diff options
author | simon <simon@FreeBSD.org> | 2010-11-22 18:23:44 +0000 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2010-11-22 18:23:44 +0000 |
commit | 7a23485c98b888d229c5e0762dbcfcec293fcef6 (patch) | |
tree | 5691801dabb6a06320a55f5ce8ed927af41514f3 /crypto/openssl/doc | |
parent | 9c043d590896a77d5d66b978a963573a41d66ad3 (diff) | |
download | FreeBSD-src-7a23485c98b888d229c5e0762dbcfcec293fcef6.zip FreeBSD-src-7a23485c98b888d229c5e0762dbcfcec293fcef6.tar.gz |
Merge OpenSSL 0.9.8p into head.
Security: CVE-2010-3864
Security: http://www.openssl.org/news/secadv_20101116.txt
Diffstat (limited to 'crypto/openssl/doc')
22 files changed, 83 insertions, 38 deletions
diff --git a/crypto/openssl/doc/apps/smime.pod b/crypto/openssl/doc/apps/smime.pod index caf2d26..1b0d4f9 100644 --- a/crypto/openssl/doc/apps/smime.pod +++ b/crypto/openssl/doc/apps/smime.pod @@ -300,7 +300,7 @@ Create a cleartext signed message: openssl smime -sign -in message.txt -text -out mail.msg \ -signer mycert.pem -Create and opaque signed message +Create and opaque signed message: openssl smime -sign -in message.txt -text -out mail.msg -nodetach \ -signer mycert.pem @@ -349,11 +349,11 @@ it with: -----BEGIN PKCS7----- -----END PKCS7----- -and using the command, +and using the command: openssl smime -verify -inform PEM -in signature.pem -content content.txt -alternatively you can base64 decode the signature and use +Alternatively you can base64 decode the signature and use: openssl smime -verify -inform DER -in signature.der -content content.txt @@ -373,7 +373,7 @@ should be some heuristic that determines the correct encryption certificate. Ideally a database should be maintained of a certificates for each email address. The code doesn't currently take note of the permitted symmetric encryption -algorithms as supplied in the SMIMECapabilities signed attribute. this means the +algorithms as supplied in the SMIMECapabilities signed attribute. This means the user has to manually include the correct encryption algorithm. It should store the list of permitted ciphers in a database and only use those. diff --git a/crypto/openssl/doc/crypto/ASN1_OBJECT_new.pod b/crypto/openssl/doc/crypto/ASN1_OBJECT_new.pod index 51679bf..9bae40f 100644 --- a/crypto/openssl/doc/crypto/ASN1_OBJECT_new.pod +++ b/crypto/openssl/doc/crypto/ASN1_OBJECT_new.pod @@ -6,6 +6,8 @@ ASN1_OBJECT_new, ASN1_OBJECT_free, - object allocation functions =head1 SYNOPSIS + #include <openssl/asn1.h> + ASN1_OBJECT *ASN1_OBJECT_new(void); void ASN1_OBJECT_free(ASN1_OBJECT *a); diff --git a/crypto/openssl/doc/crypto/ASN1_STRING_length.pod b/crypto/openssl/doc/crypto/ASN1_STRING_length.pod index c4ec693..a08e9a0 100644 --- a/crypto/openssl/doc/crypto/ASN1_STRING_length.pod +++ b/crypto/openssl/doc/crypto/ASN1_STRING_length.pod @@ -8,6 +8,8 @@ ASN1_STRING utility functions =head1 SYNOPSIS + #include <openssl/asn1.h> + int ASN1_STRING_length(ASN1_STRING *x); unsigned char * ASN1_STRING_data(ASN1_STRING *x); diff --git a/crypto/openssl/doc/crypto/ASN1_STRING_new.pod b/crypto/openssl/doc/crypto/ASN1_STRING_new.pod index 5b1bbb7..8ac2a03 100644 --- a/crypto/openssl/doc/crypto/ASN1_STRING_new.pod +++ b/crypto/openssl/doc/crypto/ASN1_STRING_new.pod @@ -7,6 +7,8 @@ ASN1_STRING allocation functions =head1 SYNOPSIS + #include <openssl/asn1.h> + ASN1_STRING * ASN1_STRING_new(void); ASN1_STRING * ASN1_STRING_type_new(int type); void ASN1_STRING_free(ASN1_STRING *a); diff --git a/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod b/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod index 179132d..ee89159 100644 --- a/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod +++ b/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod @@ -6,6 +6,8 @@ ASN1_generate_nconf, ASN1_generate_v3 - ASN1 generation functions =head1 SYNOPSIS + #include <openssl/asn1.h> + ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf); ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf); diff --git a/crypto/openssl/doc/crypto/BIO_f_buffer.pod b/crypto/openssl/doc/crypto/BIO_f_buffer.pod index c9093c6..c0dccf1 100644 --- a/crypto/openssl/doc/crypto/BIO_f_buffer.pod +++ b/crypto/openssl/doc/crypto/BIO_f_buffer.pod @@ -31,7 +31,7 @@ BIO_get_buffer_num_lines() returns the number of lines currently buffered. BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size() set the read, write or both read and write buffer sizes to B<size>. The initial -buffer size is DEFAULT_BUFFER_SIZE, currently 1024. Any attempt to reduce the +buffer size is DEFAULT_BUFFER_SIZE, currently 4096. Any attempt to reduce the buffer size below DEFAULT_BUFFER_SIZE is ignored. Any buffered data is cleared when the buffer is resized. @@ -66,4 +66,9 @@ there was an error. =head1 SEE ALSO -TBA +L<BIO(3)|BIO(3)>, +L<BIO_reset(3)|BIO_reset(3)>, +L<BIO_flush(3)|BIO_flush(3)>, +L<BIO_pop(3)|BIO_pop(3)>, +L<BIO_ctrl(3)|BIO_ctrl(3)>, +L<BIO_int_ctrl(3)|BIO_ctrl(3)> diff --git a/crypto/openssl/doc/crypto/BIO_should_retry.pod b/crypto/openssl/doc/crypto/BIO_should_retry.pod index 539c391..b6d51f7 100644 --- a/crypto/openssl/doc/crypto/BIO_should_retry.pod +++ b/crypto/openssl/doc/crypto/BIO_should_retry.pod @@ -45,7 +45,7 @@ needs to read data. BIO_should_io_special() is true if some "special" condition, that is a reason other than reading or writing is the cause of the condition. -BIO_get_retry_reason() returns a mask of the cause of a retry condition +BIO_retry_type() returns a mask of the cause of a retry condition consisting of the values B<BIO_FLAGS_READ>, B<BIO_FLAGS_WRITE>, B<BIO_FLAGS_IO_SPECIAL> though current BIO types will only set one of these. diff --git a/crypto/openssl/doc/crypto/CRYPTO_set_ex_data.pod b/crypto/openssl/doc/crypto/CRYPTO_set_ex_data.pod index 1bd5bed..7409c02 100644 --- a/crypto/openssl/doc/crypto/CRYPTO_set_ex_data.pod +++ b/crypto/openssl/doc/crypto/CRYPTO_set_ex_data.pod @@ -6,6 +6,8 @@ CRYPTO_set_ex_data, CRYPTO_get_ex_data - internal application specific data func =head1 SYNOPSIS + #include <openssl/crypto.h> + int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg); void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx); diff --git a/crypto/openssl/doc/crypto/OBJ_nid2obj.pod b/crypto/openssl/doc/crypto/OBJ_nid2obj.pod index 7dcc079..1e45dd4 100644 --- a/crypto/openssl/doc/crypto/OBJ_nid2obj.pod +++ b/crypto/openssl/doc/crypto/OBJ_nid2obj.pod @@ -8,6 +8,8 @@ functions =head1 SYNOPSIS + #include <openssl/objects.h> + ASN1_OBJECT * OBJ_nid2obj(int n); const char * OBJ_nid2ln(int n); const char * OBJ_nid2sn(int n); diff --git a/crypto/openssl/doc/crypto/PKCS7_decrypt.pod b/crypto/openssl/doc/crypto/PKCS7_decrypt.pod index b0ca067..325699d 100644 --- a/crypto/openssl/doc/crypto/PKCS7_decrypt.pod +++ b/crypto/openssl/doc/crypto/PKCS7_decrypt.pod @@ -6,7 +6,9 @@ PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure =head1 SYNOPSIS -int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); + #include <openssl/pkcs7.h> + + int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); =head1 DESCRIPTION diff --git a/crypto/openssl/doc/crypto/PKCS7_encrypt.pod b/crypto/openssl/doc/crypto/PKCS7_encrypt.pod index 1a507b2..7e67f95 100644 --- a/crypto/openssl/doc/crypto/PKCS7_encrypt.pod +++ b/crypto/openssl/doc/crypto/PKCS7_encrypt.pod @@ -6,7 +6,9 @@ PKCS7_encrypt - create a PKCS#7 envelopedData structure =head1 SYNOPSIS -PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags); + #include <openssl/pkcs7.h> + + PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags); =head1 DESCRIPTION diff --git a/crypto/openssl/doc/crypto/PKCS7_sign.pod b/crypto/openssl/doc/crypto/PKCS7_sign.pod index ffd0c73..21b1710 100644 --- a/crypto/openssl/doc/crypto/PKCS7_sign.pod +++ b/crypto/openssl/doc/crypto/PKCS7_sign.pod @@ -6,7 +6,9 @@ PKCS7_sign - create a PKCS#7 signedData structure =head1 SYNOPSIS -PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags); + #include <openssl/pkcs7.h> + + PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags); =head1 DESCRIPTION diff --git a/crypto/openssl/doc/crypto/PKCS7_verify.pod b/crypto/openssl/doc/crypto/PKCS7_verify.pod index 3490b5d..7c10a4c 100644 --- a/crypto/openssl/doc/crypto/PKCS7_verify.pod +++ b/crypto/openssl/doc/crypto/PKCS7_verify.pod @@ -6,9 +6,11 @@ PKCS7_verify - verify a PKCS#7 signedData structure =head1 SYNOPSIS -int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags); + #include <openssl/pkcs7.h> -STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); + int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags); + + STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); =head1 DESCRIPTION diff --git a/crypto/openssl/doc/crypto/SMIME_read_PKCS7.pod b/crypto/openssl/doc/crypto/SMIME_read_PKCS7.pod index ffafa37..9d46715 100644 --- a/crypto/openssl/doc/crypto/SMIME_read_PKCS7.pod +++ b/crypto/openssl/doc/crypto/SMIME_read_PKCS7.pod @@ -6,7 +6,9 @@ SMIME_read_PKCS7 - parse S/MIME message. =head1 SYNOPSIS -PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont); + #include <openssl/pkcs7.h> + + PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont); =head1 DESCRIPTION diff --git a/crypto/openssl/doc/crypto/SMIME_write_PKCS7.pod b/crypto/openssl/doc/crypto/SMIME_write_PKCS7.pod index 61945b3..e20d46b 100644 --- a/crypto/openssl/doc/crypto/SMIME_write_PKCS7.pod +++ b/crypto/openssl/doc/crypto/SMIME_write_PKCS7.pod @@ -6,7 +6,9 @@ SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format. =head1 SYNOPSIS -int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags); + #include <openssl/pkcs7.h> + + int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags); =head1 DESCRIPTION diff --git a/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod b/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod index 11b35f6..41902c0 100644 --- a/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod +++ b/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod @@ -9,15 +9,17 @@ X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions =head1 SYNOPSIS -ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); -ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); + #include <openssl/x509.h> -int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj); -int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len); + ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); + ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len); -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len); -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len); + int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj); + int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len); + + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len); + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len); + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len); =head1 DESCRIPTION diff --git a/crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod b/crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod index e2ab4b0..1afd008 100644 --- a/crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod +++ b/crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod @@ -7,15 +7,17 @@ X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions =head1 SYNOPSIS -int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set); + #include <openssl/x509.h> -int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set); + int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set); -int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set); + int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set); -int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set); + int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set); -X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); + int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set); + + X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); =head1 DESCRIPTION diff --git a/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod b/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod index 333323d..3b1f9ff 100644 --- a/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod +++ b/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod @@ -8,14 +8,16 @@ X509_NAME lookup and enumeration functions =head1 SYNOPSIS -int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); -int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos); + #include <openssl/x509.h> -int X509_NAME_entry_count(X509_NAME *name); -X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); + int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); + int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos); -int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len); -int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len); + int X509_NAME_entry_count(X509_NAME *name); + X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); + + int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len); + int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len); =head1 DESCRIPTION diff --git a/crypto/openssl/doc/crypto/X509_new.pod b/crypto/openssl/doc/crypto/X509_new.pod index fd5fc65..d388723 100644 --- a/crypto/openssl/doc/crypto/X509_new.pod +++ b/crypto/openssl/doc/crypto/X509_new.pod @@ -6,6 +6,8 @@ X509_new, X509_free - X509 certificate ASN1 allocation functions =head1 SYNOPSIS + #include <openssl/x509.h> + X509 *X509_new(void); void X509_free(X509 *a); diff --git a/crypto/openssl/doc/crypto/bn_internal.pod b/crypto/openssl/doc/crypto/bn_internal.pod index d39ce90..91840b0 100644 --- a/crypto/openssl/doc/crypto/bn_internal.pod +++ b/crypto/openssl/doc/crypto/bn_internal.pod @@ -13,6 +13,8 @@ library internal functions =head1 SYNOPSIS + #include <openssl/bn.h> + BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w); BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w); diff --git a/crypto/openssl/doc/crypto/ui_compat.pod b/crypto/openssl/doc/crypto/ui_compat.pod index 9ab3c69..adf2ae5 100644 --- a/crypto/openssl/doc/crypto/ui_compat.pod +++ b/crypto/openssl/doc/crypto/ui_compat.pod @@ -7,6 +7,8 @@ Compatibility user interface functions =head1 SYNOPSIS + #include <openssl/des_old.h> + int des_read_password(DES_cblock *key,const char *prompt,int verify); int des_read_2passwords(DES_cblock *key1,DES_cblock *key2, const char *prompt,int verify); diff --git a/crypto/openssl/doc/ssl/SSL_library_init.pod b/crypto/openssl/doc/ssl/SSL_library_init.pod index ecf3c48..7f1356a 100644 --- a/crypto/openssl/doc/ssl/SSL_library_init.pod +++ b/crypto/openssl/doc/ssl/SSL_library_init.pod @@ -15,7 +15,7 @@ SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms =head1 DESCRIPTION -SSL_library_init() registers the available ciphers and digests. +SSL_library_init() registers the available SSL/TLS ciphers and digests. OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are synonyms for SSL_library_init(). @@ -26,24 +26,28 @@ SSL_library_init() must be called before any other action takes place. =head1 WARNING -SSL_library_init() only registers ciphers. Another important initialization -is the seeding of the PRNG (Pseudo Random Number Generator), which has to -be performed separately. +SSL_library_init() adds ciphers and digests used directly and indirectly by +SSL/TLS. =head1 EXAMPLES A typical TLS/SSL application will start with the library initialization, -will provide readable error messages and will seed the PRNG. +and provide readable error messages. SSL_load_error_strings(); /* readable error messages */ SSL_library_init(); /* initialize library */ - actions_to_seed_PRNG(); =head1 RETURN VALUES SSL_library_init() always returns "1", so it is safe to discard the return value. +=head1 NOTES + +OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to SSL_library_init(). +Applications which need to use SHA2 in earlier versions of OpenSSL should call +OpenSSL_add_all_algorithms() as well. + =head1 SEE ALSO L<ssl(3)|ssl(3)>, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>, |