Index: ObsoleteFiles.inc =================================================================== --- ObsoleteFiles.inc (revision 273303) +++ ObsoleteFiles.inc (working copy) @@ -38,6 +38,8 @@ # xargs -n1 | sort | uniq -d; # done +# 20141015: OpenSSL 1.0.1j import +OLD_FILES+=usr/share/openssl/man/man3/CMS_sign_add1_signer.3.gz # 20140917: hv_kvpd rc.d script removed in favor of devd configuration OLD_FILES+=etc/rc.d/hv_kvpd # 20140814: libopie version bump Index: crypto/openssl/CHANGES =================================================================== --- crypto/openssl/CHANGES (revision 273303) +++ crypto/openssl/CHANGES (working copy) @@ -2,6 +2,57 @@ OpenSSL CHANGES _______________ + Changes between 1.0.1i and 1.0.1j [15 Oct 2014] + + *) SRTP Memory Leak. + + A flaw in the DTLS SRTP extension parsing code allows an attacker, who + sends a carefully crafted handshake message, to cause OpenSSL to fail + to free up to 64k of memory causing a memory leak. This could be + exploited in a Denial Of Service attack. This issue affects OpenSSL + 1.0.1 server implementations for both SSL/TLS and DTLS regardless of + whether SRTP is used or configured. Implementations of OpenSSL that + have been compiled with OPENSSL_NO_SRTP defined are not affected. + + The fix was developed by the OpenSSL team. + (CVE-2014-3513) + [OpenSSL team] + + *) Session Ticket Memory Leak. + + When an OpenSSL SSL/TLS/DTLS server receives a session ticket the + integrity of that ticket is first verified. In the event of a session + ticket integrity check failing, OpenSSL will fail to free memory + causing a memory leak. By sending a large number of invalid session + tickets an attacker could exploit this issue in a Denial Of Service + attack. + (CVE-2014-3567) + [Steve Henson] + + *) Build option no-ssl3 is incomplete. + + When OpenSSL is configured with "no-ssl3" as a build option, servers + could accept and complete a SSL 3.0 handshake, and clients could be + configured to send them. + (CVE-2014-3568) + [Akamai and the OpenSSL team] + + *) Add support for TLS_FALLBACK_SCSV. + Client applications doing fallback retries should call + SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV). + (CVE-2014-3566) + [Adam Langley, Bodo Moeller] + + *) Add additional DigestInfo checks. + + Reencode DigestInto in DER and check against the original when + verifying RSA signature: this will reject any improperly encoded + DigestInfo structures. + + Note: this is a precautionary measure and no attacks are currently known. + + [Steve Henson] + Changes between 1.0.1h and 1.0.1i [6 Aug 2014] *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the Index: crypto/openssl/Configure =================================================================== --- crypto/openssl/Configure (revision 273303) +++ crypto/openssl/Configure (working copy) @@ -1767,6 +1767,9 @@ open(OUT,'>crypto/opensslconf.h.new') || die "unab print OUT "/* opensslconf.h */\n"; print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n"; +print OUT "#ifdef __cplusplus\n"; +print OUT "extern \"C\" {\n"; +print OUT "#endif\n"; print OUT "/* OpenSSL was configured with the following options: */\n"; my $openssl_algorithm_defines_trans = $openssl_algorithm_defines; $openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n# endif\n#endif/mg; @@ -1871,6 +1874,9 @@ while () { print OUT $_; } } close(IN); +print OUT "#ifdef __cplusplus\n"; +print OUT "}\n"; +print OUT "#endif\n"; close(OUT); rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h"; rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n"; Index: crypto/openssl/Makefile =================================================================== --- crypto/openssl/Makefile (revision 273303) +++ crypto/openssl/Makefile (working copy) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.1i +VERSION=1.0.1j MAJOR=1 MINOR=0.1 SHLIB_VERSION_NUMBER=1.0.0 Index: crypto/openssl/NEWS =================================================================== --- crypto/openssl/NEWS (revision 273303) +++ crypto/openssl/NEWS (working copy) @@ -5,6 +5,13 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] + + o Fix for CVE-2014-3513 + o Fix for CVE-2014-3567 + o Mitigation for CVE-2014-3566 (SSL protocol vulnerability) + o Fix for CVE-2014-3568 + Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014] o Fix for CVE-2014-3512 Index: crypto/openssl/README =================================================================== --- crypto/openssl/README (revision 273303) +++ crypto/openssl/README (working copy) @@ -1,5 +1,5 @@ - OpenSSL 1.0.1i 6 Aug 2014 + OpenSSL 1.0.1j 15 Oct 2014 Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Index: crypto/openssl/apps/s_client.c =================================================================== --- crypto/openssl/apps/s_client.c (revision 273303) +++ crypto/openssl/apps/s_client.c (working copy) @@ -337,6 +337,7 @@ static void sc_usage(void) BIO_printf(bio_err," -tls1_1 - just use TLSv1.1\n"); BIO_printf(bio_err," -tls1 - just use TLSv1\n"); BIO_printf(bio_err," -dtls1 - just use DTLSv1\n"); + BIO_printf(bio_err," -fallback_scsv - send TLS_FALLBACK_SCSV\n"); BIO_printf(bio_err," -mtu - set the link layer MTU\n"); BIO_printf(bio_err," -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); @@ -617,6 +618,7 @@ int MAIN(int argc, char **argv) char *sess_out = NULL; struct sockaddr peer; int peerlen = sizeof(peer); + int fallback_scsv = 0; int enable_timeouts = 0 ; long socket_mtu = 0; #ifndef OPENSSL_NO_JPAKE @@ -823,6 +825,10 @@ int MAIN(int argc, char **argv) meth=DTLSv1_client_method(); socket_type=SOCK_DGRAM; } + else if (strcmp(*argv,"-fallback_scsv") == 0) + { + fallback_scsv = 1; + } else if (strcmp(*argv,"-timeout") == 0) enable_timeouts=1; else if (strcmp(*argv,"-mtu") == 0) @@ -1235,6 +1241,10 @@ bad: SSL_set_session(con, sess); SSL_SESSION_free(sess); } + + if (fallback_scsv) + SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV); + #ifndef OPENSSL_NO_TLSEXT if (servername != NULL) { Index: crypto/openssl/crypto/Makefile =================================================================== --- crypto/openssl/crypto/Makefile (revision 273303) +++ crypto/openssl/crypto/Makefile (working copy) @@ -32,6 +32,7 @@ CPUID_OBJ=mem_clr.o LIBS= GENERAL=Makefile README crypto-lib.com install.com +TEST=constant_time_test.c LIB= $(TOP)/libcrypto.a SHARED_LIB= libcrypto$(SHLIB_EXT) @@ -44,7 +45,8 @@ SRC= $(LIBSRC) EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \ ossl_typ.h -HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h $(EXHEADER) +HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h \ + constant_time_locl.h $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) Index: crypto/openssl/crypto/aes/asm/aesni-x86_64.pl =================================================================== --- crypto/openssl/crypto/aes/asm/aesni-x86_64.pl (revision 273303) +++ crypto/openssl/crypto/aes/asm/aesni-x86_64.pl (working copy) @@ -525,6 +525,16 @@ $code.=<<___; .type aesni_ecb_encrypt,\@function,5 .align 16 aesni_ecb_encrypt: +___ +$code.=<<___ if ($win64); + lea -0x58(%rsp),%rsp + movaps %xmm6,(%rsp) + movaps %xmm7,0x10(%rsp) + movaps %xmm8,0x20(%rsp) + movaps %xmm9,0x30(%rsp) +.Lecb_enc_body: +___ +$code.=<<___; and \$-16,$len jz .Lecb_ret @@ -805,6 +815,16 @@ $code.=<<___; movups $inout5,0x50($out) .Lecb_ret: +___ +$code.=<<___ if ($win64); + movaps (%rsp),%xmm6 + movaps 0x10(%rsp),%xmm7 + movaps 0x20(%rsp),%xmm8 + movaps 0x30(%rsp),%xmm9 + lea 0x58(%rsp),%rsp +.Lecb_enc_ret: +___ +$code.=<<___; ret .size aesni_ecb_encrypt,.-aesni_ecb_encrypt ___ @@ -2730,9 +2750,9 @@ $code.=<<___; .extern __imp_RtlVirtualUnwind ___ $code.=<<___ if ($PREFIX eq "aesni"); -.type ecb_se_handler,\@abi-omnipotent +.type ecb_ccm64_se_handler,\@abi-omnipotent .align 16 -ecb_se_handler: +ecb_ccm64_se_handler: push %rsi push %rdi push %rbx @@ -2744,25 +2764,6 @@ $code.=<<___ if ($PREFIX eq "aesni"); pushfq sub \$64,%rsp - mov 152($context),%rax # pull context->Rsp - - jmp .Lcommon_seh_tail -.size ecb_se_handler,.-ecb_se_handler - -.type ccm64_se_handler,\@abi-omnipotent -.align 16 -ccm64_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - mov 120($context),%rax # pull context->Rax mov 248($context),%rbx # pull context->Rip @@ -2788,7 +2789,7 @@ $code.=<<___ if ($PREFIX eq "aesni"); lea 0x58(%rax),%rax # adjust stack pointer jmp .Lcommon_seh_tail -.size ccm64_se_handler,.-ccm64_se_handler +.size ecb_ccm64_se_handler,.-ecb_ccm64_se_handler .type ctr32_se_handler,\@abi-omnipotent .align 16 @@ -2993,14 +2994,15 @@ ___ $code.=<<___ if ($PREFIX eq "aesni"); .LSEH_info_ecb: .byte 9,0,0,0 - .rva ecb_se_handler + .rva ecb_ccm64_se_handler + .rva .Lecb_enc_body,.Lecb_enc_ret # HandlerData[] .LSEH_info_ccm64_enc: .byte 9,0,0,0 - .rva ccm64_se_handler + .rva ecb_ccm64_se_handler .rva .Lccm64_enc_body,.Lccm64_enc_ret # HandlerData[] .LSEH_info_ccm64_dec: .byte 9,0,0,0 - .rva ccm64_se_handler + .rva ecb_ccm64_se_handler .rva .Lccm64_dec_body,.Lccm64_dec_ret # HandlerData[] .LSEH_info_ctr32: .byte 9,0,0,0 Index: crypto/openssl/crypto/asn1/a_strex.c =================================================================== --- crypto/openssl/crypto/asn1/a_strex.c (revision 273303) +++ crypto/openssl/crypto/asn1/a_strex.c (working copy) @@ -568,6 +568,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_ mbflag |= MBSTRING_FLAG; stmp.data = NULL; stmp.length = 0; + stmp.flags = 0; ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); if(ret < 0) return ret; *out = stmp.data; Index: crypto/openssl/crypto/bn/asm/x86_64-gcc.c =================================================================== --- crypto/openssl/crypto/bn/asm/x86_64-gcc.c (revision 273303) +++ crypto/openssl/crypto/bn/asm/x86_64-gcc.c (working copy) @@ -189,7 +189,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULON if (n <= 0) return 0; - asm ( + asm volatile ( " subq %2,%2 \n" ".p2align 4 \n" "1: movq (%4,%2,8),%0 \n" @@ -200,7 +200,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULON " sbbq %0,%0 \n" : "=&a"(ret),"+c"(n),"=&r"(i) : "r"(rp),"r"(ap),"r"(bp) - : "cc" + : "cc", "memory" ); return ret&1; @@ -212,7 +212,7 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULON if (n <= 0) return 0; - asm ( + asm volatile ( " subq %2,%2 \n" ".p2align 4 \n" "1: movq (%4,%2,8),%0 \n" @@ -223,7 +223,7 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULON " sbbq %0,%0 \n" : "=&a"(ret),"+c"(n),"=&r"(i) : "r"(rp),"r"(ap),"r"(bp) - : "cc" + : "cc", "memory" ); return ret&1; Index: crypto/openssl/crypto/bn/bn_exp.c =================================================================== --- crypto/openssl/crypto/bn/bn_exp.c (revision 273303) +++ crypto/openssl/crypto/bn/bn_exp.c (working copy) @@ -874,7 +874,14 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, c bits = BN_num_bits(p); if (bits == 0) { - ret = BN_one(rr); + /* x**0 mod 1 is still zero. */ + if (BN_is_one(m)) + { + ret = 1; + BN_zero(rr); + } + else + ret = BN_one(rr); return ret; } if (a == 0) Index: crypto/openssl/crypto/bn/bn_nist.c =================================================================== --- crypto/openssl/crypto/bn/bn_nist.c (revision 273303) +++ crypto/openssl/crypto/bn/bn_nist.c (working copy) @@ -1088,9 +1088,9 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, co /* ... and right shift */ for (val=t_d[0],i=0; i>BN_NIST_521_RSHIFT; - val = t_d[i+1]; - t_d[i] = (tmp | val<>BN_NIST_521_RSHIFT | + (tmp=t_d[i+1])<>BN_NIST_521_RSHIFT; /* lower 521 bits */ Index: crypto/openssl/crypto/bn/exptest.c =================================================================== --- crypto/openssl/crypto/bn/exptest.c (revision 273303) +++ crypto/openssl/crypto/bn/exptest.c (working copy) @@ -71,6 +71,43 @@ static const char rnd_seed[] = "string to make the random number generator think it has entropy"; +/* test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. */ +static int test_exp_mod_zero() { + BIGNUM a, p, m; + BIGNUM r; + BN_CTX *ctx = BN_CTX_new(); + int ret = 1; + + BN_init(&m); + BN_one(&m); + + BN_init(&a); + BN_one(&a); + + BN_init(&p); + BN_zero(&p); + + BN_init(&r); + BN_mod_exp(&r, &a, &p, &m, ctx); + BN_CTX_free(ctx); + + if (BN_is_zero(&r)) + ret = 0; + else + { + printf("1**0 mod 1 = "); + BN_print_fp(stdout, &r); + printf(", should be 0\n"); + } + + BN_free(&r); + BN_free(&a); + BN_free(&p); + BN_free(&m); + + return ret; +} + int main(int argc, char *argv[]) { BN_CTX *ctx; @@ -190,7 +227,13 @@ int main(int argc, char *argv[]) ERR_remove_thread_state(NULL); CRYPTO_mem_leaks(out); BIO_free(out); - printf(" done\n"); + printf("\n"); + + if (test_exp_mod_zero() != 0) + goto err; + + printf("done\n"); + EXIT(0); err: ERR_load_crypto_strings(); Index: crypto/openssl/crypto/constant_time_locl.h =================================================================== --- crypto/openssl/crypto/constant_time_locl.h (revision 0) +++ crypto/openssl/crypto/constant_time_locl.h (working copy) @@ -0,0 +1,216 @@ +/* crypto/constant_time_locl.h */ +/* + * Utilities for constant-time cryptography. + * + * Author: Emilia Kasper (emilia@openssl.org) + * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley + * (Google). + * ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_CONSTANT_TIME_LOCL_H +#define HEADER_CONSTANT_TIME_LOCL_H + +#include "e_os.h" /* For 'inline' */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * The boolean methods return a bitmask of all ones (0xff...f) for true + * and 0 for false. This is useful for choosing a value based on the result + * of a conditional in constant time. For example, + * + * if (a < b) { + * c = a; + * } else { + * c = b; + * } + * + * can be written as + * + * unsigned int lt = constant_time_lt(a, b); + * c = constant_time_select(lt, a, b); + */ + +/* + * Returns the given value with the MSB copied to all the other + * bits. Uses the fact that arithmetic shift shifts-in the sign bit. + * However, this is not ensured by the C standard so you may need to + * replace this with something else on odd CPUs. + */ +static inline unsigned int constant_time_msb(unsigned int a); + +/* + * Returns 0xff..f if a < b and 0 otherwise. + */ +static inline unsigned int constant_time_lt(unsigned int a, unsigned int b); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b); + +/* + * Returns 0xff..f if a >= b and 0 otherwise. + */ +static inline unsigned int constant_time_ge(unsigned int a, unsigned int b); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b); + +/* + * Returns 0xff..f if a == 0 and 0 otherwise. + */ +static inline unsigned int constant_time_is_zero(unsigned int a); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_is_zero_8(unsigned int a); + + +/* + * Returns 0xff..f if a == b and 0 otherwise. + */ +static inline unsigned int constant_time_eq(unsigned int a, unsigned int b); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b); +/* Signed integers. */ +static inline unsigned int constant_time_eq_int(int a, int b); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_eq_int_8(int a, int b); + + +/* + * Returns (mask & a) | (~mask & b). + * + * When |mask| is all 1s or all 0s (as returned by the methods above), + * the select methods return either |a| (if |mask| is nonzero) or |b| + * (if |mask| is zero). + */ +static inline unsigned int constant_time_select(unsigned int mask, + unsigned int a, unsigned int b); +/* Convenience method for unsigned chars. */ +static inline unsigned char constant_time_select_8(unsigned char mask, + unsigned char a, unsigned char b); +/* Convenience method for signed integers. */ +static inline int constant_time_select_int(unsigned int mask, int a, int b); + +static inline unsigned int constant_time_msb(unsigned int a) + { + return (unsigned int)((int)(a) >> (sizeof(int) * 8 - 1)); + } + +static inline unsigned int constant_time_lt(unsigned int a, unsigned int b) + { + unsigned int lt; + /* Case 1: msb(a) == msb(b). a < b iff the MSB of a - b is set.*/ + lt = ~(a ^ b) & (a - b); + /* Case 2: msb(a) != msb(b). a < b iff the MSB of b is set. */ + lt |= ~a & b; + return constant_time_msb(lt); + } + +static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b) + { + return (unsigned char)(constant_time_lt(a, b)); + } + +static inline unsigned int constant_time_ge(unsigned int a, unsigned int b) + { + unsigned int ge; + /* Case 1: msb(a) == msb(b). a >= b iff the MSB of a - b is not set.*/ + ge = ~((a ^ b) | (a - b)); + /* Case 2: msb(a) != msb(b). a >= b iff the MSB of a is set. */ + ge |= a & ~b; + return constant_time_msb(ge); + } + +static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b) + { + return (unsigned char)(constant_time_ge(a, b)); + } + +static inline unsigned int constant_time_is_zero(unsigned int a) + { + return constant_time_msb(~a & (a - 1)); + } + +static inline unsigned char constant_time_is_zero_8(unsigned int a) + { + return (unsigned char)(constant_time_is_zero(a)); + } + +static inline unsigned int constant_time_eq(unsigned int a, unsigned int b) + { + return constant_time_is_zero(a ^ b); + } + +static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b) + { + return (unsigned char)(constant_time_eq(a, b)); + } + +static inline unsigned int constant_time_eq_int(int a, int b) + { + return constant_time_eq((unsigned)(a), (unsigned)(b)); + } + +static inline unsigned char constant_time_eq_int_8(int a, int b) + { + return constant_time_eq_8((unsigned)(a), (unsigned)(b)); + } + +static inline unsigned int constant_time_select(unsigned int mask, + unsigned int a, unsigned int b) + { + return (mask & a) | (~mask & b); + } + +static inline unsigned char constant_time_select_8(unsigned char mask, + unsigned char a, unsigned char b) + { + return (unsigned char)(constant_time_select(mask, a, b)); + } + +inline int constant_time_select_int(unsigned int mask, int a, int b) + { + return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b))); + } + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_CONSTANT_TIME_LOCL_H */ Property changes on: crypto/openssl/crypto/constant_time_locl.h ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: crypto/openssl/crypto/constant_time_test.c =================================================================== --- crypto/openssl/crypto/constant_time_test.c (revision 0) +++ crypto/openssl/crypto/constant_time_test.c (working copy) @@ -0,0 +1,330 @@ +/* crypto/constant_time_test.c */ +/* + * Utilities for constant-time cryptography. + * + * Author: Emilia Kasper (emilia@openssl.org) + * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley + * (Google). + * ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include "../crypto/constant_time_locl.h" + +#include +#include +#include + +static const unsigned int CONSTTIME_TRUE = (unsigned)(~0); +static const unsigned int CONSTTIME_FALSE = 0; +static const unsigned char CONSTTIME_TRUE_8 = 0xff; +static const unsigned char CONSTTIME_FALSE_8 = 0; + +static int test_binary_op(unsigned int (*op)(unsigned int a, unsigned int b), + const char* op_name, unsigned int a, unsigned int b, int is_true) + { + unsigned c = op(a, b); + if (is_true && c != CONSTTIME_TRUE) + { + fprintf(stderr, "Test failed for %s(%du, %du): expected %du " + "(TRUE), got %du\n", op_name, a, b, CONSTTIME_TRUE, c); + return 1; + } + else if (!is_true && c != CONSTTIME_FALSE) + { + fprintf(stderr, "Test failed for %s(%du, %du): expected %du " + "(FALSE), got %du\n", op_name, a, b, CONSTTIME_FALSE, + c); + return 1; + } + return 0; + } + +static int test_binary_op_8(unsigned char (*op)(unsigned int a, unsigned int b), + const char* op_name, unsigned int a, unsigned int b, int is_true) + { + unsigned char c = op(a, b); + if (is_true && c != CONSTTIME_TRUE_8) + { + fprintf(stderr, "Test failed for %s(%du, %du): expected %u " + "(TRUE), got %u\n", op_name, a, b, CONSTTIME_TRUE_8, c); + return 1; + } + else if (!is_true && c != CONSTTIME_FALSE_8) + { + fprintf(stderr, "Test failed for %s(%du, %du): expected %u " + "(FALSE), got %u\n", op_name, a, b, CONSTTIME_FALSE_8, + c); + return 1; + } + return 0; + } + +static int test_is_zero(unsigned int a) + { + unsigned int c = constant_time_is_zero(a); + if (a == 0 && c != CONSTTIME_TRUE) + { + fprintf(stderr, "Test failed for constant_time_is_zero(%du): " + "expected %du (TRUE), got %du\n", a, CONSTTIME_TRUE, c); + return 1; + } + else if (a != 0 && c != CONSTTIME_FALSE) + { + fprintf(stderr, "Test failed for constant_time_is_zero(%du): " + "expected %du (FALSE), got %du\n", a, CONSTTIME_FALSE, + c); + return 1; + } + return 0; + } + +static int test_is_zero_8(unsigned int a) + { + unsigned char c = constant_time_is_zero_8(a); + if (a == 0 && c != CONSTTIME_TRUE_8) + { + fprintf(stderr, "Test failed for constant_time_is_zero(%du): " + "expected %u (TRUE), got %u\n", a, CONSTTIME_TRUE_8, c); + return 1; + } + else if (a != 0 && c != CONSTTIME_FALSE) + { + fprintf(stderr, "Test failed for constant_time_is_zero(%du): " + "expected %u (FALSE), got %u\n", a, CONSTTIME_FALSE_8, + c); + return 1; + } + return 0; + } + +static int test_select(unsigned int a, unsigned int b) + { + unsigned int selected = constant_time_select(CONSTTIME_TRUE, a, b); + if (selected != a) + { + fprintf(stderr, "Test failed for constant_time_select(%du, %du," + "%du): expected %du(first value), got %du\n", + CONSTTIME_TRUE, a, b, a, selected); + return 1; + } + selected = constant_time_select(CONSTTIME_FALSE, a, b); + if (selected != b) + { + fprintf(stderr, "Test failed for constant_time_select(%du, %du," + "%du): expected %du(second value), got %du\n", + CONSTTIME_FALSE, a, b, b, selected); + return 1; + } + return 0; + } + +static int test_select_8(unsigned char a, unsigned char b) + { + unsigned char selected = constant_time_select_8(CONSTTIME_TRUE_8, a, b); + if (selected != a) + { + fprintf(stderr, "Test failed for constant_time_select(%u, %u," + "%u): expected %u(first value), got %u\n", + CONSTTIME_TRUE, a, b, a, selected); + return 1; + } + selected = constant_time_select_8(CONSTTIME_FALSE_8, a, b); + if (selected != b) + { + fprintf(stderr, "Test failed for constant_time_select(%u, %u," + "%u): expected %u(second value), got %u\n", + CONSTTIME_FALSE, a, b, b, selected); + return 1; + } + return 0; + } + +static int test_select_int(int a, int b) + { + int selected = constant_time_select_int(CONSTTIME_TRUE, a, b); + if (selected != a) + { + fprintf(stderr, "Test failed for constant_time_select(%du, %d," + "%d): expected %d(first value), got %d\n", + CONSTTIME_TRUE, a, b, a, selected); + return 1; + } + selected = constant_time_select_int(CONSTTIME_FALSE, a, b); + if (selected != b) + { + fprintf(stderr, "Test failed for constant_time_select(%du, %d," + "%d): expected %d(second value), got %d\n", + CONSTTIME_FALSE, a, b, b, selected); + return 1; + } + return 0; + } + +static int test_eq_int(int a, int b) + { + unsigned int equal = constant_time_eq_int(a, b); + if (a == b && equal != CONSTTIME_TRUE) + { + fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): " + "expected %du(TRUE), got %du\n", + a, b, CONSTTIME_TRUE, equal); + return 1; + } + else if (a != b && equal != CONSTTIME_FALSE) + { + fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): " + "expected %du(FALSE), got %du\n", + a, b, CONSTTIME_FALSE, equal); + return 1; + } + return 0; + } + +static int test_eq_int_8(int a, int b) + { + unsigned char equal = constant_time_eq_int_8(a, b); + if (a == b && equal != CONSTTIME_TRUE_8) + { + fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): " + "expected %u(TRUE), got %u\n", + a, b, CONSTTIME_TRUE_8, equal); + return 1; + } + else if (a != b && equal != CONSTTIME_FALSE_8) + { + fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): " + "expected %u(FALSE), got %u\n", + a, b, CONSTTIME_FALSE_8, equal); + return 1; + } + return 0; + } + +static unsigned int test_values[] = {0, 1, 1024, 12345, 32000, UINT_MAX/2-1, + UINT_MAX/2, UINT_MAX/2+1, UINT_MAX-1, + UINT_MAX}; + +static unsigned char test_values_8[] = {0, 1, 2, 20, 32, 127, 128, 129, 255}; + +static int signed_test_values[] = {0, 1, -1, 1024, -1024, 12345, -12345, + 32000, -32000, INT_MAX, INT_MIN, INT_MAX-1, + INT_MIN+1}; + + +int main(int argc, char *argv[]) + { + unsigned int a, b, i, j; + int c, d; + unsigned char e, f; + int num_failed = 0, num_all = 0; + fprintf(stdout, "Testing constant time operations...\n"); + + for (i = 0; i < sizeof(test_values)/sizeof(int); ++i) + { + a = test_values[i]; + num_failed += test_is_zero(a); + num_failed += test_is_zero_8(a); + num_all += 2; + for (j = 0; j < sizeof(test_values)/sizeof(int); ++j) + { + b = test_values[j]; + num_failed += test_binary_op(&constant_time_lt, + "constant_time_lt", a, b, a < b); + num_failed += test_binary_op_8(&constant_time_lt_8, + "constant_time_lt_8", a, b, a < b); + num_failed += test_binary_op(&constant_time_lt, + "constant_time_lt_8", b, a, b < a); + num_failed += test_binary_op_8(&constant_time_lt_8, + "constant_time_lt_8", b, a, b < a); + num_failed += test_binary_op(&constant_time_ge, + "constant_time_ge", a, b, a >= b); + num_failed += test_binary_op_8(&constant_time_ge_8, + "constant_time_ge_8", a, b, a >= b); + num_failed += test_binary_op(&constant_time_ge, + "constant_time_ge", b, a, b >= a); + num_failed += test_binary_op_8(&constant_time_ge_8, + "constant_time_ge_8", b, a, b >= a); + num_failed += test_binary_op(&constant_time_eq, + "constant_time_eq", a, b, a == b); + num_failed += test_binary_op_8(&constant_time_eq_8, + "constant_time_eq_8", a, b, a == b); + num_failed += test_binary_op(&constant_time_eq, + "constant_time_eq", b, a, b == a); + num_failed += test_binary_op_8(&constant_time_eq_8, + "constant_time_eq_8", b, a, b == a); + num_failed += test_select(a, b); + num_all += 13; + } + } + + for (i = 0; i < sizeof(signed_test_values)/sizeof(int); ++i) + { + c = signed_test_values[i]; + for (j = 0; j < sizeof(signed_test_values)/sizeof(int); ++j) + { + d = signed_test_values[j]; + num_failed += test_select_int(c, d); + num_failed += test_eq_int(c, d); + num_failed += test_eq_int_8(c, d); + num_all += 3; + } + } + + for (i = 0; i < sizeof(test_values_8); ++i) + { + e = test_values_8[i]; + for (j = 0; j < sizeof(test_values_8); ++j) + { + f = test_values_8[j]; + num_failed += test_select_8(e, f); + num_all += 1; + } + } + + if (!num_failed) + { + fprintf(stdout, "ok (ran %d tests)\n", num_all); + return EXIT_SUCCESS; + } + else + { + fprintf(stdout, "%d of %d tests failed!\n", num_failed, num_all); + return EXIT_FAILURE; + } + } Property changes on: crypto/openssl/crypto/constant_time_test.c ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: crypto/openssl/crypto/dsa/dsa_ameth.c =================================================================== --- crypto/openssl/crypto/dsa/dsa_ameth.c (revision 273303) +++ crypto/openssl/crypto/dsa/dsa_ameth.c (working copy) @@ -307,6 +307,12 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8 unsigned char *dp = NULL; int dplen; + if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key) + { + DSAerr(DSA_F_DSA_PRIV_ENCODE,DSA_R_MISSING_PARAMETERS); + goto err; + } + params = ASN1_STRING_new(); if (!params) @@ -701,4 +707,3 @@ const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = old_dsa_priv_encode } }; - Index: crypto/openssl/crypto/ebcdic.h =================================================================== --- crypto/openssl/crypto/ebcdic.h (revision 273303) +++ crypto/openssl/crypto/ebcdic.h (working copy) @@ -5,6 +5,10 @@ #include +#ifdef __cplusplus +extern "C" { +#endif + /* Avoid name clashes with other applications */ #define os_toascii _openssl_os_toascii #define os_toebcdic _openssl_os_toebcdic @@ -16,4 +20,7 @@ extern const unsigned char os_toebcdic[256]; void *ebcdic2ascii(void *dest, const void *srce, size_t count); void *ascii2ebcdic(void *dest, const void *srce, size_t count); +#ifdef __cplusplus +} #endif +#endif Index: crypto/openssl/crypto/ec/ec.h =================================================================== --- crypto/openssl/crypto/ec/ec.h (revision 273303) +++ crypto/openssl/crypto/ec/ec.h (working copy) @@ -629,7 +629,7 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_P int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx); -/** Computes r = generator * n sum_{i=0}^num p[i] * m[i] +/** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i] * \param group underlying EC_GROUP object * \param r EC_POINT object for the result * \param n BIGNUM with the multiplier for the group generator (optional) Index: crypto/openssl/crypto/ec/ec2_smpl.c =================================================================== --- crypto/openssl/crypto/ec/ec2_smpl.c (revision 273303) +++ crypto/openssl/crypto/ec/ec2_smpl.c (working copy) @@ -80,9 +80,6 @@ const EC_METHOD *EC_GF2m_simple_method(void) { -#ifdef OPENSSL_FIPS - return fips_ec_gf2m_simple_method(); -#else static const EC_METHOD ret = { EC_FLAGS_DEFAULT_OCT, NID_X9_62_characteristic_two_field, @@ -125,8 +122,12 @@ const EC_METHOD *EC_GF2m_simple_method(void) 0 /* field_decode */, 0 /* field_set_to_one */ }; +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + return fips_ec_gf2m_simple_method(); +#endif + return &ret; -#endif } Index: crypto/openssl/crypto/ec/ec_ameth.c =================================================================== --- crypto/openssl/crypto/ec/ec_ameth.c (revision 273303) +++ crypto/openssl/crypto/ec/ec_ameth.c (working copy) @@ -453,14 +453,16 @@ static int do_EC_KEY_print(BIO *bp, const EC_KEY * if (ktype > 0) { public_key = EC_KEY_get0_public_key(x); - if ((pub_key = EC_POINT_point2bn(group, public_key, - EC_KEY_get_conv_form(x), NULL, ctx)) == NULL) + if (public_key != NULL) { - reason = ERR_R_EC_LIB; - goto err; + if ((pub_key = EC_POINT_point2bn(group, public_key, + EC_KEY_get_conv_form(x), NULL, ctx)) == NULL) + { + reason = ERR_R_EC_LIB; + goto err; + } + buf_len = (size_t)BN_num_bytes(pub_key); } - if (pub_key) - buf_len = (size_t)BN_num_bytes(pub_key); } if (ktype == 2) Index: crypto/openssl/crypto/ec/ec_asn1.c =================================================================== --- crypto/openssl/crypto/ec/ec_asn1.c (revision 273303) +++ crypto/openssl/crypto/ec/ec_asn1.c (working copy) @@ -1183,30 +1183,47 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigne goto err; } + if (ret->pub_key) + EC_POINT_clear_free(ret->pub_key); + ret->pub_key = EC_POINT_new(ret->group); + if (ret->pub_key == NULL) + { + ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); + goto err; + } + if (priv_key->publicKey) { const unsigned char *pub_oct; - size_t pub_oct_len; + int pub_oct_len; - if (ret->pub_key) - EC_POINT_clear_free(ret->pub_key); - ret->pub_key = EC_POINT_new(ret->group); - if (ret->pub_key == NULL) + pub_oct = M_ASN1_STRING_data(priv_key->publicKey); + pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey); + /* The first byte - point conversion form - must be present. */ + if (pub_oct_len <= 0) { - ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); + ECerr(EC_F_D2I_ECPRIVATEKEY, EC_R_BUFFER_TOO_SMALL); goto err; } - pub_oct = M_ASN1_STRING_data(priv_key->publicKey); - pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey); - /* save the point conversion form */ + /* Save the point conversion form. */ ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01); if (!EC_POINT_oct2point(ret->group, ret->pub_key, - pub_oct, pub_oct_len, NULL)) + pub_oct, (size_t)(pub_oct_len), NULL)) { ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); goto err; } } + else + { + if (!EC_POINT_mul(ret->group, ret->pub_key, ret->priv_key, NULL, NULL, NULL)) + { + ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB); + goto err; + } + /* Remember the original private-key-only encoding. */ + ret->enc_flag |= EC_PKEY_NO_PUBKEY; + } ok = 1; err: @@ -1230,7 +1247,8 @@ int i2d_ECPrivateKey(EC_KEY *a, unsigned char **ou size_t buf_len=0, tmp_len; EC_PRIVATEKEY *priv_key=NULL; - if (a == NULL || a->group == NULL || a->priv_key == NULL) + if (a == NULL || a->group == NULL || a->priv_key == NULL || + (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key == NULL)) { ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); Index: crypto/openssl/crypto/ec/ecp_mont.c =================================================================== --- crypto/openssl/crypto/ec/ecp_mont.c (revision 273303) +++ crypto/openssl/crypto/ec/ecp_mont.c (working copy) @@ -72,9 +72,6 @@ const EC_METHOD *EC_GFp_mont_method(void) { -#ifdef OPENSSL_FIPS - return fips_ec_gfp_mont_method(); -#else static const EC_METHOD ret = { EC_FLAGS_DEFAULT_OCT, NID_X9_62_prime_field, @@ -114,8 +111,12 @@ const EC_METHOD *EC_GFp_mont_method(void) ec_GFp_mont_field_decode, ec_GFp_mont_field_set_to_one }; +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + return fips_ec_gfp_mont_method(); +#endif + return &ret; -#endif } Index: crypto/openssl/crypto/ec/ecp_nist.c =================================================================== --- crypto/openssl/crypto/ec/ecp_nist.c (revision 273303) +++ crypto/openssl/crypto/ec/ecp_nist.c (working copy) @@ -73,9 +73,6 @@ const EC_METHOD *EC_GFp_nist_method(void) { -#ifdef OPENSSL_FIPS - return fips_ec_gfp_nist_method(); -#else static const EC_METHOD ret = { EC_FLAGS_DEFAULT_OCT, NID_X9_62_prime_field, @@ -115,8 +112,12 @@ const EC_METHOD *EC_GFp_nist_method(void) 0 /* field_decode */, 0 /* field_set_to_one */ }; +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + return fips_ec_gfp_nist_method(); +#endif + return &ret; -#endif } int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src) Index: crypto/openssl/crypto/ec/ecp_smpl.c =================================================================== --- crypto/openssl/crypto/ec/ecp_smpl.c (revision 273303) +++ crypto/openssl/crypto/ec/ecp_smpl.c (working copy) @@ -73,9 +73,6 @@ const EC_METHOD *EC_GFp_simple_method(void) { -#ifdef OPENSSL_FIPS - return fips_ec_gfp_simple_method(); -#else static const EC_METHOD ret = { EC_FLAGS_DEFAULT_OCT, NID_X9_62_prime_field, @@ -115,8 +112,12 @@ const EC_METHOD *EC_GFp_simple_method(void) 0 /* field_decode */, 0 /* field_set_to_one */ }; +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + return fips_ec_gfp_simple_method(); +#endif + return &ret; -#endif } @@ -1317,8 +1318,8 @@ int ec_GFp_simple_points_make_affine(const EC_GROU { for (i = 0; i < num; i++) { - if (prod_Z[i] != NULL) - BN_clear_free(prod_Z[i]); + if (prod_Z[i] == NULL) break; + BN_clear_free(prod_Z[i]); } OPENSSL_free(prod_Z); } Index: crypto/openssl/crypto/ec/ectest.c =================================================================== --- crypto/openssl/crypto/ec/ectest.c (revision 273303) +++ crypto/openssl/crypto/ec/ectest.c (working copy) @@ -251,6 +251,7 @@ static void group_order_tests(EC_GROUP *group) if (!EC_POINT_is_at_infinity(group, Q)) ABORT; /* Exercise EC_POINTs_mul, including corner cases. */ + if (EC_POINT_is_at_infinity(group, P)) ABORT; scalars[0] = n1; points[0] = Q; /* => infinity */ scalars[1] = n2; points[1] = P; /* => -P */ scalars[2] = n1; points[2] = Q; /* => infinity */ @@ -257,8 +258,8 @@ static void group_order_tests(EC_GROUP *group) scalars[3] = n2; points[3] = Q; /* => infinity */ scalars[4] = n1; points[4] = P; /* => P */ scalars[5] = n2; points[5] = Q; /* => infinity */ - if (!EC_POINTs_mul(group, Q, NULL, 5, points, scalars, ctx)) ABORT; - if (!EC_POINT_is_at_infinity(group, Q)) ABORT; + if (!EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx)) ABORT; + if (!EC_POINT_is_at_infinity(group, P)) ABORT; } fprintf(stdout, "ok\n"); Index: crypto/openssl/crypto/evp/Makefile =================================================================== --- crypto/openssl/crypto/evp/Makefile (revision 273303) +++ crypto/openssl/crypto/evp/Makefile (working copy) @@ -383,7 +383,7 @@ evp_enc.o: ../../include/openssl/pkcs7.h ../../inc evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h evp_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h +evp_enc.o: ../constant_time_locl.h ../cryptlib.h evp_enc.c evp_locl.h evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h Index: crypto/openssl/crypto/evp/e_aes.c =================================================================== --- crypto/openssl/crypto/evp/e_aes.c (revision 273303) +++ crypto/openssl/crypto/evp/e_aes.c (working copy) @@ -166,7 +166,7 @@ extern unsigned int OPENSSL_ia32cap_P[2]; #define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) #endif #ifdef BSAES_ASM -#define BSAES_CAPABLE VPAES_CAPABLE +#define BSAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) #endif /* * AES-NI section Index: crypto/openssl/crypto/evp/evp_enc.c =================================================================== --- crypto/openssl/crypto/evp/evp_enc.c (revision 273303) +++ crypto/openssl/crypto/evp/evp_enc.c (working copy) @@ -67,6 +67,7 @@ #ifdef OPENSSL_FIPS #include #endif +#include "constant_time_locl.h" #include "evp_locl.h" #ifdef OPENSSL_FIPS @@ -500,21 +501,21 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) { - int i,n; - unsigned int b; + unsigned int i, b; + unsigned char pad, padding_good; *outl=0; if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - i = M_do_cipher(ctx, out, NULL, 0); - if (i < 0) + int ret = M_do_cipher(ctx, out, NULL, 0); + if (ret < 0) return 0; else - *outl = i; + *outl = ret; return 1; } - b=ctx->cipher->block_size; + b=(unsigned int)(ctx->cipher->block_size); if (ctx->flags & EVP_CIPH_NO_PADDING) { if(ctx->buf_len) @@ -533,28 +534,34 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsig return(0); } OPENSSL_assert(b <= sizeof ctx->final); - n=ctx->final[b-1]; - if (n == 0 || n > (int)b) + pad=ctx->final[b-1]; + + padding_good = (unsigned char)(~constant_time_is_zero_8(pad)); + padding_good &= constant_time_ge_8(b, pad); + + for (i = 1; i < b; ++i) { - EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); - return(0); + unsigned char is_pad_index = constant_time_lt_8(i, pad); + unsigned char pad_byte_good = constant_time_eq_8(ctx->final[b-i-1], pad); + padding_good &= constant_time_select_8(is_pad_index, pad_byte_good, 0xff); } - for (i=0; ifinal[--b] != n) - { - EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT); - return(0); - } - } - n=ctx->cipher->block_size-n; - for (i=0; ifinal[i]; - *outl=n; + + /* + * At least 1 byte is always padding, so we always write b - 1 + * bytes to avoid a timing leak. The caller is required to have |b| + * bytes space in |out| by the API contract. + */ + for (i = 0; i < b - 1; ++i) + out[i] = ctx->final[i] & padding_good; + /* Safe cast: for a good padding, EVP_MAX_IV_LENGTH >= b >= pad */ + *outl = padding_good & ((unsigned char)(b - pad)); + return padding_good & 1; } else - *outl=0; - return(1); + { + *outl = 0; + return 1; + } } void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) @@ -678,4 +685,3 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out); return 1; } - Index: crypto/openssl/crypto/md5/asm/md5-x86_64.pl =================================================================== --- crypto/openssl/crypto/md5/asm/md5-x86_64.pl (revision 273303) +++ crypto/openssl/crypto/md5/asm/md5-x86_64.pl (working copy) @@ -108,6 +108,7 @@ sub round4_step EOF } +no warnings qw(uninitialized); my $flavour = shift; my $output = shift; if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } @@ -119,7 +120,6 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlat ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or die "can't locate x86_64-xlate.pl"; -no warnings qw(uninitialized); open OUT,"| \"$^X\" $xlate $flavour $output"; *STDOUT=*OUT; Index: crypto/openssl/crypto/modes/modes.h =================================================================== --- crypto/openssl/crypto/modes/modes.h (revision 273303) +++ crypto/openssl/crypto/modes/modes.h (working copy) @@ -7,6 +7,9 @@ #include +#ifdef __cplusplus +extern "C" { +#endif typedef void (*block128_f)(const unsigned char in[16], unsigned char out[16], const void *key); @@ -133,3 +136,6 @@ typedef struct xts128_context XTS128_CONTEXT; int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16], const unsigned char *inp, unsigned char *out, size_t len, int enc); +#ifdef __cplusplus +} +#endif Index: crypto/openssl/crypto/ocsp/ocsp_vfy.c =================================================================== --- crypto/openssl/crypto/ocsp/ocsp_vfy.c (revision 273303) +++ crypto/openssl/crypto/ocsp/ocsp_vfy.c (working copy) @@ -436,8 +436,11 @@ static int ocsp_req_find_signer(X509 **psigner, OC if(!(flags & OCSP_NOINTERN)) { signer = X509_find_by_subject(req->optionalSignature->certs, nm); - *psigner = signer; - return 1; + if (signer) + { + *psigner = signer; + return 1; + } } signer = X509_find_by_subject(certs, nm); Index: crypto/openssl/crypto/opensslconf.h =================================================================== --- crypto/openssl/crypto/opensslconf.h (revision 273303) +++ crypto/openssl/crypto/opensslconf.h (working copy) @@ -1,6 +1,9 @@ /* opensslconf.h */ /* WARNING: Generated automatically from opensslconf.h.in by Configure. */ +#ifdef __cplusplus +extern "C" { +#endif /* OpenSSL was configured with the following options: */ #ifndef OPENSSL_DOING_MAKEDEPEND @@ -233,3 +236,6 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 D #endif /* DES_DEFAULT_OPTIONS */ #endif /* HEADER_DES_LOCL_H */ +#ifdef __cplusplus +} +#endif Index: crypto/openssl/crypto/opensslv.h =================================================================== --- crypto/openssl/crypto/opensslv.h (revision 273303) +++ crypto/openssl/crypto/opensslv.h (working copy) @@ -1,6 +1,10 @@ #ifndef HEADER_OPENSSLV_H #define HEADER_OPENSSLV_H +#ifdef __cplusplus +extern "C" { +#endif + /* Numeric release version identifier: * MNNFFPPS: major minor fix patch status * The status nibble has one of the values 0 for development, 1 to e for betas @@ -25,11 +29,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x1000109fL +#define OPENSSL_VERSION_NUMBER 0x100010afL #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1i-fips 6 Aug 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j-fips 15 Oct 2014" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1i-freebsd 6 Aug 2014" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j-freebsd 15 Oct 2014" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT @@ -86,4 +90,7 @@ #define SHLIB_VERSION_NUMBER "7" +#ifdef __cplusplus +} +#endif #endif /* HEADER_OPENSSLV_H */ Index: crypto/openssl/crypto/ossl_typ.h =================================================================== --- crypto/openssl/crypto/ossl_typ.h (revision 273303) +++ crypto/openssl/crypto/ossl_typ.h (working copy) @@ -55,6 +55,10 @@ #ifndef HEADER_OPENSSL_TYPES_H #define HEADER_OPENSSL_TYPES_H +#ifdef __cplusplus +extern "C" { +#endif + #include #ifdef NO_ASN1_TYPEDEFS @@ -199,4 +203,7 @@ typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; typedef struct ocsp_response_st OCSP_RESPONSE; typedef struct ocsp_responder_id_st OCSP_RESPID; +#ifdef __cplusplus +} +#endif #endif /* def HEADER_OPENSSL_TYPES_H */ Index: crypto/openssl/crypto/pkcs7/pkcs7.h =================================================================== --- crypto/openssl/crypto/pkcs7/pkcs7.h (revision 273303) +++ crypto/openssl/crypto/pkcs7/pkcs7.h (working copy) @@ -233,11 +233,7 @@ DECLARE_PKCS12_STACK_OF(PKCS7) (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) #define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) #define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) -#define PKCS7_type_is_encrypted(a) \ - (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) -#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) - #define PKCS7_set_detached(p,v) \ PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) #define PKCS7_get_detached(p) \ Index: crypto/openssl/crypto/pqueue/pqueue.h =================================================================== --- crypto/openssl/crypto/pqueue/pqueue.h (revision 273303) +++ crypto/openssl/crypto/pqueue/pqueue.h (working copy) @@ -64,6 +64,9 @@ #include #include +#ifdef __cplusplus +extern "C" { +#endif typedef struct _pqueue *pqueue; typedef struct _pitem @@ -91,4 +94,7 @@ pitem *pqueue_next(piterator *iter); void pqueue_print(pqueue pq); int pqueue_size(pqueue pq); +#ifdef __cplusplus +} +#endif #endif /* ! HEADER_PQUEUE_H */ Index: crypto/openssl/crypto/rsa/Makefile =================================================================== --- crypto/openssl/crypto/rsa/Makefile (revision 273303) +++ crypto/openssl/crypto/rsa/Makefile (working copy) @@ -212,7 +212,7 @@ rsa_oaep.o: ../../include/openssl/opensslv.h ../.. rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rsa_oaep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_oaep.o: ../cryptlib.h rsa_oaep.c +rsa_oaep.o: ../constant_time_locl.h ../cryptlib.h rsa_oaep.c rsa_pk1.o: ../../e_os.h ../../include/openssl/asn1.h rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -221,7 +221,8 @@ rsa_pk1.o: ../../include/openssl/lhash.h ../../inc rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c +rsa_pk1.o: ../../include/openssl/symhacks.h ../constant_time_locl.h +rsa_pk1.o: ../cryptlib.h rsa_pk1.c rsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h rsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h rsa_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h Index: crypto/openssl/crypto/rsa/rsa.h =================================================================== --- crypto/openssl/crypto/rsa/rsa.h (revision 273303) +++ crypto/openssl/crypto/rsa/rsa.h (working copy) @@ -559,6 +559,7 @@ void ERR_load_RSA_strings(void); #define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158 #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 #define RSA_R_PADDING_CHECK_FAILED 114 +#define RSA_R_PKCS_DECODING_ERROR 159 #define RSA_R_P_NOT_PRIME 128 #define RSA_R_Q_NOT_PRIME 129 #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 Index: crypto/openssl/crypto/rsa/rsa_err.c =================================================================== --- crypto/openssl/crypto/rsa/rsa_err.c (revision 273303) +++ crypto/openssl/crypto/rsa/rsa_err.c (working copy) @@ -175,6 +175,7 @@ static ERR_STRING_DATA RSA_str_reasons[]= {ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"}, {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"}, {ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, +{ERR_REASON(RSA_R_PKCS_DECODING_ERROR) ,"pkcs decoding error"}, {ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, {ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"}, {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"}, Index: crypto/openssl/crypto/rsa/rsa_oaep.c =================================================================== --- crypto/openssl/crypto/rsa/rsa_oaep.c (revision 273303) +++ crypto/openssl/crypto/rsa/rsa_oaep.c (working copy) @@ -18,6 +18,7 @@ * an equivalent notion. */ +#include "constant_time_locl.h" #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) #include @@ -95,92 +96,117 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to const unsigned char *from, int flen, int num, const unsigned char *param, int plen) { - int i, dblen, mlen = -1; - const unsigned char *maskeddb; - int lzero; - unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; - unsigned char *padded_from; - int bad = 0; + int i, dblen, mlen = -1, one_index = 0, msg_index; + unsigned int good, found_one_byte; + const unsigned char *maskedseed, *maskeddb; + /* |em| is the encoded message, zero-padded to exactly |num| bytes: + * em = Y || maskedSeed || maskedDB */ + unsigned char *db = NULL, *em = NULL, seed[EVP_MAX_MD_SIZE], + phash[EVP_MAX_MD_SIZE]; - if (--num < 2 * SHA_DIGEST_LENGTH + 1) - /* 'num' is the length of the modulus, i.e. does not depend on the - * particular ciphertext. */ + if (tlen <= 0 || flen <= 0) + return -1; + + /* + * |num| is the length of the modulus; |flen| is the length of the + * encoded message. Therefore, for any |from| that was obtained by + * decrypting a ciphertext, we must have |flen| <= |num|. Similarly, + * num < 2 * SHA_DIGEST_LENGTH + 2 must hold for the modulus + * irrespective of the ciphertext, see PKCS #1 v2.2, section 7.1.2. + * This does not leak any side-channel information. + */ + if (num < flen || num < 2 * SHA_DIGEST_LENGTH + 2) goto decoding_err; - lzero = num - flen; - if (lzero < 0) + dblen = num - SHA_DIGEST_LENGTH - 1; + db = OPENSSL_malloc(dblen); + em = OPENSSL_malloc(num); + if (db == NULL || em == NULL) { - /* signalling this error immediately after detection might allow - * for side-channel attacks (e.g. timing if 'plen' is huge - * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal - * Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001), - * so we use a 'bad' flag */ - bad = 1; - lzero = 0; - flen = num; /* don't overflow the memcpy to padded_from */ - } - - dblen = num - SHA_DIGEST_LENGTH; - db = OPENSSL_malloc(dblen + num); - if (db == NULL) - { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); - return -1; + goto cleanup; } - /* Always do this zero-padding copy (even when lzero == 0) - * to avoid leaking timing info about the value of lzero. */ - padded_from = db + dblen; - memset(padded_from, 0, lzero); - memcpy(padded_from + lzero, from, flen); + /* + * Always do this zero-padding copy (even when num == flen) to avoid + * leaking that information. The copy still leaks some side-channel + * information, but it's impossible to have a fixed memory access + * pattern since we can't read out of the bounds of |from|. + * + * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. + */ + memset(em, 0, num); + memcpy(em + num - flen, from, flen); - maskeddb = padded_from + SHA_DIGEST_LENGTH; + /* + * The first byte must be zero, however we must not leak if this is + * true. See James H. Manger, "A Chosen Ciphertext Attack on RSA + * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001). + */ + good = constant_time_is_zero(em[0]); + maskedseed = em + 1; + maskeddb = em + 1 + SHA_DIGEST_LENGTH; + if (MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen)) - return -1; + goto cleanup; for (i = 0; i < SHA_DIGEST_LENGTH; i++) - seed[i] ^= padded_from[i]; - + seed[i] ^= maskedseed[i]; + if (MGF1(db, dblen, seed, SHA_DIGEST_LENGTH)) - return -1; + goto cleanup; for (i = 0; i < dblen; i++) db[i] ^= maskeddb[i]; if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL)) - return -1; + goto cleanup; - if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) + good &= constant_time_is_zero(CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH)); + + found_one_byte = 0; + for (i = SHA_DIGEST_LENGTH; i < dblen; i++) + { + /* Padding consists of a number of 0-bytes, followed by a 1. */ + unsigned int equals1 = constant_time_eq(db[i], 1); + unsigned int equals0 = constant_time_is_zero(db[i]); + one_index = constant_time_select_int(~found_one_byte & equals1, + i, one_index); + found_one_byte |= equals1; + good &= (found_one_byte | equals0); + } + + good &= found_one_byte; + + /* + * At this point |good| is zero unless the plaintext was valid, + * so plaintext-awareness ensures timing side-channels are no longer a + * concern. + */ + if (!good) goto decoding_err; + + msg_index = one_index + 1; + mlen = dblen - msg_index; + + if (tlen < mlen) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); + mlen = -1; + } else { - for (i = SHA_DIGEST_LENGTH; i < dblen; i++) - if (db[i] != 0x00) - break; - if (i == dblen || db[i] != 0x01) - goto decoding_err; - else - { - /* everything looks OK */ - - mlen = dblen - ++i; - if (tlen < mlen) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); - mlen = -1; - } - else - memcpy(to, db + i, mlen); - } + memcpy(to, db + msg_index, mlen); + goto cleanup; } - OPENSSL_free(db); - return mlen; decoding_err: - /* to avoid chosen ciphertext attacks, the error message should not reveal - * which kind of decoding error happened */ + /* To avoid chosen ciphertext attacks, the error message should not reveal + * which kind of decoding error happened. */ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); +cleanup: if (db != NULL) OPENSSL_free(db); - return -1; + if (em != NULL) OPENSSL_free(em); + return mlen; } int PKCS1_MGF1(unsigned char *mask, long len, Index: crypto/openssl/crypto/rsa/rsa_pk1.c =================================================================== --- crypto/openssl/crypto/rsa/rsa_pk1.c (revision 273303) +++ crypto/openssl/crypto/rsa/rsa_pk1.c (working copy) @@ -56,6 +56,8 @@ * [including the GNU Public Licence.] */ +#include "constant_time_locl.h" + #include #include "cryptlib.h" #include @@ -181,44 +183,87 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, const unsigned char *from, int flen, int num) { - int i,j; - const unsigned char *p; + int i; + /* |em| is the encoded message, zero-padded to exactly |num| bytes */ + unsigned char *em = NULL; + unsigned int good, found_zero_byte; + int zero_index = 0, msg_index, mlen = -1; - p=from; - if ((num != (flen+1)) || (*(p++) != 02)) + if (tlen < 0 || flen < 0) + return -1; + + /* PKCS#1 v1.5 decryption. See "PKCS #1 v2.2: RSA Cryptography + * Standard", section 7.2.2. */ + + if (flen > num) + goto err; + + if (num < 11) + goto err; + + em = OPENSSL_malloc(num); + if (em == NULL) { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02); - return(-1); + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); + return -1; } -#ifdef PKCS1_CHECK - return(num-11); -#endif + memset(em, 0, num); + /* + * Always do this zero-padding copy (even when num == flen) to avoid + * leaking that information. The copy still leaks some side-channel + * information, but it's impossible to have a fixed memory access + * pattern since we can't read out of the bounds of |from|. + * + * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. + */ + memcpy(em + num - flen, from, flen); - /* scan over padding data */ - j=flen-1; /* one for type. */ - for (i=0; i tlen) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE); - return(-1); - } - memcpy(to,p,(unsigned int)j); - return(j); + memcpy(to, em + msg_index, mlen); + +err: + if (em != NULL) + OPENSSL_free(em); + if (mlen == -1) + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR); + return mlen; } - Index: crypto/openssl/crypto/rsa/rsa_sign.c =================================================================== --- crypto/openssl/crypto/rsa/rsa_sign.c (revision 273303) +++ crypto/openssl/crypto/rsa/rsa_sign.c (working copy) @@ -151,6 +151,25 @@ int RSA_sign(int type, const unsigned char *m, uns return(ret); } +/* + * Check DigestInfo structure does not contain extraneous data by reencoding + * using DER and checking encoding against original. + */ +static int rsa_check_digestinfo(X509_SIG *sig, const unsigned char *dinfo, int dinfolen) + { + unsigned char *der = NULL; + int derlen; + int ret = 0; + derlen = i2d_X509_SIG(sig, &der); + if (derlen <= 0) + return 0; + if (derlen == dinfolen && !memcmp(dinfo, der, derlen)) + ret = 1; + OPENSSL_cleanse(der, derlen); + OPENSSL_free(der); + return ret; + } + int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len, unsigned char *rm, size_t *prm_len, @@ -228,7 +247,7 @@ int int_rsa_verify(int dtype, const unsigned char if (sig == NULL) goto err; /* Excess data can be used to create forgeries */ - if(p != s+i) + if(p != s+i || !rsa_check_digestinfo(sig, s, i)) { RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE); goto err; Index: crypto/openssl/crypto/stack/safestack.h =================================================================== --- crypto/openssl/crypto/stack/safestack.h (revision 273303) +++ crypto/openssl/crypto/stack/safestack.h (working copy) @@ -57,6 +57,10 @@ #include +#ifdef __cplusplus +extern "C" { +#endif + #ifndef CHECKED_PTR_OF #define CHECKED_PTR_OF(type, p) \ ((void*) (1 ? p : (type*)0)) @@ -2660,4 +2664,8 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) #define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh) /* End of util/mkstack.pl block, you may now edit :-) */ + +#ifdef __cplusplus +} +#endif #endif /* !defined HEADER_SAFESTACK_H */ Index: crypto/openssl/doc/apps/c_rehash.pod =================================================================== --- crypto/openssl/doc/apps/c_rehash.pod (revision 0) +++ crypto/openssl/doc/apps/c_rehash.pod (working copy) @@ -0,0 +1,81 @@ +=pod + +=for comment +Original text by James Westby, contributed under the OpenSSL license. + +=head1 NAME + +c_rehash - Create symbolic links to files named by the hash values + +=head1 SYNOPSIS + +B +[ I...] + +=head1 DESCRIPTION + +B scans directories and calculates a hash value of each C<.pem> +file in the specified directory list and creates symbolic links +for each file, where the name of the link is the hash value. +This utility is useful as many programs that use OpenSSL require +directories to be set up like this in order to find certificates. + +If any directories are named on the command line, then those are +processed in turn. If not, then the B environment variable +is consulted; this shold be a colon-separated list of directories, +like the Unix B variable. +If that is not set then the default directory (installation-specific +but often B) is processed. + +In order for a directory to be processed, the user must have write +permissions on that directory, otherwise it will be skipped. +The links created are of the form C, where each B +is a hexadecimal character and B is a single decimal digit. +When processing a directory, B will first remove all links +that have a name in that syntax. If you have links in that format +used for other purposes, they will be removed. +Hashes for CRL's look similar except the letter B appears after +the period, like this: C. + +Multiple objects may have the same hash; they will be indicated by +incrementing the B value. Duplicates are found by comparing the +full SHA-1 fingerprint. A warning will be displayed if a duplicate +is found. + +A warning will also be displayed if there are B<.pem> files that +cannot be parsed as either a certificate or a CRL. + +The program uses the B program to compute the hashes and +fingerprints. If not found in the user's B, then set the +B environment variable to the full pathname. +Any program can be used, it will be invoked as follows for either +a certificate or CRL: + + $OPENSSL x509 -hash -fingerprint -noout -in FFFFFF + $OPENSSL crl -hash -fingerprint -noout -in FFFFFF + +where B is the filename. It must output the hash of the +file on the first line, and the fingerprint on the second, +optionally prefixed with some text and an equals sign. + +=head1 ENVIRONMENT + +=over + +=item B + +The path to an executable to use to generate hashes and +fingerprints (see above). + +=item B + +Colon separated list of directories to operate on. +Ignored if directories are listed on the command line. + +=back + +=head1 SEE ALSO + +L, +L. +L. Index: crypto/openssl/doc/apps/dgst.pod =================================================================== --- crypto/openssl/doc/apps/dgst.pod (revision 273303) +++ crypto/openssl/doc/apps/dgst.pod (working copy) @@ -2,16 +2,17 @@ =head1 NAME -dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 - message digests +dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 - message digests =head1 SYNOPSIS B B -[B<-md5|-md4|-md2|-sha1|-sha|-mdc2|-ripemd160|-dss1>] +[B<-sha|-sha1|-mdc2|-ripemd160|-sha224|-sha256|-sha384|-sha512|-md2|-md4|-md5|-dss1>] [B<-c>] [B<-d>] [B<-hex>] [B<-binary>] +[B<-r>] [B<-out filename>] [B<-sign filename>] [B<-keyform arg>] @@ -20,17 +21,19 @@ B B [B<-prverify filename>] [B<-signature filename>] [B<-hmac key>] +[B<-non-fips-allow>] +[B<-fips-fingerprint>] [B] -[B] -[B<-c>] -[B<-d>] -[B] +B +[I] +[B<...>] =head1 DESCRIPTION The digest functions output the message digest of a supplied file or files -in hexadecimal form. They can also be used for digital signing and verification. +in hexadecimal. The digest functions also generate and verify digital +signatures using message digests. =head1 OPTIONS @@ -48,12 +51,17 @@ print out BIO debugging information. =item B<-hex> digest is to be output as a hex dump. This is the default case for a "normal" -digest as opposed to a digital signature. +digest as opposed to a digital signature. See NOTES below for digital +signatures using B<-hex>. =item B<-binary> output the digest or signature in binary form. +=item B<-r> + +output the digest in the "coreutils" format used by programs like B. + =item B<-out filename> filename to output to, or standard output by default. @@ -64,8 +72,8 @@ digitally sign the digest using the private key in =item B<-keyform arg> -Specifies the key format to sign digest with. Only PEM and ENGINE -formats are supported by the B command. +Specifies the key format to sign digest with. The DER, PEM, P12, +and ENGINE formats are supported. =item B<-engine id> @@ -117,7 +125,7 @@ Following options are supported by both by B =over 8 =item B - + Specifies MAC key as alphnumeric string (use if key contain printable characters only). String length must conform to any restrictions of the MAC algorithm for example exactly 32 chars for gost-mac. @@ -138,6 +146,15 @@ Multiple files can be specified separated by a OS- The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item B<-non-fips-allow> + +enable use of non-FIPS algorithms such as MD5 even in FIPS mode. + +=item B<-fips-fingerprint> + +compute HMAC using a specific key +for certain OpenSSL-FIPS operations. + =item B file or files to digest. If no files are specified then standard input is @@ -145,18 +162,41 @@ used. =back + +=head1 EXAMPLES + +To create a hex-encoded message digest of a file: + openssl dgst -md5 -hex file.txt + +To sign a file using SHA-256 with binary file output: + openssl dgst -sha256 -sign privatekey.pem -out signature.sign file.txt + +To verify a signature: + openssl dgst -sha256 -verify publickey.pem \ + -signature signature.sign \ + file.txt + + =head1 NOTES The digest of choice for all new applications is SHA1. Other digests are however still widely used. -If you wish to sign or verify data using the DSA algorithm then the dss1 -digest must be used. +When signing a file, B will automatically determine the algorithm +(RSA, ECC, etc) to use for signing based on the private key's ASN.1 info. +When verifying signatures, it only handles the RSA, DSA, or ECDSA signature +itself, not the related data to identify the signer and algorithm used in +formats such as x.509, CMS, and S/MIME. A source of random numbers is required for certain signing algorithms, in -particular DSA. +particular ECDSA and DSA. The signing and verify options should only be used if a single file is being signed or verified. +Hex signatures cannot be verified using B. Instead, use "xxd -r" +or similar program to transform the hex signature into a binary signature +prior to verification. + + =cut Index: crypto/openssl/doc/crypto/BIO_s_accept.pod =================================================================== --- crypto/openssl/doc/crypto/BIO_s_accept.pod (revision 273303) +++ crypto/openssl/doc/crypto/BIO_s_accept.pod (working copy) @@ -59,8 +59,8 @@ the accept socket. See L BIO_set_accept_port() uses the string B to set the accept port. The port is represented as a string of the form "host:port", where "host" is the interface to use and "port" is the port. -Either or both values can be "*" which is interpreted as meaning -any interface or port respectively. "port" has the same syntax +The host can be can be "*" which is interpreted as meaning +any interface; "port" has the same syntax as the port specified in BIO_set_conn_port() for connect BIOs, that is it can be a numerical port string or a string to lookup using getservbyname() and a string table. Index: crypto/openssl/doc/crypto/CMS_add1_signer.pod =================================================================== --- crypto/openssl/doc/crypto/CMS_add1_signer.pod (revision 0) +++ crypto/openssl/doc/crypto/CMS_add1_signer.pod (working copy) @@ -0,0 +1,101 @@ +=pod + +=head1 NAME + + CMS_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo signed data structure. + +=head1 SYNOPSIS + + #include + + CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, unsigned int flags); + + int CMS_SignerInfo_sign(CMS_SignerInfo *si); + + +=head1 DESCRIPTION + +CMS_add1_signer() adds a signer with certificate B and private +key B using message digest B to CMS_ContentInfo SignedData +structure B. + +The CMS_ContentInfo structure should be obtained from an initial call to +CMS_sign() with the flag B set or in the case or re-signing a +valid CMS_ContentInfo SignedData structure. + +If the B parameter is B then the default digest for the public +key algorithm will be used. + +Unless the B flag is set the returned CMS_ContentInfo +structure is not complete and must be finalized either by streaming (if +applicable) or a call to CMS_final(). + +The CMS_SignerInfo_sign() function will explicitly sign a CMS_SignerInfo +structure, its main use is when B and B flags +are both set. + +=head1 NOTES + +The main purpose of CMS_add1_signer() is to provide finer control +over a CMS signed data structure where the simpler CMS_sign() function defaults +are not appropriate. For example if multiple signers or non default digest +algorithms are needed. New attributes can also be added using the returned +CMS_SignerInfo structure and the CMS attribute utility functions or the +CMS signed receipt request functions. + +Any of the following flags (ored together) can be passed in the B +parameter. + +If B is set then an attempt is made to copy the content +digest value from the CMS_ContentInfo structure: to add a signer to an existing +structure. An error occurs if a matching digest value cannot be found to copy. +The returned CMS_ContentInfo structure will be valid and finalized when this +flag is set. + +If B is set in addition to B then the +CMS_SignerInfo structure will not be finalized so additional attributes +can be added. In this case an explicit call to CMS_SignerInfo_sign() is +needed to finalize it. + +If B is set the signer's certificate will not be included in the +CMS_ContentInfo structure, the signer's certificate must still be supplied in +the B parameter though. This can reduce the size of the signature if +the signers certificate can be obtained by other means: for example a +previously signed message. + +The SignedData structure includes several CMS signedAttributes including the +signing time, the CMS content type and the supported list of ciphers in an +SMIMECapabilities attribute. If B is set then no signedAttributes +will be used. If B is set then just the SMIMECapabilities are +omitted. + +OpenSSL will by default identify signing certificates using issuer name +and serial number. If B is set it will use the subject key +identifier value instead. An error occurs if the signing certificate does not +have a subject key identifier extension. + +If present the SMIMECapabilities attribute indicates support for the following +algorithms in preference order: 256 bit AES, Gost R3411-94, Gost 28147-89, 192 +bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. +If any of these algorithms is not available then it will not be included: for example the GOST algorithms will not be included if the GOST ENGINE is +not loaded. + +CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo +structure just added, this can be used to set additional attributes +before it is finalized. + +=head1 RETURN VALUES + +CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo +structure just added or NULL if an error occurs. + +=head1 SEE ALSO + +L, L, +L, + +=head1 HISTORY + +CMS_add1_signer() was added to OpenSSL 0.9.8 + +=cut Index: crypto/openssl/doc/crypto/CMS_sign_add1_signer.pod =================================================================== --- crypto/openssl/doc/crypto/CMS_sign_add1_signer.pod (revision 273303) +++ crypto/openssl/doc/crypto/CMS_sign_add1_signer.pod (working copy) @@ -1,101 +0,0 @@ -=pod - -=head1 NAME - - CMS_sign_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo signed data structure. - -=head1 SYNOPSIS - - #include - - CMS_SignerInfo *CMS_sign_add1_signer(CMS_ContentInfo *cms, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, unsigned int flags); - - int CMS_SignerInfo_sign(CMS_SignerInfo *si); - - -=head1 DESCRIPTION - -CMS_sign_add1_signer() adds a signer with certificate B and private -key B using message digest B to CMS_ContentInfo SignedData -structure B. - -The CMS_ContentInfo structure should be obtained from an initial call to -CMS_sign() with the flag B set or in the case or re-signing a -valid CMS_ContentInfo SignedData structure. - -If the B parameter is B then the default digest for the public -key algorithm will be used. - -Unless the B flag is set the returned CMS_ContentInfo -structure is not complete and must be finalized either by streaming (if -applicable) or a call to CMS_final(). - -The CMS_SignerInfo_sign() function will explicitly sign a CMS_SignerInfo -structure, its main use is when B and B flags -are both set. - -=head1 NOTES - -The main purpose of CMS_sign_add1_signer() is to provide finer control -over a CMS signed data structure where the simpler CMS_sign() function defaults -are not appropriate. For example if multiple signers or non default digest -algorithms are needed. New attributes can also be added using the returned -CMS_SignerInfo structure and the CMS attribute utility functions or the -CMS signed receipt request functions. - -Any of the following flags (ored together) can be passed in the B -parameter. - -If B is set then an attempt is made to copy the content -digest value from the CMS_ContentInfo structure: to add a signer to an existing -structure. An error occurs if a matching digest value cannot be found to copy. -The returned CMS_ContentInfo structure will be valid and finalized when this -flag is set. - -If B is set in addition to B then the -CMS_SignerInfo structure will not be finalized so additional attributes -can be added. In this case an explicit call to CMS_SignerInfo_sign() is -needed to finalize it. - -If B is set the signer's certificate will not be included in the -CMS_ContentInfo structure, the signer's certificate must still be supplied in -the B parameter though. This can reduce the size of the signature if -the signers certificate can be obtained by other means: for example a -previously signed message. - -The SignedData structure includes several CMS signedAttributes including the -signing time, the CMS content type and the supported list of ciphers in an -SMIMECapabilities attribute. If B is set then no signedAttributes -will be used. If B is set then just the SMIMECapabilities are -omitted. - -OpenSSL will by default identify signing certificates using issuer name -and serial number. If B is set it will use the subject key -identifier value instead. An error occurs if the signing certificate does not -have a subject key identifier extension. - -If present the SMIMECapabilities attribute indicates support for the following -algorithms in preference order: 256 bit AES, Gost R3411-94, Gost 28147-89, 192 -bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. -If any of these algorithms is not available then it will not be included: for example the GOST algorithms will not be included if the GOST ENGINE is -not loaded. - -CMS_sign_add1_signer() returns an internal pointer to the CMS_SignerInfo -structure just added, this can be used to set additional attributes -before it is finalized. - -=head1 RETURN VALUES - -CMS_sign1_add_signers() returns an internal pointer to the CMS_SignerInfo -structure just added or NULL if an error occurs. - -=head1 SEE ALSO - -L, L, -L, - -=head1 HISTORY - -CMS_sign_add1_signer() was added to OpenSSL 0.9.8 - -=cut Index: crypto/openssl/doc/crypto/EVP_DigestInit.pod =================================================================== --- crypto/openssl/doc/crypto/EVP_DigestInit.pod (revision 273303) +++ crypto/openssl/doc/crypto/EVP_DigestInit.pod (working copy) @@ -26,13 +26,13 @@ EVP digest routines int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); - int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); + int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); - int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); + int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); #define EVP_MAX_MD_SIZE 64 /* SHA512 */ @@ -136,10 +136,10 @@ reasons. EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160() return B structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2 -and RIPEMD160 digest algorithms respectively. +and RIPEMD160 digest algorithms respectively. EVP_dss() and EVP_dss1() return B structures for SHA and SHA1 digest -algorithms but using DSS (DSA) for the signature algorithm. Note: there is +algorithms but using DSS (DSA) for the signature algorithm. Note: there is no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are however retained for compatibility. @@ -177,21 +177,21 @@ The B interface to message digests should alm preference to the low level interfaces. This is because the code then becomes transparent to the digest used and much more flexible. -New applications should use the SHA2 digest algorithms such as SHA256. +New applications should use the SHA2 digest algorithms such as SHA256. The other digest algorithms are still in common use. For most applications the B parameter to EVP_DigestInit_ex() will be set to NULL to use the default digest implementation. -The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are +The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are obsolete but are retained to maintain compatibility with existing code. New -applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and +applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context instead of initializing and cleaning it up on each call and allow non default implementations of digests to be specified. In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use -memory leaks will occur. +memory leaks will occur. Stack allocation of EVP_MD_CTX structures is common, for example: @@ -245,15 +245,19 @@ digest name passed on the command line. EVP_MD_CTX_destroy(mdctx); printf("Digest is: "); - for(i = 0; i < md_len; i++) printf("%02x", md_value[i]); + for(i = 0; i < md_len; i++) + printf("%02x", md_value[i]); printf("\n"); + + /* Call this once before exit. */ + EVP_cleanup(); + exit(0); } =head1 SEE ALSO -L, L, L, -L, L, L, -L, L +L, +L =head1 HISTORY @@ -269,7 +273,7 @@ EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd16 changed to return truely const EVP_MD * in OpenSSL 0.9.7. The link between digests and signing algorithms was fixed in OpenSSL 1.0 and -later, so now EVP_sha1() can be used with RSA and DSA, there is no need to +later, so now EVP_sha1() can be used with RSA and DSA; there is no need to use EVP_dss1() any more. OpenSSL 1.0 and later does not include the MD2 digest algorithm in the Index: crypto/openssl/doc/crypto/EVP_DigestVerifyInit.pod =================================================================== --- crypto/openssl/doc/crypto/EVP_DigestVerifyInit.pod (revision 273303) +++ crypto/openssl/doc/crypto/EVP_DigestVerifyInit.pod (working copy) @@ -38,7 +38,7 @@ or a negative value for failure. In particular a r the operation is not supported by the public key algorithm. Unlike other functions the return value 0 from EVP_DigestVerifyFinal() only -indicates that the signature did not not verify successfully (that is tbs did +indicates that the signature did not verify successfully (that is tbs did not match the original data or the signature was of invalid form) it is not an indication of a more serious error. @@ -59,7 +59,7 @@ For some key types and parameters the random numbe or the operation will fail. The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest -context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can +context. This means that EVP_VerifyUpdate() and EVP_VerifyFinal() can be called later to digest and verify additional data. Since only a copy of the digest context is ever finalized the context must Index: crypto/openssl/doc/crypto/EVP_EncryptInit.pod =================================================================== --- crypto/openssl/doc/crypto/EVP_EncryptInit.pod (revision 273303) +++ crypto/openssl/doc/crypto/EVP_EncryptInit.pod (working copy) @@ -387,28 +387,8 @@ for certain common S/MIME ciphers (RC2, DES, tripl =head1 EXAMPLES -Get the number of rounds used in RC5: +Encrypt a string using IDEA: - int nrounds; - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds); - -Get the RC2 effective key length: - - int key_bits; - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits); - -Set the number of rounds used in RC5: - - int nrounds; - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL); - -Set the effective key length used in RC2: - - int key_bits; - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); - -Encrypt a string using blowfish: - int do_crypt(char *outfile) { unsigned char outbuf[1024]; @@ -421,8 +401,9 @@ for certain common S/MIME ciphers (RC2, DES, tripl char intext[] = "Some Crypto Text"; EVP_CIPHER_CTX ctx; FILE *out; + EVP_CIPHER_CTX_init(&ctx); - EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv); + EVP_EncryptInit_ex(&ctx, EVP_idea_cbc(), NULL, key, iv); if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext))) { @@ -451,28 +432,34 @@ for certain common S/MIME ciphers (RC2, DES, tripl } The ciphertext from the above example can be decrypted using the B -utility with the command line: +utility with the command line (shown on two lines for clarity): - S + openssl idea -d or B if the key is not of the correct type. -EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH() +EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH() and EVP_PKEY_assign_EC_KEY() also set the referenced key to B however these use the supplied B internally and so B will be freed when the parent B is freed. @@ -54,8 +54,8 @@ In accordance with the OpenSSL naming convention t from or assigned to the B using the B<1> functions must be freed as well as B. -EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH() -EVP_PKEY_assign_EC_KEY() are implemented as macros. +EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH() +and EVP_PKEY_assign_EC_KEY() are implemented as macros. =head1 RETURN VALUES @@ -66,7 +66,7 @@ EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY EVP_PKEY_get1_EC_KEY() return the referenced key or B if an error occurred. -EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH() +EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH() and EVP_PKEY_assign_EC_KEY() return 1 for success and 0 for failure. =head1 SEE ALSO Index: crypto/openssl/doc/crypto/EVP_PKEY_sign.pod =================================================================== --- crypto/openssl/doc/crypto/EVP_PKEY_sign.pod (revision 273303) +++ crypto/openssl/doc/crypto/EVP_PKEY_sign.pod (working copy) @@ -28,9 +28,14 @@ B and the amount of data written to B =head1 NOTES +EVP_PKEY_sign() does not hash the data to be signed, and therefore is +normally used to sign digests. For signing arbitrary messages, see the +L and +L signing interfaces instead. + After the call to EVP_PKEY_sign_init() algorithm specific control operations can be performed to set any appropriate parameters for the -operation. +operation (see L). The function EVP_PKEY_sign() can be called more than once on the same context if several operations are performed using the same parameters. @@ -49,13 +54,17 @@ Sign data using RSA with PKCS#1 padding and SHA256 #include EVP_PKEY_CTX *ctx; + /* md is a SHA-256 digest in this example. */ unsigned char *md, *sig; - size_t mdlen, siglen; + size_t mdlen = 32, siglen; EVP_PKEY *signing_key; - /* NB: assumes signing_key, md and mdlen are already set up - * and that signing_key is an RSA private key + + /* + * NB: assumes signing_key and md are set up before the next + * step. signing_key must be an RSA private key and md must + * point to the SHA-256 digest to be signed. */ - ctx = EVP_PKEY_CTX_new(signing_key); + ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */); if (!ctx) /* Error occurred */ if (EVP_PKEY_sign_init(ctx) <= 0) @@ -83,6 +92,7 @@ Sign data using RSA with PKCS#1 padding and SHA256 =head1 SEE ALSO L, +L, L, L, L, Index: crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod =================================================================== --- crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod (revision 273303) +++ crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod (working copy) @@ -48,12 +48,13 @@ even if he gets hold of the normal (certified) key only used for signing. In order to perform a DH key exchange the server must use a DH group -(DH parameters) and generate a DH key. The server will always generate a new -DH key during the negotiation, when the DH parameters are supplied via -callback and/or when the SSL_OP_SINGLE_DH_USE option of -L is set. It will -immediately create a DH key, when DH parameters are supplied via -SSL_CTX_set_tmp_dh() and SSL_OP_SINGLE_DH_USE is not set. In this case, +(DH parameters) and generate a DH key. +The server will always generate a new DH key during the negotiation +if either the DH parameters are supplied via callback or the +SSL_OP_SINGLE_DH_USE option of SSL_CTX_set_options(3) is set (or both). +It will immediately create a DH key if DH parameters are supplied via +SSL_CTX_set_tmp_dh() and SSL_OP_SINGLE_DH_USE is not set. +In this case, it may happen that a key is generated on initialization without later being needed, while on the other hand the computer time during the negotiation is being saved. @@ -139,7 +140,7 @@ partly left out.) dh_tmp = dh_512; break; case 1024: - if (!dh_1024) + if (!dh_1024) dh_1024 = get_dh1024(); dh_tmp = dh_1024; break; Index: crypto/openssl/e_os.h =================================================================== --- crypto/openssl/e_os.h (revision 273303) +++ crypto/openssl/e_os.h (working copy) @@ -373,8 +373,17 @@ static unsigned int _strlen31(const char *str) # define check_winnt() (1) #else # define check_winnt() (GetVersion() < 0x80000000) -#endif +#endif +/* + * Visual Studio: inline is available in C++ only, however + * __inline is available for C, see + * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx + */ +#if defined(_MSC_VER) && !defined(__cplusplus) && !defined(inline) +# define inline __inline +#endif + #else /* The non-microsoft world */ # ifdef OPENSSL_SYS_VMS @@ -738,4 +747,3 @@ struct servent *getservbyname(const char *name, co #endif #endif - Index: crypto/openssl/ssl/Makefile =================================================================== --- crypto/openssl/ssl/Makefile (revision 273303) +++ crypto/openssl/ssl/Makefile (working copy) @@ -547,26 +547,27 @@ s3_both.o: ../include/openssl/ssl23.h ../include/o s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h s3_both.o: ../include/openssl/x509_vfy.h s3_both.c ssl_locl.h -s3_cbc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s3_cbc.o: ../include/openssl/buffer.h ../include/openssl/comp.h -s3_cbc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h -s3_cbc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -s3_cbc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s3_cbc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s3_cbc.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s3_cbc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s3_cbc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -s3_cbc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_cbc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s3_cbc.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s3_cbc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -s3_cbc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_cbc.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s3_cbc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_cbc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_cbc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_cbc.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_cbc.o: ../include/openssl/x509_vfy.h s3_cbc.c ssl_locl.h +s3_cbc.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h +s3_cbc.o: ../include/openssl/bio.h ../include/openssl/buffer.h +s3_cbc.o: ../include/openssl/comp.h ../include/openssl/crypto.h +s3_cbc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h +s3_cbc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s3_cbc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +s3_cbc.o: ../include/openssl/err.h ../include/openssl/evp.h +s3_cbc.o: ../include/openssl/hmac.h ../include/openssl/kssl.h +s3_cbc.o: ../include/openssl/lhash.h ../include/openssl/md5.h +s3_cbc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s3_cbc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s3_cbc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s3_cbc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s3_cbc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s3_cbc.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_cbc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s3_cbc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_cbc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_cbc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_cbc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_cbc.c +s3_cbc.o: ssl_locl.h s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -671,28 +672,29 @@ s3_pkt.o: ../include/openssl/ssl23.h ../include/op s3_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h s3_pkt.o: ../include/openssl/x509_vfy.h s3_pkt.c ssl_locl.h -s3_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h -s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h -s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h -s3_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -s3_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s3_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s3_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s3_srvr.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h -s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md5.h -s3_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s3_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_srvr.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_srvr.c ssl_locl.h +s3_srvr.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h +s3_srvr.o: ../include/openssl/bio.h ../include/openssl/bn.h +s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h +s3_srvr.o: ../include/openssl/crypto.h ../include/openssl/dh.h +s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h +s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +s3_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +s3_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h +s3_srvr.o: ../include/openssl/hmac.h ../include/openssl/krb5_asn.h +s3_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s3_srvr.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s3_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s3_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h +s3_srvr.o: s3_srvr.c ssl_locl.h ssl_algs.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_algs.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_algs.o: ../include/openssl/crypto.h ../include/openssl/dsa.h Index: crypto/openssl/ssl/d1_both.c =================================================================== --- crypto/openssl/ssl/d1_both.c (revision 273303) +++ crypto/openssl/ssl/d1_both.c (working copy) @@ -1492,6 +1492,9 @@ dtls1_process_heartbeat(SSL *s) /* Read type and payload length first */ if (1 + 2 + 16 > s->s3->rrec.length) return 0; /* silently discard */ + if (s->s3->rrec.length > SSL3_RT_MAX_PLAIN_LENGTH) + return 0; /* silently discard per RFC 6520 sec. 4 */ + hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) Index: crypto/openssl/ssl/d1_lib.c =================================================================== --- crypto/openssl/ssl/d1_lib.c (revision 273303) +++ crypto/openssl/ssl/d1_lib.c (working copy) @@ -266,6 +266,16 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void * case DTLS_CTRL_LISTEN: ret = dtls1_listen(s, parg); break; + case SSL_CTRL_CHECK_PROTO_VERSION: + /* For library-internal use; checks that the current protocol + * is the highest enabled version (according to s->ctx->method, + * as version negotiation may have changed s->method). */ +#if DTLS_MAX_VERSION != DTLS1_VERSION +# error Code needs update for DTLS_method() support beyond DTLS1_VERSION. +#endif + /* Just one protocol version is supported so far; + * fail closed if the version is not as expected. */ + return s->version == DTLS_MAX_VERSION; default: ret = ssl3_ctrl(s, cmd, larg, parg); Index: crypto/openssl/ssl/d1_srtp.c =================================================================== --- crypto/openssl/ssl/d1_srtp.c (revision 273303) +++ crypto/openssl/ssl/d1_srtp.c (working copy) @@ -168,25 +168,6 @@ static int find_profile_by_name(char *profile_name return 1; } -static int find_profile_by_num(unsigned profile_num, - SRTP_PROTECTION_PROFILE **pptr) - { - SRTP_PROTECTION_PROFILE *p; - - p=srtp_known_profiles; - while(p->name) - { - if(p->id == profile_num) - { - *pptr=p; - return 0; - } - p++; - } - - return 1; - } - static int ssl_ctx_make_profiles(const char *profiles_string,STACK_OF(SRTP_PROTECTION_PROFILE) **out) { STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; @@ -209,11 +190,19 @@ static int ssl_ctx_make_profiles(const char *profi if(!find_profile_by_name(ptr,&p, col ? col-ptr : (int)strlen(ptr))) { + if (sk_SRTP_PROTECTION_PROFILE_find(profiles,p) >= 0) + { + SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST); + sk_SRTP_PROTECTION_PROFILE_free(profiles); + return 1; + } + sk_SRTP_PROTECTION_PROFILE_push(profiles,p); } else { SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); + sk_SRTP_PROTECTION_PROFILE_free(profiles); return 1; } @@ -305,13 +294,12 @@ int ssl_add_clienthello_use_srtp_ext(SSL *s, unsig int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al) { - SRTP_PROTECTION_PROFILE *cprof,*sprof; - STACK_OF(SRTP_PROTECTION_PROFILE) *clnt=0,*srvr; + SRTP_PROTECTION_PROFILE *sprof; + STACK_OF(SRTP_PROTECTION_PROFILE) *srvr; int ct; int mki_len; - int i,j; - int id; - int ret; + int i, srtp_pref; + unsigned int id; /* Length value + the MKI length */ if(len < 3) @@ -341,9 +329,11 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, uns return 1; } + srvr=SSL_get_srtp_profiles(s); + s->srtp_profile = NULL; + /* Search all profiles for a match initially */ + srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr); - clnt=sk_SRTP_PROTECTION_PROFILE_new_null(); - while(ct) { n2s(d,id); @@ -350,14 +340,22 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, uns ct-=2; len-=2; - if(!find_profile_by_num(id,&cprof)) + /* + * Only look for match in profiles of higher preference than + * current match. + * If no profiles have been have been configured then this + * does nothing. + */ + for (i = 0; i < srtp_pref; i++) { - sk_SRTP_PROTECTION_PROFILE_push(clnt,cprof); + sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i); + if (sprof->id == id) + { + s->srtp_profile = sprof; + srtp_pref = i; + break; + } } - else - { - ; /* Ignore */ - } } /* Now extract the MKI value as a sanity check, but discard it for now */ @@ -371,36 +369,7 @@ int ssl_parse_clienthello_use_srtp_ext(SSL *s, uns return 1; } - srvr=SSL_get_srtp_profiles(s); - - /* Pick our most preferred profile. If no profiles have been - configured then the outer loop doesn't run - (sk_SRTP_PROTECTION_PROFILE_num() = -1) - and so we just return without doing anything */ - for(i=0;iid==sprof->id) - { - s->srtp_profile=sprof; - *al=0; - ret=0; - goto done; - } - } - } - - ret=0; - -done: - if(clnt) sk_SRTP_PROTECTION_PROFILE_free(clnt); - - return ret; + return 0; } int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen) Index: crypto/openssl/ssl/dtls1.h =================================================================== --- crypto/openssl/ssl/dtls1.h (revision 273303) +++ crypto/openssl/ssl/dtls1.h (working copy) @@ -84,6 +84,8 @@ extern "C" { #endif #define DTLS1_VERSION 0xFEFF +#define DTLS_MAX_VERSION DTLS1_VERSION + #define DTLS1_BAD_VER 0x0100 #if 0 @@ -284,4 +286,3 @@ typedef struct dtls1_record_data_st } #endif #endif - Index: crypto/openssl/ssl/s23_clnt.c =================================================================== --- crypto/openssl/ssl/s23_clnt.c (revision 273303) +++ crypto/openssl/ssl/s23_clnt.c (working copy) @@ -125,9 +125,11 @@ static const SSL_METHOD *ssl23_get_client_method(i if (ver == SSL2_VERSION) return(SSLv2_client_method()); #endif +#ifndef OPENSSL_NO_SSL3 if (ver == SSL3_VERSION) return(SSLv3_client_method()); - else if (ver == TLS1_VERSION) +#endif + if (ver == TLS1_VERSION) return(TLSv1_client_method()); else if (ver == TLS1_1_VERSION) return(TLSv1_1_client_method()); @@ -698,6 +700,7 @@ static int ssl23_get_server_hello(SSL *s) { /* we have sslv3 or tls1 (server hello or alert) */ +#ifndef OPENSSL_NO_SSL3 if ((p[2] == SSL3_VERSION_MINOR) && !(s->options & SSL_OP_NO_SSLv3)) { @@ -712,7 +715,9 @@ static int ssl23_get_server_hello(SSL *s) s->version=SSL3_VERSION; s->method=SSLv3_client_method(); } - else if ((p[2] == TLS1_VERSION_MINOR) && + else +#endif + if ((p[2] == TLS1_VERSION_MINOR) && !(s->options & SSL_OP_NO_TLSv1)) { s->version=TLS1_VERSION; @@ -736,6 +741,9 @@ static int ssl23_get_server_hello(SSL *s) goto err; } + /* ensure that TLS_MAX_VERSION is up-to-date */ + OPENSSL_assert(s->version <= TLS_MAX_VERSION); + if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) { /* fatal alert */ Index: crypto/openssl/ssl/s23_srvr.c =================================================================== --- crypto/openssl/ssl/s23_srvr.c (revision 273303) +++ crypto/openssl/ssl/s23_srvr.c (working copy) @@ -127,9 +127,11 @@ static const SSL_METHOD *ssl23_get_server_method(i if (ver == SSL2_VERSION) return(SSLv2_server_method()); #endif +#ifndef OPENSSL_NO_SSL3 if (ver == SSL3_VERSION) return(SSLv3_server_method()); - else if (ver == TLS1_VERSION) +#endif + if (ver == TLS1_VERSION) return(TLSv1_server_method()); else if (ver == TLS1_1_VERSION) return(TLSv1_1_server_method()); @@ -421,6 +423,9 @@ int ssl23_get_client_hello(SSL *s) } } + /* ensure that TLS_MAX_VERSION is up-to-date */ + OPENSSL_assert(s->version <= TLS_MAX_VERSION); + #ifdef OPENSSL_FIPS if (FIPS_mode() && (s->version < TLS1_VERSION)) { @@ -597,6 +602,12 @@ int ssl23_get_client_hello(SSL *s) if ((type == 2) || (type == 3)) { /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */ + s->method = ssl23_get_server_method(s->version); + if (s->method == NULL) + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); + goto err; + } if (!ssl_init_wbio_buffer(s,1)) goto err; @@ -624,14 +635,6 @@ int ssl23_get_client_hello(SSL *s) s->s3->rbuf.left=0; s->s3->rbuf.offset=0; } - if (s->version == TLS1_2_VERSION) - s->method = TLSv1_2_server_method(); - else if (s->version == TLS1_1_VERSION) - s->method = TLSv1_1_server_method(); - else if (s->version == TLS1_VERSION) - s->method = TLSv1_server_method(); - else - s->method = SSLv3_server_method(); #if 0 /* ssl3_get_client_hello does this */ s->client_version=(v[0]<<8)|v[1]; #endif Index: crypto/openssl/ssl/s2_lib.c =================================================================== --- crypto/openssl/ssl/s2_lib.c (revision 273303) +++ crypto/openssl/ssl/s2_lib.c (working copy) @@ -391,6 +391,8 @@ long ssl2_ctrl(SSL *s, int cmd, long larg, void *p case SSL_CTRL_GET_SESSION_REUSED: ret=s->hit; break; + case SSL_CTRL_CHECK_PROTO_VERSION: + return ssl3_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, larg, parg); default: break; } @@ -437,7 +439,7 @@ int ssl2_put_cipher_by_char(const SSL_CIPHER *c, u if (p != NULL) { l=c->id; - if ((l & 0xff000000) != 0x02000000) return(0); + if ((l & 0xff000000) != 0x02000000 && l != SSL3_CK_FALLBACK_SCSV) return(0); p[0]=((unsigned char)(l>>16L))&0xFF; p[1]=((unsigned char)(l>> 8L))&0xFF; p[2]=((unsigned char)(l ))&0xFF; Index: crypto/openssl/ssl/s3_cbc.c =================================================================== --- crypto/openssl/ssl/s3_cbc.c (revision 273303) +++ crypto/openssl/ssl/s3_cbc.c (working copy) @@ -53,6 +53,7 @@ * */ +#include "../crypto/constant_time_locl.h" #include "ssl_locl.h" #include @@ -67,37 +68,6 @@ * supported by TLS.) */ #define MAX_HASH_BLOCK_SIZE 128 -/* Some utility functions are needed: - * - * These macros return the given value with the MSB copied to all the other - * bits. They use the fact that arithmetic shift shifts-in the sign bit. - * However, this is not ensured by the C standard so you may need to replace - * them with something else on odd CPUs. */ -#define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) ) -#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x))) - -/* constant_time_lt returns 0xff if a=b and 0x00 otherwise. */ -static unsigned constant_time_ge(unsigned a, unsigned b) - { - a -= b; - return DUPLICATE_MSB_TO_ALL(~a); - } - -/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */ -static unsigned char constant_time_eq_8(unsigned a, unsigned b) - { - unsigned c = a ^ b; - c--; - return DUPLICATE_MSB_TO_ALL_8(c); - } - /* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC * record in |rec| by updating |rec->length| in constant time. * @@ -126,8 +96,8 @@ int ssl3_cbc_remove_padding(const SSL* s, padding_length = good & (padding_length+1); rec->length -= padding_length; rec->type |= padding_length<<8; /* kludge: pass padding length */ - return (int)((good & 1) | (~good & -1)); -} + return constant_time_select_int(good, 1, -1); + } /* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC * record in |rec| in constant time and returns 1 if the padding is valid and @@ -208,7 +178,7 @@ int tls1_cbc_remove_padding(const SSL* s, for (i = 0; i < to_check; i++) { - unsigned char mask = constant_time_ge(padding_length, i); + unsigned char mask = constant_time_ge_8(padding_length, i); unsigned char b = rec->data[rec->length-1-i]; /* The final |padding_length+1| bytes should all have the value * |padding_length|. Therefore the XOR should be zero. */ @@ -216,20 +186,14 @@ int tls1_cbc_remove_padding(const SSL* s, } /* If any of the final |padding_length+1| bytes had the wrong value, - * one or more of the lower eight bits of |good| will be cleared. We - * AND the bottom 8 bits together and duplicate the result to all the - * bits. */ - good &= good >> 4; - good &= good >> 2; - good &= good >> 1; - good <<= sizeof(good)*8-1; - good = DUPLICATE_MSB_TO_ALL(good); - + * one or more of the lower eight bits of |good| will be cleared. + */ + good = constant_time_eq(0xff, good & 0xff); padding_length = good & (padding_length+1); rec->length -= padding_length; rec->type |= padding_length<<8; /* kludge: pass padding length */ - return (int)((good & 1) | (~good & -1)); + return constant_time_select_int(good, 1, -1); } /* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in @@ -296,8 +260,8 @@ void ssl3_cbc_copy_mac(unsigned char* out, memset(rotated_mac, 0, md_size); for (i = scan_start, j = 0; i < orig_len; i++) { - unsigned char mac_started = constant_time_ge(i, mac_start); - unsigned char mac_ended = constant_time_ge(i, mac_end); + unsigned char mac_started = constant_time_ge_8(i, mac_start); + unsigned char mac_ended = constant_time_ge_8(i, mac_end); unsigned char b = rec->data[i]; rotated_mac[j++] |= b & mac_started & ~mac_ended; j &= constant_time_lt(j,md_size); @@ -683,12 +647,12 @@ void ssl3_cbc_digest_record( b = data[k-header_length]; k++; - is_past_c = is_block_a & constant_time_ge(j, c); - is_past_cp1 = is_block_a & constant_time_ge(j, c+1); + is_past_c = is_block_a & constant_time_ge_8(j, c); + is_past_cp1 = is_block_a & constant_time_ge_8(j, c+1); /* If this is the block containing the end of the * application data, and we are at the offset for the * 0x80 value, then overwrite b with 0x80. */ - b = (b&~is_past_c) | (0x80&is_past_c); + b = constant_time_select_8(is_past_c, 0x80, b); /* If this the the block containing the end of the * application data and we're past the 0x80 value then * just write zero. */ @@ -704,7 +668,8 @@ void ssl3_cbc_digest_record( if (j >= md_block_size - md_length_size) { /* If this is index_b, write a length byte. */ - b = (b&~is_block_b) | (is_block_b&length_bytes[j-(md_block_size-md_length_size)]); + b = constant_time_select_8( + is_block_b, length_bytes[j-(md_block_size-md_length_size)], b); } block[j] = b; } Index: crypto/openssl/ssl/s3_clnt.c =================================================================== --- crypto/openssl/ssl/s3_clnt.c (revision 273303) +++ crypto/openssl/ssl/s3_clnt.c (working copy) @@ -326,9 +326,9 @@ int ssl3_connect(SSL *s) break; } #endif - /* Check if it is anon DH/ECDH */ + /* Check if it is anon DH/ECDH, SRP auth */ /* or PSK */ - if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && + if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP)) && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { ret=ssl3_get_server_certificate(s); @@ -1277,8 +1277,8 @@ int ssl3_get_key_exchange(SSL *s) #endif EVP_MD_CTX md_ctx; unsigned char *param,*p; - int al,i,j,param_len,ok; - long n,alg_k,alg_a; + int al,j,ok; + long i,param_len,n,alg_k,alg_a; EVP_PKEY *pkey=NULL; const EVP_MD *md = NULL; #ifndef OPENSSL_NO_RSA @@ -1354,19 +1354,29 @@ int ssl3_get_key_exchange(SSL *s) s->session->sess_cert=ssl_sess_cert_new(); } + /* Total length of the parameters including the length prefix */ param_len=0; + alg_k=s->s3->tmp.new_cipher->algorithm_mkey; alg_a=s->s3->tmp.new_cipher->algorithm_auth; EVP_MD_CTX_init(&md_ctx); + al=SSL_AD_DECODE_ERROR; + #ifndef OPENSSL_NO_PSK if (alg_k & SSL_kPSK) { char tmp_id_hint[PSK_MAX_IDENTITY_LEN+1]; - al=SSL_AD_HANDSHAKE_FAILURE; + param_len = 2; + if (param_len > n) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } n2s(p,i); - param_len=i+2; + /* Store PSK identity hint for later use, hint is used * in ssl3_send_client_key_exchange. Assume that the * maximum length of a PSK identity hint can be as @@ -1373,17 +1383,19 @@ int ssl3_get_key_exchange(SSL *s) * long as the maximum length of a PSK identity. */ if (i > PSK_MAX_IDENTITY_LEN) { + al=SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_DATA_LENGTH_TOO_LONG); goto f_err; } - if (param_len > n) + if (i > n - param_len) { - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH); goto f_err; } + param_len += i; + /* If received PSK identity hint contains NULL * characters, the hint is truncated from the first * NULL. p may not be ending with NULL, so create a @@ -1395,6 +1407,7 @@ int ssl3_get_key_exchange(SSL *s) s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); if (s->ctx->psk_identity_hint == NULL) { + al=SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); goto f_err; } @@ -1407,14 +1420,22 @@ int ssl3_get_key_exchange(SSL *s) #ifndef OPENSSL_NO_SRP if (alg_k & SSL_kSRP) { - n2s(p,i); - param_len=i+2; + param_len = 2; if (param_len > n) { - al=SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + n2s(p,i); + + if (i > n - param_len) + { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_N_LENGTH); goto f_err; } + param_len += i; + if (!(s->srp_ctx.N=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); @@ -1422,14 +1443,24 @@ int ssl3_get_key_exchange(SSL *s) } p+=i; + + if (2 > n - param_len) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + param_len += 2; + n2s(p,i); - param_len+=i+2; - if (param_len > n) + + if (i > n - param_len) { - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_G_LENGTH); goto f_err; } + param_len += i; + if (!(s->srp_ctx.g=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); @@ -1437,15 +1468,25 @@ int ssl3_get_key_exchange(SSL *s) } p+=i; + + if (1 > n - param_len) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + param_len += 1; + i = (unsigned int)(p[0]); p++; - param_len+=i+1; - if (param_len > n) + + if (i > n - param_len) { - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_S_LENGTH); goto f_err; } + param_len += i; + if (!(s->srp_ctx.s=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); @@ -1453,14 +1494,23 @@ int ssl3_get_key_exchange(SSL *s) } p+=i; + if (2 > n - param_len) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + param_len += 2; + n2s(p,i); - param_len+=i+2; - if (param_len > n) + + if (i > n - param_len) { - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_B_LENGTH); goto f_err; } + param_len += i; + if (!(s->srp_ctx.B=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); @@ -1498,14 +1548,23 @@ int ssl3_get_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); goto err; } - n2s(p,i); - param_len=i+2; + + param_len = 2; if (param_len > n) { - al=SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + n2s(p,i); + + if (i > n - param_len) + { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH); goto f_err; } + param_len += i; + if (!(rsa->n=BN_bin2bn(p,i,rsa->n))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); @@ -1513,14 +1572,23 @@ int ssl3_get_key_exchange(SSL *s) } p+=i; + if (2 > n - param_len) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + param_len += 2; + n2s(p,i); - param_len+=i+2; - if (param_len > n) + + if (i > n - param_len) { - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH); goto f_err; } + param_len += i; + if (!(rsa->e=BN_bin2bn(p,i,rsa->e))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); @@ -1552,14 +1620,23 @@ int ssl3_get_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB); goto err; } - n2s(p,i); - param_len=i+2; + + param_len = 2; if (param_len > n) { - al=SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + n2s(p,i); + + if (i > n - param_len) + { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH); goto f_err; } + param_len += i; + if (!(dh->p=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); @@ -1567,14 +1644,23 @@ int ssl3_get_key_exchange(SSL *s) } p+=i; + if (2 > n - param_len) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + param_len += 2; + n2s(p,i); - param_len+=i+2; - if (param_len > n) + + if (i > n - param_len) { - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH); goto f_err; } + param_len += i; + if (!(dh->g=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); @@ -1582,14 +1668,23 @@ int ssl3_get_key_exchange(SSL *s) } p+=i; + if (2 > n - param_len) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + param_len += 2; + n2s(p,i); - param_len+=i+2; - if (param_len > n) + + if (i > n - param_len) { - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH); goto f_err; } + param_len += i; + if (!(dh->pub_key=BN_bin2bn(p,i,NULL))) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); @@ -1641,13 +1736,20 @@ int ssl3_get_key_exchange(SSL *s) */ /* XXX: For now we only support named (not generic) curves - * and the ECParameters in this case is just three bytes. + * and the ECParameters in this case is just three bytes. We + * also need one byte for the length of the encoded point */ - param_len=3; - if ((param_len > n) || - (*p != NAMED_CURVE_TYPE) || - ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) + param_len=4; + if (param_len > n) { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + + if ((*p != NAMED_CURVE_TYPE) || + ((curve_nid = tls1_ec_curve_id2nid(*(p + 2))) == 0)) + { al=SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); goto f_err; @@ -1688,15 +1790,15 @@ int ssl3_get_key_exchange(SSL *s) encoded_pt_len = *p; /* length of encoded point */ p+=1; - param_len += (1 + encoded_pt_len); - if ((param_len > n) || + + if ((encoded_pt_len > n - param_len) || (EC_POINT_oct2point(group, srvr_ecpoint, p, encoded_pt_len, bn_ctx) == 0)) { - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT); goto f_err; } + param_len += encoded_pt_len; n-=param_len; p+=encoded_pt_len; @@ -1739,7 +1841,15 @@ int ssl3_get_key_exchange(SSL *s) { if (TLS1_get_version(s) >= TLS1_2_VERSION) { - int sigalg = tls12_get_sigid(pkey); + int sigalg; + if (2 > n) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + + sigalg = tls12_get_sigid(pkey); /* Should never happen */ if (sigalg == -1) { @@ -1757,7 +1867,6 @@ int ssl3_get_key_exchange(SSL *s) if (md == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNKNOWN_DIGEST); - al=SSL_AD_DECODE_ERROR; goto f_err; } #ifdef SSL_DEBUG @@ -1768,15 +1877,21 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_ } else md = EVP_sha1(); - + + if (2 > n) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, + SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } n2s(p,i); n-=2; j=EVP_PKEY_size(pkey); + /* Check signature length. If n is 0 then signature is empty */ if ((i != n) || (n > j) || (n <= 0)) { /* wrong packet length */ - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH); goto f_err; } @@ -1785,6 +1900,7 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_ if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION) { int num; + unsigned int size; j=0; q=md_buf; @@ -1797,9 +1913,9 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_ EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_DigestUpdate(&md_ctx,param,param_len); - EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i); - q+=i; - j+=i; + EVP_DigestFinal_ex(&md_ctx,q,&size); + q+=size; + j+=size; } i=RSA_verify(NID_md5_sha1, md_buf, j, p, n, pkey->pkey.rsa); @@ -1835,8 +1951,8 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_ } else { - if (!(alg_a & SSL_aNULL) && !(alg_k & SSL_kPSK)) - /* aNULL or kPSK do not need public keys */ + /* aNULL, aSRP or kPSK do not need public keys */ + if (!(alg_a & (SSL_aNULL|SSL_aSRP)) && !(alg_k & SSL_kPSK)) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); goto err; @@ -1844,7 +1960,6 @@ fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_ /* still data left over */ if (n != 0) { - al=SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE); goto f_err; } @@ -2846,7 +2961,11 @@ int ssl3_send_client_key_exchange(SSL *s) #ifndef OPENSSL_NO_PSK else if (alg_k & SSL_kPSK) { - char identity[PSK_MAX_IDENTITY_LEN]; + /* The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes + * to return a \0-terminated identity. The last byte + * is for us for simulating strnlen. */ + char identity[PSK_MAX_IDENTITY_LEN + 2]; + size_t identity_len; unsigned char *t = NULL; unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN*2+4]; unsigned int pre_ms_len = 0, psk_len = 0; @@ -2860,8 +2979,9 @@ int ssl3_send_client_key_exchange(SSL *s) goto err; } + memset(identity, 0, sizeof(identity)); psk_len = s->psk_client_callback(s, s->ctx->psk_identity_hint, - identity, PSK_MAX_IDENTITY_LEN, + identity, sizeof(identity) - 1, psk_or_pre_ms, sizeof(psk_or_pre_ms)); if (psk_len > PSK_MAX_PSK_LEN) { @@ -2875,7 +2995,14 @@ int ssl3_send_client_key_exchange(SSL *s) SSL_R_PSK_IDENTITY_NOT_FOUND); goto psk_err; } - + identity[PSK_MAX_IDENTITY_LEN + 1] = '\0'; + identity_len = strlen(identity); + if (identity_len > PSK_MAX_IDENTITY_LEN) + { + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, + ERR_R_INTERNAL_ERROR); + goto psk_err; + } /* create PSK pre_master_secret */ pre_ms_len = 2+psk_len+2+psk_len; t = psk_or_pre_ms; @@ -2909,14 +3036,13 @@ int ssl3_send_client_key_exchange(SSL *s) s->session->master_key_length = s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, - psk_or_pre_ms, pre_ms_len); - n = strlen(identity); - s2n(n, p); - memcpy(p, identity, n); - n+=2; + psk_or_pre_ms, pre_ms_len); + s2n(identity_len, p); + memcpy(p, identity, identity_len); + n = 2 + identity_len; psk_err = 0; psk_err: - OPENSSL_cleanse(identity, PSK_MAX_IDENTITY_LEN); + OPENSSL_cleanse(identity, sizeof(identity)); OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms)); if (psk_err != 0) { Index: crypto/openssl/ssl/s3_enc.c =================================================================== --- crypto/openssl/ssl/s3_enc.c (revision 273303) +++ crypto/openssl/ssl/s3_enc.c (working copy) @@ -900,7 +900,7 @@ int ssl3_alert_code(int code) case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(SSL3_AD_HANDSHAKE_FAILURE); case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(SSL3_AD_HANDSHAKE_FAILURE); case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); + case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK); default: return(-1); } } - Index: crypto/openssl/ssl/s3_lib.c =================================================================== --- crypto/openssl/ssl/s3_lib.c (revision 273303) +++ crypto/openssl/ssl/s3_lib.c (working copy) @@ -3355,6 +3355,33 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *p #endif #endif /* !OPENSSL_NO_TLSEXT */ + + case SSL_CTRL_CHECK_PROTO_VERSION: + /* For library-internal use; checks that the current protocol + * is the highest enabled version (according to s->ctx->method, + * as version negotiation may have changed s->method). */ + if (s->version == s->ctx->method->version) + return 1; + /* Apparently we're using a version-flexible SSL_METHOD + * (not at its highest protocol version). */ + if (s->ctx->method->version == SSLv23_method()->version) + { +#if TLS_MAX_VERSION != TLS1_2_VERSION +# error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION. +#endif + if (!(s->options & SSL_OP_NO_TLSv1_2)) + return s->version == TLS1_2_VERSION; + if (!(s->options & SSL_OP_NO_TLSv1_1)) + return s->version == TLS1_1_VERSION; + if (!(s->options & SSL_OP_NO_TLSv1)) + return s->version == TLS1_VERSION; + if (!(s->options & SSL_OP_NO_SSLv3)) + return s->version == SSL3_VERSION; + if (!(s->options & SSL_OP_NO_SSLv2)) + return s->version == SSL2_VERSION; + } + return 0; /* Unexpected state; fail closed. */ + default: break; } @@ -3714,6 +3741,7 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, break; #endif #endif + default: return(0); } @@ -3822,10 +3850,15 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SS emask_k = cert->export_mask_k; emask_a = cert->export_mask_a; #ifndef OPENSSL_NO_SRP - mask_k=cert->mask_k | s->srp_ctx.srp_Mask; - emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask; + if (s->srp_ctx.srp_Mask & SSL_kSRP) + { + mask_k |= SSL_kSRP; + emask_k |= SSL_kSRP; + mask_a |= SSL_aSRP; + emask_a |= SSL_aSRP; + } #endif - + #ifdef KSSL_DEBUG /* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/ #endif /* KSSL_DEBUG */ @@ -4291,4 +4324,3 @@ long ssl_get_algorithm2(SSL *s) return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; return alg2; } - Index: crypto/openssl/ssl/s3_pkt.c =================================================================== --- crypto/openssl/ssl/s3_pkt.c (revision 273303) +++ crypto/openssl/ssl/s3_pkt.c (working copy) @@ -273,6 +273,12 @@ int ssl3_read_n(SSL *s, int n, int max, int extend return(n); } +/* MAX_EMPTY_RECORDS defines the number of consecutive, empty records that will + * be processed per call to ssl3_get_record. Without this limit an attacker + * could send empty records at a faster rate than we can process and cause + * ssl3_get_record to loop forever. */ +#define MAX_EMPTY_RECORDS 32 + /* Call this to get a new input record. * It will return <= 0 if more data is needed, normally due to an error * or non-blocking IO. @@ -293,6 +299,7 @@ static int ssl3_get_record(SSL *s) short version; unsigned mac_size, orig_len; size_t extra; + unsigned empty_record_count = 0; rr= &(s->s3->rrec); sess=s->session; @@ -523,7 +530,17 @@ printf("\n"); s->packet_length=0; /* just read a 0 length packet */ - if (rr->length == 0) goto again; + if (rr->length == 0) + { + empty_record_count++; + if (empty_record_count > MAX_EMPTY_RECORDS) + { + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_RECORD_TOO_SMALL); + goto f_err; + } + goto again; + } #if 0 fprintf(stderr, "Ultimate Record type=%d, Length=%d\n", rr->type, rr->length); Index: crypto/openssl/ssl/s3_srvr.c =================================================================== --- crypto/openssl/ssl/s3_srvr.c (revision 273303) +++ crypto/openssl/ssl/s3_srvr.c (working copy) @@ -154,6 +154,7 @@ #include #include "ssl_locl.h" #include "kssl_lcl.h" +#include "../crypto/constant_time_locl.h" #include #include #include @@ -410,9 +411,8 @@ int ssl3_accept(SSL *s) case SSL3_ST_SW_CERT_B: /* Check if it is anon DH or anon ECDH, */ /* normal PSK or KRB5 or SRP */ - if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) - && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) - && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) + if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aKRB5|SSL_aSRP)) + && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { ret=ssl3_send_server_certificate(s); if (ret <= 0) goto end; @@ -515,7 +515,9 @@ int ssl3_accept(SSL *s) * (against the specs, but s3_clnt.c accepts this for SSL 3) */ !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || /* never request cert in Kerberos ciphersuites */ - (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) + (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) || + /* don't request certificate for SRP auth */ + (s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP) /* With normal PSK Certificates and * Certificate Requests are omitted */ || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) @@ -1846,7 +1848,7 @@ int ssl3_send_server_key_exchange(SSL *s) n+=2+nr[i]; } - if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) + if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP)) && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher,&md)) @@ -2166,6 +2168,10 @@ int ssl3_get_client_key_exchange(SSL *s) #ifndef OPENSSL_NO_RSA if (alg_k & SSL_kRSA) { + unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH]; + int decrypt_len; + unsigned char decrypt_good, version_good; + /* FIX THIS UP EAY EAY EAY EAY */ if (s->s3->tmp.use_rsa_tmp) { @@ -2213,54 +2219,61 @@ int ssl3_get_client_key_exchange(SSL *s) n=i; } - i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); + /* We must not leak whether a decryption failure occurs because + * of Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see + * RFC 2246, section 7.4.7.1). The code follows that advice of + * the TLS RFC and generates a random premaster secret for the + * case that the decrypt fails. See + * https://tools.ietf.org/html/rfc5246#section-7.4.7.1 */ - al = -1; - - if (i != SSL_MAX_MASTER_KEY_LENGTH) + /* should be RAND_bytes, but we cannot work around a failure. */ + if (RAND_pseudo_bytes(rand_premaster_secret, + sizeof(rand_premaster_secret)) <= 0) + goto err; + decrypt_len = RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); + ERR_clear_error(); + + /* decrypt_len should be SSL_MAX_MASTER_KEY_LENGTH. + * decrypt_good will be 0xff if so and zero otherwise. */ + decrypt_good = constant_time_eq_int_8(decrypt_len, SSL_MAX_MASTER_KEY_LENGTH); + + /* If the version in the decrypted pre-master secret is correct + * then version_good will be 0xff, otherwise it'll be zero. + * The Klima-Pokorny-Rosa extension of Bleichenbacher's attack + * (http://eprint.iacr.org/2003/052/) exploits the version + * number check as a "bad version oracle". Thus version checks + * are done in constant time and are treated like any other + * decryption error. */ + version_good = constant_time_eq_8(p[0], (unsigned)(s->client_version>>8)); + version_good &= constant_time_eq_8(p[1], (unsigned)(s->client_version&0xff)); + + /* The premaster secret must contain the same version number as + * the ClientHello to detect version rollback attacks + * (strangely, the protocol does not offer such protection for + * DH ciphersuites). However, buggy clients exist that send the + * negotiated protocol version instead if the server does not + * support the requested protocol version. If + * SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */ + if (s->options & SSL_OP_TLS_ROLLBACK_BUG) { - al=SSL_AD_DECODE_ERROR; - /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */ + unsigned char workaround_good; + workaround_good = constant_time_eq_8(p[0], (unsigned)(s->version>>8)); + workaround_good &= constant_time_eq_8(p[1], (unsigned)(s->version&0xff)); + version_good |= workaround_good; } - if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) + /* Both decryption and version must be good for decrypt_good + * to remain non-zero (0xff). */ + decrypt_good &= version_good; + + /* Now copy rand_premaster_secret over p using + * decrypt_good_mask. */ + for (i = 0; i < (int) sizeof(rand_premaster_secret); i++) { - /* The premaster secret must contain the same version number as the - * ClientHello to detect version rollback attacks (strangely, the - * protocol does not offer such protection for DH ciphersuites). - * However, buggy clients exist that send the negotiated protocol - * version instead if the server does not support the requested - * protocol version. - * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */ - if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) && - (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) - { - al=SSL_AD_DECODE_ERROR; - /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */ - - /* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack - * (http://eprint.iacr.org/2003/052/) exploits the version - * number check as a "bad version oracle" -- an alert would - * reveal that the plaintext corresponding to some ciphertext - * made up by the adversary is properly formatted except - * that the version number is wrong. To avoid such attacks, - * we should treat this just like any other decryption error. */ - } + p[i] = constant_time_select_8(decrypt_good, p[i], + rand_premaster_secret[i]); } - if (al != -1) - { - /* Some decryption failure -- use random value instead as countermeasure - * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding - * (see RFC 2246, section 7.4.7.1). */ - ERR_clear_error(); - i = SSL_MAX_MASTER_KEY_LENGTH; - p[0] = s->client_version >> 8; - p[1] = s->client_version & 0xff; - if (RAND_pseudo_bytes(p+2, i-2) <= 0) /* should be RAND_bytes, but we cannot work around a failure */ - goto err; - } - s->session->master_key_length= s->method->ssl3_enc->generate_master_secret(s, s->session->master_key, Index: crypto/openssl/ssl/srtp.h =================================================================== --- crypto/openssl/ssl/srtp.h (revision 273303) +++ crypto/openssl/ssl/srtp.h (working copy) @@ -130,6 +130,8 @@ extern "C" { #define SRTP_NULL_SHA1_80 0x0005 #define SRTP_NULL_SHA1_32 0x0006 +#ifndef OPENSSL_NO_SRTP + int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); @@ -136,6 +138,8 @@ SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_pro STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); +#endif + #ifdef __cplusplus } #endif Index: crypto/openssl/ssl/ssl.h =================================================================== --- crypto/openssl/ssl/ssl.h (revision 273303) +++ crypto/openssl/ssl/ssl.h (working copy) @@ -653,6 +653,10 @@ struct ssl_session_st */ #define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L #define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L +/* Send TLS_FALLBACK_SCSV in the ClientHello. + * To be set by applications that reconnect with a downgraded protocol + * version; see draft-ietf-tls-downgrade-scsv-00 for details. */ +#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, * they cannot be used to clear bits. */ @@ -1511,6 +1515,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE #define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE #define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */ +#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */ #define SSL_ERROR_NONE 0 #define SSL_ERROR_SSL 1 @@ -1621,6 +1626,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 +#define SSL_CTRL_CHECK_PROTO_VERSION 119 + #define DTLSv1_get_timeout(ssl, arg) \ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) #define DTLSv1_handle_timeout(ssl) \ @@ -2379,6 +2386,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_HTTPS_PROXY_REQUEST 155 #define SSL_R_HTTP_REQUEST 156 #define SSL_R_ILLEGAL_PADDING 283 +#define SSL_R_INAPPROPRIATE_FALLBACK 373 #define SSL_R_INCONSISTENT_COMPRESSION 340 #define SSL_R_INVALID_CHALLENGE_LENGTH 158 #define SSL_R_INVALID_COMMAND 280 @@ -2525,6 +2533,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 #define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 #define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 +#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 #define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 #define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 #define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 Index: crypto/openssl/ssl/ssl3.h =================================================================== --- crypto/openssl/ssl/ssl3.h (revision 273303) +++ crypto/openssl/ssl/ssl3.h (working copy) @@ -128,9 +128,14 @@ extern "C" { #endif -/* Signalling cipher suite value: from draft-ietf-tls-renegotiation-03.txt */ +/* Signalling cipher suite value from RFC 5746 + * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) */ #define SSL3_CK_SCSV 0x030000FF +/* Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00 + * (TLS_FALLBACK_SCSV) */ +#define SSL3_CK_FALLBACK_SCSV 0x03005600 + #define SSL3_CK_RSA_NULL_MD5 0x03000001 #define SSL3_CK_RSA_NULL_SHA 0x03000002 #define SSL3_CK_RSA_RC4_40_MD5 0x03000003 Index: crypto/openssl/ssl/ssl_err.c =================================================================== --- crypto/openssl/ssl/ssl_err.c (revision 273303) +++ crypto/openssl/ssl/ssl_err.c (working copy) @@ -383,6 +383,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"}, {ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"}, {ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"}, +{ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK),"inappropriate fallback"}, {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION),"inconsistent compression"}, {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"}, {ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"}, @@ -529,6 +530,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"}, {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"}, {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"}, +{ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),"tlsv1 alert inappropriate fallback"}, {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"}, {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"}, {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"}, Index: crypto/openssl/ssl/ssl_lib.c =================================================================== --- crypto/openssl/ssl/ssl_lib.c (revision 273303) +++ crypto/openssl/ssl/ssl_lib.c (working copy) @@ -1387,6 +1387,8 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_C if (sk == NULL) return(0); q=p; + if (put_cb == NULL) + put_cb = s->method->put_cipher_by_char; for (i=0; isrp_ctx.srp_Mask & SSL_kSRP)) continue; #endif /* OPENSSL_NO_SRP */ - j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p); + j = put_cb(c,p); p+=j; } - /* If p == q, no ciphers and caller indicates an error. Otherwise - * add SCSV if not renegotiating. - */ - if (p != q && !s->renegotiate) + /* If p == q, no ciphers; caller indicates an error. + * Otherwise, add applicable SCSVs. */ + if (p != q) { - static SSL_CIPHER scsv = + if (!s->renegotiate) { - 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 - }; - j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p); - p+=j; + static SSL_CIPHER scsv = + { + 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 + }; + j = put_cb(&scsv,p); + p+=j; #ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "SCSV sent by client\n"); + fprintf(stderr, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV sent by client\n"); #endif - } + } + if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) + { + static SSL_CIPHER scsv = + { + 0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 + }; + j = put_cb(&scsv,p); + p+=j; + } + } + return(p-q); } @@ -1439,11 +1453,12 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL const SSL_CIPHER *c; STACK_OF(SSL_CIPHER) *sk; int i,n; + if (s->s3) s->s3->send_connection_binding = 0; n=ssl_put_cipher_by_char(s,NULL,NULL); - if ((num%n) != 0) + if (n == 0 || (num%n) != 0) { SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); return(NULL); @@ -1458,7 +1473,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL for (i=0; is3 && (n != 3 || !p[0]) && (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && (p[n-1] == (SSL3_CK_SCSV & 0xff))) @@ -1478,6 +1493,23 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL continue; } + /* Check for TLS_FALLBACK_SCSV */ + if ((n != 3 || !p[0]) && + (p[n-2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) && + (p[n-1] == (SSL3_CK_FALLBACK_SCSV & 0xff))) + { + /* The SCSV indicates that the client previously tried a higher version. + * Fail if the current version is an unexpected downgrade. */ + if (!SSL_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, 0, NULL)) + { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_INAPPROPRIATE_FALLBACK); + if (s->s3) + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INAPPROPRIATE_FALLBACK); + goto err; + } + continue; + } + c=ssl_get_cipher_by_char(s,p); p+=n; if (c != NULL) @@ -2944,6 +2976,7 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) { + CERT *ocert = ssl->cert; if (ssl->ctx == ctx) return ssl->ctx; #ifndef OPENSSL_NO_TLSEXT @@ -2950,9 +2983,19 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) if (ctx == NULL) ctx = ssl->initial_ctx; #endif - if (ssl->cert != NULL) - ssl_cert_free(ssl->cert); ssl->cert = ssl_cert_dup(ctx->cert); + if (ocert != NULL) + { + int i; + /* Copy negotiated digests from original */ + for (i = 0; i < SSL_PKEY_NUM; i++) + { + CERT_PKEY *cpk = ocert->pkeys + i; + CERT_PKEY *rpk = ssl->cert->pkeys + i; + rpk->digest = cpk->digest; + } + ssl_cert_free(ocert); + } CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); if (ssl->ctx != NULL) SSL_CTX_free(ssl->ctx); /* decrement reference count */ Index: crypto/openssl/ssl/t1_enc.c =================================================================== --- crypto/openssl/ssl/t1_enc.c (revision 273303) +++ crypto/openssl/ssl/t1_enc.c (working copy) @@ -1241,6 +1241,7 @@ int tls1_alert_code(int code) case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE); case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE); case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY); + case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK); #if 0 /* not appropriate for TLS, not used for DTLS */ case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE); Index: crypto/openssl/ssl/t1_lib.c =================================================================== --- crypto/openssl/ssl/t1_lib.c (revision 273303) +++ crypto/openssl/ssl/t1_lib.c (working copy) @@ -643,7 +643,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, #endif #ifndef OPENSSL_NO_SRTP - if(SSL_get_srtp_profiles(s)) + if(SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) { int el; @@ -806,7 +806,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, #endif #ifndef OPENSSL_NO_SRTP - if(s->srtp_profile) + if(SSL_IS_DTLS(s) && s->srtp_profile) { int el; @@ -1444,7 +1444,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned /* session ticket processed earlier */ #ifndef OPENSSL_NO_SRTP - else if (type == TLSEXT_TYPE_use_srtp) + else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s) + && type == TLSEXT_TYPE_use_srtp) { if(ssl_parse_clienthello_use_srtp_ext(s, data, size, al)) @@ -1698,7 +1699,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned } #endif #ifndef OPENSSL_NO_SRTP - else if (type == TLSEXT_TYPE_use_srtp) + else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) { if(ssl_parse_serverhello_use_srtp_ext(s, data, size, al)) @@ -2347,7 +2348,10 @@ static int tls_decrypt_ticket(SSL *s, const unsign HMAC_Final(&hctx, tick_hmac, NULL); HMAC_CTX_cleanup(&hctx); if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) + { + EVP_CIPHER_CTX_cleanup(&ctx); return 2; + } /* Attempt to decrypt session data */ /* Move p after IV to start of encrypted ticket, update length */ p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); Index: crypto/openssl/ssl/tls1.h =================================================================== --- crypto/openssl/ssl/tls1.h (revision 273303) +++ crypto/openssl/ssl/tls1.h (working copy) @@ -159,17 +159,19 @@ extern "C" { #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 +#define TLS1_VERSION 0x0301 +#define TLS1_1_VERSION 0x0302 #define TLS1_2_VERSION 0x0303 -#define TLS1_2_VERSION_MAJOR 0x03 -#define TLS1_2_VERSION_MINOR 0x03 +#define TLS_MAX_VERSION TLS1_2_VERSION -#define TLS1_1_VERSION 0x0302 +#define TLS1_VERSION_MAJOR 0x03 +#define TLS1_VERSION_MINOR 0x01 + #define TLS1_1_VERSION_MAJOR 0x03 #define TLS1_1_VERSION_MINOR 0x02 -#define TLS1_VERSION 0x0301 -#define TLS1_VERSION_MAJOR 0x03 -#define TLS1_VERSION_MINOR 0x01 +#define TLS1_2_VERSION_MAJOR 0x03 +#define TLS1_2_VERSION_MINOR 0x03 #define TLS1_get_version(s) \ ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) @@ -187,6 +189,7 @@ extern "C" { #define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */ #define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */ #define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ +#define TLS1_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */ #define TLS1_AD_USER_CANCELLED 90 #define TLS1_AD_NO_RENEGOTIATION 100 /* codes 110-114 are from RFC3546 */ Index: crypto/openssl/util/mk1mf.pl =================================================================== --- crypto/openssl/util/mk1mf.pl (revision 273303) +++ crypto/openssl/util/mk1mf.pl (working copy) @@ -1145,6 +1145,7 @@ sub read_options "dll" => \$shlib, "shared" => 0, "no-sctp" => 0, + "no-srtp" => 0, "no-gmp" => 0, "no-rfc3779" => 0, "no-montasm" => 0, Index: crypto/openssl/util/mkdef.pl =================================================================== --- crypto/openssl/util/mkdef.pl (revision 273303) +++ crypto/openssl/util/mkdef.pl (working copy) @@ -117,6 +117,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDE "SSL_INTERN", # SCTP "SCTP", + # SRTP + "SRTP", # Unit testing "UNIT_TEST"); @@ -138,7 +140,7 @@ my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engin my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc; -my $no_nextprotoneg; my $no_sctp; +my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_unit_test; my $fips; @@ -238,6 +240,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-jpake$/) { $no_jpake=1; } elsif (/^no-srp$/) { $no_srp=1; } elsif (/^no-sctp$/) { $no_sctp=1; } + elsif (/^no-srtp$/) { $no_srtp=1; } elsif (/^no-unit-test$/){ $no_unit_test=1; } } @@ -1209,6 +1212,7 @@ sub is_valid if ($keyword eq "JPAKE" && $no_jpake) { return 0; } if ($keyword eq "SRP" && $no_srp) { return 0; } if ($keyword eq "SCTP" && $no_sctp) { return 0; } + if ($keyword eq "SRTP" && $no_srtp) { return 0; } if ($keyword eq "UNIT_TEST" && $no_unit_test) { return 0; } if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; } Index: crypto/openssl/util/ssleay.num =================================================================== --- crypto/openssl/util/ssleay.num (revision 273303) +++ crypto/openssl/util/ssleay.num (working copy) @@ -310,14 +310,14 @@ TLSv1_2_method 350 EXIST: SSL_SESSION_get_id_len 351 NOEXIST::FUNCTION: kssl_ctx_get0_client_princ 352 EXIST::FUNCTION:KRB5 SSL_export_keying_material 353 EXIST::FUNCTION:TLSEXT -SSL_set_tlsext_use_srtp 354 EXIST::FUNCTION: +SSL_set_tlsext_use_srtp 354 EXIST::FUNCTION:SRTP SSL_CTX_set_next_protos_advertised_cb 355 EXIST:!VMS:FUNCTION:NEXTPROTONEG SSL_CTX_set_next_protos_adv_cb 355 EXIST:VMS:FUNCTION:NEXTPROTONEG SSL_get0_next_proto_negotiated 356 EXIST::FUNCTION:NEXTPROTONEG -SSL_get_selected_srtp_profile 357 EXIST::FUNCTION: -SSL_CTX_set_tlsext_use_srtp 358 EXIST::FUNCTION: +SSL_get_selected_srtp_profile 357 EXIST::FUNCTION:SRTP +SSL_CTX_set_tlsext_use_srtp 358 EXIST::FUNCTION:SRTP SSL_select_next_proto 359 EXIST::FUNCTION:NEXTPROTONEG -SSL_get_srtp_profiles 360 EXIST::FUNCTION: +SSL_get_srtp_profiles 360 EXIST::FUNCTION:SRTP SSL_CTX_set_next_proto_select_cb 361 EXIST:!VMS:FUNCTION:NEXTPROTONEG SSL_CTX_set_next_proto_sel_cb 361 EXIST:VMS:FUNCTION:NEXTPROTONEG SSL_SESSION_get_compress_id 362 EXIST::FUNCTION: Index: secure/lib/libcrypto/Makefile.inc =================================================================== --- secure/lib/libcrypto/Makefile.inc (revision 273303) +++ secure/lib/libcrypto/Makefile.inc (working copy) @@ -3,8 +3,8 @@ .include # OpenSSL version used for manual page generation -OPENSSL_VER= 1.0.1i -OPENSSL_DATE= 2014-08-06 +OPENSSL_VER= 1.0.1j +OPENSSL_DATE= 2014-10-15 LCRYPTO_SRC= ${.CURDIR}/../../../crypto/openssl LCRYPTO_DOC= ${.CURDIR}/../../../crypto/openssl/doc Index: secure/lib/libcrypto/Makefile.man =================================================================== --- secure/lib/libcrypto/Makefile.man (revision 273303) +++ secure/lib/libcrypto/Makefile.man (working copy) @@ -47,6 +47,7 @@ MAN+= BN_swap.3 MAN+= BN_zero.3 MAN+= CMS_add0_cert.3 MAN+= CMS_add1_recipient_cert.3 +MAN+= CMS_add1_signer.3 MAN+= CMS_compress.3 MAN+= CMS_decrypt.3 MAN+= CMS_encrypt.3 @@ -56,7 +57,6 @@ MAN+= CMS_get0_SignerInfos.3 MAN+= CMS_get0_type.3 MAN+= CMS_get1_ReceiptRequest.3 MAN+= CMS_sign.3 -MAN+= CMS_sign_add1_signer.3 MAN+= CMS_sign_receipt.3 MAN+= CMS_uncompress.3 MAN+= CMS_verify.3 @@ -397,6 +397,7 @@ MLINKS+= CMS_add0_cert.3 CMS_get1_certs.3 MLINKS+= CMS_add0_cert.3 CMS_add0_crl.3 MLINKS+= CMS_add0_cert.3 CMS_get1_crls.3 MLINKS+= CMS_add1_recipient_cert.3 CMS_add0_recipient_key.3 +MLINKS+= CMS_add1_signer.3 CMS_SignerInfo_sign.3 MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_type.3 MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_ktri_get0_signer_id.3 MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_ktri_cert_cmp.3 @@ -413,7 +414,6 @@ MLINKS+= CMS_get0_type.3 CMS_get0_eContentType.3 MLINKS+= CMS_get1_ReceiptRequest.3 CMS_ReceiptRequest_create0.3 MLINKS+= CMS_get1_ReceiptRequest.3 CMS_add1_ReceiptRequest.3 MLINKS+= CMS_get1_ReceiptRequest.3 CMS_ReceiptRequest_get0_values.3 -MLINKS+= CMS_sign_add1_signer.3 CMS_SignerInfo_sign.3 MLINKS+= CONF_modules_free.3 CONF_modules_finish.3 MLINKS+= CONF_modules_free.3 CONF_modules_unload.3 MLINKS+= CONF_modules_load_file.3 CONF_modules_load.3 Index: secure/lib/libcrypto/man/ASN1_OBJECT_new.3 =================================================================== --- secure/lib/libcrypto/man/ASN1_OBJECT_new.3 (revision 273303) +++ secure/lib/libcrypto/man/ASN1_OBJECT_new.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_OBJECT_new 3" -.TH ASN1_OBJECT_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ASN1_OBJECT_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ASN1_STRING_length.3 =================================================================== --- secure/lib/libcrypto/man/ASN1_STRING_length.3 (revision 273303) +++ secure/lib/libcrypto/man/ASN1_STRING_length.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_length 3" -.TH ASN1_STRING_length 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ASN1_STRING_length 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ASN1_STRING_new.3 =================================================================== --- secure/lib/libcrypto/man/ASN1_STRING_new.3 (revision 273303) +++ secure/lib/libcrypto/man/ASN1_STRING_new.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_new 3" -.TH ASN1_STRING_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ASN1_STRING_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 =================================================================== --- secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 (revision 273303) +++ secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_print_ex 3" -.TH ASN1_STRING_print_ex 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ASN1_STRING_print_ex 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ASN1_generate_nconf.3 =================================================================== --- secure/lib/libcrypto/man/ASN1_generate_nconf.3 (revision 273303) +++ secure/lib/libcrypto/man/ASN1_generate_nconf.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_generate_nconf 3" -.TH ASN1_generate_nconf 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ASN1_generate_nconf 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BIO_ctrl.3 =================================================================== --- secure/lib/libcrypto/man/BIO_ctrl.3 (revision 273303) +++ secure/lib/libcrypto/man/BIO_ctrl.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_ctrl 3" -.TH BIO_ctrl 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_ctrl 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BIO_f_base64.3 =================================================================== --- secure/lib/libcrypto/man/BIO_f_base64.3 (revision 273303) +++ secure/lib/libcrypto/man/BIO_f_base64.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_base64 3" -.TH BIO_f_base64 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_f_base64 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BIO_f_buffer.3 =================================================================== --- secure/lib/libcrypto/man/BIO_f_buffer.3 (revision 273303) +++ secure/lib/libcrypto/man/BIO_f_buffer.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_buffer 3" -.TH BIO_f_buffer 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_f_buffer 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BIO_f_cipher.3 =================================================================== --- secure/lib/libcrypto/man/BIO_f_cipher.3 (revision 273303) +++ secure/lib/libcrypto/man/BIO_f_cipher.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_cipher 3" -.TH BIO_f_cipher 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_f_cipher 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BIO_f_md.3 =================================================================== --- secure/lib/libcrypto/man/BIO_f_md.3 (revision 273303) +++ secure/lib/libcrypto/man/BIO_f_md.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_md 3" -.TH BIO_f_md 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_f_md 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BIO_f_null.3 =================================================================== --- secure/lib/libcrypto/man/BIO_f_null.3 (revision 273303) +++ secure/lib/libcrypto/man/BIO_f_null.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_null 3" -.TH BIO_f_null 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_f_null 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BIO_f_ssl.3 =================================================================== --- secure/lib/libcrypto/man/BIO_f_ssl.3 (revision 273303) +++ secure/lib/libcrypto/man/BIO_f_ssl.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_ssl 3" -.TH BIO_f_ssl 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_f_ssl 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BIO_find_type.3 =================================================================== --- secure/lib/libcrypto/man/BIO_find_type.3 (revision 273303) +++ secure/lib/libcrypto/man/BIO_find_type.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_find_type 3" -.TH BIO_find_type 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_find_type 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BIO_new.3 =================================================================== --- secure/lib/libcrypto/man/BIO_new.3 (revision 273303) +++ secure/lib/libcrypto/man/BIO_new.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_new 3" -.TH BIO_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BIO_new_CMS.3 =================================================================== --- secure/lib/libcrypto/man/BIO_new_CMS.3 (revision 273303) +++ secure/lib/libcrypto/man/BIO_new_CMS.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_new_CMS 3" -.TH BIO_new_CMS 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_new_CMS 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BIO_push.3 =================================================================== --- secure/lib/libcrypto/man/BIO_push.3 (revision 273303) +++ secure/lib/libcrypto/man/BIO_push.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_push 3" -.TH BIO_push 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_push 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BIO_read.3 =================================================================== --- secure/lib/libcrypto/man/BIO_read.3 (revision 273303) +++ secure/lib/libcrypto/man/BIO_read.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_read 3" -.TH BIO_read 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_read 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BIO_s_accept.3 =================================================================== --- secure/lib/libcrypto/man/BIO_s_accept.3 (revision 273303) +++ secure/lib/libcrypto/man/BIO_s_accept.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_accept 3" -.TH BIO_s_accept 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_s_accept 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -187,8 +187,8 @@ the accept socket. See \fIBIO_s_fd\fR\|(3) \&\fIBIO_set_accept_port()\fR uses the string \fBname\fR to set the accept port. The port is represented as a string of the form \*(L"host:port\*(R", where \*(L"host\*(R" is the interface to use and \*(L"port\*(R" is the port. -Either or both values can be \*(L"*\*(R" which is interpreted as meaning -any interface or port respectively. \*(L"port\*(R" has the same syntax +The host can be can be \*(L"*\*(R" which is interpreted as meaning +any interface; \*(L"port\*(R" has the same syntax as the port specified in \fIBIO_set_conn_port()\fR for connect BIOs, that is it can be a numerical port string or a string to lookup using \fIgetservbyname()\fR and a string table. Index: secure/lib/libcrypto/man/BIO_s_bio.3 =================================================================== --- secure/lib/libcrypto/man/BIO_s_bio.3 (revision 273303) +++ secure/lib/libcrypto/man/BIO_s_bio.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_bio 3" -.TH BIO_s_bio 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_s_bio 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BIO_s_connect.3 =================================================================== --- secure/lib/libcrypto/man/BIO_s_connect.3 (revision 273303) +++ secure/lib/libcrypto/man/BIO_s_connect.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_connect 3" -.TH BIO_s_connect 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_s_connect 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BIO_s_fd.3 =================================================================== --- secure/lib/libcrypto/man/BIO_s_fd.3 (revision 273303) +++ secure/lib/libcrypto/man/BIO_s_fd.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_fd 3" -.TH BIO_s_fd 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_s_fd 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BIO_s_file.3 =================================================================== --- secure/lib/libcrypto/man/BIO_s_file.3 (revision 273303) +++ secure/lib/libcrypto/man/BIO_s_file.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_file 3" -.TH BIO_s_file 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_s_file 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BIO_s_mem.3 =================================================================== --- secure/lib/libcrypto/man/BIO_s_mem.3 (revision 273303) +++ secure/lib/libcrypto/man/BIO_s_mem.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_mem 3" -.TH BIO_s_mem 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_s_mem 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BIO_s_null.3 =================================================================== --- secure/lib/libcrypto/man/BIO_s_null.3 (revision 273303) +++ secure/lib/libcrypto/man/BIO_s_null.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_null 3" -.TH BIO_s_null 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_s_null 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BIO_s_socket.3 =================================================================== --- secure/lib/libcrypto/man/BIO_s_socket.3 (revision 273303) +++ secure/lib/libcrypto/man/BIO_s_socket.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_socket 3" -.TH BIO_s_socket 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_s_socket 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BIO_set_callback.3 =================================================================== --- secure/lib/libcrypto/man/BIO_set_callback.3 (revision 273303) +++ secure/lib/libcrypto/man/BIO_set_callback.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_set_callback 3" -.TH BIO_set_callback 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_set_callback 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BIO_should_retry.3 =================================================================== --- secure/lib/libcrypto/man/BIO_should_retry.3 (revision 273303) +++ secure/lib/libcrypto/man/BIO_should_retry.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_should_retry 3" -.TH BIO_should_retry 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BIO_should_retry 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_BLINDING_new.3 =================================================================== --- secure/lib/libcrypto/man/BN_BLINDING_new.3 (revision 273303) +++ secure/lib/libcrypto/man/BN_BLINDING_new.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_BLINDING_new 3" -.TH BN_BLINDING_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_BLINDING_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_CTX_new.3 =================================================================== --- secure/lib/libcrypto/man/BN_CTX_new.3 (revision 273303) +++ secure/lib/libcrypto/man/BN_CTX_new.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_new 3" -.TH BN_CTX_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_CTX_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_CTX_start.3 =================================================================== --- secure/lib/libcrypto/man/BN_CTX_start.3 (revision 273303) +++ secure/lib/libcrypto/man/BN_CTX_start.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_start 3" -.TH BN_CTX_start 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_CTX_start 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_add.3 =================================================================== --- secure/lib/libcrypto/man/BN_add.3 (revision 273303) +++ secure/lib/libcrypto/man/BN_add.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_add 3" -.TH BN_add 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_add 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_add_word.3 =================================================================== --- secure/lib/libcrypto/man/BN_add_word.3 (revision 273303) +++ secure/lib/libcrypto/man/BN_add_word.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_add_word 3" -.TH BN_add_word 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_add_word 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_bn2bin.3 =================================================================== --- secure/lib/libcrypto/man/BN_bn2bin.3 (revision 273303) +++ secure/lib/libcrypto/man/BN_bn2bin.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_bn2bin 3" -.TH BN_bn2bin 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_bn2bin 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_cmp.3 =================================================================== --- secure/lib/libcrypto/man/BN_cmp.3 (revision 273303) +++ secure/lib/libcrypto/man/BN_cmp.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_cmp 3" -.TH BN_cmp 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_cmp 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_copy.3 =================================================================== --- secure/lib/libcrypto/man/BN_copy.3 (revision 273303) +++ secure/lib/libcrypto/man/BN_copy.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_copy 3" -.TH BN_copy 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_copy 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_generate_prime.3 =================================================================== --- secure/lib/libcrypto/man/BN_generate_prime.3 (revision 273303) +++ secure/lib/libcrypto/man/BN_generate_prime.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_generate_prime 3" -.TH BN_generate_prime 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_generate_prime 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_mod_inverse.3 =================================================================== --- secure/lib/libcrypto/man/BN_mod_inverse.3 (revision 273303) +++ secure/lib/libcrypto/man/BN_mod_inverse.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_inverse 3" -.TH BN_mod_inverse 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_mod_inverse 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 =================================================================== --- secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 (revision 273303) +++ secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_mul_montgomery 3" -.TH BN_mod_mul_montgomery 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_mod_mul_montgomery 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 =================================================================== --- secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 (revision 273303) +++ secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_mul_reciprocal 3" -.TH BN_mod_mul_reciprocal 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_mod_mul_reciprocal 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_new.3 =================================================================== --- secure/lib/libcrypto/man/BN_new.3 (revision 273303) +++ secure/lib/libcrypto/man/BN_new.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_new 3" -.TH BN_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_num_bytes.3 =================================================================== --- secure/lib/libcrypto/man/BN_num_bytes.3 (revision 273303) +++ secure/lib/libcrypto/man/BN_num_bytes.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_num_bytes 3" -.TH BN_num_bytes 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_num_bytes 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_rand.3 =================================================================== --- secure/lib/libcrypto/man/BN_rand.3 (revision 273303) +++ secure/lib/libcrypto/man/BN_rand.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_rand 3" -.TH BN_rand 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_rand 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_set_bit.3 =================================================================== --- secure/lib/libcrypto/man/BN_set_bit.3 (revision 273303) +++ secure/lib/libcrypto/man/BN_set_bit.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_set_bit 3" -.TH BN_set_bit 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_set_bit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_swap.3 =================================================================== --- secure/lib/libcrypto/man/BN_swap.3 (revision 273303) +++ secure/lib/libcrypto/man/BN_swap.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_swap 3" -.TH BN_swap 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_swap 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/BN_zero.3 =================================================================== --- secure/lib/libcrypto/man/BN_zero.3 (revision 273303) +++ secure/lib/libcrypto/man/BN_zero.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_zero 3" -.TH BN_zero 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH BN_zero 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/CMS_add0_cert.3 =================================================================== --- secure/lib/libcrypto/man/CMS_add0_cert.3 (revision 273303) +++ secure/lib/libcrypto/man/CMS_add0_cert.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_add0_cert 3" -.TH CMS_add0_cert 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_add0_cert 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 =================================================================== --- secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 (revision 273303) +++ secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_add1_recipient_cert 3" -.TH CMS_add1_recipient_cert 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_add1_recipient_cert 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/CMS_add1_signer.3 =================================================================== --- secure/lib/libcrypto/man/CMS_add1_signer.3 (revision 0) +++ secure/lib/libcrypto/man/CMS_add1_signer.3 (working copy) @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "CMS_add1_signer 3" +.TH CMS_add1_signer 3 "2014-10-15" "1.0.1j" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +.Vb 1 +\& CMS_add1_signer, CMS_SignerInfo_sign \- add a signer to a CMS_ContentInfo signed data structure. +.Ve +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include +\& +\& CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, unsigned int flags); +\& +\& int CMS_SignerInfo_sign(CMS_SignerInfo *si); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fICMS_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private +key \fBpkey\fR using message digest \fBmd\fR to CMS_ContentInfo SignedData +structure \fBcms\fR. +.PP +The CMS_ContentInfo structure should be obtained from an initial call to +\&\fICMS_sign()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set or in the case or re-signing a +valid CMS_ContentInfo SignedData structure. +.PP +If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public +key algorithm will be used. +.PP +Unless the \fB\s-1CMS_REUSE_DIGEST\s0\fR flag is set the returned CMS_ContentInfo +structure is not complete and must be finalized either by streaming (if +applicable) or a call to \fICMS_final()\fR. +.PP +The \fICMS_SignerInfo_sign()\fR function will explicitly sign a CMS_SignerInfo +structure, its main use is when \fB\s-1CMS_REUSE_DIGEST\s0\fR and \fB\s-1CMS_PARTIAL\s0\fR flags +are both set. +.SH "NOTES" +.IX Header "NOTES" +The main purpose of \fICMS_add1_signer()\fR is to provide finer control +over a \s-1CMS\s0 signed data structure where the simpler \fICMS_sign()\fR function defaults +are not appropriate. For example if multiple signers or non default digest +algorithms are needed. New attributes can also be added using the returned +CMS_SignerInfo structure and the \s-1CMS\s0 attribute utility functions or the +\&\s-1CMS\s0 signed receipt request functions. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR +parameter. +.PP +If \fB\s-1CMS_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content +digest value from the CMS_ContentInfo structure: to add a signer to an existing +structure. An error occurs if a matching digest value cannot be found to copy. +The returned CMS_ContentInfo structure will be valid and finalized when this +flag is set. +.PP +If \fB\s-1CMS_PARTIAL\s0\fR is set in addition to \fB\s-1CMS_REUSE_DIGEST\s0\fR then the +CMS_SignerInfo structure will not be finalized so additional attributes +can be added. In this case an explicit call to \fICMS_SignerInfo_sign()\fR is +needed to finalize it. +.PP +If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the +CMS_ContentInfo structure, the signer's certificate must still be supplied in +the \fBsigncert\fR parameter though. This can reduce the size of the signature if +the signers certificate can be obtained by other means: for example a +previously signed message. +.PP +The SignedData structure includes several \s-1CMS\s0 signedAttributes including the +signing time, the \s-1CMS\s0 content type and the supported list of ciphers in an +SMIMECapabilities attribute. If \fB\s-1CMS_NOATTR\s0\fR is set then no signedAttributes +will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are +omitted. +.PP +OpenSSL will by default identify signing certificates using issuer name +and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key +identifier value instead. An error occurs if the signing certificate does not +have a subject key identifier extension. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms in preference order: 256 bit \s-1AES\s0, Gost R3411\-94, Gost 28147\-89, 192 +bit \s-1AES\s0, 128 bit \s-1AES\s0, triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. +If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST\s0 \s-1ENGINE\s0 is +not loaded. +.PP +\&\fICMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo +structure just added, this can be used to set additional attributes +before it is finalized. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo +structure just added or \s-1NULL\s0 if an error occurs. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), +\&\fICMS_final\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +\&\fICMS_add1_signer()\fR was added to OpenSSL 0.9.8 Property changes on: secure/lib/libcrypto/man/CMS_add1_signer.3 ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: secure/lib/libcrypto/man/CMS_compress.3 =================================================================== --- secure/lib/libcrypto/man/CMS_compress.3 (revision 273303) +++ secure/lib/libcrypto/man/CMS_compress.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_compress 3" -.TH CMS_compress 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_compress 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/CMS_decrypt.3 =================================================================== --- secure/lib/libcrypto/man/CMS_decrypt.3 (revision 273303) +++ secure/lib/libcrypto/man/CMS_decrypt.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_decrypt 3" -.TH CMS_decrypt 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_decrypt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/CMS_encrypt.3 =================================================================== --- secure/lib/libcrypto/man/CMS_encrypt.3 (revision 273303) +++ secure/lib/libcrypto/man/CMS_encrypt.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_encrypt 3" -.TH CMS_encrypt 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_encrypt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/CMS_final.3 =================================================================== --- secure/lib/libcrypto/man/CMS_final.3 (revision 273303) +++ secure/lib/libcrypto/man/CMS_final.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_final 3" -.TH CMS_final 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_final 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 =================================================================== --- secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 (revision 273303) +++ secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get0_RecipientInfos 3" -.TH CMS_get0_RecipientInfos 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_get0_RecipientInfos 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 =================================================================== --- secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 (revision 273303) +++ secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get0_SignerInfos 3" -.TH CMS_get0_SignerInfos 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_get0_SignerInfos 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/CMS_get0_type.3 =================================================================== --- secure/lib/libcrypto/man/CMS_get0_type.3 (revision 273303) +++ secure/lib/libcrypto/man/CMS_get0_type.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get0_type 3" -.TH CMS_get0_type 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_get0_type 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 =================================================================== --- secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 (revision 273303) +++ secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get1_ReceiptRequest 3" -.TH CMS_get1_ReceiptRequest 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_get1_ReceiptRequest 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/CMS_sign.3 =================================================================== --- secure/lib/libcrypto/man/CMS_sign.3 (revision 273303) +++ secure/lib/libcrypto/man/CMS_sign.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_sign 3" -.TH CMS_sign 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_sign 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/CMS_sign_add1_signer.3 =================================================================== --- secure/lib/libcrypto/man/CMS_sign_add1_signer.3 (revision 273303) +++ secure/lib/libcrypto/man/CMS_sign_add1_signer.3 (working copy) @@ -1,224 +0,0 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) -.\" -.\" Standard preamble: -.\" ======================================================================== -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" Escape single quotes in literal strings from groff's Unicode transform. -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" -.\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index -.\" entries marked with X<> in POD. Of course, you'll have to process the -.\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX -.. -.\} -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ======================================================================== -.\" -.IX Title "CMS_sign_add1_signer 3" -.TH CMS_sign_add1_signer 3 "2014-08-06" "1.0.1i" "OpenSSL" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.if n .ad l -.nh -.SH "NAME" -.Vb 1 -\& CMS_sign_add1_signer, CMS_SignerInfo_sign \- add a signer to a CMS_ContentInfo signed data structure. -.Ve -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include -\& -\& CMS_SignerInfo *CMS_sign_add1_signer(CMS_ContentInfo *cms, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, unsigned int flags); -\& -\& int CMS_SignerInfo_sign(CMS_SignerInfo *si); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fICMS_sign_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private -key \fBpkey\fR using message digest \fBmd\fR to CMS_ContentInfo SignedData -structure \fBcms\fR. -.PP -The CMS_ContentInfo structure should be obtained from an initial call to -\&\fICMS_sign()\fR with the flag \fB\s-1CMS_PARTIAL\s0\fR set or in the case or re-signing a -valid CMS_ContentInfo SignedData structure. -.PP -If the \fBmd\fR parameter is \fB\s-1NULL\s0\fR then the default digest for the public -key algorithm will be used. -.PP -Unless the \fB\s-1CMS_REUSE_DIGEST\s0\fR flag is set the returned CMS_ContentInfo -structure is not complete and must be finalized either by streaming (if -applicable) or a call to \fICMS_final()\fR. -.PP -The \fICMS_SignerInfo_sign()\fR function will explicitly sign a CMS_SignerInfo -structure, its main use is when \fB\s-1CMS_REUSE_DIGEST\s0\fR and \fB\s-1CMS_PARTIAL\s0\fR flags -are both set. -.SH "NOTES" -.IX Header "NOTES" -The main purpose of \fICMS_sign_add1_signer()\fR is to provide finer control -over a \s-1CMS\s0 signed data structure where the simpler \fICMS_sign()\fR function defaults -are not appropriate. For example if multiple signers or non default digest -algorithms are needed. New attributes can also be added using the returned -CMS_SignerInfo structure and the \s-1CMS\s0 attribute utility functions or the -\&\s-1CMS\s0 signed receipt request functions. -.PP -Any of the following flags (ored together) can be passed in the \fBflags\fR -parameter. -.PP -If \fB\s-1CMS_REUSE_DIGEST\s0\fR is set then an attempt is made to copy the content -digest value from the CMS_ContentInfo structure: to add a signer to an existing -structure. An error occurs if a matching digest value cannot be found to copy. -The returned CMS_ContentInfo structure will be valid and finalized when this -flag is set. -.PP -If \fB\s-1CMS_PARTIAL\s0\fR is set in addition to \fB\s-1CMS_REUSE_DIGEST\s0\fR then the -CMS_SignerInfo structure will not be finalized so additional attributes -can be added. In this case an explicit call to \fICMS_SignerInfo_sign()\fR is -needed to finalize it. -.PP -If \fB\s-1CMS_NOCERTS\s0\fR is set the signer's certificate will not be included in the -CMS_ContentInfo structure, the signer's certificate must still be supplied in -the \fBsigncert\fR parameter though. This can reduce the size of the signature if -the signers certificate can be obtained by other means: for example a -previously signed message. -.PP -The SignedData structure includes several \s-1CMS\s0 signedAttributes including the -signing time, the \s-1CMS\s0 content type and the supported list of ciphers in an -SMIMECapabilities attribute. If \fB\s-1CMS_NOATTR\s0\fR is set then no signedAttributes -will be used. If \fB\s-1CMS_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are -omitted. -.PP -OpenSSL will by default identify signing certificates using issuer name -and serial number. If \fB\s-1CMS_USE_KEYID\s0\fR is set it will use the subject key -identifier value instead. An error occurs if the signing certificate does not -have a subject key identifier extension. -.PP -If present the SMIMECapabilities attribute indicates support for the following -algorithms in preference order: 256 bit \s-1AES\s0, Gost R3411\-94, Gost 28147\-89, 192 -bit \s-1AES\s0, 128 bit \s-1AES\s0, triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. -If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST\s0 \s-1ENGINE\s0 is -not loaded. -.PP -\&\fICMS_sign_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo -structure just added, this can be used to set additional attributes -before it is finalized. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&\fICMS_sign1_add_signers()\fR returns an internal pointer to the CMS_SignerInfo -structure just added or \s-1NULL\s0 if an error occurs. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -\&\fIERR_get_error\fR\|(3), \fICMS_sign\fR\|(3), -\&\fICMS_final\fR\|(3), -.SH "HISTORY" -.IX Header "HISTORY" -\&\fICMS_sign_add1_signer()\fR was added to OpenSSL 0.9.8 Index: secure/lib/libcrypto/man/CMS_sign_receipt.3 =================================================================== --- secure/lib/libcrypto/man/CMS_sign_receipt.3 (revision 273303) +++ secure/lib/libcrypto/man/CMS_sign_receipt.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_sign_receipt 3" -.TH CMS_sign_receipt 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_sign_receipt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/CMS_uncompress.3 =================================================================== --- secure/lib/libcrypto/man/CMS_uncompress.3 (revision 273303) +++ secure/lib/libcrypto/man/CMS_uncompress.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_uncompress 3" -.TH CMS_uncompress 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_uncompress 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/CMS_verify.3 =================================================================== --- secure/lib/libcrypto/man/CMS_verify.3 (revision 273303) +++ secure/lib/libcrypto/man/CMS_verify.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_verify 3" -.TH CMS_verify 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_verify 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/CMS_verify_receipt.3 =================================================================== --- secure/lib/libcrypto/man/CMS_verify_receipt.3 (revision 273303) +++ secure/lib/libcrypto/man/CMS_verify_receipt.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_verify_receipt 3" -.TH CMS_verify_receipt 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS_verify_receipt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/CONF_modules_free.3 =================================================================== --- secure/lib/libcrypto/man/CONF_modules_free.3 (revision 273303) +++ secure/lib/libcrypto/man/CONF_modules_free.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CONF_modules_free 3" -.TH CONF_modules_free 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CONF_modules_free 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/CONF_modules_load_file.3 =================================================================== --- secure/lib/libcrypto/man/CONF_modules_load_file.3 (revision 273303) +++ secure/lib/libcrypto/man/CONF_modules_load_file.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CONF_modules_load_file 3" -.TH CONF_modules_load_file 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CONF_modules_load_file 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 =================================================================== --- secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 (revision 273303) +++ secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CRYPTO_set_ex_data 3" -.TH CRYPTO_set_ex_data 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CRYPTO_set_ex_data 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DH_generate_key.3 =================================================================== --- secure/lib/libcrypto/man/DH_generate_key.3 (revision 273303) +++ secure/lib/libcrypto/man/DH_generate_key.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_generate_key 3" -.TH DH_generate_key 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DH_generate_key 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DH_generate_parameters.3 =================================================================== --- secure/lib/libcrypto/man/DH_generate_parameters.3 (revision 273303) +++ secure/lib/libcrypto/man/DH_generate_parameters.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_generate_parameters 3" -.TH DH_generate_parameters 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DH_generate_parameters 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DH_get_ex_new_index.3 =================================================================== --- secure/lib/libcrypto/man/DH_get_ex_new_index.3 (revision 273303) +++ secure/lib/libcrypto/man/DH_get_ex_new_index.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_get_ex_new_index 3" -.TH DH_get_ex_new_index 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DH_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DH_new.3 =================================================================== --- secure/lib/libcrypto/man/DH_new.3 (revision 273303) +++ secure/lib/libcrypto/man/DH_new.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_new 3" -.TH DH_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DH_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DH_set_method.3 =================================================================== --- secure/lib/libcrypto/man/DH_set_method.3 (revision 273303) +++ secure/lib/libcrypto/man/DH_set_method.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_set_method 3" -.TH DH_set_method 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DH_set_method 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DH_size.3 =================================================================== --- secure/lib/libcrypto/man/DH_size.3 (revision 273303) +++ secure/lib/libcrypto/man/DH_size.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_size 3" -.TH DH_size 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DH_size 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DSA_SIG_new.3 =================================================================== --- secure/lib/libcrypto/man/DSA_SIG_new.3 (revision 273303) +++ secure/lib/libcrypto/man/DSA_SIG_new.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_SIG_new 3" -.TH DSA_SIG_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSA_SIG_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DSA_do_sign.3 =================================================================== --- secure/lib/libcrypto/man/DSA_do_sign.3 (revision 273303) +++ secure/lib/libcrypto/man/DSA_do_sign.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_do_sign 3" -.TH DSA_do_sign 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSA_do_sign 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DSA_dup_DH.3 =================================================================== --- secure/lib/libcrypto/man/DSA_dup_DH.3 (revision 273303) +++ secure/lib/libcrypto/man/DSA_dup_DH.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_dup_DH 3" -.TH DSA_dup_DH 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSA_dup_DH 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DSA_generate_key.3 =================================================================== --- secure/lib/libcrypto/man/DSA_generate_key.3 (revision 273303) +++ secure/lib/libcrypto/man/DSA_generate_key.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_generate_key 3" -.TH DSA_generate_key 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSA_generate_key 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DSA_generate_parameters.3 =================================================================== --- secure/lib/libcrypto/man/DSA_generate_parameters.3 (revision 273303) +++ secure/lib/libcrypto/man/DSA_generate_parameters.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_generate_parameters 3" -.TH DSA_generate_parameters 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSA_generate_parameters 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DSA_get_ex_new_index.3 =================================================================== --- secure/lib/libcrypto/man/DSA_get_ex_new_index.3 (revision 273303) +++ secure/lib/libcrypto/man/DSA_get_ex_new_index.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_get_ex_new_index 3" -.TH DSA_get_ex_new_index 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSA_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DSA_new.3 =================================================================== --- secure/lib/libcrypto/man/DSA_new.3 (revision 273303) +++ secure/lib/libcrypto/man/DSA_new.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_new 3" -.TH DSA_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSA_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DSA_set_method.3 =================================================================== --- secure/lib/libcrypto/man/DSA_set_method.3 (revision 273303) +++ secure/lib/libcrypto/man/DSA_set_method.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_set_method 3" -.TH DSA_set_method 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSA_set_method 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DSA_sign.3 =================================================================== --- secure/lib/libcrypto/man/DSA_sign.3 (revision 273303) +++ secure/lib/libcrypto/man/DSA_sign.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_sign 3" -.TH DSA_sign 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSA_sign 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/DSA_size.3 =================================================================== --- secure/lib/libcrypto/man/DSA_size.3 (revision 273303) +++ secure/lib/libcrypto/man/DSA_size.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_size 3" -.TH DSA_size 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSA_size 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ERR_GET_LIB.3 =================================================================== --- secure/lib/libcrypto/man/ERR_GET_LIB.3 (revision 273303) +++ secure/lib/libcrypto/man/ERR_GET_LIB.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_GET_LIB 3" -.TH ERR_GET_LIB 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ERR_GET_LIB 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ERR_clear_error.3 =================================================================== --- secure/lib/libcrypto/man/ERR_clear_error.3 (revision 273303) +++ secure/lib/libcrypto/man/ERR_clear_error.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_clear_error 3" -.TH ERR_clear_error 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ERR_clear_error 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ERR_error_string.3 =================================================================== --- secure/lib/libcrypto/man/ERR_error_string.3 (revision 273303) +++ secure/lib/libcrypto/man/ERR_error_string.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_error_string 3" -.TH ERR_error_string 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ERR_error_string 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ERR_get_error.3 =================================================================== --- secure/lib/libcrypto/man/ERR_get_error.3 (revision 273303) +++ secure/lib/libcrypto/man/ERR_get_error.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_get_error 3" -.TH ERR_get_error 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ERR_get_error 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ERR_load_crypto_strings.3 =================================================================== --- secure/lib/libcrypto/man/ERR_load_crypto_strings.3 (revision 273303) +++ secure/lib/libcrypto/man/ERR_load_crypto_strings.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_load_crypto_strings 3" -.TH ERR_load_crypto_strings 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ERR_load_crypto_strings 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ERR_load_strings.3 =================================================================== --- secure/lib/libcrypto/man/ERR_load_strings.3 (revision 273303) +++ secure/lib/libcrypto/man/ERR_load_strings.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_load_strings 3" -.TH ERR_load_strings 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ERR_load_strings 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ERR_print_errors.3 =================================================================== --- secure/lib/libcrypto/man/ERR_print_errors.3 (revision 273303) +++ secure/lib/libcrypto/man/ERR_print_errors.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_print_errors 3" -.TH ERR_print_errors 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ERR_print_errors 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ERR_put_error.3 =================================================================== --- secure/lib/libcrypto/man/ERR_put_error.3 (revision 273303) +++ secure/lib/libcrypto/man/ERR_put_error.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_put_error 3" -.TH ERR_put_error 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ERR_put_error 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ERR_remove_state.3 =================================================================== --- secure/lib/libcrypto/man/ERR_remove_state.3 (revision 273303) +++ secure/lib/libcrypto/man/ERR_remove_state.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_remove_state 3" -.TH ERR_remove_state 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ERR_remove_state 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ERR_set_mark.3 =================================================================== --- secure/lib/libcrypto/man/ERR_set_mark.3 (revision 273303) +++ secure/lib/libcrypto/man/ERR_set_mark.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_set_mark 3" -.TH ERR_set_mark 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ERR_set_mark 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/EVP_BytesToKey.3 =================================================================== --- secure/lib/libcrypto/man/EVP_BytesToKey.3 (revision 273303) +++ secure/lib/libcrypto/man/EVP_BytesToKey.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_BytesToKey 3" -.TH EVP_BytesToKey 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_BytesToKey 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/EVP_DigestInit.3 =================================================================== --- secure/lib/libcrypto/man/EVP_DigestInit.3 (revision 273303) +++ secure/lib/libcrypto/man/EVP_DigestInit.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DigestInit 3" -.TH EVP_DigestInit 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_DigestInit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,13 +154,13 @@ EVP digest routines \& int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); \& void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); \& -\& int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); +\& int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); \& \& int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); \& int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, \& unsigned int *s); \& -\& int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); +\& int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); \& \& #define EVP_MAX_MD_SIZE 64 /* SHA512 */ \& @@ -267,7 +267,7 @@ structures for the \s-1MD2\s0, \s-1MD5\s0, \s-1SHA and \s-1RIPEMD160\s0 digest algorithms respectively. .PP \&\fIEVP_dss()\fR and \fIEVP_dss1()\fR return \fB\s-1EVP_MD\s0\fR structures for \s-1SHA\s0 and \s-1SHA1\s0 digest -algorithms but using \s-1DSS\s0 (\s-1DSA\s0) for the signature algorithm. Note: there is +algorithms but using \s-1DSS\s0 (\s-1DSA\s0) for the signature algorithm. Note: there is no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are however retained for compatibility. .PP @@ -303,15 +303,15 @@ The \fB\s-1EVP\s0\fR interface to message digests preference to the low level interfaces. This is because the code then becomes transparent to the digest used and much more flexible. .PP -New applications should use the \s-1SHA2\s0 digest algorithms such as \s-1SHA256\s0. +New applications should use the \s-1SHA2\s0 digest algorithms such as \s-1SHA256\s0. The other digest algorithms are still in common use. .PP For most applications the \fBimpl\fR parameter to \fIEVP_DigestInit_ex()\fR will be set to \s-1NULL\s0 to use the default digest implementation. .PP -The functions \fIEVP_DigestInit()\fR, \fIEVP_DigestFinal()\fR and \fIEVP_MD_CTX_copy()\fR are +The functions \fIEVP_DigestInit()\fR, \fIEVP_DigestFinal()\fR and \fIEVP_MD_CTX_copy()\fR are obsolete but are retained to maintain compatibility with existing code. New -applications should use \fIEVP_DigestInit_ex()\fR, \fIEVP_DigestFinal_ex()\fR and +applications should use \fIEVP_DigestInit_ex()\fR, \fIEVP_DigestFinal_ex()\fR and \&\fIEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context instead of initializing and cleaning it up on each call and allow non default implementations of digests to be specified. @@ -374,15 +374,19 @@ digest name passed on the command line. \& EVP_MD_CTX_destroy(mdctx); \& \& printf("Digest is: "); -\& for(i = 0; i < md_len; i++) printf("%02x", md_value[i]); +\& for(i = 0; i < md_len; i++) +\& printf("%02x", md_value[i]); \& printf("\en"); +\& +\& /* Call this once before exit. */ +\& EVP_cleanup(); +\& exit(0); \& } .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3), -\&\fImd5\fR\|(3), \fImdc2\fR\|(3), \fIripemd\fR\|(3), -\&\fIsha\fR\|(3), \fIdgst\fR\|(1) +\&\fIdgst\fR\|(1), +\&\fIevp\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal()\fR are @@ -397,7 +401,7 @@ and \fIEVP_DigestFinal_ex()\fR were added in OpenS changed to return truely const \s-1EVP_MD\s0 * in OpenSSL 0.9.7. .PP The link between digests and signing algorithms was fixed in OpenSSL 1.0 and -later, so now \fIEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA\s0, there is no need to +later, so now \fIEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA\s0; there is no need to use \fIEVP_dss1()\fR any more. .PP OpenSSL 1.0 and later does not include the \s-1MD2\s0 digest algorithm in the Index: secure/lib/libcrypto/man/EVP_DigestSignInit.3 =================================================================== --- secure/lib/libcrypto/man/EVP_DigestSignInit.3 (revision 273303) +++ secure/lib/libcrypto/man/EVP_DigestSignInit.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DigestSignInit 3" -.TH EVP_DigestSignInit 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_DigestSignInit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 =================================================================== --- secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 (revision 273303) +++ secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DigestVerifyInit 3" -.TH EVP_DigestVerifyInit 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_DigestVerifyInit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -165,7 +165,7 @@ or a negative value for failure. In particular a r the operation is not supported by the public key algorithm. .PP Unlike other functions the return value 0 from \fIEVP_DigestVerifyFinal()\fR only -indicates that the signature did not not verify successfully (that is tbs did +indicates that the signature did not verify successfully (that is tbs did not match the original data or the signature was of invalid form) it is not an indication of a more serious error. .PP @@ -185,7 +185,7 @@ For some key types and parameters the random numbe or the operation will fail. .PP The call to \fIEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest -context. This means that calls to \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can +context. This means that \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can be called later to digest and verify additional data. .PP Since only a copy of the digest context is ever finalized the context must Index: secure/lib/libcrypto/man/EVP_EncryptInit.3 =================================================================== --- secure/lib/libcrypto/man/EVP_EncryptInit.3 (revision 273303) +++ secure/lib/libcrypto/man/EVP_EncryptInit.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_EncryptInit 3" -.TH EVP_EncryptInit 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_EncryptInit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -493,37 +493,9 @@ The \s-1ASN1\s0 code is incomplete (and sometimes for certain common S/MIME ciphers (\s-1RC2\s0, \s-1DES\s0, triple \s-1DES\s0) in \s-1CBC\s0 mode. .SH "EXAMPLES" .IX Header "EXAMPLES" -Get the number of rounds used in \s-1RC5:\s0 +Encrypt a string using \s-1IDEA:\s0 .PP -.Vb 2 -\& int nrounds; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds); -.Ve -.PP -Get the \s-1RC2\s0 effective key length: -.PP -.Vb 2 -\& int key_bits; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits); -.Ve -.PP -Set the number of rounds used in \s-1RC5:\s0 -.PP -.Vb 2 -\& int nrounds; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL); -.Ve -.PP -Set the effective key length used in \s-1RC2:\s0 -.PP -.Vb 2 -\& int key_bits; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); -.Ve -.PP -Encrypt a string using blowfish: -.PP -.Vb 10 +.Vb 12 \& int do_crypt(char *outfile) \& { \& unsigned char outbuf[1024]; @@ -536,8 +508,9 @@ for certain common S/MIME ciphers (\s-1RC2\s0, \s- \& char intext[] = "Some Crypto Text"; \& EVP_CIPHER_CTX ctx; \& FILE *out; +\& \& EVP_CIPHER_CTX_init(&ctx); -\& EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv); +\& EVP_EncryptInit_ex(&ctx, EVP_idea_cbc(), NULL, key, iv); \& \& if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext))) \& { @@ -567,31 +540,37 @@ for certain common S/MIME ciphers (\s-1RC2\s0, \s- .Ve .PP The ciphertext from the above example can be decrypted using the \fBopenssl\fR -utility with the command line: +utility with the command line (shown on two lines for clarity): .PP -.Vb 1 -\& S +.Vb 2 +\& openssl idea \-d \& \& EVP_PKEY_CTX *ctx; +\& /* md is a SHA\-256 digest in this example. */ \& unsigned char *md, *sig; -\& size_t mdlen, siglen; +\& size_t mdlen = 32, siglen; \& EVP_PKEY *signing_key; -\& /* NB: assumes signing_key, md and mdlen are already set up -\& * and that signing_key is an RSA private key +\& +\& /* +\& * NB: assumes signing_key and md are set up before the next +\& * step. signing_key must be an RSA private key and md must +\& * point to the SHA\-256 digest to be signed. \& */ -\& ctx = EVP_PKEY_CTX_new(signing_key); +\& ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */); \& if (!ctx) \& /* Error occurred */ \& if (EVP_PKEY_sign_init(ctx) <= 0) @@ -208,6 +217,7 @@ Sign data using \s-1RSA\s0 with PKCS#1 padding and .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_CTX_ctrl\fR\|(3), \&\fIEVP_PKEY_encrypt\fR\|(3), \&\fIEVP_PKEY_decrypt\fR\|(3), \&\fIEVP_PKEY_verify\fR\|(3), Index: secure/lib/libcrypto/man/EVP_PKEY_verify.3 =================================================================== --- secure/lib/libcrypto/man/EVP_PKEY_verify.3 (revision 273303) +++ secure/lib/libcrypto/man/EVP_PKEY_verify.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_verify 3" -.TH EVP_PKEY_verify 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_PKEY_verify 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 =================================================================== --- secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 (revision 273303) +++ secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_verify_recover 3" -.TH EVP_PKEY_verify_recover 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_PKEY_verify_recover 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/EVP_SealInit.3 =================================================================== --- secure/lib/libcrypto/man/EVP_SealInit.3 (revision 273303) +++ secure/lib/libcrypto/man/EVP_SealInit.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SealInit 3" -.TH EVP_SealInit 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_SealInit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/EVP_SignInit.3 =================================================================== --- secure/lib/libcrypto/man/EVP_SignInit.3 (revision 273303) +++ secure/lib/libcrypto/man/EVP_SignInit.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SignInit 3" -.TH EVP_SignInit 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_SignInit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/EVP_VerifyInit.3 =================================================================== --- secure/lib/libcrypto/man/EVP_VerifyInit.3 (revision 273303) +++ secure/lib/libcrypto/man/EVP_VerifyInit.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_VerifyInit 3" -.TH EVP_VerifyInit 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EVP_VerifyInit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/OBJ_nid2obj.3 =================================================================== --- secure/lib/libcrypto/man/OBJ_nid2obj.3 (revision 273303) +++ secure/lib/libcrypto/man/OBJ_nid2obj.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OBJ_nid2obj 3" -.TH OBJ_nid2obj 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH OBJ_nid2obj 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/OPENSSL_Applink.3 =================================================================== --- secure/lib/libcrypto/man/OPENSSL_Applink.3 (revision 273303) +++ secure/lib/libcrypto/man/OPENSSL_Applink.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_Applink 3" -.TH OPENSSL_Applink 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH OPENSSL_Applink 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 =================================================================== --- secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 (revision 273303) +++ secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_VERSION_NUMBER 3" -.TH OPENSSL_VERSION_NUMBER 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH OPENSSL_VERSION_NUMBER 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/OPENSSL_config.3 =================================================================== --- secure/lib/libcrypto/man/OPENSSL_config.3 (revision 273303) +++ secure/lib/libcrypto/man/OPENSSL_config.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_config 3" -.TH OPENSSL_config 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH OPENSSL_config 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/OPENSSL_ia32cap.3 =================================================================== --- secure/lib/libcrypto/man/OPENSSL_ia32cap.3 (revision 273303) +++ secure/lib/libcrypto/man/OPENSSL_ia32cap.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_ia32cap 3" -.TH OPENSSL_ia32cap 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH OPENSSL_ia32cap 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 =================================================================== --- secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 (revision 273303) +++ secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_load_builtin_modules 3" -.TH OPENSSL_load_builtin_modules 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH OPENSSL_load_builtin_modules 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 =================================================================== --- secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 (revision 273303) +++ secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OpenSSL_add_all_algorithms 3" -.TH OpenSSL_add_all_algorithms 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH OpenSSL_add_all_algorithms 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 =================================================================== --- secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 (revision 273303) +++ secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PEM_write_bio_CMS_stream 3" -.TH PEM_write_bio_CMS_stream 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PEM_write_bio_CMS_stream 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 =================================================================== --- secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 (revision 273303) +++ secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PEM_write_bio_PKCS7_stream 3" -.TH PEM_write_bio_PKCS7_stream 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PEM_write_bio_PKCS7_stream 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/PKCS12_create.3 =================================================================== --- secure/lib/libcrypto/man/PKCS12_create.3 (revision 273303) +++ secure/lib/libcrypto/man/PKCS12_create.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_create 3" -.TH PKCS12_create 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKCS12_create 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/PKCS12_parse.3 =================================================================== --- secure/lib/libcrypto/man/PKCS12_parse.3 (revision 273303) +++ secure/lib/libcrypto/man/PKCS12_parse.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_parse 3" -.TH PKCS12_parse 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKCS12_parse 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/PKCS7_decrypt.3 =================================================================== --- secure/lib/libcrypto/man/PKCS7_decrypt.3 (revision 273303) +++ secure/lib/libcrypto/man/PKCS7_decrypt.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_decrypt 3" -.TH PKCS7_decrypt 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKCS7_decrypt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/PKCS7_encrypt.3 =================================================================== --- secure/lib/libcrypto/man/PKCS7_encrypt.3 (revision 273303) +++ secure/lib/libcrypto/man/PKCS7_encrypt.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_encrypt 3" -.TH PKCS7_encrypt 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKCS7_encrypt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/PKCS7_sign.3 =================================================================== --- secure/lib/libcrypto/man/PKCS7_sign.3 (revision 273303) +++ secure/lib/libcrypto/man/PKCS7_sign.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_sign 3" -.TH PKCS7_sign 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKCS7_sign 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 =================================================================== --- secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 (revision 273303) +++ secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_sign_add_signer 3" -.TH PKCS7_sign_add_signer 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKCS7_sign_add_signer 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/PKCS7_verify.3 =================================================================== --- secure/lib/libcrypto/man/PKCS7_verify.3 (revision 273303) +++ secure/lib/libcrypto/man/PKCS7_verify.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_verify 3" -.TH PKCS7_verify 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKCS7_verify 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RAND_add.3 =================================================================== --- secure/lib/libcrypto/man/RAND_add.3 (revision 273303) +++ secure/lib/libcrypto/man/RAND_add.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_add 3" -.TH RAND_add 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RAND_add 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RAND_bytes.3 =================================================================== --- secure/lib/libcrypto/man/RAND_bytes.3 (revision 273303) +++ secure/lib/libcrypto/man/RAND_bytes.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_bytes 3" -.TH RAND_bytes 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RAND_bytes 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RAND_cleanup.3 =================================================================== --- secure/lib/libcrypto/man/RAND_cleanup.3 (revision 273303) +++ secure/lib/libcrypto/man/RAND_cleanup.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_cleanup 3" -.TH RAND_cleanup 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RAND_cleanup 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RAND_egd.3 =================================================================== --- secure/lib/libcrypto/man/RAND_egd.3 (revision 273303) +++ secure/lib/libcrypto/man/RAND_egd.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_egd 3" -.TH RAND_egd 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RAND_egd 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RAND_load_file.3 =================================================================== --- secure/lib/libcrypto/man/RAND_load_file.3 (revision 273303) +++ secure/lib/libcrypto/man/RAND_load_file.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_load_file 3" -.TH RAND_load_file 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RAND_load_file 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RAND_set_rand_method.3 =================================================================== --- secure/lib/libcrypto/man/RAND_set_rand_method.3 (revision 273303) +++ secure/lib/libcrypto/man/RAND_set_rand_method.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_set_rand_method 3" -.TH RAND_set_rand_method 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RAND_set_rand_method 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RSA_blinding_on.3 =================================================================== --- secure/lib/libcrypto/man/RSA_blinding_on.3 (revision 273303) +++ secure/lib/libcrypto/man/RSA_blinding_on.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_blinding_on 3" -.TH RSA_blinding_on 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_blinding_on 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RSA_check_key.3 =================================================================== --- secure/lib/libcrypto/man/RSA_check_key.3 (revision 273303) +++ secure/lib/libcrypto/man/RSA_check_key.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_check_key 3" -.TH RSA_check_key 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_check_key 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RSA_generate_key.3 =================================================================== --- secure/lib/libcrypto/man/RSA_generate_key.3 (revision 273303) +++ secure/lib/libcrypto/man/RSA_generate_key.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_generate_key 3" -.TH RSA_generate_key 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_generate_key 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RSA_get_ex_new_index.3 =================================================================== --- secure/lib/libcrypto/man/RSA_get_ex_new_index.3 (revision 273303) +++ secure/lib/libcrypto/man/RSA_get_ex_new_index.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_get_ex_new_index 3" -.TH RSA_get_ex_new_index 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RSA_new.3 =================================================================== --- secure/lib/libcrypto/man/RSA_new.3 (revision 273303) +++ secure/lib/libcrypto/man/RSA_new.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_new 3" -.TH RSA_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 =================================================================== --- secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 (revision 273303) +++ secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_padding_add_PKCS1_type_1 3" -.TH RSA_padding_add_PKCS1_type_1 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_padding_add_PKCS1_type_1 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RSA_print.3 =================================================================== --- secure/lib/libcrypto/man/RSA_print.3 (revision 273303) +++ secure/lib/libcrypto/man/RSA_print.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_print 3" -.TH RSA_print 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_print 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RSA_private_encrypt.3 =================================================================== --- secure/lib/libcrypto/man/RSA_private_encrypt.3 (revision 273303) +++ secure/lib/libcrypto/man/RSA_private_encrypt.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_private_encrypt 3" -.TH RSA_private_encrypt 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_private_encrypt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RSA_public_encrypt.3 =================================================================== --- secure/lib/libcrypto/man/RSA_public_encrypt.3 (revision 273303) +++ secure/lib/libcrypto/man/RSA_public_encrypt.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_public_encrypt 3" -.TH RSA_public_encrypt 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_public_encrypt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RSA_set_method.3 =================================================================== --- secure/lib/libcrypto/man/RSA_set_method.3 (revision 273303) +++ secure/lib/libcrypto/man/RSA_set_method.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_set_method 3" -.TH RSA_set_method 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_set_method 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RSA_sign.3 =================================================================== --- secure/lib/libcrypto/man/RSA_sign.3 (revision 273303) +++ secure/lib/libcrypto/man/RSA_sign.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_sign 3" -.TH RSA_sign 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_sign 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 =================================================================== --- secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 (revision 273303) +++ secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_sign_ASN1_OCTET_STRING 3" -.TH RSA_sign_ASN1_OCTET_STRING 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_sign_ASN1_OCTET_STRING 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/RSA_size.3 =================================================================== --- secure/lib/libcrypto/man/RSA_size.3 (revision 273303) +++ secure/lib/libcrypto/man/RSA_size.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_size 3" -.TH RSA_size 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA_size 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/SMIME_read_CMS.3 =================================================================== --- secure/lib/libcrypto/man/SMIME_read_CMS.3 (revision 273303) +++ secure/lib/libcrypto/man/SMIME_read_CMS.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_read_CMS 3" -.TH SMIME_read_CMS 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SMIME_read_CMS 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/SMIME_read_PKCS7.3 =================================================================== --- secure/lib/libcrypto/man/SMIME_read_PKCS7.3 (revision 273303) +++ secure/lib/libcrypto/man/SMIME_read_PKCS7.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_read_PKCS7 3" -.TH SMIME_read_PKCS7 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SMIME_read_PKCS7 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/SMIME_write_CMS.3 =================================================================== --- secure/lib/libcrypto/man/SMIME_write_CMS.3 (revision 273303) +++ secure/lib/libcrypto/man/SMIME_write_CMS.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_write_CMS 3" -.TH SMIME_write_CMS 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SMIME_write_CMS 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/SMIME_write_PKCS7.3 =================================================================== --- secure/lib/libcrypto/man/SMIME_write_PKCS7.3 (revision 273303) +++ secure/lib/libcrypto/man/SMIME_write_PKCS7.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_write_PKCS7 3" -.TH SMIME_write_PKCS7 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SMIME_write_PKCS7 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 =================================================================== --- secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 (revision 273303) +++ secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_ENTRY_get_object 3" -.TH X509_NAME_ENTRY_get_object 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_NAME_ENTRY_get_object 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 =================================================================== --- secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 (revision 273303) +++ secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_add_entry_by_txt 3" -.TH X509_NAME_add_entry_by_txt 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_NAME_add_entry_by_txt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 =================================================================== --- secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 (revision 273303) +++ secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_get_index_by_NID 3" -.TH X509_NAME_get_index_by_NID 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_NAME_get_index_by_NID 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/X509_NAME_print_ex.3 =================================================================== --- secure/lib/libcrypto/man/X509_NAME_print_ex.3 (revision 273303) +++ secure/lib/libcrypto/man/X509_NAME_print_ex.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_print_ex 3" -.TH X509_NAME_print_ex 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_NAME_print_ex 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 =================================================================== --- secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 (revision 273303) +++ secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_get_error 3" -.TH X509_STORE_CTX_get_error 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_STORE_CTX_get_error 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 =================================================================== --- secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 (revision 273303) +++ secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_get_ex_new_index 3" -.TH X509_STORE_CTX_get_ex_new_index 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_STORE_CTX_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/X509_STORE_CTX_new.3 =================================================================== --- secure/lib/libcrypto/man/X509_STORE_CTX_new.3 (revision 273303) +++ secure/lib/libcrypto/man/X509_STORE_CTX_new.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_new 3" -.TH X509_STORE_CTX_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_STORE_CTX_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 =================================================================== --- secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 (revision 273303) +++ secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_set_verify_cb 3" -.TH X509_STORE_CTX_set_verify_cb 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_STORE_CTX_set_verify_cb 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 =================================================================== --- secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 (revision 273303) +++ secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_set_verify_cb_func 3" -.TH X509_STORE_set_verify_cb_func 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_STORE_set_verify_cb_func 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 =================================================================== --- secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 (revision 273303) +++ secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_VERIFY_PARAM_set_flags 3" -.TH X509_VERIFY_PARAM_set_flags 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_VERIFY_PARAM_set_flags 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/X509_new.3 =================================================================== --- secure/lib/libcrypto/man/X509_new.3 (revision 273303) +++ secure/lib/libcrypto/man/X509_new.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_new 3" -.TH X509_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/X509_verify_cert.3 =================================================================== --- secure/lib/libcrypto/man/X509_verify_cert.3 (revision 273303) +++ secure/lib/libcrypto/man/X509_verify_cert.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_verify_cert 3" -.TH X509_verify_cert 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509_verify_cert 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/bio.3 =================================================================== --- secure/lib/libcrypto/man/bio.3 (revision 273303) +++ secure/lib/libcrypto/man/bio.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "bio 3" -.TH bio 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH bio 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/blowfish.3 =================================================================== --- secure/lib/libcrypto/man/blowfish.3 (revision 273303) +++ secure/lib/libcrypto/man/blowfish.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "blowfish 3" -.TH blowfish 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH blowfish 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/bn.3 =================================================================== --- secure/lib/libcrypto/man/bn.3 (revision 273303) +++ secure/lib/libcrypto/man/bn.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "bn 3" -.TH bn 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH bn 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/bn_internal.3 =================================================================== --- secure/lib/libcrypto/man/bn_internal.3 (revision 273303) +++ secure/lib/libcrypto/man/bn_internal.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "bn_internal 3" -.TH bn_internal 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH bn_internal 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/buffer.3 =================================================================== --- secure/lib/libcrypto/man/buffer.3 (revision 273303) +++ secure/lib/libcrypto/man/buffer.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "buffer 3" -.TH buffer 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH buffer 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/crypto.3 =================================================================== --- secure/lib/libcrypto/man/crypto.3 (revision 273303) +++ secure/lib/libcrypto/man/crypto.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "crypto 3" -.TH crypto 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH crypto 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 =================================================================== --- secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 (revision 273303) +++ secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_ASN1_OBJECT 3" -.TH d2i_ASN1_OBJECT 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_ASN1_OBJECT 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/d2i_DHparams.3 =================================================================== --- secure/lib/libcrypto/man/d2i_DHparams.3 (revision 273303) +++ secure/lib/libcrypto/man/d2i_DHparams.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_DHparams 3" -.TH d2i_DHparams 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_DHparams 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/d2i_DSAPublicKey.3 =================================================================== --- secure/lib/libcrypto/man/d2i_DSAPublicKey.3 (revision 273303) +++ secure/lib/libcrypto/man/d2i_DSAPublicKey.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_DSAPublicKey 3" -.TH d2i_DSAPublicKey 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_DSAPublicKey 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 =================================================================== --- secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 (revision 273303) +++ secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_PKCS8PrivateKey 3" -.TH d2i_PKCS8PrivateKey 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_PKCS8PrivateKey 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/d2i_RSAPublicKey.3 =================================================================== --- secure/lib/libcrypto/man/d2i_RSAPublicKey.3 (revision 273303) +++ secure/lib/libcrypto/man/d2i_RSAPublicKey.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_RSAPublicKey 3" -.TH d2i_RSAPublicKey 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_RSAPublicKey 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/d2i_X509.3 =================================================================== --- secure/lib/libcrypto/man/d2i_X509.3 (revision 273303) +++ secure/lib/libcrypto/man/d2i_X509.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509 3" -.TH d2i_X509 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_X509 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/d2i_X509_ALGOR.3 =================================================================== --- secure/lib/libcrypto/man/d2i_X509_ALGOR.3 (revision 273303) +++ secure/lib/libcrypto/man/d2i_X509_ALGOR.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_ALGOR 3" -.TH d2i_X509_ALGOR 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_X509_ALGOR 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/d2i_X509_CRL.3 =================================================================== --- secure/lib/libcrypto/man/d2i_X509_CRL.3 (revision 273303) +++ secure/lib/libcrypto/man/d2i_X509_CRL.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_CRL 3" -.TH d2i_X509_CRL 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_X509_CRL 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/d2i_X509_NAME.3 =================================================================== --- secure/lib/libcrypto/man/d2i_X509_NAME.3 (revision 273303) +++ secure/lib/libcrypto/man/d2i_X509_NAME.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_NAME 3" -.TH d2i_X509_NAME 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_X509_NAME 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/d2i_X509_REQ.3 =================================================================== --- secure/lib/libcrypto/man/d2i_X509_REQ.3 (revision 273303) +++ secure/lib/libcrypto/man/d2i_X509_REQ.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_REQ 3" -.TH d2i_X509_REQ 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_X509_REQ 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/d2i_X509_SIG.3 =================================================================== --- secure/lib/libcrypto/man/d2i_X509_SIG.3 (revision 273303) +++ secure/lib/libcrypto/man/d2i_X509_SIG.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_SIG 3" -.TH d2i_X509_SIG 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_X509_SIG 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/des.3 =================================================================== --- secure/lib/libcrypto/man/des.3 (revision 273303) +++ secure/lib/libcrypto/man/des.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "des 3" -.TH des 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH des 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/dh.3 =================================================================== --- secure/lib/libcrypto/man/dh.3 (revision 273303) +++ secure/lib/libcrypto/man/dh.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "dh 3" -.TH dh 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH dh 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/dsa.3 =================================================================== --- secure/lib/libcrypto/man/dsa.3 (revision 273303) +++ secure/lib/libcrypto/man/dsa.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "dsa 3" -.TH dsa 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH dsa 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ecdsa.3 =================================================================== --- secure/lib/libcrypto/man/ecdsa.3 (revision 273303) +++ secure/lib/libcrypto/man/ecdsa.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ecdsa 3" -.TH ecdsa 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ecdsa 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/engine.3 =================================================================== --- secure/lib/libcrypto/man/engine.3 (revision 273303) +++ secure/lib/libcrypto/man/engine.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "engine 3" -.TH engine 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH engine 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/err.3 =================================================================== --- secure/lib/libcrypto/man/err.3 (revision 273303) +++ secure/lib/libcrypto/man/err.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "err 3" -.TH err 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH err 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/evp.3 =================================================================== --- secure/lib/libcrypto/man/evp.3 (revision 273303) +++ secure/lib/libcrypto/man/evp.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "evp 3" -.TH evp 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH evp 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/hmac.3 =================================================================== --- secure/lib/libcrypto/man/hmac.3 (revision 273303) +++ secure/lib/libcrypto/man/hmac.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "hmac 3" -.TH hmac 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH hmac 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 =================================================================== --- secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 (revision 273303) +++ secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "i2d_CMS_bio_stream 3" -.TH i2d_CMS_bio_stream 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH i2d_CMS_bio_stream 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 =================================================================== --- secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 (revision 273303) +++ secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "i2d_PKCS7_bio_stream 3" -.TH i2d_PKCS7_bio_stream 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH i2d_PKCS7_bio_stream 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/lh_stats.3 =================================================================== --- secure/lib/libcrypto/man/lh_stats.3 (revision 273303) +++ secure/lib/libcrypto/man/lh_stats.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "lh_stats 3" -.TH lh_stats 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH lh_stats 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/lhash.3 =================================================================== --- secure/lib/libcrypto/man/lhash.3 (revision 273303) +++ secure/lib/libcrypto/man/lhash.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "lhash 3" -.TH lhash 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH lhash 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/md5.3 =================================================================== --- secure/lib/libcrypto/man/md5.3 (revision 273303) +++ secure/lib/libcrypto/man/md5.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "md5 3" -.TH md5 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH md5 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/mdc2.3 =================================================================== --- secure/lib/libcrypto/man/mdc2.3 (revision 273303) +++ secure/lib/libcrypto/man/mdc2.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "mdc2 3" -.TH mdc2 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH mdc2 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/pem.3 =================================================================== --- secure/lib/libcrypto/man/pem.3 (revision 273303) +++ secure/lib/libcrypto/man/pem.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "pem 3" -.TH pem 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH pem 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/rand.3 =================================================================== --- secure/lib/libcrypto/man/rand.3 (revision 273303) +++ secure/lib/libcrypto/man/rand.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "rand 3" -.TH rand 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH rand 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/rc4.3 =================================================================== --- secure/lib/libcrypto/man/rc4.3 (revision 273303) +++ secure/lib/libcrypto/man/rc4.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "rc4 3" -.TH rc4 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH rc4 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ripemd.3 =================================================================== --- secure/lib/libcrypto/man/ripemd.3 (revision 273303) +++ secure/lib/libcrypto/man/ripemd.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ripemd 3" -.TH ripemd 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ripemd 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/rsa.3 =================================================================== --- secure/lib/libcrypto/man/rsa.3 (revision 273303) +++ secure/lib/libcrypto/man/rsa.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "rsa 3" -.TH rsa 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH rsa 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/sha.3 =================================================================== --- secure/lib/libcrypto/man/sha.3 (revision 273303) +++ secure/lib/libcrypto/man/sha.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "sha 3" -.TH sha 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH sha 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/threads.3 =================================================================== --- secure/lib/libcrypto/man/threads.3 (revision 273303) +++ secure/lib/libcrypto/man/threads.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "threads 3" -.TH threads 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH threads 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ui.3 =================================================================== --- secure/lib/libcrypto/man/ui.3 (revision 273303) +++ secure/lib/libcrypto/man/ui.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ui 3" -.TH ui 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ui 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/ui_compat.3 =================================================================== --- secure/lib/libcrypto/man/ui_compat.3 (revision 273303) +++ secure/lib/libcrypto/man/ui_compat.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ui_compat 3" -.TH ui_compat 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ui_compat 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libcrypto/man/x509.3 =================================================================== --- secure/lib/libcrypto/man/x509.3 (revision 273303) +++ secure/lib/libcrypto/man/x509.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "x509 3" -.TH x509 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH x509 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CIPHER_get_name.3 =================================================================== --- secure/lib/libssl/man/SSL_CIPHER_get_name.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CIPHER_get_name.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CIPHER_get_name 3" -.TH SSL_CIPHER_get_name 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CIPHER_get_name 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_COMP_add_compression_method.3 =================================================================== --- secure/lib/libssl/man/SSL_COMP_add_compression_method.3 (revision 273303) +++ secure/lib/libssl/man/SSL_COMP_add_compression_method.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_COMP_add_compression_method 3" -.TH SSL_COMP_add_compression_method 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_COMP_add_compression_method 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_add_extra_chain_cert 3" -.TH SSL_CTX_add_extra_chain_cert 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_add_extra_chain_cert 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_add_session.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_add_session.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_add_session.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_add_session 3" -.TH SSL_CTX_add_session 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_add_session 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_ctrl.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_ctrl.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_ctrl.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_ctrl 3" -.TH SSL_CTX_ctrl 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_ctrl 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_flush_sessions.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_flush_sessions.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_flush_sessions.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_flush_sessions 3" -.TH SSL_CTX_flush_sessions 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_flush_sessions 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_free.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_free.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_free.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_free 3" -.TH SSL_CTX_free 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_free 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_get_ex_new_index 3" -.TH SSL_CTX_get_ex_new_index 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_get_verify_mode 3" -.TH SSL_CTX_get_verify_mode 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_get_verify_mode 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_load_verify_locations 3" -.TH SSL_CTX_load_verify_locations 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_load_verify_locations 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_new.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_new.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_new.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_new 3" -.TH SSL_CTX_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_sess_number.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_sess_number.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_sess_number.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_number 3" -.TH SSL_CTX_sess_number 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_sess_number 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_set_cache_size 3" -.TH SSL_CTX_sess_set_cache_size 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_sess_set_cache_size 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_set_get_cb 3" -.TH SSL_CTX_sess_set_get_cb 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_sess_set_get_cb 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_sessions.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_sessions.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_sessions.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sessions 3" -.TH SSL_CTX_sessions 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_sessions 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_cert_store.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_cert_store.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_set_cert_store.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cert_store 3" -.TH SSL_CTX_set_cert_store 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_cert_store 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cert_verify_callback 3" -.TH SSL_CTX_set_cert_verify_callback 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_cert_verify_callback 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cipher_list 3" -.TH SSL_CTX_set_cipher_list 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_cipher_list 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_client_CA_list 3" -.TH SSL_CTX_set_client_CA_list 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_client_CA_list 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_client_cert_cb 3" -.TH SSL_CTX_set_client_cert_cb 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_client_cert_cb 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_default_passwd_cb 3" -.TH SSL_CTX_set_default_passwd_cb 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_default_passwd_cb 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_generate_session_id 3" -.TH SSL_CTX_set_generate_session_id 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_generate_session_id 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_info_callback.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_info_callback.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_set_info_callback.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_info_callback 3" -.TH SSL_CTX_set_info_callback 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_info_callback 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_max_cert_list 3" -.TH SSL_CTX_set_max_cert_list 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_max_cert_list 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_mode.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_mode.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_set_mode.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_mode 3" -.TH SSL_CTX_set_mode 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_mode 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_msg_callback 3" -.TH SSL_CTX_set_msg_callback 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_msg_callback 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_options.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_options.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_set_options.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_options 3" -.TH SSL_CTX_set_options 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_options 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_psk_client_callback 3" -.TH SSL_CTX_set_psk_client_callback 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_psk_client_callback 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_quiet_shutdown 3" -.TH SSL_CTX_set_quiet_shutdown 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_quiet_shutdown 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_session_cache_mode 3" -.TH SSL_CTX_set_session_cache_mode 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_session_cache_mode 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_session_id_context 3" -.TH SSL_CTX_set_session_id_context 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_session_id_context 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_ssl_version 3" -.TH SSL_CTX_set_ssl_version 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_ssl_version 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_timeout.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_timeout.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_set_timeout.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_timeout 3" -.TH SSL_CTX_set_timeout 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_timeout 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tlsext_ticket_key_cb 3" -.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tmp_dh_callback 3" -.TH SSL_CTX_set_tmp_dh_callback 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_tmp_dh_callback 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -175,12 +175,13 @@ even if he gets hold of the normal (certified) key only used for signing. .PP In order to perform a \s-1DH\s0 key exchange the server must use a \s-1DH\s0 group -(\s-1DH\s0 parameters) and generate a \s-1DH\s0 key. The server will always generate a new -\&\s-1DH\s0 key during the negotiation, when the \s-1DH\s0 parameters are supplied via -callback and/or when the \s-1SSL_OP_SINGLE_DH_USE\s0 option of -\&\fISSL_CTX_set_options\fR\|(3) is set. It will -immediately create a \s-1DH\s0 key, when \s-1DH\s0 parameters are supplied via -\&\fISSL_CTX_set_tmp_dh()\fR and \s-1SSL_OP_SINGLE_DH_USE\s0 is not set. In this case, +(\s-1DH\s0 parameters) and generate a \s-1DH\s0 key. +The server will always generate a new \s-1DH\s0 key during the negotiation +if either the \s-1DH\s0 parameters are supplied via callback or the +\&\s-1SSL_OP_SINGLE_DH_USE\s0 option of \fISSL_CTX_set_options\fR\|(3) is set (or both). +It will immediately create a \s-1DH\s0 key if \s-1DH\s0 parameters are supplied via +\&\fISSL_CTX_set_tmp_dh()\fR and \s-1SSL_OP_SINGLE_DH_USE\s0 is not set. +In this case, it may happen that a key is generated on initialization without later being needed, while on the other hand the computer time during the negotiation is being saved. @@ -266,7 +267,7 @@ partly left out.) \& dh_tmp = dh_512; \& break; \& case 1024: -\& if (!dh_1024) +\& if (!dh_1024) \& dh_1024 = get_dh1024(); \& dh_tmp = dh_1024; \& break; Index: secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tmp_rsa_callback 3" -.TH SSL_CTX_set_tmp_rsa_callback 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_tmp_rsa_callback 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_set_verify.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_set_verify.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_set_verify.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_verify 3" -.TH SSL_CTX_set_verify 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_set_verify 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_use_certificate.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_use_certificate.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_use_certificate.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_use_certificate 3" -.TH SSL_CTX_use_certificate 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_use_certificate 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 =================================================================== --- secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 (revision 273303) +++ secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_use_psk_identity_hint 3" -.TH SSL_CTX_use_psk_identity_hint 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_CTX_use_psk_identity_hint 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_SESSION_free.3 =================================================================== --- secure/lib/libssl/man/SSL_SESSION_free.3 (revision 273303) +++ secure/lib/libssl/man/SSL_SESSION_free.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_free 3" -.TH SSL_SESSION_free 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_SESSION_free 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 =================================================================== --- secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 (revision 273303) +++ secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_get_ex_new_index 3" -.TH SSL_SESSION_get_ex_new_index 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_SESSION_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_SESSION_get_time.3 =================================================================== --- secure/lib/libssl/man/SSL_SESSION_get_time.3 (revision 273303) +++ secure/lib/libssl/man/SSL_SESSION_get_time.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_get_time 3" -.TH SSL_SESSION_get_time 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_SESSION_get_time 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_accept.3 =================================================================== --- secure/lib/libssl/man/SSL_accept.3 (revision 273303) +++ secure/lib/libssl/man/SSL_accept.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_accept 3" -.TH SSL_accept 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_accept 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_alert_type_string.3 =================================================================== --- secure/lib/libssl/man/SSL_alert_type_string.3 (revision 273303) +++ secure/lib/libssl/man/SSL_alert_type_string.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_alert_type_string 3" -.TH SSL_alert_type_string 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_alert_type_string 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_clear.3 =================================================================== --- secure/lib/libssl/man/SSL_clear.3 (revision 273303) +++ secure/lib/libssl/man/SSL_clear.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_clear 3" -.TH SSL_clear 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_clear 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_connect.3 =================================================================== --- secure/lib/libssl/man/SSL_connect.3 (revision 273303) +++ secure/lib/libssl/man/SSL_connect.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_connect 3" -.TH SSL_connect 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_connect 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_do_handshake.3 =================================================================== --- secure/lib/libssl/man/SSL_do_handshake.3 (revision 273303) +++ secure/lib/libssl/man/SSL_do_handshake.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_do_handshake 3" -.TH SSL_do_handshake 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_do_handshake 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_free.3 =================================================================== --- secure/lib/libssl/man/SSL_free.3 (revision 273303) +++ secure/lib/libssl/man/SSL_free.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_free 3" -.TH SSL_free 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_free 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_SSL_CTX.3 =================================================================== --- secure/lib/libssl/man/SSL_get_SSL_CTX.3 (revision 273303) +++ secure/lib/libssl/man/SSL_get_SSL_CTX.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_SSL_CTX 3" -.TH SSL_get_SSL_CTX 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_SSL_CTX 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_ciphers.3 =================================================================== --- secure/lib/libssl/man/SSL_get_ciphers.3 (revision 273303) +++ secure/lib/libssl/man/SSL_get_ciphers.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ciphers 3" -.TH SSL_get_ciphers 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_ciphers 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_client_CA_list.3 =================================================================== --- secure/lib/libssl/man/SSL_get_client_CA_list.3 (revision 273303) +++ secure/lib/libssl/man/SSL_get_client_CA_list.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_client_CA_list 3" -.TH SSL_get_client_CA_list 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_client_CA_list 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_current_cipher.3 =================================================================== --- secure/lib/libssl/man/SSL_get_current_cipher.3 (revision 273303) +++ secure/lib/libssl/man/SSL_get_current_cipher.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_current_cipher 3" -.TH SSL_get_current_cipher 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_current_cipher 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_default_timeout.3 =================================================================== --- secure/lib/libssl/man/SSL_get_default_timeout.3 (revision 273303) +++ secure/lib/libssl/man/SSL_get_default_timeout.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_default_timeout 3" -.TH SSL_get_default_timeout 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_default_timeout 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_error.3 =================================================================== --- secure/lib/libssl/man/SSL_get_error.3 (revision 273303) +++ secure/lib/libssl/man/SSL_get_error.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_error 3" -.TH SSL_get_error 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_error 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 =================================================================== --- secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 (revision 273303) +++ secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3" -.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_ex_new_index.3 =================================================================== --- secure/lib/libssl/man/SSL_get_ex_new_index.3 (revision 273303) +++ secure/lib/libssl/man/SSL_get_ex_new_index.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ex_new_index 3" -.TH SSL_get_ex_new_index 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_fd.3 =================================================================== --- secure/lib/libssl/man/SSL_get_fd.3 (revision 273303) +++ secure/lib/libssl/man/SSL_get_fd.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_fd 3" -.TH SSL_get_fd 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_fd 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_peer_cert_chain.3 =================================================================== --- secure/lib/libssl/man/SSL_get_peer_cert_chain.3 (revision 273303) +++ secure/lib/libssl/man/SSL_get_peer_cert_chain.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_peer_cert_chain 3" -.TH SSL_get_peer_cert_chain 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_peer_cert_chain 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_peer_certificate.3 =================================================================== --- secure/lib/libssl/man/SSL_get_peer_certificate.3 (revision 273303) +++ secure/lib/libssl/man/SSL_get_peer_certificate.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_peer_certificate 3" -.TH SSL_get_peer_certificate 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_peer_certificate 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_psk_identity.3 =================================================================== --- secure/lib/libssl/man/SSL_get_psk_identity.3 (revision 273303) +++ secure/lib/libssl/man/SSL_get_psk_identity.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_psk_identity 3" -.TH SSL_get_psk_identity 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_psk_identity 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_rbio.3 =================================================================== --- secure/lib/libssl/man/SSL_get_rbio.3 (revision 273303) +++ secure/lib/libssl/man/SSL_get_rbio.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_rbio 3" -.TH SSL_get_rbio 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_rbio 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_session.3 =================================================================== --- secure/lib/libssl/man/SSL_get_session.3 (revision 273303) +++ secure/lib/libssl/man/SSL_get_session.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_session 3" -.TH SSL_get_session 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_session 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_verify_result.3 =================================================================== --- secure/lib/libssl/man/SSL_get_verify_result.3 (revision 273303) +++ secure/lib/libssl/man/SSL_get_verify_result.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_verify_result 3" -.TH SSL_get_verify_result 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_verify_result 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_get_version.3 =================================================================== --- secure/lib/libssl/man/SSL_get_version.3 (revision 273303) +++ secure/lib/libssl/man/SSL_get_version.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_version 3" -.TH SSL_get_version 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_get_version 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_library_init.3 =================================================================== --- secure/lib/libssl/man/SSL_library_init.3 (revision 273303) +++ secure/lib/libssl/man/SSL_library_init.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_library_init 3" -.TH SSL_library_init 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_library_init 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_load_client_CA_file.3 =================================================================== --- secure/lib/libssl/man/SSL_load_client_CA_file.3 (revision 273303) +++ secure/lib/libssl/man/SSL_load_client_CA_file.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_load_client_CA_file 3" -.TH SSL_load_client_CA_file 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_load_client_CA_file 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_new.3 =================================================================== --- secure/lib/libssl/man/SSL_new.3 (revision 273303) +++ secure/lib/libssl/man/SSL_new.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_new 3" -.TH SSL_new 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_pending.3 =================================================================== --- secure/lib/libssl/man/SSL_pending.3 (revision 273303) +++ secure/lib/libssl/man/SSL_pending.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_pending 3" -.TH SSL_pending 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_pending 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_read.3 =================================================================== --- secure/lib/libssl/man/SSL_read.3 (revision 273303) +++ secure/lib/libssl/man/SSL_read.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_read 3" -.TH SSL_read 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_read 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_rstate_string.3 =================================================================== --- secure/lib/libssl/man/SSL_rstate_string.3 (revision 273303) +++ secure/lib/libssl/man/SSL_rstate_string.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_rstate_string 3" -.TH SSL_rstate_string 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_rstate_string 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_session_reused.3 =================================================================== --- secure/lib/libssl/man/SSL_session_reused.3 (revision 273303) +++ secure/lib/libssl/man/SSL_session_reused.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_session_reused 3" -.TH SSL_session_reused 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_session_reused 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_set_bio.3 =================================================================== --- secure/lib/libssl/man/SSL_set_bio.3 (revision 273303) +++ secure/lib/libssl/man/SSL_set_bio.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_bio 3" -.TH SSL_set_bio 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_set_bio 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_set_connect_state.3 =================================================================== --- secure/lib/libssl/man/SSL_set_connect_state.3 (revision 273303) +++ secure/lib/libssl/man/SSL_set_connect_state.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_connect_state 3" -.TH SSL_set_connect_state 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_set_connect_state 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_set_fd.3 =================================================================== --- secure/lib/libssl/man/SSL_set_fd.3 (revision 273303) +++ secure/lib/libssl/man/SSL_set_fd.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_fd 3" -.TH SSL_set_fd 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_set_fd 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_set_session.3 =================================================================== --- secure/lib/libssl/man/SSL_set_session.3 (revision 273303) +++ secure/lib/libssl/man/SSL_set_session.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_session 3" -.TH SSL_set_session 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_set_session 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_set_shutdown.3 =================================================================== --- secure/lib/libssl/man/SSL_set_shutdown.3 (revision 273303) +++ secure/lib/libssl/man/SSL_set_shutdown.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_shutdown 3" -.TH SSL_set_shutdown 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_set_shutdown 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_set_verify_result.3 =================================================================== --- secure/lib/libssl/man/SSL_set_verify_result.3 (revision 273303) +++ secure/lib/libssl/man/SSL_set_verify_result.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_verify_result 3" -.TH SSL_set_verify_result 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_set_verify_result 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_shutdown.3 =================================================================== --- secure/lib/libssl/man/SSL_shutdown.3 (revision 273303) +++ secure/lib/libssl/man/SSL_shutdown.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_shutdown 3" -.TH SSL_shutdown 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_shutdown 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_state_string.3 =================================================================== --- secure/lib/libssl/man/SSL_state_string.3 (revision 273303) +++ secure/lib/libssl/man/SSL_state_string.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_state_string 3" -.TH SSL_state_string 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_state_string 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_want.3 =================================================================== --- secure/lib/libssl/man/SSL_want.3 (revision 273303) +++ secure/lib/libssl/man/SSL_want.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_want 3" -.TH SSL_want 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_want 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/SSL_write.3 =================================================================== --- secure/lib/libssl/man/SSL_write.3 (revision 273303) +++ secure/lib/libssl/man/SSL_write.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_write 3" -.TH SSL_write 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SSL_write 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/d2i_SSL_SESSION.3 =================================================================== --- secure/lib/libssl/man/d2i_SSL_SESSION.3 (revision 273303) +++ secure/lib/libssl/man/d2i_SSL_SESSION.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_SSL_SESSION 3" -.TH d2i_SSL_SESSION 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH d2i_SSL_SESSION 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/lib/libssl/man/ssl.3 =================================================================== --- secure/lib/libssl/man/ssl.3 (revision 273303) +++ secure/lib/libssl/man/ssl.3 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ssl 3" -.TH ssl 3 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ssl 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/Makefile.man =================================================================== --- secure/usr.bin/openssl/Makefile.man (revision 273303) +++ secure/usr.bin/openssl/Makefile.man (working copy) @@ -2,6 +2,7 @@ # DO NOT EDIT: generated from man-makefile-update target MAN+= CA.pl.1 MAN+= asn1parse.1 +MAN+= c_rehash.1 MAN+= ca.1 MAN+= ciphers.1 MAN+= cms.1 @@ -45,10 +46,15 @@ MAN+= verify.1 MAN+= version.1 MAN+= x509.1 MAN+= x509v3_config.1 -MLINKS+= dgst.1 md5.1 -MLINKS+= dgst.1 md4.1 -MLINKS+= dgst.1 md2.1 +MLINKS+= dgst.1 sha.1 MLINKS+= dgst.1 sha1.1 -MLINKS+= dgst.1 sha.1 MLINKS+= dgst.1 mdc2.1 MLINKS+= dgst.1 ripemd160.1 +MLINKS+= dgst.1 sha224.1 +MLINKS+= dgst.1 sha256.1 +MLINKS+= dgst.1 sha384.1 +MLINKS+= dgst.1 sha512.1 +MLINKS+= dgst.1 md2.1 +MLINKS+= dgst.1 md4.1 +MLINKS+= dgst.1 md5.1 +MLINKS+= dgst.1 dss1.1 Index: secure/usr.bin/openssl/man/CA.pl.1 =================================================================== --- secure/usr.bin/openssl/man/CA.pl.1 (revision 273303) +++ secure/usr.bin/openssl/man/CA.pl.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CA.PL 1" -.TH CA.PL 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CA.PL 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/asn1parse.1 =================================================================== --- secure/usr.bin/openssl/man/asn1parse.1 (revision 273303) +++ secure/usr.bin/openssl/man/asn1parse.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1PARSE 1" -.TH ASN1PARSE 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ASN1PARSE 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/c_rehash.1 =================================================================== --- secure/usr.bin/openssl/man/c_rehash.1 (revision 0) +++ secure/usr.bin/openssl/man/c_rehash.1 (working copy) @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "C_REHASH 1" +.TH C_REHASH 1 "2014-10-15" "1.0.1j" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +c_rehash \- Create symbolic links to files named by the hash values +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBc_rehash\fR +[ \fIdirectory\fR...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBc_rehash\fR scans directories and calculates a hash value of each \f(CW\*(C`.pem\*(C'\fR +file in the specified directory list and creates symbolic links +for each file, where the name of the link is the hash value. +This utility is useful as many programs that use OpenSSL require +directories to be set up like this in order to find certificates. +.PP +If any directories are named on the command line, then those are +processed in turn. If not, then the \fB\s-1SSL_CERT_DIR\s0\fR environment variable +is consulted; this shold be a colon-separated list of directories, +like the Unix \fB\s-1PATH\s0\fR variable. +If that is not set then the default directory (installation-specific +but often \fB/usr/local/ssl/certs\fR) is processed. +.PP +In order for a directory to be processed, the user must have write +permissions on that directory, otherwise it will be skipped. +The links created are of the form \f(CW\*(C`HHHHHHHH.D\*(C'\fR, where each \fBH\fR +is a hexadecimal character and \fBD\fR is a single decimal digit. +When processing a directory, \fBc_rehash\fR will first remove all links +that have a name in that syntax. If you have links in that format +used for other purposes, they will be removed. +Hashes for \s-1CRL\s0's look similar except the letter \fBr\fR appears after +the period, like this: \f(CW\*(C`HHHHHHHH.rD\*(C'\fR. +.PP +Multiple objects may have the same hash; they will be indicated by +incrementing the \fBD\fR value. Duplicates are found by comparing the +full \s-1SHA\-1\s0 fingerprint. A warning will be displayed if a duplicate +is found. +.PP +A warning will also be displayed if there are \fB.pem\fR files that +cannot be parsed as either a certificate or a \s-1CRL\s0. +.PP +The program uses the \fBopenssl\fR program to compute the hashes and +fingerprints. If not found in the user's \fB\s-1PATH\s0\fR, then set the +\&\fB\s-1OPENSSL\s0\fR environment variable to the full pathname. +Any program can be used, it will be invoked as follows for either +a certificate or \s-1CRL:\s0 +.PP +.Vb 2 +\& $OPENSSL x509 \-hash \-fingerprint \-noout \-in FFFFFF +\& $OPENSSL crl \-hash \-fingerprint \-noout \-in FFFFFF +.Ve +.PP +where \fB\s-1FFFFFF\s0\fR is the filename. It must output the hash of the +file on the first line, and the fingerprint on the second, +optionally prefixed with some text and an equals sign. +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL\s0\fR" 4 +.IX Item "OPENSSL" +The path to an executable to use to generate hashes and +fingerprints (see above). +.IP "\fB\s-1SSL_CERT_DIR\s0\fR" 4 +.IX Item "SSL_CERT_DIR" +Colon separated list of directories to operate on. +Ignored if directories are listed on the command line. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIcrl\fR\|(1). +\&\fIx509\fR\|(1). Property changes on: secure/usr.bin/openssl/man/c_rehash.1 ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: secure/usr.bin/openssl/man/ca.1 =================================================================== --- secure/usr.bin/openssl/man/ca.1 (revision 273303) +++ secure/usr.bin/openssl/man/ca.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CA 1" -.TH CA 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CA 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/ciphers.1 =================================================================== --- secure/usr.bin/openssl/man/ciphers.1 (revision 273303) +++ secure/usr.bin/openssl/man/ciphers.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CIPHERS 1" -.TH CIPHERS 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CIPHERS 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/cms.1 =================================================================== --- secure/usr.bin/openssl/man/cms.1 (revision 273303) +++ secure/usr.bin/openssl/man/cms.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS 1" -.TH CMS 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CMS 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/crl.1 =================================================================== --- secure/usr.bin/openssl/man/crl.1 (revision 273303) +++ secure/usr.bin/openssl/man/crl.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CRL 1" -.TH CRL 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CRL 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/crl2pkcs7.1 =================================================================== --- secure/usr.bin/openssl/man/crl2pkcs7.1 (revision 273303) +++ secure/usr.bin/openssl/man/crl2pkcs7.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CRL2PKCS7 1" -.TH CRL2PKCS7 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH CRL2PKCS7 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/dgst.1 =================================================================== --- secure/usr.bin/openssl/man/dgst.1 (revision 273303) +++ secure/usr.bin/openssl/man/dgst.1 (working copy) @@ -124,21 +124,22 @@ .\" ======================================================================== .\" .IX Title "DGST 1" -.TH DGST 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DGST 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 \- message digests +dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 \- message digests .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBdgst\fR -[\fB\-md5|\-md4|\-md2|\-sha1|\-sha|\-mdc2|\-ripemd160|\-dss1\fR] +[\fB\-sha|\-sha1|\-mdc2|\-ripemd160|\-sha224|\-sha256|\-sha384|\-sha512|\-md2|\-md4|\-md5|\-dss1\fR] [\fB\-c\fR] [\fB\-d\fR] [\fB\-hex\fR] [\fB\-binary\fR] +[\fB\-r\fR] [\fB\-out filename\fR] [\fB\-sign filename\fR] [\fB\-keyform arg\fR] @@ -147,16 +148,18 @@ [\fB\-prverify filename\fR] [\fB\-signature filename\fR] [\fB\-hmac key\fR] +[\fB\-non\-fips\-allow\fR] +[\fB\-fips\-fingerprint\fR] [\fBfile...\fR] .PP -[\fBmd5|md4|md2|sha1|sha|mdc2|ripemd160\fR] -[\fB\-c\fR] -[\fB\-d\fR] -[\fBfile...\fR] +\&\fBopenssl\fR +[\fIdigest\fR] +[\fB...\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" The digest functions output the message digest of a supplied file or files -in hexadecimal form. They can also be used for digital signing and verification. +in hexadecimal. The digest functions also generate and verify digital +signatures using message digests. .SH "OPTIONS" .IX Header "OPTIONS" .IP "\fB\-c\fR" 4 @@ -169,10 +172,14 @@ print out \s-1BIO\s0 debugging information. .IP "\fB\-hex\fR" 4 .IX Item "-hex" digest is to be output as a hex dump. This is the default case for a \*(L"normal\*(R" -digest as opposed to a digital signature. +digest as opposed to a digital signature. See \s-1NOTES\s0 below for digital +signatures using \fB\-hex\fR. .IP "\fB\-binary\fR" 4 .IX Item "-binary" output the digest or signature in binary form. +.IP "\fB\-r\fR" 4 +.IX Item "-r" +output the digest in the \*(L"coreutils\*(R" format used by programs like \fBsha1sum\fR. .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" filename to output to, or standard output by default. @@ -181,8 +188,8 @@ filename to output to, or standard output by defau digitally sign the digest using the private key in \*(L"filename\*(R". .IP "\fB\-keyform arg\fR" 4 .IX Item "-keyform arg" -Specifies the key format to sign digest with. Only \s-1PEM\s0 and \s-1ENGINE\s0 -formats are supported by the \fBdgst\fR command. +Specifies the key format to sign digest with. The \s-1DER\s0, \s-1PEM\s0, P12, +and \s-1ENGINE\s0 formats are supported. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" Use engine \fBid\fR for operations (including private key storage). @@ -241,20 +248,46 @@ generator, or an \s-1EGD\s0 socket (see \fIRAND_eg Multiple files can be specified separated by a OS-dependent character. The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. +.IP "\fB\-non\-fips\-allow\fR" 4 +.IX Item "-non-fips-allow" +enable use of non-FIPS algorithms such as \s-1MD5\s0 even in \s-1FIPS\s0 mode. +.IP "\fB\-fips\-fingerprint\fR" 4 +.IX Item "-fips-fingerprint" +compute \s-1HMAC\s0 using a specific key +for certain OpenSSL-FIPS operations. .IP "\fBfile...\fR" 4 .IX Item "file..." file or files to digest. If no files are specified then standard input is used. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To create a hex-encoded message digest of a file: + openssl dgst \-md5 \-hex file.txt +.PP +To sign a file using \s-1SHA\-256\s0 with binary file output: + openssl dgst \-sha256 \-sign privatekey.pem \-out signature.sign file.txt +.PP +To verify a signature: + openssl dgst \-sha256 \-verify publickey.pem \e + \-signature signature.sign \e + file.txt .SH "NOTES" .IX Header "NOTES" The digest of choice for all new applications is \s-1SHA1\s0. Other digests are however still widely used. .PP -If you wish to sign or verify data using the \s-1DSA\s0 algorithm then the dss1 -digest must be used. +When signing a file, \fBdgst\fR will automatically determine the algorithm +(\s-1RSA\s0, \s-1ECC\s0, etc) to use for signing based on the private key's \s-1ASN\s0.1 info. +When verifying signatures, it only handles the \s-1RSA\s0, \s-1DSA\s0, or \s-1ECDSA\s0 signature +itself, not the related data to identify the signer and algorithm used in +formats such as x.509, \s-1CMS\s0, and S/MIME. .PP A source of random numbers is required for certain signing algorithms, in -particular \s-1DSA\s0. +particular \s-1ECDSA\s0 and \s-1DSA\s0. .PP The signing and verify options should only be used if a single file is being signed or verified. +.PP +Hex signatures cannot be verified using \fBopenssl\fR. Instead, use \*(L"xxd \-r\*(R" +or similar program to transform the hex signature into a binary signature +prior to verification. Index: secure/usr.bin/openssl/man/dhparam.1 =================================================================== --- secure/usr.bin/openssl/man/dhparam.1 (revision 273303) +++ secure/usr.bin/openssl/man/dhparam.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DHPARAM 1" -.TH DHPARAM 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DHPARAM 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/dsa.1 =================================================================== --- secure/usr.bin/openssl/man/dsa.1 (revision 273303) +++ secure/usr.bin/openssl/man/dsa.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA 1" -.TH DSA 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSA 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/dsaparam.1 =================================================================== --- secure/usr.bin/openssl/man/dsaparam.1 (revision 273303) +++ secure/usr.bin/openssl/man/dsaparam.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSAPARAM 1" -.TH DSAPARAM 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH DSAPARAM 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/ec.1 =================================================================== --- secure/usr.bin/openssl/man/ec.1 (revision 273303) +++ secure/usr.bin/openssl/man/ec.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EC 1" -.TH EC 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH EC 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/ecparam.1 =================================================================== --- secure/usr.bin/openssl/man/ecparam.1 (revision 273303) +++ secure/usr.bin/openssl/man/ecparam.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ECPARAM 1" -.TH ECPARAM 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ECPARAM 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/enc.1 =================================================================== --- secure/usr.bin/openssl/man/enc.1 (revision 273303) +++ secure/usr.bin/openssl/man/enc.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ENC 1" -.TH ENC 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ENC 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/errstr.1 =================================================================== --- secure/usr.bin/openssl/man/errstr.1 (revision 273303) +++ secure/usr.bin/openssl/man/errstr.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERRSTR 1" -.TH ERRSTR 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH ERRSTR 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/gendsa.1 =================================================================== --- secure/usr.bin/openssl/man/gendsa.1 (revision 273303) +++ secure/usr.bin/openssl/man/gendsa.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "GENDSA 1" -.TH GENDSA 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH GENDSA 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/genpkey.1 =================================================================== --- secure/usr.bin/openssl/man/genpkey.1 (revision 273303) +++ secure/usr.bin/openssl/man/genpkey.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "GENPKEY 1" -.TH GENPKEY 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH GENPKEY 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/genrsa.1 =================================================================== --- secure/usr.bin/openssl/man/genrsa.1 (revision 273303) +++ secure/usr.bin/openssl/man/genrsa.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "GENRSA 1" -.TH GENRSA 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH GENRSA 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/nseq.1 =================================================================== --- secure/usr.bin/openssl/man/nseq.1 (revision 273303) +++ secure/usr.bin/openssl/man/nseq.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "NSEQ 1" -.TH NSEQ 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH NSEQ 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/ocsp.1 =================================================================== --- secure/usr.bin/openssl/man/ocsp.1 (revision 273303) +++ secure/usr.bin/openssl/man/ocsp.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OCSP 1" -.TH OCSP 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH OCSP 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/openssl.1 =================================================================== --- secure/usr.bin/openssl/man/openssl.1 (revision 273303) +++ secure/usr.bin/openssl/man/openssl.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL 1" -.TH OPENSSL 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH OPENSSL 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/passwd.1 =================================================================== --- secure/usr.bin/openssl/man/passwd.1 (revision 273303) +++ secure/usr.bin/openssl/man/passwd.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PASSWD 1" -.TH PASSWD 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PASSWD 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/pkcs12.1 =================================================================== --- secure/usr.bin/openssl/man/pkcs12.1 (revision 273303) +++ secure/usr.bin/openssl/man/pkcs12.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12 1" -.TH PKCS12 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKCS12 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/pkcs7.1 =================================================================== --- secure/usr.bin/openssl/man/pkcs7.1 (revision 273303) +++ secure/usr.bin/openssl/man/pkcs7.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7 1" -.TH PKCS7 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKCS7 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/pkcs8.1 =================================================================== --- secure/usr.bin/openssl/man/pkcs8.1 (revision 273303) +++ secure/usr.bin/openssl/man/pkcs8.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS8 1" -.TH PKCS8 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKCS8 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/pkey.1 =================================================================== --- secure/usr.bin/openssl/man/pkey.1 (revision 273303) +++ secure/usr.bin/openssl/man/pkey.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKEY 1" -.TH PKEY 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKEY 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/pkeyparam.1 =================================================================== --- secure/usr.bin/openssl/man/pkeyparam.1 (revision 273303) +++ secure/usr.bin/openssl/man/pkeyparam.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKEYPARAM 1" -.TH PKEYPARAM 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKEYPARAM 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/pkeyutl.1 =================================================================== --- secure/usr.bin/openssl/man/pkeyutl.1 (revision 273303) +++ secure/usr.bin/openssl/man/pkeyutl.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKEYUTL 1" -.TH PKEYUTL 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH PKEYUTL 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/rand.1 =================================================================== --- secure/usr.bin/openssl/man/rand.1 (revision 273303) +++ secure/usr.bin/openssl/man/rand.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND 1" -.TH RAND 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RAND 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/req.1 =================================================================== --- secure/usr.bin/openssl/man/req.1 (revision 273303) +++ secure/usr.bin/openssl/man/req.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "REQ 1" -.TH REQ 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH REQ 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/rsa.1 =================================================================== --- secure/usr.bin/openssl/man/rsa.1 (revision 273303) +++ secure/usr.bin/openssl/man/rsa.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA 1" -.TH RSA 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSA 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/rsautl.1 =================================================================== --- secure/usr.bin/openssl/man/rsautl.1 (revision 273303) +++ secure/usr.bin/openssl/man/rsautl.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSAUTL 1" -.TH RSAUTL 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH RSAUTL 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/s_client.1 =================================================================== --- secure/usr.bin/openssl/man/s_client.1 (revision 273303) +++ secure/usr.bin/openssl/man/s_client.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "S_CLIENT 1" -.TH S_CLIENT 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH S_CLIENT 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/s_server.1 =================================================================== --- secure/usr.bin/openssl/man/s_server.1 (revision 273303) +++ secure/usr.bin/openssl/man/s_server.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "S_SERVER 1" -.TH S_SERVER 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH S_SERVER 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/s_time.1 =================================================================== --- secure/usr.bin/openssl/man/s_time.1 (revision 273303) +++ secure/usr.bin/openssl/man/s_time.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "S_TIME 1" -.TH S_TIME 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH S_TIME 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/sess_id.1 =================================================================== --- secure/usr.bin/openssl/man/sess_id.1 (revision 273303) +++ secure/usr.bin/openssl/man/sess_id.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SESS_ID 1" -.TH SESS_ID 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SESS_ID 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/smime.1 =================================================================== --- secure/usr.bin/openssl/man/smime.1 (revision 273303) +++ secure/usr.bin/openssl/man/smime.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SMIME 1" -.TH SMIME 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SMIME 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/speed.1 =================================================================== --- secure/usr.bin/openssl/man/speed.1 (revision 273303) +++ secure/usr.bin/openssl/man/speed.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SPEED 1" -.TH SPEED 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SPEED 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/spkac.1 =================================================================== --- secure/usr.bin/openssl/man/spkac.1 (revision 273303) +++ secure/usr.bin/openssl/man/spkac.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SPKAC 1" -.TH SPKAC 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH SPKAC 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/ts.1 =================================================================== --- secure/usr.bin/openssl/man/ts.1 (revision 273303) +++ secure/usr.bin/openssl/man/ts.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "TS 1" -.TH TS 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH TS 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/tsget.1 =================================================================== --- secure/usr.bin/openssl/man/tsget.1 (revision 273303) +++ secure/usr.bin/openssl/man/tsget.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "TSGET 1" -.TH TSGET 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH TSGET 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/verify.1 =================================================================== --- secure/usr.bin/openssl/man/verify.1 (revision 273303) +++ secure/usr.bin/openssl/man/verify.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "VERIFY 1" -.TH VERIFY 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH VERIFY 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/version.1 =================================================================== --- secure/usr.bin/openssl/man/version.1 (revision 273303) +++ secure/usr.bin/openssl/man/version.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "VERSION 1" -.TH VERSION 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH VERSION 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/x509.1 =================================================================== --- secure/usr.bin/openssl/man/x509.1 (revision 273303) +++ secure/usr.bin/openssl/man/x509.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509 1" -.TH X509 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l Index: secure/usr.bin/openssl/man/x509v3_config.1 =================================================================== --- secure/usr.bin/openssl/man/x509v3_config.1 (revision 273303) +++ secure/usr.bin/openssl/man/x509v3_config.1 (working copy) @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509V3_CONFIG 1" -.TH X509V3_CONFIG 1 "2014-08-06" "1.0.1i" "OpenSSL" +.TH X509V3_CONFIG 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l