]>
Commit | Line | Data |
---|---|---|
ddac6087 MT |
1 | Submitted By: Robert Connolly <robert at linuxfromscratch dot org> |
2 | Date: 2005-11-13 | |
3 | Initial Package Version: 0.9.8a | |
4 | Upstream Status: Submitted upstream | |
5 | Origin: Anderson Lizardo | |
6 | Description: This patch fixes conflicts between man pages | |
7 | installed by OpenSSL and those found on other | |
8 | packages (particulary Shadow, Perl, and | |
9 | Man-pages). It also fixes syntax errors on some | |
10 | POD files that generates slightly broken man | |
11 | pages. | |
12 | ||
13 | $LastChangedBy: igor $ | |
14 | $Date: 2005-04-03 16:54:23 -0600 (Sun, 03 Apr 2005) $ | |
15 | ||
16 | --- openssl-0.9.8a.orig/FAQ 2006-09-11 08:56:58.000000000 -0500 | |
17 | +++ openssl-0.9.8a/FAQ 2006-09-11 08:57:19.000000000 -0500 | |
18 | @@ -680,7 +680,7 @@ | |
19 | ||
20 | Multi-threaded applications must provide two callback functions to | |
21 | OpenSSL by calling CRYPTO_set_locking_callback() and | |
22 | -CRYPTO_set_id_callback(). This is described in the threads(3) | |
23 | +CRYPTO_set_id_callback(). This is described in the openssl_threads(3) | |
24 | manpage. | |
25 | ||
26 | * I've compiled a program under Windows and it crashes: why? | |
27 | diff -Naur openssl-0.9.8a.orig/crypto/rand/md_rand.c openssl-0.9.8a/crypto/rand/md_rand.c | |
28 | --- openssl-0.9.8a.orig/crypto/rand/md_rand.c 2005-04-07 22:53:35.000000000 +0000 | |
29 | +++ openssl-0.9.8a/crypto/rand/md_rand.c 2005-11-14 03:59:59.000000000 +0000 | |
30 | @@ -196,7 +196,7 @@ | |
31 | int do_not_lock; | |
32 | ||
33 | /* | |
34 | - * (Based on the rand(3) manpage) | |
35 | + * (Based on the openssl_rand(3) manpage) | |
36 | * | |
37 | * The input is chopped up into units of 20 bytes (or less for | |
38 | * the last block). Each of these blocks is run through the hash | |
39 | @@ -351,7 +351,7 @@ | |
40 | num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2); | |
41 | ||
42 | /* | |
43 | - * (Based on the rand(3) manpage:) | |
44 | + * (Based on the openssl_rand(3) manpage) | |
45 | * | |
46 | * For each group of 10 bytes (or less), we do the following: | |
47 | * | |
48 | diff -Naur openssl-0.9.8a.orig/doc/apps/openssl-passwd.pod openssl-0.9.8a/doc/apps/openssl-passwd.pod | |
49 | --- openssl-0.9.8a.orig/doc/apps/openssl-passwd.pod 1970-01-01 00:00:00.000000000 +0000 | |
50 | +++ openssl-0.9.8a/doc/apps/openssl-passwd.pod 2005-11-14 03:59:59.000000000 +0000 | |
51 | @@ -0,0 +1,82 @@ | |
52 | +=pod | |
53 | + | |
54 | +=head1 NAME | |
55 | + | |
56 | +openssl-passwd - compute password hashes | |
57 | + | |
58 | +=head1 SYNOPSIS | |
59 | + | |
60 | +B<openssl passwd> | |
61 | +[B<-crypt>] | |
62 | +[B<-1>] | |
63 | +[B<-apr1>] | |
64 | +[B<-salt> I<string>] | |
65 | +[B<-in> I<file>] | |
66 | +[B<-stdin>] | |
67 | +[B<-noverify>] | |
68 | +[B<-quiet>] | |
69 | +[B<-table>] | |
70 | +{I<password>} | |
71 | + | |
72 | +=head1 DESCRIPTION | |
73 | + | |
74 | +The B<passwd> command computes the hash of a password typed at | |
75 | +run-time or the hash of each password in a list. The password list is | |
76 | +taken from the named file for option B<-in file>, from stdin for | |
77 | +option B<-stdin>, or from the command line, or from the terminal otherwise. | |
78 | +The Unix standard algorithm B<crypt> and the MD5-based BSD password | |
79 | +algorithm B<1> and its Apache variant B<apr1> are available. | |
80 | + | |
81 | +=head1 OPTIONS | |
82 | + | |
83 | +=over 4 | |
84 | + | |
85 | +=item B<-crypt> | |
86 | + | |
87 | +Use the B<crypt> algorithm (default). | |
88 | + | |
89 | +=item B<-1> | |
90 | + | |
91 | +Use the MD5 based BSD password algorithm B<1>. | |
92 | + | |
93 | +=item B<-apr1> | |
94 | + | |
95 | +Use the B<apr1> algorithm (Apache variant of the BSD algorithm). | |
96 | + | |
97 | +=item B<-salt> I<string> | |
98 | + | |
99 | +Use the specified salt. | |
100 | +When reading a password from the terminal, this implies B<-noverify>. | |
101 | + | |
102 | +=item B<-in> I<file> | |
103 | + | |
104 | +Read passwords from I<file>. | |
105 | + | |
106 | +=item B<-stdin> | |
107 | + | |
108 | +Read passwords from B<stdin>. | |
109 | + | |
110 | +=item B<-noverify> | |
111 | + | |
112 | +Don't verify when reading a password from the terminal. | |
113 | + | |
114 | +=item B<-quiet> | |
115 | + | |
116 | +Don't output warnings when passwords given at the command line are truncated. | |
117 | + | |
118 | +=item B<-table> | |
119 | + | |
120 | +In the output list, prepend the cleartext password and a TAB character | |
121 | +to each password hash. | |
122 | + | |
123 | +=back | |
124 | + | |
125 | +=head1 EXAMPLES | |
126 | + | |
127 | +B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>. | |
128 | + | |
129 | +B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>. | |
130 | + | |
131 | +B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>. | |
132 | + | |
133 | +=cut | |
134 | diff -Naur openssl-0.9.8a.orig/doc/apps/openssl.pod openssl-0.9.8a/doc/apps/openssl.pod | |
135 | --- openssl-0.9.8a.orig/doc/apps/openssl.pod 2004-01-04 18:59:14.000000000 +0000 | |
136 | +++ openssl-0.9.8a/doc/apps/openssl.pod 2005-11-14 03:59:59.000000000 +0000 | |
137 | @@ -125,7 +125,7 @@ | |
138 | ||
139 | Online Certificate Status Protocol utility. | |
140 | ||
141 | -=item L<B<passwd>|passwd(1)> | |
142 | +=item L<B<passwd>|openssl-passwd(1)> | |
143 | ||
144 | Generation of hashed passwords. | |
145 | ||
146 | @@ -325,7 +325,7 @@ | |
147 | L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>, | |
148 | L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, | |
149 | L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>, | |
150 | -L<passwd(1)|passwd(1)>, | |
151 | +L<openssl-passwd(1)|openssl-passwd(1)>, | |
152 | L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>, | |
153 | L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>, | |
154 | L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>, | |
155 | diff -Naur openssl-0.9.8a.orig/doc/apps/passwd.pod openssl-0.9.8a/doc/apps/passwd.pod | |
156 | --- openssl-0.9.8a.orig/doc/apps/passwd.pod 2002-10-04 12:59:00.000000000 +0000 | |
157 | +++ openssl-0.9.8a/doc/apps/passwd.pod 1970-01-01 00:00:00.000000000 +0000 | |
158 | @@ -1,82 +0,0 @@ | |
159 | -=pod | |
160 | - | |
161 | -=head1 NAME | |
162 | - | |
163 | -passwd - compute password hashes | |
164 | - | |
165 | -=head1 SYNOPSIS | |
166 | - | |
167 | -B<openssl passwd> | |
168 | -[B<-crypt>] | |
169 | -[B<-1>] | |
170 | -[B<-apr1>] | |
171 | -[B<-salt> I<string>] | |
172 | -[B<-in> I<file>] | |
173 | -[B<-stdin>] | |
174 | -[B<-noverify>] | |
175 | -[B<-quiet>] | |
176 | -[B<-table>] | |
177 | -{I<password>} | |
178 | - | |
179 | -=head1 DESCRIPTION | |
180 | - | |
181 | -The B<passwd> command computes the hash of a password typed at | |
182 | -run-time or the hash of each password in a list. The password list is | |
183 | -taken from the named file for option B<-in file>, from stdin for | |
184 | -option B<-stdin>, or from the command line, or from the terminal otherwise. | |
185 | -The Unix standard algorithm B<crypt> and the MD5-based BSD password | |
186 | -algorithm B<1> and its Apache variant B<apr1> are available. | |
187 | - | |
188 | -=head1 OPTIONS | |
189 | - | |
190 | -=over 4 | |
191 | - | |
192 | -=item B<-crypt> | |
193 | - | |
194 | -Use the B<crypt> algorithm (default). | |
195 | - | |
196 | -=item B<-1> | |
197 | - | |
198 | -Use the MD5 based BSD password algorithm B<1>. | |
199 | - | |
200 | -=item B<-apr1> | |
201 | - | |
202 | -Use the B<apr1> algorithm (Apache variant of the BSD algorithm). | |
203 | - | |
204 | -=item B<-salt> I<string> | |
205 | - | |
206 | -Use the specified salt. | |
207 | -When reading a password from the terminal, this implies B<-noverify>. | |
208 | - | |
209 | -=item B<-in> I<file> | |
210 | - | |
211 | -Read passwords from I<file>. | |
212 | - | |
213 | -=item B<-stdin> | |
214 | - | |
215 | -Read passwords from B<stdin>. | |
216 | - | |
217 | -=item B<-noverify> | |
218 | - | |
219 | -Don't verify when reading a password from the terminal. | |
220 | - | |
221 | -=item B<-quiet> | |
222 | - | |
223 | -Don't output warnings when passwords given at the command line are truncated. | |
224 | - | |
225 | -=item B<-table> | |
226 | - | |
227 | -In the output list, prepend the cleartext password and a TAB character | |
228 | -to each password hash. | |
229 | - | |
230 | -=back | |
231 | - | |
232 | -=head1 EXAMPLES | |
233 | - | |
234 | -B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>. | |
235 | - | |
236 | -B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>. | |
237 | - | |
238 | -B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>. | |
239 | - | |
240 | -=cut | |
241 | diff -Naur openssl-0.9.8a.orig/doc/crypto/BN_generate_prime.pod openssl-0.9.8a/doc/crypto/BN_generate_prime.pod | |
242 | --- openssl-0.9.8a.orig/doc/crypto/BN_generate_prime.pod 2003-01-13 13:18:22.000000000 +0000 | |
243 | +++ openssl-0.9.8a/doc/crypto/BN_generate_prime.pod 2005-11-14 03:59:59.000000000 +0000 | |
244 | @@ -90,7 +90,7 @@ | |
245 | ||
246 | =head1 SEE ALSO | |
247 | ||
248 | -L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)> | |
249 | +L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)> | |
250 | ||
251 | =head1 HISTORY | |
252 | ||
253 | diff -Naur openssl-0.9.8a.orig/doc/crypto/BN_rand.pod openssl-0.9.8a/doc/crypto/BN_rand.pod | |
254 | --- openssl-0.9.8a.orig/doc/crypto/BN_rand.pod 2002-09-25 13:33:26.000000000 +0000 | |
255 | +++ openssl-0.9.8a/doc/crypto/BN_rand.pod 2005-11-14 03:59:59.000000000 +0000 | |
256 | @@ -45,7 +45,7 @@ | |
257 | ||
258 | =head1 SEE ALSO | |
259 | ||
260 | -L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, | |
261 | +L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, | |
262 | L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)> | |
263 | ||
264 | =head1 HISTORY | |
265 | diff -Naur openssl-0.9.8a.orig/doc/crypto/CONF_modules_free.pod openssl-0.9.8a/doc/crypto/CONF_modules_free.pod | |
266 | --- openssl-0.9.8a.orig/doc/crypto/CONF_modules_free.pod 2004-03-02 13:31:32.000000000 +0000 | |
267 | +++ openssl-0.9.8a/doc/crypto/CONF_modules_free.pod 2005-11-14 03:59:59.000000000 +0000 | |
268 | @@ -37,7 +37,7 @@ | |
269 | =head1 SEE ALSO | |
270 | ||
271 | L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>, | |
272 | -L<CONF_modules_load_file(3), CONF_modules_load_file(3)> | |
273 | +L<CONF_modules_load_file(3)|CONF_modules_load_file(3)> | |
274 | ||
275 | =head1 HISTORY | |
276 | ||
277 | diff -Naur openssl-0.9.8a.orig/doc/crypto/CONF_modules_load_file.pod openssl-0.9.8a/doc/crypto/CONF_modules_load_file.pod | |
278 | --- openssl-0.9.8a.orig/doc/crypto/CONF_modules_load_file.pod 2004-03-02 13:31:32.000000000 +0000 | |
279 | +++ openssl-0.9.8a/doc/crypto/CONF_modules_load_file.pod 2005-11-14 03:59:59.000000000 +0000 | |
280 | @@ -51,7 +51,7 @@ | |
281 | =head1 SEE ALSO | |
282 | ||
283 | L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>, | |
284 | -L<CONF_free(3), CONF_free(3)>, L<err(3),err(3)> | |
285 | +L<CONF_free(3)|CONF_free(3)>, L<openssl_err(3)|openssl_err(3)> | |
286 | ||
287 | =head1 HISTORY | |
288 | ||
289 | diff -Naur openssl-0.9.8a.orig/doc/crypto/DH_generate_key.pod openssl-0.9.8a/doc/crypto/DH_generate_key.pod | |
290 | --- openssl-0.9.8a.orig/doc/crypto/DH_generate_key.pod 2002-09-25 13:33:27.000000000 +0000 | |
291 | +++ openssl-0.9.8a/doc/crypto/DH_generate_key.pod 2005-11-14 03:59:59.000000000 +0000 | |
292 | @@ -40,7 +40,7 @@ | |
293 | ||
294 | =head1 SEE ALSO | |
295 | ||
296 | -L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)> | |
297 | +L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<DH_size(3)|DH_size(3)> | |
298 | ||
299 | =head1 HISTORY | |
300 | ||
301 | diff -Naur openssl-0.9.8a.orig/doc/crypto/DH_generate_parameters.pod openssl-0.9.8a/doc/crypto/DH_generate_parameters.pod | |
302 | --- openssl-0.9.8a.orig/doc/crypto/DH_generate_parameters.pod 2002-09-25 13:33:27.000000000 +0000 | |
303 | +++ openssl-0.9.8a/doc/crypto/DH_generate_parameters.pod 2005-11-14 03:59:59.000000000 +0000 | |
304 | @@ -59,7 +59,7 @@ | |
305 | ||
306 | =head1 SEE ALSO | |
307 | ||
308 | -L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, | |
309 | +L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, | |
310 | L<DH_free(3)|DH_free(3)> | |
311 | ||
312 | =head1 HISTORY | |
313 | diff -Naur openssl-0.9.8a.orig/doc/crypto/DSA_do_sign.pod openssl-0.9.8a/doc/crypto/DSA_do_sign.pod | |
314 | --- openssl-0.9.8a.orig/doc/crypto/DSA_do_sign.pod 2002-09-25 13:33:27.000000000 +0000 | |
315 | +++ openssl-0.9.8a/doc/crypto/DSA_do_sign.pod 2005-11-14 03:59:59.000000000 +0000 | |
316 | @@ -36,7 +36,7 @@ | |
317 | ||
318 | =head1 SEE ALSO | |
319 | ||
320 | -L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, | |
321 | +L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, | |
322 | L<DSA_SIG_new(3)|DSA_SIG_new(3)>, | |
323 | L<DSA_sign(3)|DSA_sign(3)> | |
324 | ||
325 | diff -Naur openssl-0.9.8a.orig/doc/crypto/DSA_generate_key.pod openssl-0.9.8a/doc/crypto/DSA_generate_key.pod | |
326 | --- openssl-0.9.8a.orig/doc/crypto/DSA_generate_key.pod 2002-09-25 13:33:27.000000000 +0000 | |
327 | +++ openssl-0.9.8a/doc/crypto/DSA_generate_key.pod 2005-11-14 03:59:59.000000000 +0000 | |
328 | @@ -24,7 +24,7 @@ | |
329 | ||
330 | =head1 SEE ALSO | |
331 | ||
332 | -L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, | |
333 | +L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, | |
334 | L<DSA_generate_parameters(3)|DSA_generate_parameters(3)> | |
335 | ||
336 | =head1 HISTORY | |
337 | diff -Naur openssl-0.9.8a.orig/doc/crypto/DSA_generate_parameters.pod openssl-0.9.8a/doc/crypto/DSA_generate_parameters.pod | |
338 | --- openssl-0.9.8a.orig/doc/crypto/DSA_generate_parameters.pod 2002-09-25 13:33:27.000000000 +0000 | |
339 | +++ openssl-0.9.8a/doc/crypto/DSA_generate_parameters.pod 2005-11-14 03:59:59.000000000 +0000 | |
340 | @@ -90,7 +90,7 @@ | |
341 | ||
342 | =head1 SEE ALSO | |
343 | ||
344 | -L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, | |
345 | +L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, | |
346 | L<DSA_free(3)|DSA_free(3)> | |
347 | ||
348 | =head1 HISTORY | |
349 | diff -Naur openssl-0.9.8a.orig/doc/crypto/DSA_sign.pod openssl-0.9.8a/doc/crypto/DSA_sign.pod | |
350 | --- openssl-0.9.8a.orig/doc/crypto/DSA_sign.pod 2002-09-25 13:33:27.000000000 +0000 | |
351 | +++ openssl-0.9.8a/doc/crypto/DSA_sign.pod 2005-11-14 03:59:59.000000000 +0000 | |
352 | @@ -55,7 +55,7 @@ | |
353 | ||
354 | =head1 SEE ALSO | |
355 | ||
356 | -L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, | |
357 | +L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, | |
358 | L<DSA_do_sign(3)|DSA_do_sign(3)> | |
359 | ||
360 | =head1 HISTORY | |
361 | diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_GET_LIB.pod openssl-0.9.8a/doc/crypto/ERR_GET_LIB.pod | |
362 | --- openssl-0.9.8a.orig/doc/crypto/ERR_GET_LIB.pod 2000-02-01 01:36:58.000000000 +0000 | |
363 | +++ openssl-0.9.8a/doc/crypto/ERR_GET_LIB.pod 2005-11-14 03:59:59.000000000 +0000 | |
364 | @@ -41,7 +41,7 @@ | |
365 | ||
366 | =head1 SEE ALSO | |
367 | ||
368 | -L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> | |
369 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> | |
370 | ||
371 | =head1 HISTORY | |
372 | ||
373 | diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_clear_error.pod openssl-0.9.8a/doc/crypto/ERR_clear_error.pod | |
374 | --- openssl-0.9.8a.orig/doc/crypto/ERR_clear_error.pod 2000-02-01 01:36:58.000000000 +0000 | |
375 | +++ openssl-0.9.8a/doc/crypto/ERR_clear_error.pod 2005-11-14 03:59:59.000000000 +0000 | |
376 | @@ -20,7 +20,7 @@ | |
377 | ||
378 | =head1 SEE ALSO | |
379 | ||
380 | -L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> | |
381 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> | |
382 | ||
383 | =head1 HISTORY | |
384 | ||
385 | diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_error_string.pod openssl-0.9.8a/doc/crypto/ERR_error_string.pod | |
386 | --- openssl-0.9.8a.orig/doc/crypto/ERR_error_string.pod 2004-11-14 15:11:37.000000000 +0000 | |
387 | +++ openssl-0.9.8a/doc/crypto/ERR_error_string.pod 2005-11-14 03:59:59.000000000 +0000 | |
388 | @@ -60,7 +60,7 @@ | |
389 | ||
390 | =head1 SEE ALSO | |
391 | ||
392 | -L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, | |
393 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, | |
394 | L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, | |
395 | L<SSL_load_error_strings(3)|SSL_load_error_strings(3)> | |
396 | L<ERR_print_errors(3)|ERR_print_errors(3)> | |
397 | diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_get_error.pod openssl-0.9.8a/doc/crypto/ERR_get_error.pod | |
398 | --- openssl-0.9.8a.orig/doc/crypto/ERR_get_error.pod 2002-11-29 14:21:54.000000000 +0000 | |
399 | +++ openssl-0.9.8a/doc/crypto/ERR_get_error.pod 2005-11-14 03:59:59.000000000 +0000 | |
400 | @@ -61,7 +61,7 @@ | |
401 | ||
402 | =head1 SEE ALSO | |
403 | ||
404 | -L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, | |
405 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, | |
406 | L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> | |
407 | ||
408 | =head1 HISTORY | |
409 | diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_load_crypto_strings.pod openssl-0.9.8a/doc/crypto/ERR_load_crypto_strings.pod | |
410 | --- openssl-0.9.8a.orig/doc/crypto/ERR_load_crypto_strings.pod 2000-02-24 11:55:08.000000000 +0000 | |
411 | +++ openssl-0.9.8a/doc/crypto/ERR_load_crypto_strings.pod 2005-11-14 03:59:59.000000000 +0000 | |
412 | @@ -35,7 +35,7 @@ | |
413 | ||
414 | =head1 SEE ALSO | |
415 | ||
416 | -L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)> | |
417 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_error_string(3)|ERR_error_string(3)> | |
418 | ||
419 | =head1 HISTORY | |
420 | ||
421 | diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_load_strings.pod openssl-0.9.8a/doc/crypto/ERR_load_strings.pod | |
422 | --- openssl-0.9.8a.orig/doc/crypto/ERR_load_strings.pod 2000-02-24 11:55:08.000000000 +0000 | |
423 | +++ openssl-0.9.8a/doc/crypto/ERR_load_strings.pod 2005-11-14 03:59:59.000000000 +0000 | |
424 | @@ -43,7 +43,7 @@ | |
425 | ||
426 | =head1 SEE ALSO | |
427 | ||
428 | -L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> | |
429 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> | |
430 | ||
431 | =head1 HISTORY | |
432 | ||
433 | diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_print_errors.pod openssl-0.9.8a/doc/crypto/ERR_print_errors.pod | |
434 | --- openssl-0.9.8a.orig/doc/crypto/ERR_print_errors.pod 2000-02-01 01:36:59.000000000 +0000 | |
435 | +++ openssl-0.9.8a/doc/crypto/ERR_print_errors.pod 2005-11-14 03:59:59.000000000 +0000 | |
436 | @@ -38,7 +38,7 @@ | |
437 | ||
438 | =head1 SEE ALSO | |
439 | ||
440 | -L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, | |
441 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, | |
442 | L<ERR_get_error(3)|ERR_get_error(3)>, | |
443 | L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, | |
444 | L<SSL_load_error_strings(3)|SSL_load_error_strings(3)> | |
445 | diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_put_error.pod openssl-0.9.8a/doc/crypto/ERR_put_error.pod | |
446 | --- openssl-0.9.8a.orig/doc/crypto/ERR_put_error.pod 2000-02-24 11:55:08.000000000 +0000 | |
447 | +++ openssl-0.9.8a/doc/crypto/ERR_put_error.pod 2005-11-14 03:59:59.000000000 +0000 | |
448 | @@ -34,7 +34,7 @@ | |
449 | ||
450 | =head1 SEE ALSO | |
451 | ||
452 | -L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> | |
453 | +L<openssl_err(3)|openssl_err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> | |
454 | ||
455 | =head1 HISTORY | |
456 | ||
457 | diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_remove_state.pod openssl-0.9.8a/doc/crypto/ERR_remove_state.pod | |
458 | --- openssl-0.9.8a.orig/doc/crypto/ERR_remove_state.pod 2000-05-19 07:54:42.000000000 +0000 | |
459 | +++ openssl-0.9.8a/doc/crypto/ERR_remove_state.pod 2005-11-14 03:59:59.000000000 +0000 | |
460 | @@ -25,7 +25,7 @@ | |
461 | ||
462 | =head1 SEE ALSO | |
463 | ||
464 | -L<err(3)|err(3)> | |
465 | +L<openssl_err(3)|openssl_err(3)> | |
466 | ||
467 | =head1 HISTORY | |
468 | ||
469 | diff -Naur openssl-0.9.8a.orig/doc/crypto/EVP_BytesToKey.pod openssl-0.9.8a/doc/crypto/EVP_BytesToKey.pod | |
470 | --- openssl-0.9.8a.orig/doc/crypto/EVP_BytesToKey.pod 2004-11-25 17:47:30.000000000 +0000 | |
471 | +++ openssl-0.9.8a/doc/crypto/EVP_BytesToKey.pod 2005-11-14 04:00:45.000000000 +0000 | |
472 | @@ -59,7 +59,7 @@ | |
473 | ||
474 | =head1 SEE ALSO | |
475 | ||
476 | -L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, | |
477 | +L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)>, | |
478 | L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> | |
479 | ||
480 | =head1 HISTORY | |
481 | diff -Naur openssl-0.9.8a.orig/doc/crypto/EVP_OpenInit.pod openssl-0.9.8a/doc/crypto/EVP_OpenInit.pod | |
482 | --- openssl-0.9.8a.orig/doc/crypto/EVP_OpenInit.pod 2000-09-23 07:16:14.000000000 +0000 | |
483 | +++ openssl-0.9.8a/doc/crypto/EVP_OpenInit.pod 2005-11-14 03:59:59.000000000 +0000 | |
484 | @@ -54,7 +54,7 @@ | |
485 | ||
486 | =head1 SEE ALSO | |
487 | ||
488 | -L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, | |
489 | +L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)>, | |
490 | L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, | |
491 | L<EVP_SealInit(3)|EVP_SealInit(3)> | |
492 | ||
493 | diff -Naur openssl-0.9.8a.orig/doc/crypto/EVP_SealInit.pod openssl-0.9.8a/doc/crypto/EVP_SealInit.pod | |
494 | --- openssl-0.9.8a.orig/doc/crypto/EVP_SealInit.pod 2005-03-29 17:50:08.000000000 +0000 | |
495 | +++ openssl-0.9.8a/doc/crypto/EVP_SealInit.pod 2005-11-14 03:59:59.000000000 +0000 | |
496 | @@ -74,7 +74,7 @@ | |
497 | ||
498 | =head1 SEE ALSO | |
499 | ||
500 | -L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, | |
501 | +L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)>, | |
502 | L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, | |
503 | L<EVP_OpenInit(3)|EVP_OpenInit(3)> | |
504 | ||
505 | diff -Naur openssl-0.9.8a.orig/doc/crypto/EVP_SignInit.pod openssl-0.9.8a/doc/crypto/EVP_SignInit.pod | |
506 | --- openssl-0.9.8a.orig/doc/crypto/EVP_SignInit.pod 2005-03-22 17:55:33.000000000 +0000 | |
507 | +++ openssl-0.9.8a/doc/crypto/EVP_SignInit.pod 2005-11-14 03:59:59.000000000 +0000 | |
508 | @@ -80,7 +80,7 @@ | |
509 | =head1 SEE ALSO | |
510 | ||
511 | L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>, | |
512 | -L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, | |
513 | +L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<openssl_err(3)|openssl_err(3)>, | |
514 | L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, | |
515 | L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, | |
516 | L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> | |
517 | diff -Naur openssl-0.9.8a.orig/doc/crypto/EVP_VerifyInit.pod openssl-0.9.8a/doc/crypto/EVP_VerifyInit.pod | |
518 | --- openssl-0.9.8a.orig/doc/crypto/EVP_VerifyInit.pod 2002-07-10 19:35:46.000000000 +0000 | |
519 | +++ openssl-0.9.8a/doc/crypto/EVP_VerifyInit.pod 2005-11-14 03:59:59.000000000 +0000 | |
520 | @@ -71,7 +71,7 @@ | |
521 | ||
522 | L<evp(3)|evp(3)>, | |
523 | L<EVP_SignInit(3)|EVP_SignInit(3)>, | |
524 | -L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, | |
525 | +L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<openssl_err(3)|openssl_err(3)>, | |
526 | L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, | |
527 | L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, | |
528 | L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> | |
529 | diff -Naur openssl-0.9.8a.orig/doc/crypto/OPENSSL_config.pod openssl-0.9.8a/doc/crypto/OPENSSL_config.pod | |
530 | --- openssl-0.9.8a.orig/doc/crypto/OPENSSL_config.pod 2005-06-02 23:17:38.000000000 +0000 | |
531 | +++ openssl-0.9.8a/doc/crypto/OPENSSL_config.pod 2005-11-14 03:59:59.000000000 +0000 | |
532 | @@ -73,7 +73,7 @@ | |
533 | =head1 SEE ALSO | |
534 | ||
535 | L<conf(5)|conf(5)>, L<CONF_load_modules_file(3)|CONF_load_modules_file(3)>, | |
536 | -L<CONF_modules_free(3),CONF_modules_free(3)> | |
537 | +L<CONF_modules_free(3)|CONF_modules_free(3)> | |
538 | ||
539 | =head1 HISTORY | |
540 | ||
541 | diff -Naur openssl-0.9.8a.orig/doc/crypto/RAND_add.pod openssl-0.9.8a/doc/crypto/RAND_add.pod | |
542 | --- openssl-0.9.8a.orig/doc/crypto/RAND_add.pod 2000-03-22 15:30:03.000000000 +0000 | |
543 | +++ openssl-0.9.8a/doc/crypto/RAND_add.pod 2005-11-14 03:59:59.000000000 +0000 | |
544 | @@ -65,7 +65,7 @@ | |
545 | ||
546 | =head1 SEE ALSO | |
547 | ||
548 | -L<rand(3)|rand(3)>, L<RAND_egd(3)|RAND_egd(3)>, | |
549 | +L<openssl_rand(3)|openssl_rand(3)>, L<RAND_egd(3)|RAND_egd(3)>, | |
550 | L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> | |
551 | ||
552 | =head1 HISTORY | |
553 | diff -Naur openssl-0.9.8a.orig/doc/crypto/RAND_bytes.pod openssl-0.9.8a/doc/crypto/RAND_bytes.pod | |
554 | --- openssl-0.9.8a.orig/doc/crypto/RAND_bytes.pod 2002-09-25 13:33:27.000000000 +0000 | |
555 | +++ openssl-0.9.8a/doc/crypto/RAND_bytes.pod 2005-11-14 03:59:59.000000000 +0000 | |
556 | @@ -35,7 +35,7 @@ | |
557 | ||
558 | =head1 SEE ALSO | |
559 | ||
560 | -L<rand(3)|rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, | |
561 | +L<openssl_rand(3)|openssl_rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, | |
562 | L<RAND_add(3)|RAND_add(3)> | |
563 | ||
564 | =head1 HISTORY | |
565 | diff -Naur openssl-0.9.8a.orig/doc/crypto/RAND_cleanup.pod openssl-0.9.8a/doc/crypto/RAND_cleanup.pod | |
566 | --- openssl-0.9.8a.orig/doc/crypto/RAND_cleanup.pod 2000-01-27 01:25:06.000000000 +0000 | |
567 | +++ openssl-0.9.8a/doc/crypto/RAND_cleanup.pod 2005-11-14 03:59:59.000000000 +0000 | |
568 | @@ -20,7 +20,7 @@ | |
569 | ||
570 | =head1 SEE ALSO | |
571 | ||
572 | -L<rand(3)|rand(3)> | |
573 | +L<openssl_rand(3)|openssl_rand(3)> | |
574 | ||
575 | =head1 HISTORY | |
576 | ||
577 | diff -Naur openssl-0.9.8a.orig/doc/crypto/RAND_egd.pod openssl-0.9.8a/doc/crypto/RAND_egd.pod | |
578 | --- openssl-0.9.8a.orig/doc/crypto/RAND_egd.pod 2001-02-10 19:10:36.000000000 +0000 | |
579 | +++ openssl-0.9.8a/doc/crypto/RAND_egd.pod 2005-11-14 03:59:59.000000000 +0000 | |
580 | @@ -69,7 +69,7 @@ | |
581 | ||
582 | =head1 SEE ALSO | |
583 | ||
584 | -L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, | |
585 | +L<openssl_rand(3)|openssl_rand(3)>, L<RAND_add(3)|RAND_add(3)>, | |
586 | L<RAND_cleanup(3)|RAND_cleanup(3)> | |
587 | ||
588 | =head1 HISTORY | |
589 | diff -Naur openssl-0.9.8a.orig/doc/crypto/RAND_load_file.pod openssl-0.9.8a/doc/crypto/RAND_load_file.pod | |
590 | --- openssl-0.9.8a.orig/doc/crypto/RAND_load_file.pod 2001-03-21 15:25:56.000000000 +0000 | |
591 | +++ openssl-0.9.8a/doc/crypto/RAND_load_file.pod 2005-11-14 03:59:59.000000000 +0000 | |
592 | @@ -43,7 +43,7 @@ | |
593 | ||
594 | =head1 SEE ALSO | |
595 | ||
596 | -L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> | |
597 | +L<openssl_rand(3)|openssl_rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> | |
598 | ||
599 | =head1 HISTORY | |
600 | ||
601 | diff -Naur openssl-0.9.8a.orig/doc/crypto/RAND_set_rand_method.pod openssl-0.9.8a/doc/crypto/RAND_set_rand_method.pod | |
602 | --- openssl-0.9.8a.orig/doc/crypto/RAND_set_rand_method.pod 2002-08-05 16:27:01.000000000 +0000 | |
603 | +++ openssl-0.9.8a/doc/crypto/RAND_set_rand_method.pod 2005-11-14 03:59:59.000000000 +0000 | |
604 | @@ -67,7 +67,7 @@ | |
605 | ||
606 | =head1 SEE ALSO | |
607 | ||
608 | -L<rand(3)|rand(3)>, L<engine(3)|engine(3)> | |
609 | +L<openssl_rand(3)|openssl_rand(3)>, L<engine(3)|engine(3)> | |
610 | ||
611 | =head1 HISTORY | |
612 | ||
613 | diff -Naur openssl-0.9.8a.orig/doc/crypto/RSA_blinding_on.pod openssl-0.9.8a/doc/crypto/RSA_blinding_on.pod | |
614 | --- openssl-0.9.8a.orig/doc/crypto/RSA_blinding_on.pod 2000-02-24 11:55:10.000000000 +0000 | |
615 | +++ openssl-0.9.8a/doc/crypto/RSA_blinding_on.pod 2005-11-14 03:59:59.000000000 +0000 | |
616 | @@ -34,7 +34,7 @@ | |
617 | ||
618 | =head1 SEE ALSO | |
619 | ||
620 | -L<rsa(3)|rsa(3)>, L<rand(3)|rand(3)> | |
621 | +L<rsa(3)|rsa(3)>, L<openssl_rand(3)|openssl_rand(3)> | |
622 | ||
623 | =head1 HISTORY | |
624 | ||
625 | diff -Naur openssl-0.9.8a.orig/doc/crypto/RSA_generate_key.pod openssl-0.9.8a/doc/crypto/RSA_generate_key.pod | |
626 | --- openssl-0.9.8a.orig/doc/crypto/RSA_generate_key.pod 2002-09-25 13:33:27.000000000 +0000 | |
627 | +++ openssl-0.9.8a/doc/crypto/RSA_generate_key.pod 2005-11-14 03:59:59.000000000 +0000 | |
628 | @@ -59,7 +59,7 @@ | |
629 | ||
630 | =head1 SEE ALSO | |
631 | ||
632 | -L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, | |
633 | +L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, | |
634 | L<RSA_free(3)|RSA_free(3)> | |
635 | ||
636 | =head1 HISTORY | |
637 | diff -Naur openssl-0.9.8a.orig/doc/crypto/RSA_public_encrypt.pod openssl-0.9.8a/doc/crypto/RSA_public_encrypt.pod | |
638 | --- openssl-0.9.8a.orig/doc/crypto/RSA_public_encrypt.pod 2004-03-23 21:01:34.000000000 +0000 | |
639 | +++ openssl-0.9.8a/doc/crypto/RSA_public_encrypt.pod 2005-11-14 03:59:59.000000000 +0000 | |
640 | @@ -73,7 +73,7 @@ | |
641 | ||
642 | =head1 SEE ALSO | |
643 | ||
644 | -L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, | |
645 | +L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, | |
646 | L<RSA_size(3)|RSA_size(3)> | |
647 | ||
648 | =head1 HISTORY | |
649 | diff -Naur openssl-0.9.8a.orig/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod openssl-0.9.8a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod | |
650 | --- openssl-0.9.8a.orig/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod 2002-09-25 13:33:28.000000000 +0000 | |
651 | +++ openssl-0.9.8a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod 2005-11-14 03:59:59.000000000 +0000 | |
652 | @@ -48,7 +48,7 @@ | |
653 | =head1 SEE ALSO | |
654 | ||
655 | L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>, | |
656 | -L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, | |
657 | +L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, | |
658 | L<RSA_verify(3)|RSA_verify(3)> | |
659 | ||
660 | =head1 HISTORY | |
661 | diff -Naur openssl-0.9.8a.orig/doc/crypto/X509_NAME_ENTRY_get_object.pod openssl-0.9.8a/doc/crypto/X509_NAME_ENTRY_get_object.pod | |
662 | --- openssl-0.9.8a.orig/doc/crypto/X509_NAME_ENTRY_get_object.pod 2005-03-30 11:50:14.000000000 +0000 | |
663 | +++ openssl-0.9.8a/doc/crypto/X509_NAME_ENTRY_get_object.pod 2005-11-14 03:59:59.000000000 +0000 | |
664 | @@ -63,7 +63,7 @@ | |
665 | =head1 SEE ALSO | |
666 | ||
667 | L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>, | |
668 | -L<OBJ_nid2obj(3),OBJ_nid2obj(3)> | |
669 | +L<OBJ_nid2obj(3)|OBJ_nid2obj(3)> | |
670 | ||
671 | =head1 HISTORY | |
672 | ||
673 | diff -Naur openssl-0.9.8a.orig/doc/crypto/bn.pod openssl-0.9.8a/doc/crypto/bn.pod | |
674 | --- openssl-0.9.8a.orig/doc/crypto/bn.pod 2005-04-29 15:07:34.000000000 +0000 | |
675 | +++ openssl-0.9.8a/doc/crypto/bn.pod 2005-11-14 03:59:59.000000000 +0000 | |
676 | @@ -167,7 +167,7 @@ | |
677 | =head1 SEE ALSO | |
678 | ||
679 | L<bn_internal(3)|bn_internal(3)>, | |
680 | -L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, | |
681 | +L<dh(3)|dh(3)>, L<openssl_err(3)|openssl_err(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, | |
682 | L<BN_new(3)|BN_new(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>, | |
683 | L<BN_copy(3)|BN_copy(3)>, L<BN_swap(3)|BN_swap(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>, | |
684 | L<BN_add(3)|BN_add(3)>, L<BN_add_word(3)|BN_add_word(3)>, | |
685 | diff -Naur openssl-0.9.8a.orig/doc/crypto/crypto.pod openssl-0.9.8a/doc/crypto/crypto.pod | |
686 | --- openssl-0.9.8a.orig/doc/crypto/crypto.pod 2002-10-06 12:59:25.000000000 +0000 | |
687 | +++ openssl-0.9.8a/doc/crypto/crypto.pod 2005-11-14 03:59:59.000000000 +0000 | |
688 | @@ -46,7 +46,7 @@ | |
689 | ||
690 | =item AUXILIARY FUNCTIONS | |
691 | ||
692 | -L<err(3)|err(3)>, L<threads(3)|threads(3)>, L<rand(3)|rand(3)>, | |
693 | +L<openssl_err(3)|openssl_err(3)>, L<openssl_threads(3)|openssl_threads(3)>, L<openssl_rand(3)|openssl_rand(3)>, | |
694 | L<OPENSSL_VERSION_NUMBER(3)|OPENSSL_VERSION_NUMBER(3)> | |
695 | ||
696 | =item INPUT/OUTPUT, DATA ENCODING | |
697 | diff -Naur openssl-0.9.8a.orig/doc/crypto/des.pod openssl-0.9.8a/doc/crypto/des.pod | |
698 | --- openssl-0.9.8a.orig/doc/crypto/des.pod 2003-10-01 15:02:45.000000000 +0000 | |
699 | +++ openssl-0.9.8a/doc/crypto/des.pod 2005-11-14 03:59:59.000000000 +0000 | |
700 | @@ -115,7 +115,7 @@ | |
701 | the key; it is used to speed the encryption process. | |
702 | ||
703 | DES_random_key() generates a random key. The PRNG must be seeded | |
704 | -prior to using this function (see L<rand(3)|rand(3)>). If the PRNG | |
705 | +prior to using this function (see L<openssl_rand(3)|openssl_rand(3)>). If the PRNG | |
706 | could not generate a secure key, 0 is returned. | |
707 | ||
708 | Before a DES key can be used, it must be converted into the | |
709 | @@ -317,7 +317,7 @@ | |
710 | ||
711 | =head1 SEE ALSO | |
712 | ||
713 | -crypt(3), L<des_modes(7)|des_modes(7)>, L<evp(3)|evp(3)>, L<rand(3)|rand(3)> | |
714 | +crypt(3), L<des_modes(7)|des_modes(7)>, L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)> | |
715 | ||
716 | =head1 HISTORY | |
717 | ||
718 | diff -Naur openssl-0.9.8a.orig/doc/crypto/dh.pod openssl-0.9.8a/doc/crypto/dh.pod | |
719 | --- openssl-0.9.8a.orig/doc/crypto/dh.pod 2002-08-05 16:27:01.000000000 +0000 | |
720 | +++ openssl-0.9.8a/doc/crypto/dh.pod 2005-11-14 03:59:59.000000000 +0000 | |
721 | @@ -67,8 +67,8 @@ | |
722 | ||
723 | =head1 SEE ALSO | |
724 | ||
725 | -L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, | |
726 | -L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>, | |
727 | +L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<openssl_err(3)|openssl_err(3)>, | |
728 | +L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>, | |
729 | L<DH_set_method(3)|DH_set_method(3)>, L<DH_new(3)|DH_new(3)>, | |
730 | L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>, | |
731 | L<DH_generate_parameters(3)|DH_generate_parameters(3)>, | |
732 | diff -Naur openssl-0.9.8a.orig/doc/crypto/dsa.pod openssl-0.9.8a/doc/crypto/dsa.pod | |
733 | --- openssl-0.9.8a.orig/doc/crypto/dsa.pod 2002-08-05 16:27:01.000000000 +0000 | |
734 | +++ openssl-0.9.8a/doc/crypto/dsa.pod 2005-11-14 03:59:59.000000000 +0000 | |
735 | @@ -100,7 +100,7 @@ | |
736 | ||
737 | =head1 SEE ALSO | |
738 | ||
739 | -L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, | |
740 | +L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<openssl_err(3)|openssl_err(3)>, L<openssl_rand(3)|openssl_rand(3)>, | |
741 | L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<engine(3)|engine(3)>, | |
742 | L<DSA_new(3)|DSA_new(3)>, | |
743 | L<DSA_size(3)|DSA_size(3)>, | |
744 | diff -Naur openssl-0.9.8a.orig/doc/crypto/engine.pod openssl-0.9.8a/doc/crypto/engine.pod | |
745 | --- openssl-0.9.8a.orig/doc/crypto/engine.pod 2004-06-17 23:40:14.000000000 +0000 | |
746 | +++ openssl-0.9.8a/doc/crypto/engine.pod 2005-11-14 04:01:19.000000000 +0000 | |
747 | @@ -594,6 +594,6 @@ | |
748 | ||
749 | =head1 SEE ALSO | |
750 | ||
751 | -L<rsa(3)|rsa(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<rand(3)|rand(3)> | |
752 | +L<rsa(3)|rsa(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<openssl_rand(3)|openssl_rand(3)> | |
753 | ||
754 | =cut | |
755 | diff -Naur openssl-0.9.8a.orig/doc/crypto/err.pod openssl-0.9.8a/doc/crypto/err.pod | |
756 | --- openssl-0.9.8a.orig/doc/crypto/err.pod 2002-07-10 19:35:46.000000000 +0000 | |
757 | +++ openssl-0.9.8a/doc/crypto/err.pod 1970-01-01 00:00:00.000000000 +0000 | |
758 | @@ -1,187 +0,0 @@ | |
759 | -=pod | |
760 | - | |
761 | -=head1 NAME | |
762 | - | |
763 | -err - error codes | |
764 | - | |
765 | -=head1 SYNOPSIS | |
766 | - | |
767 | - #include <openssl/err.h> | |
768 | - | |
769 | - unsigned long ERR_get_error(void); | |
770 | - unsigned long ERR_peek_error(void); | |
771 | - unsigned long ERR_get_error_line(const char **file, int *line); | |
772 | - unsigned long ERR_peek_error_line(const char **file, int *line); | |
773 | - unsigned long ERR_get_error_line_data(const char **file, int *line, | |
774 | - const char **data, int *flags); | |
775 | - unsigned long ERR_peek_error_line_data(const char **file, int *line, | |
776 | - const char **data, int *flags); | |
777 | - | |
778 | - int ERR_GET_LIB(unsigned long e); | |
779 | - int ERR_GET_FUNC(unsigned long e); | |
780 | - int ERR_GET_REASON(unsigned long e); | |
781 | - | |
782 | - void ERR_clear_error(void); | |
783 | - | |
784 | - char *ERR_error_string(unsigned long e, char *buf); | |
785 | - const char *ERR_lib_error_string(unsigned long e); | |
786 | - const char *ERR_func_error_string(unsigned long e); | |
787 | - const char *ERR_reason_error_string(unsigned long e); | |
788 | - | |
789 | - void ERR_print_errors(BIO *bp); | |
790 | - void ERR_print_errors_fp(FILE *fp); | |
791 | - | |
792 | - void ERR_load_crypto_strings(void); | |
793 | - void ERR_free_strings(void); | |
794 | - | |
795 | - void ERR_remove_state(unsigned long pid); | |
796 | - | |
797 | - void ERR_put_error(int lib, int func, int reason, const char *file, | |
798 | - int line); | |
799 | - void ERR_add_error_data(int num, ...); | |
800 | - | |
801 | - void ERR_load_strings(int lib,ERR_STRING_DATA str[]); | |
802 | - unsigned long ERR_PACK(int lib, int func, int reason); | |
803 | - int ERR_get_next_error_library(void); | |
804 | - | |
805 | -=head1 DESCRIPTION | |
806 | - | |
807 | -When a call to the OpenSSL library fails, this is usually signalled | |
808 | -by the return value, and an error code is stored in an error queue | |
809 | -associated with the current thread. The B<err> library provides | |
810 | -functions to obtain these error codes and textual error messages. | |
811 | - | |
812 | -The L<ERR_get_error(3)|ERR_get_error(3)> manpage describes how to | |
813 | -access error codes. | |
814 | - | |
815 | -Error codes contain information about where the error occurred, and | |
816 | -what went wrong. L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> describes how to | |
817 | -extract this information. A method to obtain human-readable error | |
818 | -messages is described in L<ERR_error_string(3)|ERR_error_string(3)>. | |
819 | - | |
820 | -L<ERR_clear_error(3)|ERR_clear_error(3)> can be used to clear the | |
821 | -error queue. | |
822 | - | |
823 | -Note that L<ERR_remove_state(3)|ERR_remove_state(3)> should be used to | |
824 | -avoid memory leaks when threads are terminated. | |
825 | - | |
826 | -=head1 ADDING NEW ERROR CODES TO OPENSSL | |
827 | - | |
828 | -See L<ERR_put_error(3)> if you want to record error codes in the | |
829 | -OpenSSL error system from within your application. | |
830 | - | |
831 | -The remainder of this section is of interest only if you want to add | |
832 | -new error codes to OpenSSL or add error codes from external libraries. | |
833 | - | |
834 | -=head2 Reporting errors | |
835 | - | |
836 | -Each sub-library has a specific macro XXXerr() that is used to report | |
837 | -errors. Its first argument is a function code B<XXX_F_...>, the second | |
838 | -argument is a reason code B<XXX_R_...>. Function codes are derived | |
839 | -from the function names; reason codes consist of textual error | |
840 | -descriptions. For example, the function ssl23_read() reports a | |
841 | -"handshake failure" as follows: | |
842 | - | |
843 | - SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE); | |
844 | - | |
845 | -Function and reason codes should consist of upper case characters, | |
846 | -numbers and underscores only. The error file generation script translates | |
847 | -function codes into function names by looking in the header files | |
848 | -for an appropriate function name, if none is found it just uses | |
849 | -the capitalized form such as "SSL23_READ" in the above example. | |
850 | - | |
851 | -The trailing section of a reason code (after the "_R_") is translated | |
852 | -into lower case and underscores changed to spaces. | |
853 | - | |
854 | -When you are using new function or reason codes, run B<make errors>. | |
855 | -The necessary B<#define>s will then automatically be added to the | |
856 | -sub-library's header file. | |
857 | - | |
858 | -Although a library will normally report errors using its own specific | |
859 | -XXXerr macro, another library's macro can be used. This is normally | |
860 | -only done when a library wants to include ASN1 code which must use | |
861 | -the ASN1err() macro. | |
862 | - | |
863 | -=head2 Adding new libraries | |
864 | - | |
865 | -When adding a new sub-library to OpenSSL, assign it a library number | |
866 | -B<ERR_LIB_XXX>, define a macro XXXerr() (both in B<err.h>), add its | |
867 | -name to B<ERR_str_libraries[]> (in B<crypto/err/err.c>), and add | |
868 | -C<ERR_load_XXX_strings()> to the ERR_load_crypto_strings() function | |
869 | -(in B<crypto/err/err_all.c>). Finally, add an entry | |
870 | - | |
871 | - L XXX xxx.h xxx_err.c | |
872 | - | |
873 | -to B<crypto/err/openssl.ec>, and add B<xxx_err.c> to the Makefile. | |
874 | -Running B<make errors> will then generate a file B<xxx_err.c>, and | |
875 | -add all error codes used in the library to B<xxx.h>. | |
876 | - | |
877 | -Additionally the library include file must have a certain form. | |
878 | -Typically it will initially look like this: | |
879 | - | |
880 | - #ifndef HEADER_XXX_H | |
881 | - #define HEADER_XXX_H | |
882 | - | |
883 | - #ifdef __cplusplus | |
884 | - extern "C" { | |
885 | - #endif | |
886 | - | |
887 | - /* Include files */ | |
888 | - | |
889 | - #include <openssl/bio.h> | |
890 | - #include <openssl/x509.h> | |
891 | - | |
892 | - /* Macros, structures and function prototypes */ | |
893 | - | |
894 | - | |
895 | - /* BEGIN ERROR CODES */ | |
896 | - | |
897 | -The B<BEGIN ERROR CODES> sequence is used by the error code | |
898 | -generation script as the point to place new error codes, any text | |
899 | -after this point will be overwritten when B<make errors> is run. | |
900 | -The closing #endif etc will be automatically added by the script. | |
901 | - | |
902 | -The generated C error code file B<xxx_err.c> will load the header | |
903 | -files B<stdio.h>, B<openssl/err.h> and B<openssl/xxx.h> so the | |
904 | -header file must load any additional header files containing any | |
905 | -definitions it uses. | |
906 | - | |
907 | -=head1 USING ERROR CODES IN EXTERNAL LIBRARIES | |
908 | - | |
909 | -It is also possible to use OpenSSL's error code scheme in external | |
910 | -libraries. The library needs to load its own codes and call the OpenSSL | |
911 | -error code insertion script B<mkerr.pl> explicitly to add codes to | |
912 | -the header file and generate the C error code file. This will normally | |
913 | -be done if the external library needs to generate new ASN1 structures | |
914 | -but it can also be used to add more general purpose error code handling. | |
915 | - | |
916 | -TBA more details | |
917 | - | |
918 | -=head1 INTERNALS | |
919 | - | |
920 | -The error queues are stored in a hash table with one B<ERR_STATE> | |
921 | -entry for each pid. ERR_get_state() returns the current thread's | |
922 | -B<ERR_STATE>. An B<ERR_STATE> can hold up to B<ERR_NUM_ERRORS> error | |
923 | -codes. When more error codes are added, the old ones are overwritten, | |
924 | -on the assumption that the most recent errors are most important. | |
925 | - | |
926 | -Error strings are also stored in hash table. The hash tables can | |
927 | -be obtained by calling ERR_get_err_state_table(void) and | |
928 | -ERR_get_string_table(void) respectively. | |
929 | - | |
930 | -=head1 SEE ALSO | |
931 | - | |
932 | -L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>, | |
933 | -L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>, | |
934 | -L<ERR_get_error(3)|ERR_get_error(3)>, | |
935 | -L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>, | |
936 | -L<ERR_clear_error(3)|ERR_clear_error(3)>, | |
937 | -L<ERR_error_string(3)|ERR_error_string(3)>, | |
938 | -L<ERR_print_errors(3)|ERR_print_errors(3)>, | |
939 | -L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, | |
940 | -L<ERR_remove_state(3)|ERR_remove_state(3)>, | |
941 | -L<ERR_put_error(3)|ERR_put_error(3)>, | |
942 | -L<ERR_load_strings(3)|ERR_load_strings(3)>, | |
943 | -L<SSL_get_error(3)|SSL_get_error(3)> | |
944 | - | |
945 | -=cut | |
946 | diff -Naur openssl-0.9.8a.orig/doc/crypto/openssl_err.pod openssl-0.9.8a/doc/crypto/openssl_err.pod | |
947 | --- openssl-0.9.8a.orig/doc/crypto/openssl_err.pod 1970-01-01 00:00:00.000000000 +0000 | |
948 | +++ openssl-0.9.8a/doc/crypto/openssl_err.pod 2005-11-14 03:59:59.000000000 +0000 | |
949 | @@ -0,0 +1,187 @@ | |
950 | +=pod | |
951 | + | |
952 | +=head1 NAME | |
953 | + | |
954 | +openssl_err - error codes | |
955 | + | |
956 | +=head1 SYNOPSIS | |
957 | + | |
958 | + #include <openssl/err.h> | |
959 | + | |
960 | + unsigned long ERR_get_error(void); | |
961 | + unsigned long ERR_peek_error(void); | |
962 | + unsigned long ERR_get_error_line(const char **file, int *line); | |
963 | + unsigned long ERR_peek_error_line(const char **file, int *line); | |
964 | + unsigned long ERR_get_error_line_data(const char **file, int *line, | |
965 | + const char **data, int *flags); | |
966 | + unsigned long ERR_peek_error_line_data(const char **file, int *line, | |
967 | + const char **data, int *flags); | |
968 | + | |
969 | + int ERR_GET_LIB(unsigned long e); | |
970 | + int ERR_GET_FUNC(unsigned long e); | |
971 | + int ERR_GET_REASON(unsigned long e); | |
972 | + | |
973 | + void ERR_clear_error(void); | |
974 | + | |
975 | + char *ERR_error_string(unsigned long e, char *buf); | |
976 | + const char *ERR_lib_error_string(unsigned long e); | |
977 | + const char *ERR_func_error_string(unsigned long e); | |
978 | + const char *ERR_reason_error_string(unsigned long e); | |
979 | + | |
980 | + void ERR_print_errors(BIO *bp); | |
981 | + void ERR_print_errors_fp(FILE *fp); | |
982 | + | |
983 | + void ERR_load_crypto_strings(void); | |
984 | + void ERR_free_strings(void); | |
985 | + | |
986 | + void ERR_remove_state(unsigned long pid); | |
987 | + | |
988 | + void ERR_put_error(int lib, int func, int reason, const char *file, | |
989 | + int line); | |
990 | + void ERR_add_error_data(int num, ...); | |
991 | + | |
992 | + void ERR_load_strings(int lib,ERR_STRING_DATA str[]); | |
993 | + unsigned long ERR_PACK(int lib, int func, int reason); | |
994 | + int ERR_get_next_error_library(void); | |
995 | + | |
996 | +=head1 DESCRIPTION | |
997 | + | |
998 | +When a call to the OpenSSL library fails, this is usually signalled | |
999 | +by the return value, and an error code is stored in an error queue | |
1000 | +associated with the current thread. The B<err> library provides | |
1001 | +functions to obtain these error codes and textual error messages. | |
1002 | + | |
1003 | +The L<ERR_get_error(3)|ERR_get_error(3)> manpage describes how to | |
1004 | +access error codes. | |
1005 | + | |
1006 | +Error codes contain information about where the error occurred, and | |
1007 | +what went wrong. L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> describes how to | |
1008 | +extract this information. A method to obtain human-readable error | |
1009 | +messages is described in L<ERR_error_string(3)|ERR_error_string(3)>. | |
1010 | + | |
1011 | +L<ERR_clear_error(3)|ERR_clear_error(3)> can be used to clear the | |
1012 | +error queue. | |
1013 | + | |
1014 | +Note that L<ERR_remove_state(3)|ERR_remove_state(3)> should be used to | |
1015 | +avoid memory leaks when threads are terminated. | |
1016 | + | |
1017 | +=head1 ADDING NEW ERROR CODES TO OPENSSL | |
1018 | + | |
1019 | +See L<ERR_put_error(3)> if you want to record error codes in the | |
1020 | +OpenSSL error system from within your application. | |
1021 | + | |
1022 | +The remainder of this section is of interest only if you want to add | |
1023 | +new error codes to OpenSSL or add error codes from external libraries. | |
1024 | + | |
1025 | +=head2 Reporting errors | |
1026 | + | |
1027 | +Each sub-library has a specific macro XXXerr() that is used to report | |
1028 | +errors. Its first argument is a function code B<XXX_F_...>, the second | |
1029 | +argument is a reason code B<XXX_R_...>. Function codes are derived | |
1030 | +from the function names; reason codes consist of textual error | |
1031 | +descriptions. For example, the function ssl23_read() reports a | |
1032 | +"handshake failure" as follows: | |
1033 | + | |
1034 | + SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE); | |
1035 | + | |
1036 | +Function and reason codes should consist of upper case characters, | |
1037 | +numbers and underscores only. The error file generation script translates | |
1038 | +function codes into function names by looking in the header files | |
1039 | +for an appropriate function name, if none is found it just uses | |
1040 | +the capitalized form such as "SSL23_READ" in the above example. | |
1041 | + | |
1042 | +The trailing section of a reason code (after the "_R_") is translated | |
1043 | +into lower case and underscores changed to spaces. | |
1044 | + | |
1045 | +When you are using new function or reason codes, run B<make errors>. | |
1046 | +The necessary B<#define>s will then automatically be added to the | |
1047 | +sub-library's header file. | |
1048 | + | |
1049 | +Although a library will normally report errors using its own specific | |
1050 | +XXXerr macro, another library's macro can be used. This is normally | |
1051 | +only done when a library wants to include ASN1 code which must use | |
1052 | +the ASN1err() macro. | |
1053 | + | |
1054 | +=head2 Adding new libraries | |
1055 | + | |
1056 | +When adding a new sub-library to OpenSSL, assign it a library number | |
1057 | +B<ERR_LIB_XXX>, define a macro XXXerr() (both in B<err.h>), add its | |
1058 | +name to B<ERR_str_libraries[]> (in B<crypto/err/err.c>), and add | |
1059 | +C<ERR_load_XXX_strings()> to the ERR_load_crypto_strings() function | |
1060 | +(in B<crypto/err/err_all.c>). Finally, add an entry | |
1061 | + | |
1062 | + L XXX xxx.h xxx_err.c | |
1063 | + | |
1064 | +to B<crypto/err/openssl.ec>, and add B<xxx_err.c> to the Makefile. | |
1065 | +Running B<make errors> will then generate a file B<xxx_err.c>, and | |
1066 | +add all error codes used in the library to B<xxx.h>. | |
1067 | + | |
1068 | +Additionally the library include file must have a certain form. | |
1069 | +Typically it will initially look like this: | |
1070 | + | |
1071 | + #ifndef HEADER_XXX_H | |
1072 | + #define HEADER_XXX_H | |
1073 | + | |
1074 | + #ifdef __cplusplus | |
1075 | + extern "C" { | |
1076 | + #endif | |
1077 | + | |
1078 | + /* Include files */ | |
1079 | + | |
1080 | + #include <openssl/bio.h> | |
1081 | + #include <openssl/x509.h> | |
1082 | + | |
1083 | + /* Macros, structures and function prototypes */ | |
1084 | + | |
1085 | + | |
1086 | + /* BEGIN ERROR CODES */ | |
1087 | + | |
1088 | +The B<BEGIN ERROR CODES> sequence is used by the error code | |
1089 | +generation script as the point to place new error codes, any text | |
1090 | +after this point will be overwritten when B<make errors> is run. | |
1091 | +The closing #endif etc will be automatically added by the script. | |
1092 | + | |
1093 | +The generated C error code file B<xxx_err.c> will load the header | |
1094 | +files B<stdio.h>, B<openssl/err.h> and B<openssl/xxx.h> so the | |
1095 | +header file must load any additional header files containing any | |
1096 | +definitions it uses. | |
1097 | + | |
1098 | +=head1 USING ERROR CODES IN EXTERNAL LIBRARIES | |
1099 | + | |
1100 | +It is also possible to use OpenSSL's error code scheme in external | |
1101 | +libraries. The library needs to load its own codes and call the OpenSSL | |
1102 | +error code insertion script B<mkerr.pl> explicitly to add codes to | |
1103 | +the header file and generate the C error code file. This will normally | |
1104 | +be done if the external library needs to generate new ASN1 structures | |
1105 | +but it can also be used to add more general purpose error code handling. | |
1106 | + | |
1107 | +TBA more details | |
1108 | + | |
1109 | +=head1 INTERNALS | |
1110 | + | |
1111 | +The error queues are stored in a hash table with one B<ERR_STATE> | |
1112 | +entry for each pid. ERR_get_state() returns the current thread's | |
1113 | +B<ERR_STATE>. An B<ERR_STATE> can hold up to B<ERR_NUM_ERRORS> error | |
1114 | +codes. When more error codes are added, the old ones are overwritten, | |
1115 | +on the assumption that the most recent errors are most important. | |
1116 | + | |
1117 | +Error strings are also stored in hash table. The hash tables can | |
1118 | +be obtained by calling ERR_get_err_state_table(void) and | |
1119 | +ERR_get_string_table(void) respectively. | |
1120 | + | |
1121 | +=head1 SEE ALSO | |
1122 | + | |
1123 | +L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>, | |
1124 | +L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>, | |
1125 | +L<ERR_get_error(3)|ERR_get_error(3)>, | |
1126 | +L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>, | |
1127 | +L<ERR_clear_error(3)|ERR_clear_error(3)>, | |
1128 | +L<ERR_error_string(3)|ERR_error_string(3)>, | |
1129 | +L<ERR_print_errors(3)|ERR_print_errors(3)>, | |
1130 | +L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, | |
1131 | +L<ERR_remove_state(3)|ERR_remove_state(3)>, | |
1132 | +L<ERR_put_error(3)|ERR_put_error(3)>, | |
1133 | +L<ERR_load_strings(3)|ERR_load_strings(3)>, | |
1134 | +L<SSL_get_error(3)|SSL_get_error(3)> | |
1135 | + | |
1136 | +=cut | |
1137 | diff -Naur openssl-0.9.8a.orig/doc/crypto/openssl_rand.pod openssl-0.9.8a/doc/crypto/openssl_rand.pod | |
1138 | --- openssl-0.9.8a.orig/doc/crypto/openssl_rand.pod 1970-01-01 00:00:00.000000000 +0000 | |
1139 | +++ openssl-0.9.8a/doc/crypto/openssl_rand.pod 2005-11-14 03:59:59.000000000 +0000 | |
1140 | @@ -0,0 +1,175 @@ | |
1141 | +=pod | |
1142 | + | |
1143 | +=head1 NAME | |
1144 | + | |
1145 | +openssl_rand - pseudo-random number generator | |
1146 | + | |
1147 | +=head1 SYNOPSIS | |
1148 | + | |
1149 | + #include <openssl/rand.h> | |
1150 | + | |
1151 | + int RAND_set_rand_engine(ENGINE *engine); | |
1152 | + | |
1153 | + int RAND_bytes(unsigned char *buf, int num); | |
1154 | + int RAND_pseudo_bytes(unsigned char *buf, int num); | |
1155 | + | |
1156 | + void RAND_seed(const void *buf, int num); | |
1157 | + void RAND_add(const void *buf, int num, int entropy); | |
1158 | + int RAND_status(void); | |
1159 | + | |
1160 | + int RAND_load_file(const char *file, long max_bytes); | |
1161 | + int RAND_write_file(const char *file); | |
1162 | + const char *RAND_file_name(char *file, size_t num); | |
1163 | + | |
1164 | + int RAND_egd(const char *path); | |
1165 | + | |
1166 | + void RAND_set_rand_method(const RAND_METHOD *meth); | |
1167 | + const RAND_METHOD *RAND_get_rand_method(void); | |
1168 | + RAND_METHOD *RAND_SSLeay(void); | |
1169 | + | |
1170 | + void RAND_cleanup(void); | |
1171 | + | |
1172 | + /* For Win32 only */ | |
1173 | + void RAND_screen(void); | |
1174 | + int RAND_event(UINT, WPARAM, LPARAM); | |
1175 | + | |
1176 | +=head1 DESCRIPTION | |
1177 | + | |
1178 | +Since the introduction of the ENGINE API, the recommended way of controlling | |
1179 | +default implementations is by using the ENGINE API functions. The default | |
1180 | +B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by | |
1181 | +RAND_get_rand_method(), is only used if no ENGINE has been set as the default | |
1182 | +"rand" implementation. Hence, these two functions are no longer the recommened | |
1183 | +way to control defaults. | |
1184 | + | |
1185 | +If an alternative B<RAND_METHOD> implementation is being used (either set | |
1186 | +directly or as provided by an ENGINE module), then it is entirely responsible | |
1187 | +for the generation and management of a cryptographically secure PRNG stream. The | |
1188 | +mechanisms described below relate solely to the software PRNG implementation | |
1189 | +built in to OpenSSL and used by default. | |
1190 | + | |
1191 | +These functions implement a cryptographically secure pseudo-random | |
1192 | +number generator (PRNG). It is used by other library functions for | |
1193 | +example to generate random keys, and applications can use it when they | |
1194 | +need randomness. | |
1195 | + | |
1196 | +A cryptographic PRNG must be seeded with unpredictable data such as | |
1197 | +mouse movements or keys pressed at random by the user. This is | |
1198 | +described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file | |
1199 | +(see L<RAND_load_file(3)|RAND_load_file(3)>) to avoid having to go through the | |
1200 | +seeding process whenever the application is started. | |
1201 | + | |
1202 | +L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the | |
1203 | +PRNG. | |
1204 | + | |
1205 | +=head1 INTERNALS | |
1206 | + | |
1207 | +The RAND_SSLeay() method implements a PRNG based on a cryptographic | |
1208 | +hash function. | |
1209 | + | |
1210 | +The following description of its design is based on the SSLeay | |
1211 | +documentation: | |
1212 | + | |
1213 | +First up I will state the things I believe I need for a good RNG. | |
1214 | + | |
1215 | +=over 4 | |
1216 | + | |
1217 | +=item 1 | |
1218 | + | |
1219 | +A good hashing algorithm to mix things up and to convert the RNG 'state' | |
1220 | +to random numbers. | |
1221 | + | |
1222 | +=item 2 | |
1223 | + | |
1224 | +An initial source of random 'state'. | |
1225 | + | |
1226 | +=item 3 | |
1227 | + | |
1228 | +The state should be very large. If the RNG is being used to generate | |
1229 | +4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum). | |
1230 | +If your RNG state only has 128 bits, you are obviously limiting the | |
1231 | +search space to 128 bits, not 2048. I'm probably getting a little | |
1232 | +carried away on this last point but it does indicate that it may not be | |
1233 | +a bad idea to keep quite a lot of RNG state. It should be easier to | |
1234 | +break a cipher than guess the RNG seed data. | |
1235 | + | |
1236 | +=item 4 | |
1237 | + | |
1238 | +Any RNG seed data should influence all subsequent random numbers | |
1239 | +generated. This implies that any random seed data entered will have | |
1240 | +an influence on all subsequent random numbers generated. | |
1241 | + | |
1242 | +=item 5 | |
1243 | + | |
1244 | +When using data to seed the RNG state, the data used should not be | |
1245 | +extractable from the RNG state. I believe this should be a | |
1246 | +requirement because one possible source of 'secret' semi random | |
1247 | +data would be a private key or a password. This data must | |
1248 | +not be disclosed by either subsequent random numbers or a | |
1249 | +'core' dump left by a program crash. | |
1250 | + | |
1251 | +=item 6 | |
1252 | + | |
1253 | +Given the same initial 'state', 2 systems should deviate in their RNG state | |
1254 | +(and hence the random numbers generated) over time if at all possible. | |
1255 | + | |
1256 | +=item 7 | |
1257 | + | |
1258 | +Given the random number output stream, it should not be possible to determine | |
1259 | +the RNG state or the next random number. | |
1260 | + | |
1261 | +=back | |
1262 | + | |
1263 | +The algorithm is as follows. | |
1264 | + | |
1265 | +There is global state made up of a 1023 byte buffer (the 'state'), a | |
1266 | +working hash value ('md'), and a counter ('count'). | |
1267 | + | |
1268 | +Whenever seed data is added, it is inserted into the 'state' as | |
1269 | +follows. | |
1270 | + | |
1271 | +The input is chopped up into units of 20 bytes (or less for | |
1272 | +the last block). Each of these blocks is run through the hash | |
1273 | +function as follows: The data passed to the hash function | |
1274 | +is the current 'md', the same number of bytes from the 'state' | |
1275 | +(the location determined by in incremented looping index) as | |
1276 | +the current 'block', the new key data 'block', and 'count' | |
1277 | +(which is incremented after each use). | |
1278 | +The result of this is kept in 'md' and also xored into the | |
1279 | +'state' at the same locations that were used as input into the | |
1280 | +hash function. I | |
1281 | +believe this system addresses points 1 (hash function; currently | |
1282 | +SHA-1), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash | |
1283 | +function and xor). | |
1284 | + | |
1285 | +When bytes are extracted from the RNG, the following process is used. | |
1286 | +For each group of 10 bytes (or less), we do the following: | |
1287 | + | |
1288 | +Input into the hash function the local 'md' (which is initialized from | |
1289 | +the global 'md' before any bytes are generated), the bytes that are to | |
1290 | +be overwritten by the random bytes, and bytes from the 'state' | |
1291 | +(incrementing looping index). From this digest output (which is kept | |
1292 | +in 'md'), the top (up to) 10 bytes are returned to the caller and the | |
1293 | +bottom 10 bytes are xored into the 'state'. | |
1294 | + | |
1295 | +Finally, after we have finished 'num' random bytes for the caller, | |
1296 | +'count' (which is incremented) and the local and global 'md' are fed | |
1297 | +into the hash function and the results are kept in the global 'md'. | |
1298 | + | |
1299 | +I believe the above addressed points 1 (use of SHA-1), 6 (by hashing | |
1300 | +into the 'state' the 'old' data from the caller that is about to be | |
1301 | +overwritten) and 7 (by not using the 10 bytes given to the caller to | |
1302 | +update the 'state', but they are used to update 'md'). | |
1303 | + | |
1304 | +So of the points raised, only 2 is not addressed (but see | |
1305 | +L<RAND_add(3)|RAND_add(3)>). | |
1306 | + | |
1307 | +=head1 SEE ALSO | |
1308 | + | |
1309 | +L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>, | |
1310 | +L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_egd(3)|RAND_egd(3)>, | |
1311 | +L<RAND_bytes(3)|RAND_bytes(3)>, | |
1312 | +L<RAND_set_rand_method(3)|RAND_set_rand_method(3)>, | |
1313 | +L<RAND_cleanup(3)|RAND_cleanup(3)> | |
1314 | + | |
1315 | +=cut | |
1316 | diff -Naur openssl-0.9.8a.orig/doc/crypto/openssl_threads.pod openssl-0.9.8a/doc/crypto/openssl_threads.pod | |
1317 | --- openssl-0.9.8a.orig/doc/crypto/openssl_threads.pod 1970-01-01 00:00:00.000000000 +0000 | |
1318 | +++ openssl-0.9.8a/doc/crypto/openssl_threads.pod 2005-11-14 03:59:59.000000000 +0000 | |
1319 | @@ -0,0 +1,175 @@ | |
1320 | +=pod | |
1321 | + | |
1322 | +=head1 NAME | |
1323 | + | |
1324 | +CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks, | |
1325 | +CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback, | |
1326 | +CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid, | |
1327 | +CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support | |
1328 | + | |
1329 | +=head1 SYNOPSIS | |
1330 | + | |
1331 | + #include <openssl/crypto.h> | |
1332 | + | |
1333 | + void CRYPTO_set_locking_callback(void (*locking_function)(int mode, | |
1334 | + int n, const char *file, int line)); | |
1335 | + | |
1336 | + void CRYPTO_set_id_callback(unsigned long (*id_function)(void)); | |
1337 | + | |
1338 | + int CRYPTO_num_locks(void); | |
1339 | + | |
1340 | + | |
1341 | + /* struct CRYPTO_dynlock_value needs to be defined by the user */ | |
1342 | + struct CRYPTO_dynlock_value; | |
1343 | + | |
1344 | + void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value * | |
1345 | + (*dyn_create_function)(char *file, int line)); | |
1346 | + void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function) | |
1347 | + (int mode, struct CRYPTO_dynlock_value *l, | |
1348 | + const char *file, int line)); | |
1349 | + void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function) | |
1350 | + (struct CRYPTO_dynlock_value *l, const char *file, int line)); | |
1351 | + | |
1352 | + int CRYPTO_get_new_dynlockid(void); | |
1353 | + | |
1354 | + void CRYPTO_destroy_dynlockid(int i); | |
1355 | + | |
1356 | + void CRYPTO_lock(int mode, int n, const char *file, int line); | |
1357 | + | |
1358 | + #define CRYPTO_w_lock(type) \ | |
1359 | + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) | |
1360 | + #define CRYPTO_w_unlock(type) \ | |
1361 | + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) | |
1362 | + #define CRYPTO_r_lock(type) \ | |
1363 | + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) | |
1364 | + #define CRYPTO_r_unlock(type) \ | |
1365 | + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) | |
1366 | + #define CRYPTO_add(addr,amount,type) \ | |
1367 | + CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) | |
1368 | + | |
1369 | +=head1 DESCRIPTION | |
1370 | + | |
1371 | +OpenSSL can safely be used in multi-threaded applications provided | |
1372 | +that at least two callback functions are set. | |
1373 | + | |
1374 | +locking_function(int mode, int n, const char *file, int line) is | |
1375 | +needed to perform locking on shared data structures. | |
1376 | +(Note that OpenSSL uses a number of global data structures that | |
1377 | +will be implicitly shared whenever multiple threads use OpenSSL.) | |
1378 | +Multi-threaded applications will crash at random if it is not set. | |
1379 | + | |
1380 | +locking_function() must be able to handle up to CRYPTO_num_locks() | |
1381 | +different mutex locks. It sets the B<n>-th lock if B<mode> & | |
1382 | +B<CRYPTO_LOCK>, and releases it otherwise. | |
1383 | + | |
1384 | +B<file> and B<line> are the file number of the function setting the | |
1385 | +lock. They can be useful for debugging. | |
1386 | + | |
1387 | +id_function(void) is a function that returns a thread ID, for example | |
1388 | +pthread_self() if it returns an integer (see NOTES below). It isn't | |
1389 | +needed on Windows nor on platforms where getpid() returns a different | |
1390 | +ID for each thread (see NOTES below). | |
1391 | + | |
1392 | +Additionally, OpenSSL supports dynamic locks, and sometimes, some parts | |
1393 | +of OpenSSL need it for better performance. To enable this, the following | |
1394 | +is required: | |
1395 | + | |
1396 | +=over 4 | |
1397 | + | |
1398 | +=item * | |
1399 | +Three additional callback function, dyn_create_function, dyn_lock_function | |
1400 | +and dyn_destroy_function. | |
1401 | + | |
1402 | +=item * | |
1403 | +A structure defined with the data that each lock needs to handle. | |
1404 | + | |
1405 | +=back | |
1406 | + | |
1407 | +struct CRYPTO_dynlock_value has to be defined to contain whatever structure | |
1408 | +is needed to handle locks. | |
1409 | + | |
1410 | +dyn_create_function(const char *file, int line) is needed to create a | |
1411 | +lock. Multi-threaded applications might crash at random if it is not set. | |
1412 | + | |
1413 | +dyn_lock_function(int mode, CRYPTO_dynlock *l, const char *file, int line) | |
1414 | +is needed to perform locking off dynamic lock numbered n. Multi-threaded | |
1415 | +applications might crash at random if it is not set. | |
1416 | + | |
1417 | +dyn_destroy_function(CRYPTO_dynlock *l, const char *file, int line) is | |
1418 | +needed to destroy the lock l. Multi-threaded applications might crash at | |
1419 | +random if it is not set. | |
1420 | + | |
1421 | +CRYPTO_get_new_dynlockid() is used to create locks. It will call | |
1422 | +dyn_create_function for the actual creation. | |
1423 | + | |
1424 | +CRYPTO_destroy_dynlockid() is used to destroy locks. It will call | |
1425 | +dyn_destroy_function for the actual destruction. | |
1426 | + | |
1427 | +CRYPTO_lock() is used to lock and unlock the locks. mode is a bitfield | |
1428 | +describing what should be done with the lock. n is the number of the | |
1429 | +lock as returned from CRYPTO_get_new_dynlockid(). mode can be combined | |
1430 | +from the following values. These values are pairwise exclusive, with | |
1431 | +undefined behaviour if misused (for example, CRYPTO_READ and CRYPTO_WRITE | |
1432 | +should not be used together): | |
1433 | + | |
1434 | + CRYPTO_LOCK 0x01 | |
1435 | + CRYPTO_UNLOCK 0x02 | |
1436 | + CRYPTO_READ 0x04 | |
1437 | + CRYPTO_WRITE 0x08 | |
1438 | + | |
1439 | +=head1 RETURN VALUES | |
1440 | + | |
1441 | +CRYPTO_num_locks() returns the required number of locks. | |
1442 | + | |
1443 | +CRYPTO_get_new_dynlockid() returns the index to the newly created lock. | |
1444 | + | |
1445 | +The other functions return no values. | |
1446 | + | |
1447 | +=head1 NOTES | |
1448 | + | |
1449 | +You can find out if OpenSSL was configured with thread support: | |
1450 | + | |
1451 | + #define OPENSSL_THREAD_DEFINES | |
1452 | + #include <openssl/opensslconf.h> | |
1453 | + #if defined(OPENSSL_THREADS) | |
1454 | + // thread support enabled | |
1455 | + #else | |
1456 | + // no thread support | |
1457 | + #endif | |
1458 | + | |
1459 | +Also, dynamic locks are currently not used internally by OpenSSL, but | |
1460 | +may do so in the future. | |
1461 | + | |
1462 | +Defining id_function(void) has it's own issues. Generally speaking, | |
1463 | +pthread_self() should be used, even on platforms where getpid() gives | |
1464 | +different answers in each thread, since that may depend on the machine | |
1465 | +the program is run on, not the machine where the program is being | |
1466 | +compiled. For instance, Red Hat 8 Linux and earlier used | |
1467 | +LinuxThreads, whose getpid() returns a different value for each | |
1468 | +thread. Red Hat 9 Linux and later use NPTL, which is | |
1469 | +Posix-conformant, and has a getpid() that returns the same value for | |
1470 | +all threads in a process. A program compiled on Red Hat 8 and run on | |
1471 | +Red Hat 9 will therefore see getpid() returning the same value for | |
1472 | +all threads. | |
1473 | + | |
1474 | +There is still the issue of platforms where pthread_self() returns | |
1475 | +something other than an integer. This is a bit unusual, and this | |
1476 | +manual has no cookbook solution for that case. | |
1477 | + | |
1478 | +=head1 EXAMPLES | |
1479 | + | |
1480 | +B<crypto/threads/mttest.c> shows examples of the callback functions on | |
1481 | +Solaris, Irix and Win32. | |
1482 | + | |
1483 | +=head1 HISTORY | |
1484 | + | |
1485 | +CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() are | |
1486 | +available in all versions of SSLeay and OpenSSL. | |
1487 | +CRYPTO_num_locks() was added in OpenSSL 0.9.4. | |
1488 | +All functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev. | |
1489 | + | |
1490 | +=head1 SEE ALSO | |
1491 | + | |
1492 | +L<crypto(3)|crypto(3)> | |
1493 | + | |
1494 | +=cut | |
1495 | diff -Naur openssl-0.9.8a.orig/doc/crypto/rand.pod openssl-0.9.8a/doc/crypto/rand.pod | |
1496 | --- openssl-0.9.8a.orig/doc/crypto/rand.pod 2002-08-05 16:27:01.000000000 +0000 | |
1497 | +++ openssl-0.9.8a/doc/crypto/rand.pod 1970-01-01 00:00:00.000000000 +0000 | |
1498 | @@ -1,175 +0,0 @@ | |
1499 | -=pod | |
1500 | - | |
1501 | -=head1 NAME | |
1502 | - | |
1503 | -rand - pseudo-random number generator | |
1504 | - | |
1505 | -=head1 SYNOPSIS | |
1506 | - | |
1507 | - #include <openssl/rand.h> | |
1508 | - | |
1509 | - int RAND_set_rand_engine(ENGINE *engine); | |
1510 | - | |
1511 | - int RAND_bytes(unsigned char *buf, int num); | |
1512 | - int RAND_pseudo_bytes(unsigned char *buf, int num); | |
1513 | - | |
1514 | - void RAND_seed(const void *buf, int num); | |
1515 | - void RAND_add(const void *buf, int num, int entropy); | |
1516 | - int RAND_status(void); | |
1517 | - | |
1518 | - int RAND_load_file(const char *file, long max_bytes); | |
1519 | - int RAND_write_file(const char *file); | |
1520 | - const char *RAND_file_name(char *file, size_t num); | |
1521 | - | |
1522 | - int RAND_egd(const char *path); | |
1523 | - | |
1524 | - void RAND_set_rand_method(const RAND_METHOD *meth); | |
1525 | - const RAND_METHOD *RAND_get_rand_method(void); | |
1526 | - RAND_METHOD *RAND_SSLeay(void); | |
1527 | - | |
1528 | - void RAND_cleanup(void); | |
1529 | - | |
1530 | - /* For Win32 only */ | |
1531 | - void RAND_screen(void); | |
1532 | - int RAND_event(UINT, WPARAM, LPARAM); | |
1533 | - | |
1534 | -=head1 DESCRIPTION | |
1535 | - | |
1536 | -Since the introduction of the ENGINE API, the recommended way of controlling | |
1537 | -default implementations is by using the ENGINE API functions. The default | |
1538 | -B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by | |
1539 | -RAND_get_rand_method(), is only used if no ENGINE has been set as the default | |
1540 | -"rand" implementation. Hence, these two functions are no longer the recommened | |
1541 | -way to control defaults. | |
1542 | - | |
1543 | -If an alternative B<RAND_METHOD> implementation is being used (either set | |
1544 | -directly or as provided by an ENGINE module), then it is entirely responsible | |
1545 | -for the generation and management of a cryptographically secure PRNG stream. The | |
1546 | -mechanisms described below relate solely to the software PRNG implementation | |
1547 | -built in to OpenSSL and used by default. | |
1548 | - | |
1549 | -These functions implement a cryptographically secure pseudo-random | |
1550 | -number generator (PRNG). It is used by other library functions for | |
1551 | -example to generate random keys, and applications can use it when they | |
1552 | -need randomness. | |
1553 | - | |
1554 | -A cryptographic PRNG must be seeded with unpredictable data such as | |
1555 | -mouse movements or keys pressed at random by the user. This is | |
1556 | -described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file | |
1557 | -(see L<RAND_load_file(3)|RAND_load_file(3)>) to avoid having to go through the | |
1558 | -seeding process whenever the application is started. | |
1559 | - | |
1560 | -L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the | |
1561 | -PRNG. | |
1562 | - | |
1563 | -=head1 INTERNALS | |
1564 | - | |
1565 | -The RAND_SSLeay() method implements a PRNG based on a cryptographic | |
1566 | -hash function. | |
1567 | - | |
1568 | -The following description of its design is based on the SSLeay | |
1569 | -documentation: | |
1570 | - | |
1571 | -First up I will state the things I believe I need for a good RNG. | |
1572 | - | |
1573 | -=over 4 | |
1574 | - | |
1575 | -=item 1 | |
1576 | - | |
1577 | -A good hashing algorithm to mix things up and to convert the RNG 'state' | |
1578 | -to random numbers. | |
1579 | - | |
1580 | -=item 2 | |
1581 | - | |
1582 | -An initial source of random 'state'. | |
1583 | - | |
1584 | -=item 3 | |
1585 | - | |
1586 | -The state should be very large. If the RNG is being used to generate | |
1587 | -4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum). | |
1588 | -If your RNG state only has 128 bits, you are obviously limiting the | |
1589 | -search space to 128 bits, not 2048. I'm probably getting a little | |
1590 | -carried away on this last point but it does indicate that it may not be | |
1591 | -a bad idea to keep quite a lot of RNG state. It should be easier to | |
1592 | -break a cipher than guess the RNG seed data. | |
1593 | - | |
1594 | -=item 4 | |
1595 | - | |
1596 | -Any RNG seed data should influence all subsequent random numbers | |
1597 | -generated. This implies that any random seed data entered will have | |
1598 | -an influence on all subsequent random numbers generated. | |
1599 | - | |
1600 | -=item 5 | |
1601 | - | |
1602 | -When using data to seed the RNG state, the data used should not be | |
1603 | -extractable from the RNG state. I believe this should be a | |
1604 | -requirement because one possible source of 'secret' semi random | |
1605 | -data would be a private key or a password. This data must | |
1606 | -not be disclosed by either subsequent random numbers or a | |
1607 | -'core' dump left by a program crash. | |
1608 | - | |
1609 | -=item 6 | |
1610 | - | |
1611 | -Given the same initial 'state', 2 systems should deviate in their RNG state | |
1612 | -(and hence the random numbers generated) over time if at all possible. | |
1613 | - | |
1614 | -=item 7 | |
1615 | - | |
1616 | -Given the random number output stream, it should not be possible to determine | |
1617 | -the RNG state or the next random number. | |
1618 | - | |
1619 | -=back | |
1620 | - | |
1621 | -The algorithm is as follows. | |
1622 | - | |
1623 | -There is global state made up of a 1023 byte buffer (the 'state'), a | |
1624 | -working hash value ('md'), and a counter ('count'). | |
1625 | - | |
1626 | -Whenever seed data is added, it is inserted into the 'state' as | |
1627 | -follows. | |
1628 | - | |
1629 | -The input is chopped up into units of 20 bytes (or less for | |
1630 | -the last block). Each of these blocks is run through the hash | |
1631 | -function as follows: The data passed to the hash function | |
1632 | -is the current 'md', the same number of bytes from the 'state' | |
1633 | -(the location determined by in incremented looping index) as | |
1634 | -the current 'block', the new key data 'block', and 'count' | |
1635 | -(which is incremented after each use). | |
1636 | -The result of this is kept in 'md' and also xored into the | |
1637 | -'state' at the same locations that were used as input into the | |
1638 | -hash function. I | |
1639 | -believe this system addresses points 1 (hash function; currently | |
1640 | -SHA-1), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash | |
1641 | -function and xor). | |
1642 | - | |
1643 | -When bytes are extracted from the RNG, the following process is used. | |
1644 | -For each group of 10 bytes (or less), we do the following: | |
1645 | - | |
1646 | -Input into the hash function the local 'md' (which is initialized from | |
1647 | -the global 'md' before any bytes are generated), the bytes that are to | |
1648 | -be overwritten by the random bytes, and bytes from the 'state' | |
1649 | -(incrementing looping index). From this digest output (which is kept | |
1650 | -in 'md'), the top (up to) 10 bytes are returned to the caller and the | |
1651 | -bottom 10 bytes are xored into the 'state'. | |
1652 | - | |
1653 | -Finally, after we have finished 'num' random bytes for the caller, | |
1654 | -'count' (which is incremented) and the local and global 'md' are fed | |
1655 | -into the hash function and the results are kept in the global 'md'. | |
1656 | - | |
1657 | -I believe the above addressed points 1 (use of SHA-1), 6 (by hashing | |
1658 | -into the 'state' the 'old' data from the caller that is about to be | |
1659 | -overwritten) and 7 (by not using the 10 bytes given to the caller to | |
1660 | -update the 'state', but they are used to update 'md'). | |
1661 | - | |
1662 | -So of the points raised, only 2 is not addressed (but see | |
1663 | -L<RAND_add(3)|RAND_add(3)>). | |
1664 | - | |
1665 | -=head1 SEE ALSO | |
1666 | - | |
1667 | -L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>, | |
1668 | -L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_egd(3)|RAND_egd(3)>, | |
1669 | -L<RAND_bytes(3)|RAND_bytes(3)>, | |
1670 | -L<RAND_set_rand_method(3)|RAND_set_rand_method(3)>, | |
1671 | -L<RAND_cleanup(3)|RAND_cleanup(3)> | |
1672 | - | |
1673 | -=cut | |
1674 | diff -Naur openssl-0.9.8a.orig/doc/crypto/rsa.pod openssl-0.9.8a/doc/crypto/rsa.pod | |
1675 | --- openssl-0.9.8a.orig/doc/crypto/rsa.pod 2002-08-04 21:08:36.000000000 +0000 | |
1676 | +++ openssl-0.9.8a/doc/crypto/rsa.pod 2005-11-14 03:59:59.000000000 +0000 | |
1677 | @@ -108,7 +108,7 @@ | |
1678 | =head1 SEE ALSO | |
1679 | ||
1680 | L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, | |
1681 | -L<rand(3)|rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>, | |
1682 | +L<openssl_rand(3)|openssl_rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>, | |
1683 | L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>, | |
1684 | L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>, | |
1685 | L<RSA_generate_key(3)|RSA_generate_key(3)>, | |
1686 | diff -Naur openssl-0.9.8a.orig/doc/crypto/threads.pod openssl-0.9.8a/doc/crypto/threads.pod | |
1687 | --- openssl-0.9.8a.orig/doc/crypto/threads.pod 2005-06-18 05:52:23.000000000 +0000 | |
1688 | +++ openssl-0.9.8a/doc/crypto/threads.pod 1970-01-01 00:00:00.000000000 +0000 | |
1689 | @@ -1,175 +0,0 @@ | |
1690 | -=pod | |
1691 | - | |
1692 | -=head1 NAME | |
1693 | - | |
1694 | -CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks, | |
1695 | -CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback, | |
1696 | -CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid, | |
1697 | -CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support | |
1698 | - | |
1699 | -=head1 SYNOPSIS | |
1700 | - | |
1701 | - #include <openssl/crypto.h> | |
1702 | - | |
1703 | - void CRYPTO_set_locking_callback(void (*locking_function)(int mode, | |
1704 | - int n, const char *file, int line)); | |
1705 | - | |
1706 | - void CRYPTO_set_id_callback(unsigned long (*id_function)(void)); | |
1707 | - | |
1708 | - int CRYPTO_num_locks(void); | |
1709 | - | |
1710 | - | |
1711 | - /* struct CRYPTO_dynlock_value needs to be defined by the user */ | |
1712 | - struct CRYPTO_dynlock_value; | |
1713 | - | |
1714 | - void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value * | |
1715 | - (*dyn_create_function)(char *file, int line)); | |
1716 | - void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function) | |
1717 | - (int mode, struct CRYPTO_dynlock_value *l, | |
1718 | - const char *file, int line)); | |
1719 | - void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function) | |
1720 | - (struct CRYPTO_dynlock_value *l, const char *file, int line)); | |
1721 | - | |
1722 | - int CRYPTO_get_new_dynlockid(void); | |
1723 | - | |
1724 | - void CRYPTO_destroy_dynlockid(int i); | |
1725 | - | |
1726 | - void CRYPTO_lock(int mode, int n, const char *file, int line); | |
1727 | - | |
1728 | - #define CRYPTO_w_lock(type) \ | |
1729 | - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) | |
1730 | - #define CRYPTO_w_unlock(type) \ | |
1731 | - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) | |
1732 | - #define CRYPTO_r_lock(type) \ | |
1733 | - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) | |
1734 | - #define CRYPTO_r_unlock(type) \ | |
1735 | - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) | |
1736 | - #define CRYPTO_add(addr,amount,type) \ | |
1737 | - CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) | |
1738 | - | |
1739 | -=head1 DESCRIPTION | |
1740 | - | |
1741 | -OpenSSL can safely be used in multi-threaded applications provided | |
1742 | -that at least two callback functions are set. | |
1743 | - | |
1744 | -locking_function(int mode, int n, const char *file, int line) is | |
1745 | -needed to perform locking on shared data structures. | |
1746 | -(Note that OpenSSL uses a number of global data structures that | |
1747 | -will be implicitly shared whenever multiple threads use OpenSSL.) | |
1748 | -Multi-threaded applications will crash at random if it is not set. | |
1749 | - | |
1750 | -locking_function() must be able to handle up to CRYPTO_num_locks() | |
1751 | -different mutex locks. It sets the B<n>-th lock if B<mode> & | |
1752 | -B<CRYPTO_LOCK>, and releases it otherwise. | |
1753 | - | |
1754 | -B<file> and B<line> are the file number of the function setting the | |
1755 | -lock. They can be useful for debugging. | |
1756 | - | |
1757 | -id_function(void) is a function that returns a thread ID, for example | |
1758 | -pthread_self() if it returns an integer (see NOTES below). It isn't | |
1759 | -needed on Windows nor on platforms where getpid() returns a different | |
1760 | -ID for each thread (see NOTES below). | |
1761 | - | |
1762 | -Additionally, OpenSSL supports dynamic locks, and sometimes, some parts | |
1763 | -of OpenSSL need it for better performance. To enable this, the following | |
1764 | -is required: | |
1765 | - | |
1766 | -=over 4 | |
1767 | - | |
1768 | -=item * | |
1769 | -Three additional callback function, dyn_create_function, dyn_lock_function | |
1770 | -and dyn_destroy_function. | |
1771 | - | |
1772 | -=item * | |
1773 | -A structure defined with the data that each lock needs to handle. | |
1774 | - | |
1775 | -=back | |
1776 | - | |
1777 | -struct CRYPTO_dynlock_value has to be defined to contain whatever structure | |
1778 | -is needed to handle locks. | |
1779 | - | |
1780 | -dyn_create_function(const char *file, int line) is needed to create a | |
1781 | -lock. Multi-threaded applications might crash at random if it is not set. | |
1782 | - | |
1783 | -dyn_lock_function(int mode, CRYPTO_dynlock *l, const char *file, int line) | |
1784 | -is needed to perform locking off dynamic lock numbered n. Multi-threaded | |
1785 | -applications might crash at random if it is not set. | |
1786 | - | |
1787 | -dyn_destroy_function(CRYPTO_dynlock *l, const char *file, int line) is | |
1788 | -needed to destroy the lock l. Multi-threaded applications might crash at | |
1789 | -random if it is not set. | |
1790 | - | |
1791 | -CRYPTO_get_new_dynlockid() is used to create locks. It will call | |
1792 | -dyn_create_function for the actual creation. | |
1793 | - | |
1794 | -CRYPTO_destroy_dynlockid() is used to destroy locks. It will call | |
1795 | -dyn_destroy_function for the actual destruction. | |
1796 | - | |
1797 | -CRYPTO_lock() is used to lock and unlock the locks. mode is a bitfield | |
1798 | -describing what should be done with the lock. n is the number of the | |
1799 | -lock as returned from CRYPTO_get_new_dynlockid(). mode can be combined | |
1800 | -from the following values. These values are pairwise exclusive, with | |
1801 | -undefined behaviour if misused (for example, CRYPTO_READ and CRYPTO_WRITE | |
1802 | -should not be used together): | |
1803 | - | |
1804 | - CRYPTO_LOCK 0x01 | |
1805 | - CRYPTO_UNLOCK 0x02 | |
1806 | - CRYPTO_READ 0x04 | |
1807 | - CRYPTO_WRITE 0x08 | |
1808 | - | |
1809 | -=head1 RETURN VALUES | |
1810 | - | |
1811 | -CRYPTO_num_locks() returns the required number of locks. | |
1812 | - | |
1813 | -CRYPTO_get_new_dynlockid() returns the index to the newly created lock. | |
1814 | - | |
1815 | -The other functions return no values. | |
1816 | - | |
1817 | -=head1 NOTES | |
1818 | - | |
1819 | -You can find out if OpenSSL was configured with thread support: | |
1820 | - | |
1821 | - #define OPENSSL_THREAD_DEFINES | |
1822 | - #include <openssl/opensslconf.h> | |
1823 | - #if defined(OPENSSL_THREADS) | |
1824 | - // thread support enabled | |
1825 | - #else | |
1826 | - // no thread support | |
1827 | - #endif | |
1828 | - | |
1829 | -Also, dynamic locks are currently not used internally by OpenSSL, but | |
1830 | -may do so in the future. | |
1831 | - | |
1832 | -Defining id_function(void) has it's own issues. Generally speaking, | |
1833 | -pthread_self() should be used, even on platforms where getpid() gives | |
1834 | -different answers in each thread, since that may depend on the machine | |
1835 | -the program is run on, not the machine where the program is being | |
1836 | -compiled. For instance, Red Hat 8 Linux and earlier used | |
1837 | -LinuxThreads, whose getpid() returns a different value for each | |
1838 | -thread. Red Hat 9 Linux and later use NPTL, which is | |
1839 | -Posix-conformant, and has a getpid() that returns the same value for | |
1840 | -all threads in a process. A program compiled on Red Hat 8 and run on | |
1841 | -Red Hat 9 will therefore see getpid() returning the same value for | |
1842 | -all threads. | |
1843 | - | |
1844 | -There is still the issue of platforms where pthread_self() returns | |
1845 | -something other than an integer. This is a bit unusual, and this | |
1846 | -manual has no cookbook solution for that case. | |
1847 | - | |
1848 | -=head1 EXAMPLES | |
1849 | - | |
1850 | -B<crypto/threads/mttest.c> shows examples of the callback functions on | |
1851 | -Solaris, Irix and Win32. | |
1852 | - | |
1853 | -=head1 HISTORY | |
1854 | - | |
1855 | -CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() are | |
1856 | -available in all versions of SSLeay and OpenSSL. | |
1857 | -CRYPTO_num_locks() was added in OpenSSL 0.9.4. | |
1858 | -All functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev. | |
1859 | - | |
1860 | -=head1 SEE ALSO | |
1861 | - | |
1862 | -L<crypto(3)|crypto(3)> | |
1863 | - | |
1864 | -=cut | |
1865 | diff -Naur openssl-0.9.8a.orig/doc/ssl/SSL_get_error.pod openssl-0.9.8a/doc/ssl/SSL_get_error.pod | |
1866 | --- openssl-0.9.8a.orig/doc/ssl/SSL_get_error.pod 2005-03-30 11:50:14.000000000 +0000 | |
1867 | +++ openssl-0.9.8a/doc/ssl/SSL_get_error.pod 2005-11-14 03:59:59.000000000 +0000 | |
1868 | @@ -105,7 +105,7 @@ | |
1869 | ||
1870 | =head1 SEE ALSO | |
1871 | ||
1872 | -L<ssl(3)|ssl(3)>, L<err(3)|err(3)> | |
1873 | +L<ssl(3)|ssl(3)>, L<openssl_err(3)|openssl_err(3)> | |
1874 | ||
1875 | =head1 HISTORY | |
1876 | ||
1877 | diff -Naur openssl-0.9.8a.orig/doc/ssl/SSL_want.pod openssl-0.9.8a/doc/ssl/SSL_want.pod | |
1878 | --- openssl-0.9.8a.orig/doc/ssl/SSL_want.pod 2005-03-30 11:50:14.000000000 +0000 | |
1879 | +++ openssl-0.9.8a/doc/ssl/SSL_want.pod 2005-11-14 03:59:59.000000000 +0000 | |
1880 | @@ -72,6 +72,6 @@ | |
1881 | ||
1882 | =head1 SEE ALSO | |
1883 | ||
1884 | -L<ssl(3)|ssl(3)>, L<err(3)|err(3)>, L<SSL_get_error(3)|SSL_get_error(3)> | |
1885 | +L<ssl(3)|ssl(3)>, L<openssl_err(3)|openssl_err(3)>, L<SSL_get_error(3)|SSL_get_error(3)> | |
1886 | ||
1887 | =cut |