--- /dev/null
+Submitted By: Robert Connolly <robert at linuxfromscratch dot org>
+Date: 2005-11-13
+Initial Package Version: 0.9.8a
+Upstream Status: Submitted upstream
+Origin: Anderson Lizardo
+Description: This patch fixes conflicts between man pages
+ installed by OpenSSL and those found on other
+ packages (particulary Shadow, Perl, and
+ Man-pages). It also fixes syntax errors on some
+ POD files that generates slightly broken man
+ pages.
+
+$LastChangedBy: igor $
+$Date: 2005-04-03 16:54:23 -0600 (Sun, 03 Apr 2005) $
+
+--- openssl-0.9.8a.orig/FAQ 2006-09-11 08:56:58.000000000 -0500
++++ openssl-0.9.8a/FAQ 2006-09-11 08:57:19.000000000 -0500
+@@ -680,7 +680,7 @@
+
+ Multi-threaded applications must provide two callback functions to
+ OpenSSL by calling CRYPTO_set_locking_callback() and
+-CRYPTO_set_id_callback(). This is described in the threads(3)
++CRYPTO_set_id_callback(). This is described in the openssl_threads(3)
+ manpage.
+
+ * I've compiled a program under Windows and it crashes: why?
+diff -Naur openssl-0.9.8a.orig/crypto/rand/md_rand.c openssl-0.9.8a/crypto/rand/md_rand.c
+--- openssl-0.9.8a.orig/crypto/rand/md_rand.c 2005-04-07 22:53:35.000000000 +0000
++++ openssl-0.9.8a/crypto/rand/md_rand.c 2005-11-14 03:59:59.000000000 +0000
+@@ -196,7 +196,7 @@
+ int do_not_lock;
+
+ /*
+- * (Based on the rand(3) manpage)
++ * (Based on the openssl_rand(3) manpage)
+ *
+ * The input is chopped up into units of 20 bytes (or less for
+ * the last block). Each of these blocks is run through the hash
+@@ -351,7 +351,7 @@
+ num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2);
+
+ /*
+- * (Based on the rand(3) manpage:)
++ * (Based on the openssl_rand(3) manpage)
+ *
+ * For each group of 10 bytes (or less), we do the following:
+ *
+diff -Naur openssl-0.9.8a.orig/doc/apps/openssl-passwd.pod openssl-0.9.8a/doc/apps/openssl-passwd.pod
+--- openssl-0.9.8a.orig/doc/apps/openssl-passwd.pod 1970-01-01 00:00:00.000000000 +0000
++++ openssl-0.9.8a/doc/apps/openssl-passwd.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -0,0 +1,82 @@
++=pod
++
++=head1 NAME
++
++openssl-passwd - compute password hashes
++
++=head1 SYNOPSIS
++
++B<openssl passwd>
++[B<-crypt>]
++[B<-1>]
++[B<-apr1>]
++[B<-salt> I<string>]
++[B<-in> I<file>]
++[B<-stdin>]
++[B<-noverify>]
++[B<-quiet>]
++[B<-table>]
++{I<password>}
++
++=head1 DESCRIPTION
++
++The B<passwd> command computes the hash of a password typed at
++run-time or the hash of each password in a list. The password list is
++taken from the named file for option B<-in file>, from stdin for
++option B<-stdin>, or from the command line, or from the terminal otherwise.
++The Unix standard algorithm B<crypt> and the MD5-based BSD password
++algorithm B<1> and its Apache variant B<apr1> are available.
++
++=head1 OPTIONS
++
++=over 4
++
++=item B<-crypt>
++
++Use the B<crypt> algorithm (default).
++
++=item B<-1>
++
++Use the MD5 based BSD password algorithm B<1>.
++
++=item B<-apr1>
++
++Use the B<apr1> algorithm (Apache variant of the BSD algorithm).
++
++=item B<-salt> I<string>
++
++Use the specified salt.
++When reading a password from the terminal, this implies B<-noverify>.
++
++=item B<-in> I<file>
++
++Read passwords from I<file>.
++
++=item B<-stdin>
++
++Read passwords from B<stdin>.
++
++=item B<-noverify>
++
++Don't verify when reading a password from the terminal.
++
++=item B<-quiet>
++
++Don't output warnings when passwords given at the command line are truncated.
++
++=item B<-table>
++
++In the output list, prepend the cleartext password and a TAB character
++to each password hash.
++
++=back
++
++=head1 EXAMPLES
++
++B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.
++
++B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>.
++
++B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
++
++=cut
+diff -Naur openssl-0.9.8a.orig/doc/apps/openssl.pod openssl-0.9.8a/doc/apps/openssl.pod
+--- openssl-0.9.8a.orig/doc/apps/openssl.pod 2004-01-04 18:59:14.000000000 +0000
++++ openssl-0.9.8a/doc/apps/openssl.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -125,7 +125,7 @@
+
+ Online Certificate Status Protocol utility.
+
+-=item L<B<passwd>|passwd(1)>
++=item L<B<passwd>|openssl-passwd(1)>
+
+ Generation of hashed passwords.
+
+@@ -325,7 +325,7 @@
+ L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>,
+ L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>,
+ L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>,
+-L<passwd(1)|passwd(1)>,
++L<openssl-passwd(1)|openssl-passwd(1)>,
+ L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
+ L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
+ L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
+diff -Naur openssl-0.9.8a.orig/doc/apps/passwd.pod openssl-0.9.8a/doc/apps/passwd.pod
+--- openssl-0.9.8a.orig/doc/apps/passwd.pod 2002-10-04 12:59:00.000000000 +0000
++++ openssl-0.9.8a/doc/apps/passwd.pod 1970-01-01 00:00:00.000000000 +0000
+@@ -1,82 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-passwd - compute password hashes
+-
+-=head1 SYNOPSIS
+-
+-B<openssl passwd>
+-[B<-crypt>]
+-[B<-1>]
+-[B<-apr1>]
+-[B<-salt> I<string>]
+-[B<-in> I<file>]
+-[B<-stdin>]
+-[B<-noverify>]
+-[B<-quiet>]
+-[B<-table>]
+-{I<password>}
+-
+-=head1 DESCRIPTION
+-
+-The B<passwd> command computes the hash of a password typed at
+-run-time or the hash of each password in a list. The password list is
+-taken from the named file for option B<-in file>, from stdin for
+-option B<-stdin>, or from the command line, or from the terminal otherwise.
+-The Unix standard algorithm B<crypt> and the MD5-based BSD password
+-algorithm B<1> and its Apache variant B<apr1> are available.
+-
+-=head1 OPTIONS
+-
+-=over 4
+-
+-=item B<-crypt>
+-
+-Use the B<crypt> algorithm (default).
+-
+-=item B<-1>
+-
+-Use the MD5 based BSD password algorithm B<1>.
+-
+-=item B<-apr1>
+-
+-Use the B<apr1> algorithm (Apache variant of the BSD algorithm).
+-
+-=item B<-salt> I<string>
+-
+-Use the specified salt.
+-When reading a password from the terminal, this implies B<-noverify>.
+-
+-=item B<-in> I<file>
+-
+-Read passwords from I<file>.
+-
+-=item B<-stdin>
+-
+-Read passwords from B<stdin>.
+-
+-=item B<-noverify>
+-
+-Don't verify when reading a password from the terminal.
+-
+-=item B<-quiet>
+-
+-Don't output warnings when passwords given at the command line are truncated.
+-
+-=item B<-table>
+-
+-In the output list, prepend the cleartext password and a TAB character
+-to each password hash.
+-
+-=back
+-
+-=head1 EXAMPLES
+-
+-B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.
+-
+-B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>.
+-
+-B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
+-
+-=cut
+diff -Naur openssl-0.9.8a.orig/doc/crypto/BN_generate_prime.pod openssl-0.9.8a/doc/crypto/BN_generate_prime.pod
+--- openssl-0.9.8a.orig/doc/crypto/BN_generate_prime.pod 2003-01-13 13:18:22.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/BN_generate_prime.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -90,7 +90,7 @@
+
+ =head1 SEE ALSO
+
+-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>
++L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>
+
+ =head1 HISTORY
+
+diff -Naur openssl-0.9.8a.orig/doc/crypto/BN_rand.pod openssl-0.9.8a/doc/crypto/BN_rand.pod
+--- openssl-0.9.8a.orig/doc/crypto/BN_rand.pod 2002-09-25 13:33:26.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/BN_rand.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -45,7 +45,7 @@
+
+ =head1 SEE ALSO
+
+-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
++L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>,
+ L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)>
+
+ =head1 HISTORY
+diff -Naur openssl-0.9.8a.orig/doc/crypto/CONF_modules_free.pod openssl-0.9.8a/doc/crypto/CONF_modules_free.pod
+--- openssl-0.9.8a.orig/doc/crypto/CONF_modules_free.pod 2004-03-02 13:31:32.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/CONF_modules_free.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -37,7 +37,7 @@
+ =head1 SEE ALSO
+
+ L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>,
+-L<CONF_modules_load_file(3), CONF_modules_load_file(3)>
++L<CONF_modules_load_file(3)|CONF_modules_load_file(3)>
+
+ =head1 HISTORY
+
+diff -Naur openssl-0.9.8a.orig/doc/crypto/CONF_modules_load_file.pod openssl-0.9.8a/doc/crypto/CONF_modules_load_file.pod
+--- openssl-0.9.8a.orig/doc/crypto/CONF_modules_load_file.pod 2004-03-02 13:31:32.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/CONF_modules_load_file.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -51,7 +51,7 @@
+ =head1 SEE ALSO
+
+ L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>,
+-L<CONF_free(3), CONF_free(3)>, L<err(3),err(3)>
++L<CONF_free(3)|CONF_free(3)>, L<openssl_err(3)|openssl_err(3)>
+
+ =head1 HISTORY
+
+diff -Naur openssl-0.9.8a.orig/doc/crypto/DH_generate_key.pod openssl-0.9.8a/doc/crypto/DH_generate_key.pod
+--- openssl-0.9.8a.orig/doc/crypto/DH_generate_key.pod 2002-09-25 13:33:27.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/DH_generate_key.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -40,7 +40,7 @@
+
+ =head1 SEE ALSO
+
+-L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
++L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<DH_size(3)|DH_size(3)>
+
+ =head1 HISTORY
+
+diff -Naur openssl-0.9.8a.orig/doc/crypto/DH_generate_parameters.pod openssl-0.9.8a/doc/crypto/DH_generate_parameters.pod
+--- openssl-0.9.8a.orig/doc/crypto/DH_generate_parameters.pod 2002-09-25 13:33:27.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/DH_generate_parameters.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -59,7 +59,7 @@
+
+ =head1 SEE ALSO
+
+-L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
++L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>,
+ L<DH_free(3)|DH_free(3)>
+
+ =head1 HISTORY
+diff -Naur openssl-0.9.8a.orig/doc/crypto/DSA_do_sign.pod openssl-0.9.8a/doc/crypto/DSA_do_sign.pod
+--- openssl-0.9.8a.orig/doc/crypto/DSA_do_sign.pod 2002-09-25 13:33:27.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/DSA_do_sign.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -36,7 +36,7 @@
+
+ =head1 SEE ALSO
+
+-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
++L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>,
+ L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
+ L<DSA_sign(3)|DSA_sign(3)>
+
+diff -Naur openssl-0.9.8a.orig/doc/crypto/DSA_generate_key.pod openssl-0.9.8a/doc/crypto/DSA_generate_key.pod
+--- openssl-0.9.8a.orig/doc/crypto/DSA_generate_key.pod 2002-09-25 13:33:27.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/DSA_generate_key.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -24,7 +24,7 @@
+
+ =head1 SEE ALSO
+
+-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
++L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>,
+ L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
+
+ =head1 HISTORY
+diff -Naur openssl-0.9.8a.orig/doc/crypto/DSA_generate_parameters.pod openssl-0.9.8a/doc/crypto/DSA_generate_parameters.pod
+--- openssl-0.9.8a.orig/doc/crypto/DSA_generate_parameters.pod 2002-09-25 13:33:27.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/DSA_generate_parameters.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -90,7 +90,7 @@
+
+ =head1 SEE ALSO
+
+-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
++L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>,
+ L<DSA_free(3)|DSA_free(3)>
+
+ =head1 HISTORY
+diff -Naur openssl-0.9.8a.orig/doc/crypto/DSA_sign.pod openssl-0.9.8a/doc/crypto/DSA_sign.pod
+--- openssl-0.9.8a.orig/doc/crypto/DSA_sign.pod 2002-09-25 13:33:27.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/DSA_sign.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -55,7 +55,7 @@
+
+ =head1 SEE ALSO
+
+-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
++L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>,
+ L<DSA_do_sign(3)|DSA_do_sign(3)>
+
+ =head1 HISTORY
+diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_GET_LIB.pod openssl-0.9.8a/doc/crypto/ERR_GET_LIB.pod
+--- openssl-0.9.8a.orig/doc/crypto/ERR_GET_LIB.pod 2000-02-01 01:36:58.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/ERR_GET_LIB.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -41,7 +41,7 @@
+
+ =head1 SEE ALSO
+
+-L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
++L<openssl_err(3)|openssl_err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+
+ =head1 HISTORY
+
+diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_clear_error.pod openssl-0.9.8a/doc/crypto/ERR_clear_error.pod
+--- openssl-0.9.8a.orig/doc/crypto/ERR_clear_error.pod 2000-02-01 01:36:58.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/ERR_clear_error.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -20,7 +20,7 @@
+
+ =head1 SEE ALSO
+
+-L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
++L<openssl_err(3)|openssl_err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+
+ =head1 HISTORY
+
+diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_error_string.pod openssl-0.9.8a/doc/crypto/ERR_error_string.pod
+--- openssl-0.9.8a.orig/doc/crypto/ERR_error_string.pod 2004-11-14 15:11:37.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/ERR_error_string.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -60,7 +60,7 @@
+
+ =head1 SEE ALSO
+
+-L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
++L<openssl_err(3)|openssl_err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+ L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>,
+ L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
+ L<ERR_print_errors(3)|ERR_print_errors(3)>
+diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_get_error.pod openssl-0.9.8a/doc/crypto/ERR_get_error.pod
+--- openssl-0.9.8a.orig/doc/crypto/ERR_get_error.pod 2002-11-29 14:21:54.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/ERR_get_error.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -61,7 +61,7 @@
+
+ =head1 SEE ALSO
+
+-L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>,
++L<openssl_err(3)|openssl_err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>,
+ L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>
+
+ =head1 HISTORY
+diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_load_crypto_strings.pod openssl-0.9.8a/doc/crypto/ERR_load_crypto_strings.pod
+--- openssl-0.9.8a.orig/doc/crypto/ERR_load_crypto_strings.pod 2000-02-24 11:55:08.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/ERR_load_crypto_strings.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -35,7 +35,7 @@
+
+ =head1 SEE ALSO
+
+-L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>
++L<openssl_err(3)|openssl_err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>
+
+ =head1 HISTORY
+
+diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_load_strings.pod openssl-0.9.8a/doc/crypto/ERR_load_strings.pod
+--- openssl-0.9.8a.orig/doc/crypto/ERR_load_strings.pod 2000-02-24 11:55:08.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/ERR_load_strings.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -43,7 +43,7 @@
+
+ =head1 SEE ALSO
+
+-L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)>
++L<openssl_err(3)|openssl_err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)>
+
+ =head1 HISTORY
+
+diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_print_errors.pod openssl-0.9.8a/doc/crypto/ERR_print_errors.pod
+--- openssl-0.9.8a.orig/doc/crypto/ERR_print_errors.pod 2000-02-01 01:36:59.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/ERR_print_errors.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -38,7 +38,7 @@
+
+ =head1 SEE ALSO
+
+-L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>,
++L<openssl_err(3)|openssl_err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>,
+ L<ERR_get_error(3)|ERR_get_error(3)>,
+ L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>,
+ L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
+diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_put_error.pod openssl-0.9.8a/doc/crypto/ERR_put_error.pod
+--- openssl-0.9.8a.orig/doc/crypto/ERR_put_error.pod 2000-02-24 11:55:08.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/ERR_put_error.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -34,7 +34,7 @@
+
+ =head1 SEE ALSO
+
+-L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)>
++L<openssl_err(3)|openssl_err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)>
+
+ =head1 HISTORY
+
+diff -Naur openssl-0.9.8a.orig/doc/crypto/ERR_remove_state.pod openssl-0.9.8a/doc/crypto/ERR_remove_state.pod
+--- openssl-0.9.8a.orig/doc/crypto/ERR_remove_state.pod 2000-05-19 07:54:42.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/ERR_remove_state.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -25,7 +25,7 @@
+
+ =head1 SEE ALSO
+
+-L<err(3)|err(3)>
++L<openssl_err(3)|openssl_err(3)>
+
+ =head1 HISTORY
+
+diff -Naur openssl-0.9.8a.orig/doc/crypto/EVP_BytesToKey.pod openssl-0.9.8a/doc/crypto/EVP_BytesToKey.pod
+--- openssl-0.9.8a.orig/doc/crypto/EVP_BytesToKey.pod 2004-11-25 17:47:30.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/EVP_BytesToKey.pod 2005-11-14 04:00:45.000000000 +0000
+@@ -59,7 +59,7 @@
+
+ =head1 SEE ALSO
+
+-L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
++L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)>,
+ L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>
+
+ =head1 HISTORY
+diff -Naur openssl-0.9.8a.orig/doc/crypto/EVP_OpenInit.pod openssl-0.9.8a/doc/crypto/EVP_OpenInit.pod
+--- openssl-0.9.8a.orig/doc/crypto/EVP_OpenInit.pod 2000-09-23 07:16:14.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/EVP_OpenInit.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -54,7 +54,7 @@
+
+ =head1 SEE ALSO
+
+-L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
++L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)>,
+ L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
+ L<EVP_SealInit(3)|EVP_SealInit(3)>
+
+diff -Naur openssl-0.9.8a.orig/doc/crypto/EVP_SealInit.pod openssl-0.9.8a/doc/crypto/EVP_SealInit.pod
+--- openssl-0.9.8a.orig/doc/crypto/EVP_SealInit.pod 2005-03-29 17:50:08.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/EVP_SealInit.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -74,7 +74,7 @@
+
+ =head1 SEE ALSO
+
+-L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
++L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)>,
+ L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
+ L<EVP_OpenInit(3)|EVP_OpenInit(3)>
+
+diff -Naur openssl-0.9.8a.orig/doc/crypto/EVP_SignInit.pod openssl-0.9.8a/doc/crypto/EVP_SignInit.pod
+--- openssl-0.9.8a.orig/doc/crypto/EVP_SignInit.pod 2005-03-22 17:55:33.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/EVP_SignInit.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -80,7 +80,7 @@
+ =head1 SEE ALSO
+
+ L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
+-L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
++L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<openssl_err(3)|openssl_err(3)>,
+ L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+ L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+ L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+diff -Naur openssl-0.9.8a.orig/doc/crypto/EVP_VerifyInit.pod openssl-0.9.8a/doc/crypto/EVP_VerifyInit.pod
+--- openssl-0.9.8a.orig/doc/crypto/EVP_VerifyInit.pod 2002-07-10 19:35:46.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/EVP_VerifyInit.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -71,7 +71,7 @@
+
+ L<evp(3)|evp(3)>,
+ L<EVP_SignInit(3)|EVP_SignInit(3)>,
+-L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
++L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<openssl_err(3)|openssl_err(3)>,
+ L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+ L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+ L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+diff -Naur openssl-0.9.8a.orig/doc/crypto/OPENSSL_config.pod openssl-0.9.8a/doc/crypto/OPENSSL_config.pod
+--- openssl-0.9.8a.orig/doc/crypto/OPENSSL_config.pod 2005-06-02 23:17:38.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/OPENSSL_config.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -73,7 +73,7 @@
+ =head1 SEE ALSO
+
+ L<conf(5)|conf(5)>, L<CONF_load_modules_file(3)|CONF_load_modules_file(3)>,
+-L<CONF_modules_free(3),CONF_modules_free(3)>
++L<CONF_modules_free(3)|CONF_modules_free(3)>
+
+ =head1 HISTORY
+
+diff -Naur openssl-0.9.8a.orig/doc/crypto/RAND_add.pod openssl-0.9.8a/doc/crypto/RAND_add.pod
+--- openssl-0.9.8a.orig/doc/crypto/RAND_add.pod 2000-03-22 15:30:03.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/RAND_add.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -65,7 +65,7 @@
+
+ =head1 SEE ALSO
+
+-L<rand(3)|rand(3)>, L<RAND_egd(3)|RAND_egd(3)>,
++L<openssl_rand(3)|openssl_rand(3)>, L<RAND_egd(3)|RAND_egd(3)>,
+ L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
+
+ =head1 HISTORY
+diff -Naur openssl-0.9.8a.orig/doc/crypto/RAND_bytes.pod openssl-0.9.8a/doc/crypto/RAND_bytes.pod
+--- openssl-0.9.8a.orig/doc/crypto/RAND_bytes.pod 2002-09-25 13:33:27.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/RAND_bytes.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -35,7 +35,7 @@
+
+ =head1 SEE ALSO
+
+-L<rand(3)|rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
++L<openssl_rand(3)|openssl_rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+ L<RAND_add(3)|RAND_add(3)>
+
+ =head1 HISTORY
+diff -Naur openssl-0.9.8a.orig/doc/crypto/RAND_cleanup.pod openssl-0.9.8a/doc/crypto/RAND_cleanup.pod
+--- openssl-0.9.8a.orig/doc/crypto/RAND_cleanup.pod 2000-01-27 01:25:06.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/RAND_cleanup.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -20,7 +20,7 @@
+
+ =head1 SEE ALSO
+
+-L<rand(3)|rand(3)>
++L<openssl_rand(3)|openssl_rand(3)>
+
+ =head1 HISTORY
+
+diff -Naur openssl-0.9.8a.orig/doc/crypto/RAND_egd.pod openssl-0.9.8a/doc/crypto/RAND_egd.pod
+--- openssl-0.9.8a.orig/doc/crypto/RAND_egd.pod 2001-02-10 19:10:36.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/RAND_egd.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -69,7 +69,7 @@
+
+ =head1 SEE ALSO
+
+-L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>,
++L<openssl_rand(3)|openssl_rand(3)>, L<RAND_add(3)|RAND_add(3)>,
+ L<RAND_cleanup(3)|RAND_cleanup(3)>
+
+ =head1 HISTORY
+diff -Naur openssl-0.9.8a.orig/doc/crypto/RAND_load_file.pod openssl-0.9.8a/doc/crypto/RAND_load_file.pod
+--- openssl-0.9.8a.orig/doc/crypto/RAND_load_file.pod 2001-03-21 15:25:56.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/RAND_load_file.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -43,7 +43,7 @@
+
+ =head1 SEE ALSO
+
+-L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
++L<openssl_rand(3)|openssl_rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
+
+ =head1 HISTORY
+
+diff -Naur openssl-0.9.8a.orig/doc/crypto/RAND_set_rand_method.pod openssl-0.9.8a/doc/crypto/RAND_set_rand_method.pod
+--- openssl-0.9.8a.orig/doc/crypto/RAND_set_rand_method.pod 2002-08-05 16:27:01.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/RAND_set_rand_method.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -67,7 +67,7 @@
+
+ =head1 SEE ALSO
+
+-L<rand(3)|rand(3)>, L<engine(3)|engine(3)>
++L<openssl_rand(3)|openssl_rand(3)>, L<engine(3)|engine(3)>
+
+ =head1 HISTORY
+
+diff -Naur openssl-0.9.8a.orig/doc/crypto/RSA_blinding_on.pod openssl-0.9.8a/doc/crypto/RSA_blinding_on.pod
+--- openssl-0.9.8a.orig/doc/crypto/RSA_blinding_on.pod 2000-02-24 11:55:10.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/RSA_blinding_on.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -34,7 +34,7 @@
+
+ =head1 SEE ALSO
+
+-L<rsa(3)|rsa(3)>, L<rand(3)|rand(3)>
++L<rsa(3)|rsa(3)>, L<openssl_rand(3)|openssl_rand(3)>
+
+ =head1 HISTORY
+
+diff -Naur openssl-0.9.8a.orig/doc/crypto/RSA_generate_key.pod openssl-0.9.8a/doc/crypto/RSA_generate_key.pod
+--- openssl-0.9.8a.orig/doc/crypto/RSA_generate_key.pod 2002-09-25 13:33:27.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/RSA_generate_key.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -59,7 +59,7 @@
+
+ =head1 SEE ALSO
+
+-L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
++L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>,
+ L<RSA_free(3)|RSA_free(3)>
+
+ =head1 HISTORY
+diff -Naur openssl-0.9.8a.orig/doc/crypto/RSA_public_encrypt.pod openssl-0.9.8a/doc/crypto/RSA_public_encrypt.pod
+--- openssl-0.9.8a.orig/doc/crypto/RSA_public_encrypt.pod 2004-03-23 21:01:34.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/RSA_public_encrypt.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -73,7 +73,7 @@
+
+ =head1 SEE ALSO
+
+-L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
++L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>,
+ L<RSA_size(3)|RSA_size(3)>
+
+ =head1 HISTORY
+diff -Naur openssl-0.9.8a.orig/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod openssl-0.9.8a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
+--- openssl-0.9.8a.orig/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod 2002-09-25 13:33:28.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -48,7 +48,7 @@
+ =head1 SEE ALSO
+
+ L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
+-L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
++L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
+ L<RSA_verify(3)|RSA_verify(3)>
+
+ =head1 HISTORY
+diff -Naur openssl-0.9.8a.orig/doc/crypto/X509_NAME_ENTRY_get_object.pod openssl-0.9.8a/doc/crypto/X509_NAME_ENTRY_get_object.pod
+--- openssl-0.9.8a.orig/doc/crypto/X509_NAME_ENTRY_get_object.pod 2005-03-30 11:50:14.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/X509_NAME_ENTRY_get_object.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -63,7 +63,7 @@
+ =head1 SEE ALSO
+
+ L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>,
+-L<OBJ_nid2obj(3),OBJ_nid2obj(3)>
++L<OBJ_nid2obj(3)|OBJ_nid2obj(3)>
+
+ =head1 HISTORY
+
+diff -Naur openssl-0.9.8a.orig/doc/crypto/bn.pod openssl-0.9.8a/doc/crypto/bn.pod
+--- openssl-0.9.8a.orig/doc/crypto/bn.pod 2005-04-29 15:07:34.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/bn.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -167,7 +167,7 @@
+ =head1 SEE ALSO
+
+ L<bn_internal(3)|bn_internal(3)>,
+-L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
++L<dh(3)|dh(3)>, L<openssl_err(3)|openssl_err(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>,
+ L<BN_new(3)|BN_new(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
+ L<BN_copy(3)|BN_copy(3)>, L<BN_swap(3)|BN_swap(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>,
+ L<BN_add(3)|BN_add(3)>, L<BN_add_word(3)|BN_add_word(3)>,
+diff -Naur openssl-0.9.8a.orig/doc/crypto/crypto.pod openssl-0.9.8a/doc/crypto/crypto.pod
+--- openssl-0.9.8a.orig/doc/crypto/crypto.pod 2002-10-06 12:59:25.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/crypto.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -46,7 +46,7 @@
+
+ =item AUXILIARY FUNCTIONS
+
+-L<err(3)|err(3)>, L<threads(3)|threads(3)>, L<rand(3)|rand(3)>,
++L<openssl_err(3)|openssl_err(3)>, L<openssl_threads(3)|openssl_threads(3)>, L<openssl_rand(3)|openssl_rand(3)>,
+ L<OPENSSL_VERSION_NUMBER(3)|OPENSSL_VERSION_NUMBER(3)>
+
+ =item INPUT/OUTPUT, DATA ENCODING
+diff -Naur openssl-0.9.8a.orig/doc/crypto/des.pod openssl-0.9.8a/doc/crypto/des.pod
+--- openssl-0.9.8a.orig/doc/crypto/des.pod 2003-10-01 15:02:45.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/des.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -115,7 +115,7 @@
+ the key; it is used to speed the encryption process.
+
+ DES_random_key() generates a random key. The PRNG must be seeded
+-prior to using this function (see L<rand(3)|rand(3)>). If the PRNG
++prior to using this function (see L<openssl_rand(3)|openssl_rand(3)>). If the PRNG
+ could not generate a secure key, 0 is returned.
+
+ Before a DES key can be used, it must be converted into the
+@@ -317,7 +317,7 @@
+
+ =head1 SEE ALSO
+
+-crypt(3), L<des_modes(7)|des_modes(7)>, L<evp(3)|evp(3)>, L<rand(3)|rand(3)>
++crypt(3), L<des_modes(7)|des_modes(7)>, L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)>
+
+ =head1 HISTORY
+
+diff -Naur openssl-0.9.8a.orig/doc/crypto/dh.pod openssl-0.9.8a/doc/crypto/dh.pod
+--- openssl-0.9.8a.orig/doc/crypto/dh.pod 2002-08-05 16:27:01.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/dh.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -67,8 +67,8 @@
+
+ =head1 SEE ALSO
+
+-L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
+-L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>,
++L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<openssl_err(3)|openssl_err(3)>,
++L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>,
+ L<DH_set_method(3)|DH_set_method(3)>, L<DH_new(3)|DH_new(3)>,
+ L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>,
+ L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
+diff -Naur openssl-0.9.8a.orig/doc/crypto/dsa.pod openssl-0.9.8a/doc/crypto/dsa.pod
+--- openssl-0.9.8a.orig/doc/crypto/dsa.pod 2002-08-05 16:27:01.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/dsa.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -100,7 +100,7 @@
+
+ =head1 SEE ALSO
+
+-L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
++L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<openssl_err(3)|openssl_err(3)>, L<openssl_rand(3)|openssl_rand(3)>,
+ L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<engine(3)|engine(3)>,
+ L<DSA_new(3)|DSA_new(3)>,
+ L<DSA_size(3)|DSA_size(3)>,
+diff -Naur openssl-0.9.8a.orig/doc/crypto/engine.pod openssl-0.9.8a/doc/crypto/engine.pod
+--- openssl-0.9.8a.orig/doc/crypto/engine.pod 2004-06-17 23:40:14.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/engine.pod 2005-11-14 04:01:19.000000000 +0000
+@@ -594,6 +594,6 @@
+
+ =head1 SEE ALSO
+
+-L<rsa(3)|rsa(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<rand(3)|rand(3)>
++L<rsa(3)|rsa(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<openssl_rand(3)|openssl_rand(3)>
+
+ =cut
+diff -Naur openssl-0.9.8a.orig/doc/crypto/err.pod openssl-0.9.8a/doc/crypto/err.pod
+--- openssl-0.9.8a.orig/doc/crypto/err.pod 2002-07-10 19:35:46.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/err.pod 1970-01-01 00:00:00.000000000 +0000
+@@ -1,187 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-err - error codes
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/err.h>
+-
+- unsigned long ERR_get_error(void);
+- unsigned long ERR_peek_error(void);
+- unsigned long ERR_get_error_line(const char **file, int *line);
+- unsigned long ERR_peek_error_line(const char **file, int *line);
+- unsigned long ERR_get_error_line_data(const char **file, int *line,
+- const char **data, int *flags);
+- unsigned long ERR_peek_error_line_data(const char **file, int *line,
+- const char **data, int *flags);
+-
+- int ERR_GET_LIB(unsigned long e);
+- int ERR_GET_FUNC(unsigned long e);
+- int ERR_GET_REASON(unsigned long e);
+-
+- void ERR_clear_error(void);
+-
+- char *ERR_error_string(unsigned long e, char *buf);
+- const char *ERR_lib_error_string(unsigned long e);
+- const char *ERR_func_error_string(unsigned long e);
+- const char *ERR_reason_error_string(unsigned long e);
+-
+- void ERR_print_errors(BIO *bp);
+- void ERR_print_errors_fp(FILE *fp);
+-
+- void ERR_load_crypto_strings(void);
+- void ERR_free_strings(void);
+-
+- void ERR_remove_state(unsigned long pid);
+-
+- void ERR_put_error(int lib, int func, int reason, const char *file,
+- int line);
+- void ERR_add_error_data(int num, ...);
+-
+- void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
+- unsigned long ERR_PACK(int lib, int func, int reason);
+- int ERR_get_next_error_library(void);
+-
+-=head1 DESCRIPTION
+-
+-When a call to the OpenSSL library fails, this is usually signalled
+-by the return value, and an error code is stored in an error queue
+-associated with the current thread. The B<err> library provides
+-functions to obtain these error codes and textual error messages.
+-
+-The L<ERR_get_error(3)|ERR_get_error(3)> manpage describes how to
+-access error codes.
+-
+-Error codes contain information about where the error occurred, and
+-what went wrong. L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> describes how to
+-extract this information. A method to obtain human-readable error
+-messages is described in L<ERR_error_string(3)|ERR_error_string(3)>.
+-
+-L<ERR_clear_error(3)|ERR_clear_error(3)> can be used to clear the
+-error queue.
+-
+-Note that L<ERR_remove_state(3)|ERR_remove_state(3)> should be used to
+-avoid memory leaks when threads are terminated.
+-
+-=head1 ADDING NEW ERROR CODES TO OPENSSL
+-
+-See L<ERR_put_error(3)> if you want to record error codes in the
+-OpenSSL error system from within your application.
+-
+-The remainder of this section is of interest only if you want to add
+-new error codes to OpenSSL or add error codes from external libraries.
+-
+-=head2 Reporting errors
+-
+-Each sub-library has a specific macro XXXerr() that is used to report
+-errors. Its first argument is a function code B<XXX_F_...>, the second
+-argument is a reason code B<XXX_R_...>. Function codes are derived
+-from the function names; reason codes consist of textual error
+-descriptions. For example, the function ssl23_read() reports a
+-"handshake failure" as follows:
+-
+- SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE);
+-
+-Function and reason codes should consist of upper case characters,
+-numbers and underscores only. The error file generation script translates
+-function codes into function names by looking in the header files
+-for an appropriate function name, if none is found it just uses
+-the capitalized form such as "SSL23_READ" in the above example.
+-
+-The trailing section of a reason code (after the "_R_") is translated
+-into lower case and underscores changed to spaces.
+-
+-When you are using new function or reason codes, run B<make errors>.
+-The necessary B<#define>s will then automatically be added to the
+-sub-library's header file.
+-
+-Although a library will normally report errors using its own specific
+-XXXerr macro, another library's macro can be used. This is normally
+-only done when a library wants to include ASN1 code which must use
+-the ASN1err() macro.
+-
+-=head2 Adding new libraries
+-
+-When adding a new sub-library to OpenSSL, assign it a library number
+-B<ERR_LIB_XXX>, define a macro XXXerr() (both in B<err.h>), add its
+-name to B<ERR_str_libraries[]> (in B<crypto/err/err.c>), and add
+-C<ERR_load_XXX_strings()> to the ERR_load_crypto_strings() function
+-(in B<crypto/err/err_all.c>). Finally, add an entry
+-
+- L XXX xxx.h xxx_err.c
+-
+-to B<crypto/err/openssl.ec>, and add B<xxx_err.c> to the Makefile.
+-Running B<make errors> will then generate a file B<xxx_err.c>, and
+-add all error codes used in the library to B<xxx.h>.
+-
+-Additionally the library include file must have a certain form.
+-Typically it will initially look like this:
+-
+- #ifndef HEADER_XXX_H
+- #define HEADER_XXX_H
+-
+- #ifdef __cplusplus
+- extern "C" {
+- #endif
+-
+- /* Include files */
+-
+- #include <openssl/bio.h>
+- #include <openssl/x509.h>
+-
+- /* Macros, structures and function prototypes */
+-
+-
+- /* BEGIN ERROR CODES */
+-
+-The B<BEGIN ERROR CODES> sequence is used by the error code
+-generation script as the point to place new error codes, any text
+-after this point will be overwritten when B<make errors> is run.
+-The closing #endif etc will be automatically added by the script.
+-
+-The generated C error code file B<xxx_err.c> will load the header
+-files B<stdio.h>, B<openssl/err.h> and B<openssl/xxx.h> so the
+-header file must load any additional header files containing any
+-definitions it uses.
+-
+-=head1 USING ERROR CODES IN EXTERNAL LIBRARIES
+-
+-It is also possible to use OpenSSL's error code scheme in external
+-libraries. The library needs to load its own codes and call the OpenSSL
+-error code insertion script B<mkerr.pl> explicitly to add codes to
+-the header file and generate the C error code file. This will normally
+-be done if the external library needs to generate new ASN1 structures
+-but it can also be used to add more general purpose error code handling.
+-
+-TBA more details
+-
+-=head1 INTERNALS
+-
+-The error queues are stored in a hash table with one B<ERR_STATE>
+-entry for each pid. ERR_get_state() returns the current thread's
+-B<ERR_STATE>. An B<ERR_STATE> can hold up to B<ERR_NUM_ERRORS> error
+-codes. When more error codes are added, the old ones are overwritten,
+-on the assumption that the most recent errors are most important.
+-
+-Error strings are also stored in hash table. The hash tables can
+-be obtained by calling ERR_get_err_state_table(void) and
+-ERR_get_string_table(void) respectively.
+-
+-=head1 SEE ALSO
+-
+-L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>,
+-L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>,
+-L<ERR_get_error(3)|ERR_get_error(3)>,
+-L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>,
+-L<ERR_clear_error(3)|ERR_clear_error(3)>,
+-L<ERR_error_string(3)|ERR_error_string(3)>,
+-L<ERR_print_errors(3)|ERR_print_errors(3)>,
+-L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>,
+-L<ERR_remove_state(3)|ERR_remove_state(3)>,
+-L<ERR_put_error(3)|ERR_put_error(3)>,
+-L<ERR_load_strings(3)|ERR_load_strings(3)>,
+-L<SSL_get_error(3)|SSL_get_error(3)>
+-
+-=cut
+diff -Naur openssl-0.9.8a.orig/doc/crypto/openssl_err.pod openssl-0.9.8a/doc/crypto/openssl_err.pod
+--- openssl-0.9.8a.orig/doc/crypto/openssl_err.pod 1970-01-01 00:00:00.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/openssl_err.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -0,0 +1,187 @@
++=pod
++
++=head1 NAME
++
++openssl_err - error codes
++
++=head1 SYNOPSIS
++
++ #include <openssl/err.h>
++
++ unsigned long ERR_get_error(void);
++ unsigned long ERR_peek_error(void);
++ unsigned long ERR_get_error_line(const char **file, int *line);
++ unsigned long ERR_peek_error_line(const char **file, int *line);
++ unsigned long ERR_get_error_line_data(const char **file, int *line,
++ const char **data, int *flags);
++ unsigned long ERR_peek_error_line_data(const char **file, int *line,
++ const char **data, int *flags);
++
++ int ERR_GET_LIB(unsigned long e);
++ int ERR_GET_FUNC(unsigned long e);
++ int ERR_GET_REASON(unsigned long e);
++
++ void ERR_clear_error(void);
++
++ char *ERR_error_string(unsigned long e, char *buf);
++ const char *ERR_lib_error_string(unsigned long e);
++ const char *ERR_func_error_string(unsigned long e);
++ const char *ERR_reason_error_string(unsigned long e);
++
++ void ERR_print_errors(BIO *bp);
++ void ERR_print_errors_fp(FILE *fp);
++
++ void ERR_load_crypto_strings(void);
++ void ERR_free_strings(void);
++
++ void ERR_remove_state(unsigned long pid);
++
++ void ERR_put_error(int lib, int func, int reason, const char *file,
++ int line);
++ void ERR_add_error_data(int num, ...);
++
++ void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
++ unsigned long ERR_PACK(int lib, int func, int reason);
++ int ERR_get_next_error_library(void);
++
++=head1 DESCRIPTION
++
++When a call to the OpenSSL library fails, this is usually signalled
++by the return value, and an error code is stored in an error queue
++associated with the current thread. The B<err> library provides
++functions to obtain these error codes and textual error messages.
++
++The L<ERR_get_error(3)|ERR_get_error(3)> manpage describes how to
++access error codes.
++
++Error codes contain information about where the error occurred, and
++what went wrong. L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> describes how to
++extract this information. A method to obtain human-readable error
++messages is described in L<ERR_error_string(3)|ERR_error_string(3)>.
++
++L<ERR_clear_error(3)|ERR_clear_error(3)> can be used to clear the
++error queue.
++
++Note that L<ERR_remove_state(3)|ERR_remove_state(3)> should be used to
++avoid memory leaks when threads are terminated.
++
++=head1 ADDING NEW ERROR CODES TO OPENSSL
++
++See L<ERR_put_error(3)> if you want to record error codes in the
++OpenSSL error system from within your application.
++
++The remainder of this section is of interest only if you want to add
++new error codes to OpenSSL or add error codes from external libraries.
++
++=head2 Reporting errors
++
++Each sub-library has a specific macro XXXerr() that is used to report
++errors. Its first argument is a function code B<XXX_F_...>, the second
++argument is a reason code B<XXX_R_...>. Function codes are derived
++from the function names; reason codes consist of textual error
++descriptions. For example, the function ssl23_read() reports a
++"handshake failure" as follows:
++
++ SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE);
++
++Function and reason codes should consist of upper case characters,
++numbers and underscores only. The error file generation script translates
++function codes into function names by looking in the header files
++for an appropriate function name, if none is found it just uses
++the capitalized form such as "SSL23_READ" in the above example.
++
++The trailing section of a reason code (after the "_R_") is translated
++into lower case and underscores changed to spaces.
++
++When you are using new function or reason codes, run B<make errors>.
++The necessary B<#define>s will then automatically be added to the
++sub-library's header file.
++
++Although a library will normally report errors using its own specific
++XXXerr macro, another library's macro can be used. This is normally
++only done when a library wants to include ASN1 code which must use
++the ASN1err() macro.
++
++=head2 Adding new libraries
++
++When adding a new sub-library to OpenSSL, assign it a library number
++B<ERR_LIB_XXX>, define a macro XXXerr() (both in B<err.h>), add its
++name to B<ERR_str_libraries[]> (in B<crypto/err/err.c>), and add
++C<ERR_load_XXX_strings()> to the ERR_load_crypto_strings() function
++(in B<crypto/err/err_all.c>). Finally, add an entry
++
++ L XXX xxx.h xxx_err.c
++
++to B<crypto/err/openssl.ec>, and add B<xxx_err.c> to the Makefile.
++Running B<make errors> will then generate a file B<xxx_err.c>, and
++add all error codes used in the library to B<xxx.h>.
++
++Additionally the library include file must have a certain form.
++Typically it will initially look like this:
++
++ #ifndef HEADER_XXX_H
++ #define HEADER_XXX_H
++
++ #ifdef __cplusplus
++ extern "C" {
++ #endif
++
++ /* Include files */
++
++ #include <openssl/bio.h>
++ #include <openssl/x509.h>
++
++ /* Macros, structures and function prototypes */
++
++
++ /* BEGIN ERROR CODES */
++
++The B<BEGIN ERROR CODES> sequence is used by the error code
++generation script as the point to place new error codes, any text
++after this point will be overwritten when B<make errors> is run.
++The closing #endif etc will be automatically added by the script.
++
++The generated C error code file B<xxx_err.c> will load the header
++files B<stdio.h>, B<openssl/err.h> and B<openssl/xxx.h> so the
++header file must load any additional header files containing any
++definitions it uses.
++
++=head1 USING ERROR CODES IN EXTERNAL LIBRARIES
++
++It is also possible to use OpenSSL's error code scheme in external
++libraries. The library needs to load its own codes and call the OpenSSL
++error code insertion script B<mkerr.pl> explicitly to add codes to
++the header file and generate the C error code file. This will normally
++be done if the external library needs to generate new ASN1 structures
++but it can also be used to add more general purpose error code handling.
++
++TBA more details
++
++=head1 INTERNALS
++
++The error queues are stored in a hash table with one B<ERR_STATE>
++entry for each pid. ERR_get_state() returns the current thread's
++B<ERR_STATE>. An B<ERR_STATE> can hold up to B<ERR_NUM_ERRORS> error
++codes. When more error codes are added, the old ones are overwritten,
++on the assumption that the most recent errors are most important.
++
++Error strings are also stored in hash table. The hash tables can
++be obtained by calling ERR_get_err_state_table(void) and
++ERR_get_string_table(void) respectively.
++
++=head1 SEE ALSO
++
++L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>,
++L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>,
++L<ERR_get_error(3)|ERR_get_error(3)>,
++L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>,
++L<ERR_clear_error(3)|ERR_clear_error(3)>,
++L<ERR_error_string(3)|ERR_error_string(3)>,
++L<ERR_print_errors(3)|ERR_print_errors(3)>,
++L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>,
++L<ERR_remove_state(3)|ERR_remove_state(3)>,
++L<ERR_put_error(3)|ERR_put_error(3)>,
++L<ERR_load_strings(3)|ERR_load_strings(3)>,
++L<SSL_get_error(3)|SSL_get_error(3)>
++
++=cut
+diff -Naur openssl-0.9.8a.orig/doc/crypto/openssl_rand.pod openssl-0.9.8a/doc/crypto/openssl_rand.pod
+--- openssl-0.9.8a.orig/doc/crypto/openssl_rand.pod 1970-01-01 00:00:00.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/openssl_rand.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -0,0 +1,175 @@
++=pod
++
++=head1 NAME
++
++openssl_rand - pseudo-random number generator
++
++=head1 SYNOPSIS
++
++ #include <openssl/rand.h>
++
++ int RAND_set_rand_engine(ENGINE *engine);
++
++ int RAND_bytes(unsigned char *buf, int num);
++ int RAND_pseudo_bytes(unsigned char *buf, int num);
++
++ void RAND_seed(const void *buf, int num);
++ void RAND_add(const void *buf, int num, int entropy);
++ int RAND_status(void);
++
++ int RAND_load_file(const char *file, long max_bytes);
++ int RAND_write_file(const char *file);
++ const char *RAND_file_name(char *file, size_t num);
++
++ int RAND_egd(const char *path);
++
++ void RAND_set_rand_method(const RAND_METHOD *meth);
++ const RAND_METHOD *RAND_get_rand_method(void);
++ RAND_METHOD *RAND_SSLeay(void);
++
++ void RAND_cleanup(void);
++
++ /* For Win32 only */
++ void RAND_screen(void);
++ int RAND_event(UINT, WPARAM, LPARAM);
++
++=head1 DESCRIPTION
++
++Since the introduction of the ENGINE API, the recommended way of controlling
++default implementations is by using the ENGINE API functions. The default
++B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by
++RAND_get_rand_method(), is only used if no ENGINE has been set as the default
++"rand" implementation. Hence, these two functions are no longer the recommened
++way to control defaults.
++
++If an alternative B<RAND_METHOD> implementation is being used (either set
++directly or as provided by an ENGINE module), then it is entirely responsible
++for the generation and management of a cryptographically secure PRNG stream. The
++mechanisms described below relate solely to the software PRNG implementation
++built in to OpenSSL and used by default.
++
++These functions implement a cryptographically secure pseudo-random
++number generator (PRNG). It is used by other library functions for
++example to generate random keys, and applications can use it when they
++need randomness.
++
++A cryptographic PRNG must be seeded with unpredictable data such as
++mouse movements or keys pressed at random by the user. This is
++described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file
++(see L<RAND_load_file(3)|RAND_load_file(3)>) to avoid having to go through the
++seeding process whenever the application is started.
++
++L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the
++PRNG.
++
++=head1 INTERNALS
++
++The RAND_SSLeay() method implements a PRNG based on a cryptographic
++hash function.
++
++The following description of its design is based on the SSLeay
++documentation:
++
++First up I will state the things I believe I need for a good RNG.
++
++=over 4
++
++=item 1
++
++A good hashing algorithm to mix things up and to convert the RNG 'state'
++to random numbers.
++
++=item 2
++
++An initial source of random 'state'.
++
++=item 3
++
++The state should be very large. If the RNG is being used to generate
++4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum).
++If your RNG state only has 128 bits, you are obviously limiting the
++search space to 128 bits, not 2048. I'm probably getting a little
++carried away on this last point but it does indicate that it may not be
++a bad idea to keep quite a lot of RNG state. It should be easier to
++break a cipher than guess the RNG seed data.
++
++=item 4
++
++Any RNG seed data should influence all subsequent random numbers
++generated. This implies that any random seed data entered will have
++an influence on all subsequent random numbers generated.
++
++=item 5
++
++When using data to seed the RNG state, the data used should not be
++extractable from the RNG state. I believe this should be a
++requirement because one possible source of 'secret' semi random
++data would be a private key or a password. This data must
++not be disclosed by either subsequent random numbers or a
++'core' dump left by a program crash.
++
++=item 6
++
++Given the same initial 'state', 2 systems should deviate in their RNG state
++(and hence the random numbers generated) over time if at all possible.
++
++=item 7
++
++Given the random number output stream, it should not be possible to determine
++the RNG state or the next random number.
++
++=back
++
++The algorithm is as follows.
++
++There is global state made up of a 1023 byte buffer (the 'state'), a
++working hash value ('md'), and a counter ('count').
++
++Whenever seed data is added, it is inserted into the 'state' as
++follows.
++
++The input is chopped up into units of 20 bytes (or less for
++the last block). Each of these blocks is run through the hash
++function as follows: The data passed to the hash function
++is the current 'md', the same number of bytes from the 'state'
++(the location determined by in incremented looping index) as
++the current 'block', the new key data 'block', and 'count'
++(which is incremented after each use).
++The result of this is kept in 'md' and also xored into the
++'state' at the same locations that were used as input into the
++hash function. I
++believe this system addresses points 1 (hash function; currently
++SHA-1), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash
++function and xor).
++
++When bytes are extracted from the RNG, the following process is used.
++For each group of 10 bytes (or less), we do the following:
++
++Input into the hash function the local 'md' (which is initialized from
++the global 'md' before any bytes are generated), the bytes that are to
++be overwritten by the random bytes, and bytes from the 'state'
++(incrementing looping index). From this digest output (which is kept
++in 'md'), the top (up to) 10 bytes are returned to the caller and the
++bottom 10 bytes are xored into the 'state'.
++
++Finally, after we have finished 'num' random bytes for the caller,
++'count' (which is incremented) and the local and global 'md' are fed
++into the hash function and the results are kept in the global 'md'.
++
++I believe the above addressed points 1 (use of SHA-1), 6 (by hashing
++into the 'state' the 'old' data from the caller that is about to be
++overwritten) and 7 (by not using the 10 bytes given to the caller to
++update the 'state', but they are used to update 'md').
++
++So of the points raised, only 2 is not addressed (but see
++L<RAND_add(3)|RAND_add(3)>).
++
++=head1 SEE ALSO
++
++L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>,
++L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_egd(3)|RAND_egd(3)>,
++L<RAND_bytes(3)|RAND_bytes(3)>,
++L<RAND_set_rand_method(3)|RAND_set_rand_method(3)>,
++L<RAND_cleanup(3)|RAND_cleanup(3)>
++
++=cut
+diff -Naur openssl-0.9.8a.orig/doc/crypto/openssl_threads.pod openssl-0.9.8a/doc/crypto/openssl_threads.pod
+--- openssl-0.9.8a.orig/doc/crypto/openssl_threads.pod 1970-01-01 00:00:00.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/openssl_threads.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -0,0 +1,175 @@
++=pod
++
++=head1 NAME
++
++CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks,
++CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback,
++CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid,
++CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support
++
++=head1 SYNOPSIS
++
++ #include <openssl/crypto.h>
++
++ void CRYPTO_set_locking_callback(void (*locking_function)(int mode,
++ int n, const char *file, int line));
++
++ void CRYPTO_set_id_callback(unsigned long (*id_function)(void));
++
++ int CRYPTO_num_locks(void);
++
++
++ /* struct CRYPTO_dynlock_value needs to be defined by the user */
++ struct CRYPTO_dynlock_value;
++
++ void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *
++ (*dyn_create_function)(char *file, int line));
++ void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)
++ (int mode, struct CRYPTO_dynlock_value *l,
++ const char *file, int line));
++ void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)
++ (struct CRYPTO_dynlock_value *l, const char *file, int line));
++
++ int CRYPTO_get_new_dynlockid(void);
++
++ void CRYPTO_destroy_dynlockid(int i);
++
++ void CRYPTO_lock(int mode, int n, const char *file, int line);
++
++ #define CRYPTO_w_lock(type) \
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
++ #define CRYPTO_w_unlock(type) \
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
++ #define CRYPTO_r_lock(type) \
++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
++ #define CRYPTO_r_unlock(type) \
++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
++ #define CRYPTO_add(addr,amount,type) \
++ CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
++
++=head1 DESCRIPTION
++
++OpenSSL can safely be used in multi-threaded applications provided
++that at least two callback functions are set.
++
++locking_function(int mode, int n, const char *file, int line) is
++needed to perform locking on shared data structures.
++(Note that OpenSSL uses a number of global data structures that
++will be implicitly shared whenever multiple threads use OpenSSL.)
++Multi-threaded applications will crash at random if it is not set.
++
++locking_function() must be able to handle up to CRYPTO_num_locks()
++different mutex locks. It sets the B<n>-th lock if B<mode> &
++B<CRYPTO_LOCK>, and releases it otherwise.
++
++B<file> and B<line> are the file number of the function setting the
++lock. They can be useful for debugging.
++
++id_function(void) is a function that returns a thread ID, for example
++pthread_self() if it returns an integer (see NOTES below). It isn't
++needed on Windows nor on platforms where getpid() returns a different
++ID for each thread (see NOTES below).
++
++Additionally, OpenSSL supports dynamic locks, and sometimes, some parts
++of OpenSSL need it for better performance. To enable this, the following
++is required:
++
++=over 4
++
++=item *
++Three additional callback function, dyn_create_function, dyn_lock_function
++and dyn_destroy_function.
++
++=item *
++A structure defined with the data that each lock needs to handle.
++
++=back
++
++struct CRYPTO_dynlock_value has to be defined to contain whatever structure
++is needed to handle locks.
++
++dyn_create_function(const char *file, int line) is needed to create a
++lock. Multi-threaded applications might crash at random if it is not set.
++
++dyn_lock_function(int mode, CRYPTO_dynlock *l, const char *file, int line)
++is needed to perform locking off dynamic lock numbered n. Multi-threaded
++applications might crash at random if it is not set.
++
++dyn_destroy_function(CRYPTO_dynlock *l, const char *file, int line) is
++needed to destroy the lock l. Multi-threaded applications might crash at
++random if it is not set.
++
++CRYPTO_get_new_dynlockid() is used to create locks. It will call
++dyn_create_function for the actual creation.
++
++CRYPTO_destroy_dynlockid() is used to destroy locks. It will call
++dyn_destroy_function for the actual destruction.
++
++CRYPTO_lock() is used to lock and unlock the locks. mode is a bitfield
++describing what should be done with the lock. n is the number of the
++lock as returned from CRYPTO_get_new_dynlockid(). mode can be combined
++from the following values. These values are pairwise exclusive, with
++undefined behaviour if misused (for example, CRYPTO_READ and CRYPTO_WRITE
++should not be used together):
++
++ CRYPTO_LOCK 0x01
++ CRYPTO_UNLOCK 0x02
++ CRYPTO_READ 0x04
++ CRYPTO_WRITE 0x08
++
++=head1 RETURN VALUES
++
++CRYPTO_num_locks() returns the required number of locks.
++
++CRYPTO_get_new_dynlockid() returns the index to the newly created lock.
++
++The other functions return no values.
++
++=head1 NOTES
++
++You can find out if OpenSSL was configured with thread support:
++
++ #define OPENSSL_THREAD_DEFINES
++ #include <openssl/opensslconf.h>
++ #if defined(OPENSSL_THREADS)
++ // thread support enabled
++ #else
++ // no thread support
++ #endif
++
++Also, dynamic locks are currently not used internally by OpenSSL, but
++may do so in the future.
++
++Defining id_function(void) has it's own issues. Generally speaking,
++pthread_self() should be used, even on platforms where getpid() gives
++different answers in each thread, since that may depend on the machine
++the program is run on, not the machine where the program is being
++compiled. For instance, Red Hat 8 Linux and earlier used
++LinuxThreads, whose getpid() returns a different value for each
++thread. Red Hat 9 Linux and later use NPTL, which is
++Posix-conformant, and has a getpid() that returns the same value for
++all threads in a process. A program compiled on Red Hat 8 and run on
++Red Hat 9 will therefore see getpid() returning the same value for
++all threads.
++
++There is still the issue of platforms where pthread_self() returns
++something other than an integer. This is a bit unusual, and this
++manual has no cookbook solution for that case.
++
++=head1 EXAMPLES
++
++B<crypto/threads/mttest.c> shows examples of the callback functions on
++Solaris, Irix and Win32.
++
++=head1 HISTORY
++
++CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() are
++available in all versions of SSLeay and OpenSSL.
++CRYPTO_num_locks() was added in OpenSSL 0.9.4.
++All functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev.
++
++=head1 SEE ALSO
++
++L<crypto(3)|crypto(3)>
++
++=cut
+diff -Naur openssl-0.9.8a.orig/doc/crypto/rand.pod openssl-0.9.8a/doc/crypto/rand.pod
+--- openssl-0.9.8a.orig/doc/crypto/rand.pod 2002-08-05 16:27:01.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/rand.pod 1970-01-01 00:00:00.000000000 +0000
+@@ -1,175 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-rand - pseudo-random number generator
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/rand.h>
+-
+- int RAND_set_rand_engine(ENGINE *engine);
+-
+- int RAND_bytes(unsigned char *buf, int num);
+- int RAND_pseudo_bytes(unsigned char *buf, int num);
+-
+- void RAND_seed(const void *buf, int num);
+- void RAND_add(const void *buf, int num, int entropy);
+- int RAND_status(void);
+-
+- int RAND_load_file(const char *file, long max_bytes);
+- int RAND_write_file(const char *file);
+- const char *RAND_file_name(char *file, size_t num);
+-
+- int RAND_egd(const char *path);
+-
+- void RAND_set_rand_method(const RAND_METHOD *meth);
+- const RAND_METHOD *RAND_get_rand_method(void);
+- RAND_METHOD *RAND_SSLeay(void);
+-
+- void RAND_cleanup(void);
+-
+- /* For Win32 only */
+- void RAND_screen(void);
+- int RAND_event(UINT, WPARAM, LPARAM);
+-
+-=head1 DESCRIPTION
+-
+-Since the introduction of the ENGINE API, the recommended way of controlling
+-default implementations is by using the ENGINE API functions. The default
+-B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by
+-RAND_get_rand_method(), is only used if no ENGINE has been set as the default
+-"rand" implementation. Hence, these two functions are no longer the recommened
+-way to control defaults.
+-
+-If an alternative B<RAND_METHOD> implementation is being used (either set
+-directly or as provided by an ENGINE module), then it is entirely responsible
+-for the generation and management of a cryptographically secure PRNG stream. The
+-mechanisms described below relate solely to the software PRNG implementation
+-built in to OpenSSL and used by default.
+-
+-These functions implement a cryptographically secure pseudo-random
+-number generator (PRNG). It is used by other library functions for
+-example to generate random keys, and applications can use it when they
+-need randomness.
+-
+-A cryptographic PRNG must be seeded with unpredictable data such as
+-mouse movements or keys pressed at random by the user. This is
+-described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file
+-(see L<RAND_load_file(3)|RAND_load_file(3)>) to avoid having to go through the
+-seeding process whenever the application is started.
+-
+-L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the
+-PRNG.
+-
+-=head1 INTERNALS
+-
+-The RAND_SSLeay() method implements a PRNG based on a cryptographic
+-hash function.
+-
+-The following description of its design is based on the SSLeay
+-documentation:
+-
+-First up I will state the things I believe I need for a good RNG.
+-
+-=over 4
+-
+-=item 1
+-
+-A good hashing algorithm to mix things up and to convert the RNG 'state'
+-to random numbers.
+-
+-=item 2
+-
+-An initial source of random 'state'.
+-
+-=item 3
+-
+-The state should be very large. If the RNG is being used to generate
+-4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum).
+-If your RNG state only has 128 bits, you are obviously limiting the
+-search space to 128 bits, not 2048. I'm probably getting a little
+-carried away on this last point but it does indicate that it may not be
+-a bad idea to keep quite a lot of RNG state. It should be easier to
+-break a cipher than guess the RNG seed data.
+-
+-=item 4
+-
+-Any RNG seed data should influence all subsequent random numbers
+-generated. This implies that any random seed data entered will have
+-an influence on all subsequent random numbers generated.
+-
+-=item 5
+-
+-When using data to seed the RNG state, the data used should not be
+-extractable from the RNG state. I believe this should be a
+-requirement because one possible source of 'secret' semi random
+-data would be a private key or a password. This data must
+-not be disclosed by either subsequent random numbers or a
+-'core' dump left by a program crash.
+-
+-=item 6
+-
+-Given the same initial 'state', 2 systems should deviate in their RNG state
+-(and hence the random numbers generated) over time if at all possible.
+-
+-=item 7
+-
+-Given the random number output stream, it should not be possible to determine
+-the RNG state or the next random number.
+-
+-=back
+-
+-The algorithm is as follows.
+-
+-There is global state made up of a 1023 byte buffer (the 'state'), a
+-working hash value ('md'), and a counter ('count').
+-
+-Whenever seed data is added, it is inserted into the 'state' as
+-follows.
+-
+-The input is chopped up into units of 20 bytes (or less for
+-the last block). Each of these blocks is run through the hash
+-function as follows: The data passed to the hash function
+-is the current 'md', the same number of bytes from the 'state'
+-(the location determined by in incremented looping index) as
+-the current 'block', the new key data 'block', and 'count'
+-(which is incremented after each use).
+-The result of this is kept in 'md' and also xored into the
+-'state' at the same locations that were used as input into the
+-hash function. I
+-believe this system addresses points 1 (hash function; currently
+-SHA-1), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash
+-function and xor).
+-
+-When bytes are extracted from the RNG, the following process is used.
+-For each group of 10 bytes (or less), we do the following:
+-
+-Input into the hash function the local 'md' (which is initialized from
+-the global 'md' before any bytes are generated), the bytes that are to
+-be overwritten by the random bytes, and bytes from the 'state'
+-(incrementing looping index). From this digest output (which is kept
+-in 'md'), the top (up to) 10 bytes are returned to the caller and the
+-bottom 10 bytes are xored into the 'state'.
+-
+-Finally, after we have finished 'num' random bytes for the caller,
+-'count' (which is incremented) and the local and global 'md' are fed
+-into the hash function and the results are kept in the global 'md'.
+-
+-I believe the above addressed points 1 (use of SHA-1), 6 (by hashing
+-into the 'state' the 'old' data from the caller that is about to be
+-overwritten) and 7 (by not using the 10 bytes given to the caller to
+-update the 'state', but they are used to update 'md').
+-
+-So of the points raised, only 2 is not addressed (but see
+-L<RAND_add(3)|RAND_add(3)>).
+-
+-=head1 SEE ALSO
+-
+-L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>,
+-L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_egd(3)|RAND_egd(3)>,
+-L<RAND_bytes(3)|RAND_bytes(3)>,
+-L<RAND_set_rand_method(3)|RAND_set_rand_method(3)>,
+-L<RAND_cleanup(3)|RAND_cleanup(3)>
+-
+-=cut
+diff -Naur openssl-0.9.8a.orig/doc/crypto/rsa.pod openssl-0.9.8a/doc/crypto/rsa.pod
+--- openssl-0.9.8a.orig/doc/crypto/rsa.pod 2002-08-04 21:08:36.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/rsa.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -108,7 +108,7 @@
+ =head1 SEE ALSO
+
+ L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>,
+-L<rand(3)|rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>,
++L<openssl_rand(3)|openssl_rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>,
+ L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>,
+ L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>,
+ L<RSA_generate_key(3)|RSA_generate_key(3)>,
+diff -Naur openssl-0.9.8a.orig/doc/crypto/threads.pod openssl-0.9.8a/doc/crypto/threads.pod
+--- openssl-0.9.8a.orig/doc/crypto/threads.pod 2005-06-18 05:52:23.000000000 +0000
++++ openssl-0.9.8a/doc/crypto/threads.pod 1970-01-01 00:00:00.000000000 +0000
+@@ -1,175 +0,0 @@
+-=pod
+-
+-=head1 NAME
+-
+-CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks,
+-CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback,
+-CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid,
+-CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support
+-
+-=head1 SYNOPSIS
+-
+- #include <openssl/crypto.h>
+-
+- void CRYPTO_set_locking_callback(void (*locking_function)(int mode,
+- int n, const char *file, int line));
+-
+- void CRYPTO_set_id_callback(unsigned long (*id_function)(void));
+-
+- int CRYPTO_num_locks(void);
+-
+-
+- /* struct CRYPTO_dynlock_value needs to be defined by the user */
+- struct CRYPTO_dynlock_value;
+-
+- void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *
+- (*dyn_create_function)(char *file, int line));
+- void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)
+- (int mode, struct CRYPTO_dynlock_value *l,
+- const char *file, int line));
+- void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)
+- (struct CRYPTO_dynlock_value *l, const char *file, int line));
+-
+- int CRYPTO_get_new_dynlockid(void);
+-
+- void CRYPTO_destroy_dynlockid(int i);
+-
+- void CRYPTO_lock(int mode, int n, const char *file, int line);
+-
+- #define CRYPTO_w_lock(type) \
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+- #define CRYPTO_w_unlock(type) \
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+- #define CRYPTO_r_lock(type) \
+- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+- #define CRYPTO_r_unlock(type) \
+- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+- #define CRYPTO_add(addr,amount,type) \
+- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
+-
+-=head1 DESCRIPTION
+-
+-OpenSSL can safely be used in multi-threaded applications provided
+-that at least two callback functions are set.
+-
+-locking_function(int mode, int n, const char *file, int line) is
+-needed to perform locking on shared data structures.
+-(Note that OpenSSL uses a number of global data structures that
+-will be implicitly shared whenever multiple threads use OpenSSL.)
+-Multi-threaded applications will crash at random if it is not set.
+-
+-locking_function() must be able to handle up to CRYPTO_num_locks()
+-different mutex locks. It sets the B<n>-th lock if B<mode> &
+-B<CRYPTO_LOCK>, and releases it otherwise.
+-
+-B<file> and B<line> are the file number of the function setting the
+-lock. They can be useful for debugging.
+-
+-id_function(void) is a function that returns a thread ID, for example
+-pthread_self() if it returns an integer (see NOTES below). It isn't
+-needed on Windows nor on platforms where getpid() returns a different
+-ID for each thread (see NOTES below).
+-
+-Additionally, OpenSSL supports dynamic locks, and sometimes, some parts
+-of OpenSSL need it for better performance. To enable this, the following
+-is required:
+-
+-=over 4
+-
+-=item *
+-Three additional callback function, dyn_create_function, dyn_lock_function
+-and dyn_destroy_function.
+-
+-=item *
+-A structure defined with the data that each lock needs to handle.
+-
+-=back
+-
+-struct CRYPTO_dynlock_value has to be defined to contain whatever structure
+-is needed to handle locks.
+-
+-dyn_create_function(const char *file, int line) is needed to create a
+-lock. Multi-threaded applications might crash at random if it is not set.
+-
+-dyn_lock_function(int mode, CRYPTO_dynlock *l, const char *file, int line)
+-is needed to perform locking off dynamic lock numbered n. Multi-threaded
+-applications might crash at random if it is not set.
+-
+-dyn_destroy_function(CRYPTO_dynlock *l, const char *file, int line) is
+-needed to destroy the lock l. Multi-threaded applications might crash at
+-random if it is not set.
+-
+-CRYPTO_get_new_dynlockid() is used to create locks. It will call
+-dyn_create_function for the actual creation.
+-
+-CRYPTO_destroy_dynlockid() is used to destroy locks. It will call
+-dyn_destroy_function for the actual destruction.
+-
+-CRYPTO_lock() is used to lock and unlock the locks. mode is a bitfield
+-describing what should be done with the lock. n is the number of the
+-lock as returned from CRYPTO_get_new_dynlockid(). mode can be combined
+-from the following values. These values are pairwise exclusive, with
+-undefined behaviour if misused (for example, CRYPTO_READ and CRYPTO_WRITE
+-should not be used together):
+-
+- CRYPTO_LOCK 0x01
+- CRYPTO_UNLOCK 0x02
+- CRYPTO_READ 0x04
+- CRYPTO_WRITE 0x08
+-
+-=head1 RETURN VALUES
+-
+-CRYPTO_num_locks() returns the required number of locks.
+-
+-CRYPTO_get_new_dynlockid() returns the index to the newly created lock.
+-
+-The other functions return no values.
+-
+-=head1 NOTES
+-
+-You can find out if OpenSSL was configured with thread support:
+-
+- #define OPENSSL_THREAD_DEFINES
+- #include <openssl/opensslconf.h>
+- #if defined(OPENSSL_THREADS)
+- // thread support enabled
+- #else
+- // no thread support
+- #endif
+-
+-Also, dynamic locks are currently not used internally by OpenSSL, but
+-may do so in the future.
+-
+-Defining id_function(void) has it's own issues. Generally speaking,
+-pthread_self() should be used, even on platforms where getpid() gives
+-different answers in each thread, since that may depend on the machine
+-the program is run on, not the machine where the program is being
+-compiled. For instance, Red Hat 8 Linux and earlier used
+-LinuxThreads, whose getpid() returns a different value for each
+-thread. Red Hat 9 Linux and later use NPTL, which is
+-Posix-conformant, and has a getpid() that returns the same value for
+-all threads in a process. A program compiled on Red Hat 8 and run on
+-Red Hat 9 will therefore see getpid() returning the same value for
+-all threads.
+-
+-There is still the issue of platforms where pthread_self() returns
+-something other than an integer. This is a bit unusual, and this
+-manual has no cookbook solution for that case.
+-
+-=head1 EXAMPLES
+-
+-B<crypto/threads/mttest.c> shows examples of the callback functions on
+-Solaris, Irix and Win32.
+-
+-=head1 HISTORY
+-
+-CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() are
+-available in all versions of SSLeay and OpenSSL.
+-CRYPTO_num_locks() was added in OpenSSL 0.9.4.
+-All functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev.
+-
+-=head1 SEE ALSO
+-
+-L<crypto(3)|crypto(3)>
+-
+-=cut
+diff -Naur openssl-0.9.8a.orig/doc/ssl/SSL_get_error.pod openssl-0.9.8a/doc/ssl/SSL_get_error.pod
+--- openssl-0.9.8a.orig/doc/ssl/SSL_get_error.pod 2005-03-30 11:50:14.000000000 +0000
++++ openssl-0.9.8a/doc/ssl/SSL_get_error.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -105,7 +105,7 @@
+
+ =head1 SEE ALSO
+
+-L<ssl(3)|ssl(3)>, L<err(3)|err(3)>
++L<ssl(3)|ssl(3)>, L<openssl_err(3)|openssl_err(3)>
+
+ =head1 HISTORY
+
+diff -Naur openssl-0.9.8a.orig/doc/ssl/SSL_want.pod openssl-0.9.8a/doc/ssl/SSL_want.pod
+--- openssl-0.9.8a.orig/doc/ssl/SSL_want.pod 2005-03-30 11:50:14.000000000 +0000
++++ openssl-0.9.8a/doc/ssl/SSL_want.pod 2005-11-14 03:59:59.000000000 +0000
+@@ -72,6 +72,6 @@
+
+ =head1 SEE ALSO
+
+-L<ssl(3)|ssl(3)>, L<err(3)|err(3)>, L<SSL_get_error(3)|SSL_get_error(3)>
++L<ssl(3)|ssl(3)>, L<openssl_err(3)|openssl_err(3)>, L<SSL_get_error(3)|SSL_get_error(3)>
+
+ =cut
projects / ipfire-2.x.git / commitdiff
