diff options
author | Michał Masłowski <mtjm@mtjm.eu> | 2013-02-17 10:46:15 +0100 |
---|---|---|
committer | Michał Masłowski <mtjm@mtjm.eu> | 2013-02-17 10:46:15 +0100 |
commit | e30ba9d4c857530c2fbb3cc82236a49676d5ebc9 (patch) | |
tree | 966498ac914356462e691b8e550ab1f1d069074c /core | |
parent | 69f67102b7a02871e32a079ffb789d5fca72a746 (diff) | |
parent | c6f4cd18ab706868be0eff10327a0dcd58cecdf3 (diff) |
Merge branch 'master' of ssh://parabolagnulinux.org:1863/home/parabola/abslibre-pre-mips64el
Conflicts:
community/cantata/PKGBUILD
community/ffmpeg-compat/PKGBUILD
community/v8/PKGBUILD
core/e2fsprogs/PKGBUILD
core/groff/PKGBUILD
core/openssl/PKGBUILD
extra/avidemux/PKGBUILD
extra/ffmpeg/PKGBUILD
extra/glpk/PKGBUILD
extra/gstreamer0.10-ugly/PKGBUILD
extra/mediastreamer/PKGBUILD
extra/netcdf/PKGBUILD
extra/octave/PKGBUILD
extra/opal/PKGBUILD
extra/sox/PKGBUILD
extra/x264/PKGBUILD
Diffstat (limited to 'core')
-rw-r--r-- | core/e2fsprogs/PKGBUILD | 8 | ||||
-rw-r--r-- | core/groff/PKGBUILD | 40 | ||||
-rw-r--r-- | core/groff/groff.install | 2 | ||||
-rw-r--r-- | core/iproute2/PKGBUILD | 8 | ||||
-rw-r--r-- | core/openssl/Fix-IV-check-and-padding-removal.patch | 72 | ||||
-rw-r--r-- | core/openssl/PKGBUILD | 27 | ||||
-rw-r--r-- | core/openssl/fix-manpages.patch | 1920 |
7 files changed, 41 insertions, 2036 deletions
diff --git a/core/e2fsprogs/PKGBUILD b/core/e2fsprogs/PKGBUILD index 0657d8ba6..d04a4104c 100644 --- a/core/e2fsprogs/PKGBUILD +++ b/core/e2fsprogs/PKGBUILD @@ -1,10 +1,10 @@ -# $Id: PKGBUILD 170002 2012-10-30 23:08:35Z thomas $ +# $Id: PKGBUILD 178092 2013-02-16 07:50:44Z ronald $ # Maintainer: Ronald van Haren <ronald.archlinux.org> # Contributor: judd <jvinet@zeroflux.org> pkgname=e2fsprogs -pkgver=1.42.6 -pkgrel=1.1 +pkgver=1.42.7 +pkgrel=1 pkgdesc="Ext2/3/4 filesystem utilities" arch=('i686' 'x86_64' 'mips64el') license=('GPL' 'LGPL' 'MIT') @@ -16,7 +16,7 @@ source=("http://downloads.sourceforge.net/sourceforge/${pkgname}/${pkgname}-${pk 'MIT-LICENSE') backup=('etc/mke2fs.conf') install=${pkgname}.install -sha1sums=('cd05cd4205a00d01a6da821660cff386788e9be3' +sha1sums=('897ed5bab4f021834d00ec047ed83766d56ce0a8' 'f4a0d5b0cdb980e3fedd6f5e7dde0b0ffb7bbdfb') build() { diff --git a/core/groff/PKGBUILD b/core/groff/PKGBUILD index 93f45ec3d..ce83ab075 100644 --- a/core/groff/PKGBUILD +++ b/core/groff/PKGBUILD @@ -1,27 +1,29 @@ -# $Id: PKGBUILD 142313 2011-11-08 10:57:28Z tpowa $ -# Maintainer: judd <jvinet@zeroflux.org> +# $Id: PKGBUILD 178100 2013-02-16 08:46:34Z allan $ +# Maintainer: + pkgname=groff -pkgver=1.21 -pkgrel=2.2 +pkgver=1.22.2 +pkgrel=2 pkgdesc="GNU troff text-formatting system" -arch=(i686 x86_64 'mips64el') +arch=('i686' 'x86_64' 'mips64el') url="http://www.gnu.org/software/groff/groff.html" license=('GPL') -depends=('perl' 'gcc-libs' 'texinfo') +groups=('base-devel') +depends=('perl' 'gcc-libs') makedepends=('netpbm' 'psutils' 'ghostscript') optdepends=('netpbm: for use together with man -H command interaction in browsers' 'psutils: for use together with man -H command interaction in browsers') -source=(ftp://ftp.gnu.org/gnu/groff/groff-$pkgver.tar.gz +source=(ftp://ftp.gnu.org/gnu/groff/groff-$pkgver.tar.gz{,.sig} site.tmac) -options=(!makeflags !docs) +options=('!docs' '!emptydirs') install=groff.install -md5sums=('8b8cd29385b97616a0f0d96d0951c5bf' +md5sums=('9f4cd592a5efc7e36481d8d8d8af6d16' + '65207deb0a9b54324cb947f25ec9164f' 'a1fedafd7863b37968d32ad9ae1d8c13') build() { cd $srcdir/$pkgname-$pkgver ./configure --prefix=/usr --without-x - mkdir -p $pkgdir/usr make } @@ -32,15 +34,15 @@ check() { package() { cd $srcdir/$pkgname-$pkgver - make prefix=$pkgdir/usr install - cd $pkgdir/usr/bin - # needed for xman - ln -s eqn geqn - ln -s tbl gtbl - ln -s soelim zsoelim - rm -rf $pkgdir/usr/lib/groff/site-tmac - # Fix some issues when encoding to utf8 man pages - # The output chars don't match keyboard chars... + make DESTDIR=$pkgdir install + + # add compatibility symlinks + ln -s eqn $pkgdir/usr/bin/geqn + ln -s tbl $pkgdir/usr/bin/gtbl + ln -s soelim $pkgdir/usr/bin/zsoelim + + # FS33760 - TERMCAP variables not followed + # TODO: everyone is doing this - find out why upstream does not... cat $srcdir/site.tmac >> \ $pkgdir/usr/share/groff/site-tmac/man.local cat $srcdir/site.tmac >> \ diff --git a/core/groff/groff.install b/core/groff/groff.install index 6807e4bef..dbef50f61 100644 --- a/core/groff/groff.install +++ b/core/groff/groff.install @@ -2,6 +2,7 @@ infodir=/usr/share/info filelist=(groff.info groff.info-1 groff.info-2 groff.info-3) post_install() { + [[ -x usr/bin/install-info ]] || return 0 for file in ${filelist[@]}; do install-info $infodir/$file $infodir/dir 2> /dev/null done @@ -12,6 +13,7 @@ post_upgrade() { } pre_remove() { + [[ -x usr/bin/install-info ]] || return 0 for file in ${filelist[@]}; do install-info --delete $infodir/$file $infodir/dir 2> /dev/null done diff --git a/core/iproute2/PKGBUILD b/core/iproute2/PKGBUILD index 30dedb414..f2bbab89d 100644 --- a/core/iproute2/PKGBUILD +++ b/core/iproute2/PKGBUILD @@ -1,10 +1,10 @@ -# $Id: PKGBUILD 170003 2012-10-30 23:08:39Z thomas $ +# $Id: PKGBUILD 178093 2013-02-16 07:50:45Z ronald $ # Maintainer: Ronald van Haren <ronald.archlinux.org> # Contributor: Judd Vinet <jvinet@zeroflux.org> pkgname=iproute2 -pkgver=3.6.0 -pkgrel=2 +pkgver=3.7.0 +pkgrel=1 pkgdesc="IP Routing Utilities" arch=('i686' 'x86_64' 'mips64el') license=('GPL2') @@ -21,7 +21,7 @@ backup=('etc/iproute2/ematch_map' 'etc/iproute2/rt_dsfield' 'etc/iproute2/rt_pro 'etc/iproute2/rt_realms' 'etc/iproute2/rt_scopes' 'etc/iproute2/rt_tables') source=(http://www.kernel.org/pub/linux/utils/net/$pkgname/$pkgname-$pkgver.tar.xz iproute2-fhs.patch) -sha1sums=('6fa16fd2158d0f289ef454cad46555ead1c33c2d' +sha1sums=('9b45ede534fd49d2ec5a7fe0f69e1926ef767a76' '35b8cf2dc94b73eccad427235c07596146cd6f6c') build() { diff --git a/core/openssl/Fix-IV-check-and-padding-removal.patch b/core/openssl/Fix-IV-check-and-padding-removal.patch deleted file mode 100644 index 321791251..000000000 --- a/core/openssl/Fix-IV-check-and-padding-removal.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 32cc2479b473c49ce869e57fded7e9a77b695c0d Mon Sep 17 00:00:00 2001 -From: "Dr. Stephen Henson" <steve@openssl.org> -Date: Thu, 7 Feb 2013 21:06:37 +0000 -Subject: [PATCH] Fix IV check and padding removal. - -Fix the calculation that checks there is enough room in a record -after removing padding and optional explicit IV. (by Steve) - -For AEAD remove the correct number of padding bytes (by Andy) ---- - ssl/s3_cbc.c | 33 ++++++++++++--------------------- - 1 file changed, 12 insertions(+), 21 deletions(-) - -diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c -index ce77acd..0f60507 100644 ---- a/ssl/s3_cbc.c -+++ b/ssl/s3_cbc.c -@@ -139,31 +139,22 @@ int tls1_cbc_remove_padding(const SSL* s, - unsigned mac_size) - { - unsigned padding_length, good, to_check, i; -- const char has_explicit_iv = -- s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION; -- const unsigned overhead = 1 /* padding length byte */ + -- mac_size + -- (has_explicit_iv ? block_size : 0); -- -- /* These lengths are all public so we can test them in non-constant -- * time. */ -- if (overhead > rec->length) -- return 0; -- -- /* We can always safely skip the explicit IV. We check at the beginning -- * of this function that the record has at least enough space for the -- * IV, MAC and padding length byte. (These can be checked in -- * non-constant time because it's all public information.) So, if the -- * padding was invalid, then we didn't change |rec->length| and this is -- * safe. If the padding was valid then we know that we have at least -- * overhead+padding_length bytes of space and so this is still safe -- * because overhead accounts for the explicit IV. */ -- if (has_explicit_iv) -+ const unsigned overhead = 1 /* padding length byte */ + mac_size; -+ /* Check if version requires explicit IV */ -+ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION) - { -+ /* These lengths are all public so we can test them in -+ * non-constant time. -+ */ -+ if (overhead + block_size > rec->length) -+ return 0; -+ /* We can now safely skip explicit IV */ - rec->data += block_size; - rec->input += block_size; - rec->length -= block_size; - } -+ else if (overhead > rec->length) -+ return 0; - - padding_length = rec->data[rec->length-1]; - -@@ -190,7 +181,7 @@ int tls1_cbc_remove_padding(const SSL* s, - if (EVP_CIPHER_flags(s->enc_read_ctx->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER) - { - /* padding is already verified */ -- rec->length -= padding_length; -+ rec->length -= padding_length + 1; - return 1; - } - --- -1.8.1.2 - diff --git a/core/openssl/PKGBUILD b/core/openssl/PKGBUILD index 60bae2c97..88efaac78 100644 --- a/core/openssl/PKGBUILD +++ b/core/openssl/PKGBUILD @@ -1,8 +1,8 @@ -# $Id: PKGBUILD 177772 2013-02-08 10:29:25Z pierre $ +# $Id: PKGBUILD 178103 2013-02-16 09:12:36Z pierre $ # Maintainer: Pierre Schmitz <pierre@archlinux.de> pkgname=openssl -_ver=1.0.1d +_ver=1.0.1e # use a pacman compatible version scheme pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}} #pkgver=$_ver @@ -16,28 +16,21 @@ optdepends=('ca-certificates') options=('!makeflags') backup=('etc/ssl/openssl.cnf') source=("https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz" - 'fix-manpages.patch' + "https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz.asc" 'no-rpath.patch' - 'ca-dir.patch' - 'Fix-IV-check-and-padding-removal.patch') -md5sums=('b92fc634f0f1f31a67ed4175adc5ba33' - '5bbc0655bda2af95bc8eb568963ce8ba' + 'ca-dir.patch') +md5sums=('66bf6f10f060d561929de96f9dfe5b8c' + 'e18847df48d39416f4ca5064887a2e28' 'dc78d3d06baffc16217519242ce92478' - '3bf51be3a1bbd262be46dc619f92aa90' - 'b92ec62a1f3e7fdc65481afff709cd8b') + '3bf51be3a1bbd262be46dc619f92aa90') build() { cd $srcdir/$pkgname-$_ver - # avoid conflicts with other man pages - # see http://www.linuxfromscratch.org/patches/downloads/openssl/ - patch -p1 -i $srcdir/fix-manpages.patch # remove rpath: http://bugs.archlinux.org/task/14367 patch -p0 -i $srcdir/no-rpath.patch # set ca dir to /etc/ssl by default patch -p0 -i $srcdir/ca-dir.patch - # https://rt.openssl.org/Ticket/Display.html?id=2975 - patch -p1 -i $srcdir/Fix-IV-check-and-padding-removal.patch case "${CARCH}" in 'x86_64') @@ -50,12 +43,12 @@ build() { esac # mark stack as non-executable: http://bugs.archlinux.org/task/12434 - # workaround for PR#2771: OPENSSL_NO_TLS1_2_CLIENT + # workaround for https://rt.openssl.org/Ticket/Display.html?id=2771: OPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 ./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \ shared zlib enable-md2 ${optflags} \ "${openssltarget}" \ -Wa,--noexecstack "${CFLAGS}" "${LDFLAGS}" \ - -DOPENSSL_NO_TLS1_2_CLIENT + -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 make depend make @@ -72,6 +65,6 @@ check() { package() { cd $srcdir/$pkgname-$_ver - make INSTALL_PREFIX=$pkgdir MANDIR=/usr/share/man install + make INSTALL_PREFIX=$pkgdir MANDIR=/usr/share/man MANSUFFIX=ssl install install -D -m644 LICENSE $pkgdir/usr/share/licenses/$pkgname/LICENSE } diff --git a/core/openssl/fix-manpages.patch b/core/openssl/fix-manpages.patch deleted file mode 100644 index 0a300f3b9..000000000 --- a/core/openssl/fix-manpages.patch +++ /dev/null @@ -1,1920 +0,0 @@ -Submitted By: Robert Connolly <robert at linuxfromscratch dot org> -Date: 2005-11-13 -Initial Package Version: 0.9.8a -Upstream Status: Submitted upstream -Origin: Anderson Lizardo -Description: This patch fixes conflicts between man pages - installed by OpenSSL and those found on other - packages (particulary Shadow, Perl, and - Man-pages). It also fixes syntax errors on some - POD files that generates slightly broken man - pages. Rediffed for 1.0.0a by Ken Moffat - -diff -Naur openssl-1.0.0a.orig//crypto/rand/md_rand.c openssl-1.0.0a/crypto/rand/md_rand.c ---- openssl-1.0.0a.orig//crypto/rand/md_rand.c 2009-01-03 09:25:32.000000000 +0000 -+++ openssl-1.0.0a/crypto/rand/md_rand.c 2010-09-01 19:36:31.604126440 +0100 -@@ -196,7 +196,7 @@ - int do_not_lock; - - /* -- * (Based on the rand(3) manpage) -+ * (Based on the openssl_rand(3) manpage) - * - * The input is chopped up into units of 20 bytes (or less for - * the last block). Each of these blocks is run through the hash -@@ -361,7 +361,7 @@ - num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2); - - /* -- * (Based on the rand(3) manpage:) -+ * (Based on the openssl_rand(3) manpage) - * - * For each group of 10 bytes (or less), we do the following: - * -diff -Naur openssl-1.0.0a.orig//doc/apps/openssl-passwd.pod openssl-1.0.0a/doc/apps/openssl-passwd.pod ---- openssl-1.0.0a.orig//doc/apps/openssl-passwd.pod 1970-01-01 01:00:00.000000000 +0100 -+++ openssl-1.0.0a/doc/apps/openssl-passwd.pod 2010-09-01 19:36:31.608126088 +0100 -@@ -0,0 +1,82 @@ -+=pod -+ -+=head1 NAME -+ -+openssl-passwd - compute password hashes -+ -+=head1 SYNOPSIS -+ -+B<openssl passwd> -+[B<-crypt>] -+[B<-1>] -+[B<-apr1>] -+[B<-salt> I<string>] -+[B<-in> I<file>] -+[B<-stdin>] -+[B<-noverify>] -+[B<-quiet>] -+[B<-table>] -+{I<password>} -+ -+=head1 DESCRIPTION -+ -+The B<passwd> command computes the hash of a password typed at -+run-time or the hash of each password in a list. The password list is -+taken from the named file for option B<-in file>, from stdin for -+option B<-stdin>, or from the command line, or from the terminal otherwise. -+The Unix standard algorithm B<crypt> and the MD5-based BSD password -+algorithm B<1> and its Apache variant B<apr1> are available. -+ -+=head1 OPTIONS -+ -+=over 4 -+ -+=item B<-crypt> -+ -+Use the B<crypt> algorithm (default). -+ -+=item B<-1> -+ -+Use the MD5 based BSD password algorithm B<1>. -+ -+=item B<-apr1> -+ -+Use the B<apr1> algorithm (Apache variant of the BSD algorithm). -+ -+=item B<-salt> I<string> -+ -+Use the specified salt. -+When reading a password from the terminal, this implies B<-noverify>. -+ -+=item B<-in> I<file> -+ -+Read passwords from I<file>. -+ -+=item B<-stdin> -+ -+Read passwords from B<stdin>. -+ -+=item B<-noverify> -+ -+Don't verify when reading a password from the terminal. -+ -+=item B<-quiet> -+ -+Don't output warnings when passwords given at the command line are truncated. -+ -+=item B<-table> -+ -+In the output list, prepend the cleartext password and a TAB character -+to each password hash. -+ -+=back -+ -+=head1 EXAMPLES -+ -+B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>. -+ -+B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>. -+ -+B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>. -+ -+=cut -diff -Naur openssl-1.0.0a.orig//doc/apps/openssl.pod openssl-1.0.0a/doc/apps/openssl.pod ---- openssl-1.0.0a.orig//doc/apps/openssl.pod 2010-01-21 18:46:28.000000000 +0000 -+++ openssl-1.0.0a/doc/apps/openssl.pod 2010-09-01 19:36:31.608126088 +0100 -@@ -163,7 +163,7 @@ - - Online Certificate Status Protocol utility. - --=item L<B<passwd>|passwd(1)> -+=item L<B<passwd>|openssl-passwd(1)> - - Generation of hashed passwords. - -@@ -401,7 +401,7 @@ - L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>, - L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, L<genpkey(1)|genpkey(1)>, - L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>, --L<passwd(1)|passwd(1)>, -+L<openssl-passwd(1)|openssl-passwd(1)>, - L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>, - L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>, - L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>, -diff -Naur openssl-1.0.0a.orig//doc/apps/passwd.pod openssl-1.0.0a/doc/apps/passwd.pod ---- openssl-1.0.0a.orig//doc/apps/passwd.pod 2002-10-04 13:59:00.000000000 +0100 -+++ openssl-1.0.0a/doc/apps/passwd.pod 1970-01-01 01:00:00.000000000 +0100 -@@ -1,82 +0,0 @@ --=pod -- --=head1 NAME -- --passwd - compute password hashes -- --=head1 SYNOPSIS -- --B<openssl passwd> --[B<-crypt>] --[B<-1>] --[B<-apr1>] --[B<-salt> I<string>] --[B<-in> I<file>] --[B<-stdin>] --[B<-noverify>] --[B<-quiet>] --[B<-table>] --{I<password>} -- --=head1 DESCRIPTION -- --The B<passwd> command computes the hash of a password typed at --run-time or the hash of each password in a list. The password list is --taken from the named file for option B<-in file>, from stdin for --option B<-stdin>, or from the command line, or from the terminal otherwise. --The Unix standard algorithm B<crypt> and the MD5-based BSD password --algorithm B<1> and its Apache variant B<apr1> are available. -- --=head1 OPTIONS -- --=over 4 -- --=item B<-crypt> -- --Use the B<crypt> algorithm (default). -- --=item B<-1> -- --Use the MD5 based BSD password algorithm B<1>. -- --=item B<-apr1> -- --Use the B<apr1> algorithm (Apache variant of the BSD algorithm). -- --=item B<-salt> I<string> -- --Use the specified salt. --When reading a password from the terminal, this implies B<-noverify>. -- --=item B<-in> I<file> -- --Read passwords from I<file>. -- --=item B<-stdin> -- --Read passwords from B<stdin>. -- --=item B<-noverify> -- --Don't verify when reading a password from the terminal. -- --=item B<-quiet> -- --Don't output warnings when passwords given at the command line are truncated. -- --=item B<-table> -- --In the output list, prepend the cleartext password and a TAB character --to each password hash. -- --=back -- --=head1 EXAMPLES -- --B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>. -- --B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>. -- --B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>. -- --=cut -diff -Naur openssl-1.0.0a.orig//doc/crypto/BN_generate_prime.pod openssl-1.0.0a/doc/crypto/BN_generate_prime.pod ---- openssl-1.0.0a.orig//doc/crypto/BN_generate_prime.pod 2003-01-13 13:18:22.000000000 +0000 -+++ openssl-1.0.0a/doc/crypto/BN_generate_prime.pod 2010-09-01 19:36:31.608126088 +0100 -@@ -90,7 +90,7 @@ - - =head1 SEE ALSO - --L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)> -+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)> - - =head1 HISTORY - -diff -Naur openssl-1.0.0a.orig//doc/crypto/bn.pod openssl-1.0.0a/doc/crypto/bn.pod ---- openssl-1.0.0a.orig//doc/crypto/bn.pod 2008-07-03 20:59:24.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/bn.pod 2010-09-01 19:36:31.620125025 +0100 -@@ -167,7 +167,7 @@ - =head1 SEE ALSO - - L<bn_internal(3)|bn_internal(3)>, --L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, -+L<dh(3)|dh(3)>, L<openssl_err(3)|openssl_err(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, - L<BN_new(3)|BN_new(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>, - L<BN_copy(3)|BN_copy(3)>, L<BN_swap(3)|BN_swap(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>, - L<BN_add(3)|BN_add(3)>, L<BN_add_word(3)|BN_add_word(3)>, -diff -Naur openssl-1.0.0a.orig//doc/crypto/BN_rand.pod openssl-1.0.0a/doc/crypto/BN_rand.pod ---- openssl-1.0.0a.orig//doc/crypto/BN_rand.pod 2002-09-25 14:33:26.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/BN_rand.pod 2010-09-01 19:36:31.608126088 +0100 -@@ -45,7 +45,7 @@ - - =head1 SEE ALSO - --L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, -+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, - L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)> - - =head1 HISTORY -diff -Naur openssl-1.0.0a.orig//doc/crypto/CONF_modules_free.pod openssl-1.0.0a/doc/crypto/CONF_modules_free.pod ---- openssl-1.0.0a.orig//doc/crypto/CONF_modules_free.pod 2006-12-21 21:13:27.000000000 +0000 -+++ openssl-1.0.0a/doc/crypto/CONF_modules_free.pod 2010-09-01 19:36:31.608126088 +0100 -@@ -37,7 +37,7 @@ - =head1 SEE ALSO - - L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>, --L<CONF_modules_load_file(3), CONF_modules_load_file(3)> -+L<CONF_modules_load_file(3)|CONF_modules_load_file(3)> - - =head1 HISTORY - -diff -Naur openssl-1.0.0a.orig//doc/crypto/CONF_modules_load_file.pod openssl-1.0.0a/doc/crypto/CONF_modules_load_file.pod ---- openssl-1.0.0a.orig//doc/crypto/CONF_modules_load_file.pod 2004-03-02 13:31:32.000000000 +0000 -+++ openssl-1.0.0a/doc/crypto/CONF_modules_load_file.pod 2010-09-01 19:36:31.608126088 +0100 -@@ -51,7 +51,7 @@ - =head1 SEE ALSO - - L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>, --L<CONF_free(3), CONF_free(3)>, L<err(3),err(3)> -+L<CONF_free(3)|CONF_free(3)>, L<openssl_err(3)|openssl_err(3)> - - =head1 HISTORY - -diff -Naur openssl-1.0.0a.orig//doc/crypto/crypto.pod openssl-1.0.0a/doc/crypto/crypto.pod ---- openssl-1.0.0a.orig//doc/crypto/crypto.pod 2002-10-06 13:59:25.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/crypto.pod 2010-09-01 19:36:31.620125025 +0100 -@@ -46,7 +46,7 @@ - - =item AUXILIARY FUNCTIONS - --L<err(3)|err(3)>, L<threads(3)|threads(3)>, L<rand(3)|rand(3)>, -+L<openssl_err(3)|openssl_err(3)>, L<openssl_threads(3)|openssl_threads(3)>, L<openssl_rand(3)|openssl_rand(3)>, - L<OPENSSL_VERSION_NUMBER(3)|OPENSSL_VERSION_NUMBER(3)> - - =item INPUT/OUTPUT, DATA ENCODING -diff -Naur openssl-1.0.0a.orig//doc/crypto/des.pod openssl-1.0.0a/doc/crypto/des.pod ---- openssl-1.0.0a.orig//doc/crypto/des.pod 2003-10-01 16:02:45.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/des.pod 2010-09-01 19:36:31.620125025 +0100 -@@ -115,7 +115,7 @@ - the key; it is used to speed the encryption process. - - DES_random_key() generates a random key. The PRNG must be seeded --prior to using this function (see L<rand(3)|rand(3)>). If the PRNG -+prior to using this function (see L<openssl_rand(3)|openssl_rand(3)>). If the PRNG - could not generate a secure key, 0 is returned. - - Before a DES key can be used, it must be converted into the -@@ -317,7 +317,7 @@ - - =head1 SEE ALSO - --crypt(3), L<des_modes(7)|des_modes(7)>, L<evp(3)|evp(3)>, L<rand(3)|rand(3)> -+crypt(3), L<des_modes(7)|des_modes(7)>, L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)> - - =head1 HISTORY - -diff -Naur openssl-1.0.0a.orig//doc/crypto/DH_generate_key.pod openssl-1.0.0a/doc/crypto/DH_generate_key.pod ---- openssl-1.0.0a.orig//doc/crypto/DH_generate_key.pod 2002-09-25 14:33:27.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/DH_generate_key.pod 2010-09-01 19:36:31.608126088 +0100 -@@ -40,7 +40,7 @@ - - =head1 SEE ALSO - --L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)> -+L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<DH_size(3)|DH_size(3)> - - =head1 HISTORY - -diff -Naur openssl-1.0.0a.orig//doc/crypto/DH_generate_parameters.pod openssl-1.0.0a/doc/crypto/DH_generate_parameters.pod ---- openssl-1.0.0a.orig//doc/crypto/DH_generate_parameters.pod 2002-09-25 14:33:27.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/DH_generate_parameters.pod 2010-09-01 19:36:31.608126088 +0100 -@@ -59,7 +59,7 @@ - - =head1 SEE ALSO - --L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, -+L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, - L<DH_free(3)|DH_free(3)> - - =head1 HISTORY -diff -Naur openssl-1.0.0a.orig//doc/crypto/dh.pod openssl-1.0.0a/doc/crypto/dh.pod ---- openssl-1.0.0a.orig//doc/crypto/dh.pod 2002-08-05 17:27:01.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/dh.pod 2010-09-01 19:36:31.620125025 +0100 -@@ -67,8 +67,8 @@ - - =head1 SEE ALSO - --L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, --L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>, -+L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<openssl_err(3)|openssl_err(3)>, -+L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>, - L<DH_set_method(3)|DH_set_method(3)>, L<DH_new(3)|DH_new(3)>, - L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>, - L<DH_generate_parameters(3)|DH_generate_parameters(3)>, -diff -Naur openssl-1.0.0a.orig//doc/crypto/DSA_do_sign.pod openssl-1.0.0a/doc/crypto/DSA_do_sign.pod ---- openssl-1.0.0a.orig//doc/crypto/DSA_do_sign.pod 2002-09-25 14:33:27.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/DSA_do_sign.pod 2010-09-01 19:36:31.608126088 +0100 -@@ -36,7 +36,7 @@ - - =head1 SEE ALSO - --L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, -+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, - L<DSA_SIG_new(3)|DSA_SIG_new(3)>, - L<DSA_sign(3)|DSA_sign(3)> - -diff -Naur openssl-1.0.0a.orig//doc/crypto/DSA_generate_key.pod openssl-1.0.0a/doc/crypto/DSA_generate_key.pod ---- openssl-1.0.0a.orig//doc/crypto/DSA_generate_key.pod 2002-09-25 14:33:27.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/DSA_generate_key.pod 2010-09-01 19:36:31.608126088 +0100 -@@ -24,7 +24,7 @@ - - =head1 SEE ALSO - --L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, -+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, - L<DSA_generate_parameters(3)|DSA_generate_parameters(3)> - - =head1 HISTORY -diff -Naur openssl-1.0.0a.orig//doc/crypto/DSA_generate_parameters.pod openssl-1.0.0a/doc/crypto/DSA_generate_parameters.pod ---- openssl-1.0.0a.orig//doc/crypto/DSA_generate_parameters.pod 2002-09-25 14:33:27.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/DSA_generate_parameters.pod 2010-09-01 19:36:31.608126088 +0100 -@@ -90,7 +90,7 @@ - - =head1 SEE ALSO - --L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, -+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, - L<DSA_free(3)|DSA_free(3)> - - =head1 HISTORY -diff -Naur openssl-1.0.0a.orig//doc/crypto/dsa.pod openssl-1.0.0a/doc/crypto/dsa.pod ---- openssl-1.0.0a.orig//doc/crypto/dsa.pod 2002-08-05 17:27:01.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/dsa.pod 2010-09-01 19:36:31.620125025 +0100 -@@ -100,7 +100,7 @@ - - =head1 SEE ALSO - --L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, -+L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<openssl_err(3)|openssl_err(3)>, L<openssl_rand(3)|openssl_rand(3)>, - L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<engine(3)|engine(3)>, - L<DSA_new(3)|DSA_new(3)>, - L<DSA_size(3)|DSA_size(3)>, -diff -Naur openssl-1.0.0a.orig//doc/crypto/DSA_sign.pod openssl-1.0.0a/doc/crypto/DSA_sign.pod ---- openssl-1.0.0a.orig//doc/crypto/DSA_sign.pod 2002-09-25 14:33:27.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/DSA_sign.pod 2010-09-01 19:36:31.608126088 +0100 -@@ -55,7 +55,7 @@ - - =head1 SEE ALSO - --L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, -+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, - L<DSA_do_sign(3)|DSA_do_sign(3)> - - =head1 HISTORY -diff -Naur openssl-1.0.0a.orig//doc/crypto/engine.pod openssl-1.0.0a/doc/crypto/engine.pod ---- openssl-1.0.0a.orig//doc/crypto/engine.pod 2007-11-19 09:18:03.000000000 +0000 -+++ openssl-1.0.0a/doc/crypto/engine.pod 2010-09-01 19:36:31.620125025 +0100 -@@ -594,6 +594,6 @@ - - =head1 SEE ALSO - --L<rsa(3)|rsa(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<rand(3)|rand(3)> -+L<rsa(3)|rsa(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<openssl_rand(3)|openssl_rand(3)> - - =cut -diff -Naur openssl-1.0.0a.orig//doc/crypto/ERR_clear_error.pod openssl-1.0.0a/doc/crypto/ERR_clear_error.pod ---- openssl-1.0.0a.orig//doc/crypto/ERR_clear_error.pod 2000-02-01 01:36:58.000000000 +0000 -+++ openssl-1.0.0a/doc/crypto/ERR_clear_error.pod 2010-09-01 19:36:31.612125737 +0100 -@@ -20,7 +20,7 @@ - - =head1 SEE ALSO - --L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> -+L<openssl_err(3)|openssl_err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> - - =head1 HISTORY - -diff -Naur openssl-1.0.0a.orig//doc/crypto/ERR_error_string.pod openssl-1.0.0a/doc/crypto/ERR_error_string.pod ---- openssl-1.0.0a.orig//doc/crypto/ERR_error_string.pod 2004-11-14 15:11:37.000000000 +0000 -+++ openssl-1.0.0a/doc/crypto/ERR_error_string.pod 2010-09-01 19:36:31.612125737 +0100 -@@ -60,7 +60,7 @@ - - =head1 SEE ALSO - --L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, -+L<openssl_err(3)|openssl_err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, - L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, - L<SSL_load_error_strings(3)|SSL_load_error_strings(3)> - L<ERR_print_errors(3)|ERR_print_errors(3)> -diff -Naur openssl-1.0.0a.orig//doc/crypto/ERR_get_error.pod openssl-1.0.0a/doc/crypto/ERR_get_error.pod ---- openssl-1.0.0a.orig//doc/crypto/ERR_get_error.pod 2002-11-29 14:21:54.000000000 +0000 -+++ openssl-1.0.0a/doc/crypto/ERR_get_error.pod 2010-09-01 19:36:31.612125737 +0100 -@@ -61,7 +61,7 @@ - - =head1 SEE ALSO - --L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, -+L<openssl_err(3)|openssl_err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, - L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> - - =head1 HISTORY -diff -Naur openssl-1.0.0a.orig//doc/crypto/ERR_GET_LIB.pod openssl-1.0.0a/doc/crypto/ERR_GET_LIB.pod ---- openssl-1.0.0a.orig//doc/crypto/ERR_GET_LIB.pod 2000-02-01 01:36:58.000000000 +0000 -+++ openssl-1.0.0a/doc/crypto/ERR_GET_LIB.pod 2010-09-01 19:36:31.612125737 +0100 -@@ -41,7 +41,7 @@ - - =head1 SEE ALSO - --L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> -+L<openssl_err(3)|openssl_err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> - - =head1 HISTORY - -diff -Naur openssl-1.0.0a.orig//doc/crypto/ERR_load_crypto_strings.pod openssl-1.0.0a/doc/crypto/ERR_load_crypto_strings.pod ---- openssl-1.0.0a.orig//doc/crypto/ERR_load_crypto_strings.pod 2000-02-24 11:55:08.000000000 +0000 -+++ openssl-1.0.0a/doc/crypto/ERR_load_crypto_strings.pod 2010-09-01 19:36:31.612125737 +0100 -@@ -35,7 +35,7 @@ - - =head1 SEE ALSO - --L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)> -+L<openssl_err(3)|openssl_err(3)>, L<ERR_error_string(3)|ERR_error_string(3)> - - =head1 HISTORY - -diff -Naur openssl-1.0.0a.orig//doc/crypto/ERR_load_strings.pod openssl-1.0.0a/doc/crypto/ERR_load_strings.pod ---- openssl-1.0.0a.orig//doc/crypto/ERR_load_strings.pod 2000-02-24 11:55:08.000000000 +0000 -+++ openssl-1.0.0a/doc/crypto/ERR_load_strings.pod 2010-09-01 19:36:31.612125737 +0100 -@@ -43,7 +43,7 @@ - - =head1 SEE ALSO - --L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> -+L<openssl_err(3)|openssl_err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> - - =head1 HISTORY - -diff -Naur openssl-1.0.0a.orig//doc/crypto/err.pod openssl-1.0.0a/doc/crypto/err.pod ---- openssl-1.0.0a.orig//doc/crypto/err.pod 2002-07-10 20:35:46.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/err.pod 1970-01-01 01:00:00.000000000 +0100 -@@ -1,187 +0,0 @@ --=pod -- --=head1 NAME -- --err - error codes -- --=head1 SYNOPSIS -- -- #include <openssl/err.h> -- -- unsigned long ERR_get_error(void); -- unsigned long ERR_peek_error(void); -- unsigned long ERR_get_error_line(const char **file, int *line); -- unsigned long ERR_peek_error_line(const char **file, int *line); -- unsigned long ERR_get_error_line_data(const char **file, int *line, -- const char **data, int *flags); -- unsigned long ERR_peek_error_line_data(const char **file, int *line, -- const char **data, int *flags); -- -- int ERR_GET_LIB(unsigned long e); -- int ERR_GET_FUNC(unsigned long e); -- int ERR_GET_REASON(unsigned long e); -- -- void ERR_clear_error(void); -- -- char *ERR_error_string(unsigned long e, char *buf); -- const char *ERR_lib_error_string(unsigned long e); -- const char *ERR_func_error_string(unsigned long e); -- const char *ERR_reason_error_string(unsigned long e); -- -- void ERR_print_errors(BIO *bp); -- void ERR_print_errors_fp(FILE *fp); -- -- void ERR_load_crypto_strings(void); -- void ERR_free_strings(void); -- -- void ERR_remove_state(unsigned long pid); -- -- void ERR_put_error(int lib, int func, int reason, const char *file, -- int line); -- void ERR_add_error_data(int num, ...); -- -- void ERR_load_strings(int lib,ERR_STRING_DATA str[]); -- unsigned long ERR_PACK(int lib, int func, int reason); -- int ERR_get_next_error_library(void); -- --=head1 DESCRIPTION -- --When a call to the OpenSSL library fails, this is usually signalled --by the return value, and an error code is stored in an error queue --associated with the current thread. The B<err> library provides --functions to obtain these error codes and textual error messages. -- --The L<ERR_get_error(3)|ERR_get_error(3)> manpage describes how to --access error codes. -- --Error codes contain information about where the error occurred, and --what went wrong. L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> describes how to --extract this information. A method to obtain human-readable error --messages is described in L<ERR_error_string(3)|ERR_error_string(3)>. -- --L<ERR_clear_error(3)|ERR_clear_error(3)> can be used to clear the --error queue. -- --Note that L<ERR_remove_state(3)|ERR_remove_state(3)> should be used to --avoid memory leaks when threads are terminated. -- --=head1 ADDING NEW ERROR CODES TO OPENSSL -- --See L<ERR_put_error(3)> if you want to record error codes in the --OpenSSL error system from within your application. -- --The remainder of this section is of interest only if you want to add --new error codes to OpenSSL or add error codes from external libraries. -- --=head2 Reporting errors -- --Each sub-library has a specific macro XXXerr() that is used to report --errors. Its first argument is a function code B<XXX_F_...>, the second --argument is a reason code B<XXX_R_...>. Function codes are derived --from the function names; reason codes consist of textual error --descriptions. For example, the function ssl23_read() reports a --"handshake failure" as follows: -- -- SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE); -- --Function and reason codes should consist of upper case characters, --numbers and underscores only. The error file generation script translates --function codes into function names by looking in the header files --for an appropriate function name, if none is found it just uses --the capitalized form such as "SSL23_READ" in the above example. -- --The trailing section of a reason code (after the "_R_") is translated --into lower case and underscores changed to spaces. -- --When you are using new function or reason codes, run B<make errors>. --The necessary B<#define>s will then automatically be added to the --sub-library's header file. -- --Although a library will normally report errors using its own specific --XXXerr macro, another library's macro can be used. This is normally --only done when a library wants to include ASN1 code which must use --the ASN1err() macro. -- --=head2 Adding new libraries -- --When adding a new sub-library to OpenSSL, assign it a library number --B<ERR_LIB_XXX>, define a macro XXXerr() (both in B<err.h>), add its --name to B<ERR_str_libraries[]> (in B<crypto/err/err.c>), and add --C<ERR_load_XXX_strings()> to the ERR_load_crypto_strings() function --(in B<crypto/err/err_all.c>). Finally, add an entry -- -- L XXX xxx.h xxx_err.c -- --to B<crypto/err/openssl.ec>, and add B<xxx_err.c> to the Makefile. --Running B<make errors> will then generate a file B<xxx_err.c>, and --add all error codes used in the library to B<xxx.h>. -- --Additionally the library include file must have a certain form. --Typically it will initially look like this: -- -- #ifndef HEADER_XXX_H -- #define HEADER_XXX_H -- -- #ifdef __cplusplus -- extern "C" { -- #endif -- -- /* Include files */ -- -- #include <openssl/bio.h> -- #include <openssl/x509.h> -- -- /* Macros, structures and function prototypes */ -- -- -- /* BEGIN ERROR CODES */ -- --The B<BEGIN ERROR CODES> sequence is used by the error code --generation script as the point to place new error codes, any text --after this point will be overwritten when B<make errors> is run. --The closing #endif etc will be automatically added by the script. -- --The generated C error code file B<xxx_err.c> will load the header --files B<stdio.h>, B<openssl/err.h> and B<openssl/xxx.h> so the --header file must load any additional header files containing any --definitions it uses. -- --=head1 USING ERROR CODES IN EXTERNAL LIBRARIES -- --It is also possible to use OpenSSL's error code scheme in external --libraries. The library needs to load its own codes and call the OpenSSL --error code insertion script B<mkerr.pl> explicitly to add codes to --the header file and generate the C error code file. This will normally --be done if the external library needs to generate new ASN1 structures --but it can also be used to add more general purpose error code handling. -- --TBA more details -- --=head1 INTERNALS -- --The error queues are stored in a hash table with one B<ERR_STATE> --entry for each pid. ERR_get_state() returns the current thread's --B<ERR_STATE>. An B<ERR_STATE> can hold up to B<ERR_NUM_ERRORS> error --codes. When more error codes are added, the old ones are overwritten, --on the assumption that the most recent errors are most important. -- --Error strings are also stored in hash table. The hash tables can --be obtained by calling ERR_get_err_state_table(void) and --ERR_get_string_table(void) respectively. -- --=head1 SEE ALSO -- --L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>, --L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>, --L<ERR_get_error(3)|ERR_get_error(3)>, --L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>, --L<ERR_clear_error(3)|ERR_clear_error(3)>, --L<ERR_error_string(3)|ERR_error_string(3)>, --L<ERR_print_errors(3)|ERR_print_errors(3)>, --L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, --L<ERR_remove_state(3)|ERR_remove_state(3)>, --L<ERR_put_error(3)|ERR_put_error(3)>, --L<ERR_load_strings(3)|ERR_load_strings(3)>, --L<SSL_get_error(3)|SSL_get_error(3)> -- --=cut -diff -Naur openssl-1.0.0a.orig//doc/crypto/ERR_print_errors.pod openssl-1.0.0a/doc/crypto/ERR_print_errors.pod ---- openssl-1.0.0a.orig//doc/crypto/ERR_print_errors.pod 2000-02-01 01:36:59.000000000 +0000 -+++ openssl-1.0.0a/doc/crypto/ERR_print_errors.pod 2010-09-01 19:36:31.612125737 +0100 -@@ -38,7 +38,7 @@ - - =head1 SEE ALSO - --L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, -+L<openssl_err(3)|openssl_err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, - L<ERR_get_error(3)|ERR_get_error(3)>, - L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, - L<SSL_load_error_strings(3)|SSL_load_error_strings(3)> -diff -Naur openssl-1.0.0a.orig//doc/crypto/ERR_put_error.pod openssl-1.0.0a/doc/crypto/ERR_put_error.pod ---- openssl-1.0.0a.orig//doc/crypto/ERR_put_error.pod 2000-02-24 11:55:08.000000000 +0000 -+++ openssl-1.0.0a/doc/crypto/ERR_put_error.pod 2010-09-01 19:36:31.612125737 +0100 -@@ -34,7 +34,7 @@ - - =head1 SEE ALSO - --L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> -+L<openssl_err(3)|openssl_err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> - - =head1 HISTORY - -diff -Naur openssl-1.0.0a.orig//doc/crypto/ERR_remove_state.pod openssl-1.0.0a/doc/crypto/ERR_remove_state.pod ---- openssl-1.0.0a.orig//doc/crypto/ERR_remove_state.pod 2000-05-19 08:54:42.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/ERR_remove_state.pod 2010-09-01 19:36:31.612125737 +0100 -@@ -25,7 +25,7 @@ - - =head1 SEE ALSO - --L<err(3)|err(3)> -+L<openssl_err(3)|openssl_err(3)> - - =head1 HISTORY - -diff -Naur openssl-1.0.0a.orig//doc/crypto/EVP_BytesToKey.pod openssl-1.0.0a/doc/crypto/EVP_BytesToKey.pod ---- openssl-1.0.0a.orig//doc/crypto/EVP_BytesToKey.pod 2004-11-25 17:47:30.000000000 +0000 -+++ openssl-1.0.0a/doc/crypto/EVP_BytesToKey.pod 2010-09-01 19:36:31.612125737 +0100 -@@ -59,7 +59,7 @@ - - =head1 SEE ALSO - --L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, -+L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)>, - L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> - - =head1 HISTORY -diff -Naur openssl-1.0.0a.orig//doc/crypto/EVP_OpenInit.pod openssl-1.0.0a/doc/crypto/EVP_OpenInit.pod ---- openssl-1.0.0a.orig//doc/crypto/EVP_OpenInit.pod 2000-09-23 08:16:14.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/EVP_OpenInit.pod 2010-09-01 19:36:31.612125737 +0100 -@@ -54,7 +54,7 @@ - - =head1 SEE ALSO - --L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, -+L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)>, - L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, - L<EVP_SealInit(3)|EVP_SealInit(3)> - -diff -Naur openssl-1.0.0a.orig//doc/crypto/EVP_SealInit.pod openssl-1.0.0a/doc/crypto/EVP_SealInit.pod ---- openssl-1.0.0a.orig//doc/crypto/EVP_SealInit.pod 2005-03-29 18:50:08.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/EVP_SealInit.pod 2010-09-01 19:36:31.612125737 +0100 -@@ -74,7 +74,7 @@ - - =head1 SEE ALSO - --L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, -+L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)>, - L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, - L<EVP_OpenInit(3)|EVP_OpenInit(3)> - -diff -Naur openssl-1.0.0a.orig//doc/crypto/EVP_SignInit.pod openssl-1.0.0a/doc/crypto/EVP_SignInit.pod ---- openssl-1.0.0a.orig//doc/crypto/EVP_SignInit.pod 2006-07-12 13:31:29.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/EVP_SignInit.pod 2010-09-01 19:36:31.616125383 +0100 -@@ -89,7 +89,7 @@ - =head1 SEE ALSO - - L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>, --L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, -+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<openssl_err(3)|openssl_err(3)>, - L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, - L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, - L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> -diff -Naur openssl-1.0.0a.orig//doc/crypto/EVP_VerifyInit.pod openssl-1.0.0a/doc/crypto/EVP_VerifyInit.pod ---- openssl-1.0.0a.orig//doc/crypto/EVP_VerifyInit.pod 2006-07-12 13:31:30.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/EVP_VerifyInit.pod 2010-09-01 19:36:31.616125383 +0100 -@@ -80,7 +80,7 @@ - - L<evp(3)|evp(3)>, - L<EVP_SignInit(3)|EVP_SignInit(3)>, --L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, -+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<openssl_err(3)|openssl_err(3)>, - L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, - L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, - L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> -diff -Naur openssl-1.0.0a.orig//doc/crypto/OPENSSL_config.pod openssl-1.0.0a/doc/crypto/OPENSSL_config.pod ---- openssl-1.0.0a.orig//doc/crypto/OPENSSL_config.pod 2005-06-03 00:19:56.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/OPENSSL_config.pod 2010-09-01 19:36:31.616125383 +0100 -@@ -73,7 +73,7 @@ - =head1 SEE ALSO - - L<conf(5)|conf(5)>, L<CONF_load_modules_file(3)|CONF_load_modules_file(3)>, --L<CONF_modules_free(3),CONF_modules_free(3)> -+L<CONF_modules_free(3)|CONF_modules_free(3)> - - =head1 HISTORY - -diff -Naur openssl-1.0.0a.orig//doc/crypto/openssl_err.pod openssl-1.0.0a/doc/crypto/openssl_err.pod ---- openssl-1.0.0a.orig//doc/crypto/openssl_err.pod 1970-01-01 01:00:00.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/openssl_err.pod 2010-09-01 19:36:31.624124669 +0100 -@@ -0,0 +1,187 @@ -+=pod -+ -+=head1 NAME -+ -+openssl_err - error codes -+ -+=head1 SYNOPSIS -+ -+ #include <openssl/err.h> -+ -+ unsigned long ERR_get_error(void); -+ unsigned long ERR_peek_error(void); -+ unsigned long ERR_get_error_line(const char **file, int *line); -+ unsigned long ERR_peek_error_line(const char **file, int *line); -+ unsigned long ERR_get_error_line_data(const char **file, int *line, -+ const char **data, int *flags); -+ unsigned long ERR_peek_error_line_data(const char **file, int *line, -+ const char **data, int *flags); -+ -+ int ERR_GET_LIB(unsigned long e); -+ int ERR_GET_FUNC(unsigned long e); -+ int ERR_GET_REASON(unsigned long e); -+ -+ void ERR_clear_error(void); -+ -+ char *ERR_error_string(unsigned long e, char *buf); -+ const char *ERR_lib_error_string(unsigned long e); -+ const char *ERR_func_error_string(unsigned long e); -+ const char *ERR_reason_error_string(unsigned long e); -+ -+ void ERR_print_errors(BIO *bp); -+ void ERR_print_errors_fp(FILE *fp); -+ -+ void ERR_load_crypto_strings(void); -+ void ERR_free_strings(void); -+ -+ void ERR_remove_state(unsigned long pid); -+ -+ void ERR_put_error(int lib, int func, int reason, const char *file, -+ int line); -+ void ERR_add_error_data(int num, ...); -+ -+ void ERR_load_strings(int lib,ERR_STRING_DATA str[]); -+ unsigned long ERR_PACK(int lib, int func, int reason); -+ int ERR_get_next_error_library(void); -+ -+=head1 DESCRIPTION -+ -+When a call to the OpenSSL library fails, this is usually signalled -+by the return value, and an error code is stored in an error queue -+associated with the current thread. The B<err> library provides -+functions to obtain these error codes and textual error messages. -+ -+The L<ERR_get_error(3)|ERR_get_error(3)> manpage describes how to -+access error codes. -+ -+Error codes contain information about where the error occurred, and -+what went wrong. L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> describes how to -+extract this information. A method to obtain human-readable error -+messages is described in L<ERR_error_string(3)|ERR_error_string(3)>. -+ -+L<ERR_clear_error(3)|ERR_clear_error(3)> can be used to clear the -+error queue. -+ -+Note that L<ERR_remove_state(3)|ERR_remove_state(3)> should be used to -+avoid memory leaks when threads are terminated. -+ -+=head1 ADDING NEW ERROR CODES TO OPENSSL -+ -+See L<ERR_put_error(3)> if you want to record error codes in the -+OpenSSL error system from within your application. -+ -+The remainder of this section is of interest only if you want to add -+new error codes to OpenSSL or add error codes from external libraries. -+ -+=head2 Reporting errors -+ -+Each sub-library has a specific macro XXXerr() that is used to report -+errors. Its first argument is a function code B<XXX_F_...>, the second -+argument is a reason code B<XXX_R_...>. Function codes are derived -+from the function names; reason codes consist of textual error -+descriptions. For example, the function ssl23_read() reports a -+"handshake failure" as follows: -+ -+ SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE); -+ -+Function and reason codes should consist of upper case characters, -+numbers and underscores only. The error file generation script translates -+function codes into function names by looking in the header files -+for an appropriate function name, if none is found it just uses -+the capitalized form such as "SSL23_READ" in the above example. -+ -+The trailing section of a reason code (after the "_R_") is translated -+into lower case and underscores changed to spaces. -+ -+When you are using new function or reason codes, run B<make errors>. -+The necessary B<#define>s will then automatically be added to the -+sub-library's header file. -+ -+Although a library will normally report errors using its own specific -+XXXerr macro, another library's macro can be used. This is normally -+only done when a library wants to include ASN1 code which must use -+the ASN1err() macro. -+ -+=head2 Adding new libraries -+ -+When adding a new sub-library to OpenSSL, assign it a library number -+B<ERR_LIB_XXX>, define a macro XXXerr() (both in B<err.h>), add its -+name to B<ERR_str_libraries[]> (in B<crypto/err/err.c>), and add -+C<ERR_load_XXX_strings()> to the ERR_load_crypto_strings() function -+(in B<crypto/err/err_all.c>). Finally, add an entry -+ -+ L XXX xxx.h xxx_err.c -+ -+to B<crypto/err/openssl.ec>, and add B<xxx_err.c> to the Makefile. -+Running B<make errors> will then generate a file B<xxx_err.c>, and -+add all error codes used in the library to B<xxx.h>. -+ -+Additionally the library include file must have a certain form. -+Typically it will initially look like this: -+ -+ #ifndef HEADER_XXX_H -+ #define HEADER_XXX_H -+ -+ #ifdef __cplusplus -+ extern "C" { -+ #endif -+ -+ /* Include files */ -+ -+ #include <openssl/bio.h> -+ #include <openssl/x509.h> -+ -+ /* Macros, structures and function prototypes */ -+ -+ -+ /* BEGIN ERROR CODES */ -+ -+The B<BEGIN ERROR CODES> sequence is used by the error code -+generation script as the point to place new error codes, any text -+after this point will be overwritten when B<make errors> is run. -+The closing #endif etc will be automatically added by the script. -+ -+The generated C error code file B<xxx_err.c> will load the header -+files B<stdio.h>, B<openssl/err.h> and B<openssl/xxx.h> so the -+header file must load any additional header files containing any -+definitions it uses. -+ -+=head1 USING ERROR CODES IN EXTERNAL LIBRARIES -+ -+It is also possible to use OpenSSL's error code scheme in external -+libraries. The library needs to load its own codes and call the OpenSSL -+error code insertion script B<mkerr.pl> explicitly to add codes to -+the header file and generate the C error code file. This will normally -+be done if the external library needs to generate new ASN1 structures -+but it can also be used to add more general purpose error code handling. -+ -+TBA more details -+ -+=head1 INTERNALS -+ -+The error queues are stored in a hash table with one B<ERR_STATE> -+entry for each pid. ERR_get_state() returns the current thread's -+B<ERR_STATE>. An B<ERR_STATE> can hold up to B<ERR_NUM_ERRORS> error -+codes. When more error codes are added, the old ones are overwritten, -+on the assumption that the most recent errors are most important. -+ -+Error strings are also stored in hash table. The hash tables can -+be obtained by calling ERR_get_err_state_table(void) and -+ERR_get_string_table(void) respectively. -+ -+=head1 SEE ALSO -+ -+L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>, -+L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>, -+L<ERR_get_error(3)|ERR_get_error(3)>, -+L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>, -+L<ERR_clear_error(3)|ERR_clear_error(3)>, -+L<ERR_error_string(3)|ERR_error_string(3)>, -+L<ERR_print_errors(3)|ERR_print_errors(3)>, -+L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, -+L<ERR_remove_state(3)|ERR_remove_state(3)>, -+L<ERR_put_error(3)|ERR_put_error(3)>, -+L<ERR_load_strings(3)|ERR_load_strings(3)>, -+L<SSL_get_error(3)|SSL_get_error(3)> -+ -+=cut -diff -Naur openssl-1.0.0a.orig//doc/crypto/openssl_rand.pod openssl-1.0.0a/doc/crypto/openssl_rand.pod ---- openssl-1.0.0a.orig//doc/crypto/openssl_rand.pod 1970-01-01 01:00:00.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/openssl_rand.pod 2010-09-01 19:36:31.624124669 +0100 -@@ -0,0 +1,175 @@ -+=pod -+ -+=head1 NAME -+ -+openssl_rand - pseudo-random number generator -+ -+=head1 SYNOPSIS -+ -+ #include <openssl/rand.h> -+ -+ int RAND_set_rand_engine(ENGINE *engine); -+ -+ int RAND_bytes(unsigned char *buf, int num); -+ int RAND_pseudo_bytes(unsigned char *buf, int num); -+ -+ void RAND_seed(const void *buf, int num); -+ void RAND_add(const void *buf, int num, int entropy); -+ int RAND_status(void); -+ -+ int RAND_load_file(const char *file, long max_bytes); -+ int RAND_write_file(const char *file); -+ const char *RAND_file_name(char *file, size_t num); -+ -+ int RAND_egd(const char *path); -+ -+ void RAND_set_rand_method(const RAND_METHOD *meth); -+ const RAND_METHOD *RAND_get_rand_method(void); -+ RAND_METHOD *RAND_SSLeay(void); -+ -+ void RAND_cleanup(void); -+ -+ /* For Win32 only */ -+ void RAND_screen(void); -+ int RAND_event(UINT, WPARAM, LPARAM); -+ -+=head1 DESCRIPTION -+ -+Since the introduction of the ENGINE API, the recommended way of controlling -+default implementations is by using the ENGINE API functions. The default -+B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by -+RAND_get_rand_method(), is only used if no ENGINE has been set as the default -+"rand" implementation. Hence, these two functions are no longer the recommened -+way to control defaults. -+ -+If an alternative B<RAND_METHOD> implementation is being used (either set -+directly or as provided by an ENGINE module), then it is entirely responsible -+for the generation and management of a cryptographically secure PRNG stream. The -+mechanisms described below relate solely to the software PRNG implementation -+built in to OpenSSL and used by default. -+ -+These functions implement a cryptographically secure pseudo-random -+number generator (PRNG). It is used by other library functions for -+example to generate random keys, and applications can use it when they -+need randomness. -+ -+A cryptographic PRNG must be seeded with unpredictable data such as -+mouse movements or keys pressed at random by the user. This is -+described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file -+(see L<RAND_load_file(3)|RAND_load_file(3)>) to avoid having to go through the -+seeding process whenever the application is started. -+ -+L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the -+PRNG. -+ -+=head1 INTERNALS -+ -+The RAND_SSLeay() method implements a PRNG based on a cryptographic -+hash function. -+ -+The following description of its design is based on the SSLeay -+documentation: -+ -+First up I will state the things I believe I need for a good RNG. -+ -+=over 4 -+ -+=item 1 -+ -+A good hashing algorithm to mix things up and to convert the RNG 'state' -+to random numbers. -+ -+=item 2 -+ -+An initial source of random 'state'. -+ -+=item 3 -+ -+The state should be very large. If the RNG is being used to generate -+4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum). -+If your RNG state only has 128 bits, you are obviously limiting the -+search space to 128 bits, not 2048. I'm probably getting a little -+carried away on this last point but it does indicate that it may not be -+a bad idea to keep quite a lot of RNG state. It should be easier to -+break a cipher than guess the RNG seed data. -+ -+=item 4 -+ -+Any RNG seed data should influence all subsequent random numbers -+generated. This implies that any random seed data entered will have -+an influence on all subsequent random numbers generated. -+ -+=item 5 -+ -+When using data to seed the RNG state, the data used should not be -+extractable from the RNG state. I believe this should be a -+requirement because one possible source of 'secret' semi random -+data would be a private key or a password. This data must -+not be disclosed by either subsequent random numbers or a -+'core' dump left by a program crash. -+ -+=item 6 -+ -+Given the same initial 'state', 2 systems should deviate in their RNG state -+(and hence the random numbers generated) over time if at all possible. -+ -+=item 7 -+ -+Given the random number output stream, it should not be possible to determine -+the RNG state or the next random number. -+ -+=back -+ -+The algorithm is as follows. -+ -+There is global state made up of a 1023 byte buffer (the 'state'), a -+working hash value ('md'), and a counter ('count'). -+ -+Whenever seed data is added, it is inserted into the 'state' as -+follows. -+ -+The input is chopped up into units of 20 bytes (or less for -+the last block). Each of these blocks is run through the hash -+function as follows: The data passed to the hash function -+is the current 'md', the same number of bytes from the 'state' -+(the location determined by in incremented looping index) as -+the current 'block', the new key data 'block', and 'count' -+(which is incremented after each use). -+The result of this is kept in 'md' and also xored into the -+'state' at the same locations that were used as input into the -+hash function. I -+believe this system addresses points 1 (hash function; currently -+SHA-1), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash -+function and xor). -+ -+When bytes are extracted from the RNG, the following process is used. -+For each group of 10 bytes (or less), we do the following: -+ -+Input into the hash function the local 'md' (which is initialized from -+the global 'md' before any bytes are generated), the bytes that are to -+be overwritten by the random bytes, and bytes from the 'state' -+(incrementing looping index). From this digest output (which is kept -+in 'md'), the top (up to) 10 bytes are returned to the caller and the -+bottom 10 bytes are xored into the 'state'. -+ -+Finally, after we have finished 'num' random bytes for the caller, -+'count' (which is incremented) and the local and global 'md' are fed -+into the hash function and the results are kept in the global 'md'. -+ -+I believe the above addressed points 1 (use of SHA-1), 6 (by hashing -+into the 'state' the 'old' data from the caller that is about to be -+overwritten) and 7 (by not using the 10 bytes given to the caller to -+update the 'state', but they are used to update 'md'). -+ -+So of the points raised, only 2 is not addressed (but see -+L<RAND_add(3)|RAND_add(3)>). -+ -+=head1 SEE ALSO -+ -+L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>, -+L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_egd(3)|RAND_egd(3)>, -+L<RAND_bytes(3)|RAND_bytes(3)>, -+L<RAND_set_rand_method(3)|RAND_set_rand_method(3)>, -+L<RAND_cleanup(3)|RAND_cleanup(3)> -+ -+=cut -diff -Naur openssl-1.0.0a.orig//doc/crypto/openssl_threads.pod openssl-1.0.0a/doc/crypto/openssl_threads.pod ---- openssl-1.0.0a.orig//doc/crypto/openssl_threads.pod 1970-01-01 01:00:00.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/openssl_threads.pod 2010-09-01 19:36:31.624124669 +0100 -@@ -0,0 +1,175 @@ -+=pod -+ -+=head1 NAME -+ -+CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks, -+CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback, -+CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid, -+CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support -+ -+=head1 SYNOPSIS -+ -+ #include <openssl/crypto.h> -+ -+ void CRYPTO_set_locking_callback(void (*locking_function)(int mode, -+ int n, const char *file, int line)); -+ -+ void CRYPTO_set_id_callback(unsigned long (*id_function)(void)); -+ -+ int CRYPTO_num_locks(void); -+ -+ -+ /* struct CRYPTO_dynlock_value needs to be defined by the user */ -+ struct CRYPTO_dynlock_value; -+ -+ void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value * -+ (*dyn_create_function)(char *file, int line)); -+ void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function) -+ (int mode, struct CRYPTO_dynlock_value *l, -+ const char *file, int line)); -+ void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function) -+ (struct CRYPTO_dynlock_value *l, const char *file, int line)); -+ -+ int CRYPTO_get_new_dynlockid(void); -+ -+ void CRYPTO_destroy_dynlockid(int i); -+ -+ void CRYPTO_lock(int mode, int n, const char *file, int line); -+ -+ #define CRYPTO_w_lock(type) \ -+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) -+ #define CRYPTO_w_unlock(type) \ -+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) -+ #define CRYPTO_r_lock(type) \ -+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) -+ #define CRYPTO_r_unlock(type) \ -+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) -+ #define CRYPTO_add(addr,amount,type) \ -+ CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) -+ -+=head1 DESCRIPTION -+ -+OpenSSL can safely be used in multi-threaded applications provided -+that at least two callback functions are set. -+ -+locking_function(int mode, int n, const char *file, int line) is -+needed to perform locking on shared data structures. -+(Note that OpenSSL uses a number of global data structures that -+will be implicitly shared whenever multiple threads use OpenSSL.) -+Multi-threaded applications will crash at random if it is not set. -+ -+locking_function() must be able to handle up to CRYPTO_num_locks() -+different mutex locks. It sets the B<n>-th lock if B<mode> & -+B<CRYPTO_LOCK>, and releases it otherwise. -+ -+B<file> and B<line> are the file number of the function setting the -+lock. They can be useful for debugging. -+ -+id_function(void) is a function that returns a thread ID, for example -+pthread_self() if it returns an integer (see NOTES below). It isn't -+needed on Windows nor on platforms where getpid() returns a different -+ID for each thread (see NOTES below). -+ -+Additionally, OpenSSL supports dynamic locks, and sometimes, some parts -+of OpenSSL need it for better performance. To enable this, the following -+is required: -+ -+=over 4 -+ -+=item * -+Three additional callback function, dyn_create_function, dyn_lock_function -+and dyn_destroy_function. -+ -+=item * -+A structure defined with the data that each lock needs to handle. -+ -+=back -+ -+struct CRYPTO_dynlock_value has to be defined to contain whatever structure -+is needed to handle locks. -+ -+dyn_create_function(const char *file, int line) is needed to create a -+lock. Multi-threaded applications might crash at random if it is not set. -+ -+dyn_lock_function(int mode, CRYPTO_dynlock *l, const char *file, int line) -+is needed to perform locking off dynamic lock numbered n. Multi-threaded -+applications might crash at random if it is not set. -+ -+dyn_destroy_function(CRYPTO_dynlock *l, const char *file, int line) is -+needed to destroy the lock l. Multi-threaded applications might crash at -+random if it is not set. -+ -+CRYPTO_get_new_dynlockid() is used to create locks. It will call -+dyn_create_function for the actual creation. -+ -+CRYPTO_destroy_dynlockid() is used to destroy locks. It will call -+dyn_destroy_function for the actual destruction. -+ -+CRYPTO_lock() is used to lock and unlock the locks. mode is a bitfield -+describing what should be done with the lock. n is the number of the -+lock as returned from CRYPTO_get_new_dynlockid(). mode can be combined -+from the following values. These values are pairwise exclusive, with -+undefined behaviour if misused (for example, CRYPTO_READ and CRYPTO_WRITE -+should not be used together): -+ -+ CRYPTO_LOCK 0x01 -+ CRYPTO_UNLOCK 0x02 -+ CRYPTO_READ 0x04 -+ CRYPTO_WRITE 0x08 -+ -+=head1 RETURN VALUES -+ -+CRYPTO_num_locks() returns the required number of locks. -+ -+CRYPTO_get_new_dynlockid() returns the index to the newly created lock. -+ -+The other functions return no values. -+ -+=head1 NOTES -+ -+You can find out if OpenSSL was configured with thread support: -+ -+ #define OPENSSL_THREAD_DEFINES -+ #include <openssl/opensslconf.h> -+ #if defined(OPENSSL_THREADS) -+ // thread support enabled -+ #else -+ // no thread support -+ #endif -+ -+Also, dynamic locks are currently not used internally by OpenSSL, but -+may do so in the future. -+ -+Defining id_function(void) has it's own issues. Generally speaking, -+pthread_self() should be used, even on platforms where getpid() gives -+different answers in each thread, since that may depend on the machine -+the program is run on, not the machine where the program is being -+compiled. For instance, Red Hat 8 Linux and earlier used -+LinuxThreads, whose getpid() returns a different value for each -+thread. Red Hat 9 Linux and later use NPTL, which is -+Posix-conformant, and has a getpid() that returns the same value for -+all threads in a process. A program compiled on Red Hat 8 and run on -+Red Hat 9 will therefore see getpid() returning the same value for -+all threads. -+ -+There is still the issue of platforms where pthread_self() returns -+something other than an integer. This is a bit unusual, and this -+manual has no cookbook solution for that case. -+ -+=head1 EXAMPLES -+ -+B<crypto/threads/mttest.c> shows examples of the callback functions on -+Solaris, Irix and Win32. -+ -+=head1 HISTORY -+ -+CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() are -+available in all versions of SSLeay and OpenSSL. -+CRYPTO_num_locks() was added in OpenSSL 0.9.4. -+All functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev. -+ -+=head1 SEE ALSO -+ -+L<crypto(3)|crypto(3)> -+ -+=cut -diff -Naur openssl-1.0.0a.orig//doc/crypto/RAND_add.pod openssl-1.0.0a/doc/crypto/RAND_add.pod ---- openssl-1.0.0a.orig//doc/crypto/RAND_add.pod 2000-03-22 15:30:03.000000000 +0000 -+++ openssl-1.0.0a/doc/crypto/RAND_add.pod 2010-09-01 19:36:31.616125383 +0100 -@@ -65,7 +65,7 @@ - - =head1 SEE ALSO - --L<rand(3)|rand(3)>, L<RAND_egd(3)|RAND_egd(3)>, -+L<openssl_rand(3)|openssl_rand(3)>, L<RAND_egd(3)|RAND_egd(3)>, - L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> - - =head1 HISTORY -diff -Naur openssl-1.0.0a.orig//doc/crypto/RAND_bytes.pod openssl-1.0.0a/doc/crypto/RAND_bytes.pod ---- openssl-1.0.0a.orig//doc/crypto/RAND_bytes.pod 2007-09-24 12:01:18.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/RAND_bytes.pod 2010-09-01 19:36:31.616125383 +0100 -@@ -38,7 +38,7 @@ - - =head1 SEE ALSO - --L<rand(3)|rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, -+L<openssl_rand(3)|openssl_rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, - L<RAND_add(3)|RAND_add(3)> - - =head1 HISTORY -diff -Naur openssl-1.0.0a.orig//doc/crypto/RAND_cleanup.pod openssl-1.0.0a/doc/crypto/RAND_cleanup.pod ---- openssl-1.0.0a.orig//doc/crypto/RAND_cleanup.pod 2000-01-27 01:25:06.000000000 +0000 -+++ openssl-1.0.0a/doc/crypto/RAND_cleanup.pod 2010-09-01 19:36:31.616125383 +0100 -@@ -20,7 +20,7 @@ - - =head1 SEE ALSO - --L<rand(3)|rand(3)> -+L<openssl_rand(3)|openssl_rand(3)> - - =head1 HISTORY - -diff -Naur openssl-1.0.0a.orig//doc/crypto/RAND_egd.pod openssl-1.0.0a/doc/crypto/RAND_egd.pod ---- openssl-1.0.0a.orig//doc/crypto/RAND_egd.pod 2008-11-10 11:26:44.000000000 +0000 -+++ openssl-1.0.0a/doc/crypto/RAND_egd.pod 2010-09-01 19:36:31.616125383 +0100 -@@ -72,7 +72,7 @@ - - =head1 SEE ALSO - --L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, -+L<openssl_rand(3)|openssl_rand(3)>, L<RAND_add(3)|RAND_add(3)>, - L<RAND_cleanup(3)|RAND_cleanup(3)> - - =head1 HISTORY -diff -Naur openssl-1.0.0a.orig//doc/crypto/RAND_load_file.pod openssl-1.0.0a/doc/crypto/RAND_load_file.pod ---- openssl-1.0.0a.orig//doc/crypto/RAND_load_file.pod 2001-03-21 15:25:56.000000000 +0000 -+++ openssl-1.0.0a/doc/crypto/RAND_load_file.pod 2010-09-01 19:36:31.616125383 +0100 -@@ -43,7 +43,7 @@ - - =head1 SEE ALSO - --L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> -+L<openssl_rand(3)|openssl_rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> - - =head1 HISTORY - -diff -Naur openssl-1.0.0a.orig//doc/crypto/rand.pod openssl-1.0.0a/doc/crypto/rand.pod ---- openssl-1.0.0a.orig//doc/crypto/rand.pod 2002-08-05 17:27:01.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/rand.pod 1970-01-01 01:00:00.000000000 +0100 -@@ -1,175 +0,0 @@ --=pod -- --=head1 NAME -- --rand - pseudo-random number generator -- --=head1 SYNOPSIS -- -- #include <openssl/rand.h> -- -- int RAND_set_rand_engine(ENGINE *engine); -- -- int RAND_bytes(unsigned char *buf, int num); -- int RAND_pseudo_bytes(unsigned char *buf, int num); -- -- void RAND_seed(const void *buf, int num); -- void RAND_add(const void *buf, int num, int entropy); -- int RAND_status(void); -- -- int RAND_load_file(const char *file, long max_bytes); -- int RAND_write_file(const char *file); -- const char *RAND_file_name(char *file, size_t num); -- -- int RAND_egd(const char *path); -- -- void RAND_set_rand_method(const RAND_METHOD *meth); -- const RAND_METHOD *RAND_get_rand_method(void); -- RAND_METHOD *RAND_SSLeay(void); -- -- void RAND_cleanup(void); -- -- /* For Win32 only */ -- void RAND_screen(void); -- int RAND_event(UINT, WPARAM, LPARAM); -- --=head1 DESCRIPTION -- --Since the introduction of the ENGINE API, the recommended way of controlling --default implementations is by using the ENGINE API functions. The default --B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by --RAND_get_rand_method(), is only used if no ENGINE has been set as the default --"rand" implementation. Hence, these two functions are no longer the recommened --way to control defaults. -- --If an alternative B<RAND_METHOD> implementation is being used (either set --directly or as provided by an ENGINE module), then it is entirely responsible --for the generation and management of a cryptographically secure PRNG stream. The --mechanisms described below relate solely to the software PRNG implementation --built in to OpenSSL and used by default. -- --These functions implement a cryptographically secure pseudo-random --number generator (PRNG). It is used by other library functions for --example to generate random keys, and applications can use it when they --need randomness. -- --A cryptographic PRNG must be seeded with unpredictable data such as --mouse movements or keys pressed at random by the user. This is --described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file --(see L<RAND_load_file(3)|RAND_load_file(3)>) to avoid having to go through the --seeding process whenever the application is started. -- --L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the --PRNG. -- --=head1 INTERNALS -- --The RAND_SSLeay() method implements a PRNG based on a cryptographic --hash function. -- --The following description of its design is based on the SSLeay --documentation: -- --First up I will state the things I believe I need for a good RNG. -- --=over 4 -- --=item 1 -- --A good hashing algorithm to mix things up and to convert the RNG 'state' --to random numbers. -- --=item 2 -- --An initial source of random 'state'. -- --=item 3 -- --The state should be very large. If the RNG is being used to generate --4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum). --If your RNG state only has 128 bits, you are obviously limiting the --search space to 128 bits, not 2048. I'm probably getting a little --carried away on this last point but it does indicate that it may not be --a bad idea to keep quite a lot of RNG state. It should be easier to --break a cipher than guess the RNG seed data. -- --=item 4 -- --Any RNG seed data should influence all subsequent random numbers --generated. This implies that any random seed data entered will have --an influence on all subsequent random numbers generated. -- --=item 5 -- --When using data to seed the RNG state, the data used should not be --extractable from the RNG state. I believe this should be a --requirement because one possible source of 'secret' semi random --data would be a private key or a password. This data must --not be disclosed by either subsequent random numbers or a --'core' dump left by a program crash. -- --=item 6 -- --Given the same initial 'state', 2 systems should deviate in their RNG state --(and hence the random numbers generated) over time if at all possible. -- --=item 7 -- --Given the random number output stream, it should not be possible to determine --the RNG state or the next random number. -- --=back -- --The algorithm is as follows. -- --There is global state made up of a 1023 byte buffer (the 'state'), a --working hash value ('md'), and a counter ('count'). -- --Whenever seed data is added, it is inserted into the 'state' as --follows. -- --The input is chopped up into units of 20 bytes (or less for --the last block). Each of these blocks is run through the hash --function as follows: The data passed to the hash function --is the current 'md', the same number of bytes from the 'state' --(the location determined by in incremented looping index) as --the current 'block', the new key data 'block', and 'count' --(which is incremented after each use). --The result of this is kept in 'md' and also xored into the --'state' at the same locations that were used as input into the --hash function. I --believe this system addresses points 1 (hash function; currently --SHA-1), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash --function and xor). -- --When bytes are extracted from the RNG, the following process is used. --For each group of 10 bytes (or less), we do the following: -- --Input into the hash function the local 'md' (which is initialized from --the global 'md' before any bytes are generated), the bytes that are to --be overwritten by the random bytes, and bytes from the 'state' --(incrementing looping index). From this digest output (which is kept --in 'md'), the top (up to) 10 bytes are returned to the caller and the --bottom 10 bytes are xored into the 'state'. -- --Finally, after we have finished 'num' random bytes for the caller, --'count' (which is incremented) and the local and global 'md' are fed --into the hash function and the results are kept in the global 'md'. -- --I believe the above addressed points 1 (use of SHA-1), 6 (by hashing --into the 'state' the 'old' data from the caller that is about to be --overwritten) and 7 (by not using the 10 bytes given to the caller to --update the 'state', but they are used to update 'md'). -- --So of the points raised, only 2 is not addressed (but see --L<RAND_add(3)|RAND_add(3)>). -- --=head1 SEE ALSO -- --L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>, --L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_egd(3)|RAND_egd(3)>, --L<RAND_bytes(3)|RAND_bytes(3)>, --L<RAND_set_rand_method(3)|RAND_set_rand_method(3)>, --L<RAND_cleanup(3)|RAND_cleanup(3)> -- --=cut -diff -Naur openssl-1.0.0a.orig//doc/crypto/RAND_set_rand_method.pod openssl-1.0.0a/doc/crypto/RAND_set_rand_method.pod ---- openssl-1.0.0a.orig//doc/crypto/RAND_set_rand_method.pod 2007-11-19 09:18:03.000000000 +0000 -+++ openssl-1.0.0a/doc/crypto/RAND_set_rand_method.pod 2010-09-01 19:36:31.616125383 +0100 -@@ -67,7 +67,7 @@ - - =head1 SEE ALSO - --L<rand(3)|rand(3)>, L<engine(3)|engine(3)> -+L<openssl_rand(3)|openssl_rand(3)>, L<engine(3)|engine(3)> - - =head1 HISTORY - -diff -Naur openssl-1.0.0a.orig//doc/crypto/RSA_blinding_on.pod openssl-1.0.0a/doc/crypto/RSA_blinding_on.pod ---- openssl-1.0.0a.orig//doc/crypto/RSA_blinding_on.pod 2000-02-24 11:55:10.000000000 +0000 -+++ openssl-1.0.0a/doc/crypto/RSA_blinding_on.pod 2010-09-01 19:36:31.616125383 +0100 -@@ -34,7 +34,7 @@ - - =head1 SEE ALSO - --L<rsa(3)|rsa(3)>, L<rand(3)|rand(3)> -+L<rsa(3)|rsa(3)>, L<openssl_rand(3)|openssl_rand(3)> - - =head1 HISTORY - -diff -Naur openssl-1.0.0a.orig//doc/crypto/RSA_generate_key.pod openssl-1.0.0a/doc/crypto/RSA_generate_key.pod ---- openssl-1.0.0a.orig//doc/crypto/RSA_generate_key.pod 2002-09-25 14:33:27.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/RSA_generate_key.pod 2010-09-01 19:36:31.616125383 +0100 -@@ -59,7 +59,7 @@ - - =head1 SEE ALSO - --L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, -+L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, - L<RSA_free(3)|RSA_free(3)> - - =head1 HISTORY -diff -Naur openssl-1.0.0a.orig//doc/crypto/rsa.pod openssl-1.0.0a/doc/crypto/rsa.pod ---- openssl-1.0.0a.orig//doc/crypto/rsa.pod 2002-08-04 22:08:36.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/rsa.pod 2010-09-01 19:36:31.624124669 +0100 -@@ -108,7 +108,7 @@ - =head1 SEE ALSO - - L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, --L<rand(3)|rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>, -+L<openssl_rand(3)|openssl_rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>, - L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>, - L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>, - L<RSA_generate_key(3)|RSA_generate_key(3)>, -diff -Naur openssl-1.0.0a.orig//doc/crypto/RSA_public_encrypt.pod openssl-1.0.0a/doc/crypto/RSA_public_encrypt.pod ---- openssl-1.0.0a.orig//doc/crypto/RSA_public_encrypt.pod 2004-03-23 21:01:34.000000000 +0000 -+++ openssl-1.0.0a/doc/crypto/RSA_public_encrypt.pod 2010-09-01 19:36:31.620125025 +0100 -@@ -73,7 +73,7 @@ - - =head1 SEE ALSO - --L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, -+L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, - L<RSA_size(3)|RSA_size(3)> - - =head1 HISTORY -diff -Naur openssl-1.0.0a.orig//doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod openssl-1.0.0a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod ---- openssl-1.0.0a.orig//doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod 2002-09-25 14:33:28.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod 2010-09-01 19:36:31.620125025 +0100 -@@ -48,7 +48,7 @@ - =head1 SEE ALSO - - L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>, --L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, -+L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, - L<RSA_verify(3)|RSA_verify(3)> - - =head1 HISTORY -diff -Naur openssl-1.0.0a.orig//doc/crypto/threads.pod openssl-1.0.0a/doc/crypto/threads.pod ---- openssl-1.0.0a.orig//doc/crypto/threads.pod 2009-10-01 00:40:52.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/threads.pod 1970-01-01 01:00:00.000000000 +0100 -@@ -1,210 +0,0 @@ --=pod -- --=head1 NAME -- --CRYPTO_THREADID_set_callback, CRYPTO_THREADID_get_callback, --CRYPTO_THREADID_current, CRYPTO_THREADID_cmp, CRYPTO_THREADID_cpy, --CRYPTO_THREADID_hash, CRYPTO_set_locking_callback, CRYPTO_num_locks, --CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback, --CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid, --CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support -- --=head1 SYNOPSIS -- -- #include <openssl/crypto.h> -- -- /* Don't use this structure directly. */ -- typedef struct crypto_threadid_st -- { -- void *ptr; -- unsigned long val; -- } CRYPTO_THREADID; -- /* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ -- void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val); -- void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr); -- int CRYPTO_THREADID_set_callback(void (*threadid_func)(CRYPTO_THREADID *)); -- void (*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *); -- void CRYPTO_THREADID_current(CRYPTO_THREADID *id); -- int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, -- const CRYPTO_THREADID *b); -- void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, -- const CRYPTO_THREADID *src); -- unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id); -- -- int CRYPTO_num_locks(void); -- -- /* struct CRYPTO_dynlock_value needs to be defined by the user */ -- struct CRYPTO_dynlock_value; -- -- void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value * -- (*dyn_create_function)(char *file, int line)); -- void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function) -- (int mode, struct CRYPTO_dynlock_value *l, -- const char *file, int line)); -- void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function) -- (struct CRYPTO_dynlock_value *l, const char *file, int line)); -- -- int CRYPTO_get_new_dynlockid(void); -- -- void CRYPTO_destroy_dynlockid(int i); -- -- void CRYPTO_lock(int mode, int n, const char *file, int line); -- -- #define CRYPTO_w_lock(type) \ -- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) -- #define CRYPTO_w_unlock(type) \ -- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) -- #define CRYPTO_r_lock(type) \ -- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) -- #define CRYPTO_r_unlock(type) \ -- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) -- #define CRYPTO_add(addr,amount,type) \ -- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) -- --=head1 DESCRIPTION -- --OpenSSL can safely be used in multi-threaded applications provided --that at least two callback functions are set, locking_function and --threadid_func. -- --locking_function(int mode, int n, const char *file, int line) is --needed to perform locking on shared data structures. --(Note that OpenSSL uses a number of global data structures that --will be implicitly shared whenever multiple threads use OpenSSL.) --Multi-threaded applications will crash at random if it is not set. -- --locking_function() must be able to handle up to CRYPTO_num_locks() --different mutex locks. It sets the B<n>-th lock if B<mode> & --B<CRYPTO_LOCK>, and releases it otherwise. -- --B<file> and B<line> are the file number of the function setting the --lock. They can be useful for debugging. -- --threadid_func(CRYPTO_THREADID *id) is needed to record the currently-executing --thread's identifier into B<id>. The implementation of this callback should not --fill in B<id> directly, but should use CRYPTO_THREADID_set_numeric() if thread --IDs are numeric, or CRYPTO_THREADID_set_pointer() if they are pointer-based. --If the application does not register such a callback using --CRYPTO_THREADID_set_callback(), then a default implementation is used - on --Windows and BeOS this uses the system's default thread identifying APIs, and on --all other platforms it uses the address of B<errno>. The latter is satisfactory --for thread-safety if and only if the platform has a thread-local error number --facility. -- --Once threadid_func() is registered, or if the built-in default implementation is --to be used; -- --=over 4 -- --=item * --CRYPTO_THREADID_current() records the currently-executing thread ID into the --given B<id> object. -- --=item * --CRYPTO_THREADID_cmp() compares two thread IDs (returning zero for equality, ie. --the same semantics as memcmp()). -- --=item * --CRYPTO_THREADID_cpy() duplicates a thread ID value, -- --=item * --CRYPTO_THREADID_hash() returns a numeric value usable as a hash-table key. This --is usually the exact numeric or pointer-based thread ID used internally, however --this also handles the unusual case where pointers are larger than 'long' --variables and the platform's thread IDs are pointer-based - in this case, mixing --is done to attempt to produce a unique numeric value even though it is not as --wide as the platform's true thread IDs. -- --=back -- --Additionally, OpenSSL supports dynamic locks, and sometimes, some parts --of OpenSSL need it for better performance. To enable this, the following --is required: -- --=over 4 -- --=item * --Three additional callback function, dyn_create_function, dyn_lock_function --and dyn_destroy_function. -- --=item * --A structure defined with the data that each lock needs to handle. -- --=back -- --struct CRYPTO_dynlock_value has to be defined to contain whatever structure --is needed to handle locks. -- --dyn_create_function(const char *file, int line) is needed to create a --lock. Multi-threaded applications might crash at random if it is not set. -- --dyn_lock_function(int mode, CRYPTO_dynlock *l, const char *file, int line) --is needed to perform locking off dynamic lock numbered n. Multi-threaded --applications might crash at random if it is not set. -- --dyn_destroy_function(CRYPTO_dynlock *l, const char *file, int line) is --needed to destroy the lock l. Multi-threaded applications might crash at --random if it is not set. -- --CRYPTO_get_new_dynlockid() is used to create locks. It will call --dyn_create_function for the actual creation. -- --CRYPTO_destroy_dynlockid() is used to destroy locks. It will call --dyn_destroy_function for the actual destruction. -- --CRYPTO_lock() is used to lock and unlock the locks. mode is a bitfield --describing what should be done with the lock. n is the number of the --lock as returned from CRYPTO_get_new_dynlockid(). mode can be combined --from the following values. These values are pairwise exclusive, with --undefined behaviour if misused (for example, CRYPTO_READ and CRYPTO_WRITE --should not be used together): -- -- CRYPTO_LOCK 0x01 -- CRYPTO_UNLOCK 0x02 -- CRYPTO_READ 0x04 -- CRYPTO_WRITE 0x08 -- --=head1 RETURN VALUES -- --CRYPTO_num_locks() returns the required number of locks. -- --CRYPTO_get_new_dynlockid() returns the index to the newly created lock. -- --The other functions return no values. -- --=head1 NOTES -- --You can find out if OpenSSL was configured with thread support: -- -- #define OPENSSL_THREAD_DEFINES -- #include <openssl/opensslconf.h> -- #if defined(OPENSSL_THREADS) -- // thread support enabled -- #else -- // no thread support -- #endif -- --Also, dynamic locks are currently not used internally by OpenSSL, but --may do so in the future. -- --=head1 EXAMPLES -- --B<crypto/threads/mttest.c> shows examples of the callback functions on --Solaris, Irix and Win32. -- --=head1 HISTORY -- --CRYPTO_set_locking_callback() is --available in all versions of SSLeay and OpenSSL. --CRYPTO_num_locks() was added in OpenSSL 0.9.4. --All functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev. --B<CRYPTO_THREADID> and associated functions were introduced in OpenSSL 1.0.0 --to replace (actually, deprecate) the previous CRYPTO_set_id_callback(), --CRYPTO_get_id_callback(), and CRYPTO_thread_id() functions which assumed --thread IDs to always be represented by 'unsigned long'. -- --=head1 SEE ALSO -- --L<crypto(3)|crypto(3)> -- --=cut -diff -Naur openssl-1.0.0a.orig//doc/crypto/X509_NAME_ENTRY_get_object.pod openssl-1.0.0a/doc/crypto/X509_NAME_ENTRY_get_object.pod ---- openssl-1.0.0a.orig//doc/crypto/X509_NAME_ENTRY_get_object.pod 2006-05-14 12:27:59.000000000 +0100 -+++ openssl-1.0.0a/doc/crypto/X509_NAME_ENTRY_get_object.pod 2010-09-01 19:36:31.620125025 +0100 -@@ -65,7 +65,7 @@ - =head1 SEE ALSO - - L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>, --L<OBJ_nid2obj(3),OBJ_nid2obj(3)> -+L<OBJ_nid2obj(3)|OBJ_nid2obj(3)> - - =head1 HISTORY - -diff -Naur openssl-1.0.0a.orig//doc/ssl/SSL_get_error.pod openssl-1.0.0a/doc/ssl/SSL_get_error.pod ---- openssl-1.0.0a.orig//doc/ssl/SSL_get_error.pod 2005-03-30 12:50:14.000000000 +0100 -+++ openssl-1.0.0a/doc/ssl/SSL_get_error.pod 2010-09-01 19:36:40.259360162 +0100 -@@ -105,7 +105,7 @@ - - =head1 SEE ALSO - --L<ssl(3)|ssl(3)>, L<err(3)|err(3)> -+L<ssl(3)|ssl(3)>, L<openssl_err(3)|openssl_err(3)> - - =head1 HISTORY - -diff -Naur openssl-1.0.0a.orig//doc/ssl/SSL_want.pod openssl-1.0.0a/doc/ssl/SSL_want.pod ---- openssl-1.0.0a.orig//doc/ssl/SSL_want.pod 2005-03-30 12:50:14.000000000 +0100 -+++ openssl-1.0.0a/doc/ssl/SSL_want.pod 2010-09-01 19:36:40.259360162 +0100 -@@ -72,6 +72,6 @@ - - =head1 SEE ALSO - --L<ssl(3)|ssl(3)>, L<err(3)|err(3)>, L<SSL_get_error(3)|SSL_get_error(3)> -+L<ssl(3)|ssl(3)>, L<openssl_err(3)|openssl_err(3)>, L<SSL_get_error(3)|SSL_get_error(3)> - - =cut -diff -Naur openssl-1.0.0a.orig//FAQ openssl-1.0.0a/FAQ ---- openssl-1.0.0a.orig//FAQ 2010-06-01 14:31:36.000000000 +0100 -+++ openssl-1.0.0a/FAQ 2010-09-01 19:39:19.677244857 +0100 -@@ -724,7 +724,7 @@ - CRYPTO_set_id_callback(), for all versions of OpenSSL up to and - including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback() - and associated APIs are deprecated by CRYPTO_THREADID_set_callback() --and friends. This is described in the threads(3) manpage. -+and friends. This is described in the openssl_threads(3) manpage. - - * I've compiled a program under Windows and it crashes: why? - |