BIO_ctrl.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_ctrl 3"
-.TH BIO_ctrl 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BIO_ctrl 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -164,7 +173,7 @@ BIO_get_info_callback, BIO_set_info_callback \- BIO control operations
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIBIO_ctrl()\fR, \fIBIO_callback_ctrl()\fR, \fIBIO_ptr_ctrl()\fR and \fIBIO_int_ctrl()\fR
-are \s-1BIO\s0 \*(L"control\*(R" operations taking arguments of various types.
+are \s-1BIO \s0\*(L"control\*(R" operations taking arguments of various types.
These functions are not normally called directly, various macros
are used instead. The standard macros are described below, macros
specific to a particular type of \s-1BIO\s0 are described in the specific
@@ -178,16 +187,16 @@ start of the file.
\&\fIBIO_seek()\fR resets a file related \s-1BIO\s0's (that is file descriptor and
\&\s-1FILE\s0 BIOs) file position pointer to \fBofs\fR bytes from start of file.
.PP
-\&\fIBIO_tell()\fR returns the current file position of a file related \s-1BIO\s0.
+\&\fIBIO_tell()\fR returns the current file position of a file related \s-1BIO.\s0
.PP
\&\fIBIO_flush()\fR normally writes out any internally buffered data, in some
cases it is used to signal \s-1EOF\s0 and that no more data will be written.
.PP
-\&\fIBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF\s0, the precise meaning of
-\&\*(L"\s-1EOF\s0\*(R" varies according to the \s-1BIO\s0 type.
+\&\fIBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF,\s0 the precise meaning of
+\&\*(L"\s-1EOF\*(R"\s0 varies according to the \s-1BIO\s0 type.
.PP
-\&\fIBIO_set_close()\fR sets the \s-1BIO\s0 \fBb\fR close flag to \fBflag\fR. \fBflag\fR can
-take the value \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0. Typically \s-1BIO_CLOSE\s0 is used
+\&\fIBIO_set_close()\fR sets the \s-1BIO \s0\fBb\fR close flag to \fBflag\fR. \fBflag\fR can
+take the value \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 Typically \s-1BIO_CLOSE\s0 is used
in a source/sink \s-1BIO\s0 to indicate that the underlying I/O stream should
be closed when the \s-1BIO\s0 is freed.
.PP
@@ -213,7 +222,7 @@ for success and \-1 for failure.
.PP
\&\fIBIO_set_close()\fR always returns 1.
.PP
-\&\fIBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0.
+\&\fIBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0
.PP
\&\fIBIO_pending()\fR, \fIBIO_ctrl_pending()\fR, \fIBIO_wpending()\fR and \fIBIO_ctrl_wpending()\fR
return the amount of pending data.
@@ -234,10 +243,10 @@ Filter BIOs if they do not internally handle a particular \fIBIO_ctrl()\fR
operation usually pass the operation to the next \s-1BIO\s0 in the chain.
This often means there is no need to locate the required \s-1BIO\s0 for
a particular operation, it can be called on a chain and it will
-be automatically passed to the relevant \s-1BIO\s0. However this can cause
+be automatically passed to the relevant \s-1BIO.\s0 However this can cause
unexpected results: for example no current filter BIOs implement
\&\fIBIO_seek()\fR, but this may still succeed if the chain ends in a \s-1FILE\s0
-or file descriptor \s-1BIO\s0.
+or file descriptor \s-1BIO.\s0
.PP
Source/sink BIOs return an 0 if they do not recognize the \fIBIO_ctrl()\fR
operation.
diff --git a/secure/lib/libcrypto/man/BIO_f_base64.3 b/secure/lib/libcrypto/man/BIO_f_base64.3
index c9ae354..0b8868b 100644
--- a/secure/lib/libcrypto/man/BIO_f_base64.3
+++ b/secure/lib/libcrypto/man/BIO_f_base64.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_base64 3"
-.TH BIO_f_base64 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BIO_f_base64 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -149,7 +158,7 @@ Base64 BIOs do not support \fIBIO_gets()\fR or \fIBIO_puts()\fR.
.PP
\&\fIBIO_flush()\fR on a base64 \s-1BIO\s0 that is being written through is
used to signal that no more data is to be encoded: this is used
-to flush the final block through the \s-1BIO\s0.
+to flush the final block through the \s-1BIO.\s0
.PP
The flag \s-1BIO_FLAGS_BASE64_NO_NL\s0 can be set with \fIBIO_set_flags()\fR
to encode the data all on one line or expect the data to be all
@@ -203,7 +212,7 @@ The ambiguity of \s-1EOF\s0 in base64 encoded data can cause additional
data following the base64 encoded block to be misinterpreted.
.PP
There should be some way of specifying a test that the \s-1BIO\s0 can perform
-to reliably determine \s-1EOF\s0 (for example a \s-1MIME\s0 boundary).
+to reliably determine \s-1EOF \s0(for example a \s-1MIME\s0 boundary).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_f_buffer.3 b/secure/lib/libcrypto/man/BIO_f_buffer.3
index e5be835..a2ade5e 100644
--- a/secure/lib/libcrypto/man/BIO_f_buffer.3
+++ b/secure/lib/libcrypto/man/BIO_f_buffer.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_buffer 3"
-.TH BIO_f_buffer 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BIO_f_buffer 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -159,7 +168,7 @@ Calling \fIBIO_reset()\fR on a buffering \s-1BIO\s0 clears any buffered data.
.PP
\&\fIBIO_set_read_buffer_size()\fR, \fIBIO_set_write_buffer_size()\fR and \fIBIO_set_buffer_size()\fR
set the read, write or both read and write buffer sizes to \fBsize\fR. The initial
-buffer size is \s-1DEFAULT_BUFFER_SIZE\s0, currently 4096. Any attempt to reduce the
+buffer size is \s-1DEFAULT_BUFFER_SIZE,\s0 currently 4096. Any attempt to reduce the
buffer size below \s-1DEFAULT_BUFFER_SIZE\s0 is ignored. Any buffered data is cleared
when the buffer is resized.
.PP
diff --git a/secure/lib/libcrypto/man/BIO_f_cipher.3 b/secure/lib/libcrypto/man/BIO_f_cipher.3
index 6e0a0c3..fbe15a7 100644
--- a/secure/lib/libcrypto/man/BIO_f_cipher.3
+++ b/secure/lib/libcrypto/man/BIO_f_cipher.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_cipher 3"
-.TH BIO_f_cipher 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BIO_f_cipher 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -154,10 +163,10 @@ Cipher BIOs do not support \fIBIO_gets()\fR or \fIBIO_puts()\fR.
.PP
\&\fIBIO_flush()\fR on an encryption \s-1BIO\s0 that is being written through is
used to signal that no more data is to be encrypted: this is used
-to flush and possibly pad the final block through the \s-1BIO\s0.
+to flush and possibly pad the final block through the \s-1BIO.\s0
.PP
-\&\fIBIO_set_cipher()\fR sets the cipher of \s-1BIO\s0 \fBb\fR to \fBcipher\fR using key \fBkey\fR
-and \s-1IV\s0 \fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for
+\&\fIBIO_set_cipher()\fR sets the cipher of \s-1BIO \s0\fBb\fR to \fBcipher\fR using key \fBkey\fR
+and \s-1IV \s0\fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for
decryption.
.PP
When reading from an encryption \s-1BIO\s0 the final block is automatically
@@ -172,7 +181,7 @@ with the standard cipher routines to set it up. This is useful when
.SH "NOTES"
.IX Header "NOTES"
When encrypting \fIBIO_flush()\fR \fBmust\fR be called to flush the final block
-through the \s-1BIO\s0. If it is not then the final block will fail a subsequent
+through the \s-1BIO.\s0 If it is not then the final block will fail a subsequent
decrypt.
.PP
When decrypting an error on the final block is signalled by a zero
@@ -181,7 +190,7 @@ by \s-1EOF\s0 will also return zero for the final read. \fIBIO_get_cipher_status
should be called to determine if the decrypt was successful.
.PP
As always, if \fIBIO_gets()\fR or \fIBIO_puts()\fR support is needed then it can
-be achieved by preceding the cipher \s-1BIO\s0 with a buffering \s-1BIO\s0.
+be achieved by preceding the cipher \s-1BIO\s0 with a buffering \s-1BIO.\s0
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method.
diff --git a/secure/lib/libcrypto/man/BIO_f_md.3 b/secure/lib/libcrypto/man/BIO_f_md.3
index 57a7e58..a3d8456 100644
--- a/secure/lib/libcrypto/man/BIO_f_md.3
+++ b/secure/lib/libcrypto/man/BIO_f_md.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_md 3"
-.TH BIO_f_md 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BIO_f_md 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -156,9 +165,9 @@ Any data written or read through a digest \s-1BIO\s0 using \fIBIO_read()\fR and
digest calculation and returns the digest value. \fIBIO_puts()\fR is
not supported.
.PP
-\&\fIBIO_reset()\fR reinitialises a digest \s-1BIO\s0.
+\&\fIBIO_reset()\fR reinitialises a digest \s-1BIO.\s0
.PP
-\&\fIBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this
+\&\fIBIO_set_md()\fR sets the message digest of \s-1BIO \s0\fBb\fR to \fBmd\fR: this
must be called to initialize a digest \s-1BIO\s0 before any data is
passed through it. It is a \fIBIO_ctrl()\fR macro.
.PP
@@ -183,7 +192,7 @@ data is passed through it.
.PP
If an application needs to call \fIBIO_gets()\fR or \fIBIO_puts()\fR through
a chain containing digest BIOs then this can be done by prepending
-a buffering \s-1BIO\s0.
+a buffering \s-1BIO.\s0
.PP
Before OpenSSL 1.0.0 the call to \fIBIO_get_md_ctx()\fR would only work if the \s-1BIO\s0
had been initialized for example by calling \fIBIO_set_md()\fR ). In OpenSSL
diff --git a/secure/lib/libcrypto/man/BIO_f_null.3 b/secure/lib/libcrypto/man/BIO_f_null.3
index c90186f..4d54371 100644
--- a/secure/lib/libcrypto/man/BIO_f_null.3
+++ b/secure/lib/libcrypto/man/BIO_f_null.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_null 3"
-.TH BIO_f_null 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BIO_f_null 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3
index f16c971..9557570 100644
--- a/secure/lib/libcrypto/man/BIO_f_ssl.3
+++ b/secure/lib/libcrypto/man/BIO_f_ssl.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_ssl 3"
-.TH BIO_f_ssl 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BIO_f_ssl 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -162,32 +171,32 @@ BIO_ssl_shutdown \- SSL BIO
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBIO_f_ssl()\fR returns the \s-1SSL\s0 \s-1BIO\s0 method. This is a filter \s-1BIO\s0 which
-is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO\s0 \*(L"flavour\*(R" to
-\&\s-1SSL\s0 I/O.
+\&\fIBIO_f_ssl()\fR returns the \s-1SSL BIO\s0 method. This is a filter \s-1BIO\s0 which
+is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO \s0\*(L"flavour\*(R" to
+\&\s-1SSL I/O. \s0
.PP
-I/O performed on an \s-1SSL\s0 \s-1BIO\s0 communicates using the \s-1SSL\s0 protocol with
+I/O performed on an \s-1SSL BIO\s0 communicates using the \s-1SSL\s0 protocol with
the SSLs read and write BIOs. If an \s-1SSL\s0 connection is not established
then an attempt is made to establish one on the first I/O call.
.PP
-If a \s-1BIO\s0 is appended to an \s-1SSL\s0 \s-1BIO\s0 using \fIBIO_push()\fR it is automatically
+If a \s-1BIO\s0 is appended to an \s-1SSL BIO\s0 using \fIBIO_push()\fR it is automatically
used as the \s-1SSL\s0 BIOs read and write BIOs.
.PP
-Calling \fIBIO_reset()\fR on an \s-1SSL\s0 \s-1BIO\s0 closes down any current \s-1SSL\s0 connection
+Calling \fIBIO_reset()\fR on an \s-1SSL BIO\s0 closes down any current \s-1SSL\s0 connection
by calling \fISSL_shutdown()\fR. \fIBIO_reset()\fR is then sent to the next \s-1BIO\s0 in
the chain: this will typically disconnect the underlying transport.
-The \s-1SSL\s0 \s-1BIO\s0 is then reset to the initial accept or connect state.
+The \s-1SSL BIO\s0 is then reset to the initial accept or connect state.
.PP
-If the close flag is set when an \s-1SSL\s0 \s-1BIO\s0 is freed then the internal
+If the close flag is set when an \s-1SSL BIO\s0 is freed then the internal
\&\s-1SSL\s0 structure is also freed using \fISSL_free()\fR.
.PP
-\&\fIBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR to \fBssl\fR using
+\&\fIBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO \s0\fBb\fR to \fBssl\fR using
the close flag \fBc\fR.
.PP
-\&\fIBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR, it can then be
+\&\fIBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO \s0\fBb\fR, it can then be
manipulated using the standard \s-1SSL\s0 library functions.
.PP
-\&\fIBIO_set_ssl_mode()\fR sets the \s-1SSL\s0 \s-1BIO\s0 mode to \fBclient\fR. If \fBclient\fR
+\&\fIBIO_set_ssl_mode()\fR sets the \s-1SSL BIO\s0 mode to \fBclient\fR. If \fBclient\fR
is 1 client mode is set. If \fBclient\fR is 0 server mode is set.
.PP
\&\fIBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count
@@ -202,15 +211,15 @@ automatically renegotiated.
\&\fIBIO_get_num_renegotiates()\fR returns the total number of session
renegotiations due to I/O or timeout.
.PP
-\&\fIBIO_new_ssl()\fR allocates an \s-1SSL\s0 \s-1BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using
+\&\fIBIO_new_ssl()\fR allocates an \s-1SSL BIO\s0 using \s-1SSL_CTX \s0\fBctx\fR and using
client mode if \fBclient\fR is non zero.
.PP
\&\fIBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an
-\&\s-1SSL\s0 \s-1BIO\s0 (using \fBctx\fR) followed by a connect \s-1BIO\s0.
+\&\s-1SSL BIO \s0(using \fBctx\fR) followed by a connect \s-1BIO.\s0
.PP
\&\fIBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting
-of a buffering \s-1BIO\s0, an \s-1SSL\s0 \s-1BIO\s0 (using \fBctx\fR) and a connect
-\&\s-1BIO\s0.
+of a buffering \s-1BIO,\s0 an \s-1SSL BIO \s0(using \fBctx\fR) and a connect
+\&\s-1BIO.\s0
.PP
\&\fIBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between
\&\s-1BIO\s0 chains \fBfrom\fR and \fBto\fR. It does this by locating the
@@ -218,7 +227,7 @@ of a buffering \s-1BIO\s0, an \s-1SSL\s0 \s-1BIO\s0 (using \fBctx\fR) and a conn
the internal \s-1SSL\s0 pointer.
.PP
\&\fIBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0
-chain \fBbio\fR. It does this by locating the \s-1SSL\s0 \s-1BIO\s0 in the
+chain \fBbio\fR. It does this by locating the \s-1SSL BIO\s0 in the
chain and calling \fISSL_shutdown()\fR on its internal \s-1SSL\s0
pointer.
.PP
@@ -239,7 +248,7 @@ case where this happens is when \s-1SGC\s0 or step up occurs.
.PP
In OpenSSL 0.9.6 and later the \s-1SSL\s0 flag \s-1SSL_AUTO_RETRY\s0 can be
set to disable this behaviour. That is when this flag is set
-an \s-1SSL\s0 \s-1BIO\s0 using a blocking transport will never request a
+an \s-1SSL BIO\s0 using a blocking transport will never request a
retry.
.PP
Since unknown \fIBIO_ctrl()\fR operations are sent through filter
@@ -323,7 +332,7 @@ unencrypted example in \fIBIO_s_connect\fR\|(3).
.Ve
.PP
Here is a simple server example. It makes use of a buffering
-\&\s-1BIO\s0 to allow lines to be read from the \s-1SSL\s0 \s-1BIO\s0 using BIO_gets.
+\&\s-1BIO\s0 to allow lines to be read from the \s-1SSL BIO\s0 using BIO_gets.
It creates a pseudo web page containing the actual request from
a client and also echoes the request to standard output.
.PP
@@ -440,10 +449,10 @@ a client and also echoes the request to standard output.
.IX Header "BUGS"
In OpenSSL versions before 1.0.0 the \fIBIO_pop()\fR call was handled incorrectly,
the I/O \s-1BIO\s0 reference count was incorrectly incremented (instead of
-decremented) and dissociated with the \s-1SSL\s0 \s-1BIO\s0 even if the \s-1SSL\s0 \s-1BIO\s0 was not
+decremented) and dissociated with the \s-1SSL BIO\s0 even if the \s-1SSL BIO\s0 was not
explicitly being popped (e.g. a pop higher up the chain). Applications which
included workarounds for this bug (e.g. freeing BIOs more than once) should
-be modified to handle this fix or they may free up an already freed \s-1BIO\s0.
+be modified to handle this fix or they may free up an already freed \s-1BIO.\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_find_type.3 b/secure/lib/libcrypto/man/BIO_find_type.3
index f0af94a..5447b34 100644
--- a/secure/lib/libcrypto/man/BIO_find_type.3
+++ b/secure/lib/libcrypto/man/BIO_find_type.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_find_type 3"
-.TH BIO_find_type 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BIO_find_type 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -169,7 +178,7 @@ BIO_find_type, BIO_next \- BIO chain traversal
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fIBIO_find_type()\fR searches for a \s-1BIO\s0 of a given type in a chain, starting
-at \s-1BIO\s0 \fBb\fR. If \fBtype\fR is a specific type (such as \s-1BIO_TYPE_MEM\s0) then a search
+at \s-1BIO \s0\fBb\fR. If \fBtype\fR is a specific type (such as \s-1BIO_TYPE_MEM\s0) then a search
is made for a \s-1BIO\s0 of that type. If \fBtype\fR is a general type (such as
\&\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR) then the next matching \s-1BIO\s0 of the given general type is
searched for. \fIBIO_find_type()\fR returns the next matching \s-1BIO\s0 or \s-1NULL\s0 if none is
@@ -181,14 +190,14 @@ Note: not all the \fBBIO_TYPE_*\fR types above have corresponding \s-1BIO\s0 imp
in a chain or used in conjunction with \fIBIO_find_type()\fR to find all BIOs of a
certain type.
.PP
-\&\fIBIO_method_type()\fR returns the type of a \s-1BIO\s0.
+\&\fIBIO_method_type()\fR returns the type of a \s-1BIO.\s0
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIBIO_find_type()\fR returns a matching \s-1BIO\s0 or \s-1NULL\s0 for no match.
.PP
\&\fIBIO_next()\fR returns the next \s-1BIO\s0 in a chain.
.PP
-\&\fIBIO_method_type()\fR returns the type of the \s-1BIO\s0 \fBb\fR.
+\&\fIBIO_method_type()\fR returns the type of the \s-1BIO \s0\fBb\fR.
.SH "NOTES"
.IX Header "NOTES"
\&\fIBIO_next()\fR was added to OpenSSL 0.9.6 to provide a 'clean' way to traverse a \s-1BIO\s0
diff --git a/secure/lib/libcrypto/man/BIO_new.3 b/secure/lib/libcrypto/man/BIO_new.3
index 7d47353..f70d71e 100644
--- a/secure/lib/libcrypto/man/BIO_new.3
+++ b/secure/lib/libcrypto/man/BIO_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_new 3"
-.TH BIO_new 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BIO_new 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -146,9 +155,9 @@ BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_all \- BIO allocation and freein
.IX Header "DESCRIPTION"
The \fIBIO_new()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR.
.PP
-\&\fIBIO_set()\fR sets the method of an already existing \s-1BIO\s0.
+\&\fIBIO_set()\fR sets the method of an already existing \s-1BIO.\s0
.PP
-\&\fIBIO_free()\fR frees up a single \s-1BIO\s0, \fIBIO_vfree()\fR also frees up a single \s-1BIO\s0
+\&\fIBIO_free()\fR frees up a single \s-1BIO,\s0 \fIBIO_vfree()\fR also frees up a single \s-1BIO\s0
but it does not return a value. Calling \fIBIO_free()\fR may also have some effect
on the underlying I/O structure, for example it may close the file being
referred to under certain circumstances. For more details see the individual
@@ -176,7 +185,7 @@ Calling \fIBIO_free_all()\fR a single \s-1BIO\s0 has the same effect as calling
on it other than the discarded return value.
.PP
Normally the \fBtype\fR argument is supplied by a function which returns a
-pointer to a \s-1BIO_METHOD\s0. There is a naming convention for such functions:
+pointer to a \s-1BIO_METHOD.\s0 There is a naming convention for such functions:
a source/sink \s-1BIO\s0 is normally called BIO_s_*() and a filter \s-1BIO\s0
BIO_f_*();
.SH "EXAMPLE"
diff --git a/secure/lib/libcrypto/man/BIO_new_CMS.3 b/secure/lib/libcrypto/man/BIO_new_CMS.3
index 650cf59..d76e094 100644
--- a/secure/lib/libcrypto/man/BIO_new_CMS.3
+++ b/secure/lib/libcrypto/man/BIO_new_CMS.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_new_CMS 3"
-.TH BIO_new_CMS 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BIO_new_CMS 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +156,7 @@ of the filter is written to \fBout\fR. Any data written to the chain is
automatically translated to a \s-1BER\s0 format \s-1CMS\s0 structure of the appropriate type.
.SH "NOTES"
.IX Header "NOTES"
-The chain returned by this function behaves like a standard filter \s-1BIO\s0. It
+The chain returned by this function behaves like a standard filter \s-1BIO.\s0 It
supports non blocking I/O. Content is processed and streamed on the fly and not
all held in memory at once: so it is possible to encode very large structures.
After all content has been written through the chain \fIBIO_flush()\fR must be called
@@ -170,7 +179,7 @@ responsibility to set the inner content type of any outer CMS_ContentInfo
structures.
.PP
Large numbers of small writes through the chain should be avoided as this will
-produce an output consisting of lots of \s-1OCTET\s0 \s-1STRING\s0 structures. Prepending
+produce an output consisting of lots of \s-1OCTET STRING\s0 structures. Prepending
a \fIBIO_f_buffer()\fR buffering \s-1BIO\s0 will prevent this.
.SH "BUGS"
.IX Header "BUGS"
diff --git a/secure/lib/libcrypto/man/BIO_push.3 b/secure/lib/libcrypto/man/BIO_push.3
index f2f4fc0..5e7f263 100644
--- a/secure/lib/libcrypto/man/BIO_push.3
+++ b/secure/lib/libcrypto/man/BIO_push.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_push 3"
-.TH BIO_push 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BIO_push 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -141,11 +150,11 @@ BIO_push, BIO_pop \- add and remove BIOs from a chain.
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-The \fIBIO_push()\fR function appends the \s-1BIO\s0 \fBappend\fR to \fBb\fR, it returns
+The \fIBIO_push()\fR function appends the \s-1BIO \s0\fBappend\fR to \fBb\fR, it returns
\&\fBb\fR.
.PP
-\&\fIBIO_pop()\fR removes the \s-1BIO\s0 \fBb\fR from a chain and returns the next \s-1BIO\s0
-in the chain, or \s-1NULL\s0 if there is no next \s-1BIO\s0. The removed \s-1BIO\s0 then
+\&\fIBIO_pop()\fR removes the \s-1BIO \s0\fBb\fR from a chain and returns the next \s-1BIO\s0
+in the chain, or \s-1NULL\s0 if there is no next \s-1BIO.\s0 The removed \s-1BIO\s0 then
becomes a single \s-1BIO\s0 with no association with the original chain,
it can thus be freed or attached to a different chain.
.SH "NOTES"
@@ -160,7 +169,7 @@ be noted in the descriptions of individual BIOs.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
For these examples suppose \fBmd1\fR and \fBmd2\fR are digest BIOs, \fBb64\fR is
-a base64 \s-1BIO\s0 and \fBf\fR is a file \s-1BIO\s0.
+a base64 \s-1BIO\s0 and \fBf\fR is a file \s-1BIO.\s0
.PP
If the call:
.PP
@@ -193,7 +202,7 @@ be written to \fBmd1\fR as before.
\&\fIBIO_push()\fR returns the end of the chain, \fBb\fR.
.PP
\&\fIBIO_pop()\fR returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next
-\&\s-1BIO\s0.
+\&\s-1BIO.\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_read.3 b/secure/lib/libcrypto/man/BIO_read.3
index 7778c2e..231e822 100644
--- a/secure/lib/libcrypto/man/BIO_read.3
+++ b/secure/lib/libcrypto/man/BIO_read.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_read 3"
-.TH BIO_read 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BIO_read 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -143,7 +152,7 @@ BIO_read, BIO_write, BIO_gets, BIO_puts \- BIO I/O functions
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO\s0 \fBb\fR and places
+\&\fIBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO \s0\fBb\fR and places
the data in \fBbuf\fR.
.PP
\&\fIBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data
@@ -152,9 +161,9 @@ from the \s-1BIO\s0 of maximum length \fBlen\fR. There are exceptions to this
however, for example \fIBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and
return the digest and other BIOs may not support \fIBIO_gets()\fR at all.
.PP
-\&\fIBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO\s0 \fBb\fR.
+\&\fIBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO \s0\fBb\fR.
.PP
-\&\fIBIO_puts()\fR attempts to write a null terminated string \fBbuf\fR to \s-1BIO\s0 \fBb\fR
+\&\fIBIO_puts()\fR attempts to write a null terminated string \fBbuf\fR to \s-1BIO \s0\fBb\fR
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
All these functions return either the amount of data successfully read or
@@ -182,7 +191,7 @@ See \fIBIO_should_retry\fR\|(3) for details of how to
determine the cause of a retry and other I/O issues.
.PP
If the \fIBIO_gets()\fR function is not supported by a \s-1BIO\s0 then it possible to
-work around this by adding a buffering \s-1BIO\s0 \fIBIO_f_buffer\fR\|(3)
+work around this by adding a buffering \s-1BIO \s0\fIBIO_f_buffer\fR\|(3)
to the chain.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
diff --git a/secure/lib/libcrypto/man/BIO_s_accept.3 b/secure/lib/libcrypto/man/BIO_s_accept.3
index e370a9e..6649adf 100644
--- a/secure/lib/libcrypto/man/BIO_s_accept.3
+++ b/secure/lib/libcrypto/man/BIO_s_accept.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_accept 3"
-.TH BIO_s_accept 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BIO_s_accept 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -203,18 +212,18 @@ a single call: that is it creates a new accept \s-1BIO\s0 with port
\&\fIBIO_set_accept_bios()\fR can be used to set a chain of BIOs which
will be duplicated and prepended to the chain when an incoming
connection is received. This is useful if, for example, a
-buffering or \s-1SSL\s0 \s-1BIO\s0 is required for each connection. The
+buffering or \s-1SSL BIO\s0 is required for each connection. The
chain of BIOs must not be freed after this call, they will
be automatically freed when the accept \s-1BIO\s0 is freed.
.PP
\&\fIBIO_set_bind_mode()\fR and \fIBIO_get_bind_mode()\fR set and retrieve
-the current bind mode. If \s-1BIO_BIND_NORMAL\s0 (the default) is set
+the current bind mode. If \s-1BIO_BIND_NORMAL \s0(the default) is set
then another socket cannot be bound to the same port. If
\&\s-1BIO_BIND_REUSEADDR\s0 is set then other sockets can bind to the
same port. If \s-1BIO_BIND_REUSEADDR_IF_UNUSED\s0 is set then and
-attempt is first made to use \s-1BIO_BIN_NORMAL\s0, if this fails
+attempt is first made to use \s-1BIO_BIN_NORMAL,\s0 if this fails
and the port is not in use then a second attempt is made
-using \s-1BIO_BIND_REUSEADDR\s0.
+using \s-1BIO_BIND_REUSEADDR.\s0
.PP
\&\fIBIO_do_accept()\fR serves two functions. When it is first
called, after the accept \s-1BIO\s0 has been setup, it will attempt
@@ -235,7 +244,7 @@ an initial accept socket will await an incoming connection then
perform I/O on it.
.PP
If any additional BIOs have been set using \fIBIO_set_accept_bios()\fR
-then they are placed between the socket and the accept \s-1BIO\s0,
+then they are placed between the socket and the accept \s-1BIO,\s0
that is the chain will be accept\->otherbios\->socket.
.PP
If a server wishes to process multiple connections (as is normally
@@ -261,7 +270,7 @@ and freeing up the accept \s-1BIO\s0 after the initial connection.
.PP
If the underlying accept socket is non-blocking and \fIBIO_do_accept()\fR is
called to await an incoming connection it is possible for
-\&\fIBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT\s0. If this happens
+\&\fIBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT.\s0 If this happens
then it is an indication that an accept attempt would block: the application
should take appropriate action to wait until the underlying socket has
accepted a connection and retry the call.
diff --git a/secure/lib/libcrypto/man/BIO_s_bio.3 b/secure/lib/libcrypto/man/BIO_s_bio.3
index 6aaa478..807249c 100644
--- a/secure/lib/libcrypto/man/BIO_s_bio.3
+++ b/secure/lib/libcrypto/man/BIO_s_bio.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_bio 3"
-.TH BIO_s_bio 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BIO_s_bio 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -170,7 +179,7 @@ Since \s-1BIO\s0 chains typically end in a source/sink \s-1BIO\s0 it is possible
one half of a \s-1BIO\s0 pair and have all the data processed by the chain under application
control.
.PP
-One typical use of \s-1BIO\s0 pairs is to place \s-1TLS/SSL\s0 I/O under application control, this
+One typical use of \s-1BIO\s0 pairs is to place \s-1TLS/SSL I/O\s0 under application control, this
can be used when the application wishes to use a non standard transport for
\&\s-1TLS/SSL\s0 or the normal socket routines are inappropriate.
.PP
@@ -190,12 +199,12 @@ determine the amount of pending data in the read or write buffer.
\&\fIBIO_destroy_pair()\fR destroys the association between two connected BIOs. Freeing
up any half of the pair will automatically destroy the association.
.PP
-\&\fIBIO_shutdown_wr()\fR is used to close down a \s-1BIO\s0 \fBb\fR. After this call no further
-writes on \s-1BIO\s0 \fBb\fR are allowed (they will return an error). Reads on the other
+\&\fIBIO_shutdown_wr()\fR is used to close down a \s-1BIO \s0\fBb\fR. After this call no further
+writes on \s-1BIO \s0\fBb\fR are allowed (they will return an error). Reads on the other
half of the pair will return any pending data or \s-1EOF\s0 when all pending data has
been read.
.PP
-\&\fIBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO\s0 \fBb\fR to \fBsize\fR.
+\&\fIBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO \s0\fBb\fR to \fBsize\fR.
If the size is not initialized a default value is used. This is currently
17K, sufficient for a maximum size \s-1TLS\s0 record.
.PP
@@ -205,11 +214,11 @@ If the size is not initialized a default value is used. This is currently
\&\fIBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR
with write buffer sizes \fBwritebuf1\fR and \fBwritebuf2\fR. If either size is
zero then the default size is used. \fIBIO_new_bio_pair()\fR does not check whether
-\&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO\s0, the values are overwritten,
+\&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO,\s0 the values are overwritten,
\&\fIBIO_free()\fR is not called.
.PP
\&\fIBIO_get_write_guarantee()\fR and \fIBIO_ctrl_get_write_guarantee()\fR return the maximum
-length of data that can be currently written to the \s-1BIO\s0. Writes larger than this
+length of data that can be currently written to the \s-1BIO.\s0 Writes larger than this
value will return a value from \fIBIO_write()\fR less than the amount requested or if the
buffer is full request a retry. \fIBIO_ctrl_get_write_guarantee()\fR is a function
whereas \fIBIO_get_write_guarantee()\fR is a macro.
diff --git a/secure/lib/libcrypto/man/BIO_s_connect.3 b/secure/lib/libcrypto/man/BIO_s_connect.3
index a51cc92..231c03f 100644
--- a/secure/lib/libcrypto/man/BIO_s_connect.3
+++ b/secure/lib/libcrypto/man/BIO_s_connect.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_connect 3"
-.TH BIO_s_connect 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BIO_s_connect 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -180,7 +189,7 @@ Calling \fIBIO_reset()\fR on a connect \s-1BIO\s0 will close any active
connection and reset the \s-1BIO\s0 into a state where it can connect
to the same host again.
.PP
-\&\fIBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL\s0,
+\&\fIBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL,\s0
it also returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of
type (int *).
.PP
@@ -220,7 +229,7 @@ non blocking I/O is set during the connect process.
\&\fIBIO_new_connect()\fR combines \fIBIO_new()\fR and \fIBIO_set_conn_hostname()\fR into
a single call: that is it creates a new connect \s-1BIO\s0 with \fBname\fR.
.PP
-\&\fIBIO_do_connect()\fR attempts to connect the supplied \s-1BIO\s0. It returns 1
+\&\fIBIO_do_connect()\fR attempts to connect the supplied \s-1BIO.\s0 It returns 1
if the connection was established successfully. A zero or negative
value is returned if the connection could not be established, the
call \fIBIO_should_retry()\fR should be used for non blocking connect BIOs
@@ -250,7 +259,7 @@ If non blocking I/O is set then retries will be requested as appropriate.
.PP
It addition to \fIBIO_should_read()\fR and \fIBIO_should_write()\fR it is also
possible for \fIBIO_should_io_special()\fR to be true during the initial
-connection process with the reason \s-1BIO_RR_CONNECT\s0. If this is returned
+connection process with the reason \s-1BIO_RR_CONNECT.\s0 If this is returned
then this is an indication that a connection attempt would block,
the application should then take appropriate action to wait until
the underlying socket has connected and retry the call.
diff --git a/secure/lib/libcrypto/man/BIO_s_fd.3 b/secure/lib/libcrypto/man/BIO_s_fd.3
index 6fd7657..c09d25d 100644
--- a/secure/lib/libcrypto/man/BIO_s_fd.3
+++ b/secure/lib/libcrypto/man/BIO_s_fd.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_fd 3"
-.TH BIO_s_fd 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BIO_s_fd 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -162,10 +171,10 @@ using lseek(fd, ofs, 0).
.PP
\&\fIBIO_tell()\fR returns the current file position by calling lseek(fd, 0, 1).
.PP
-\&\fIBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close
+\&\fIBIO_set_fd()\fR sets the file descriptor of \s-1BIO \s0\fBb\fR to \fBfd\fR and the close
flag to \fBc\fR.
.PP
-\&\fIBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL\s0, it also
+\&\fIBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL,\s0 it also
returns the file descriptor. If \fBc\fR is not \s-1NULL\s0 it should be of type
(int *).
.PP
diff --git a/secure/lib/libcrypto/man/BIO_s_file.3 b/secure/lib/libcrypto/man/BIO_s_file.3
index 337a9dd..17ea44b 100644
--- a/secure/lib/libcrypto/man/BIO_s_file.3
+++ b/secure/lib/libcrypto/man/BIO_s_file.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_file 3"
-.TH BIO_s_file 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BIO_s_file 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -154,7 +163,7 @@ BIO_rw_filename \- FILE bio
.IX Header "DESCRIPTION"
\&\fIBIO_s_file()\fR returns the \s-1BIO\s0 file method. As its name implies it
is a wrapper round the stdio \s-1FILE\s0 structure and it is a
-source/sink \s-1BIO\s0.
+source/sink \s-1BIO.\s0
.PP
Calls to \fIBIO_read()\fR and \fIBIO_write()\fR read and write data to the
underlying stream. \fIBIO_gets()\fR and \fIBIO_puts()\fR are supported on file BIOs.
@@ -175,17 +184,17 @@ is freed.
.PP
\&\fIBIO_new_file()\fR creates a new file \s-1BIO\s0 with mode \fBmode\fR the meaning
of \fBmode\fR is the same as the stdio function \fIfopen()\fR. The \s-1BIO_CLOSE\s0
-flag is set on the returned \s-1BIO\s0.
+flag is set on the returned \s-1BIO.\s0
.PP
\&\fIBIO_new_fp()\fR creates a file \s-1BIO\s0 wrapping \fBstream\fR. Flags can be:
-\&\s-1BIO_CLOSE\s0, \s-1BIO_NOCLOSE\s0 (the close flag) \s-1BIO_FP_TEXT\s0 (sets the underlying
+\&\s-1BIO_CLOSE, BIO_NOCLOSE \s0(the close flag) \s-1BIO_FP_TEXT \s0(sets the underlying
stream to text mode, default is binary: this only has any effect under
Win32).
.PP
\&\fIBIO_set_fp()\fR set the fp of a file \s-1BIO\s0 to \fBfp\fR. \fBflags\fR has the same
meaning as in \fIBIO_new_fp()\fR, it is a macro.
.PP
-\&\fIBIO_get_fp()\fR retrieves the fp of a file \s-1BIO\s0, it is a macro.
+\&\fIBIO_get_fp()\fR retrieves the fp of a file \s-1BIO,\s0 it is a macro.
.PP
\&\fIBIO_seek()\fR is a macro that sets the position pointer to \fBoffset\fR bytes
from the start of file.
@@ -193,7 +202,7 @@ from the start of file.
\&\fIBIO_tell()\fR returns the value of the position pointer.
.PP
\&\fIBIO_read_filename()\fR, \fIBIO_write_filename()\fR, \fIBIO_append_filename()\fR and
-\&\fIBIO_rw_filename()\fR set the file \s-1BIO\s0 \fBb\fR to use file \fBname\fR for
+\&\fIBIO_rw_filename()\fR set the file \s-1BIO \s0\fBb\fR to use file \fBname\fR for
reading, writing, append or read write respectively.
.SH "NOTES"
.IX Header "NOTES"
@@ -201,14 +210,14 @@ When wrapping stdout, stdin or stderr the underlying stream should not
normally be closed so the \s-1BIO_NOCLOSE\s0 flag should be set.
.PP
Because the file \s-1BIO\s0 calls the underlying stdio functions any quirks
-in stdio behaviour will be mirrored by the corresponding \s-1BIO\s0.
+in stdio behaviour will be mirrored by the corresponding \s-1BIO.\s0
.PP
On Windows BIO_new_files reserves for the filename argument to be
\&\s-1UTF\-8\s0 encoded. In other words if you have to make it work in multi\-
-lingual environment, encode file names in \s-1UTF\-8\s0.
+lingual environment, encode file names in \s-1UTF\-8.\s0
.SH "EXAMPLES"
.IX Header "EXAMPLES"
-File \s-1BIO\s0 \*(L"hello world\*(R":
+File \s-1BIO \s0\*(L"hello world\*(R":
.PP
.Vb 3
\& BIO *bio_out;
diff --git a/secure/lib/libcrypto/man/BIO_s_mem.3 b/secure/lib/libcrypto/man/BIO_s_mem.3
index 72421dc..acf8893 100644
--- a/secure/lib/libcrypto/man/BIO_s_mem.3
+++ b/secure/lib/libcrypto/man/BIO_s_mem.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_mem 3"
-.TH BIO_s_mem 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BIO_s_mem 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -156,7 +165,7 @@ as appropriate to accommodate the stored data.
.PP
Any data written to a memory \s-1BIO\s0 can be recalled by reading from it.
Unless the memory \s-1BIO\s0 is read only any data read from it is deleted from
-the \s-1BIO\s0.
+the \s-1BIO.\s0
.PP
Memory BIOs support \fIBIO_gets()\fR and \fIBIO_puts()\fR.
.PP
@@ -167,12 +176,12 @@ Calling \fIBIO_reset()\fR on a read write memory \s-1BIO\s0 clears any data in i
read only \s-1BIO\s0 it restores the \s-1BIO\s0 to its original state and the read only
data can be read again.
.PP
-\&\fIBIO_eof()\fR is true if no data is in the \s-1BIO\s0.
+\&\fIBIO_eof()\fR is true if no data is in the \s-1BIO.\s0
.PP
\&\fIBIO_ctrl_pending()\fR returns the number of bytes currently stored.
.PP
-\&\fIBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO\s0 \fBb\fR when it is
-empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF\s0 (that is
+\&\fIBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO \s0\fBb\fR when it is
+empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF \s0(that is
it will return zero and BIO_should_retry(b) will be false. If \fBv\fR is non
zero then it will return \fBv\fR when it is empty and it will set the read retry
flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal
@@ -182,7 +191,7 @@ positive return value \fBv\fR should be set to a negative value, typically \-1.
and returns the total amount of data available. It is implemented as a macro.
.PP
\&\fIBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the
-close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0.
+close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0
It is a macro.
.PP
\&\fIBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in \fBpp\fR. It is
@@ -192,7 +201,7 @@ a macro.
if \fBlen\fR is \-1 then the \fBbuf\fR is assumed to be null terminated and its
length is determined by \fBstrlen\fR. The \s-1BIO\s0 is set to a read only state and
as a result cannot be written to. This is useful when some data needs to be
-made available from a static area of memory in the form of a \s-1BIO\s0. The
+made available from a static area of memory in the form of a \s-1BIO.\s0 The
supplied data is read directly from the supplied buffer: it is \fBnot\fR copied
first, so the supplied area of memory must be unchanged until the \s-1BIO\s0 is freed.
.SH "NOTES"
@@ -207,7 +216,7 @@ memory \s-1BIO\s0 avoids this problem. If the \s-1BIO\s0 must be read write then
a buffering \s-1BIO\s0 to the chain will speed up the process.
.SH "BUGS"
.IX Header "BUGS"
-There should be an option to set the maximum size of a memory \s-1BIO\s0.
+There should be an option to set the maximum size of a memory \s-1BIO.\s0
.PP
There should be a way to \*(L"rewind\*(R" a read write \s-1BIO\s0 without destroying
its contents.
diff --git a/secure/lib/libcrypto/man/BIO_s_null.3 b/secure/lib/libcrypto/man/BIO_s_null.3
index 0bdfee4..78d5323 100644
--- a/secure/lib/libcrypto/man/BIO_s_null.3
+++ b/secure/lib/libcrypto/man/BIO_s_null.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_null 3"
-.TH BIO_s_null 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BIO_s_null 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -141,7 +150,7 @@ BIO_s_null \- null data sink
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. Data written to
-the null sink is discarded, reads return \s-1EOF\s0.
+the null sink is discarded, reads return \s-1EOF.\s0
.SH "NOTES"
.IX Header "NOTES"
A null sink \s-1BIO\s0 behaves in a similar manner to the Unix /dev/null
diff --git a/secure/lib/libcrypto/man/BIO_s_socket.3 b/secure/lib/libcrypto/man/BIO_s_socket.3
index 7cf5df7..f93b549 100644
--- a/secure/lib/libcrypto/man/BIO_s_socket.3
+++ b/secure/lib/libcrypto/man/BIO_s_socket.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_socket 3"
-.TH BIO_s_socket 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BIO_s_socket 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -154,10 +163,10 @@ round the platform's socket routines.
If the close flag is set then the socket is shut down and closed
when the \s-1BIO\s0 is freed.
.PP
-\&\fIBIO_set_fd()\fR sets the socket of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close
+\&\fIBIO_set_fd()\fR sets the socket of \s-1BIO \s0\fBb\fR to \fBfd\fR and the close
flag to \fBclose_flag\fR.
.PP
-\&\fIBIO_get_fd()\fR places the socket in \fBc\fR if it is not \s-1NULL\s0, it also
+\&\fIBIO_get_fd()\fR places the socket in \fBc\fR if it is not \s-1NULL,\s0 it also
returns the socket. If \fBc\fR is not \s-1NULL\s0 it should be of type (int *).
.PP
\&\fIBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR.
diff --git a/secure/lib/libcrypto/man/BIO_set_callback.3 b/secure/lib/libcrypto/man/BIO_set_callback.3
index 2c6618c..37105ba 100644
--- a/secure/lib/libcrypto/man/BIO_set_callback.3
+++ b/secure/lib/libcrypto/man/BIO_set_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_set_callback 3"
-.TH BIO_set_callback 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BIO_set_callback 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -170,7 +179,7 @@ The \s-1BIO\s0 the callback is attached to is passed in \fBb\fR.
.PP
\&\fBoper\fR is set to the operation being performed. For some operations
the callback is called twice, once before and once after the actual
-operation, the latter case has \fBoper\fR or'ed with \s-1BIO_CB_RETURN\s0.
+operation, the latter case has \fBoper\fR or'ed with \s-1BIO_CB_RETURN.\s0
.PP
The meaning of the arguments \fBargp\fR, \fBargi\fR and \fBargl\fR depends on
the value of \fBoper\fR, that is the operation being performed.
@@ -189,26 +198,26 @@ value returned to the application.
.IX Header "CALLBACK OPERATIONS"
.IP "\fBBIO_free(b)\fR" 4
.IX Item "BIO_free(b)"
-callback(b, \s-1BIO_CB_FREE\s0, \s-1NULL\s0, 0L, 0L, 1L) is called before the
+callback(b, \s-1BIO_CB_FREE, NULL, 0L, 0L, 1L\s0) is called before the
free operation.
.IP "\fBBIO_read(b, out, outl)\fR" 4
.IX Item "BIO_read(b, out, outl)"
-callback(b, \s-1BIO_CB_READ\s0, out, outl, 0L, 1L) is called before
+callback(b, \s-1BIO_CB_READ,\s0 out, outl, 0L, 1L) is called before
the read and callback(b, BIO_CB_READ|BIO_CB_RETURN, out, outl, 0L, retvalue)
after.
.IP "\fBBIO_write(b, in, inl)\fR" 4
.IX Item "BIO_write(b, in, inl)"
-callback(b, \s-1BIO_CB_WRITE\s0, in, inl, 0L, 1L) is called before
+callback(b, \s-1BIO_CB_WRITE,\s0 in, inl, 0L, 1L) is called before
the write and callback(b, BIO_CB_WRITE|BIO_CB_RETURN, in, inl, 0L, retvalue)
after.
.IP "\fBBIO_gets(b, out, outl)\fR" 4
.IX Item "BIO_gets(b, out, outl)"
-callback(b, \s-1BIO_CB_GETS\s0, out, outl, 0L, 1L) is called before
+callback(b, \s-1BIO_CB_GETS,\s0 out, outl, 0L, 1L) is called before
the operation and callback(b, BIO_CB_GETS|BIO_CB_RETURN, out, outl, 0L, retvalue)
after.
.IP "\fBBIO_puts(b, in)\fR" 4
.IX Item "BIO_puts(b, in)"
-callback(b, \s-1BIO_CB_WRITE\s0, in, 0, 0L, 1L) is called before
+callback(b, \s-1BIO_CB_WRITE,\s0 in, 0, 0L, 1L) is called before
the operation and callback(b, BIO_CB_WRITE|BIO_CB_RETURN, in, 0, 0L, retvalue)
after.
.IP "\fBBIO_ctrl(\s-1BIO\s0 *b, int cmd, long larg, void *parg)\fR" 4
diff --git a/secure/lib/libcrypto/man/BIO_should_retry.3 b/secure/lib/libcrypto/man/BIO_should_retry.3
index 1590f97..a89f26a 100644
--- a/secure/lib/libcrypto/man/BIO_should_retry.3
+++ b/secure/lib/libcrypto/man/BIO_should_retry.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_should_retry 3"
-.TH BIO_should_retry 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BIO_should_retry 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -185,7 +194,7 @@ the reason code and the action that should be taken depends on
the type of \s-1BIO\s0 that resulted in this condition.
.PP
\&\fIBIO_get_retry_reason()\fR returns the reason for a special condition if
-passed the relevant \s-1BIO\s0, for example as returned by \fIBIO_get_retry_BIO()\fR.
+passed the relevant \s-1BIO,\s0 for example as returned by \fIBIO_get_retry_BIO()\fR.
.SH "NOTES"
.IX Header "NOTES"
If \fIBIO_should_retry()\fR returns false then the precise \*(L"error condition\*(R"
@@ -193,7 +202,7 @@ depends on the \s-1BIO\s0 type that caused it and the return code of the \s-1BIO
operation. For example if a call to \fIBIO_read()\fR on a socket \s-1BIO\s0 returns
0 and \fIBIO_should_retry()\fR is false then the cause will be that the
connection closed. A similar condition on a file \s-1BIO\s0 will mean that it
-has reached \s-1EOF\s0. Some \s-1BIO\s0 types may place additional information on
+has reached \s-1EOF.\s0 Some \s-1BIO\s0 types may place additional information on
the error queue. For more details see the individual \s-1BIO\s0 type manual
pages.
.PP
@@ -201,7 +210,7 @@ If the underlying I/O structure is in a blocking mode almost all current
\&\s-1BIO\s0 types will not request a retry, because the underlying I/O
calls will not. If the application knows that the \s-1BIO\s0 type will never
signal a retry then it need not call \fIBIO_should_retry()\fR after a failed
-\&\s-1BIO\s0 I/O call. This is typically done with file BIOs.
+\&\s-1BIO I/O\s0 call. This is typically done with file BIOs.
.PP
\&\s-1SSL\s0 BIOs are the only current exception to this rule: they can request a
retry even if the underlying I/O structure is blocking, if a handshake
diff --git a/secure/lib/libcrypto/man/BN_BLINDING_new.3 b/secure/lib/libcrypto/man/BN_BLINDING_new.3
index 5d7a0e8..9002a60 100644
--- a/secure/lib/libcrypto/man/BN_BLINDING_new.3
+++ b/secure/lib/libcrypto/man/BN_BLINDING_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_BLINDING_new 3"
-.TH BN_BLINDING_new 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BN_BLINDING_new 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -183,7 +192,7 @@ the inverse blinding.
.PP
\&\fIBN_BLINDING_convert()\fR and \fIBN_BLINDING_invert()\fR are wrapper
functions for \fIBN_BLINDING_convert_ex()\fR and \fIBN_BLINDING_invert_ex()\fR
-with \fBr\fR set to \s-1NULL\s0.
+with \fBr\fR set to \s-1NULL.\s0
.PP
\&\fIBN_BLINDING_thread_id()\fR provides access to the \fB\s-1CRYPTO_THREADID\s0\fR
object within the \fB\s-1BN_BLINDING\s0\fR structure. This is to help users
diff --git a/secure/lib/libcrypto/man/BN_CTX_new.3 b/secure/lib/libcrypto/man/BN_CTX_new.3
index 66dcd12..261d512 100644
--- a/secure/lib/libcrypto/man/BN_CTX_new.3
+++ b/secure/lib/libcrypto/man/BN_CTX_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_CTX_new 3"
-.TH BN_CTX_new 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BN_CTX_new 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_CTX_start.3 b/secure/lib/libcrypto/man/BN_CTX_start.3
index f69b705..b3f17a5 100644
--- a/secure/lib/libcrypto/man/BN_CTX_start.3
+++ b/secure/lib/libcrypto/man/BN_CTX_start.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_CTX_start 3"
-.TH BN_CTX_start 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BN_CTX_start 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_add.3 b/secure/lib/libcrypto/man/BN_add.3
index b446d4c..085e427 100644
--- a/secure/lib/libcrypto/man/BN_add.3
+++ b/secure/lib/libcrypto/man/BN_add.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_add 3"
-.TH BN_add 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BN_add 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_add_word.3 b/secure/lib/libcrypto/man/BN_add_word.3
index 33d20b4..54a50e7 100644
--- a/secure/lib/libcrypto/man/BN_add_word.3
+++ b/secure/lib/libcrypto/man/BN_add_word.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_add_word 3"
-.TH BN_add_word 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BN_add_word 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_bn2bin.3 b/secure/lib/libcrypto/man/BN_bn2bin.3
index 9375149..ba11866 100644
--- a/secure/lib/libcrypto/man/BN_bn2bin.3
+++ b/secure/lib/libcrypto/man/BN_bn2bin.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_bn2bin 3"
-.TH BN_bn2bin 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BN_bn2bin 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -159,7 +168,7 @@ memory.
.PP
\&\fIBN_bin2bn()\fR converts the positive integer in big-endian form of length
\&\fBlen\fR at \fBs\fR into a \fB\s-1BIGNUM\s0\fR and places it in \fBret\fR. If \fBret\fR is
-\&\s-1NULL\s0, a new \fB\s-1BIGNUM\s0\fR is created.
+\&\s-1NULL,\s0 a new \fB\s-1BIGNUM\s0\fR is created.
.PP
\&\fIBN_bn2hex()\fR and \fIBN_bn2dec()\fR return printable strings containing the
hexadecimal and decimal encoding of \fBa\fR respectively. For negative
@@ -167,8 +176,8 @@ numbers, the string is prefaced with a leading '\-'. The string must be
freed later using \fIOPENSSL_free()\fR.
.PP
\&\fIBN_hex2bn()\fR converts the string \fBstr\fR containing a hexadecimal number
-to a \fB\s-1BIGNUM\s0\fR and stores it in **\fBbn\fR. If *\fBbn\fR is \s-1NULL\s0, a new
-\&\fB\s-1BIGNUM\s0\fR is created. If \fBbn\fR is \s-1NULL\s0, it only computes the number's
+to a \fB\s-1BIGNUM\s0\fR and stores it in **\fBbn\fR. If *\fBbn\fR is \s-1NULL,\s0 a new
+\&\fB\s-1BIGNUM\s0\fR is created. If \fBbn\fR is \s-1NULL,\s0 it only computes the number's
length in hexadecimal digits. If the string starts with '\-', the
number is negative. \fIBN_dec2bn()\fR is the same using the decimal system.
.PP
@@ -188,7 +197,7 @@ calling BN_bn2mpi(\fBa\fR, \s-1NULL\s0).
.PP
\&\fIBN_mpi2bn()\fR converts the \fBlen\fR bytes long representation at \fBs\fR to
a \fB\s-1BIGNUM\s0\fR and stores it at \fBret\fR, or in a newly allocated \fB\s-1BIGNUM\s0\fR
-if \fBret\fR is \s-1NULL\s0.
+if \fBret\fR is \s-1NULL.\s0
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIBN_bn2bin()\fR returns the length of the big-endian number placed at \fBto\fR.
diff --git a/secure/lib/libcrypto/man/BN_cmp.3 b/secure/lib/libcrypto/man/BN_cmp.3
index bc035ec..85e8e0f 100644
--- a/secure/lib/libcrypto/man/BN_cmp.3
+++ b/secure/lib/libcrypto/man/BN_cmp.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_cmp 3"
-.TH BN_cmp 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BN_cmp 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_copy.3 b/secure/lib/libcrypto/man/BN_copy.3
index fcf2ab5..7268062 100644
--- a/secure/lib/libcrypto/man/BN_copy.3
+++ b/secure/lib/libcrypto/man/BN_copy.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_copy 3"
-.TH BN_copy 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BN_copy 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_generate_prime.3 b/secure/lib/libcrypto/man/BN_generate_prime.3
index bd8a469..8b86814 100644
--- a/secure/lib/libcrypto/man/BN_generate_prime.3
+++ b/secure/lib/libcrypto/man/BN_generate_prime.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_generate_prime 3"
-.TH BN_generate_prime 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BN_generate_prime 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_mod_inverse.3 b/secure/lib/libcrypto/man/BN_mod_inverse.3
index 5d6ce78..a9037cd 100644
--- a/secure/lib/libcrypto/man/BN_mod_inverse.3
+++ b/secure/lib/libcrypto/man/BN_mod_inverse.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_mod_inverse 3"
-.TH BN_mod_inverse 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BN_mod_inverse 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -142,7 +151,7 @@ BN_mod_inverse \- compute inverse modulo n
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIBN_mod_inverse()\fR computes the inverse of \fBa\fR modulo \fBn\fR
-places the result in \fBr\fR (\f(CW\*(C`(a*r)%n==1\*(C'\fR). If \fBr\fR is \s-1NULL\s0,
+places the result in \fBr\fR (\f(CW\*(C`(a*r)%n==1\*(C'\fR). If \fBr\fR is \s-1NULL,\s0
a new \fB\s-1BIGNUM\s0\fR is created.
.PP
\&\fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary
diff --git a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
index 85c3597..b2f7267 100644
--- a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
+++ b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_mod_mul_montgomery 3"
-.TH BN_mod_mul_montgomery 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BN_mod_mul_montgomery 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
index ef922a2..80f2a38 100644
--- a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
+++ b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_mod_mul_reciprocal 3"
-.TH BN_mod_mul_reciprocal 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BN_mod_mul_reciprocal 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_new.3 b/secure/lib/libcrypto/man/BN_new.3
index 1ecfdb5..7d4af08 100644
--- a/secure/lib/libcrypto/man/BN_new.3
+++ b/secure/lib/libcrypto/man/BN_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_new 3"
-.TH BN_new 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BN_new 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/BN_num_bytes.3
index 9bdf420..9a39a60 100644
--- a/secure/lib/libcrypto/man/BN_num_bytes.3
+++ b/secure/lib/libcrypto/man/BN_num_bytes.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_num_bytes 3"
-.TH BN_num_bytes 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BN_num_bytes 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_rand.3 b/secure/lib/libcrypto/man/BN_rand.3
index c86aeb0..14e7191 100644
--- a/secure/lib/libcrypto/man/BN_rand.3
+++ b/secure/lib/libcrypto/man/BN_rand.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_rand 3"
-.TH BN_rand 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BN_rand 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_set_bit.3 b/secure/lib/libcrypto/man/BN_set_bit.3
index 11fac7d..1910abe 100644
--- a/secure/lib/libcrypto/man/BN_set_bit.3
+++ b/secure/lib/libcrypto/man/BN_set_bit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_set_bit 3"
-.TH BN_set_bit 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BN_set_bit 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_swap.3 b/secure/lib/libcrypto/man/BN_swap.3
index 1c30db1..6b6e437 100644
--- a/secure/lib/libcrypto/man/BN_swap.3
+++ b/secure/lib/libcrypto/man/BN_swap.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_swap 3"
-.TH BN_swap 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BN_swap 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_zero.3 b/secure/lib/libcrypto/man/BN_zero.3
index ffc9f55..c4837e5 100644
--- a/secure/lib/libcrypto/man/BN_zero.3
+++ b/secure/lib/libcrypto/man/BN_zero.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "BN_zero 3"
-.TH BN_zero 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH BN_zero 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_add0_cert.3 b/secure/lib/libcrypto/man/CMS_add0_cert.3
index 1a549bb..24708b0 100644
--- a/secure/lib/libcrypto/man/CMS_add0_cert.3
+++ b/secure/lib/libcrypto/man/CMS_add0_cert.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_add0_cert 3"
-.TH CMS_add0_cert 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CMS_add0_cert 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -153,7 +162,7 @@ must be of type signed data or enveloped data.
.PP
\&\fICMS_get1_certs()\fR returns all certificates in \fBcms\fR.
.PP
-\&\fICMS_add0_crl()\fR and \fICMS_add1_crl()\fR add \s-1CRL\s0 \fBcrl\fR to \fBcms\fR. \fICMS_get1_crls()\fR
+\&\fICMS_add0_crl()\fR and \fICMS_add1_crl()\fR add \s-1CRL \s0\fBcrl\fR to \fBcms\fR. \fICMS_get1_crls()\fR
returns any CRLs in \fBcms\fR.
.SH "NOTES"
.IX Header "NOTES"
diff --git a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
index f40e50e..e044fa0 100644
--- a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
+++ b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_add1_recipient_cert 3"
-.TH CMS_add1_recipient_cert 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CMS_add1_recipient_cert 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_add1_signer.3 b/secure/lib/libcrypto/man/CMS_add1_signer.3
index 8eb6505..20be8cb 100644
--- a/secure/lib/libcrypto/man/CMS_add1_signer.3
+++ b/secure/lib/libcrypto/man/CMS_add1_signer.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_add1_signer 3"
-.TH CMS_add1_signer 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CMS_add1_signer 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -203,9 +212,9 @@ identifier value instead. An error occurs if the signing certificate does not
have a subject key identifier extension.
.PP
If present the SMIMECapabilities attribute indicates support for the following
-algorithms in preference order: 256 bit \s-1AES\s0, Gost R3411\-94, Gost 28147\-89, 192
-bit \s-1AES\s0, 128 bit \s-1AES\s0, triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0.
-If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST\s0 \s-1ENGINE\s0 is
+algorithms in preference order: 256 bit \s-1AES,\s0 Gost R3411\-94, Gost 28147\-89, 192
+bit \s-1AES, 128\s0 bit \s-1AES,\s0 triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0
+If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST ENGINE\s0 is
not loaded.
.PP
\&\fICMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo
diff --git a/secure/lib/libcrypto/man/CMS_compress.3 b/secure/lib/libcrypto/man/CMS_compress.3
index 0e6af65..c0b522a 100644
--- a/secure/lib/libcrypto/man/CMS_compress.3
+++ b/secure/lib/libcrypto/man/CMS_compress.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_compress 3"
-.TH CMS_compress 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CMS_compress 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -162,7 +171,7 @@ otherwise the translation will corrupt it. If \fB\s-1CMS_BINARY\s0\fR is set the
\&\fB\s-1CMS_TEXT\s0\fR is ignored.
.PP
If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is
-returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR.
+returned suitable for streaming I/O: no data is read from the \s-1BIO \s0\fBin\fR.
.PP
The compressed data is included in the CMS_ContentInfo structure, unless
\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in
@@ -176,7 +185,7 @@ results.
.PP
Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR,
\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization
-can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using
+can be performed by obtaining the streaming \s-1ASN1 \s0\fB\s-1BIO\s0\fR directly using
\&\fIBIO_new_CMS()\fR.
.PP
Additional compression parameters such as the zlib compression level cannot
diff --git a/secure/lib/libcrypto/man/CMS_decrypt.3 b/secure/lib/libcrypto/man/CMS_decrypt.3
index 7b2e424..9cfb616 100644
--- a/secure/lib/libcrypto/man/CMS_decrypt.3
+++ b/secure/lib/libcrypto/man/CMS_decrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_decrypt 3"
-.TH CMS_decrypt 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CMS_decrypt 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,7 +157,7 @@ recipient's certificate, \fBout\fR is a \s-1BIO\s0 to write the content to and
\&\fBflags\fR is an optional set of flags.
.PP
The \fBdcont\fR parameter is used in the rare case where the encrypted content
-is detached. It will normally be set to \s-1NULL\s0.
+is detached. It will normally be set to \s-1NULL.\s0
.SH "NOTES"
.IX Header "NOTES"
\&\fIOpenSSL_add_all_algorithms()\fR (or equivalent) should be called before using this
@@ -175,11 +184,11 @@ open to attack.
It is possible to determine the correct recipient key by other means (for
example looking them up in a database) and setting them in the \s-1CMS\s0 structure
in advance using the \s-1CMS\s0 utility functions such as \fICMS_set1_pkey()\fR. In this
-case both \fBcert\fR and \fBpkey\fR should be set to \s-1NULL\s0.
+case both \fBcert\fR and \fBpkey\fR should be set to \s-1NULL.\s0
.PP
To process KEKRecipientInfo types \fICMS_set1_key()\fR or \fICMS_RecipientInfo_set0_key()\fR
and \fICMS_ReceipientInfo_decrypt()\fR should be called before \fICMS_decrypt()\fR and
-\&\fBcert\fR and \fBpkey\fR set to \s-1NULL\s0.
+\&\fBcert\fR and \fBpkey\fR set to \s-1NULL.\s0
.PP
The following flags can be passed in the \fBflags\fR parameter.
.PP
diff --git a/secure/lib/libcrypto/man/CMS_encrypt.3 b/secure/lib/libcrypto/man/CMS_encrypt.3
index d37152e..4f14502 100644
--- a/secure/lib/libcrypto/man/CMS_encrypt.3
+++ b/secure/lib/libcrypto/man/CMS_encrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_encrypt 3"
-.TH CMS_encrypt 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CMS_encrypt 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -179,7 +188,7 @@ identifier value instead. An error occurs if all recipient certificates do not
have a subject key identifier extension.
.PP
If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is
-returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR.
+returned suitable for streaming I/O: no data is read from the \s-1BIO \s0\fBin\fR.
.PP
If the \fB\s-1CMS_PARTIAL\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is
returned to which additional recipients and attributes can be added before
@@ -197,7 +206,7 @@ results.
.PP
Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR,
\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization
-can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using
+can be performed by obtaining the streaming \s-1ASN1 \s0\fB\s-1BIO\s0\fR directly using
\&\fIBIO_new_CMS()\fR.
.PP
The recipients specified in \fBcerts\fR use a \s-1CMS\s0 KeyTransRecipientInfo info
diff --git a/secure/lib/libcrypto/man/CMS_final.3 b/secure/lib/libcrypto/man/CMS_final.3
index fb8afcb..cab661a 100644
--- a/secure/lib/libcrypto/man/CMS_final.3
+++ b/secure/lib/libcrypto/man/CMS_final.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_final 3"
-.TH CMS_final 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CMS_final 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +156,7 @@ operations necessary on \fBcms\fR (digest computation for example) and set the
appropriate fields. The parameter \fBdata\fR contains the content to be
processed. The \fBdcont\fR parameter contains a \s-1BIO\s0 to write content to after
processing: this is only used with detached data and will usually be set to
-\&\s-1NULL\s0.
+\&\s-1NULL.\s0
.SH "NOTES"
.IX Header "NOTES"
This function will normally be called when the \fB\s-1CMS_PARTIAL\s0\fR flag is used. It
diff --git a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
index d6e4766..15e96fb 100644
--- a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
+++ b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_get0_RecipientInfos 3"
-.TH CMS_get0_RecipientInfos 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CMS_get0_RecipientInfos 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -157,24 +166,24 @@ The function \fICMS_get0_RecipientInfos()\fR returns all the CMS_RecipientInfo
structures associated with a \s-1CMS\s0 EnvelopedData structure.
.PP
\&\fICMS_RecipientInfo_type()\fR returns the type of CMS_RecipientInfo structure \fBri\fR.
-It will currently return \s-1CMS_RECIPINFO_TRANS\s0, \s-1CMS_RECIPINFO_AGREE\s0,
-\&\s-1CMS_RECIPINFO_KEK\s0, \s-1CMS_RECIPINFO_PASS\s0, or \s-1CMS_RECIPINFO_OTHER\s0.
+It will currently return \s-1CMS_RECIPINFO_TRANS, CMS_RECIPINFO_AGREE,
+CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS,\s0 or \s-1CMS_RECIPINFO_OTHER.\s0
.PP
\&\fICMS_RecipientInfo_ktri_get0_signer_id()\fR retrieves the certificate recipient
identifier associated with a specific CMS_RecipientInfo structure \fBri\fR, which
-must be of type \s-1CMS_RECIPINFO_TRANS\s0. Either the keyidentifier will be set in
+must be of type \s-1CMS_RECIPINFO_TRANS.\s0 Either the keyidentifier will be set in
\&\fBkeyid\fR or \fBboth\fR issuer name and serial number in \fBissuer\fR and \fBsno\fR.
.PP
\&\fICMS_RecipientInfo_ktri_cert_cmp()\fR compares the certificate \fBcert\fR against the
-CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_TRANS\s0.
+CMS_RecipientInfo structure \fBri\fR, which must be of type \s-1CMS_RECIPINFO_TRANS.\s0
It returns zero if the comparison is successful and non zero if not.
.PP
\&\fICMS_RecipientInfo_set0_pkey()\fR associates the private key \fBpkey\fR with
the CMS_RecipientInfo structure \fBri\fR, which must be of type
-\&\s-1CMS_RECIPINFO_TRANS\s0.
+\&\s-1CMS_RECIPINFO_TRANS.\s0
.PP
\&\fICMS_RecipientInfo_kekri_get0_id()\fR retrieves the key information from the
-CMS_RecipientInfo structure \fBri\fR which must be of type \s-1CMS_RECIPINFO_KEK\s0. Any
+CMS_RecipientInfo structure \fBri\fR which must be of type \s-1CMS_RECIPINFO_KEK. \s0 Any
of the remaining parameters can be \s-1NULL\s0 if the application is not interested in
the value of a field. Where a field is optional and absent \s-1NULL\s0 will be written
to the corresponding parameter. The keyEncryptionAlgorithm field is written to
@@ -185,12 +194,12 @@ present is written to \fBpdate\fR, if the \fBother\fR field is present the compo
.PP
\&\fICMS_RecipientInfo_kekri_id_cmp()\fR compares the \s-1ID\s0 in the \fBid\fR and \fBidlen\fR
parameters against the \fBkeyIdentifier\fR CMS_RecipientInfo structure \fBri\fR,
-which must be of type \s-1CMS_RECIPINFO_KEK\s0. It returns zero if the comparison is
+which must be of type \s-1CMS_RECIPINFO_KEK. \s0 It returns zero if the comparison is
successful and non zero if not.
.PP
\&\fICMS_RecipientInfo_set0_key()\fR associates the symmetric key \fBkey\fR of length
\&\fBkeylen\fR with the CMS_RecipientInfo structure \fBri\fR, which must be of type
-\&\s-1CMS_RECIPINFO_KEK\s0.
+\&\s-1CMS_RECIPINFO_KEK.\s0
.PP
\&\fICMS_RecipientInfo_decrypt()\fR attempts to decrypt CMS_RecipientInfo structure
\&\fBri\fR in structure \fBcms\fR. A key must have been associated with the structure
diff --git a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
index e52b9c6..43fb1ea 100644
--- a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
+++ b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_get0_SignerInfos 3"
-.TH CMS_get0_SignerInfos 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CMS_get0_SignerInfos 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -168,7 +177,7 @@ of \fICMS_verify()\fR is not appropriate.
.PP
In typical usage and application will retrieve all CMS_SignerInfo structures
using \fICMS_get0_SignerInfo()\fR and retrieve the identifier information using
-\&\s-1CMS\s0. It will then obtain the signer certificate by some unspecified means
+\&\s-1CMS.\s0 It will then obtain the signer certificate by some unspecified means
(or return and error if it cannot be found) and set it using
\&\fICMS_SignerInfo_set1_signer_cert()\fR.
.PP
diff --git a/secure/lib/libcrypto/man/CMS_get0_type.3 b/secure/lib/libcrypto/man/CMS_get0_type.3
index 1a848ae..554d9d6 100644
--- a/secure/lib/libcrypto/man/CMS_get0_type.3
+++ b/secure/lib/libcrypto/man/CMS_get0_type.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_get0_type 3"
-.TH CMS_get0_type 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CMS_get0_type 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
index bd41eb8..6cfbd54 100644
--- a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
+++ b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_get1_ReceiptRequest 3"
-.TH CMS_get1_ReceiptRequest 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CMS_get1_ReceiptRequest 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +156,7 @@
.IX Header "DESCRIPTION"
\&\fICMS_ReceiptRequest_create0()\fR creates a signed receipt request structure. The
\&\fBsignedContentIdentifier\fR field is set using \fBid\fR and \fBidlen\fR, or it is set
-to 32 bytes of pseudo random data if \fBid\fR is \s-1NULL\s0. If \fBreceiptList\fR is \s-1NULL\s0
+to 32 bytes of pseudo random data if \fBid\fR is \s-1NULL.\s0 If \fBreceiptList\fR is \s-1NULL\s0
the allOrFirstTier option in \fBreceiptsFrom\fR is used and set to the value of
the \fBallorfirst\fR parameter. If \fBreceiptList\fR is not \s-1NULL\s0 the \fBreceiptList\fR
option in \fBreceiptsFrom\fR is used. The \fBreceiptsTo\fR parameter specifies the
@@ -166,7 +175,7 @@ otherwise the \fBreceiptList\fR field is copied to \fBplist\fR. The \fBreceiptsT
parameter is copied to \fBprto\fR.
.SH "NOTES"
.IX Header "NOTES"
-For more details of the meaning of the fields see \s-1RFC2634\s0.
+For more details of the meaning of the fields see \s-1RFC2634.\s0
.PP
The contents of a signed receipt should only be considered meaningful if the
corresponding CMS_ContentInfo structure can be successfully verified using
diff --git a/secure/lib/libcrypto/man/CMS_sign.3 b/secure/lib/libcrypto/man/CMS_sign.3
index a1430ad..7d9d7e7 100644
--- a/secure/lib/libcrypto/man/CMS_sign.3
+++ b/secure/lib/libcrypto/man/CMS_sign.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_sign 3"
-.TH CMS_sign 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CMS_sign 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,7 +157,7 @@ the certificate to sign with, \fBpkey\fR is the corresponding private key.
structure (for example any intermediate CAs in the chain). Any or all of
these parameters can be \fB\s-1NULL\s0\fR, see \fB\s-1NOTES\s0\fR below.
.PP
-The data to be signed is read from \s-1BIO\s0 \fBdata\fR.
+The data to be signed is read from \s-1BIO \s0\fBdata\fR.
.PP
\&\fBflags\fR is an optional set of flags.
.SH "NOTES"
@@ -183,9 +192,9 @@ will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilit
omitted.
.PP
If present the SMIMECapabilities attribute indicates support for the following
-algorithms in preference order: 256 bit \s-1AES\s0, Gost R3411\-94, Gost 28147\-89, 192
-bit \s-1AES\s0, 128 bit \s-1AES\s0, triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0.
-If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST\s0 \s-1ENGINE\s0 is
+algorithms in preference order: 256 bit \s-1AES,\s0 Gost R3411\-94, Gost 28147\-89, 192
+bit \s-1AES, 128\s0 bit \s-1AES,\s0 triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0
+If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST ENGINE\s0 is
not loaded.
.PP
OpenSSL will by default identify signing certificates using issuer name
@@ -210,7 +219,7 @@ results.
.PP
Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR,
\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization
-can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using
+can be performed by obtaining the streaming \s-1ASN1 \s0\fB\s-1BIO\s0\fR directly using
\&\fIBIO_new_CMS()\fR.
.PP
If a signer is specified it will use the default digest for the signing
diff --git a/secure/lib/libcrypto/man/CMS_sign_receipt.3 b/secure/lib/libcrypto/man/CMS_sign_receipt.3
index 17c157f..68ce6e9 100644
--- a/secure/lib/libcrypto/man/CMS_sign_receipt.3
+++ b/secure/lib/libcrypto/man/CMS_sign_receipt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_sign_receipt 3"
-.TH CMS_sign_receipt 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CMS_sign_receipt 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_uncompress.3 b/secure/lib/libcrypto/man/CMS_uncompress.3
index 812002e..8b91990 100644
--- a/secure/lib/libcrypto/man/CMS_uncompress.3
+++ b/secure/lib/libcrypto/man/CMS_uncompress.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_uncompress 3"
-.TH CMS_uncompress 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CMS_uncompress 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +156,7 @@ CompressedData structure \fBcms\fR. \fBdata\fR is a \s-1BIO\s0 to write the cont
\&\fBflags\fR is an optional set of flags.
.PP
The \fBdcont\fR parameter is used in the rare case where the compressed content
-is detached. It will normally be set to \s-1NULL\s0.
+is detached. It will normally be set to \s-1NULL.\s0
.SH "NOTES"
.IX Header "NOTES"
The only currently supported compression algorithm is zlib: if the structure
diff --git a/secure/lib/libcrypto/man/CMS_verify.3 b/secure/lib/libcrypto/man/CMS_verify.3
index acdccc2..e54bd7c 100644
--- a/secure/lib/libcrypto/man/CMS_verify.3
+++ b/secure/lib/libcrypto/man/CMS_verify.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_verify 3"
-.TH CMS_verify 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CMS_verify 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,7 +157,7 @@
structure to verify. \fBcerts\fR is a set of certificates in which to search for
the signing certificate(s). \fBstore\fR is a trusted certificate store used for
chain verification. \fBindata\fR is the detached content if the content is not
-present in \fBcms\fR. The content is written to \fBout\fR if it is not \s-1NULL\s0.
+present in \fBcms\fR. The content is written to \fBout\fR if it is not \s-1NULL.\s0
.PP
\&\fBflags\fR is an optional set of flags, which can be used to modify the verify
operation.
diff --git a/secure/lib/libcrypto/man/CMS_verify_receipt.3 b/secure/lib/libcrypto/man/CMS_verify_receipt.3
index 460634b..6f361ab 100644
--- a/secure/lib/libcrypto/man/CMS_verify_receipt.3
+++ b/secure/lib/libcrypto/man/CMS_verify_receipt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_verify_receipt 3"
-.TH CMS_verify_receipt 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CMS_verify_receipt 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CONF_modules_free.3 b/secure/lib/libcrypto/man/CONF_modules_free.3
index 0e75a1f..bbcb2d4 100644
--- a/secure/lib/libcrypto/man/CONF_modules_free.3
+++ b/secure/lib/libcrypto/man/CONF_modules_free.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CONF_modules_free 3"
-.TH CONF_modules_free 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CONF_modules_free 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CONF_modules_load_file.3 b/secure/lib/libcrypto/man/CONF_modules_load_file.3
index 7d00b03..e00670a 100644
--- a/secure/lib/libcrypto/man/CONF_modules_load_file.3
+++ b/secure/lib/libcrypto/man/CONF_modules_load_file.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CONF_modules_load_file 3"
-.TH CONF_modules_load_file 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CONF_modules_load_file 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
index 1bcd3ef..b3aff5e 100644
--- a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
+++ b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CRYPTO_set_ex_data 3"
-.TH CRYPTO_set_ex_data 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CRYPTO_set_ex_data 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_generate_key.3 b/secure/lib/libcrypto/man/DH_generate_key.3
index aac2544..cd2c85d 100644
--- a/secure/lib/libcrypto/man/DH_generate_key.3
+++ b/secure/lib/libcrypto/man/DH_generate_key.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DH_generate_key 3"
-.TH DH_generate_key 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DH_generate_key 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_generate_parameters.3 b/secure/lib/libcrypto/man/DH_generate_parameters.3
index fba24a7..686113e 100644
--- a/secure/lib/libcrypto/man/DH_generate_parameters.3
+++ b/secure/lib/libcrypto/man/DH_generate_parameters.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DH_generate_parameters 3"
-.TH DH_generate_parameters 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DH_generate_parameters 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -191,4 +200,4 @@ a usable generator.
The \fBcb_arg\fR argument to \fIDH_generate_parameters()\fR was added in SSLeay 0.9.0.
.PP
In versions before OpenSSL 0.9.5, \s-1DH_CHECK_P_NOT_STRONG_PRIME\s0 is used
-instead of \s-1DH_CHECK_P_NOT_SAFE_PRIME\s0.
+instead of \s-1DH_CHECK_P_NOT_SAFE_PRIME.\s0
diff --git a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 b/secure/lib/libcrypto/man/DH_get_ex_new_index.3
index fb8f1f0..08e52f9 100644
--- a/secure/lib/libcrypto/man/DH_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/DH_get_ex_new_index.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DH_get_ex_new_index 3"
-.TH DH_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DH_get_ex_new_index 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/DH_new.3
index d16ab5a..3ada2ef 100644
--- a/secure/lib/libcrypto/man/DH_new.3
+++ b/secure/lib/libcrypto/man/DH_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DH_new 3"
-.TH DH_new 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DH_new 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_set_method.3 b/secure/lib/libcrypto/man/DH_set_method.3
index 8868f61..3b05f3c 100644
--- a/secure/lib/libcrypto/man/DH_set_method.3
+++ b/secure/lib/libcrypto/man/DH_set_method.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DH_set_method 3"
-.TH DH_set_method 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DH_set_method 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -153,7 +162,7 @@ DH_set_method, DH_new_method, DH_OpenSSL \- select DH method
A \fB\s-1DH_METHOD\s0\fR specifies the functions that OpenSSL uses for Diffie-Hellman
operations. By modifying the method, alternative implementations
such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for
-important information about how these \s-1DH\s0 \s-1API\s0 functions are affected by the use
+important information about how these \s-1DH API\s0 functions are affected by the use
of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
.PP
Initially, the default \s-1DH_METHOD\s0 is the OpenSSL internal implementation, as
@@ -161,22 +170,22 @@ returned by \fIDH_OpenSSL()\fR.
.PP
\&\fIDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0
structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set
-as a default for \s-1DH\s0, so this function is no longer recommended.
+as a default for \s-1DH,\s0 so this function is no longer recommended.
.PP
-\&\fIDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD\s0.
-However, the meaningfulness of this result is dependent on whether the \s-1ENGINE\s0
-\&\s-1API\s0 is being used, so this function is no longer recommended.
+\&\fIDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD.\s0
+However, the meaningfulness of this result is dependent on whether the \s-1ENGINE
+API\s0 is being used, so this function is no longer recommended.
.PP
\&\fIDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR.
This will replace the \s-1DH_METHOD\s0 used by the \s-1DH\s0 key and if the previous method
-was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will be released during the
+was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will be released during the
change. It is possible to have \s-1DH\s0 keys that only work with certain \s-1DH_METHOD\s0
implementations (eg. from an \s-1ENGINE\s0 module that supports embedded
hardware-protected keys), and in such cases attempting to change the \s-1DH_METHOD\s0
for the key can have unexpected results.
.PP
\&\fIDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will
-be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL\s0, the default \s-1ENGINE\s0 for \s-1DH\s0
+be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default \s-1ENGINE\s0 for \s-1DH\s0
operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0 controlled by
\&\fIDH_set_default_method()\fR is used.
.SH "THE DH_METHOD STRUCTURE"
@@ -227,10 +236,10 @@ returns a pointer to the newly allocated structure.
.SH "NOTES"
.IX Header "NOTES"
As of version 0.9.7, \s-1DH_METHOD\s0 implementations are grouped together with other
-algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a
-default \s-1ENGINE\s0 is specified for \s-1DH\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function,
-that will override any \s-1DH\s0 defaults set using the \s-1DH\s0 \s-1API\s0 (ie.
-\&\fIDH_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way
+algorithmic APIs (eg. \s-1RSA_METHOD, EVP_CIPHER,\s0 etc) in \fB\s-1ENGINE\s0\fR modules. If a
+default \s-1ENGINE\s0 is specified for \s-1DH\s0 functionality using an \s-1ENGINE API\s0 function,
+that will override any \s-1DH\s0 defaults set using the \s-1DH API \s0(ie.
+\&\fIDH_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way
to control default implementations for use in \s-1DH\s0 and other cryptographic
algorithms.
.SH "SEE ALSO"
@@ -245,8 +254,8 @@ algorithms.
\&\fIDH_set_default_method()\fR and \fIDH_get_default_method()\fR respectively, and
\&\fIDH_set_method()\fR and \fIDH_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than
\&\fB\s-1DH_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For
-0.9.7, the handling of defaults in the \s-1ENGINE\s0 \s-1API\s0 was restructured so that this
+0.9.7, the handling of defaults in the \s-1ENGINE API\s0 was restructured so that this
change was reversed, and behaviour of the other functions resembled more closely
-the previous behaviour. The behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now
-transparently overrides the behaviour of defaults in the \s-1DH\s0 \s-1API\s0 without
+the previous behaviour. The behaviour of defaults in the \s-1ENGINE API\s0 now
+transparently overrides the behaviour of defaults in the \s-1DH API\s0 without
requiring changing these function prototypes.
diff --git a/secure/lib/libcrypto/man/DH_size.3 b/secure/lib/libcrypto/man/DH_size.3
index c1aa7e7..cafd696 100644
--- a/secure/lib/libcrypto/man/DH_size.3
+++ b/secure/lib/libcrypto/man/DH_size.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DH_size 3"
-.TH DH_size 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DH_size 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_SIG_new.3 b/secure/lib/libcrypto/man/DSA_SIG_new.3
index 5d57e16..23a89c8 100644
--- a/secure/lib/libcrypto/man/DSA_SIG_new.3
+++ b/secure/lib/libcrypto/man/DSA_SIG_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_SIG_new 3"
-.TH DSA_SIG_new 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DSA_SIG_new 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/DSA_do_sign.3
index bd3b157..03781ff 100644
--- a/secure/lib/libcrypto/man/DSA_do_sign.3
+++ b/secure/lib/libcrypto/man/DSA_do_sign.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_do_sign 3"
-.TH DSA_do_sign 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DSA_do_sign 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_dup_DH.3 b/secure/lib/libcrypto/man/DSA_dup_DH.3
index 539bbe8..2c8247c 100644
--- a/secure/lib/libcrypto/man/DSA_dup_DH.3
+++ b/secure/lib/libcrypto/man/DSA_dup_DH.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_dup_DH 3"
-.TH DSA_dup_DH 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DSA_dup_DH 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_generate_key.3 b/secure/lib/libcrypto/man/DSA_generate_key.3
index 831de26..9bd0ed6 100644
--- a/secure/lib/libcrypto/man/DSA_generate_key.3
+++ b/secure/lib/libcrypto/man/DSA_generate_key.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_generate_key 3"
-.TH DSA_generate_key 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DSA_generate_key 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/DSA_generate_parameters.3
index 6114d3b..d90fbbd 100644
--- a/secure/lib/libcrypto/man/DSA_generate_parameters.3
+++ b/secure/lib/libcrypto/man/DSA_generate_parameters.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_generate_parameters 3"
-.TH DSA_generate_parameters 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DSA_generate_parameters 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -143,7 +152,7 @@ DSA_generate_parameters \- generate DSA parameters
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIDSA_generate_parameters()\fR generates primes p and q and a generator g
-for use in the \s-1DSA\s0.
+for use in the \s-1DSA.\s0
.PP
\&\fBbits\fR is the length of the prime to be generated; the \s-1DSS\s0 allows a
maximum of 1024 bits.
diff --git a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
index 0387194..30da09f 100644
--- a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_get_ex_new_index 3"
-.TH DSA_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DSA_get_ex_new_index 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_new.3 b/secure/lib/libcrypto/man/DSA_new.3
index e1aa0ca..1d112c2 100644
--- a/secure/lib/libcrypto/man/DSA_new.3
+++ b/secure/lib/libcrypto/man/DSA_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_new 3"
-.TH DSA_new 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DSA_new 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_set_method.3 b/secure/lib/libcrypto/man/DSA_set_method.3
index baefa6d..8ed98e8 100644
--- a/secure/lib/libcrypto/man/DSA_set_method.3
+++ b/secure/lib/libcrypto/man/DSA_set_method.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_set_method 3"
-.TH DSA_set_method 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DSA_set_method 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -153,7 +162,7 @@ DSA_set_method, DSA_new_method, DSA_OpenSSL \- select DSA method
A \fB\s-1DSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1DSA\s0
operations. By modifying the method, alternative implementations
such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for
-important information about how these \s-1DSA\s0 \s-1API\s0 functions are affected by the use
+important information about how these \s-1DSA API\s0 functions are affected by the use
of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
.PP
Initially, the default \s-1DSA_METHOD\s0 is the OpenSSL internal implementation,
@@ -161,16 +170,16 @@ as returned by \fIDSA_OpenSSL()\fR.
.PP
\&\fIDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0
structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has
-been set as a default for \s-1DSA\s0, so this function is no longer recommended.
+been set as a default for \s-1DSA,\s0 so this function is no longer recommended.
.PP
\&\fIDSA_get_default_method()\fR returns a pointer to the current default
-\&\s-1DSA_METHOD\s0. However, the meaningfulness of this result is dependent on
-whether the \s-1ENGINE\s0 \s-1API\s0 is being used, so this function is no longer
+\&\s-1DSA_METHOD.\s0 However, the meaningfulness of this result is dependent on
+whether the \s-1ENGINE API\s0 is being used, so this function is no longer
recommended.
.PP
\&\fIDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key
\&\fBrsa\fR. This will replace the \s-1DSA_METHOD\s0 used by the \s-1DSA\s0 key and if the
-previous method was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will
+previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will
be released during the change. It is possible to have \s-1DSA\s0 keys that only
work with certain \s-1DSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module
that supports embedded hardware-protected keys), and in such cases
@@ -178,7 +187,7 @@ attempting to change the \s-1DSA_METHOD\s0 for the key can have unexpected
results.
.PP
\&\fIDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR
-will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL\s0, the default engine
+will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the default engine
for \s-1DSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DSA_METHOD\s0
controlled by \fIDSA_set_default_method()\fR is used.
.SH "THE DSA_METHOD STRUCTURE"
@@ -241,10 +250,10 @@ fails. Otherwise it returns a pointer to the newly allocated structure.
.SH "NOTES"
.IX Header "NOTES"
As of version 0.9.7, \s-1DSA_METHOD\s0 implementations are grouped together with other
-algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a
-default \s-1ENGINE\s0 is specified for \s-1DSA\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function,
-that will override any \s-1DSA\s0 defaults set using the \s-1DSA\s0 \s-1API\s0 (ie.
-\&\fIDSA_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way
+algorithmic APIs (eg. \s-1RSA_METHOD, EVP_CIPHER,\s0 etc) in \fB\s-1ENGINE\s0\fR modules. If a
+default \s-1ENGINE\s0 is specified for \s-1DSA\s0 functionality using an \s-1ENGINE API\s0 function,
+that will override any \s-1DSA\s0 defaults set using the \s-1DSA API \s0(ie.
+\&\fIDSA_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way
to control default implementations for use in \s-1DSA\s0 and other cryptographic
algorithms.
.SH "SEE ALSO"
@@ -259,8 +268,8 @@ algorithms.
\&\fIDSA_set_default_method()\fR and \fIDSA_get_default_method()\fR respectively, and
\&\fIDSA_set_method()\fR and \fIDSA_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than
\&\fB\s-1DSA_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For
-0.9.7, the handling of defaults in the \s-1ENGINE\s0 \s-1API\s0 was restructured so that this
+0.9.7, the handling of defaults in the \s-1ENGINE API\s0 was restructured so that this
change was reversed, and behaviour of the other functions resembled more closely
-the previous behaviour. The behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now
-transparently overrides the behaviour of defaults in the \s-1DSA\s0 \s-1API\s0 without
+the previous behaviour. The behaviour of defaults in the \s-1ENGINE API\s0 now
+transparently overrides the behaviour of defaults in the \s-1DSA API\s0 without
requiring changing these function prototypes.
diff --git a/secure/lib/libcrypto/man/DSA_sign.3 b/secure/lib/libcrypto/man/DSA_sign.3
index 58ed2de..629f5e2 100644
--- a/secure/lib/libcrypto/man/DSA_sign.3
+++ b/secure/lib/libcrypto/man/DSA_sign.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_sign 3"
-.TH DSA_sign 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DSA_sign 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,7 +157,7 @@ DSA_sign, DSA_sign_setup, DSA_verify \- DSA signatures
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message
-digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN\s0.1 \s-1DER\s0
+digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN.1 DER\s0
encoding at \fBsigret\fR. The length of the signature is places in
*\fBsiglen\fR. \fBsigret\fR must point to DSA_size(\fBdsa\fR) bytes of memory.
.PP
@@ -156,9 +165,9 @@ encoding at \fBsigret\fR. The length of the signature is places in
operation in case signature generation is time-critical. It expects
\&\fBdsa\fR to contain \s-1DSA\s0 parameters. It places the precomputed values
in newly allocated \fB\s-1BIGNUM\s0\fRs at *\fBkinvp\fR and *\fBrp\fR, after freeing
-the old ones unless *\fBkinvp\fR and *\fBrp\fR are \s-1NULL\s0. These values may
+the old ones unless *\fBkinvp\fR and *\fBrp\fR are \s-1NULL.\s0 These values may
be passed to \fIDSA_sign()\fR in \fBdsa\->kinv\fR and \fBdsa\->r\fR.
-\&\fBctx\fR is a pre-allocated \fB\s-1BN_CTX\s0\fR or \s-1NULL\s0.
+\&\fBctx\fR is a pre-allocated \fB\s-1BN_CTX\s0\fR or \s-1NULL.\s0
.PP
\&\fIDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR
matches a given message digest \fBdgst\fR of size \fBlen\fR.
@@ -176,8 +185,8 @@ signature and \-1 on error. The error codes can be obtained by
\&\fIERR_get_error\fR\|(3).
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186 (Digital Signature
-Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30
+\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186 \s0(Digital Signature
+Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIdsa\fR\|(3), \fIERR_get_error\fR\|(3), \fIrand\fR\|(3),
diff --git a/secure/lib/libcrypto/man/DSA_size.3 b/secure/lib/libcrypto/man/DSA_size.3
index c689c06..d3660bf 100644
--- a/secure/lib/libcrypto/man/DSA_size.3
+++ b/secure/lib/libcrypto/man/DSA_size.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_size 3"
-.TH DSA_size 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DSA_size 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -140,7 +149,7 @@ DSA_size \- get DSA signature size
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-This function returns the size of an \s-1ASN\s0.1 encoded \s-1DSA\s0 signature in
+This function returns the size of an \s-1ASN.1\s0 encoded \s-1DSA\s0 signature in
bytes. It can be used to determine how much memory must be allocated
for a \s-1DSA\s0 signature.
.PP
diff --git a/secure/lib/libcrypto/man/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/ERR_GET_LIB.3
index ebdfa01..c72e00b 100644
--- a/secure/lib/libcrypto/man/ERR_GET_LIB.3
+++ b/secure/lib/libcrypto/man/ERR_GET_LIB.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_GET_LIB 3"
-.TH ERR_GET_LIB 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ERR_GET_LIB 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -157,7 +166,7 @@ reason codes are unique within each sub-library. Note that different
libraries may use the same value to signal different functions and
reasons.
.PP
-\&\fB\s-1ERR_R_\s0...\fR reason codes such as \fB\s-1ERR_R_MALLOC_FAILURE\s0\fR are globally
+\&\fB\s-1ERR_R_...\s0\fR reason codes such as \fB\s-1ERR_R_MALLOC_FAILURE\s0\fR are globally
unique. However, when checking for sub-library specific reason codes,
be sure to also compare the library number.
.PP
diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/ERR_clear_error.3
index 24fd7f3..e2ccfa8 100644
--- a/secure/lib/libcrypto/man/ERR_clear_error.3
+++ b/secure/lib/libcrypto/man/ERR_clear_error.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_clear_error 3"
-.TH ERR_clear_error 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ERR_clear_error 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_error_string.3 b/secure/lib/libcrypto/man/ERR_error_string.3
index ddacdc9..6eeb8e2 100644
--- a/secure/lib/libcrypto/man/ERR_error_string.3
+++ b/secure/lib/libcrypto/man/ERR_error_string.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_error_string 3"
-.TH ERR_error_string 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ERR_error_string 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_get_error.3 b/secure/lib/libcrypto/man/ERR_get_error.3
index 8110d43..950a4c3 100644
--- a/secure/lib/libcrypto/man/ERR_get_error.3
+++ b/secure/lib/libcrypto/man/ERR_get_error.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_get_error 3"
-.TH ERR_get_error 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ERR_get_error 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -182,7 +191,7 @@ associated with the error code in *\fBdata\fR
and *\fBflags\fR, unless these are \fB\s-1NULL\s0\fR. *\fBdata\fR contains a string
if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR is true.
.PP
-An application \fB\s-1MUST\s0 \s-1NOT\s0\fR free the *\fBdata\fR pointer (or any other pointers
+An application \fB\s-1MUST NOT\s0\fR free the *\fBdata\fR pointer (or any other pointers
returned by these functions) with \fIOPENSSL_free()\fR as freeing is handled
automatically by the error library.
.SH "RETURN VALUES"
diff --git a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
index aafb918..a892197 100644
--- a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
+++ b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_load_crypto_strings 3"
-.TH ERR_load_crypto_strings 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ERR_load_crypto_strings 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_load_strings.3 b/secure/lib/libcrypto/man/ERR_load_strings.3
index 6683dd5..7f417b0 100644
--- a/secure/lib/libcrypto/man/ERR_load_strings.3
+++ b/secure/lib/libcrypto/man/ERR_load_strings.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_load_strings 3"
-.TH ERR_load_strings 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ERR_load_strings 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/ERR_print_errors.3
index bc81b5d..4b6961f 100644
--- a/secure/lib/libcrypto/man/ERR_print_errors.3
+++ b/secure/lib/libcrypto/man/ERR_print_errors.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_print_errors 3"
-.TH ERR_print_errors 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ERR_print_errors 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_put_error.3 b/secure/lib/libcrypto/man/ERR_put_error.3
index 33820a7..bc60034 100644
--- a/secure/lib/libcrypto/man/ERR_put_error.3
+++ b/secure/lib/libcrypto/man/ERR_put_error.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_put_error 3"
-.TH ERR_put_error 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ERR_put_error 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_remove_state.3 b/secure/lib/libcrypto/man/ERR_remove_state.3
index db9228c..2c9e3dc 100644
--- a/secure/lib/libcrypto/man/ERR_remove_state.3
+++ b/secure/lib/libcrypto/man/ERR_remove_state.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_remove_state 3"
-.TH ERR_remove_state 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ERR_remove_state 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_set_mark.3 b/secure/lib/libcrypto/man/ERR_set_mark.3
index 3b0f52b..67c82d1 100644
--- a/secure/lib/libcrypto/man/ERR_set_mark.3
+++ b/secure/lib/libcrypto/man/ERR_set_mark.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_set_mark 3"
-.TH ERR_set_mark 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ERR_set_mark 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/EVP_BytesToKey.3
index 448ad2a..bbb4c3f 100644
--- a/secure/lib/libcrypto/man/EVP_BytesToKey.3
+++ b/secure/lib/libcrypto/man/EVP_BytesToKey.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_BytesToKey 3"
-.TH EVP_BytesToKey 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EVP_BytesToKey 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -168,7 +177,7 @@ v2.0 for key derivation.
.SH "KEY DERIVATION ALGORITHM"
.IX Header "KEY DERIVATION ALGORITHM"
The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until
-enough data is available for the key and \s-1IV\s0. D_i is defined as:
+enough data is available for the key and \s-1IV.\s0 D_i is defined as:
.PP
.Vb 1
\& D_i = HASH^count(D_(i\-1) || data || salt)
@@ -179,7 +188,7 @@ algorithm in use, HASH^1(data) is simply \s-1HASH\s0(data), HASH^2(data)
is \s-1HASH\s0(\s-1HASH\s0(data)) and so on.
.PP
The initial bytes are used for the key and the subsequent bytes for
-the \s-1IV\s0.
+the \s-1IV.\s0
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIEVP_BytesToKey()\fR returns the size of the derived key in bytes.
diff --git a/secure/lib/libcrypto/man/EVP_DigestInit.3 b/secure/lib/libcrypto/man/EVP_DigestInit.3
index 0536aae..b96c907 100644
--- a/secure/lib/libcrypto/man/EVP_DigestInit.3
+++ b/secure/lib/libcrypto/man/EVP_DigestInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_DigestInit 3"
-.TH EVP_DigestInit 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EVP_DigestInit 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -202,7 +211,7 @@ The \s-1EVP\s0 digest routines are a high level interface to message digests.
\&\fIEVP_MD_CTX_create()\fR allocates, initializes and returns a digest context.
.PP
\&\fIEVP_DigestInit_ex()\fR sets up digest context \fBctx\fR to use a digest
-\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized before calling this
+\&\fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized before calling this
function. \fBtype\fR will typically be supplied by a functionsuch as \fIEVP_sha1()\fR.
If \fBimpl\fR is \s-1NULL\s0 then the default implementation of digest \fBtype\fR is used.
.PP
@@ -247,7 +256,7 @@ hash.
\&\fIEVP_MD_block_size()\fR and \fIEVP_MD_CTX_block_size()\fR return the block size of the
message digest when passed an \fB\s-1EVP_MD\s0\fR or an \fB\s-1EVP_MD_CTX\s0\fR structure.
.PP
-\&\fIEVP_MD_type()\fR and \fIEVP_MD_CTX_type()\fR return the \s-1NID\s0 of the \s-1OBJECT\s0 \s-1IDENTIFIER\s0
+\&\fIEVP_MD_type()\fR and \fIEVP_MD_CTX_type()\fR return the \s-1NID\s0 of the \s-1OBJECT IDENTIFIER\s0
representing the given message digest when passed an \fB\s-1EVP_MD\s0\fR structure.
For example EVP_MD_type(\fIEVP_sha1()\fR) returns \fBNID_sha1\fR. This function is
normally used when setting \s-1ASN1\s0 OIDs.
@@ -263,11 +272,11 @@ reasons.
.PP
\&\fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, \fIEVP_sha224()\fR, \fIEVP_sha256()\fR,
\&\fIEVP_sha384()\fR, \fIEVP_sha512()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR return \fB\s-1EVP_MD\s0\fR
-structures for the \s-1MD2\s0, \s-1MD5\s0, \s-1SHA\s0, \s-1SHA1\s0, \s-1SHA224\s0, \s-1SHA256\s0, \s-1SHA384\s0, \s-1SHA512\s0, \s-1MDC2\s0
+structures for the \s-1MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2\s0
and \s-1RIPEMD160\s0 digest algorithms respectively.
.PP
\&\fIEVP_dss()\fR and \fIEVP_dss1()\fR return \fB\s-1EVP_MD\s0\fR structures for \s-1SHA\s0 and \s-1SHA1\s0 digest
-algorithms but using \s-1DSS\s0 (\s-1DSA\s0) for the signature algorithm. Note: there is
+algorithms but using \s-1DSS \s0(\s-1DSA\s0) for the signature algorithm. Note: there is
no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are
however retained for compatibility.
.PP
@@ -286,7 +295,7 @@ success and 0 for failure.
\&\fIEVP_MD_CTX_copy_ex()\fR returns 1 if successful or 0 for failure.
.PP
\&\fIEVP_MD_type()\fR, \fIEVP_MD_pkey_type()\fR and \fIEVP_MD_type()\fR return the \s-1NID\s0 of the
-corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 or NID_undef if none exists.
+corresponding \s-1OBJECT IDENTIFIER\s0 or NID_undef if none exists.
.PP
\&\fIEVP_MD_size()\fR, \fIEVP_MD_block_size()\fR, \fIEVP_MD_CTX_size()\fR and
\&\fIEVP_MD_CTX_block_size()\fR return the digest or block size in bytes.
@@ -303,7 +312,7 @@ The \fB\s-1EVP\s0\fR interface to message digests should almost always be used i
preference to the low level interfaces. This is because the code then becomes
transparent to the digest used and much more flexible.
.PP
-New applications should use the \s-1SHA2\s0 digest algorithms such as \s-1SHA256\s0.
+New applications should use the \s-1SHA2\s0 digest algorithms such as \s-1SHA256.\s0
The other digest algorithms are still in common use.
.PP
For most applications the \fBimpl\fR parameter to \fIEVP_DigestInit_ex()\fR will be
diff --git a/secure/lib/libcrypto/man/EVP_DigestSignInit.3 b/secure/lib/libcrypto/man/EVP_DigestSignInit.3
index 274d761..c97c38c 100644
--- a/secure/lib/libcrypto/man/EVP_DigestSignInit.3
+++ b/secure/lib/libcrypto/man/EVP_DigestSignInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_DigestSignInit 3"
-.TH EVP_DigestSignInit 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EVP_DigestSignInit 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -146,7 +155,7 @@ EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal \- EVP signing fun
The \s-1EVP\s0 signature routines are a high level interface to digital signatures.
.PP
\&\fIEVP_DigestSignInit()\fR sets up signing context \fBctx\fR to use digest \fBtype\fR from
-\&\s-1ENGINE\s0 \fBimpl\fR and private key \fBpkey\fR. \fBctx\fR must be initialized with
+\&\s-1ENGINE \s0\fBimpl\fR and private key \fBpkey\fR. \fBctx\fR must be initialized with
\&\fIEVP_MD_CTX_init()\fR before calling this function. If \fBpctx\fR is not \s-1NULL\s0 the
\&\s-1EVP_PKEY_CTX\s0 of the signing operation will be written to \fB*pctx\fR: this can
be used to set alternative signing options.
@@ -178,7 +187,7 @@ transparent to the algorithm used and much more flexible.
.PP
In previous versions of OpenSSL there was a link between message digest types
and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fIEVP_dss1()\fR
-needed to be used to sign using \s-1SHA1\s0 and \s-1DSA\s0. This is no longer necessary and
+needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and
the use of clone digest is now discouraged.
.PP
For some key types and parameters the random number generator must be seeded
diff --git a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
index 2db25cc..79791fb 100644
--- a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
+++ b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_DigestVerifyInit 3"
-.TH EVP_DigestVerifyInit 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EVP_DigestVerifyInit 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -146,7 +155,7 @@ EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal \- EVP signa
The \s-1EVP\s0 signature routines are a high level interface to digital signatures.
.PP
\&\fIEVP_DigestVerifyInit()\fR sets up verification context \fBctx\fR to use digest
-\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR and public key \fBpkey\fR. \fBctx\fR must be initialized
+\&\fBtype\fR from \s-1ENGINE \s0\fBimpl\fR and public key \fBpkey\fR. \fBctx\fR must be initialized
with \fIEVP_MD_CTX_init()\fR before calling this function. If \fBpctx\fR is not \s-1NULL\s0 the
\&\s-1EVP_PKEY_CTX\s0 of the verification operation will be written to \fB*pctx\fR: this
can be used to set alternative verification options.
@@ -178,7 +187,7 @@ transparent to the algorithm used and much more flexible.
.PP
In previous versions of OpenSSL there was a link between message digest types
and public key algorithms. This meant that \*(L"clone\*(R" digests such as \fIEVP_dss1()\fR
-needed to be used to sign using \s-1SHA1\s0 and \s-1DSA\s0. This is no longer necessary and
+needed to be used to sign using \s-1SHA1\s0 and \s-1DSA.\s0 This is no longer necessary and
the use of clone digest is now discouraged.
.PP
For some key types and parameters the random number generator must be seeded
diff --git a/secure/lib/libcrypto/man/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/EVP_EncryptInit.3
index 07532b9..7c9cb41 100644
--- a/secure/lib/libcrypto/man/EVP_EncryptInit.3
+++ b/secure/lib/libcrypto/man/EVP_EncryptInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_EncryptInit 3"
-.TH EVP_EncryptInit 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EVP_EncryptInit 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -227,7 +236,7 @@ symmetric ciphers.
\&\fIEVP_CIPHER_CTX_init()\fR initializes cipher contex \fBctx\fR.
.PP
\&\fIEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption
-with cipher \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized
+with cipher \fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized
before calling this function. \fBtype\fR is normally supplied
by a function such as \fIEVP_des_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the
default implementation is used. \fBkey\fR is the symmetric key to use
@@ -235,7 +244,7 @@ and \fBiv\fR is the \s-1IV\s0 to use (if necessary), the actual number of bytes
used for the key and \s-1IV\s0 depends on the cipher. It is possible to set
all parameters to \s-1NULL\s0 except \fBtype\fR in an initial call and supply
the remaining parameters in subsequent calls, all of which have \fBtype\fR
-set to \s-1NULL\s0. This is done when the default cipher parameters are not
+set to \s-1NULL.\s0 This is done when the default cipher parameters are not
appropriate.
.PP
\&\fIEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and
@@ -243,7 +252,7 @@ writes the encrypted version to \fBout\fR. This function can be called
multiple times to encrypt successive blocks of data. The amount
of data written depends on the block alignment of the encrypted data:
as a result the amount of data written may be anything from zero bytes
-to (inl + cipher_block_size \- 1) so \fBoutl\fR should contain sufficient
+to (inl + cipher_block_size \- 1) so \fBout\fR should contain sufficient
room. The actual number of bytes written is placed in \fBoutl\fR.
.PP
If padding is enabled (the default) then \fIEVP_EncryptFinal_ex()\fR encrypts
@@ -294,8 +303,8 @@ return an \s-1EVP_CIPHER\s0 structure when passed a cipher name, a \s-1NID\s0 or
.PP
\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return the \s-1NID\s0 of a cipher when
passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The actual \s-1NID\s0
-value is an internal value which may not have a corresponding \s-1OBJECT\s0
-\&\s-1IDENTIFIER\s0.
+value is an internal value which may not have a corresponding \s-1OBJECT
+IDENTIFIER.\s0
.PP
\&\fIEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. By default
encryption operations are padded using standard block padding and the
@@ -317,7 +326,7 @@ length to any value other than the fixed value is an error.
.PP
\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0
length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR.
-It will return zero if the cipher does not use an \s-1IV\s0. The constant
+It will return zero if the cipher does not use an \s-1IV. \s0 The constant
\&\fB\s-1EVP_MAX_IV_LENGTH\s0\fR is the maximum \s-1IV\s0 length for all ciphers.
.PP
\&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block
@@ -326,9 +335,9 @@ structure. The constant \fB\s-1EVP_MAX_IV_LENGTH\s0\fR is also the maximum block
length for all ciphers.
.PP
\&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the type of the passed
-cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 of the cipher \s-1OBJECT\s0
-\&\s-1IDENTIFIER\s0 as such it ignores the cipher parameters and 40 bit \s-1RC2\s0 and
-128 bit \s-1RC2\s0 have the same \s-1NID\s0. If the cipher does not have an object
+cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 of the cipher \s-1OBJECT
+IDENTIFIER\s0 as such it ignores the cipher parameters and 40 bit \s-1RC2\s0 and
+128 bit \s-1RC2\s0 have the same \s-1NID.\s0 If the cipher does not have an object
identifier or does not have \s-1ASN1\s0 support this function will return
\&\fBNID_undef\fR.
.PP
@@ -336,24 +345,24 @@ identifier or does not have \s-1ASN1\s0 support this function will return
an \fB\s-1EVP_CIPHER_CTX\s0\fR structure.
.PP
\&\fIEVP_CIPHER_mode()\fR and \fIEVP_CIPHER_CTX_mode()\fR return the block cipher mode:
-\&\s-1EVP_CIPH_ECB_MODE\s0, \s-1EVP_CIPH_CBC_MODE\s0, \s-1EVP_CIPH_CFB_MODE\s0 or
-\&\s-1EVP_CIPH_OFB_MODE\s0. If the cipher is a stream cipher then
+\&\s-1EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE\s0 or
+\&\s-1EVP_CIPH_OFB_MODE.\s0 If the cipher is a stream cipher then
\&\s-1EVP_CIPH_STREAM_CIPHER\s0 is returned.
.PP
\&\fIEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based
on the passed cipher. This will typically include any parameters and an
-\&\s-1IV\s0. The cipher \s-1IV\s0 (if any) must be set when this call is made. This call
+\&\s-1IV.\s0 The cipher \s-1IV \s0(if any) must be set when this call is made. This call
should be made before the cipher is actually \*(L"used\*(R" (before any
\&\fIEVP_EncryptUpdate()\fR, \fIEVP_DecryptUpdate()\fR calls for example). This function
may fail if the cipher does not have any \s-1ASN1\s0 support.
.PP
\&\fIEVP_CIPHER_asn1_to_param()\fR sets the cipher parameters based on an \s-1ASN1\s0
AlgorithmIdentifier \*(L"parameter\*(R". The precise effect depends on the cipher
-In the case of \s-1RC2\s0, for example, it will set the \s-1IV\s0 and effective key length.
+In the case of \s-1RC2,\s0 for example, it will set the \s-1IV\s0 and effective key length.
This function should be called after the base cipher type is set but before
the key is set. For example \fIEVP_CipherInit()\fR will be called with the \s-1IV\s0 and
-key set to \s-1NULL\s0, \fIEVP_CIPHER_asn1_to_param()\fR will be called and finally
-\&\fIEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL\s0. It is
+key set to \s-1NULL,\s0 \fIEVP_CIPHER_asn1_to_param()\fR will be called and finally
+\&\fIEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL.\s0 It is
possible for this function to fail if the cipher does not have any \s-1ASN1\s0 support
or the parameters cannot be set (for example the \s-1RC2\s0 effective key length
is not supported.
@@ -377,7 +386,7 @@ return 1 for success and 0 for failure.
\&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR
return an \fB\s-1EVP_CIPHER\s0\fR structure or \s-1NULL\s0 on error.
.PP
-\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return a \s-1NID\s0.
+\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return a \s-1NID.\s0
.PP
\&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block
size.
@@ -388,10 +397,10 @@ length.
\&\fIEVP_CIPHER_CTX_set_padding()\fR always returns 1.
.PP
\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0
-length or zero if the cipher does not use an \s-1IV\s0.
+length or zero if the cipher does not use an \s-1IV.\s0
.PP
\&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the \s-1NID\s0 of the cipher's
-\&\s-1OBJECT\s0 \s-1IDENTIFIER\s0 or NID_undef if it has no defined \s-1OBJECT\s0 \s-1IDENTIFIER\s0.
+\&\s-1OBJECT IDENTIFIER\s0 or NID_undef if it has no defined \s-1OBJECT IDENTIFIER.\s0
.PP
\&\fIEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure.
.PP
@@ -405,13 +414,13 @@ All algorithms have a fixed key length unless otherwise stated.
Null cipher: does nothing.
.IP "EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)" 4
.IX Item "EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)"
-\&\s-1DES\s0 in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively.
+\&\s-1DES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively.
.IP "EVP_des_ede_cbc(void), \fIEVP_des_ede()\fR, EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)" 4
-.IX Item "EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)"
-Two key triple \s-1DES\s0 in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively.
+.IX Item "EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)"
+Two key triple \s-1DES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively.
.IP "EVP_des_ede3_cbc(void), \fIEVP_des_ede3()\fR, EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)" 4
-.IX Item "EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)"
-Three key triple \s-1DES\s0 in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively.
+.IX Item "EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)"
+Three key triple \s-1DES\s0 in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively.
.IP "EVP_desx_cbc(void)" 4
.IX Item "EVP_desx_cbc(void)"
\&\s-1DESX\s0 algorithm in \s-1CBC\s0 mode.
@@ -424,10 +433,10 @@ Three key triple \s-1DES\s0 in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0
and the \fIEVP_CIPHER_CTX_set_key_length()\fR function.
.IP "\fIEVP_idea_cbc()\fR EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void)" 4
.IX Item "EVP_idea_cbc() EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void)"
-\&\s-1IDEA\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively.
+\&\s-1IDEA\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively.
.IP "EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void)" 4
.IX Item "EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void)"
-\&\s-1RC2\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key
+\&\s-1RC2\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key
length cipher with an additional parameter called \*(L"effective key bits\*(R" or \*(L"effective key length\*(R".
By default both are set to 128 bits.
.IP "EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void)" 4
@@ -437,15 +446,15 @@ These are obsolete and new code should use \fIEVP_rc2_cbc()\fR, \fIEVP_CIPHER_CT
\&\fIEVP_CIPHER_CTX_ctrl()\fR to set the key length and effective key length.
.IP "EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);" 4
.IX Item "EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);"
-Blowfish encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key
+Blowfish encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key
length cipher.
.IP "EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void)" 4
.IX Item "EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void)"
-\&\s-1CAST\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key
+\&\s-1CAST\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key
length cipher.
.IP "EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void)" 4
.IX Item "EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void)"
-\&\s-1RC5\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key length
+\&\s-1RC5\s0 encryption algorithm in \s-1CBC, ECB, CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key length
cipher with an additional \*(L"number of rounds\*(R" parameter. By default the key length is set to 128
bits and 12 rounds.
.SH "NOTES"
@@ -490,7 +499,7 @@ unpredictable. This is because it has become standard practice to define a
generic key as a fixed unsigned char array containing \s-1EVP_MAX_KEY_LENGTH\s0 bytes.
.PP
The \s-1ASN1\s0 code is incomplete (and sometimes inaccurate) it has only been tested
-for certain common S/MIME ciphers (\s-1RC2\s0, \s-1DES\s0, triple \s-1DES\s0) in \s-1CBC\s0 mode.
+for certain common S/MIME ciphers (\s-1RC2, DES,\s0 triple \s-1DES\s0) in \s-1CBC\s0 mode.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Encrypt a string using \s-1IDEA:\s0
@@ -547,7 +556,7 @@ utility with the command line (shown on two lines for clarity):
\& \-K 000102030405060708090A0B0C0D0E0F \-iv 0102030405060708
.Ve
.PP
-General encryption and decryption function example using \s-1FILE\s0 I/O and \s-1AES128\s0
+General encryption and decryption function example using \s-1FILE I/O\s0 and \s-1AES128\s0
with a 128\-bit key:
.PP
.Vb 11
diff --git a/secure/lib/libcrypto/man/EVP_OpenInit.3 b/secure/lib/libcrypto/man/EVP_OpenInit.3
index bae7da0..4eecc87 100644
--- a/secure/lib/libcrypto/man/EVP_OpenInit.3
+++ b/secure/lib/libcrypto/man/EVP_OpenInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_OpenInit 3"
-.TH EVP_OpenInit 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EVP_OpenInit 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -163,7 +172,7 @@ page.
It is possible to call \fIEVP_OpenInit()\fR twice in the same way as
\&\fIEVP_DecryptInit()\fR. The first call should have \fBpriv\fR set to \s-1NULL\s0
and (after setting any cipher parameters) it should be called again
-with \fBtype\fR set to \s-1NULL\s0.
+with \fBtype\fR set to \s-1NULL.\s0
.PP
If the cipher passed in the \fBtype\fR parameter is a variable length
cipher then the key length will be set to the value of the recovered
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
index 150e1b1..3fb67c5 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_CTX_ctrl 3"
-.TH EVP_PKEY_CTX_ctrl 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EVP_PKEY_CTX_ctrl 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -191,7 +200,7 @@ The \fBpad\fR parameter can take the value \s-1RSA_PKCS1_PADDING\s0 for PKCS#1 p
\&\s-1RSA_SSLV23_PADDING\s0 for SSLv23 padding, \s-1RSA_NO_PADDING\s0 for no padding,
\&\s-1RSA_PKCS1_OAEP_PADDING\s0 for \s-1OAEP\s0 padding (encrypt and decrypt only),
\&\s-1RSA_X931_PADDING\s0 for X9.31 padding (signature operations only) and
-\&\s-1RSA_PKCS1_PSS_PADDING\s0 (sign and verify only).
+\&\s-1RSA_PKCS1_PSS_PADDING \s0(sign and verify only).
.PP
Two \s-1RSA\s0 padding modes behave differently if \fIEVP_PKEY_CTX_set_signature_md()\fR
is used. If this macro is called for PKCS#1 padding the plaintext buffer is
@@ -202,7 +211,7 @@ supplied data is used directly and not encapsulated. In the case of X9.31
padding for \s-1RSA\s0 the algorithm identifier byte is added or checked and removed
if this control is called. If it is not called then the first byte of the plaintext buffer is expected to be the algorithm identifier byte.
.PP
-The \fIEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro sets the \s-1RSA\s0 \s-1PSS\s0 salt length to
+The \fIEVP_PKEY_CTX_set_rsa_pss_saltlen()\fR macro sets the \s-1RSA PSS\s0 salt length to
\&\fBlen\fR as its name implies it is only supported for \s-1PSS\s0 padding. Two special
values are supported: \-1 sets the salt length to the digest length. When
signing \-2 sets the salt length to the maximum permissible value. When
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
index dabe8b9..c7aacaf 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_CTX_new 3"
-.TH EVP_PKEY_CTX_new 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EVP_PKEY_CTX_new 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -144,10 +153,10 @@ EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free \- pu
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fIEVP_PKEY_CTX_new()\fR function allocates public key algorithm context using
-the algorithm specified in \fBpkey\fR and \s-1ENGINE\s0 \fBe\fR.
+the algorithm specified in \fBpkey\fR and \s-1ENGINE \s0\fBe\fR.
.PP
The \fIEVP_PKEY_CTX_new_id()\fR function allocates public key algorithm context
-using the algorithm specified by \fBid\fR and \s-1ENGINE\s0 \fBe\fR. It is normally used
+using the algorithm specified by \fBid\fR and \s-1ENGINE \s0\fBe\fR. It is normally used
when no \fB\s-1EVP_PKEY\s0\fR structure is associated with the operations, for example
during parameter generation of key genration for some algorithms.
.PP
@@ -157,7 +166,7 @@ during parameter generation of key genration for some algorithms.
.SH "NOTES"
.IX Header "NOTES"
The \fB\s-1EVP_PKEY_CTX\s0\fR structure is an opaque public key algorithm context used
-by the OpenSSL high level public key \s-1API\s0. Contexts \fB\s-1MUST\s0 \s-1NOT\s0\fR be shared between
+by the OpenSSL high level public key \s-1API.\s0 Contexts \fB\s-1MUST NOT\s0\fR be shared between
threads: that is it is not permissible to use the same context simultaneously
in two threads.
.SH "RETURN VALUES"
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
index 74e8e88..a3af798 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_cmp 3"
-.TH EVP_PKEY_cmp 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EVP_PKEY_cmp 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
index a59895c..c2eefe6 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_decrypt 3"
-.TH EVP_PKEY_decrypt 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EVP_PKEY_decrypt 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -168,7 +177,7 @@ or a negative value for failure. In particular a return value of \-2
indicates the operation is not supported by the public key algorithm.
.SH "EXAMPLE"
.IX Header "EXAMPLE"
-Decrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys):
+Decrypt data using \s-1OAEP \s0(for \s-1RSA\s0 keys):
.PP
.Vb 2
\& #include <openssl/evp.h>
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_derive.3 b/secure/lib/libcrypto/man/EVP_PKEY_derive.3
index e07e97c..2689823 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_derive.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_derive.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_derive 3"
-.TH EVP_PKEY_derive 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EVP_PKEY_derive 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
index 63fa3d9..01ec13a 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_encrypt 3"
-.TH EVP_PKEY_encrypt 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EVP_PKEY_encrypt 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -168,20 +177,24 @@ or a negative value for failure. In particular a return value of \-2
indicates the operation is not supported by the public key algorithm.
.SH "EXAMPLE"
.IX Header "EXAMPLE"
-Encrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys):
+Encrypt data using \s-1OAEP \s0(for \s-1RSA\s0 keys). See also \fIPEM_read_PUBKEY\fR\|(3) or
+\&\fId2i_X509\fR\|(3) for means to load a public key. You may also simply
+set 'eng = \s-1NULL\s0;' to start with the default OpenSSL \s-1RSA\s0 implementation:
.PP
-.Vb 2
+.Vb 3
\& #include <openssl/evp.h>
\& #include <openssl/rsa.h>
+\& #include <openssl/engine.h>
\&
\& EVP_PKEY_CTX *ctx;
+\& ENGINE *eng;
\& unsigned char *out, *in;
\& size_t outlen, inlen;
\& EVP_PKEY *key;
-\& /* NB: assumes key in, inlen are already set up
+\& /* NB: assumes eng, key, in, inlen are already set up,
\& * and that key is an RSA public key
\& */
-\& ctx = EVP_PKEY_CTX_new(key);
+\& ctx = EVP_PKEY_CTX_new(key,eng);
\& if (!ctx)
\& /* Error occurred */
\& if (EVP_PKEY_encrypt_init(ctx) <= 0)
@@ -205,6 +218,8 @@ Encrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys):
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
+\&\fId2i_X509\fR\|(3),
+\&\fIengine\fR\|(3),
\&\fIEVP_PKEY_CTX_new\fR\|(3),
\&\fIEVP_PKEY_decrypt\fR\|(3),
\&\fIEVP_PKEY_sign\fR\|(3),
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
index 221b632..0735bb6 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_get_default_digest 3"
-.TH EVP_PKEY_get_default_digest 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EVP_PKEY_get_default_digest 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
index 93b555d..0569e1e 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_keygen 3"
-.TH EVP_PKEY_keygen 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EVP_PKEY_keygen 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_new.3
index 4b8f058..dbd8b66 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_new.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_new 3"
-.TH EVP_PKEY_new 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EVP_PKEY_new 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
index ae76b2a..1aa2dc3 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_print_private 3"
-.TH EVP_PKEY_print_private 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EVP_PKEY_print_private 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +156,7 @@ EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params \- public k
.IX Header "DESCRIPTION"
The functions \fIEVP_PKEY_print_public()\fR, \fIEVP_PKEY_print_private()\fR and
\&\fIEVP_PKEY_print_params()\fR print out the public, private or parameter components
-of key \fBpkey\fR respectively. The key is sent to \s-1BIO\s0 \fBout\fR in human readable
+of key \fBpkey\fR respectively. The key is sent to \s-1BIO \s0\fBout\fR in human readable
form. The parameter \fBindent\fR indicated how far the printout should be indented.
.PP
The \fBpctx\fR parameter allows the print output to be finely tuned by using
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
index b673677..8716878 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_set1_RSA 3"
-.TH EVP_PKEY_set1_RSA 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EVP_PKEY_set1_RSA 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -172,8 +181,8 @@ will be freed when the parent \fBpkey\fR is freed.
.PP
\&\fIEVP_PKEY_type()\fR returns the type of key corresponding to the value
\&\fBtype\fR. The type of a key can be obtained with
-EVP_PKEY_type(pkey\->type). The return value will be \s-1EVP_PKEY_RSA\s0,
-\&\s-1EVP_PKEY_DSA\s0, \s-1EVP_PKEY_DH\s0 or \s-1EVP_PKEY_EC\s0 for the corresponding
+EVP_PKEY_type(pkey\->type). The return value will be \s-1EVP_PKEY_RSA,
+EVP_PKEY_DSA, EVP_PKEY_DH\s0 or \s-1EVP_PKEY_EC\s0 for the corresponding
key types or NID_undef if the key type is unassigned.
.SH "NOTES"
.IX Header "NOTES"
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_sign.3 b/secure/lib/libcrypto/man/EVP_PKEY_sign.3
index a53da46..2f3e7ad 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_sign.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_sign.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_sign 3"
-.TH EVP_PKEY_sign 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EVP_PKEY_sign 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify.3
index 90d6c8c..6f0d99a 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_verify.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_verify.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_verify 3"
-.TH EVP_PKEY_verify 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EVP_PKEY_verify 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
index be65935..3dfb207 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_verify_recover 3"
-.TH EVP_PKEY_verify_recover 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EVP_PKEY_verify_recover 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_SealInit.3 b/secure/lib/libcrypto/man/EVP_SealInit.3
index 9d21939..e41c4c2 100644
--- a/secure/lib/libcrypto/man/EVP_SealInit.3
+++ b/secure/lib/libcrypto/man/EVP_SealInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_SealInit 3"
-.TH EVP_SealInit 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EVP_SealInit 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,12 +156,12 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- EVP envelope encryption
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1EVP\s0 envelope routines are a high level interface to envelope
-encryption. They generate a random key and \s-1IV\s0 (if required) then
+encryption. They generate a random key and \s-1IV \s0(if required) then
\&\*(L"envelope\*(R" it by using public key encryption. Data can then be
encrypted using this key.
.PP
\&\fIEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption
-with cipher \fBtype\fR using a random secret key and \s-1IV\s0. \fBtype\fR is normally
+with cipher \fBtype\fR using a random secret key and \s-1IV. \s0\fBtype\fR is normally
supplied by a function such as \fIEVP_des_cbc()\fR. The secret key is encrypted
using one or more public keys, this allows the same encrypted data to be
decrypted using any of the corresponding private keys. \fBek\fR is an array of
@@ -163,7 +172,7 @@ size of each encrypted secret key is written to the array \fBekl\fR. \fBpubk\fR
an array of \fBnpubk\fR public keys.
.PP
The \fBiv\fR parameter is a buffer where the generated \s-1IV\s0 is written to. It must
-contain enough room for the corresponding cipher's \s-1IV\s0, as determined by (for
+contain enough room for the corresponding cipher's \s-1IV,\s0 as determined by (for
example) EVP_CIPHER_iv_length(type).
.PP
If the cipher does not require an \s-1IV\s0 then the \fBiv\fR parameter is ignored
@@ -196,7 +205,7 @@ using public key encryption.
It is possible to call \fIEVP_SealInit()\fR twice in the same way as
\&\fIEVP_EncryptInit()\fR. The first call should have \fBnpubk\fR set to 0
and (after setting any cipher parameters) it should be called again
-with \fBtype\fR set to \s-1NULL\s0.
+with \fBtype\fR set to \s-1NULL.\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIevp\fR\|(3), \fIrand\fR\|(3),
diff --git a/secure/lib/libcrypto/man/EVP_SignInit.3 b/secure/lib/libcrypto/man/EVP_SignInit.3
index 2d30fd0..7b3d922 100644
--- a/secure/lib/libcrypto/man/EVP_SignInit.3
+++ b/secure/lib/libcrypto/man/EVP_SignInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_SignInit 3"
-.TH EVP_SignInit 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EVP_SignInit 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,7 +159,7 @@ The \s-1EVP\s0 signature routines are a high level interface to digital
signatures.
.PP
\&\fIEVP_SignInit_ex()\fR sets up signing context \fBctx\fR to use digest
-\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized with
+\&\fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized with
\&\fIEVP_MD_CTX_init()\fR before calling this function.
.PP
\&\fIEVP_SignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
diff --git a/secure/lib/libcrypto/man/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/EVP_VerifyInit.3
index 1e1f485..00dbf5ab 100644
--- a/secure/lib/libcrypto/man/EVP_VerifyInit.3
+++ b/secure/lib/libcrypto/man/EVP_VerifyInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_VerifyInit 3"
-.TH EVP_VerifyInit 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EVP_VerifyInit 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,7 +157,7 @@ The \s-1EVP\s0 signature verification routines are a high level interface to dig
signatures.
.PP
\&\fIEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest
-\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized by calling
+\&\fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized by calling
\&\fIEVP_MD_CTX_init()\fR before calling this function.
.PP
\&\fIEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
diff --git a/secure/lib/libcrypto/man/OBJ_nid2obj.3 b/secure/lib/libcrypto/man/OBJ_nid2obj.3
index 8049dee..592df8c 100644
--- a/secure/lib/libcrypto/man/OBJ_nid2obj.3
+++ b/secure/lib/libcrypto/man/OBJ_nid2obj.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "OBJ_nid2obj 3"
-.TH OBJ_nid2obj 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH OBJ_nid2obj 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -160,9 +169,9 @@ functions
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1ASN1\s0 object utility functions process \s-1ASN1_OBJECT\s0 structures which are
-a representation of the \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0 (\s-1OID\s0) type.
+a representation of the \s-1ASN1 OBJECT IDENTIFIER \s0(\s-1OID\s0) type.
.PP
-\&\fIOBJ_nid2obj()\fR, \fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR convert the \s-1NID\s0 \fBn\fR to
+\&\fIOBJ_nid2obj()\fR, \fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR convert the \s-1NID \s0\fBn\fR to
an \s-1ASN1_OBJECT\s0 structure, its long name and its short name respectively,
or \fB\s-1NULL\s0\fR is an error occurred.
.PP
@@ -223,7 +232,7 @@ Objects which are not in the table have the \s-1NID\s0 value NID_undef.
.PP
Objects do not need to be in the internal tables to be processed,
the functions \fIOBJ_txt2obj()\fR and \fIOBJ_obj2txt()\fR can process the numerical
-form of an \s-1OID\s0.
+form of an \s-1OID.\s0
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Create an object for \fBcommonName\fR:
diff --git a/secure/lib/libcrypto/man/OPENSSL_Applink.3 b/secure/lib/libcrypto/man/OPENSSL_Applink.3
index 1bd1cea..f5f6a8f 100644
--- a/secure/lib/libcrypto/man/OPENSSL_Applink.3
+++ b/secure/lib/libcrypto/man/OPENSSL_Applink.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL_Applink 3"
-.TH OPENSSL_Applink 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH OPENSSL_Applink 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
index 4db6f354..b2699be 100644
--- a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
+++ b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL_VERSION_NUMBER 3"
-.TH OPENSSL_VERSION_NUMBER 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH OPENSSL_VERSION_NUMBER 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -205,8 +214,8 @@ The \*(L"Configure\*(R" target of the library build in the form \*(L"platform: .
if available or \*(L"platform: information not available\*(R" otherwise.
.IP "\s-1SSLEAY_DIR\s0" 4
.IX Item "SSLEAY_DIR"
-The \*(L"\s-1OPENSSLDIR\s0\*(R" setting of the library build in the form \*(L"\s-1OPENSSLDIR:\s0 \*(R"..."\*(L"
-if available or \*(R"\s-1OPENSSLDIR:\s0 N/A" otherwise.
+The \*(L"\s-1OPENSSLDIR\*(R"\s0 setting of the library build in the form \*(L"\s-1OPENSSLDIR: \*(R"..."\*(L"\s0
+if available or \*(R"\s-1OPENSSLDIR: N/A"\s0 otherwise.
.PP
For an unknown \fBt\fR, the text \*(L"not available\*(R" is returned.
.SH "RETURN VALUE"
diff --git a/secure/lib/libcrypto/man/OPENSSL_config.3 b/secure/lib/libcrypto/man/OPENSSL_config.3
index 203236d..e75d6e7 100644
--- a/secure/lib/libcrypto/man/OPENSSL_config.3
+++ b/secure/lib/libcrypto/man/OPENSSL_config.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL_config 3"
-.TH OPENSSL_config 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH OPENSSL_config 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
index 6e296d1..9b81f61 100644
--- a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
+++ b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL_ia32cap 3"
-.TH OPENSSL_ia32cap 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH OPENSSL_ia32cap 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -159,7 +168,7 @@ significant, namely:
.PP
For example, clearing bit #26 at run-time disables high-performance
\&\s-1SSE2\s0 code present in the crypto library. You might have to do this if
-target OpenSSL application is executed on \s-1SSE2\s0 capable \s-1CPU\s0, but under
+target OpenSSL application is executed on \s-1SSE2\s0 capable \s-1CPU,\s0 but under
control of \s-1OS\s0 which does not support \s-1SSE2\s0 extentions. Even though you
can manipulate the value programmatically, you most likely will find it
more appropriate to set up an environment variable with the same name
diff --git a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
index 4f9c2dd..c003f82 100644
--- a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
+++ b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL_load_builtin_modules 3"
-.TH OPENSSL_load_builtin_modules 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH OPENSSL_load_builtin_modules 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -146,7 +155,7 @@ The function \fIOPENSSL_load_builtin_modules()\fR adds all the standard OpenSSL
configuration modules to the internal list. They can then be used by the
OpenSSL configuration code.
.PP
-\&\fIASN1_add_oid_module()\fR adds just the \s-1ASN1\s0 \s-1OBJECT\s0 module.
+\&\fIASN1_add_oid_module()\fR adds just the \s-1ASN1 OBJECT\s0 module.
.PP
\&\fIENGINE_add_conf_module()\fR adds just the \s-1ENGINE\s0 configuration module.
.SH "NOTES"
diff --git a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
index 157bf2d..0f0d0ef 100644
--- a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
+++ b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "OpenSSL_add_all_algorithms 3"
-.TH OpenSSL_add_all_algorithms 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH OpenSSL_add_all_algorithms 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -171,7 +180,7 @@ needs to lookup algorithms.
.PP
The cipher and digest lookup functions are used in many parts of the library. If
the table is not initialized several functions will misbehave and complain they
-cannot find algorithms. This includes the \s-1PEM\s0, PKCS#12, \s-1SSL\s0 and S/MIME libraries.
+cannot find algorithms. This includes the \s-1PEM,\s0 PKCS#12, \s-1SSL\s0 and S/MIME libraries.
This is a common query in the OpenSSL mailing lists.
.PP
Calling \fIOpenSSL_add_all_algorithms()\fR links in all algorithms: as a result a
diff --git a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
index c3b3ac7..5937a44 100644
--- a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
+++ b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PEM_write_bio_CMS_stream 3"
-.TH PEM_write_bio_CMS_stream 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PEM_write_bio_CMS_stream 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
index fae1dd5..59f885e 100644
--- a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
+++ b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PEM_write_bio_PKCS7_stream 3"
-.TH PEM_write_bio_PKCS7_stream 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PEM_write_bio_PKCS7_stream 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/PKCS12_create.3 b/secure/lib/libcrypto/man/PKCS12_create.3
index 11f6d27..f075f25 100644
--- a/secure/lib/libcrypto/man/PKCS12_create.3
+++ b/secure/lib/libcrypto/man/PKCS12_create.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS12_create 3"
-.TH PKCS12_create 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PKCS12_create 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -158,15 +167,15 @@ The parameters \fBnid_key\fR, \fBnid_cert\fR, \fBiter\fR, \fBmac_iter\fR and \fB
can all be set to zero and sensible defaults will be used.
.PP
These defaults are: 40 bit \s-1RC2\s0 encryption for certificates, triple \s-1DES\s0
-encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER\s0
-(currently 2048) and a \s-1MAC\s0 iteration count of 1.
+encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER
+\&\s0(currently 2048) and a \s-1MAC\s0 iteration count of 1.
.PP
The default \s-1MAC\s0 iteration count is 1 in order to retain compatibility with
old software which did not interpret \s-1MAC\s0 iteration counts. If such compatibility
-is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER\s0.
+is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER.\s0
.PP
\&\fBkeytype\fR adds a flag to the store private key. This is a non standard extension
-that is only currently interpreted by \s-1MSIE\s0. If set to zero the flag is omitted,
+that is only currently interpreted by \s-1MSIE.\s0 If set to zero the flag is omitted,
if set to \fB\s-1KEY_SIG\s0\fR the key can be used for signing only, if set to \fB\s-1KEY_EX\s0\fR
it can be used for signing and encryption. This option was useful for old
export grade software which could use signing only keys of arbitrary size but
diff --git a/secure/lib/libcrypto/man/PKCS12_parse.3 b/secure/lib/libcrypto/man/PKCS12_parse.3
index 7814702..f573bb8 100644
--- a/secure/lib/libcrypto/man/PKCS12_parse.3
+++ b/secure/lib/libcrypto/man/PKCS12_parse.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS12_parse 3"
-.TH PKCS12_parse 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PKCS12_parse 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/PKCS7_decrypt.3 b/secure/lib/libcrypto/man/PKCS7_decrypt.3
index 874fb29..61340ef 100644
--- a/secure/lib/libcrypto/man/PKCS7_decrypt.3
+++ b/secure/lib/libcrypto/man/PKCS7_decrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7_decrypt 3"
-.TH PKCS7_decrypt 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PKCS7_decrypt 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/PKCS7_encrypt.3 b/secure/lib/libcrypto/man/PKCS7_encrypt.3
index 74011b6..cff0483 100644
--- a/secure/lib/libcrypto/man/PKCS7_encrypt.3
+++ b/secure/lib/libcrypto/man/PKCS7_encrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7_encrypt 3"
-.TH PKCS7_encrypt 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PKCS7_encrypt 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -153,7 +162,7 @@ they do not have to be signed using the \s-1RSA\s0 algorithm.
because most clients will support it.
.PP
Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64
-bit \s-1RC2\s0. These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR
+bit \s-1RC2.\s0 These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR
respectively.
.PP
The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of
@@ -176,7 +185,7 @@ otherwise the translation will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set t
\&\fB\s-1PKCS7_TEXT\s0\fR is ignored.
.PP
If the \fB\s-1PKCS7_STREAM\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output
-suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR.
+suitable for streaming I/O: no data is read from the \s-1BIO \s0\fBin\fR.
.SH "NOTES"
.IX Header "NOTES"
If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR
@@ -186,7 +195,7 @@ results.
.PP
Several functions including \fISMIME_write_PKCS7()\fR, \fIi2d_PKCS7_bio_stream()\fR,
\&\fIPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization
-can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using
+can be performed by obtaining the streaming \s-1ASN1 \s0\fB\s-1BIO\s0\fR directly using
\&\fIBIO_new_PKCS7()\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
diff --git a/secure/lib/libcrypto/man/PKCS7_sign.3 b/secure/lib/libcrypto/man/PKCS7_sign.3
index f4d9257..92e62d2 100644
--- a/secure/lib/libcrypto/man/PKCS7_sign.3
+++ b/secure/lib/libcrypto/man/PKCS7_sign.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7_sign 3"
-.TH PKCS7_sign 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PKCS7_sign 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -145,7 +154,7 @@ the certificate to sign with, \fBpkey\fR is the corresponsding private key.
\&\fBcerts\fR is an optional additional set of certificates to include in the PKCS#7
structure (for example any intermediate CAs in the chain).
.PP
-The data to be signed is read from \s-1BIO\s0 \fBdata\fR.
+The data to be signed is read from \s-1BIO \s0\fBdata\fR.
.PP
\&\fBflags\fR is an optional set of flags.
.SH "NOTES"
@@ -180,7 +189,7 @@ authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set th
the SMIMECapabilities are omitted.
.PP
If present the SMIMECapabilities attribute indicates support for the following
-algorithms: triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. If any of
+algorithms: triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any of
these algorithms is disabled then it will not be included.
.PP
If the flags \fB\s-1PKCS7_STREAM\s0\fR is set then the returned \fB\s-1PKCS7\s0\fR structure is
@@ -199,7 +208,7 @@ finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable results.
.PP
Several functions including \fISMIME_write_PKCS7()\fR, \fIi2d_PKCS7_bio_stream()\fR,
\&\fIPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization
-can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using
+can be performed by obtaining the streaming \s-1ASN1 \s0\fB\s-1BIO\s0\fR directly using
\&\fIBIO_new_PKCS7()\fR.
.PP
If a signer is specified it will use the default digest for the signing
@@ -215,7 +224,7 @@ In OpenSSL 1.0.0 if \fBsigncert\fR and \fBpkey\fR are \s-1NULL\s0 then a certifi
PKCS#7 structure is output.
.PP
In versions of OpenSSL before 1.0.0 the \fBsigncert\fR and \fBpkey\fR parameters must
-\&\fB\s-1NOT\s0\fR be \s-1NULL\s0.
+\&\fB\s-1NOT\s0\fR be \s-1NULL.\s0
.SH "BUGS"
.IX Header "BUGS"
Some advanced attributes such as counter signatures are not supported.
diff --git a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
index 139ac54..4a8b87b 100644
--- a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
+++ b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7_sign_add_signer 3"
-.TH PKCS7_sign_add_signer 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PKCS7_sign_add_signer 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -187,7 +196,7 @@ authenticatedAttributes will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set th
the SMIMECapabilities are omitted.
.PP
If present the SMIMECapabilities attribute indicates support for the following
-algorithms: triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. If any of
+algorithms: triple \s-1DES, 128\s0 bit \s-1RC2, 64\s0 bit \s-1RC2, DES\s0 and 40 bit \s-1RC2.\s0 If any of
these algorithms is disabled then it will not be included.
.PP
\&\fIPKCS7_sign_add_signers()\fR returns an internal pointer to the \s-1PKCS7_SIGNER_INFO\s0
diff --git a/secure/lib/libcrypto/man/PKCS7_verify.3 b/secure/lib/libcrypto/man/PKCS7_verify.3
index 80f641d..eb80406 100644
--- a/secure/lib/libcrypto/man/PKCS7_verify.3
+++ b/secure/lib/libcrypto/man/PKCS7_verify.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7_verify 3"
-.TH PKCS7_verify 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PKCS7_verify 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +156,7 @@ structure to verify. \fBcerts\fR is a set of certificates in which to search for
the signer's certificate. \fBstore\fR is a trusted certficate store (used for
chain verification). \fBindata\fR is the signed data if the content is not
present in \fBp7\fR (that is it is detached). The content is written to \fBout\fR
-if it is not \s-1NULL\s0.
+if it is not \s-1NULL.\s0
.PP
\&\fBflags\fR is an optional set of flags, which can be used to modify the verify
operation.
diff --git a/secure/lib/libcrypto/man/RAND_add.3 b/secure/lib/libcrypto/man/RAND_add.3
index 1f6a383..80c8cb3 100644
--- a/secure/lib/libcrypto/man/RAND_add.3
+++ b/secure/lib/libcrypto/man/RAND_add.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_add 3"
-.TH RAND_add 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RAND_add 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -156,7 +165,7 @@ key presses, mouse movements) and certain hardware events. The
\&\fBentropy\fR argument is (the lower bound of) an estimate of how much
randomness is contained in \fBbuf\fR, measured in bytes. Details about
sources of randomness and how to estimate their entropy can be found
-in the literature, e.g. \s-1RFC\s0 1750.
+in the literature, e.g. \s-1RFC 1750.\s0
.PP
\&\fIRAND_add()\fR may be called with sensitive data such as user entered
passwords. The seed values cannot be recovered from the \s-1PRNG\s0 output.
@@ -174,11 +183,11 @@ or \fIRAND_load_file\fR\|(3).
movements and other user interaction. It should be called with the
\&\fBiMsg\fR, \fBwParam\fR and \fBlParam\fR arguments of \fIall\fR messages sent to
the window procedure. It will estimate the entropy contained in the
-event message (if any), and add it to the \s-1PRNG\s0. The program can then
+event message (if any), and add it to the \s-1PRNG.\s0 The program can then
process the messages as usual.
.PP
The \fIRAND_screen()\fR function is available for the convenience of Windows
-programmers. It adds the current contents of the screen to the \s-1PRNG\s0.
+programmers. It adds the current contents of the screen to the \s-1PRNG.\s0
For applications that can catch Windows events, seeding the \s-1PRNG\s0 by
calling \fIRAND_event()\fR is a significantly better source of
randomness. It should be noted that both methods cannot be used on
diff --git a/secure/lib/libcrypto/man/RAND_bytes.3 b/secure/lib/libcrypto/man/RAND_bytes.3
index e17aded..0987151 100644
--- a/secure/lib/libcrypto/man/RAND_bytes.3
+++ b/secure/lib/libcrypto/man/RAND_bytes.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_bytes 3"
-.TH RAND_bytes 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RAND_bytes 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RAND_cleanup.3 b/secure/lib/libcrypto/man/RAND_cleanup.3
index 8534861..763bd66 100644
--- a/secure/lib/libcrypto/man/RAND_cleanup.3
+++ b/secure/lib/libcrypto/man/RAND_cleanup.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_cleanup 3"
-.TH RAND_cleanup 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RAND_cleanup 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -140,7 +149,7 @@ RAND_cleanup \- erase the PRNG state
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIRAND_cleanup()\fR erases the memory used by the \s-1PRNG\s0.
+\&\fIRAND_cleanup()\fR erases the memory used by the \s-1PRNG.\s0
.SH "RETURN VALUE"
.IX Header "RETURN VALUE"
\&\fIRAND_cleanup()\fR returns no value.
diff --git a/secure/lib/libcrypto/man/RAND_egd.3 b/secure/lib/libcrypto/man/RAND_egd.3
index 9020fbd..2b83f61 100644
--- a/secure/lib/libcrypto/man/RAND_egd.3
+++ b/secure/lib/libcrypto/man/RAND_egd.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_egd 3"
-.TH RAND_egd 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RAND_egd 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -145,12 +154,12 @@ RAND_egd \- query entropy gathering daemon
.IX Header "DESCRIPTION"
\&\fIRAND_egd()\fR queries the entropy gathering daemon \s-1EGD\s0 on socket \fBpath\fR.
It queries 255 bytes and uses \fIRAND_add\fR\|(3) to seed the
-OpenSSL built-in \s-1PRNG\s0. RAND_egd(path) is a wrapper for
+OpenSSL built-in \s-1PRNG.\s0 RAND_egd(path) is a wrapper for
RAND_egd_bytes(path, 255);
.PP
\&\fIRAND_egd_bytes()\fR queries the entropy gathering daemon \s-1EGD\s0 on socket \fBpath\fR.
It queries \fBbytes\fR bytes and uses \fIRAND_add\fR\|(3) to seed the
-OpenSSL built-in \s-1PRNG\s0.
+OpenSSL built-in \s-1PRNG.\s0
This function is more flexible than \fIRAND_egd()\fR.
When only one secret key must
be generated, it is not necessary to request the full amount 255 bytes from
@@ -159,7 +168,7 @@ that can be retrieved from \s-1EGD\s0 over time is limited.
.PP
\&\fIRAND_query_egd_bytes()\fR performs the actual query of the \s-1EGD\s0 daemon on socket
\&\fBpath\fR. If \fBbuf\fR is given, \fBbytes\fR bytes are queried and written into
-\&\fBbuf\fR. If \fBbuf\fR is \s-1NULL\s0, \fBbytes\fR bytes are queried and used to seed the
+\&\fBbuf\fR. If \fBbuf\fR is \s-1NULL, \s0\fBbytes\fR bytes are queried and used to seed the
OpenSSL built-in \s-1PRNG\s0 using \fIRAND_add\fR\|(3).
.SH "NOTES"
.IX Header "NOTES"
@@ -191,7 +200,7 @@ is located at /var/run/egd\-pool, /dev/egd\-pool or /etc/egd\-pool.
.IX Header "RETURN VALUE"
\&\fIRAND_egd()\fR and \fIRAND_egd_bytes()\fR return the number of bytes read from the
daemon on success, and \-1 if the connection failed or the daemon did not
-return enough data to fully seed the \s-1PRNG\s0.
+return enough data to fully seed the \s-1PRNG.\s0
.PP
\&\fIRAND_query_egd_bytes()\fR returns the number of bytes read from the daemon on
success, and \-1 if the connection failed. The \s-1PRNG\s0 state is not considered.
diff --git a/secure/lib/libcrypto/man/RAND_load_file.3 b/secure/lib/libcrypto/man/RAND_load_file.3
index 3e36537..a5f6ff2 100644
--- a/secure/lib/libcrypto/man/RAND_load_file.3
+++ b/secure/lib/libcrypto/man/RAND_load_file.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_load_file 3"
-.TH RAND_load_file 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RAND_load_file 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -151,7 +160,7 @@ set, \f(CW$HOME\fR/.rnd otherwise. If \f(CW$HOME\fR is not set either, or \fBnum
too small for the path name, an error occurs.
.PP
\&\fIRAND_load_file()\fR reads a number of bytes from file \fBfilename\fR and
-adds them to the \s-1PRNG\s0. If \fBmax_bytes\fR is non-negative,
+adds them to the \s-1PRNG.\s0 If \fBmax_bytes\fR is non-negative,
up to to \fBmax_bytes\fR are read; starting with OpenSSL 0.9.5,
if \fBmax_bytes\fR is \-1, the complete file is read.
.PP
diff --git a/secure/lib/libcrypto/man/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/RAND_set_rand_method.3
index f71a643..b9845b4 100644
--- a/secure/lib/libcrypto/man/RAND_set_rand_method.3
+++ b/secure/lib/libcrypto/man/RAND_set_rand_method.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_set_rand_method 3"
-.TH RAND_set_rand_method 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RAND_set_rand_method 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,19 +156,19 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay \- select RAND method
A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random number
generation. By modifying the method, alternative implementations such as
hardware RNGs may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for important
-information about how these \s-1RAND\s0 \s-1API\s0 functions are affected by the use of
+information about how these \s-1RAND API\s0 functions are affected by the use of
\&\fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
.PP
Initially, the default \s-1RAND_METHOD\s0 is the OpenSSL internal implementation, as
returned by \fIRAND_SSLeay()\fR.
.PP
\&\fIRAND_set_default_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use. \fB\s-1NB\s0\fR: This is
-true only whilst no \s-1ENGINE\s0 has been set as a default for \s-1RAND\s0, so this function
+true only whilst no \s-1ENGINE\s0 has been set as a default for \s-1RAND,\s0 so this function
is no longer recommended.
.PP
-\&\fIRAND_get_default_method()\fR returns a pointer to the current \s-1RAND_METHOD\s0.
-However, the meaningfulness of this result is dependent on whether the \s-1ENGINE\s0
-\&\s-1API\s0 is being used, so this function is no longer recommended.
+\&\fIRAND_get_default_method()\fR returns a pointer to the current \s-1RAND_METHOD.\s0
+However, the meaningfulness of this result is dependent on whether the \s-1ENGINE
+API\s0 is being used, so this function is no longer recommended.
.SH "THE RAND_METHOD STRUCTURE"
.IX Header "THE RAND_METHOD STRUCTURE"
.Vb 9
@@ -185,10 +194,10 @@ Each component may be \s-1NULL\s0 if the function is not implemented.
.SH "NOTES"
.IX Header "NOTES"
As of version 0.9.7, \s-1RAND_METHOD\s0 implementations are grouped together with other
-algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a
-default \s-1ENGINE\s0 is specified for \s-1RAND\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function,
-that will override any \s-1RAND\s0 defaults set using the \s-1RAND\s0 \s-1API\s0 (ie.
-\&\fIRAND_set_rand_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way
+algorithmic APIs (eg. \s-1RSA_METHOD, EVP_CIPHER,\s0 etc) in \fB\s-1ENGINE\s0\fR modules. If a
+default \s-1ENGINE\s0 is specified for \s-1RAND\s0 functionality using an \s-1ENGINE API\s0 function,
+that will override any \s-1RAND\s0 defaults set using the \s-1RAND API \s0(ie.
+\&\fIRAND_set_rand_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way
to control default implementations for use in \s-1RAND\s0 and other cryptographic
algorithms.
.SH "SEE ALSO"
@@ -201,6 +210,6 @@ available in all versions of OpenSSL.
.PP
In the engine version of version 0.9.6, \fIRAND_set_rand_method()\fR was altered to
take an \s-1ENGINE\s0 pointer as its argument. As of version 0.9.7, that has been
-reverted as the \s-1ENGINE\s0 \s-1API\s0 transparently overrides \s-1RAND\s0 defaults if used,
-otherwise \s-1RAND\s0 \s-1API\s0 functions work as before. \fIRAND_set_rand_engine()\fR was also
+reverted as the \s-1ENGINE API\s0 transparently overrides \s-1RAND\s0 defaults if used,
+otherwise \s-1RAND API\s0 functions work as before. \fIRAND_set_rand_engine()\fR was also
introduced in version 0.9.7.
diff --git a/secure/lib/libcrypto/man/RSA_blinding_on.3 b/secure/lib/libcrypto/man/RSA_blinding_on.3
index fcd6958..2b73949 100644
--- a/secure/lib/libcrypto/man/RSA_blinding_on.3
+++ b/secure/lib/libcrypto/man/RSA_blinding_on.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_blinding_on 3"
-.TH RSA_blinding_on 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RSA_blinding_on 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3
index ed450e2..1f97f18 100644
--- a/secure/lib/libcrypto/man/RSA_check_key.3
+++ b/secure/lib/libcrypto/man/RSA_check_key.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_check_key 3"
-.TH RSA_check_key 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RSA_check_key 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -173,7 +182,7 @@ acceleration or analysis purposes, then in all likelihood the \s-1RSA\s0 key dat
is complete and untouched, but this can't be assumed in the general case.
.SH "BUGS"
.IX Header "BUGS"
-A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA\s0 \s-1API\s0 functions might need
+A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA API\s0 functions might need
to be considered. Right now \fIRSA_check_key()\fR simply uses the \s-1RSA\s0 structure
elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and
completely violating encapsulation and object-orientation in the process).
diff --git a/secure/lib/libcrypto/man/RSA_generate_key.3 b/secure/lib/libcrypto/man/RSA_generate_key.3
index 91cbb03..f629835 100644
--- a/secure/lib/libcrypto/man/RSA_generate_key.3
+++ b/secure/lib/libcrypto/man/RSA_generate_key.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_generate_key 3"
-.TH RSA_generate_key 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RSA_generate_key 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
index 36af6de..116f846 100644
--- a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_get_ex_new_index 3"
-.TH RSA_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RSA_get_ex_new_index 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -166,7 +175,7 @@ The \fB\f(BIRSA_get_ex_new_index()\fB\fR function is initially called to \*(L"re
new application specific data. It takes three optional function pointers which
are called when the parent structure (in this case an \s-1RSA\s0 structure) is
initially created, when it is copied and when it is freed up. If any or all of
-these function pointer arguments are not used they should be set to \s-1NULL\s0. The
+these function pointer arguments are not used they should be set to \s-1NULL.\s0 The
precise manner in which these function pointers are called is described in more
detail below. \fB\f(BIRSA_get_ex_new_index()\fB\fR also takes additional long and pointer
parameters which will be passed to the supplied functions but which otherwise
diff --git a/secure/lib/libcrypto/man/RSA_new.3 b/secure/lib/libcrypto/man/RSA_new.3
index e05e31a..41e814c 100644
--- a/secure/lib/libcrypto/man/RSA_new.3
+++ b/secure/lib/libcrypto/man/RSA_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_new 3"
-.TH RSA_new 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RSA_new 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
index 4241c6b..64bcf4e 100644
--- a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
+++ b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_padding_add_PKCS1_type_1 3"
-.TH RSA_padding_add_PKCS1_type_1 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RSA_padding_add_PKCS1_type_1 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_print.3 b/secure/lib/libcrypto/man/RSA_print.3
index f44a466..bcf53e7 100644
--- a/secure/lib/libcrypto/man/RSA_print.3
+++ b/secure/lib/libcrypto/man/RSA_print.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_print 3"
-.TH RSA_print 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RSA_print 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/RSA_private_encrypt.3
index 20a6d1a..a5cc952 100644
--- a/secure/lib/libcrypto/man/RSA_private_encrypt.3
+++ b/secure/lib/libcrypto/man/RSA_private_encrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_private_encrypt 3"
-.TH RSA_private_encrypt 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RSA_private_encrypt 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/RSA_public_encrypt.3
index 5e9cdee..c6d9f85 100644
--- a/secure/lib/libcrypto/man/RSA_public_encrypt.3
+++ b/secure/lib/libcrypto/man/RSA_public_encrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_public_encrypt 3"
-.TH RSA_public_encrypt 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RSA_public_encrypt 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -154,7 +163,7 @@ session key) using the public key \fBrsa\fR and stores the ciphertext in
\&\s-1PKCS\s0 #1 v1.5 padding. This currently is the most widely used mode.
.IP "\s-1RSA_PKCS1_OAEP_PADDING\s0" 4
.IX Item "RSA_PKCS1_OAEP_PADDING"
-EME-OAEP as defined in \s-1PKCS\s0 #1 v2.0 with \s-1SHA\-1\s0, \s-1MGF1\s0 and an empty
+EME-OAEP as defined in \s-1PKCS\s0 #1 v2.0 with \s-1SHA\-1, MGF1\s0 and an empty
encoding parameter. This mode is recommended for all new applications.
.IP "\s-1RSA_SSLV23_PADDING\s0" 4
.IX Item "RSA_SSLV23_PADDING"
@@ -168,7 +177,7 @@ Encrypting user data directly with \s-1RSA\s0 is insecure.
.PP
\&\fBflen\fR must be less than RSA_size(\fBrsa\fR) \- 11 for the \s-1PKCS\s0 #1 v1.5
based padding modes, less than RSA_size(\fBrsa\fR) \- 41 for
-\&\s-1RSA_PKCS1_OAEP_PADDING\s0 and exactly RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING\s0.
+\&\s-1RSA_PKCS1_OAEP_PADDING\s0 and exactly RSA_size(\fBrsa\fR) for \s-1RSA_NO_PADDING.\s0
The random number generator must be seeded prior to calling
\&\fIRSA_public_encrypt()\fR.
.PP
@@ -187,7 +196,7 @@ On error, \-1 is returned; the error codes can be
obtained by \fIERR_get_error\fR\|(3).
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0
+\&\s-1SSL, PKCS\s0 #1 v2.0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fIrand\fR\|(3), \fIrsa\fR\|(3),
diff --git a/secure/lib/libcrypto/man/RSA_set_method.3 b/secure/lib/libcrypto/man/RSA_set_method.3
index 0c6facc7..e69e2ae 100644
--- a/secure/lib/libcrypto/man/RSA_set_method.3
+++ b/secure/lib/libcrypto/man/RSA_set_method.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_set_method 3"
-.TH RSA_set_method 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RSA_set_method 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -159,7 +168,7 @@ RSA_new_method \- select RSA method
An \fB\s-1RSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1RSA\s0
operations. By modifying the method, alternative implementations such as
hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for
-important information about how these \s-1RSA\s0 \s-1API\s0 functions are affected by the
+important information about how these \s-1RSA API\s0 functions are affected by the
use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls.
.PP
Initially, the default \s-1RSA_METHOD\s0 is the OpenSSL internal implementation,
@@ -167,16 +176,16 @@ as returned by \fIRSA_PKCS1_SSLeay()\fR.
.PP
\&\fIRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0
structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has
-been set as a default for \s-1RSA\s0, so this function is no longer recommended.
+been set as a default for \s-1RSA,\s0 so this function is no longer recommended.
.PP
\&\fIRSA_get_default_method()\fR returns a pointer to the current default
-\&\s-1RSA_METHOD\s0. However, the meaningfulness of this result is dependent on
-whether the \s-1ENGINE\s0 \s-1API\s0 is being used, so this function is no longer
+\&\s-1RSA_METHOD.\s0 However, the meaningfulness of this result is dependent on
+whether the \s-1ENGINE API\s0 is being used, so this function is no longer
recommended.
.PP
\&\fIRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key
\&\fBrsa\fR. This will replace the \s-1RSA_METHOD\s0 used by the \s-1RSA\s0 key and if the
-previous method was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will
+previous method was supplied by an \s-1ENGINE,\s0 the handle to that \s-1ENGINE\s0 will
be released during the change. It is possible to have \s-1RSA\s0 keys that only
work with certain \s-1RSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module
that supports embedded hardware-protected keys), and in such cases
@@ -190,10 +199,10 @@ it is, the return value can only be guaranteed to be valid as long as the
\&\fIRSA_set_method()\fR.
.PP
\&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current
-\&\s-1RSA_METHOD\s0. See the \s-1BUGS\s0 section.
+\&\s-1RSA_METHOD.\s0 See the \s-1BUGS\s0 section.
.PP
\&\fIRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that
-\&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL\s0, the
+\&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL,\s0 the
default \s-1ENGINE\s0 for \s-1RSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set,
the \s-1RSA_METHOD\s0 controlled by \fIRSA_set_default_method()\fR is used.
.PP
@@ -277,7 +286,7 @@ and \fIRSA_get_method()\fR return pointers to the respective RSA_METHODs.
.PP
\&\fIRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation
that was replaced. However, this return value should probably be ignored
-because if it was supplied by an \s-1ENGINE\s0, the pointer could be invalidated
+because if it was supplied by an \s-1ENGINE,\s0 the pointer could be invalidated
at any time if the \s-1ENGINE\s0 is unloaded (in fact it could be unloaded as a
result of the \fIRSA_set_method()\fR function releasing its handle to the
\&\s-1ENGINE\s0). For this reason, the return type may be replaced with a \fBvoid\fR
@@ -289,10 +298,10 @@ it returns a pointer to the newly allocated structure.
.SH "NOTES"
.IX Header "NOTES"
As of version 0.9.7, \s-1RSA_METHOD\s0 implementations are grouped together with
-other algorithmic APIs (eg. \s-1DSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) into \fB\s-1ENGINE\s0\fR
+other algorithmic APIs (eg. \s-1DSA_METHOD, EVP_CIPHER,\s0 etc) into \fB\s-1ENGINE\s0\fR
modules. If a default \s-1ENGINE\s0 is specified for \s-1RSA\s0 functionality using an
-\&\s-1ENGINE\s0 \s-1API\s0 function, that will override any \s-1RSA\s0 defaults set using the \s-1RSA\s0
-\&\s-1API\s0 (ie. \fIRSA_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the
+\&\s-1ENGINE API\s0 function, that will override any \s-1RSA\s0 defaults set using the \s-1RSA
+API \s0(ie. \fIRSA_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the
recommended way to control default implementations for use in \s-1RSA\s0 and other
cryptographic algorithms.
.SH "BUGS"
@@ -320,9 +329,9 @@ added in OpenSSL 0.9.4.
replaced \fIRSA_set_default_method()\fR and \fIRSA_get_default_method()\fR
respectively, and \fIRSA_set_method()\fR and \fIRSA_new_method()\fR were altered to use
\&\fB\s-1ENGINE\s0\fRs rather than \fB\s-1RSA_METHOD\s0\fRs during development of the engine
-version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the \s-1ENGINE\s0
-\&\s-1API\s0 was restructured so that this change was reversed, and behaviour of the
+version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the \s-1ENGINE
+API\s0 was restructured so that this change was reversed, and behaviour of the
other functions resembled more closely the previous behaviour. The
-behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now transparently overrides the
-behaviour of defaults in the \s-1RSA\s0 \s-1API\s0 without requiring changing these
+behaviour of defaults in the \s-1ENGINE API\s0 now transparently overrides the
+behaviour of defaults in the \s-1RSA API\s0 without requiring changing these
function prototypes.
diff --git a/secure/lib/libcrypto/man/RSA_sign.3 b/secure/lib/libcrypto/man/RSA_sign.3
index 12a6a5c..6de8da9 100644
--- a/secure/lib/libcrypto/man/RSA_sign.3
+++ b/secure/lib/libcrypto/man/RSA_sign.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_sign 3"
-.TH RSA_sign 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RSA_sign 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -175,7 +184,7 @@ Certain signatures with an improper algorithm identifier are accepted
for compatibility with SSLeay 0.4.5 :\-)
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0
+\&\s-1SSL, PKCS\s0 #1 v2.0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fIobjects\fR\|(3),
diff --git a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
index 56f16da..179efef 100644
--- a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
+++ b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_sign_ASN1_OCTET_STRING 3"
-.TH RSA_sign_ASN1_OCTET_STRING 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RSA_sign_ASN1_OCTET_STRING 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_size.3 b/secure/lib/libcrypto/man/RSA_size.3
index 31861d5..51b2c63 100644
--- a/secure/lib/libcrypto/man/RSA_size.3
+++ b/secure/lib/libcrypto/man/RSA_size.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_size 3"
-.TH RSA_size 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RSA_size 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/SMIME_read_CMS.3 b/secure/lib/libcrypto/man/SMIME_read_CMS.3
index c8eda72..87fcf6b 100644
--- a/secure/lib/libcrypto/man/SMIME_read_CMS.3
+++ b/secure/lib/libcrypto/man/SMIME_read_CMS.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SMIME_read_CMS 3"
-.TH SMIME_read_CMS 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SMIME_read_CMS 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +156,7 @@
\&\fBin\fR is a \s-1BIO\s0 to read the message from.
.PP
If cleartext signing is used then the content is saved in a memory bio which is
-written to \fB*bcont\fR, otherwise \fB*bcont\fR is set to \s-1NULL\s0.
+written to \fB*bcont\fR, otherwise \fB*bcont\fR is set to \s-1NULL.\s0
.PP
The parsed CMS_ContentInfo structure is returned or \s-1NULL\s0 if an
error occurred.
@@ -159,8 +168,8 @@ then be passed to \fICMS_verify()\fR with the \fB\s-1CMS_DETACHED\s0\fR flag set
Otherwise the type of the returned structure can be determined
using \fICMS_get0_type()\fR.
.PP
-To support future functionality if \fBbcont\fR is not \s-1NULL\s0 \fB*bcont\fR should be
-initialized to \s-1NULL\s0. For example:
+To support future functionality if \fBbcont\fR is not \s-1NULL \s0\fB*bcont\fR should be
+initialized to \s-1NULL.\s0 For example:
.PP
.Vb 2
\& BIO *cont = NULL;
diff --git a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
index 4829c7d..6acdaf7 100644
--- a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
+++ b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SMIME_read_PKCS7 3"
-.TH SMIME_read_PKCS7 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SMIME_read_PKCS7 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/SMIME_write_CMS.3 b/secure/lib/libcrypto/man/SMIME_write_CMS.3
index 8445e65..6a63aa8 100644
--- a/secure/lib/libcrypto/man/SMIME_write_CMS.3
+++ b/secure/lib/libcrypto/man/SMIME_write_CMS.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SMIME_write_CMS 3"
-.TH SMIME_write_CMS 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SMIME_write_CMS 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
index 85af2a7..ab28bf0 100644
--- a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
+++ b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SMIME_write_PKCS7 3"
-.TH SMIME_write_PKCS7 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SMIME_write_PKCS7 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
index ab889bd..fee6e9c 100644
--- a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
+++ b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509_NAME_ENTRY_get_object 3"
-.TH X509_NAME_ENTRY_get_object 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH X509_NAME_ENTRY_get_object 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
index f5c0ecf..290c7f0 100644
--- a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
+++ b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509_NAME_add_entry_by_txt 3"
-.TH X509_NAME_add_entry_by_txt 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH X509_NAME_add_entry_by_txt 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -151,7 +160,7 @@ X509_NAME_add_entry, X509_NAME_delete_entry \- X509_NAME modification functions
.IX Header "DESCRIPTION"
\&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR and
\&\fIX509_NAME_add_entry_by_NID()\fR add a field whose name is defined
-by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID\s0 \fBnid\fR respectively.
+by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID \s0\fBnid\fR respectively.
The field value to be added is in \fBbytes\fR of length \fBlen\fR. If
\&\fBlen\fR is \-1 then the field length is calculated internally using
strlen(bytes).
@@ -208,14 +217,14 @@ Create an \fBX509_NAME\fR structure:
\& nm = X509_NAME_new();
\& if (nm == NULL)
\& /* Some error */
-\& if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
-\& "C", "UK", \-1, \-1, 0))
+\& if (!X509_NAME_add_entry_by_txt(nm, "C", MBSTRING_ASC,
+\& "UK", \-1, \-1, 0))
\& /* Error */
-\& if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
-\& "O", "Disorganized Organization", \-1, \-1, 0))
+\& if (!X509_NAME_add_entry_by_txt(nm, "O", MBSTRING_ASC,
+\& "Disorganized Organization", \-1, \-1, 0))
\& /* Error */
-\& if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
-\& "CN", "Joe Bloggs", \-1, \-1, 0))
+\& if (!X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC,
+\& "Joe Bloggs", \-1, \-1, 0))
\& /* Error */
.Ve
.SH "RETURN VALUES"
diff --git a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
index 70a4b02..ac01175 100644
--- a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
+++ b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509_NAME_get_index_by_NID 3"
-.TH X509_NAME_get_index_by_NID 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH X509_NAME_get_index_by_NID 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -151,7 +160,7 @@ X509_NAME lookup and enumeration functions
.IX Header "DESCRIPTION"
These functions allow an \fBX509_NAME\fR structure to be examined. The
\&\fBX509_NAME\fR structure is the same as the \fBName\fR type defined in
-\&\s-1RFC2459\s0 (and elsewhere) and used for example in certificate subject
+\&\s-1RFC2459 \s0(and elsewhere) and used for example in certificate subject
and issuer names.
.PP
\&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR retrieve
@@ -185,6 +194,10 @@ For a more general solution \fIX509_NAME_get_index_by_NID()\fR or
\&\fIX509_NAME_get_index_by_OBJ()\fR should be used followed by
\&\fIX509_NAME_get_entry()\fR on any matching indices and then the
various \fBX509_NAME_ENTRY\fR utility functions on the result.
+.PP
+The list of all relevant \fBNID_*\fR and \fBOBJ_* codes\fR can be found in
+the source code header files <openssl/obj_mac.h> and/or
+<openssl/objects.h>.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Process all entries:
diff --git a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 b/secure/lib/libcrypto/man/X509_NAME_print_ex.3
index 2ce8da4..25a5319 100644
--- a/secure/lib/libcrypto/man/X509_NAME_print_ex.3
+++ b/secure/lib/libcrypto/man/X509_NAME_print_ex.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509_NAME_print_ex 3"
-.TH X509_NAME_print_ex 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH X509_NAME_print_ex 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -144,7 +153,7 @@ X509_NAME_oneline \- X509_NAME printing routines.
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO\s0 \fBout\fR. Each
+\&\fIX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO \s0\fBout\fR. Each
line (for multiline formats) is indented by \fBindent\fR spaces. The output format
can be extensively customised by use of the \fBflags\fR parameter.
.PP
@@ -169,7 +178,7 @@ Although there are a large number of possible flags for most purposes
\&\fB\s-1XN_FLAG_ONELINE\s0\fR, \fB\s-1XN_FLAG_MULTILINE\s0\fR or \fB\s-1XN_FLAG_RFC2253\s0\fR will suffice.
As noted on the \fIASN1_STRING_print_ex\fR\|(3) manual page
for \s-1UTF8\s0 terminals the \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR should be unset: so for example
-\&\fB\s-1XN_FLAG_ONELINE\s0 & ~ASN1_STRFLGS_ESC_MSB\fR would be used.
+\&\fB\s-1XN_FLAG_ONELINE &\s0 ~ASN1_STRFLGS_ESC_MSB\fR would be used.
.PP
The complete set of the flags supported by \fIX509_NAME_print_ex()\fR is listed below.
.PP
@@ -178,7 +187,7 @@ Several options can be ored together.
The options \fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR, \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR,
\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR and \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR determine the field separators
to use. Two distinct separators are used between distinct RelativeDistinguishedName
-components and separate values in the same \s-1RDN\s0 for a multi-valued \s-1RDN\s0. Multi-valued
+components and separate values in the same \s-1RDN\s0 for a multi-valued \s-1RDN.\s0 Multi-valued
RDNs are currently very rare so the second separator will hardly ever be used.
.PP
\&\fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR uses comma and plus as separators. \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR
diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
index ab59435..d05f024 100644
--- a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
+++ b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509_STORE_CTX_get_error 3"
-.TH X509_STORE_CTX_get_error 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH X509_STORE_CTX_get_error 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -152,7 +161,7 @@ These functions are typically called after \fIX509_verify_cert()\fR has indicate
an error or in a verification callback to determine the nature of an error.
.PP
\&\fIX509_STORE_CTX_get_error()\fR returns the error code of \fBctx\fR, see
-the \fB\s-1ERROR\s0 \s-1CODES\s0\fR section for a full description of all error codes.
+the \fB\s-1ERROR CODES\s0\fR section for a full description of all error codes.
.PP
\&\fIX509_STORE_CTX_set_error()\fR sets the error code of \fBctx\fR to \fBs\fR. For example
it might be used in a verification callback to set an error based on additional
@@ -348,7 +357,7 @@ supports directory name, \s-1DNS\s0 name, email and \s-1URI\s0 types.
.IP "\fBX509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax\fR" 4
.IX Item "X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax"
The format of the name constraint is not recognised: for example an email
-address format of a form not mentioned in \s-1RFC3280\s0. This could be caused by
+address format of a form not mentioned in \s-1RFC3280.\s0 This could be caused by
a garbage extension or some new feature not currently supported.
.IP "\fBX509_V_ERR_CRL_PATH_VALIDATION_ERROR: \s-1CRL\s0 path validation error\fR" 4
.IX Item "X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error"
diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
index 27607bd..c6d600f 100644
--- a/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509_STORE_CTX_get_ex_new_index 3"
-.TH X509_STORE_CTX_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH X509_STORE_CTX_get_ex_new_index 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
index 25d63be..3e0cd3b 100644
--- a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
+++ b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509_STORE_CTX_new 3"
-.TH X509_STORE_CTX_new 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH X509_STORE_CTX_new 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
index 6f4246f..d765ef0 100644
--- a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
+++ b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509_STORE_CTX_set_verify_cb 3"
-.TH X509_STORE_CTX_set_verify_cb 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH X509_STORE_CTX_set_verify_cb 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
index bf5ccf3..1d5338b 100644
--- a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
+++ b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509_STORE_set_verify_cb_func 3"
-.TH X509_STORE_set_verify_cb_func 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH X509_STORE_set_verify_cb_func 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
index f3548f8..40b1692 100644
--- a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
+++ b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509_VERIFY_PARAM_set_flags 3"
-.TH X509_VERIFY_PARAM_set_flags 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH X509_VERIFY_PARAM_set_flags 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -160,7 +169,7 @@ These functions manipulate the \fBX509_VERIFY_PARAM\fR structure associated with
a certificate verification operation.
.PP
The \fIX509_VERIFY_PARAM_set_flags()\fR function sets the flags in \fBparam\fR by oring
-it with \fBflags\fR. See the \fB\s-1VERIFICATION\s0 \s-1FLAGS\s0\fR section for a complete
+it with \fBflags\fR. See the \fB\s-1VERIFICATION FLAGS\s0\fR section for a complete
description of values the \fBflags\fR parameter can take.
.PP
\&\fIX509_VERIFY_PARAM_get_flags()\fR returns the flags in \fBparam\fR.
@@ -274,7 +283,7 @@ corresponding \fBX509_STORE\fR structure. No attempt is made to download
CRLs from the \s-1CRL\s0 distribution points extension.
.SH "EXAMPLE"
.IX Header "EXAMPLE"
-Enable \s-1CRL\s0 checking when performing certificate verification during \s-1SSL\s0
+Enable \s-1CRL\s0 checking when performing certificate verification during \s-1SSL \s0
connections associated with an \fB\s-1SSL_CTX\s0\fR structure \fBctx\fR:
.PP
.Vb 5
diff --git a/secure/lib/libcrypto/man/X509_new.3 b/secure/lib/libcrypto/man/X509_new.3
index 1b7084e..8ed7b9c 100644
--- a/secure/lib/libcrypto/man/X509_new.3
+++ b/secure/lib/libcrypto/man/X509_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509_new 3"
-.TH X509_new 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH X509_new 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_verify_cert.3 b/secure/lib/libcrypto/man/X509_verify_cert.3
index 09dcf5b..8e52e77 100644
--- a/secure/lib/libcrypto/man/X509_verify_cert.3
+++ b/secure/lib/libcrypto/man/X509_verify_cert.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509_verify_cert 3"
-.TH X509_verify_cert 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH X509_verify_cert 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/bio.3 b/secure/lib/libcrypto/man/bio.3
index d177bd9..8ef33c1 100644
--- a/secure/lib/libcrypto/man/bio.3
+++ b/secure/lib/libcrypto/man/bio.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "bio 3"
-.TH bio 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH bio 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -145,10 +154,10 @@ details from an application. If an application uses a \s-1BIO\s0 for its
I/O it can transparently handle \s-1SSL\s0 connections, unencrypted network
connections and file I/O.
.PP
-There are two type of \s-1BIO\s0, a source/sink \s-1BIO\s0 and a filter \s-1BIO\s0.
+There are two type of \s-1BIO,\s0 a source/sink \s-1BIO\s0 and a filter \s-1BIO.\s0
.PP
As its name implies a source/sink \s-1BIO\s0 is a source and/or sink of data,
-examples include a socket \s-1BIO\s0 and a file \s-1BIO\s0.
+examples include a socket \s-1BIO\s0 and a file \s-1BIO.\s0
.PP
A filter \s-1BIO\s0 takes data from one \s-1BIO\s0 and passes it through to
another, or the application. The data may be left unmodified (for
diff --git a/secure/lib/libcrypto/man/blowfish.3 b/secure/lib/libcrypto/man/blowfish.3
index 67094b9..7093907 100644
--- a/secure/lib/libcrypto/man/blowfish.3
+++ b/secure/lib/libcrypto/man/blowfish.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "blowfish 3"
-.TH blowfish 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH blowfish 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -161,9 +170,9 @@ by Counterpane (see http://www.counterpane.com/blowfish.html ).
Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data.
It uses a variable size key, but typically, 128 bit (16 byte) keys are
considered good for strong encryption. Blowfish can be used in the same
-modes as \s-1DES\s0 (see \fIdes_modes\fR\|(7)). Blowfish is currently one
-of the faster block ciphers. It is quite a bit faster than \s-1DES\s0, and much
-faster than \s-1IDEA\s0 or \s-1RC2\s0.
+modes as \s-1DES \s0(see \fIdes_modes\fR\|(7)). Blowfish is currently one
+of the faster block ciphers. It is quite a bit faster than \s-1DES,\s0 and much
+faster than \s-1IDEA\s0 or \s-1RC2.\s0
.PP
Blowfish consists of a key setup phase and the actual encryption or decryption
phase.
@@ -183,7 +192,7 @@ all operate on variable length data. They all take an initialization vector
\&\fBivec\fR which needs to be passed along into the next call of the same function
for the same message. \fBivec\fR may be initialized with anything, but the
recipient needs to know what it was initialized with, or it won't be able
-to decrypt. Some programs and protocols simplify this, like \s-1SSH\s0, where
+to decrypt. Some programs and protocols simplify this, like \s-1SSH,\s0 where
\&\fBivec\fR is simply initialized to zero.
\&\fIBF_cbc_encrypt()\fR operates on data that is a multiple of 8 bytes long, while
\&\fIBF_cfb64_encrypt()\fR and \fIBF_ofb64_encrypt()\fR are used to encrypt an variable
diff --git a/secure/lib/libcrypto/man/bn.3 b/secure/lib/libcrypto/man/bn.3
index 881238c..e9a82f6 100644
--- a/secure/lib/libcrypto/man/bn.3
+++ b/secure/lib/libcrypto/man/bn.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "bn 3"
-.TH bn 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH bn 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/bn_internal.3 b/secure/lib/libcrypto/man/bn_internal.3
index 0489224..cbe5a59 100644
--- a/secure/lib/libcrypto/man/bn_internal.3
+++ b/secure/lib/libcrypto/man/bn_internal.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "bn_internal 3"
-.TH bn_internal 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH bn_internal 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/buffer.3 b/secure/lib/libcrypto/man/buffer.3
index 6b32781..50299f1 100644
--- a/secure/lib/libcrypto/man/buffer.3
+++ b/secure/lib/libcrypto/man/buffer.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "buffer 3"
-.TH buffer 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH buffer 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/crypto.3 b/secure/lib/libcrypto/man/crypto.3
index f01e109..80e3b71 100644
--- a/secure/lib/libcrypto/man/crypto.3
+++ b/secure/lib/libcrypto/man/crypto.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "crypto 3"
-.TH crypto 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH crypto 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -137,8 +146,8 @@ crypto \- OpenSSL cryptographic library
.IX Header "DESCRIPTION"
The OpenSSL \fBcrypto\fR library implements a wide range of cryptographic
algorithms used in various Internet standards. The services provided
-by this library are used by the OpenSSL implementations of \s-1SSL\s0, \s-1TLS\s0
-and S/MIME, and they have also been used to implement \s-1SSH\s0, OpenPGP, and
+by this library are used by the OpenSSL implementations of \s-1SSL, TLS\s0
+and S/MIME, and they have also been used to implement \s-1SSH,\s0 OpenPGP, and
other cryptographic standards.
.SH "OVERVIEW"
.IX Header "OVERVIEW"
@@ -148,30 +157,30 @@ individual algorithms.
The functionality includes symmetric encryption, public key
cryptography and key agreement, certificate handling, cryptographic
hash functions and a cryptographic pseudo-random number generator.
-.IP "\s-1SYMMETRIC\s0 \s-1CIPHERS\s0" 4
+.IP "\s-1SYMMETRIC CIPHERS\s0" 4
.IX Item "SYMMETRIC CIPHERS"
\&\fIblowfish\fR\|(3), \fIcast\fR\|(3), \fIdes\fR\|(3),
\&\fIidea\fR\|(3), \fIrc2\fR\|(3), \fIrc4\fR\|(3), \fIrc5\fR\|(3)
-.IP "\s-1PUBLIC\s0 \s-1KEY\s0 \s-1CRYPTOGRAPHY\s0 \s-1AND\s0 \s-1KEY\s0 \s-1AGREEMENT\s0" 4
+.IP "\s-1PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT\s0" 4
.IX Item "PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT"
\&\fIdsa\fR\|(3), \fIdh\fR\|(3), \fIrsa\fR\|(3)
.IP "\s-1CERTIFICATES\s0" 4
.IX Item "CERTIFICATES"
\&\fIx509\fR\|(3), \fIx509v3\fR\|(3)
-.IP "\s-1AUTHENTICATION\s0 \s-1CODES\s0, \s-1HASH\s0 \s-1FUNCTIONS\s0" 4
+.IP "\s-1AUTHENTICATION CODES, HASH FUNCTIONS\s0" 4
.IX Item "AUTHENTICATION CODES, HASH FUNCTIONS"
\&\fIhmac\fR\|(3), \fImd2\fR\|(3), \fImd4\fR\|(3),
\&\fImd5\fR\|(3), \fImdc2\fR\|(3), \fIripemd\fR\|(3),
\&\fIsha\fR\|(3)
-.IP "\s-1AUXILIARY\s0 \s-1FUNCTIONS\s0" 4
+.IP "\s-1AUXILIARY FUNCTIONS\s0" 4
.IX Item "AUXILIARY FUNCTIONS"
\&\fIerr\fR\|(3), \fIthreads\fR\|(3), \fIrand\fR\|(3),
\&\s-1\fIOPENSSL_VERSION_NUMBER\s0\fR\|(3)
-.IP "\s-1INPUT/OUTPUT\s0, \s-1DATA\s0 \s-1ENCODING\s0" 4
+.IP "\s-1INPUT/OUTPUT, DATA ENCODING\s0" 4
.IX Item "INPUT/OUTPUT, DATA ENCODING"
\&\fIasn1\fR\|(3), \fIbio\fR\|(3), \fIevp\fR\|(3), \fIpem\fR\|(3),
\&\fIpkcs7\fR\|(3), \fIpkcs12\fR\|(3)
-.IP "\s-1INTERNAL\s0 \s-1FUNCTIONS\s0" 4
+.IP "\s-1INTERNAL FUNCTIONS\s0" 4
.IX Item "INTERNAL FUNCTIONS"
\&\fIbn\fR\|(3), \fIbuffer\fR\|(3), \fIlhash\fR\|(3),
\&\fIobjects\fR\|(3), \fIstack\fR\|(3),
diff --git a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
index 66a366b..75efeae 100644
--- a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
+++ b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_ASN1_OBJECT 3"
-.TH d2i_ASN1_OBJECT 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH d2i_ASN1_OBJECT 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -141,7 +150,7 @@ d2i_ASN1_OBJECT, i2d_ASN1_OBJECT \- ASN1 OBJECT IDENTIFIER functions
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-These functions decode and encode an \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0.
+These functions decode and encode an \s-1ASN1 OBJECT IDENTIFIER.\s0
.PP
Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR
described in the \fId2i_X509\fR\|(3) manual page.
diff --git a/secure/lib/libcrypto/man/d2i_DHparams.3 b/secure/lib/libcrypto/man/d2i_DHparams.3
index ac5d631..fee4258 100644
--- a/secure/lib/libcrypto/man/d2i_DHparams.3
+++ b/secure/lib/libcrypto/man/d2i_DHparams.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_DHparams 3"
-.TH d2i_DHparams 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH d2i_DHparams 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
index 990ee3a..53f64a5 100644
--- a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
+++ b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_DSAPublicKey 3"
-.TH d2i_DSAPublicKey 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH d2i_DSAPublicKey 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -171,10 +180,10 @@ a SubjectPublicKeyInfo (certificate public key) structure.
components.
.PP
\&\fId2i_DSAparams()\fR, \fIi2d_DSAparams()\fR decode and encode the \s-1DSA\s0 parameters using
-a \fBDss-Parms\fR structure as defined in \s-1RFC2459\s0.
+a \fBDss-Parms\fR structure as defined in \s-1RFC2459.\s0
.PP
\&\fId2i_DSA_SIG()\fR, \fIi2d_DSA_SIG()\fR decode and encode a \s-1DSA\s0 signature using a
-\&\fBDss-Sig-Value\fR structure as defined in \s-1RFC2459\s0.
+\&\fBDss-Sig-Value\fR structure as defined in \s-1RFC2459.\s0
.PP
The usage of all of these functions is similar to the \fId2i_X509()\fR and
\&\fIi2d_X509()\fR described in the \fId2i_X509\fR\|(3) manual page.
diff --git a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
index 3e0aea5..f1b54c5 100644
--- a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
+++ b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_PKCS8PrivateKey 3"
-.TH d2i_PKCS8PrivateKey 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH d2i_PKCS8PrivateKey 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
index fbad715..1068158 100644
--- a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
+++ b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_RSAPublicKey 3"
-.TH d2i_RSAPublicKey 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH d2i_RSAPublicKey 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_X509.3 b/secure/lib/libcrypto/man/d2i_X509.3
index cf59fd5..8dcad11 100644
--- a/secure/lib/libcrypto/man/d2i_X509.3
+++ b/secure/lib/libcrypto/man/d2i_X509.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509 3"
-.TH d2i_X509 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH d2i_X509 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -172,23 +181,23 @@ case \fB*out\fR is not incremented and it points to the start of the
data just written.
.PP
\&\fId2i_X509_bio()\fR is similar to \fId2i_X509()\fR except it attempts
-to parse data from \s-1BIO\s0 \fBbp\fR.
+to parse data from \s-1BIO \s0\fBbp\fR.
.PP
\&\fId2i_X509_fp()\fR is similar to \fId2i_X509()\fR except it attempts
to parse data from \s-1FILE\s0 pointer \fBfp\fR.
.PP
\&\fIi2d_X509_bio()\fR is similar to \fIi2d_X509()\fR except it writes
-the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it
+the encoding of the structure \fBx\fR to \s-1BIO \s0\fBbp\fR and it
returns 1 for success and 0 for failure.
.PP
\&\fIi2d_X509_fp()\fR is similar to \fIi2d_X509()\fR except it writes
-the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it
+the encoding of the structure \fBx\fR to \s-1BIO \s0\fBbp\fR and it
returns 1 for success and 0 for failure.
.SH "NOTES"
.IX Header "NOTES"
The letters \fBi\fR and \fBd\fR in for example \fBi2d_X509\fR stand for
-\&\*(L"internal\*(R" (that is an internal C structure) and \*(L"\s-1DER\s0\*(R". So that
-\&\fBi2d_X509\fR converts from internal to \s-1DER\s0.
+\&\*(L"internal\*(R" (that is an internal C structure) and \*(L"\s-1DER\*(R".\s0 So that
+\&\fBi2d_X509\fR converts from internal to \s-1DER.\s0
.PP
The functions can also understand \fB\s-1BER\s0\fR forms.
.PP
diff --git a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
index e4e8bd4..b34ab88 100644
--- a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
+++ b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509_ALGOR 3"
-.TH d2i_X509_ALGOR 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH d2i_X509_ALGOR 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_X509_CRL.3 b/secure/lib/libcrypto/man/d2i_X509_CRL.3
index ac05f6a..219d3c7 100644
--- a/secure/lib/libcrypto/man/d2i_X509_CRL.3
+++ b/secure/lib/libcrypto/man/d2i_X509_CRL.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509_CRL 3"
-.TH d2i_X509_CRL 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH d2i_X509_CRL 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,7 +157,7 @@ i2d_X509_CRL_bio, i2d_X509_CRL_fp \- PKCS#10 certificate request functions.
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-These functions decode and encode an X509 \s-1CRL\s0 (certificate revocation
+These functions decode and encode an X509 \s-1CRL \s0(certificate revocation
list).
.PP
Othewise the functions behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR
diff --git a/secure/lib/libcrypto/man/d2i_X509_NAME.3 b/secure/lib/libcrypto/man/d2i_X509_NAME.3
index 23d00ae..e1d8f30 100644
--- a/secure/lib/libcrypto/man/d2i_X509_NAME.3
+++ b/secure/lib/libcrypto/man/d2i_X509_NAME.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509_NAME 3"
-.TH d2i_X509_NAME 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH d2i_X509_NAME 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -142,7 +151,7 @@ d2i_X509_NAME, i2d_X509_NAME \- X509_NAME encoding functions
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions decode and encode an \fBX509_NAME\fR structure which is the
-the same as the \fBName\fR type defined in \s-1RFC2459\s0 (and elsewhere) and used
+the same as the \fBName\fR type defined in \s-1RFC2459 \s0(and elsewhere) and used
for example in certificate subject and issuer names.
.PP
Othewise the functions behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR
diff --git a/secure/lib/libcrypto/man/d2i_X509_REQ.3 b/secure/lib/libcrypto/man/d2i_X509_REQ.3
index d65145f..4110e0a 100644
--- a/secure/lib/libcrypto/man/d2i_X509_REQ.3
+++ b/secure/lib/libcrypto/man/d2i_X509_REQ.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509_REQ 3"
-.TH d2i_X509_REQ 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH d2i_X509_REQ 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_X509_SIG.3 b/secure/lib/libcrypto/man/d2i_X509_SIG.3
index 5ada7ce..dc5163f 100644
--- a/secure/lib/libcrypto/man/d2i_X509_SIG.3
+++ b/secure/lib/libcrypto/man/d2i_X509_SIG.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509_SIG 3"
-.TH d2i_X509_SIG 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH d2i_X509_SIG 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/des.3 b/secure/lib/libcrypto/man/des.3
index 555e52f..f7f8367 100644
--- a/secure/lib/libcrypto/man/des.3
+++ b/secure/lib/libcrypto/man/des.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "des 3"
-.TH des 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH des 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -292,7 +301,7 @@ The macro \fIDES_ecb2_encrypt()\fR is provided to perform two-key Triple-DES
encryption by using \fIks1\fR for the final encryption.
.PP
\&\fIDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR
-(\s-1CBC\s0) mode of \s-1DES\s0. If the \fIencrypt\fR argument is non-zero, the
+(\s-1CBC\s0) mode of \s-1DES. \s0 If the \fIencrypt\fR argument is non-zero, the
routine cipher-block-chain encrypts the cleartext data pointed to by
the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR
argument, using the key schedule provided by the \fIschedule\fR argument,
@@ -301,14 +310,14 @@ and initialization vector provided by the \fIivec\fR argument. If the
last block is copied to a temporary area and zero filled. The output
is always an integral multiple of eight bytes.
.PP
-\&\fIDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES\s0. It uses \fIinw\fR and
+\&\fIDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES. \s0 It uses \fIinw\fR and
\&\fIoutw\fR to 'whiten' the encryption. \fIinw\fR and \fIoutw\fR are secret
(unlike the iv) and are as such, part of the key. So the key is sort
-of 24 bytes. This is much better than \s-1CBC\s0 \s-1DES\s0.
+of 24 bytes. This is much better than \s-1CBC DES.\s0
.PP
-\&\fIDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC\s0 \s-1DES\s0 encryption with
+\&\fIDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC DES\s0 encryption with
three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is
-an \f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL\s0.
+an \f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL.\s0
.PP
The \fIDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by
reusing \fIks1\fR for the final encryption. \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR.
@@ -323,7 +332,7 @@ method takes an array of characters as input and outputs and array of
characters. It does not require any padding to 8 character groups.
Note: the \fIivec\fR variable is changed and the new changed value needs to
be passed to the next call to this function. Since this function runs
-a complete \s-1DES\s0 \s-1ECB\s0 encryption per \fInumbits\fR, this function is only
+a complete \s-1DES ECB\s0 encryption per \fInumbits\fR, this function is only
suggested for use when sending small numbers of characters.
.PP
\&\fIDES_cfb64_encrypt()\fR
@@ -332,7 +341,7 @@ useful you ask? Because this routine will allow you to encrypt an
arbitrary number of bytes, no 8 byte padding. Each call to this
routine will encrypt the input bytes to output and then update ivec
and num. num contains 'how far' we are though ivec. If this does
-not make much sense, read more about cfb mode of \s-1DES\s0 :\-).
+not make much sense, read more about cfb mode of \s-1DES :\-\s0).
.PP
\&\fIDES_ede3_cfb64_encrypt()\fR and \fIDES_ede2_cfb64_encrypt()\fR is the same as
\&\fIDES_cfb64_encrypt()\fR except that Triple-DES is used.
@@ -342,7 +351,7 @@ takes an array of characters as input and outputs and array of
characters. It does not require any padding to 8 character groups.
Note: the \fIivec\fR variable is changed and the new changed value needs to
be passed to the next call to this function. Since this function runs
-a complete \s-1DES\s0 \s-1ECB\s0 encryption per numbits, this function is only
+a complete \s-1DES ECB\s0 encryption per numbits, this function is only
suggested for use when sending small numbers of characters.
.PP
\&\fIDES_ofb64_encrypt()\fR is the same as \fIDES_cfb64_encrypt()\fR using Output
@@ -396,7 +405,7 @@ the key schedule and \fIiv\fR for the initial vector.
\&\fBWarning:\fR The data format used by \fIDES_enc_write()\fR and \fIDES_enc_read()\fR
has a cryptographic weakness: When asked to write more than \s-1MAXWRITE\s0
bytes, \fIDES_enc_write()\fR will split the data into several chunks that
-are all encrypted using the same \s-1IV\s0. So don't use these functions
+are all encrypted using the same \s-1IV. \s0 So don't use these functions
unless you are sure you know what you do (in which case you might not
want to use them anyway). They cannot handle non-blocking sockets.
\&\fIDES_enc_read()\fR uses an internal state and thus cannot be used on
@@ -434,7 +443,7 @@ get ugly!
The same applies for \fIDES_string_to_2key()\fR.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1ANSI\s0 X3.106
+\&\s-1ANSI X3.106\s0
.PP
The \fBdes\fR library was written to be source code compatible with
the \s-1MIT\s0 Kerberos library.
diff --git a/secure/lib/libcrypto/man/dh.3 b/secure/lib/libcrypto/man/dh.3
index 3073957..bc6fbe7 100644
--- a/secure/lib/libcrypto/man/dh.3
+++ b/secure/lib/libcrypto/man/dh.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "dh 3"
-.TH dh 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH dh 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/dsa.3 b/secure/lib/libcrypto/man/dsa.3
index 760f5fb..e35dd63 100644
--- a/secure/lib/libcrypto/man/dsa.3
+++ b/secure/lib/libcrypto/man/dsa.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "dsa 3"
-.TH dsa 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH dsa 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -213,7 +222,7 @@ The \fB\s-1DSA\s0\fR structure consists of several \s-1BIGNUM\s0 components.
\& DSA;
.Ve
.PP
-In public keys, \fBpriv_key\fR is \s-1NULL\s0.
+In public keys, \fBpriv_key\fR is \s-1NULL.\s0
.PP
Note that \s-1DSA\s0 keys may use non-standard \fB\s-1DSA_METHOD\s0\fR implementations,
either directly or by the use of \fB\s-1ENGINE\s0\fR modules. In some cases (eg. an
@@ -224,8 +233,8 @@ structure elements directly and instead use \s-1API\s0 functions to query or
modify keys.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186 (Digital Signature
-Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30
+\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186 \s0(Digital Signature
+Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIbn\fR\|(3), \fIdh\fR\|(3), \fIerr\fR\|(3), \fIrand\fR\|(3),
diff --git a/secure/lib/libcrypto/man/ecdsa.3 b/secure/lib/libcrypto/man/ecdsa.3
index 070340c..132a26b 100644
--- a/secure/lib/libcrypto/man/ecdsa.3
+++ b/secure/lib/libcrypto/man/ecdsa.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ecdsa 3"
-.TH ecdsa 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ecdsa 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -178,7 +187,7 @@ ecdsa \- Elliptic Curve Digital Signature Algorithm
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fB\s-1ECDSA_SIG\s0\fR structure consists of two BIGNUMs for the
-r and s value of a \s-1ECDSA\s0 signature (see X9.62 or \s-1FIPS\s0 186\-2).
+r and s value of a \s-1ECDSA\s0 signature (see X9.62 or \s-1FIPS 186\-2\s0).
.PP
.Vb 5
\& struct
@@ -195,7 +204,7 @@ function also allocates the BIGNUMs) and initialize it.
.PP
\&\fIi2d_ECDSA_SIG()\fR creates the \s-1DER\s0 encoding of the \s-1ECDSA\s0 signature
\&\fBsig\fR and writes the encoded signature to \fB*pp\fR (note: if \fBpp\fR
-is \s-1NULL\s0 \fBi2d_ECDSA_SIG\fR returns the expected length in bytes of
+is \s-1NULL \s0\fBi2d_ECDSA_SIG\fR returns the expected length in bytes of
the \s-1DER\s0 encoded signature). \fBi2d_ECDSA_SIG\fR returns the length
of the \s-1DER\s0 encoded signature (or 0 on error).
.PP
@@ -214,7 +223,7 @@ values or returned in \fBkinv\fR and \fBrp\fR and can be used in a
later call to \fBECDSA_sign_ex\fR or \fBECDSA_do_sign_ex\fR.
.PP
\&\fIECDSA_sign()\fR is wrapper function for ECDSA_sign_ex with \fBkinv\fR
-and \fBrp\fR set to \s-1NULL\s0.
+and \fBrp\fR set to \s-1NULL.\s0
.PP
\&\fIECDSA_sign_ex()\fR computes a digital signature of the \fBdgstlen\fR bytes
hash value \fBdgst\fR using the private \s-1EC\s0 key \fBeckey\fR and the optional
@@ -229,7 +238,7 @@ is ignored.
The parameter \fBtype\fR is ignored.
.PP
\&\fIECDSA_do_sign()\fR is wrapper function for ECDSA_do_sign_ex with \fBkinv\fR
-and \fBrp\fR set to \s-1NULL\s0.
+and \fBrp\fR set to \s-1NULL.\s0
.PP
\&\fIECDSA_do_sign_ex()\fR computes a digital signature of the \fBdgst_len\fR
bytes hash value \fBdgst\fR using the private key \fBeckey\fR and the
@@ -327,8 +336,8 @@ and finally evaluate the return value:
.Ve
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1ANSI\s0 X9.62, \s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186\-2
-(Digital Signature Standard, \s-1DSS\s0)
+\&\s-1ANSI X9.62, US\s0 Federal Information Processing Standard \s-1FIPS 186\-2
+\&\s0(Digital Signature Standard, \s-1DSS\s0)
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIdsa\fR\|(3), \fIrsa\fR\|(3)
diff --git a/secure/lib/libcrypto/man/engine.3 b/secure/lib/libcrypto/man/engine.3
index 2086ac8..4612739 100644
--- a/secure/lib/libcrypto/man/engine.3
+++ b/secure/lib/libcrypto/man/engine.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "engine 3"
-.TH engine 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH engine 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -308,7 +317,7 @@ implementation includes the following abstractions;
.Ve
.SS "Reference counting and handles"
.IX Subsection "Reference counting and handles"
-Due to the modular nature of the \s-1ENGINE\s0 \s-1API\s0, pointers to ENGINEs need to be
+Due to the modular nature of the \s-1ENGINE API,\s0 pointers to ENGINEs need to be
treated as handles \- ie. not only as pointers, but also as references to
the underlying \s-1ENGINE\s0 object. Ie. one should obtain a new reference when
making copies of an \s-1ENGINE\s0 pointer if the copies will be used (and
@@ -330,7 +339,7 @@ specialised form of structural reference, because each functional reference
implicitly contains a structural reference as well \- however to avoid
difficult-to-find programming bugs, it is recommended to treat the two
kinds of reference independently. If you have a functional reference to an
-\&\s-1ENGINE\s0, you have a guarantee that the \s-1ENGINE\s0 has been initialised ready to
+\&\s-1ENGINE,\s0 you have a guarantee that the \s-1ENGINE\s0 has been initialised ready to
perform cryptographic operations and will remain uninitialised
until after you have released your reference.
.PP
@@ -338,19 +347,19 @@ until after you have released your reference.
.PP
This basic type of reference is used for instantiating new ENGINEs,
iterating across OpenSSL's internal linked-list of loaded
-ENGINEs, reading information about an \s-1ENGINE\s0, etc. Essentially a structural
+ENGINEs, reading information about an \s-1ENGINE,\s0 etc. Essentially a structural
reference is sufficient if you only need to query or manipulate the data of
an \s-1ENGINE\s0 implementation rather than use its functionality.
.PP
The \fIENGINE_new()\fR function returns a structural reference to a new (empty)
-\&\s-1ENGINE\s0 object. There are other \s-1ENGINE\s0 \s-1API\s0 functions that return structural
+\&\s-1ENGINE\s0 object. There are other \s-1ENGINE API\s0 functions that return structural
references such as; \fIENGINE_by_id()\fR, \fIENGINE_get_first()\fR, \fIENGINE_get_last()\fR,
\&\fIENGINE_get_next()\fR, \fIENGINE_get_prev()\fR. All structural references should be
released by a corresponding to call to the \fIENGINE_free()\fR function \- the
\&\s-1ENGINE\s0 object itself will only actually be cleaned up and deallocated when
the last structural reference is released.
.PP
-It should also be noted that many \s-1ENGINE\s0 \s-1API\s0 function calls that accept a
+It should also be noted that many \s-1ENGINE API\s0 function calls that accept a
structural reference will internally obtain another reference \- typically
this happens whenever the supplied \s-1ENGINE\s0 will be needed by OpenSSL after
the function has returned. Eg. the function to add a new \s-1ENGINE\s0 to
@@ -375,7 +384,7 @@ the openssl/engine.h header file includes some hints.
As mentioned, functional references exist when the cryptographic
functionality of an \s-1ENGINE\s0 is required to be available. A functional
reference can be obtained in one of two ways; from an existing structural
-reference to the required \s-1ENGINE\s0, or by asking OpenSSL for the default
+reference to the required \s-1ENGINE,\s0 or by asking OpenSSL for the default
operational \s-1ENGINE\s0 for a given cryptographic purpose.
.PP
To obtain a functional reference from an existing structural reference,
@@ -383,7 +392,7 @@ call the \fIENGINE_init()\fR function. This returns zero if the \s-1ENGINE\s0 wa
already operational and couldn't be successfully initialised (eg. lack of
system drivers, no special hardware attached, etc), otherwise it will
return non-zero to indicate that the \s-1ENGINE\s0 is now operational and will
-have allocated a new \fBfunctional\fR reference to the \s-1ENGINE\s0. All functional
+have allocated a new \fBfunctional\fR reference to the \s-1ENGINE.\s0 All functional
references are released by calling \fIENGINE_finish()\fR (which removes the
implicit structural reference as well).
.PP
@@ -392,7 +401,7 @@ default implementation for a given task, eg. by \fIENGINE_get_default_RSA()\fR,
\&\fIENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next
section, though they are not usually required by application programmers as
they are used automatically when creating and using the relevant
-algorithm-specific types in OpenSSL, such as \s-1RSA\s0, \s-1DSA\s0, \s-1EVP_CIPHER_CTX\s0, etc.
+algorithm-specific types in OpenSSL, such as \s-1RSA, DSA, EVP_CIPHER_CTX,\s0 etc.
.SS "Default implementations"
.IX Subsection "Default implementations"
For each supported abstraction, the \s-1ENGINE\s0 code maintains an internal table
@@ -401,7 +410,7 @@ abstraction and which should be used by default. These implementations are
registered in the tables and indexed by an 'nid' value, because
abstractions like \s-1EVP_CIPHER\s0 and \s-1EVP_DIGEST\s0 support many distinct
algorithms and modes, and ENGINEs can support arbitrarily many of them.
-In the case of other abstractions like \s-1RSA\s0, \s-1DSA\s0, etc, there is only one
+In the case of other abstractions like \s-1RSA, DSA,\s0 etc, there is only one
\&\*(L"algorithm\*(R" so all implementations implicitly register using the same 'nid'
index.
.PP
@@ -410,15 +419,15 @@ when calling RSA_new_method(\s-1NULL\s0)), a \*(L"get_default\*(R" call will be
\&\s-1ENGINE\s0 subsystem to process the corresponding state table and return a
functional reference to an initialised \s-1ENGINE\s0 whose implementation should be
used. If no \s-1ENGINE\s0 should (or can) be used, it will return \s-1NULL\s0 and the caller
-will operate with a \s-1NULL\s0 \s-1ENGINE\s0 handle \- this usually equates to using the
+will operate with a \s-1NULL ENGINE\s0 handle \- this usually equates to using the
conventional software implementation. In the latter case, OpenSSL will from
-then on behave the way it used to before the \s-1ENGINE\s0 \s-1API\s0 existed.
+then on behave the way it used to before the \s-1ENGINE API\s0 existed.
.PP
Each state table has a flag to note whether it has processed this
\&\*(L"get_default\*(R" query since the table was last modified, because to process
this question it must iterate across all the registered ENGINEs in the
table trying to initialise each of them in turn, in case one of them is
-operational. If it returns a functional reference to an \s-1ENGINE\s0, it will
+operational. If it returns a functional reference to an \s-1ENGINE,\s0 it will
also cache another reference to speed up processing future queries (without
needing to iterate across the table). Likewise, it will cache a \s-1NULL\s0
response if no \s-1ENGINE\s0 was available so that future queries won't repeat the
@@ -429,7 +438,7 @@ instead the only way for the state table to return a non-NULL \s-1ENGINE\s0 to t
\&\*(L"get_default\*(R" query will be if one is expressly set in the table. Eg.
\&\fIENGINE_set_default_RSA()\fR does the same job as \fIENGINE_register_RSA()\fR except
that it also sets the state table's cached response for the \*(L"get_default\*(R"
-query. In the case of abstractions like \s-1EVP_CIPHER\s0, where implementations are
+query. In the case of abstractions like \s-1EVP_CIPHER,\s0 where implementations are
indexed by 'nid', these flags and cached-responses are distinct for each 'nid'
value.
.SS "Application requirements"
@@ -440,7 +449,7 @@ available to the user. The first thing to consider is whether the
programmer wishes to make alternative \s-1ENGINE\s0 modules available to the
application and user. OpenSSL maintains an internal linked list of
\&\*(L"visible\*(R" ENGINEs from which it has to operate \- at start-up, this list is
-empty and in fact if an application does not call any \s-1ENGINE\s0 \s-1API\s0 calls and
+empty and in fact if an application does not call any \s-1ENGINE API\s0 calls and
it uses static linking against openssl, then the resulting application
binary will not contain any alternative \s-1ENGINE\s0 code at all. So the first
consideration is whether any/all available \s-1ENGINE\s0 implementations should be
@@ -468,13 +477,13 @@ mention an important \s-1API\s0 function;
\& void ENGINE_cleanup(void);
.Ve
.PP
-If no \s-1ENGINE\s0 \s-1API\s0 functions are called at all in an application, then there
+If no \s-1ENGINE API\s0 functions are called at all in an application, then there
are no inherent memory leaks to worry about from the \s-1ENGINE\s0 functionality,
however if any ENGINEs are loaded, even if they are never registered or
used, it is necessary to use the \fIENGINE_cleanup()\fR function to
correspondingly cleanup before program exit, if the caller wishes to avoid
memory leaks. This mechanism uses an internal callback registration table
-so that any \s-1ENGINE\s0 \s-1API\s0 functionality that knows it requires cleanup can
+so that any \s-1ENGINE API\s0 functionality that knows it requires cleanup can
register its cleanup details to be called during \fIENGINE_cleanup()\fR. This
approach allows \fIENGINE_cleanup()\fR to clean up after any \s-1ENGINE\s0 functionality
at all that your program uses, yet doesn't automatically create linker
@@ -499,9 +508,9 @@ source code to openssl's builtin utilities as guides.
\&\fIUsing a specific \s-1ENGINE\s0 implementation\fR
.PP
Here we'll assume an application has been configured by its user or admin
-to want to use the \*(L"\s-1ACME\s0\*(R" \s-1ENGINE\s0 if it is available in the version of
+to want to use the \*(L"\s-1ACME\*(R" ENGINE\s0 if it is available in the version of
OpenSSL the application was compiled with. If it is available, it should be
-used by default for all \s-1RSA\s0, \s-1DSA\s0, and symmetric cipher operation, otherwise
+used by default for all \s-1RSA, DSA,\s0 and symmetric cipher operation, otherwise
OpenSSL should use its builtin software as per usual. The following code
illustrates how to approach this;
.PP
@@ -574,7 +583,7 @@ so that it can be initialised for use. This could include the path to any
driver or config files it needs to load, required network addresses,
smart-card identifiers, passwords to initialise protected devices,
logging information, etc etc. This class of commands typically needs to be
-passed to an \s-1ENGINE\s0 \fBbefore\fR attempting to initialise it, ie. before
+passed to an \s-1ENGINE \s0\fBbefore\fR attempting to initialise it, ie. before
calling \fIENGINE_init()\fR. The other class of commands consist of settings or
operations that tweak certain behaviour or cause certain operations to take
place, and these commands may work either before or after \fIENGINE_init()\fR, or
@@ -589,8 +598,8 @@ name of the \s-1ENGINE\s0 it wishes to use, a table of string-pairs for use befo
initialisation, and another table for use after initialisation. Note that
the string-pairs used for control commands consist of a command \*(L"name\*(R"
followed by the command \*(L"parameter\*(R" \- the parameter could be \s-1NULL\s0 in some
-cases but the name can not. This function should initialise the \s-1ENGINE\s0
-(issuing the \*(L"pre\*(R" commands beforehand and the \*(L"post\*(R" commands afterwards)
+cases but the name can not. This function should initialise the \s-1ENGINE
+\&\s0(issuing the \*(L"pre\*(R" commands beforehand and the \*(L"post\*(R" commands afterwards)
and set it as the default for everything except \s-1RAND\s0 and then return a
boolean success or failure.
.PP
@@ -639,7 +648,7 @@ failure if the \s-1ENGINE\s0 supported the given command name but failed while
executing it, if the \s-1ENGINE\s0 doesn't support the command name it will simply
return success without doing anything. In this case we assume the user is
only supplying commands specific to the given \s-1ENGINE\s0 so we set this to
-\&\s-1FALSE\s0.
+\&\s-1FALSE.\s0
.PP
\&\fIDiscovering supported control commands\fR
.PP
@@ -647,14 +656,14 @@ It is possible to discover at run-time the names, numerical-ids, descriptions
and input parameters of the control commands supported by an \s-1ENGINE\s0 using a
structural reference. Note that some control commands are defined by OpenSSL
itself and it will intercept and handle these control commands on behalf of the
-\&\s-1ENGINE\s0, ie. the \s-1ENGINE\s0's \fIctrl()\fR handler is not used for the control command.
-openssl/engine.h defines an index, \s-1ENGINE_CMD_BASE\s0, that all control commands
+\&\s-1ENGINE,\s0 ie. the \s-1ENGINE\s0's \fIctrl()\fR handler is not used for the control command.
+openssl/engine.h defines an index, \s-1ENGINE_CMD_BASE,\s0 that all control commands
implemented by ENGINEs should be numbered from. Any command value lower than
this symbol is considered a \*(L"generic\*(R" command is handled directly by the
OpenSSL core routines.
.PP
It is using these \*(L"core\*(R" control commands that one can discover the control
-commands implemented by a given \s-1ENGINE\s0, specifically the commands;
+commands implemented by a given \s-1ENGINE,\s0 specifically the commands;
.PP
.Vb 9
\& #define ENGINE_HAS_CTRL_FUNCTION 10
@@ -693,7 +702,7 @@ OpenSSL framework code will work with the following rules;
.PP
If the \s-1ENGINE\s0's array of control commands is empty then all other commands will
fail, otherwise; \s-1ENGINE_CTRL_GET_FIRST_CMD_TYPE\s0 returns the identifier of
-the first command supported by the \s-1ENGINE\s0, \s-1ENGINE_GET_NEXT_CMD_TYPE\s0 takes the
+the first command supported by the \s-1ENGINE, ENGINE_GET_NEXT_CMD_TYPE\s0 takes the
identifier of a command supported by the \s-1ENGINE\s0 and returns the next command
identifier or fails if there are no more, \s-1ENGINE_CMD_FROM_NAME\s0 takes a string
name for a command and returns the corresponding identifier or fails if no such
@@ -714,18 +723,18 @@ possible values;
If the \s-1ENGINE_CMD_FLAG_INTERNAL\s0 flag is set, then any other flags are purely
informational to the caller \- this flag will prevent the command being usable
for any higher-level \s-1ENGINE\s0 functions such as \fIENGINE_ctrl_cmd_string()\fR.
-\&\*(L"\s-1INTERNAL\s0\*(R" commands are not intended to be exposed to text-based configuration
+\&\*(L"\s-1INTERNAL\*(R"\s0 commands are not intended to be exposed to text-based configuration
by applications, administrations, users, etc. These can support arbitrary
operations via \fIENGINE_ctrl()\fR, including passing to and/or from the control
commands data of any arbitrary type. These commands are supported in the
discovery mechanisms simply to allow applications determinie if an \s-1ENGINE\s0
supports certain specific commands it might want to use (eg. application \*(L"foo\*(R"
-might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\s0\*(R" \-
+might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\*(R" \-\s0
and \s-1ENGINE\s0 could therefore decide whether or not to support this \*(L"foo\*(R"\-specific
extension).
.SS "Future developments"
.IX Subsection "Future developments"
-The \s-1ENGINE\s0 \s-1API\s0 and internal architecture is currently being reviewed. Slated for
+The \s-1ENGINE API\s0 and internal architecture is currently being reviewed. Slated for
possible release in 0.9.8 is support for transparent loading of \*(L"dynamic\*(R"
ENGINEs (built as self-contained shared-libraries). This would allow \s-1ENGINE\s0
implementations to be provided independently of OpenSSL libraries and/or
diff --git a/secure/lib/libcrypto/man/err.3 b/secure/lib/libcrypto/man/err.3
index 52835d4..71ed4a3 100644
--- a/secure/lib/libcrypto/man/err.3
+++ b/secure/lib/libcrypto/man/err.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "err 3"
-.TH err 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH err 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -202,8 +211,8 @@ new error codes to OpenSSL or add error codes from external libraries.
.SS "Reporting errors"
.IX Subsection "Reporting errors"
Each sub-library has a specific macro \fIXXXerr()\fR that is used to report
-errors. Its first argument is a function code \fB\s-1XXX_F_\s0...\fR, the second
-argument is a reason code \fB\s-1XXX_R_\s0...\fR. Function codes are derived
+errors. Its first argument is a function code \fB\s-1XXX_F_...\s0\fR, the second
+argument is a reason code \fB\s-1XXX_R_...\s0\fR. Function codes are derived
from the function names; reason codes consist of textual error
descriptions. For example, the function \fIssl23_read()\fR reports a
\&\*(L"handshake failure\*(R" as follows:
@@ -216,7 +225,7 @@ Function and reason codes should consist of upper case characters,
numbers and underscores only. The error file generation script translates
function codes into function names by looking in the header files
for an appropriate function name, if none is found it just uses
-the capitalized form such as \*(L"\s-1SSL23_READ\s0\*(R" in the above example.
+the capitalized form such as \*(L"\s-1SSL23_READ\*(R"\s0 in the above example.
.PP
The trailing section of a reason code (after the \*(L"_R_\*(R") is translated
into lower case and underscores changed to spaces.
@@ -267,7 +276,7 @@ Typically it will initially look like this:
\& /* BEGIN ERROR CODES */
.Ve
.PP
-The \fB\s-1BEGIN\s0 \s-1ERROR\s0 \s-1CODES\s0\fR sequence is used by the error code
+The \fB\s-1BEGIN ERROR CODES\s0\fR sequence is used by the error code
generation script as the point to place new error codes, any text
after this point will be overwritten when \fBmake errors\fR is run.
The closing #endif etc will be automatically added by the script.
diff --git a/secure/lib/libcrypto/man/evp.3 b/secure/lib/libcrypto/man/evp.3
index 93c1328..3364eab 100644
--- a/secure/lib/libcrypto/man/evp.3
+++ b/secure/lib/libcrypto/man/evp.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "evp 3"
-.TH evp 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH evp 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/hmac.3 b/secure/lib/libcrypto/man/hmac.3
index 3f48c7f..799a0ee 100644
--- a/secure/lib/libcrypto/man/hmac.3
+++ b/secure/lib/libcrypto/man/hmac.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "hmac 3"
-.TH hmac 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH hmac 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -155,7 +164,7 @@ authentication code
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\s-1HMAC\s0 is a \s-1MAC\s0 (message authentication code), i.e. a keyed hash
+\&\s-1HMAC\s0 is a \s-1MAC \s0(message authentication code), i.e. a keyed hash
function used for message authentication, which is based on a hash
function.
.PP
@@ -165,7 +174,7 @@ function.
.PP
It places the result in \fBmd\fR (which must have space for the output of
the hash function, which is no more than \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes).
-If \fBmd\fR is \s-1NULL\s0, the digest is placed in a static array. The size of
+If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static array. The size of
the output is placed in \fBmd_len\fR, unless it is \fB\s-1NULL\s0\fR.
.PP
\&\fBevp_md\fR can be \fIEVP_sha1()\fR, \fIEVP_ripemd160()\fR etc.
@@ -189,7 +198,7 @@ long. It is deprecated and only included for backward compatibility
with OpenSSL 0.9.6b.
.PP
\&\fIHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use
-the function \fBevp_md\fR and key \fBkey\fR. Either can be \s-1NULL\s0, in which
+the function \fBevp_md\fR and key \fBkey\fR. Either can be \s-1NULL,\s0 in which
case the existing one will be reused. \fIHMAC_CTX_init()\fR must have been
called before the first use of an \fB\s-1HMAC_CTX\s0\fR in this
function. \fBN.B. \f(BIHMAC_Init()\fB had this undocumented behaviour in
@@ -212,7 +221,7 @@ an error occurred.
\&\fIHMAC_CTX_init()\fR and \fIHMAC_CTX_cleanup()\fR do not return values.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1RFC\s0 2104
+\&\s-1RFC 2104\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIsha\fR\|(3), \fIevp\fR\|(3)
diff --git a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
index dd0d263..2f81800 100644
--- a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
+++ b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "i2d_CMS_bio_stream 3"
-.TH i2d_CMS_bio_stream 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH i2d_CMS_bio_stream 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
index 11642b3..7e4c36e 100644
--- a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
+++ b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "i2d_PKCS7_bio_stream 3"
-.TH i2d_PKCS7_bio_stream 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH i2d_PKCS7_bio_stream 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/lh_stats.3 b/secure/lib/libcrypto/man/lh_stats.3
index 56e08c9..74b746c 100644
--- a/secure/lib/libcrypto/man/lh_stats.3
+++ b/secure/lib/libcrypto/man/lh_stats.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "lh_stats 3"
-.TH lh_stats 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH lh_stats 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/lhash.3 b/secure/lib/libcrypto/man/lhash.3
index 52b7b0e..9baf39e 100644
--- a/secure/lib/libcrypto/man/lhash.3
+++ b/secure/lib/libcrypto/man/lhash.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "lhash 3"
-.TH lhash 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH lhash 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -357,7 +366,7 @@ the wrapper functions without \*(L"const\*(R" types.
Callers that only have \*(L"const\*(R" access to data they're indexing in a
table, yet declare callbacks without constant types (or cast the
\&\*(L"const\*(R" away themselves), are therefore creating their own risks/bugs
-without being encouraged to do so by the \s-1API\s0. On a related note,
+without being encouraged to do so by the \s-1API. \s0 On a related note,
those auditing code should pay special attention to any instances of
DECLARE/IMPLEMENT_LHASH_DOALL_[\s-1ARG_\s0]_FN macros that provide types
without any \*(L"const\*(R" qualifiers.
@@ -422,8 +431,8 @@ The \fBlhash\fR library is available in all versions of SSLeay and OpenSSL.
This manpage is derived from the SSLeay documentation.
.PP
In OpenSSL 0.9.7, all lhash functions that were passed function pointers
-were changed for better type safety, and the function types \s-1LHASH_COMP_FN_TYPE\s0,
-\&\s-1LHASH_HASH_FN_TYPE\s0, \s-1LHASH_DOALL_FN_TYPE\s0 and \s-1LHASH_DOALL_ARG_FN_TYPE\s0
+were changed for better type safety, and the function types \s-1LHASH_COMP_FN_TYPE,
+LHASH_HASH_FN_TYPE, LHASH_DOALL_FN_TYPE\s0 and \s-1LHASH_DOALL_ARG_FN_TYPE \s0
became available.
.PP
In OpenSSL 1.0.0, the lhash interface was revamped for even better
diff --git a/secure/lib/libcrypto/man/md5.3 b/secure/lib/libcrypto/man/md5.3
index 387b70a..9fd974b 100644
--- a/secure/lib/libcrypto/man/md5.3
+++ b/secure/lib/libcrypto/man/md5.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "md5 3"
-.TH md5 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH md5 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -169,12 +178,12 @@ MD4_Final, MD5_Init, MD5_Update, MD5_Final \- MD2, MD4, and MD5 hash functions
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 are cryptographic hash functions with a 128 bit output.
+\&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are cryptographic hash functions with a 128 bit output.
.PP
-\&\s-1\fIMD2\s0()\fR, \s-1\fIMD4\s0()\fR, and \s-1\fIMD5\s0()\fR compute the \s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 message digest
+\&\s-1\fIMD2\s0()\fR, \s-1\fIMD4\s0()\fR, and \s-1\fIMD5\s0()\fR compute the \s-1MD2, MD4,\s0 and \s-1MD5\s0 message digest
of the \fBn\fR bytes at \fBd\fR and place it in \fBmd\fR (which must have space
for \s-1MD2_DIGEST_LENGTH\s0 == \s-1MD4_DIGEST_LENGTH\s0 == \s-1MD5_DIGEST_LENGTH\s0 == 16
-bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest is placed in a static
+bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest is placed in a static
array.
.PP
The following functions may be used if the message is not completely
@@ -196,7 +205,7 @@ Applications should use the higher level functions
etc. instead of calling the hash functions directly.
.SH "NOTE"
.IX Header "NOTE"
-\&\s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 are recommended only for compatibility with existing
+\&\s-1MD2, MD4,\s0 and \s-1MD5\s0 are recommended only for compatibility with existing
applications. In new applications, \s-1SHA\-1\s0 or \s-1RIPEMD\-160\s0 should be
preferred.
.SH "RETURN VALUES"
@@ -208,7 +217,7 @@ preferred.
success, 0 otherwise.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1RFC\s0 1319, \s-1RFC\s0 1320, \s-1RFC\s0 1321
+\&\s-1RFC 1319, RFC 1320, RFC 1321\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIsha\fR\|(3), \fIripemd\fR\|(3), \fIEVP_DigestInit\fR\|(3)
diff --git a/secure/lib/libcrypto/man/mdc2.3 b/secure/lib/libcrypto/man/mdc2.3
index 1fb1020..d780902 100644
--- a/secure/lib/libcrypto/man/mdc2.3
+++ b/secure/lib/libcrypto/man/mdc2.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "mdc2 3"
-.TH mdc2 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH mdc2 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,11 +157,11 @@ MDC2, MDC2_Init, MDC2_Update, MDC2_Final \- MDC2 hash function
.IX Header "DESCRIPTION"
\&\s-1MDC2\s0 is a method to construct hash functions with 128 bit output from
block ciphers. These functions are an implementation of \s-1MDC2\s0 with
-\&\s-1DES\s0.
+\&\s-1DES.\s0
.PP
\&\s-1\fIMDC2\s0()\fR computes the \s-1MDC2\s0 message digest of the \fBn\fR
bytes at \fBd\fR and places it in \fBmd\fR (which must have space for
-\&\s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest
+\&\s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest
is placed in a static array.
.PP
The following functions may be used if the message is not completely
@@ -176,7 +185,7 @@ hash functions directly.
\&\fIMDC2_Init()\fR, \fIMDC2_Update()\fR and \fIMDC2_Final()\fR return 1 for success, 0 otherwise.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1ISO/IEC\s0 10118\-2, with \s-1DES\s0
+\&\s-1ISO/IEC 10118\-2,\s0 with \s-1DES\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIsha\fR\|(3), \fIEVP_DigestInit\fR\|(3)
diff --git a/secure/lib/libcrypto/man/pem.3 b/secure/lib/libcrypto/man/pem.3
index 1a660e9..c024fed 100644
--- a/secure/lib/libcrypto/man/pem.3
+++ b/secure/lib/libcrypto/man/pem.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "pem 3"
-.TH pem 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH pem 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -313,7 +322,7 @@ this sense \s-1PEM\s0 format is simply base64 encoded data surrounded
by header lines.
.PP
For more details about the meaning of arguments see the
-\&\fB\s-1PEM\s0 \s-1FUNCTION\s0 \s-1ARGUMENTS\s0\fR section.
+\&\fB\s-1PEM FUNCTION ARGUMENTS\s0\fR section.
.PP
Each operation has four functions associated with it. For
clarity the term "\fBfoobar\fR functions" will be used to collectively
@@ -338,7 +347,7 @@ encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead.
also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however
it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm
to use is specified in the \fBnid\fR parameter and should be the \s-1NID\s0 of the
-corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 (see \s-1NOTES\s0 section).
+corresponding \s-1OBJECT IDENTIFIER \s0(see \s-1NOTES\s0 section).
.PP
The \fB\s-1PUBKEY\s0\fR functions process a public key using an \s-1EVP_PKEY\s0
structure. The public key is encoded as a SubjectPublicKeyInfo
@@ -346,7 +355,7 @@ structure.
.PP
The \fBRSAPrivateKey\fR functions process an \s-1RSA\s0 private key using an
\&\s-1RSA\s0 structure. It handles the same formats as the \fBPrivateKey\fR
-functions but an error occurs if the private key is not \s-1RSA\s0.
+functions but an error occurs if the private key is not \s-1RSA.\s0
.PP
The \fBRSAPublicKey\fR functions process an \s-1RSA\s0 public key using an
\&\s-1RSA\s0 structure. The public key is encoded using a PKCS#1 RSAPublicKey
@@ -355,16 +364,16 @@ structure.
The \fB\s-1RSA_PUBKEY\s0\fR functions also process an \s-1RSA\s0 public key using
an \s-1RSA\s0 structure. However the public key is encoded using a
SubjectPublicKeyInfo structure and an error occurs if the public
-key is not \s-1RSA\s0.
+key is not \s-1RSA.\s0
.PP
The \fBDSAPrivateKey\fR functions process a \s-1DSA\s0 private key using a
\&\s-1DSA\s0 structure. It handles the same formats as the \fBPrivateKey\fR
-functions but an error occurs if the private key is not \s-1DSA\s0.
+functions but an error occurs if the private key is not \s-1DSA.\s0
.PP
The \fB\s-1DSA_PUBKEY\s0\fR functions process a \s-1DSA\s0 public key using
a \s-1DSA\s0 structure. The public key is encoded using a
SubjectPublicKeyInfo structure and an error occurs if the public
-key is not \s-1DSA\s0.
+key is not \s-1DSA.\s0
.PP
The \fBDSAparams\fR functions process \s-1DSA\s0 parameters using a \s-1DSA\s0
structure. The parameters are encoded using a foobar structure.
@@ -382,8 +391,8 @@ an X509 structure.
.PP
The \fBX509_REQ\fR and \fBX509_REQ_NEW\fR functions process a PKCS#10
certificate request using an X509_REQ structure. The \fBX509_REQ\fR
-write functions use \fB\s-1CERTIFICATE\s0 \s-1REQUEST\s0\fR in the header whereas
-the \fBX509_REQ_NEW\fR functions use \fB\s-1NEW\s0 \s-1CERTIFICATE\s0 \s-1REQUEST\s0\fR
+write functions use \fB\s-1CERTIFICATE REQUEST\s0\fR in the header whereas
+the \fBX509_REQ_NEW\fR functions use \fB\s-1NEW CERTIFICATE REQUEST\s0\fR
(as required by some CAs). The \fBX509_REQ\fR read functions will
handle either form so there are no \fBX509_REQ_NEW\fR read functions.
.PP
@@ -453,7 +462,7 @@ an error occurred.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Although the \s-1PEM\s0 routines take several arguments in almost all applications
-most of them are set to 0 or \s-1NULL\s0.
+most of them are set to 0 or \s-1NULL.\s0
.PP
Read a certificate in \s-1PEM\s0 format from a \s-1BIO:\s0
.PP
diff --git a/secure/lib/libcrypto/man/rand.3 b/secure/lib/libcrypto/man/rand.3
index fc246c1..b8f2c13 100644
--- a/secure/lib/libcrypto/man/rand.3
+++ b/secure/lib/libcrypto/man/rand.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "rand 3"
-.TH rand 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH rand 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -163,8 +172,8 @@ rand \- pseudo\-random number generator
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-Since the introduction of the \s-1ENGINE\s0 \s-1API\s0, the recommended way of controlling
-default implementations is by using the \s-1ENGINE\s0 \s-1API\s0 functions. The default
+Since the introduction of the \s-1ENGINE API,\s0 the recommended way of controlling
+default implementations is by using the \s-1ENGINE API\s0 functions. The default
\&\fB\s-1RAND_METHOD\s0\fR, as set by \fIRAND_set_rand_method()\fR and returned by
\&\fIRAND_get_rand_method()\fR, is only used if no \s-1ENGINE\s0 has been set as the default
\&\*(L"rand\*(R" implementation. Hence, these two functions are no longer the recommened
@@ -188,7 +197,7 @@ described in \fIRAND_add\fR\|(3). Its state can be saved in a seed file
seeding process whenever the application is started.
.PP
\&\fIRAND_bytes\fR\|(3) describes how to obtain random data from the
-\&\s-1PRNG\s0.
+\&\s-1PRNG. \s0
.SH "INTERNALS"
.IX Header "INTERNALS"
The \fIRAND_SSLeay()\fR method implements a \s-1PRNG\s0 based on a cryptographic
@@ -197,9 +206,9 @@ hash function.
The following description of its design is based on the SSLeay
documentation:
.PP
-First up I will state the things I believe I need for a good \s-1RNG\s0.
+First up I will state the things I believe I need for a good \s-1RNG.\s0
.IP "1." 4
-A good hashing algorithm to mix things up and to convert the \s-1RNG\s0 'state'
+A good hashing algorithm to mix things up and to convert the \s-1RNG \s0'state'
to random numbers.
.IP "2." 4
An initial source of random 'state'.
@@ -251,7 +260,7 @@ believe this system addresses points 1 (hash function; currently
\&\s-1SHA\-1\s0), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash
function and xor).
.PP
-When bytes are extracted from the \s-1RNG\s0, the following process is used.
+When bytes are extracted from the \s-1RNG,\s0 the following process is used.
For each group of 10 bytes (or less), we do the following:
.PP
Input into the hash function the local 'md' (which is initialized from
diff --git a/secure/lib/libcrypto/man/rc4.3 b/secure/lib/libcrypto/man/rc4.3
index 31ba03f..05f1af8 100644
--- a/secure/lib/libcrypto/man/rc4.3
+++ b/secure/lib/libcrypto/man/rc4.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "rc4 3"
-.TH rc4 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH rc4 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ripemd.3 b/secure/lib/libcrypto/man/ripemd.3
index 05a4f49..8da6eb9 100644
--- a/secure/lib/libcrypto/man/ripemd.3
+++ b/secure/lib/libcrypto/man/ripemd.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ripemd 3"
-.TH ripemd 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ripemd 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -152,7 +161,7 @@ RIPEMD\-160 hash function
.PP
\&\s-1\fIRIPEMD160\s0()\fR computes the \s-1RIPEMD\-160\s0 message digest of the \fBn\fR
bytes at \fBd\fR and places it in \fBmd\fR (which must have space for
-\&\s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest
+\&\s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest
is placed in a static array.
.PP
The following functions may be used if the message is not completely
@@ -178,7 +187,7 @@ hash functions directly.
success, 0 otherwise.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1ISO/IEC\s0 10118\-3 (draft) (??)
+\&\s-1ISO/IEC 10118\-3 \s0(draft) (??)
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIsha\fR\|(3), \fIhmac\fR\|(3), \fIEVP_DigestInit\fR\|(3)
diff --git a/secure/lib/libcrypto/man/rsa.3 b/secure/lib/libcrypto/man/rsa.3
index 2e8f9b4..72fe658 100644
--- a/secure/lib/libcrypto/man/rsa.3
+++ b/secure/lib/libcrypto/man/rsa.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "rsa 3"
-.TH rsa 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH rsa 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -191,7 +200,7 @@ rsa \- RSA public key cryptosystem
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions implement \s-1RSA\s0 public key encryption and signatures
-as defined in \s-1PKCS\s0 #1 v2.0 [\s-1RFC\s0 2437].
+as defined in \s-1PKCS\s0 #1 v2.0 [\s-1RFC 2437\s0].
.PP
The \fB\s-1RSA\s0\fR structure consists of several \s-1BIGNUM\s0 components. It can
contain public as well as private \s-1RSA\s0 keys:
@@ -228,7 +237,7 @@ structure elements directly and instead use \s-1API\s0 functions to query or
modify keys.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0
+\&\s-1SSL, PKCS\s0 #1 v2.0
.SH "PATENTS"
.IX Header "PATENTS"
\&\s-1RSA\s0 was covered by a \s-1US\s0 patent which expired in September 2000.
diff --git a/secure/lib/libcrypto/man/sha.3 b/secure/lib/libcrypto/man/sha.3
index 2d62a69..96e049a 100644
--- a/secure/lib/libcrypto/man/sha.3
+++ b/secure/lib/libcrypto/man/sha.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "sha 3"
-.TH sha 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH sha 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -146,12 +155,12 @@ SHA1, SHA1_Init, SHA1_Update, SHA1_Final \- Secure Hash Algorithm
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\s-1SHA\-1\s0 (Secure Hash Algorithm) is a cryptographic hash function with a
+\&\s-1SHA\-1 \s0(Secure Hash Algorithm) is a cryptographic hash function with a
160 bit output.
.PP
\&\s-1\fISHA1\s0()\fR computes the \s-1SHA\-1\s0 message digest of the \fBn\fR
bytes at \fBd\fR and places it in \fBmd\fR (which must have space for
-\&\s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest
+\&\s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL,\s0 the digest
is placed in a static array.
.PP
The following functions may be used if the message is not completely
@@ -169,7 +178,7 @@ Applications should use the higher level functions
\&\fIEVP_DigestInit\fR\|(3)
etc. instead of calling the hash functions directly.
.PP
-The predecessor of \s-1SHA\-1\s0, \s-1SHA\s0, is also implemented, but it should be
+The predecessor of \s-1SHA\-1, SHA,\s0 is also implemented, but it should be
used only when backward compatibility is required.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
@@ -178,11 +187,11 @@ used only when backward compatibility is required.
\&\fISHA1_Init()\fR, \fISHA1_Update()\fR and \fISHA1_Final()\fR return 1 for success, 0 otherwise.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1SHA:\s0 \s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 \s-1PUB\s0 180 (Secure Hash
+\&\s-1SHA: US\s0 Federal Information Processing Standard \s-1FIPS PUB 180 \s0(Secure Hash
Standard),
-\&\s-1SHA\-1:\s0 \s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 \s-1PUB\s0 180\-1 (Secure Hash
+\&\s-1SHA\-1: US\s0 Federal Information Processing Standard \s-1FIPS PUB 180\-1 \s0(Secure Hash
Standard),
-\&\s-1ANSI\s0 X9.30
+\&\s-1ANSI X9.30\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIripemd\fR\|(3), \fIhmac\fR\|(3), \fIEVP_DigestInit\fR\|(3)
diff --git a/secure/lib/libcrypto/man/threads.3 b/secure/lib/libcrypto/man/threads.3
index 78ef432..f4fa194 100644
--- a/secure/lib/libcrypto/man/threads.3
+++ b/secure/lib/libcrypto/man/threads.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "threads 3"
-.TH threads 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH threads 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ui.3 b/secure/lib/libcrypto/man/ui.3
index e07c530..743a9eb 100644
--- a/secure/lib/libcrypto/man/ui.3
+++ b/secure/lib/libcrypto/man/ui.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ui 3"
-.TH ui 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ui 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -201,9 +210,9 @@ prompt the user for text-based information. Through user-written methods
imaginable, be it plain text prompting, through dialog boxes or from a
cell phone.
.PP
-All the functions work through a context of the type \s-1UI\s0. This context
+All the functions work through a context of the type \s-1UI. \s0 This context
contains all the information needed to prompt correctly as well as a
-reference to a \s-1UI_METHOD\s0, which is an ordered vector of functions that
+reference to a \s-1UI_METHOD,\s0 which is an ordered vector of functions that
carry out the actual prompting.
.PP
The first thing to do is to create a \s-1UI\s0 with \fIUI_new()\fR or \fIUI_new_method()\fR,
@@ -222,10 +231,10 @@ result with \fIUI_get0_result()\fR.
The functions are as follows:
.PP
\&\fIUI_new()\fR creates a new \s-1UI\s0 using the default \s-1UI\s0 method. When done with
-this \s-1UI\s0, it should be freed using \fIUI_free()\fR.
+this \s-1UI,\s0 it should be freed using \fIUI_free()\fR.
.PP
\&\fIUI_new_method()\fR creates a new \s-1UI\s0 using the given \s-1UI\s0 method. When done with
-this \s-1UI\s0, it should be freed using \fIUI_free()\fR.
+this \s-1UI,\s0 it should be freed using \fIUI_free()\fR.
.PP
\&\fIUI_OpenSSL()\fR returns the built-in \s-1UI\s0 method (note: not the default one,
since the default can be changed. See further on). This method is the
@@ -235,7 +244,7 @@ most problems when porting.
\&\fIUI_free()\fR removes a \s-1UI\s0 from memory, along with all other pieces of memory
that's connected to it, like duplicated input strings, results and others.
.PP
-\&\fIUI_add_input_string()\fR and \fIUI_add_verify_string()\fR add a prompt to the \s-1UI\s0,
+\&\fIUI_add_input_string()\fR and \fIUI_add_verify_string()\fR add a prompt to the \s-1UI,\s0
as well as flags and a result buffer and the desired minimum and maximum
sizes of the result. The given information is used to prompt for
information, for example a password, and to verify a password (i.e. having
@@ -257,10 +266,10 @@ The difference between the two is only conceptual. With the builtin method,
there's no technical difference between them. Other methods may make a
difference between them, however.
.PP
-The flags currently supported are \s-1UI_INPUT_FLAG_ECHO\s0, which is relevant for
+The flags currently supported are \s-1UI_INPUT_FLAG_ECHO,\s0 which is relevant for
\&\fIUI_add_input_string()\fR and will have the users response be echoed (when
prompting for a password, this flag should obviously not be used, and
-\&\s-1UI_INPUT_FLAG_DEFAULT_PWD\s0, which means that a default password of some
+\&\s-1UI_INPUT_FLAG_DEFAULT_PWD,\s0 which means that a default password of some
sort will be used (completely depending on the application and the \s-1UI\s0
method).
.PP
@@ -293,18 +302,18 @@ the information indexed by \fIi\fR.
and prompting and returns.
.PP
\&\fIUI_ctrl()\fR adds extra control for the application author. For now, it
-understands two commands: \s-1UI_CTRL_PRINT_ERRORS\s0, which makes \fIUI_process()\fR
-print the OpenSSL error stack as part of processing the \s-1UI\s0, and
-\&\s-1UI_CTRL_IS_REDOABLE\s0, which returns a flag saying if the used \s-1UI\s0 can
+understands two commands: \s-1UI_CTRL_PRINT_ERRORS,\s0 which makes \fIUI_process()\fR
+print the OpenSSL error stack as part of processing the \s-1UI,\s0 and
+\&\s-1UI_CTRL_IS_REDOABLE,\s0 which returns a flag saying if the used \s-1UI\s0 can
be used again or not.
.PP
\&\fIUI_set_default_method()\fR changes the default \s-1UI\s0 method to the one given.
.PP
\&\fIUI_get_default_method()\fR returns a pointer to the current default \s-1UI\s0 method.
.PP
-\&\fIUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI\s0.
+\&\fIUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI.\s0
.PP
-\&\fIUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI\s0.
+\&\fIUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI.\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIui_create\fR\|(3), \fIui_compat\fR\|(3)
diff --git a/secure/lib/libcrypto/man/ui_compat.3 b/secure/lib/libcrypto/man/ui_compat.3
index b6cb7a9..db48056 100644
--- a/secure/lib/libcrypto/man/ui_compat.3
+++ b/secure/lib/libcrypto/man/ui_compat.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ui_compat 3"
-.TH ui_compat 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ui_compat 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +156,7 @@ Compatibility user interface functions
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1DES\s0 library contained a few routines to prompt for passwords. These
-aren't necessarely dependent on \s-1DES\s0, and have therefore become part of the
+aren't necessarely dependent on \s-1DES,\s0 and have therefore become part of the
\&\s-1UI\s0 compatibility library.
.PP
\&\fIdes_read_pw()\fR writes the string specified by \fIprompt\fR to standard output
diff --git a/secure/lib/libcrypto/man/x509.3 b/secure/lib/libcrypto/man/x509.3
index 85c3ad0..dd25420 100644
--- a/secure/lib/libcrypto/man/x509.3
+++ b/secure/lib/libcrypto/man/x509.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "x509 3"
-.TH x509 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH x509 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -139,15 +148,15 @@ x509 \- X.509 certificate handling
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
A X.509 certificate is a structured grouping of information about
-an individual, a device, or anything one can imagine. A X.509 \s-1CRL\s0
-(certificate revocation list) is a tool to help determine if a
+an individual, a device, or anything one can imagine. A X.509 \s-1CRL
+\&\s0(certificate revocation list) is a tool to help determine if a
certificate is still valid. The exact definition of those can be
-found in the X.509 document from ITU-T, or in \s-1RFC3280\s0 from \s-1PKIX\s0.
+found in the X.509 document from ITU-T, or in \s-1RFC3280\s0 from \s-1PKIX.\s0
In OpenSSL, the type X509 is used to express such a certificate, and
-the type X509_CRL is used to express a \s-1CRL\s0.
+the type X509_CRL is used to express a \s-1CRL.\s0
.PP
A related structure is a certificate request, defined in PKCS#10 from
-\&\s-1RSA\s0 Security, Inc, also reflected in \s-1RFC2896\s0. In OpenSSL, the type
+\&\s-1RSA\s0 Security, Inc, also reflected in \s-1RFC2896. \s0 In OpenSSL, the type
X509_REQ is used to express such a certificate request.
.PP
To handle some complex parts of a certificate, there are the types
@@ -155,7 +164,7 @@ X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express
a certificate attributes), X509_EXTENSION (to express a certificate
extension) and a few more.
.PP
-Finally, there's the supertype X509_INFO, which can contain a \s-1CRL\s0, a
+Finally, there's the supertype X509_INFO, which can contain a \s-1CRL,\s0 a
certificate and a corresponding private key.
.PP
\&\fBX509_\fR\fI...\fR, \fBd2i_X509_\fR\fI...\fR and \fBi2d_X509_\fR\fI...\fR handle X.509
diff --git a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 b/secure/lib/libssl/man/SSL_CIPHER_get_name.3
index fbeb0e3..b5678ae 100644
--- a/secure/lib/libssl/man/SSL_CIPHER_get_name.3
+++ b/secure/lib/libssl/man/SSL_CIPHER_get_name.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CIPHER_get_name 3"
-.TH SSL_CIPHER_get_name 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CIPHER_get_name 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -144,24 +153,24 @@ SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_des
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fISSL_CIPHER_get_name()\fR returns a pointer to the name of \fBcipher\fR. If the
-argument is the \s-1NULL\s0 pointer, a pointer to the constant value \*(L"\s-1NONE\s0\*(R" is
+argument is the \s-1NULL\s0 pointer, a pointer to the constant value \*(L"\s-1NONE\*(R"\s0 is
returned.
.PP
\&\fISSL_CIPHER_get_bits()\fR returns the number of secret bits used for \fBcipher\fR. If
-\&\fBalg_bits\fR is not \s-1NULL\s0, it contains the number of bits processed by the
-chosen algorithm. If \fBcipher\fR is \s-1NULL\s0, 0 is returned.
+\&\fBalg_bits\fR is not \s-1NULL,\s0 it contains the number of bits processed by the
+chosen algorithm. If \fBcipher\fR is \s-1NULL, 0\s0 is returned.
.PP
\&\fISSL_CIPHER_get_version()\fR returns string which indicates the \s-1SSL/TLS\s0 protocol
version that first defined the cipher.
This is currently \fBSSLv2\fR or \fBTLSv1/SSLv3\fR.
In some cases it should possibly return \*(L"TLSv1.2\*(R" but does not;
use \fISSL_CIPHER_description()\fR instead.
-If \fBcipher\fR is \s-1NULL\s0, \*(L"(\s-1NONE\s0)\*(R" is returned.
+If \fBcipher\fR is \s-1NULL, \*(L"\s0(\s-1NONE\s0)\*(R" is returned.
.PP
\&\fISSL_CIPHER_description()\fR returns a textual description of the cipher used
into the buffer \fBbuf\fR of length \fBlen\fR provided. \fBlen\fR must be at least
128 bytes, otherwise a pointer to the string \*(L"Buffer too small\*(R" is
-returned. If \fBbuf\fR is \s-1NULL\s0, a buffer of 128 bytes is allocated using
+returned. If \fBbuf\fR is \s-1NULL,\s0 a buffer of 128 bytes is allocated using
\&\fIOPENSSL_malloc()\fR. If the allocation fails, a pointer to the string
\&\*(L"OPENSSL_malloc Error\*(R" is returned.
.SH "NOTES"
@@ -220,7 +229,7 @@ A comp[lete list can be retrieved by invoking the following command:
.Ve
.SH "BUGS"
.IX Header "BUGS"
-If \fISSL_CIPHER_description()\fR is called with \fBcipher\fR being \s-1NULL\s0, the
+If \fISSL_CIPHER_description()\fR is called with \fBcipher\fR being \s-1NULL,\s0 the
library crashes.
.PP
If \fISSL_CIPHER_description()\fR cannot handle a built-in cipher, the according
diff --git a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
index d498914..97f8c7b 100644
--- a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
+++ b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_COMP_add_compression_method 3"
-.TH SSL_COMP_add_compression_method 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_COMP_add_compression_method 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +156,7 @@ It cannot be set for specific \s-1SSL_CTX\s0 or \s-1SSL\s0 objects.
.SH "NOTES"
.IX Header "NOTES"
The \s-1TLS\s0 standard (or SSLv3) allows the integration of compression methods
-into the communication. The \s-1TLS\s0 \s-1RFC\s0 does however not specify compression
+into the communication. The \s-1TLS RFC\s0 does however not specify compression
methods or their corresponding identifiers, so there is currently no compatible
way to integrate compression with unknown peers. It is therefore currently not
recommended to integrate compression into applications. Applications for
diff --git a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
index d5d6fac..55638cd 100644
--- a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
+++ b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_add_extra_chain_cert 3"
-.TH SSL_CTX_add_extra_chain_cert 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_add_extra_chain_cert 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_add_session.3 b/secure/lib/libssl/man/SSL_CTX_add_session.3
index 778c04a..a0ddc79 100644
--- a/secure/lib/libssl/man/SSL_CTX_add_session.3
+++ b/secure/lib/libssl/man/SSL_CTX_add_session.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_add_session 3"
-.TH SSL_CTX_add_session 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_add_session 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_ctrl.3 b/secure/lib/libssl/man/SSL_CTX_ctrl.3
index 3eef39c..16b4c97 100644
--- a/secure/lib/libssl/man/SSL_CTX_ctrl.3
+++ b/secure/lib/libssl/man/SSL_CTX_ctrl.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_ctrl 3"
-.TH SSL_CTX_ctrl 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_ctrl 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
index 492ac1c..5854cc4 100644
--- a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
+++ b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_flush_sessions 3"
-.TH SSL_CTX_flush_sessions 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_flush_sessions 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_free.3 b/secure/lib/libssl/man/SSL_CTX_free.3
index 5c79b35..4179304 100644
--- a/secure/lib/libssl/man/SSL_CTX_free.3
+++ b/secure/lib/libssl/man/SSL_CTX_free.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_free 3"
-.TH SSL_CTX_free 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_free 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
index 0a677e1..3bf9059 100644
--- a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
+++ b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_get_ex_new_index 3"
-.TH SSL_CTX_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_get_ex_new_index 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
index 118e473..8a42a59 100644
--- a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
+++ b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_get_verify_mode 3"
-.TH SSL_CTX_get_verify_mode 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_get_verify_mode 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
index 1543288..0ab9b01 100644
--- a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
+++ b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_load_verify_locations 3"
-.TH SSL_CTX_load_verify_locations 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_load_verify_locations 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +156,7 @@ which \s-1CA\s0 certificates for verification purposes are located. The certific
available via \fBCAfile\fR and \fBCApath\fR are trusted.
.SH "NOTES"
.IX Header "NOTES"
-If \fBCAfile\fR is not \s-1NULL\s0, it points to a file of \s-1CA\s0 certificates in \s-1PEM\s0
+If \fBCAfile\fR is not \s-1NULL,\s0 it points to a file of \s-1CA\s0 certificates in \s-1PEM\s0
format. The file can contain several \s-1CA\s0 certificates identified by
.PP
.Vb 3
@@ -162,7 +171,7 @@ which can be used e.g. for descriptions of the certificates.
The \fBCAfile\fR is processed on execution of the \fISSL_CTX_load_verify_locations()\fR
function.
.PP
-If \fBCApath\fR is not \s-1NULL\s0, it points to a directory containing \s-1CA\s0 certificates
+If \fBCApath\fR is not \s-1NULL,\s0 it points to a directory containing \s-1CA\s0 certificates
in \s-1PEM\s0 format. The files each contain one \s-1CA\s0 certificate. The files are
looked up by the \s-1CA\s0 subject name hash value, which must hence be available.
If more than one \s-1CA\s0 certificate with the same name hash value exist, the
diff --git a/secure/lib/libssl/man/SSL_CTX_new.3 b/secure/lib/libssl/man/SSL_CTX_new.3
index ab73ce3..6ec1656 100644
--- a/secure/lib/libssl/man/SSL_CTX_new.3
+++ b/secure/lib/libssl/man/SSL_CTX_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_new 3"
-.TH SSL_CTX_new 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_new 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_sess_number.3 b/secure/lib/libssl/man/SSL_CTX_sess_number.3
index 0a5520c..db51182 100644
--- a/secure/lib/libssl/man/SSL_CTX_sess_number.3
+++ b/secure/lib/libssl/man/SSL_CTX_sess_number.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_sess_number 3"
-.TH SSL_CTX_sess_number 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_sess_number 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
index b8c775e..9b41840 100644
--- a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
+++ b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_sess_set_cache_size 3"
-.TH SSL_CTX_sess_set_cache_size 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_sess_set_cache_size 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +156,7 @@ of context \fBctx\fR to \fBt\fR.
\&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid session cache size.
.SH "NOTES"
.IX Header "NOTES"
-The internal session cache size is \s-1SSL_SESSION_CACHE_MAX_SIZE_DEFAULT\s0,
+The internal session cache size is \s-1SSL_SESSION_CACHE_MAX_SIZE_DEFAULT,\s0
currently 1024*20, so that up to 20000 sessions can be held. This size
can be modified using the \fISSL_CTX_sess_set_cache_size()\fR call. A special
case is the size 0, which is used for unlimited size.
diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
index d0e7c48..4ac0ceb 100644
--- a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
+++ b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_sess_set_get_cb 3"
-.TH SSL_CTX_sess_set_get_cb 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_sess_set_get_cb 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_sessions.3 b/secure/lib/libssl/man/SSL_CTX_sessions.3
index a0e9000..ca293ab 100644
--- a/secure/lib/libssl/man/SSL_CTX_sessions.3
+++ b/secure/lib/libssl/man/SSL_CTX_sessions.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_sessions 3"
-.TH SSL_CTX_sessions 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_sessions 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
index 04a9c19..512d1fe 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_cert_store 3"
-.TH SSL_CTX_set_cert_store 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_set_cert_store 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
index 4a43a97..2d45a49 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_cert_verify_callback 3"
-.TH SSL_CTX_set_cert_verify_callback 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_set_cert_verify_callback 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,7 +159,7 @@ function is called. If the application does not explicitly specify a
verification callback function, the built-in verification function is used.
If a verification callback \fIcallback\fR is specified via
\&\fISSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called
-instead. By setting \fIcallback\fR to \s-1NULL\s0, the default behaviour is restored.
+instead. By setting \fIcallback\fR to \s-1NULL,\s0 the default behaviour is restored.
.PP
When the verification must be performed, \fIcallback\fR will be called with
the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The
diff --git a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
index b45446e..90519d5 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_cipher_list 3"
-.TH SSL_CTX_set_cipher_list 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_set_cipher_list 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
index fd89882..9b280e7 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_client_CA_list 3"
-.TH SSL_CTX_set_client_CA_list 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_set_client_CA_list 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
index faa862f..c37a76e 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_client_cert_cb 3"
-.TH SSL_CTX_set_client_cert_cb 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_set_client_cert_cb 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -146,7 +155,7 @@ SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certific
called when a client certificate is requested by a server and no certificate
was yet set for the \s-1SSL\s0 object.
.PP
-When \fB\f(BIclient_cert_cb()\fB\fR is \s-1NULL\s0, no callback function is used.
+When \fB\f(BIclient_cert_cb()\fB\fR is \s-1NULL,\s0 no callback function is used.
.PP
\&\fISSL_CTX_get_client_cert_cb()\fR returns a pointer to the currently set callback
function.
diff --git a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
index 56d0a22..aeaaa66 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_default_passwd_cb 3"
-.TH SSL_CTX_set_default_passwd_cb 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_set_default_passwd_cb 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
index 7c57e97..62cb4e8 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_generate_session_id 3"
-.TH SSL_CTX_set_generate_session_id 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_set_generate_session_id 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
index 072de37..4708272 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_info_callback 3"
-.TH SSL_CTX_set_info_callback 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_set_info_callback 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,11 +157,11 @@ SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL
obtain state information for \s-1SSL\s0 objects created from \fBctx\fR during connection
setup and use. The setting for \fBctx\fR is overridden from the setting for
a specific \s-1SSL\s0 object, if specified.
-When \fBcallback\fR is \s-1NULL\s0, not callback function is used.
+When \fBcallback\fR is \s-1NULL,\s0 not callback function is used.
.PP
\&\fISSL_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to
obtain state information for \fBssl\fR during connection setup and use.
-When \fBcallback\fR is \s-1NULL\s0, the callback setting currently valid for
+When \fBcallback\fR is \s-1NULL,\s0 the callback setting currently valid for
\&\fBctx\fR is used.
.PP
\&\fISSL_CTX_get_info_callback()\fR returns a pointer to the currently set information
@@ -189,25 +198,25 @@ Callback has been called during write operation.
.IP "\s-1SSL_CB_ALERT\s0" 4
.IX Item "SSL_CB_ALERT"
Callback has been called due to an alert being sent or received.
-.IP "\s-1SSL_CB_READ_ALERT\s0 (SSL_CB_ALERT|SSL_CB_READ)" 4
-.IX Item "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)"
+.IP "\s-1SSL_CB_READ_ALERT \s0(SSL_CB_ALERT|SSL_CB_READ)" 4
+.IX Item "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)"
.PD 0
-.IP "\s-1SSL_CB_WRITE_ALERT\s0 (SSL_CB_ALERT|SSL_CB_WRITE)" 4
-.IX Item "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)"
-.IP "\s-1SSL_CB_ACCEPT_LOOP\s0 (SSL_ST_ACCEPT|SSL_CB_LOOP)" 4
-.IX Item "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)"
-.IP "\s-1SSL_CB_ACCEPT_EXIT\s0 (SSL_ST_ACCEPT|SSL_CB_EXIT)" 4
-.IX Item "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)"
-.IP "\s-1SSL_CB_CONNECT_LOOP\s0 (SSL_ST_CONNECT|SSL_CB_LOOP)" 4
-.IX Item "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)"
-.IP "\s-1SSL_CB_CONNECT_EXIT\s0 (SSL_ST_CONNECT|SSL_CB_EXIT)" 4
-.IX Item "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)"
+.IP "\s-1SSL_CB_WRITE_ALERT \s0(SSL_CB_ALERT|SSL_CB_WRITE)" 4
+.IX Item "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)"
+.IP "\s-1SSL_CB_ACCEPT_LOOP \s0(SSL_ST_ACCEPT|SSL_CB_LOOP)" 4
+.IX Item "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)"
+.IP "\s-1SSL_CB_ACCEPT_EXIT \s0(SSL_ST_ACCEPT|SSL_CB_EXIT)" 4
+.IX Item "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)"
+.IP "\s-1SSL_CB_CONNECT_LOOP \s0(SSL_ST_CONNECT|SSL_CB_LOOP)" 4
+.IX Item "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)"
+.IP "\s-1SSL_CB_CONNECT_EXIT \s0(SSL_ST_CONNECT|SSL_CB_EXIT)" 4
+.IX Item "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)"
.IP "\s-1SSL_CB_HANDSHAKE_START\s0" 4
.IX Item "SSL_CB_HANDSHAKE_START"
.PD
Callback has been called because a new handshake is started.
-.IP "\s-1SSL_CB_HANDSHAKE_DONE\s0 0x20" 4
-.IX Item "SSL_CB_HANDSHAKE_DONE 0x20"
+.IP "\s-1SSL_CB_HANDSHAKE_DONE \s0 0x20" 4
+.IX Item "SSL_CB_HANDSHAKE_DONE 0x20"
Callback has been called because a handshake is finished.
.PP
The current state information can be obtained using the
@@ -223,7 +232,7 @@ The \fBret\fR information can be evaluated using the
.SH "EXAMPLES"
.IX Header "EXAMPLES"
The following example callback function prints state strings, information
-about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO\s0.
+about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO.\s0
.PP
.Vb 4
\& void apps_ssl_info_callback(SSL *s, int where, int ret)
diff --git a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
index cdf44ee..a4295de 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_max_cert_list 3"
-.TH SSL_CTX_set_max_cert_list 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_set_max_cert_list 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_mode.3
index 5d3c168..e17d71c 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_mode.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_mode.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_mode 3"
-.TH SSL_CTX_set_mode 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_set_mode 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -175,7 +184,7 @@ non-blocking \fIwrite()\fR.
Never bother the application with retries if the transport is blocking.
If a renegotiation take place during normal operation, a
\&\fISSL_read\fR\|(3) or \fISSL_write\fR\|(3) would return
-with \-1 and indicate the need to retry with \s-1SSL_ERROR_WANT_READ\s0.
+with \-1 and indicate the need to retry with \s-1SSL_ERROR_WANT_READ.\s0
In a non-blocking environment applications must be prepared to handle
incomplete read/write operations.
In a blocking environment, applications are not always prepared to
@@ -184,13 +193,22 @@ flag \s-1SSL_MODE_AUTO_RETRY\s0 will cause read/write operations to only
return after the handshake and successful completion.
.IP "\s-1SSL_MODE_RELEASE_BUFFERS\s0" 4
.IX Item "SSL_MODE_RELEASE_BUFFERS"
-When we no longer need a read buffer or a write buffer for a given \s-1SSL\s0,
+When we no longer need a read buffer or a write buffer for a given \s-1SSL,\s0
then release the memory we were using to hold it. Released memory is
-either appended to a list of unused \s-1RAM\s0 chunks on the \s-1SSL_CTX\s0, or simply
+either appended to a list of unused \s-1RAM\s0 chunks on the \s-1SSL_CTX,\s0 or simply
freed if the list of unused chunks would become longer than
\&\s-1SSL_CTX\-\s0>freelist_max_len, which defaults to 32. Using this flag can
save around 34k per idle \s-1SSL\s0 connection.
This flag has no effect on \s-1SSL\s0 v2 connections, or on \s-1DTLS\s0 connections.
+.IP "\s-1SSL_MODE_SEND_FALLBACK_SCSV\s0" 4
+.IX Item "SSL_MODE_SEND_FALLBACK_SCSV"
+Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello.
+To be set only by applications that reconnect with a downgraded protocol
+version; see draft\-ietf\-tls\-downgrade\-scsv\-00 for details.
+.Sp
+\&\s-1DO NOT ENABLE THIS\s0 if your application attempts a normal handshake.
+Only use this in explicit fallback retries, following the guidance
+in draft\-ietf\-tls\-downgrade\-scsv\-00.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fISSL_CTX_set_mode()\fR and \fISSL_set_mode()\fR return the new mode bitmask
diff --git a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
index 3ee8806..bc953ba 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_msg_callback 3"
-.TH SSL_CTX_set_msg_callback 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_set_msg_callback 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -167,12 +176,12 @@ when a protocol message has been sent.
.IX Item "version"
The protocol version according to which the protocol message is
interpreted by the library. Currently, this is one of
-\&\fB\s-1SSL2_VERSION\s0\fR, \fB\s-1SSL3_VERSION\s0\fR and \fB\s-1TLS1_VERSION\s0\fR (for \s-1SSL\s0 2.0, \s-1SSL\s0
-3.0 and \s-1TLS\s0 1.0, respectively).
+\&\fB\s-1SSL2_VERSION\s0\fR, \fB\s-1SSL3_VERSION\s0\fR and \fB\s-1TLS1_VERSION\s0\fR (for \s-1SSL 2.0, SSL
+3.0\s0 and \s-1TLS 1.0,\s0 respectively).
.IP "\fIcontent_type\fR" 4
.IX Item "content_type"
-In the case of \s-1SSL\s0 2.0, this is always \fB0\fR. In the case of \s-1SSL\s0 3.0
-or \s-1TLS\s0 1.0, this is one of the \fBContentType\fR values defined in the
+In the case of \s-1SSL 2.0,\s0 this is always \fB0\fR. In the case of \s-1SSL 3.0\s0
+or \s-1TLS 1.0,\s0 this is one of the \fBContentType\fR values defined in the
protocol specification (\fBchange_cipher_spec(20)\fR, \fBalert(21)\fR,
\&\fBhandshake(22)\fR; but never \fBapplication_data(23)\fR because the
callback will only be called for protocol messages).
@@ -201,7 +210,7 @@ processed.
.PP
Due to automatic protocol version negotiation, \fIversion\fR is not
necessarily the protocol version used by the sender of the message: If
-a \s-1TLS\s0 1.0 ClientHello message is received by an \s-1SSL\s0 3.0\-only server,
+a \s-1TLS 1.0\s0 ClientHello message is received by an \s-1SSL 3\s0.0\-only server,
\&\fIversion\fR will be \fB\s-1SSL3_VERSION\s0\fR.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
diff --git a/secure/lib/libssl/man/SSL_CTX_set_options.3 b/secure/lib/libssl/man/SSL_CTX_set_options.3
index cc855f7..8363db6 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_options.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_options.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_options 3"
-.TH SSL_CTX_set_options 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_set_options 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -209,8 +218,8 @@ As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect.
\&...
.IP "\s-1SSL_OP_SAFARI_ECDHE_ECDSA_BUG\s0" 4
.IX Item "SSL_OP_SAFARI_ECDHE_ECDSA_BUG"
-Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on \s-1OS\s0 X.
-\&\s-1OS\s0 X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
+Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on \s-1OS X.
+OS X 10.8..10.8.3\s0 has broken support for ECDHE-ECDSA ciphers.
.IP "\s-1SSL_OP_SSLEAY_080_CLIENT_DH_BUG\s0" 4
.IX Item "SSL_OP_SSLEAY_080_CLIENT_DH_BUG"
\&...
@@ -222,7 +231,7 @@ Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on \s-1OS\
\&...
.IP "\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0" 4
.IX Item "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS"
-Disables a countermeasure against a \s-1SSL\s0 3.0/TLS 1.0 protocol
+Disables a countermeasure against a \s-1SSL 3.0/TLS 1.0\s0 protocol
vulnerability affecting \s-1CBC\s0 ciphers, which cannot be handled by some
broken \s-1SSL\s0 implementations. This option has no effect for connections
using other ciphers.
@@ -264,15 +273,7 @@ a new \s-1DH\s0 key during each handshake but it is also recommended.
temporary/ephemeral \s-1DH\s0 parameters are used.
.IP "\s-1SSL_OP_EPHEMERAL_RSA\s0" 4
.IX Item "SSL_OP_EPHEMERAL_RSA"
-Always use ephemeral (temporary) \s-1RSA\s0 key when doing \s-1RSA\s0 operations
-(see \fISSL_CTX_set_tmp_rsa_callback\fR\|(3)).
-According to the specifications this is only done, when a \s-1RSA\s0 key
-can only be used for signature operations (namely under export ciphers
-with restricted \s-1RSA\s0 keylength). By setting this option, ephemeral
-\&\s-1RSA\s0 keys are always used. This option breaks compatibility with the
-\&\s-1SSL/TLS\s0 specifications and may lead to interoperability problems with
-clients and should therefore never be used. Ciphers with \s-1EDH\s0 (ephemeral
-Diffie-Hellman) key exchange should be used instead.
+This option is no longer implemented and is treated as no op.
.IP "\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0" 4
.IX Item "SSL_OP_CIPHER_SERVER_PREFERENCE"
When choosing a cipher, use the server's preferences instead of the client
@@ -318,16 +319,16 @@ not be used by clients or servers.
.IP "\s-1SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION\s0" 4
.IX Item "SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION"
Allow legacy insecure renegotiation between OpenSSL and unpatched clients or
-servers. See the \fB\s-1SECURE\s0 \s-1RENEGOTIATION\s0\fR section for more details.
+servers. See the \fB\s-1SECURE RENEGOTIATION\s0\fR section for more details.
.IP "\s-1SSL_OP_LEGACY_SERVER_CONNECT\s0" 4
.IX Item "SSL_OP_LEGACY_SERVER_CONNECT"
Allow legacy insecure renegotiation between OpenSSL and unpatched servers
\&\fBonly\fR: this option is currently set by default. See the
-\&\fB\s-1SECURE\s0 \s-1RENEGOTIATION\s0\fR section for more details.
+\&\fB\s-1SECURE RENEGOTIATION\s0\fR section for more details.
.SH "SECURE RENEGOTIATION"
.IX Header "SECURE RENEGOTIATION"
OpenSSL 0.9.8m and later always attempts to use secure renegotiation as
-described in \s-1RFC5746\s0. This counters the prefix attack described in
+described in \s-1RFC5746.\s0 This counters the prefix attack described in
\&\s-1CVE\-2009\-3555\s0 and elsewhere.
.PP
The deprecated and highly broken SSLv2 protocol does not support
diff --git a/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
index e71024c..ede6e06 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_psk_client_callback 3"
-.TH SSL_CTX_set_psk_client_callback 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_set_psk_client_callback 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
index 58d51ee..12d3f5a 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_quiet_shutdown 3"
-.TH SSL_CTX_set_quiet_shutdown 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_set_quiet_shutdown 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
index 40f130d..af1df96 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_session_cache_mode 3"
-.TH SSL_CTX_set_session_cache_mode 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_set_session_cache_mode 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -207,10 +216,10 @@ As automatic lookup only applies for \s-1SSL/TLS\s0 servers, the flag has no eff
clients.
.IP "\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0" 4
.IX Item "SSL_SESS_CACHE_NO_INTERNAL_STORE"
-Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER\s0,
+Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER,\s0
sessions negotiated in an \s-1SSL/TLS\s0 handshake may be cached for possible reuse.
Normally a new session is added to the internal cache as well as any external
-session caching (callback) that is configured for the \s-1SSL_CTX\s0. This flag will
+session caching (callback) that is configured for the \s-1SSL_CTX.\s0 This flag will
prevent sessions being stored in the internal cache (though the application can
add them manually using \fISSL_CTX_add_session\fR\|(3)). Note:
in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful
@@ -222,7 +231,7 @@ prevents these additions to the internal cache as well.
Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and
\&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 at the same time.
.PP
-The default mode is \s-1SSL_SESS_CACHE_SERVER\s0.
+The default mode is \s-1SSL_SESS_CACHE_SERVER.\s0
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fISSL_CTX_set_session_cache_mode()\fR returns the previously set cache mode.
diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
index 2c625be..b34ea8d 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_session_id_context 3"
-.TH SSL_CTX_set_session_id_context 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_set_session_id_context 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
index 941b433..b87b5ff 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_ssl_version 3"
-.TH SSL_CTX_set_ssl_version 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_set_ssl_version 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -143,12 +152,12 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects
+\&\fISSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL \s0\fBmethod\fR for \s-1SSL\s0 objects
newly created from this \fBctx\fR. \s-1SSL\s0 objects already created with
\&\fISSL_new\fR\|(3) are not affected, except when
\&\fISSL_clear\fR\|(3) is being called.
.PP
-\&\fISSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR
+\&\fISSL_set_ssl_method()\fR sets a new \s-1TLS/SSL \s0\fBmethod\fR for a particular \fBssl\fR
object. It may be reset, when \fISSL_clear()\fR is called.
.PP
\&\fISSL_get_ssl_method()\fR returns a function pointer to the \s-1TLS/SSL\s0 method
diff --git a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 b/secure/lib/libssl/man/SSL_CTX_set_timeout.3
index c689d95..afd3a09 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_timeout.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_timeout.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_timeout 3"
-.TH SSL_CTX_set_timeout 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_set_timeout 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
index 4b29611..095224c 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_tlsext_ticket_key_cb 3"
-.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -157,7 +166,7 @@ session when session ticket extension is presented in the \s-1TLS\s0 hello
message. It is the responsibility of this function to create or retrieve the
cryptographic parameters and to maintain their state.
.PP
-The OpenSSL library uses your callback function to help implement a common \s-1TLS\s0
+The OpenSSL library uses your callback function to help implement a common \s-1TLS \s0
ticket construction state according to \s-1RFC5077\s0 Section 4 such that per session
state is unnecessary and a small set of cryptographic variables needs to be
maintained by the callback function implementation.
@@ -206,8 +215,8 @@ further processing will occur. The following return values have meaning:
This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can
continue on those parameters. Additionally it indicates that the session
ticket is in a renewal period and should be replaced. The OpenSSL library will
-call \fIcb\fR again with an enc argument of 1 to set the new ticket (see \s-1RFC5077\s0
-3.3 paragraph 2).
+call \fIcb\fR again with an enc argument of 1 to set the new ticket (see \s-1RFC5077
+3.3\s0 paragraph 2).
.IP "1" 4
.IX Item "1"
This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can
diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
index 267ef4e..8f68265 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_tmp_dh_callback 3"
-.TH SSL_CTX_set_tmp_dh_callback 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_set_tmp_dh_callback 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
index 79cf7ea..7595edb 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_tmp_rsa_callback 3"
-.TH SSL_CTX_set_tmp_rsa_callback 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_set_tmp_rsa_callback 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -197,25 +206,18 @@ the \s-1TLS\s0 standard, when the \s-1RSA\s0 key can be used for signing only, t
for export ciphers. Using ephemeral \s-1RSA\s0 key exchange for other purposes
violates the standard and can break interoperability with clients.
It is therefore strongly recommended to not use ephemeral \s-1RSA\s0 key
-exchange and use \s-1EDH\s0 (Ephemeral Diffie-Hellman) key exchange instead
+exchange and use \s-1EDH \s0(Ephemeral Diffie-Hellman) key exchange instead
in order to achieve forward secrecy (see
\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3)).
.PP
-On OpenSSL servers ephemeral \s-1RSA\s0 key exchange is therefore disabled by default
-and must be explicitly enabled using the \s-1SSL_OP_EPHEMERAL_RSA\s0 option of
-\&\fISSL_CTX_set_options\fR\|(3), violating the \s-1TLS/SSL\s0
-standard. When ephemeral \s-1RSA\s0 key exchange is required for export ciphers,
-it will automatically be used without this option!
-.PP
-An application may either directly specify the key or can supply the key via
-a callback function. The callback approach has the advantage, that the
-callback may generate the key only in case it is actually needed. As the
-generation of a \s-1RSA\s0 key is however costly, it will lead to a significant
-delay in the handshake procedure. Another advantage of the callback function
-is that it can supply keys of different size (e.g. for \s-1SSL_OP_EPHEMERAL_RSA\s0
-usage) while the explicit setting of the key is only useful for key size of
-512 bits to satisfy the export restricted ciphers and does give away key length
-if a longer key would be allowed.
+An application may either directly specify the key or can supply the key via a
+callback function. The callback approach has the advantage, that the callback
+may generate the key only in case it is actually needed. As the generation of a
+\&\s-1RSA\s0 key is however costly, it will lead to a significant delay in the handshake
+procedure. Another advantage of the callback function is that it can supply
+keys of different size while the explicit setting of the key is only useful for
+key size of 512 bits to satisfy the export restricted ciphers and does give
+away key length if a longer key would be allowed.
.PP
The \fBtmp_rsa_callback\fR is called with the \fBkeylength\fR needed and
the \fBis_export\fR information. The \fBis_export\fR flag is set, when the
diff --git a/secure/lib/libssl/man/SSL_CTX_set_verify.3 b/secure/lib/libssl/man/SSL_CTX_set_verify.3
index fb27dd0..3c4c2ec 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_verify.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_verify.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_verify 3"
-.TH SSL_CTX_set_verify 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_set_verify 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -197,14 +206,14 @@ anonymous cipher is used, \s-1SSL_VERIFY_PEER\s0 is ignored.
.IX Item "SSL_VERIFY_FAIL_IF_NO_PEER_CERT"
\&\fBServer mode:\fR if the client did not return a certificate, the \s-1TLS/SSL\s0
handshake is immediately terminated with a \*(L"handshake failure\*(R" alert.
-This flag must be used together with \s-1SSL_VERIFY_PEER\s0.
+This flag must be used together with \s-1SSL_VERIFY_PEER.\s0
.Sp
\&\fBClient mode:\fR ignored
.IP "\s-1SSL_VERIFY_CLIENT_ONCE\s0" 4
.IX Item "SSL_VERIFY_CLIENT_ONCE"
\&\fBServer mode:\fR only request a client certificate on the initial \s-1TLS/SSL\s0
handshake. Do not ask for a client certificate again in case of a
-renegotiation. This flag must be used together with \s-1SSL_VERIFY_PEER\s0.
+renegotiation. This flag must be used together with \s-1SSL_VERIFY_PEER.\s0
.Sp
\&\fBClient mode:\fR ignored
.PP
diff --git a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 b/secure/lib/libssl/man/SSL_CTX_use_certificate.3
index 81b7957..f17e032 100644
--- a/secure/lib/libssl/man/SSL_CTX_use_certificate.3
+++ b/secure/lib/libssl/man/SSL_CTX_use_certificate.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_use_certificate 3"
-.TH SSL_CTX_use_certificate 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_use_certificate 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -189,7 +198,7 @@ the memory location \fBd\fR (with length \fBlen\fR) into \fBctx\fR,
.PP
\&\fISSL_CTX_use_certificate_file()\fR loads the first certificate stored in \fBfile\fR
into \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified
-from the known types \s-1SSL_FILETYPE_PEM\s0, \s-1SSL_FILETYPE_ASN1\s0.
+from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0
\&\fISSL_use_certificate_file()\fR loads the certificate from \fBfile\fR into \fBssl\fR.
See the \s-1NOTES\s0 section on why \fISSL_CTX_use_certificate_chain_file()\fR
should be preferred.
@@ -198,7 +207,7 @@ should be preferred.
\&\fBfile\fR into \fBctx\fR. The certificates must be in \s-1PEM\s0 format and must
be sorted starting with the subject's certificate (actual client or server
certificate), followed by intermediate \s-1CA\s0 certificates if applicable, and
-ending at the highest level (root) \s-1CA\s0.
+ending at the highest level (root) \s-1CA.\s0
There is no corresponding function working on a single \s-1SSL\s0 object.
.PP
\&\fISSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR.
@@ -220,7 +229,7 @@ key to \fBssl\fR.
.PP
\&\fISSL_CTX_use_PrivateKey_file()\fR adds the first private key found in
\&\fBfile\fR to \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified
-from the known types \s-1SSL_FILETYPE_PEM\s0, \s-1SSL_FILETYPE_ASN1\s0.
+from the known types \s-1SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.\s0
\&\fISSL_CTX_use_RSAPrivateKey_file()\fR adds the first private \s-1RSA\s0 key found in
\&\fBfile\fR to \fBctx\fR. \fISSL_use_PrivateKey_file()\fR adds the first private key found
in \fBfile\fR to \fBssl\fR; \fISSL_use_RSAPrivateKey_file()\fR adds the first private
@@ -237,11 +246,11 @@ this \fBssl\fR, the last item added into \fBctx\fR will be checked.
.IX Header "NOTES"
The internal certificate store of OpenSSL can hold two private key/certificate
pairs at a time: one key/certificate of type \s-1RSA\s0 and one key/certificate
-of type \s-1DSA\s0. The certificate used depends on the cipher select, see
+of type \s-1DSA.\s0 The certificate used depends on the cipher select, see
also \fISSL_CTX_set_cipher_list\fR\|(3).
.PP
When reading certificates and private keys from file, files of type
-\&\s-1SSL_FILETYPE_ASN1\s0 (also known as \fB\s-1DER\s0\fR, binary encoding) can only contain
+\&\s-1SSL_FILETYPE_ASN1 \s0(also known as \fB\s-1DER\s0\fR, binary encoding) can only contain
one certificate or private key, consequently
\&\fISSL_CTX_use_certificate_chain_file()\fR is only applicable to \s-1PEM\s0 formatting.
Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item.
diff --git a/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 b/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
index a7957fc..3773141 100644
--- a/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
+++ b/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_use_psk_identity_hint 3"
-.TH SSL_CTX_use_psk_identity_hint 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_use_psk_identity_hint 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_SESSION_free.3 b/secure/lib/libssl/man/SSL_SESSION_free.3
index ee8de88..a464e2c 100644
--- a/secure/lib/libssl/man/SSL_SESSION_free.3
+++ b/secure/lib/libssl/man/SSL_SESSION_free.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_SESSION_free 3"
-.TH SSL_SESSION_free 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_SESSION_free 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
index 59b2959..17fb9c8 100644
--- a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
+++ b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_SESSION_get_ex_new_index 3"
-.TH SSL_SESSION_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_SESSION_get_ex_new_index 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_SESSION_get_time.3 b/secure/lib/libssl/man/SSL_SESSION_get_time.3
index 6e428a0..346ad50 100644
--- a/secure/lib/libssl/man/SSL_SESSION_get_time.3
+++ b/secure/lib/libssl/man/SSL_SESSION_get_time.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_SESSION_get_time 3"
-.TH SSL_SESSION_get_time 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_SESSION_get_time 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_accept.3 b/secure/lib/libssl/man/SSL_accept.3
index ea8b4de..03e8136 100644
--- a/secure/lib/libssl/man/SSL_accept.3
+++ b/secure/lib/libssl/man/SSL_accept.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_accept 3"
-.TH SSL_accept 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_accept 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -145,11 +154,11 @@ The communication channel must already have been set and assigned to the
\&\fBssl\fR by setting an underlying \fB\s-1BIO\s0\fR.
.SH "NOTES"
.IX Header "NOTES"
-The behaviour of \fISSL_accept()\fR depends on the underlying \s-1BIO\s0.
+The behaviour of \fISSL_accept()\fR depends on the underlying \s-1BIO. \s0
.PP
If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_accept()\fR will only return once the
-handshake has been finished or an error occurred, except for \s-1SGC\s0 (Server
-Gated Cryptography). For \s-1SGC\s0, \fISSL_accept()\fR may return with \-1, but
+handshake has been finished or an error occurred, except for \s-1SGC \s0(Server
+Gated Cryptography). For \s-1SGC,\s0 \fISSL_accept()\fR may return with \-1, but
\&\fISSL_get_error()\fR will yield \fB\s-1SSL_ERROR_WANT_READ/WRITE\s0\fR and \fISSL_accept()\fR
should be called again.
.PP
@@ -160,9 +169,9 @@ In this case a call to \fISSL_get_error()\fR with the
return value of \fISSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after
taking appropriate action to satisfy the needs of \fISSL_accept()\fR.
-The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket,
+The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket,
nothing is to be done, but \fIselect()\fR can be used to check for the required
-condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written
+condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written
into or retrieved out of the \s-1BIO\s0 before being able to continue.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
diff --git a/secure/lib/libssl/man/SSL_alert_type_string.3 b/secure/lib/libssl/man/SSL_alert_type_string.3
index b7fb723..7188518 100644
--- a/secure/lib/libssl/man/SSL_alert_type_string.3
+++ b/secure/lib/libssl/man/SSL_alert_type_string.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_alert_type_string 3"
-.TH SSL_alert_type_string 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_alert_type_string 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -171,7 +180,7 @@ receiving side may cancel the connection on reception of a warning
alert on it discretion.
.PP
Several alert messages must be sent as fatal alert messages as specified
-by the \s-1TLS\s0 \s-1RFC\s0. A fatal alert always leads to a connection abort.
+by the \s-1TLS RFC. A\s0 fatal alert always leads to a connection abort.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
The following strings can occur for \fISSL_alert_type_string()\fR or
@@ -192,139 +201,139 @@ Probably \fBvalue\fR does not contain a correct alert message.
.PP
The following strings can occur for \fISSL_alert_desc_string()\fR or
\&\fISSL_alert_desc_string_long()\fR:
-.ie n .IP """\s-1CN\s0""/""close notify""" 4
-.el .IP "``\s-1CN\s0''/``close notify''" 4
+.ie n .IP """\s-1CN""/\s0""close notify""" 4
+.el .IP "``\s-1CN''/\s0``close notify''" 4
.IX Item "CN/close notify"
The connection shall be closed. This is a warning alert.
-.ie n .IP """\s-1UM\s0""/""unexpected message""" 4
-.el .IP "``\s-1UM\s0''/``unexpected message''" 4
+.ie n .IP """\s-1UM""/\s0""unexpected message""" 4
+.el .IP "``\s-1UM''/\s0``unexpected message''" 4
.IX Item "UM/unexpected message"
An inappropriate message was received. This alert is always fatal
and should never be observed in communication between proper
implementations.
-.ie n .IP """\s-1BM\s0""/""bad record mac""" 4
-.el .IP "``\s-1BM\s0''/``bad record mac''" 4
+.ie n .IP """\s-1BM""/\s0""bad record mac""" 4
+.el .IP "``\s-1BM''/\s0``bad record mac''" 4
.IX Item "BM/bad record mac"
This alert is returned if a record is received with an incorrect
-\&\s-1MAC\s0. This message is always fatal.
-.ie n .IP """\s-1DF\s0""/""decompression failure""" 4
-.el .IP "``\s-1DF\s0''/``decompression failure''" 4
+\&\s-1MAC.\s0 This message is always fatal.
+.ie n .IP """\s-1DF""/\s0""decompression failure""" 4
+.el .IP "``\s-1DF''/\s0``decompression failure''" 4
.IX Item "DF/decompression failure"
The decompression function received improper input (e.g. data
that would expand to excessive length). This message is always
fatal.
-.ie n .IP """\s-1HF\s0""/""handshake failure""" 4
-.el .IP "``\s-1HF\s0''/``handshake failure''" 4
+.ie n .IP """\s-1HF""/\s0""handshake failure""" 4
+.el .IP "``\s-1HF''/\s0``handshake failure''" 4
.IX Item "HF/handshake failure"
Reception of a handshake_failure alert message indicates that the
sender was unable to negotiate an acceptable set of security
parameters given the options available. This is a fatal error.
-.ie n .IP """\s-1NC\s0""/""no certificate""" 4
-.el .IP "``\s-1NC\s0''/``no certificate''" 4
+.ie n .IP """\s-1NC""/\s0""no certificate""" 4
+.el .IP "``\s-1NC''/\s0``no certificate''" 4
.IX Item "NC/no certificate"
A client, that was asked to send a certificate, does not send a certificate
(SSLv3 only).
-.ie n .IP """\s-1BC\s0""/""bad certificate""" 4
-.el .IP "``\s-1BC\s0''/``bad certificate''" 4
+.ie n .IP """\s-1BC""/\s0""bad certificate""" 4
+.el .IP "``\s-1BC''/\s0``bad certificate''" 4
.IX Item "BC/bad certificate"
A certificate was corrupt, contained signatures that did not
verify correctly, etc
-.ie n .IP """\s-1UC\s0""/""unsupported certificate""" 4
-.el .IP "``\s-1UC\s0''/``unsupported certificate''" 4
+.ie n .IP """\s-1UC""/\s0""unsupported certificate""" 4
+.el .IP "``\s-1UC''/\s0``unsupported certificate''" 4
.IX Item "UC/unsupported certificate"
A certificate was of an unsupported type.
-.ie n .IP """\s-1CR\s0""/""certificate revoked""" 4
-.el .IP "``\s-1CR\s0''/``certificate revoked''" 4
+.ie n .IP """\s-1CR""/\s0""certificate revoked""" 4
+.el .IP "``\s-1CR''/\s0``certificate revoked''" 4
.IX Item "CR/certificate revoked"
A certificate was revoked by its signer.
-.ie n .IP """\s-1CE\s0""/""certificate expired""" 4
-.el .IP "``\s-1CE\s0''/``certificate expired''" 4
+.ie n .IP """\s-1CE""/\s0""certificate expired""" 4
+.el .IP "``\s-1CE''/\s0``certificate expired''" 4
.IX Item "CE/certificate expired"
A certificate has expired or is not currently valid.
-.ie n .IP """\s-1CU\s0""/""certificate unknown""" 4
-.el .IP "``\s-1CU\s0''/``certificate unknown''" 4
+.ie n .IP """\s-1CU""/\s0""certificate unknown""" 4
+.el .IP "``\s-1CU''/\s0``certificate unknown''" 4
.IX Item "CU/certificate unknown"
Some other (unspecified) issue arose in processing the
certificate, rendering it unacceptable.
-.ie n .IP """\s-1IP\s0""/""illegal parameter""" 4
-.el .IP "``\s-1IP\s0''/``illegal parameter''" 4
+.ie n .IP """\s-1IP""/\s0""illegal parameter""" 4
+.el .IP "``\s-1IP''/\s0``illegal parameter''" 4
.IX Item "IP/illegal parameter"
A field in the handshake was out of range or inconsistent with
other fields. This is always fatal.
-.ie n .IP """\s-1DC\s0""/""decryption failed""" 4
-.el .IP "``\s-1DC\s0''/``decryption failed''" 4
+.ie n .IP """\s-1DC""/\s0""decryption failed""" 4
+.el .IP "``\s-1DC''/\s0``decryption failed''" 4
.IX Item "DC/decryption failed"
A TLSCiphertext decrypted in an invalid way: either it wasn't an
even multiple of the block length or its padding values, when
checked, weren't correct. This message is always fatal.
-.ie n .IP """\s-1RO\s0""/""record overflow""" 4
-.el .IP "``\s-1RO\s0''/``record overflow''" 4
+.ie n .IP """\s-1RO""/\s0""record overflow""" 4
+.el .IP "``\s-1RO''/\s0``record overflow''" 4
.IX Item "RO/record overflow"
A TLSCiphertext record was received which had a length more than
2^14+2048 bytes, or a record decrypted to a TLSCompressed record
with more than 2^14+1024 bytes. This message is always fatal.
-.ie n .IP """\s-1CA\s0""/""unknown \s-1CA\s0""" 4
-.el .IP "``\s-1CA\s0''/``unknown \s-1CA\s0''" 4
+.ie n .IP """\s-1CA""/\s0""unknown \s-1CA""\s0" 4
+.el .IP "``\s-1CA''/\s0``unknown \s-1CA''\s0" 4
.IX Item "CA/unknown CA"
A valid certificate chain or partial chain was received, but the
certificate was not accepted because the \s-1CA\s0 certificate could not
-be located or couldn't be matched with a known, trusted \s-1CA\s0. This
+be located or couldn't be matched with a known, trusted \s-1CA. \s0 This
message is always fatal.
-.ie n .IP """\s-1AD\s0""/""access denied""" 4
-.el .IP "``\s-1AD\s0''/``access denied''" 4
+.ie n .IP """\s-1AD""/\s0""access denied""" 4
+.el .IP "``\s-1AD''/\s0``access denied''" 4
.IX Item "AD/access denied"
A valid certificate was received, but when access control was
applied, the sender decided not to proceed with negotiation.
This message is always fatal.
-.ie n .IP """\s-1DE\s0""/""decode error""" 4
-.el .IP "``\s-1DE\s0''/``decode error''" 4
+.ie n .IP """\s-1DE""/\s0""decode error""" 4
+.el .IP "``\s-1DE''/\s0``decode error''" 4
.IX Item "DE/decode error"
A message could not be decoded because some field was out of the
specified range or the length of the message was incorrect. This
message is always fatal.
-.ie n .IP """\s-1CY\s0""/""decrypt error""" 4
-.el .IP "``\s-1CY\s0''/``decrypt error''" 4
+.ie n .IP """\s-1CY""/\s0""decrypt error""" 4
+.el .IP "``\s-1CY''/\s0``decrypt error''" 4
.IX Item "CY/decrypt error"
A handshake cryptographic operation failed, including being
unable to correctly verify a signature, decrypt a key exchange,
or validate a finished message.
-.ie n .IP """\s-1ER\s0""/""export restriction""" 4
-.el .IP "``\s-1ER\s0''/``export restriction''" 4
+.ie n .IP """\s-1ER""/\s0""export restriction""" 4
+.el .IP "``\s-1ER''/\s0``export restriction''" 4
.IX Item "ER/export restriction"
A negotiation not in compliance with export restrictions was
detected; for example, attempting to transfer a 1024 bit
ephemeral \s-1RSA\s0 key for the \s-1RSA_EXPORT\s0 handshake method. This
message is always fatal.
-.ie n .IP """\s-1PV\s0""/""protocol version""" 4
-.el .IP "``\s-1PV\s0''/``protocol version''" 4
+.ie n .IP """\s-1PV""/\s0""protocol version""" 4
+.el .IP "``\s-1PV''/\s0``protocol version''" 4
.IX Item "PV/protocol version"
The protocol version the client has attempted to negotiate is
recognized, but not supported. (For example, old protocol
versions might be avoided for security reasons). This message is
always fatal.
-.ie n .IP """\s-1IS\s0""/""insufficient security""" 4
-.el .IP "``\s-1IS\s0''/``insufficient security''" 4
+.ie n .IP """\s-1IS""/\s0""insufficient security""" 4
+.el .IP "``\s-1IS''/\s0``insufficient security''" 4
.IX Item "IS/insufficient security"
Returned instead of handshake_failure when a negotiation has
failed specifically because the server requires ciphers more
secure than those supported by the client. This message is always
fatal.
-.ie n .IP """\s-1IE\s0""/""internal error""" 4
-.el .IP "``\s-1IE\s0''/``internal error''" 4
+.ie n .IP """\s-1IE""/\s0""internal error""" 4
+.el .IP "``\s-1IE''/\s0``internal error''" 4
.IX Item "IE/internal error"
An internal error unrelated to the peer or the correctness of the
protocol makes it impossible to continue (such as a memory
allocation failure). This message is always fatal.
-.ie n .IP """\s-1US\s0""/""user canceled""" 4
-.el .IP "``\s-1US\s0''/``user canceled''" 4
+.ie n .IP """\s-1US""/\s0""user canceled""" 4
+.el .IP "``\s-1US''/\s0``user canceled''" 4
.IX Item "US/user canceled"
This handshake is being canceled for some reason unrelated to a
protocol failure. If the user cancels an operation after the
handshake is complete, just closing the connection by sending a
close_notify is more appropriate. This alert should be followed
by a close_notify. This message is generally a warning.
-.ie n .IP """\s-1NR\s0""/""no renegotiation""" 4
-.el .IP "``\s-1NR\s0''/``no renegotiation''" 4
+.ie n .IP """\s-1NR""/\s0""no renegotiation""" 4
+.el .IP "``\s-1NR''/\s0``no renegotiation''" 4
.IX Item "NR/no renegotiation"
Sent by the client in response to a hello request or by the
server in response to a client hello after initial handshaking.
@@ -337,13 +346,13 @@ satisfy a request; the process might receive security parameters
(key length, authentication, etc.) at startup and it might be
difficult to communicate changes to these parameters after that
point. This message is always a warning.
-.ie n .IP """\s-1UP\s0""/""unknown \s-1PSK\s0 identity""" 4
-.el .IP "``\s-1UP\s0''/``unknown \s-1PSK\s0 identity''" 4
+.ie n .IP """\s-1UP""/\s0""unknown \s-1PSK\s0 identity""" 4
+.el .IP "``\s-1UP''/\s0``unknown \s-1PSK\s0 identity''" 4
.IX Item "UP/unknown PSK identity"
Sent by the server to indicate that it does not recognize a \s-1PSK\s0
identity or an \s-1SRP\s0 identity.
-.ie n .IP """\s-1UK\s0""/""unknown""" 4
-.el .IP "``\s-1UK\s0''/``unknown''" 4
+.ie n .IP """\s-1UK""/\s0""unknown""" 4
+.el .IP "``\s-1UK''/\s0``unknown''" 4
.IX Item "UK/unknown"
This indicates that no description is available for this alert type.
Probably \fBvalue\fR does not contain a correct alert message.
diff --git a/secure/lib/libssl/man/SSL_clear.3 b/secure/lib/libssl/man/SSL_clear.3
index 39e78b1..cc3a182 100644
--- a/secure/lib/libssl/man/SSL_clear.3
+++ b/secure/lib/libssl/man/SSL_clear.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_clear 3"
-.TH SSL_clear 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_clear 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +156,7 @@ BIOs) are kept.
SSL_clear is used to prepare an \s-1SSL\s0 object for a new connection. While all
settings are kept, a side effect is the handling of the current \s-1SSL\s0 session.
If a session is still \fBopen\fR, it is considered bad and will be removed
-from the session cache, as required by \s-1RFC2246\s0. A session is considered open,
+from the session cache, as required by \s-1RFC2246. A\s0 session is considered open,
if \fISSL_shutdown\fR\|(3) was not called for the connection
or at least \fISSL_set_shutdown\fR\|(3) was used to
set the \s-1SSL_SENT_SHUTDOWN\s0 state.
diff --git a/secure/lib/libssl/man/SSL_connect.3 b/secure/lib/libssl/man/SSL_connect.3
index 2eb35d7..27fd026 100644
--- a/secure/lib/libssl/man/SSL_connect.3
+++ b/secure/lib/libssl/man/SSL_connect.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_connect 3"
-.TH SSL_connect 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_connect 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -145,7 +154,7 @@ channel must already have been set and assigned to the \fBssl\fR by setting an
underlying \fB\s-1BIO\s0\fR.
.SH "NOTES"
.IX Header "NOTES"
-The behaviour of \fISSL_connect()\fR depends on the underlying \s-1BIO\s0.
+The behaviour of \fISSL_connect()\fR depends on the underlying \s-1BIO. \s0
.PP
If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_connect()\fR will only return once the
handshake has been finished or an error occurred.
@@ -157,9 +166,9 @@ In this case a call to \fISSL_get_error()\fR with the
return value of \fISSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after
taking appropriate action to satisfy the needs of \fISSL_connect()\fR.
-The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket,
+The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket,
nothing is to be done, but \fIselect()\fR can be used to check for the required
-condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written
+condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written
into or retrieved out of the \s-1BIO\s0 before being able to continue.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
diff --git a/secure/lib/libssl/man/SSL_do_handshake.3 b/secure/lib/libssl/man/SSL_do_handshake.3
index a2c12f2..0165bcf 100644
--- a/secure/lib/libssl/man/SSL_do_handshake.3
+++ b/secure/lib/libssl/man/SSL_do_handshake.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_do_handshake 3"
-.TH SSL_do_handshake 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_do_handshake 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,11 +156,11 @@ routines may have to be explicitly set in advance using either
\&\fISSL_set_accept_state\fR\|(3).
.SH "NOTES"
.IX Header "NOTES"
-The behaviour of \fISSL_do_handshake()\fR depends on the underlying \s-1BIO\s0.
+The behaviour of \fISSL_do_handshake()\fR depends on the underlying \s-1BIO.\s0
.PP
If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_do_handshake()\fR will only return
-once the handshake has been finished or an error occurred, except for \s-1SGC\s0
-(Server Gated Cryptography). For \s-1SGC\s0, \fISSL_do_handshake()\fR may return with \-1,
+once the handshake has been finished or an error occurred, except for \s-1SGC
+\&\s0(Server Gated Cryptography). For \s-1SGC,\s0 \fISSL_do_handshake()\fR may return with \-1,
but \fISSL_get_error()\fR will yield \fB\s-1SSL_ERROR_WANT_READ/WRITE\s0\fR and
\&\fISSL_do_handshake()\fR should be called again.
.PP
@@ -161,9 +170,9 @@ to continue the handshake. In this case a call to \fISSL_get_error()\fR with the
return value of \fISSL_do_handshake()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after
taking appropriate action to satisfy the needs of \fISSL_do_handshake()\fR.
-The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket,
+The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket,
nothing is to be done, but \fIselect()\fR can be used to check for the required
-condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written
+condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written
into or retrieved out of the \s-1BIO\s0 before being able to continue.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
diff --git a/secure/lib/libssl/man/SSL_free.3 b/secure/lib/libssl/man/SSL_free.3
index 105b257..d2a2f39 100644
--- a/secure/lib/libssl/man/SSL_free.3
+++ b/secure/lib/libssl/man/SSL_free.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_free 3"
-.TH SSL_free 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_free 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -146,7 +155,7 @@ reference count has reached 0.
.SH "NOTES"
.IX Header "NOTES"
\&\fISSL_free()\fR also calls the \fIfree()\fRing procedures for indirectly affected items, if
-applicable: the buffering \s-1BIO\s0, the read and write BIOs,
+applicable: the buffering \s-1BIO,\s0 the read and write BIOs,
cipher lists specially created for this \fBssl\fR, the \fB\s-1SSL_SESSION\s0\fR.
Do not explicitly free these indirectly freed up items before or after
calling \fISSL_free()\fR, as trying to free things twice may lead to program
@@ -158,7 +167,7 @@ session cache. If the session is considered bad, because
\&\fISSL_shutdown\fR\|(3) was not called for the connection
and \fISSL_set_shutdown\fR\|(3) was not used to set the
\&\s-1SSL_SENT_SHUTDOWN\s0 state, the session will also be removed
-from the session cache as required by \s-1RFC2246\s0.
+from the session cache as required by \s-1RFC2246.\s0
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fISSL_free()\fR does not provide diagnostic information.
diff --git a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 b/secure/lib/libssl/man/SSL_get_SSL_CTX.3
index 4391501..d25a532 100644
--- a/secure/lib/libssl/man/SSL_get_SSL_CTX.3
+++ b/secure/lib/libssl/man/SSL_get_SSL_CTX.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_SSL_CTX 3"
-.TH SSL_get_SSL_CTX 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_get_SSL_CTX 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_ciphers.3 b/secure/lib/libssl/man/SSL_get_ciphers.3
index 444c467..d377a1e 100644
--- a/secure/lib/libssl/man/SSL_get_ciphers.3
+++ b/secure/lib/libssl/man/SSL_get_ciphers.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_ciphers 3"
-.TH SSL_get_ciphers 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_get_ciphers 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -146,7 +155,7 @@ sorted by preference. If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \
is returned.
.PP
\&\fISSL_get_cipher_list()\fR returns a pointer to the name of the \s-1SSL_CIPHER\s0
-listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL\s0, no ciphers are
+listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL,\s0 no ciphers are
available, or there are less ciphers than \fBpriority\fR available, \s-1NULL\s0
is returned.
.SH "NOTES"
diff --git a/secure/lib/libssl/man/SSL_get_client_CA_list.3 b/secure/lib/libssl/man/SSL_get_client_CA_list.3
index 7b3d5bd..f022bb9 100644
--- a/secure/lib/libssl/man/SSL_get_client_CA_list.3
+++ b/secure/lib/libssl/man/SSL_get_client_CA_list.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_client_CA_list 3"
-.TH SSL_get_client_CA_list 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_get_client_CA_list 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_current_cipher.3 b/secure/lib/libssl/man/SSL_get_current_cipher.3
index a47b281..e31838e 100644
--- a/secure/lib/libssl/man/SSL_get_current_cipher.3
+++ b/secure/lib/libssl/man/SSL_get_current_cipher.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_current_cipher 3"
-.TH SSL_get_current_cipher 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_get_current_cipher 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -160,7 +169,7 @@ macro to obtain the number of secret/algorithm bits used and
See \fISSL_CIPHER_get_name\fR\|(3) for more details.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fISSL_get_current_cipher()\fR returns the cipher actually used or \s-1NULL\s0, when
+\&\fISSL_get_current_cipher()\fR returns the cipher actually used or \s-1NULL,\s0 when
no session has been established.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
diff --git a/secure/lib/libssl/man/SSL_get_default_timeout.3 b/secure/lib/libssl/man/SSL_get_default_timeout.3
index 4d208cd..2f132f9 100644
--- a/secure/lib/libssl/man/SSL_get_default_timeout.3
+++ b/secure/lib/libssl/man/SSL_get_default_timeout.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_default_timeout 3"
-.TH SSL_get_default_timeout 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_get_default_timeout 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_error.3 b/secure/lib/libssl/man/SSL_get_error.3
index f9269c2..cb196d0 100644
--- a/secure/lib/libssl/man/SSL_get_error.3
+++ b/secure/lib/libssl/man/SSL_get_error.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_error 3"
-.TH SSL_get_error 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_get_error 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -143,33 +152,33 @@ SSL_get_error \- obtain result code for TLS/SSL I/O operation
\&\fISSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R"
statement) for a preceding call to \fISSL_connect()\fR, \fISSL_accept()\fR, \fISSL_do_handshake()\fR,
\&\fISSL_read()\fR, \fISSL_peek()\fR, or \fISSL_write()\fR on \fBssl\fR. The value returned by
-that \s-1TLS/SSL\s0 I/O function must be passed to \fISSL_get_error()\fR in parameter
+that \s-1TLS/SSL I/O\s0 function must be passed to \fISSL_get_error()\fR in parameter
\&\fBret\fR.
.PP
In addition to \fBssl\fR and \fBret\fR, \fISSL_get_error()\fR inspects the
current thread's OpenSSL error queue. Thus, \fISSL_get_error()\fR must be
-used in the same thread that performed the \s-1TLS/SSL\s0 I/O operation, and no
+used in the same thread that performed the \s-1TLS/SSL I/O\s0 operation, and no
other OpenSSL function calls should appear in between. The current
-thread's error queue must be empty before the \s-1TLS/SSL\s0 I/O operation is
+thread's error queue must be empty before the \s-1TLS/SSL I/O\s0 operation is
attempted, or \fISSL_get_error()\fR will not work reliably.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
The following return values can currently occur:
.IP "\s-1SSL_ERROR_NONE\s0" 4
.IX Item "SSL_ERROR_NONE"
-The \s-1TLS/SSL\s0 I/O operation completed. This result code is returned
+The \s-1TLS/SSL I/O\s0 operation completed. This result code is returned
if and only if \fBret > 0\fR.
.IP "\s-1SSL_ERROR_ZERO_RETURN\s0" 4
.IX Item "SSL_ERROR_ZERO_RETURN"
-The \s-1TLS/SSL\s0 connection has been closed. If the protocol version is \s-1SSL\s0 3.0
-or \s-1TLS\s0 1.0, this result code is returned only if a closure
+The \s-1TLS/SSL\s0 connection has been closed. If the protocol version is \s-1SSL 3.0\s0
+or \s-1TLS 1.0,\s0 this result code is returned only if a closure
alert has occurred in the protocol, i.e. if the connection has been
closed cleanly. Note that in this case \fB\s-1SSL_ERROR_ZERO_RETURN\s0\fR
does not necessarily indicate that the underlying transport
has been closed.
-.IP "\s-1SSL_ERROR_WANT_READ\s0, \s-1SSL_ERROR_WANT_WRITE\s0" 4
+.IP "\s-1SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE\s0" 4
.IX Item "SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE"
-The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be
+The operation did not complete; the same \s-1TLS/SSL I/O\s0 function should be
called again later. If, by then, the underlying \fB\s-1BIO\s0\fR has data
available for reading (if the result code is \fB\s-1SSL_ERROR_WANT_READ\s0\fR)
or allows writing data (\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR), then some \s-1TLS/SSL\s0
@@ -182,21 +191,21 @@ protocol level.
.Sp
For socket \fB\s-1BIO\s0\fRs (e.g. when \fISSL_set_fd()\fR was used), \fIselect()\fR or
\&\fIpoll()\fR on the underlying socket can be used to find out when the
-\&\s-1TLS/SSL\s0 I/O function should be retried.
+\&\s-1TLS/SSL I/O\s0 function should be retried.
.Sp
-Caveat: Any \s-1TLS/SSL\s0 I/O function can lead to either of
+Caveat: Any \s-1TLS/SSL I/O\s0 function can lead to either of
\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR and \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. In particular,
\&\fISSL_read()\fR or \fISSL_peek()\fR may want to write data and \fISSL_write()\fR may want
to read data. This is mainly because \s-1TLS/SSL\s0 handshakes may occur at any
time during the protocol (initiated by either the client or the server);
\&\fISSL_read()\fR, \fISSL_peek()\fR, and \fISSL_write()\fR will handle any pending handshakes.
-.IP "\s-1SSL_ERROR_WANT_CONNECT\s0, \s-1SSL_ERROR_WANT_ACCEPT\s0" 4
+.IP "\s-1SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT\s0" 4
.IX Item "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT"
-The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be
+The operation did not complete; the same \s-1TLS/SSL I/O\s0 function should be
called again later. The underlying \s-1BIO\s0 was not connected yet to the peer
and the call would block in \fIconnect()\fR/\fIaccept()\fR. The \s-1SSL\s0 function should be
called again when the connection is established. These messages can only
-appear with a \fIBIO_s_connect()\fR or \fIBIO_s_accept()\fR \s-1BIO\s0, respectively.
+appear with a \fIBIO_s_connect()\fR or \fIBIO_s_accept()\fR \s-1BIO,\s0 respectively.
In order to find out, when the connection has been successfully established,
on many platforms \fIselect()\fR or \fIpoll()\fR for writing on the socket file descriptor
can be used.
@@ -204,7 +213,7 @@ can be used.
.IX Item "SSL_ERROR_WANT_X509_LOOKUP"
The operation did not complete because an application callback set by
\&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again.
-The \s-1TLS/SSL\s0 I/O function should be called again later.
+The \s-1TLS/SSL I/O\s0 function should be called again later.
Details depend on the application.
.IP "\s-1SSL_ERROR_SYSCALL\s0" 4
.IX Item "SSL_ERROR_SYSCALL"
diff --git a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
index 11cf6f4..0f64c62 100644
--- a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
+++ b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3"
-.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_get_ex_new_index.3
index 6d5abc5..97819c9 100644
--- a/secure/lib/libssl/man/SSL_get_ex_new_index.3
+++ b/secure/lib/libssl/man/SSL_get_ex_new_index.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_ex_new_index 3"
-.TH SSL_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_get_ex_new_index 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_fd.3 b/secure/lib/libssl/man/SSL_get_fd.3
index d741620..6060aa5 100644
--- a/secure/lib/libssl/man/SSL_get_fd.3
+++ b/secure/lib/libssl/man/SSL_get_fd.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_fd 3"
-.TH SSL_get_fd 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_get_fd 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
index 0d120ad..02eee0a 100644
--- a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
+++ b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_peer_cert_chain 3"
-.TH SSL_get_peer_cert_chain 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_get_peer_cert_chain 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_peer_certificate.3 b/secure/lib/libssl/man/SSL_get_peer_certificate.3
index ccadf3b..b3797b1 100644
--- a/secure/lib/libssl/man/SSL_get_peer_certificate.3
+++ b/secure/lib/libssl/man/SSL_get_peer_certificate.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_peer_certificate 3"
-.TH SSL_get_peer_certificate 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_get_peer_certificate 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_psk_identity.3 b/secure/lib/libssl/man/SSL_get_psk_identity.3
index 78589c0..b3551b1 100644
--- a/secure/lib/libssl/man/SSL_get_psk_identity.3
+++ b/secure/lib/libssl/man/SSL_get_psk_identity.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_psk_identity 3"
-.TH SSL_get_psk_identity 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_get_psk_identity 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_rbio.3 b/secure/lib/libssl/man/SSL_get_rbio.3
index 5ccf029..9c4c559 100644
--- a/secure/lib/libssl/man/SSL_get_rbio.3
+++ b/secure/lib/libssl/man/SSL_get_rbio.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_rbio 3"
-.TH SSL_get_rbio 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_get_rbio 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_session.3 b/secure/lib/libssl/man/SSL_get_session.3
index 40b1d92..9176e7d 100644
--- a/secure/lib/libssl/man/SSL_get_session.3
+++ b/secure/lib/libssl/man/SSL_get_session.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_session 3"
-.TH SSL_get_session 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_get_session 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_verify_result.3 b/secure/lib/libssl/man/SSL_get_verify_result.3
index 5bc95d7..3cca1c1 100644
--- a/secure/lib/libssl/man/SSL_get_verify_result.3
+++ b/secure/lib/libssl/man/SSL_get_verify_result.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_verify_result 3"
-.TH SSL_get_verify_result 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_get_verify_result 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_version.3 b/secure/lib/libssl/man/SSL_get_version.3
index 4cf77b4..bcb9560 100644
--- a/secure/lib/libssl/man/SSL_get_version.3
+++ b/secure/lib/libssl/man/SSL_get_version.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_version 3"
-.TH SSL_get_version 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_get_version 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_library_init.3 b/secure/lib/libssl/man/SSL_library_init.3
index 462a91c..593d952 100644
--- a/secure/lib/libssl/man/SSL_library_init.3
+++ b/secure/lib/libssl/man/SSL_library_init.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_library_init 3"
-.TH SSL_library_init 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_library_init 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -154,7 +163,7 @@ for \fISSL_library_init()\fR.
.SH "WARNING"
.IX Header "WARNING"
\&\fISSL_library_init()\fR adds ciphers and digests used directly and indirectly by
-\&\s-1SSL/TLS\s0.
+\&\s-1SSL/TLS.\s0
.SH "EXAMPLES"
.IX Header "EXAMPLES"
A typical \s-1TLS/SSL\s0 application will start with the library initialization,
diff --git a/secure/lib/libssl/man/SSL_load_client_CA_file.3 b/secure/lib/libssl/man/SSL_load_client_CA_file.3
index d82d946..a4ffa7d 100644
--- a/secure/lib/libssl/man/SSL_load_client_CA_file.3
+++ b/secure/lib/libssl/man/SSL_load_client_CA_file.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_load_client_CA_file 3"
-.TH SSL_load_client_CA_file 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_load_client_CA_file 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_new.3 b/secure/lib/libssl/man/SSL_new.3
index 4b792c2..bc38b30 100644
--- a/secure/lib/libssl/man/SSL_new.3
+++ b/secure/lib/libssl/man/SSL_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_new 3"
-.TH SSL_new 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_new 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_pending.3 b/secure/lib/libssl/man/SSL_pending.3
index c5eb556..f1ef32b 100644
--- a/secure/lib/libssl/man/SSL_pending.3
+++ b/secure/lib/libssl/man/SSL_pending.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_pending 3"
-.TH SSL_pending 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_pending 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_read.3 b/secure/lib/libssl/man/SSL_read.3
index de00b8e..f12e16f 100644
--- a/secure/lib/libssl/man/SSL_read.3
+++ b/secure/lib/libssl/man/SSL_read.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_read 3"
-.TH SSL_read 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_read 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -149,7 +158,7 @@ not already explicitly performed by \fISSL_connect\fR\|(3) or
\&\fISSL_accept\fR\|(3). If the
peer requests a re-negotiation, it will be performed transparently during
the \fISSL_read()\fR operation. The behaviour of \fISSL_read()\fR depends on the
-underlying \s-1BIO\s0.
+underlying \s-1BIO. \s0
.PP
For the transparent negotiation to succeed, the \fBssl\fR must have been
initialized to client or server mode. This is being done by calling
@@ -186,9 +195,9 @@ return value of \fISSL_read()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a
call to \fISSL_read()\fR can also cause write operations! The calling process
then must repeat the call after taking appropriate action to satisfy the
-needs of \fISSL_read()\fR. The action depends on the underlying \s-1BIO\s0. When using a
+needs of \fISSL_read()\fR. The action depends on the underlying \s-1BIO.\s0 When using a
non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check
-for the required condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data
+for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data
must be written into or retrieved out of the \s-1BIO\s0 before being able to continue.
.PP
\&\fISSL_pending\fR\|(3) can be used to find out whether there
diff --git a/secure/lib/libssl/man/SSL_rstate_string.3 b/secure/lib/libssl/man/SSL_rstate_string.3
index b354468..1930fea 100644
--- a/secure/lib/libssl/man/SSL_rstate_string.3
+++ b/secure/lib/libssl/man/SSL_rstate_string.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_rstate_string 3"
-.TH SSL_rstate_string 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_rstate_string 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,23 +159,23 @@ the \s-1SSL\s0 object \fBssl\fR.
.IX Header "NOTES"
When performing a read operation, the \s-1SSL/TLS\s0 engine must parse the record,
consisting of header and body. When working in a blocking environment,
-SSL_rstate_string[_long]() should always return \*(L"\s-1RD\s0\*(R"/\*(L"read done\*(R".
+SSL_rstate_string[_long]() should always return \*(L"\s-1RD\*(R"/\s0\*(L"read done\*(R".
.PP
This function should only seldom be needed in applications.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fISSL_rstate_string()\fR and \fISSL_rstate_string_long()\fR can return the following
values:
-.ie n .IP """\s-1RH\s0""/""read header""" 4
-.el .IP "``\s-1RH\s0''/``read header''" 4
+.ie n .IP """\s-1RH""/\s0""read header""" 4
+.el .IP "``\s-1RH''/\s0``read header''" 4
.IX Item "RH/read header"
The header of the record is being evaluated.
-.ie n .IP """\s-1RB\s0""/""read body""" 4
-.el .IP "``\s-1RB\s0''/``read body''" 4
+.ie n .IP """\s-1RB""/\s0""read body""" 4
+.el .IP "``\s-1RB''/\s0``read body''" 4
.IX Item "RB/read body"
The body of the record is being evaluated.
-.ie n .IP """\s-1RD\s0""/""read done""" 4
-.el .IP "``\s-1RD\s0''/``read done''" 4
+.ie n .IP """\s-1RD""/\s0""read done""" 4
+.el .IP "``\s-1RD''/\s0``read done''" 4
.IX Item "RD/read done"
The record has been completely processed.
.ie n .IP """unknown""/""unknown""" 4
diff --git a/secure/lib/libssl/man/SSL_session_reused.3 b/secure/lib/libssl/man/SSL_session_reused.3
index 80943dd..2edb9d6 100644
--- a/secure/lib/libssl/man/SSL_session_reused.3
+++ b/secure/lib/libssl/man/SSL_session_reused.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_session_reused 3"
-.TH SSL_session_reused 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_session_reused 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_set_bio.3 b/secure/lib/libssl/man/SSL_set_bio.3
index b0e0ae0..b674d7ca 100644
--- a/secure/lib/libssl/man/SSL_set_bio.3
+++ b/secure/lib/libssl/man/SSL_set_bio.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_bio 3"
-.TH SSL_set_bio 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_set_bio 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -141,7 +150,7 @@ SSL_set_bio \- connect the SSL object with a BIO
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fISSL_set_bio()\fR connects the BIOs \fBrbio\fR and \fBwbio\fR for the read and write
-operations of the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR.
+operations of the \s-1TLS/SSL \s0(encrypted) side of \fBssl\fR.
.PP
The \s-1SSL\s0 engine inherits the behaviour of \fBrbio\fR and \fBwbio\fR, respectively.
If a \s-1BIO\s0 is non-blocking, the \fBssl\fR will also have non-blocking behaviour.
diff --git a/secure/lib/libssl/man/SSL_set_connect_state.3 b/secure/lib/libssl/man/SSL_set_connect_state.3
index 8e13165..b6be354 100644
--- a/secure/lib/libssl/man/SSL_set_connect_state.3
+++ b/secure/lib/libssl/man/SSL_set_connect_state.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_connect_state 3"
-.TH SSL_set_connect_state 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_set_connect_state 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_set_fd.3 b/secure/lib/libssl/man/SSL_set_fd.3
index cb15388..948b5c8 100644
--- a/secure/lib/libssl/man/SSL_set_fd.3
+++ b/secure/lib/libssl/man/SSL_set_fd.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_fd 3"
-.TH SSL_set_fd 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_set_fd 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -143,7 +152,7 @@ SSL_set_fd \- connect the SSL object with a file descriptor
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fISSL_set_fd()\fR sets the file descriptor \fBfd\fR as the input/output facility
-for the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. \fBfd\fR will typically be the
+for the \s-1TLS/SSL \s0(encrypted) side of \fBssl\fR. \fBfd\fR will typically be the
socket file descriptor of a network connection.
.PP
When performing the operation, a \fBsocket \s-1BIO\s0\fR is automatically created to
diff --git a/secure/lib/libssl/man/SSL_set_session.3 b/secure/lib/libssl/man/SSL_set_session.3
index abfc8b7..7caea67 100644
--- a/secure/lib/libssl/man/SSL_set_session.3
+++ b/secure/lib/libssl/man/SSL_set_session.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_session 3"
-.TH SSL_set_session 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_set_session 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_set_shutdown.3 b/secure/lib/libssl/man/SSL_set_shutdown.3
index 6ecbee7..3c971a2 100644
--- a/secure/lib/libssl/man/SSL_set_shutdown.3
+++ b/secure/lib/libssl/man/SSL_set_shutdown.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_shutdown 3"
-.TH SSL_set_shutdown 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_set_shutdown 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -164,9 +173,9 @@ or a fatal error.
The shutdown state of the connection is used to determine the state of
the ssl session. If the session is still open, when
\&\fISSL_clear\fR\|(3) or \fISSL_free\fR\|(3) is called,
-it is considered bad and removed according to \s-1RFC2246\s0.
-The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN\s0
-(according to the \s-1TLS\s0 \s-1RFC\s0, it is acceptable to only send the \*(L"close notify\*(R"
+it is considered bad and removed according to \s-1RFC2246.\s0
+The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN
+\&\s0(according to the \s-1TLS RFC,\s0 it is acceptable to only send the \*(L"close notify\*(R"
alert but to not wait for the peer's answer, when the underlying connection
is closed).
\&\fISSL_set_shutdown()\fR can be used to set this state without sending a
diff --git a/secure/lib/libssl/man/SSL_set_verify_result.3 b/secure/lib/libssl/man/SSL_set_verify_result.3
index 37791ec..67f6eb6 100644
--- a/secure/lib/libssl/man/SSL_set_verify_result.3
+++ b/secure/lib/libssl/man/SSL_set_verify_result.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_verify_result 3"
-.TH SSL_set_verify_result 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_set_verify_result 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_shutdown.3 b/secure/lib/libssl/man/SSL_shutdown.3
index c006793..9f193c7 100644
--- a/secure/lib/libssl/man/SSL_shutdown.3
+++ b/secure/lib/libssl/man/SSL_shutdown.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_shutdown 3"
-.TH SSL_shutdown 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_shutdown 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -176,7 +185,7 @@ complete (return value of the first call is 0). As the shutdown is not
specially handled in the SSLv2 protocol, \fISSL_shutdown()\fR will succeed on
the first call.
.PP
-The behaviour of \fISSL_shutdown()\fR additionally depends on the underlying \s-1BIO\s0.
+The behaviour of \fISSL_shutdown()\fR additionally depends on the underlying \s-1BIO. \s0
.PP
If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_shutdown()\fR will only return once the
handshake step has been finished or an error occurred.
@@ -187,9 +196,9 @@ to continue the handshake. In this case a call to \fISSL_get_error()\fR with the
return value of \fISSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after
taking appropriate action to satisfy the needs of \fISSL_shutdown()\fR.
-The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket,
+The action depends on the underlying \s-1BIO.\s0 When using a non-blocking socket,
nothing is to be done, but \fIselect()\fR can be used to check for the required
-condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written
+condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data must be written
into or retrieved out of the \s-1BIO\s0 before being able to continue.
.PP
\&\fISSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R"
diff --git a/secure/lib/libssl/man/SSL_state_string.3 b/secure/lib/libssl/man/SSL_state_string.3
index a068ab0..3066c61 100644
--- a/secure/lib/libssl/man/SSL_state_string.3
+++ b/secure/lib/libssl/man/SSL_state_string.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_state_string 3"
-.TH SSL_state_string 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_state_string 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_want.3 b/secure/lib/libssl/man/SSL_want.3
index d3df1c6..889c66a 100644
--- a/secure/lib/libssl/man/SSL_want.3
+++ b/secure/lib/libssl/man/SSL_want.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_want 3"
-.TH SSL_want 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_want 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -171,19 +180,19 @@ There is no data to be written or to be read.
There are data in the \s-1SSL\s0 buffer that must be written to the underlying
\&\fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation.
A call to \fISSL_get_error\fR\|(3) should return
-\&\s-1SSL_ERROR_WANT_WRITE\s0.
+\&\s-1SSL_ERROR_WANT_WRITE.\s0
.IP "\s-1SSL_READING\s0" 4
.IX Item "SSL_READING"
More data must be read from the underlying \fB\s-1BIO\s0\fR layer in order to
complete the actual SSL_*() operation.
A call to \fISSL_get_error\fR\|(3) should return
-\&\s-1SSL_ERROR_WANT_READ\s0.
+\&\s-1SSL_ERROR_WANT_READ.\s0
.IP "\s-1SSL_X509_LOOKUP\s0" 4
.IX Item "SSL_X509_LOOKUP"
The operation did not complete because an application callback set by
\&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again.
A call to \fISSL_get_error\fR\|(3) should return
-\&\s-1SSL_ERROR_WANT_X509_LOOKUP\s0.
+\&\s-1SSL_ERROR_WANT_X509_LOOKUP.\s0
.PP
\&\fISSL_want_nothing()\fR, \fISSL_want_read()\fR, \fISSL_want_write()\fR, \fISSL_want_x509_lookup()\fR
return 1, when the corresponding condition is true or 0 otherwise.
diff --git a/secure/lib/libssl/man/SSL_write.3 b/secure/lib/libssl/man/SSL_write.3
index 7532f88..60b43da 100644
--- a/secure/lib/libssl/man/SSL_write.3
+++ b/secure/lib/libssl/man/SSL_write.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_write 3"
-.TH SSL_write 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_write 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -149,7 +158,7 @@ not already explicitly performed by \fISSL_connect\fR\|(3) or
\&\fISSL_accept\fR\|(3). If the
peer requests a re-negotiation, it will be performed transparently during
the \fISSL_write()\fR operation. The behaviour of \fISSL_write()\fR depends on the
-underlying \s-1BIO\s0.
+underlying \s-1BIO. \s0
.PP
For the transparent negotiation to succeed, the \fBssl\fR must have been
initialized to client or server mode. This is being done by calling
@@ -170,9 +179,9 @@ return value of \fISSL_write()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or
\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a
call to \fISSL_write()\fR can also cause read operations! The calling process
then must repeat the call after taking appropriate action to satisfy the
-needs of \fISSL_write()\fR. The action depends on the underlying \s-1BIO\s0. When using a
+needs of \fISSL_write()\fR. The action depends on the underlying \s-1BIO.\s0 When using a
non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check
-for the required condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data
+for the required condition. When using a buffering \s-1BIO,\s0 like a \s-1BIO\s0 pair, data
must be written into or retrieved out of the \s-1BIO\s0 before being able to continue.
.PP
\&\fISSL_write()\fR will only return with success, when the complete contents
diff --git a/secure/lib/libssl/man/d2i_SSL_SESSION.3 b/secure/lib/libssl/man/d2i_SSL_SESSION.3
index 5389b54..94e632c 100644
--- a/secure/lib/libssl/man/d2i_SSL_SESSION.3
+++ b/secure/lib/libssl/man/d2i_SSL_SESSION.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_SSL_SESSION 3"
-.TH d2i_SSL_SESSION 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH d2i_SSL_SESSION 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/ssl.3 b/secure/lib/libssl/man/ssl.3
index 9e2c8e9..f0065b7 100644
--- a/secure/lib/libssl/man/ssl.3
+++ b/secure/lib/libssl/man/ssl.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ssl 3"
-.TH ssl 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ssl 3 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -187,7 +196,7 @@ connection: \fB\s-1SSL_CIPHER\s0\fRs, client and server certificates, keys, etc.
.IP "\fB\s-1SSL\s0\fR (\s-1SSL\s0 Connection)" 4
.IX Item "SSL (SSL Connection)"
That's the main \s-1SSL/TLS\s0 structure which is created by a server or client per
-established connection. This actually is the core structure in the \s-1SSL\s0 \s-1API\s0.
+established connection. This actually is the core structure in the \s-1SSL API.\s0
Under run-time the application usually deals with this structure which has
links to mostly all other structures.
.SH "HEADER FILES"
@@ -196,10 +205,10 @@ Currently the OpenSSL \fBssl\fR library provides the following C header files
containing the prototypes for the data structures and and functions:
.IP "\fBssl.h\fR" 4
.IX Item "ssl.h"
-That's the common header file for the \s-1SSL/TLS\s0 \s-1API\s0. Include it into your
+That's the common header file for the \s-1SSL/TLS API. \s0 Include it into your
program to make the \s-1API\s0 of the \fBssl\fR library available. It internally
includes both more private \s-1SSL\s0 headers and headers from the \fBcrypto\fR library.
-Whenever you need hard-core details on the internals of the \s-1SSL\s0 \s-1API\s0, look
+Whenever you need hard-core details on the internals of the \s-1SSL API,\s0 look
inside this header file.
.IP "\fBssl2.h\fR" 4
.IX Item "ssl2.h"
@@ -226,7 +235,7 @@ it's already included by ssl.h\fR.
.IX Header "API FUNCTIONS"
Currently the OpenSSL \fBssl\fR library exports 214 \s-1API\s0 functions.
They are documented in the following:
-.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1PROTOCOL\s0 \s-1METHODS\s0"
+.SS "\s-1DEALING WITH PROTOCOL METHODS\s0"
.IX Subsection "DEALING WITH PROTOCOL METHODS"
Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0
protocol methods defined in \fB\s-1SSL_METHOD\s0\fR structures.
@@ -257,7 +266,7 @@ Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for a dedicated server.
.IP "const \s-1SSL_METHOD\s0 *\fBTLSv1_method\fR(void);" 4
.IX Item "const SSL_METHOD *TLSv1_method(void);"
Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for combined client and server.
-.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1CIPHERS\s0"
+.SS "\s-1DEALING WITH CIPHERS\s0"
.IX Subsection "DEALING WITH CIPHERS"
Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0
ciphers defined in \fB\s-1SSL_CIPHER\s0\fR structures.
@@ -280,7 +289,7 @@ definitions in the header files.
Returns a string like "\f(CW\*(C`TLSv1/SSLv3\*(C'\fR\*(L" or \*(R"\f(CW\*(C`SSLv2\*(C'\fR" which indicates the
\&\s-1SSL/TLS\s0 protocol version to which \fIcipher\fR belongs (i.e. where it was defined
in the specification the first time).
-.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1PROTOCOL\s0 \s-1CONTEXTS\s0"
+.SS "\s-1DEALING WITH PROTOCOL CONTEXTS\s0"
.IX Subsection "DEALING WITH PROTOCOL CONTEXTS"
Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0
protocol context defined in the \fB\s-1SSL_CTX\s0\fR structure.
@@ -459,7 +468,7 @@ session instead of a context.
.IP "void \fBSSL_CTX_set_psk_server_callback\fR(\s-1SSL_CTX\s0 *ctx, unsigned int (*callback)(\s-1SSL\s0 *ssl, const char *identity, unsigned char *psk, int max_psk_len));" 4
.IX Item "void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *identity, unsigned char *psk, int max_psk_len));"
.PD
-.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1SESSIONS\s0"
+.SS "\s-1DEALING WITH SESSIONS\s0"
.IX Subsection "DEALING WITH SESSIONS"
Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0
sessions defined in the \fB\s-1SSL_SESSION\s0\fR structures.
@@ -495,7 +504,7 @@ sessions defined in the \fB\s-1SSL_SESSION\s0\fR structures.
.IP "long \fBSSL_SESSION_set_timeout\fR(\s-1SSL_SESSION\s0 *s, long t);" 4
.IX Item "long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);"
.PD
-.SS "\s-1DEALING\s0 \s-1WITH\s0 \s-1CONNECTIONS\s0"
+.SS "\s-1DEALING WITH CONNECTIONS\s0"
.IX Subsection "DEALING WITH CONNECTIONS"
Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0
connection defined in the \fB\s-1SSL\s0\fR structure.
diff --git a/secure/usr.bin/openssl/man/CA.pl.1 b/secure/usr.bin/openssl/man/CA.pl.1
index fd44610..9076fc9 100644
--- a/secure/usr.bin/openssl/man/CA.pl.1
+++ b/secure/usr.bin/openssl/man/CA.pl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CA.PL 1"
-.TH CA.PL 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CA.PL 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -196,7 +205,7 @@ to standard output.
.IX Item "-signCA"
this option is the same as the \fB\-signreq\fR option except it uses the configuration
file section \fBv3_ca\fR and so makes the signed request a valid \s-1CA\s0 certificate. This
-is useful when creating intermediate \s-1CA\s0 from a root \s-1CA\s0.
+is useful when creating intermediate \s-1CA\s0 from a root \s-1CA.\s0
.IP "\fB\-signcert\fR" 4
.IX Item "-signcert"
this option is the same as \fB\-sign\fR except it expects a self signed certificate
@@ -216,7 +225,7 @@ Create a \s-1CA\s0 hierarchy:
\& CA.pl \-newca
.Ve
.PP
-Complete certificate creation example: create a \s-1CA\s0, create a request, sign
+Complete certificate creation example: create a \s-1CA,\s0 create a request, sign
the request and finally create a PKCS#12 file containing it.
.PP
.Vb 4
@@ -237,7 +246,7 @@ Create some \s-1DSA\s0 parameters:
\& openssl dsaparam \-out dsap.pem 1024
.Ve
.PP
-Create a \s-1DSA\s0 \s-1CA\s0 certificate and private key:
+Create a \s-1DSA CA\s0 certificate and private key:
.PP
.Vb 1
\& openssl req \-x509 \-newkey dsa:dsap.pem \-keyout cacert.pem \-out cacert.pem
diff --git a/secure/usr.bin/openssl/man/asn1parse.1 b/secure/usr.bin/openssl/man/asn1parse.1
index b1a1b61..568b151 100644
--- a/secure/usr.bin/openssl/man/asn1parse.1
+++ b/secure/usr.bin/openssl/man/asn1parse.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1PARSE 1"
-.TH ASN1PARSE 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ASN1PARSE 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -149,8 +158,8 @@ asn1parse \- ASN.1 parsing tool
[\fB\-genconf file\fR]
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-The \fBasn1parse\fR command is a diagnostic utility that can parse \s-1ASN\s0.1
-structures. It can also be used to extract data from \s-1ASN\s0.1 formatted data.
+The \fBasn1parse\fR command is a diagnostic utility that can parse \s-1ASN.1\s0
+structures. It can also be used to extract data from \s-1ASN.1\s0 formatted data.
.SH "OPTIONS"
.IX Header "OPTIONS"
.IP "\fB\-inform\fR \fBDER|PEM\fR" 4
@@ -189,7 +198,7 @@ dump unknown data in hex format.
like \fB\-dump\fR, but only the first \fBnum\fR bytes are output.
.IP "\fB\-strparse offset\fR" 4
.IX Item "-strparse offset"
-parse the contents octets of the \s-1ASN\s0.1 object starting at \fBoffset\fR. This
+parse the contents octets of the \s-1ASN.1\s0 object starting at \fBoffset\fR. This
option can be used multiple times to \*(L"drill down\*(R" into a nested structure.
.IP "\fB\-genstr string\fR, \fB\-genconf file\fR" 4
.IX Item "-genstr string, -genconf file"
@@ -226,15 +235,15 @@ The output will typically contain lines like this:
.PP
This example is part of a self signed certificate. Each line starts with the
offset in decimal. \fBd=XX\fR specifies the current depth. The depth is increased
-within the scope of any \s-1SET\s0 or \s-1SEQUENCE\s0. \fBhl=XX\fR gives the header length
+within the scope of any \s-1SET\s0 or \s-1SEQUENCE. \s0\fBhl=XX\fR gives the header length
(tag and length octets) of the current type. \fBl=XX\fR gives the length of
the contents octets.
.PP
The \fB\-i\fR option can be used to make the output more readable.
.PP
-Some knowledge of the \s-1ASN\s0.1 structure is needed to interpret the output.
+Some knowledge of the \s-1ASN.1\s0 structure is needed to interpret the output.
.PP
-In this example the \s-1BIT\s0 \s-1STRING\s0 at offset 229 is the certificate public key.
+In this example the \s-1BIT STRING\s0 at offset 229 is the certificate public key.
The contents octets of this will contain the public key information. This can
be examined using the option \fB\-strparse 229\fR to yield:
.PP
@@ -299,7 +308,7 @@ Example config file:
.SH "BUGS"
.IX Header "BUGS"
There should be options to change the format of output lines. The output of some
-\&\s-1ASN\s0.1 types is not well handled (if at all).
+\&\s-1ASN.1\s0 types is not well handled (if at all).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIASN1_generate_nconf\fR\|(3)
diff --git a/secure/usr.bin/openssl/man/c_rehash.1 b/secure/usr.bin/openssl/man/c_rehash.1
index 83735ed..cd69a9f 100644
--- a/secure/usr.bin/openssl/man/c_rehash.1
+++ b/secure/usr.bin/openssl/man/c_rehash.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "C_REHASH 1"
-.TH C_REHASH 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH C_REHASH 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -166,7 +175,7 @@ full \s-1SHA\-1\s0 fingerprint. A warning will be displayed if a duplicate
is found.
.PP
A warning will also be displayed if there are \fB.pem\fR files that
-cannot be parsed as either a certificate or a \s-1CRL\s0.
+cannot be parsed as either a certificate or a \s-1CRL.\s0
.PP
The program uses the \fBopenssl\fR program to compute the hashes and
fingerprints. If not found in the user's \fB\s-1PATH\s0\fR, then set the
diff --git a/secure/usr.bin/openssl/man/ca.1 b/secure/usr.bin/openssl/man/ca.1
index f28f636..86fdd3f 100644
--- a/secure/usr.bin/openssl/man/ca.1
+++ b/secure/usr.bin/openssl/man/ca.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CA 1"
-.TH CA 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CA 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -196,14 +205,14 @@ specifies the configuration file section to use (overrides
.IP "\fB\-in filename\fR" 4
.IX Item "-in filename"
an input filename containing a single certificate request to be
-signed by the \s-1CA\s0.
+signed by the \s-1CA.\s0
.IP "\fB\-ss_cert filename\fR" 4
.IX Item "-ss_cert filename"
-a single self signed certificate to be signed by the \s-1CA\s0.
+a single self signed certificate to be signed by the \s-1CA.\s0
.IP "\fB\-spkac filename\fR" 4
.IX Item "-spkac filename"
a file containing a single Netscape signed public key and challenge
-and additional field values to be signed by the \s-1CA\s0. See the \fB\s-1SPKAC\s0 \s-1FORMAT\s0\fR
+and additional field values to be signed by the \s-1CA.\s0 See the \fB\s-1SPKAC FORMAT\s0\fR
section for information on the required input and output format.
.IP "\fB\-infiles\fR" 4
.IX Item "-infiles"
@@ -228,7 +237,7 @@ the private key to sign requests with.
.IP "\fB\-keyform PEM|DER\fR" 4
.IX Item "-keyform PEM|DER"
the format of the data in the private key file.
-The default is \s-1PEM\s0.
+The default is \s-1PEM.\s0
.IP "\fB\-key password\fR" 4
.IX Item "-key password"
the password used to encrypt the private key. Since on some
@@ -250,7 +259,7 @@ self-signed certificate.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-verbose\fR" 4
.IX Item "-verbose"
this prints extra details about the operations being performed.
@@ -260,11 +269,11 @@ don't output the text form of a certificate to the output file.
.IP "\fB\-startdate date\fR" 4
.IX Item "-startdate date"
this allows the start date to be explicitly set. The format of the
-date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure).
+date is \s-1YYMMDDHHMMSSZ \s0(the same as an \s-1ASN1\s0 UTCTime structure).
.IP "\fB\-enddate date\fR" 4
.IX Item "-enddate date"
this allows the expiry date to be explicitly set. The format of the
-date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure).
+date is \s-1YYMMDDHHMMSSZ \s0(the same as an \s-1ASN1\s0 UTCTime structure).
.IP "\fB\-days arg\fR" 4
.IX Item "-days arg"
the number of days to certify the certificate for.
@@ -274,9 +283,9 @@ the message digest to use. Possible values include md5, sha1 and mdc2.
This option also applies to CRLs.
.IP "\fB\-policy arg\fR" 4
.IX Item "-policy arg"
-this option defines the \s-1CA\s0 \*(L"policy\*(R" to use. This is a section in
+this option defines the \s-1CA \s0\*(L"policy\*(R" to use. This is a section in
the configuration file which decides which fields should be mandatory
-or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section
+or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY FORMAT\s0\fR section
for more information.
.IP "\fB\-msie_hack\fR" 4
.IX Item "-msie_hack"
@@ -295,7 +304,7 @@ DNs match the order of the request. This is not needed for Xenroll.
.IP "\fB\-noemailDN\fR" 4
.IX Item "-noemailDN"
The \s-1DN\s0 of a certificate can contain the \s-1EMAIL\s0 field if present in the
-request \s-1DN\s0, however it is good policy just having the e\-mail set into
+request \s-1DN,\s0 however it is good policy just having the e\-mail set into
the altName extension of the certificate. When this option is set the
\&\s-1EMAIL\s0 field is removed from the certificate' subject and set only in
the, eventually present, extensions. The \fBemail_in_dn\fR keyword can be
@@ -332,7 +341,7 @@ characters may be escaped by \e (backslash), no spaces are skipped.
.IP "\fB\-utf8\fR" 4
.IX Item "-utf8"
this option causes field values to be interpreted as \s-1UTF8\s0 strings, by
-default they are interpreted as \s-1ASCII\s0. This means that the field
+default they are interpreted as \s-1ASCII.\s0 This means that the field
values, whether prompted from a terminal or obtained from a
configuration file, must be valid \s-1UTF8\s0 strings.
.IP "\fB\-multivalue\-rdn\fR" 4
@@ -377,7 +386,7 @@ in delta CRLs which are not currently implemented.
.IP "\fB\-crl_hold instruction\fR" 4
.IX Item "-crl_hold instruction"
This sets the \s-1CRL\s0 revocation reason code to \fBcertificateHold\fR and the hold
-instruction to \fBinstruction\fR which must be an \s-1OID\s0. Although any \s-1OID\s0 can be
+instruction to \fBinstruction\fR which must be an \s-1OID.\s0 Although any \s-1OID\s0 can be
used only \fBholdInstructionNone\fR (the use of which is discouraged by \s-1RFC2459\s0)
\&\fBholdInstructionCallIssuer\fR or \fBholdInstructionReject\fR will normally be used.
.IP "\fB\-crl_compromise time\fR" 4
@@ -407,8 +416,8 @@ be used must be named in the \fBdefault_ca\fR option of the \fBca\fR section
of the configuration file (or in the default section of the
configuration file). Besides \fBdefault_ca\fR, the following options are
read directly from the \fBca\fR section:
- \s-1RANDFILE\s0
- preserve
+ \s-1RANDFILE
+\&\s0 preserve
msie_hack
With the exception of \fB\s-1RANDFILE\s0\fR, this is probably a bug and may
change in future releases.
@@ -421,7 +430,7 @@ the configuration file or the command line equivalent (if
any) used.
.IP "\fBoid_file\fR" 4
.IX Item "oid_file"
-This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR.
+This specifies a file containing additional \fB\s-1OBJECT IDENTIFIERS\s0\fR.
Each line of the file should consist of the numerical form of the
object identifier followed by white space then the short name followed
by white space and finally the long name.
@@ -464,7 +473,7 @@ present.
.IX Item "default_crl_hours default_crl_days"
the same as the \fB\-crlhours\fR and the \fB\-crldays\fR options. These
will only be used if neither command line option is present. At
-least one of these must be present to generate a \s-1CRL\s0.
+least one of these must be present to generate a \s-1CRL.\s0
.IP "\fBdefault_md\fR" 4
.IX Item "default_md"
the same as the \fB\-md\fR option. The message digest to use. Mandatory.
@@ -503,13 +512,13 @@ the same as \fB\-preserveDN\fR
.IX Item "email_in_dn"
the same as \fB\-noemailDN\fR. If you want the \s-1EMAIL\s0 field to be removed
from the \s-1DN\s0 of the certificate simply set this to 'no'. If not present
-the default is to allow for the \s-1EMAIL\s0 filed in the certificate's \s-1DN\s0.
+the default is to allow for the \s-1EMAIL\s0 filed in the certificate's \s-1DN.\s0
.IP "\fBmsie_hack\fR" 4
.IX Item "msie_hack"
the same as \fB\-msie_hack\fR
.IP "\fBpolicy\fR" 4
.IX Item "policy"
-the same as \fB\-policy\fR. Mandatory. See the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section
+the same as \fB\-policy\fR. Mandatory. See the \fB\s-1POLICY FORMAT\s0\fR section
for more information.
.IP "\fBname_opt\fR, \fBcert_opt\fR" 4
.IX Item "name_opt, cert_opt"
@@ -701,7 +710,7 @@ exposed at either a command or interface level so a more friendly utility
.PP
Any fields in a request that are not present in a policy are silently
deleted. This does not happen if the \fB\-preserveDN\fR option is used. To
-enforce the absence of the \s-1EMAIL\s0 field within the \s-1DN\s0, as suggested by
+enforce the absence of the \s-1EMAIL\s0 field within the \s-1DN,\s0 as suggested by
RFCs, regardless the contents of the request' subject the \fB\-noemailDN\fR
option can be used. The behaviour should be more friendly and
configurable.
@@ -713,7 +722,7 @@ create an empty file.
The \fBca\fR command is quirky and at times downright unfriendly.
.PP
The \fBca\fR utility was originally meant as an example of how to do things
-in a \s-1CA\s0. It was not supposed to be used as a full blown \s-1CA\s0 itself:
+in a \s-1CA.\s0 It was not supposed to be used as a full blown \s-1CA\s0 itself:
nevertheless some people are using it for this purpose.
.PP
The \fBca\fR command is effectively a single user command: no locking is
diff --git a/secure/usr.bin/openssl/man/ciphers.1 b/secure/usr.bin/openssl/man/ciphers.1
index b46cf88..c2dfe43 100644
--- a/secure/usr.bin/openssl/man/ciphers.1
+++ b/secure/usr.bin/openssl/man/ciphers.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CIPHERS 1"
-.TH CIPHERS 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CIPHERS 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -191,7 +200,7 @@ algorithms.
.PP
Lists of cipher suites can be combined in a single cipher string using the
\&\fB+\fR character. This is used as a logical \fBand\fR operation. For example
-\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1\s0 \fBand\fR the \s-1DES\s0
+\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1 \s0\fBand\fR the \s-1DES\s0
algorithms.
.PP
Each cipher string can be optionally preceded by the characters \fB!\fR,
@@ -258,7 +267,7 @@ export encryption algorithms. Including 40 and 56 bits algorithms.
with support for experimental ciphers.
.IP "\fBeNULL\fR, \fB\s-1NULL\s0\fR" 4
.IX Item "eNULL, NULL"
-the \*(L"\s-1NULL\s0\*(R" ciphers that is those offering no encryption. Because these offer no
+the \*(L"\s-1NULL\*(R"\s0 ciphers that is those offering no encryption. Because these offer no
encryption at all and are a security risk they are disabled unless explicitly
included.
.IP "\fBaNULL\fR" 4
@@ -283,10 +292,10 @@ cipher suites using authenticated ephemeral \s-1DH\s0 key agreement.
.IP "\fB\s-1ADH\s0\fR" 4
.IX Item "ADH"
anonymous \s-1DH\s0 cipher suites, note that this does not include anonymous Elliptic
-Curve \s-1DH\s0 (\s-1ECDH\s0) cipher suites.
+Curve \s-1DH \s0(\s-1ECDH\s0) cipher suites.
.IP "\fB\s-1DH\s0\fR" 4
.IX Item "DH"
-cipher suites using \s-1DH\s0, including anonymous \s-1DH\s0, ephemeral \s-1DH\s0 and fixed \s-1DH\s0.
+cipher suites using \s-1DH,\s0 including anonymous \s-1DH,\s0 ephemeral \s-1DH\s0 and fixed \s-1DH.\s0
.IP "\fBkECDHr\fR, \fBkECDHe\fR, \fBkECDH\fR" 4
.IX Item "kECDHr, kECDHe, kECDH"
cipher suites using fixed \s-1ECDH\s0 key agreement signed by CAs with \s-1RSA\s0 and \s-1ECDSA\s0
@@ -304,7 +313,7 @@ anonymous Elliptic Curve Diffie Hellman cipher suites.
.IP "\fB\s-1ECDH\s0\fR" 4
.IX Item "ECDH"
cipher suites using \s-1ECDH\s0 key exchange, including anonymous, ephemeral and
-fixed \s-1ECDH\s0.
+fixed \s-1ECDH.\s0
.IP "\fBaRSA\fR" 4
.IX Item "aRSA"
cipher suites using \s-1RSA\s0 authentication, i.e. the certificates carry \s-1RSA\s0 keys.
@@ -333,62 +342,62 @@ ciphers suites using \s-1FORTEZZA\s0 key exchange, authentication, encryption or
there are no ciphersuites specific to \s-1TLS\s0 v1.1.
.IP "\fB\s-1AES128\s0\fR, \fB\s-1AES256\s0\fR, \fB\s-1AES\s0\fR" 4
.IX Item "AES128, AES256, AES"
-cipher suites using 128 bit \s-1AES\s0, 256 bit \s-1AES\s0 or either 128 or 256 bit \s-1AES\s0.
+cipher suites using 128 bit \s-1AES, 256\s0 bit \s-1AES\s0 or either 128 or 256 bit \s-1AES.\s0
.IP "\fB\s-1AESGCM\s0\fR" 4
.IX Item "AESGCM"
\&\s-1AES\s0 in Galois Counter Mode (\s-1GCM\s0): these ciphersuites are only supported
in \s-1TLS\s0 v1.2.
.IP "\fB\s-1CAMELLIA128\s0\fR, \fB\s-1CAMELLIA256\s0\fR, \fB\s-1CAMELLIA\s0\fR" 4
.IX Item "CAMELLIA128, CAMELLIA256, CAMELLIA"
-cipher suites using 128 bit \s-1CAMELLIA\s0, 256 bit \s-1CAMELLIA\s0 or either 128 or 256 bit
-\&\s-1CAMELLIA\s0.
+cipher suites using 128 bit \s-1CAMELLIA, 256\s0 bit \s-1CAMELLIA\s0 or either 128 or 256 bit
+\&\s-1CAMELLIA.\s0
.IP "\fB3DES\fR" 4
.IX Item "3DES"
-cipher suites using triple \s-1DES\s0.
+cipher suites using triple \s-1DES.\s0
.IP "\fB\s-1DES\s0\fR" 4
.IX Item "DES"
-cipher suites using \s-1DES\s0 (not triple \s-1DES\s0).
+cipher suites using \s-1DES \s0(not triple \s-1DES\s0).
.IP "\fB\s-1RC4\s0\fR" 4
.IX Item "RC4"
-cipher suites using \s-1RC4\s0.
+cipher suites using \s-1RC4.\s0
.IP "\fB\s-1RC2\s0\fR" 4
.IX Item "RC2"
-cipher suites using \s-1RC2\s0.
+cipher suites using \s-1RC2.\s0
.IP "\fB\s-1IDEA\s0\fR" 4
.IX Item "IDEA"
-cipher suites using \s-1IDEA\s0.
+cipher suites using \s-1IDEA.\s0
.IP "\fB\s-1SEED\s0\fR" 4
.IX Item "SEED"
-cipher suites using \s-1SEED\s0.
+cipher suites using \s-1SEED.\s0
.IP "\fB\s-1MD5\s0\fR" 4
.IX Item "MD5"
-cipher suites using \s-1MD5\s0.
+cipher suites using \s-1MD5.\s0
.IP "\fB\s-1SHA1\s0\fR, \fB\s-1SHA\s0\fR" 4
.IX Item "SHA1, SHA"
-cipher suites using \s-1SHA1\s0.
+cipher suites using \s-1SHA1.\s0
.IP "\fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR" 4
.IX Item "SHA256, SHA384"
-ciphersuites using \s-1SHA256\s0 or \s-1SHA384\s0.
+ciphersuites using \s-1SHA256\s0 or \s-1SHA384.\s0
.IP "\fBaGOST\fR" 4
.IX Item "aGOST"
-cipher suites using \s-1GOST\s0 R 34.10 (either 2001 or 94) for authenticaction
+cipher suites using \s-1GOST R 34.10 \s0(either 2001 or 94) for authenticaction
(needs an engine supporting \s-1GOST\s0 algorithms).
.IP "\fBaGOST01\fR" 4
.IX Item "aGOST01"
-cipher suites using \s-1GOST\s0 R 34.10\-2001 authentication.
+cipher suites using \s-1GOST R 34.10\-2001\s0 authentication.
.IP "\fBaGOST94\fR" 4
.IX Item "aGOST94"
-cipher suites using \s-1GOST\s0 R 34.10\-94 authentication (note that R 34.10\-94
-standard has been expired so use \s-1GOST\s0 R 34.10\-2001)
+cipher suites using \s-1GOST R 34.10\-94\s0 authentication (note that R 34.10\-94
+standard has been expired so use \s-1GOST R 34.10\-2001\s0)
.IP "\fBkGOST\fR" 4
.IX Item "kGOST"
-cipher suites, using \s-1VKO\s0 34.10 key exchange, specified in the \s-1RFC\s0 4357.
+cipher suites, using \s-1VKO 34.10\s0 key exchange, specified in the \s-1RFC 4357.\s0
.IP "\fB\s-1GOST94\s0\fR" 4
.IX Item "GOST94"
-cipher suites, using \s-1HMAC\s0 based on \s-1GOST\s0 R 34.11\-94.
+cipher suites, using \s-1HMAC\s0 based on \s-1GOST R 34.11\-94.\s0
.IP "\fB\s-1GOST89MAC\s0\fR" 4
.IX Item "GOST89MAC"
-cipher suites using \s-1GOST\s0 28147\-89 \s-1MAC\s0 \fBinstead of\fR \s-1HMAC\s0.
+cipher suites using \s-1GOST 28147\-89 MAC \s0\fBinstead of\fR \s-1HMAC.\s0
.IP "\fB\s-1PSK\s0\fR" 4
.IX Item "PSK"
cipher suites using pre-shared keys (\s-1PSK\s0).
@@ -397,7 +406,7 @@ cipher suites using pre-shared keys (\s-1PSK\s0).
The following lists give the \s-1SSL\s0 or \s-1TLS\s0 cipher suites names from the
relevant specification and their OpenSSL equivalents. It should be noted,
that several cipher suite names do not include the authentication used,
-e.g. \s-1DES\-CBC3\-SHA\s0. In these cases, \s-1RSA\s0 authentication is used.
+e.g. \s-1DES\-CBC3\-SHA.\s0 In these cases, \s-1RSA\s0 authentication is used.
.SS "\s-1SSL\s0 v3.0 cipher suites."
.IX Subsection "SSL v3.0 cipher suites."
.Vb 10
@@ -468,7 +477,7 @@ e.g. \s-1DES\-CBC3\-SHA\s0. In these cases, \s-1RSA\s0 authentication is used.
\& TLS_DH_anon_WITH_DES_CBC_SHA ADH\-DES\-CBC\-SHA
\& TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH\-DES\-CBC3\-SHA
.Ve
-.SS "\s-1AES\s0 ciphersuites from \s-1RFC3268\s0, extending \s-1TLS\s0 v1.0"
+.SS "\s-1AES\s0 ciphersuites from \s-1RFC3268,\s0 extending \s-1TLS\s0 v1.0"
.IX Subsection "AES ciphersuites from RFC3268, extending TLS v1.0"
.Vb 2
\& TLS_RSA_WITH_AES_128_CBC_SHA AES128\-SHA
@@ -487,7 +496,7 @@ e.g. \s-1DES\-CBC3\-SHA\s0. In these cases, \s-1RSA\s0 authentication is used.
\& TLS_DH_anon_WITH_AES_128_CBC_SHA ADH\-AES128\-SHA
\& TLS_DH_anon_WITH_AES_256_CBC_SHA ADH\-AES256\-SHA
.Ve
-.SS "Camellia ciphersuites from \s-1RFC4132\s0, extending \s-1TLS\s0 v1.0"
+.SS "Camellia ciphersuites from \s-1RFC4132,\s0 extending \s-1TLS\s0 v1.0"
.IX Subsection "Camellia ciphersuites from RFC4132, extending TLS v1.0"
.Vb 2
\& TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128\-SHA
@@ -506,7 +515,7 @@ e.g. \s-1DES\-CBC3\-SHA\s0. In these cases, \s-1RSA\s0 authentication is used.
\& TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH\-CAMELLIA128\-SHA
\& TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH\-CAMELLIA256\-SHA
.Ve
-.SS "\s-1SEED\s0 ciphersuites from \s-1RFC4162\s0, extending \s-1TLS\s0 v1.0"
+.SS "\s-1SEED\s0 ciphersuites from \s-1RFC4162,\s0 extending \s-1TLS\s0 v1.0"
.IX Subsection "SEED ciphersuites from RFC4162, extending TLS v1.0"
.Vb 1
\& TLS_RSA_WITH_SEED_CBC_SHA SEED\-SHA
diff --git a/secure/usr.bin/openssl/man/cms.1 b/secure/usr.bin/openssl/man/cms.1
index 2c39684..13c2702 100644
--- a/secure/usr.bin/openssl/man/cms.1
+++ b/secure/usr.bin/openssl/man/cms.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS 1"
-.TH CMS 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CMS 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -231,29 +240,29 @@ takes an input message and writes out a \s-1PEM\s0 encoded \s-1CMS\s0 structure.
resign a message: take an existing message and one or more new signers.
.IP "\fB\-data_create\fR" 4
.IX Item "-data_create"
-Create a \s-1CMS\s0 \fBData\fR type.
+Create a \s-1CMS \s0\fBData\fR type.
.IP "\fB\-data_out\fR" 4
.IX Item "-data_out"
\&\fBData\fR type and output the content.
.IP "\fB\-digest_create\fR" 4
.IX Item "-digest_create"
-Create a \s-1CMS\s0 \fBDigestedData\fR type.
+Create a \s-1CMS \s0\fBDigestedData\fR type.
.IP "\fB\-digest_verify\fR" 4
.IX Item "-digest_verify"
-Verify a \s-1CMS\s0 \fBDigestedData\fR type and output the content.
+Verify a \s-1CMS \s0\fBDigestedData\fR type and output the content.
.IP "\fB\-compress\fR" 4
.IX Item "-compress"
-Create a \s-1CMS\s0 \fBCompressedData\fR type. OpenSSL must be compiled with \fBzlib\fR
+Create a \s-1CMS \s0\fBCompressedData\fR type. OpenSSL must be compiled with \fBzlib\fR
support for this option to work, otherwise it will output an error.
.IP "\fB\-uncompress\fR" 4
.IX Item "-uncompress"
-Uncompress a \s-1CMS\s0 \fBCompressedData\fR type and output the content. OpenSSL must be
+Uncompress a \s-1CMS \s0\fBCompressedData\fR type and output the content. OpenSSL must be
compiled with \fBzlib\fR support for this option to work, otherwise it will
output an error.
.IP "\fB\-EncryptedData_encrypt\fR" 4
.IX Item "-EncryptedData_encrypt"
-Encrypt content using supplied symmetric key and algorithm using a \s-1CMS\s0
-\&\fBEncrytedData\fR type and output the content.
+Encrypt content using supplied symmetric key and algorithm using a \s-1CMS
+\&\s0\fBEncrytedData\fR type and output the content.
.IP "\fB\-sign_receipt\fR" 4
.IX Item "-sign_receipt"
Generate and output a signed receipt for the supplied message. The input
@@ -316,7 +325,7 @@ is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type.
.IX Item "-text"
this option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied
message if encrypting or signing. If decrypting or verifying it strips
-off text headers: if the decrypted or verified message is not of \s-1MIME\s0
+off text headers: if the decrypted or verified message is not of \s-1MIME \s0
type text/plain then an error occurs.
.IP "\fB\-noout\fR" 4
.IX Item "-noout"
@@ -342,8 +351,8 @@ digest algorithm to use when signing or resigning. If not present then the
default digest algorithm for the signing key will be used (usually \s-1SHA1\s0).
.IP "\fB\-[cipher]\fR" 4
.IX Item "-[cipher]"
-the encryption algorithm to use. For example triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR
-or 256 bit \s-1AES\s0 \- \fB\-aes256\fR. Any standard algorithm name (as used by the
+the encryption algorithm to use. For example triple \s-1DES \s0(168 bits) \- \fB\-des3\fR
+or 256 bit \s-1AES \- \s0\fB\-aes256\fR. Any standard algorithm name (as used by the
\&\fIEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for
example \fB\-aes_128_cbc\fR. See \fBenc\fR for a list of ciphers
supported by your version of OpenSSL.
@@ -455,7 +464,7 @@ multiple times to specify successive keys.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the private key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-rand file(s)\fR" 4
.IX Item "-rand file(s)"
a file or files containing random data used to seed the random number
@@ -508,12 +517,12 @@ signer using the same message digest or this operation will fail.
.PP
The \fB\-stream\fR and \fB\-indef\fR options enable experimental streaming I/O support.
As a result the encoding is \s-1BER\s0 using indefinite length constructed encoding
-and no longer \s-1DER\s0. Streaming is supported for the \fB\-encrypt\fR operation and the
+and no longer \s-1DER.\s0 Streaming is supported for the \fB\-encrypt\fR operation and the
\&\fB\-sign\fR operation if the content is not detached.
.PP
Streaming is always used for the \fB\-sign\fR operation with detached data but
since the content is no longer part of the \s-1CMS\s0 structure the encoding
-remains \s-1DER\s0.
+remains \s-1DER.\s0
.PP
If the \fB\-decrypt\fR option is used without a recipient certificate then an
attempt is made to locate the recipient by trying each potential recipient
diff --git a/secure/usr.bin/openssl/man/crl.1 b/secure/usr.bin/openssl/man/crl.1
index 79bed64..93f6916 100644
--- a/secure/usr.bin/openssl/man/crl.1
+++ b/secure/usr.bin/openssl/man/crl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CRL 1"
-.TH CRL 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CRL 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -178,7 +187,7 @@ option which determines how the subject or issuer names are displayed. See
the description of \fB\-nameopt\fR in \fIx509\fR\|(1).
.IP "\fB\-noout\fR" 4
.IX Item "-noout"
-don't output the encoded version of the \s-1CRL\s0.
+don't output the encoded version of the \s-1CRL.\s0
.IP "\fB\-hash\fR" 4
.IX Item "-hash"
output a hash of the issuer name. This can be use to lookup CRLs in
@@ -208,7 +217,7 @@ is a hash of each subject name (using \fBx509 \-hash\fR) should be linked
to each certificate.
.SH "NOTES"
.IX Header "NOTES"
-The \s-1PEM\s0 \s-1CRL\s0 format uses the header and footer lines:
+The \s-1PEM CRL\s0 format uses the header and footer lines:
.PP
.Vb 2
\& \-\-\-\-\-BEGIN X509 CRL\-\-\-\-\-
diff --git a/secure/usr.bin/openssl/man/crl2pkcs7.1 b/secure/usr.bin/openssl/man/crl2pkcs7.1
index 7e430ea..15854ef 100644
--- a/secure/usr.bin/openssl/man/crl2pkcs7.1
+++ b/secure/usr.bin/openssl/man/crl2pkcs7.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CRL2PKCS7 1"
-.TH CRL2PKCS7 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CRL2PKCS7 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -193,7 +202,7 @@ different certificates:
.SH "NOTES"
.IX Header "NOTES"
The output file is a PKCS#7 signed data structure containing no signers and
-just certificates and an optional \s-1CRL\s0.
+just certificates and an optional \s-1CRL.\s0
.PP
This utility can be used to send certificates and CAs to Netscape as part of
the certificate enrollment process. This involves sending the \s-1DER\s0 encoded output
diff --git a/secure/usr.bin/openssl/man/dgst.1 b/secure/usr.bin/openssl/man/dgst.1
index 42e5acc..c319e63 100644
--- a/secure/usr.bin/openssl/man/dgst.1
+++ b/secure/usr.bin/openssl/man/dgst.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DGST 1"
-.TH DGST 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DGST 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -140,6 +149,8 @@ dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5,
[\fB\-hex\fR]
[\fB\-binary\fR]
[\fB\-r\fR]
+[\fB\-hmac arg\fR]
+[\fB\-non\-fips\-allow\fR]
[\fB\-out filename\fR]
[\fB\-sign filename\fR]
[\fB\-keyform arg\fR]
@@ -180,6 +191,13 @@ output the digest or signature in binary form.
.IP "\fB\-r\fR" 4
.IX Item "-r"
output the digest in the \*(L"coreutils\*(R" format used by programs like \fBsha1sum\fR.
+.IP "\fB\-hmac arg\fR" 4
+.IX Item "-hmac arg"
+set the \s-1HMAC\s0 key to \*(L"arg\*(R".
+.IP "\fB\-non\-fips\-allow\fR" 4
+.IX Item "-non-fips-allow"
+Allow use of non \s-1FIPS\s0 digest when in \s-1FIPS\s0 mode. This has no effect when not in
+\&\s-1FIPS\s0 mode.
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
filename to output to, or standard output by default.
@@ -188,7 +206,7 @@ filename to output to, or standard output by default.
digitally sign the digest using the private key in \*(L"filename\*(R".
.IP "\fB\-keyform arg\fR" 4
.IX Item "-keyform arg"
-Specifies the key format to sign digest with. The \s-1DER\s0, \s-1PEM\s0, P12,
+Specifies the key format to sign digest with. The \s-1DER, PEM, P12,\s0
and \s-1ENGINE\s0 formats are supported.
.IP "\fB\-engine id\fR" 4
.IX Item "-engine id"
@@ -202,11 +220,11 @@ Names and values of these options are algorithm-specific.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the private key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-verify filename\fR" 4
.IX Item "-verify filename"
verify the signature using the public key in \*(L"filename\*(R".
-The output is either \*(L"Verification \s-1OK\s0\*(R" or \*(L"Verification Failure\*(R".
+The output is either \*(L"Verification \s-1OK\*(R"\s0 or \*(L"Verification Failure\*(R".
.IP "\fB\-prverify filename\fR" 4
.IX Item "-prverify filename"
verify the signature using the private key in \*(L"filename\*(R".
@@ -218,8 +236,8 @@ the actual signature to verify.
create a hashed \s-1MAC\s0 using \*(L"key\*(R".
.IP "\fB\-mac alg\fR" 4
.IX Item "-mac alg"
-create \s-1MAC\s0 (keyed Message Authentication Code). The most popular \s-1MAC\s0
-algorithm is \s-1HMAC\s0 (hash-based \s-1MAC\s0), but there are other \s-1MAC\s0 algorithms
+create \s-1MAC \s0(keyed Message Authentication Code). The most popular \s-1MAC\s0
+algorithm is \s-1HMAC \s0(hash-based \s-1MAC\s0), but there are other \s-1MAC\s0 algorithms
which are not based on hash, for instance \fBgost-mac\fR algorithm,
supported by \fBccgost\fR engine. \s-1MAC\s0 keys and other options should be set
via \fB\-macopt\fR parameter.
@@ -273,17 +291,17 @@ To verify a signature:
file.txt
.SH "NOTES"
.IX Header "NOTES"
-The digest of choice for all new applications is \s-1SHA1\s0. Other digests are
+The digest of choice for all new applications is \s-1SHA1.\s0 Other digests are
however still widely used.
.PP
When signing a file, \fBdgst\fR will automatically determine the algorithm
-(\s-1RSA\s0, \s-1ECC\s0, etc) to use for signing based on the private key's \s-1ASN\s0.1 info.
-When verifying signatures, it only handles the \s-1RSA\s0, \s-1DSA\s0, or \s-1ECDSA\s0 signature
+(\s-1RSA, ECC,\s0 etc) to use for signing based on the private key's \s-1ASN.1\s0 info.
+When verifying signatures, it only handles the \s-1RSA, DSA,\s0 or \s-1ECDSA\s0 signature
itself, not the related data to identify the signer and algorithm used in
-formats such as x.509, \s-1CMS\s0, and S/MIME.
+formats such as x.509, \s-1CMS,\s0 and S/MIME.
.PP
A source of random numbers is required for certain signing algorithms, in
-particular \s-1ECDSA\s0 and \s-1DSA\s0.
+particular \s-1ECDSA\s0 and \s-1DSA.\s0
.PP
The signing and verify options should only be used if a single file is
being signed or verified.
diff --git a/secure/usr.bin/openssl/man/dhparam.1 b/secure/usr.bin/openssl/man/dhparam.1
index 77d469c5..cf0be31 100644
--- a/secure/usr.bin/openssl/man/dhparam.1
+++ b/secure/usr.bin/openssl/man/dhparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DHPARAM 1"
-.TH DHPARAM 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DHPARAM 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -155,7 +164,7 @@ This command is used to manipulate \s-1DH\s0 parameter files.
.IX Header "OPTIONS"
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
-This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded
form compatible with the PKCS#3 DHparameter structure. The \s-1PEM\s0 form is the
default format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with
additional header and footer lines.
@@ -234,8 +243,8 @@ versions of OpenSSL.
\& \-\-\-\-\-END DH PARAMETERS\-\-\-\-\-
.Ve
.PP
-OpenSSL currently only supports the older PKCS#3 \s-1DH\s0, not the newer X9.42
-\&\s-1DH\s0.
+OpenSSL currently only supports the older PKCS#3 \s-1DH,\s0 not the newer X9.42
+\&\s-1DH.\s0
.PP
This program manipulates \s-1DH\s0 parameters not keys.
.SH "BUGS"
diff --git a/secure/usr.bin/openssl/man/dsa.1 b/secure/usr.bin/openssl/man/dsa.1
index 9909747..63c2fbd 100644
--- a/secure/usr.bin/openssl/man/dsa.1
+++ b/secure/usr.bin/openssl/man/dsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA 1"
-.TH DSA 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DSA 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -166,10 +175,10 @@ applications should use the more secure PKCS#8 format using the \fBpkcs8\fR
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
This specifies the input format. The \fB\s-1DER\s0\fR option with a private key uses
-an \s-1ASN1\s0 \s-1DER\s0 encoded form of an \s-1ASN\s0.1 \s-1SEQUENCE\s0 consisting of the values of
+an \s-1ASN1 DER\s0 encoded form of an \s-1ASN.1 SEQUENCE\s0 consisting of the values of
version (currently zero), p, q, g, the public and private key components
-respectively as \s-1ASN\s0.1 INTEGERs. When used with a public key it uses a
-SubjectPublicKeyInfo structure: it is an error if the key is not \s-1DSA\s0.
+respectively as \s-1ASN.1\s0 INTEGERs. When used with a public key it uses a
+SubjectPublicKeyInfo structure: it is an error if the key is not \s-1DSA.\s0
.Sp
The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64
encoded with additional header and footer lines. In the case of a private key
@@ -186,7 +195,7 @@ prompted for.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename to write a key to or standard output by
@@ -196,7 +205,7 @@ filename.
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-aes128|\-aes192|\-aes256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4
.IX Item "-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea"
These options encrypt the private key with the specified
diff --git a/secure/usr.bin/openssl/man/dsaparam.1 b/secure/usr.bin/openssl/man/dsaparam.1
index f0bdb75..2a5ca61 100644
--- a/secure/usr.bin/openssl/man/dsaparam.1
+++ b/secure/usr.bin/openssl/man/dsaparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSAPARAM 1"
-.TH DSAPARAM 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DSAPARAM 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -152,8 +161,8 @@ This command is used to manipulate or generate \s-1DSA\s0 parameter files.
.IX Header "OPTIONS"
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
-This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded
-form compatible with \s-1RFC2459\s0 (\s-1PKIX\s0) DSS-Parms that is a \s-1SEQUENCE\s0 consisting
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded
+form compatible with \s-1RFC2459 \s0(\s-1PKIX\s0) DSS-Parms that is a \s-1SEQUENCE\s0 consisting
of p, q and g respectively. The \s-1PEM\s0 form is the default format: it consists
of the \fB\s-1DER\s0\fR format base64 encoded with additional header and footer lines.
.IP "\fB\-outform DER|PEM\fR" 4
diff --git a/secure/usr.bin/openssl/man/ec.1 b/secure/usr.bin/openssl/man/ec.1
index f3e2749..97afab5 100644
--- a/secure/usr.bin/openssl/man/ec.1
+++ b/secure/usr.bin/openssl/man/ec.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EC 1"
-.TH EC 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EC 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -155,7 +164,7 @@ ec \- EC key processing
.IX Header "DESCRIPTION"
The \fBec\fR command processes \s-1EC\s0 keys. They can be converted between various
forms and their components printed out. \fBNote\fR OpenSSL uses the
-private key format specified in '\s-1SEC\s0 1: Elliptic Curve Cryptography'
+private key format specified in '\s-1SEC 1:\s0 Elliptic Curve Cryptography'
(http://www.secg.org/). To convert a OpenSSL \s-1EC\s0 private key into the
PKCS#8 private key format use the \fBpkcs8\fR command.
.SH "COMMAND OPTIONS"
@@ -163,8 +172,8 @@ PKCS#8 private key format use the \fBpkcs8\fR command.
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
This specifies the input format. The \fB\s-1DER\s0\fR option with a private key uses
-an \s-1ASN\s0.1 \s-1DER\s0 encoded \s-1SEC1\s0 private key. When used with a public key it
-uses the SubjectPublicKeyInfo structure as specified in \s-1RFC\s0 3280.
+an \s-1ASN.1 DER\s0 encoded \s-1SEC1\s0 private key. When used with a public key it
+uses the SubjectPublicKeyInfo structure as specified in \s-1RFC 3280.\s0
The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64
encoded with additional header and footer lines. In the case of a private key
PKCS#8 format is also accepted.
@@ -180,7 +189,7 @@ prompted for.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename to write a key to or standard output by
@@ -190,10 +199,10 @@ filename.
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-des|\-des3|\-idea\fR" 4
.IX Item "-des|-des3|-idea"
-These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, \s-1IDEA\s0 or
+These options encrypt the private key with the \s-1DES,\s0 triple \s-1DES, IDEA\s0 or
any other cipher supported by OpenSSL before outputting it. A pass phrase is
prompted for.
If none of these options is specified the key is written in plain text. This
@@ -232,10 +241,10 @@ the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_COMP\s0\fR at compile time.
.IX Item "-param_enc arg"
This specifies how the elliptic curve parameters are encoded.
Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are
-specified by a \s-1OID\s0, or \fBexplicit\fR where the ec parameters are
-explicitly given (see \s-1RFC\s0 3279 for the definition of the
+specified by a \s-1OID,\s0 or \fBexplicit\fR where the ec parameters are
+explicitly given (see \s-1RFC 3279\s0 for the definition of the
\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR.
-\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC\s0 3279,
+\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC 3279,\s0
is currently not implemented in OpenSSL.
.IP "\fB\-engine id\fR" 4
.IX Item "-engine id"
diff --git a/secure/usr.bin/openssl/man/ecparam.1 b/secure/usr.bin/openssl/man/ecparam.1
index d8124b9..5b0b3a2 100644
--- a/secure/usr.bin/openssl/man/ecparam.1
+++ b/secure/usr.bin/openssl/man/ecparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ECPARAM 1"
-.TH ECPARAM 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ECPARAM 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -157,8 +166,8 @@ This command is used to manipulate or generate \s-1EC\s0 parameter files.
.IX Header "OPTIONS"
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
-This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN\s0.1 \s-1DER\s0 encoded
-form compatible with \s-1RFC\s0 3279 EcpkParameters. The \s-1PEM\s0 form is the default
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN.1 DER\s0 encoded
+form compatible with \s-1RFC 3279\s0 EcpkParameters. The \s-1PEM\s0 form is the default
format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with additional
header and footer lines.
.IP "\fB\-outform DER|PEM\fR" 4
@@ -208,15 +217,15 @@ the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_COMP\s0\fR at compile time.
.IX Item "-param_enc arg"
This specifies how the elliptic curve parameters are encoded.
Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are
-specified by a \s-1OID\s0, or \fBexplicit\fR where the ec parameters are
-explicitly given (see \s-1RFC\s0 3279 for the definition of the
+specified by a \s-1OID,\s0 or \fBexplicit\fR where the ec parameters are
+explicitly given (see \s-1RFC 3279\s0 for the definition of the
\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR.
-\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC\s0 3279,
+\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC 3279,\s0
is currently not implemented in OpenSSL.
.IP "\fB\-no_seed\fR" 4
.IX Item "-no_seed"
This option inhibits that the 'seed' for the parameter generation
-is included in the ECParameters structure (see \s-1RFC\s0 3279).
+is included in the ECParameters structure (see \s-1RFC 3279\s0).
.IP "\fB\-genkey\fR" 4
.IX Item "-genkey"
This option will generate a \s-1EC\s0 private key using the specified parameters.
diff --git a/secure/usr.bin/openssl/man/enc.1 b/secure/usr.bin/openssl/man/enc.1
index 941bed5..fa609d0 100644
--- a/secure/usr.bin/openssl/man/enc.1
+++ b/secure/usr.bin/openssl/man/enc.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ENC 1"
-.TH ENC 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ENC 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -174,13 +183,13 @@ the output filename, standard output by default.
.IP "\fB\-pass arg\fR" 4
.IX Item "-pass arg"
the password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-salt\fR" 4
.IX Item "-salt"
use a salt in the key derivation routines. This is the default.
.IP "\fB\-nosalt\fR" 4
.IX Item "-nosalt"
-don't use a salt in the key derivation routines. This option \fB\s-1SHOULD\s0 \s-1NOT\s0\fR be
+don't use a salt in the key derivation routines. This option \fB\s-1SHOULD NOT\s0\fR be
used except for test purposes or compatibility with ancient versions of OpenSSL
and SSLeay.
.IP "\fB\-e\fR" 4
@@ -312,7 +321,7 @@ list of ciphers, supported by your versesion of OpenSSL, including
ones provided by configured engines.
.PP
The \fBenc\fR program does not support authenticated encryption modes
-like \s-1CCM\s0 and \s-1GCM\s0. The utility does not store or retrieve the
+like \s-1CCM\s0 and \s-1GCM.\s0 The utility does not store or retrieve the
authentication tag.
.PP
.Vb 1
diff --git a/secure/usr.bin/openssl/man/errstr.1 b/secure/usr.bin/openssl/man/errstr.1
index 2cdc01f..c153ba3 100644
--- a/secure/usr.bin/openssl/man/errstr.1
+++ b/secure/usr.bin/openssl/man/errstr.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERRSTR 1"
-.TH ERRSTR 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ERRSTR 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/gendsa.1 b/secure/usr.bin/openssl/man/gendsa.1
index ae95cef..093c77e 100644
--- a/secure/usr.bin/openssl/man/gendsa.1
+++ b/secure/usr.bin/openssl/man/gendsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "GENDSA 1"
-.TH GENDSA 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH GENDSA 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/genpkey.1 b/secure/usr.bin/openssl/man/genpkey.1
index 1c56f39..d978c94 100644
--- a/secure/usr.bin/openssl/man/genpkey.1
+++ b/secure/usr.bin/openssl/man/genpkey.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "GENPKEY 1"
-.TH GENPKEY 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH GENPKEY 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -155,11 +164,11 @@ the output filename. If this argument is not specified then standard output is
used.
.IP "\fB\-outform DER|PEM\fR" 4
.IX Item "-outform DER|PEM"
-This specifies the output format \s-1DER\s0 or \s-1PEM\s0.
+This specifies the output format \s-1DER\s0 or \s-1PEM.\s0
.IP "\fB\-pass arg\fR" 4
.IX Item "-pass arg"
the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-cipher\fR" 4
.IX Item "-cipher"
This option encrypts the private key with the supplied cipher. Any algorithm
@@ -173,14 +182,14 @@ for all available algorithms. If used this option should precede all other
options.
.IP "\fB\-algorithm alg\fR" 4
.IX Item "-algorithm alg"
-public key algorithm to use such as \s-1RSA\s0, \s-1DSA\s0 or \s-1DH\s0. If used this option must
+public key algorithm to use such as \s-1RSA, DSA\s0 or \s-1DH.\s0 If used this option must
precede any \fB\-pkeyopt\fR options. The options \fB\-paramfile\fR and \fB\-algorithm\fR
are mutually exclusive.
.IP "\fB\-pkeyopt opt:value\fR" 4
.IX Item "-pkeyopt opt:value"
set the public key algorithm option \fBopt\fR to \fBvalue\fR. The precise set of
options supported depends on the public key algorithm used and its
-implementation. See \fB\s-1KEY\s0 \s-1GENERATION\s0 \s-1OPTIONS\s0\fR below for more details.
+implementation. See \fB\s-1KEY GENERATION OPTIONS\s0\fR below for more details.
.IP "\fB\-genparam\fR" 4
.IX Item "-genparam"
generate a set of parameters instead of a private key. If used this option must
@@ -235,14 +244,14 @@ one should load the ccgost engine in the OpenSSL configuration file.
See \s-1README\s0.gost file in the engines/ccgost directiry of the source
distribution for more details.
.PP
-Use of a parameter file for the \s-1GOST\s0 R 34.10 algorithm is optional.
+Use of a parameter file for the \s-1GOST R 34.10\s0 algorithm is optional.
Parameters can be specified during key generation directly as well as
during generation of parameter file.
.IP "\fBparamset:name\fR" 4
.IX Item "paramset:name"
-Specifies \s-1GOST\s0 R 34.10\-2001 parameter set according to \s-1RFC\s0 4357.
+Specifies \s-1GOST R 34.10\-2001\s0 parameter set according to \s-1RFC 4357.\s0
Parameter set can be specified using abbreviated name, object short name or
-numeric \s-1OID\s0. Following parameter sets are supported:
+numeric \s-1OID.\s0 Following parameter sets are supported:
.Sp
.Vb 7
\& paramset OID Usage
diff --git a/secure/usr.bin/openssl/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1
index 7db0df0..965aadf 100644
--- a/secure/usr.bin/openssl/man/genrsa.1
+++ b/secure/usr.bin/openssl/man/genrsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "GENRSA 1"
-.TH GENRSA 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH GENRSA 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -168,7 +177,7 @@ used.
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-aes128|\-aes192|\-aes256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4
.IX Item "-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea"
These options encrypt the private key with specified
diff --git a/secure/usr.bin/openssl/man/nseq.1 b/secure/usr.bin/openssl/man/nseq.1
index 81f13c7..b3d28a5 100644
--- a/secure/usr.bin/openssl/man/nseq.1
+++ b/secure/usr.bin/openssl/man/nseq.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "NSEQ 1"
-.TH NSEQ 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH NSEQ 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1
index 67c8336..9003a1d 100644
--- a/secure/usr.bin/openssl/man/ocsp.1
+++ b/secure/usr.bin/openssl/man/ocsp.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "OCSP 1"
-.TH OCSP 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH OCSP 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -182,7 +191,7 @@ ocsp \- Online Certificate Status Protocol utility
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The Online Certificate Status Protocol (\s-1OCSP\s0) enables applications to
-determine the (revocation) state of an identified certificate (\s-1RFC\s0 2560).
+determine the (revocation) state of an identified certificate (\s-1RFC 2560\s0).
.PP
The \fBocsp\fR command performs many common \s-1OCSP\s0 tasks. It can be used
to print out requests and responses, create requests and send queries
@@ -238,12 +247,15 @@ if \s-1OCSP\s0 request or response creation is implied by other options (for exa
with \fBserial\fR, \fBcert\fR and \fBhost\fR options).
.IP "\fB\-url responder_url\fR" 4
.IX Item "-url responder_url"
-specify the responder \s-1URL\s0. Both \s-1HTTP\s0 and \s-1HTTPS\s0 (\s-1SSL/TLS\s0) URLs can be specified.
+specify the responder \s-1URL.\s0 Both \s-1HTTP\s0 and \s-1HTTPS \s0(\s-1SSL/TLS\s0) URLs can be specified.
.IP "\fB\-host hostname:port\fR, \fB\-path pathname\fR" 4
.IX Item "-host hostname:port, -path pathname"
if the \fBhost\fR option is present then the \s-1OCSP\s0 request is sent to the host
\&\fBhostname\fR on port \fBport\fR. \fBpath\fR specifies the \s-1HTTP\s0 path name to use
or \*(L"/\*(R" by default.
+.IP "\fB\-timeout seconds\fR" 4
+.IX Item "-timeout seconds"
+connection timeout to the \s-1OCSP\s0 responder in seconds
.IP "\fB\-CAfile file\fR, \fB\-CApath pathname\fR" 4
.IX Item "-CAfile file, -CApath pathname"
file or pathname containing trusted \s-1CA\s0 certificates. These are used to verify
@@ -339,7 +351,7 @@ Additional certificates to include in the \s-1OCSP\s0 response.
Don't include any certificates in the \s-1OCSP\s0 response.
.IP "\fB\-resp_key_id\fR" 4
.IX Item "-resp_key_id"
-Identify the signer certificate using the key \s-1ID\s0, default is to use the subject name.
+Identify the signer certificate using the key \s-1ID,\s0 default is to use the subject name.
.IP "\fB\-rkey file\fR" 4
.IX Item "-rkey file"
The private key to sign \s-1OCSP\s0 responses with: if not present the file specified in the
@@ -358,7 +370,7 @@ Number of minutes or days when fresh revocation information is available: used i
omitted meaning fresh revocation information is immediately available.
.SH "OCSP Response verification."
.IX Header "OCSP Response verification."
-\&\s-1OCSP\s0 Response follows the rules specified in \s-1RFC2560\s0.
+\&\s-1OCSP\s0 Response follows the rules specified in \s-1RFC2560.\s0
.PP
Initially the \s-1OCSP\s0 responder certificate is located and the signature on
the \s-1OCSP\s0 request checked using the responder certificate's public key.
diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1
index 6a79a51..07049c5 100644
--- a/secure/usr.bin/openssl/man/openssl.1
+++ b/secure/usr.bin/openssl/man/openssl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL 1"
-.TH OPENSSL 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH OPENSSL 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -192,11 +201,11 @@ same name, this provides an easy way for shell scripts to test for the
availability of ciphers in the \fBopenssl\fR program. (\fBno\-\fR\fI\s-1XXX\s0\fR is
not able to detect pseudo-commands such as \fBquit\fR,
\&\fBlist\-\fR\fI...\fR\fB\-commands\fR, or \fBno\-\fR\fI\s-1XXX\s0\fR itself.)
-.SS "\s-1STANDARD\s0 \s-1COMMANDS\s0"
+.SS "\s-1STANDARD COMMANDS\s0"
.IX Subsection "STANDARD COMMANDS"
.IP "\fBasn1parse\fR" 10
.IX Item "asn1parse"
-Parse an \s-1ASN\s0.1 sequence.
+Parse an \s-1ASN.1\s0 sequence.
.IP "\fBca\fR" 10
.IX Item "ca"
Certificate Authority (\s-1CA\s0) Management.
@@ -205,7 +214,7 @@ Certificate Authority (\s-1CA\s0) Management.
Cipher Suite Description Determination.
.IP "\fBcms\fR" 10
.IX Item "cms"
-\&\s-1CMS\s0 (Cryptographic Message Syntax) utility
+\&\s-1CMS \s0(Cryptographic Message Syntax) utility
.IP "\fBcrl\fR" 10
.IX Item "crl"
Certificate Revocation List (\s-1CRL\s0) Management.
@@ -232,7 +241,7 @@ Generation and Management of Diffie-Hellman Parameters. Superseded by
\&\fBgenpkey\fR and \fBpkeyparam\fR
.IP "\fBec\fR" 10
.IX Item "ec"
-\&\s-1EC\s0 (Elliptic curve) key processing
+\&\s-1EC \s0(Elliptic curve) key processing
.IP "\fBecparam\fR" 10
.IX Item "ecparam"
\&\s-1EC\s0 parameter manipulation and generation
@@ -299,13 +308,13 @@ by \fBpkeyutl\fR
.IP "\fBs_client\fR" 10
.IX Item "s_client"
This implements a generic \s-1SSL/TLS\s0 client which can establish a transparent
-connection to a remote server speaking \s-1SSL/TLS\s0. It's intended for testing
+connection to a remote server speaking \s-1SSL/TLS.\s0 It's intended for testing
purposes only and provides only rudimentary interface functionality but
internally uses mostly all functionality of the OpenSSL \fBssl\fR library.
.IP "\fBs_server\fR" 10
.IX Item "s_server"
This implements a generic \s-1SSL/TLS\s0 server which accepts connections from remote
-clients speaking \s-1SSL/TLS\s0. It's intended for testing purposes only and provides
+clients speaking \s-1SSL/TLS.\s0 It's intended for testing purposes only and provides
only rudimentary interface functionality but internally uses mostly all
functionality of the OpenSSL \fBssl\fR library. It provides both an own command
line oriented protocol for testing \s-1SSL\s0 functions and a simple \s-1HTTP\s0 response
@@ -337,7 +346,7 @@ OpenSSL Version Information.
.IP "\fBx509\fR" 10
.IX Item "x509"
X.509 Certificate Data Management.
-.SS "\s-1MESSAGE\s0 \s-1DIGEST\s0 \s-1COMMANDS\s0"
+.SS "\s-1MESSAGE DIGEST COMMANDS\s0"
.IX Subsection "MESSAGE DIGEST COMMANDS"
.IP "\fBmd2\fR" 10
.IX Item "md2"
@@ -369,7 +378,7 @@ X.509 Certificate Data Management.
.IP "\fBsha512\fR" 10
.IX Item "sha512"
\&\s-1SHA\-512\s0 Digest
-.SS "\s-1ENCODING\s0 \s-1AND\s0 \s-1CIPHER\s0 \s-1COMMANDS\s0"
+.SS "\s-1ENCODING AND CIPHER COMMANDS\s0"
.IX Subsection "ENCODING AND CIPHER COMMANDS"
.IP "\fBbase64\fR" 10
.IX Item "base64"
diff --git a/secure/usr.bin/openssl/man/passwd.1 b/secure/usr.bin/openssl/man/passwd.1
index 8648dc9..5f790a3 100644
--- a/secure/usr.bin/openssl/man/passwd.1
+++ b/secure/usr.bin/openssl/man/passwd.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PASSWD 1"
-.TH PASSWD 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PASSWD 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkcs12.1 b/secure/usr.bin/openssl/man/pkcs12.1
index 8c17470..9cb4418 100644
--- a/secure/usr.bin/openssl/man/pkcs12.1
+++ b/secure/usr.bin/openssl/man/pkcs12.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS12 1"
-.TH PKCS12 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PKCS12 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -189,12 +198,12 @@ default. They are all written in \s-1PEM\s0 format.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the PKCS#12 file (i.e. input file) password source. For more information about
-the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in
+the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in
\&\fIopenssl\fR\|(1).
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
pass phrase source to encrypt any outputted private keys with. For more
-information about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section
+information about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section
in \fIopenssl\fR\|(1).
.IP "\fB\-password arg\fR" 4
.IX Item "-password arg"
@@ -282,12 +291,12 @@ displays them.
.IP "\fB\-pass arg\fR, \fB\-passout arg\fR" 4
.IX Item "-pass arg, -passout arg"
the PKCS#12 file (i.e. output file) password source. For more information about
-the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in
+the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in
\&\fIopenssl\fR\|(1).
.IP "\fB\-passin password\fR" 4
.IX Item "-passin password"
pass phrase source to decrypt any input private keys with. For more information
-about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in
+about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in
\&\fIopenssl\fR\|(1).
.IP "\fB\-chain\fR" 4
.IX Item "-chain"
@@ -296,9 +305,9 @@ certificate chain of the user certificate. The standard \s-1CA\s0 store is used
for this search. If the search fails it is considered a fatal error.
.IP "\fB\-descert\fR" 4
.IX Item "-descert"
-encrypt the certificate using triple \s-1DES\s0, this may render the PKCS#12
+encrypt the certificate using triple \s-1DES,\s0 this may render the PKCS#12
file unreadable by some \*(L"export grade\*(R" software. By default the private
-key is encrypted using triple \s-1DES\s0 and the certificate using 40 bit \s-1RC2\s0.
+key is encrypted using triple \s-1DES\s0 and the certificate using 40 bit \s-1RC2.\s0
.IP "\fB\-keypbe alg\fR, \fB\-certpbe alg\fR" 4
.IX Item "-keypbe alg, -certpbe alg"
these options allow the algorithm used to encrypt the private key and
@@ -315,7 +324,7 @@ This option is only interpreted by \s-1MSIE\s0 and similar \s-1MS\s0 software. N
encryption purposes but arbitrary length keys for signing. The \fB\-keysig\fR
option marks the key for signing only. Signing only keys can be used for
S/MIME signing, authenticode (ActiveX control signing) and \s-1SSL\s0 client
-authentication, however due to a bug only \s-1MSIE\s0 5.0 and later support
+authentication, however due to a bug only \s-1MSIE 5.0\s0 and later support
the use of signing only keys for \s-1SSL\s0 client authentication.
.IP "\fB\-macalg digest\fR" 4
.IX Item "-macalg digest"
@@ -323,7 +332,7 @@ specify the \s-1MAC\s0 digest algorithm. If not included them \s-1SHA1\s0 will b
.IP "\fB\-nomaciter\fR, \fB\-noiter\fR" 4
.IX Item "-nomaciter, -noiter"
these options affect the iteration counts on the \s-1MAC\s0 and key algorithms.
-Unless you wish to produce files compatible with \s-1MSIE\s0 4.0 you should leave
+Unless you wish to produce files compatible with \s-1MSIE 4.0\s0 you should leave
these options alone.
.Sp
To discourage attacks by using large dictionaries of common passwords the
@@ -335,7 +344,7 @@ By default both \s-1MAC\s0 and encryption iteration counts are set to 2048, usin
these options the \s-1MAC\s0 and encryption iteration counts can be set to 1, since
this reduces the file security you should not use these options unless you
really have to. Most software supports both \s-1MAC\s0 and key iteration counts.
-\&\s-1MSIE\s0 4.0 doesn't support \s-1MAC\s0 iteration counts so it needs the \fB\-nomaciter\fR
+\&\s-1MSIE 4.0\s0 doesn't support \s-1MAC\s0 iteration counts so it needs the \fB\-nomaciter\fR
option.
.IP "\fB\-maciter\fR" 4
.IX Item "-maciter"
@@ -383,7 +392,7 @@ The \fB\-keypbe\fR and \fB\-certpbe\fR algorithms allow the precise encryption
algorithms for private keys and certificates to be specified. Normally
the defaults are fine but occasionally software can't handle triple \s-1DES\s0
encrypted private keys, then the option \fB\-keypbe \s-1PBE\-SHA1\-RC2\-40\s0\fR can
-be used to reduce the private key encryption to 40 bit \s-1RC2\s0. A complete
+be used to reduce the private key encryption to 40 bit \s-1RC2. A\s0 complete
description of all algorithms is contained in the \fBpkcs8\fR manual page.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
diff --git a/secure/usr.bin/openssl/man/pkcs7.1 b/secure/usr.bin/openssl/man/pkcs7.1
index 0335b06..eea2006a 100644
--- a/secure/usr.bin/openssl/man/pkcs7.1
+++ b/secure/usr.bin/openssl/man/pkcs7.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7 1"
-.TH PKCS7 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PKCS7 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -215,7 +224,7 @@ For compatibility with some CAs it will also accept:
There is no option to print out all the fields of a PKCS#7 file.
.PP
This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in \s-1RFC2315\s0 they
-cannot currently parse, for example, the new \s-1CMS\s0 as described in \s-1RFC2630\s0.
+cannot currently parse, for example, the new \s-1CMS\s0 as described in \s-1RFC2630.\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIcrl2pkcs7\fR\|(1)
diff --git a/secure/usr.bin/openssl/man/pkcs8.1 b/secure/usr.bin/openssl/man/pkcs8.1
index 644cb67..a5df03f 100644
--- a/secure/usr.bin/openssl/man/pkcs8.1
+++ b/secure/usr.bin/openssl/man/pkcs8.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS8 1"
-.TH PKCS8 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PKCS8 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -180,7 +189,7 @@ prompted for.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename to write a key to or standard output by
@@ -190,7 +199,7 @@ filename.
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-nocrypt\fR" 4
.IX Item "-nocrypt"
PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo
@@ -202,15 +211,15 @@ code signing software used unencrypted private keys.
.IP "\fB\-nooct\fR" 4
.IX Item "-nooct"
This option generates \s-1RSA\s0 private keys in a broken format that some software
-uses. Specifically the private key should be enclosed in a \s-1OCTET\s0 \s-1STRING\s0
+uses. Specifically the private key should be enclosed in a \s-1OCTET STRING\s0
but some software just includes the structure itself without the
-surrounding \s-1OCTET\s0 \s-1STRING\s0.
+surrounding \s-1OCTET STRING.\s0
.IP "\fB\-embed\fR" 4
.IX Item "-embed"
This option generates \s-1DSA\s0 keys in a broken format. The \s-1DSA\s0 parameters are
-embedded inside the PrivateKey structure. In this form the \s-1OCTET\s0 \s-1STRING\s0
-contains an \s-1ASN1\s0 \s-1SEQUENCE\s0 consisting of two structures: a \s-1SEQUENCE\s0 containing
-the parameters and an \s-1ASN1\s0 \s-1INTEGER\s0 containing the private key.
+embedded inside the PrivateKey structure. In this form the \s-1OCTET STRING\s0
+contains an \s-1ASN1 SEQUENCE\s0 consisting of two structures: a \s-1SEQUENCE\s0 containing
+the parameters and an \s-1ASN1 INTEGER\s0 containing the private key.
.IP "\fB\-nsdb\fR" 4
.IX Item "-nsdb"
This option generates \s-1DSA\s0 keys in a broken format compatible with Netscape
@@ -276,17 +285,17 @@ level whereas the traditional format includes them at a \s-1PEM\s0 level.
Various algorithms can be used with the \fB\-v1\fR command line option,
including PKCS#5 v1.5 and PKCS#12. These are described in more detail
below.
-.IP "\fB\s-1PBE\-MD2\-DES\s0 \s-1PBE\-MD5\-DES\s0\fR" 4
+.IP "\fB\s-1PBE\-MD2\-DES PBE\-MD5\-DES\s0\fR" 4
.IX Item "PBE-MD2-DES PBE-MD5-DES"
These algorithms were included in the original PKCS#5 v1.5 specification.
-They only offer 56 bits of protection since they both use \s-1DES\s0.
-.IP "\fB\s-1PBE\-SHA1\-RC2\-64\s0 \s-1PBE\-MD2\-RC2\-64\s0 \s-1PBE\-MD5\-RC2\-64\s0 \s-1PBE\-SHA1\-DES\s0\fR" 4
+They only offer 56 bits of protection since they both use \s-1DES.\s0
+.IP "\fB\s-1PBE\-SHA1\-RC2\-64 PBE\-MD2\-RC2\-64 PBE\-MD5\-RC2\-64 PBE\-SHA1\-DES\s0\fR" 4
.IX Item "PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES"
These algorithms are not mentioned in the original PKCS#5 v1.5 specification
but they use the same key derivation algorithm and are supported by some
software. They are mentioned in PKCS#5 v2.0. They use either 64 bit \s-1RC2\s0 or
-56 bit \s-1DES\s0.
-.IP "\fB\s-1PBE\-SHA1\-RC4\-128\s0 \s-1PBE\-SHA1\-RC4\-40\s0 \s-1PBE\-SHA1\-3DES\s0 \s-1PBE\-SHA1\-2DES\s0 \s-1PBE\-SHA1\-RC2\-128\s0 \s-1PBE\-SHA1\-RC2\-40\s0\fR" 4
+56 bit \s-1DES.\s0
+.IP "\fB\s-1PBE\-SHA1\-RC4\-128 PBE\-SHA1\-RC4\-40 PBE\-SHA1\-3DES PBE\-SHA1\-2DES PBE\-SHA1\-RC2\-128 PBE\-SHA1\-RC2\-40\s0\fR" 4
.IX Item "PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40"
These algorithms use the PKCS#12 password based encryption algorithm and
allow strong encryption algorithms like triple \s-1DES\s0 or 128 bit \s-1RC2\s0 to be used.
@@ -327,13 +336,13 @@ Convert a private key from any PKCS#8 format to traditional format:
.SH "STANDARDS"
.IX Header "STANDARDS"
Test vectors from this PKCS#5 v2.0 implementation were posted to the
-pkcs-tng mailing list using triple \s-1DES\s0, \s-1DES\s0 and \s-1RC2\s0 with high iteration
+pkcs-tng mailing list using triple \s-1DES, DES\s0 and \s-1RC2\s0 with high iteration
counts, several people confirmed that they could decrypt the private
keys produced and Therefore it can be assumed that the PKCS#5 v2.0
implementation is reasonably accurate at least as far as these
algorithms are concerned.
.PP
-The format of PKCS#8 \s-1DSA\s0 (and other) private keys is not well documented:
+The format of PKCS#8 \s-1DSA \s0(and other) private keys is not well documented:
it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default \s-1DSA\s0
PKCS#8 private key format complies with this standard.
.SH "BUGS"
diff --git a/secure/usr.bin/openssl/man/pkey.1 b/secure/usr.bin/openssl/man/pkey.1
index 9177c1d..bef65c0 100644
--- a/secure/usr.bin/openssl/man/pkey.1
+++ b/secure/usr.bin/openssl/man/pkey.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKEY 1"
-.TH PKEY 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PKEY 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -155,7 +164,7 @@ between various forms and their components printed out.
.IX Header "COMMAND OPTIONS"
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
-This specifies the input format \s-1DER\s0 or \s-1PEM\s0.
+This specifies the input format \s-1DER\s0 or \s-1PEM.\s0
.IP "\fB\-outform DER|PEM\fR" 4
.IX Item "-outform DER|PEM"
This specifies the output format, the options have the same meaning as the
@@ -168,7 +177,7 @@ prompted for.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename to write a key to or standard output if this
@@ -178,7 +187,7 @@ filename.
.IP "\fB\-passout password\fR" 4
.IX Item "-passout password"
the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-cipher\fR" 4
.IX Item "-cipher"
These options encrypt the private key with the supplied cipher. Any algorithm
diff --git a/secure/usr.bin/openssl/man/pkeyparam.1 b/secure/usr.bin/openssl/man/pkeyparam.1
index aee0833..f04a29c 100644
--- a/secure/usr.bin/openssl/man/pkeyparam.1
+++ b/secure/usr.bin/openssl/man/pkeyparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKEYPARAM 1"
-.TH PKEYPARAM 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PKEYPARAM 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkeyutl.1 b/secure/usr.bin/openssl/man/pkeyutl.1
index 857d758..437961b 100644
--- a/secure/usr.bin/openssl/man/pkeyutl.1
+++ b/secure/usr.bin/openssl/man/pkeyutl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKEYUTL 1"
-.TH PKEYUTL 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PKEYUTL 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -174,17 +183,17 @@ default.
the input key file, by default it should be a private key.
.IP "\fB\-keyform PEM|DER\fR" 4
.IX Item "-keyform PEM|DER"
-the key format \s-1PEM\s0, \s-1DER\s0 or \s-1ENGINE\s0.
+the key format \s-1PEM, DER\s0 or \s-1ENGINE.\s0
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the input key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-peerkey file\fR" 4
.IX Item "-peerkey file"
the peer key file, used by key derivation (agreement) operations.
.IP "\fB\-peerform PEM|DER\fR" 4
.IX Item "-peerform PEM|DER"
-the peer key format \s-1PEM\s0, \s-1DER\s0 or \s-1ENGINE\s0.
+the peer key format \s-1PEM, DER\s0 or \s-1ENGINE.\s0
.IP "\fB\-engine id\fR" 4
.IX Item "-engine id"
specifying an engine (by its unique \fBid\fR string) will cause \fBpkeyutl\fR
@@ -246,7 +255,7 @@ operations however.
.IX Item "-rsa_padding_mode:mode"
This sets the \s-1RSA\s0 padding mode. Acceptable values for \fBmode\fR are \fBpkcs1\fR for
PKCS#1 padding, \fBsslv23\fR for SSLv23 padding, \fBnone\fR for no padding, \fBoaep\fR
-for \fB\s-1OAEP\s0\fR mode, \fBx931\fR for X9.31 mode and \fBpss\fR for \s-1PSS\s0.
+for \fB\s-1OAEP\s0\fR mode, \fBx931\fR for X9.31 mode and \fBpss\fR for \s-1PSS.\s0
.Sp
In PKCS#1 padding if the message digest is not set then the supplied data is
signed or verified directly instead of using a \fBDigestInfo\fR structure. If a
@@ -256,7 +265,7 @@ must correspond to the digest type.
For \fBoeap\fR mode only encryption and decryption is supported.
.Sp
For \fBx931\fR if the digest type is set it is used to format the block data
-otherwise the first byte is used to specify the X9.31 digest \s-1ID\s0. Sign,
+otherwise the first byte is used to specify the X9.31 digest \s-1ID.\s0 Sign,
verify and verifyrecover are can be performed in this mode.
.Sp
For \fBpss\fR mode only sign and verify are supported and the digest type must be
@@ -280,7 +289,7 @@ options.
.SH "EC ALGORITHM"
.IX Header "EC ALGORITHM"
The \s-1EC\s0 algorithm supports sign, verify and derive operations. The sign and
-verify operations use \s-1ECDSA\s0 and derive uses \s-1ECDH\s0. Currently there are no
+verify operations use \s-1ECDSA\s0 and derive uses \s-1ECDH.\s0 Currently there are no
additional options other than \fBdigest\fR. Only the \s-1SHA1\s0 digest can be used and
this digest is assumed by default.
.SH "EXAMPLES"
diff --git a/secure/usr.bin/openssl/man/rand.1 b/secure/usr.bin/openssl/man/rand.1
index d089011..c321a72 100644
--- a/secure/usr.bin/openssl/man/rand.1
+++ b/secure/usr.bin/openssl/man/rand.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RAND 1"
-.TH RAND 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RAND 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/req.1 b/secure/usr.bin/openssl/man/req.1
index 5b48dd1..2e27d89 100644
--- a/secure/usr.bin/openssl/man/req.1
+++ b/secure/usr.bin/openssl/man/req.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "REQ 1"
-.TH REQ 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH REQ 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -183,7 +192,7 @@ for use as root CAs for example.
.IX Header "COMMAND OPTIONS"
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
-This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded
form compatible with the PKCS#10. The \fB\s-1PEM\s0\fR form is the default format: it
consists of the \fB\s-1DER\s0\fR format base64 encoded with additional header and
footer lines.
@@ -199,7 +208,7 @@ options (\fB\-new\fR and \fB\-newkey\fR) are not specified.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename to write to or standard output by
@@ -207,7 +216,7 @@ default.
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-text\fR" 4
.IX Item "-text"
prints out the certificate request in text form.
@@ -270,15 +279,15 @@ if neccessary should be specified via \fB\-pkeyopt\fR parameter.
.Sp
\&\fBdsa:filename\fR generates a \s-1DSA\s0 key using the parameters
in the file \fBfilename\fR. \fBec:filename\fR generates \s-1EC\s0 key (usable both with
-\&\s-1ECDSA\s0 or \s-1ECDH\s0 algorithms), \fBgost2001:filename\fR generates \s-1GOST\s0 R
-34.10\-2001 key (requires \fBccgost\fR engine configured in the configuration
+\&\s-1ECDSA\s0 or \s-1ECDH\s0 algorithms), \fBgost2001:filename\fR generates \s-1GOST R
+34.10\-2001\s0 key (requires \fBccgost\fR engine configured in the configuration
file). If just \fBgost2001\fR is specified a parameter set should be
specified by \fB\-pkeyopt paramset:X\fR
.IP "\fB\-pkeyopt opt:value\fR" 4
.IX Item "-pkeyopt opt:value"
set the public key algorithm option \fBopt\fR to \fBvalue\fR. The precise set of
options supported depends on the public key algorithm used and its
-implementation. See \fB\s-1KEY\s0 \s-1GENERATION\s0 \s-1OPTIONS\s0\fR in the \fBgenpkey\fR manual page
+implementation. See \fB\s-1KEY GENERATION OPTIONS\s0\fR in the \fBgenpkey\fR manual page
for more details.
.IP "\fB\-key filename\fR" 4
.IX Item "-key filename"
@@ -304,8 +313,8 @@ this specifies the message digest to sign the request with (such as
the configuration file.
.Sp
Some public key algorithms may override this choice. For instance, \s-1DSA\s0
-signatures always use \s-1SHA1\s0, \s-1GOST\s0 R 34.10 signatures always use
-\&\s-1GOST\s0 R 34.11\-94 (\fB\-md_gost94\fR).
+signatures always use \s-1SHA1, GOST R 34.10\s0 signatures always use
+\&\s-1GOST R 34.11\-94 \s0(\fB\-md_gost94\fR).
.IP "\fB\-config filename\fR" 4
.IX Item "-config filename"
this allows an alternative configuration file to be specified,
@@ -329,7 +338,7 @@ If \-multi\-rdn is not used then the \s-1UID\s0 value is \fI123456+CN=John Doe\f
.IX Item "-x509"
this option outputs a self signed certificate instead of a certificate
request. This is typically used to generate a test certificate or
-a self signed root \s-1CA\s0. The extensions added to the certificate
+a self signed root \s-1CA.\s0 The extensions added to the certificate
(if any) are specified in the configuration file. Unless specified
using the \fBset_serial\fR option \fB0\fR will be used for the serial
number.
@@ -356,7 +365,7 @@ a variety of purposes.
.IP "\fB\-utf8\fR" 4
.IX Item "-utf8"
this option causes field values to be interpreted as \s-1UTF8\s0 strings, by
-default they are interpreted as \s-1ASCII\s0. This means that the field
+default they are interpreted as \s-1ASCII.\s0 This means that the field
values, whether prompted from a terminal or obtained from a
configuration file, must be valid \s-1UTF8\s0 strings.
.IP "\fB\-nameopt option\fR" 4
@@ -380,10 +389,10 @@ accept requests containing no attributes in an invalid form: this
option produces this invalid format.
.Sp
More precisely the \fBAttributes\fR in a PKCS#10 certificate request
-are defined as a \fB\s-1SET\s0 \s-1OF\s0 Attribute\fR. They are \fBnot \s-1OPTIONAL\s0\fR so
+are defined as a \fB\s-1SET OF\s0 Attribute\fR. They are \fBnot \s-1OPTIONAL\s0\fR so
if no attributes are present then they should be encoded as an
-empty \fB\s-1SET\s0 \s-1OF\s0\fR. The invalid form does not include the empty
-\&\fB\s-1SET\s0 \s-1OF\s0\fR whereas the correct form does.
+empty \fB\s-1SET OF\s0\fR. The invalid form does not include the empty
+\&\fB\s-1SET OF\s0\fR whereas the correct form does.
.Sp
It should be noted that very few CAs still require the use of this option.
.IP "\fB\-no\-asn1\-kludge\fR" 4
@@ -435,7 +444,7 @@ specified the key is written to standard output. This can be
overridden by the \fB\-keyout\fR option.
.IP "\fBoid_file\fR" 4
.IX Item "oid_file"
-This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR.
+This specifies a file containing additional \fB\s-1OBJECT IDENTIFIERS\s0\fR.
Each line of the file should consist of the numerical form of the
object identifier followed by white space then the short name followed
by white space and finally the long name.
@@ -468,7 +477,7 @@ fields. Most users will not need to change this option.
It can be set to several values \fBdefault\fR which is also the default
option uses PrintableStrings, T61Strings and BMPStrings if the
\&\fBpkix\fR value is used then only PrintableStrings and BMPStrings will
-be used. This follows the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0. If the
+be used. This follows the \s-1PKIX\s0 recommendation in \s-1RFC2459.\s0 If the
\&\fButf8only\fR option is used then only UTF8Strings will be used: this
is the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0 after 2003. Finally the \fBnombstr\fR
option just uses PrintableStrings and T61Strings: certain software has
@@ -493,7 +502,7 @@ expected format of the \fBdistinguished_name\fR and \fBattributes\fR sections.
.IP "\fButf8\fR" 4
.IX Item "utf8"
if set to the value \fByes\fR then field values to be interpreted as \s-1UTF8\s0
-strings, by default they are interpreted as \s-1ASCII\s0. This means that
+strings, by default they are interpreted as \s-1ASCII.\s0 This means that
the field values, whether prompted from a terminal or obtained from a
configuration file, must be valid \s-1UTF8\s0 strings.
.IP "\fBattributes\fR" 4
@@ -546,7 +555,7 @@ on the field being used (for example countryName can only ever be
two characters long and must fit in a PrintableString).
.PP
Some fields (such as organizationName) can be used more than once
-in a \s-1DN\s0. This presents a problem because configuration files will
+in a \s-1DN.\s0 This presents a problem because configuration files will
not recognize the same name occurring twice. To avoid this problem
if the fieldName contains some characters followed by a full stop
they will be ignored. So for example a second organizationName can
@@ -721,14 +730,14 @@ Another puzzling message is this:
.Ve
.PP
this is displayed when no attributes are present and the request includes
-the correct empty \fB\s-1SET\s0 \s-1OF\s0\fR structure (the \s-1DER\s0 encoding of which is 0xa0
+the correct empty \fB\s-1SET OF\s0\fR structure (the \s-1DER\s0 encoding of which is 0xa0
0x00). If you just see:
.PP
.Vb 1
\& Attributes:
.Ve
.PP
-then the \fB\s-1SET\s0 \s-1OF\s0\fR is missing and the encoding is technically invalid (but
+then the \fB\s-1SET OF\s0\fR is missing and the encoding is technically invalid (but
it is tolerated). See the description of the command line option \fB\-asn1\-kludge\fR
for more information.
.SH "ENVIRONMENT VARIABLES"
@@ -740,7 +749,7 @@ environment variable serves the same purpose but its use is discouraged.
.SH "BUGS"
.IX Header "BUGS"
OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively
-treats them as \s-1ISO\-8859\-1\s0 (Latin 1), Netscape and \s-1MSIE\s0 have similar behaviour.
+treats them as \s-1ISO\-8859\-1 \s0(Latin 1), Netscape and \s-1MSIE\s0 have similar behaviour.
This can cause problems if you need characters that aren't available in
PrintableStrings and you don't want to or can't use BMPStrings.
.PP
diff --git a/secure/usr.bin/openssl/man/rsa.1 b/secure/usr.bin/openssl/man/rsa.1
index 2db0626..b97d7d0 100644
--- a/secure/usr.bin/openssl/man/rsa.1
+++ b/secure/usr.bin/openssl/man/rsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA 1"
-.TH RSA 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RSA 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -170,7 +179,7 @@ utility.
.IX Header "COMMAND OPTIONS"
.IP "\fB\-inform DER|NET|PEM\fR" 4
.IX Item "-inform DER|NET|PEM"
-This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded
form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format.
The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64
encoded with additional header and footer lines. On input PKCS#8 format private
@@ -188,7 +197,7 @@ prompted for.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename to write a key to or standard output if this
@@ -198,7 +207,7 @@ filename.
.IP "\fB\-passout password\fR" 4
.IX Item "-passout password"
the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-sgckey\fR" 4
.IX Item "-sgckey"
use the modified \s-1NET\s0 algorithm used with some versions of Microsoft \s-1IIS\s0 and \s-1SGC\s0
@@ -259,7 +268,7 @@ The \s-1PEM\s0 public key format uses the header and footer lines:
\& \-\-\-\-\-END PUBLIC KEY\-\-\-\-\-
.Ve
.PP
-The \s-1PEM\s0 \fBRSAPublicKey\fR format uses the header and footer lines:
+The \s-1PEM \s0\fBRSAPublicKey\fR format uses the header and footer lines:
.PP
.Vb 2
\& \-\-\-\-\-BEGIN RSA PUBLIC KEY\-\-\-\-\-
@@ -267,13 +276,13 @@ The \s-1PEM\s0 \fBRSAPublicKey\fR format uses the header and footer lines:
.Ve
.PP
The \fB\s-1NET\s0\fR form is a format compatible with older Netscape servers
-and Microsoft \s-1IIS\s0 .key files, this uses unsalted \s-1RC4\s0 for its encryption.
+and Microsoft \s-1IIS \s0.key files, this uses unsalted \s-1RC4\s0 for its encryption.
It is not very secure and so should only be used when necessary.
.PP
Some newer version of \s-1IIS\s0 have additional data in the exported .key
files. To use these with the utility, view the file with a binary editor
and look for the string \*(L"private-key\*(R", then trace back to the byte
-sequence 0x30, 0x82 (this is an \s-1ASN1\s0 \s-1SEQUENCE\s0). Copy all the data
+sequence 0x30, 0x82 (this is an \s-1ASN1 SEQUENCE\s0). Copy all the data
from this point onwards to another file and use that as the input
to the \fBrsa\fR utility with the \fB\-inform \s-1NET\s0\fR option. If you get
an error after entering the password try the \fB\-sgckey\fR option.
diff --git a/secure/usr.bin/openssl/man/rsautl.1 b/secure/usr.bin/openssl/man/rsautl.1
index bda3b30..d0cffc3 100644
--- a/secure/usr.bin/openssl/man/rsautl.1
+++ b/secure/usr.bin/openssl/man/rsautl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSAUTL 1"
-.TH RSAUTL 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RSAUTL 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -186,7 +195,7 @@ encrypt the input data using an \s-1RSA\s0 public key.
decrypt the input data using an \s-1RSA\s0 private key.
.IP "\fB\-pkcs, \-oaep, \-ssl, \-raw\fR" 4
.IX Item "-pkcs, -oaep, -ssl, -raw"
-the padding to use: PKCS#1 v1.5 (the default), PKCS#1 \s-1OAEP\s0,
+the padding to use: PKCS#1 v1.5 (the default), PKCS#1 \s-1OAEP,\s0
special padding used in \s-1SSL\s0 v2 backwards compatible handshakes,
or no padding, respectively.
For signatures, only \fB\-pkcs\fR and \fB\-raw\fR can be used.
@@ -261,7 +270,7 @@ example in certs/pca\-cert.pem . Running \fBasn1parse\fR as follows yields:
\& 614:d=1 hl=3 l= 129 prim: BIT STRING
.Ve
.PP
-The final \s-1BIT\s0 \s-1STRING\s0 contains the actual signature. It can be extracted with:
+The final \s-1BIT STRING\s0 contains the actual signature. It can be extracted with:
.PP
.Vb 1
\& openssl asn1parse \-in pca\-cert.pem \-out sig \-noout \-strparse 614
diff --git a/secure/usr.bin/openssl/man/s_client.1 b/secure/usr.bin/openssl/man/s_client.1
index b973e34..c6b41a4 100644
--- a/secure/usr.bin/openssl/man/s_client.1
+++ b/secure/usr.bin/openssl/man/s_client.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "S_CLIENT 1"
-.TH S_CLIENT 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH S_CLIENT 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -178,7 +187,7 @@ s_client \- SSL/TLS client program
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBs_client\fR command implements a generic \s-1SSL/TLS\s0 client which connects
-to a remote host using \s-1SSL/TLS\s0. It is a \fIvery\fR useful diagnostic tool for
+to a remote host using \s-1SSL/TLS.\s0 It is a \fIvery\fR useful diagnostic tool for
\&\s-1SSL\s0 servers.
.SH "OPTIONS"
.IX Header "OPTIONS"
@@ -188,25 +197,25 @@ This specifies the host and optional port to connect to. If not specified
then an attempt is made to connect to the local host on port 4433.
.IP "\fB\-servername name\fR" 4
.IX Item "-servername name"
-Set the \s-1TLS\s0 \s-1SNI\s0 (Server Name Indication) extension in the ClientHello message.
+Set the \s-1TLS SNI \s0(Server Name Indication) extension in the ClientHello message.
.IP "\fB\-cert certname\fR" 4
.IX Item "-cert certname"
The certificate to use, if one is requested by the server. The default is
not to use a certificate.
.IP "\fB\-certform format\fR" 4
.IX Item "-certform format"
-The certificate format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default.
+The certificate format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default.
.IP "\fB\-key keyfile\fR" 4
.IX Item "-key keyfile"
The private key to use. If not specified then the certificate file will
be used.
.IP "\fB\-keyform format\fR" 4
.IX Item "-keyform format"
-The private format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default.
+The private format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default.
.IP "\fB\-pass arg\fR" 4
.IX Item "-pass arg"
the private key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-verify depth\fR" 4
.IX Item "-verify depth"
The verify depth to use. This specifies the maximum length of the
@@ -233,7 +242,7 @@ Set various certificate chain valiadition option. See the
\&\fBverify\fR manual page for details.
.IP "\fB\-reconnect\fR" 4
.IX Item "-reconnect"
-reconnects to the same server 5 times using the same session \s-1ID\s0, this can
+reconnects to the same server 5 times using the same session \s-1ID,\s0 this can
be used as a test that session caching is working.
.IP "\fB\-pause\fR" 4
.IX Item "-pause"
@@ -249,7 +258,7 @@ to print out information even if the connection fails. Normally information
will only be printed out once if the connection succeeds. This option is useful
because the cipher in use may be renegotiated or the connection may fail
because a client certificate is required or is requested only after an
-attempt is made to access a certain \s-1URL\s0. Note: the output produced by this
+attempt is made to access a certain \s-1URL.\s0 Note: the output produced by this
option is not always accurate because a connection might never have been
established.
.IP "\fB\-state\fR" 4
@@ -313,7 +322,7 @@ supported cipher in the list sent by the client. See the \fBciphers\fR
command for more information.
.IP "\fB\-serverpref\fR" 4
.IX Item "-serverpref"
-use the server's cipher preferences; only used for \s-1SSLV2\s0.
+use the server's cipher preferences; only used for \s-1SSLV2.\s0
.IP "\fB\-starttls protocol\fR" 4
.IX Item "-starttls protocol"
send the protocol-specific message(s) to switch to \s-1TLS\s0 for communication.
@@ -369,7 +378,7 @@ have been given), the session will be renegotiated if the line begins with an
connection will be closed down.
.SH "NOTES"
.IX Header "NOTES"
-\&\fBs_client\fR can be used to debug \s-1SSL\s0 servers. To connect to an \s-1SSL\s0 \s-1HTTP\s0
+\&\fBs_client\fR can be used to debug \s-1SSL\s0 servers. To connect to an \s-1SSL HTTP\s0
server the command:
.PP
.Vb 1
@@ -377,7 +386,7 @@ server the command:
.Ve
.PP
would typically be used (https uses port 443). If the connection succeeds
-then an \s-1HTTP\s0 command can be given such as \*(L"\s-1GET\s0 /\*(R" to retrieve a web page.
+then an \s-1HTTP\s0 command can be given such as \*(L"\s-1GET /\*(R"\s0 to retrieve a web page.
.PP
If the handshake fails then there are several possible causes, if it is
nothing obvious like no client certificate then the \fB\-bugs\fR, \fB\-ssl2\fR,
diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1
index 53efb82..32a6004 100644
--- a/secure/usr.bin/openssl/man/s_server.1
+++ b/secure/usr.bin/openssl/man/s_server.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "S_SERVER 1"
-.TH S_SERVER 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH S_SERVER 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -190,7 +199,7 @@ s_server \- SSL/TLS server program
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBs_server\fR command implements a generic \s-1SSL/TLS\s0 server which listens
-for connections on a given port using \s-1SSL/TLS\s0.
+for connections on a given port using \s-1SSL/TLS.\s0
.SH "OPTIONS"
.IX Header "OPTIONS"
.IP "\fB\-accept port\fR" 4
@@ -204,22 +213,22 @@ is not present a default value will be used.
.IX Item "-cert certname"
The certificate to use, most servers cipher suites require the use of a
certificate and some require a certificate with a certain public key type:
-for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS\s0
-(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used.
+for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS
+\&\s0(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used.
.IP "\fB\-certform format\fR" 4
.IX Item "-certform format"
-The certificate format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default.
+The certificate format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default.
.IP "\fB\-key keyfile\fR" 4
.IX Item "-key keyfile"
The private key to use. If not specified then the certificate file will
be used.
.IP "\fB\-keyform format\fR" 4
.IX Item "-keyform format"
-The private format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default.
+The private format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default.
.IP "\fB\-pass arg\fR" 4
.IX Item "-pass arg"
the private key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-dcert filename\fR, \fB\-dkey keyname\fR" 4
.IX Item "-dcert filename, -dkey keyname"
specify an additional certificate and private key, these behave in the
@@ -227,7 +236,7 @@ same manner as the \fB\-cert\fR and \fB\-key\fR options except there is no defau
if they are not specified (no additional certificate and key is used). As
noted above some cipher suites require a certificate containing a key of
a certain type. Some cipher suites need a certificate carrying an \s-1RSA\s0 key
-and some a \s-1DSS\s0 (\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys
+and some a \s-1DSS \s0(\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys
a server can support clients which only support \s-1RSA\s0 or \s-1DSS\s0 cipher suites
by using an appropriate certificate.
.IP "\fB\-dcertform format\fR, \fB\-dkeyform format\fR, \fB\-dpass arg\fR" 4
@@ -268,7 +277,7 @@ If the ciphersuite cannot request a client certificate (for example an
anonymous ciphersuite or \s-1PSK\s0) this option has no effect.
.IP "\fB\-crl_check\fR, \fB\-crl_check_all\fR" 4
.IX Item "-crl_check, -crl_check_all"
-Check the peer certificate has not been revoked by its \s-1CA\s0.
+Check the peer certificate has not been revoked by its \s-1CA.\s0
The \s-1CRL\s0(s) are appended to the certificate file. With the \fB\-crl_check_all\fR
option all CRLs of all CAs in the chain are checked.
.IP "\fB\-CApath directory\fR" 4
@@ -299,7 +308,7 @@ tests non blocking I/O
turns on non blocking I/O
.IP "\fB\-crlf\fR" 4
.IX Item "-crlf"
-this option translated a line feed from the terminal into \s-1CR+LF\s0.
+this option translated a line feed from the terminal into \s-1CR+LF.\s0
.IP "\fB\-quiet\fR" 4
.IX Item "-quiet"
inhibit printing of session and certificate information.
diff --git a/secure/usr.bin/openssl/man/s_time.1 b/secure/usr.bin/openssl/man/s_time.1
index a314b7b..4e68aa7 100644
--- a/secure/usr.bin/openssl/man/s_time.1
+++ b/secure/usr.bin/openssl/man/s_time.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "S_TIME 1"
-.TH S_TIME 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH S_TIME 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -152,7 +161,7 @@ s_time \- SSL/TLS performance timing program
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBs_client\fR command implements a generic \s-1SSL/TLS\s0 client which connects to a
-remote host using \s-1SSL/TLS\s0. It can request a page from the server and includes
+remote host using \s-1SSL/TLS.\s0 It can request a page from the server and includes
the time to transfer the payload data in its timing measurements. It measures
the number of connections within a given timeframe, the amount of data
transferred (if any), and calculates the average time spent for one connection.
@@ -234,7 +243,7 @@ and the link speed determine how many connections \fBs_time\fR can establish.
.SH "NOTES"
.IX Header "NOTES"
\&\fBs_client\fR can be used to measure the performance of an \s-1SSL\s0 connection.
-To connect to an \s-1SSL\s0 \s-1HTTP\s0 server and get the default page the command
+To connect to an \s-1SSL HTTP\s0 server and get the default page the command
.PP
.Vb 1
\& openssl s_time \-connect servername:443 \-www / \-CApath yourdir \-CAfile yourfile.pem \-cipher commoncipher [\-ssl3]
diff --git a/secure/usr.bin/openssl/man/sess_id.1 b/secure/usr.bin/openssl/man/sess_id.1
index f1a240f..3d1099a6 100644
--- a/secure/usr.bin/openssl/man/sess_id.1
+++ b/secure/usr.bin/openssl/man/sess_id.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SESS_ID 1"
-.TH SESS_ID 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SESS_ID 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,7 +159,7 @@ needs some knowledge of the \s-1SSL\s0 protocol to use properly, most users will
not need to use it.
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
-This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded
format containing session details. The precise format can vary from one version
to the next. The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR
format base64 encoded with additional header and footer lines.
@@ -180,7 +189,7 @@ this option prevents output of the encoded version of the session.
.IP "\fB\-context \s-1ID\s0\fR" 4
.IX Item "-context ID"
this option can set the session id so the output session information uses the
-supplied \s-1ID\s0. The \s-1ID\s0 can be any string of characters. This option wont normally
+supplied \s-1ID.\s0 The \s-1ID\s0 can be any string of characters. This option wont normally
be used.
.SH "OUTPUT"
.IX Header "OUTPUT"
diff --git a/secure/usr.bin/openssl/man/smime.1 b/secure/usr.bin/openssl/man/smime.1
index 5a50a6a..591c499 100644
--- a/secure/usr.bin/openssl/man/smime.1
+++ b/secure/usr.bin/openssl/man/smime.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SMIME 1"
-.TH SMIME 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SMIME 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -241,7 +250,7 @@ is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type.
.IX Item "-text"
this option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied
message if encrypting or signing. If decrypting or verifying it strips
-off text headers: if the decrypted or verified message is not of \s-1MIME\s0
+off text headers: if the decrypted or verified message is not of \s-1MIME \s0
type text/plain then an error occurs.
.IP "\fB\-CAfile file\fR" 4
.IX Item "-CAfile file"
@@ -258,8 +267,8 @@ digest algorithm to use when signing or resigning. If not present then the
default digest algorithm for the signing key will be used (usually \s-1SHA1\s0).
.IP "\fB\-[cipher]\fR" 4
.IX Item "-[cipher]"
-the encryption algorithm to use. For example \s-1DES\s0 (56 bits) \- \fB\-des\fR,
-triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR,
+the encryption algorithm to use. For example \s-1DES \s0(56 bits) \- \fB\-des\fR,
+triple \s-1DES \s0(168 bits) \- \fB\-des3\fR,
\&\fIEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for
example \fB\-aes_128_cbc\fR. See \fBenc\fR for list of ciphers
supported by your version of OpenSSL.
@@ -329,7 +338,7 @@ multiple times to specify successive keys.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the private key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-rand file(s)\fR" 4
.IX Item "-rand file(s)"
a file or files containing random data used to seed the random number
@@ -382,12 +391,12 @@ signer using the same message digest or this operation will fail.
.PP
The \fB\-stream\fR and \fB\-indef\fR options enable experimental streaming I/O support.
As a result the encoding is \s-1BER\s0 using indefinite length constructed encoding
-and no longer \s-1DER\s0. Streaming is supported for the \fB\-encrypt\fR operation and the
+and no longer \s-1DER.\s0 Streaming is supported for the \fB\-encrypt\fR operation and the
\&\fB\-sign\fR operation if the content is not detached.
.PP
Streaming is always used for the \fB\-sign\fR operation with detached data but
since the content is no longer part of the PKCS#7 structure the encoding
-remains \s-1DER\s0.
+remains \s-1DER.\s0
.SH "EXIT CODES"
.IX Header "EXIT CODES"
.IP "0" 4
diff --git a/secure/usr.bin/openssl/man/speed.1 b/secure/usr.bin/openssl/man/speed.1
index c134531..67eb528 100644
--- a/secure/usr.bin/openssl/man/speed.1
+++ b/secure/usr.bin/openssl/man/speed.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SPEED 1"
-.TH SPEED 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SPEED 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/spkac.1 b/secure/usr.bin/openssl/man/spkac.1
index a08ed95..d91f3ef 100644
--- a/secure/usr.bin/openssl/man/spkac.1
+++ b/secure/usr.bin/openssl/man/spkac.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SPKAC 1"
-.TH SPKAC 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SPKAC 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -168,30 +177,30 @@ present.
.IP "\fB\-passin password\fR" 4
.IX Item "-passin password"
the input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-challenge string\fR" 4
.IX Item "-challenge string"
specifies the challenge string if an \s-1SPKAC\s0 is being created.
.IP "\fB\-spkac spkacname\fR" 4
.IX Item "-spkac spkacname"
allows an alternative name form the variable containing the
-\&\s-1SPKAC\s0. The default is \*(L"\s-1SPKAC\s0\*(R". This option affects both
+\&\s-1SPKAC.\s0 The default is \*(L"\s-1SPKAC\*(R".\s0 This option affects both
generated and input \s-1SPKAC\s0 files.
.IP "\fB\-spksect section\fR" 4
.IX Item "-spksect section"
allows an alternative name form the section containing the
-\&\s-1SPKAC\s0. The default is the default section.
+\&\s-1SPKAC.\s0 The default is the default section.
.IP "\fB\-noout\fR" 4
.IX Item "-noout"
-don't output the text version of the \s-1SPKAC\s0 (not used if an
+don't output the text version of the \s-1SPKAC \s0(not used if an
\&\s-1SPKAC\s0 is being created).
.IP "\fB\-pubkey\fR" 4
.IX Item "-pubkey"
-output the public key of an \s-1SPKAC\s0 (not used if an \s-1SPKAC\s0 is
+output the public key of an \s-1SPKAC \s0(not used if an \s-1SPKAC\s0 is
being created).
.IP "\fB\-verify\fR" 4
.IX Item "-verify"
-verifies the digital signature on the supplied \s-1SPKAC\s0.
+verifies the digital signature on the supplied \s-1SPKAC.\s0
.IP "\fB\-engine id\fR" 4
.IX Item "-engine id"
specifying an engine (by its unique \fBid\fR string) will cause \fBspkac\fR
@@ -218,7 +227,7 @@ Create an \s-1SPKAC\s0 using the challenge string \*(L"hello\*(R":
\& openssl spkac \-key key.pem \-challenge hello \-out spkac.cnf
.Ve
.PP
-Example of an \s-1SPKAC\s0, (long lines split up for clarity):
+Example of an \s-1SPKAC, \s0(long lines split up for clarity):
.PP
.Vb 5
\& SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\e
diff --git a/secure/usr.bin/openssl/man/ts.1 b/secure/usr.bin/openssl/man/ts.1
index 7ce2e5b..fcd9c79 100644
--- a/secure/usr.bin/openssl/man/ts.1
+++ b/secure/usr.bin/openssl/man/ts.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "TS 1"
-.TH TS 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH TS 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -177,13 +186,13 @@ ts \- Time Stamping Authority tool (client/server)
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBts\fR command is a basic Time Stamping Authority (\s-1TSA\s0) client and server
-application as specified in \s-1RFC\s0 3161 (Time-Stamp Protocol, \s-1TSP\s0). A
+application as specified in \s-1RFC 3161 \s0(Time-Stamp Protocol, \s-1TSP\s0). A
\&\s-1TSA\s0 can be part of a \s-1PKI\s0 deployment and its role is to provide long
term proof of the existence of a certain datum before a particular
time. Here is a brief description of the protocol:
.IP "1." 4
The \s-1TSA\s0 client computes a one-way hash value for a data file and sends
-the hash to the \s-1TSA\s0.
+the hash to the \s-1TSA.\s0
.IP "2." 4
The \s-1TSA\s0 attaches the current date and time to the received hash value,
signs them and sends the time stamp token back to the client. By
@@ -192,7 +201,7 @@ data file at the time of response generation.
.IP "3." 4
The \s-1TSA\s0 client receives the time stamp token and verifies the
signature on it. It also checks if the token contains the same hash
-value that it had sent to the \s-1TSA\s0.
+value that it had sent to the \s-1TSA.\s0
.PP
There is one \s-1DER\s0 encoded protocol data unit defined for transporting a time
stamp request to the \s-1TSA\s0 and one for sending the time stamp response
@@ -202,7 +211,7 @@ creating a time stamp response based on a request, verifying if a
response corresponds to a particular request or a data file.
.PP
There is no support for sending the requests/responses automatically
-over \s-1HTTP\s0 or \s-1TCP\s0 yet as suggested in \s-1RFC\s0 3161. The users must send the
+over \s-1HTTP\s0 or \s-1TCP\s0 yet as suggested in \s-1RFC 3161.\s0 The users must send the
requests either by ftp or e\-mail.
.SH "OPTIONS"
.IX Header "OPTIONS"
@@ -236,7 +245,7 @@ in use. (Optional)
.IX Item "-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160|..."
The message digest to apply to the data file, it supports all the message
digest algorithms that are supported by the openssl \fBdgst\fR command.
-The default is \s-1SHA\-1\s0. (Optional)
+The default is \s-1SHA\-1. \s0(Optional)
.IP "\fB\-policy\fR object_id" 4
.IX Item "-policy object_id"
The policy that the client expects the \s-1TSA\s0 to use for creating the
@@ -267,7 +276,7 @@ is stdout. (Optional)
.IP "\fB\-text\fR" 4
.IX Item "-text"
If this option is specified the output is human-readable text format
-instead of \s-1DER\s0. (Optional)
+instead of \s-1DER. \s0(Optional)
.SS "Time Stamp Response generation"
.IX Subsection "Time Stamp Response generation"
A time stamp response (TimeStampResp) consists of a response status
@@ -280,20 +289,20 @@ otherwise it is a time stamp token (ContentInfo).
.IP "\fB\-config\fR configfile" 4
.IX Item "-config configfile"
The configuration file to use, this option overrides the
-\&\fB\s-1OPENSSL_CONF\s0\fR environment variable. See \fB\s-1CONFIGURATION\s0 \s-1FILE\s0
-\&\s-1OPTIONS\s0\fR for configurable variables. (Optional)
+\&\fB\s-1OPENSSL_CONF\s0\fR environment variable. See \fB\s-1CONFIGURATION FILE
+OPTIONS\s0\fR for configurable variables. (Optional)
.IP "\fB\-section\fR tsa_section" 4
.IX Item "-section tsa_section"
The name of the config file section conatining the settings for the
response generation. If not specified the default \s-1TSA\s0 section is
-used, see \fB\s-1CONFIGURATION\s0 \s-1FILE\s0 \s-1OPTIONS\s0\fR for details. (Optional)
+used, see \fB\s-1CONFIGURATION FILE OPTIONS\s0\fR for details. (Optional)
.IP "\fB\-queryfile\fR request.tsq" 4
.IX Item "-queryfile request.tsq"
The name of the file containing a \s-1DER\s0 encoded time stamp request. (Optional)
.IP "\fB\-passin\fR password_src" 4
.IX Item "-passin password_src"
-Specifies the password source for the private key of the \s-1TSA\s0. See
-\&\fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR in \fIopenssl\fR\|(1). (Optional)
+Specifies the password source for the private key of the \s-1TSA.\s0 See
+\&\fB\s-1PASS PHRASE ARGUMENTS\s0\fR in \fIopenssl\fR\|(1). (Optional)
.IP "\fB\-signer\fR tsa_cert.pem" 4
.IX Item "-signer tsa_cert.pem"
The signer certificate of the \s-1TSA\s0 in \s-1PEM\s0 format. The \s-1TSA\s0 signing
@@ -345,7 +354,7 @@ response (TimeStampResp). (Optional)
.IP "\fB\-text\fR" 4
.IX Item "-text"
If this option is specified the output is human-readable text format
-instead of \s-1DER\s0. (Optional)
+instead of \s-1DER. \s0(Optional)
.IP "\fB\-engine\fR id" 4
.IX Item "-engine id"
Specifying an engine (by its unique \fBid\fR string) will cause \fBts\fR
@@ -388,7 +397,7 @@ client. See the similar option of \fIverify\fR\|(1) for additional
details. Either this option or \fB\-CAfile\fR must be specified. (Optional)
.IP "\fB\-CAfile\fR trusted_certs.pem" 4
.IX Item "-CAfile trusted_certs.pem"
-The name of the file containing a set of trusted self-signed \s-1CA\s0
+The name of the file containing a set of trusted self-signed \s-1CA \s0
certificates in \s-1PEM\s0 format. See the similar option of
\&\fIverify\fR\|(1) for additional details. Either this option
or \fB\-CApath\fR must be specified.
@@ -488,7 +497,7 @@ the \s-1TSA\s0 name field of the response. Default is no. (Optional)
.IX Item "ess_cert_id_chain"
The SignedData objects created by the \s-1TSA\s0 always contain the
certificate identifier of the signing certificate in a signed
-attribute (see \s-1RFC\s0 2634, Enhanced Security Services). If this option
+attribute (see \s-1RFC 2634,\s0 Enhanced Security Services). If this option
is set to yes and either the \fBcerts\fR variable or the \fB\-chain\fR option
is specified then the certificate identifiers of the chain will also
be included in the SigningCertificate signed attribute. If this
@@ -505,7 +514,7 @@ configuration file, e.g. the example configuration file
openssl/apps/openssl.cnf will do.
.SS "Time Stamp Request"
.IX Subsection "Time Stamp Request"
-To create a time stamp request for design1.txt with \s-1SHA\-1\s0
+To create a time stamp request for design1.txt with \s-1SHA\-1 \s0
without nonce and policy and no certificate is required in the response:
.PP
.Vb 2
@@ -544,9 +553,9 @@ without any other key usage extensions. You can add the
\&'extendedKeyUsage = critical,timeStamping' line to the user certificate section
of the config file to generate a proper certificate. See \fIreq\fR\|(1),
\&\fIca\fR\|(1), \fIx509\fR\|(1) for instructions. The examples
-below assume that cacert.pem contains the certificate of the \s-1CA\s0,
+below assume that cacert.pem contains the certificate of the \s-1CA,\s0
tsacert.pem is the signing certificate issued by cacert.pem and
-tsakey.pem is the private key of the \s-1TSA\s0.
+tsakey.pem is the private key of the \s-1TSA.\s0
.PP
To create a time stamp response for a request:
.PP
@@ -621,7 +630,7 @@ You could also look at the 'test' directory for more examples.
If you find any bugs or you have suggestions please write to
Zoltan Glozik <zglozik@opentsa.org>. Known issues:
.IP "\(bu" 4
-No support for time stamps over \s-1SMTP\s0, though it is quite easy
+No support for time stamps over \s-1SMTP,\s0 though it is quite easy
to implement an automatic e\-mail based \s-1TSA\s0 with \fIprocmail\fR\|(1)
and \fIperl\fR\|(1). \s-1HTTP\s0 server support is provided in the form of
a separate apache module. \s-1HTTP\s0 client support is provided by
diff --git a/secure/usr.bin/openssl/man/tsget.1 b/secure/usr.bin/openssl/man/tsget.1
index d310623..264ec7d 100644
--- a/secure/usr.bin/openssl/man/tsget.1
+++ b/secure/usr.bin/openssl/man/tsget.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "TSGET 1"
-.TH TSGET 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH TSGET 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,7 +159,7 @@ tsget \- Time Stamping HTTP/HTTPS client
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBtsget\fR command can be used for sending a time stamp request, as
-specified in \fB\s-1RFC\s0 3161\fR, to a time stamp server over \s-1HTTP\s0 or \s-1HTTPS\s0 and storing
+specified in \fB\s-1RFC 3161\s0\fR, to a time stamp server over \s-1HTTP\s0 or \s-1HTTPS\s0 and storing
the time stamp response in a file. This tool cannot be used for creating the
requests and verifying responses, you can use the OpenSSL \fB\f(BIts\fB\|(1)\fR command to
do that. \fBtsget\fR can send several requests to the server without closing
@@ -219,13 +228,13 @@ certificate-based client authentication will take place. (Optional)
.IX Item "-C CA_certs.pem"
(\s-1HTTPS\s0) The trusted \s-1CA\s0 certificate store. The certificate chain of the peer's
certificate must include one of the \s-1CA\s0 certificates specified in this file.
-Either option \fB\-C\fR or option \fB\-P\fR must be given in case of \s-1HTTPS\s0. (Optional)
+Either option \fB\-C\fR or option \fB\-P\fR must be given in case of \s-1HTTPS. \s0(Optional)
.IP "\fB\-P\fR CA_path" 4
.IX Item "-P CA_path"
(\s-1HTTPS\s0) The path containing the trusted \s-1CA\s0 certificates to verify the peer's
certificate. The directory must be prepared with the \fBc_rehash\fR
OpenSSL utility. Either option \fB\-C\fR or option \fB\-P\fR must be given in case of
-\&\s-1HTTPS\s0. (Optional)
+\&\s-1HTTPS. \s0(Optional)
.IP "\fB\-rand\fR file:file..." 4
.IX Item "-rand file:file..."
The files containing random data for seeding the random number
@@ -236,7 +245,7 @@ MS-Windows, \fB,\fR for \s-1VMS\s0 and \fB:\fR for all other platforms. (Optiona
The name of an \s-1EGD\s0 socket to get random data from. (Optional)
.IP "[request]..." 4
.IX Item "[request]..."
-List of files containing \fB\s-1RFC\s0 3161\fR DER-encoded time stamp requests. If no
+List of files containing \fB\s-1RFC 3161\s0\fR DER-encoded time stamp requests. If no
requests are specified only one request will be sent to the server and it will be
read from the standard input. (Optional)
.SH "ENVIRONMENT VARIABLES"
@@ -251,7 +260,7 @@ time stamp requests, tsa.opentsa.org listens at port 8080 for \s-1HTTP\s0 reques
and at port 8443 for \s-1HTTPS\s0 requests, the \s-1TSA\s0 service is available at the /tsa
absolute path.
.PP
-Get a time stamp response for file1.tsq over \s-1HTTP\s0, output is written to
+Get a time stamp response for file1.tsq over \s-1HTTP,\s0 output is written to
file1.tsr:
.PP
.Vb 1
@@ -308,4 +317,4 @@ Zoltan Glozik <zglozik@opentsa.org>, OpenTSA project (http://www.opentsa.org)
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIopenssl\fR\|(1), \fIts\fR\|(1), \fIcurl\fR\|(1),
-\&\fB\s-1RFC\s0 3161\fR
+\&\fB\s-1RFC 3161\s0\fR
diff --git a/secure/usr.bin/openssl/man/verify.1 b/secure/usr.bin/openssl/man/verify.1
index 01cd000..4be9cd5 100644
--- a/secure/usr.bin/openssl/man/verify.1
+++ b/secure/usr.bin/openssl/man/verify.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "VERIFY 1"
-.TH VERIFY 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH VERIFY 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -181,7 +190,7 @@ in \s-1PEM\s0 format concatenated together.
The intended use for the certificate. If this option is not specified,
\&\fBverify\fR will not consider certificate purpose during chain verification.
Currently accepted uses are \fBsslclient\fR, \fBsslserver\fR, \fBnssslserver\fR,
-\&\fBsmimesign\fR, \fBsmimeencrypt\fR. See the \fB\s-1VERIFY\s0 \s-1OPERATION\s0\fR section for more
+\&\fBsmimesign\fR, \fBsmimeencrypt\fR. See the \fB\s-1VERIFY OPERATION\s0\fR section for more
information.
.IP "\fB\-help\fR" 4
.IX Item "-help"
@@ -223,7 +232,7 @@ Set policy variable inhibit-policy-mapping (see \s-1RFC5280\s0).
Print out diagnostics related to policy processing.
.IP "\fB\-crl_check\fR" 4
.IX Item "-crl_check"
-Checks end entity certificate validity by attempting to look up a valid \s-1CRL\s0.
+Checks end entity certificate validity by attempting to look up a valid \s-1CRL.\s0
If a valid \s-1CRL\s0 cannot be found an error occurs.
.IP "\fB\-crl_check_all\fR" 4
.IX Item "-crl_check_all"
@@ -247,7 +256,7 @@ signing keys.
Enable support for delta CRLs.
.IP "\fB\-check_ss_sig\fR" 4
.IX Item "-check_ss_sig"
-Verify the signature on the self-signed root \s-1CA\s0. This is disabled by default
+Verify the signature on the self-signed root \s-1CA.\s0 This is disabled by default
because it doesn't add any security.
.IP "\fB\-\fR" 4
.IX Item "-"
@@ -274,10 +283,10 @@ determined.
The verify operation consists of a number of separate steps.
.PP
Firstly a certificate chain is built up starting from the supplied certificate
-and ending in the root \s-1CA\s0. It is an error if the whole chain cannot be built
+and ending in the root \s-1CA.\s0 It is an error if the whole chain cannot be built
up. The chain is built up by looking up the issuers certificate of the current
certificate. If a certificate is found which is its own issuer it is assumed
-to be the root \s-1CA\s0.
+to be the root \s-1CA.\s0
.PP
The process of 'looking up the issuers certificate' itself involves a number
of steps. In versions of OpenSSL before 0.9.5a the first certificate whose
@@ -301,9 +310,9 @@ consistency with the supplied purpose. If the \fB\-purpose\fR option is not incl
then no checks are done. The supplied or \*(L"leaf\*(R" certificate must have extensions
compatible with the supplied purpose and all other certificates must also be valid
\&\s-1CA\s0 certificates. The precise extensions required are described in more detail in
-the \fB\s-1CERTIFICATE\s0 \s-1EXTENSIONS\s0\fR section of the \fBx509\fR utility.
+the \fB\s-1CERTIFICATE EXTENSIONS\s0\fR section of the \fBx509\fR utility.
.PP
-The third operation is to check the trust settings on the root \s-1CA\s0. The root
+The third operation is to check the trust settings on the root \s-1CA.\s0 The root
\&\s-1CA\s0 should be trusted for the supplied purpose. For compatibility with previous
versions of SSLeay and OpenSSL a certificate with no trust settings is considered
to be valid for all purposes.
@@ -454,7 +463,7 @@ an application specific error. Unused.
.SH "BUGS"
.IX Header "BUGS"
Although the issuer checks are a considerable improvement over the old technique they still
-suffer from limitations in the underlying X509_LOOKUP \s-1API\s0. One consequence of this is that
+suffer from limitations in the underlying X509_LOOKUP \s-1API.\s0 One consequence of this is that
trusted certificates with matching subject name must either appear in a file (as specified by the
\&\fB\-CAfile\fR option) or a directory (as specified by \fB\-CApath\fR. If they occur in both then only
the certificates in the file will be recognised.
diff --git a/secure/usr.bin/openssl/man/version.1 b/secure/usr.bin/openssl/man/version.1
index b3c01ba..1b5408a 100644
--- a/secure/usr.bin/openssl/man/version.1
+++ b/secure/usr.bin/openssl/man/version.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "VERSION 1"
-.TH VERSION 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH VERSION 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/x509.1 b/secure/usr.bin/openssl/man/x509.1
index 66530e5..b3a0b9a 100644
--- a/secure/usr.bin/openssl/man/x509.1
+++ b/secure/usr.bin/openssl/man/x509.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509 1"
-.TH X509 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH X509 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -189,14 +198,14 @@ x509 \- Certificate display and signing utility
.IX Header "DESCRIPTION"
The \fBx509\fR command is a multi purpose certificate utility. It can be
used to display certificate information, convert certificates to
-various forms, sign certificate requests like a \*(L"mini \s-1CA\s0\*(R" or edit
+various forms, sign certificate requests like a \*(L"mini \s-1CA\*(R"\s0 or edit
certificate trust settings.
.PP
Since there are a large number of options they will split up into
various sections.
.SH "OPTIONS"
.IX Header "OPTIONS"
-.SS "\s-1INPUT\s0, \s-1OUTPUT\s0 \s-1AND\s0 \s-1GENERAL\s0 \s-1PURPOSE\s0 \s-1OPTIONS\s0"
+.SS "\s-1INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS\s0"
.IX Subsection "INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS"
.IP "\fB\-inform DER|PEM|NET\fR" 4
.IX Item "-inform DER|PEM|NET"
@@ -230,10 +239,10 @@ specifying an engine (by its unique \fBid\fR string) will cause \fBx509\fR
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
-.SS "\s-1DISPLAY\s0 \s-1OPTIONS\s0"
+.SS "\s-1DISPLAY OPTIONS\s0"
.IX Subsection "DISPLAY OPTIONS"
Note: the \fB\-alias\fR and \fB\-purpose\fR options are also display options
-but are described in the \fB\s-1TRUST\s0 \s-1SETTINGS\s0\fR section.
+but are described in the \fB\s-1TRUST SETTINGS\s0\fR section.
.IP "\fB\-text\fR" 4
.IX Item "-text"
prints out the certificate in text form. Full details are output including the
@@ -243,7 +252,7 @@ any extensions present and any trust settings.
.IX Item "-certopt option"
customise the output format used with \fB\-text\fR. The \fBoption\fR argument can be
a single option or multiple options separated by commas. The \fB\-certopt\fR switch
-may be also be used more than once to set multiple options. See the \fB\s-1TEXT\s0 \s-1OPTIONS\s0\fR
+may be also be used more than once to set multiple options. See the \fB\s-1TEXT OPTIONS\s0\fR
section for more information.
.IP "\fB\-noout\fR" 4
.IX Item "-noout"
@@ -291,7 +300,7 @@ outputs the issuer name.
option which determines how the subject or issuer names are displayed. The
\&\fBoption\fR argument can be a single option or multiple options separated by
commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to
-set multiple options. See the \fB\s-1NAME\s0 \s-1OPTIONS\s0\fR section for more information.
+set multiple options. See the \fB\s-1NAME OPTIONS\s0\fR section for more information.
.IP "\fB\-email\fR" 4
.IX Item "-email"
outputs the email address(es) if any.
@@ -318,7 +327,7 @@ prints out the digest of the \s-1DER\s0 encoded version of the whole certificate
.IP "\fB\-C\fR" 4
.IX Item "-C"
this outputs the certificate in the form of a C source file.
-.SS "\s-1TRUST\s0 \s-1SETTINGS\s0"
+.SS "\s-1TRUST SETTINGS\s0"
.IX Subsection "TRUST SETTINGS"
Please note these options are currently experimental and may well change.
.PP
@@ -331,7 +340,7 @@ must be \*(L"trusted\*(R". By default a trusted certificate must be stored
locally and must be a root \s-1CA:\s0 any certificate chain ending in this \s-1CA\s0
is then usable for any purpose.
.PP
-Trust settings currently are only used with a root \s-1CA\s0. They allow a finer
+Trust settings currently are only used with a root \s-1CA.\s0 They allow a finer
control over the purposes the root \s-1CA\s0 can be used for. For example a \s-1CA\s0
may be trusted for \s-1SSL\s0 client but not \s-1SSL\s0 server use.
.PP
@@ -373,12 +382,12 @@ option.
.IP "\fB\-purpose\fR" 4
.IX Item "-purpose"
this option performs tests on the certificate extensions and outputs
-the results. For a more complete description see the \fB\s-1CERTIFICATE\s0
-\&\s-1EXTENSIONS\s0\fR section.
-.SS "\s-1SIGNING\s0 \s-1OPTIONS\s0"
+the results. For a more complete description see the \fB\s-1CERTIFICATE
+EXTENSIONS\s0\fR section.
+.SS "\s-1SIGNING OPTIONS\s0"
.IX Subsection "SIGNING OPTIONS"
The \fBx509\fR utility can be used to sign certificates and requests: it
-can thus behave like a \*(L"mini \s-1CA\s0\*(R".
+can thus behave like a \*(L"mini \s-1CA\*(R".\s0
.IP "\fB\-signkey filename\fR" 4
.IX Item "-signkey filename"
this option causes the input file to be self signed using the supplied
@@ -397,7 +406,7 @@ the request.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-clrext\fR" 4
.IX Item "-clrext"
delete any extensions from a certificate. This option is used when a
@@ -432,7 +441,7 @@ serial numbers can also be specified but their use is not recommended.
.IP "\fB\-CA filename\fR" 4
.IX Item "-CA filename"
specifies the \s-1CA\s0 certificate to be used for signing. When this option is
-present \fBx509\fR behaves like a \*(L"mini \s-1CA\s0\*(R". The input file is signed by this
+present \fBx509\fR behaves like a \*(L"mini \s-1CA\*(R".\s0 The input file is signed by this
\&\s-1CA\s0 using this option: that is its issuer name is set to the subject name
of the \s-1CA\s0 and it is digitally signed using the CAs private key.
.Sp
@@ -473,7 +482,7 @@ specified then the extensions should either be contained in the unnamed
\&\*(L"extensions\*(R" which contains the section to use. See the
\&\fIx509v3_config\fR\|(5) manual page for details of the
extension section format.
-.SS "\s-1NAME\s0 \s-1OPTIONS\s0"
+.SS "\s-1NAME OPTIONS\s0"
.IX Subsection "NAME OPTIONS"
The \fBnameopt\fR command line switch determines how the subject and issuer
names are displayed. If no \fBnameopt\fR switch is present the default \*(L"oneline\*(R"
@@ -490,7 +499,7 @@ displays names compatible with \s-1RFC2253\s0 equivalent to \fBesc_2253\fR, \fBe
\&\fBsep_comma_plus\fR, \fBdn_rev\fR and \fBsname\fR.
.IP "\fBoneline\fR" 4
.IX Item "oneline"
-a oneline format which is more readable than \s-1RFC2253\s0. It is equivalent to
+a oneline format which is more readable than \s-1RFC2253.\s0 It is equivalent to
specifying the \fBesc_2253\fR, \fBesc_ctrl\fR, \fBesc_msb\fR, \fButf8\fR, \fBdump_nostr\fR,
\&\fBdump_der\fR, \fBuse_quote\fR, \fBsep_comma_plus_space\fR, \fBspace_eq\fR and \fBsname\fR
options.
@@ -519,7 +528,7 @@ escapes some characters by surrounding the whole string with \fB"\fR characters,
without the option all escaping is done with the \fB\e\fR character.
.IP "\fButf8\fR" 4
.IX Item "utf8"
-convert all strings to \s-1UTF8\s0 format first. This is required by \s-1RFC2253\s0. If
+convert all strings to \s-1UTF8\s0 format first. This is required by \s-1RFC2253.\s0 If
you are lucky enough to have a \s-1UTF8\s0 compatible terminal then the use
of this option (and \fBnot\fR setting \fBesc_msb\fR) may result in the correct
display of multibyte (international) characters. Is this option is not
@@ -541,11 +550,11 @@ field contents. For example \*(L"\s-1BMPSTRING:\s0 Hello World\*(R".
.IX Item "dump_der"
when this option is set any fields that need to be hexdumped will
be dumped using the \s-1DER\s0 encoding of the field. Otherwise just the
-content octets will be displayed. Both options use the \s-1RFC2253\s0
-\&\fB#XXXX...\fR format.
+content octets will be displayed. Both options use the \s-1RFC2253
+\&\s0\fB#XXXX...\fR format.
.IP "\fBdump_nostr\fR" 4
.IX Item "dump_nostr"
-dump non character string types (for example \s-1OCTET\s0 \s-1STRING\s0) if this
+dump non character string types (for example \s-1OCTET STRING\s0) if this
option is not set then non character string types will be displayed
as though each content octet represents a single character.
.IP "\fBdump_all\fR" 4
@@ -566,7 +575,7 @@ the \s-1RDN\s0 separator and a spaced \fB+\fR for the \s-1AVA\s0 separator. It a
indents the fields by four characters.
.IP "\fBdn_rev\fR" 4
.IX Item "dn_rev"
-reverse the fields of the \s-1DN\s0. This is required by \s-1RFC2253\s0. As a side
+reverse the fields of the \s-1DN.\s0 This is required by \s-1RFC2253.\s0 As a side
effect this also reverses the order of multiple AVAs but this is
permissible.
.IP "\fBnofname\fR, \fBsname\fR, \fBlname\fR, \fBoid\fR" 4
@@ -584,7 +593,7 @@ align field values for a more readable output. Only usable with
.IX Item "space_eq"
places spaces round the \fB=\fR character which follows the field
name.
-.SS "\s-1TEXT\s0 \s-1OPTIONS\s0"
+.SS "\s-1TEXT OPTIONS\s0"
.IX Subsection "TEXT OPTIONS"
As well as customising the name output format, it is also possible to
customise the actual fields printed using the \fBcertopt\fR options when
@@ -718,7 +727,7 @@ certificate extensions:
.Ve
.PP
Set a certificate to be trusted for \s-1SSL\s0 client use and change set its alias to
-\&\*(L"Steve's Class 1 \s-1CA\s0\*(R"
+\&\*(L"Steve's Class 1 \s-1CA\*(R"\s0
.PP
.Vb 2
\& openssl x509 \-in cert.pem \-addtrust clientAuth \e
@@ -757,7 +766,7 @@ This is commonly called a \*(L"fingerprint\*(R". Because of the nature of messag
digests the fingerprint of a certificate is unique to that certificate and
two certificates with the same fingerprint can be considered to be the same.
.PP
-The Netscape fingerprint uses \s-1MD5\s0 whereas \s-1MSIE\s0 uses \s-1SHA1\s0.
+The Netscape fingerprint uses \s-1MD5\s0 whereas \s-1MSIE\s0 uses \s-1SHA1.\s0
.PP
The \fB\-email\fR option searches the subject name and the subject alternative
name extension. Only unique email addresses will be printed out: it will
@@ -773,12 +782,12 @@ The same code is used when verifying untrusted certificates in chains
so this section is useful if a chain is rejected by the verify code.
.PP
The basicConstraints extension \s-1CA\s0 flag is used to determine whether the
-certificate can be used as a \s-1CA\s0. If the \s-1CA\s0 flag is true then it is a \s-1CA\s0,
-if the \s-1CA\s0 flag is false then it is not a \s-1CA\s0. \fBAll\fR CAs should have the
+certificate can be used as a \s-1CA.\s0 If the \s-1CA\s0 flag is true then it is a \s-1CA,\s0
+if the \s-1CA\s0 flag is false then it is not a \s-1CA. \s0\fBAll\fR CAs should have the
\&\s-1CA\s0 flag set to true.
.PP
If the basicConstraints extension is absent then the certificate is
-considered to be a \*(L"possible \s-1CA\s0\*(R" other extensions are checked according
+considered to be a \*(L"possible \s-1CA\*(R"\s0 other extensions are checked according
to the intended use of the certificate. A warning is given in this case
because the certificate should really not be regarded as a \s-1CA:\s0 however
it is allowed to be a \s-1CA\s0 to work around some broken software.
@@ -802,14 +811,14 @@ basicConstraints and keyUsage and V1 certificates above apply to \fBall\fR
.IP "\fB\s-1SSL\s0 Client\fR" 4
.IX Item "SSL Client"
The extended key usage extension must be absent or include the \*(L"web client
-authentication\*(R" \s-1OID\s0. keyUsage must be absent or it must have the
+authentication\*(R" \s-1OID. \s0 keyUsage must be absent or it must have the
digitalSignature bit set. Netscape certificate type must be absent or it must
have the \s-1SSL\s0 client bit set.
.IP "\fB\s-1SSL\s0 Client \s-1CA\s0\fR" 4
.IX Item "SSL Client CA"
The extended key usage extension must be absent or include the \*(L"web client
-authentication\*(R" \s-1OID\s0. Netscape certificate type must be absent or it must have
-the \s-1SSL\s0 \s-1CA\s0 bit set: this is used as a work around if the basicConstraints
+authentication\*(R" \s-1OID.\s0 Netscape certificate type must be absent or it must have
+the \s-1SSL CA\s0 bit set: this is used as a work around if the basicConstraints
extension is absent.
.IP "\fB\s-1SSL\s0 Server\fR" 4
.IX Item "SSL Server"
@@ -821,7 +830,7 @@ Netscape certificate type must be absent or have the \s-1SSL\s0 server bit set.
.IX Item "SSL Server CA"
The extended key usage extension must be absent or include the \*(L"web server
authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. Netscape certificate type must
-be absent or the \s-1SSL\s0 \s-1CA\s0 bit must be set: this is used as a work around if the
+be absent or the \s-1SSL CA\s0 bit must be set: this is used as a work around if the
basicConstraints extension is absent.
.IP "\fBNetscape \s-1SSL\s0 Server\fR" 4
.IX Item "Netscape SSL Server"
@@ -832,7 +841,7 @@ Otherwise it is the same as a normal \s-1SSL\s0 server.
.IP "\fBCommon S/MIME Client Tests\fR" 4
.IX Item "Common S/MIME Client Tests"
The extended key usage extension must be absent or include the \*(L"email
-protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or should have the
+protection\*(R" \s-1OID.\s0 Netscape certificate type must be absent or should have the
S/MIME bit set. If the S/MIME bit is not set in netscape certificate type
then the \s-1SSL\s0 client bit is tolerated as an alternative but a warning is shown:
this is because some Verisign certificates don't set the S/MIME bit.
@@ -847,7 +856,7 @@ if the keyUsage extension is present.
.IP "\fBS/MIME \s-1CA\s0\fR" 4
.IX Item "S/MIME CA"
The extended key usage extension must be absent or include the \*(L"email
-protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or must have the
+protection\*(R" \s-1OID.\s0 Netscape certificate type must be absent or must have the
S/MIME \s-1CA\s0 bit set: this is used as a work around if the basicConstraints
extension is absent.
.IP "\fB\s-1CRL\s0 Signing\fR" 4
@@ -870,7 +879,7 @@ be checked.
There should be options to explicitly set such things as start and end
dates rather than an offset from the current time.
.PP
-The code to implement the verify behaviour described in the \fB\s-1TRUST\s0 \s-1SETTINGS\s0\fR
+The code to implement the verify behaviour described in the \fB\s-1TRUST SETTINGS\s0\fR
is currently being developed. It thus describes the intended behaviour rather
than the current behaviour. It is hoped that it will represent reality in
OpenSSL 0.9.5 and later.
@@ -881,10 +890,10 @@ OpenSSL 0.9.5 and later.
\&\fIx509v3_config\fR\|(5)
.SH "HISTORY"
.IX Header "HISTORY"
-Before OpenSSL 0.9.8, the default digest for \s-1RSA\s0 keys was \s-1MD5\s0.
+Before OpenSSL 0.9.8, the default digest for \s-1RSA\s0 keys was \s-1MD5.\s0
.PP
The hash algorithm used in the \fB\-subject_hash\fR and \fB\-issuer_hash\fR options
before OpenSSL 1.0.0 was based on the deprecated \s-1MD5\s0 algorithm and the encoding
of the distinguished name. In OpenSSL 1.0.0 and later it is based on a
-canonical version of the \s-1DN\s0 using \s-1SHA1\s0. This means that any directories using
+canonical version of the \s-1DN\s0 using \s-1SHA1.\s0 This means that any directories using
the old form must have their links rebuilt using \fBc_rehash\fR or similar.
diff --git a/secure/usr.bin/openssl/man/x509v3_config.1 b/secure/usr.bin/openssl/man/x509v3_config.1
index aeb0060..27dd7c7 100644
--- a/secure/usr.bin/openssl/man/x509v3_config.1
+++ b/secure/usr.bin/openssl/man/x509v3_config.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509V3_CONFIG 1"
-.TH X509V3_CONFIG 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH X509V3_CONFIG 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -185,7 +194,7 @@ use is defined by the extension code itself: check out the certificate
policies extension for an example.
.PP
If an extension type is unsupported then the \fIarbitrary\fR extension syntax
-must be used, see the \s-1ARBITRARY\s0 \s-1EXTENSIONS\s0 section for more details.
+must be used, see the \s-1ARBITRARY EXTENSIONS\s0 section for more details.
.SH "STANDARD EXTENSIONS"
.IX Header "STANDARD EXTENSIONS"
The following sections describe each supported extension in detail.
@@ -207,7 +216,7 @@ For example:
.Ve
.PP
A \s-1CA\s0 certificate \fBmust\fR include the basicConstraints value with the \s-1CA\s0 field
-set to \s-1TRUE\s0. An end user certificate must either set \s-1CA\s0 to \s-1FALSE\s0 or exclude the
+set to \s-1TRUE.\s0 An end user certificate must either set \s-1CA\s0 to \s-1FALSE\s0 or exclude the
extension entirely. Some software may require the inclusion of basicConstraints
with \s-1CA\s0 set to \s-1FALSE\s0 for end entity certificates.
.PP
@@ -237,7 +246,7 @@ the certificate public key can be used for,
.PP
These can either be object short names of the dotted numerical form of OIDs.
While any \s-1OID\s0 can be used only certain values make sense. In particular the
-following \s-1PKIX\s0, \s-1NS\s0 and \s-1MS\s0 values are meaningful:
+following \s-1PKIX, NS\s0 and \s-1MS\s0 values are meaningful:
.PP
.Vb 10
\& Value Meaning
@@ -296,7 +305,7 @@ Example:
The subject alternative name extension allows various literal values to be
included in the configuration file. These include \fBemail\fR (an email address)
\&\fB\s-1URI\s0\fR a uniform resource indicator, \fB\s-1DNS\s0\fR (a \s-1DNS\s0 domain name), \fB\s-1RID\s0\fR (a
-registered \s-1ID:\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0), \fB\s-1IP\s0\fR (an \s-1IP\s0 address), \fBdirName\fR
+registered \s-1ID: OBJECT IDENTIFIER\s0), \fB\s-1IP\s0\fR (an \s-1IP\s0 address), \fBdirName\fR
(a distinguished name) and otherName.
.PP
The email option include a special 'copy' value. This will automatically
@@ -346,7 +355,7 @@ Example:
.SS "Authority Info Access."
.IX Subsection "Authority Info Access."
The authority information access extension gives details about how to access
-certain information relating to the \s-1CA\s0. Its syntax is accessOID;location
+certain information relating to the \s-1CA.\s0 Its syntax is accessOID;location
where \fIlocation\fR has the same syntax as subject alternative name (except
that email:copy is not supported). accessOID can be any valid \s-1OID\s0 but only
certain values are meaningful, for example \s-1OCSP\s0 and caIssuers.
@@ -443,7 +452,7 @@ This is a \fIraw\fR extension. All the fields of this extension can be set by
using the appropriate syntax.
.PP
If you follow the \s-1PKIX\s0 recommendations and just using one \s-1OID\s0 then you just
-include the value of that \s-1OID\s0. Multiple OIDs can be set separated by commas,
+include the value of that \s-1OID.\s0 Multiple OIDs can be set separated by commas,
for example:
.PP
.Vb 1
OpenPOWER on IntegriCloud