From fca2b4fd636da045a129df5f2ba806143c39148b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= Date: Thu, 7 Aug 2014 07:59:05 +0300 Subject: main/openssl: security ugprade to 1.0.1i (multiple CVE) CVE-2014-3508 Information leak in pretty printing functions CVE-2014-5139 Crash with SRP ciphersuite in Server Hello message CVE-2014-3509 Race condition in ssl_parse_serverhello_tlsext CVE-2014-3505 Double Free when processing DTLS packets CVE-2014-3506 DTLS memory exhaustion CVE-2014-3507 DTLS memory leak from zero-length fragments CVE-2014-3510 OpenSSL DTLS anonymous EC(DH) denial of service CVE-2014-3511 OpenSSL TLS protocol downgrade attack CVE-2014-3512 SRP buffer overrun (cherry picked from commit a662e7dfb065b0b91ca19c33838295bf3e459f48) Conflicts: main/openssl/APKBUILD --- main/openssl/APKBUILD | 16 +- main/openssl/fix-manpages.patch | 678 ---------------------------------------- 2 files changed, 12 insertions(+), 682 deletions(-) diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD index a3929de576..339050aaf6 100644 --- a/main/openssl/APKBUILD +++ b/main/openssl/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: Timo Teras pkgname=openssl -pkgver=1.0.1h +pkgver=1.0.1i pkgrel=0 pkgdesc="Toolkit for SSL v2/v3 and TLS v1" url="http://openssl.org" @@ -45,7 +45,15 @@ build() { package() { cd "$_builddir" - make -j1 INSTALL_PREFIX="$pkgdir" MANDIR=/usr/share/man install + make -j1 INSTALL_PREFIX="$pkgdir" MANDIR=/usr/share/man install || return 1 + + # rename man pages that conflict with man-pages + local m + for m in rand.3 err.3 threads.3 passwd.1; do + mv "$pkgdir"/usr/share/man/man${m/*.}/$m \ + "$pkgdir"/usr/share/man/man${m/*.}/openssl-$m \ + || return 1 + done } libcrypto() { @@ -69,8 +77,8 @@ libssl() { done } -md5sums="8d6d684a9430d5cc98a62a5d8fbda8cf openssl-1.0.1h.tar.gz -c804de28dcf4cc64275e7df8828750c8 fix-manpages.patch +md5sums="c8dc151a671b9b92ff3e4c118b174972 openssl-1.0.1i.tar.gz +f75151bfdd0e1f5191e0d0e7147e1638 fix-manpages.patch c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch ddb5fc155145d5b852425adaec32234d 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch 4a7b9e20beb33a5e262ab64c2b8e5b48 0002-engines-e_padlock-backport-cvs-head-changes.patch diff --git a/main/openssl/fix-manpages.patch b/main/openssl/fix-manpages.patch index 92b092fff2..082f8a5788 100644 --- a/main/openssl/fix-manpages.patch +++ b/main/openssl/fix-manpages.patch @@ -55,94 +55,6 @@ index 738142e..e904f05 100644 L, L, L, L, L, L, L, L, -diff --git a/doc/apps/passwd.pod b/doc/apps/passwd.pod -deleted file mode 100644 -index f449825..0000000 ---- a/doc/apps/passwd.pod -+++ /dev/null -@@ -1,82 +0,0 @@ --=pod -- --=head1 NAME -- --passwd - compute password hashes -- --=head1 SYNOPSIS -- --B --[B<-crypt>] --[B<-1>] --[B<-apr1>] --[B<-salt> I] --[B<-in> I] --[B<-stdin>] --[B<-noverify>] --[B<-quiet>] --[B<-table>] --{I} -- --=head1 DESCRIPTION -- --The B command computes the hash of a password typed at --run-time or the hash of each password in a list. The password list is --taken from the named file for option B<-in file>, from stdin for --option B<-stdin>, or from the command line, or from the terminal otherwise. --The Unix standard algorithm B and the MD5-based BSD password --algorithm B<1> and its Apache variant B are available. -- --=head1 OPTIONS -- --=over 4 -- --=item B<-crypt> -- --Use the B algorithm (default). -- --=item B<-1> -- --Use the MD5 based BSD password algorithm B<1>. -- --=item B<-apr1> -- --Use the B algorithm (Apache variant of the BSD algorithm). -- --=item B<-salt> I -- --Use the specified salt. --When reading a password from the terminal, this implies B<-noverify>. -- --=item B<-in> I -- --Read passwords from I. -- --=item B<-stdin> -- --Read passwords from B. -- --=item B<-noverify> -- --Don't verify when reading a password from the terminal. -- --=item B<-quiet> -- --Don't output warnings when passwords given at the command line are truncated. -- --=item B<-table> -- --In the output list, prepend the cleartext password and a TAB character --to each password hash. -- --=back -- --=head1 EXAMPLES -- --B prints B. -- --B prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>. -- --B prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>. -- --=cut diff --git a/doc/crypto/BN_generate_prime.pod b/doc/crypto/BN_generate_prime.pod index 7dccacb..71e7078 100644 --- a/doc/crypto/BN_generate_prime.pod @@ -647,380 +559,6 @@ index f5ab1c3..63f7ebc 100644 +L, L, L, L =cut -diff --git a/doc/crypto/err.pod b/doc/crypto/err.pod -deleted file mode 100644 -index 6f72955..0000000 ---- a/doc/crypto/err.pod -+++ /dev/null -@@ -1,187 +0,0 @@ --=pod -- --=head1 NAME -- --err - error codes -- --=head1 SYNOPSIS -- -- #include -- -- unsigned long ERR_get_error(void); -- unsigned long ERR_peek_error(void); -- unsigned long ERR_get_error_line(const char **file, int *line); -- unsigned long ERR_peek_error_line(const char **file, int *line); -- unsigned long ERR_get_error_line_data(const char **file, int *line, -- const char **data, int *flags); -- unsigned long ERR_peek_error_line_data(const char **file, int *line, -- const char **data, int *flags); -- -- int ERR_GET_LIB(unsigned long e); -- int ERR_GET_FUNC(unsigned long e); -- int ERR_GET_REASON(unsigned long e); -- -- void ERR_clear_error(void); -- -- char *ERR_error_string(unsigned long e, char *buf); -- const char *ERR_lib_error_string(unsigned long e); -- const char *ERR_func_error_string(unsigned long e); -- const char *ERR_reason_error_string(unsigned long e); -- -- void ERR_print_errors(BIO *bp); -- void ERR_print_errors_fp(FILE *fp); -- -- void ERR_load_crypto_strings(void); -- void ERR_free_strings(void); -- -- void ERR_remove_state(unsigned long pid); -- -- void ERR_put_error(int lib, int func, int reason, const char *file, -- int line); -- void ERR_add_error_data(int num, ...); -- -- void ERR_load_strings(int lib,ERR_STRING_DATA str[]); -- unsigned long ERR_PACK(int lib, int func, int reason); -- int ERR_get_next_error_library(void); -- --=head1 DESCRIPTION -- --When a call to the OpenSSL library fails, this is usually signalled --by the return value, and an error code is stored in an error queue --associated with the current thread. The B library provides --functions to obtain these error codes and textual error messages. -- --The L manpage describes how to --access error codes. -- --Error codes contain information about where the error occurred, and --what went wrong. L describes how to --extract this information. A method to obtain human-readable error --messages is described in L. -- --L can be used to clear the --error queue. -- --Note that L should be used to --avoid memory leaks when threads are terminated. -- --=head1 ADDING NEW ERROR CODES TO OPENSSL -- --See L if you want to record error codes in the --OpenSSL error system from within your application. -- --The remainder of this section is of interest only if you want to add --new error codes to OpenSSL or add error codes from external libraries. -- --=head2 Reporting errors -- --Each sub-library has a specific macro XXXerr() that is used to report --errors. Its first argument is a function code B, the second --argument is a reason code B. Function codes are derived --from the function names; reason codes consist of textual error --descriptions. For example, the function ssl23_read() reports a --"handshake failure" as follows: -- -- SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE); -- --Function and reason codes should consist of upper case characters, --numbers and underscores only. The error file generation script translates --function codes into function names by looking in the header files --for an appropriate function name, if none is found it just uses --the capitalized form such as "SSL23_READ" in the above example. -- --The trailing section of a reason code (after the "_R_") is translated --into lower case and underscores changed to spaces. -- --When you are using new function or reason codes, run B. --The necessary B<#define>s will then automatically be added to the --sub-library's header file. -- --Although a library will normally report errors using its own specific --XXXerr macro, another library's macro can be used. This is normally --only done when a library wants to include ASN1 code which must use --the ASN1err() macro. -- --=head2 Adding new libraries -- --When adding a new sub-library to OpenSSL, assign it a library number --B, define a macro XXXerr() (both in B), add its --name to B (in B), and add --C to the ERR_load_crypto_strings() function --(in B). Finally, add an entry -- -- L XXX xxx.h xxx_err.c -- --to B, and add B to the Makefile. --Running B will then generate a file B, and --add all error codes used in the library to B. -- --Additionally the library include file must have a certain form. --Typically it will initially look like this: -- -- #ifndef HEADER_XXX_H -- #define HEADER_XXX_H -- -- #ifdef __cplusplus -- extern "C" { -- #endif -- -- /* Include files */ -- -- #include -- #include -- -- /* Macros, structures and function prototypes */ -- -- -- /* BEGIN ERROR CODES */ -- --The B sequence is used by the error code --generation script as the point to place new error codes, any text --after this point will be overwritten when B is run. --The closing #endif etc will be automatically added by the script. -- --The generated C error code file B will load the header --files B, B and B so the --header file must load any additional header files containing any --definitions it uses. -- --=head1 USING ERROR CODES IN EXTERNAL LIBRARIES -- --It is also possible to use OpenSSL's error code scheme in external --libraries. The library needs to load its own codes and call the OpenSSL --error code insertion script B explicitly to add codes to --the header file and generate the C error code file. This will normally --be done if the external library needs to generate new ASN1 structures --but it can also be used to add more general purpose error code handling. -- --TBA more details -- --=head1 INTERNALS -- --The error queues are stored in a hash table with one B --entry for each pid. ERR_get_state() returns the current thread's --B. An B can hold up to B error --codes. When more error codes are added, the old ones are overwritten, --on the assumption that the most recent errors are most important. -- --Error strings are also stored in hash table. The hash tables can --be obtained by calling ERR_get_err_state_table(void) and --ERR_get_string_table(void) respectively. -- --=head1 SEE ALSO -- --L, --L, --L, --L, --L, --L, --L, --L, --L, --L, --L, --L -- --=cut -diff --git a/doc/crypto/rand.pod b/doc/crypto/rand.pod -deleted file mode 100644 -index 1c068c8..0000000 ---- a/doc/crypto/rand.pod -+++ /dev/null -@@ -1,175 +0,0 @@ --=pod -- --=head1 NAME -- --rand - pseudo-random number generator -- --=head1 SYNOPSIS -- -- #include -- -- int RAND_set_rand_engine(ENGINE *engine); -- -- int RAND_bytes(unsigned char *buf, int num); -- int RAND_pseudo_bytes(unsigned char *buf, int num); -- -- void RAND_seed(const void *buf, int num); -- void RAND_add(const void *buf, int num, int entropy); -- int RAND_status(void); -- -- int RAND_load_file(const char *file, long max_bytes); -- int RAND_write_file(const char *file); -- const char *RAND_file_name(char *file, size_t num); -- -- int RAND_egd(const char *path); -- -- void RAND_set_rand_method(const RAND_METHOD *meth); -- const RAND_METHOD *RAND_get_rand_method(void); -- RAND_METHOD *RAND_SSLeay(void); -- -- void RAND_cleanup(void); -- -- /* For Win32 only */ -- void RAND_screen(void); -- int RAND_event(UINT, WPARAM, LPARAM); -- --=head1 DESCRIPTION -- --Since the introduction of the ENGINE API, the recommended way of controlling --default implementations is by using the ENGINE API functions. The default --B, as set by RAND_set_rand_method() and returned by --RAND_get_rand_method(), is only used if no ENGINE has been set as the default --"rand" implementation. Hence, these two functions are no longer the recommened --way to control defaults. -- --If an alternative B implementation is being used (either set --directly or as provided by an ENGINE module), then it is entirely responsible --for the generation and management of a cryptographically secure PRNG stream. The --mechanisms described below relate solely to the software PRNG implementation --built in to OpenSSL and used by default. -- --These functions implement a cryptographically secure pseudo-random --number generator (PRNG). It is used by other library functions for --example to generate random keys, and applications can use it when they --need randomness. -- --A cryptographic PRNG must be seeded with unpredictable data such as --mouse movements or keys pressed at random by the user. This is --described in L. Its state can be saved in a seed file --(see L) to avoid having to go through the --seeding process whenever the application is started. -- --L describes how to obtain random data from the --PRNG. -- --=head1 INTERNALS -- --The RAND_SSLeay() method implements a PRNG based on a cryptographic --hash function. -- --The following description of its design is based on the SSLeay --documentation: -- --First up I will state the things I believe I need for a good RNG. -- --=over 4 -- --=item 1 -- --A good hashing algorithm to mix things up and to convert the RNG 'state' --to random numbers. -- --=item 2 -- --An initial source of random 'state'. -- --=item 3 -- --The state should be very large. If the RNG is being used to generate --4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum). --If your RNG state only has 128 bits, you are obviously limiting the --search space to 128 bits, not 2048. I'm probably getting a little --carried away on this last point but it does indicate that it may not be --a bad idea to keep quite a lot of RNG state. It should be easier to --break a cipher than guess the RNG seed data. -- --=item 4 -- --Any RNG seed data should influence all subsequent random numbers --generated. This implies that any random seed data entered will have --an influence on all subsequent random numbers generated. -- --=item 5 -- --When using data to seed the RNG state, the data used should not be --extractable from the RNG state. I believe this should be a --requirement because one possible source of 'secret' semi random --data would be a private key or a password. This data must --not be disclosed by either subsequent random numbers or a --'core' dump left by a program crash. -- --=item 6 -- --Given the same initial 'state', 2 systems should deviate in their RNG state --(and hence the random numbers generated) over time if at all possible. -- --=item 7 -- --Given the random number output stream, it should not be possible to determine --the RNG state or the next random number. -- --=back -- --The algorithm is as follows. -- --There is global state made up of a 1023 byte buffer (the 'state'), a --working hash value ('md'), and a counter ('count'). -- --Whenever seed data is added, it is inserted into the 'state' as --follows. -- --The input is chopped up into units of 20 bytes (or less for --the last block). Each of these blocks is run through the hash --function as follows: The data passed to the hash function --is the current 'md', the same number of bytes from the 'state' --(the location determined by in incremented looping index) as --the current 'block', the new key data 'block', and 'count' --(which is incremented after each use). --The result of this is kept in 'md' and also xored into the --'state' at the same locations that were used as input into the --hash function. I --believe this system addresses points 1 (hash function; currently --SHA-1), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash --function and xor). -- --When bytes are extracted from the RNG, the following process is used. --For each group of 10 bytes (or less), we do the following: -- --Input into the hash function the local 'md' (which is initialized from --the global 'md' before any bytes are generated), the bytes that are to --be overwritten by the random bytes, and bytes from the 'state' --(incrementing looping index). From this digest output (which is kept --in 'md'), the top (up to) 10 bytes are returned to the caller and the --bottom 10 bytes are xored into the 'state'. -- --Finally, after we have finished 'num' random bytes for the caller, --'count' (which is incremented) and the local and global 'md' are fed --into the hash function and the results are kept in the global 'md'. -- --I believe the above addressed points 1 (use of SHA-1), 6 (by hashing --into the 'state' the 'old' data from the caller that is about to be --overwritten) and 7 (by not using the 10 bytes given to the caller to --update the 'state', but they are used to update 'md'). -- --So of the points raised, only 2 is not addressed (but see --L). -- --=head1 SEE ALSO -- --L, L, --L, L, --L, --L, --L -- --=cut diff --git a/doc/crypto/rsa.pod b/doc/crypto/rsa.pod index 45ac53f..5fa0dcc 100644 --- a/doc/crypto/rsa.pod @@ -1034,222 +572,6 @@ index 45ac53f..5fa0dcc 100644 L, L, L, L, -diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod -deleted file mode 100644 -index dc0e939..0000000 ---- a/doc/crypto/threads.pod -+++ /dev/null -@@ -1,210 +0,0 @@ --=pod -- --=head1 NAME -- --CRYPTO_THREADID_set_callback, CRYPTO_THREADID_get_callback, --CRYPTO_THREADID_current, CRYPTO_THREADID_cmp, CRYPTO_THREADID_cpy, --CRYPTO_THREADID_hash, CRYPTO_set_locking_callback, CRYPTO_num_locks, --CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback, --CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid, --CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support -- --=head1 SYNOPSIS -- -- #include -- -- /* Don't use this structure directly. */ -- typedef struct crypto_threadid_st -- { -- void *ptr; -- unsigned long val; -- } CRYPTO_THREADID; -- /* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ -- void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val); -- void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr); -- int CRYPTO_THREADID_set_callback(void (*threadid_func)(CRYPTO_THREADID *)); -- void (*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *); -- void CRYPTO_THREADID_current(CRYPTO_THREADID *id); -- int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, -- const CRYPTO_THREADID *b); -- void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, -- const CRYPTO_THREADID *src); -- unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id); -- -- int CRYPTO_num_locks(void); -- -- /* struct CRYPTO_dynlock_value needs to be defined by the user */ -- struct CRYPTO_dynlock_value; -- -- void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value * -- (*dyn_create_function)(char *file, int line)); -- void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function) -- (int mode, struct CRYPTO_dynlock_value *l, -- const char *file, int line)); -- void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function) -- (struct CRYPTO_dynlock_value *l, const char *file, int line)); -- -- int CRYPTO_get_new_dynlockid(void); -- -- void CRYPTO_destroy_dynlockid(int i); -- -- void CRYPTO_lock(int mode, int n, const char *file, int line); -- -- #define CRYPTO_w_lock(type) \ -- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) -- #define CRYPTO_w_unlock(type) \ -- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) -- #define CRYPTO_r_lock(type) \ -- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) -- #define CRYPTO_r_unlock(type) \ -- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) -- #define CRYPTO_add(addr,amount,type) \ -- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) -- --=head1 DESCRIPTION -- --OpenSSL can safely be used in multi-threaded applications provided --that at least two callback functions are set, locking_function and --threadid_func. -- --locking_function(int mode, int n, const char *file, int line) is --needed to perform locking on shared data structures. --(Note that OpenSSL uses a number of global data structures that --will be implicitly shared whenever multiple threads use OpenSSL.) --Multi-threaded applications will crash at random if it is not set. -- --locking_function() must be able to handle up to CRYPTO_num_locks() --different mutex locks. It sets the B-th lock if B & --B, and releases it otherwise. -- --B and B are the file number of the function setting the --lock. They can be useful for debugging. -- --threadid_func(CRYPTO_THREADID *id) is needed to record the currently-executing --thread's identifier into B. The implementation of this callback should not --fill in B directly, but should use CRYPTO_THREADID_set_numeric() if thread --IDs are numeric, or CRYPTO_THREADID_set_pointer() if they are pointer-based. --If the application does not register such a callback using --CRYPTO_THREADID_set_callback(), then a default implementation is used - on --Windows and BeOS this uses the system's default thread identifying APIs, and on --all other platforms it uses the address of B. The latter is satisfactory --for thread-safety if and only if the platform has a thread-local error number --facility. -- --Once threadid_func() is registered, or if the built-in default implementation is --to be used; -- --=over 4 -- --=item * --CRYPTO_THREADID_current() records the currently-executing thread ID into the --given B object. -- --=item * --CRYPTO_THREADID_cmp() compares two thread IDs (returning zero for equality, ie. --the same semantics as memcmp()). -- --=item * --CRYPTO_THREADID_cpy() duplicates a thread ID value, -- --=item * --CRYPTO_THREADID_hash() returns a numeric value usable as a hash-table key. This --is usually the exact numeric or pointer-based thread ID used internally, however --this also handles the unusual case where pointers are larger than 'long' --variables and the platform's thread IDs are pointer-based - in this case, mixing --is done to attempt to produce a unique numeric value even though it is not as --wide as the platform's true thread IDs. -- --=back -- --Additionally, OpenSSL supports dynamic locks, and sometimes, some parts --of OpenSSL need it for better performance. To enable this, the following --is required: -- --=over 4 -- --=item * --Three additional callback function, dyn_create_function, dyn_lock_function --and dyn_destroy_function. -- --=item * --A structure defined with the data that each lock needs to handle. -- --=back -- --struct CRYPTO_dynlock_value has to be defined to contain whatever structure --is needed to handle locks. -- --dyn_create_function(const char *file, int line) is needed to create a --lock. Multi-threaded applications might crash at random if it is not set. -- --dyn_lock_function(int mode, CRYPTO_dynlock *l, const char *file, int line) --is needed to perform locking off dynamic lock numbered n. Multi-threaded --applications might crash at random if it is not set. -- --dyn_destroy_function(CRYPTO_dynlock *l, const char *file, int line) is --needed to destroy the lock l. Multi-threaded applications might crash at --random if it is not set. -- --CRYPTO_get_new_dynlockid() is used to create locks. It will call --dyn_create_function for the actual creation. -- --CRYPTO_destroy_dynlockid() is used to destroy locks. It will call --dyn_destroy_function for the actual destruction. -- --CRYPTO_lock() is used to lock and unlock the locks. mode is a bitfield --describing what should be done with the lock. n is the number of the --lock as returned from CRYPTO_get_new_dynlockid(). mode can be combined --from the following values. These values are pairwise exclusive, with --undefined behaviour if misused (for example, CRYPTO_READ and CRYPTO_WRITE --should not be used together): -- -- CRYPTO_LOCK 0x01 -- CRYPTO_UNLOCK 0x02 -- CRYPTO_READ 0x04 -- CRYPTO_WRITE 0x08 -- --=head1 RETURN VALUES -- --CRYPTO_num_locks() returns the required number of locks. -- --CRYPTO_get_new_dynlockid() returns the index to the newly created lock. -- --The other functions return no values. -- --=head1 NOTES -- --You can find out if OpenSSL was configured with thread support: -- -- #define OPENSSL_THREAD_DEFINES -- #include -- #if defined(OPENSSL_THREADS) -- // thread support enabled -- #else -- // no thread support -- #endif -- --Also, dynamic locks are currently not used internally by OpenSSL, but --may do so in the future. -- --=head1 EXAMPLES -- --B shows examples of the callback functions on --Solaris, Irix and Win32. -- --=head1 HISTORY -- --CRYPTO_set_locking_callback() is --available in all versions of SSLeay and OpenSSL. --CRYPTO_num_locks() was added in OpenSSL 0.9.4. --All functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev. --B and associated functions were introduced in OpenSSL 1.0.0 --to replace (actually, deprecate) the previous CRYPTO_set_id_callback(), --CRYPTO_get_id_callback(), and CRYPTO_thread_id() functions which assumed --thread IDs to always be represented by 'unsigned long'. -- --=head1 SEE ALSO -- --L -- --=cut diff --git a/doc/ssl/SSL_get_error.pod b/doc/ssl/SSL_get_error.pod index 48c6b15..5432293 100644 --- a/doc/ssl/SSL_get_error.pod -- cgit v1.2.3