diff options
Diffstat (limited to 'main/openssl')
-rw-r--r-- | main/openssl/APKBUILD | 46 | ||||
-rw-r--r-- | main/openssl/fix-manpages.patch | 1329 | ||||
-rw-r--r-- | main/openssl/openssl-0.9.8k-quote-cc.patch | 72 |
3 files changed, 1362 insertions, 85 deletions
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD index 0aeeca9d23..1bab1385ff 100644 --- a/main/openssl/APKBUILD +++ b/main/openssl/APKBUILD @@ -1,21 +1,21 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=openssl -pkgver=0.9.8n -pkgrel=1 +pkgver=1.0.0 +pkgrel=0 pkgdesc="Toolkit for SSL v2/v3 and TLS v1" -url=http://openssl.org +url="http://openssl.org" depends= -makedepends="perl" +makedepends="perl zlib-dev" license="openssl" -subpackages="$pkgname-dev $pkgname-doc libcrypto" +subpackages="$pkgname-dev $pkgname-doc libcrypto1.0:libcrypto libssl1.0:libssl" source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz - http://www.linuxfromscratch.org/patches/downloads/openssl/openssl-0.9.8g-fix_manpages-1.patch + fix-manpages.patch openssl-bb-basename.patch - openssl-0.9.8k-padlock-sha.patch " +# openssl-0.9.8k-padlock-sha.patch _builddir="$srcdir"/$pkgname-$pkgver prepare() { cd "$_builddir" @@ -27,7 +27,11 @@ prepare() { build() { cd "$_builddir" - ./config --prefix=/usr --openssldir=/etc/ssl shared enable-montasm + ./config --prefix=/usr \ + --openssldir=/etc/ssl \ + shared zlib enable-montasm enable-md2 \ + -Wa,--noexecstack \ + || return 1 make -j1 || return 1 } @@ -37,9 +41,16 @@ package() { make -j1 INSTALL_PREFIX="$pkgdir" MANDIR=/usr/share/man install } +dev() { + replaces="libcrypto openssl" + default_dev + # move symlinks + mv "$pkgdir"/usr/lib/*.so "$subpkgdir"/usr/lib/ +} + libcrypto() { pkgdesc="Crypto library from openssl" - replaces="openssl" + replaces="openssl libcrypto" mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib for i in "$pkgdir"/usr/lib/libcrypto*; do mv $i "$subpkgdir"/lib/ @@ -48,7 +59,16 @@ libcrypto() { mv "$pkgdir"/usr/lib/engines "$subpkgdir"/usr/lib/ } -md5sums="076d8efc3ed93646bd01f04e23c07066 openssl-0.9.8n.tar.gz -04a6a88c2ee4badd4f8649792b73eaf3 openssl-0.9.8g-fix_manpages-1.patch -c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch -86b7f1bf50e1f3ba407ec62001a51a0d openssl-0.9.8k-padlock-sha.patch" +libssl() { + pkgdesc="SSL shared libraries" + replaces="openssl" + mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib + for i in "$pkgdir"/usr/lib/libssl*; do + mv $i "$subpkgdir"/lib/ + ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/} + done +} + +md5sums="89eaa86e25b2845f920ec00ae4c864ed openssl-1.0.0.tar.gz +115c481cd59b3dba631364e8fb1778f5 fix-manpages.patch +c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch" diff --git a/main/openssl/fix-manpages.patch b/main/openssl/fix-manpages.patch new file mode 100644 index 0000000000..7c6ac9902f --- /dev/null +++ b/main/openssl/fix-manpages.patch @@ -0,0 +1,1329 @@ +diff --git a/FAQ b/FAQ +index 2134e3a..18a8831 100644 +--- a/FAQ ++++ b/FAQ +@@ -724,7 +724,7 @@ OpenSSL by calling CRYPTO_set_locking_callback() and + CRYPTO_set_id_callback(), for all versions of OpenSSL up to and + including 0.9.8[abc...]. As of version 0.9.9, CRYPTO_set_id_callback() + and associated APIs are deprecated by CRYPTO_THREADID_set_callback() +-and friends. This is described in the threads(3) manpage. ++and friends. This is described in the openssl_threads(3) manpage. + + * I've compiled a program under Windows and it crashes: why? + +diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c +index 88088ce..e5da17f 100644 +--- a/crypto/rand/md_rand.c ++++ b/crypto/rand/md_rand.c +@@ -196,7 +196,7 @@ static void ssleay_rand_add(const void *buf, int num, double add) + int do_not_lock; + + /* +- * (Based on the rand(3) manpage) ++ * (Based on the openssl_rand(3) manpage) + * + * The input is chopped up into units of 20 bytes (or less for + * the last block). Each of these blocks is run through the hash +@@ -361,7 +361,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num) + num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2); + + /* +- * (Based on the rand(3) manpage:) ++ * (Based on the openssl_rand(3) manpage) + * + * For each group of 10 bytes (or less), we do the following: + * +diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod +index 738142e..e904f05 100644 +--- a/doc/apps/openssl.pod ++++ b/doc/apps/openssl.pod +@@ -163,7 +163,7 @@ Create or examine a netscape certificate sequence + + Online Certificate Status Protocol utility. + +-=item L<B<passwd>|passwd(1)> ++=item L<B<passwd>|openssl-passwd(1)> + + Generation of hashed passwords. + +@@ -401,7 +401,7 @@ L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkcs7(1)>, L<dgst(1)|dgst(1)>, + L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>, + L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, L<genpkey(1)|genpkey(1)>, + L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>, +-L<passwd(1)|passwd(1)>, ++L<openssl-passwd(1)|openssl-passwd(1)>, + L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>, + L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>, + L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>, +diff --git a/doc/apps/passwd.pod b/doc/apps/passwd.pod +deleted file mode 100644 +index f449825..0000000 +--- a/doc/apps/passwd.pod ++++ /dev/null +@@ -1,82 +0,0 @@ +-=pod +- +-=head1 NAME +- +-passwd - compute password hashes +- +-=head1 SYNOPSIS +- +-B<openssl passwd> +-[B<-crypt>] +-[B<-1>] +-[B<-apr1>] +-[B<-salt> I<string>] +-[B<-in> I<file>] +-[B<-stdin>] +-[B<-noverify>] +-[B<-quiet>] +-[B<-table>] +-{I<password>} +- +-=head1 DESCRIPTION +- +-The B<passwd> command computes the hash of a password typed at +-run-time or the hash of each password in a list. The password list is +-taken from the named file for option B<-in file>, from stdin for +-option B<-stdin>, or from the command line, or from the terminal otherwise. +-The Unix standard algorithm B<crypt> and the MD5-based BSD password +-algorithm B<1> and its Apache variant B<apr1> are available. +- +-=head1 OPTIONS +- +-=over 4 +- +-=item B<-crypt> +- +-Use the B<crypt> algorithm (default). +- +-=item B<-1> +- +-Use the MD5 based BSD password algorithm B<1>. +- +-=item B<-apr1> +- +-Use the B<apr1> algorithm (Apache variant of the BSD algorithm). +- +-=item B<-salt> I<string> +- +-Use the specified salt. +-When reading a password from the terminal, this implies B<-noverify>. +- +-=item B<-in> I<file> +- +-Read passwords from I<file>. +- +-=item B<-stdin> +- +-Read passwords from B<stdin>. +- +-=item B<-noverify> +- +-Don't verify when reading a password from the terminal. +- +-=item B<-quiet> +- +-Don't output warnings when passwords given at the command line are truncated. +- +-=item B<-table> +- +-In the output list, prepend the cleartext password and a TAB character +-to each password hash. +- +-=back +- +-=head1 EXAMPLES +- +-B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>. +- +-B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>. +- +-B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>. +- +-=cut +diff --git a/doc/crypto/BN_generate_prime.pod b/doc/crypto/BN_generate_prime.pod +index 7dccacb..71e7078 100644 +--- a/doc/crypto/BN_generate_prime.pod ++++ b/doc/crypto/BN_generate_prime.pod +@@ -90,7 +90,7 @@ The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + + =head1 SEE ALSO + +-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)> ++L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)> + + =head1 HISTORY + +diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod +index 81f93c2..690aa85 100644 +--- a/doc/crypto/BN_rand.pod ++++ b/doc/crypto/BN_rand.pod +@@ -45,7 +45,7 @@ The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + + =head1 SEE ALSO + +-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, ++L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, + L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)> + + =head1 HISTORY +diff --git a/doc/crypto/CONF_modules_free.pod b/doc/crypto/CONF_modules_free.pod +index 87bc7b7..347020c 100644 +--- a/doc/crypto/CONF_modules_free.pod ++++ b/doc/crypto/CONF_modules_free.pod +@@ -37,7 +37,7 @@ None of the functions return a value. + =head1 SEE ALSO + + L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>, +-L<CONF_modules_load_file(3), CONF_modules_load_file(3)> ++L<CONF_modules_load_file(3)|CONF_modules_load_file(3)> + + =head1 HISTORY + +diff --git a/doc/crypto/CONF_modules_load_file.pod b/doc/crypto/CONF_modules_load_file.pod +index 9965d69..6dd9b1d 100644 +--- a/doc/crypto/CONF_modules_load_file.pod ++++ b/doc/crypto/CONF_modules_load_file.pod +@@ -51,7 +51,7 @@ return value of the failing module (this will always be zero or negative). + =head1 SEE ALSO + + L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>, +-L<CONF_free(3), CONF_free(3)>, L<err(3),err(3)> ++L<CONF_free(3)|CONF_free(3)>, L<openssl_err(3)|openssl_err(3)> + + =head1 HISTORY + +diff --git a/doc/crypto/DH_generate_key.pod b/doc/crypto/DH_generate_key.pod +index 81f09fd..0d9f1e5 100644 +--- a/doc/crypto/DH_generate_key.pod ++++ b/doc/crypto/DH_generate_key.pod +@@ -40,7 +40,7 @@ The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + + =head1 SEE ALSO + +-L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)> ++L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<DH_size(3)|DH_size(3)> + + =head1 HISTORY + +diff --git a/doc/crypto/DH_generate_parameters.pod b/doc/crypto/DH_generate_parameters.pod +index 9081e9e..0c0f78c 100644 +--- a/doc/crypto/DH_generate_parameters.pod ++++ b/doc/crypto/DH_generate_parameters.pod +@@ -59,7 +59,7 @@ a usable generator. + + =head1 SEE ALSO + +-L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, ++L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, + L<DH_free(3)|DH_free(3)> + + =head1 HISTORY +diff --git a/doc/crypto/DSA_do_sign.pod b/doc/crypto/DSA_do_sign.pod +index 5dfc733..0a6d5f1 100644 +--- a/doc/crypto/DSA_do_sign.pod ++++ b/doc/crypto/DSA_do_sign.pod +@@ -36,7 +36,7 @@ L<ERR_get_error(3)|ERR_get_error(3)>. + + =head1 SEE ALSO + +-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, ++L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, + L<DSA_SIG_new(3)|DSA_SIG_new(3)>, + L<DSA_sign(3)|DSA_sign(3)> + +diff --git a/doc/crypto/DSA_generate_key.pod b/doc/crypto/DSA_generate_key.pod +index af83ccf..95080eb 100644 +--- a/doc/crypto/DSA_generate_key.pod ++++ b/doc/crypto/DSA_generate_key.pod +@@ -24,7 +24,7 @@ The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. + + =head1 SEE ALSO + +-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, ++L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, + L<DSA_generate_parameters(3)|DSA_generate_parameters(3)> + + =head1 HISTORY +diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod +index be7c924..2b1f78f 100644 +--- a/doc/crypto/DSA_generate_parameters.pod ++++ b/doc/crypto/DSA_generate_parameters.pod +@@ -90,7 +90,7 @@ Seed lengths E<gt> 20 are not supported. + + =head1 SEE ALSO + +-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, ++L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, + L<DSA_free(3)|DSA_free(3)> + + =head1 HISTORY +diff --git a/doc/crypto/DSA_sign.pod b/doc/crypto/DSA_sign.pod +index 97389e8..2e6f6f3 100644 +--- a/doc/crypto/DSA_sign.pod ++++ b/doc/crypto/DSA_sign.pod +@@ -55,7 +55,7 @@ Standard, DSS), ANSI X9.30 + + =head1 SEE ALSO + +-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, ++L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, + L<DSA_do_sign(3)|DSA_do_sign(3)> + + =head1 HISTORY +diff --git a/doc/crypto/ERR_GET_LIB.pod b/doc/crypto/ERR_GET_LIB.pod +index 2a129da..a881bdb 100644 +--- a/doc/crypto/ERR_GET_LIB.pod ++++ b/doc/crypto/ERR_GET_LIB.pod +@@ -41,7 +41,7 @@ The library number, function code and reason code respectively. + + =head1 SEE ALSO + +-L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> ++L<openssl_err(3)|openssl_err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> + + =head1 HISTORY + +diff --git a/doc/crypto/ERR_clear_error.pod b/doc/crypto/ERR_clear_error.pod +index 566e1f4..0f503e7 100644 +--- a/doc/crypto/ERR_clear_error.pod ++++ b/doc/crypto/ERR_clear_error.pod +@@ -20,7 +20,7 @@ ERR_clear_error() has no return value. + + =head1 SEE ALSO + +-L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> ++L<openssl_err(3)|openssl_err(3)>, L<ERR_get_error(3)|ERR_get_error(3)> + + =head1 HISTORY + +diff --git a/doc/crypto/ERR_error_string.pod b/doc/crypto/ERR_error_string.pod +index cdfa7fe..d774ec1 100644 +--- a/doc/crypto/ERR_error_string.pod ++++ b/doc/crypto/ERR_error_string.pod +@@ -60,7 +60,7 @@ none is registered for the error code. + + =head1 SEE ALSO + +-L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, ++L<openssl_err(3)|openssl_err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, + L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, + L<SSL_load_error_strings(3)|SSL_load_error_strings(3)> + L<ERR_print_errors(3)|ERR_print_errors(3)> +diff --git a/doc/crypto/ERR_get_error.pod b/doc/crypto/ERR_get_error.pod +index 3444304..cd3d7ce 100644 +--- a/doc/crypto/ERR_get_error.pod ++++ b/doc/crypto/ERR_get_error.pod +@@ -61,7 +61,7 @@ The error code, or 0 if there is no error in the queue. + + =head1 SEE ALSO + +-L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, ++L<openssl_err(3)|openssl_err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, + L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> + + =head1 HISTORY +diff --git a/doc/crypto/ERR_load_crypto_strings.pod b/doc/crypto/ERR_load_crypto_strings.pod +index 9bdec75..9c1b991 100644 +--- a/doc/crypto/ERR_load_crypto_strings.pod ++++ b/doc/crypto/ERR_load_crypto_strings.pod +@@ -35,7 +35,7 @@ ERR_free_strings() return no values. + + =head1 SEE ALSO + +-L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)> ++L<openssl_err(3)|openssl_err(3)>, L<ERR_error_string(3)|ERR_error_string(3)> + + =head1 HISTORY + +diff --git a/doc/crypto/ERR_load_strings.pod b/doc/crypto/ERR_load_strings.pod +index 5acdd0e..261c87d 100644 +--- a/doc/crypto/ERR_load_strings.pod ++++ b/doc/crypto/ERR_load_strings.pod +@@ -43,7 +43,7 @@ ERR_get_next_error_library() returns a new library number. + + =head1 SEE ALSO + +-L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> ++L<openssl_err(3)|openssl_err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> + + =head1 HISTORY + +diff --git a/doc/crypto/ERR_print_errors.pod b/doc/crypto/ERR_print_errors.pod +index b100a5f..a8b34b7 100644 +--- a/doc/crypto/ERR_print_errors.pod ++++ b/doc/crypto/ERR_print_errors.pod +@@ -38,7 +38,7 @@ ERR_print_errors() and ERR_print_errors_fp() return no values. + + =head1 SEE ALSO + +-L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, ++L<openssl_err(3)|openssl_err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>, + L<ERR_get_error(3)|ERR_get_error(3)>, + L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, + L<SSL_load_error_strings(3)|SSL_load_error_strings(3)> +diff --git a/doc/crypto/ERR_put_error.pod b/doc/crypto/ERR_put_error.pod +index acd241f..9c0263a 100644 +--- a/doc/crypto/ERR_put_error.pod ++++ b/doc/crypto/ERR_put_error.pod +@@ -34,7 +34,7 @@ no values. + + =head1 SEE ALSO + +-L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> ++L<openssl_err(3)|openssl_err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)> + + =head1 HISTORY + +diff --git a/doc/crypto/ERR_remove_state.pod b/doc/crypto/ERR_remove_state.pod +index 72925fb..8dd63da 100644 +--- a/doc/crypto/ERR_remove_state.pod ++++ b/doc/crypto/ERR_remove_state.pod +@@ -25,7 +25,7 @@ ERR_remove_state() returns no value. + + =head1 SEE ALSO + +-L<err(3)|err(3)> ++L<openssl_err(3)|openssl_err(3)> + + =head1 HISTORY + +diff --git a/doc/crypto/EVP_BytesToKey.pod b/doc/crypto/EVP_BytesToKey.pod +index d375c46..6d6cf39 100644 +--- a/doc/crypto/EVP_BytesToKey.pod ++++ b/doc/crypto/EVP_BytesToKey.pod +@@ -59,7 +59,7 @@ EVP_BytesToKey() returns the size of the derived key in bytes. + + =head1 SEE ALSO + +-L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, ++L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)>, + L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> + + =head1 HISTORY +diff --git a/doc/crypto/EVP_OpenInit.pod b/doc/crypto/EVP_OpenInit.pod +index 2e710da..31172e4 100644 +--- a/doc/crypto/EVP_OpenInit.pod ++++ b/doc/crypto/EVP_OpenInit.pod +@@ -54,7 +54,7 @@ EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success. + + =head1 SEE ALSO + +-L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, ++L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)>, + L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, + L<EVP_SealInit(3)|EVP_SealInit(3)> + +diff --git a/doc/crypto/EVP_SealInit.pod b/doc/crypto/EVP_SealInit.pod +index 7d793e1..a37101f 100644 +--- a/doc/crypto/EVP_SealInit.pod ++++ b/doc/crypto/EVP_SealInit.pod +@@ -74,7 +74,7 @@ with B<type> set to NULL. + + =head1 SEE ALSO + +-L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, ++L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)>, + L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, + L<EVP_OpenInit(3)|EVP_OpenInit(3)> + +diff --git a/doc/crypto/EVP_SignInit.pod b/doc/crypto/EVP_SignInit.pod +index 620a623..090f6e1 100644 +--- a/doc/crypto/EVP_SignInit.pod ++++ b/doc/crypto/EVP_SignInit.pod +@@ -89,7 +89,7 @@ The previous two bugs are fixed in the newer EVP_SignDigest*() function. + =head1 SEE ALSO + + L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>, +-L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, ++L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<openssl_err(3)|openssl_err(3)>, + L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, + L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, + L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> +diff --git a/doc/crypto/EVP_VerifyInit.pod b/doc/crypto/EVP_VerifyInit.pod +index 9097f09..2a8d225 100644 +--- a/doc/crypto/EVP_VerifyInit.pod ++++ b/doc/crypto/EVP_VerifyInit.pod +@@ -80,7 +80,7 @@ The previous two bugs are fixed in the newer EVP_VerifyDigest*() function. + + L<evp(3)|evp(3)>, + L<EVP_SignInit(3)|EVP_SignInit(3)>, +-L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, ++L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<openssl_err(3)|openssl_err(3)>, + L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, + L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>, + L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)> +diff --git a/doc/crypto/OPENSSL_config.pod b/doc/crypto/OPENSSL_config.pod +index e7bba2a..888de88 100644 +--- a/doc/crypto/OPENSSL_config.pod ++++ b/doc/crypto/OPENSSL_config.pod +@@ -73,7 +73,7 @@ Neither OPENSSL_config() nor OPENSSL_no_config() return a value. + =head1 SEE ALSO + + L<conf(5)|conf(5)>, L<CONF_load_modules_file(3)|CONF_load_modules_file(3)>, +-L<CONF_modules_free(3),CONF_modules_free(3)> ++L<CONF_modules_free(3)|CONF_modules_free(3)> + + =head1 HISTORY + +diff --git a/doc/crypto/RAND_add.pod b/doc/crypto/RAND_add.pod +index 67c66f3..a6fc28a 100644 +--- a/doc/crypto/RAND_add.pod ++++ b/doc/crypto/RAND_add.pod +@@ -65,7 +65,7 @@ The other functions do not return values. + + =head1 SEE ALSO + +-L<rand(3)|rand(3)>, L<RAND_egd(3)|RAND_egd(3)>, ++L<openssl_rand(3)|openssl_rand(3)>, L<RAND_egd(3)|RAND_egd(3)>, + L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> + + =head1 HISTORY +diff --git a/doc/crypto/RAND_bytes.pod b/doc/crypto/RAND_bytes.pod +index 1a9b91e..20c4110 100644 +--- a/doc/crypto/RAND_bytes.pod ++++ b/doc/crypto/RAND_bytes.pod +@@ -38,7 +38,7 @@ method. + + =head1 SEE ALSO + +-L<rand(3)|rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, ++L<openssl_rand(3)|openssl_rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, + L<RAND_add(3)|RAND_add(3)> + + =head1 HISTORY +diff --git a/doc/crypto/RAND_cleanup.pod b/doc/crypto/RAND_cleanup.pod +index 3a8f074..c99537d 100644 +--- a/doc/crypto/RAND_cleanup.pod ++++ b/doc/crypto/RAND_cleanup.pod +@@ -20,7 +20,7 @@ RAND_cleanup() returns no value. + + =head1 SEE ALSO + +-L<rand(3)|rand(3)> ++L<openssl_rand(3)|openssl_rand(3)> + + =head1 HISTORY + +diff --git a/doc/crypto/RAND_egd.pod b/doc/crypto/RAND_egd.pod +index 8b8c61d..c367290 100644 +--- a/doc/crypto/RAND_egd.pod ++++ b/doc/crypto/RAND_egd.pod +@@ -72,7 +72,7 @@ success, and -1 if the connection failed. The PRNG state is not considered. + + =head1 SEE ALSO + +-L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, ++L<openssl_rand(3)|openssl_rand(3)>, L<RAND_add(3)|RAND_add(3)>, + L<RAND_cleanup(3)|RAND_cleanup(3)> + + =head1 HISTORY +diff --git a/doc/crypto/RAND_load_file.pod b/doc/crypto/RAND_load_file.pod +index d8c134e..a079013 100644 +--- a/doc/crypto/RAND_load_file.pod ++++ b/doc/crypto/RAND_load_file.pod +@@ -43,7 +43,7 @@ error. + + =head1 SEE ALSO + +-L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> ++L<openssl_rand(3)|openssl_rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> + + =head1 HISTORY + +diff --git a/doc/crypto/RAND_set_rand_method.pod b/doc/crypto/RAND_set_rand_method.pod +index e5b780f..7f3ad1b 100644 +--- a/doc/crypto/RAND_set_rand_method.pod ++++ b/doc/crypto/RAND_set_rand_method.pod +@@ -67,7 +67,7 @@ algorithms. + + =head1 SEE ALSO + +-L<rand(3)|rand(3)>, L<engine(3)|engine(3)> ++L<openssl_rand(3)|openssl_rand(3)>, L<engine(3)|engine(3)> + + =head1 HISTORY + +diff --git a/doc/crypto/RSA_blinding_on.pod b/doc/crypto/RSA_blinding_on.pod +index fd2c69a..7b98614 100644 +--- a/doc/crypto/RSA_blinding_on.pod ++++ b/doc/crypto/RSA_blinding_on.pod +@@ -34,7 +34,7 @@ RSA_blinding_off() returns no value. + + =head1 SEE ALSO + +-L<rsa(3)|rsa(3)>, L<rand(3)|rand(3)> ++L<rsa(3)|rsa(3)>, L<openssl_rand(3)|openssl_rand(3)> + + =head1 HISTORY + +diff --git a/doc/crypto/RSA_generate_key.pod b/doc/crypto/RSA_generate_key.pod +index 52dbb14..3db3487 100644 +--- a/doc/crypto/RSA_generate_key.pod ++++ b/doc/crypto/RSA_generate_key.pod +@@ -59,7 +59,7 @@ RSA_generate_key() goes into an infinite loop for illegal input values. + + =head1 SEE ALSO + +-L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, ++L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, + L<RSA_free(3)|RSA_free(3)> + + =head1 HISTORY +diff --git a/doc/crypto/RSA_public_encrypt.pod b/doc/crypto/RSA_public_encrypt.pod +index ab0fe3b..3b00daf 100644 +--- a/doc/crypto/RSA_public_encrypt.pod ++++ b/doc/crypto/RSA_public_encrypt.pod +@@ -73,7 +73,7 @@ SSL, PKCS #1 v2.0 + + =head1 SEE ALSO + +-L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, ++L<ERR_get_error(3)|ERR_get_error(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, + L<RSA_size(3)|RSA_size(3)> + + =head1 HISTORY +diff --git a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod b/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod +index e70380b..121f3df 100644 +--- a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod ++++ b/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod +@@ -48,7 +48,7 @@ These functions serve no recognizable purpose. + =head1 SEE ALSO + + L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>, +-L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, ++L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, + L<RSA_verify(3)|RSA_verify(3)> + + =head1 HISTORY +diff --git a/doc/crypto/X509_NAME_ENTRY_get_object.pod b/doc/crypto/X509_NAME_ENTRY_get_object.pod +index 41902c0..4716e7e 100644 +--- a/doc/crypto/X509_NAME_ENTRY_get_object.pod ++++ b/doc/crypto/X509_NAME_ENTRY_get_object.pod +@@ -65,7 +65,7 @@ set first so the relevant field information can be looked up internally. + =head1 SEE ALSO + + L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>, +-L<OBJ_nid2obj(3),OBJ_nid2obj(3)> ++L<OBJ_nid2obj(3)|OBJ_nid2obj(3)> + + =head1 HISTORY + +diff --git a/doc/crypto/bn.pod b/doc/crypto/bn.pod +index cd2f8e5..a6f8c58 100644 +--- a/doc/crypto/bn.pod ++++ b/doc/crypto/bn.pod +@@ -167,7 +167,7 @@ of B<BIGNUM>s to external formats is described in L<BN_bn2bin(3)|BN_bn2bin(3)>. + =head1 SEE ALSO + + L<bn_internal(3)|bn_internal(3)>, +-L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, ++L<dh(3)|dh(3)>, L<openssl_err(3)|openssl_err(3)>, L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, + L<BN_new(3)|BN_new(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>, + L<BN_copy(3)|BN_copy(3)>, L<BN_swap(3)|BN_swap(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>, + L<BN_add(3)|BN_add(3)>, L<BN_add_word(3)|BN_add_word(3)>, +diff --git a/doc/crypto/crypto.pod b/doc/crypto/crypto.pod +index 7a52799..ca71202 100644 +--- a/doc/crypto/crypto.pod ++++ b/doc/crypto/crypto.pod +@@ -46,7 +46,7 @@ L<sha(3)|sha(3)> + + =item AUXILIARY FUNCTIONS + +-L<err(3)|err(3)>, L<threads(3)|threads(3)>, L<rand(3)|rand(3)>, ++L<openssl_err(3)|openssl_err(3)>, L<openssl_threads(3)|openssl_threads(3)>, L<openssl_rand(3)|openssl_rand(3)>, + L<OPENSSL_VERSION_NUMBER(3)|OPENSSL_VERSION_NUMBER(3)> + + =item INPUT/OUTPUT, DATA ENCODING +diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod +index 6f0cf1c..3fd2c47 100644 +--- a/doc/crypto/des.pod ++++ b/doc/crypto/des.pod +@@ -115,7 +115,7 @@ each byte is the parity bit. The key schedule is an expanded form of + the key; it is used to speed the encryption process. + + DES_random_key() generates a random key. The PRNG must be seeded +-prior to using this function (see L<rand(3)|rand(3)>). If the PRNG ++prior to using this function (see L<openssl_rand(3)|openssl_rand(3)>). If the PRNG + could not generate a secure key, 0 is returned. + + Before a DES key can be used, it must be converted into the +@@ -317,7 +317,7 @@ the MIT Kerberos library. + + =head1 SEE ALSO + +-crypt(3), L<des_modes(7)|des_modes(7)>, L<evp(3)|evp(3)>, L<rand(3)|rand(3)> ++crypt(3), L<des_modes(7)|des_modes(7)>, L<evp(3)|evp(3)>, L<openssl_rand(3)|openssl_rand(3)> + + =head1 HISTORY + +diff --git a/doc/crypto/dh.pod b/doc/crypto/dh.pod +index c3ccd06..28707bf 100644 +--- a/doc/crypto/dh.pod ++++ b/doc/crypto/dh.pod +@@ -67,8 +67,8 @@ modify keys. + + =head1 SEE ALSO + +-L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, +-L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>, ++L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<openssl_err(3)|openssl_err(3)>, ++L<openssl_rand(3)|openssl_rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>, + L<DH_set_method(3)|DH_set_method(3)>, L<DH_new(3)|DH_new(3)>, + L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>, + L<DH_generate_parameters(3)|DH_generate_parameters(3)>, +diff --git a/doc/crypto/dsa.pod b/doc/crypto/dsa.pod +index da07d2b..3187a73 100644 +--- a/doc/crypto/dsa.pod ++++ b/doc/crypto/dsa.pod +@@ -100,7 +100,7 @@ Standard, DSS), ANSI X9.30 + + =head1 SEE ALSO + +-L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, ++L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<openssl_err(3)|openssl_err(3)>, L<openssl_rand(3)|openssl_rand(3)>, + L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<engine(3)|engine(3)>, + L<DSA_new(3)|DSA_new(3)>, + L<DSA_size(3)|DSA_size(3)>, +diff --git a/doc/crypto/engine.pod b/doc/crypto/engine.pod +index f5ab1c3..63f7ebc 100644 +--- a/doc/crypto/engine.pod ++++ b/doc/crypto/engine.pod +@@ -594,6 +594,6 @@ implementations. + + =head1 SEE ALSO + +-L<rsa(3)|rsa(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<rand(3)|rand(3)> ++L<rsa(3)|rsa(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<openssl_rand(3)|openssl_rand(3)> + + =cut +diff --git a/doc/crypto/err.pod b/doc/crypto/err.pod +deleted file mode 100644 +index 6f72955..0000000 +--- a/doc/crypto/err.pod ++++ /dev/null +@@ -1,187 +0,0 @@ +-=pod +- +-=head1 NAME +- +-err - error codes +- +-=head1 SYNOPSIS +- +- #include <openssl/err.h> +- +- unsigned long ERR_get_error(void); +- unsigned long ERR_peek_error(void); +- unsigned long ERR_get_error_line(const char **file, int *line); +- unsigned long ERR_peek_error_line(const char **file, int *line); +- unsigned long ERR_get_error_line_data(const char **file, int *line, +- const char **data, int *flags); +- unsigned long ERR_peek_error_line_data(const char **file, int *line, +- const char **data, int *flags); +- +- int ERR_GET_LIB(unsigned long e); +- int ERR_GET_FUNC(unsigned long e); +- int ERR_GET_REASON(unsigned long e); +- +- void ERR_clear_error(void); +- +- char *ERR_error_string(unsigned long e, char *buf); +- const char *ERR_lib_error_string(unsigned long e); +- const char *ERR_func_error_string(unsigned long e); +- const char *ERR_reason_error_string(unsigned long e); +- +- void ERR_print_errors(BIO *bp); +- void ERR_print_errors_fp(FILE *fp); +- +- void ERR_load_crypto_strings(void); +- void ERR_free_strings(void); +- +- void ERR_remove_state(unsigned long pid); +- +- void ERR_put_error(int lib, int func, int reason, const char *file, +- int line); +- void ERR_add_error_data(int num, ...); +- +- void ERR_load_strings(int lib,ERR_STRING_DATA str[]); +- unsigned long ERR_PACK(int lib, int func, int reason); +- int ERR_get_next_error_library(void); +- +-=head1 DESCRIPTION +- +-When a call to the OpenSSL library fails, this is usually signalled +-by the return value, and an error code is stored in an error queue +-associated with the current thread. The B<err> library provides +-functions to obtain these error codes and textual error messages. +- +-The L<ERR_get_error(3)|ERR_get_error(3)> manpage describes how to +-access error codes. +- +-Error codes contain information about where the error occurred, and +-what went wrong. L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> describes how to +-extract this information. A method to obtain human-readable error +-messages is described in L<ERR_error_string(3)|ERR_error_string(3)>. +- +-L<ERR_clear_error(3)|ERR_clear_error(3)> can be used to clear the +-error queue. +- +-Note that L<ERR_remove_state(3)|ERR_remove_state(3)> should be used to +-avoid memory leaks when threads are terminated. +- +-=head1 ADDING NEW ERROR CODES TO OPENSSL +- +-See L<ERR_put_error(3)> if you want to record error codes in the +-OpenSSL error system from within your application. +- +-The remainder of this section is of interest only if you want to add +-new error codes to OpenSSL or add error codes from external libraries. +- +-=head2 Reporting errors +- +-Each sub-library has a specific macro XXXerr() that is used to report +-errors. Its first argument is a function code B<XXX_F_...>, the second +-argument is a reason code B<XXX_R_...>. Function codes are derived +-from the function names; reason codes consist of textual error +-descriptions. For example, the function ssl23_read() reports a +-"handshake failure" as follows: +- +- SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE); +- +-Function and reason codes should consist of upper case characters, +-numbers and underscores only. The error file generation script translates +-function codes into function names by looking in the header files +-for an appropriate function name, if none is found it just uses +-the capitalized form such as "SSL23_READ" in the above example. +- +-The trailing section of a reason code (after the "_R_") is translated +-into lower case and underscores changed to spaces. +- +-When you are using new function or reason codes, run B<make errors>. +-The necessary B<#define>s will then automatically be added to the +-sub-library's header file. +- +-Although a library will normally report errors using its own specific +-XXXerr macro, another library's macro can be used. This is normally +-only done when a library wants to include ASN1 code which must use +-the ASN1err() macro. +- +-=head2 Adding new libraries +- +-When adding a new sub-library to OpenSSL, assign it a library number +-B<ERR_LIB_XXX>, define a macro XXXerr() (both in B<err.h>), add its +-name to B<ERR_str_libraries[]> (in B<crypto/err/err.c>), and add +-C<ERR_load_XXX_strings()> to the ERR_load_crypto_strings() function +-(in B<crypto/err/err_all.c>). Finally, add an entry +- +- L XXX xxx.h xxx_err.c +- +-to B<crypto/err/openssl.ec>, and add B<xxx_err.c> to the Makefile. +-Running B<make errors> will then generate a file B<xxx_err.c>, and +-add all error codes used in the library to B<xxx.h>. +- +-Additionally the library include file must have a certain form. +-Typically it will initially look like this: +- +- #ifndef HEADER_XXX_H +- #define HEADER_XXX_H +- +- #ifdef __cplusplus +- extern "C" { +- #endif +- +- /* Include files */ +- +- #include <openssl/bio.h> +- #include <openssl/x509.h> +- +- /* Macros, structures and function prototypes */ +- +- +- /* BEGIN ERROR CODES */ +- +-The B<BEGIN ERROR CODES> sequence is used by the error code +-generation script as the point to place new error codes, any text +-after this point will be overwritten when B<make errors> is run. +-The closing #endif etc will be automatically added by the script. +- +-The generated C error code file B<xxx_err.c> will load the header +-files B<stdio.h>, B<openssl/err.h> and B<openssl/xxx.h> so the +-header file must load any additional header files containing any +-definitions it uses. +- +-=head1 USING ERROR CODES IN EXTERNAL LIBRARIES +- +-It is also possible to use OpenSSL's error code scheme in external +-libraries. The library needs to load its own codes and call the OpenSSL +-error code insertion script B<mkerr.pl> explicitly to add codes to +-the header file and generate the C error code file. This will normally +-be done if the external library needs to generate new ASN1 structures +-but it can also be used to add more general purpose error code handling. +- +-TBA more details +- +-=head1 INTERNALS +- +-The error queues are stored in a hash table with one B<ERR_STATE> +-entry for each pid. ERR_get_state() returns the current thread's +-B<ERR_STATE>. An B<ERR_STATE> can hold up to B<ERR_NUM_ERRORS> error +-codes. When more error codes are added, the old ones are overwritten, +-on the assumption that the most recent errors are most important. +- +-Error strings are also stored in hash table. The hash tables can +-be obtained by calling ERR_get_err_state_table(void) and +-ERR_get_string_table(void) respectively. +- +-=head1 SEE ALSO +- +-L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>, +-L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>, +-L<ERR_get_error(3)|ERR_get_error(3)>, +-L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>, +-L<ERR_clear_error(3)|ERR_clear_error(3)>, +-L<ERR_error_string(3)|ERR_error_string(3)>, +-L<ERR_print_errors(3)|ERR_print_errors(3)>, +-L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>, +-L<ERR_remove_state(3)|ERR_remove_state(3)>, +-L<ERR_put_error(3)|ERR_put_error(3)>, +-L<ERR_load_strings(3)|ERR_load_strings(3)>, +-L<SSL_get_error(3)|SSL_get_error(3)> +- +-=cut +diff --git a/doc/crypto/rand.pod b/doc/crypto/rand.pod +deleted file mode 100644 +index 1c068c8..0000000 +--- a/doc/crypto/rand.pod ++++ /dev/null +@@ -1,175 +0,0 @@ +-=pod +- +-=head1 NAME +- +-rand - pseudo-random number generator +- +-=head1 SYNOPSIS +- +- #include <openssl/rand.h> +- +- int RAND_set_rand_engine(ENGINE *engine); +- +- int RAND_bytes(unsigned char *buf, int num); +- int RAND_pseudo_bytes(unsigned char *buf, int num); +- +- void RAND_seed(const void *buf, int num); +- void RAND_add(const void *buf, int num, int entropy); +- int RAND_status(void); +- +- int RAND_load_file(const char *file, long max_bytes); +- int RAND_write_file(const char *file); +- const char *RAND_file_name(char *file, size_t num); +- +- int RAND_egd(const char *path); +- +- void RAND_set_rand_method(const RAND_METHOD *meth); +- const RAND_METHOD *RAND_get_rand_method(void); +- RAND_METHOD *RAND_SSLeay(void); +- +- void RAND_cleanup(void); +- +- /* For Win32 only */ +- void RAND_screen(void); +- int RAND_event(UINT, WPARAM, LPARAM); +- +-=head1 DESCRIPTION +- +-Since the introduction of the ENGINE API, the recommended way of controlling +-default implementations is by using the ENGINE API functions. The default +-B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by +-RAND_get_rand_method(), is only used if no ENGINE has been set as the default +-"rand" implementation. Hence, these two functions are no longer the recommened +-way to control defaults. +- +-If an alternative B<RAND_METHOD> implementation is being used (either set +-directly or as provided by an ENGINE module), then it is entirely responsible +-for the generation and management of a cryptographically secure PRNG stream. The +-mechanisms described below relate solely to the software PRNG implementation +-built in to OpenSSL and used by default. +- +-These functions implement a cryptographically secure pseudo-random +-number generator (PRNG). It is used by other library functions for +-example to generate random keys, and applications can use it when they +-need randomness. +- +-A cryptographic PRNG must be seeded with unpredictable data such as +-mouse movements or keys pressed at random by the user. This is +-described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file +-(see L<RAND_load_file(3)|RAND_load_file(3)>) to avoid having to go through the +-seeding process whenever the application is started. +- +-L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the +-PRNG. +- +-=head1 INTERNALS +- +-The RAND_SSLeay() method implements a PRNG based on a cryptographic +-hash function. +- +-The following description of its design is based on the SSLeay +-documentation: +- +-First up I will state the things I believe I need for a good RNG. +- +-=over 4 +- +-=item 1 +- +-A good hashing algorithm to mix things up and to convert the RNG 'state' +-to random numbers. +- +-=item 2 +- +-An initial source of random 'state'. +- +-=item 3 +- +-The state should be very large. If the RNG is being used to generate +-4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum). +-If your RNG state only has 128 bits, you are obviously limiting the +-search space to 128 bits, not 2048. I'm probably getting a little +-carried away on this last point but it does indicate that it may not be +-a bad idea to keep quite a lot of RNG state. It should be easier to +-break a cipher than guess the RNG seed data. +- +-=item 4 +- +-Any RNG seed data should influence all subsequent random numbers +-generated. This implies that any random seed data entered will have +-an influence on all subsequent random numbers generated. +- +-=item 5 +- +-When using data to seed the RNG state, the data used should not be +-extractable from the RNG state. I believe this should be a +-requirement because one possible source of 'secret' semi random +-data would be a private key or a password. This data must +-not be disclosed by either subsequent random numbers or a +-'core' dump left by a program crash. +- +-=item 6 +- +-Given the same initial 'state', 2 systems should deviate in their RNG state +-(and hence the random numbers generated) over time if at all possible. +- +-=item 7 +- +-Given the random number output stream, it should not be possible to determine +-the RNG state or the next random number. +- +-=back +- +-The algorithm is as follows. +- +-There is global state made up of a 1023 byte buffer (the 'state'), a +-working hash value ('md'), and a counter ('count'). +- +-Whenever seed data is added, it is inserted into the 'state' as +-follows. +- +-The input is chopped up into units of 20 bytes (or less for +-the last block). Each of these blocks is run through the hash +-function as follows: The data passed to the hash function +-is the current 'md', the same number of bytes from the 'state' +-(the location determined by in incremented looping index) as +-the current 'block', the new key data 'block', and 'count' +-(which is incremented after each use). +-The result of this is kept in 'md' and also xored into the +-'state' at the same locations that were used as input into the +-hash function. I +-believe this system addresses points 1 (hash function; currently +-SHA-1), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash +-function and xor). +- +-When bytes are extracted from the RNG, the following process is used. +-For each group of 10 bytes (or less), we do the following: +- +-Input into the hash function the local 'md' (which is initialized from +-the global 'md' before any bytes are generated), the bytes that are to +-be overwritten by the random bytes, and bytes from the 'state' +-(incrementing looping index). From this digest output (which is kept +-in 'md'), the top (up to) 10 bytes are returned to the caller and the +-bottom 10 bytes are xored into the 'state'. +- +-Finally, after we have finished 'num' random bytes for the caller, +-'count' (which is incremented) and the local and global 'md' are fed +-into the hash function and the results are kept in the global 'md'. +- +-I believe the above addressed points 1 (use of SHA-1), 6 (by hashing +-into the 'state' the 'old' data from the caller that is about to be +-overwritten) and 7 (by not using the 10 bytes given to the caller to +-update the 'state', but they are used to update 'md'). +- +-So of the points raised, only 2 is not addressed (but see +-L<RAND_add(3)|RAND_add(3)>). +- +-=head1 SEE ALSO +- +-L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>, +-L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_egd(3)|RAND_egd(3)>, +-L<RAND_bytes(3)|RAND_bytes(3)>, +-L<RAND_set_rand_method(3)|RAND_set_rand_method(3)>, +-L<RAND_cleanup(3)|RAND_cleanup(3)> +- +-=cut +diff --git a/doc/crypto/rsa.pod b/doc/crypto/rsa.pod +index 45ac53f..5fa0dcc 100644 +--- a/doc/crypto/rsa.pod ++++ b/doc/crypto/rsa.pod +@@ -108,7 +108,7 @@ RSA was covered by a US patent which expired in September 2000. + =head1 SEE ALSO + + L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, +-L<rand(3)|rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>, ++L<openssl_rand(3)|openssl_rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>, + L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>, + L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>, + L<RSA_generate_key(3)|RSA_generate_key(3)>, +diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod +deleted file mode 100644 +index dc0e939..0000000 +--- a/doc/crypto/threads.pod ++++ /dev/null +@@ -1,210 +0,0 @@ +-=pod +- +-=head1 NAME +- +-CRYPTO_THREADID_set_callback, CRYPTO_THREADID_get_callback, +-CRYPTO_THREADID_current, CRYPTO_THREADID_cmp, CRYPTO_THREADID_cpy, +-CRYPTO_THREADID_hash, CRYPTO_set_locking_callback, CRYPTO_num_locks, +-CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback, +-CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid, +-CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support +- +-=head1 SYNOPSIS +- +- #include <openssl/crypto.h> +- +- /* Don't use this structure directly. */ +- typedef struct crypto_threadid_st +- { +- void *ptr; +- unsigned long val; +- } CRYPTO_THREADID; +- /* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ +- void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val); +- void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr); +- int CRYPTO_THREADID_set_callback(void (*threadid_func)(CRYPTO_THREADID *)); +- void (*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *); +- void CRYPTO_THREADID_current(CRYPTO_THREADID *id); +- int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, +- const CRYPTO_THREADID *b); +- void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, +- const CRYPTO_THREADID *src); +- unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id); +- +- int CRYPTO_num_locks(void); +- +- /* struct CRYPTO_dynlock_value needs to be defined by the user */ +- struct CRYPTO_dynlock_value; +- +- void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value * +- (*dyn_create_function)(char *file, int line)); +- void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function) +- (int mode, struct CRYPTO_dynlock_value *l, +- const char *file, int line)); +- void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function) +- (struct CRYPTO_dynlock_value *l, const char *file, int line)); +- +- int CRYPTO_get_new_dynlockid(void); +- +- void CRYPTO_destroy_dynlockid(int i); +- +- void CRYPTO_lock(int mode, int n, const char *file, int line); +- +- #define CRYPTO_w_lock(type) \ +- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) +- #define CRYPTO_w_unlock(type) \ +- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) +- #define CRYPTO_r_lock(type) \ +- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) +- #define CRYPTO_r_unlock(type) \ +- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) +- #define CRYPTO_add(addr,amount,type) \ +- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) +- +-=head1 DESCRIPTION +- +-OpenSSL can safely be used in multi-threaded applications provided +-that at least two callback functions are set, locking_function and +-threadid_func. +- +-locking_function(int mode, int n, const char *file, int line) is +-needed to perform locking on shared data structures. +-(Note that OpenSSL uses a number of global data structures that +-will be implicitly shared whenever multiple threads use OpenSSL.) +-Multi-threaded applications will crash at random if it is not set. +- +-locking_function() must be able to handle up to CRYPTO_num_locks() +-different mutex locks. It sets the B<n>-th lock if B<mode> & +-B<CRYPTO_LOCK>, and releases it otherwise. +- +-B<file> and B<line> are the file number of the function setting the +-lock. They can be useful for debugging. +- +-threadid_func(CRYPTO_THREADID *id) is needed to record the currently-executing +-thread's identifier into B<id>. The implementation of this callback should not +-fill in B<id> directly, but should use CRYPTO_THREADID_set_numeric() if thread +-IDs are numeric, or CRYPTO_THREADID_set_pointer() if they are pointer-based. +-If the application does not register such a callback using +-CRYPTO_THREADID_set_callback(), then a default implementation is used - on +-Windows and BeOS this uses the system's default thread identifying APIs, and on +-all other platforms it uses the address of B<errno>. The latter is satisfactory +-for thread-safety if and only if the platform has a thread-local error number +-facility. +- +-Once threadid_func() is registered, or if the built-in default implementation is +-to be used; +- +-=over 4 +- +-=item * +-CRYPTO_THREADID_current() records the currently-executing thread ID into the +-given B<id> object. +- +-=item * +-CRYPTO_THREADID_cmp() compares two thread IDs (returning zero for equality, ie. +-the same semantics as memcmp()). +- +-=item * +-CRYPTO_THREADID_cpy() duplicates a thread ID value, +- +-=item * +-CRYPTO_THREADID_hash() returns a numeric value usable as a hash-table key. This +-is usually the exact numeric or pointer-based thread ID used internally, however +-this also handles the unusual case where pointers are larger than 'long' +-variables and the platform's thread IDs are pointer-based - in this case, mixing +-is done to attempt to produce a unique numeric value even though it is not as +-wide as the platform's true thread IDs. +- +-=back +- +-Additionally, OpenSSL supports dynamic locks, and sometimes, some parts +-of OpenSSL need it for better performance. To enable this, the following +-is required: +- +-=over 4 +- +-=item * +-Three additional callback function, dyn_create_function, dyn_lock_function +-and dyn_destroy_function. +- +-=item * +-A structure defined with the data that each lock needs to handle. +- +-=back +- +-struct CRYPTO_dynlock_value has to be defined to contain whatever structure +-is needed to handle locks. +- +-dyn_create_function(const char *file, int line) is needed to create a +-lock. Multi-threaded applications might crash at random if it is not set. +- +-dyn_lock_function(int mode, CRYPTO_dynlock *l, const char *file, int line) +-is needed to perform locking off dynamic lock numbered n. Multi-threaded +-applications might crash at random if it is not set. +- +-dyn_destroy_function(CRYPTO_dynlock *l, const char *file, int line) is +-needed to destroy the lock l. Multi-threaded applications might crash at +-random if it is not set. +- +-CRYPTO_get_new_dynlockid() is used to create locks. It will call +-dyn_create_function for the actual creation. +- +-CRYPTO_destroy_dynlockid() is used to destroy locks. It will call +-dyn_destroy_function for the actual destruction. +- +-CRYPTO_lock() is used to lock and unlock the locks. mode is a bitfield +-describing what should be done with the lock. n is the number of the +-lock as returned from CRYPTO_get_new_dynlockid(). mode can be combined +-from the following values. These values are pairwise exclusive, with +-undefined behaviour if misused (for example, CRYPTO_READ and CRYPTO_WRITE +-should not be used together): +- +- CRYPTO_LOCK 0x01 +- CRYPTO_UNLOCK 0x02 +- CRYPTO_READ 0x04 +- CRYPTO_WRITE 0x08 +- +-=head1 RETURN VALUES +- +-CRYPTO_num_locks() returns the required number of locks. +- +-CRYPTO_get_new_dynlockid() returns the index to the newly created lock. +- +-The other functions return no values. +- +-=head1 NOTES +- +-You can find out if OpenSSL was configured with thread support: +- +- #define OPENSSL_THREAD_DEFINES +- #include <openssl/opensslconf.h> +- #if defined(OPENSSL_THREADS) +- // thread support enabled +- #else +- // no thread support +- #endif +- +-Also, dynamic locks are currently not used internally by OpenSSL, but +-may do so in the future. +- +-=head1 EXAMPLES +- +-B<crypto/threads/mttest.c> shows examples of the callback functions on +-Solaris, Irix and Win32. +- +-=head1 HISTORY +- +-CRYPTO_set_locking_callback() is +-available in all versions of SSLeay and OpenSSL. +-CRYPTO_num_locks() was added in OpenSSL 0.9.4. +-All functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev. +-B<CRYPTO_THREADID> and associated functions were introduced in OpenSSL 1.0.0 +-to replace (actually, deprecate) the previous CRYPTO_set_id_callback(), +-CRYPTO_get_id_callback(), and CRYPTO_thread_id() functions which assumed +-thread IDs to always be represented by 'unsigned long'. +- +-=head1 SEE ALSO +- +-L<crypto(3)|crypto(3)> +- +-=cut +diff --git a/doc/ssl/SSL_get_error.pod b/doc/ssl/SSL_get_error.pod +index 48c6b15..5432293 100644 +--- a/doc/ssl/SSL_get_error.pod ++++ b/doc/ssl/SSL_get_error.pod +@@ -105,7 +105,7 @@ OpenSSL error queue contains more information on the error. + + =head1 SEE ALSO + +-L<ssl(3)|ssl(3)>, L<err(3)|err(3)> ++L<ssl(3)|ssl(3)>, L<openssl_err(3)|openssl_err(3)> + + =head1 HISTORY + +diff --git a/doc/ssl/SSL_want.pod b/doc/ssl/SSL_want.pod +index c0059c0..2e51a75 100644 +--- a/doc/ssl/SSL_want.pod ++++ b/doc/ssl/SSL_want.pod +@@ -72,6 +72,6 @@ return 1, when the corresponding condition is true or 0 otherwise. + + =head1 SEE ALSO + +-L<ssl(3)|ssl(3)>, L<err(3)|err(3)>, L<SSL_get_error(3)|SSL_get_error(3)> ++L<ssl(3)|ssl(3)>, L<openssl_err(3)|openssl_err(3)>, L<SSL_get_error(3)|SSL_get_error(3)> + + =cut diff --git a/main/openssl/openssl-0.9.8k-quote-cc.patch b/main/openssl/openssl-0.9.8k-quote-cc.patch deleted file mode 100644 index 5a61662886..0000000000 --- a/main/openssl/openssl-0.9.8k-quote-cc.patch +++ /dev/null @@ -1,72 +0,0 @@ ---- openssl-0.9.8k/Makefile.orig 2009-04-07 12:28:31.000000000 +0000 -+++ openssl-0.9.8k/Makefile 2009-04-07 12:30:13.000000000 +0000 -@@ -359,7 +359,7 @@ - $(AR) libcrypto.a fips/fipscanister.o ; \ - else \ - if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \ -- FIPSLD_CC=$(CC); CC=fips/fipsld; \ -+ FIPSLD_CC="$(CC)"; CC=fips/fipsld; \ - export CC FIPSLD_CC; \ - fi; \ - $(MAKE) -e SHLIBDIRS='crypto' build-shared; \ -@@ -382,9 +382,9 @@ - fips/fipscanister.o: build_fips - libfips$(SHLIB_EXT): fips/fipscanister.o - @if [ "$(SHLIB_TARGET)" != "" ]; then \ -- FIPSLD_CC=$(CC); CC=fips/fipsld; export CC FIPSLD_CC; \ -+ FIPSLD_CC="$(CC)"; CC=fips/fipsld; export CC FIPSLD_CC; \ - $(MAKE) -f Makefile.shared -e $(BUILDENV) \ -- CC=$${CC} LIBNAME=fips THIS=$@ \ -+ CC="$${CC}" LIBNAME=fips THIS=$@ \ - LIBEXTRAS=fips/fipscanister.o \ - LIBDEPS="$(EX_LIBS)" \ - LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \ ---- openssl-0.9.8k/apps/Makefile.orig 2009-04-07 12:35:30.000000000 +0000 -+++ openssl-0.9.8k/apps/Makefile 2009-04-07 12:56:53.000000000 +0000 -@@ -153,12 +153,12 @@ - shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ - shlib_target="$(SHLIB_TARGET)"; \ - elif [ -n "$(FIPSCANLIB)" ]; then \ -- FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \ -+ FIPSLD_CC="$(CC)"; CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \ - fi; \ - LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \ - [ "x$(FIPSCANLIB)" = "xlibfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \ - $(MAKE) -f $(TOP)/Makefile.shared -e \ -- CC=$${CC} APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \ -+ CC="$${CC}" APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - link_app.$${shlib_target} - -(cd ..; \ ---- openssl-0.9.8k/test/Makefile.orig 2009-04-07 13:26:06.000000000 +0000 -+++ openssl-0.9.8k/test/Makefile 2009-04-07 13:26:38.000000000 +0000 -@@ -402,13 +402,13 @@ - if [ "$(FIPSCANLIB)" = "libfips" ]; then \ - LIBRARIES="-L$(TOP) -lfips"; \ - elif [ -n "$(FIPSCANLIB)" ]; then \ -- FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \ -+ FIPSLD_CC="$(CC)"; CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \ - LIBRARIES="$${FIPSLIBDIR:-$(TOP)/fips/}fipscanister.o"; \ - else \ - LIBRARIES="$(LIBCRYPTO)"; \ - fi; \ - $(MAKE) -f $(TOP)/Makefile.shared -e \ -- CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ -+ CC="$${CC}" APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - link_app.$${shlib_target} - -@@ -417,11 +417,11 @@ - fi; \ - LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \ - if [ -z "$(SHARED_LIBS)" -a -n "$(FIPSCANLIB)" ] ; then \ -- FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \ -+ FIPSLD_CC="$(CC)"; CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \ - fi; \ - [ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \ - $(MAKE) -f $(TOP)/Makefile.shared -e \ -- CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ -+ CC="$${CC}" APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \ - LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ - link_app.$${shlib_target} - |