vendor/openssl/1.0.2q

6 files changed, 25 insertions, 9 deletions

diff --git a/doc/apps/crl.pod b/doc/apps/crl.pod
index cdced1c742c02..92efbf4860c56 100644
--- a/doc/apps/crl.pod
+++ b/doc/apps/crl.pod
@@ -115,7 +115,7 @@ Convert a CRL file from PEM to DER:
 
 Output the text form of a DER encoded certificate:
 
- openssl crl -in crl.der -text -noout
+ openssl crl -in crl.der -inform DER -text -noout
 
 =head1 BUGS
 
diff --git a/doc/apps/req.pod b/doc/apps/req.pod
index 20b2f39e90f2b..01c1c2ee8b386 100644
--- a/doc/apps/req.pod
+++ b/doc/apps/req.pod
@@ -393,8 +393,7 @@ option. For compatibility B<encrypt_rsa_key> is an equivalent option.
 =item B<default_md>
 
 This option specifies the digest algorithm to use. Possible values
-include B<md5 sha1 mdc2>. If not present then MD5 is used. This
-option can be overridden on the command line.
+include B<md5 sha1 mdc2>. This option can be overridden on the command line.
 
 =item B<string_mask>
 
diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod
index 9916fc3ef6a31..84777ee80a874 100644
--- a/doc/apps/s_server.pod
+++ b/doc/apps/s_server.pod
@@ -49,6 +49,7 @@ B<openssl> B<s_server>
 [B<-no_ssl3>]
 [B<-no_tls1>]
 [B<-no_dhe>]
+[B<-no_ecdhe>]
 [B<-bugs>]
 [B<-hack>]
 [B<-www>]
@@ -144,6 +145,11 @@ a static set of parameters hard coded into the s_server program will be used.
 if this option is set then no DH parameters will be loaded effectively
 disabling the ephemeral DH cipher suites.
 
+=item B<-no_ecdhe>
+
+if this option is set then no ECDH parameters will be selected, effectively
+disabling the ephemeral ECDH cipher suites.
+
 =item B<-no_tmp_rsa>
 
 certain export cipher suites sometimes use a temporary RSA key, this option
diff --git a/doc/crypto/EVP_DigestSignInit.pod b/doc/crypto/EVP_DigestSignInit.pod
index 83e65894d9d98..7a3e84d0f6426 100644
--- a/doc/crypto/EVP_DigestSignInit.pod
+++ b/doc/crypto/EVP_DigestSignInit.pod
@@ -19,9 +19,12 @@ The EVP signature routines are a high level interface to digital signatures.
 
 EVP_DigestSignInit() sets up signing context B<ctx> to use digest B<type> from
 ENGINE B<impl> and private key B<pkey>. B<ctx> must be initialized with
-EVP_MD_CTX_init() before calling this function. If B<pctx> is not NULL the
+EVP_MD_CTX_init() before calling this function. If B<pctx> is not NULL, the
 EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can
-be used to set alternative signing options.
+be used to set alternative signing options. Note that any existing value in
+B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be freed
+directly by the application (it will be freed automatically when the EVP_MD_CTX
+is freed). The digest B<type> may be NULL if the signing algorithm supports it.
 
 EVP_DigestSignUpdate() hashes B<cnt> bytes of data at B<d> into the
 signature context B<ctx>. This function can be called several times on the
diff --git a/doc/crypto/EVP_DigestVerifyInit.pod b/doc/crypto/EVP_DigestVerifyInit.pod
index 347c511663066..2e2c0fdc8f5b7 100644
--- a/doc/crypto/EVP_DigestVerifyInit.pod
+++ b/doc/crypto/EVP_DigestVerifyInit.pod
@@ -19,9 +19,12 @@ The EVP signature routines are a high level interface to digital signatures.
 
 EVP_DigestVerifyInit() sets up verification context B<ctx> to use digest
 B<type> from ENGINE B<impl> and public key B<pkey>. B<ctx> must be initialized
-with EVP_MD_CTX_init() before calling this function. If B<pctx> is not NULL the
+with EVP_MD_CTX_init() before calling this function. If B<pctx> is not NULL, the
 EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this
-can be used to set alternative verification options.
+can be used to set alternative verification options. Note that any existing
+value in B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be
+freed directly by the application (it will be freed automatically when the
+EVP_MD_CTX is freed).
 
 EVP_DigestVerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
 verification context B<ctx>. This function can be called several times on the
diff --git a/doc/crypto/OPENSSL_VERSION_NUMBER.pod b/doc/crypto/OPENSSL_VERSION_NUMBER.pod
index f7ca7cb790667..02eabd784648c 100644
--- a/doc/crypto/OPENSSL_VERSION_NUMBER.pod
+++ b/doc/crypto/OPENSSL_VERSION_NUMBER.pod
@@ -2,12 +2,14 @@
 
 =head1 NAME
 
-OPENSSL_VERSION_NUMBER, SSLeay, SSLeay_version - get OpenSSL version number
+OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, SSLeay, SSLeay_version
+- get OpenSSL version number
 
 =head1 SYNOPSIS
 
  #include <openssl/opensslv.h>
  #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL
+ #define OPENSSL_VERSION_TEXT "OpenSSL x.y.z xx XXX xxxx"
 
  #include <openssl/crypto.h>
  long SSLeay(void);
@@ -43,9 +45,12 @@ Version 0.9.5a had an interim interpretation that is like the current one,
 except the patch level got the highest bit set, to keep continuity.  The
 number was therefore 0x0090581f.
 
-
 For backward compatibility, SSLEAY_VERSION_NUMBER is also defined.
 
+OPENSSL_VERSION_TEXT is the text variant of the version number and the
+release date.  For example,
+"OpenSSL 1.0.1a 15 Oct 2015".
+
 SSLeay() returns this number. The return value can be compared to the
 macro to make sure that the correct version of the library has been
 loaded, especially when using DLLs on Windows systems.