summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2018-08-14 17:48:02 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2018-08-14 17:48:02 +0000
commitdea77ea6fc17930104a7cf5c04b7aa6acc4a33fb (patch)
tree9063b7bc29c788870f2821ff70405afe6d303e63
parent8c52a6dbf7d095edbbd3e1345dabca669cc0800c (diff)
parent43a67e02da9068b94df1c07fc6f0d70bafd9263b (diff)
downloadsrc-test2-dea77ea6fc17930104a7cf5c04b7aa6acc4a33fb.tar.gz
src-test2-dea77ea6fc17930104a7cf5c04b7aa6acc4a33fb.zip
Notes
-rw-r--r--crypto/openssl/CHANGES58
-rw-r--r--crypto/openssl/CONTRIBUTING50
-rwxr-xr-xcrypto/openssl/Configure12
-rw-r--r--crypto/openssl/Makefile2
-rw-r--r--crypto/openssl/NEWS5
-rw-r--r--crypto/openssl/README4
-rw-r--r--crypto/openssl/apps/apps.c5
-rw-r--r--crypto/openssl/apps/asn1pars.c8
-rw-r--r--crypto/openssl/apps/ca.c5
-rw-r--r--crypto/openssl/apps/ocsp.c3
-rw-r--r--crypto/openssl/apps/passwd.c6
-rw-r--r--crypto/openssl/apps/s_apps.h7
-rw-r--r--crypto/openssl/apps/s_client.c4
-rw-r--r--crypto/openssl/apps/s_server.c35
-rw-r--r--crypto/openssl/apps/s_socket.c75
-rw-r--r--crypto/openssl/apps/verify.c1
-rw-r--r--crypto/openssl/crypto/Makefile2
-rw-r--r--crypto/openssl/crypto/asn1/a_bool.c24
-rw-r--r--crypto/openssl/crypto/asn1/a_object.c21
-rw-r--r--crypto/openssl/crypto/asn1/a_strex.c27
-rw-r--r--crypto/openssl/crypto/asn1/ameth_lib.c14
-rw-r--r--crypto/openssl/crypto/asn1/asn1.h8
-rw-r--r--crypto/openssl/crypto/asn1/asn1_err.c3
-rw-r--r--crypto/openssl/crypto/asn1/tasn_enc.c4
-rw-r--r--crypto/openssl/crypto/bio/bss_log.c4
-rw-r--r--crypto/openssl/crypto/bio/bss_mem.c2
-rw-r--r--crypto/openssl/crypto/bn/Makefile71
-rwxr-xr-xcrypto/openssl/crypto/bn/asm/armv4-mont.pl15
-rwxr-xr-xcrypto/openssl/crypto/bn/asm/ia64-mont.pl18
-rwxr-xr-xcrypto/openssl/crypto/bn/asm/mips-mont.pl12
-rwxr-xr-xcrypto/openssl/crypto/bn/asm/parisc-mont.pl28
-rwxr-xr-xcrypto/openssl/crypto/bn/asm/ppc-mont.pl13
-rwxr-xr-xcrypto/openssl/crypto/bn/asm/ppc64-mont.pl41
-rwxr-xr-xcrypto/openssl/crypto/bn/asm/rsaz-avx2.pl2
-rwxr-xr-xcrypto/openssl/crypto/bn/asm/s390x-mont.pl14
-rwxr-xr-xcrypto/openssl/crypto/bn/asm/sparct4-mont.pl24
-rwxr-xr-xcrypto/openssl/crypto/bn/asm/sparcv9-mont.pl13
-rwxr-xr-xcrypto/openssl/crypto/bn/asm/via-mont.pl13
-rwxr-xr-xcrypto/openssl/crypto/bn/asm/vis3-mont.pl16
-rwxr-xr-xcrypto/openssl/crypto/bn/asm/x86-mont.pl20
-rwxr-xr-xcrypto/openssl/crypto/bn/asm/x86_64-mont.pl83
-rwxr-xr-xcrypto/openssl/crypto/bn/asm/x86_64-mont5.pl19
-rw-r--r--crypto/openssl/crypto/bn/bn.h106
-rw-r--r--crypto/openssl/crypto/bn/bn_div.c1
-rw-r--r--crypto/openssl/crypto/bn/bn_exp.c69
-rw-r--r--crypto/openssl/crypto/bn/bn_gf2m.c34
-rw-r--r--crypto/openssl/crypto/bn/bn_lcl.h3
-rw-r--r--crypto/openssl/crypto/bn/bn_lib.c57
-rw-r--r--crypto/openssl/crypto/bn/bn_mod.c69
-rw-r--r--crypto/openssl/crypto/bn/bn_mont.c58
-rw-r--r--crypto/openssl/crypto/bn/bn_sqr.c10
-rw-r--r--crypto/openssl/crypto/bn_int.h15
-rw-r--r--crypto/openssl/crypto/conf/conf_api.c2
-rw-r--r--crypto/openssl/crypto/dh/dh_key.c7
-rw-r--r--crypto/openssl/crypto/dh/dh_pmeth.c4
-rw-r--r--crypto/openssl/crypto/dsa/dsa.h9
-rw-r--r--crypto/openssl/crypto/dsa/dsa_err.c3
-rw-r--r--crypto/openssl/crypto/dsa/dsa_gen.c13
-rw-r--r--crypto/openssl/crypto/dsa/dsa_ossl.c73
-rw-r--r--crypto/openssl/crypto/dsa/dsa_pmeth.c12
-rw-r--r--crypto/openssl/crypto/ec/ec_ameth.c22
-rw-r--r--crypto/openssl/crypto/ec/ec_lib.c10
-rw-r--r--crypto/openssl/crypto/ec/ecp_nistz256.c23
-rw-r--r--crypto/openssl/crypto/ecdsa/Makefile2
-rw-r--r--crypto/openssl/crypto/ecdsa/ecdsatest.c11
-rw-r--r--crypto/openssl/crypto/ecdsa/ecs_ossl.c32
-rw-r--r--crypto/openssl/crypto/engine/eng_lib.c8
-rw-r--r--crypto/openssl/crypto/engine/tb_asnmth.c4
-rw-r--r--crypto/openssl/crypto/o_time.c4
-rw-r--r--crypto/openssl/crypto/opensslv.h6
-rw-r--r--crypto/openssl/crypto/pem/pem.h3
-rw-r--r--crypto/openssl/crypto/pem/pem_lib.c59
-rw-r--r--crypto/openssl/crypto/pem/pem_pk8.c2
-rw-r--r--crypto/openssl/crypto/pem/pem_pkey.c2
-rw-r--r--crypto/openssl/crypto/pem/pvkfmt.c4
-rw-r--r--crypto/openssl/crypto/pkcs12/p12_asn.c4
-rw-r--r--crypto/openssl/crypto/rsa/Makefile2
-rw-r--r--crypto/openssl/crypto/rsa/rsa_eay.c41
-rw-r--r--crypto/openssl/crypto/rsa/rsa_gen.c2
-rw-r--r--crypto/openssl/crypto/rsa/rsa_oaep.c41
-rw-r--r--crypto/openssl/crypto/rsa/rsa_pk1.c62
-rw-r--r--crypto/openssl/crypto/rsa/rsa_sign.c4
-rw-r--r--crypto/openssl/crypto/rsa/rsa_ssl.c8
-rw-r--r--crypto/openssl/crypto/sha/asm/sha1-586.pl2
-rwxr-xr-xcrypto/openssl/crypto/sha/asm/sha256-586.pl2
-rw-r--r--crypto/openssl/crypto/ui/ui_openssl.c8
-rw-r--r--crypto/openssl/crypto/x509/x509_cmp.c2
-rw-r--r--crypto/openssl/crypto/x509/x509_lu.c16
-rw-r--r--crypto/openssl/crypto/x509/x509_vfy.c147
-rw-r--r--crypto/openssl/crypto/x509v3/v3_purp.c27
-rw-r--r--crypto/openssl/doc/apps/cms.pod14
-rw-r--r--crypto/openssl/doc/apps/config.pod2
-rw-r--r--crypto/openssl/doc/apps/genpkey.pod139
-rw-r--r--crypto/openssl/doc/apps/s_client.pod8
-rw-r--r--crypto/openssl/doc/crypto/BIO_s_fd.pod2
-rw-r--r--crypto/openssl/doc/crypto/BN_add.pod4
-rw-r--r--crypto/openssl/doc/crypto/BN_bn2bin.pod4
-rw-r--r--crypto/openssl/doc/crypto/BN_generate_prime.pod12
-rw-r--r--crypto/openssl/doc/crypto/CMS_encrypt.pod5
-rw-r--r--crypto/openssl/doc/crypto/CMS_get0_SignerInfos.pod2
-rw-r--r--crypto/openssl/doc/crypto/CMS_get1_ReceiptRequest.pod2
-rw-r--r--crypto/openssl/doc/crypto/DSA_do_sign.pod4
-rw-r--r--crypto/openssl/doc/crypto/DSA_sign.pod4
-rw-r--r--crypto/openssl/doc/crypto/OBJ_nid2obj.pod2
-rw-r--r--crypto/openssl/doc/crypto/SMIME_read_PKCS7.pod2
-rw-r--r--crypto/openssl/doc/crypto/ecdsa.pod2
-rw-r--r--crypto/openssl/doc/crypto/pem.pod93
-rw-r--r--crypto/openssl/doc/fingerprints.txt67
-rw-r--r--crypto/openssl/doc/man3/X509_cmp_time.pod39
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod7
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_ciphers.pod19
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_session.pod5
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_version.pod6
-rw-r--r--crypto/openssl/doc/ssl/ssl.pod2
-rw-r--r--crypto/openssl/ssl/d1_both.c5
-rw-r--r--crypto/openssl/ssl/s3_lib.c12
-rw-r--r--crypto/openssl/ssl/s3_srvr.c26
-rw-r--r--crypto/openssl/ssl/ssl.h7
-rw-r--r--crypto/openssl/ssl/ssl_lib.c31
-rw-r--r--crypto/openssl/ssl/ssl_locl.h4
-rw-r--r--crypto/openssl/ssl/t1_lib.c5
-rw-r--r--crypto/openssl/ssl/t1_trce.c16
-rwxr-xr-xcrypto/openssl/util/domd17
-rw-r--r--secure/lib/libcrypto/Makefile.inc7
-rw-r--r--secure/lib/libcrypto/Makefile.man1
-rw-r--r--secure/lib/libcrypto/amd64/x86_64-mont.S79
-rw-r--r--secure/lib/libcrypto/amd64/x86_64-mont5.S17
-rw-r--r--secure/lib/libcrypto/arm/armv4-mont.S15
-rw-r--r--secure/lib/libcrypto/i386/x86-mont.S32
-rw-r--r--secure/lib/libcrypto/man/ASN1_OBJECT_new.34
-rw-r--r--secure/lib/libcrypto/man/ASN1_STRING_length.34
-rw-r--r--secure/lib/libcrypto/man/ASN1_STRING_new.34
-rw-r--r--secure/lib/libcrypto/man/ASN1_STRING_print_ex.34
-rw-r--r--secure/lib/libcrypto/man/ASN1_TIME_set.36
-rw-r--r--secure/lib/libcrypto/man/ASN1_generate_nconf.320
-rw-r--r--secure/lib/libcrypto/man/BIO_ctrl.38
-rw-r--r--secure/lib/libcrypto/man/BIO_f_base64.36
-rw-r--r--secure/lib/libcrypto/man/BIO_f_buffer.34
-rw-r--r--secure/lib/libcrypto/man/BIO_f_cipher.38
-rw-r--r--secure/lib/libcrypto/man/BIO_f_md.36
-rw-r--r--secure/lib/libcrypto/man/BIO_f_null.34
-rw-r--r--secure/lib/libcrypto/man/BIO_f_ssl.318
-rw-r--r--secure/lib/libcrypto/man/BIO_find_type.38
-rw-r--r--secure/lib/libcrypto/man/BIO_new.34
-rw-r--r--secure/lib/libcrypto/man/BIO_new_CMS.34
-rw-r--r--secure/lib/libcrypto/man/BIO_push.38
-rw-r--r--secure/lib/libcrypto/man/BIO_read.312
-rw-r--r--secure/lib/libcrypto/man/BIO_s_accept.36
-rw-r--r--secure/lib/libcrypto/man/BIO_s_bio.310
-rw-r--r--secure/lib/libcrypto/man/BIO_s_connect.34
-rw-r--r--secure/lib/libcrypto/man/BIO_s_fd.38
-rw-r--r--secure/lib/libcrypto/man/BIO_s_file.310
-rw-r--r--secure/lib/libcrypto/man/BIO_s_mem.38
-rw-r--r--secure/lib/libcrypto/man/BIO_s_null.34
-rw-r--r--secure/lib/libcrypto/man/BIO_s_socket.36
-rw-r--r--secure/lib/libcrypto/man/BIO_set_callback.34
-rw-r--r--secure/lib/libcrypto/man/BIO_should_retry.34
-rw-r--r--secure/lib/libcrypto/man/BN_BLINDING_new.34
-rw-r--r--secure/lib/libcrypto/man/BN_CTX_new.34
-rw-r--r--secure/lib/libcrypto/man/BN_CTX_start.34
-rw-r--r--secure/lib/libcrypto/man/BN_add.38
-rw-r--r--secure/lib/libcrypto/man/BN_add_word.34
-rw-r--r--secure/lib/libcrypto/man/BN_bn2bin.38
-rw-r--r--secure/lib/libcrypto/man/BN_cmp.34
-rw-r--r--secure/lib/libcrypto/man/BN_copy.34
-rw-r--r--secure/lib/libcrypto/man/BN_generate_prime.316
-rw-r--r--secure/lib/libcrypto/man/BN_mod_inverse.34
-rw-r--r--secure/lib/libcrypto/man/BN_mod_mul_montgomery.34
-rw-r--r--secure/lib/libcrypto/man/BN_mod_mul_reciprocal.34
-rw-r--r--secure/lib/libcrypto/man/BN_new.34
-rw-r--r--secure/lib/libcrypto/man/BN_num_bytes.34
-rw-r--r--secure/lib/libcrypto/man/BN_rand.34
-rw-r--r--secure/lib/libcrypto/man/BN_set_bit.34
-rw-r--r--secure/lib/libcrypto/man/BN_swap.34
-rw-r--r--secure/lib/libcrypto/man/BN_zero.34
-rw-r--r--secure/lib/libcrypto/man/CMS_add0_cert.36
-rw-r--r--secure/lib/libcrypto/man/CMS_add1_recipient_cert.34
-rw-r--r--secure/lib/libcrypto/man/CMS_add1_signer.34
-rw-r--r--secure/lib/libcrypto/man/CMS_compress.38
-rw-r--r--secure/lib/libcrypto/man/CMS_decrypt.34
-rw-r--r--secure/lib/libcrypto/man/CMS_encrypt.313
-rw-r--r--secure/lib/libcrypto/man/CMS_final.34
-rw-r--r--secure/lib/libcrypto/man/CMS_get0_RecipientInfos.38
-rw-r--r--secure/lib/libcrypto/man/CMS_get0_SignerInfos.36
-rw-r--r--secure/lib/libcrypto/man/CMS_get0_type.34
-rw-r--r--secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.36
-rw-r--r--secure/lib/libcrypto/man/CMS_sign.38
-rw-r--r--secure/lib/libcrypto/man/CMS_sign_receipt.34
-rw-r--r--secure/lib/libcrypto/man/CMS_uncompress.34
-rw-r--r--secure/lib/libcrypto/man/CMS_verify.34
-rw-r--r--secure/lib/libcrypto/man/CMS_verify_receipt.34
-rw-r--r--secure/lib/libcrypto/man/CONF_modules_free.34
-rw-r--r--secure/lib/libcrypto/man/CONF_modules_load_file.34
-rw-r--r--secure/lib/libcrypto/man/CRYPTO_set_ex_data.34
-rw-r--r--secure/lib/libcrypto/man/DH_generate_key.34
-rw-r--r--secure/lib/libcrypto/man/DH_generate_parameters.34
-rw-r--r--secure/lib/libcrypto/man/DH_get_ex_new_index.34
-rw-r--r--secure/lib/libcrypto/man/DH_new.34
-rw-r--r--secure/lib/libcrypto/man/DH_set_method.36
-rw-r--r--secure/lib/libcrypto/man/DH_size.34
-rw-r--r--secure/lib/libcrypto/man/DSA_SIG_new.34
-rw-r--r--secure/lib/libcrypto/man/DSA_do_sign.38
-rw-r--r--secure/lib/libcrypto/man/DSA_dup_DH.34
-rw-r--r--secure/lib/libcrypto/man/DSA_generate_key.34
-rw-r--r--secure/lib/libcrypto/man/DSA_generate_parameters.34
-rw-r--r--secure/lib/libcrypto/man/DSA_get_ex_new_index.34
-rw-r--r--secure/lib/libcrypto/man/DSA_new.34
-rw-r--r--secure/lib/libcrypto/man/DSA_set_method.36
-rw-r--r--secure/lib/libcrypto/man/DSA_sign.310
-rw-r--r--secure/lib/libcrypto/man/DSA_size.34
-rw-r--r--secure/lib/libcrypto/man/EC_GFp_simple_method.34
-rw-r--r--secure/lib/libcrypto/man/EC_GROUP_copy.36
-rw-r--r--secure/lib/libcrypto/man/EC_GROUP_new.36
-rw-r--r--secure/lib/libcrypto/man/EC_KEY_new.36
-rw-r--r--secure/lib/libcrypto/man/EC_POINT_add.34
-rw-r--r--secure/lib/libcrypto/man/EC_POINT_new.34
-rw-r--r--secure/lib/libcrypto/man/ERR_GET_LIB.34
-rw-r--r--secure/lib/libcrypto/man/ERR_clear_error.34
-rw-r--r--secure/lib/libcrypto/man/ERR_error_string.34
-rw-r--r--secure/lib/libcrypto/man/ERR_get_error.34
-rw-r--r--secure/lib/libcrypto/man/ERR_load_crypto_strings.34
-rw-r--r--secure/lib/libcrypto/man/ERR_load_strings.34
-rw-r--r--secure/lib/libcrypto/man/ERR_print_errors.34
-rw-r--r--secure/lib/libcrypto/man/ERR_put_error.34
-rw-r--r--secure/lib/libcrypto/man/ERR_remove_state.34
-rw-r--r--secure/lib/libcrypto/man/ERR_set_mark.34
-rw-r--r--secure/lib/libcrypto/man/EVP_BytesToKey.34
-rw-r--r--secure/lib/libcrypto/man/EVP_DigestInit.38
-rw-r--r--secure/lib/libcrypto/man/EVP_DigestSignInit.36
-rw-r--r--secure/lib/libcrypto/man/EVP_DigestVerifyInit.36
-rw-r--r--secure/lib/libcrypto/man/EVP_EncodeInit.34
-rw-r--r--secure/lib/libcrypto/man/EVP_EncryptInit.312
-rw-r--r--secure/lib/libcrypto/man/EVP_OpenInit.34
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.36
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_CTX_new.38
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_cmp.34
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_decrypt.36
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_derive.34
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_encrypt.36
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.34
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_keygen.34
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_meth_new.34
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_new.34
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_print_private.36
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.34
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_sign.34
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_verify.34
-rw-r--r--secure/lib/libcrypto/man/EVP_PKEY_verify_recover.34
-rw-r--r--secure/lib/libcrypto/man/EVP_SealInit.38
-rw-r--r--secure/lib/libcrypto/man/EVP_SignInit.36
-rw-r--r--secure/lib/libcrypto/man/EVP_VerifyInit.36
-rw-r--r--secure/lib/libcrypto/man/OBJ_nid2obj.310
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_Applink.34
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.34
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_config.34
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_ia32cap.34
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_instrument_bus.34
-rw-r--r--secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.34
-rw-r--r--secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.34
-rw-r--r--secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.34
-rw-r--r--secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.34
-rw-r--r--secure/lib/libcrypto/man/PKCS12_create.38
-rw-r--r--secure/lib/libcrypto/man/PKCS12_parse.34
-rw-r--r--secure/lib/libcrypto/man/PKCS7_decrypt.34
-rw-r--r--secure/lib/libcrypto/man/PKCS7_encrypt.38
-rw-r--r--secure/lib/libcrypto/man/PKCS7_sign.38
-rw-r--r--secure/lib/libcrypto/man/PKCS7_sign_add_signer.34
-rw-r--r--secure/lib/libcrypto/man/PKCS7_verify.34
-rw-r--r--secure/lib/libcrypto/man/RAND_add.34
-rw-r--r--secure/lib/libcrypto/man/RAND_bytes.34
-rw-r--r--secure/lib/libcrypto/man/RAND_cleanup.34
-rw-r--r--secure/lib/libcrypto/man/RAND_egd.36
-rw-r--r--secure/lib/libcrypto/man/RAND_load_file.34
-rw-r--r--secure/lib/libcrypto/man/RAND_set_rand_method.36
-rw-r--r--secure/lib/libcrypto/man/RSA_blinding_on.34
-rw-r--r--secure/lib/libcrypto/man/RSA_check_key.34
-rw-r--r--secure/lib/libcrypto/man/RSA_generate_key.34
-rw-r--r--secure/lib/libcrypto/man/RSA_get_ex_new_index.34
-rw-r--r--secure/lib/libcrypto/man/RSA_new.34
-rw-r--r--secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.34
-rw-r--r--secure/lib/libcrypto/man/RSA_print.34
-rw-r--r--secure/lib/libcrypto/man/RSA_private_encrypt.34
-rw-r--r--secure/lib/libcrypto/man/RSA_public_encrypt.34
-rw-r--r--secure/lib/libcrypto/man/RSA_set_method.36
-rw-r--r--secure/lib/libcrypto/man/RSA_sign.34
-rw-r--r--secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.34
-rw-r--r--secure/lib/libcrypto/man/RSA_size.34
-rw-r--r--secure/lib/libcrypto/man/SMIME_read_CMS.36
-rw-r--r--secure/lib/libcrypto/man/SMIME_read_PKCS7.36
-rw-r--r--secure/lib/libcrypto/man/SMIME_write_CMS.34
-rw-r--r--secure/lib/libcrypto/man/SMIME_write_PKCS7.34
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.34
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.36
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.36
-rw-r--r--secure/lib/libcrypto/man/X509_NAME_print_ex.36
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_CTX_get_error.34
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.34
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_CTX_new.34
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.34
-rw-r--r--secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.34
-rw-r--r--secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.36
-rw-r--r--secure/lib/libcrypto/man/X509_check_host.38
-rw-r--r--secure/lib/libcrypto/man/X509_check_private_key.34
-rw-r--r--secure/lib/libcrypto/man/X509_cmp_time.3167
-rw-r--r--secure/lib/libcrypto/man/X509_new.34
-rw-r--r--secure/lib/libcrypto/man/X509_verify_cert.34
-rw-r--r--secure/lib/libcrypto/man/bio.34
-rw-r--r--secure/lib/libcrypto/man/blowfish.36
-rw-r--r--secure/lib/libcrypto/man/bn.34
-rw-r--r--secure/lib/libcrypto/man/bn_internal.34
-rw-r--r--secure/lib/libcrypto/man/buffer.34
-rw-r--r--secure/lib/libcrypto/man/crypto.34
-rw-r--r--secure/lib/libcrypto/man/d2i_ASN1_OBJECT.34
-rw-r--r--secure/lib/libcrypto/man/d2i_CMS_ContentInfo.34
-rw-r--r--secure/lib/libcrypto/man/d2i_DHparams.34
-rw-r--r--secure/lib/libcrypto/man/d2i_DSAPublicKey.34
-rw-r--r--secure/lib/libcrypto/man/d2i_ECPKParameters.310
-rw-r--r--secure/lib/libcrypto/man/d2i_ECPrivateKey.36
-rw-r--r--secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.34
-rw-r--r--secure/lib/libcrypto/man/d2i_PrivateKey.34
-rw-r--r--secure/lib/libcrypto/man/d2i_RSAPublicKey.34
-rw-r--r--secure/lib/libcrypto/man/d2i_X509.310
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_ALGOR.34
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_CRL.36
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_NAME.36
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_REQ.34
-rw-r--r--secure/lib/libcrypto/man/d2i_X509_SIG.34
-rw-r--r--secure/lib/libcrypto/man/des.310
-rw-r--r--secure/lib/libcrypto/man/dh.34
-rw-r--r--secure/lib/libcrypto/man/dsa.36
-rw-r--r--secure/lib/libcrypto/man/ec.34
-rw-r--r--secure/lib/libcrypto/man/ecdsa.312
-rw-r--r--secure/lib/libcrypto/man/engine.312
-rw-r--r--secure/lib/libcrypto/man/err.34
-rw-r--r--secure/lib/libcrypto/man/evp.34
-rw-r--r--secure/lib/libcrypto/man/hmac.38
-rw-r--r--secure/lib/libcrypto/man/i2d_CMS_bio_stream.34
-rw-r--r--secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.34
-rw-r--r--secure/lib/libcrypto/man/lh_stats.34
-rw-r--r--secure/lib/libcrypto/man/lhash.38
-rw-r--r--secure/lib/libcrypto/man/md5.34
-rw-r--r--secure/lib/libcrypto/man/mdc2.34
-rw-r--r--secure/lib/libcrypto/man/pem.3117
-rw-r--r--secure/lib/libcrypto/man/rand.38
-rw-r--r--secure/lib/libcrypto/man/rc4.34
-rw-r--r--secure/lib/libcrypto/man/ripemd.36
-rw-r--r--secure/lib/libcrypto/man/rsa.34
-rw-r--r--secure/lib/libcrypto/man/sha.38
-rw-r--r--secure/lib/libcrypto/man/threads.34
-rw-r--r--secure/lib/libcrypto/man/ui.36
-rw-r--r--secure/lib/libcrypto/man/ui_compat.34
-rw-r--r--secure/lib/libcrypto/man/x509.310
-rw-r--r--secure/lib/libssl/Makefile.man1
-rw-r--r--secure/lib/libssl/man/SSL_CIPHER_get_name.38
-rw-r--r--secure/lib/libssl/man/SSL_COMP_add_compression_method.34
-rw-r--r--secure/lib/libssl/man/SSL_CONF_CTX_new.34
-rw-r--r--secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.34
-rw-r--r--secure/lib/libssl/man/SSL_CONF_CTX_set_flags.34
-rw-r--r--secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.34
-rw-r--r--secure/lib/libssl/man/SSL_CONF_cmd.34
-rw-r--r--secure/lib/libssl/man/SSL_CONF_cmd_argv.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_add1_chain_cert.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_add_session.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_ctrl.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_flush_sessions.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_free.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_get0_param.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_get_ex_new_index.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_get_verify_mode.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_load_verify_locations.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_new.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_sess_number.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_sessions.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set1_curves.36
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_cert_cb.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_cert_store.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_cipher_list.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_client_CA_list.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_generate_session_id.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_info_callback.318
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_max_cert_list.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_mode.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_msg_callback.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_options.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_read_ahead.36
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_session_id_context.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_ssl_version.38
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_timeout.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.310
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.36
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.36
-rw-r--r--secure/lib/libssl/man/SSL_CTX_set_verify.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_use_certificate.313
-rw-r--r--secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.34
-rw-r--r--secure/lib/libssl/man/SSL_CTX_use_serverinfo.36
-rw-r--r--secure/lib/libssl/man/SSL_SESSION_free.34
-rw-r--r--secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.34
-rw-r--r--secure/lib/libssl/man/SSL_SESSION_get_time.34
-rw-r--r--secure/lib/libssl/man/SSL_accept.36
-rw-r--r--secure/lib/libssl/man/SSL_alert_type_string.36
-rw-r--r--secure/lib/libssl/man/SSL_check_chain.34
-rw-r--r--secure/lib/libssl/man/SSL_clear.34
-rw-r--r--secure/lib/libssl/man/SSL_connect.36
-rw-r--r--secure/lib/libssl/man/SSL_do_handshake.34
-rw-r--r--secure/lib/libssl/man/SSL_export_keying_material.34
-rw-r--r--secure/lib/libssl/man/SSL_free.34
-rw-r--r--secure/lib/libssl/man/SSL_get_SSL_CTX.34
-rw-r--r--secure/lib/libssl/man/SSL_get_ciphers.323
-rw-r--r--secure/lib/libssl/man/SSL_get_client_CA_list.34
-rw-r--r--secure/lib/libssl/man/SSL_get_current_cipher.34
-rw-r--r--secure/lib/libssl/man/SSL_get_default_timeout.34
-rw-r--r--secure/lib/libssl/man/SSL_get_error.34
-rw-r--r--secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.34
-rw-r--r--secure/lib/libssl/man/SSL_get_ex_new_index.34
-rw-r--r--secure/lib/libssl/man/SSL_get_fd.34
-rw-r--r--secure/lib/libssl/man/SSL_get_peer_cert_chain.34
-rw-r--r--secure/lib/libssl/man/SSL_get_peer_certificate.34
-rw-r--r--secure/lib/libssl/man/SSL_get_psk_identity.34
-rw-r--r--secure/lib/libssl/man/SSL_get_rbio.34
-rw-r--r--secure/lib/libssl/man/SSL_get_session.39
-rw-r--r--secure/lib/libssl/man/SSL_get_verify_result.34
-rw-r--r--secure/lib/libssl/man/SSL_get_version.310
-rw-r--r--secure/lib/libssl/man/SSL_library_init.34
-rw-r--r--secure/lib/libssl/man/SSL_load_client_CA_file.34
-rw-r--r--secure/lib/libssl/man/SSL_new.34
-rw-r--r--secure/lib/libssl/man/SSL_pending.34
-rw-r--r--secure/lib/libssl/man/SSL_read.36
-rw-r--r--secure/lib/libssl/man/SSL_rstate_string.34
-rw-r--r--secure/lib/libssl/man/SSL_session_reused.34
-rw-r--r--secure/lib/libssl/man/SSL_set_bio.36
-rw-r--r--secure/lib/libssl/man/SSL_set_connect_state.34
-rw-r--r--secure/lib/libssl/man/SSL_set_fd.36
-rw-r--r--secure/lib/libssl/man/SSL_set_session.34
-rw-r--r--secure/lib/libssl/man/SSL_set_shutdown.38
-rw-r--r--secure/lib/libssl/man/SSL_set_verify_result.34
-rw-r--r--secure/lib/libssl/man/SSL_shutdown.36
-rw-r--r--secure/lib/libssl/man/SSL_state_string.34
-rw-r--r--secure/lib/libssl/man/SSL_want.34
-rw-r--r--secure/lib/libssl/man/SSL_write.36
-rw-r--r--secure/lib/libssl/man/d2i_SSL_SESSION.34
-rw-r--r--secure/lib/libssl/man/ssl.310
-rw-r--r--secure/usr.bin/openssl/man/CA.pl.14
-rw-r--r--secure/usr.bin/openssl/man/asn1parse.16
-rw-r--r--secure/usr.bin/openssl/man/ca.114
-rw-r--r--secure/usr.bin/openssl/man/ciphers.114
-rw-r--r--secure/usr.bin/openssl/man/cms.138
-rw-r--r--secure/usr.bin/openssl/man/crl.14
-rw-r--r--secure/usr.bin/openssl/man/crl2pkcs7.14
-rw-r--r--secure/usr.bin/openssl/man/dgst.18
-rw-r--r--secure/usr.bin/openssl/man/dhparam.14
-rw-r--r--secure/usr.bin/openssl/man/dsa.14
-rw-r--r--secure/usr.bin/openssl/man/dsaparam.16
-rw-r--r--secure/usr.bin/openssl/man/ec.14
-rw-r--r--secure/usr.bin/openssl/man/ecparam.14
-rw-r--r--secure/usr.bin/openssl/man/enc.14
-rw-r--r--secure/usr.bin/openssl/man/errstr.14
-rw-r--r--secure/usr.bin/openssl/man/gendsa.14
-rw-r--r--secure/usr.bin/openssl/man/genpkey.1135
-rw-r--r--secure/usr.bin/openssl/man/genrsa.14
-rw-r--r--secure/usr.bin/openssl/man/nseq.14
-rw-r--r--secure/usr.bin/openssl/man/ocsp.16
-rw-r--r--secure/usr.bin/openssl/man/openssl.18
-rw-r--r--secure/usr.bin/openssl/man/passwd.14
-rw-r--r--secure/usr.bin/openssl/man/pkcs12.14
-rw-r--r--secure/usr.bin/openssl/man/pkcs7.14
-rw-r--r--secure/usr.bin/openssl/man/pkcs8.16
-rw-r--r--secure/usr.bin/openssl/man/pkey.14
-rw-r--r--secure/usr.bin/openssl/man/pkeyparam.14
-rw-r--r--secure/usr.bin/openssl/man/pkeyutl.14
-rw-r--r--secure/usr.bin/openssl/man/rand.14
-rw-r--r--secure/usr.bin/openssl/man/req.18
-rw-r--r--secure/usr.bin/openssl/man/rsa.18
-rw-r--r--secure/usr.bin/openssl/man/rsautl.14
-rw-r--r--secure/usr.bin/openssl/man/s_client.114
-rw-r--r--secure/usr.bin/openssl/man/s_server.110
-rw-r--r--secure/usr.bin/openssl/man/s_time.14
-rw-r--r--secure/usr.bin/openssl/man/sess_id.14
-rw-r--r--secure/usr.bin/openssl/man/smime.110
-rw-r--r--secure/usr.bin/openssl/man/speed.14
-rw-r--r--secure/usr.bin/openssl/man/spkac.110
-rw-r--r--secure/usr.bin/openssl/man/ts.116
-rw-r--r--secure/usr.bin/openssl/man/tsget.18
-rw-r--r--secure/usr.bin/openssl/man/verify.14
-rw-r--r--secure/usr.bin/openssl/man/version.14
-rw-r--r--secure/usr.bin/openssl/man/x509.112
-rw-r--r--secure/usr.bin/openssl/man/x509v3_config.14
500 files changed, 2948 insertions, 2086 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index cc142508b9a4..1c78e2a365e8 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -7,6 +7,64 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.0.2o and 1.0.2p [14 Aug 2018]
+
+ *) Client DoS due to large DH parameter
+
+ During key agreement in a TLS handshake using a DH(E) based ciphersuite a
+ malicious server can send a very large prime value to the client. This will
+ cause the client to spend an unreasonably long period of time generating a
+ key for this prime resulting in a hang until the client has finished. This
+ could be exploited in a Denial Of Service attack.
+
+ This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken
+ (CVE-2018-0732)
+ [Guido Vranken]
+
+ *) Cache timing vulnerability in RSA Key Generation
+
+ The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to
+ a cache timing side channel attack. An attacker with sufficient access to
+ mount cache timing attacks during the RSA key generation process could
+ recover the private key.
+
+ This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera
+ Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia.
+ (CVE-2018-0737)
+ [Billy Brumley]
+
+ *) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str
+ parameter is no longer accepted, as it leads to a corrupt table. NULL
+ pem_str is reserved for alias entries only.
+ [Richard Levitte]
+
+ *) Revert blinding in ECDSA sign and instead make problematic addition
+ length-invariant. Switch even to fixed-length Montgomery multiplication.
+ [Andy Polyakov]
+
+ *) Change generating and checking of primes so that the error rate of not
+ being prime depends on the intended use based on the size of the input.
+ For larger primes this will result in more rounds of Miller-Rabin.
+ The maximal error rate for primes with more than 1080 bits is lowered
+ to 2^-128.
+ [Kurt Roeckx, Annie Yousar]
+
+ *) Increase the number of Miller-Rabin rounds for DSA key generating to 64.
+ [Kurt Roeckx]
+
+ *) Add blinding to ECDSA and DSA signatures to protect against side channel
+ attacks discovered by Keegan Ryan (NCC Group).
+ [Matt Caswell]
+
+ *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
+ now allow empty (zero character) pass phrases.
+ [Richard Levitte]
+
+ *) Certificate time validation (X509_cmp_time) enforces stricter
+ compliance with RFC 5280. Fractional seconds and timezone offsets
+ are no longer allowed.
+ [Emilia Käsper]
+
Changes between 1.0.2n and 1.0.2o [27 Mar 2018]
*) Constructed ASN.1 types with a recursive definition could exceed the stack
diff --git a/crypto/openssl/CONTRIBUTING b/crypto/openssl/CONTRIBUTING
index f734d77ba76b..efcb0b84488d 100644
--- a/crypto/openssl/CONTRIBUTING
+++ b/crypto/openssl/CONTRIBUTING
@@ -1,26 +1,26 @@
-HOW TO CONTRIBUTE PATCHES TO OpenSSL
-------------------------------------
+HOW TO CONTRIBUTE TO OpenSSL
+----------------------------
(Please visit https://www.openssl.org/community/getting-started.html for
other ideas about how to contribute.)
-Development is coordinated on the openssl-dev mailing list (see the
-above link or https://mta.openssl.org for information on subscribing).
-If you are unsure as to whether a feature will be useful for the general
-OpenSSL community you might want to discuss it on the openssl-dev mailing
-list first. Someone may be already working on the same thing or there
-may be a good reason as to why that feature isn't implemented.
+Development is done on GitHub, https://github.com/openssl/openssl.
-To submit a patch, make a pull request on GitHub. If you think the patch
-could use feedback from the community, please start a thread on openssl-dev
-to discuss it.
+To request new features or report bugs, please open an issue on GitHub
-Having addressed the following items before the PR will help make the
-acceptance and review process faster:
+To submit a patch, please open a pull request on GitHub. If you are thinking
+of making a large contribution, open an issue for it before starting work,
+to get comments from the community. Someone may be already working on
+the same thing or there may be reasons why that feature isn't implemented.
- 1. Anything other than trivial contributions will require a contributor
- licensing agreement, giving us permission to use your code. See
- https://www.openssl.org/policies/cla.html for details.
+To make it easier to review and accept your pull request, please follow these
+guidelines:
+
+ 1. Anything other than a trivial contribution requires a Contributor
+ License Agreement (CLA), giving us permission to use your code. See
+ https://www.openssl.org/policies/cla.html for details. If your
+ contribution is too small to require a CLA, put "CLA: trivial" on a
+ line by itself in your commit message body.
2. All source files should start with the following text (with
appropriate comment characters at the start of each line and the
@@ -34,21 +34,21 @@ acceptance and review process faster:
https://www.openssl.org/source/license.html
3. Patches should be as current as possible; expect to have to rebase
- often. We do not accept merge commits; You will be asked to remove
- them before a patch is considered acceptable.
+ often. We do not accept merge commits, you will have to remove them
+ (usually by rebasing) before it will be acceptable.
4. Patches should follow our coding style (see
- https://www.openssl.org/policies/codingstyle.html) and compile without
- warnings. Where gcc or clang is availble you should use the
+ https://www.openssl.org/policies/codingstyle.html) and compile
+ without warnings. Where gcc or clang is available you should use the
--strict-warnings Configure option. OpenSSL compiles on many varied
- platforms: try to ensure you only use portable features.
- Clean builds via Travis and AppVeyor are expected, and done whenever
- a PR is created or updated.
+ platforms: try to ensure you only use portable features. Clean builds
+ via Travis and AppVeyor are required, and they are started automatically
+ whenever a PR is created or updated.
5. When at all possible, patches should include tests. These can
either be added to an existing test, or completely new. Please see
test/README for information on the test framework.
6. New features or changed functionality must include
- documentation. Please look at the "pod" files in doc/apps, doc/crypto
- and doc/ssl for examples of our style.
+ documentation. Please look at the "pod" files in doc for
+ examples of our style.
diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure
index 744b493b96f6..c7066dc97c58 100755
--- a/crypto/openssl/Configure
+++ b/crypto/openssl/Configure
@@ -1173,6 +1173,7 @@ foreach (sort (keys %disabled))
$depflags .= " -DOPENSSL_NO_$ALGO";
}
}
+ if (/^comp$/) { $zlib = 0; }
}
print "\n";
@@ -1671,6 +1672,13 @@ while (<PIPE>) {
}
close(PIPE);
+# Xcode did not handle $cc -M before clang support
+my $cc_as_makedepend = 0;
+if ($predefined{__GNUC__} >= 3 && !(defined($predefined{__APPLE_CC__})
+ && !defined($predefined{__clang__}))) {
+ $cc_as_makedepend = 1;
+}
+
if ($strict_warnings)
{
my $wopt;
@@ -1730,14 +1738,14 @@ while (<IN>)
s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/;
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $predefined{__GNUC__} >= 3;
+ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc_as_makedepend;
}
else {
s/^CC=.*$/CC= $cc/;
s/^AR=\s*ar/AR= $ar/;
s/^RANLIB=.*/RANLIB= $ranlib/;
s/^RC=.*/RC= $windres/;
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $predefined{__GNUC__} >= 3;
+ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc_as_makedepend;
}
s/^CFLAG=.*$/CFLAG= $cflags/;
s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
diff --git a/crypto/openssl/Makefile b/crypto/openssl/Makefile
index d28f6fac188f..978f833033e5 100644
--- a/crypto/openssl/Makefile
+++ b/crypto/openssl/Makefile
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.2o
+VERSION=1.0.2p
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS
index 5080f79a6cbf..93d1a52779b6 100644
--- a/crypto/openssl/NEWS
+++ b/crypto/openssl/NEWS
@@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.2o and OpenSSL 1.0.2p [14 Aug 2018]
+
+ o Client DoS due to large DH parameter (CVE-2018-0732)
+ o Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
+
Major changes between OpenSSL 1.0.2n and OpenSSL 1.0.2o [27 Mar 2018]
o Constructed ASN.1 types with a recursive definition could exceed the
diff --git a/crypto/openssl/README b/crypto/openssl/README
index a0fce3f5f974..15df936bc9e9 100644
--- a/crypto/openssl/README
+++ b/crypto/openssl/README
@@ -1,7 +1,7 @@
- OpenSSL 1.0.2o 27 Mar 2018
+ OpenSSL 1.0.2p 14 Aug 2018
- Copyright (c) 1998-2015 The OpenSSL Project
+ Copyright (c) 1998-2018 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c
index c5a515229556..fc1bae078df1 100644
--- a/crypto/openssl/apps/apps.c
+++ b/crypto/openssl/apps/apps.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -1359,7 +1359,8 @@ int set_name_ex(unsigned long *flags, const char *arg)
};
if (set_multi_opts(flags, arg, ex_tbl) == 0)
return 0;
- if ((*flags & XN_FLAG_SEP_MASK) == 0)
+ if (*flags != XN_FLAG_COMPAT
+ && (*flags & XN_FLAG_SEP_MASK) == 0)
*flags |= XN_FLAG_SEP_CPLUS_SPC;
return 1;
}
diff --git a/crypto/openssl/apps/asn1pars.c b/crypto/openssl/apps/asn1pars.c
index 0a6b990b503d..5b0def76de49 100644
--- a/crypto/openssl/apps/asn1pars.c
+++ b/crypto/openssl/apps/asn1pars.c
@@ -295,7 +295,7 @@ int MAIN(int argc, char **argv)
ASN1_TYPE *atmp;
int typ;
j = atoi(sk_OPENSSL_STRING_value(osk, i));
- if (j == 0) {
+ if (j <= 0 || j >= tmplen) {
BIO_printf(bio_err, "'%s' is an invalid number\n",
sk_OPENSSL_STRING_value(osk, i));
continue;
@@ -327,14 +327,14 @@ int MAIN(int argc, char **argv)
num = tmplen;
}
- if (offset >= num) {
- BIO_printf(bio_err, "Error: offset too large\n");
+ if (offset < 0 || offset >= num) {
+ BIO_printf(bio_err, "Error: offset out of range\n");
goto end;
}
num -= offset;
- if ((length == 0) || ((long)length > num))
+ if (length == 0 || length > (unsigned int)num)
length = (unsigned int)num;
if (derout) {
if (BIO_write(derout, str + offset, length) != (int)length) {
diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c
index 4f9de5492148..31e87738d56c 100644
--- a/crypto/openssl/apps/ca.c
+++ b/crypto/openssl/apps/ca.c
@@ -1176,10 +1176,13 @@ int MAIN(int argc, char **argv)
if (j > 0) {
total_done++;
BIO_printf(bio_err, "\n");
- if (!BN_add_word(serial, 1))
+ if (!BN_add_word(serial, 1)) {
+ X509_free(x);
goto err;
+ }
if (!sk_X509_push(cert_sk, x)) {
BIO_printf(bio_err, "Memory allocation failure\n");
+ X509_free(x);
goto err;
}
}
diff --git a/crypto/openssl/apps/ocsp.c b/crypto/openssl/apps/ocsp.c
index 654eebcbfc15..678e9932fdbf 100644
--- a/crypto/openssl/apps/ocsp.c
+++ b/crypto/openssl/apps/ocsp.c
@@ -4,7 +4,7 @@
* 2000.
*/
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -787,7 +787,6 @@ int MAIN(int argc, char **argv)
OCSP_response_status_str(i), i);
if (ignore_err)
goto redo_accept;
- ret = 0;
goto end;
}
diff --git a/crypto/openssl/apps/passwd.c b/crypto/openssl/apps/passwd.c
index 56e10ad3d8f1..718f0e0124dd 100644
--- a/crypto/openssl/apps/passwd.c
+++ b/crypto/openssl/apps/passwd.c
@@ -306,9 +306,9 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
out_buf[0] = '$';
out_buf[1] = 0;
assert(strlen(magic) <= 4); /* "1" or "apr1" */
- strncat(out_buf, magic, 4);
- strncat(out_buf, "$", 1);
- strncat(out_buf, salt, 8);
+ BUF_strlcat(out_buf, magic, sizeof(out_buf));
+ BUF_strlcat(out_buf, "$", sizeof(out_buf));
+ BUF_strlcat(out_buf, salt, sizeof(out_buf));
assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
salt_out = out_buf + 2 + strlen(magic);
salt_len = strlen(salt_out);
diff --git a/crypto/openssl/apps/s_apps.h b/crypto/openssl/apps/s_apps.h
index 5ba1e1d6d86d..cbb61baf77d6 100644
--- a/crypto/openssl/apps/s_apps.h
+++ b/crypto/openssl/apps/s_apps.h
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -152,9 +152,8 @@ typedef fd_mask fd_set;
#define PROTOCOL "tcp"
int do_server(int port, int type, int *ret,
- int (*cb) (char *hostname, int s, int stype,
- unsigned char *context), unsigned char *context,
- int naccept);
+ int (*cb) (int s, int stype, unsigned char *context),
+ unsigned char *context, int naccept);
#ifdef HEADER_X509_H
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
#endif
diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c
index c85566855fef..b455d9012d80 100644
--- a/crypto/openssl/apps/s_client.c
+++ b/crypto/openssl/apps/s_client.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -337,7 +337,7 @@ static void sc_usage(void)
BIO_printf(bio_err,
" -prexit - print session information even on connection failure\n");
BIO_printf(bio_err,
- " -showcerts - show all certificates in the chain\n");
+ " -showcerts - Show all certificates sent by the server\n");
BIO_printf(bio_err, " -debug - extra output\n");
#ifdef WATT32
BIO_printf(bio_err, " -wdebug - WATT-32 tcp debugging\n");
diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c
index 83918fb6d39a..ce7a1d64b639 100644
--- a/crypto/openssl/apps/s_server.c
+++ b/crypto/openssl/apps/s_server.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -209,9 +209,9 @@ typedef unsigned int u_int;
#ifndef OPENSSL_NO_RSA
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
#endif
-static int sv_body(char *hostname, int s, int stype, unsigned char *context);
-static int www_body(char *hostname, int s, int stype, unsigned char *context);
-static int rev_body(char *hostname, int s, int stype, unsigned char *context);
+static int sv_body(int s, int stype, unsigned char *context);
+static int www_body(int s, int stype, unsigned char *context);
+static int rev_body(int s, int stype, unsigned char *context);
static void close_accept_socket(void);
static void sv_usage(void);
static int init_ssl_connection(SSL *s);
@@ -1087,11 +1087,14 @@ int MAIN(int argc, char *argv[])
char *chCApath = NULL, *chCAfile = NULL;
char *vfyCApath = NULL, *vfyCAfile = NULL;
unsigned char *context = NULL;
+#ifndef OPENSSL_NO_DH
char *dhfile = NULL;
+ int no_dhe = 0;
+#endif
int badop = 0;
int ret = 1;
int build_chain = 0;
- int no_tmp_rsa = 0, no_dhe = 0, no_ecdhe = 0, nocert = 0;
+ int no_tmp_rsa = 0, no_ecdhe = 0, nocert = 0;
int state = 0;
const SSL_METHOD *meth = NULL;
int socket_type = SOCK_STREAM;
@@ -1239,11 +1242,15 @@ int MAIN(int argc, char *argv[])
if (--argc < 1)
goto bad;
s_chain_file = *(++argv);
- } else if (strcmp(*argv, "-dhparam") == 0) {
+ }
+#ifndef OPENSSL_NO_DH
+ else if (strcmp(*argv, "-dhparam") == 0) {
if (--argc < 1)
goto bad;
dhfile = *(++argv);
- } else if (strcmp(*argv, "-dcertform") == 0) {
+ }
+#endif
+ else if (strcmp(*argv, "-dcertform") == 0) {
if (--argc < 1)
goto bad;
s_dcert_format = str2fmt(*(++argv));
@@ -1390,9 +1397,13 @@ int MAIN(int argc, char *argv[])
verify_quiet = 1;
} else if (strcmp(*argv, "-no_tmp_rsa") == 0) {
no_tmp_rsa = 1;
- } else if (strcmp(*argv, "-no_dhe") == 0) {
+ }
+#ifndef OPENSSL_NO_DH
+ else if (strcmp(*argv, "-no_dhe") == 0) {
no_dhe = 1;
- } else if (strcmp(*argv, "-no_ecdhe") == 0) {
+ }
+#endif
+ else if (strcmp(*argv, "-no_ecdhe") == 0) {
no_ecdhe = 1;
} else if (strcmp(*argv, "-no_resume_ephemeral") == 0) {
no_resume_ephemeral = 1;
@@ -2165,7 +2176,7 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
SSL_CTX_sess_get_cache_size(ssl_ctx));
}
-static int sv_body(char *hostname, int s, int stype, unsigned char *context)
+static int sv_body(int s, int stype, unsigned char *context)
{
char *buf = NULL;
fd_set readfds;
@@ -2780,7 +2791,7 @@ static int load_CA(SSL_CTX *ctx, char *file)
}
#endif
-static int www_body(char *hostname, int s, int stype, unsigned char *context)
+static int www_body(int s, int stype, unsigned char *context)
{
char *buf = NULL;
int ret = 1;
@@ -3183,7 +3194,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
return (ret);
}
-static int rev_body(char *hostname, int s, int stype, unsigned char *context)
+static int rev_body(int s, int stype, unsigned char *context)
{
char *buf = NULL;
int i;
diff --git a/crypto/openssl/apps/s_socket.c b/crypto/openssl/apps/s_socket.c
index 83624ca84f15..b3848dd1563d 100644
--- a/crypto/openssl/apps/s_socket.c
+++ b/crypto/openssl/apps/s_socket.c
@@ -109,7 +109,7 @@ static int ssl_sock_init(void);
static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
static int init_server(int *sock, int port, int type);
static int init_server_long(int *sock, int port, char *ip, int type);
-static int do_accept(int acc_sock, int *sock, char **host);
+static int do_accept(int acc_sock, int *sock);
static int host_ip(char *str, unsigned char ip[4]);
# ifdef OPENSSL_SYS_WIN16
@@ -290,12 +290,10 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
}
int do_server(int port, int type, int *ret,
- int (*cb) (char *hostname, int s, int stype,
- unsigned char *context), unsigned char *context,
- int naccept)
+ int (*cb) (int s, int stype, unsigned char *context),
+ unsigned char *context, int naccept)
{
int sock;
- char *name = NULL;
int accept_socket = 0;
int i;
@@ -308,15 +306,13 @@ int do_server(int port, int type, int *ret,
}
for (;;) {
if (type == SOCK_STREAM) {
- if (do_accept(accept_socket, &sock, &name) == 0) {
+ if (do_accept(accept_socket, &sock) == 0) {
SHUTDOWN(accept_socket);
return (0);
}
} else
sock = accept_socket;
- i = (*cb) (name, sock, type, context);
- if (name != NULL)
- OPENSSL_free(name);
+ i = (*cb) (sock, type, context);
if (type == SOCK_STREAM)
SHUTDOWN2(sock);
if (naccept != -1)
@@ -386,30 +382,24 @@ static int init_server(int *sock, int port, int type)
return (init_server_long(sock, port, NULL, type));
}
-static int do_accept(int acc_sock, int *sock, char **host)
+static int do_accept(int acc_sock, int *sock)
{
int ret;
- struct hostent *h1, *h2;
- static struct sockaddr_in from;
- int len;
-/* struct linger ling; */
if (!ssl_sock_init())
- return (0);
+ return 0;
# ifndef OPENSSL_SYS_WINDOWS
redoit:
# endif
- memset((char *)&from, 0, sizeof(from));
- len = sizeof(from);
/*
* Note: under VMS with SOCKETSHR the fourth parameter is currently of
* type (int *) whereas under other systems it is (void *) if you don't
* have a cast it will choke the compiler: if you do have a cast then you
* can either go for (int *) or (void *).
*/
- ret = accept(acc_sock, (struct sockaddr *)&from, (void *)&len);
+ ret = accept(acc_sock, NULL, NULL);
if (ret == INVALID_SOCKET) {
# if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
int i;
@@ -425,56 +415,11 @@ static int do_accept(int acc_sock, int *sock, char **host)
fprintf(stderr, "errno=%d ", errno);
perror("accept");
# endif
- return (0);
+ return 0;
}
-/*-
- ling.l_onoff=1;
- ling.l_linger=0;
- i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
- if (i < 0) { perror("linger"); return(0); }
- i=0;
- i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
- if (i < 0) { perror("keepalive"); return(0); }
-*/
-
- if (host == NULL)
- goto end;
-# ifndef BIT_FIELD_LIMITS
- /* I should use WSAAsyncGetHostByName() under windows */
- h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
- sizeof(from.sin_addr.s_addr), AF_INET);
-# else
- h1 = gethostbyaddr((char *)&from.sin_addr,
- sizeof(struct in_addr), AF_INET);
-# endif
- if (h1 == NULL) {
- BIO_printf(bio_err, "bad gethostbyaddr\n");
- *host = NULL;
- /* return(0); */
- } else {
- if ((*host = (char *)OPENSSL_malloc(strlen(h1->h_name) + 1)) == NULL) {
- perror("OPENSSL_malloc");
- closesocket(ret);
- return (0);
- }
- BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);
-
- h2 = GetHostByName(*host);
- if (h2 == NULL) {
- BIO_printf(bio_err, "gethostbyname failure\n");
- closesocket(ret);
- return (0);
- }
- if (h2->h_addrtype != AF_INET) {
- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
- closesocket(ret);
- return (0);
- }
- }
- end:
*sock = ret;
- return (1);
+ return 1;
}
int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
diff --git a/crypto/openssl/apps/verify.c b/crypto/openssl/apps/verify.c
index c4bd1975764c..180ccf495c2f 100644
--- a/crypto/openssl/apps/verify.c
+++ b/crypto/openssl/apps/verify.c
@@ -277,6 +277,7 @@ static int check(X509_STORE *ctx, char *file,
X509_STORE_set_flags(ctx, vflags);
if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
ERR_print_errors(bio_err);
+ X509_STORE_CTX_free(csc);
goto end;
}
if (tchain)
diff --git a/crypto/openssl/crypto/Makefile b/crypto/openssl/crypto/Makefile
index 1857ab8823f1..8c4ccd24e87b 100644
--- a/crypto/openssl/crypto/Makefile
+++ b/crypto/openssl/crypto/Makefile
@@ -46,7 +46,7 @@ SRC= $(LIBSRC)
EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
ossl_typ.h
HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h \
- constant_time_locl.h $(EXHEADER)
+ constant_time_locl.h bn_int.h $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
diff --git a/crypto/openssl/crypto/asn1/a_bool.c b/crypto/openssl/crypto/asn1/a_bool.c
index 1b85bc9e61cd..3bf676eb6fb5 100644
--- a/crypto/openssl/crypto/asn1/a_bool.c
+++ b/crypto/openssl/crypto/asn1/a_bool.c
@@ -63,17 +63,31 @@
int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
{
int r;
- unsigned char *p;
+ unsigned char *p, *allocated = NULL;
r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN);
if (pp == NULL)
return (r);
- p = *pp;
+
+ if (*pp == NULL) {
+ if ((p = allocated = OPENSSL_malloc(r)) == NULL) {
+ ASN1err(ASN1_F_I2D_ASN1_BOOLEAN, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ } else {
+ p = *pp;
+ }
ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL);
- *(p++) = (unsigned char)a;
- *pp = p;
- return (r);
+ *p = (unsigned char)a;
+
+
+ /*
+ * If a new buffer was allocated, just return it back.
+ * If not, return the incremented buffer pointer.
+ */
+ *pp = allocated != NULL ? allocated : p + 1;
+ return r;
}
int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)
diff --git a/crypto/openssl/crypto/asn1/a_object.c b/crypto/openssl/crypto/asn1/a_object.c
index ad6b12a53667..ce05cf4c4b9f 100644
--- a/crypto/openssl/crypto/asn1/a_object.c
+++ b/crypto/openssl/crypto/asn1/a_object.c
@@ -66,7 +66,7 @@
int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
{
- unsigned char *p;
+ unsigned char *p, *allocated = NULL;
int objsize;
if ((a == NULL) || (a->data == NULL))
@@ -76,13 +76,24 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
if (pp == NULL || objsize == -1)
return objsize;
- p = *pp;
+ if (*pp == NULL) {
+ if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) {
+ ASN1err(ASN1_F_I2D_ASN1_OBJECT, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ } else {
+ p = *pp;
+ }
+
ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
memcpy(p, a->data, a->length);
- p += a->length;
- *pp = p;
- return (objsize);
+ /*
+ * If a new buffer was allocated, just return it back.
+ * If not, return the incremented buffer pointer.
+ */
+ *pp = allocated != NULL ? allocated : p + a->length;
+ return objsize;
}
int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
diff --git a/crypto/openssl/crypto/asn1/a_strex.c b/crypto/openssl/crypto/asn1/a_strex.c
index 95f041620735..11b21c2af7b8 100644
--- a/crypto/openssl/crypto/asn1/a_strex.c
+++ b/crypto/openssl/crypto/asn1/a_strex.c
@@ -4,7 +4,7 @@
* 2000.
*/
/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -194,18 +194,38 @@ static int do_buf(unsigned char *buf, int buflen,
int type, unsigned char flags, char *quotes, char_io *io_ch,
void *arg)
{
- int i, outlen, len;
+ int i, outlen, len, charwidth;
unsigned char orflags, *p, *q;
unsigned long c;
p = buf;
q = buf + buflen;
outlen = 0;
+ charwidth = type & BUF_TYPE_WIDTH_MASK;
+
+ switch (charwidth) {
+ case 4:
+ if (buflen & 3) {
+ ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
+ return -1;
+ }
+ break;
+ case 2:
+ if (buflen & 1) {
+ ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_BMPSTRING_LENGTH);
+ return -1;
+ }
+ break;
+ default:
+ break;
+ }
+
while (p != q) {
if (p == buf && flags & ASN1_STRFLGS_ESC_2253)
orflags = CHARTYPE_FIRST_ESC_2253;
else
orflags = 0;
- switch (type & BUF_TYPE_WIDTH_MASK) {
+
+ switch (charwidth) {
case 4:
c = ((unsigned long)*p++) << 24;
c |= ((unsigned long)*p++) << 16;
@@ -226,6 +246,7 @@ static int do_buf(unsigned char *buf, int buflen,
i = UTF8_getc(p, buflen, &c);
if (i < 0)
return -1; /* Invalid UTF8String */
+ buflen -= i;
p += i;
break;
default:
diff --git a/crypto/openssl/crypto/asn1/ameth_lib.c b/crypto/openssl/crypto/asn1/ameth_lib.c
index 43ddebba33a6..cc8f9a8243e7 100644
--- a/crypto/openssl/crypto/asn1/ameth_lib.c
+++ b/crypto/openssl/crypto/asn1/ameth_lib.c
@@ -3,7 +3,7 @@
* 2006.
*/
/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -305,6 +305,18 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
} else
ameth->info = NULL;
+ /*
+ * One of the following must be true:
+ *
+ * pem_str == NULL AND ASN1_PKEY_ALIAS is set
+ * pem_str != NULL AND ASN1_PKEY_ALIAS is clear
+ *
+ * Anything else is an error and may lead to a corrupt ASN1 method table
+ */
+ if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0)
+ || (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0)))
+ goto err;
+
if (pem_str) {
ameth->pem_str = BUF_strdup(pem_str);
if (!ameth->pem_str)
diff --git a/crypto/openssl/crypto/asn1/asn1.h b/crypto/openssl/crypto/asn1/asn1.h
index 35a2b2aa0238..36e79d5ecd2d 100644
--- a/crypto/openssl/crypto/asn1/asn1.h
+++ b/crypto/openssl/crypto/asn1/asn1.h
@@ -1164,6 +1164,7 @@ int SMIME_text(BIO *in, BIO *out);
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+
void ERR_load_ASN1_strings(void);
/* Error codes for the ASN1 functions. */
@@ -1264,7 +1265,10 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_D2I_X509 156
# define ASN1_F_D2I_X509_CINF 157
# define ASN1_F_D2I_X509_PKEY 159
+# define ASN1_F_DO_BUF 221
# define ASN1_F_I2D_ASN1_BIO_STREAM 211
+# define ASN1_F_I2D_ASN1_BOOLEAN 223
+# define ASN1_F_I2D_ASN1_OBJECT 222
# define ASN1_F_I2D_ASN1_SET 188
# define ASN1_F_I2D_ASN1_TIME 160
# define ASN1_F_I2D_DSA_PUBKEY 161
@@ -1414,7 +1418,7 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_WRONG_TAG 168
# define ASN1_R_WRONG_TYPE 169
-#ifdef __cplusplus
+# ifdef __cplusplus
}
-#endif
+# endif
#endif
diff --git a/crypto/openssl/crypto/asn1/asn1_err.c b/crypto/openssl/crypto/asn1/asn1_err.c
index cfc1512f9d07..9e273dcf5f23 100644
--- a/crypto/openssl/crypto/asn1/asn1_err.c
+++ b/crypto/openssl/crypto/asn1/asn1_err.c
@@ -166,7 +166,10 @@ static ERR_STRING_DATA ASN1_str_functs[] = {
{ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
{ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
{ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
+ {ERR_FUNC(ASN1_F_DO_BUF), "DO_BUF"},
{ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"},
+ {ERR_FUNC(ASN1_F_I2D_ASN1_BOOLEAN), "i2d_ASN1_BOOLEAN"},
+ {ERR_FUNC(ASN1_F_I2D_ASN1_OBJECT), "i2d_ASN1_OBJECT"},
{ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
{ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"},
{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
diff --git a/crypto/openssl/crypto/asn1/tasn_enc.c b/crypto/openssl/crypto/asn1/tasn_enc.c
index 081a9d534f8a..1824b2fc80f7 100644
--- a/crypto/openssl/crypto/asn1/tasn_enc.c
+++ b/crypto/openssl/crypto/asn1/tasn_enc.c
@@ -4,7 +4,7 @@
* 2000.
*/
/* ====================================================================
- * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -588,6 +588,8 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
otmp = (ASN1_OBJECT *)*pval;
cont = otmp->data;
len = otmp->length;
+ if (cont == NULL || len == 0)
+ return -1;
break;
case V_ASN1_NULL:
diff --git a/crypto/openssl/crypto/bio/bss_log.c b/crypto/openssl/crypto/bio/bss_log.c
index 1283a525b446..1b063fc2813d 100644
--- a/crypto/openssl/crypto/bio/bss_log.c
+++ b/crypto/openssl/crypto/bio/bss_log.c
@@ -1,6 +1,6 @@
/* crypto/bio/bss_log.c */
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -242,7 +242,7 @@ static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl)
if ((buf = (char *)OPENSSL_malloc(inl + 1)) == NULL) {
return (0);
}
- strncpy(buf, in, inl);
+ memcpy(buf, in, inl);
buf[inl] = '\0';
i = 0;
diff --git a/crypto/openssl/crypto/bio/bss_mem.c b/crypto/openssl/crypto/bio/bss_mem.c
index b0394a960da1..6ccb8e27886d 100644
--- a/crypto/openssl/crypto/bio/bss_mem.c
+++ b/crypto/openssl/crypto/bio/bss_mem.c
@@ -188,6 +188,8 @@ static int mem_write(BIO *b, const char *in, int inl)
}
BIO_clear_retry_flags(b);
+ if (inl == 0)
+ return 0;
blen = bm->length;
if (BUF_MEM_grow_clean(bm, blen + inl) != (blen + inl))
goto end;
diff --git a/crypto/openssl/crypto/bn/Makefile b/crypto/openssl/crypto/bn/Makefile
index 20e8ef0a28d7..9fc4447cfcfd 100644
--- a/crypto/openssl/crypto/bn/Makefile
+++ b/crypto/openssl/crypto/bn/Makefile
@@ -197,21 +197,24 @@ bn_add.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_add.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_add.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_add.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_add.c bn_lcl.h
+bn_add.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_add.c
+bn_add.o: bn_lcl.h
bn_asm.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_asm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_asm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_asm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_asm.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_asm.c bn_lcl.h
+bn_asm.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_asm.c
+bn_asm.o: bn_lcl.h
bn_blind.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_blind.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_blind.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_blind.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_blind.c bn_lcl.h
+bn_blind.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h
+bn_blind.o: bn_blind.c bn_lcl.h
bn_const.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
bn_const.o: ../../include/openssl/opensslconf.h
bn_const.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
@@ -223,7 +226,8 @@ bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_ctx.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_ctx.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_ctx.c bn_lcl.h
+bn_ctx.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_ctx.c
+bn_ctx.o: bn_lcl.h
bn_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_depr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -231,14 +235,15 @@ bn_depr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
bn_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bn_depr.o: ../cryptlib.h bn_depr.c bn_lcl.h
+bn_depr.o: ../bn_int.h ../cryptlib.h bn_depr.c bn_lcl.h
bn_div.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_div.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_div.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_div.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_div.c bn_lcl.h
+bn_div.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_div.c
+bn_div.o: bn_lcl.h
bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
bn_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
@@ -252,7 +257,7 @@ bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_exp.o: ../../include/openssl/symhacks.h ../constant_time_locl.h
+bn_exp.o: ../../include/openssl/symhacks.h ../bn_int.h ../constant_time_locl.h
bn_exp.o: ../cryptlib.h bn_exp.c bn_lcl.h rsaz_exp.h
bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -260,70 +265,80 @@ bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_exp2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_exp2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_exp2.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp2.c bn_lcl.h
+bn_exp2.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_exp2.c
+bn_exp2.o: bn_lcl.h
bn_gcd.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_gcd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_gcd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_gcd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_gcd.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gcd.c bn_lcl.h
+bn_gcd.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_gcd.c
+bn_gcd.o: bn_lcl.h
bn_gf2m.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_gf2m.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_gf2m.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_gf2m.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_gf2m.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_gf2m.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_gf2m.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gf2m.c bn_lcl.h
+bn_gf2m.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_gf2m.c
+bn_gf2m.o: bn_lcl.h
bn_kron.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_kron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_kron.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_kron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_kron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_kron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_kron.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_kron.c bn_lcl.h
+bn_kron.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_kron.c
+bn_kron.o: bn_lcl.h
bn_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_lib.c
+bn_lib.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
+bn_lib.o: bn_lib.c
bn_mod.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_mod.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_mod.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_mod.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_mod.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mod.c
+bn_mod.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
+bn_mod.o: bn_mod.c
bn_mont.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_mont.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_mont.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mont.c
+bn_mont.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
+bn_mont.o: bn_mont.c
bn_mpi.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_mpi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_mpi.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_mpi.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_mpi.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mpi.c
+bn_mpi.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
+bn_mpi.o: bn_mpi.c
bn_mul.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_mul.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_mul.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_mul.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_mul.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mul.c
+bn_mul.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
+bn_mul.o: bn_mul.c
bn_nist.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_nist.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_nist.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_nist.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_nist.c
+bn_nist.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
+bn_nist.o: bn_nist.c
bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -331,14 +346,15 @@ bn_prime.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_prime.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
bn_prime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bn_prime.o: ../cryptlib.h bn_lcl.h bn_prime.c bn_prime.h
+bn_prime.o: ../bn_int.h ../cryptlib.h bn_lcl.h bn_prime.c bn_prime.h
bn_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_print.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_print.c
+bn_print.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
+bn_print.o: bn_print.c
bn_rand.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -346,42 +362,47 @@ bn_rand.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
bn_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bn_rand.o: ../cryptlib.h bn_lcl.h bn_rand.c
+bn_rand.o: ../bn_int.h ../cryptlib.h bn_lcl.h bn_rand.c
bn_recp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_recp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_recp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_recp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_recp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_recp.c
+bn_recp.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
+bn_recp.o: bn_recp.c
bn_shift.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_shift.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_shift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_shift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_shift.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_shift.c
+bn_shift.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
+bn_shift.o: bn_shift.c
bn_sqr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_sqr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_sqr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_sqr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_sqr.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqr.c
+bn_sqr.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
+bn_sqr.o: bn_sqr.c
bn_sqrt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_sqrt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_sqrt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_sqrt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_sqrt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_sqrt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_sqrt.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqrt.c
+bn_sqrt.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
+bn_sqrt.o: bn_sqrt.c
bn_word.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
bn_word.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_word.c
+bn_word.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h bn_lcl.h
+bn_word.o: bn_word.c
bn_x931p.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
bn_x931p.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
bn_x931p.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
diff --git a/crypto/openssl/crypto/bn/asm/armv4-mont.pl b/crypto/openssl/crypto/bn/asm/armv4-mont.pl
index 1d330e9f8aa3..8961180c0095 100755
--- a/crypto/openssl/crypto/bn/asm/armv4-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/armv4-mont.pl
@@ -216,14 +216,15 @@ bn_mul_mont:
mov $tp,sp @ "rewind" $tp
sub $rp,$rp,$aj @ "rewind" $rp
- and $ap,$tp,$nhi
- bic $np,$rp,$nhi
- orr $ap,$ap,$np @ ap=borrow?tp:rp
-
-.Lcopy: ldr $tj,[$ap],#4 @ copy or in-place refresh
+.Lcopy: ldr $tj,[$tp] @ conditional copy
+ ldr $aj,[$rp]
str sp,[$tp],#4 @ zap tp
- str $tj,[$rp],#4
- cmp $tp,$num
+#ifdef __thumb2__
+ it cc
+#endif
+ movcc $aj,$tj
+ str $aj,[$rp],#4
+ teq $tp,$num @ preserve carry
bne .Lcopy
add sp,$num,#4 @ skip over tp[num+1]
diff --git a/crypto/openssl/crypto/bn/asm/ia64-mont.pl b/crypto/openssl/crypto/bn/asm/ia64-mont.pl
index e258658428a3..7dae817ddd98 100755
--- a/crypto/openssl/crypto/bn/asm/ia64-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/ia64-mont.pl
@@ -332,19 +332,19 @@ bn_mul_mont_general:
{ .mmb; sub rptr=rptr,len // rewind
sub tptr=tptr,len
clrrrb.pr };;
-{ .mmi; and aptr=tptr,topbit
- andcm bptr=rptr,topbit
+{ .mmi; mov aptr=rptr
+ mov bptr=tptr
mov pr.rot=1<<16 };;
-{ .mii; or nptr=aptr,bptr
+{ .mii; cmp.eq p0,p6=topbit,r0
mov ar.lc=lc
- mov ar.ec=3 };;
+ mov ar.ec=2 };;
.Lcopy_ctop:
-{ .mmb; (p16) ld8 n[0]=[nptr],8
- (p18) st8 [tptr]=r0,8
- (p16) nop.b 0 }
-{ .mmb; (p16) nop.m 0
- (p18) st8 [rptr]=n[2],8
+{ .mmi; (p16) ld8 a[0]=[aptr],8
+ (p16) ld8 t[0]=[bptr],8
+ (p6) mov a[1]=t[1] };; // (p17)
+{ .mmb; (p17) st8 [rptr]=a[1],8
+ (p17) st8 [tptr]=r0,8
br.ctop.sptk .Lcopy_ctop };;
.Lcopy_cend:
diff --git a/crypto/openssl/crypto/bn/asm/mips-mont.pl b/crypto/openssl/crypto/bn/asm/mips-mont.pl
index a33cdf411121..9b80e84140d7 100755
--- a/crypto/openssl/crypto/bn/asm/mips-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/mips-mont.pl
@@ -377,15 +377,13 @@ $code.=<<___;
$PTR_SUB $rp,$num # restore rp
not $hi1,$hi0
- and $ap,$hi0,$sp
- and $bp,$hi1,$rp
- or $ap,$ap,$bp # ap=borrow?tp:rp
-
-.align 4
-.Lcopy: $LD $aj,($ap)
- $PTR_ADD $ap,$BNSZ
+.Lcopy: $LD $nj,($tp) # conditional move
+ $LD $aj,($rp)
$ST $zero,($tp)
$PTR_ADD $tp,$BNSZ
+ and $nj,$hi0
+ and $aj,$hi1
+ or $aj,$nj
sltu $at,$tp,$tj
$ST $aj,($rp)
bnez $at,.Lcopy
diff --git a/crypto/openssl/crypto/bn/asm/parisc-mont.pl b/crypto/openssl/crypto/bn/asm/parisc-mont.pl
index c02ef6f01466..53e179d18804 100755
--- a/crypto/openssl/crypto/bn/asm/parisc-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/parisc-mont.pl
@@ -510,7 +510,6 @@ L\$sub
stws,ma $hi1,4($rp)
subb $ti0,%r0,$hi1
- ldo -4($tp),$tp
___
$code.=<<___ if ($BN_SZ==8);
ldd,ma 8($tp),$ti0
@@ -525,21 +524,19 @@ L\$sub
extrd,u $ti0,31,32,$ti0 ; carry in flipped word order
sub,db $ti0,%r0,$hi1
- ldo -8($tp),$tp
___
$code.=<<___;
- and $tp,$hi1,$ap
- andcm $rp,$hi1,$bp
- or $ap,$bp,$np
-
+ ldo `$LOCALS+32`($fp),$tp
sub $rp,$arrsz,$rp ; rewind rp
subi 0,$arrsz,$idx
- ldo `$LOCALS+32`($fp),$tp
L\$copy
- ldd $idx($np),$hi0
+ ldd 0($tp),$ti0
+ ldd 0($rp),$hi0
std,ma %r0,8($tp)
- addib,<> 8,$idx,.-8 ; L\$copy
- std,ma $hi0,8($rp)
+ comiclr,= 0,$hi1,%r0
+ copy $ti0,$hi0
+ addib,<> 8,$idx,L\$copy
+ std,ma $hi0,8($rp)
___
if ($BN_SZ==4) { # PA-RISC 1.1 code-path
@@ -849,17 +846,16 @@ L\$sub_pa11
stws,ma $hi1,4($rp)
subb $ti0,%r0,$hi1
- ldo -4($tp),$tp
- and $tp,$hi1,$ap
- andcm $rp,$hi1,$bp
- or $ap,$bp,$np
+ ldo `$LOCALS+32`($fp),$tp
sub $rp,$arrsz,$rp ; rewind rp
subi 0,$arrsz,$idx
- ldo `$LOCALS+32`($fp),$tp
L\$copy_pa11
- ldwx $idx($np),$hi0
+ ldw 0($tp),$ti0
+ ldw 0($rp),$hi0
stws,ma %r0,4($tp)
+ comiclr,= 0,$hi1,%r0
+ copy $ti0,$hi0
addib,<> 4,$idx,L\$copy_pa11
stws,ma $hi0,4($rp)
diff --git a/crypto/openssl/crypto/bn/asm/ppc-mont.pl b/crypto/openssl/crypto/bn/asm/ppc-mont.pl
index 6930a3acebd2..ac3b4a4c9bca 100755
--- a/crypto/openssl/crypto/bn/asm/ppc-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/ppc-mont.pl
@@ -294,15 +294,16 @@ Lsub: $LDX $tj,$tp,$j
li $j,0
mtctr $num
subfe $ovf,$j,$ovf ; handle upmost overflow bit
- and $ap,$tp,$ovf
- andc $np,$rp,$ovf
- or $ap,$ap,$np ; ap=borrow?tp:rp
.align 4
-Lcopy: ; copy or in-place refresh
- $LDX $tj,$ap,$j
- $STX $tj,$rp,$j
+Lcopy: ; conditional copy
+ $LDX $tj,$tp,$j
+ $LDX $aj,$rp,$j
+ and $tj,$tj,$ovf
+ andc $aj,$aj,$ovf
$STX $j,$tp,$j ; zap at once
+ or $aj,$aj,$tj
+ $STX $aj,$rp,$j
addi $j,$j,$BNSZ
bdnz Lcopy
diff --git a/crypto/openssl/crypto/bn/asm/ppc64-mont.pl b/crypto/openssl/crypto/bn/asm/ppc64-mont.pl
index 595fc6d31f60..6cf99c5db330 100755
--- a/crypto/openssl/crypto/bn/asm/ppc64-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/ppc64-mont.pl
@@ -1494,16 +1494,14 @@ Lsub: ldx $t0,$tp,$i
li $i,0
subfe $ovf,$i,$ovf ; handle upmost overflow bit
- and $ap,$tp,$ovf
- andc $np,$rp,$ovf
- or $ap,$ap,$np ; ap=borrow?tp:rp
- addi $t7,$ap,8
mtctr $j
.align 4
-Lcopy: ; copy or in-place refresh
- ldx $t0,$ap,$i
- ldx $t1,$t7,$i
+Lcopy: ; conditional copy
+ ldx $t0,$tp,$i
+ ldx $t1,$t4,$i
+ ldx $t2,$rp,$i
+ ldx $t3,$t6,$i
std $i,8($nap_d) ; zap nap_d
std $i,16($nap_d)
std $i,24($nap_d)
@@ -1512,6 +1510,12 @@ Lcopy: ; copy or in-place refresh
std $i,48($nap_d)
std $i,56($nap_d)
stdu $i,64($nap_d)
+ and $t0,$t0,$ovf
+ and $t1,$t1,$ovf
+ andc $t2,$t2,$ovf
+ andc $t3,$t3,$ovf
+ or $t0,$t0,$t2
+ or $t1,$t1,$t3
stdx $t0,$rp,$i
stdx $t1,$t6,$i
stdx $i,$tp,$i ; zap tp at once
@@ -1554,20 +1558,21 @@ Lsub: lwz $t0,12($tp) ; load tp[j..j+3] in 64-bit word order
li $i,0
subfe $ovf,$i,$ovf ; handle upmost overflow bit
- addi $tp,$sp,`$FRAME+$TRANSFER+4`
+ addi $ap,$sp,`$FRAME+$TRANSFER+4`
subf $rp,$num,$rp ; rewind rp
- and $ap,$tp,$ovf
- andc $np,$rp,$ovf
- or $ap,$ap,$np ; ap=borrow?tp:rp
addi $tp,$sp,`$FRAME+$TRANSFER`
mtctr $j
.align 4
-Lcopy: ; copy or in-place refresh
+Lcopy: ; conditional copy
lwz $t0,4($ap)
lwz $t1,8($ap)
lwz $t2,12($ap)
lwzu $t3,16($ap)
+ lwz $t4,4($rp)
+ lwz $t5,8($rp)
+ lwz $t6,12($rp)
+ lwz $t7,16($rp)
std $i,8($nap_d) ; zap nap_d
std $i,16($nap_d)
std $i,24($nap_d)
@@ -1576,6 +1581,18 @@ Lcopy: ; copy or in-place refresh
std $i,48($nap_d)
std $i,56($nap_d)
stdu $i,64($nap_d)
+ and $t0,$t0,$ovf
+ and $t1,$t1,$ovf
+ and $t2,$t2,$ovf
+ and $t3,$t3,$ovf
+ andc $t4,$t4,$ovf
+ andc $t5,$t5,$ovf
+ andc $t6,$t6,$ovf
+ andc $t7,$t7,$ovf
+ or $t0,$t0,$t4
+ or $t1,$t1,$t5
+ or $t2,$t2,$t6
+ or $t3,$t3,$t7
stw $t0,4($rp)
stw $t1,8($rp)
stw $t2,12($rp)
diff --git a/crypto/openssl/crypto/bn/asm/rsaz-avx2.pl b/crypto/openssl/crypto/bn/asm/rsaz-avx2.pl
index 2b3f8b0e21ec..d4124a8f6389 100755
--- a/crypto/openssl/crypto/bn/asm/rsaz-avx2.pl
+++ b/crypto/openssl/crypto/bn/asm/rsaz-avx2.pl
@@ -97,7 +97,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
$addx = ($1>=11);
}
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9])\.([0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10
$avx = ($ver>=3.0) + ($ver>=3.01);
$addx = ($ver>=3.03);
diff --git a/crypto/openssl/crypto/bn/asm/s390x-mont.pl b/crypto/openssl/crypto/bn/asm/s390x-mont.pl
index 9fd64e81eef3..46188ebb7e5b 100755
--- a/crypto/openssl/crypto/bn/asm/s390x-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/s390x-mont.pl
@@ -245,16 +245,16 @@ $code.=<<___;
brct $count,.Lsub
lghi $ahi,0
slbgr $AHI,$ahi # handle upmost carry
-
- ngr $ap,$AHI
- lghi $np,-1
- xgr $np,$AHI
- ngr $np,$rp
- ogr $ap,$np # ap=borrow?tp:rp
+ lghi $NHI,-1
+ xgr $NHI,$AHI
la $j,0(%r0)
lgr $count,$num
-.Lcopy: lg $alo,0($j,$ap) # copy or in-place refresh
+.Lcopy: lg $ahi,$stdframe($j,$sp) # conditional copy
+ lg $alo,0($j,$rp)
+ ngr $ahi,$AHI
+ ngr $alo,$NHI
+ ogr $alo,$ahi
_dswap $alo
stg $j,$stdframe($j,$sp) # zap tp
stg $alo,0($j,$rp)
diff --git a/crypto/openssl/crypto/bn/asm/sparct4-mont.pl b/crypto/openssl/crypto/bn/asm/sparct4-mont.pl
index 71b45002a42f..cac60f997874 100755
--- a/crypto/openssl/crypto/bn/asm/sparct4-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/sparct4-mont.pl
@@ -878,19 +878,17 @@ $code.=<<___;
sub $tp, $num, $tp
sub $rp, $num, $rp
- subc $ovf, %g0, $ovf ! handle upmost overflow bit
- and $tp, $ovf, $ap
- andn $rp, $ovf, $np
- or $np, $ap, $ap ! ap=borrow?tp:rp
+ subccc $ovf, %g0, $ovf ! handle upmost overflow bit
ba .Lcopy
sub $num, 8, $cnt
.align 16
-.Lcopy: ! copy or in-place refresh
- ldx [$ap+0], $t2
- add $ap, 8, $ap
+.Lcopy: ! conditional copy
+ ldx [$tp], $tj
+ ldx [$rp+0], $t2
stx %g0, [$tp] ! zap
add $tp, 8, $tp
+ movcs %icc, $tj, $t2
stx $t2, [$rp+0]
add $rp, 8, $rp
brnz $cnt, .Lcopy
@@ -1126,19 +1124,17 @@ $code.=<<___;
sub $tp, $num, $tp
sub $rp, $num, $rp
- subc $ovf, %g0, $ovf ! handle upmost overflow bit
- and $tp, $ovf, $ap
- andn $rp, $ovf, $np
- or $np, $ap, $ap ! ap=borrow?tp:rp
+ subccc $ovf, %g0, $ovf ! handle upmost overflow bit
ba .Lcopy_g5
sub $num, 8, $cnt
.align 16
-.Lcopy_g5: ! copy or in-place refresh
- ldx [$ap+0], $t2
- add $ap, 8, $ap
+.Lcopy_g5: ! conditional copy
+ ldx [$tp], $tj
+ ldx [$rp+0], $t2
stx %g0, [$tp] ! zap
add $tp, 8, $tp
+ movcs %icc, $tj, $t2
stx $t2, [$rp+0]
add $rp, 8, $rp
brnz $cnt, .Lcopy_g5
diff --git a/crypto/openssl/crypto/bn/asm/sparcv9-mont.pl b/crypto/openssl/crypto/bn/asm/sparcv9-mont.pl
index d8662878006e..2043ab04af16 100755
--- a/crypto/openssl/crypto/bn/asm/sparcv9-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/sparcv9-mont.pl
@@ -255,7 +255,6 @@ $fname:
.Ltail:
add $np,$num,$np
add $rp,$num,$rp
- mov $tp,$ap
sub %g0,$num,%o7 ! k=-num
ba .Lsub
subcc %g0,%g0,%g0 ! clear %icc.c
@@ -268,15 +267,14 @@ $fname:
add %o7,4,%o7
brnz %o7,.Lsub
st %o1,[$i]
- subc $car2,0,$car2 ! handle upmost overflow bit
- and $tp,$car2,$ap
- andn $rp,$car2,$np
- or $ap,$np,$ap
+ subccc $car2,0,$car2 ! handle upmost overflow bit
sub %g0,$num,%o7
.Lcopy:
- ld [$ap+%o7],%o0 ! copy or in-place refresh
+ ld [$tp+%o7],%o1 ! conditional copy
+ ld [$rp+%o7],%o0
st %g0,[$tp+%o7] ! zap tp
+ movcs %icc,%o1,%o0
st %o0,[$rp+%o7]
add %o7,4,%o7
brnz %o7,.Lcopy
@@ -485,6 +483,9 @@ $code.=<<___;
mulx $npj,$mul1,$acc1
add $tpj,$car1,$car1
ld [$np+$j],$npj ! np[j]
+ srlx $car1,32,$tmp0
+ and $car1,$mask,$car1
+ add $tmp0,$sbit,$sbit
add $acc0,$car1,$car1
ld [$tp+8],$tpj ! tp[j]
add $acc1,$car1,$car1
diff --git a/crypto/openssl/crypto/bn/asm/via-mont.pl b/crypto/openssl/crypto/bn/asm/via-mont.pl
index c046a514c873..917942136fcf 100755
--- a/crypto/openssl/crypto/bn/asm/via-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/via-mont.pl
@@ -203,18 +203,15 @@ $sp=&DWP(28,"esp");
&mov ("eax",&DWP(0,"esi","edx",4)); # upmost overflow bit
&sbb ("eax",0);
- &and ("esi","eax");
- &not ("eax");
- &mov ("ebp","edi");
- &and ("ebp","eax");
- &or ("esi","ebp"); # tp=carry?tp:rp
&mov ("ecx","edx"); # num
- &xor ("edx","edx"); # i=0
+ &mov ("edx",0); # i=0
&set_label("copy",8);
- &mov ("eax",&DWP(0,"esi","edx",4));
- &mov (&DWP(64,"esp","edx",4),"ecx"); # zap tp
+ &mov ("ebx",&DWP(0,"esi","edx",4));
+ &mov ("eax",&DWP(0,"edi","edx",4));
+ &mov (&DWP(0,"esi","edx",4),"ecx"); # zap tp
+ &cmovc ("eax","ebx");
&mov (&DWP(0,"edi","edx",4),"eax");
&lea ("edx",&DWP(1,"edx")); # i++
&loop (&label("copy"));
diff --git a/crypto/openssl/crypto/bn/asm/vis3-mont.pl b/crypto/openssl/crypto/bn/asm/vis3-mont.pl
index 263ac02b6f45..002c00c2abc6 100755
--- a/crypto/openssl/crypto/bn/asm/vis3-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/vis3-mont.pl
@@ -299,23 +299,23 @@ $code.=<<___;
sub $anp, $num, $anp
sub $rp, $num, $rp
- subc $ovf, %g0, $ovf ! handle upmost overflow bit
- and $tp, $ovf, $ap
- andn $rp, $ovf, $np
- or $np, $ap, $ap ! ap=borrow?tp:rp
+ subccc $ovf, %g0, $ovf ! handle upmost overflow bit
ba .Lcopy
sub $num, 8, $cnt
.align 16
-.Lcopy: ! copy or in-place refresh
- ld [$ap+0], $t2
- ld [$ap+4], $t3
- add $ap, 8, $ap
+.Lcopy: ! conditional copy
+ ld [$tp+0], $t0
+ ld [$tp+4], $t1
+ ld [$rp+0], $t2
+ ld [$rp+4], $t3
stx %g0, [$tp] ! zap
add $tp, 8, $tp
stx %g0, [$anp] ! zap
stx %g0, [$anp+8]
add $anp, 16, $anp
+ movcs %icc, $t0, $t2
+ movcs %icc, $t1, $t3
st $t3, [$rp+0] ! flip order
st $t2, [$rp+4]
add $rp, 8, $rp
diff --git a/crypto/openssl/crypto/bn/asm/x86-mont.pl b/crypto/openssl/crypto/bn/asm/x86-mont.pl
index 1c4003efc20a..d72eb00132b0 100755
--- a/crypto/openssl/crypto/bn/asm/x86-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/x86-mont.pl
@@ -592,16 +592,18 @@ $sbit=$num;
&jge (&label("sub"));
&sbb ("eax",0); # handle upmost overflow bit
- &and ($tp,"eax");
- &not ("eax");
- &mov ($np,$rp);
- &and ($np,"eax");
- &or ($tp,$np); # tp=carry?tp:rp
-
-&set_label("copy",16); # copy or in-place refresh
- &mov ("eax",&DWP(0,$tp,$num,4));
- &mov (&DWP(0,$rp,$num,4),"eax"); # rp[i]=tp[i]
+ &mov ("edx",-1);
+ &xor ("edx","eax");
+ &jmp (&label("copy"));
+
+&set_label("copy",16); # conditional copy
+ &mov ($tp,&DWP($frame,"esp",$num,4));
+ &mov ($np,&DWP(0,$rp,$num,4));
&mov (&DWP($frame,"esp",$num,4),$j); # zap temporary vector
+ &and ($tp,"eax");
+ &and ($np,"edx");
+ &or ($np,$tp);
+ &mov (&DWP(0,$rp,$num,4),$np);
&dec ($num);
&jge (&label("copy"));
diff --git a/crypto/openssl/crypto/bn/asm/x86_64-mont.pl b/crypto/openssl/crypto/bn/asm/x86_64-mont.pl
index 80492d8e6381..2074fd802446 100755
--- a/crypto/openssl/crypto/bn/asm/x86_64-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/x86_64-mont.pl
@@ -293,30 +293,30 @@ $code.=<<___;
xor $i,$i # i=0 and clear CF!
mov (%rsp),%rax # tp[0]
- lea (%rsp),$ap # borrow ap for tp
mov $num,$j # j=num
- jmp .Lsub
+
.align 16
.Lsub: sbb ($np,$i,8),%rax
mov %rax,($rp,$i,8) # rp[i]=tp[i]-np[i]
- mov 8($ap,$i,8),%rax # tp[i+1]
+ mov 8(%rsp,$i,8),%rax # tp[i+1]
lea 1($i),$i # i++
dec $j # doesnn't affect CF!
jnz .Lsub
sbb \$0,%rax # handle upmost overflow bit
+ mov \$-1,%rbx
+ xor %rax,%rbx # not %rax
xor $i,$i
- and %rax,$ap
- not %rax
- mov $rp,$np
- and %rax,$np
mov $num,$j # j=num
- or $np,$ap # ap=borrow?tp:rp
-.align 16
-.Lcopy: # copy or in-place refresh
- mov ($ap,$i,8),%rax
- mov $i,(%rsp,$i,8) # zap temporary vector
- mov %rax,($rp,$i,8) # rp[i]=tp[i]
+
+.Lcopy: # conditional copy
+ mov ($rp,$i,8),%rcx
+ mov (%rsp,$i,8),%rdx
+ and %rbx,%rcx
+ and %rax,%rdx
+ mov $num,(%rsp,$i,8) # zap temporary vector
+ or %rcx,%rdx
+ mov %rdx,($rp,$i,8) # rp[i]=tp[i]
lea 1($i),$i
sub \$1,$j
jnz .Lcopy
@@ -686,10 +686,10 @@ ___
my @ri=("%rax","%rdx",$m0,$m1);
$code.=<<___;
mov 16(%rsp,$num,8),$rp # restore $rp
+ lea -4($num),$j
mov 0(%rsp),@ri[0] # tp[0]
- pxor %xmm0,%xmm0
mov 8(%rsp),@ri[1] # tp[1]
- shr \$2,$num # num/=4
+ shr \$2,$j # j=num/4-1
lea (%rsp),$ap # borrow ap for tp
xor $i,$i # i=0 and clear CF!
@@ -697,9 +697,7 @@ $code.=<<___;
mov 16($ap),@ri[2] # tp[2]
mov 24($ap),@ri[3] # tp[3]
sbb 8($np),@ri[1]
- lea -1($num),$j # j=num/4-1
- jmp .Lsub4x
-.align 16
+
.Lsub4x:
mov @ri[0],0($rp,$i,8) # rp[i]=tp[i]-np[i]
mov @ri[1],8($rp,$i,8) # rp[i]=tp[i]-np[i]
@@ -726,34 +724,35 @@ $code.=<<___;
sbb \$0,@ri[0] # handle upmost overflow bit
mov @ri[3],24($rp,$i,8) # rp[i]=tp[i]-np[i]
- xor $i,$i # i=0
- and @ri[0],$ap
- not @ri[0]
- mov $rp,$np
- and @ri[0],$np
- lea -1($num),$j
- or $np,$ap # ap=borrow?tp:rp
-
- movdqu ($ap),%xmm1
- movdqa %xmm0,(%rsp)
- movdqu %xmm1,($rp)
+ pxor %xmm0,%xmm0
+ movq @ri[0],%xmm4
+ pcmpeqd %xmm5,%xmm5
+ pshufd \$0,%xmm4,%xmm4
+ mov $num,$j
+ pxor %xmm4,%xmm5
+ shr \$2,$j # j=num/4
+ xor %eax,%eax # i=0
+
jmp .Lcopy4x
.align 16
-.Lcopy4x: # copy or in-place refresh
- movdqu 16($ap,$i),%xmm2
- movdqu 32($ap,$i),%xmm1
- movdqa %xmm0,16(%rsp,$i)
- movdqu %xmm2,16($rp,$i)
- movdqa %xmm0,32(%rsp,$i)
- movdqu %xmm1,32($rp,$i)
- lea 32($i),$i
+.Lcopy4x: # conditional copy
+ movdqa (%rsp,%rax),%xmm1
+ movdqu ($rp,%rax),%xmm2
+ pand %xmm4,%xmm1
+ pand %xmm5,%xmm2
+ movdqa 16(%rsp,%rax),%xmm3
+ movdqa %xmm0,(%rsp,%rax)
+ por %xmm2,%xmm1
+ movdqu 16($rp,%rax),%xmm2
+ movdqu %xmm1,($rp,%rax)
+ pand %xmm4,%xmm3
+ pand %xmm5,%xmm2
+ movdqa %xmm0,16(%rsp,%rax)
+ por %xmm2,%xmm3
+ movdqu %xmm3,16($rp,%rax)
+ lea 32(%rax),%rax
dec $j
jnz .Lcopy4x
-
- shl \$2,$num
- movdqu 16($ap,$i),%xmm2
- movdqa %xmm0,16(%rsp,$i)
- movdqu %xmm2,16($rp,$i)
___
}
$code.=<<___;
diff --git a/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl b/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
index 42178e455a98..f8ff822ba298 100755
--- a/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
+++ b/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
@@ -405,18 +405,19 @@ $code.=<<___;
jnz .Lsub
sbb \$0,%rax # handle upmost overflow bit
+ mov \$-1,%rbx
+ xor %rax,%rbx
xor $i,$i
- and %rax,$ap
- not %rax
- mov $rp,$np
- and %rax,$np
mov $num,$j # j=num
- or $np,$ap # ap=borrow?tp:rp
-.align 16
-.Lcopy: # copy or in-place refresh
- mov ($ap,$i,8),%rax
+
+.Lcopy: # conditional copy
+ mov ($rp,$i,8),%rcx
+ mov (%rsp,$i,8),%rdx
+ and %rbx,%rcx
+ and %rax,%rdx
mov $i,(%rsp,$i,8) # zap temporary vector
- mov %rax,($rp,$i,8) # rp[i]=tp[i]
+ or %rcx,%rdx
+ mov %rdx,($rp,$i,8) # rp[i]=tp[i]
lea 1($i),$i
sub \$1,$j
jnz .Lcopy
diff --git a/crypto/openssl/crypto/bn/bn.h b/crypto/openssl/crypto/bn/bn.h
index 633d1b1f6013..d4b9f27bb39d 100644
--- a/crypto/openssl/crypto/bn/bn.h
+++ b/crypto/openssl/crypto/bn/bn.h
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -375,25 +375,76 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b);
* on the size of the number */
/*
- * number of Miller-Rabin iterations for an error rate of less than 2^-80 for
- * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of
- * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
- * original paper: Damgaard, Landrock, Pomerance: Average case error
- * estimates for the strong probable prime test. -- Math. Comp. 61 (1993)
- * 177-194)
+ * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations
+ * that will be done for checking that a random number is probably prime. The
+ * error rate for accepting a composite number as prime depends on the size of
+ * the prime |b|. The error rates used are for calculating an RSA key with 2 primes,
+ * and so the level is what you would expect for a key of double the size of the
+ * prime.
+ *
+ * This table is generated using the algorithm of FIPS PUB 186-4
+ * Digital Signature Standard (DSS), section F.1, page 117.
+ * (https://dx.doi.org/10.6028/NIST.FIPS.186-4)
+ *
+ * The following magma script was used to generate the output:
+ * securitybits:=125;
+ * k:=1024;
+ * for t:=1 to 65 do
+ * for M:=3 to Floor(2*Sqrt(k-1)-1) do
+ * S:=0;
+ * // Sum over m
+ * for m:=3 to M do
+ * s:=0;
+ * // Sum over j
+ * for j:=2 to m do
+ * s+:=(RealField(32)!2)^-(j+(k-1)/j);
+ * end for;
+ * S+:=2^(m-(m-1)*t)*s;
+ * end for;
+ * A:=2^(k-2-M*t);
+ * B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S;
+ * pkt:=2.00743*Log(2)*k*2^-k*(A+B);
+ * seclevel:=Floor(-Log(2,pkt));
+ * if seclevel ge securitybits then
+ * printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M;
+ * break;
+ * end if;
+ * end for;
+ * if seclevel ge securitybits then break; end if;
+ * end for;
+ *
+ * It can be run online at:
+ * http://magma.maths.usyd.edu.au/calc
+ *
+ * And will output:
+ * k: 1024, security: 129 bits (t: 6, M: 23)
+ *
+ * k is the number of bits of the prime, securitybits is the level we want to
+ * reach.
+ *
+ * prime length | RSA key size | # MR tests | security level
+ * -------------+--------------|------------+---------------
+ * (b) >= 6394 | >= 12788 | 3 | 256 bit
+ * (b) >= 3747 | >= 7494 | 3 | 192 bit
+ * (b) >= 1345 | >= 2690 | 4 | 128 bit
+ * (b) >= 1080 | >= 2160 | 5 | 128 bit
+ * (b) >= 852 | >= 1704 | 5 | 112 bit
+ * (b) >= 476 | >= 952 | 5 | 80 bit
+ * (b) >= 400 | >= 800 | 6 | 80 bit
+ * (b) >= 347 | >= 694 | 7 | 80 bit
+ * (b) >= 308 | >= 616 | 8 | 80 bit
+ * (b) >= 55 | >= 110 | 27 | 64 bit
+ * (b) >= 6 | >= 12 | 34 | 64 bit
*/
-# define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \
- (b) >= 850 ? 3 : \
- (b) >= 650 ? 4 : \
- (b) >= 550 ? 5 : \
- (b) >= 450 ? 6 : \
- (b) >= 400 ? 7 : \
- (b) >= 350 ? 8 : \
- (b) >= 300 ? 9 : \
- (b) >= 250 ? 12 : \
- (b) >= 200 ? 15 : \
- (b) >= 150 ? 18 : \
- /* b >= 100 */ 27)
+
+# define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \
+ (b) >= 1345 ? 4 : \
+ (b) >= 476 ? 5 : \
+ (b) >= 400 ? 6 : \
+ (b) >= 347 ? 7 : \
+ (b) >= 308 ? 8 : \
+ (b) >= 55 ? 27 : \
+ /* b >= 6 */ 34)
# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
@@ -773,6 +824,16 @@ BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */
/* We only need assert() when debugging */
# include <assert.h>
+/*
+ * The new BN_FLG_FIXED_TOP flag marks vectors that were not treated with
+ * bn_correct_top, in other words such vectors are permitted to have zeros
+ * in most significant limbs. Such vectors are used internally to achieve
+ * execution time invariance for critical operations with private keys.
+ * It's BN_DEBUG-only flag, because user application is not supposed to
+ * observe it anyway. Moreover, optimizing compiler would actually remove
+ * all operations manipulating the bit in question in non-BN_DEBUG build.
+ */
+# define BN_FLG_FIXED_TOP 0x10000
# ifdef BN_DEBUG_RAND
/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
# ifndef RAND_pseudo_bytes
@@ -805,8 +866,10 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
do { \
const BIGNUM *_bnum2 = (a); \
if (_bnum2 != NULL) { \
- assert((_bnum2->top == 0) || \
- (_bnum2->d[_bnum2->top - 1] != 0)); \
+ int _top = _bnum2->top; \
+ assert((_top == 0) || \
+ (_bnum2->flags & BN_FLG_FIXED_TOP) || \
+ (_bnum2->d[_top - 1] != 0)); \
bn_pollute(_bnum2); \
} \
} while(0)
@@ -824,6 +887,7 @@ int RAND_pseudo_bytes(unsigned char *buf, int num);
# else /* !BN_DEBUG */
+# define BN_FLG_FIXED_TOP 0
# define bn_pollute(a)
# define bn_check_top(a)
# define bn_fix_top(a) bn_correct_top(a)
diff --git a/crypto/openssl/crypto/bn/bn_div.c b/crypto/openssl/crypto/bn/bn_div.c
index bc37671cf138..460d8b7396fc 100644
--- a/crypto/openssl/crypto/bn/bn_div.c
+++ b/crypto/openssl/crypto/bn/bn_div.c
@@ -290,6 +290,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
wnum.neg = 0;
wnum.d = &(snum->d[loop]);
wnum.top = div_n;
+ wnum.flags = BN_FLG_STATIC_DATA;
/*
* only needed when BN_ucmp messes up the values between top and max
*/
diff --git a/crypto/openssl/crypto/bn/bn_exp.c b/crypto/openssl/crypto/bn/bn_exp.c
index 40115fc72052..36b7ba69ade7 100644
--- a/crypto/openssl/crypto/bn/bn_exp.c
+++ b/crypto/openssl/crypto/bn/bn_exp.c
@@ -290,8 +290,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
bits = BN_num_bits(p);
if (bits == 0) {
- /* x**0 mod 1 is still zero. */
- if (BN_is_one(m)) {
+ /* x**0 mod 1, or x**0 mod -1 is still zero. */
+ if (BN_abs_is_word(m, 1)) {
ret = 1;
BN_zero(r);
} else {
@@ -432,8 +432,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
}
bits = BN_num_bits(p);
if (bits == 0) {
- /* x**0 mod 1 is still zero. */
- if (BN_is_one(m)) {
+ /* x**0 mod 1, or x**0 mod -1 is still zero. */
+ if (BN_abs_is_word(m, 1)) {
ret = 1;
BN_zero(rr);
} else {
@@ -473,17 +473,17 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
ret = 1;
goto err;
}
- if (!BN_to_montgomery(val[0], aa, mont, ctx))
+ if (!bn_to_mont_fixed_top(val[0], aa, mont, ctx))
goto err; /* 1 */
window = BN_window_bits_for_exponent_size(bits);
if (window > 1) {
- if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx))
+ if (!bn_mul_mont_fixed_top(d, val[0], val[0], mont, ctx))
goto err; /* 2 */
j = 1 << (window - 1);
for (i = 1; i < j; i++) {
if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
- !BN_mod_mul_montgomery(val[i], val[i - 1], d, mont, ctx))
+ !bn_mul_mont_fixed_top(val[i], val[i - 1], d, mont, ctx))
goto err;
}
}
@@ -505,19 +505,15 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
for (i = 1; i < j; i++)
r->d[i] = (~m->d[i]) & BN_MASK2;
r->top = j;
- /*
- * Upper words will be zero if the corresponding words of 'm' were
- * 0xfff[...], so decrement r->top accordingly.
- */
- bn_correct_top(r);
+ r->flags |= BN_FLG_FIXED_TOP;
} else
#endif
- if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
+ if (!bn_to_mont_fixed_top(r, BN_value_one(), mont, ctx))
goto err;
for (;;) {
if (BN_is_bit_set(p, wstart) == 0) {
if (!start) {
- if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+ if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx))
goto err;
}
if (wstart == 0)
@@ -548,12 +544,12 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
/* add the 'bytes above' */
if (!start)
for (i = 0; i < j; i++) {
- if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+ if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx))
goto err;
}
/* wvalue will be an odd number < 2^window */
- if (!BN_mod_mul_montgomery(r, r, val[wvalue >> 1], mont, ctx))
+ if (!bn_mul_mont_fixed_top(r, r, val[wvalue >> 1], mont, ctx))
goto err;
/* move the 'window' down further */
@@ -563,6 +559,11 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
if (wstart < 0)
break;
}
+ /*
+ * Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery
+ * removes padding [if any] and makes return value suitable for public
+ * API consumer.
+ */
#if defined(SPARC_T4_MONT)
if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) {
j = mont->N.top; /* borrow j */
@@ -681,7 +682,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
}
b->top = top;
- bn_correct_top(b);
+ b->flags |= BN_FLG_FIXED_TOP;
return 1;
}
@@ -733,8 +734,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
*/
bits = p->top * BN_BITS2;
if (bits == 0) {
- /* x**0 mod 1 is still zero. */
- if (BN_is_one(m)) {
+ /* x**0 mod 1, or x**0 mod -1 is still zero. */
+ if (BN_abs_is_word(m, 1)) {
ret = 1;
BN_zero(rr);
} else {
@@ -852,16 +853,16 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
tmp.top = top;
} else
#endif
- if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx))
+ if (!bn_to_mont_fixed_top(&tmp, BN_value_one(), mont, ctx))
goto err;
/* prepare a^1 in Montgomery domain */
if (a->neg || BN_ucmp(a, m) >= 0) {
if (!BN_mod(&am, a, m, ctx))
goto err;
- if (!BN_to_montgomery(&am, &am, mont, ctx))
+ if (!bn_to_mont_fixed_top(&am, &am, mont, ctx))
goto err;
- } else if (!BN_to_montgomery(&am, a, mont, ctx))
+ } else if (!bn_to_mont_fixed_top(&am, a, mont, ctx))
goto err;
#if defined(SPARC_T4_MONT)
@@ -1128,14 +1129,14 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
* performance advantage of sqr over mul).
*/
if (window > 1) {
- if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx))
+ if (!bn_mul_mont_fixed_top(&tmp, &am, &am, mont, ctx))
goto err;
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2,
window))
goto err;
for (i = 3; i < numPowers; i++) {
/* Calculate a^i = a^(i-1) * a */
- if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx))
+ if (!bn_mul_mont_fixed_top(&tmp, &am, &tmp, mont, ctx))
goto err;
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i,
window))
@@ -1159,7 +1160,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
/* Scan the window, squaring the result as we go */
for (i = 0; i < window; i++, bits--) {
- if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp, mont, ctx))
+ if (!bn_mul_mont_fixed_top(&tmp, &tmp, &tmp, mont, ctx))
goto err;
wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
}
@@ -1172,12 +1173,16 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
goto err;
/* Multiply the result into the intermediate result */
- if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx))
+ if (!bn_mul_mont_fixed_top(&tmp, &tmp, &am, mont, ctx))
goto err;
}
}
- /* Convert the final result from montgomery to standard format */
+ /*
+ * Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery
+ * removes padding [if any] and makes return value suitable for public
+ * API consumer.
+ */
#if defined(SPARC_T4_MONT)
if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) {
am.d[0] = 1; /* borrow am */
@@ -1247,8 +1252,8 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
bits = BN_num_bits(p);
if (bits == 0) {
- /* x**0 mod 1 is still zero. */
- if (BN_is_one(m)) {
+ /* x**0 mod 1, or x**0 mod -1 is still zero. */
+ if (BN_abs_is_word(m, 1)) {
ret = 1;
BN_zero(rr);
} else {
@@ -1369,9 +1374,9 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
}
bits = BN_num_bits(p);
- if (bits == 0) {
- /* x**0 mod 1 is still zero. */
- if (BN_is_one(m)) {
+ if (bits == 0) {
+ /* x**0 mod 1, or x**0 mod -1 is still zero. */
+ if (BN_abs_is_word(m, 1)) {
ret = 1;
BN_zero(r);
} else {
diff --git a/crypto/openssl/crypto/bn/bn_gf2m.c b/crypto/openssl/crypto/bn/bn_gf2m.c
index 2c61da11093f..1d8a271c0281 100644
--- a/crypto/openssl/crypto/bn/bn_gf2m.c
+++ b/crypto/openssl/crypto/bn/bn_gf2m.c
@@ -36,7 +36,7 @@
*/
/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -103,30 +103,32 @@
*/
# define MAX_ITERATIONS 50
-static const BN_ULONG SQR_tb[16] = { 0, 1, 4, 5, 16, 17, 20, 21,
- 64, 65, 68, 69, 80, 81, 84, 85
-};
+# define SQR_nibble(w) ((((w) & 8) << 3) \
+ | (((w) & 4) << 2) \
+ | (((w) & 2) << 1) \
+ | ((w) & 1))
+
/* Platform-specific macros to accelerate squaring. */
# if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
# define SQR1(w) \
- SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \
- SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \
- SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \
- SQR_tb[(w) >> 36 & 0xF] << 8 | SQR_tb[(w) >> 32 & 0xF]
+ SQR_nibble((w) >> 60) << 56 | SQR_nibble((w) >> 56) << 48 | \
+ SQR_nibble((w) >> 52) << 40 | SQR_nibble((w) >> 48) << 32 | \
+ SQR_nibble((w) >> 44) << 24 | SQR_nibble((w) >> 40) << 16 | \
+ SQR_nibble((w) >> 36) << 8 | SQR_nibble((w) >> 32)
# define SQR0(w) \
- SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \
- SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \
- SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \
- SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF]
+ SQR_nibble((w) >> 28) << 56 | SQR_nibble((w) >> 24) << 48 | \
+ SQR_nibble((w) >> 20) << 40 | SQR_nibble((w) >> 16) << 32 | \
+ SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \
+ SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) )
# endif
# ifdef THIRTY_TWO_BIT
# define SQR1(w) \
- SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \
- SQR_tb[(w) >> 20 & 0xF] << 8 | SQR_tb[(w) >> 16 & 0xF]
+ SQR_nibble((w) >> 28) << 24 | SQR_nibble((w) >> 24) << 16 | \
+ SQR_nibble((w) >> 20) << 8 | SQR_nibble((w) >> 16)
# define SQR0(w) \
- SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \
- SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF]
+ SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \
+ SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) )
# endif
# if !defined(OPENSSL_BN_ASM_GF2m)
diff --git a/crypto/openssl/crypto/bn/bn_lcl.h b/crypto/openssl/crypto/bn/bn_lcl.h
index 00f4f09945b3..6f7335b7a5c3 100644
--- a/crypto/openssl/crypto/bn/bn_lcl.h
+++ b/crypto/openssl/crypto/bn/bn_lcl.h
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -113,6 +113,7 @@
# define HEADER_BN_LCL_H
# include <openssl/bn.h>
+# include "bn_int.h"
#ifdef __cplusplus
extern "C" {
diff --git a/crypto/openssl/crypto/bn/bn_lib.c b/crypto/openssl/crypto/bn/bn_lib.c
index 27b9bdbc3c28..03bd8cd183a6 100644
--- a/crypto/openssl/crypto/bn/bn_lib.c
+++ b/crypto/openssl/crypto/bn/bn_lib.c
@@ -263,8 +263,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
const BN_ULONG *B;
int i;
- bn_check_top(b);
-
if (words > (INT_MAX / (4 * BN_BITS2))) {
BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
return NULL;
@@ -398,8 +396,6 @@ BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
BIGNUM *bn_expand2(BIGNUM *b, int words)
{
- bn_check_top(b);
-
if (words > b->dmax) {
BN_ULONG *a = bn_expand_internal(b, words);
if (!a)
@@ -433,7 +429,6 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
assert(A == &(b->d[b->dmax]));
}
#endif
- bn_check_top(b);
return b;
}
@@ -497,12 +492,18 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
#endif
- a->top = b->top;
a->neg = b->neg;
+ a->top = b->top;
+ a->flags |= b->flags & BN_FLG_FIXED_TOP;
bn_check_top(a);
return (a);
}
+#define FLAGS_DATA(flags) ((flags) & (BN_FLG_STATIC_DATA \
+ | BN_FLG_CONSTTIME \
+ | BN_FLG_FIXED_TOP))
+#define FLAGS_STRUCT(flags) ((flags) & (BN_FLG_MALLOCED))
+
void BN_swap(BIGNUM *a, BIGNUM *b)
{
int flags_old_a, flags_old_b;
@@ -530,10 +531,8 @@ void BN_swap(BIGNUM *a, BIGNUM *b)
b->dmax = tmp_dmax;
b->neg = tmp_neg;
- a->flags =
- (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
- b->flags =
- (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
+ a->flags = FLAGS_STRUCT(flags_old_a) | FLAGS_DATA(flags_old_b);
+ b->flags = FLAGS_STRUCT(flags_old_b) | FLAGS_DATA(flags_old_a);
bn_check_top(a);
bn_check_top(b);
}
@@ -545,6 +544,7 @@ void BN_clear(BIGNUM *a)
OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
a->top = 0;
a->neg = 0;
+ a->flags &= ~BN_FLG_FIXED_TOP;
}
BN_ULONG BN_get_word(const BIGNUM *a)
@@ -565,6 +565,7 @@ int BN_set_word(BIGNUM *a, BN_ULONG w)
a->neg = 0;
a->d[0] = w;
a->top = (w ? 1 : 0);
+ a->flags &= ~BN_FLG_FIXED_TOP;
bn_check_top(a);
return (1);
}
@@ -613,6 +614,41 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
}
/* ignore negative */
+static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
+{
+ int n;
+ size_t i, inc, lasti, j;
+ BN_ULONG l;
+
+ n = BN_num_bytes(a);
+ if (tolen == -1)
+ tolen = n;
+ else if (tolen < n)
+ return -1;
+
+ if (n == 0) {
+ OPENSSL_cleanse(to, tolen);
+ return tolen;
+ }
+
+ lasti = n - 1;
+ for (i = 0, inc = 1, j = tolen; j > 0;) {
+ l = a->d[i / BN_BYTES];
+ to[--j] = (unsigned char)(l >> (8 * (i % BN_BYTES)) & (0 - inc));
+ inc = (i - lasti) >> (8 * sizeof(i) - 1);
+ i += inc; /* stay on top limb */
+ }
+
+ return tolen;
+}
+
+int bn_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
+{
+ if (tolen < 0)
+ return -1;
+ return bn2binpad(a, to, tolen);
+}
+
int BN_bn2bin(const BIGNUM *a, unsigned char *to)
{
int n, i;
@@ -711,6 +747,7 @@ int BN_set_bit(BIGNUM *a, int n)
for (k = a->top; k < i + 1; k++)
a->d[k] = 0;
a->top = i + 1;
+ a->flags &= ~BN_FLG_FIXED_TOP;
}
a->d[i] |= (((BN_ULONG)1) << j);
diff --git a/crypto/openssl/crypto/bn/bn_mod.c b/crypto/openssl/crypto/bn/bn_mod.c
index ffbce890cf28..43da462d93b0 100644
--- a/crypto/openssl/crypto/bn/bn_mod.c
+++ b/crypto/openssl/crypto/bn/bn_mod.c
@@ -4,7 +4,7 @@
* for the OpenSSL project.
*/
/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -149,18 +149,73 @@ int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
/*
* BN_mod_add variant that may be used if both a and b are non-negative and
- * less than m
+ * less than m. The original algorithm was
+ *
+ * if (!BN_uadd(r, a, b))
+ * return 0;
+ * if (BN_ucmp(r, m) >= 0)
+ * return BN_usub(r, r, m);
+ *
+ * which is replaced with addition, subtracting modulus, and conditional
+ * move depending on whether or not subtraction borrowed.
*/
-int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
- const BIGNUM *m)
+int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const BIGNUM *m)
{
- if (!BN_uadd(r, a, b))
+ size_t i, ai, bi, mtop = m->top;
+ BN_ULONG storage[1024 / BN_BITS2];
+ BN_ULONG carry, temp, mask, *rp, *tp = storage;
+ const BN_ULONG *ap, *bp;
+
+ if (bn_wexpand(r, m->top) == NULL)
return 0;
- if (BN_ucmp(r, m) >= 0)
- return BN_usub(r, r, m);
+
+ if (mtop > sizeof(storage) / sizeof(storage[0])
+ && (tp = OPENSSL_malloc(mtop * sizeof(BN_ULONG))) == NULL)
+ return 0;
+
+ ap = a->d != NULL ? a->d : tp;
+ bp = b->d != NULL ? b->d : tp;
+
+ for (i = 0, ai = 0, bi = 0, carry = 0; i < mtop;) {
+ mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1));
+ temp = ((ap[ai] & mask) + carry) & BN_MASK2;
+ carry = (temp < carry);
+
+ mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1));
+ tp[i] = ((bp[bi] & mask) + temp) & BN_MASK2;
+ carry += (tp[i] < temp);
+
+ i++;
+ ai += (i - a->dmax) >> (8 * sizeof(i) - 1);
+ bi += (i - b->dmax) >> (8 * sizeof(i) - 1);
+ }
+ rp = r->d;
+ carry -= bn_sub_words(rp, tp, m->d, mtop);
+ for (i = 0; i < mtop; i++) {
+ rp[i] = (carry & tp[i]) | (~carry & rp[i]);
+ ((volatile BN_ULONG *)tp)[i] = 0;
+ }
+ r->top = mtop;
+ r->neg = 0;
+
+ if (tp != storage)
+ OPENSSL_free(tp);
+
return 1;
}
+int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const BIGNUM *m)
+{
+ int ret = bn_mod_add_fixed_top(r, a, b, m);
+
+ if (ret)
+ bn_correct_top(r);
+
+ return ret;
+}
+
int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
BN_CTX *ctx)
{
diff --git a/crypto/openssl/crypto/bn/bn_mont.c b/crypto/openssl/crypto/bn/bn_mont.c
index c1703650ef1e..d41434a14390 100644
--- a/crypto/openssl/crypto/bn/bn_mont.c
+++ b/crypto/openssl/crypto/bn/bn_mont.c
@@ -123,12 +123,23 @@
#define MONT_WORD /* use the faster word-based algorithm */
#ifdef MONT_WORD
-static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
+static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
#endif
int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
BN_MONT_CTX *mont, BN_CTX *ctx)
{
+ int ret = bn_mul_mont_fixed_top(r, a, b, mont, ctx);
+
+ bn_correct_top(r);
+ bn_check_top(r);
+
+ return ret;
+}
+
+int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ BN_MONT_CTX *mont, BN_CTX *ctx)
+{
BIGNUM *tmp;
int ret = 0;
#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
@@ -140,8 +151,8 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) {
r->neg = a->neg ^ b->neg;
r->top = num;
- bn_correct_top(r);
- return (1);
+ r->flags |= BN_FLG_FIXED_TOP;
+ return 1;
}
}
#endif
@@ -161,13 +172,12 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
}
/* reduce from aRR to aR */
#ifdef MONT_WORD
- if (!BN_from_montgomery_word(r, tmp, mont))
+ if (!bn_from_montgomery_word(r, tmp, mont))
goto err;
#else
if (!BN_from_montgomery(r, tmp, mont, ctx))
goto err;
#endif
- bn_check_top(r);
ret = 1;
err:
BN_CTX_end(ctx);
@@ -175,7 +185,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
}
#ifdef MONT_WORD
-static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
+static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
{
BIGNUM *n;
BN_ULONG *ap, *np, *rp, n0, v, carry;
@@ -205,6 +215,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
# endif
r->top = max;
+ r->flags |= BN_FLG_FIXED_TOP;
n0 = mont->n0[0];
/*
@@ -223,6 +234,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
if (bn_wexpand(ret, nl) == NULL)
return (0);
ret->top = nl;
+ ret->flags |= BN_FLG_FIXED_TOP;
ret->neg = r->neg;
rp = ret->d;
@@ -233,20 +245,16 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
*/
ap = &(r->d[nl]);
+ carry -= bn_sub_words(rp, ap, np, nl);
/*
- * |v| is one if |ap| - |np| underflowed or zero if it did not. Note |v|
- * cannot be -1. That would imply the subtraction did not fit in |nl| words,
- * and we know at most one subtraction is needed.
+ * |carry| is -1 if |ap| - |np| underflowed or zero if it did not. Note
+ * |carry| cannot be 1. That would imply the subtraction did not fit in
+ * |nl| words, and we know at most one subtraction is needed.
*/
- v = bn_sub_words(rp, ap, np, nl) - carry;
- v = 0 - v;
for (i = 0; i < nl; i++) {
- rp[i] = (v & ap[i]) | (~v & rp[i]);
+ rp[i] = (carry & ap[i]) | (~carry & rp[i]);
ap[i] = 0;
}
- bn_correct_top(r);
- bn_correct_top(ret);
- bn_check_top(ret);
return (1);
}
@@ -260,8 +268,11 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
BIGNUM *t;
BN_CTX_start(ctx);
- if ((t = BN_CTX_get(ctx)) && BN_copy(t, a))
- retn = BN_from_montgomery_word(ret, t, mont);
+ if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) {
+ retn = bn_from_montgomery_word(ret, t, mont);
+ bn_correct_top(ret);
+ bn_check_top(ret);
+ }
BN_CTX_end(ctx);
#else /* !MONT_WORD */
BIGNUM *t1, *t2;
@@ -299,6 +310,12 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
return (retn);
}
+int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+ BN_CTX *ctx)
+{
+ return bn_mul_mont_fixed_top(r, a, &(mont->RR), mont, ctx);
+}
+
BN_MONT_CTX *BN_MONT_CTX_new(void)
{
BN_MONT_CTX *ret;
@@ -335,7 +352,7 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont)
int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
{
- int ret = 0;
+ int i, ret = 0;
BIGNUM *Ri, *R;
if (BN_is_zero(mod))
@@ -466,6 +483,11 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx))
goto err;
+ for (i = mont->RR.top, ret = mont->N.top; i < ret; i++)
+ mont->RR.d[i] = 0;
+ mont->RR.top = ret;
+ mont->RR.flags |= BN_FLG_FIXED_TOP;
+
ret = 1;
err:
BN_CTX_end(ctx);
diff --git a/crypto/openssl/crypto/bn/bn_sqr.c b/crypto/openssl/crypto/bn/bn_sqr.c
index 256d26e8dbec..5e692971c948 100644
--- a/crypto/openssl/crypto/bn/bn_sqr.c
+++ b/crypto/openssl/crypto/bn/bn_sqr.c
@@ -135,14 +135,8 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
}
rr->neg = 0;
- /*
- * If the most-significant half of the top word of 'a' is zero, then the
- * square of 'a' will max-1 words.
- */
- if (a->d[al - 1] == (a->d[al - 1] & BN_MASK2l))
- rr->top = max - 1;
- else
- rr->top = max;
+ rr->top = max;
+ bn_correct_top(rr);
if (r != rr && BN_copy(r, rr) == NULL)
goto err;
diff --git a/crypto/openssl/crypto/bn_int.h b/crypto/openssl/crypto/bn_int.h
new file mode 100644
index 000000000000..9c42d6f35dc3
--- /dev/null
+++ b/crypto/openssl/crypto/bn_int.h
@@ -0,0 +1,15 @@
+/*
+ * Some BIGNUM functions assume most significant limb to be non-zero, which
+ * is customarily arranged by bn_correct_top. Output from below functions
+ * is not processed with bn_correct_top, and for this reason it may not be
+ * returned out of public API. It may only be passed internally into other
+ * functions known to support non-minimal or zero-padded BIGNUMs.
+ */
+int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ BN_MONT_CTX *mont, BN_CTX *ctx);
+int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+ BN_CTX *ctx);
+int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const BIGNUM *m);
+
+int bn_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
diff --git a/crypto/openssl/crypto/conf/conf_api.c b/crypto/openssl/crypto/conf/conf_api.c
index 4cf7553376e6..60c9440120e8 100644
--- a/crypto/openssl/crypto/conf/conf_api.c
+++ b/crypto/openssl/crypto/conf/conf_api.c
@@ -290,6 +290,8 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
vv = lh_CONF_VALUE_insert(conf->data, v);
OPENSSL_assert(vv == NULL);
+ if (lh_CONF_VALUE_error(conf->data) > 0)
+ goto err;
ok = 1;
err:
if (!ok) {
diff --git a/crypto/openssl/crypto/dh/dh_key.c b/crypto/openssl/crypto/dh/dh_key.c
index 387558f1467c..f235e0d682b1 100644
--- a/crypto/openssl/crypto/dh/dh_key.c
+++ b/crypto/openssl/crypto/dh/dh_key.c
@@ -130,10 +130,15 @@ static int generate_key(DH *dh)
int ok = 0;
int generate_new_key = 0;
unsigned l;
- BN_CTX *ctx;
+ BN_CTX *ctx = NULL;
BN_MONT_CTX *mont = NULL;
BIGNUM *pub_key = NULL, *priv_key = NULL;
+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+ DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
+ return 0;
+ }
+
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
diff --git a/crypto/openssl/crypto/dh/dh_pmeth.c b/crypto/openssl/crypto/dh/dh_pmeth.c
index 6452482c87d2..162753af071d 100644
--- a/crypto/openssl/crypto/dh/dh_pmeth.c
+++ b/crypto/openssl/crypto/dh/dh_pmeth.c
@@ -3,7 +3,7 @@
* 2006.
*/
/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -486,7 +486,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
return ret;
}
#endif
- return 1;
+ return 0;
}
const EVP_PKEY_METHOD dh_pkey_meth = {
diff --git a/crypto/openssl/crypto/dsa/dsa.h b/crypto/openssl/crypto/dsa/dsa.h
index 545358fd02b2..3e6984eabdf8 100644
--- a/crypto/openssl/crypto/dsa/dsa.h
+++ b/crypto/openssl/crypto/dsa/dsa.h
@@ -249,10 +249,12 @@ int DSAparams_print_fp(FILE *fp, const DSA *x);
int DSA_print_fp(FILE *bp, const DSA *x, int off);
# endif
-# define DSS_prime_checks 50
+# define DSS_prime_checks 64
/*
- * Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of
- * Rabin-Miller
+ * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only
+ * have one value here we set the number of checks to 64 which is the 128 bit
+ * security level that is the highest level and valid for creating a 3072 bit
+ * DSA key.
*/
# define DSA_is_prime(n, callback, cb_arg) \
BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
@@ -307,6 +309,7 @@ void ERR_load_DSA_strings(void);
# define DSA_F_I2D_DSA_SIG 111
# define DSA_F_OLD_DSA_PRIV_DECODE 122
# define DSA_F_PKEY_DSA_CTRL 120
+# define DSA_F_PKEY_DSA_CTRL_STR 127
# define DSA_F_PKEY_DSA_KEYGEN 121
# define DSA_F_SIG_CB 114
diff --git a/crypto/openssl/crypto/dsa/dsa_err.c b/crypto/openssl/crypto/dsa/dsa_err.c
index f5ddc66b8a73..7e507faa36c8 100644
--- a/crypto/openssl/crypto/dsa/dsa_err.c
+++ b/crypto/openssl/crypto/dsa/dsa_err.c
@@ -1,6 +1,6 @@
/* crypto/dsa/dsa_err.c */
/* ====================================================================
- * Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -95,6 +95,7 @@ static ERR_STRING_DATA DSA_str_functs[] = {
{ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"},
{ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE), "OLD_DSA_PRIV_DECODE"},
{ERR_FUNC(DSA_F_PKEY_DSA_CTRL), "PKEY_DSA_CTRL"},
+ {ERR_FUNC(DSA_F_PKEY_DSA_CTRL_STR), "PKEY_DSA_CTRL_STR"},
{ERR_FUNC(DSA_F_PKEY_DSA_KEYGEN), "PKEY_DSA_KEYGEN"},
{ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"},
{0, NULL}
diff --git a/crypto/openssl/crypto/dsa/dsa_gen.c b/crypto/openssl/crypto/dsa/dsa_gen.c
index 21af2e159fb2..db52a38a1882 100644
--- a/crypto/openssl/crypto/dsa/dsa_gen.c
+++ b/crypto/openssl/crypto/dsa/dsa_gen.c
@@ -146,9 +146,16 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
/* invalid q size */
return 0;
- if (evpmd == NULL)
- /* use SHA1 as default */
- evpmd = EVP_sha1();
+ if (evpmd == NULL) {
+ if (qsize == SHA_DIGEST_LENGTH)
+ evpmd = EVP_sha1();
+ else if (qsize == SHA224_DIGEST_LENGTH)
+ evpmd = EVP_sha224();
+ else
+ evpmd = EVP_sha256();
+ } else {
+ qsize = EVP_MD_size(evpmd);
+ }
if (bits < 512)
bits = 512;
diff --git a/crypto/openssl/crypto/dsa/dsa_ossl.c b/crypto/openssl/crypto/dsa/dsa_ossl.c
index aa10dd12f6f8..2dcfedeeee7e 100644
--- a/crypto/openssl/crypto/dsa/dsa_ossl.c
+++ b/crypto/openssl/crypto/dsa/dsa_ossl.c
@@ -133,17 +133,13 @@ const DSA_METHOD *DSA_OpenSSL(void)
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
- BIGNUM m;
- BIGNUM xr;
+ BIGNUM *m, *blind, *blindm, *tmp;
BN_CTX *ctx = NULL;
int reason = ERR_R_BN_LIB;
DSA_SIG *ret = NULL;
int noredo = 0;
- BN_init(&m);
- BN_init(&xr);
-
- if (!dsa->p || !dsa->q || !dsa->g) {
+ if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
reason = DSA_R_MISSING_PARAMETERS;
goto err;
}
@@ -154,6 +150,13 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
+ m = BN_CTX_get(ctx);
+ blind = BN_CTX_get(ctx);
+ blindm = BN_CTX_get(ctx);
+ tmp = BN_CTX_get(ctx);
+ if (tmp == NULL)
+ goto err;
+
redo:
if ((dsa->kinv == NULL) || (dsa->r == NULL)) {
if (!DSA_sign_setup(dsa, ctx, &kinv, &r))
@@ -173,20 +176,52 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
* 4.2
*/
dlen = BN_num_bytes(dsa->q);
- if (BN_bin2bn(dgst, dlen, &m) == NULL)
+ if (BN_bin2bn(dgst, dlen, m) == NULL)
goto err;
- /* Compute s = inv(k) (m + xr) mod q */
- if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx))
- goto err; /* s = xr */
- if (!BN_add(s, &xr, &m))
- goto err; /* s = m + xr */
- if (BN_cmp(s, dsa->q) > 0)
- if (!BN_sub(s, s, dsa->q))
+ /*
+ * The normal signature calculation is:
+ *
+ * s := k^-1 * (m + r * priv_key) mod q
+ *
+ * We will blind this to protect against side channel attacks
+ *
+ * s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod q
+ */
+
+ /* Generate a blinding value */
+ do {
+ if (!BN_rand(blind, BN_num_bits(dsa->q) - 1, -1, 0))
goto err;
+ } while (BN_is_zero(blind));
+ BN_set_flags(blind, BN_FLG_CONSTTIME);
+ BN_set_flags(blindm, BN_FLG_CONSTTIME);
+ BN_set_flags(tmp, BN_FLG_CONSTTIME);
+
+ /* tmp := blind * priv_key * r mod q */
+ if (!BN_mod_mul(tmp, blind, dsa->priv_key, dsa->q, ctx))
+ goto err;
+ if (!BN_mod_mul(tmp, tmp, r, dsa->q, ctx))
+ goto err;
+
+ /* blindm := blind * m mod q */
+ if (!BN_mod_mul(blindm, blind, m, dsa->q, ctx))
+ goto err;
+
+ /* s : = (blind * priv_key * r) + (blind * m) mod q */
+ if (!BN_mod_add_quick(s, tmp, blindm, dsa->q))
+ goto err;
+
+ /* s := s * k^-1 mod q */
if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
goto err;
+ /* s:= s * blind^-1 mod q */
+ if (BN_mod_inverse(blind, blind, dsa->q, ctx) == NULL)
+ goto err;
+ if (!BN_mod_mul(s, s, blind, dsa->q, ctx))
+ goto err;
+
/*
* Redo if r or s is zero as required by FIPS 186-3: this is very
* unlikely.
@@ -210,13 +245,9 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
BN_free(r);
BN_free(s);
}
- if (ctx != NULL)
- BN_CTX_free(ctx);
- BN_clear_free(&m);
- BN_clear_free(&xr);
- if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
- BN_clear_free(kinv);
- return (ret);
+ BN_CTX_free(ctx);
+ BN_clear_free(kinv);
+ return ret;
}
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
diff --git a/crypto/openssl/crypto/dsa/dsa_pmeth.c b/crypto/openssl/crypto/dsa/dsa_pmeth.c
index 78724839b524..7f00e97036f2 100644
--- a/crypto/openssl/crypto/dsa/dsa_pmeth.c
+++ b/crypto/openssl/crypto/dsa/dsa_pmeth.c
@@ -3,7 +3,7 @@
* 2006.
*/
/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -230,10 +230,16 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx,
EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits,
NULL);
}
- if (!strcmp(type, "dsa_paramgen_md")) {
+ if (strcmp(type, "dsa_paramgen_md") == 0) {
+ const EVP_MD *md = EVP_get_digestbyname(value);
+
+ if (md == NULL) {
+ DSAerr(DSA_F_PKEY_DSA_CTRL_STR, DSA_R_INVALID_DIGEST_TYPE);
+ return 0;
+ }
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0,
- (void *)EVP_get_digestbyname(value));
+ (void *)md);
}
return -2;
}
diff --git a/crypto/openssl/crypto/ec/ec_ameth.c b/crypto/openssl/crypto/ec/ec_ameth.c
index 2c41c6e7a9f1..aa5f3056af77 100644
--- a/crypto/openssl/crypto/ec/ec_ameth.c
+++ b/crypto/openssl/crypto/ec/ec_ameth.c
@@ -3,7 +3,7 @@
* 2006.
*/
/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -143,19 +143,19 @@ static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
static EC_KEY *eckey_type2param(int ptype, void *pval)
{
EC_KEY *eckey = NULL;
+ EC_GROUP *group = NULL;
+
if (ptype == V_ASN1_SEQUENCE) {
- ASN1_STRING *pstr = pval;
- const unsigned char *pm = NULL;
- int pmlen;
- pm = pstr->data;
- pmlen = pstr->length;
- if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen))) {
+ const ASN1_STRING *pstr = pval;
+ const unsigned char *pm = pstr->data;
+ int pmlen = pstr->length;
+
+ if ((eckey = d2i_ECParameters(NULL, &pm, pmlen)) == NULL) {
ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
goto ecerr;
}
} else if (ptype == V_ASN1_OBJECT) {
- ASN1_OBJECT *poid = pval;
- EC_GROUP *group;
+ const ASN1_OBJECT *poid = pval;
/*
* type == V_ASN1_OBJECT => the parameters are given by an asn1 OID
@@ -179,8 +179,8 @@ static EC_KEY *eckey_type2param(int ptype, void *pval)
return eckey;
ecerr:
- if (eckey)
- EC_KEY_free(eckey);
+ EC_KEY_free(eckey);
+ EC_GROUP_free(group);
return NULL;
}
diff --git a/crypto/openssl/crypto/ec/ec_lib.c b/crypto/openssl/crypto/ec/ec_lib.c
index 3241aa51d9f4..933745248d8d 100644
--- a/crypto/openssl/crypto/ec/ec_lib.c
+++ b/crypto/openssl/crypto/ec/ec_lib.c
@@ -3,7 +3,7 @@
* Originally written by Bodo Moeller for the OpenSSL project.
*/
/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -319,12 +319,16 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
BN_zero(&group->cofactor);
/*
- * We ignore the return value because some groups have an order with
+ * Some groups have an order with
* factors of two, which makes the Montgomery setup fail.
* |group->mont_data| will be NULL in this case.
*/
- ec_precompute_mont_data(group);
+ if (BN_is_odd(&group->order)) {
+ return ec_precompute_mont_data(group);
+ }
+ BN_MONT_CTX_free(group->mont_data);
+ group->mont_data = NULL;
return 1;
}
diff --git a/crypto/openssl/crypto/ec/ecp_nistz256.c b/crypto/openssl/crypto/ec/ecp_nistz256.c
index 9a53a39a25b9..0579cac3a96e 100644
--- a/crypto/openssl/crypto/ec/ecp_nistz256.c
+++ b/crypto/openssl/crypto/ec/ecp_nistz256.c
@@ -1118,23 +1118,32 @@ static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group,
const P256_POINT_AFFINE *in,
BN_CTX *ctx)
{
- BIGNUM x, y;
- BN_ULONG d_x[P256_LIMBS], d_y[P256_LIMBS];
+ BIGNUM x, y, z;
int ret = 0;
- memcpy(d_x, in->X, sizeof(d_x));
- x.d = d_x;
+ /*
+ * |const| qualifier omission is compensated by BN_FLG_STATIC_DATA
+ * flag, which effectively means "read-only data".
+ */
+ x.d = (BN_ULONG *)in->X;
x.dmax = x.top = P256_LIMBS;
x.neg = 0;
x.flags = BN_FLG_STATIC_DATA;
- memcpy(d_y, in->Y, sizeof(d_y));
- y.d = d_y;
+ y.d = (BN_ULONG *)in->Y;
y.dmax = y.top = P256_LIMBS;
y.neg = 0;
y.flags = BN_FLG_STATIC_DATA;
- ret = EC_POINT_set_affine_coordinates_GFp(group, out, &x, &y, ctx);
+ z.d = (BN_ULONG *)ONE;
+ z.dmax = z.top = P256_LIMBS;
+ z.neg = 0;
+ z.flags = BN_FLG_STATIC_DATA;
+
+ if ((ret = (BN_copy(&out->X, &x) != NULL))
+ && (ret = (BN_copy(&out->Y, &y) != NULL))
+ && (ret = (BN_copy(&out->Z, &z) != NULL)))
+ out->Z_is_one = 1;
return ret;
}
diff --git a/crypto/openssl/crypto/ecdsa/Makefile b/crypto/openssl/crypto/ecdsa/Makefile
index 4ce00e8f9308..2875dddd4910 100644
--- a/crypto/openssl/crypto/ecdsa/Makefile
+++ b/crypto/openssl/crypto/ecdsa/Makefile
@@ -114,7 +114,7 @@ ecs_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
ecs_ossl.o: ../../include/openssl/opensslconf.h
ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-ecs_ossl.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_ossl.c
+ecs_ossl.o: ../../include/openssl/symhacks.h ../bn_int.h ecs_locl.h ecs_ossl.c
ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
ecs_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
ecs_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
diff --git a/crypto/openssl/crypto/ecdsa/ecdsatest.c b/crypto/openssl/crypto/ecdsa/ecdsatest.c
index 0f301f86d9ea..4350afbf04b7 100644
--- a/crypto/openssl/crypto/ecdsa/ecdsatest.c
+++ b/crypto/openssl/crypto/ecdsa/ecdsatest.c
@@ -3,7 +3,7 @@
* Written by Nils Larsch for the OpenSSL project.
*/
/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2000-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -137,7 +137,7 @@ int restore_rand(void)
return 1;
}
-static int fbytes_counter = 0;
+static int fbytes_counter = 0, use_fake = 0;
static const char *numbers[8] = {
"651056770906015076056810763456358567190100156695615665659",
"6140507067065001063065065565667405560006161556565665656654",
@@ -158,6 +158,11 @@ int fbytes(unsigned char *buf, int num)
int ret;
BIGNUM *tmp = NULL;
+ if (use_fake == 0)
+ return old_rand->bytes(buf, num);
+
+ use_fake = 0;
+
if (fbytes_counter >= 8)
return 0;
tmp = BN_new();
@@ -199,11 +204,13 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
/* create the key */
if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)
goto x962_int_err;
+ use_fake = 1;
if (!EC_KEY_generate_key(key))
goto x962_int_err;
BIO_printf(out, ".");
(void)BIO_flush(out);
/* create the signature */
+ use_fake = 1;
signature = ECDSA_do_sign(digest, 20, key);
if (signature == NULL)
goto x962_int_err;
diff --git a/crypto/openssl/crypto/ecdsa/ecs_ossl.c b/crypto/openssl/crypto/ecdsa/ecs_ossl.c
index 16d4f59b9ba9..63c18273fd87 100644
--- a/crypto/openssl/crypto/ecdsa/ecs_ossl.c
+++ b/crypto/openssl/crypto/ecdsa/ecs_ossl.c
@@ -3,7 +3,7 @@
* Written by Nils Larsch for the OpenSSL project
*/
/* ====================================================================
- * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -60,6 +60,7 @@
#include <openssl/err.h>
#include <openssl/obj_mac.h>
#include <openssl/bn.h>
+#include "bn_int.h"
static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
const BIGNUM *, const BIGNUM *,
@@ -251,13 +252,14 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
EC_KEY *eckey)
{
int ok = 0, i;
- BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *order = NULL;
+ BIGNUM *kinv = NULL, *s, *m = NULL, *order = NULL;
const BIGNUM *ckinv;
BN_CTX *ctx = NULL;
const EC_GROUP *group;
ECDSA_SIG *ret;
ECDSA_DATA *ecdsa;
const BIGNUM *priv_key;
+ BN_MONT_CTX *mont_data;
ecdsa = ecdsa_check(eckey);
group = EC_KEY_get0_group(eckey);
@@ -276,7 +278,7 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
s = ret->s;
if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||
- (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) {
+ (m = BN_new()) == NULL) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -285,6 +287,8 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
goto err;
}
+ mont_data = EC_GROUP_get_mont_data(group);
+
i = BN_num_bits(order);
/*
* Need to truncate digest if it is too long: first truncate whole bytes.
@@ -315,15 +319,27 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
}
}
- if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) {
- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+ /*
+ * With only one multiplicant being in Montgomery domain
+ * multiplication yields real result without post-conversion.
+ * Also note that all operations but last are performed with
+ * zero-padded vectors. Last operation, BN_mod_mul_montgomery
+ * below, returns user-visible value with removed zero padding.
+ */
+ if (!bn_to_mont_fixed_top(s, ret->r, mont_data, ctx)
+ || !bn_mul_mont_fixed_top(s, s, priv_key, mont_data, ctx)) {
goto err;
}
- if (!BN_mod_add_quick(s, tmp, m, order)) {
+ if (!bn_mod_add_fixed_top(s, s, m, order)) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
goto err;
}
- if (!BN_mod_mul(s, s, ckinv, order, ctx)) {
+ /*
+ * |s| can still be larger than modulus, because |m| can be. In
+ * such case we count on Montgomery reduction to tie it up.
+ */
+ if (!bn_to_mont_fixed_top(s, s, mont_data, ctx)
+ || !BN_mod_mul_montgomery(s, s, ckinv, mont_data, ctx)) {
ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
goto err;
}
@@ -353,8 +369,6 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
BN_CTX_free(ctx);
if (m)
BN_clear_free(m);
- if (tmp)
- BN_clear_free(tmp);
if (order)
BN_free(order);
if (kinv)
diff --git a/crypto/openssl/crypto/engine/eng_lib.c b/crypto/openssl/crypto/engine/eng_lib.c
index dc2abd28ec6a..e605b978ead4 100644
--- a/crypto/openssl/crypto/engine/eng_lib.c
+++ b/crypto/openssl/crypto/engine/eng_lib.c
@@ -4,7 +4,7 @@
* 2000.
*/
/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -188,8 +188,10 @@ void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
if (!int_cleanup_check(1))
return;
item = int_cleanup_item(cb);
- if (item)
- sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
+ if (item != NULL) {
+ if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0)
+ OPENSSL_free(item);
+ }
}
/* The API function that performs all cleanup */
diff --git a/crypto/openssl/crypto/engine/tb_asnmth.c b/crypto/openssl/crypto/engine/tb_asnmth.c
index a1a9b88c43c8..04cb466eb3e8 100644
--- a/crypto/openssl/crypto/engine/tb_asnmth.c
+++ b/crypto/openssl/crypto/engine/tb_asnmth.c
@@ -1,5 +1,5 @@
/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2006-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -215,7 +215,7 @@ static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg)
ENGINE *e = sk_ENGINE_value(sk, i);
EVP_PKEY_ASN1_METHOD *ameth;
e->pkey_asn1_meths(e, &ameth, NULL, nid);
- if (((int)strlen(ameth->pem_str) == lk->len) &&
+ if (ameth != NULL && ((int)strlen(ameth->pem_str) == lk->len) &&
!strncasecmp(ameth->pem_str, lk->str, lk->len)) {
lk->e = e;
lk->ameth = ameth;
diff --git a/crypto/openssl/crypto/o_time.c b/crypto/openssl/crypto/o_time.c
index 61927439eaf5..a763b2ce202d 100644
--- a/crypto/openssl/crypto/o_time.c
+++ b/crypto/openssl/crypto/o_time.c
@@ -109,6 +109,10 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
if (gmtime_r(timer, result) == NULL)
return NULL;
ts = result;
+#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400
+ if (gmtime_s(result, timer))
+ return NULL;
+ ts = result;
#elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK)
ts = gmtime(timer);
if (ts == NULL)
diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/openssl/crypto/opensslv.h
index 668757f4a372..68e558c7fdb1 100644
--- a/crypto/openssl/crypto/opensslv.h
+++ b/crypto/openssl/crypto/opensslv.h
@@ -30,11 +30,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x100020ffL
+# define OPENSSL_VERSION_NUMBER 0x1000210fL
# ifdef OPENSSL_FIPS
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o-fips 27 Mar 2018"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2p-fips 14 Aug 2018"
# else
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2o-freebsd 27 Mar 2018"
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2p-freebsd 14 Aug 2018"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/crypto/openssl/crypto/pem/pem.h b/crypto/openssl/crypto/pem/pem.h
index aac72fb21eda..9c1d939a919e 100644
--- a/crypto/openssl/crypto/pem/pem.h
+++ b/crypto/openssl/crypto/pem/pem.h
@@ -442,7 +442,8 @@ void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt);
int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
unsigned int *siglen, EVP_PKEY *pkey);
-int PEM_def_callback(char *buf, int num, int w, void *key);
+/* The default pem_password_cb that's used internally */
+int PEM_def_callback(char *buf, int num, int rwflag, void *userdata);
void PEM_proc_type(char *buf, int type);
void PEM_dek_info(char *buf, const char *type, int len, char *str);
diff --git a/crypto/openssl/crypto/pem/pem_lib.c b/crypto/openssl/crypto/pem/pem_lib.c
index 4d5f053e4680..4ccc676ed74e 100644
--- a/crypto/openssl/crypto/pem/pem_lib.c
+++ b/crypto/openssl/crypto/pem/pem_lib.c
@@ -82,51 +82,39 @@ static int load_iv(char **fromp, unsigned char *to, int num);
static int check_pem(const char *nm, const char *name);
int pem_check_suffix(const char *pem_str, const char *suffix);
-int PEM_def_callback(char *buf, int num, int w, void *key)
+int PEM_def_callback(char *buf, int num, int rwflag, void *userdata)
{
-#ifdef OPENSSL_NO_FP_API
- /*
- * We should not ever call the default callback routine from windows.
- */
- PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return (-1);
-#else
- int i, j;
+ int i, min_len;
const char *prompt;
- if (key) {
- i = strlen(key);
+
+ /* We assume that the user passes a default password as userdata */
+ if (userdata) {
+ i = strlen(userdata);
i = (i > num) ? num : i;
- memcpy(buf, key, i);
- return (i);
+ memcpy(buf, userdata, i);
+ return i;
}
prompt = EVP_get_pw_prompt();
if (prompt == NULL)
prompt = "Enter PEM pass phrase:";
- for (;;) {
- /*
- * We assume that w == 0 means decryption,
- * while w == 1 means encryption
- */
- int min_len = w ? MIN_LENGTH : 0;
+ /*
+ * rwflag == 0 means decryption
+ * rwflag == 1 means encryption
+ *
+ * We assume that for encryption, we want a minimum length, while for
+ * decryption, we cannot know any minimum length, so we assume zero.
+ */
+ min_len = rwflag ? MIN_LENGTH : 0;
- i = EVP_read_pw_string_min(buf, min_len, num, prompt, w);
- if (i != 0) {
- PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD);
- memset(buf, 0, (unsigned int)num);
- return (-1);
- }
- j = strlen(buf);
- if (min_len && j < min_len) {
- fprintf(stderr,
- "phrase is too short, needs to be at least %d chars\n",
- min_len);
- } else
- break;
+ i = EVP_read_pw_string_min(buf, min_len, num, prompt, rwflag);
+ if (i != 0) {
+ PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD);
+ memset(buf, 0, (unsigned int)num);
+ return -1;
}
- return (j);
-#endif
+ return strlen(buf);
}
void PEM_proc_type(char *buf, int type)
@@ -459,7 +447,7 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
else
klen = callback(buf, PEM_BUFSIZE, 0, u);
- if (klen <= 0) {
+ if (klen < 0) {
PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);
return (0);
}
@@ -499,6 +487,7 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
char **header_pp = &header;
cipher->cipher = NULL;
+ memset(cipher->iv, 0, sizeof(cipher->iv));
if ((header == NULL) || (*header == '\0') || (*header == '\n'))
return (1);
if (strncmp(header, "Proc-Type: ", 11) != 0) {
diff --git a/crypto/openssl/crypto/pem/pem_pk8.c b/crypto/openssl/crypto/pem/pem_pk8.c
index daf210fde0f9..ae18d26043ef 100644
--- a/crypto/openssl/crypto/pem/pem_pk8.c
+++ b/crypto/openssl/crypto/pem/pem_pk8.c
@@ -171,7 +171,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
klen = cb(psbuf, PEM_BUFSIZE, 0, u);
else
klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
- if (klen <= 0) {
+ if (klen < 0) {
PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
X509_SIG_free(p8);
return NULL;
diff --git a/crypto/openssl/crypto/pem/pem_pkey.c b/crypto/openssl/crypto/pem/pem_pkey.c
index e8b3a1b92c8d..a189cd274c32 100644
--- a/crypto/openssl/crypto/pem/pem_pkey.c
+++ b/crypto/openssl/crypto/pem/pem_pkey.c
@@ -113,7 +113,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
klen = cb(psbuf, PEM_BUFSIZE, 0, u);
else
klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
- if (klen <= 0) {
+ if (klen < 0) {
PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ);
X509_SIG_free(p8);
goto err;
diff --git a/crypto/openssl/crypto/pem/pvkfmt.c b/crypto/openssl/crypto/pem/pvkfmt.c
index 1ce5a1e319c5..f376f594b12d 100644
--- a/crypto/openssl/crypto/pem/pvkfmt.c
+++ b/crypto/openssl/crypto/pem/pvkfmt.c
@@ -3,7 +3,7 @@
* 2005.
*/
/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2005-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -702,7 +702,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
else
inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
- if (inlen <= 0) {
+ if (inlen < 0) {
PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
goto err;
}
diff --git a/crypto/openssl/crypto/pkcs12/p12_asn.c b/crypto/openssl/crypto/pkcs12/p12_asn.c
index 370ddbd6e77e..78c7f40350d0 100644
--- a/crypto/openssl/crypto/pkcs12/p12_asn.c
+++ b/crypto/openssl/crypto/pkcs12/p12_asn.c
@@ -4,7 +4,7 @@
* 1999.
*/
/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -100,7 +100,7 @@ ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_
ASN1_ADB(PKCS12_SAFEBAG) = {
ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)),
ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)),
- ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
+ ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SEQUENCE_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0))
diff --git a/crypto/openssl/crypto/rsa/Makefile b/crypto/openssl/crypto/rsa/Makefile
index e292e84db3c9..6be73ed187f0 100644
--- a/crypto/openssl/crypto/rsa/Makefile
+++ b/crypto/openssl/crypto/rsa/Makefile
@@ -153,7 +153,7 @@ rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c
+rsa_eay.o: ../../include/openssl/symhacks.h ../bn_int.h ../cryptlib.h rsa_eay.c
rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
diff --git a/crypto/openssl/crypto/rsa/rsa_eay.c b/crypto/openssl/crypto/rsa/rsa_eay.c
index b147fff8bd60..7ba24e362c56 100644
--- a/crypto/openssl/crypto/rsa/rsa_eay.c
+++ b/crypto/openssl/crypto/rsa/rsa_eay.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -114,6 +114,7 @@
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/rand.h>
+#include "bn_int.h"
#ifndef RSA_NULL
@@ -156,7 +157,7 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
BIGNUM *f, *ret;
- int i, j, k, num = 0, r = -1;
+ int i, num = 0, r = -1;
unsigned char *buf = NULL;
BN_CTX *ctx = NULL;
@@ -232,15 +233,10 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
goto err;
/*
- * put in leading 0 bytes if the number is less than the length of the
- * modulus
+ * BN_bn2binpad puts in leading 0 bytes if the number is less than
+ * the length of the modulus.
*/
- j = BN_num_bytes(ret);
- i = BN_bn2bin(ret, &(to[num - j]));
- for (k = 0; k < (num - i); k++)
- to[k] = 0;
-
- r = num;
+ r = bn_bn2binpad(ret, to, num);
err:
if (ctx != NULL) {
BN_CTX_end(ctx);
@@ -349,7 +345,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
BIGNUM *f, *ret, *res;
- int i, j, k, num = 0, r = -1;
+ int i, num = 0, r = -1;
unsigned char *buf = NULL;
BN_CTX *ctx = NULL;
int local_blinding = 0;
@@ -459,15 +455,10 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
res = ret;
/*
- * put in leading 0 bytes if the number is less than the length of the
- * modulus
+ * BN_bn2binpad puts in leading 0 bytes if the number is less than
+ * the length of the modulus.
*/
- j = BN_num_bytes(res);
- i = BN_bn2bin(res, &(to[num - j]));
- for (k = 0; k < (num - i); k++)
- to[k] = 0;
-
- r = num;
+ r = bn_bn2binpad(res, to, num);
err:
if (ctx != NULL) {
BN_CTX_end(ctx);
@@ -485,7 +476,6 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
{
BIGNUM *f, *ret;
int j, num = 0, r = -1;
- unsigned char *p;
unsigned char *buf = NULL;
BN_CTX *ctx = NULL;
int local_blinding = 0;
@@ -576,8 +566,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
goto err;
- p = buf;
- j = BN_bn2bin(ret, p); /* j is only used with no-padding mode */
+ j = bn_bn2binpad(ret, buf, num);
switch (padding) {
case RSA_PKCS1_PADDING:
@@ -592,7 +581,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
r = RSA_padding_check_SSLv23(to, num, buf, j, num);
break;
case RSA_NO_PADDING:
- r = RSA_padding_check_none(to, num, buf, j, num);
+ memcpy(to, buf, (r = j));
break;
default:
RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
@@ -619,7 +608,6 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
{
BIGNUM *f, *ret;
int i, num = 0, r = -1;
- unsigned char *p;
unsigned char *buf = NULL;
BN_CTX *ctx = NULL;
@@ -684,8 +672,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
if (!BN_sub(ret, rsa->n, ret))
goto err;
- p = buf;
- i = BN_bn2bin(ret, p);
+ i = bn_bn2binpad(ret, buf, num);
switch (padding) {
case RSA_PKCS1_PADDING:
@@ -695,7 +682,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
r = RSA_padding_check_X931(to, num, buf, i, num);
break;
case RSA_NO_PADDING:
- r = RSA_padding_check_none(to, num, buf, i, num);
+ memcpy(to, buf, (r = i));
break;
default:
RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
diff --git a/crypto/openssl/crypto/rsa/rsa_gen.c b/crypto/openssl/crypto/rsa/rsa_gen.c
index 9ca5dfefb707..42b89a8dfaa0 100644
--- a/crypto/openssl/crypto/rsa/rsa_gen.c
+++ b/crypto/openssl/crypto/rsa/rsa_gen.c
@@ -156,6 +156,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
if (BN_copy(rsa->e, e_value) == NULL)
goto err;
+ BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
+ BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
BN_set_flags(r2, BN_FLG_CONSTTIME);
/* generate p and q */
for (;;) {
diff --git a/crypto/openssl/crypto/rsa/rsa_oaep.c b/crypto/openssl/crypto/rsa/rsa_oaep.c
index 9a01b4afc11f..3fb8f6b33d4b 100644
--- a/crypto/openssl/crypto/rsa/rsa_oaep.c
+++ b/crypto/openssl/crypto/rsa/rsa_oaep.c
@@ -120,7 +120,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
int plen, const EVP_MD *md,
const EVP_MD *mgf1md)
{
- int i, dblen, mlen = -1, one_index = 0, msg_index;
+ int i, dblen = 0, mlen = -1, one_index = 0, msg_index;
unsigned int good, found_one_byte;
const unsigned char *maskedseed, *maskeddb;
/*
@@ -153,32 +153,41 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
dblen = num - mdlen - 1;
db = OPENSSL_malloc(dblen);
- em = OPENSSL_malloc(num);
- if (db == NULL || em == NULL) {
+ if (db == NULL) {
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE);
goto cleanup;
}
- /*
- * Always do this zero-padding copy (even when num == flen) to avoid
- * leaking that information. The copy still leaks some side-channel
- * information, but it's impossible to have a fixed memory access
- * pattern since we can't read out of the bounds of |from|.
- *
- * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL.
- */
- memset(em, 0, num);
- memcpy(em + num - flen, from, flen);
+ if (flen != num) {
+ em = OPENSSL_malloc(num);
+ if (em == NULL) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
+ ERR_R_MALLOC_FAILURE);
+ goto cleanup;
+ }
+
+ /*
+ * Caller is encouraged to pass zero-padded message created with
+ * BN_bn2binpad, but if it doesn't, we do this zero-padding copy
+ * to avoid leaking that information. The copy still leaks some
+ * side-channel information, but it's impossible to have a fixed
+ * memory access pattern since we can't read out of the bounds of
+ * |from|.
+ */
+ memset(em, 0, num);
+ memcpy(em + num - flen, from, flen);
+ from = em;
+ }
/*
* The first byte must be zero, however we must not leak if this is
* true. See James H. Manger, "A Chosen Ciphertext Attack on RSA
* Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001).
*/
- good = constant_time_is_zero(em[0]);
+ good = constant_time_is_zero(from[0]);
- maskedseed = em + 1;
- maskeddb = em + 1 + mdlen;
+ maskedseed = from + 1;
+ maskeddb = from + 1 + mdlen;
if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md))
goto cleanup;
diff --git a/crypto/openssl/crypto/rsa/rsa_pk1.c b/crypto/openssl/crypto/rsa/rsa_pk1.c
index 50397c335a5a..5d7882a3bfcf 100644
--- a/crypto/openssl/crypto/rsa/rsa_pk1.c
+++ b/crypto/openssl/crypto/rsa/rsa_pk1.c
@@ -98,6 +98,27 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
const unsigned char *p;
p = from;
+
+ /*
+ * The format is
+ * 00 || 01 || PS || 00 || D
+ * PS - padding string, at least 8 bytes of FF
+ * D - data.
+ */
+
+ if (num < 11)
+ return -1;
+
+ /* Accept inputs with and without the leading 0-byte. */
+ if (num == flen) {
+ if ((*p++) != 0x00) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+ RSA_R_INVALID_PADDING);
+ return -1;
+ }
+ flen--;
+ }
+
if ((num != (flen + 1)) || (*(p++) != 01)) {
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
RSA_R_BLOCK_TYPE_IS_NOT_01);
@@ -203,28 +224,31 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
if (num < 11)
goto err;
- em = OPENSSL_malloc(num);
- if (em == NULL) {
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE);
- return -1;
+ if (flen != num) {
+ em = OPENSSL_malloc(num);
+ if (em == NULL) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ /*
+ * Caller is encouraged to pass zero-padded message created with
+ * BN_bn2binpad, but if it doesn't, we do this zero-padding copy
+ * to avoid leaking that information. The copy still leaks some
+ * side-channel information, but it's impossible to have a fixed
+ * memory access pattern since we can't read out of the bounds of
+ * |from|.
+ */
+ memset(em, 0, num);
+ memcpy(em + num - flen, from, flen);
+ from = em;
}
- memset(em, 0, num);
- /*
- * Always do this zero-padding copy (even when num == flen) to avoid
- * leaking that information. The copy still leaks some side-channel
- * information, but it's impossible to have a fixed memory access
- * pattern since we can't read out of the bounds of |from|.
- *
- * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL.
- */
- memcpy(em + num - flen, from, flen);
- good = constant_time_is_zero(em[0]);
- good &= constant_time_eq(em[1], 2);
+ good = constant_time_is_zero(from[0]);
+ good &= constant_time_eq(from[1], 2);
found_zero_byte = 0;
for (i = 2; i < num; i++) {
- unsigned int equals0 = constant_time_is_zero(em[i]);
+ unsigned int equals0 = constant_time_is_zero(from[i]);
zero_index =
constant_time_select_int(~found_zero_byte & equals0, i,
zero_index);
@@ -232,7 +256,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
}
/*
- * PS must be at least 8 bytes long, and it starts two bytes into |em|.
+ * PS must be at least 8 bytes long, and it starts two bytes into |from|.
* If we never found a 0-byte, then |zero_index| is 0 and the check
* also fails.
*/
@@ -261,7 +285,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
goto err;
}
- memcpy(to, em + msg_index, mlen);
+ memcpy(to, from + msg_index, mlen);
err:
if (em != NULL) {
diff --git a/crypto/openssl/crypto/rsa/rsa_sign.c b/crypto/openssl/crypto/rsa/rsa_sign.c
index 82ca8324dfbc..b7fff43530f2 100644
--- a/crypto/openssl/crypto/rsa/rsa_sign.c
+++ b/crypto/openssl/crypto/rsa/rsa_sign.c
@@ -84,7 +84,7 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
return 0;
}
#endif
- if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
+ if ((rsa->meth->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
}
/* Special case: SSL signature, just check the length */
@@ -293,7 +293,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
{
- if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
+ if ((rsa->meth->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
}
diff --git a/crypto/openssl/crypto/rsa/rsa_ssl.c b/crypto/openssl/crypto/rsa/rsa_ssl.c
index 746e01f64a9d..831f75aaf434 100644
--- a/crypto/openssl/crypto/rsa/rsa_ssl.c
+++ b/crypto/openssl/crypto/rsa/rsa_ssl.c
@@ -112,6 +112,14 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL);
return (-1);
}
+ /* Accept even zero-padded input */
+ if (flen == num) {
+ if (*(p++) != 0) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02);
+ return -1;
+ }
+ flen--;
+ }
if ((num != (flen + 1)) || (*(p++) != 02)) {
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02);
return (-1);
diff --git a/crypto/openssl/crypto/sha/asm/sha1-586.pl b/crypto/openssl/crypto/sha/asm/sha1-586.pl
index e0b5d83b6201..e29c33a9e3cb 100644
--- a/crypto/openssl/crypto/sha/asm/sha1-586.pl
+++ b/crypto/openssl/crypto/sha/asm/sha1-586.pl
@@ -131,7 +131,7 @@ $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" &&
`ml 2>&1` =~ /Version ([0-9]+)\./ &&
$1>=10); # first version supporting AVX
-$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/ &&
+$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ &&
$2>=3.0); # first version supporting AVX
$shaext=$xmm; ### set to zero if compiling for 1.0.1
diff --git a/crypto/openssl/crypto/sha/asm/sha256-586.pl b/crypto/openssl/crypto/sha/asm/sha256-586.pl
index e9077143817c..1c3fb0063606 100755
--- a/crypto/openssl/crypto/sha/asm/sha256-586.pl
+++ b/crypto/openssl/crypto/sha/asm/sha256-586.pl
@@ -83,7 +83,7 @@ if ($xmm && !$avx && $ARGV[0] eq "win32" &&
$avx = ($1>=10) + ($1>=11);
}
-if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /(^clang version|based on LLVM) ([3-9]\.[0-9]+)/) {
+if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
$avx = ($2>=3.0) + ($2>3.0);
}
diff --git a/crypto/openssl/crypto/ui/ui_openssl.c b/crypto/openssl/crypto/ui/ui_openssl.c
index 8a43590319fa..1ad0cfc5b873 100644
--- a/crypto/openssl/crypto/ui/ui_openssl.c
+++ b/crypto/openssl/crypto/ui/ui_openssl.c
@@ -4,7 +4,7 @@
* OpenSSL project 2001.
*/
/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2001-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -567,17 +567,13 @@ static int echo_console(UI *ui)
{
#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
- tty_new.TTY_FLAGS |= ECHO;
-#endif
-
-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1))
return 0;
#endif
#ifdef OPENSSL_SYS_VMS
if (is_a_tty) {
tty_new[0] = tty_orig[0];
- tty_new[1] = tty_orig[1] & ~TT$M_NOECHO;
+ tty_new[1] = tty_orig[1];
tty_new[2] = tty_orig[2];
status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12,
0, 0, 0, 0);
diff --git a/crypto/openssl/crypto/x509/x509_cmp.c b/crypto/openssl/crypto/x509/x509_cmp.c
index 49c71b91280e..2d82f8fa8b2a 100644
--- a/crypto/openssl/crypto/x509/x509_cmp.c
+++ b/crypto/openssl/crypto/x509/x509_cmp.c
@@ -219,7 +219,7 @@ int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
ret = a->canon_enclen - b->canon_enclen;
- if (ret)
+ if (ret != 0 || a->canon_enclen == 0)
return ret;
return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
diff --git a/crypto/openssl/crypto/x509/x509_lu.c b/crypto/openssl/crypto/x509/x509_lu.c
index b7424809fdbb..3d18ea90beb6 100644
--- a/crypto/openssl/crypto/x509/x509_lu.c
+++ b/crypto/openssl/crypto/x509/x509_lu.c
@@ -311,7 +311,11 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
X509_OBJECT stmp, *tmp;
int i, j;
+ if (ctx == NULL)
+ return 0;
+
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+
tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
@@ -506,6 +510,10 @@ STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
STACK_OF(X509) *sk;
X509 *x;
X509_OBJECT *obj;
+
+ if (ctx->ctx == NULL)
+ return NULL;
+
sk = sk_X509_new_null();
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt);
@@ -551,6 +559,11 @@ STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
STACK_OF(X509_CRL) *sk;
X509_CRL *x;
X509_OBJECT *obj, xobj;
+
+
+ if (ctx->ctx == NULL)
+ return NULL;
+
sk = sk_X509_CRL_new_null();
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
@@ -651,6 +664,9 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
}
X509_OBJECT_free_contents(&obj);
+ if (ctx->ctx == NULL)
+ return 0;
+
/* Else find index of first cert accepted by 'check_issued' */
ret = 0;
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
diff --git a/crypto/openssl/crypto/x509/x509_vfy.c b/crypto/openssl/crypto/x509/x509_vfy.c
index b1472018baf7..869460d7cdba 100644
--- a/crypto/openssl/crypto/x509/x509_vfy.c
+++ b/crypto/openssl/crypto/x509/x509_vfy.c
@@ -56,6 +56,7 @@
* [including the GNU Public Licence.]
*/
+#include <ctype.h>
#include <stdio.h>
#include <time.h>
#include <errno.h>
@@ -1937,119 +1938,67 @@ int X509_cmp_current_time(const ASN1_TIME *ctm)
int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
{
- char *str;
- ASN1_TIME atm;
- long offset;
- char buff1[24], buff2[24], *p;
- int i, j, remaining;
+ static const size_t utctime_length = sizeof("YYMMDDHHMMSSZ") - 1;
+ static const size_t generalizedtime_length = sizeof("YYYYMMDDHHMMSSZ") - 1;
+ ASN1_TIME *asn1_cmp_time = NULL;
+ int i, day, sec, ret = 0;
- p = buff1;
- remaining = ctm->length;
- str = (char *)ctm->data;
/*
- * Note that the following (historical) code allows much more slack in the
- * time format than RFC5280. In RFC5280, the representation is fixed:
+ * Note that ASN.1 allows much more slack in the time format than RFC5280.
+ * In RFC5280, the representation is fixed:
* UTCTime: YYMMDDHHMMSSZ
* GeneralizedTime: YYYYMMDDHHMMSSZ
+ *
+ * We do NOT currently enforce the following RFC 5280 requirement:
+ * "CAs conforming to this profile MUST always encode certificate
+ * validity dates through the year 2049 as UTCTime; certificate validity
+ * dates in 2050 or later MUST be encoded as GeneralizedTime."
*/
- if (ctm->type == V_ASN1_UTCTIME) {
- /* YYMMDDHHMM[SS]Z or YYMMDDHHMM[SS](+-)hhmm */
- int min_length = sizeof("YYMMDDHHMMZ") - 1;
- int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1;
- if (remaining < min_length || remaining > max_length)
+ switch (ctm->type) {
+ case V_ASN1_UTCTIME:
+ if (ctm->length != (int)(utctime_length))
return 0;
- memcpy(p, str, 10);
- p += 10;
- str += 10;
- remaining -= 10;
- } else {
- /* YYYYMMDDHHMM[SS[.fff]]Z or YYYYMMDDHHMM[SS[.f[f[f]]]](+-)hhmm */
- int min_length = sizeof("YYYYMMDDHHMMZ") - 1;
- int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1;
- if (remaining < min_length || remaining > max_length)
+ break;
+ case V_ASN1_GENERALIZEDTIME:
+ if (ctm->length != (int)(generalizedtime_length))
return 0;
- memcpy(p, str, 12);
- p += 12;
- str += 12;
- remaining -= 12;
+ break;
+ default:
+ return 0;
}
- if ((*str == 'Z') || (*str == '-') || (*str == '+')) {
- *(p++) = '0';
- *(p++) = '0';
- } else {
- /* SS (seconds) */
- if (remaining < 2)
+ /**
+ * Verify the format: the ASN.1 functions we use below allow a more
+ * flexible format than what's mandated by RFC 5280.
+ * Digit and date ranges will be verified in the conversion methods.
+ */
+ for (i = 0; i < ctm->length - 1; i++) {
+ if (!isdigit(ctm->data[i]))
return 0;
- *(p++) = *(str++);
- *(p++) = *(str++);
- remaining -= 2;
- /*
- * Skip any (up to three) fractional seconds...
- * TODO(emilia): in RFC5280, fractional seconds are forbidden.
- * Can we just kill them altogether?
- */
- if (remaining && *str == '.') {
- str++;
- remaining--;
- for (i = 0; i < 3 && remaining; i++, str++, remaining--) {
- if (*str < '0' || *str > '9')
- break;
- }
- }
-
}
- *(p++) = 'Z';
- *(p++) = '\0';
-
- /* We now need either a terminating 'Z' or an offset. */
- if (!remaining)
+ if (ctm->data[ctm->length - 1] != 'Z')
return 0;
- if (*str == 'Z') {
- if (remaining != 1)
- return 0;
- offset = 0;
- } else {
- /* (+-)HHMM */
- if ((*str != '+') && (*str != '-'))
- return 0;
- /* Historical behaviour: the (+-)hhmm offset is forbidden in RFC5280. */
- if (remaining != 5)
- return 0;
- if (str[1] < '0' || str[1] > '9' || str[2] < '0' || str[2] > '9' ||
- str[3] < '0' || str[3] > '9' || str[4] < '0' || str[4] > '9')
- return 0;
- offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60;
- offset += (str[3] - '0') * 10 + (str[4] - '0');
- if (*str == '-')
- offset = -offset;
- }
- atm.type = ctm->type;
- atm.flags = 0;
- atm.length = sizeof(buff2);
- atm.data = (unsigned char *)buff2;
- if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL)
- return 0;
+ /*
+ * There is ASN1_UTCTIME_cmp_time_t but no
+ * ASN1_GENERALIZEDTIME_cmp_time_t or ASN1_TIME_cmp_time_t,
+ * so we go through ASN.1
+ */
+ asn1_cmp_time = X509_time_adj(NULL, 0, cmp_time);
+ if (asn1_cmp_time == NULL)
+ goto err;
+ if (!ASN1_TIME_diff(&day, &sec, ctm, asn1_cmp_time))
+ goto err;
- if (ctm->type == V_ASN1_UTCTIME) {
- i = (buff1[0] - '0') * 10 + (buff1[1] - '0');
- if (i < 50)
- i += 100; /* cf. RFC 2459 */
- j = (buff2[0] - '0') * 10 + (buff2[1] - '0');
- if (j < 50)
- j += 100;
-
- if (i < j)
- return -1;
- if (i > j)
- return 1;
- }
- i = strcmp(buff1, buff2);
- if (i == 0) /* wait a second then return younger :-) */
- return -1;
- else
- return i;
+ /*
+ * X509_cmp_time comparison is <=.
+ * The return value 0 is reserved for errors.
+ */
+ ret = (day >= 0 && sec >= 0) ? -1 : 1;
+
+ err:
+ ASN1_TIME_free(asn1_cmp_time);
+ return ret;
}
ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
diff --git a/crypto/openssl/crypto/x509v3/v3_purp.c b/crypto/openssl/crypto/x509v3/v3_purp.c
index 96e629a9301f..7080a51c4c5b 100644
--- a/crypto/openssl/crypto/x509v3/v3_purp.c
+++ b/crypto/openssl/crypto/x509v3/v3_purp.c
@@ -4,7 +4,7 @@
* 2001.
*/
/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -128,11 +128,10 @@ int X509_check_purpose(X509 *x, int id, int ca)
{
int idx;
const X509_PURPOSE *pt;
- if (!(x->ex_flags & EXFLAG_SET)) {
- CRYPTO_w_lock(CRYPTO_LOCK_X509);
- x509v3_cache_extensions(x);
- CRYPTO_w_unlock(CRYPTO_LOCK_X509);
- }
+
+ x509v3_cache_extensions(x);
+
+ /* Return if side-effect only call */
if (id == -1)
return 1;
idx = X509_PURPOSE_get_by_id(id);
@@ -399,8 +398,16 @@ static void x509v3_cache_extensions(X509 *x)
X509_EXTENSION *ex;
int i;
+
if (x->ex_flags & EXFLAG_SET)
return;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_X509);
+ if (x->ex_flags & EXFLAG_SET) {
+ CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+ return;
+ }
+
#ifndef OPENSSL_NO_SHA
X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
#endif
@@ -536,6 +543,7 @@ static void x509v3_cache_extensions(X509 *x)
}
}
x->ex_flags |= EXFLAG_SET;
+ CRYPTO_w_unlock(CRYPTO_LOCK_X509);
}
/*-
@@ -578,11 +586,7 @@ static int check_ca(const X509 *x)
int X509_check_ca(X509 *x)
{
- if (!(x->ex_flags & EXFLAG_SET)) {
- CRYPTO_w_lock(CRYPTO_LOCK_X509);
- x509v3_cache_extensions(x);
- CRYPTO_w_unlock(CRYPTO_LOCK_X509);
- }
+ x509v3_cache_extensions(x);
return check_ca(x);
}
@@ -796,6 +800,7 @@ int X509_check_issued(X509 *issuer, X509 *subject)
if (X509_NAME_cmp(X509_get_subject_name(issuer),
X509_get_issuer_name(subject)))
return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
+
x509v3_cache_extensions(issuer);
x509v3_cache_extensions(subject);
diff --git a/crypto/openssl/doc/apps/cms.pod b/crypto/openssl/doc/apps/cms.pod
index 4a7783d47a4e..dd6ae6e11ec1 100644
--- a/crypto/openssl/doc/apps/cms.pod
+++ b/crypto/openssl/doc/apps/cms.pod
@@ -335,6 +335,9 @@ When encrypting a message this option may be used multiple times to specify
each recipient. This form B<must> be used if customised parameters are
required (for example to specify RSA-OAEP).
+Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this
+option.
+
=item B<-keyid>
use subject key identifier to identify certificates instead of issuer name and
@@ -648,17 +651,14 @@ No revocation checking is done on the signer's certificate.
=head1 HISTORY
The use of multiple B<-signer> options and the B<-resign> command were first
-added in OpenSSL 1.0.0
-
-The B<keyopt> option was first added in OpenSSL 1.1.0
+added in OpenSSL 1.0.0.
-The use of B<-recip> to specify the recipient when encrypting mail was first
-added to OpenSSL 1.1.0
+The B<keyopt> option was first added in OpenSSL 1.0.2.
-Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0.
+Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.0.2.
The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added
-to OpenSSL 1.1.0.
+to OpenSSL 1.0.2.
The -no_alt_chains options was first added to OpenSSL 1.0.2b.
diff --git a/crypto/openssl/doc/apps/config.pod b/crypto/openssl/doc/apps/config.pod
index 421fee7aa8cc..7344d912b576 100644
--- a/crypto/openssl/doc/apps/config.pod
+++ b/crypto/openssl/doc/apps/config.pod
@@ -21,7 +21,7 @@ started or end of file is reached. A section name can consist of
alphanumeric characters and underscores.
The first section of a configuration file is special and is referred
-to as the B<default> section this is usually unnamed and is from the
+to as the B<default> section. This section is usually unnamed and spans from the
start of file until the first named section. When a name is being looked up
it is first looked up in a named section (if any) and then the
default section.
diff --git a/crypto/openssl/doc/apps/genpkey.pod b/crypto/openssl/doc/apps/genpkey.pod
index 4d09fc0937c5..2e2440056fdd 100644
--- a/crypto/openssl/doc/apps/genpkey.pod
+++ b/crypto/openssl/doc/apps/genpkey.pod
@@ -11,7 +11,7 @@ B<openssl> B<genpkey>
[B<-out filename>]
[B<-outform PEM|DER>]
[B<-pass arg>]
-[B<-cipher>]
+[B<-I<cipher>>]
[B<-engine id>]
[B<-paramfile file>]
[B<-algorithm alg>]
@@ -34,21 +34,21 @@ used.
=item B<-outform DER|PEM>
-This specifies the output format DER or PEM.
+This specifies the output format DER or PEM. The default format is PEM.
=item B<-pass arg>
-the output file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+The output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
-=item B<-cipher>
+=item B<-I<cipher>>
This option encrypts the private key with the supplied cipher. Any algorithm
name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>.
=item B<-engine id>
-specifying an engine (by its unique B<id> string) will cause B<genpkey>
+Specifying an engine (by its unique B<id> string) will cause B<genpkey>
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms. If used this option should precede all other
@@ -56,20 +56,33 @@ options.
=item B<-algorithm alg>
-public key algorithm to use such as RSA, DSA or DH. If used this option must
+Public key algorithm to use such as RSA, DSA or DH. If used this option must
precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm>
-are mutually exclusive.
+are mutually exclusive. Engines may add algorithms in addition to the standard
+built-in ones.
+
+Valid built-in algorithm names for private key generation are RSA and EC.
+
+Valid built-in algorithm names for parameter generation (see the B<-genparam>
+option) are DH, DSA and EC.
+
+Note that the algorithm name X9.42 DH may be used as a synonym for the DH
+algorithm. These are identical and do not indicate the type of parameters that
+will be generated. Use the B<dh_paramgen_type> option to indicate whether PKCS#3
+or X9.42 DH parameters are required. See L<DH Parameter Generation Options>
+below for more details.
=item B<-pkeyopt opt:value>
-set the public key algorithm option B<opt> to B<value>. The precise set of
+Set the public key algorithm option B<opt> to B<value>. The precise set of
options supported depends on the public key algorithm used and its
-implementation. See B<KEY GENERATION OPTIONS> below for more details.
+implementation. See L<KEY GENERATION OPTIONS> and
+L<PARAMETER GENERATION OPTIONS> below for more details.
=item B<-genparam>
-generate a set of parameters instead of a private key. If used this option must
-precede and B<-algorithm>, B<-paramfile> or B<-pkeyopt> options.
+Generate a set of parameters instead of a private key. If used this option must
+precede any B<-algorithm>, B<-paramfile> or B<-pkeyopt> options.
=item B<-paramfile filename>
@@ -92,7 +105,7 @@ The options supported by each algorith and indeed each implementation of an
algorithm can vary. The options for the OpenSSL implementations are detailed
below.
-=head1 RSA KEY GENERATION OPTIONS
+=head2 RSA Key Generation Options
=over 4
@@ -107,48 +120,92 @@ hexadecimal value if preceded by B<0x>. Default value is 65537.
=back
-=head1 DSA PARAMETER GENERATION OPTIONS
+=head2 EC Key Generation Options
+
+The EC key generation options can also be used for parameter generation.
+
+=over 4
+
+=item B<ec_paramgen_curve:curve>
+
+The EC curve to use. OpenSSL supports NIST curve names such as "P-256".
+
+=item B<ec_param_enc:encoding>
+
+The encoding to use for parameters. The "encoding" parameter must be either
+"named_curve" or "explicit". The default value is "named_curve".
+
+=back
+
+=head1 PARAMETER GENERATION OPTIONS
+
+The options supported by each algorithm and indeed each implementation of an
+algorithm can vary. The options for the OpenSSL implementations are detailed
+below.
+
+=head2 DSA Parameter Generation Options
=over 4
=item B<dsa_paramgen_bits:numbits>
-The number of bits in the generated parameters. If not specified 1024 is used.
+The number of bits in the generated prime. If not specified 1024 is used.
+
+=item B<dsa_paramgen_q_bits:numbits>
+
+The number of bits in the q parameter. Must be one of 160, 224 or 256. If not
+specified 160 is used.
+
+=item B<dsa_paramgen_md:digest>
+
+The digest to use during parameter generation. Must be one of B<sha1>, B<sha224>
+or B<sha256>. If set, then the number of bits in B<q> will match the output size
+of the specified digest and the B<dsa_paramgen_q_bits> parameter will be
+ignored. If not set, then a digest will be used that gives an output matching
+the number of bits in B<q>, i.e. B<sha1> if q length is 160, B<sha224> if it 224
+or B<sha256> if it is 256.
=back
-=head1 DH PARAMETER GENERATION OPTIONS
+=head2 DH Parameter Generation Options
=over 4
=item B<dh_paramgen_prime_len:numbits>
-The number of bits in the prime parameter B<p>.
+The number of bits in the prime parameter B<p>. The default is 1024.
+
+=item B<dh_paramgen_subprime_len:numbits>
+
+The number of bits in the sub prime parameter B<q>. The default is 256 if the
+prime is at least 2048 bits long or 160 otherwise. Only relevant if used in
+conjunction with the B<dh_paramgen_type> option to generate X9.42 DH parameters.
=item B<dh_paramgen_generator:value>
-The value to use for the generator B<g>.
+The value to use for the generator B<g>. The default is 2.
+
+=item B<dh_paramgen_type:value>
+
+The type of DH parameters to generate. Use 0 for PKCS#3 DH and 1 for X9.42 DH.
+The default is 0.
=item B<dh_rfc5114:num>
-If this option is set then the appropriate RFC5114 parameters are used
+If this option is set, then the appropriate RFC5114 parameters are used
instead of generating new parameters. The value B<num> can take the
values 1, 2 or 3 corresponding to RFC5114 DH parameters consisting of
1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup
and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections
-2.1, 2.2 and 2.3 respectively.
+2.1, 2.2 and 2.3 respectively. If present this overrides all other DH parameter
+options.
=back
-=head1 EC PARAMETER GENERATION OPTIONS
-
-=over 4
-
-=item B<ec_paramgen_curve:curve>
-
-the EC curve to use.
+=head2 EC Parameter Generation Options
-=back
+The EC parameter generation options are the same as for key generation. See
+L<EC Key Generation Options> above.
=head1 GOST2001 KEY GENERATION AND PARAMETER OPTIONS
@@ -179,8 +236,6 @@ numeric OID. Following parameter sets are supported:
=back
-
-
=head1 NOTES
The use of the genpkey program is encouraged over the algorithm specific
@@ -202,19 +257,25 @@ Generate a 2048 bit RSA key using 3 as the public exponent:
openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 \
-pkeyopt rsa_keygen_pubexp:3
-Generate 1024 bit DSA parameters:
+Generate 2048 bit DSA parameters:
openssl genpkey -genparam -algorithm DSA -out dsap.pem \
- -pkeyopt dsa_paramgen_bits:1024
+ -pkeyopt dsa_paramgen_bits:2048
Generate DSA key from parameters:
openssl genpkey -paramfile dsap.pem -out dsakey.pem
-Generate 1024 bit DH parameters:
+Generate 2048 bit DH parameters:
openssl genpkey -genparam -algorithm DH -out dhp.pem \
- -pkeyopt dh_paramgen_prime_len:1024
+ -pkeyopt dh_paramgen_prime_len:2048
+
+Generate 2048 bit X9.42 DH parameters:
+
+ openssl genpkey -genparam -algorithm DH -out dhpx.pem \
+ -pkeyopt dh_paramgen_prime_len:2048 \
+ -pkeyopt dh_paramgen_type:1
Output RFC5114 2048 bit DH parameters with 224 bit subgroup:
@@ -224,6 +285,16 @@ Generate DH key from parameters:
openssl genpkey -paramfile dhp.pem -out dhkey.pem
+Generate EC key directly:
+
+ openssl genpkey -algorithm EC -out eckey.pem \
+ -pkeyopt ec_paramgen_curve:P-384 \
+ -pkeyopt ec_param_enc:named_curve
+
+=head1 HISTORY
+
+The ability to use NIST curve names, and to generate an EC key directly,
+were added in OpenSSL 1.0.2.
=cut
diff --git a/crypto/openssl/doc/apps/s_client.pod b/crypto/openssl/doc/apps/s_client.pod
index d2cad29d218b..77cc0718ec4a 100644
--- a/crypto/openssl/doc/apps/s_client.pod
+++ b/crypto/openssl/doc/apps/s_client.pod
@@ -141,8 +141,9 @@ pauses 1 second between each read and write call.
=item B<-showcerts>
-display the whole server certificate chain: normally only the server
-certificate itself is displayed.
+Displays the server certificate list as sent by the server: it only consists of
+certificates the server has sent (in the order the server has sent them). It is
+B<not> a verified chain.
=item B<-prexit>
@@ -354,7 +355,8 @@ a client certificate. Therefor merely including a client certificate
on the command line is no guarantee that the certificate works.
If there are problems verifying a server certificate then the
-B<-showcerts> option can be used to show the whole chain.
+B<-showcerts> option can be used to show all the certificates sent by the
+server.
Since the SSLv23 client hello cannot include compression methods or extensions
these will only be supported if its use is disabled, for example by using the
diff --git a/crypto/openssl/doc/crypto/BIO_s_fd.pod b/crypto/openssl/doc/crypto/BIO_s_fd.pod
index b1de1d101549..2830134a682f 100644
--- a/crypto/openssl/doc/crypto/BIO_s_fd.pod
+++ b/crypto/openssl/doc/crypto/BIO_s_fd.pod
@@ -60,7 +60,7 @@ BIO_s_fd() returns the file descriptor BIO method.
BIO_reset() returns zero for success and -1 if an error occurred.
BIO_seek() and BIO_tell() return the current file position or -1
-is an error occurred. These values reflect the underlying lseek()
+if an error occurred. These values reflect the underlying lseek()
behaviour.
BIO_set_fd() always returns 1.
diff --git a/crypto/openssl/doc/crypto/BN_add.pod b/crypto/openssl/doc/crypto/BN_add.pod
index 88c7a799eea5..02e548641663 100644
--- a/crypto/openssl/doc/crypto/BN_add.pod
+++ b/crypto/openssl/doc/crypto/BN_add.pod
@@ -91,7 +91,9 @@ BN_exp() raises I<a> to the I<p>-th power and places the result in I<r>
BN_mul().
BN_mod_exp() computes I<a> to the I<p>-th power modulo I<m> (C<r=a^p %
-m>). This function uses less time and space than BN_exp().
+m>). This function uses less time and space than BN_exp(). Do not call this
+function when B<m> is even and any of the parameters have the
+B<BN_FLG_CONSTTIME> flag set.
BN_gcd() computes the greatest common divisor of I<a> and I<b> and
places the result in I<r>. I<r> may be the same B<BIGNUM> as I<a> or
diff --git a/crypto/openssl/doc/crypto/BN_bn2bin.pod b/crypto/openssl/doc/crypto/BN_bn2bin.pod
index f6bb484f902f..075aec37fac2 100644
--- a/crypto/openssl/doc/crypto/BN_bn2bin.pod
+++ b/crypto/openssl/doc/crypto/BN_bn2bin.pod
@@ -39,8 +39,8 @@ numbers, the string is prefaced with a leading '-'. The string must be
freed later using OPENSSL_free().
BN_hex2bn() converts the string B<str> containing a hexadecimal number
-to a B<BIGNUM> and stores it in **B<bn>. If *B<bn> is NULL, a new
-B<BIGNUM> is created. If B<bn> is NULL, it only computes the number's
+to a B<BIGNUM> and stores it in **B<a>. If *B<a> is NULL, a new
+B<BIGNUM> is created. If B<a> is NULL, it only computes the number's
length in hexadecimal digits. If the string starts with '-', the
number is negative.
A "negative zero" is converted to zero.
diff --git a/crypto/openssl/doc/crypto/BN_generate_prime.pod b/crypto/openssl/doc/crypto/BN_generate_prime.pod
index bf1b5308adab..003d12394045 100644
--- a/crypto/openssl/doc/crypto/BN_generate_prime.pod
+++ b/crypto/openssl/doc/crypto/BN_generate_prime.pod
@@ -90,7 +90,17 @@ If B<do_trial_division == 0>, this test is skipped.
Both BN_is_prime_ex() and BN_is_prime_fasttest_ex() perform a Miller-Rabin
probabilistic primality test with B<nchecks> iterations. If
B<nchecks == BN_prime_checks>, a number of iterations is used that
-yields a false positive rate of at most 2^-80 for random input.
+yields a false positive rate of at most 2^-64 for random input.
+The error rate depends on the size of the prime and goes down for bigger primes.
+The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bits, 2^-128 at 1080 bits,
+2^-192 at 3747 bits and 2^-256 at 6394 bits.
+
+When the source of the prime is not random or not trusted, the number
+of checks needs to be much higher to reach the same level of assurance:
+It should equal half of the targeted security level in bits (rounded up to the
+next integer if necessary).
+For instance, to reach the 128 bit security level, B<nchecks> should be set to
+64.
If B<cb> is not B<NULL>, B<BN_GENCB_call(cb, 1, j)> is called
after the j-th iteration (j = 0, 1, ...). B<ctx> is a
diff --git a/crypto/openssl/doc/crypto/CMS_encrypt.pod b/crypto/openssl/doc/crypto/CMS_encrypt.pod
index 1ee5b275ec82..88e44d44534a 100644
--- a/crypto/openssl/doc/crypto/CMS_encrypt.pod
+++ b/crypto/openssl/doc/crypto/CMS_encrypt.pod
@@ -18,9 +18,8 @@ B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags.
=head1 NOTES
-Only certificates carrying RSA keys are supported so the recipient certificates
-supplied to this function must all contain RSA public keys, though they do not
-have to be signed using the RSA algorithm.
+Only certificates carrying RSA, Diffie-Hellman or EC keys are supported by this
+function.
EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use
because most clients will support it.
diff --git a/crypto/openssl/doc/crypto/CMS_get0_SignerInfos.pod b/crypto/openssl/doc/crypto/CMS_get0_SignerInfos.pod
index b46c0e07ab3d..69fde8106247 100644
--- a/crypto/openssl/doc/crypto/CMS_get0_SignerInfos.pod
+++ b/crypto/openssl/doc/crypto/CMS_get0_SignerInfos.pod
@@ -51,7 +51,7 @@ CMS_SignerInfo_set1_signer_cert().
Once all signer certificates have been set CMS_verify() can be used.
-Although CMS_get0_SignerInfos() can return NULL is an error occur B<or> if
+Although CMS_get0_SignerInfos() can return NULL if an error occurs B<or> if
there are no signers this is not a problem in practice because the only
error which can occur is if the B<cms> structure is not of type signedData
due to application error.
diff --git a/crypto/openssl/doc/crypto/CMS_get1_ReceiptRequest.pod b/crypto/openssl/doc/crypto/CMS_get1_ReceiptRequest.pod
index f546376a1e68..7a483ecd5a57 100644
--- a/crypto/openssl/doc/crypto/CMS_get1_ReceiptRequest.pod
+++ b/crypto/openssl/doc/crypto/CMS_get1_ReceiptRequest.pod
@@ -48,7 +48,7 @@ CMS_verify().
CMS_ReceiptRequest_create0() returns a signed receipt request structure or
NULL if an error occurred.
-CMS_add1_ReceiptRequest() returns 1 for success or 0 is an error occurred.
+CMS_add1_ReceiptRequest() returns 1 for success or 0 if an error occurred.
CMS_get1_ReceiptRequest() returns 1 is a signed receipt request is found and
decoded. It returns 0 if a signed receipt request is not present and -1 if
diff --git a/crypto/openssl/doc/crypto/DSA_do_sign.pod b/crypto/openssl/doc/crypto/DSA_do_sign.pod
index 5dfc733b20e2..340d19524f81 100644
--- a/crypto/openssl/doc/crypto/DSA_do_sign.pod
+++ b/crypto/openssl/doc/crypto/DSA_do_sign.pod
@@ -20,8 +20,8 @@ digest B<dgst> using the private key B<dsa> and returns it in a
newly allocated B<DSA_SIG> structure.
L<DSA_sign_setup(3)|DSA_sign_setup(3)> may be used to precompute part
-of the signing operation in case signature generation is
-time-critical.
+of the signing operation for each signature in case signature generation
+is time-critical.
DSA_do_verify() verifies that the signature B<sig> matches a given
message digest B<dgst> of size B<len>. B<dsa> is the signer's public
diff --git a/crypto/openssl/doc/crypto/DSA_sign.pod b/crypto/openssl/doc/crypto/DSA_sign.pod
index 97389e8ec885..cd45ec542b21 100644
--- a/crypto/openssl/doc/crypto/DSA_sign.pod
+++ b/crypto/openssl/doc/crypto/DSA_sign.pod
@@ -31,6 +31,10 @@ in newly allocated B<BIGNUM>s at *B<kinvp> and *B<rp>, after freeing
the old ones unless *B<kinvp> and *B<rp> are NULL. These values may
be passed to DSA_sign() in B<dsa-E<gt>kinv> and B<dsa-E<gt>r>.
B<ctx> is a pre-allocated B<BN_CTX> or NULL.
+The precomputed values from DSA_sign_setup() B<MUST NOT be used> for
+more than one signature: using the same B<dsa-E<gt>kinv> and
+B<dsa-E<gt>r> pair twice under the same private key on different
+plaintexts will result in permanently exposing the DSA private key.
DSA_verify() verifies that the signature B<sigbuf> of size B<siglen>
matches a given message digest B<dgst> of size B<len>.
diff --git a/crypto/openssl/doc/crypto/OBJ_nid2obj.pod b/crypto/openssl/doc/crypto/OBJ_nid2obj.pod
index b8d289673dee..c870bd45637d 100644
--- a/crypto/openssl/doc/crypto/OBJ_nid2obj.pod
+++ b/crypto/openssl/doc/crypto/OBJ_nid2obj.pod
@@ -42,7 +42,7 @@ constants.
OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B<n> to
an ASN1_OBJECT structure, its long name and its short name respectively,
-or B<NULL> is an error occurred.
+or B<NULL> if an error occurred.
OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() return the corresponding NID
for the object B<o>, the long name <ln> or the short name <sn> respectively
diff --git a/crypto/openssl/doc/crypto/SMIME_read_PKCS7.pod b/crypto/openssl/doc/crypto/SMIME_read_PKCS7.pod
index 9d4671594180..7cdca1e73f8a 100644
--- a/crypto/openssl/doc/crypto/SMIME_read_PKCS7.pod
+++ b/crypto/openssl/doc/crypto/SMIME_read_PKCS7.pod
@@ -57,7 +57,7 @@ streaming single pass option should be available.
=head1 RETURN VALUES
SMIME_read_PKCS7() returns a valid B<PKCS7> structure or B<NULL>
-is an error occurred. The error can be obtained from ERR_get_error(3).
+if an error occurred. The error can be obtained from ERR_get_error(3).
=head1 SEE ALSO
diff --git a/crypto/openssl/doc/crypto/ecdsa.pod b/crypto/openssl/doc/crypto/ecdsa.pod
index 46c071b73308..5708d90674b7 100644
--- a/crypto/openssl/doc/crypto/ecdsa.pod
+++ b/crypto/openssl/doc/crypto/ecdsa.pod
@@ -112,6 +112,8 @@ using the public key B<eckey>.
=head1 RETURN VALUES
+ECDSA_SIG_new() returns NULL if the allocation fails.
+
ECDSA_size() returns the maximum length signature or 0 on error.
ECDSA_sign_setup() and ECDSA_sign() return 1 if successful or 0
diff --git a/crypto/openssl/doc/crypto/pem.pod b/crypto/openssl/doc/crypto/pem.pod
index 763eb6f53392..de9ecca648f8 100644
--- a/crypto/openssl/doc/crypto/pem.pod
+++ b/crypto/openssl/doc/crypto/pem.pod
@@ -342,7 +342,7 @@ for it twice) if B<rwflag> is 1. The B<u> parameter has the same
value as the B<u> parameter passed to the PEM routine. It allows
arbitrary data to be passed to the callback by the application
(for example a window handle in a GUI application). The callback
-B<must> return the number of characters in the passphrase or 0 if
+B<must> return the number of characters in the passphrase or -1 if
an error occurred.
=head1 EXAMPLES
@@ -354,84 +354,77 @@ Read a certificate in PEM format from a BIO:
X509 *x;
x = PEM_read_bio_X509(bp, NULL, 0, NULL);
- if (x == NULL)
- {
- /* Error */
- }
+ if (x == NULL) {
+ /* Error */
+ }
Alternative method:
X509 *x = NULL;
- if (!PEM_read_bio_X509(bp, &x, 0, NULL))
- {
- /* Error */
- }
+ if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
+ /* Error */
+ }
Write a certificate to a BIO:
- if (!PEM_write_bio_X509(bp, x))
- {
- /* Error */
- }
+ if (!PEM_write_bio_X509(bp, x)) {
+ /* Error */
+ }
Write an unencrypted private key to a FILE pointer:
- if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL))
- {
- /* Error */
- }
+ if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) {
+ /* Error */
+ }
Write a private key (using traditional format) to a BIO using
triple DES encryption, the pass phrase is prompted for:
- if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL))
- {
- /* Error */
- }
+ if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) {
+ /* Error */
+ }
Write a private key (using PKCS#8 format) to a BIO using triple
DES encryption, using the pass phrase "hello":
- if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello"))
- {
- /* Error */
- }
+ if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello")) {
+ /* Error */
+ }
Read a private key from a BIO using the pass phrase "hello":
key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello");
- if (key == NULL)
- {
- /* Error */
- }
+ if (key == NULL) {
+ /* Error */
+ }
Read a private key from a BIO using a pass phrase callback:
key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
- if (key == NULL)
- {
- /* Error */
- }
+ if (key == NULL) {
+ /* Error */
+ }
Skeleton pass phrase callback:
- int pass_cb(char *buf, int size, int rwflag, void *u);
- {
- int len;
- char *tmp;
- /* We'd probably do something else if 'rwflag' is 1 */
- printf("Enter pass phrase for \"%s\"\n", u);
-
- /* get pass phrase, length 'len' into 'tmp' */
- tmp = "hello";
- len = strlen(tmp);
-
- if (len <= 0) return 0;
- /* if too long, truncate */
- if (len > size) len = size;
- memcpy(buf, tmp, len);
- return len;
- }
+ int pass_cb(char *buf, int size, int rwflag, void *u)
+ {
+
+ /* We'd probably do something else if 'rwflag' is 1 */
+ printf("Enter pass phrase for \"%s\"\n", u);
+
+ /* get pass phrase, length 'len' into 'tmp' */
+ char *tmp = "hello";
+ if (tmp == NULL) /* An error occurred */
+ return -1;
+
+ size_t len = strlen(tmp);
+
+ if (len > size)
+ len = size;
+ memcpy(buf, tmp, len);
+ return len;
+ }
=head1 NOTES
diff --git a/crypto/openssl/doc/fingerprints.txt b/crypto/openssl/doc/fingerprints.txt
index 373e90d0a1e7..2cb74aec2778 100644
--- a/crypto/openssl/doc/fingerprints.txt
+++ b/crypto/openssl/doc/fingerprints.txt
@@ -1,63 +1,24 @@
- Fingerprints
+Fingerprints for Signing Releases
-OpenSSL releases are signed with PGP/GnuPG keys. You can find the
-signatures in separate files in the same location you find the
-distributions themselves. The normal file name is the same as the
-distribution file, with '.asc' added. For example, the signature for
-the distribution of OpenSSL 1.0.1h, openssl-1.0.1h.tar.gz, is found in
-the file openssl-1.0.1h.tar.gz.asc.
+OpenSSL releases are signed with PGP/GnuPG keys. This file contains
+the fingerprints of team members who are "authorized" to sign the
+next release.
+
+The signature is a detached cleartxt signature, with the same name
+as the release but with ".asc" appended. For example, release
+1.0.1h can be found in openssl-1.0.1h.tar.gz with the signature
+in the file named openssl-1.0.1h.tar.gz.asc.
The following is the list of fingerprints for the keys that are
currently in use to sign OpenSSL distributions:
-pub 1024D/F709453B 2003-10-20
- Key fingerprint = C4CA B749 C34F 7F4C C04F DAC9 A7AF 9E78 F709 453B
-uid Richard Levitte <richard@levitte.org>
+pub 4096R/7DF9EE8C 2014-10-04
+ Key fingerprint = 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C
+uid Richard Levitte <richard@opensslfoundation.com>
uid Richard Levitte <levitte@openssl.org>
-uid Richard Levitte <levitte@lp.se>
-
-pub 2048R/F295C759 1998-12-13
- Key fingerprint = D0 5D 8C 61 6E 27 E6 60 41 EC B1 B8 D5 7E E5 97
-uid Dr S N Henson <shenson@drh-consultancy.demon.co.uk>
-
-pub 4096R/FA40E9E2 2005-03-19
- Key fingerprint = 6260 5AA4 334A F9F0 DDE5 D349 D357 7507 FA40 E9E2
-uid Dr Stephen Henson <shenson@opensslfoundation.com>
-uid Dr Stephen Henson <shenson@drh-consultancy.co.uk>
-uid Dr Stephen N Henson <steve@openssl.org>
-sub 4096R/8811F530 2005-03-19
-
-pub 1024R/49A563D9 1997-02-24
- Key fingerprint = 7B 79 19 FA 71 6B 87 25 0E 77 21 E5 52 D9 83 BF
-uid Mark Cox <mjc@redhat.com>
-uid Mark Cox <mark@awe.com>
-uid Mark Cox <mjc@apache.org>
-
-pub 1024R/9C58A66D 1997-04-03
- Key fingerprint = 13 D0 B8 9D 37 30 C3 ED AC 9C 24 7D 45 8C 17 67
-uid jaenicke@openssl.org
-uid Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
-
-pub 1024D/2118CF83 1998-07-13
- Key fingerprint = 7656 55DE 62E3 96FF 2587 EB6C 4F6D E156 2118 CF83
-uid Ben Laurie <ben@thebunker.net>
-uid Ben Laurie <ben@cryptix.org>
-uid Ben Laurie <ben@algroup.co.uk>
-sub 4096g/1F5143E7 1998-07-13
-
-pub 1024R/5A6A9B85 1994-03-22
- Key fingerprint = C7 AC 7E AD 56 6A 65 EC F6 16 66 83 7E 86 68 28
-uid Bodo Moeller <2005@bmoeller.de>
-uid Bodo Moeller <2003@bmoeller.de>
-uid Bodo Moeller <2004@bmoeller.de>
-uid Bodo Moeller <bmoeller@acm.org>
-uid Bodo Moeller <bodo@openssl.org>
-uid Bodo Moeller <bm@ulf.mali.sub.org>
-uid Bodo Moeller <3moeller@informatik.uni-hamburg.de>
-uid Bodo Moeller <Bodo_Moeller@public.uni-hamburg.de>
-uid Bodo Moeller <3moeller@rzdspc5.informatik.uni-hamburg.de>
+uid Richard Levitte <richard@openssl.com>
pub 2048R/0E604491 2013-04-30
Key fingerprint = 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491
+uid Matt Caswell <matt@openssl.org>
uid Matt Caswell <frodo@baggins.org>
-
diff --git a/crypto/openssl/doc/man3/X509_cmp_time.pod b/crypto/openssl/doc/man3/X509_cmp_time.pod
new file mode 100644
index 000000000000..5bf51114511a
--- /dev/null
+++ b/crypto/openssl/doc/man3/X509_cmp_time.pod
@@ -0,0 +1,39 @@
+=pod
+
+=head1 NAME
+
+X509_cmp_time - X509 time functions
+
+=head1 SYNOPSIS
+
+ X509_cmp_time(const ASN1_TIME *asn1_time, time_t *cmp_time);
+
+=head1 DESCRIPTION
+
+X509_cmp_time() compares the ASN1_TIME in B<asn1_time> with the time in
+<cmp_time>.
+
+B<asn1_time> must satisfy the ASN1_TIME format mandated by RFC 5280, i.e.,
+its format must be either YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ.
+
+If B<cmp_time> is NULL the current time is used.
+
+=head1 BUGS
+
+Unlike many standard comparison functions, X509_cmp_time returns 0 on error.
+
+=head1 RETURN VALUES
+
+X509_cmp_time() returns -1 if B<asn1_time> is earlier than, or equal to,
+B<cmp_time>, and 1 otherwise. It returns 0 on error.
+
+=head1 COPYRIGHT
+
+Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod b/crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod
index 80321b8580e3..800423e7de74 100644
--- a/crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod
+++ b/crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod
@@ -142,6 +142,13 @@ L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>.
of view, it however does not make sense as the data in the certificate
is considered public anyway.)
+All of the functions to set a new certificate will replace any existing
+certificate of the same type that has already been set. Similarly all of the
+functions to set a new private key will replace any private key that has already
+been set. Applications should call L<SSL_CTX_check_private_key(3)> or
+L<SSL_check_private_key(3)> as appropriate after loading a new certificate and
+private key to confirm that the certificate and key match.
+
=head1 RETURN VALUES
On success, the functions return 1.
diff --git a/crypto/openssl/doc/ssl/SSL_get_ciphers.pod b/crypto/openssl/doc/ssl/SSL_get_ciphers.pod
index aecadd9138f0..7697d2791715 100644
--- a/crypto/openssl/doc/ssl/SSL_get_ciphers.pod
+++ b/crypto/openssl/doc/ssl/SSL_get_ciphers.pod
@@ -2,7 +2,10 @@
=head1 NAME
-SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs
+SSL_get_ciphers,
+SSL_get_cipher_list,
+SSL_get_shared_ciphers
+- get list of available SSL_CIPHERs
=head1 SYNOPSIS
@@ -10,6 +13,7 @@ SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs
STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl);
const char *SSL_get_cipher_list(const SSL *ssl, int priority);
+ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size);
=head1 DESCRIPTION
@@ -22,6 +26,19 @@ listed for B<ssl> with B<priority>. If B<ssl> is NULL, no ciphers are
available, or there are less ciphers than B<priority> available, NULL
is returned.
+SSL_get_shared_ciphers() creates a colon separated and NUL terminated list of
+SSL_CIPHER names that are available in both the client and the server. B<buf> is
+the buffer that should be populated with the list of names and B<size> is the
+size of that buffer. A pointer to B<buf> is returned on success or NULL on
+error. If the supplied buffer is not large enough to contain the complete list
+of names then a truncated list of names will be returned. Note that just because
+a ciphersuite is available (i.e. it is configured in the cipher list) and shared
+by both the client and the server it does not mean that it is enabled (for
+example some ciphers may not be usable by a server if there is not a suitable
+certificate configured). This function will return available shared ciphersuites
+whether or not they are enabled. This is a server side function only and must
+only be called after the completion of the initial handshake.
+
=head1 NOTES
The details of the ciphers obtained by SSL_get_ciphers() can be obtained using
diff --git a/crypto/openssl/doc/ssl/SSL_get_session.pod b/crypto/openssl/doc/ssl/SSL_get_session.pod
index 0c41caa922ab..921d31696c33 100644
--- a/crypto/openssl/doc/ssl/SSL_get_session.pod
+++ b/crypto/openssl/doc/ssl/SSL_get_session.pod
@@ -28,6 +28,11 @@ count of the B<SSL_SESSION> is incremented by one.
The ssl session contains all information required to re-establish the
connection without a new handshake.
+A session will be automatically removed from the session cache and marked as
+non-resumable if the connection is not closed down cleanly, e.g. if a fatal
+error occurs on the connection or L<SSL_shutdown(3)> is not called prior to
+L<SSL_free(3)>.
+
SSL_get0_session() returns a pointer to the actual session. As the
reference counter is not incremented, the pointer is only valid while
the connection is in use. If L<SSL_clear(3)|SSL_clear(3)> or
diff --git a/crypto/openssl/doc/ssl/SSL_get_version.pod b/crypto/openssl/doc/ssl/SSL_get_version.pod
index 9ae6f2550858..f0c696c90c17 100644
--- a/crypto/openssl/doc/ssl/SSL_get_version.pod
+++ b/crypto/openssl/doc/ssl/SSL_get_version.pod
@@ -13,7 +13,9 @@ SSL_get_version - get the protocol version of a connection.
=head1 DESCRIPTION
SSL_get_version() returns the name of the protocol used for the
-connection B<ssl>.
+connection B<ssl>. It should only be called after the initial handshake has been
+completed. Prior to that the results returned from this function may be
+unreliable.
=head1 RETURN VALUES
@@ -43,7 +45,7 @@ The connection uses the TLSv1.2 protocol.
=item unknown
-This indicates that no version has been set (no connection established).
+This indicates an unknown protocol version.
=back
diff --git a/crypto/openssl/doc/ssl/ssl.pod b/crypto/openssl/doc/ssl/ssl.pod
index 70cca178a204..5408d61b3176 100644
--- a/crypto/openssl/doc/ssl/ssl.pod
+++ b/crypto/openssl/doc/ssl/ssl.pod
@@ -572,7 +572,7 @@ connection defined in the B<SSL> structure.
=item SSL_SESSION *B<SSL_get_session>(const SSL *ssl);
-=item char *B<SSL_get_shared_ciphers>(const SSL *ssl, char *buf, int len);
+=item char *B<SSL_get_shared_ciphers>(const SSL *ssl, char *buf, int size);
=item int B<SSL_get_shutdown>(const SSL *ssl);
diff --git a/crypto/openssl/ssl/d1_both.c b/crypto/openssl/ssl/d1_both.c
index e6bc761e8bf2..8888beddc0ac 100644
--- a/crypto/openssl/ssl/d1_both.c
+++ b/crypto/openssl/ssl/d1_both.c
@@ -4,7 +4,7 @@
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
*/
/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -656,7 +656,8 @@ static int dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
al = dtls1_preprocess_fragment(s, &frag->msg_header, max);
- if (al == 0) { /* no alert */
+ /* al will be 0 if no alert */
+ if (al == 0 && frag->msg_header.frag_len > 0) {
unsigned char *p =
(unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
memcpy(&p[frag->msg_header.frag_off], frag->fragment,
diff --git a/crypto/openssl/ssl/s3_lib.c b/crypto/openssl/ssl/s3_lib.c
index 7e27dae35b0c..10c6db683b6e 100644
--- a/crypto/openssl/ssl/s3_lib.c
+++ b/crypto/openssl/ssl/s3_lib.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -4228,8 +4228,13 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
#ifndef OPENSSL_NO_ECDSA
int have_ecdsa_sign = 0;
#endif
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
int nostrict = 1;
+#endif
+#if !defined(OPENSSL_NO_GOST) || !defined(OPENSSL_NO_DH) || \
+ !defined(OPENSSL_NO_ECDH)
unsigned long alg_k;
+#endif
/* If we have custom certificate types set, use them */
if (s->cert->ctypes) {
@@ -4238,8 +4243,10 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
}
/* get configured sigalgs */
siglen = tls12_get_psigalgs(s, 1, &sig);
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
nostrict = 0;
+#endif
for (i = 0; i < siglen; i += 2, sig += 2) {
switch (sig[1]) {
case TLSEXT_signature_rsa:
@@ -4257,7 +4264,10 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
}
}
+#if !defined(OPENSSL_NO_GOST) || !defined(OPENSSL_NO_DH) || \
+ !defined(OPENSSL_NO_ECDH)
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+#endif
#ifndef OPENSSL_NO_GOST
if (s->version >= TLS1_VERSION) {
diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c
index 96d973cd02bb..70340181bf99 100644
--- a/crypto/openssl/ssl/s3_srvr.c
+++ b/crypto/openssl/ssl/s3_srvr.c
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -1959,11 +1959,12 @@ int ssl3_send_server_key_exchange(SSL *s)
#ifndef OPENSSL_NO_PSK
if (type & SSL_kPSK) {
+ size_t len = strlen(s->ctx->psk_identity_hint);
+
/* copy PSK identity hint */
- s2n(strlen(s->ctx->psk_identity_hint), p);
- strncpy((char *)p, s->ctx->psk_identity_hint,
- strlen(s->ctx->psk_identity_hint));
- p += strlen(s->ctx->psk_identity_hint);
+ s2n(len, p);
+ memcpy(p, s->ctx->psk_identity_hint, len);
+ p += len;
}
#endif
@@ -2090,6 +2091,11 @@ int ssl3_send_certificate_request(SSL *s)
if (SSL_USE_SIGALGS(s)) {
const unsigned char *psigs;
nl = tls12_get_psigalgs(s, 1, &psigs);
+ if (nl > SSL_MAX_2_BYTE_LEN) {
+ SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
+ SSL_R_LENGTH_TOO_LONG);
+ goto err;
+ }
s2n(nl, p);
memcpy(p, psigs, nl);
p += nl;
@@ -2106,6 +2112,11 @@ int ssl3_send_certificate_request(SSL *s)
for (i = 0; i < sk_X509_NAME_num(sk); i++) {
name = sk_X509_NAME_value(sk, i);
j = i2d_X509_NAME(name, NULL);
+ if (j > SSL_MAX_2_BYTE_LEN) {
+ SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
+ SSL_R_LENGTH_TOO_LONG);
+ goto err;
+ }
if (!BUF_MEM_grow_clean
(buf, SSL_HM_HEADER_LENGTH(s) + n + j + 2)) {
SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
@@ -2127,6 +2138,11 @@ int ssl3_send_certificate_request(SSL *s)
n += j;
nl += j;
}
+ if (nl > SSL_MAX_2_BYTE_LEN) {
+ SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
+ SSL_R_LENGTH_TOO_LONG);
+ goto err;
+ }
}
}
/* else no CA names */
diff --git a/crypto/openssl/ssl/ssl.h b/crypto/openssl/ssl/ssl.h
index 3cf96a239bab..4bc1f4e60b8b 100644
--- a/crypto/openssl/ssl/ssl.h
+++ b/crypto/openssl/ssl/ssl.h
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -548,7 +548,7 @@ struct ssl_session_st {
const SSL_CIPHER *cipher;
unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used
* to load the 'cipher' structure */
- STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
+ STACK_OF(SSL_CIPHER) *ciphers; /* ciphers offered by the client */
CRYPTO_EX_DATA ex_data; /* application specific data */
/*
* These are used to make removal of session-ids more efficient and to
@@ -2149,7 +2149,7 @@ int SSL_get_fd(const SSL *s);
int SSL_get_rfd(const SSL *s);
int SSL_get_wfd(const SSL *s);
const char *SSL_get_cipher_list(const SSL *s, int n);
-char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
+char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size);
int SSL_get_read_ahead(const SSL *s);
int SSL_pending(const SSL *s);
# ifndef OPENSSL_NO_SOCK
@@ -2954,6 +2954,7 @@ void ERR_load_SSL_strings(void);
# define SSL_R_KRB5_S_TKT_NYV 294
# define SSL_R_KRB5_S_TKT_SKEW 295
# define SSL_R_LENGTH_MISMATCH 159
+# define SSL_R_LENGTH_TOO_LONG 404
# define SSL_R_LENGTH_TOO_SHORT 160
# define SSL_R_LIBRARY_BUG 274
# define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c
index 3a6c1b14d4a5..aa0cbdb98720 100644
--- a/crypto/openssl/ssl/ssl_lib.c
+++ b/crypto/openssl/ssl/ssl_lib.c
@@ -58,7 +58,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -1404,28 +1404,37 @@ int SSL_set_cipher_list(SSL *s, const char *str)
}
/* works well for SSLv2, not so good for SSLv3 */
-char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
+char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
{
char *p;
- STACK_OF(SSL_CIPHER) *sk;
+ STACK_OF(SSL_CIPHER) *clntsk, *srvrsk;
SSL_CIPHER *c;
int i;
- if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2))
- return (NULL);
+ if (!s->server
+ || s->session == NULL
+ || s->session->ciphers == NULL
+ || size < 2)
+ return NULL;
p = buf;
- sk = s->session->ciphers;
+ clntsk = s->session->ciphers;
+ srvrsk = SSL_get_ciphers(s);
+ if (clntsk == NULL || srvrsk == NULL)
+ return NULL;
- if (sk_SSL_CIPHER_num(sk) == 0)
+ if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0)
return NULL;
- for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+ for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) {
int n;
- c = sk_SSL_CIPHER_value(sk, i);
+ c = sk_SSL_CIPHER_value(clntsk, i);
+ if (sk_SSL_CIPHER_find(srvrsk, c) < 0)
+ continue;
+
n = strlen(c->name);
- if (n + 1 > len) {
+ if (n + 1 > size) {
if (p != buf)
--p;
*p = '\0';
@@ -1434,7 +1443,7 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
strcpy(p, c->name);
p += n;
*(p++) = ':';
- len -= n + 1;
+ size -= n + 1;
}
p[-1] = '\0';
return (buf);
diff --git a/crypto/openssl/ssl/ssl_locl.h b/crypto/openssl/ssl/ssl_locl.h
index aeffc0063471..43789ad757d5 100644
--- a/crypto/openssl/ssl/ssl_locl.h
+++ b/crypto/openssl/ssl/ssl_locl.h
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -259,6 +259,8 @@
c[1]=(unsigned char)(((l)>> 8)&0xff), \
c[2]=(unsigned char)(((l) )&0xff)),c+=3)
+# define SSL_MAX_2_BYTE_LEN (0xffff)
+
/* LOCAL STUFF */
# define SSL_DECRYPT 0
diff --git a/crypto/openssl/ssl/t1_lib.c b/crypto/openssl/ssl/t1_lib.c
index 75c2f4154dfe..8cb8816f9b13 100644
--- a/crypto/openssl/ssl/t1_lib.c
+++ b/crypto/openssl/ssl/t1_lib.c
@@ -2408,8 +2408,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
goto err;
if (!tls1_save_sigalgs(s, data, dsize))
goto err;
- } else if (type == TLSEXT_TYPE_status_request) {
-
+ } else if (type == TLSEXT_TYPE_status_request && !s->hit) {
if (size < 5)
goto err;
@@ -3166,7 +3165,7 @@ int tls1_set_server_sigalgs(SSL *s)
if (!s->cert->shared_sigalgs) {
SSLerr(SSL_F_TLS1_SET_SERVER_SIGALGS,
SSL_R_NO_SHARED_SIGATURE_ALGORITHMS);
- al = SSL_AD_ILLEGAL_PARAMETER;
+ al = SSL_AD_HANDSHAKE_FAILURE;
goto err;
}
} else
diff --git a/crypto/openssl/ssl/t1_trce.c b/crypto/openssl/ssl/t1_trce.c
index dc62df8f94cf..3e6194a5356c 100644
--- a/crypto/openssl/ssl/t1_trce.c
+++ b/crypto/openssl/ssl/t1_trce.c
@@ -4,7 +4,7 @@
* project.
*/
/* ====================================================================
- * Copyright (c) 2012 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2012-2018 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -645,6 +645,8 @@ static int ssl_print_extensions(BIO *bio, int indent, int server,
BIO_puts(bio, "No Extensions\n");
return 1;
}
+ if (msglen < 2)
+ return 0;
extslen = (msg[0] << 8) | msg[1];
if (extslen != msglen - 2)
return 0;
@@ -1021,6 +1023,8 @@ static int ssl_print_cert_request(BIO *bio, int indent, SSL *s,
msglen -= xlen + 2;
skip_sig:
+ if (msglen < 2)
+ return 0;
xlen = (msg[0] << 8) | msg[1];
BIO_indent(bio, indent, 80);
if (msglen < xlen + 2)
@@ -1209,7 +1213,15 @@ void SSL_trace(int write_p, int version, int content_type,
switch (content_type) {
case SSL3_RT_HEADER:
{
- int hvers = msg[1] << 8 | msg[2];
+ int hvers;
+
+ /* avoid overlapping with length at the end of buffer */
+ if (msglen < (SSL_IS_DTLS(ssl) ? 13 : 5)) {
+ BIO_puts(bio, write_p ? "Sent" : "Received");
+ ssl_print_hex(bio, 0, " too short message", msg, msglen);
+ break;
+ }
+ hvers = msg[1] << 8 | msg[2];
BIO_puts(bio, write_p ? "Sent" : "Received");
BIO_printf(bio, " Record\nHeader:\n Version = %s (0x%x)\n",
ssl_trace_str(hvers, ssl_version_tbl), hvers);
diff --git a/crypto/openssl/util/domd b/crypto/openssl/util/domd
index 5a92559c9b7a..6eb019ea1672 100755
--- a/crypto/openssl/util/domd
+++ b/crypto/openssl/util/domd
@@ -6,7 +6,11 @@ TOP=$1
shift
if [ "$1" = "-MD" ]; then
shift
- MAKEDEPEND=$1
+ MAKEDEPEND=""
+ while [ "$1" != "--" ]; do
+ MAKEDEPEND="$MAKEDEPEND $1"
+ shift
+ done
shift
fi
if [ "$MAKEDEPEND" = "" ]; then MAKEDEPEND=makedepend; fi
@@ -16,8 +20,11 @@ mv Makefile Makefile.save
cp Makefile.save Makefile
# fake the presence of Kerberos
touch $TOP/krb5.h
-if ${MAKEDEPEND} --version 2>&1 | grep "clang" > /dev/null ||
- echo $MAKEDEPEND | grep "gcc" > /dev/null; then
+if expr "$MAKEDEPEND" : ".*makedepend" > /dev/null; then
+ ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND $@ && \
+ ${PERL} $TOP/util/clean-depend.pl < Makefile > Makefile.new
+ RC=$?
+else
args=""
while [ $# -gt 0 ]; do
if [ "$1" != "--" ]; then args="$args $1"; fi
@@ -29,10 +36,6 @@ if ${MAKEDEPEND} --version 2>&1 | grep "clang" > /dev/null ||
${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new
RC=$?
rm -f Makefile.tmp
-else
- ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND $@ && \
- ${PERL} $TOP/util/clean-depend.pl < Makefile > Makefile.new
- RC=$?
fi
if cmp -s Makefile.save Makefile.new; then
mv Makefile.save Makefile
diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc
index 9d9acc8c6bee..546ded6169fd 100644
--- a/secure/lib/libcrypto/Makefile.inc
+++ b/secure/lib/libcrypto/Makefile.inc
@@ -3,8 +3,8 @@
.include <bsd.own.mk>
# OpenSSL version used for manual page generation
-OPENSSL_VER= 1.0.2o
-OPENSSL_DATE= 2018-03-27
+OPENSSL_VER= 1.0.2p
+OPENSSL_DATE= 2018-08-14
LCRYPTO_SRC= ${SRCTOP}/crypto/openssl
LCRYPTO_DOC= ${LCRYPTO_SRC}/doc
@@ -64,6 +64,9 @@ MANDIR= ${SHAREDIR}/openssl/man/man
.if defined(LIB)
_docs= ${LIB}
+.if ${LIB} == crypto
+_docs+= man3
+.endif
_skip= SSLeay_version des_modes
_sec= 3
.else
diff --git a/secure/lib/libcrypto/Makefile.man b/secure/lib/libcrypto/Makefile.man
index 4ad0b080b410..9ba3c279cba8 100644
--- a/secure/lib/libcrypto/Makefile.man
+++ b/secure/lib/libcrypto/Makefile.man
@@ -174,6 +174,7 @@ MAN+= X509_STORE_set_verify_cb_func.3
MAN+= X509_VERIFY_PARAM_set_flags.3
MAN+= X509_check_host.3
MAN+= X509_check_private_key.3
+MAN+= X509_cmp_time.3
MAN+= X509_new.3
MAN+= X509_verify_cert.3
MAN+= bio.3
diff --git a/secure/lib/libcrypto/amd64/x86_64-mont.S b/secure/lib/libcrypto/amd64/x86_64-mont.S
index 261bd1e54f9f..a27bdac68b8c 100644
--- a/secure/lib/libcrypto/amd64/x86_64-mont.S
+++ b/secure/lib/libcrypto/amd64/x86_64-mont.S
@@ -197,30 +197,30 @@ bn_mul_mont:
xorq %r14,%r14
movq (%rsp),%rax
- leaq (%rsp),%rsi
movq %r9,%r15
- jmp .Lsub
+
.align 16
.Lsub: sbbq (%rcx,%r14,8),%rax
movq %rax,(%rdi,%r14,8)
- movq 8(%rsi,%r14,8),%rax
+ movq 8(%rsp,%r14,8),%rax
leaq 1(%r14),%r14
decq %r15
jnz .Lsub
sbbq $0,%rax
+ movq $-1,%rbx
+ xorq %rax,%rbx
xorq %r14,%r14
- andq %rax,%rsi
- notq %rax
- movq %rdi,%rcx
- andq %rax,%rcx
movq %r9,%r15
- orq %rcx,%rsi
-.align 16
+
.Lcopy:
- movq (%rsi,%r14,8),%rax
- movq %r14,(%rsp,%r14,8)
- movq %rax,(%rdi,%r14,8)
+ movq (%rdi,%r14,8),%rcx
+ movq (%rsp,%r14,8),%rdx
+ andq %rbx,%rcx
+ andq %rax,%rdx
+ movq %r9,(%rsp,%r14,8)
+ orq %rcx,%rdx
+ movq %rdx,(%rdi,%r14,8)
leaq 1(%r14),%r14
subq $1,%r15
jnz .Lcopy
@@ -574,10 +574,10 @@ bn_mul4x_mont:
cmpq %r9,%r14
jb .Louter4x
movq 16(%rsp,%r9,8),%rdi
+ leaq -4(%r9),%r15
movq 0(%rsp),%rax
- pxor %xmm0,%xmm0
movq 8(%rsp),%rdx
- shrq $2,%r9
+ shrq $2,%r15
leaq (%rsp),%rsi
xorq %r14,%r14
@@ -585,9 +585,7 @@ bn_mul4x_mont:
movq 16(%rsi),%rbx
movq 24(%rsi),%rbp
sbbq 8(%rcx),%rdx
- leaq -1(%r9),%r15
- jmp .Lsub4x
-.align 16
+
.Lsub4x:
movq %rax,0(%rdi,%r14,8)
movq %rdx,8(%rdi,%r14,8)
@@ -614,34 +612,35 @@ bn_mul4x_mont:
sbbq $0,%rax
movq %rbp,24(%rdi,%r14,8)
- xorq %r14,%r14
- andq %rax,%rsi
- notq %rax
- movq %rdi,%rcx
- andq %rax,%rcx
- leaq -1(%r9),%r15
- orq %rcx,%rsi
-
- movdqu (%rsi),%xmm1
- movdqa %xmm0,(%rsp)
- movdqu %xmm1,(%rdi)
+ pxor %xmm0,%xmm0
+.byte 102,72,15,110,224
+ pcmpeqd %xmm5,%xmm5
+ pshufd $0,%xmm4,%xmm4
+ movq %r9,%r15
+ pxor %xmm4,%xmm5
+ shrq $2,%r15
+ xorl %eax,%eax
+
jmp .Lcopy4x
.align 16
.Lcopy4x:
- movdqu 16(%rsi,%r14,1),%xmm2
- movdqu 32(%rsi,%r14,1),%xmm1
- movdqa %xmm0,16(%rsp,%r14,1)
- movdqu %xmm2,16(%rdi,%r14,1)
- movdqa %xmm0,32(%rsp,%r14,1)
- movdqu %xmm1,32(%rdi,%r14,1)
- leaq 32(%r14),%r14
+ movdqa (%rsp,%rax,1),%xmm1
+ movdqu (%rdi,%rax,1),%xmm2
+ pand %xmm4,%xmm1
+ pand %xmm5,%xmm2
+ movdqa 16(%rsp,%rax,1),%xmm3
+ movdqa %xmm0,(%rsp,%rax,1)
+ por %xmm2,%xmm1
+ movdqu 16(%rdi,%rax,1),%xmm2
+ movdqu %xmm1,(%rdi,%rax,1)
+ pand %xmm4,%xmm3
+ pand %xmm5,%xmm2
+ movdqa %xmm0,16(%rsp,%rax,1)
+ por %xmm2,%xmm3
+ movdqu %xmm3,16(%rdi,%rax,1)
+ leaq 32(%rax),%rax
decq %r15
jnz .Lcopy4x
-
- shlq $2,%r9
- movdqu 16(%rsi,%r14,1),%xmm2
- movdqa %xmm0,16(%rsp,%r14,1)
- movdqu %xmm2,16(%rdi,%r14,1)
movq 8(%rsp,%r9,8),%rsi
movq $1,%rax
movq -48(%rsi),%r15
diff --git a/secure/lib/libcrypto/amd64/x86_64-mont5.S b/secure/lib/libcrypto/amd64/x86_64-mont5.S
index f4a12d7d8a98..e7c566261ff9 100644
--- a/secure/lib/libcrypto/amd64/x86_64-mont5.S
+++ b/secure/lib/libcrypto/amd64/x86_64-mont5.S
@@ -393,18 +393,19 @@ bn_mul_mont_gather5:
jnz .Lsub
sbbq $0,%rax
+ movq $-1,%rbx
+ xorq %rax,%rbx
xorq %r14,%r14
- andq %rax,%rsi
- notq %rax
- movq %rdi,%rcx
- andq %rax,%rcx
movq %r9,%r15
- orq %rcx,%rsi
-.align 16
+
.Lcopy:
- movq (%rsi,%r14,8),%rax
+ movq (%rdi,%r14,8),%rcx
+ movq (%rsp,%r14,8),%rdx
+ andq %rbx,%rcx
+ andq %rax,%rdx
movq %r14,(%rsp,%r14,8)
- movq %rax,(%rdi,%r14,8)
+ orq %rcx,%rdx
+ movq %rdx,(%rdi,%r14,8)
leaq 1(%r14),%r14
subq $1,%r15
jnz .Lcopy
diff --git a/secure/lib/libcrypto/arm/armv4-mont.S b/secure/lib/libcrypto/arm/armv4-mont.S
index ccb9370fefca..e857b6857ff5 100644
--- a/secure/lib/libcrypto/arm/armv4-mont.S
+++ b/secure/lib/libcrypto/arm/armv4-mont.S
@@ -149,14 +149,15 @@ bn_mul_mont:
mov r4,sp @ "rewind" r4
sub r2,r2,r5 @ "rewind" r2
- and r1,r4,r14
- bic r3,r2,r14
- orr r1,r1,r3 @ ap=borrow?tp:rp
-
-.Lcopy: ldr r7,[r1],#4 @ copy or in-place refresh
+.Lcopy: ldr r7,[r4] @ conditional copy
+ ldr r5,[r2]
str sp,[r4],#4 @ zap tp
- str r7,[r2],#4
- cmp r4,r0
+#ifdef __thumb2__
+ it cc
+#endif
+ movcc r5,r7
+ str r5,[r2],#4
+ teq r4,r0 @ preserve carry
bne .Lcopy
add sp,r0,#4 @ skip over tp[num+1]
diff --git a/secure/lib/libcrypto/i386/x86-mont.S b/secure/lib/libcrypto/i386/x86-mont.S
index 11b2eb4de24c..dc1e2d9d69d8 100644
--- a/secure/lib/libcrypto/i386/x86-mont.S
+++ b/secure/lib/libcrypto/i386/x86-mont.S
@@ -448,16 +448,18 @@ bn_mul_mont:
leal 1(%edx),%edx
jge .L017sub
sbbl $0,%eax
- andl %eax,%esi
- notl %eax
- movl %edi,%ebp
- andl %eax,%ebp
- orl %ebp,%esi
+ movl $-1,%edx
+ xorl %eax,%edx
+ jmp .L018copy
.align 16
.L018copy:
- movl (%esi,%ebx,4),%eax
- movl %eax,(%edi,%ebx,4)
+ movl 32(%esp,%ebx,4),%esi
+ movl (%edi,%ebx,4),%ebp
movl %ecx,32(%esp,%ebx,4)
+ andl %eax,%esi
+ andl %edx,%ebp
+ orl %esi,%ebp
+ movl %ebp,(%edi,%ebx,4)
decl %ebx
jge .L018copy
movl 24(%esp),%esp
@@ -920,16 +922,18 @@ bn_mul_mont:
leal 1(%edx),%edx
jge .L016sub
sbbl $0,%eax
- andl %eax,%esi
- notl %eax
- movl %edi,%ebp
- andl %eax,%ebp
- orl %ebp,%esi
+ movl $-1,%edx
+ xorl %eax,%edx
+ jmp .L017copy
.align 16
.L017copy:
- movl (%esi,%ebx,4),%eax
- movl %eax,(%edi,%ebx,4)
+ movl 32(%esp,%ebx,4),%esi
+ movl (%edi,%ebx,4),%ebp
movl %ecx,32(%esp,%ebx,4)
+ andl %eax,%esi
+ andl %edx,%ebp
+ orl %esi,%ebp
+ movl %ebp,(%edi,%ebx,4)
decl %ebx
jge .L017copy
movl 24(%esp),%esp
diff --git a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
index 2bad64cf0c46..d43f1b2c89fd 100644
--- a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
+++ b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_OBJECT_new 3"
-.TH ASN1_OBJECT_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ASN1_OBJECT_new 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_length.3 b/secure/lib/libcrypto/man/ASN1_STRING_length.3
index 9174c28275bf..e5d15efe0fce 100644
--- a/secure/lib/libcrypto/man/ASN1_STRING_length.3
+++ b/secure/lib/libcrypto/man/ASN1_STRING_length.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_STRING_length 3"
-.TH ASN1_STRING_length 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ASN1_STRING_length 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/ASN1_STRING_new.3
index 66a35c7adf87..b4bac8a706f4 100644
--- a/secure/lib/libcrypto/man/ASN1_STRING_new.3
+++ b/secure/lib/libcrypto/man/ASN1_STRING_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_STRING_new 3"
-.TH ASN1_STRING_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ASN1_STRING_new 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
index 2cffedb1219a..76a6b29f6947 100644
--- a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
+++ b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_STRING_print_ex 3"
-.TH ASN1_STRING_print_ex 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ASN1_STRING_print_ex 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ASN1_TIME_set.3 b/secure/lib/libcrypto/man/ASN1_TIME_set.3
index 07c3bf544a6e..e9dc9c2b77e2 100644
--- a/secure/lib/libcrypto/man/ASN1_TIME_set.3
+++ b/secure/lib/libcrypto/man/ASN1_TIME_set.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_TIME_set 3"
-.TH ASN1_TIME_set 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ASN1_TIME_set 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -169,7 +169,7 @@ format (for example \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ\s0).
.PP
\&\fIASN1_TIME_check()\fR checks the syntax of \s-1ASN1_TIME\s0 structure \fBs\fR.
.PP
-\&\fIASN1_TIME_print()\fR prints out the time \fBs\fR to \s-1BIO \s0\fBb\fR in human readable
+\&\fIASN1_TIME_print()\fR prints out the time \fBs\fR to \s-1BIO\s0 \fBb\fR in human readable
format. It will be of the format \s-1MMM DD HH:MM:SS YYYY\s0 [\s-1GMT\s0], for example
\&\*(L"Feb 3 00:55:52 2015 \s-1GMT\*(R"\s0 it does not include a newline. If the time
structure has invalid format it prints out \*(L"Bad time value\*(R" and returns
diff --git a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 b/secure/lib/libcrypto/man/ASN1_generate_nconf.3
index 576cb3203de3..d0bf6ab5d2b4 100644
--- a/secure/lib/libcrypto/man/ASN1_generate_nconf.3
+++ b/secure/lib/libcrypto/man/ASN1_generate_nconf.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1_generate_nconf 3"
-.TH ASN1_generate_nconf 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ASN1_generate_nconf 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -182,34 +182,34 @@ are acceptable.
Encode the \fB\s-1NULL\s0\fR type, the \fBvalue\fR string must not be present.
.IP "\fB\s-1INTEGER\s0\fR, \fB\s-1INT\s0\fR" 2
.IX Item "INTEGER, INT"
-Encodes an \s-1ASN1 \s0\fB\s-1INTEGER\s0\fR type. The \fBvalue\fR string represents
+Encodes an \s-1ASN1\s0 \fB\s-1INTEGER\s0\fR type. The \fBvalue\fR string represents
the value of the integer, it can be prefaced by a minus sign and
is normally interpreted as a decimal value unless the prefix \fB0x\fR
is included.
.IP "\fB\s-1ENUMERATED\s0\fR, \fB\s-1ENUM\s0\fR" 2
.IX Item "ENUMERATED, ENUM"
-Encodes the \s-1ASN1 \s0\fB\s-1ENUMERATED\s0\fR type, it is otherwise identical to
+Encodes the \s-1ASN1\s0 \fB\s-1ENUMERATED\s0\fR type, it is otherwise identical to
\&\fB\s-1INTEGER\s0\fR.
.IP "\fB\s-1OBJECT\s0\fR, \fB\s-1OID\s0\fR" 2
.IX Item "OBJECT, OID"
-Encodes an \s-1ASN1 \s0\fB\s-1OBJECT IDENTIFIER\s0\fR, the \fBvalue\fR string can be
+Encodes an \s-1ASN1\s0 \fB\s-1OBJECT IDENTIFIER\s0\fR, the \fBvalue\fR string can be
a short name, a long name or numerical format.
.IP "\fB\s-1UTCTIME\s0\fR, \fB\s-1UTC\s0\fR" 2
.IX Item "UTCTIME, UTC"
-Encodes an \s-1ASN1 \s0\fBUTCTime\fR structure, the value should be in
+Encodes an \s-1ASN1\s0 \fBUTCTime\fR structure, the value should be in
the format \fB\s-1YYMMDDHHMMSSZ\s0\fR.
.IP "\fB\s-1GENERALIZEDTIME\s0\fR, \fB\s-1GENTIME\s0\fR" 2
.IX Item "GENERALIZEDTIME, GENTIME"
-Encodes an \s-1ASN1 \s0\fBGeneralizedTime\fR structure, the value should be in
+Encodes an \s-1ASN1\s0 \fBGeneralizedTime\fR structure, the value should be in
the format \fB\s-1YYYYMMDDHHMMSSZ\s0\fR.
.IP "\fB\s-1OCTETSTRING\s0\fR, \fB\s-1OCT\s0\fR" 2
.IX Item "OCTETSTRING, OCT"
-Encodes an \s-1ASN1 \s0\fB\s-1OCTET STRING\s0\fR. \fBvalue\fR represents the contents
+Encodes an \s-1ASN1\s0 \fB\s-1OCTET STRING\s0\fR. \fBvalue\fR represents the contents
of this structure, the format strings \fB\s-1ASCII\s0\fR and \fB\s-1HEX\s0\fR can be
used to specify the format of \fBvalue\fR.
.IP "\fB\s-1BITSTRING\s0\fR, \fB\s-1BITSTR\s0\fR" 2
.IX Item "BITSTRING, BITSTR"
-Encodes an \s-1ASN1 \s0\fB\s-1BIT STRING\s0\fR. \fBvalue\fR represents the contents
+Encodes an \s-1ASN1\s0 \fB\s-1BIT STRING\s0\fR. \fBvalue\fR represents the contents
of this structure, the format strings \fB\s-1ASCII\s0\fR, \fB\s-1HEX\s0\fR and \fB\s-1BITLIST\s0\fR
can be used to specify the format of \fBvalue\fR.
.Sp
@@ -221,7 +221,7 @@ These encode the corresponding string types. \fBvalue\fR represents the
contents of this structure. The format can be \fB\s-1ASCII\s0\fR or \fB\s-1UTF8\s0\fR.
.IP "\fB\s-1SEQUENCE\s0\fR, \fB\s-1SEQ\s0\fR, \fB\s-1SET\s0\fR" 2
.IX Item "SEQUENCE, SEQ, SET"
-Formats the result as an \s-1ASN1 \s0\fB\s-1SEQUENCE\s0\fR or \fB\s-1SET\s0\fR type. \fBvalue\fR
+Formats the result as an \s-1ASN1\s0 \fB\s-1SEQUENCE\s0\fR or \fB\s-1SET\s0\fR type. \fBvalue\fR
should be a section name which will contain the contents. The
field names in the section are ignored and the values are in the
generated string format. If \fBvalue\fR is absent then an empty \s-1SEQUENCE\s0
diff --git a/secure/lib/libcrypto/man/BIO_ctrl.3 b/secure/lib/libcrypto/man/BIO_ctrl.3
index bbfb1dec1703..6c502a16120f 100644
--- a/secure/lib/libcrypto/man/BIO_ctrl.3
+++ b/secure/lib/libcrypto/man/BIO_ctrl.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_ctrl 3"
-.TH BIO_ctrl 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BIO_ctrl 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -169,7 +169,7 @@ BIO_get_info_callback, BIO_set_info_callback \- BIO control operations
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIBIO_ctrl()\fR, \fIBIO_callback_ctrl()\fR, \fIBIO_ptr_ctrl()\fR and \fIBIO_int_ctrl()\fR
-are \s-1BIO \s0\*(L"control\*(R" operations taking arguments of various types.
+are \s-1BIO\s0 \*(L"control\*(R" operations taking arguments of various types.
These functions are not normally called directly, various macros
are used instead. The standard macros are described below, macros
specific to a particular type of \s-1BIO\s0 are described in the specific
@@ -191,7 +191,7 @@ cases it is used to signal \s-1EOF\s0 and that no more data will be written.
\&\fIBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF,\s0 the precise meaning of
\&\*(L"\s-1EOF\*(R"\s0 varies according to the \s-1BIO\s0 type.
.PP
-\&\fIBIO_set_close()\fR sets the \s-1BIO \s0\fBb\fR close flag to \fBflag\fR. \fBflag\fR can
+\&\fIBIO_set_close()\fR sets the \s-1BIO\s0 \fBb\fR close flag to \fBflag\fR. \fBflag\fR can
take the value \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE.\s0 Typically \s-1BIO_CLOSE\s0 is used
in a source/sink \s-1BIO\s0 to indicate that the underlying I/O stream should
be closed when the \s-1BIO\s0 is freed.
diff --git a/secure/lib/libcrypto/man/BIO_f_base64.3 b/secure/lib/libcrypto/man/BIO_f_base64.3
index 8951748a6a91..730aaa3fb524 100644
--- a/secure/lib/libcrypto/man/BIO_f_base64.3
+++ b/secure/lib/libcrypto/man/BIO_f_base64.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_base64 3"
-.TH BIO_f_base64 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BIO_f_base64 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -208,7 +208,7 @@ The ambiguity of \s-1EOF\s0 in base64 encoded data can cause additional
data following the base64 encoded block to be misinterpreted.
.PP
There should be some way of specifying a test that the \s-1BIO\s0 can perform
-to reliably determine \s-1EOF \s0(for example a \s-1MIME\s0 boundary).
+to reliably determine \s-1EOF\s0 (for example a \s-1MIME\s0 boundary).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\s-1TBA\s0
diff --git a/secure/lib/libcrypto/man/BIO_f_buffer.3 b/secure/lib/libcrypto/man/BIO_f_buffer.3
index 90e94cf93c65..bac5af9b3ba2 100644
--- a/secure/lib/libcrypto/man/BIO_f_buffer.3
+++ b/secure/lib/libcrypto/man/BIO_f_buffer.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_buffer 3"
-.TH BIO_f_buffer 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BIO_f_buffer 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_f_cipher.3 b/secure/lib/libcrypto/man/BIO_f_cipher.3
index e65a6a13edd8..b210f5192471 100644
--- a/secure/lib/libcrypto/man/BIO_f_cipher.3
+++ b/secure/lib/libcrypto/man/BIO_f_cipher.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_cipher 3"
-.TH BIO_f_cipher 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BIO_f_cipher 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -161,8 +161,8 @@ Cipher BIOs do not support \fIBIO_gets()\fR or \fIBIO_puts()\fR.
used to signal that no more data is to be encrypted: this is used
to flush and possibly pad the final block through the \s-1BIO.\s0
.PP
-\&\fIBIO_set_cipher()\fR sets the cipher of \s-1BIO \s0\fBb\fR to \fBcipher\fR using key \fBkey\fR
-and \s-1IV \s0\fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for
+\&\fIBIO_set_cipher()\fR sets the cipher of \s-1BIO\s0 \fBb\fR to \fBcipher\fR using key \fBkey\fR
+and \s-1IV\s0 \fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for
decryption.
.PP
When reading from an encryption \s-1BIO\s0 the final block is automatically
diff --git a/secure/lib/libcrypto/man/BIO_f_md.3 b/secure/lib/libcrypto/man/BIO_f_md.3
index 65b59b721f6e..03440d513956 100644
--- a/secure/lib/libcrypto/man/BIO_f_md.3
+++ b/secure/lib/libcrypto/man/BIO_f_md.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_md 3"
-.TH BIO_f_md 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BIO_f_md 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -163,7 +163,7 @@ not supported.
.PP
\&\fIBIO_reset()\fR reinitialises a digest \s-1BIO.\s0
.PP
-\&\fIBIO_set_md()\fR sets the message digest of \s-1BIO \s0\fBb\fR to \fBmd\fR: this
+\&\fIBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this
must be called to initialize a digest \s-1BIO\s0 before any data is
passed through it. It is a \fIBIO_ctrl()\fR macro.
.PP
diff --git a/secure/lib/libcrypto/man/BIO_f_null.3 b/secure/lib/libcrypto/man/BIO_f_null.3
index 78e10dfc22db..45c7d004d54c 100644
--- a/secure/lib/libcrypto/man/BIO_f_null.3
+++ b/secure/lib/libcrypto/man/BIO_f_null.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_null 3"
-.TH BIO_f_null 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BIO_f_null 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3
index c06ef20731ca..bc8580b6cfb4 100644
--- a/secure/lib/libcrypto/man/BIO_f_ssl.3
+++ b/secure/lib/libcrypto/man/BIO_f_ssl.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_f_ssl 3"
-.TH BIO_f_ssl 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BIO_f_ssl 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -168,8 +168,8 @@ BIO_ssl_shutdown \- SSL BIO
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fIBIO_f_ssl()\fR returns the \s-1SSL BIO\s0 method. This is a filter \s-1BIO\s0 which
-is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO \s0\*(L"flavour\*(R" to
-\&\s-1SSL I/O. \s0
+is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO\s0 \*(L"flavour\*(R" to
+\&\s-1SSL I/O.\s0
.PP
I/O performed on an \s-1SSL BIO\s0 communicates using the \s-1SSL\s0 protocol with
the SSLs read and write BIOs. If an \s-1SSL\s0 connection is not established
@@ -186,10 +186,10 @@ The \s-1SSL BIO\s0 is then reset to the initial accept or connect state.
If the close flag is set when an \s-1SSL BIO\s0 is freed then the internal
\&\s-1SSL\s0 structure is also freed using \fISSL_free()\fR.
.PP
-\&\fIBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO \s0\fBb\fR to \fBssl\fR using
+\&\fIBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR to \fBssl\fR using
the close flag \fBc\fR.
.PP
-\&\fIBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO \s0\fBb\fR, it can then be
+\&\fIBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR, it can then be
manipulated using the standard \s-1SSL\s0 library functions.
.PP
\&\fIBIO_set_ssl_mode()\fR sets the \s-1SSL BIO\s0 mode to \fBclient\fR. If \fBclient\fR
@@ -207,14 +207,14 @@ automatically renegotiated.
\&\fIBIO_get_num_renegotiates()\fR returns the total number of session
renegotiations due to I/O or timeout.
.PP
-\&\fIBIO_new_ssl()\fR allocates an \s-1SSL BIO\s0 using \s-1SSL_CTX \s0\fBctx\fR and using
+\&\fIBIO_new_ssl()\fR allocates an \s-1SSL BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using
client mode if \fBclient\fR is non zero.
.PP
\&\fIBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an
-\&\s-1SSL BIO \s0(using \fBctx\fR) followed by a connect \s-1BIO.\s0
+\&\s-1SSL BIO\s0 (using \fBctx\fR) followed by a connect \s-1BIO.\s0
.PP
\&\fIBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting
-of a buffering \s-1BIO,\s0 an \s-1SSL BIO \s0(using \fBctx\fR) and a connect
+of a buffering \s-1BIO,\s0 an \s-1SSL BIO\s0 (using \fBctx\fR) and a connect
\&\s-1BIO.\s0
.PP
\&\fIBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between
diff --git a/secure/lib/libcrypto/man/BIO_find_type.3 b/secure/lib/libcrypto/man/BIO_find_type.3
index ee162cee279c..1b732e5858e0 100644
--- a/secure/lib/libcrypto/man/BIO_find_type.3
+++ b/secure/lib/libcrypto/man/BIO_find_type.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_find_type 3"
-.TH BIO_find_type 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BIO_find_type 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -174,7 +174,7 @@ BIO_find_type, BIO_next, BIO_method_type \- BIO chain traversal
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fIBIO_find_type()\fR searches for a \s-1BIO\s0 of a given type in a chain, starting
-at \s-1BIO \s0\fBb\fR. If \fBtype\fR is a specific type (such as \s-1BIO_TYPE_MEM\s0) then a search
+at \s-1BIO\s0 \fBb\fR. If \fBtype\fR is a specific type (such as \s-1BIO_TYPE_MEM\s0) then a search
is made for a \s-1BIO\s0 of that type. If \fBtype\fR is a general type (such as
\&\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR) then the next matching \s-1BIO\s0 of the given general type is
searched for. \fIBIO_find_type()\fR returns the next matching \s-1BIO\s0 or \s-1NULL\s0 if none is
@@ -193,7 +193,7 @@ certain type.
.PP
\&\fIBIO_next()\fR returns the next \s-1BIO\s0 in a chain.
.PP
-\&\fIBIO_method_type()\fR returns the type of the \s-1BIO \s0\fBb\fR.
+\&\fIBIO_method_type()\fR returns the type of the \s-1BIO\s0 \fBb\fR.
.SH "NOTES"
.IX Header "NOTES"
\&\fIBIO_next()\fR was added to OpenSSL 0.9.6 to provide a 'clean' way to traverse a \s-1BIO\s0
diff --git a/secure/lib/libcrypto/man/BIO_new.3 b/secure/lib/libcrypto/man/BIO_new.3
index f4bca990390e..c45e27d26f2a 100644
--- a/secure/lib/libcrypto/man/BIO_new.3
+++ b/secure/lib/libcrypto/man/BIO_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_new 3"
-.TH BIO_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BIO_new 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_new_CMS.3 b/secure/lib/libcrypto/man/BIO_new_CMS.3
index 8aca69897668..06bab9601782 100644
--- a/secure/lib/libcrypto/man/BIO_new_CMS.3
+++ b/secure/lib/libcrypto/man/BIO_new_CMS.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_new_CMS 3"
-.TH BIO_new_CMS 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BIO_new_CMS 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_push.3 b/secure/lib/libcrypto/man/BIO_push.3
index eb23d337f5e1..a866109054a1 100644
--- a/secure/lib/libcrypto/man/BIO_push.3
+++ b/secure/lib/libcrypto/man/BIO_push.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_push 3"
-.TH BIO_push 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BIO_push 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -146,10 +146,10 @@ BIO_push, BIO_pop \- add and remove BIOs from a chain.
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-The \fIBIO_push()\fR function appends the \s-1BIO \s0\fBappend\fR to \fBb\fR, it returns
+The \fIBIO_push()\fR function appends the \s-1BIO\s0 \fBappend\fR to \fBb\fR, it returns
\&\fBb\fR.
.PP
-\&\fIBIO_pop()\fR removes the \s-1BIO \s0\fBb\fR from a chain and returns the next \s-1BIO\s0
+\&\fIBIO_pop()\fR removes the \s-1BIO\s0 \fBb\fR from a chain and returns the next \s-1BIO\s0
in the chain, or \s-1NULL\s0 if there is no next \s-1BIO.\s0 The removed \s-1BIO\s0 then
becomes a single \s-1BIO\s0 with no association with the original chain,
it can thus be freed or attached to a different chain.
diff --git a/secure/lib/libcrypto/man/BIO_read.3 b/secure/lib/libcrypto/man/BIO_read.3
index 715cd542e5e1..90efdf3c0c8e 100644
--- a/secure/lib/libcrypto/man/BIO_read.3
+++ b/secure/lib/libcrypto/man/BIO_read.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_read 3"
-.TH BIO_read 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BIO_read 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,7 +148,7 @@ BIO_read, BIO_write, BIO_gets, BIO_puts \- BIO I/O functions
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO \s0\fBb\fR and places
+\&\fIBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO\s0 \fBb\fR and places
the data in \fBbuf\fR.
.PP
\&\fIBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data
@@ -157,9 +157,9 @@ from the \s-1BIO\s0 of maximum length \fBlen\fR. There are exceptions to this
however, for example \fIBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and
return the digest and other BIOs may not support \fIBIO_gets()\fR at all.
.PP
-\&\fIBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO \s0\fBb\fR.
+\&\fIBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO\s0 \fBb\fR.
.PP
-\&\fIBIO_puts()\fR attempts to write a null terminated string \fBbuf\fR to \s-1BIO \s0\fBb\fR.
+\&\fIBIO_puts()\fR attempts to write a null terminated string \fBbuf\fR to \s-1BIO\s0 \fBb\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
All these functions return either the amount of data successfully read or
@@ -187,7 +187,7 @@ See \fIBIO_should_retry\fR\|(3) for details of how to
determine the cause of a retry and other I/O issues.
.PP
If the \fIBIO_gets()\fR function is not supported by a \s-1BIO\s0 then it possible to
-work around this by adding a buffering \s-1BIO \s0\fIBIO_f_buffer\fR\|(3)
+work around this by adding a buffering \s-1BIO\s0 \fIBIO_f_buffer\fR\|(3)
to the chain.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
diff --git a/secure/lib/libcrypto/man/BIO_s_accept.3 b/secure/lib/libcrypto/man/BIO_s_accept.3
index b47027e36f93..3cc7f81b5eb8 100644
--- a/secure/lib/libcrypto/man/BIO_s_accept.3
+++ b/secure/lib/libcrypto/man/BIO_s_accept.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_accept 3"
-.TH BIO_s_accept 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BIO_s_accept 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -213,7 +213,7 @@ chain of BIOs must not be freed after this call, they will
be automatically freed when the accept \s-1BIO\s0 is freed.
.PP
\&\fIBIO_set_bind_mode()\fR and \fIBIO_get_bind_mode()\fR set and retrieve
-the current bind mode. If \s-1BIO_BIND_NORMAL \s0(the default) is set
+the current bind mode. If \s-1BIO_BIND_NORMAL\s0 (the default) is set
then another socket cannot be bound to the same port. If
\&\s-1BIO_BIND_REUSEADDR\s0 is set then other sockets can bind to the
same port. If \s-1BIO_BIND_REUSEADDR_IF_UNUSED\s0 is set then and
diff --git a/secure/lib/libcrypto/man/BIO_s_bio.3 b/secure/lib/libcrypto/man/BIO_s_bio.3
index 1ade4dc91b4c..68732cc44e87 100644
--- a/secure/lib/libcrypto/man/BIO_s_bio.3
+++ b/secure/lib/libcrypto/man/BIO_s_bio.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_bio 3"
-.TH BIO_s_bio 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BIO_s_bio 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -195,12 +195,12 @@ determine the amount of pending data in the read or write buffer.
\&\fIBIO_destroy_pair()\fR destroys the association between two connected BIOs. Freeing
up any half of the pair will automatically destroy the association.
.PP
-\&\fIBIO_shutdown_wr()\fR is used to close down a \s-1BIO \s0\fBb\fR. After this call no further
-writes on \s-1BIO \s0\fBb\fR are allowed (they will return an error). Reads on the other
+\&\fIBIO_shutdown_wr()\fR is used to close down a \s-1BIO\s0 \fBb\fR. After this call no further
+writes on \s-1BIO\s0 \fBb\fR are allowed (they will return an error). Reads on the other
half of the pair will return any pending data or \s-1EOF\s0 when all pending data has
been read.
.PP
-\&\fIBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO \s0\fBb\fR to \fBsize\fR.
+\&\fIBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO\s0 \fBb\fR to \fBsize\fR.
If the size is not initialized a default value is used. This is currently
17K, sufficient for a maximum size \s-1TLS\s0 record.
.PP
diff --git a/secure/lib/libcrypto/man/BIO_s_connect.3 b/secure/lib/libcrypto/man/BIO_s_connect.3
index ae4ea1284d11..bc361071e98d 100644
--- a/secure/lib/libcrypto/man/BIO_s_connect.3
+++ b/secure/lib/libcrypto/man/BIO_s_connect.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_connect 3"
-.TH BIO_s_connect 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BIO_s_connect 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_s_fd.3 b/secure/lib/libcrypto/man/BIO_s_fd.3
index 55848f442d92..7b84c4939cf9 100644
--- a/secure/lib/libcrypto/man/BIO_s_fd.3
+++ b/secure/lib/libcrypto/man/BIO_s_fd.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_fd 3"
-.TH BIO_s_fd 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BIO_s_fd 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -167,7 +167,7 @@ using lseek(fd, ofs, 0).
.PP
\&\fIBIO_tell()\fR returns the current file position by calling lseek(fd, 0, 1).
.PP
-\&\fIBIO_set_fd()\fR sets the file descriptor of \s-1BIO \s0\fBb\fR to \fBfd\fR and the close
+\&\fIBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close
flag to \fBc\fR.
.PP
\&\fIBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL,\s0 it also
@@ -191,7 +191,7 @@ instead.
.PP
\&\fIBIO_reset()\fR returns zero for success and \-1 if an error occurred.
\&\fIBIO_seek()\fR and \fIBIO_tell()\fR return the current file position or \-1
-is an error occurred. These values reflect the underlying \fIlseek()\fR
+if an error occurred. These values reflect the underlying \fIlseek()\fR
behaviour.
.PP
\&\fIBIO_set_fd()\fR always returns 1.
diff --git a/secure/lib/libcrypto/man/BIO_s_file.3 b/secure/lib/libcrypto/man/BIO_s_file.3
index 21b775476862..f0612d794146 100644
--- a/secure/lib/libcrypto/man/BIO_s_file.3
+++ b/secure/lib/libcrypto/man/BIO_s_file.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_file 3"
-.TH BIO_s_file 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BIO_s_file 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -183,7 +183,7 @@ of \fBmode\fR is the same as the stdio function \fIfopen()\fR. The \s-1BIO_CLOSE
flag is set on the returned \s-1BIO.\s0
.PP
\&\fIBIO_new_fp()\fR creates a file \s-1BIO\s0 wrapping \fBstream\fR. Flags can be:
-\&\s-1BIO_CLOSE, BIO_NOCLOSE \s0(the close flag) \s-1BIO_FP_TEXT \s0(sets the underlying
+\&\s-1BIO_CLOSE, BIO_NOCLOSE\s0 (the close flag) \s-1BIO_FP_TEXT\s0 (sets the underlying
stream to text mode, default is binary: this only has any effect under
Win32).
.PP
@@ -198,7 +198,7 @@ from the start of file.
\&\fIBIO_tell()\fR returns the value of the position pointer.
.PP
\&\fIBIO_read_filename()\fR, \fIBIO_write_filename()\fR, \fIBIO_append_filename()\fR and
-\&\fIBIO_rw_filename()\fR set the file \s-1BIO \s0\fBb\fR to use file \fBname\fR for
+\&\fIBIO_rw_filename()\fR set the file \s-1BIO\s0 \fBb\fR to use file \fBname\fR for
reading, writing, append or read write respectively.
.SH "NOTES"
.IX Header "NOTES"
@@ -213,7 +213,7 @@ On Windows BIO_new_files reserves for the filename argument to be
lingual environment, encode file names in \s-1UTF\-8.\s0
.SH "EXAMPLES"
.IX Header "EXAMPLES"
-File \s-1BIO \s0\*(L"hello world\*(R":
+File \s-1BIO\s0 \*(L"hello world\*(R":
.PP
.Vb 3
\& BIO *bio_out;
diff --git a/secure/lib/libcrypto/man/BIO_s_mem.3 b/secure/lib/libcrypto/man/BIO_s_mem.3
index 8a1ffaff570f..9486ceb89f85 100644
--- a/secure/lib/libcrypto/man/BIO_s_mem.3
+++ b/secure/lib/libcrypto/man/BIO_s_mem.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_mem 3"
-.TH BIO_s_mem 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BIO_s_mem 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -176,8 +176,8 @@ data can be read again.
.PP
\&\fIBIO_ctrl_pending()\fR returns the number of bytes currently stored.
.PP
-\&\fIBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO \s0\fBb\fR when it is
-empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF \s0(that is
+\&\fIBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO\s0 \fBb\fR when it is
+empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF\s0 (that is
it will return zero and BIO_should_retry(b) will be false. If \fBv\fR is non
zero then it will return \fBv\fR when it is empty and it will set the read retry
flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal
diff --git a/secure/lib/libcrypto/man/BIO_s_null.3 b/secure/lib/libcrypto/man/BIO_s_null.3
index 2051d73723b1..c80aad1fb761 100644
--- a/secure/lib/libcrypto/man/BIO_s_null.3
+++ b/secure/lib/libcrypto/man/BIO_s_null.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_null 3"
-.TH BIO_s_null 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BIO_s_null 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_s_socket.3 b/secure/lib/libcrypto/man/BIO_s_socket.3
index b563696ab8de..4e173d688048 100644
--- a/secure/lib/libcrypto/man/BIO_s_socket.3
+++ b/secure/lib/libcrypto/man/BIO_s_socket.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_s_socket 3"
-.TH BIO_s_socket 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BIO_s_socket 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -159,7 +159,7 @@ round the platform's socket routines.
If the close flag is set then the socket is shut down and closed
when the \s-1BIO\s0 is freed.
.PP
-\&\fIBIO_set_fd()\fR sets the socket of \s-1BIO \s0\fBb\fR to \fBfd\fR and the close
+\&\fIBIO_set_fd()\fR sets the socket of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close
flag to \fBclose_flag\fR.
.PP
\&\fIBIO_get_fd()\fR places the socket in \fBc\fR if it is not \s-1NULL,\s0 it also
diff --git a/secure/lib/libcrypto/man/BIO_set_callback.3 b/secure/lib/libcrypto/man/BIO_set_callback.3
index 097fe026d861..5619a14cbb51 100644
--- a/secure/lib/libcrypto/man/BIO_set_callback.3
+++ b/secure/lib/libcrypto/man/BIO_set_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_set_callback 3"
-.TH BIO_set_callback 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BIO_set_callback 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BIO_should_retry.3 b/secure/lib/libcrypto/man/BIO_should_retry.3
index e784a38310c2..826fd35a4422 100644
--- a/secure/lib/libcrypto/man/BIO_should_retry.3
+++ b/secure/lib/libcrypto/man/BIO_should_retry.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BIO_should_retry 3"
-.TH BIO_should_retry 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BIO_should_retry 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_BLINDING_new.3 b/secure/lib/libcrypto/man/BN_BLINDING_new.3
index bd4824c3409c..967bc0857d46 100644
--- a/secure/lib/libcrypto/man/BN_BLINDING_new.3
+++ b/secure/lib/libcrypto/man/BN_BLINDING_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_BLINDING_new 3"
-.TH BN_BLINDING_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BN_BLINDING_new 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_CTX_new.3 b/secure/lib/libcrypto/man/BN_CTX_new.3
index 170e6788f02e..b34c8a3f16a5 100644
--- a/secure/lib/libcrypto/man/BN_CTX_new.3
+++ b/secure/lib/libcrypto/man/BN_CTX_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_CTX_new 3"
-.TH BN_CTX_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BN_CTX_new 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_CTX_start.3 b/secure/lib/libcrypto/man/BN_CTX_start.3
index 75579158aa7e..df7c39bf83f9 100644
--- a/secure/lib/libcrypto/man/BN_CTX_start.3
+++ b/secure/lib/libcrypto/man/BN_CTX_start.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_CTX_start 3"
-.TH BN_CTX_start 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BN_CTX_start 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_add.3 b/secure/lib/libcrypto/man/BN_add.3
index 0cda17135542..9396447a55f1 100644
--- a/secure/lib/libcrypto/man/BN_add.3
+++ b/secure/lib/libcrypto/man/BN_add.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_add 3"
-.TH BN_add 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BN_add 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -224,7 +224,9 @@ result in \fIr\fR.
\&\fIBN_mul()\fR.
.PP
\&\fIBN_mod_exp()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`r=a^p %
-m\*(C'\fR). This function uses less time and space than \fIBN_exp()\fR.
+m\*(C'\fR). This function uses less time and space than \fIBN_exp()\fR. Do not call this
+function when \fBm\fR is even and any of the parameters have the
+\&\fB\s-1BN_FLG_CONSTTIME\s0\fR flag set.
.PP
\&\fIBN_gcd()\fR computes the greatest common divisor of \fIa\fR and \fIb\fR and
places the result in \fIr\fR. \fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or
diff --git a/secure/lib/libcrypto/man/BN_add_word.3 b/secure/lib/libcrypto/man/BN_add_word.3
index c7ff47a3abb0..471cfb9abcbb 100644
--- a/secure/lib/libcrypto/man/BN_add_word.3
+++ b/secure/lib/libcrypto/man/BN_add_word.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_add_word 3"
-.TH BN_add_word 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BN_add_word 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_bn2bin.3 b/secure/lib/libcrypto/man/BN_bn2bin.3
index ab4d42ef0439..ad666c6de492 100644
--- a/secure/lib/libcrypto/man/BN_bn2bin.3
+++ b/secure/lib/libcrypto/man/BN_bn2bin.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_bn2bin 3"
-.TH BN_bn2bin 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BN_bn2bin 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -172,8 +172,8 @@ numbers, the string is prefaced with a leading '\-'. The string must be
freed later using \fIOPENSSL_free()\fR.
.PP
\&\fIBN_hex2bn()\fR converts the string \fBstr\fR containing a hexadecimal number
-to a \fB\s-1BIGNUM\s0\fR and stores it in **\fBbn\fR. If *\fBbn\fR is \s-1NULL,\s0 a new
-\&\fB\s-1BIGNUM\s0\fR is created. If \fBbn\fR is \s-1NULL,\s0 it only computes the number's
+to a \fB\s-1BIGNUM\s0\fR and stores it in **\fBa\fR. If *\fBa\fR is \s-1NULL,\s0 a new
+\&\fB\s-1BIGNUM\s0\fR is created. If \fBa\fR is \s-1NULL,\s0 it only computes the number's
length in hexadecimal digits. If the string starts with '\-', the
number is negative.
A \*(L"negative zero\*(R" is converted to zero.
diff --git a/secure/lib/libcrypto/man/BN_cmp.3 b/secure/lib/libcrypto/man/BN_cmp.3
index fba6ddb43404..12f2df0325e8 100644
--- a/secure/lib/libcrypto/man/BN_cmp.3
+++ b/secure/lib/libcrypto/man/BN_cmp.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_cmp 3"
-.TH BN_cmp 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BN_cmp 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_copy.3 b/secure/lib/libcrypto/man/BN_copy.3
index 9161d679e4c4..8cdabc632454 100644
--- a/secure/lib/libcrypto/man/BN_copy.3
+++ b/secure/lib/libcrypto/man/BN_copy.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_copy 3"
-.TH BN_copy 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BN_copy 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_generate_prime.3 b/secure/lib/libcrypto/man/BN_generate_prime.3
index 6873b8b9c764..843860e1b36f 100644
--- a/secure/lib/libcrypto/man/BN_generate_prime.3
+++ b/secure/lib/libcrypto/man/BN_generate_prime.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_generate_prime 3"
-.TH BN_generate_prime 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BN_generate_prime 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -214,7 +214,17 @@ If \fBdo_trial_division == 0\fR, this test is skipped.
Both \fIBN_is_prime_ex()\fR and \fIBN_is_prime_fasttest_ex()\fR perform a Miller-Rabin
probabilistic primality test with \fBnchecks\fR iterations. If
\&\fBnchecks == BN_prime_checks\fR, a number of iterations is used that
-yields a false positive rate of at most 2^\-80 for random input.
+yields a false positive rate of at most 2^\-64 for random input.
+The error rate depends on the size of the prime and goes down for bigger primes.
+The rate is 2^\-80 starting at 308 bits, 2^\-112 at 852 bits, 2^\-128 at 1080 bits,
+2^\-192 at 3747 bits and 2^\-256 at 6394 bits.
+.PP
+When the source of the prime is not random or not trusted, the number
+of checks needs to be much higher to reach the same level of assurance:
+It should equal half of the targeted security level in bits (rounded up to the
+next integer if necessary).
+For instance, to reach the 128 bit security level, \fBnchecks\fR should be set to
+64.
.PP
If \fBcb\fR is not \fB\s-1NULL\s0\fR, \fBBN_GENCB_call(cb, 1, j)\fR is called
after the j\-th iteration (j = 0, 1, ...). \fBctx\fR is a
diff --git a/secure/lib/libcrypto/man/BN_mod_inverse.3 b/secure/lib/libcrypto/man/BN_mod_inverse.3
index e67b91e22db7..24fc1c4928d2 100644
--- a/secure/lib/libcrypto/man/BN_mod_inverse.3
+++ b/secure/lib/libcrypto/man/BN_mod_inverse.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_mod_inverse 3"
-.TH BN_mod_inverse 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BN_mod_inverse 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
index 45d41070346d..fa413e5fd521 100644
--- a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
+++ b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_mod_mul_montgomery 3"
-.TH BN_mod_mul_montgomery 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BN_mod_mul_montgomery 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
index 9c032b876ac8..86387ce0b4cd 100644
--- a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
+++ b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_mod_mul_reciprocal 3"
-.TH BN_mod_mul_reciprocal 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BN_mod_mul_reciprocal 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_new.3 b/secure/lib/libcrypto/man/BN_new.3
index fb0b7c754972..c5a5012da3f4 100644
--- a/secure/lib/libcrypto/man/BN_new.3
+++ b/secure/lib/libcrypto/man/BN_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_new 3"
-.TH BN_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BN_new 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/BN_num_bytes.3
index db76b03b2512..839a1f008b45 100644
--- a/secure/lib/libcrypto/man/BN_num_bytes.3
+++ b/secure/lib/libcrypto/man/BN_num_bytes.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_num_bytes 3"
-.TH BN_num_bytes 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BN_num_bytes 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_rand.3 b/secure/lib/libcrypto/man/BN_rand.3
index ea16ba710d2a..cc8ec3a51f7f 100644
--- a/secure/lib/libcrypto/man/BN_rand.3
+++ b/secure/lib/libcrypto/man/BN_rand.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_rand 3"
-.TH BN_rand 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BN_rand 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_set_bit.3 b/secure/lib/libcrypto/man/BN_set_bit.3
index 2da032de397a..6a953f4329f6 100644
--- a/secure/lib/libcrypto/man/BN_set_bit.3
+++ b/secure/lib/libcrypto/man/BN_set_bit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_set_bit 3"
-.TH BN_set_bit 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BN_set_bit 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_swap.3 b/secure/lib/libcrypto/man/BN_swap.3
index 3fd1d1782731..ed2f836fc40c 100644
--- a/secure/lib/libcrypto/man/BN_swap.3
+++ b/secure/lib/libcrypto/man/BN_swap.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_swap 3"
-.TH BN_swap 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BN_swap 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/BN_zero.3 b/secure/lib/libcrypto/man/BN_zero.3
index 8915eda458d9..0a21d419acdd 100644
--- a/secure/lib/libcrypto/man/BN_zero.3
+++ b/secure/lib/libcrypto/man/BN_zero.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "BN_zero 3"
-.TH BN_zero 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH BN_zero 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_add0_cert.3 b/secure/lib/libcrypto/man/CMS_add0_cert.3
index 8d5164c05bba..a76f55efe2d2 100644
--- a/secure/lib/libcrypto/man/CMS_add0_cert.3
+++ b/secure/lib/libcrypto/man/CMS_add0_cert.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_add0_cert 3"
-.TH CMS_add0_cert 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CMS_add0_cert 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -156,7 +156,7 @@ must be of type signed data or enveloped data.
.PP
\&\fICMS_get1_certs()\fR returns all certificates in \fBcms\fR.
.PP
-\&\fICMS_add0_crl()\fR and \fICMS_add1_crl()\fR add \s-1CRL \s0\fBcrl\fR to \fBcms\fR. \fICMS_get1_crls()\fR
+\&\fICMS_add0_crl()\fR and \fICMS_add1_crl()\fR add \s-1CRL\s0 \fBcrl\fR to \fBcms\fR. \fICMS_get1_crls()\fR
returns any CRLs in \fBcms\fR.
.SH "NOTES"
.IX Header "NOTES"
diff --git a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
index 56c7244e63bf..25df564cf32b 100644
--- a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
+++ b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_add1_recipient_cert 3"
-.TH CMS_add1_recipient_cert 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CMS_add1_recipient_cert 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_add1_signer.3 b/secure/lib/libcrypto/man/CMS_add1_signer.3
index 4badcd64bb6d..877bce98cd25 100644
--- a/secure/lib/libcrypto/man/CMS_add1_signer.3
+++ b/secure/lib/libcrypto/man/CMS_add1_signer.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_add1_signer 3"
-.TH CMS_add1_signer 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CMS_add1_signer 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_compress.3 b/secure/lib/libcrypto/man/CMS_compress.3
index 3d4099e71aae..895efd52df06 100644
--- a/secure/lib/libcrypto/man/CMS_compress.3
+++ b/secure/lib/libcrypto/man/CMS_compress.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_compress 3"
-.TH CMS_compress 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CMS_compress 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -167,7 +167,7 @@ otherwise the translation will corrupt it. If \fB\s-1CMS_BINARY\s0\fR is set the
\&\fB\s-1CMS_TEXT\s0\fR is ignored.
.PP
If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is
-returned suitable for streaming I/O: no data is read from the \s-1BIO \s0\fBin\fR.
+returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR.
.PP
The compressed data is included in the CMS_ContentInfo structure, unless
\&\fB\s-1CMS_DETACHED\s0\fR is set in which case it is omitted. This is rarely used in
@@ -181,7 +181,7 @@ results.
.PP
Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR,
\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization
-can be performed by obtaining the streaming \s-1ASN1 \s0\fB\s-1BIO\s0\fR directly using
+can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using
\&\fIBIO_new_CMS()\fR.
.PP
Additional compression parameters such as the zlib compression level cannot
diff --git a/secure/lib/libcrypto/man/CMS_decrypt.3 b/secure/lib/libcrypto/man/CMS_decrypt.3
index bf4651fb2ee1..a9247fb5065c 100644
--- a/secure/lib/libcrypto/man/CMS_decrypt.3
+++ b/secure/lib/libcrypto/man/CMS_decrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_decrypt 3"
-.TH CMS_decrypt 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CMS_decrypt 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_encrypt.3 b/secure/lib/libcrypto/man/CMS_encrypt.3
index 229f9a05ca12..157c2b6d8bce 100644
--- a/secure/lib/libcrypto/man/CMS_encrypt.3
+++ b/secure/lib/libcrypto/man/CMS_encrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_encrypt 3"
-.TH CMS_encrypt 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CMS_encrypt 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -152,9 +152,8 @@ is a list of recipient certificates. \fBin\fR is the content to be encrypted.
\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags.
.SH "NOTES"
.IX Header "NOTES"
-Only certificates carrying \s-1RSA\s0 keys are supported so the recipient certificates
-supplied to this function must all contain \s-1RSA\s0 public keys, though they do not
-have to be signed using the \s-1RSA\s0 algorithm.
+Only certificates carrying \s-1RSA,\s0 Diffie-Hellman or \s-1EC\s0 keys are supported by this
+function.
.PP
\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use
because most clients will support it.
@@ -184,7 +183,7 @@ identifier value instead. An error occurs if all recipient certificates do not
have a subject key identifier extension.
.PP
If the \fB\s-1CMS_STREAM\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is
-returned suitable for streaming I/O: no data is read from the \s-1BIO \s0\fBin\fR.
+returned suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR.
.PP
If the \fB\s-1CMS_PARTIAL\s0\fR flag is set a partial \fBCMS_ContentInfo\fR structure is
returned to which additional recipients and attributes can be added before
@@ -202,7 +201,7 @@ results.
.PP
Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR,
\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization
-can be performed by obtaining the streaming \s-1ASN1 \s0\fB\s-1BIO\s0\fR directly using
+can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using
\&\fIBIO_new_CMS()\fR.
.PP
The recipients specified in \fBcerts\fR use a \s-1CMS\s0 KeyTransRecipientInfo info
diff --git a/secure/lib/libcrypto/man/CMS_final.3 b/secure/lib/libcrypto/man/CMS_final.3
index 1955e2d45c14..7c461fb7e2ee 100644
--- a/secure/lib/libcrypto/man/CMS_final.3
+++ b/secure/lib/libcrypto/man/CMS_final.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_final 3"
-.TH CMS_final 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CMS_final 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
index 52b20526066a..f48f64a4fd78 100644
--- a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
+++ b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_get0_RecipientInfos 3"
-.TH CMS_get0_RecipientInfos 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CMS_get0_RecipientInfos 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -178,7 +178,7 @@ the CMS_RecipientInfo structure \fBri\fR, which must be of type
\&\s-1CMS_RECIPINFO_TRANS.\s0
.PP
\&\fICMS_RecipientInfo_kekri_get0_id()\fR retrieves the key information from the
-CMS_RecipientInfo structure \fBri\fR which must be of type \s-1CMS_RECIPINFO_KEK. \s0 Any
+CMS_RecipientInfo structure \fBri\fR which must be of type \s-1CMS_RECIPINFO_KEK.\s0 Any
of the remaining parameters can be \s-1NULL\s0 if the application is not interested in
the value of a field. Where a field is optional and absent \s-1NULL\s0 will be written
to the corresponding parameter. The keyEncryptionAlgorithm field is written to
@@ -189,7 +189,7 @@ present is written to \fBpdate\fR, if the \fBother\fR field is present the compo
.PP
\&\fICMS_RecipientInfo_kekri_id_cmp()\fR compares the \s-1ID\s0 in the \fBid\fR and \fBidlen\fR
parameters against the \fBkeyIdentifier\fR CMS_RecipientInfo structure \fBri\fR,
-which must be of type \s-1CMS_RECIPINFO_KEK. \s0 It returns zero if the comparison is
+which must be of type \s-1CMS_RECIPINFO_KEK.\s0 It returns zero if the comparison is
successful and non zero if not.
.PP
\&\fICMS_RecipientInfo_set0_key()\fR associates the symmetric key \fBkey\fR of length
diff --git a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
index 3ddba27716e7..e8e479ceb212 100644
--- a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
+++ b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_get0_SignerInfos 3"
-.TH CMS_get0_SignerInfos 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CMS_get0_SignerInfos 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -183,7 +183,7 @@ using \fICMS_get0_SignerInfo()\fR and retrieve the identifier information using
.PP
Once all signer certificates have been set \fICMS_verify()\fR can be used.
.PP
-Although \fICMS_get0_SignerInfos()\fR can return \s-1NULL\s0 is an error occur \fBor\fR if
+Although \fICMS_get0_SignerInfos()\fR can return \s-1NULL\s0 if an error occurs \fBor\fR if
there are no signers this is not a problem in practice because the only
error which can occur is if the \fBcms\fR structure is not of type signedData
due to application error.
diff --git a/secure/lib/libcrypto/man/CMS_get0_type.3 b/secure/lib/libcrypto/man/CMS_get0_type.3
index 00d04b764e33..d5bfa5916bd2 100644
--- a/secure/lib/libcrypto/man/CMS_get0_type.3
+++ b/secure/lib/libcrypto/man/CMS_get0_type.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_get0_type 3"
-.TH CMS_get0_type 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CMS_get0_type 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
index c20127858a8a..3c03f3ecc626 100644
--- a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
+++ b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_get1_ReceiptRequest 3"
-.TH CMS_get1_ReceiptRequest 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CMS_get1_ReceiptRequest 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -181,7 +181,7 @@ corresponding CMS_ContentInfo structure can be successfully verified using
\&\fICMS_ReceiptRequest_create0()\fR returns a signed receipt request structure or
\&\s-1NULL\s0 if an error occurred.
.PP
-\&\fICMS_add1_ReceiptRequest()\fR returns 1 for success or 0 is an error occurred.
+\&\fICMS_add1_ReceiptRequest()\fR returns 1 for success or 0 if an error occurred.
.PP
\&\fICMS_get1_ReceiptRequest()\fR returns 1 is a signed receipt request is found and
decoded. It returns 0 if a signed receipt request is not present and \-1 if
diff --git a/secure/lib/libcrypto/man/CMS_sign.3 b/secure/lib/libcrypto/man/CMS_sign.3
index c4930c081e6f..981859d5bf2e 100644
--- a/secure/lib/libcrypto/man/CMS_sign.3
+++ b/secure/lib/libcrypto/man/CMS_sign.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_sign 3"
-.TH CMS_sign 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CMS_sign 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -153,7 +153,7 @@ the certificate to sign with, \fBpkey\fR is the corresponding private key.
structure (for example any intermediate CAs in the chain). Any or all of
these parameters can be \fB\s-1NULL\s0\fR, see \fB\s-1NOTES\s0\fR below.
.PP
-The data to be signed is read from \s-1BIO \s0\fBdata\fR.
+The data to be signed is read from \s-1BIO\s0 \fBdata\fR.
.PP
\&\fBflags\fR is an optional set of flags.
.SH "NOTES"
@@ -215,7 +215,7 @@ results.
.PP
Several functions including \fISMIME_write_CMS()\fR, \fIi2d_CMS_bio_stream()\fR,
\&\fIPEM_write_bio_CMS_stream()\fR finalize the structure. Alternatively finalization
-can be performed by obtaining the streaming \s-1ASN1 \s0\fB\s-1BIO\s0\fR directly using
+can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using
\&\fIBIO_new_CMS()\fR.
.PP
If a signer is specified it will use the default digest for the signing
diff --git a/secure/lib/libcrypto/man/CMS_sign_receipt.3 b/secure/lib/libcrypto/man/CMS_sign_receipt.3
index 8f8b98568613..4c6acbc03400 100644
--- a/secure/lib/libcrypto/man/CMS_sign_receipt.3
+++ b/secure/lib/libcrypto/man/CMS_sign_receipt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_sign_receipt 3"
-.TH CMS_sign_receipt 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CMS_sign_receipt 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_uncompress.3 b/secure/lib/libcrypto/man/CMS_uncompress.3
index c1da3ad006a9..cf2ff08e2b3f 100644
--- a/secure/lib/libcrypto/man/CMS_uncompress.3
+++ b/secure/lib/libcrypto/man/CMS_uncompress.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_uncompress 3"
-.TH CMS_uncompress 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CMS_uncompress 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_verify.3 b/secure/lib/libcrypto/man/CMS_verify.3
index e0cc2e87b90f..fc67fc5beea2 100644
--- a/secure/lib/libcrypto/man/CMS_verify.3
+++ b/secure/lib/libcrypto/man/CMS_verify.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_verify 3"
-.TH CMS_verify 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CMS_verify 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CMS_verify_receipt.3 b/secure/lib/libcrypto/man/CMS_verify_receipt.3
index 1d68ffee9b4b..78c7f25365c9 100644
--- a/secure/lib/libcrypto/man/CMS_verify_receipt.3
+++ b/secure/lib/libcrypto/man/CMS_verify_receipt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS_verify_receipt 3"
-.TH CMS_verify_receipt 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CMS_verify_receipt 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CONF_modules_free.3 b/secure/lib/libcrypto/man/CONF_modules_free.3
index 2ac07d1d7c07..48fb403c986a 100644
--- a/secure/lib/libcrypto/man/CONF_modules_free.3
+++ b/secure/lib/libcrypto/man/CONF_modules_free.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CONF_modules_free 3"
-.TH CONF_modules_free 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CONF_modules_free 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CONF_modules_load_file.3 b/secure/lib/libcrypto/man/CONF_modules_load_file.3
index 766748711ff5..0181f473dd18 100644
--- a/secure/lib/libcrypto/man/CONF_modules_load_file.3
+++ b/secure/lib/libcrypto/man/CONF_modules_load_file.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CONF_modules_load_file 3"
-.TH CONF_modules_load_file 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CONF_modules_load_file 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
index 9ef5ca9f741e..8e27589af58b 100644
--- a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
+++ b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CRYPTO_set_ex_data 3"
-.TH CRYPTO_set_ex_data 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CRYPTO_set_ex_data 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_generate_key.3 b/secure/lib/libcrypto/man/DH_generate_key.3
index 3cabcac64442..b6f67a2c159e 100644
--- a/secure/lib/libcrypto/man/DH_generate_key.3
+++ b/secure/lib/libcrypto/man/DH_generate_key.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DH_generate_key 3"
-.TH DH_generate_key 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DH_generate_key 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_generate_parameters.3 b/secure/lib/libcrypto/man/DH_generate_parameters.3
index fbb774e2425b..f8d2fc499e1f 100644
--- a/secure/lib/libcrypto/man/DH_generate_parameters.3
+++ b/secure/lib/libcrypto/man/DH_generate_parameters.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DH_generate_parameters 3"
-.TH DH_generate_parameters 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DH_generate_parameters 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 b/secure/lib/libcrypto/man/DH_get_ex_new_index.3
index 22e73d7dd6e6..67c50e959c87 100644
--- a/secure/lib/libcrypto/man/DH_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/DH_get_ex_new_index.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DH_get_ex_new_index 3"
-.TH DH_get_ex_new_index 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DH_get_ex_new_index 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/DH_new.3
index 0958f6cb3bac..94bd304bfcde 100644
--- a/secure/lib/libcrypto/man/DH_new.3
+++ b/secure/lib/libcrypto/man/DH_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DH_new 3"
-.TH DH_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DH_new 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DH_set_method.3 b/secure/lib/libcrypto/man/DH_set_method.3
index 9626dbf27a5c..1b0ceefc8f52 100644
--- a/secure/lib/libcrypto/man/DH_set_method.3
+++ b/secure/lib/libcrypto/man/DH_set_method.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DH_set_method 3"
-.TH DH_set_method 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DH_set_method 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -234,7 +234,7 @@ returns a pointer to the newly allocated structure.
As of version 0.9.7, \s-1DH_METHOD\s0 implementations are grouped together with other
algorithmic APIs (eg. \s-1RSA_METHOD, EVP_CIPHER,\s0 etc) in \fB\s-1ENGINE\s0\fR modules. If a
default \s-1ENGINE\s0 is specified for \s-1DH\s0 functionality using an \s-1ENGINE API\s0 function,
-that will override any \s-1DH\s0 defaults set using the \s-1DH API \s0(ie.
+that will override any \s-1DH\s0 defaults set using the \s-1DH API\s0 (ie.
\&\fIDH_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way
to control default implementations for use in \s-1DH\s0 and other cryptographic
algorithms.
diff --git a/secure/lib/libcrypto/man/DH_size.3 b/secure/lib/libcrypto/man/DH_size.3
index 6aa4520c7a1c..39b03838e86b 100644
--- a/secure/lib/libcrypto/man/DH_size.3
+++ b/secure/lib/libcrypto/man/DH_size.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DH_size 3"
-.TH DH_size 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DH_size 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_SIG_new.3 b/secure/lib/libcrypto/man/DSA_SIG_new.3
index 10d596f7446f..a6919a1b0d37 100644
--- a/secure/lib/libcrypto/man/DSA_SIG_new.3
+++ b/secure/lib/libcrypto/man/DSA_SIG_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_SIG_new 3"
-.TH DSA_SIG_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DSA_SIG_new 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/DSA_do_sign.3
index 83c6e5a191cc..a233a9b0a54f 100644
--- a/secure/lib/libcrypto/man/DSA_do_sign.3
+++ b/secure/lib/libcrypto/man/DSA_do_sign.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_do_sign 3"
-.TH DSA_do_sign 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DSA_do_sign 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -153,8 +153,8 @@ digest \fBdgst\fR using the private key \fBdsa\fR and returns it in a
newly allocated \fB\s-1DSA_SIG\s0\fR structure.
.PP
\&\fIDSA_sign_setup\fR\|(3) may be used to precompute part
-of the signing operation in case signature generation is
-time-critical.
+of the signing operation for each signature in case signature generation
+is time-critical.
.PP
\&\fIDSA_do_verify()\fR verifies that the signature \fBsig\fR matches a given
message digest \fBdgst\fR of size \fBlen\fR. \fBdsa\fR is the signer's public
diff --git a/secure/lib/libcrypto/man/DSA_dup_DH.3 b/secure/lib/libcrypto/man/DSA_dup_DH.3
index 28c6c9ae5c4c..7ceebd89f55b 100644
--- a/secure/lib/libcrypto/man/DSA_dup_DH.3
+++ b/secure/lib/libcrypto/man/DSA_dup_DH.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_dup_DH 3"
-.TH DSA_dup_DH 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DSA_dup_DH 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_generate_key.3 b/secure/lib/libcrypto/man/DSA_generate_key.3
index f9125858a22b..148e6b5374ea 100644
--- a/secure/lib/libcrypto/man/DSA_generate_key.3
+++ b/secure/lib/libcrypto/man/DSA_generate_key.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_generate_key 3"
-.TH DSA_generate_key 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DSA_generate_key 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/DSA_generate_parameters.3
index 2d84d644d968..ec685ab0b0a8 100644
--- a/secure/lib/libcrypto/man/DSA_generate_parameters.3
+++ b/secure/lib/libcrypto/man/DSA_generate_parameters.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_generate_parameters 3"
-.TH DSA_generate_parameters 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DSA_generate_parameters 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
index 5632bcae9935..d4c6f647820b 100644
--- a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_get_ex_new_index 3"
-.TH DSA_get_ex_new_index 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DSA_get_ex_new_index 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_new.3 b/secure/lib/libcrypto/man/DSA_new.3
index 5553dd3dde36..3c5542a8cff2 100644
--- a/secure/lib/libcrypto/man/DSA_new.3
+++ b/secure/lib/libcrypto/man/DSA_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_new 3"
-.TH DSA_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DSA_new 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/DSA_set_method.3 b/secure/lib/libcrypto/man/DSA_set_method.3
index cea0fc47ea4a..a734e6d44c18 100644
--- a/secure/lib/libcrypto/man/DSA_set_method.3
+++ b/secure/lib/libcrypto/man/DSA_set_method.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_set_method 3"
-.TH DSA_set_method 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DSA_set_method 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -248,7 +248,7 @@ fails. Otherwise it returns a pointer to the newly allocated structure.
As of version 0.9.7, \s-1DSA_METHOD\s0 implementations are grouped together with other
algorithmic APIs (eg. \s-1RSA_METHOD, EVP_CIPHER,\s0 etc) in \fB\s-1ENGINE\s0\fR modules. If a
default \s-1ENGINE\s0 is specified for \s-1DSA\s0 functionality using an \s-1ENGINE API\s0 function,
-that will override any \s-1DSA\s0 defaults set using the \s-1DSA API \s0(ie.
+that will override any \s-1DSA\s0 defaults set using the \s-1DSA API\s0 (ie.
\&\fIDSA_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way
to control default implementations for use in \s-1DSA\s0 and other cryptographic
algorithms.
diff --git a/secure/lib/libcrypto/man/DSA_sign.3 b/secure/lib/libcrypto/man/DSA_sign.3
index 622b2c237d4c..4f6298307b6d 100644
--- a/secure/lib/libcrypto/man/DSA_sign.3
+++ b/secure/lib/libcrypto/man/DSA_sign.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_sign 3"
-.TH DSA_sign 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DSA_sign 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -164,6 +164,10 @@ in newly allocated \fB\s-1BIGNUM\s0\fRs at *\fBkinvp\fR and *\fBrp\fR, after fre
the old ones unless *\fBkinvp\fR and *\fBrp\fR are \s-1NULL.\s0 These values may
be passed to \fIDSA_sign()\fR in \fBdsa\->kinv\fR and \fBdsa\->r\fR.
\&\fBctx\fR is a pre-allocated \fB\s-1BN_CTX\s0\fR or \s-1NULL.\s0
+The precomputed values from \fIDSA_sign_setup()\fR \fB\s-1MUST NOT\s0 be used\fR for
+more than one signature: using the same \fBdsa\->kinv\fR and
+\&\fBdsa\->r\fR pair twice under the same private key on different
+plaintexts will result in permanently exposing the \s-1DSA\s0 private key.
.PP
\&\fIDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR
matches a given message digest \fBdgst\fR of size \fBlen\fR.
@@ -181,7 +185,7 @@ signature and \-1 on error. The error codes can be obtained by
\&\fIERR_get_error\fR\|(3).
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186 \s0(Digital Signature
+\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186\s0 (Digital Signature
Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
diff --git a/secure/lib/libcrypto/man/DSA_size.3 b/secure/lib/libcrypto/man/DSA_size.3
index 1f224722433e..e2e2bcc80d5e 100644
--- a/secure/lib/libcrypto/man/DSA_size.3
+++ b/secure/lib/libcrypto/man/DSA_size.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA_size 3"
-.TH DSA_size 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DSA_size 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EC_GFp_simple_method.3 b/secure/lib/libcrypto/man/EC_GFp_simple_method.3
index 1b5d244cca62..ad85fa44cabb 100644
--- a/secure/lib/libcrypto/man/EC_GFp_simple_method.3
+++ b/secure/lib/libcrypto/man/EC_GFp_simple_method.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EC_GFp_simple_method 3"
-.TH EC_GFp_simple_method 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EC_GFp_simple_method 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EC_GROUP_copy.3 b/secure/lib/libcrypto/man/EC_GROUP_copy.3
index 03eddde14841..6c0acaed965b 100644
--- a/secure/lib/libcrypto/man/EC_GROUP_copy.3
+++ b/secure/lib/libcrypto/man/EC_GROUP_copy.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EC_GROUP_copy 3"
-.TH EC_GROUP_copy 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EC_GROUP_copy 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -236,7 +236,7 @@ possible solutions for y has been used, followed by the octets for x, followed b
The functions EC_GROUP_set_point_conversion_form and EC_GROUP_get_point_conversion_form set and get the point_conversion_form
for the curve respectively.
.PP
-\&\s-1ANSI X9.62 \s0(\s-1ECDSA\s0 standard) defines a method of generating the curve parameter b from a random number. This provides advantages
+\&\s-1ANSI X9.62\s0 (\s-1ECDSA\s0 standard) defines a method of generating the curve parameter b from a random number. This provides advantages
in that a parameter obtained in this way is highly unlikely to be susceptible to special purpose attacks, or have any trapdoors in it.
If the seed is present for a curve then the b parameter was generated in a verifiable fashion using that seed. The OpenSSL \s-1EC\s0 library
does not use this seed value but does enable you to inspect it using EC_GROUP_get0_seed. This returns a pointer to a memory block
diff --git a/secure/lib/libcrypto/man/EC_GROUP_new.3 b/secure/lib/libcrypto/man/EC_GROUP_new.3
index 743ca73cb40e..829a654e0738 100644
--- a/secure/lib/libcrypto/man/EC_GROUP_new.3
+++ b/secure/lib/libcrypto/man/EC_GROUP_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EC_GROUP_new 3"
-.TH EC_GROUP_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EC_GROUP_new 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -194,7 +194,7 @@ EC_get_builtin_curves. The parameter \fBr\fR should be an array of EC_builtin_cu
will populate the \fBr\fR array with information about the builtin curves. If \fBnitems\fR is less than the total number of
curves available, then the first \fBnitems\fR curves will be returned. Otherwise the total number of curves will be
provided. The return value is the total number of curves available (whether that number has been populated in \fBr\fR or
-not). Passing a \s-1NULL \s0\fBr\fR, or setting \fBnitems\fR to 0 will do nothing other than return the total number of curves available.
+not). Passing a \s-1NULL\s0 \fBr\fR, or setting \fBnitems\fR to 0 will do nothing other than return the total number of curves available.
The EC_builtin_curve structure is defined as follows:
.PP
.Vb 4
diff --git a/secure/lib/libcrypto/man/EC_KEY_new.3 b/secure/lib/libcrypto/man/EC_KEY_new.3
index 39e4a30ac48c..57b633882c5d 100644
--- a/secure/lib/libcrypto/man/EC_KEY_new.3
+++ b/secure/lib/libcrypto/man/EC_KEY_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EC_KEY_new 3"
-.TH EC_KEY_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EC_KEY_new 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -171,7 +171,7 @@ EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, EC_KEY_new_b
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-An \s-1EC_KEY\s0 represents a public key and (optionaly) an associated private key. A new \s-1EC_KEY \s0(with no associated curve) can be constructed by calling EC_KEY_new.
+An \s-1EC_KEY\s0 represents a public key and (optionaly) an associated private key. A new \s-1EC_KEY\s0 (with no associated curve) can be constructed by calling EC_KEY_new.
The reference count for the newly created \s-1EC_KEY\s0 is initially set to 1. A curve can be associated with the \s-1EC_KEY\s0 by calling
EC_KEY_set_group.
.PP
diff --git a/secure/lib/libcrypto/man/EC_POINT_add.3 b/secure/lib/libcrypto/man/EC_POINT_add.3
index f8e12d0b631f..55f1eaa08cce 100644
--- a/secure/lib/libcrypto/man/EC_POINT_add.3
+++ b/secure/lib/libcrypto/man/EC_POINT_add.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EC_POINT_add 3"
-.TH EC_POINT_add 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EC_POINT_add 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EC_POINT_new.3 b/secure/lib/libcrypto/man/EC_POINT_new.3
index db7a944b73d5..d9e5be60515e 100644
--- a/secure/lib/libcrypto/man/EC_POINT_new.3
+++ b/secure/lib/libcrypto/man/EC_POINT_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EC_POINT_new 3"
-.TH EC_POINT_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EC_POINT_new 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/ERR_GET_LIB.3
index ca4248df90a5..82c58c7eee97 100644
--- a/secure/lib/libcrypto/man/ERR_GET_LIB.3
+++ b/secure/lib/libcrypto/man/ERR_GET_LIB.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_GET_LIB 3"
-.TH ERR_GET_LIB 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ERR_GET_LIB 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/ERR_clear_error.3
index 06941e3f3e3e..cbe87960ea73 100644
--- a/secure/lib/libcrypto/man/ERR_clear_error.3
+++ b/secure/lib/libcrypto/man/ERR_clear_error.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_clear_error 3"
-.TH ERR_clear_error 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ERR_clear_error 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_error_string.3 b/secure/lib/libcrypto/man/ERR_error_string.3
index e330af60d3c6..cbffd3ba477c 100644
--- a/secure/lib/libcrypto/man/ERR_error_string.3
+++ b/secure/lib/libcrypto/man/ERR_error_string.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_error_string 3"
-.TH ERR_error_string 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ERR_error_string 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_get_error.3 b/secure/lib/libcrypto/man/ERR_get_error.3
index d5d998f2c2c7..e442d10f82e6 100644
--- a/secure/lib/libcrypto/man/ERR_get_error.3
+++ b/secure/lib/libcrypto/man/ERR_get_error.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_get_error 3"
-.TH ERR_get_error 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ERR_get_error 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
index e8e8eecef797..be3eb65a635f 100644
--- a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
+++ b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_load_crypto_strings 3"
-.TH ERR_load_crypto_strings 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ERR_load_crypto_strings 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_load_strings.3 b/secure/lib/libcrypto/man/ERR_load_strings.3
index 94b5f3064f08..0dc04fa20fc4 100644
--- a/secure/lib/libcrypto/man/ERR_load_strings.3
+++ b/secure/lib/libcrypto/man/ERR_load_strings.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_load_strings 3"
-.TH ERR_load_strings 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ERR_load_strings 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/ERR_print_errors.3
index c003cae8e3cb..34c5e7a2cd7e 100644
--- a/secure/lib/libcrypto/man/ERR_print_errors.3
+++ b/secure/lib/libcrypto/man/ERR_print_errors.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_print_errors 3"
-.TH ERR_print_errors 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ERR_print_errors 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_put_error.3 b/secure/lib/libcrypto/man/ERR_put_error.3
index 4c3c757930b7..521e69d5dfb5 100644
--- a/secure/lib/libcrypto/man/ERR_put_error.3
+++ b/secure/lib/libcrypto/man/ERR_put_error.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_put_error 3"
-.TH ERR_put_error 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ERR_put_error 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_remove_state.3 b/secure/lib/libcrypto/man/ERR_remove_state.3
index 18c3f0ea9032..ee76319e84a6 100644
--- a/secure/lib/libcrypto/man/ERR_remove_state.3
+++ b/secure/lib/libcrypto/man/ERR_remove_state.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_remove_state 3"
-.TH ERR_remove_state 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ERR_remove_state 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ERR_set_mark.3 b/secure/lib/libcrypto/man/ERR_set_mark.3
index 9455b2e9ea17..4e46468a9d54 100644
--- a/secure/lib/libcrypto/man/ERR_set_mark.3
+++ b/secure/lib/libcrypto/man/ERR_set_mark.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERR_set_mark 3"
-.TH ERR_set_mark 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ERR_set_mark 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/EVP_BytesToKey.3
index 694c7ea917d5..24695c2b3a0f 100644
--- a/secure/lib/libcrypto/man/EVP_BytesToKey.3
+++ b/secure/lib/libcrypto/man/EVP_BytesToKey.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_BytesToKey 3"
-.TH EVP_BytesToKey 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_BytesToKey 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_DigestInit.3 b/secure/lib/libcrypto/man/EVP_DigestInit.3
index bfae14984a09..ce0d30c3791b 100644
--- a/secure/lib/libcrypto/man/EVP_DigestInit.3
+++ b/secure/lib/libcrypto/man/EVP_DigestInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_DigestInit 3"
-.TH EVP_DigestInit 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_DigestInit 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -207,7 +207,7 @@ The \s-1EVP\s0 digest routines are a high level interface to message digests.
\&\fIEVP_MD_CTX_create()\fR allocates, initializes and returns a digest context.
.PP
\&\fIEVP_DigestInit_ex()\fR sets up digest context \fBctx\fR to use a digest
-\&\fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized before calling this
+\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized before calling this
function. \fBtype\fR will typically be supplied by a functionsuch as \fIEVP_sha1()\fR.
If \fBimpl\fR is \s-1NULL\s0 then the default implementation of digest \fBtype\fR is used.
.PP
@@ -272,7 +272,7 @@ structures for the \s-1MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2
and \s-1RIPEMD160\s0 digest algorithms respectively.
.PP
\&\fIEVP_dss()\fR and \fIEVP_dss1()\fR return \fB\s-1EVP_MD\s0\fR structures for \s-1SHA\s0 and \s-1SHA1\s0 digest
-algorithms but using \s-1DSS \s0(\s-1DSA\s0) for the signature algorithm. Note: there is
+algorithms but using \s-1DSS\s0 (\s-1DSA\s0) for the signature algorithm. Note: there is
no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are
however retained for compatibility.
.PP
diff --git a/secure/lib/libcrypto/man/EVP_DigestSignInit.3 b/secure/lib/libcrypto/man/EVP_DigestSignInit.3
index 16b241a8394e..177139449e1b 100644
--- a/secure/lib/libcrypto/man/EVP_DigestSignInit.3
+++ b/secure/lib/libcrypto/man/EVP_DigestSignInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_DigestSignInit 3"
-.TH EVP_DigestSignInit 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_DigestSignInit 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -151,7 +151,7 @@ EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal \- EVP signing fun
The \s-1EVP\s0 signature routines are a high level interface to digital signatures.
.PP
\&\fIEVP_DigestSignInit()\fR sets up signing context \fBctx\fR to use digest \fBtype\fR from
-\&\s-1ENGINE \s0\fBimpl\fR and private key \fBpkey\fR. \fBctx\fR must be initialized with
+\&\s-1ENGINE\s0 \fBimpl\fR and private key \fBpkey\fR. \fBctx\fR must be initialized with
\&\fIEVP_MD_CTX_init()\fR before calling this function. If \fBpctx\fR is not \s-1NULL\s0 the
\&\s-1EVP_PKEY_CTX\s0 of the signing operation will be written to \fB*pctx\fR: this can
be used to set alternative signing options.
diff --git a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
index ac833bc1e065..1e5e356b5e4e 100644
--- a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
+++ b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_DigestVerifyInit 3"
-.TH EVP_DigestVerifyInit 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_DigestVerifyInit 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -151,7 +151,7 @@ EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal \- EVP signa
The \s-1EVP\s0 signature routines are a high level interface to digital signatures.
.PP
\&\fIEVP_DigestVerifyInit()\fR sets up verification context \fBctx\fR to use digest
-\&\fBtype\fR from \s-1ENGINE \s0\fBimpl\fR and public key \fBpkey\fR. \fBctx\fR must be initialized
+\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR and public key \fBpkey\fR. \fBctx\fR must be initialized
with \fIEVP_MD_CTX_init()\fR before calling this function. If \fBpctx\fR is not \s-1NULL\s0 the
\&\s-1EVP_PKEY_CTX\s0 of the verification operation will be written to \fB*pctx\fR: this
can be used to set alternative verification options.
diff --git a/secure/lib/libcrypto/man/EVP_EncodeInit.3 b/secure/lib/libcrypto/man/EVP_EncodeInit.3
index 96ae44a8e26e..97a84fe6e9f7 100644
--- a/secure/lib/libcrypto/man/EVP_EncodeInit.3
+++ b/secure/lib/libcrypto/man/EVP_EncodeInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_EncodeInit 3"
-.TH EVP_EncodeInit 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_EncodeInit 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/EVP_EncryptInit.3
index 7336deb46a85..a98c5b7d6771 100644
--- a/secure/lib/libcrypto/man/EVP_EncryptInit.3
+++ b/secure/lib/libcrypto/man/EVP_EncryptInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_EncryptInit 3"
-.TH EVP_EncryptInit 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_EncryptInit 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -245,7 +245,7 @@ symmetric ciphers.
\&\fIEVP_CIPHER_CTX_init()\fR initializes cipher contex \fBctx\fR.
.PP
\&\fIEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption
-with cipher \fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized
+with cipher \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized
before calling this function. \fBtype\fR is normally supplied
by a function such as \fIEVP_aes_256_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the
default implementation is used. \fBkey\fR is the symmetric key to use
@@ -336,7 +336,7 @@ length to any value other than the fixed value is an error.
.PP
\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0
length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR.
-It will return zero if the cipher does not use an \s-1IV. \s0 The constant
+It will return zero if the cipher does not use an \s-1IV.\s0 The constant
\&\fB\s-1EVP_MAX_IV_LENGTH\s0\fR is the maximum \s-1IV\s0 length for all ciphers.
.PP
\&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block
@@ -361,7 +361,7 @@ an \fB\s-1EVP_CIPHER_CTX\s0\fR structure.
.PP
\&\fIEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based
on the passed cipher. This will typically include any parameters and an
-\&\s-1IV.\s0 The cipher \s-1IV \s0(if any) must be set when this call is made. This call
+\&\s-1IV.\s0 The cipher \s-1IV\s0 (if any) must be set when this call is made. This call
should be made before the cipher is actually \*(L"used\*(R" (before any
\&\fIEVP_EncryptUpdate()\fR, \fIEVP_DecryptUpdate()\fR calls for example). This function
may fail if the cipher does not have any \s-1ASN1\s0 support.
@@ -540,7 +540,7 @@ used (12 for \s-1AES\s0).
\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL);
.Ve
.PP
-Sets the \s-1CCM \s0\fBL\fR value. If not set a default is used (8 for \s-1AES\s0).
+Sets the \s-1CCM\s0 \fBL\fR value. If not set a default is used (8 for \s-1AES\s0).
.PP
.Vb 1
\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, ivlen, NULL);
diff --git a/secure/lib/libcrypto/man/EVP_OpenInit.3 b/secure/lib/libcrypto/man/EVP_OpenInit.3
index 8380146f0dea..a881b68f8df3 100644
--- a/secure/lib/libcrypto/man/EVP_OpenInit.3
+++ b/secure/lib/libcrypto/man/EVP_OpenInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_OpenInit 3"
-.TH EVP_OpenInit 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_OpenInit 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
index 279a80503aa6..6232b44c385e 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_CTX_ctrl 3"
-.TH EVP_PKEY_CTX_ctrl 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_PKEY_CTX_ctrl 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -200,7 +200,7 @@ The \fBpad\fR parameter can take the value \s-1RSA_PKCS1_PADDING\s0 for PKCS#1 p
\&\s-1RSA_SSLV23_PADDING\s0 for SSLv23 padding, \s-1RSA_NO_PADDING\s0 for no padding,
\&\s-1RSA_PKCS1_OAEP_PADDING\s0 for \s-1OAEP\s0 padding (encrypt and decrypt only),
\&\s-1RSA_X931_PADDING\s0 for X9.31 padding (signature operations only) and
-\&\s-1RSA_PKCS1_PSS_PADDING \s0(sign and verify only).
+\&\s-1RSA_PKCS1_PSS_PADDING\s0 (sign and verify only).
.PP
Two \s-1RSA\s0 padding modes behave differently if \fIEVP_PKEY_CTX_set_signature_md()\fR
is used. If this macro is called for PKCS#1 padding the plaintext buffer is
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
index 79d0479ab43e..6b4b4381dad8 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_CTX_new 3"
-.TH EVP_PKEY_CTX_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_PKEY_CTX_new 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -149,10 +149,10 @@ EVP_PKEY_CTX_new, EVP_PKEY_CTX_new_id, EVP_PKEY_CTX_dup, EVP_PKEY_CTX_free \- pu
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fIEVP_PKEY_CTX_new()\fR function allocates public key algorithm context using
-the algorithm specified in \fBpkey\fR and \s-1ENGINE \s0\fBe\fR.
+the algorithm specified in \fBpkey\fR and \s-1ENGINE\s0 \fBe\fR.
.PP
The \fIEVP_PKEY_CTX_new_id()\fR function allocates public key algorithm context
-using the algorithm specified by \fBid\fR and \s-1ENGINE \s0\fBe\fR. It is normally used
+using the algorithm specified by \fBid\fR and \s-1ENGINE\s0 \fBe\fR. It is normally used
when no \fB\s-1EVP_PKEY\s0\fR structure is associated with the operations, for example
during parameter generation of key genration for some algorithms.
.PP
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
index 689c1d156eb5..0f666fbca10a 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_cmp 3"
-.TH EVP_PKEY_cmp 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_PKEY_cmp 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
index 818d97203619..b58f78d4e1c6 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_decrypt 3"
-.TH EVP_PKEY_decrypt 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_PKEY_decrypt 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -173,7 +173,7 @@ or a negative value for failure. In particular a return value of \-2
indicates the operation is not supported by the public key algorithm.
.SH "EXAMPLE"
.IX Header "EXAMPLE"
-Decrypt data using \s-1OAEP \s0(for \s-1RSA\s0 keys):
+Decrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys):
.PP
.Vb 2
\& #include <openssl/evp.h>
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_derive.3 b/secure/lib/libcrypto/man/EVP_PKEY_derive.3
index 550103610035..644e48fe9fc5 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_derive.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_derive.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_derive 3"
-.TH EVP_PKEY_derive 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_PKEY_derive 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
index 9c253fda1f5c..e495e7f9b04a 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_encrypt 3"
-.TH EVP_PKEY_encrypt 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_PKEY_encrypt 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -173,7 +173,7 @@ or a negative value for failure. In particular a return value of \-2
indicates the operation is not supported by the public key algorithm.
.SH "EXAMPLE"
.IX Header "EXAMPLE"
-Encrypt data using \s-1OAEP \s0(for \s-1RSA\s0 keys). See also \fIPEM_read_PUBKEY\fR\|(3) or
+Encrypt data using \s-1OAEP\s0 (for \s-1RSA\s0 keys). See also \fIPEM_read_PUBKEY\fR\|(3) or
\&\fId2i_X509\fR\|(3) for means to load a public key. You may also simply
set 'eng = \s-1NULL\s0;' to start with the default OpenSSL \s-1RSA\s0 implementation:
.PP
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
index 4e7d3539c564..2cac1d3c8ffc 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_get_default_digest 3"
-.TH EVP_PKEY_get_default_digest 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_PKEY_get_default_digest 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
index 7c99b1419a8c..c73fbacd822e 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_keygen 3"
-.TH EVP_PKEY_keygen 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_PKEY_keygen 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3
index f71569695349..397647ccf55c 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_meth_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_meth_new 3"
-.TH EVP_PKEY_meth_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_PKEY_meth_new 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_new.3
index 19b4bc7f98d5..2fb880c92969 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_new.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_new 3"
-.TH EVP_PKEY_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_PKEY_new 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
index eed2a9a475dc..8e1bb91319f7 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_print_private 3"
-.TH EVP_PKEY_print_private 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_PKEY_print_private 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -152,7 +152,7 @@ EVP_PKEY_print_public, EVP_PKEY_print_private, EVP_PKEY_print_params \- public k
.IX Header "DESCRIPTION"
The functions \fIEVP_PKEY_print_public()\fR, \fIEVP_PKEY_print_private()\fR and
\&\fIEVP_PKEY_print_params()\fR print out the public, private or parameter components
-of key \fBpkey\fR respectively. The key is sent to \s-1BIO \s0\fBout\fR in human readable
+of key \fBpkey\fR respectively. The key is sent to \s-1BIO\s0 \fBout\fR in human readable
form. The parameter \fBindent\fR indicated how far the printout should be indented.
.PP
The \fBpctx\fR parameter allows the print output to be finely tuned by using
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
index 74eef8618732..59ae38da0d83 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_set1_RSA 3"
-.TH EVP_PKEY_set1_RSA 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_PKEY_set1_RSA 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_sign.3 b/secure/lib/libcrypto/man/EVP_PKEY_sign.3
index 61d814211fc1..c480c716ffc4 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_sign.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_sign.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_sign 3"
-.TH EVP_PKEY_sign 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_PKEY_sign 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify.3
index e32467a9c5aa..a9c98448252e 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_verify.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_verify.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_verify 3"
-.TH EVP_PKEY_verify 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_PKEY_verify 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
index 066200720743..15eea9ab74c4 100644
--- a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
+++ b/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_PKEY_verify_recover 3"
-.TH EVP_PKEY_verify_recover 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_PKEY_verify_recover 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/EVP_SealInit.3 b/secure/lib/libcrypto/man/EVP_SealInit.3
index aa5f9ac21955..35e66f2c6a57 100644
--- a/secure/lib/libcrypto/man/EVP_SealInit.3
+++ b/secure/lib/libcrypto/man/EVP_SealInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_SealInit 3"
-.TH EVP_SealInit 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_SealInit 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -152,12 +152,12 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- EVP envelope encryption
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1EVP\s0 envelope routines are a high level interface to envelope
-encryption. They generate a random key and \s-1IV \s0(if required) then
+encryption. They generate a random key and \s-1IV\s0 (if required) then
\&\*(L"envelope\*(R" it by using public key encryption. Data can then be
encrypted using this key.
.PP
\&\fIEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption
-with cipher \fBtype\fR using a random secret key and \s-1IV. \s0\fBtype\fR is normally
+with cipher \fBtype\fR using a random secret key and \s-1IV.\s0 \fBtype\fR is normally
supplied by a function such as \fIEVP_aes_256_cbc()\fR. The secret key is encrypted
using one or more public keys, this allows the same encrypted data to be
decrypted using any of the corresponding private keys. \fBek\fR is an array of
diff --git a/secure/lib/libcrypto/man/EVP_SignInit.3 b/secure/lib/libcrypto/man/EVP_SignInit.3
index b55f3a72cacc..6c0ea2a0e0f1 100644
--- a/secure/lib/libcrypto/man/EVP_SignInit.3
+++ b/secure/lib/libcrypto/man/EVP_SignInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_SignInit 3"
-.TH EVP_SignInit 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_SignInit 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -156,7 +156,7 @@ The \s-1EVP\s0 signature routines are a high level interface to digital
signatures.
.PP
\&\fIEVP_SignInit_ex()\fR sets up signing context \fBctx\fR to use digest
-\&\fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized with
+\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized with
\&\fIEVP_MD_CTX_init()\fR before calling this function.
.PP
\&\fIEVP_SignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
diff --git a/secure/lib/libcrypto/man/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/EVP_VerifyInit.3
index fafe44dc44cf..72856d52ea6d 100644
--- a/secure/lib/libcrypto/man/EVP_VerifyInit.3
+++ b/secure/lib/libcrypto/man/EVP_VerifyInit.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EVP_VerifyInit 3"
-.TH EVP_VerifyInit 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EVP_VerifyInit 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -153,7 +153,7 @@ The \s-1EVP\s0 signature verification routines are a high level interface to dig
signatures.
.PP
\&\fIEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest
-\&\fBtype\fR from \s-1ENGINE \s0\fBimpl\fR. \fBctx\fR must be initialized by calling
+\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized by calling
\&\fIEVP_MD_CTX_init()\fR before calling this function.
.PP
\&\fIEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the
diff --git a/secure/lib/libcrypto/man/OBJ_nid2obj.3 b/secure/lib/libcrypto/man/OBJ_nid2obj.3
index a6b2cead6bd6..e91c10fd057b 100644
--- a/secure/lib/libcrypto/man/OBJ_nid2obj.3
+++ b/secure/lib/libcrypto/man/OBJ_nid2obj.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "OBJ_nid2obj 3"
-.TH OBJ_nid2obj 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH OBJ_nid2obj 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -165,7 +165,7 @@ functions
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \s-1ASN1\s0 object utility functions process \s-1ASN1_OBJECT\s0 structures which are
-a representation of the \s-1ASN1 OBJECT IDENTIFIER \s0(\s-1OID\s0) type.
+a representation of the \s-1ASN1 OBJECT IDENTIFIER\s0 (\s-1OID\s0) type.
For convenience, OIDs are usually represented in source code as numeric
identifiers, or \fB\s-1NID\s0\fRs. OpenSSL has an internal table of OIDs that
are generated when the library is built, and their corresponding NIDs
@@ -173,9 +173,9 @@ are available as defined constants. For the functions below, application
code should treat all returned values \*(-- OIDs, NIDs, or names \*(-- as
constants.
.PP
-\&\fIOBJ_nid2obj()\fR, \fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR convert the \s-1NID \s0\fBn\fR to
+\&\fIOBJ_nid2obj()\fR, \fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR convert the \s-1NID\s0 \fBn\fR to
an \s-1ASN1_OBJECT\s0 structure, its long name and its short name respectively,
-or \fB\s-1NULL\s0\fR is an error occurred.
+or \fB\s-1NULL\s0\fR if an error occurred.
.PP
\&\fIOBJ_obj2nid()\fR, \fIOBJ_ln2nid()\fR, \fIOBJ_sn2nid()\fR return the corresponding \s-1NID\s0
for the object \fBo\fR, the long name <ln> or the short name <sn> respectively
diff --git a/secure/lib/libcrypto/man/OPENSSL_Applink.3 b/secure/lib/libcrypto/man/OPENSSL_Applink.3
index fe0faeaddf14..69df9f5785b5 100644
--- a/secure/lib/libcrypto/man/OPENSSL_Applink.3
+++ b/secure/lib/libcrypto/man/OPENSSL_Applink.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL_Applink 3"
-.TH OPENSSL_Applink 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH OPENSSL_Applink 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
index bdd3f67e8a18..a6b7c7e0b247 100644
--- a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
+++ b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL_VERSION_NUMBER 3"
-.TH OPENSSL_VERSION_NUMBER 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH OPENSSL_VERSION_NUMBER 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/OPENSSL_config.3 b/secure/lib/libcrypto/man/OPENSSL_config.3
index 0b848eb1a1c5..7d7fab2e6264 100644
--- a/secure/lib/libcrypto/man/OPENSSL_config.3
+++ b/secure/lib/libcrypto/man/OPENSSL_config.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL_config 3"
-.TH OPENSSL_config 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH OPENSSL_config 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
index 5f3387a7a236..4bc97e2345bd 100644
--- a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
+++ b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL_ia32cap 3"
-.TH OPENSSL_ia32cap 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH OPENSSL_ia32cap 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3 b/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3
index 9beae776b82c..044de9a56782 100644
--- a/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3
+++ b/secure/lib/libcrypto/man/OPENSSL_instrument_bus.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL_instrument_bus 3"
-.TH OPENSSL_instrument_bus 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH OPENSSL_instrument_bus 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
index aac91fd3c62b..c38799cd383d 100644
--- a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
+++ b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL_load_builtin_modules 3"
-.TH OPENSSL_load_builtin_modules 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH OPENSSL_load_builtin_modules 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
index 6ec18dde850e..2f64f902138a 100644
--- a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
+++ b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "OpenSSL_add_all_algorithms 3"
-.TH OpenSSL_add_all_algorithms 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH OpenSSL_add_all_algorithms 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
index bbb63229d2a0..582c97488ae4 100644
--- a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
+++ b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PEM_write_bio_CMS_stream 3"
-.TH PEM_write_bio_CMS_stream 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH PEM_write_bio_CMS_stream 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
index 923718c38bbd..44015c0ce818 100644
--- a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
+++ b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PEM_write_bio_PKCS7_stream 3"
-.TH PEM_write_bio_PKCS7_stream 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH PEM_write_bio_PKCS7_stream 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/PKCS12_create.3 b/secure/lib/libcrypto/man/PKCS12_create.3
index da4a868273e7..0e08f8695348 100644
--- a/secure/lib/libcrypto/man/PKCS12_create.3
+++ b/secure/lib/libcrypto/man/PKCS12_create.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS12_create 3"
-.TH PKCS12_create 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH PKCS12_create 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -163,8 +163,8 @@ The parameters \fBnid_key\fR, \fBnid_cert\fR, \fBiter\fR, \fBmac_iter\fR and \fB
can all be set to zero and sensible defaults will be used.
.PP
These defaults are: 40 bit \s-1RC2\s0 encryption for certificates, triple \s-1DES\s0
-encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER
-\&\s0(currently 2048) and a \s-1MAC\s0 iteration count of 1.
+encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER\s0
+(currently 2048) and a \s-1MAC\s0 iteration count of 1.
.PP
The default \s-1MAC\s0 iteration count is 1 in order to retain compatibility with
old software which did not interpret \s-1MAC\s0 iteration counts. If such compatibility
diff --git a/secure/lib/libcrypto/man/PKCS12_parse.3 b/secure/lib/libcrypto/man/PKCS12_parse.3
index 309de087083a..1b496740e443 100644
--- a/secure/lib/libcrypto/man/PKCS12_parse.3
+++ b/secure/lib/libcrypto/man/PKCS12_parse.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS12_parse 3"
-.TH PKCS12_parse 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH PKCS12_parse 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/PKCS7_decrypt.3 b/secure/lib/libcrypto/man/PKCS7_decrypt.3
index 6effd8d70b26..e53f22300bda 100644
--- a/secure/lib/libcrypto/man/PKCS7_decrypt.3
+++ b/secure/lib/libcrypto/man/PKCS7_decrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7_decrypt 3"
-.TH PKCS7_decrypt 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH PKCS7_decrypt 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/PKCS7_encrypt.3 b/secure/lib/libcrypto/man/PKCS7_encrypt.3
index 20959a9a6766..ecc9d5f0de1f 100644
--- a/secure/lib/libcrypto/man/PKCS7_encrypt.3
+++ b/secure/lib/libcrypto/man/PKCS7_encrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7_encrypt 3"
-.TH PKCS7_encrypt 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH PKCS7_encrypt 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -181,7 +181,7 @@ otherwise the translation will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set t
\&\fB\s-1PKCS7_TEXT\s0\fR is ignored.
.PP
If the \fB\s-1PKCS7_STREAM\s0\fR flag is set a partial \fB\s-1PKCS7\s0\fR structure is output
-suitable for streaming I/O: no data is read from the \s-1BIO \s0\fBin\fR.
+suitable for streaming I/O: no data is read from the \s-1BIO\s0 \fBin\fR.
.SH "NOTES"
.IX Header "NOTES"
If the flag \fB\s-1PKCS7_STREAM\s0\fR is set the returned \fB\s-1PKCS7\s0\fR structure is \fBnot\fR
@@ -191,7 +191,7 @@ results.
.PP
Several functions including \fISMIME_write_PKCS7()\fR, \fIi2d_PKCS7_bio_stream()\fR,
\&\fIPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization
-can be performed by obtaining the streaming \s-1ASN1 \s0\fB\s-1BIO\s0\fR directly using
+can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using
\&\fIBIO_new_PKCS7()\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
diff --git a/secure/lib/libcrypto/man/PKCS7_sign.3 b/secure/lib/libcrypto/man/PKCS7_sign.3
index c89d9c4ca26b..da8c79aecbf9 100644
--- a/secure/lib/libcrypto/man/PKCS7_sign.3
+++ b/secure/lib/libcrypto/man/PKCS7_sign.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7_sign 3"
-.TH PKCS7_sign 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH PKCS7_sign 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,7 +150,7 @@ the certificate to sign with, \fBpkey\fR is the corresponsding private key.
\&\fBcerts\fR is an optional additional set of certificates to include in the PKCS#7
structure (for example any intermediate CAs in the chain).
.PP
-The data to be signed is read from \s-1BIO \s0\fBdata\fR.
+The data to be signed is read from \s-1BIO\s0 \fBdata\fR.
.PP
\&\fBflags\fR is an optional set of flags.
.SH "NOTES"
@@ -204,7 +204,7 @@ finalize the \fB\s-1PKCS7\s0\fR structure will give unpredictable results.
.PP
Several functions including \fISMIME_write_PKCS7()\fR, \fIi2d_PKCS7_bio_stream()\fR,
\&\fIPEM_write_bio_PKCS7_stream()\fR finalize the structure. Alternatively finalization
-can be performed by obtaining the streaming \s-1ASN1 \s0\fB\s-1BIO\s0\fR directly using
+can be performed by obtaining the streaming \s-1ASN1\s0 \fB\s-1BIO\s0\fR directly using
\&\fIBIO_new_PKCS7()\fR.
.PP
If a signer is specified it will use the default digest for the signing
diff --git a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
index 2885d6f14397..1efdcb46f386 100644
--- a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
+++ b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7_sign_add_signer 3"
-.TH PKCS7_sign_add_signer 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH PKCS7_sign_add_signer 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/PKCS7_verify.3 b/secure/lib/libcrypto/man/PKCS7_verify.3
index 6feb0321356f..7e5da4a5b2e3 100644
--- a/secure/lib/libcrypto/man/PKCS7_verify.3
+++ b/secure/lib/libcrypto/man/PKCS7_verify.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7_verify 3"
-.TH PKCS7_verify 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH PKCS7_verify 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RAND_add.3 b/secure/lib/libcrypto/man/RAND_add.3
index d1cc20b96616..325e937992bf 100644
--- a/secure/lib/libcrypto/man/RAND_add.3
+++ b/secure/lib/libcrypto/man/RAND_add.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_add 3"
-.TH RAND_add 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RAND_add 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RAND_bytes.3 b/secure/lib/libcrypto/man/RAND_bytes.3
index 1acb66d96d37..4316b507579a 100644
--- a/secure/lib/libcrypto/man/RAND_bytes.3
+++ b/secure/lib/libcrypto/man/RAND_bytes.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_bytes 3"
-.TH RAND_bytes 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RAND_bytes 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RAND_cleanup.3 b/secure/lib/libcrypto/man/RAND_cleanup.3
index 67923f6db25f..ac866e9ad589 100644
--- a/secure/lib/libcrypto/man/RAND_cleanup.3
+++ b/secure/lib/libcrypto/man/RAND_cleanup.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_cleanup 3"
-.TH RAND_cleanup 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RAND_cleanup 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RAND_egd.3 b/secure/lib/libcrypto/man/RAND_egd.3
index 4e84db9491a8..cd4d91a80d6c 100644
--- a/secure/lib/libcrypto/man/RAND_egd.3
+++ b/secure/lib/libcrypto/man/RAND_egd.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_egd 3"
-.TH RAND_egd 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RAND_egd 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -164,7 +164,7 @@ that can be retrieved from \s-1EGD\s0 over time is limited.
.PP
\&\fIRAND_query_egd_bytes()\fR performs the actual query of the \s-1EGD\s0 daemon on socket
\&\fBpath\fR. If \fBbuf\fR is given, \fBbytes\fR bytes are queried and written into
-\&\fBbuf\fR. If \fBbuf\fR is \s-1NULL, \s0\fBbytes\fR bytes are queried and used to seed the
+\&\fBbuf\fR. If \fBbuf\fR is \s-1NULL,\s0 \fBbytes\fR bytes are queried and used to seed the
OpenSSL built-in \s-1PRNG\s0 using \fIRAND_add\fR\|(3).
.SH "NOTES"
.IX Header "NOTES"
diff --git a/secure/lib/libcrypto/man/RAND_load_file.3 b/secure/lib/libcrypto/man/RAND_load_file.3
index cbdf12cd5237..b99e2f78282d 100644
--- a/secure/lib/libcrypto/man/RAND_load_file.3
+++ b/secure/lib/libcrypto/man/RAND_load_file.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_load_file 3"
-.TH RAND_load_file 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RAND_load_file 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/RAND_set_rand_method.3
index 90276ca73dd3..a91cfad32f44 100644
--- a/secure/lib/libcrypto/man/RAND_set_rand_method.3
+++ b/secure/lib/libcrypto/man/RAND_set_rand_method.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RAND_set_rand_method 3"
-.TH RAND_set_rand_method 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RAND_set_rand_method 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -192,7 +192,7 @@ Each component may be \s-1NULL\s0 if the function is not implemented.
As of version 0.9.7, \s-1RAND_METHOD\s0 implementations are grouped together with other
algorithmic APIs (eg. \s-1RSA_METHOD, EVP_CIPHER,\s0 etc) in \fB\s-1ENGINE\s0\fR modules. If a
default \s-1ENGINE\s0 is specified for \s-1RAND\s0 functionality using an \s-1ENGINE API\s0 function,
-that will override any \s-1RAND\s0 defaults set using the \s-1RAND API \s0(ie.
+that will override any \s-1RAND\s0 defaults set using the \s-1RAND API\s0 (ie.
\&\fIRAND_set_rand_method()\fR). For this reason, the \s-1ENGINE API\s0 is the recommended way
to control default implementations for use in \s-1RAND\s0 and other cryptographic
algorithms.
diff --git a/secure/lib/libcrypto/man/RSA_blinding_on.3 b/secure/lib/libcrypto/man/RSA_blinding_on.3
index 531d36156f09..540e99b2fb7c 100644
--- a/secure/lib/libcrypto/man/RSA_blinding_on.3
+++ b/secure/lib/libcrypto/man/RSA_blinding_on.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_blinding_on 3"
-.TH RSA_blinding_on 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RSA_blinding_on 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3
index d5ecf544bfab..020ea4736e74 100644
--- a/secure/lib/libcrypto/man/RSA_check_key.3
+++ b/secure/lib/libcrypto/man/RSA_check_key.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_check_key 3"
-.TH RSA_check_key 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RSA_check_key 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_generate_key.3 b/secure/lib/libcrypto/man/RSA_generate_key.3
index 62fc634b68cb..5a5eb1eac768 100644
--- a/secure/lib/libcrypto/man/RSA_generate_key.3
+++ b/secure/lib/libcrypto/man/RSA_generate_key.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_generate_key 3"
-.TH RSA_generate_key 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RSA_generate_key 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
index 67d14bbd7c30..615065da7eeb 100644
--- a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_get_ex_new_index 3"
-.TH RSA_get_ex_new_index 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RSA_get_ex_new_index 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_new.3 b/secure/lib/libcrypto/man/RSA_new.3
index 95f5fb6d5b90..1e2137a54019 100644
--- a/secure/lib/libcrypto/man/RSA_new.3
+++ b/secure/lib/libcrypto/man/RSA_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_new 3"
-.TH RSA_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RSA_new 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
index a3ffe4da43c9..a89b86c6e240 100644
--- a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
+++ b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_padding_add_PKCS1_type_1 3"
-.TH RSA_padding_add_PKCS1_type_1 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RSA_padding_add_PKCS1_type_1 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_print.3 b/secure/lib/libcrypto/man/RSA_print.3
index e92aea5aec54..f2b0a3196ce3 100644
--- a/secure/lib/libcrypto/man/RSA_print.3
+++ b/secure/lib/libcrypto/man/RSA_print.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_print 3"
-.TH RSA_print 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RSA_print 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/RSA_private_encrypt.3
index 3003be12d465..5c2a4628e496 100644
--- a/secure/lib/libcrypto/man/RSA_private_encrypt.3
+++ b/secure/lib/libcrypto/man/RSA_private_encrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_private_encrypt 3"
-.TH RSA_private_encrypt 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RSA_private_encrypt 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/RSA_public_encrypt.3
index 1fd6b458dd2e..fa8a6a3eee75 100644
--- a/secure/lib/libcrypto/man/RSA_public_encrypt.3
+++ b/secure/lib/libcrypto/man/RSA_public_encrypt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_public_encrypt 3"
-.TH RSA_public_encrypt 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RSA_public_encrypt 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_set_method.3 b/secure/lib/libcrypto/man/RSA_set_method.3
index eaef1d8d65cf..aa897d199570 100644
--- a/secure/lib/libcrypto/man/RSA_set_method.3
+++ b/secure/lib/libcrypto/man/RSA_set_method.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_set_method 3"
-.TH RSA_set_method 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RSA_set_method 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -297,7 +297,7 @@ As of version 0.9.7, \s-1RSA_METHOD\s0 implementations are grouped together with
other algorithmic APIs (eg. \s-1DSA_METHOD, EVP_CIPHER,\s0 etc) into \fB\s-1ENGINE\s0\fR
modules. If a default \s-1ENGINE\s0 is specified for \s-1RSA\s0 functionality using an
\&\s-1ENGINE API\s0 function, that will override any \s-1RSA\s0 defaults set using the \s-1RSA
-API \s0(ie. \fIRSA_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the
+API\s0 (ie. \fIRSA_set_default_method()\fR). For this reason, the \s-1ENGINE API\s0 is the
recommended way to control default implementations for use in \s-1RSA\s0 and other
cryptographic algorithms.
.SH "BUGS"
diff --git a/secure/lib/libcrypto/man/RSA_sign.3 b/secure/lib/libcrypto/man/RSA_sign.3
index 5d4baf7f4064..9acb4c58777b 100644
--- a/secure/lib/libcrypto/man/RSA_sign.3
+++ b/secure/lib/libcrypto/man/RSA_sign.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_sign 3"
-.TH RSA_sign 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RSA_sign 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
index 0236973f935d..144e54461e2b 100644
--- a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
+++ b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_sign_ASN1_OCTET_STRING 3"
-.TH RSA_sign_ASN1_OCTET_STRING 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RSA_sign_ASN1_OCTET_STRING 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/RSA_size.3 b/secure/lib/libcrypto/man/RSA_size.3
index 7de679410778..8e7b22871a0d 100644
--- a/secure/lib/libcrypto/man/RSA_size.3
+++ b/secure/lib/libcrypto/man/RSA_size.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA_size 3"
-.TH RSA_size 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RSA_size 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/SMIME_read_CMS.3 b/secure/lib/libcrypto/man/SMIME_read_CMS.3
index b577985d91c3..5cd707020612 100644
--- a/secure/lib/libcrypto/man/SMIME_read_CMS.3
+++ b/secure/lib/libcrypto/man/SMIME_read_CMS.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SMIME_read_CMS 3"
-.TH SMIME_read_CMS 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SMIME_read_CMS 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -164,7 +164,7 @@ then be passed to \fICMS_verify()\fR with the \fB\s-1CMS_DETACHED\s0\fR flag set
Otherwise the type of the returned structure can be determined
using \fICMS_get0_type()\fR.
.PP
-To support future functionality if \fBbcont\fR is not \s-1NULL \s0\fB*bcont\fR should be
+To support future functionality if \fBbcont\fR is not \s-1NULL\s0 \fB*bcont\fR should be
initialized to \s-1NULL.\s0 For example:
.PP
.Vb 2
diff --git a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
index 1378b60d21d5..3f461ae9a5c5 100644
--- a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
+++ b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SMIME_read_PKCS7 3"
-.TH SMIME_read_PKCS7 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SMIME_read_PKCS7 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -189,7 +189,7 @@ streaming single pass option should be available.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fISMIME_read_PKCS7()\fR returns a valid \fB\s-1PKCS7\s0\fR structure or \fB\s-1NULL\s0\fR
-is an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3).
+if an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIERR_get_error\fR\|(3), \fIPKCS7_type\fR\|(3)
diff --git a/secure/lib/libcrypto/man/SMIME_write_CMS.3 b/secure/lib/libcrypto/man/SMIME_write_CMS.3
index 3f74429780cb..ab5ce7ff2918 100644
--- a/secure/lib/libcrypto/man/SMIME_write_CMS.3
+++ b/secure/lib/libcrypto/man/SMIME_write_CMS.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SMIME_write_CMS 3"
-.TH SMIME_write_CMS 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SMIME_write_CMS 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
index 3488df6a8808..6d3b2e00a7c3 100644
--- a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
+++ b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SMIME_write_PKCS7 3"
-.TH SMIME_write_PKCS7 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SMIME_write_PKCS7 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
index dd40c5a64e31..bef40f0d6a57 100644
--- a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
+++ b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_NAME_ENTRY_get_object 3"
-.TH X509_NAME_ENTRY_get_object 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH X509_NAME_ENTRY_get_object 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
index 615e410b0ab9..5ea00180b71f 100644
--- a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
+++ b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_NAME_add_entry_by_txt 3"
-.TH X509_NAME_add_entry_by_txt 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH X509_NAME_add_entry_by_txt 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -156,7 +156,7 @@ X509_NAME_add_entry, X509_NAME_delete_entry \- X509_NAME modification functions
.IX Header "DESCRIPTION"
\&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR and
\&\fIX509_NAME_add_entry_by_NID()\fR add a field whose name is defined
-by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID \s0\fBnid\fR respectively.
+by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID\s0 \fBnid\fR respectively.
The field value to be added is in \fBbytes\fR of length \fBlen\fR. If
\&\fBlen\fR is \-1 then the field length is calculated internally using
strlen(bytes).
diff --git a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
index 97675a9484ef..599078d6c5e1 100644
--- a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
+++ b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_NAME_get_index_by_NID 3"
-.TH X509_NAME_get_index_by_NID 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH X509_NAME_get_index_by_NID 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -156,7 +156,7 @@ X509_NAME lookup and enumeration functions
.IX Header "DESCRIPTION"
These functions allow an \fBX509_NAME\fR structure to be examined. The
\&\fBX509_NAME\fR structure is the same as the \fBName\fR type defined in
-\&\s-1RFC2459 \s0(and elsewhere) and used for example in certificate subject
+\&\s-1RFC2459\s0 (and elsewhere) and used for example in certificate subject
and issuer names.
.PP
\&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR retrieve
diff --git a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 b/secure/lib/libcrypto/man/X509_NAME_print_ex.3
index c3af649c73d0..9b7046492bca 100644
--- a/secure/lib/libcrypto/man/X509_NAME_print_ex.3
+++ b/secure/lib/libcrypto/man/X509_NAME_print_ex.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_NAME_print_ex 3"
-.TH X509_NAME_print_ex 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH X509_NAME_print_ex 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -149,7 +149,7 @@ X509_NAME_oneline \- X509_NAME printing routines.
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fIX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO \s0\fBout\fR. Each
+\&\fIX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO\s0 \fBout\fR. Each
line (for multiline formats) is indented by \fBindent\fR spaces. The output format
can be extensively customised by use of the \fBflags\fR parameter.
.PP
diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
index 5733e66f1bbc..fec1e6341fbc 100644
--- a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
+++ b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_STORE_CTX_get_error 3"
-.TH X509_STORE_CTX_get_error 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH X509_STORE_CTX_get_error 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
index 68dd835d7b8e..f87a6636ba87 100644
--- a/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
+++ b/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_STORE_CTX_get_ex_new_index 3"
-.TH X509_STORE_CTX_get_ex_new_index 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH X509_STORE_CTX_get_ex_new_index 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
index f4ad3f25b84d..aebd2ee84017 100644
--- a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
+++ b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_STORE_CTX_new 3"
-.TH X509_STORE_CTX_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH X509_STORE_CTX_new 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
index 575cefcba2ee..9a6570b2ba90 100644
--- a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
+++ b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_STORE_CTX_set_verify_cb 3"
-.TH X509_STORE_CTX_set_verify_cb 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH X509_STORE_CTX_set_verify_cb 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
index e3cf5a0eea70..a02ac6290949 100644
--- a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
+++ b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_STORE_set_verify_cb_func 3"
-.TH X509_STORE_set_verify_cb_func 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH X509_STORE_set_verify_cb_func 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
index 4f5f0d98963d..6e57c8a77809 100644
--- a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
+++ b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_VERIFY_PARAM_set_flags 3"
-.TH X509_VERIFY_PARAM_set_flags 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH X509_VERIFY_PARAM_set_flags 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -370,7 +370,7 @@ corresponding \fBX509_STORE\fR structure. No attempt is made to download
CRLs from the \s-1CRL\s0 distribution points extension.
.SH "EXAMPLE"
.IX Header "EXAMPLE"
-Enable \s-1CRL\s0 checking when performing certificate verification during \s-1SSL \s0
+Enable \s-1CRL\s0 checking when performing certificate verification during \s-1SSL\s0
connections associated with an \fB\s-1SSL_CTX\s0\fR structure \fBctx\fR:
.PP
.Vb 5
diff --git a/secure/lib/libcrypto/man/X509_check_host.3 b/secure/lib/libcrypto/man/X509_check_host.3
index 2751c4c1fa3a..80c0da6c2099 100644
--- a/secure/lib/libcrypto/man/X509_check_host.3
+++ b/secure/lib/libcrypto/man/X509_check_host.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_check_host 3"
-.TH X509_check_host 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH X509_check_host 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -159,14 +159,14 @@ other means.
\&\fIX509_check_host()\fR checks if the certificate Subject Alternative
Name (\s-1SAN\s0) or Subject CommonName (\s-1CN\s0) matches the specified host
name, which must be encoded in the preferred name syntax described
-in section 3.5 of \s-1RFC 1034. \s0 By default, wildcards are supported
+in section 3.5 of \s-1RFC 1034.\s0 By default, wildcards are supported
and they match only in the left-most label; but they may match
part of that label with an explicit prefix or suffix. For example,
by default, the host \fBname\fR \*(L"www.example.com\*(R" would match a
certificate with a \s-1SAN\s0 or \s-1CN\s0 value of \*(L"*.example.com\*(R", \*(L"w*.example.com\*(R"
or \*(L"*w.example.com\*(R".
.PP
-Per section 6.4.2 of \s-1RFC 6125, \s0\fBname\fR values representing international
+Per section 6.4.2 of \s-1RFC 6125,\s0 \fBname\fR values representing international
domain names must be given in A\-label form. The \fBnamelen\fR argument
must be the number of characters in the name string or zero in which
case the length is calculated with strlen(\fBname\fR). When \fBname\fR starts
diff --git a/secure/lib/libcrypto/man/X509_check_private_key.3 b/secure/lib/libcrypto/man/X509_check_private_key.3
index 9b63f41a7d24..c00e27e895ba 100644
--- a/secure/lib/libcrypto/man/X509_check_private_key.3
+++ b/secure/lib/libcrypto/man/X509_check_private_key.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_check_private_key 3"
-.TH X509_check_private_key 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH X509_check_private_key 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_cmp_time.3 b/secure/lib/libcrypto/man/X509_cmp_time.3
new file mode 100644
index 000000000000..6934ffc4f4e7
--- /dev/null
+++ b/secure/lib/libcrypto/man/X509_cmp_time.3
@@ -0,0 +1,167 @@
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\"
+.\" Standard preamble:
+.\" ========================================================================
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. \*(C+ will
+.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+. ds C`
+. ds C'
+'br\}
+.\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\"
+.\" If the F register is >0, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
+..
+.if !\nF .nr F 0
+.if \nF>0 \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
+.\}
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ========================================================================
+.\"
+.IX Title "X509_cmp_time 3"
+.TH X509_cmp_time 3 "2018-08-14" "1.0.2p" "OpenSSL"
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
+.SH "NAME"
+X509_cmp_time \- X509 time functions
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+.Vb 1
+\& X509_cmp_time(const ASN1_TIME *asn1_time, time_t *cmp_time);
+.Ve
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+\&\fIX509_cmp_time()\fR compares the \s-1ASN1_TIME\s0 in \fBasn1_time\fR with the time in
+<cmp_time>.
+.PP
+\&\fBasn1_time\fR must satisfy the \s-1ASN1_TIME\s0 format mandated by \s-1RFC 5280,\s0 i.e.,
+its format must be either \s-1YYMMDDHHMMSSZ\s0 or \s-1YYYYMMDDHHMMSSZ.\s0
+.PP
+If \fBcmp_time\fR is \s-1NULL\s0 the current time is used.
+.SH "BUGS"
+.IX Header "BUGS"
+Unlike many standard comparison functions, X509_cmp_time returns 0 on error.
+.SH "RETURN VALUES"
+.IX Header "RETURN VALUES"
+\&\fIX509_cmp_time()\fR returns \-1 if \fBasn1_time\fR is earlier than, or equal to,
+\&\fBcmp_time\fR, and 1 otherwise. It returns 0 on error.
+.SH "COPYRIGHT"
+.IX Header "COPYRIGHT"
+Copyright 2017\-2018 The OpenSSL Project Authors. All Rights Reserved.
+.PP
+Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file \s-1LICENSE\s0 in the source distribution or at
+<https://www.openssl.org/source/license.html>.
diff --git a/secure/lib/libcrypto/man/X509_new.3 b/secure/lib/libcrypto/man/X509_new.3
index 50ac881586cf..36a246af15c7 100644
--- a/secure/lib/libcrypto/man/X509_new.3
+++ b/secure/lib/libcrypto/man/X509_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_new 3"
-.TH X509_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH X509_new 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/X509_verify_cert.3 b/secure/lib/libcrypto/man/X509_verify_cert.3
index b420259c5552..c69e39b75464 100644
--- a/secure/lib/libcrypto/man/X509_verify_cert.3
+++ b/secure/lib/libcrypto/man/X509_verify_cert.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509_verify_cert 3"
-.TH X509_verify_cert 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH X509_verify_cert 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/bio.3 b/secure/lib/libcrypto/man/bio.3
index 2882cd2977cb..43fe8a32efb3 100644
--- a/secure/lib/libcrypto/man/bio.3
+++ b/secure/lib/libcrypto/man/bio.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "bio 3"
-.TH bio 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH bio 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/blowfish.3 b/secure/lib/libcrypto/man/blowfish.3
index 4d87562b7e77..4b52bb890a9a 100644
--- a/secure/lib/libcrypto/man/blowfish.3
+++ b/secure/lib/libcrypto/man/blowfish.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "blowfish 3"
-.TH blowfish 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH blowfish 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -166,7 +166,7 @@ by Counterpane (see http://www.counterpane.com/blowfish.html ).
Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data.
It uses a variable size key, but typically, 128 bit (16 byte) keys are
considered good for strong encryption. Blowfish can be used in the same
-modes as \s-1DES \s0(see \fIdes_modes\fR\|(7)). Blowfish is currently one
+modes as \s-1DES\s0 (see \fIdes_modes\fR\|(7)). Blowfish is currently one
of the faster block ciphers. It is quite a bit faster than \s-1DES,\s0 and much
faster than \s-1IDEA\s0 or \s-1RC2.\s0
.PP
diff --git a/secure/lib/libcrypto/man/bn.3 b/secure/lib/libcrypto/man/bn.3
index acd61a52090e..d8c1e8e21a05 100644
--- a/secure/lib/libcrypto/man/bn.3
+++ b/secure/lib/libcrypto/man/bn.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "bn 3"
-.TH bn 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH bn 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/bn_internal.3 b/secure/lib/libcrypto/man/bn_internal.3
index 3db340d0a5ae..73cc04dd564a 100644
--- a/secure/lib/libcrypto/man/bn_internal.3
+++ b/secure/lib/libcrypto/man/bn_internal.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "bn_internal 3"
-.TH bn_internal 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH bn_internal 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/buffer.3 b/secure/lib/libcrypto/man/buffer.3
index 93e5ccb9004c..338599dbbb63 100644
--- a/secure/lib/libcrypto/man/buffer.3
+++ b/secure/lib/libcrypto/man/buffer.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "buffer 3"
-.TH buffer 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH buffer 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/crypto.3 b/secure/lib/libcrypto/man/crypto.3
index 84f0f342c3de..1f1cab260278 100644
--- a/secure/lib/libcrypto/man/crypto.3
+++ b/secure/lib/libcrypto/man/crypto.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "crypto 3"
-.TH crypto 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH crypto 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
index f46a6aab59e4..6b9f553f8c62 100644
--- a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
+++ b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_ASN1_OBJECT 3"
-.TH d2i_ASN1_OBJECT 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH d2i_ASN1_OBJECT 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3 b/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3
index b82e2f82341a..c1faf1fb6325 100644
--- a/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3
+++ b/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_CMS_ContentInfo 3"
-.TH d2i_CMS_ContentInfo 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH d2i_CMS_ContentInfo 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_DHparams.3 b/secure/lib/libcrypto/man/d2i_DHparams.3
index c093a1b2e10e..882a5301aed1 100644
--- a/secure/lib/libcrypto/man/d2i_DHparams.3
+++ b/secure/lib/libcrypto/man/d2i_DHparams.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_DHparams 3"
-.TH d2i_DHparams 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH d2i_DHparams 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
index 993dc593d7c5..82d27e6b0200 100644
--- a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
+++ b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_DSAPublicKey 3"
-.TH d2i_DSAPublicKey 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH d2i_DSAPublicKey 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_ECPKParameters.3 b/secure/lib/libcrypto/man/d2i_ECPKParameters.3
index ed82da989136..a2b9849f0866 100644
--- a/secure/lib/libcrypto/man/d2i_ECPKParameters.3
+++ b/secure/lib/libcrypto/man/d2i_ECPKParameters.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_ECPKParameters 3"
-.TH d2i_ECPKParameters 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH d2i_ECPKParameters 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -177,17 +177,17 @@ data written to it. In this case \fB*out\fR is not incremented and it points to
the start of the data just written.
.PP
\&\fId2i_ECPKParameters_bio()\fR is similar to \fId2i_ECPKParameters()\fR except it attempts
-to parse data from \s-1BIO \s0\fBbp\fR.
+to parse data from \s-1BIO\s0 \fBbp\fR.
.PP
\&\fId2i_ECPKParameters_fp()\fR is similar to \fId2i_ECPKParameters()\fR except it attempts
to parse data from \s-1FILE\s0 pointer \fBfp\fR.
.PP
\&\fIi2d_ECPKParameters_bio()\fR is similar to \fIi2d_ECPKParameters()\fR except it writes
-the encoding of the structure \fBx\fR to \s-1BIO \s0\fBbp\fR and it
+the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it
returns 1 for success and 0 for failure.
.PP
\&\fIi2d_ECPKParameters_fp()\fR is similar to \fIi2d_ECPKParameters()\fR except it writes
-the encoding of the structure \fBx\fR to \s-1BIO \s0\fBbp\fR and it
+the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it
returns 1 for success and 0 for failure.
.PP
These functions are very similar to the X509 functions described in \fId2i_X509\fR\|(3),
diff --git a/secure/lib/libcrypto/man/d2i_ECPrivateKey.3 b/secure/lib/libcrypto/man/d2i_ECPrivateKey.3
index 3a26032a042a..2e4fe5a1afa8 100644
--- a/secure/lib/libcrypto/man/d2i_ECPrivateKey.3
+++ b/secure/lib/libcrypto/man/d2i_ECPrivateKey.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_ECPrivateKey 3"
-.TH d2i_ECPrivateKey 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH d2i_ECPrivateKey 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -169,7 +169,7 @@ d2i_ECPrivateKey.
.PP
The functions EC_KEY_get_enc_flags and EC_KEY_set_enc_flags get and set the
value of the encoding flags for the \fBkey\fR. There are two encoding flags
-currently defined \- \s-1EC_PKEY_NO_PARAMETERS\s0 and \s-1EC_PKEY_NO_PUBKEY. \s0 These flags
+currently defined \- \s-1EC_PKEY_NO_PARAMETERS\s0 and \s-1EC_PKEY_NO_PUBKEY.\s0 These flags
define the behaviour of how the \fBkey\fR is converted into \s-1ASN1\s0 in a call to
i2d_ECPrivateKey. If \s-1EC_PKEY_NO_PARAMETERS\s0 is set then the public parameters for
the curve are not encoded along with the private key. If \s-1EC_PKEY_NO_PUBKEY\s0 is
diff --git a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
index 5a179191b420..7801c63d5bf0 100644
--- a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
+++ b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_PKCS8PrivateKey 3"
-.TH d2i_PKCS8PrivateKey 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH d2i_PKCS8PrivateKey 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_PrivateKey.3 b/secure/lib/libcrypto/man/d2i_PrivateKey.3
index a56b332f6374..2bc89cc26406 100644
--- a/secure/lib/libcrypto/man/d2i_PrivateKey.3
+++ b/secure/lib/libcrypto/man/d2i_PrivateKey.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_PrivateKey 3"
-.TH d2i_PrivateKey 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH d2i_PrivateKey 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
index fb1aebc63c9a..d944cf90fdaf 100644
--- a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
+++ b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_RSAPublicKey 3"
-.TH d2i_RSAPublicKey 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH d2i_RSAPublicKey 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_X509.3 b/secure/lib/libcrypto/man/d2i_X509.3
index 71d7de1145dc..e08c629c11a2 100644
--- a/secure/lib/libcrypto/man/d2i_X509.3
+++ b/secure/lib/libcrypto/man/d2i_X509.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509 3"
-.TH d2i_X509 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH d2i_X509 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -194,17 +194,17 @@ This is used by the \s-1PEM\s0 routines to write \*(L"\s-1TRUSTED CERTIFICATE\*(
Note, this is a non-standard OpenSSL-specific data format.
.PP
\&\fId2i_X509_bio()\fR is similar to \fId2i_X509()\fR except it attempts
-to parse data from \s-1BIO \s0\fBbp\fR.
+to parse data from \s-1BIO\s0 \fBbp\fR.
.PP
\&\fId2i_X509_fp()\fR is similar to \fId2i_X509()\fR except it attempts
to parse data from \s-1FILE\s0 pointer \fBfp\fR.
.PP
\&\fIi2d_X509_bio()\fR is similar to \fIi2d_X509()\fR except it writes
-the encoding of the structure \fBx\fR to \s-1BIO \s0\fBbp\fR and it
+the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it
returns 1 for success and 0 for failure.
.PP
\&\fIi2d_X509_fp()\fR is similar to \fIi2d_X509()\fR except it writes
-the encoding of the structure \fBx\fR to \s-1BIO \s0\fBbp\fR and it
+the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it
returns 1 for success and 0 for failure.
.PP
\&\fIi2d_re_X509_tbs()\fR is similar to \fIi2d_X509()\fR except it encodes
diff --git a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
index 5cafc7895cec..abcba7eeca99 100644
--- a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
+++ b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509_ALGOR 3"
-.TH d2i_X509_ALGOR 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH d2i_X509_ALGOR 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_X509_CRL.3 b/secure/lib/libcrypto/man/d2i_X509_CRL.3
index 693b08d18796..c6c862fb7964 100644
--- a/secure/lib/libcrypto/man/d2i_X509_CRL.3
+++ b/secure/lib/libcrypto/man/d2i_X509_CRL.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509_CRL 3"
-.TH d2i_X509_CRL 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH d2i_X509_CRL 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -153,7 +153,7 @@ i2d_X509_CRL_bio, i2d_X509_CRL_fp \- PKCS#10 certificate request functions.
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-These functions decode and encode an X509 \s-1CRL \s0(certificate revocation
+These functions decode and encode an X509 \s-1CRL\s0 (certificate revocation
list).
.PP
Othewise the functions behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR
diff --git a/secure/lib/libcrypto/man/d2i_X509_NAME.3 b/secure/lib/libcrypto/man/d2i_X509_NAME.3
index cd055bf458cc..12496c211177 100644
--- a/secure/lib/libcrypto/man/d2i_X509_NAME.3
+++ b/secure/lib/libcrypto/man/d2i_X509_NAME.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509_NAME 3"
-.TH d2i_X509_NAME 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH d2i_X509_NAME 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -147,7 +147,7 @@ d2i_X509_NAME, i2d_X509_NAME \- X509_NAME encoding functions
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions decode and encode an \fBX509_NAME\fR structure which is the
-same as the \fBName\fR type defined in \s-1RFC2459 \s0(and elsewhere) and used
+same as the \fBName\fR type defined in \s-1RFC2459\s0 (and elsewhere) and used
for example in certificate subject and issuer names.
.PP
Othewise the functions behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR
diff --git a/secure/lib/libcrypto/man/d2i_X509_REQ.3 b/secure/lib/libcrypto/man/d2i_X509_REQ.3
index 92d1312f2bb3..3e6a38645643 100644
--- a/secure/lib/libcrypto/man/d2i_X509_REQ.3
+++ b/secure/lib/libcrypto/man/d2i_X509_REQ.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509_REQ 3"
-.TH d2i_X509_REQ 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH d2i_X509_REQ 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/d2i_X509_SIG.3 b/secure/lib/libcrypto/man/d2i_X509_SIG.3
index 949ea1ee348e..fdc4522884df 100644
--- a/secure/lib/libcrypto/man/d2i_X509_SIG.3
+++ b/secure/lib/libcrypto/man/d2i_X509_SIG.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_X509_SIG 3"
-.TH d2i_X509_SIG 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH d2i_X509_SIG 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/des.3 b/secure/lib/libcrypto/man/des.3
index 2e28d332c716..60de174e177f 100644
--- a/secure/lib/libcrypto/man/des.3
+++ b/secure/lib/libcrypto/man/des.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "des 3"
-.TH des 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH des 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -297,7 +297,7 @@ The macro \fIDES_ecb2_encrypt()\fR is provided to perform two-key Triple-DES
encryption by using \fIks1\fR for the final encryption.
.PP
\&\fIDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR
-(\s-1CBC\s0) mode of \s-1DES. \s0 If the \fIencrypt\fR argument is non-zero, the
+(\s-1CBC\s0) mode of \s-1DES.\s0 If the \fIencrypt\fR argument is non-zero, the
routine cipher-block-chain encrypts the cleartext data pointed to by
the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR
argument, using the key schedule provided by the \fIschedule\fR argument,
@@ -306,7 +306,7 @@ and initialization vector provided by the \fIivec\fR argument. If the
last block is copied to a temporary area and zero filled. The output
is always an integral multiple of eight bytes.
.PP
-\&\fIDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES. \s0 It uses \fIinw\fR and
+\&\fIDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES.\s0 It uses \fIinw\fR and
\&\fIoutw\fR to 'whiten' the encryption. \fIinw\fR and \fIoutw\fR are secret
(unlike the iv) and are as such, part of the key. So the key is sort
of 24 bytes. This is much better than \s-1CBC DES.\s0
@@ -401,7 +401,7 @@ the key schedule and \fIiv\fR for the initial vector.
\&\fBWarning:\fR The data format used by \fIDES_enc_write()\fR and \fIDES_enc_read()\fR
has a cryptographic weakness: When asked to write more than \s-1MAXWRITE\s0
bytes, \fIDES_enc_write()\fR will split the data into several chunks that
-are all encrypted using the same \s-1IV. \s0 So don't use these functions
+are all encrypted using the same \s-1IV.\s0 So don't use these functions
unless you are sure you know what you do (in which case you might not
want to use them anyway). They cannot handle non-blocking sockets.
\&\fIDES_enc_read()\fR uses an internal state and thus cannot be used on
diff --git a/secure/lib/libcrypto/man/dh.3 b/secure/lib/libcrypto/man/dh.3
index 4d7d66112055..3c7cfcbbb8e0 100644
--- a/secure/lib/libcrypto/man/dh.3
+++ b/secure/lib/libcrypto/man/dh.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "dh 3"
-.TH dh 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH dh 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/dsa.3 b/secure/lib/libcrypto/man/dsa.3
index 239738cb67fd..284da7820806 100644
--- a/secure/lib/libcrypto/man/dsa.3
+++ b/secure/lib/libcrypto/man/dsa.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "dsa 3"
-.TH dsa 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH dsa 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -229,7 +229,7 @@ structure elements directly and instead use \s-1API\s0 functions to query or
modify keys.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186 \s0(Digital Signature
+\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS 186\s0 (Digital Signature
Standard, \s-1DSS\s0), \s-1ANSI X9.30\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
diff --git a/secure/lib/libcrypto/man/ec.3 b/secure/lib/libcrypto/man/ec.3
index b6f510de80a7..bf05df4ebca0 100644
--- a/secure/lib/libcrypto/man/ec.3
+++ b/secure/lib/libcrypto/man/ec.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ec 3"
-.TH ec 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ec 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ecdsa.3 b/secure/lib/libcrypto/man/ecdsa.3
index 322a8ab87421..8e226fdf32bd 100644
--- a/secure/lib/libcrypto/man/ecdsa.3
+++ b/secure/lib/libcrypto/man/ecdsa.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ecdsa 3"
-.TH ecdsa 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ecdsa 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -200,7 +200,7 @@ function also allocates the BIGNUMs) and initialize it.
.PP
\&\fIi2d_ECDSA_SIG()\fR creates the \s-1DER\s0 encoding of the \s-1ECDSA\s0 signature
\&\fBsig\fR and writes the encoded signature to \fB*pp\fR (note: if \fBpp\fR
-is \s-1NULL \s0\fBi2d_ECDSA_SIG\fR returns the expected length in bytes of
+is \s-1NULL\s0 \fBi2d_ECDSA_SIG\fR returns the expected length in bytes of
the \s-1DER\s0 encoded signature). \fBi2d_ECDSA_SIG\fR returns the length
of the \s-1DER\s0 encoded signature (or 0 on error).
.PP
@@ -246,6 +246,8 @@ returned in a newly allocated \fB\s-1ECDSA_SIG\s0\fR structure (or \s-1NULL\s0 o
using the public key \fBeckey\fR.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
+\&\fIECDSA_SIG_new()\fR returns \s-1NULL\s0 if the allocation fails.
+.PP
\&\fIECDSA_size()\fR returns the maximum length signature or 0 on error.
.PP
\&\fIECDSA_sign_setup()\fR and \fIECDSA_sign()\fR return 1 if successful or 0
@@ -332,8 +334,8 @@ and finally evaluate the return value:
.Ve
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1ANSI X9.62, US\s0 Federal Information Processing Standard \s-1FIPS 186\-2
-\&\s0(Digital Signature Standard, \s-1DSS\s0)
+\&\s-1ANSI X9.62, US\s0 Federal Information Processing Standard \s-1FIPS 186\-2\s0
+(Digital Signature Standard, \s-1DSS\s0)
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIdsa\fR\|(3), \fIrsa\fR\|(3)
diff --git a/secure/lib/libcrypto/man/engine.3 b/secure/lib/libcrypto/man/engine.3
index 591e2d0dce61..9652beecf443 100644
--- a/secure/lib/libcrypto/man/engine.3
+++ b/secure/lib/libcrypto/man/engine.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "engine 3"
-.TH engine 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH engine 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -579,7 +579,7 @@ so that it can be initialised for use. This could include the path to any
driver or config files it needs to load, required network addresses,
smart-card identifiers, passwords to initialise protected devices,
logging information, etc etc. This class of commands typically needs to be
-passed to an \s-1ENGINE \s0\fBbefore\fR attempting to initialise it, ie. before
+passed to an \s-1ENGINE\s0 \fBbefore\fR attempting to initialise it, ie. before
calling \fIENGINE_init()\fR. The other class of commands consist of settings or
operations that tweak certain behaviour or cause certain operations to take
place, and these commands may work either before or after \fIENGINE_init()\fR, or
@@ -594,8 +594,8 @@ name of the \s-1ENGINE\s0 it wishes to use, a table of string-pairs for use befo
initialisation, and another table for use after initialisation. Note that
the string-pairs used for control commands consist of a command \*(L"name\*(R"
followed by the command \*(L"parameter\*(R" \- the parameter could be \s-1NULL\s0 in some
-cases but the name can not. This function should initialise the \s-1ENGINE
-\&\s0(issuing the \*(L"pre\*(R" commands beforehand and the \*(L"post\*(R" commands afterwards)
+cases but the name can not. This function should initialise the \s-1ENGINE\s0
+(issuing the \*(L"pre\*(R" commands beforehand and the \*(L"post\*(R" commands afterwards)
and set it as the default for everything except \s-1RAND\s0 and then return a
boolean success or failure.
.PP
@@ -725,7 +725,7 @@ operations via \fIENGINE_ctrl()\fR, including passing to and/or from the control
commands data of any arbitrary type. These commands are supported in the
discovery mechanisms simply to allow applications determinie if an \s-1ENGINE\s0
supports certain specific commands it might want to use (eg. application \*(L"foo\*(R"
-might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\*(R" \-\s0
+might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\*(R"\s0 \-
and \s-1ENGINE\s0 could therefore decide whether or not to support this \*(L"foo\*(R"\-specific
extension).
.SS "Future developments"
diff --git a/secure/lib/libcrypto/man/err.3 b/secure/lib/libcrypto/man/err.3
index 43620d0dd684..eecd7747abf5 100644
--- a/secure/lib/libcrypto/man/err.3
+++ b/secure/lib/libcrypto/man/err.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "err 3"
-.TH err 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH err 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/evp.3 b/secure/lib/libcrypto/man/evp.3
index c52844773fc7..9be7c8e779b9 100644
--- a/secure/lib/libcrypto/man/evp.3
+++ b/secure/lib/libcrypto/man/evp.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "evp 3"
-.TH evp 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH evp 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/hmac.3 b/secure/lib/libcrypto/man/hmac.3
index 41a5f67896a6..22a1792c6aa6 100644
--- a/secure/lib/libcrypto/man/hmac.3
+++ b/secure/lib/libcrypto/man/hmac.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "hmac 3"
-.TH hmac 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH hmac 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -160,7 +160,7 @@ HMAC_cleanup \- HMAC message authentication code
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\s-1HMAC\s0 is a \s-1MAC \s0(message authentication code), i.e. a keyed hash
+\&\s-1HMAC\s0 is a \s-1MAC\s0 (message authentication code), i.e. a keyed hash
function used for message authentication, which is based on a hash
function.
.PP
@@ -195,7 +195,7 @@ long. It is deprecated and only included for backward compatibility
with OpenSSL 0.9.6b.
.PP
\&\fIHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use the hash
-function \fBevp_md\fR and key \fBkey\fR. If both are \s-1NULL \s0(or \fBevp_md\fR is the same
+function \fBevp_md\fR and key \fBkey\fR. If both are \s-1NULL\s0 (or \fBevp_md\fR is the same
as the previous digest used by \fBctx\fR and \fBkey\fR is \s-1NULL\s0) the existing key is
reused. \fBctx\fR must have been created with \fIHMAC_CTX_new()\fR before the first use
of an \fB\s-1HMAC_CTX\s0\fR in this function. \fBN.B. \f(BIHMAC_Init()\fB had this undocumented
diff --git a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
index a0d07fcd937e..63bf732093bb 100644
--- a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
+++ b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "i2d_CMS_bio_stream 3"
-.TH i2d_CMS_bio_stream 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH i2d_CMS_bio_stream 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
index 0db1097630c6..d4f92ef1856a 100644
--- a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
+++ b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "i2d_PKCS7_bio_stream 3"
-.TH i2d_PKCS7_bio_stream 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH i2d_PKCS7_bio_stream 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/lh_stats.3 b/secure/lib/libcrypto/man/lh_stats.3
index 186badaf5cc3..62dd42f62f06 100644
--- a/secure/lib/libcrypto/man/lh_stats.3
+++ b/secure/lib/libcrypto/man/lh_stats.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "lh_stats 3"
-.TH lh_stats 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH lh_stats 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/lhash.3 b/secure/lib/libcrypto/man/lhash.3
index 943af862654d..af5c3caa9b92 100644
--- a/secure/lib/libcrypto/man/lhash.3
+++ b/secure/lib/libcrypto/man/lhash.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "lhash 3"
-.TH lhash 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH lhash 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -362,7 +362,7 @@ the wrapper functions without \*(L"const\*(R" types.
Callers that only have \*(L"const\*(R" access to data they're indexing in a
table, yet declare callbacks without constant types (or cast the
\&\*(L"const\*(R" away themselves), are therefore creating their own risks/bugs
-without being encouraged to do so by the \s-1API. \s0 On a related note,
+without being encouraged to do so by the \s-1API.\s0 On a related note,
those auditing code should pay special attention to any instances of
DECLARE/IMPLEMENT_LHASH_DOALL_[\s-1ARG_\s0]_FN macros that provide types
without any \*(L"const\*(R" qualifiers.
@@ -428,7 +428,7 @@ This manpage is derived from the SSLeay documentation.
.PP
In OpenSSL 0.9.7, all lhash functions that were passed function pointers
were changed for better type safety, and the function types \s-1LHASH_COMP_FN_TYPE,
-LHASH_HASH_FN_TYPE, LHASH_DOALL_FN_TYPE\s0 and \s-1LHASH_DOALL_ARG_FN_TYPE \s0
+LHASH_HASH_FN_TYPE, LHASH_DOALL_FN_TYPE\s0 and \s-1LHASH_DOALL_ARG_FN_TYPE\s0
became available.
.PP
In OpenSSL 1.0.0, the lhash interface was revamped for even better
diff --git a/secure/lib/libcrypto/man/md5.3 b/secure/lib/libcrypto/man/md5.3
index 5c411ebc6054..20d9f408889e 100644
--- a/secure/lib/libcrypto/man/md5.3
+++ b/secure/lib/libcrypto/man/md5.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "md5 3"
-.TH md5 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH md5 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/mdc2.3 b/secure/lib/libcrypto/man/mdc2.3
index 5d3e3d996d9b..6f8044832ee9 100644
--- a/secure/lib/libcrypto/man/mdc2.3
+++ b/secure/lib/libcrypto/man/mdc2.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "mdc2 3"
-.TH mdc2 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH mdc2 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/pem.3 b/secure/lib/libcrypto/man/pem.3
index 3af1172885be..43cca0f292ee 100644
--- a/secure/lib/libcrypto/man/pem.3
+++ b/secure/lib/libcrypto/man/pem.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "pem 3"
-.TH pem 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH pem 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -365,7 +365,7 @@ encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead.
also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however
it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm
to use is specified in the \fBnid\fR parameter and should be the \s-1NID\s0 of the
-corresponding \s-1OBJECT IDENTIFIER \s0(see \s-1NOTES\s0 section).
+corresponding \s-1OBJECT IDENTIFIER\s0 (see \s-1NOTES\s0 section).
.PP
The \fB\s-1PUBKEY\s0\fR functions process a public key using an \s-1EVP_PKEY\s0
structure. The public key is encoded as a SubjectPublicKeyInfo
@@ -476,7 +476,7 @@ for it twice) if \fBrwflag\fR is 1. The \fBu\fR parameter has the same
value as the \fBu\fR parameter passed to the \s-1PEM\s0 routine. It allows
arbitrary data to be passed to the callback by the application
(for example a window handle in a \s-1GUI\s0 application). The callback
-\&\fBmust\fR return the number of characters in the passphrase or 0 if
+\&\fBmust\fR return the number of characters in the passphrase or \-1 if
an error occurred.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
@@ -485,103 +485,96 @@ most of them are set to 0 or \s-1NULL.\s0
.PP
Read a certificate in \s-1PEM\s0 format from a \s-1BIO:\s0
.PP
-.Vb 6
+.Vb 5
\& X509 *x;
\& x = PEM_read_bio_X509(bp, NULL, 0, NULL);
-\& if (x == NULL)
-\& {
-\& /* Error */
-\& }
+\& if (x == NULL) {
+\& /* Error */
+\& }
.Ve
.PP
Alternative method:
.PP
-.Vb 5
+.Vb 4
\& X509 *x = NULL;
-\& if (!PEM_read_bio_X509(bp, &x, 0, NULL))
-\& {
-\& /* Error */
-\& }
+\& if (!PEM_read_bio_X509(bp, &x, 0, NULL)) {
+\& /* Error */
+\& }
.Ve
.PP
Write a certificate to a \s-1BIO:\s0
.PP
-.Vb 4
-\& if (!PEM_write_bio_X509(bp, x))
-\& {
-\& /* Error */
-\& }
+.Vb 3
+\& if (!PEM_write_bio_X509(bp, x)) {
+\& /* Error */
+\& }
.Ve
.PP
Write an unencrypted private key to a \s-1FILE\s0 pointer:
.PP
-.Vb 4
-\& if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL))
-\& {
-\& /* Error */
-\& }
+.Vb 3
+\& if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) {
+\& /* Error */
+\& }
.Ve
.PP
Write a private key (using traditional format) to a \s-1BIO\s0 using
triple \s-1DES\s0 encryption, the pass phrase is prompted for:
.PP
-.Vb 4
-\& if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL))
-\& {
-\& /* Error */
-\& }
+.Vb 3
+\& if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) {
+\& /* Error */
+\& }
.Ve
.PP
Write a private key (using PKCS#8 format) to a \s-1BIO\s0 using triple
\&\s-1DES\s0 encryption, using the pass phrase \*(L"hello\*(R":
.PP
-.Vb 4
-\& if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello"))
-\& {
-\& /* Error */
-\& }
+.Vb 3
+\& if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello")) {
+\& /* Error */
+\& }
.Ve
.PP
Read a private key from a \s-1BIO\s0 using the pass phrase \*(L"hello\*(R":
.PP
-.Vb 5
+.Vb 4
\& key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello");
-\& if (key == NULL)
-\& {
-\& /* Error */
-\& }
+\& if (key == NULL) {
+\& /* Error */
+\& }
.Ve
.PP
Read a private key from a \s-1BIO\s0 using a pass phrase callback:
.PP
-.Vb 5
+.Vb 4
\& key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
-\& if (key == NULL)
-\& {
-\& /* Error */
-\& }
+\& if (key == NULL) {
+\& /* Error */
+\& }
.Ve
.PP
Skeleton pass phrase callback:
.PP
-.Vb 6
-\& int pass_cb(char *buf, int size, int rwflag, void *u);
-\& {
-\& int len;
-\& char *tmp;
-\& /* We\*(Aqd probably do something else if \*(Aqrwflag\*(Aq is 1 */
-\& printf("Enter pass phrase for \e"%s\e"\en", u);
-\&
-\& /* get pass phrase, length \*(Aqlen\*(Aq into \*(Aqtmp\*(Aq */
-\& tmp = "hello";
-\& len = strlen(tmp);
-\&
-\& if (len <= 0) return 0;
-\& /* if too long, truncate */
-\& if (len > size) len = size;
-\& memcpy(buf, tmp, len);
-\& return len;
-\& }
+.Vb 2
+\& int pass_cb(char *buf, int size, int rwflag, void *u)
+\& {
+\&
+\& /* We\*(Aqd probably do something else if \*(Aqrwflag\*(Aq is 1 */
+\& printf("Enter pass phrase for \e"%s\e"\en", u);
+\&
+\& /* get pass phrase, length \*(Aqlen\*(Aq into \*(Aqtmp\*(Aq */
+\& char *tmp = "hello";
+\& if (tmp == NULL) /* An error occurred */
+\& return \-1;
+\&
+\& size_t len = strlen(tmp);
+\&
+\& if (len > size)
+\& len = size;
+\& memcpy(buf, tmp, len);
+\& return len;
+\& }
.Ve
.SH "NOTES"
.IX Header "NOTES"
diff --git a/secure/lib/libcrypto/man/rand.3 b/secure/lib/libcrypto/man/rand.3
index e6573c2bc7c5..dabbb601c50e 100644
--- a/secure/lib/libcrypto/man/rand.3
+++ b/secure/lib/libcrypto/man/rand.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "rand 3"
-.TH rand 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH rand 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -193,7 +193,7 @@ described in \fIRAND_add\fR\|(3). Its state can be saved in a seed file
seeding process whenever the application is started.
.PP
\&\fIRAND_bytes\fR\|(3) describes how to obtain random data from the
-\&\s-1PRNG. \s0
+\&\s-1PRNG.\s0
.SH "INTERNALS"
.IX Header "INTERNALS"
The \fIRAND_SSLeay()\fR method implements a \s-1PRNG\s0 based on a cryptographic
@@ -204,7 +204,7 @@ documentation:
.PP
First up I will state the things I believe I need for a good \s-1RNG.\s0
.IP "1." 4
-A good hashing algorithm to mix things up and to convert the \s-1RNG \s0'state'
+A good hashing algorithm to mix things up and to convert the \s-1RNG\s0 'state'
to random numbers.
.IP "2." 4
An initial source of random 'state'.
diff --git a/secure/lib/libcrypto/man/rc4.3 b/secure/lib/libcrypto/man/rc4.3
index 89f183fd70f5..ca4d86785496 100644
--- a/secure/lib/libcrypto/man/rc4.3
+++ b/secure/lib/libcrypto/man/rc4.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "rc4 3"
-.TH rc4 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH rc4 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ripemd.3 b/secure/lib/libcrypto/man/ripemd.3
index 0c90a36e9a01..3a0a195c192d 100644
--- a/secure/lib/libcrypto/man/ripemd.3
+++ b/secure/lib/libcrypto/man/ripemd.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ripemd 3"
-.TH ripemd 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ripemd 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -183,7 +183,7 @@ hash functions directly.
success, 0 otherwise.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1ISO/IEC 10118\-3 \s0(draft) (??)
+\&\s-1ISO/IEC 10118\-3\s0 (draft) (??)
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIsha\fR\|(3), \fIhmac\fR\|(3), \fIEVP_DigestInit\fR\|(3)
diff --git a/secure/lib/libcrypto/man/rsa.3 b/secure/lib/libcrypto/man/rsa.3
index 3cd20dfd6dc9..4471d50008b9 100644
--- a/secure/lib/libcrypto/man/rsa.3
+++ b/secure/lib/libcrypto/man/rsa.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "rsa 3"
-.TH rsa 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH rsa 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/sha.3 b/secure/lib/libcrypto/man/sha.3
index 98336711ac6f..3c634647581b 100644
--- a/secure/lib/libcrypto/man/sha.3
+++ b/secure/lib/libcrypto/man/sha.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "sha 3"
-.TH sha 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH sha 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -180,7 +180,7 @@ Applications should use the higher level functions
\&\fIEVP_DigestInit\fR\|(3) etc. instead of calling the hash
functions directly.
.PP
-\&\s-1SHA\-1 \s0(Secure Hash Algorithm) is a cryptographic hash function with a
+\&\s-1SHA\-1\s0 (Secure Hash Algorithm) is a cryptographic hash function with a
160 bit output.
.PP
\&\s-1\fISHA1\s0()\fR computes the \s-1SHA\-1\s0 message digest of the \fBn\fR
@@ -219,7 +219,7 @@ value.
SHA384\s0 and \s-1SHA512\s0 functions return 1 for success, 0 otherwise.
.SH "CONFORMING TO"
.IX Header "CONFORMING TO"
-\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS PUB 180\-4 \s0(Secure Hash
+\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS PUB 180\-4\s0 (Secure Hash
Standard),
\&\s-1ANSI X9.30\s0
.SH "SEE ALSO"
diff --git a/secure/lib/libcrypto/man/threads.3 b/secure/lib/libcrypto/man/threads.3
index 04d00c323cf9..b9e9ef2c93a2 100644
--- a/secure/lib/libcrypto/man/threads.3
+++ b/secure/lib/libcrypto/man/threads.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "threads 3"
-.TH threads 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH threads 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/ui.3 b/secure/lib/libcrypto/man/ui.3
index f085eb98b5dc..b8b962acd65d 100644
--- a/secure/lib/libcrypto/man/ui.3
+++ b/secure/lib/libcrypto/man/ui.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ui 3"
-.TH ui 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ui 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -206,7 +206,7 @@ prompt the user for text-based information. Through user-written methods
imaginable, be it plain text prompting, through dialog boxes or from a
cell phone.
.PP
-All the functions work through a context of the type \s-1UI. \s0 This context
+All the functions work through a context of the type \s-1UI.\s0 This context
contains all the information needed to prompt correctly as well as a
reference to a \s-1UI_METHOD,\s0 which is an ordered vector of functions that
carry out the actual prompting.
diff --git a/secure/lib/libcrypto/man/ui_compat.3 b/secure/lib/libcrypto/man/ui_compat.3
index 02cccb66657f..11ceeca01b20 100644
--- a/secure/lib/libcrypto/man/ui_compat.3
+++ b/secure/lib/libcrypto/man/ui_compat.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ui_compat 3"
-.TH ui_compat 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ui_compat 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libcrypto/man/x509.3 b/secure/lib/libcrypto/man/x509.3
index 7d15f11e487b..e1279cad0b00 100644
--- a/secure/lib/libcrypto/man/x509.3
+++ b/secure/lib/libcrypto/man/x509.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "x509 3"
-.TH x509 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH x509 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -144,15 +144,15 @@ x509 \- X.509 certificate handling
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
A X.509 certificate is a structured grouping of information about
-an individual, a device, or anything one can imagine. A X.509 \s-1CRL
-\&\s0(certificate revocation list) is a tool to help determine if a
+an individual, a device, or anything one can imagine. A X.509 \s-1CRL\s0
+(certificate revocation list) is a tool to help determine if a
certificate is still valid. The exact definition of those can be
found in the X.509 document from ITU-T, or in \s-1RFC3280\s0 from \s-1PKIX.\s0
In OpenSSL, the type X509 is used to express such a certificate, and
the type X509_CRL is used to express a \s-1CRL.\s0
.PP
A related structure is a certificate request, defined in PKCS#10 from
-\&\s-1RSA\s0 Security, Inc, also reflected in \s-1RFC2896. \s0 In OpenSSL, the type
+\&\s-1RSA\s0 Security, Inc, also reflected in \s-1RFC2896.\s0 In OpenSSL, the type
X509_REQ is used to express such a certificate request.
.PP
To handle some complex parts of a certificate, there are the types
diff --git a/secure/lib/libssl/Makefile.man b/secure/lib/libssl/Makefile.man
index 4d357e0dbaad..252cc9929d83 100644
--- a/secure/lib/libssl/Makefile.man
+++ b/secure/lib/libssl/Makefile.man
@@ -301,6 +301,7 @@ MLINKS+= SSL_alert_type_string.3 SSL_alert_desc_string.3
MLINKS+= SSL_alert_type_string.3 SSL_alert_desc_string_long.3
MLINKS+= SSL_alert_type_string.3 SSL_alert_type_string_long.3
MLINKS+= SSL_get_ciphers.3 SSL_get_cipher_list.3
+MLINKS+= SSL_get_ciphers.3 SSL_get_shared_ciphers.3
MLINKS+= SSL_get_client_CA_list.3 SSL_CTX_get_client_CA_list.3
MLINKS+= SSL_get_current_cipher.3 SSL_get_cipher.3
MLINKS+= SSL_get_current_cipher.3 SSL_get_cipher_bits.3
diff --git a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 b/secure/lib/libssl/man/SSL_CIPHER_get_name.3
index 793093511a40..d1728d5467d2 100644
--- a/secure/lib/libssl/man/SSL_CIPHER_get_name.3
+++ b/secure/lib/libssl/man/SSL_CIPHER_get_name.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CIPHER_get_name 3"
-.TH SSL_CIPHER_get_name 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CIPHER_get_name 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -232,8 +232,8 @@ If \fISSL_CIPHER_description()\fR cannot handle a built-in cipher, the according
description of the cipher property is \fBunknown\fR. This case should not
occur.
.PP
-The standard terminology for ephemeral Diffie-Hellman schemes is \s-1DHE
-\&\s0(finite field) or \s-1ECDHE \s0(elliptic curve). This version of OpenSSL
+The standard terminology for ephemeral Diffie-Hellman schemes is \s-1DHE\s0
+(finite field) or \s-1ECDHE\s0 (elliptic curve). This version of OpenSSL
idiosyncratically reports these schemes as \s-1EDH\s0 and \s-1EECDH,\s0 even though
it also accepts the standard terminology.
.PP
diff --git a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
index cef67701e55d..3d7126ae5e89 100644
--- a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
+++ b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_COMP_add_compression_method 3"
-.TH SSL_COMP_add_compression_method 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_COMP_add_compression_method 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CONF_CTX_new.3 b/secure/lib/libssl/man/SSL_CONF_CTX_new.3
index e6032831faa5..946df6798f40 100644
--- a/secure/lib/libssl/man/SSL_CONF_CTX_new.3
+++ b/secure/lib/libssl/man/SSL_CONF_CTX_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CONF_CTX_new 3"
-.TH SSL_CONF_CTX_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CONF_CTX_new 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3 b/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3
index 87c436ad7899..0e4ee71660f5 100644
--- a/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3
+++ b/secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CONF_CTX_set1_prefix 3"
-.TH SSL_CONF_CTX_set1_prefix 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CONF_CTX_set1_prefix 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3 b/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3
index 2965c1179dcc..8ced6e9c2ea2 100644
--- a/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3
+++ b/secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CONF_CTX_set_flags 3"
-.TH SSL_CONF_CTX_set_flags 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CONF_CTX_set_flags 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3 b/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3
index 258f29bcb928..0724893149e4 100644
--- a/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3
+++ b/secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CONF_CTX_set_ssl_ctx 3"
-.TH SSL_CONF_CTX_set_ssl_ctx 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CONF_CTX_set_ssl_ctx 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CONF_cmd.3 b/secure/lib/libssl/man/SSL_CONF_cmd.3
index 4ccaab0efeb1..0121bfe7c8dc 100644
--- a/secure/lib/libssl/man/SSL_CONF_cmd.3
+++ b/secure/lib/libssl/man/SSL_CONF_cmd.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CONF_cmd 3"
-.TH SSL_CONF_cmd 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CONF_cmd 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CONF_cmd_argv.3 b/secure/lib/libssl/man/SSL_CONF_cmd_argv.3
index 98d3b13f34ba..3d8441d99d49 100644
--- a/secure/lib/libssl/man/SSL_CONF_cmd_argv.3
+++ b/secure/lib/libssl/man/SSL_CONF_cmd_argv.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CONF_cmd_argv 3"
-.TH SSL_CONF_cmd_argv 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CONF_cmd_argv 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3 b/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3
index 7b678086765d..cdea1166e020 100644
--- a/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3
+++ b/secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_add1_chain_cert 3"
-.TH SSL_CTX_add1_chain_cert 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_add1_chain_cert 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
index 7fb818af5b4c..c2c27f69b85b 100644
--- a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
+++ b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_add_extra_chain_cert 3"
-.TH SSL_CTX_add_extra_chain_cert 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_add_extra_chain_cert 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_add_session.3 b/secure/lib/libssl/man/SSL_CTX_add_session.3
index 509cc0f2a95e..8458a65c858f 100644
--- a/secure/lib/libssl/man/SSL_CTX_add_session.3
+++ b/secure/lib/libssl/man/SSL_CTX_add_session.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_add_session 3"
-.TH SSL_CTX_add_session 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_add_session 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_ctrl.3 b/secure/lib/libssl/man/SSL_CTX_ctrl.3
index a08765c0a57b..90dc89fe19a9 100644
--- a/secure/lib/libssl/man/SSL_CTX_ctrl.3
+++ b/secure/lib/libssl/man/SSL_CTX_ctrl.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_ctrl 3"
-.TH SSL_CTX_ctrl 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_ctrl 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
index 92f3abc00ded..24ce6bece32e 100644
--- a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
+++ b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_flush_sessions 3"
-.TH SSL_CTX_flush_sessions 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_flush_sessions 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_free.3 b/secure/lib/libssl/man/SSL_CTX_free.3
index c3ff8f016016..c260f1055a28 100644
--- a/secure/lib/libssl/man/SSL_CTX_free.3
+++ b/secure/lib/libssl/man/SSL_CTX_free.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_free 3"
-.TH SSL_CTX_free 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_free 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_get0_param.3 b/secure/lib/libssl/man/SSL_CTX_get0_param.3
index f877f9e94935..3704b6cac12b 100644
--- a/secure/lib/libssl/man/SSL_CTX_get0_param.3
+++ b/secure/lib/libssl/man/SSL_CTX_get0_param.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_get0_param 3"
-.TH SSL_CTX_get0_param 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_get0_param 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
index 009bdb4af66a..8dd9b4ac4a00 100644
--- a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
+++ b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_get_ex_new_index 3"
-.TH SSL_CTX_get_ex_new_index 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_get_ex_new_index 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
index 9f2f5947ea42..1709214b8847 100644
--- a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
+++ b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_get_verify_mode 3"
-.TH SSL_CTX_get_verify_mode 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_get_verify_mode 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
index 6920b164c759..ad256ddb736d 100644
--- a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
+++ b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_load_verify_locations 3"
-.TH SSL_CTX_load_verify_locations 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_load_verify_locations 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_new.3 b/secure/lib/libssl/man/SSL_CTX_new.3
index 731f2987ae0b..0d64929318c5 100644
--- a/secure/lib/libssl/man/SSL_CTX_new.3
+++ b/secure/lib/libssl/man/SSL_CTX_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_new 3"
-.TH SSL_CTX_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_new 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_sess_number.3 b/secure/lib/libssl/man/SSL_CTX_sess_number.3
index 0a7a9b46da4f..c2f87feaf5fd 100644
--- a/secure/lib/libssl/man/SSL_CTX_sess_number.3
+++ b/secure/lib/libssl/man/SSL_CTX_sess_number.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_sess_number 3"
-.TH SSL_CTX_sess_number 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_sess_number 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
index bff67fc70d84..b9a59a167da6 100644
--- a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
+++ b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_sess_set_cache_size 3"
-.TH SSL_CTX_sess_set_cache_size 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_sess_set_cache_size 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
index 476ee5e0147c..f5d88b2615c9 100644
--- a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
+++ b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_sess_set_get_cb 3"
-.TH SSL_CTX_sess_set_get_cb 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_sess_set_get_cb 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_sessions.3 b/secure/lib/libssl/man/SSL_CTX_sessions.3
index 97810a634cb8..031f7f40d7e9 100644
--- a/secure/lib/libssl/man/SSL_CTX_sessions.3
+++ b/secure/lib/libssl/man/SSL_CTX_sessions.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_sessions 3"
-.TH SSL_CTX_sessions 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_sessions 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set1_curves.3 b/secure/lib/libssl/man/SSL_CTX_set1_curves.3
index 613a70647113..0a78666c4785 100644
--- a/secure/lib/libssl/man/SSL_CTX_set1_curves.3
+++ b/secure/lib/libssl/man/SSL_CTX_set1_curves.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set1_curves 3"
-.TH SSL_CTX_set1_curves 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set1_curves 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -179,7 +179,7 @@ order. It can return zero if the client did not send a supported curves
extension.
.PP
\&\fISSL_get_shared_curve()\fR returns shared curve \fBn\fR for a server-side
-\&\s-1SSL \s0\fBssl\fR. If \fBn\fR is \-1 then the total number of shared curves is
+\&\s-1SSL\s0 \fBssl\fR. If \fBn\fR is \-1 then the total number of shared curves is
returned, which may be zero. Other than for diagnostic purposes,
most applications will only be interested in the first shared curve
so \fBn\fR is normally set to zero. If the value \fBn\fR is out of range,
diff --git a/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3 b/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3
index b550a6e5a2b7..52b02fce0cd9 100644
--- a/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3
+++ b/secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set1_verify_cert_store 3"
-.TH SSL_CTX_set1_verify_cert_store 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set1_verify_cert_store 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
index 16474ed7ce54..e9baad15ed92 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_alpn_select_cb 3"
-.TH SSL_CTX_set_alpn_select_cb 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_alpn_select_cb 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3
index 0b72e5b672a6..accf7b16c331 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_cert_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_cert_cb 3"
-.TH SSL_CTX_set_cert_cb 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_cert_cb 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
index 2a1a4c4acea7..881931afba82 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_cert_store 3"
-.TH SSL_CTX_set_cert_store 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_cert_store 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
index 8a0308cb3ad9..bd2f30df9ac2 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_cert_verify_callback 3"
-.TH SSL_CTX_set_cert_verify_callback 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_cert_verify_callback 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
index d8cdf03e234a..8e4aa55f877c 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_cipher_list 3"
-.TH SSL_CTX_set_cipher_list 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_cipher_list 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
index b2fd343e5dd9..3e1cbaea8708 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_client_CA_list 3"
-.TH SSL_CTX_set_client_CA_list 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_client_CA_list 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
index e5cbb29d370b..37dac5a05d40 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_client_cert_cb 3"
-.TH SSL_CTX_set_client_cert_cb 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_client_cert_cb 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3 b/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3
index b695280f12b6..8196ab6e8057 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_custom_cli_ext 3"
-.TH SSL_CTX_set_custom_cli_ext 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_custom_cli_ext 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
index 698065949109..2f5385d45ff1 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_default_passwd_cb 3"
-.TH SSL_CTX_set_default_passwd_cb 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_default_passwd_cb 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
index 267f20594467..e69efb583087 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_generate_session_id 3"
-.TH SSL_CTX_set_generate_session_id 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_generate_session_id 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
index 1a1511e2b3bc..4b9821efc57c 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_info_callback 3"
-.TH SSL_CTX_set_info_callback 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_info_callback 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -194,24 +194,24 @@ Callback has been called during write operation.
.IP "\s-1SSL_CB_ALERT\s0" 4
.IX Item "SSL_CB_ALERT"
Callback has been called due to an alert being sent or received.
-.IP "\s-1SSL_CB_READ_ALERT \s0(SSL_CB_ALERT|SSL_CB_READ)" 4
+.IP "\s-1SSL_CB_READ_ALERT\s0 (SSL_CB_ALERT|SSL_CB_READ)" 4
.IX Item "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)"
.PD 0
-.IP "\s-1SSL_CB_WRITE_ALERT \s0(SSL_CB_ALERT|SSL_CB_WRITE)" 4
+.IP "\s-1SSL_CB_WRITE_ALERT\s0 (SSL_CB_ALERT|SSL_CB_WRITE)" 4
.IX Item "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)"
-.IP "\s-1SSL_CB_ACCEPT_LOOP \s0(SSL_ST_ACCEPT|SSL_CB_LOOP)" 4
+.IP "\s-1SSL_CB_ACCEPT_LOOP\s0 (SSL_ST_ACCEPT|SSL_CB_LOOP)" 4
.IX Item "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)"
-.IP "\s-1SSL_CB_ACCEPT_EXIT \s0(SSL_ST_ACCEPT|SSL_CB_EXIT)" 4
+.IP "\s-1SSL_CB_ACCEPT_EXIT\s0 (SSL_ST_ACCEPT|SSL_CB_EXIT)" 4
.IX Item "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)"
-.IP "\s-1SSL_CB_CONNECT_LOOP \s0(SSL_ST_CONNECT|SSL_CB_LOOP)" 4
+.IP "\s-1SSL_CB_CONNECT_LOOP\s0 (SSL_ST_CONNECT|SSL_CB_LOOP)" 4
.IX Item "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)"
-.IP "\s-1SSL_CB_CONNECT_EXIT \s0(SSL_ST_CONNECT|SSL_CB_EXIT)" 4
+.IP "\s-1SSL_CB_CONNECT_EXIT\s0 (SSL_ST_CONNECT|SSL_CB_EXIT)" 4
.IX Item "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)"
.IP "\s-1SSL_CB_HANDSHAKE_START\s0" 4
.IX Item "SSL_CB_HANDSHAKE_START"
.PD
Callback has been called because a new handshake is started.
-.IP "\s-1SSL_CB_HANDSHAKE_DONE \s0 0x20" 4
+.IP "\s-1SSL_CB_HANDSHAKE_DONE\s0 0x20" 4
.IX Item "SSL_CB_HANDSHAKE_DONE 0x20"
Callback has been called because a handshake is finished.
.PP
diff --git a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
index 15c099eaab99..651033b5cedb 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_max_cert_list 3"
-.TH SSL_CTX_set_max_cert_list 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_max_cert_list 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_mode.3
index 6c5c5e770840..b04d0ef094d7 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_mode.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_mode.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_mode 3"
-.TH SSL_CTX_set_mode 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_mode 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
index 6a3d967f481b..1fc3819b71fa 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_msg_callback 3"
-.TH SSL_CTX_set_msg_callback 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_msg_callback 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_options.3 b/secure/lib/libssl/man/SSL_CTX_set_options.3
index 95fdc58d97c4..2bee9032bd59 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_options.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_options.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_options 3"
-.TH SSL_CTX_set_options 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_options 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
index 38bdf910606e..c8a1b9a501cf 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_psk_client_callback 3"
-.TH SSL_CTX_set_psk_client_callback 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_psk_client_callback 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
index 07e4181c805a..9895011cc820 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_quiet_shutdown 3"
-.TH SSL_CTX_set_quiet_shutdown 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_quiet_shutdown 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 b/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3
index 59dd6f4e047f..6ce551b55493 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_read_ahead 3"
-.TH SSL_CTX_set_read_ahead 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_read_ahead 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -156,7 +156,7 @@ SSL_CTX_get_default_read_ahead, SSL_set_read_ahead, SSL_get_read_ahead
\&\fISSL_CTX_set_read_ahead()\fR and \fISSL_set_read_ahead()\fR set whether we should read as
many input bytes as possible (for non-blocking reads) or not. For example if
\&\fBx\fR bytes are currently required by OpenSSL, but \fBy\fR bytes are available from
-the underlying \s-1BIO \s0(where \fBy\fR > \fBx\fR), then OpenSSL will read all \fBy\fR bytes
+the underlying \s-1BIO\s0 (where \fBy\fR > \fBx\fR), then OpenSSL will read all \fBy\fR bytes
into its buffer (providing that the buffer is large enough) if reading ahead is
on, or \fBx\fR bytes otherwise. The parameter \fByes\fR or \fBm\fR should be 0 to ensure
reading ahead is off, or non zero otherwise.
diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
index 2e31bd63423e..24e5aba183b0 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_session_cache_mode 3"
-.TH SSL_CTX_set_session_cache_mode 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_session_cache_mode 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
index 7cabb82f8aa3..1c210d823736 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_session_id_context 3"
-.TH SSL_CTX_set_session_id_context 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_session_id_context 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
index c23177e11fb5..1dd0d91c3deb 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_ssl_version 3"
-.TH SSL_CTX_set_ssl_version 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_ssl_version 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,12 +148,12 @@ SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fISSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL \s0\fBmethod\fR for \s-1SSL\s0 objects
+\&\fISSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects
newly created from this \fBctx\fR. \s-1SSL\s0 objects already created with
\&\fISSL_new\fR\|(3) are not affected, except when
\&\fISSL_clear\fR\|(3) is being called.
.PP
-\&\fISSL_set_ssl_method()\fR sets a new \s-1TLS/SSL \s0\fBmethod\fR for a particular \fBssl\fR
+\&\fISSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR
object. It may be reset, when \fISSL_clear()\fR is called.
.PP
\&\fISSL_get_ssl_method()\fR returns a function pointer to the \s-1TLS/SSL\s0 method
diff --git a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 b/secure/lib/libssl/man/SSL_CTX_set_timeout.3
index 3bcf178860f5..998e2ea1f269 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_timeout.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_timeout.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_timeout 3"
-.TH SSL_CTX_set_timeout 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_timeout 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3
index 8a86d5fef365..74cdf5e1332d 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_tlsext_servername_callback 3"
-.TH SSL_CTX_set_tlsext_servername_callback 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_tlsext_servername_callback 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3
index 50d6728c53fb..c7ab174a177d 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_tlsext_status_cb 3"
-.TH SSL_CTX_set_tlsext_status_cb 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_tlsext_status_cb 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -190,9 +190,9 @@ error; 0 if the response is not acceptable (in which case the handshake will
fail) or a positive value if it is acceptable.
.PP
The callback when used on the server side should return with either
-\&\s-1SSL_TLSEXT_ERR_OK \s0(meaning that the \s-1OCSP\s0 response that has been set should be
-returned), \s-1SSL_TLSEXT_ERR_NOACK \s0(meaning that an \s-1OCSP\s0 response should not be
-returned) or \s-1SSL_TLSEXT_ERR_ALERT_FATAL \s0(meaning that a fatal error has
+\&\s-1SSL_TLSEXT_ERR_OK\s0 (meaning that the \s-1OCSP\s0 response that has been set should be
+returned), \s-1SSL_TLSEXT_ERR_NOACK\s0 (meaning that an \s-1OCSP\s0 response should not be
+returned) or \s-1SSL_TLSEXT_ERR_ALERT_FATAL\s0 (meaning that a fatal error has
occurred).
.PP
\&\fISSL_CTX_set_tlsext_status_cb()\fR, \fISSL_CTX_set_tlsext_status_arg()\fR,
diff --git a/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
index c3b4e7c949c8..b8ce770c1362 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_tlsext_ticket_key_cb 3"
-.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -162,7 +162,7 @@ session when session ticket extension is presented in the \s-1TLS\s0 hello
message. It is the responsibility of this function to create or retrieve the
cryptographic parameters and to maintain their state.
.PP
-The OpenSSL library uses your callback function to help implement a common \s-1TLS \s0
+The OpenSSL library uses your callback function to help implement a common \s-1TLS\s0
ticket construction state according to \s-1RFC5077\s0 Section 4 such that per session
state is unnecessary and a small set of cryptographic variables needs to be
maintained by the callback function implementation.
diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
index de1ab332e59f..aabf07fcc59d 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_tmp_dh_callback 3"
-.TH SSL_CTX_set_tmp_dh_callback 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_tmp_dh_callback 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
index 70899d7ec480..140fe58da284 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_tmp_rsa_callback 3"
-.TH SSL_CTX_set_tmp_rsa_callback 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_tmp_rsa_callback 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -202,7 +202,7 @@ the \s-1TLS\s0 standard, when the \s-1RSA\s0 key can be used for signing only, t
for export ciphers. Using ephemeral \s-1RSA\s0 key exchange for other purposes
violates the standard and can break interoperability with clients.
It is therefore strongly recommended to not use ephemeral \s-1RSA\s0 key
-exchange and use \s-1DHE \s0(Ephemeral Diffie-Hellman) key exchange instead
+exchange and use \s-1DHE\s0 (Ephemeral Diffie-Hellman) key exchange instead
in order to achieve forward secrecy (see
\&\fISSL_CTX_set_tmp_dh_callback\fR\|(3)).
.PP
diff --git a/secure/lib/libssl/man/SSL_CTX_set_verify.3 b/secure/lib/libssl/man/SSL_CTX_set_verify.3
index dce190972ef9..56999d630d56 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_verify.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_verify.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_set_verify 3"
-.TH SSL_CTX_set_verify 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_set_verify 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 b/secure/lib/libssl/man/SSL_CTX_use_certificate.3
index f1955d7e3858..fd7c35f74123 100644
--- a/secure/lib/libssl/man/SSL_CTX_use_certificate.3
+++ b/secure/lib/libssl/man/SSL_CTX_use_certificate.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_use_certificate 3"
-.TH SSL_CTX_use_certificate 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_use_certificate 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -245,7 +245,7 @@ key/certificate pairs at a time. The certificate used depends on the
cipher selected, see also \fISSL_CTX_set_cipher_list\fR\|(3).
.PP
When reading certificates and private keys from file, files of type
-\&\s-1SSL_FILETYPE_ASN1 \s0(also known as \fB\s-1DER\s0\fR, binary encoding) can only contain
+\&\s-1SSL_FILETYPE_ASN1\s0 (also known as \fB\s-1DER\s0\fR, binary encoding) can only contain
one certificate or private key, consequently
\&\fISSL_CTX_use_certificate_chain_file()\fR is only applicable to \s-1PEM\s0 formatting.
Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item.
@@ -272,6 +272,13 @@ supplied, see
(Certificate files might be encrypted as well from the technical point
of view, it however does not make sense as the data in the certificate
is considered public anyway.)
+.PP
+All of the functions to set a new certificate will replace any existing
+certificate of the same type that has already been set. Similarly all of the
+functions to set a new private key will replace any private key that has already
+been set. Applications should call \fISSL_CTX_check_private_key\fR\|(3) or
+\&\fISSL_check_private_key\fR\|(3) as appropriate after loading a new certificate and
+private key to confirm that the certificate and key match.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
On success, the functions return 1.
diff --git a/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 b/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
index 19e29b18abf2..49f15ba4343b 100644
--- a/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
+++ b/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_use_psk_identity_hint 3"
-.TH SSL_CTX_use_psk_identity_hint 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_use_psk_identity_hint 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3 b/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3
index de443a93ae8b..fa42e6b75d08 100644
--- a/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3
+++ b/secure/lib/libssl/man/SSL_CTX_use_serverinfo.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_use_serverinfo 3"
-.TH SSL_CTX_use_serverinfo 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_CTX_use_serverinfo 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -149,7 +149,7 @@ SSL_CTX_use_serverinfo, SSL_CTX_use_serverinfo_file \- use serverinfo extension
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions load \*(L"serverinfo\*(R" \s-1TLS\s0 ServerHello Extensions into the \s-1SSL_CTX.
-A \s0\*(L"serverinfo\*(R" extension is returned in response to an empty ClientHello
+A\s0 \*(L"serverinfo\*(R" extension is returned in response to an empty ClientHello
Extension.
.PP
\&\fISSL_CTX_use_serverinfo()\fR loads one or more serverinfo extensions from
diff --git a/secure/lib/libssl/man/SSL_SESSION_free.3 b/secure/lib/libssl/man/SSL_SESSION_free.3
index ef48478a1ff6..587ba96f8704 100644
--- a/secure/lib/libssl/man/SSL_SESSION_free.3
+++ b/secure/lib/libssl/man/SSL_SESSION_free.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_SESSION_free 3"
-.TH SSL_SESSION_free 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_SESSION_free 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
index a1ceb6dabab1..25b6dbd0e131 100644
--- a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
+++ b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_SESSION_get_ex_new_index 3"
-.TH SSL_SESSION_get_ex_new_index 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_SESSION_get_ex_new_index 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_SESSION_get_time.3 b/secure/lib/libssl/man/SSL_SESSION_get_time.3
index bcd8f2e322cd..1e8180745ddc 100644
--- a/secure/lib/libssl/man/SSL_SESSION_get_time.3
+++ b/secure/lib/libssl/man/SSL_SESSION_get_time.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_SESSION_get_time 3"
-.TH SSL_SESSION_get_time 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_SESSION_get_time 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_accept.3 b/secure/lib/libssl/man/SSL_accept.3
index d38547210790..11c09120d5e4 100644
--- a/secure/lib/libssl/man/SSL_accept.3
+++ b/secure/lib/libssl/man/SSL_accept.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_accept 3"
-.TH SSL_accept 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_accept 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,7 +150,7 @@ The communication channel must already have been set and assigned to the
\&\fBssl\fR by setting an underlying \fB\s-1BIO\s0\fR.
.SH "NOTES"
.IX Header "NOTES"
-The behaviour of \fISSL_accept()\fR depends on the underlying \s-1BIO. \s0
+The behaviour of \fISSL_accept()\fR depends on the underlying \s-1BIO.\s0
.PP
If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_accept()\fR will only return once the
handshake has been finished or an error occurred.
diff --git a/secure/lib/libssl/man/SSL_alert_type_string.3 b/secure/lib/libssl/man/SSL_alert_type_string.3
index c7596572b096..037dca60afb2 100644
--- a/secure/lib/libssl/man/SSL_alert_type_string.3
+++ b/secure/lib/libssl/man/SSL_alert_type_string.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_alert_type_string 3"
-.TH SSL_alert_type_string 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_alert_type_string 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -273,7 +273,7 @@ with more than 2^14+1024 bytes. This message is always fatal.
.IX Item "CA/unknown CA"
A valid certificate chain or partial chain was received, but the
certificate was not accepted because the \s-1CA\s0 certificate could not
-be located or couldn't be matched with a known, trusted \s-1CA. \s0 This
+be located or couldn't be matched with a known, trusted \s-1CA.\s0 This
message is always fatal.
.ie n .IP """\s-1AD""/\s0""access denied""" 4
.el .IP "``\s-1AD''/\s0``access denied''" 4
diff --git a/secure/lib/libssl/man/SSL_check_chain.3 b/secure/lib/libssl/man/SSL_check_chain.3
index 4bded8190550..70e1c6cc8725 100644
--- a/secure/lib/libssl/man/SSL_check_chain.3
+++ b/secure/lib/libssl/man/SSL_check_chain.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_check_chain 3"
-.TH SSL_check_chain 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_check_chain 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_clear.3 b/secure/lib/libssl/man/SSL_clear.3
index 559da961f5d5..3ecff9437704 100644
--- a/secure/lib/libssl/man/SSL_clear.3
+++ b/secure/lib/libssl/man/SSL_clear.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_clear 3"
-.TH SSL_clear 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_clear 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_connect.3 b/secure/lib/libssl/man/SSL_connect.3
index b52190cfd28e..0ad7fce7b6e7 100644
--- a/secure/lib/libssl/man/SSL_connect.3
+++ b/secure/lib/libssl/man/SSL_connect.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_connect 3"
-.TH SSL_connect 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_connect 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,7 +150,7 @@ channel must already have been set and assigned to the \fBssl\fR by setting an
underlying \fB\s-1BIO\s0\fR.
.SH "NOTES"
.IX Header "NOTES"
-The behaviour of \fISSL_connect()\fR depends on the underlying \s-1BIO. \s0
+The behaviour of \fISSL_connect()\fR depends on the underlying \s-1BIO.\s0
.PP
If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_connect()\fR will only return once the
handshake has been finished or an error occurred.
diff --git a/secure/lib/libssl/man/SSL_do_handshake.3 b/secure/lib/libssl/man/SSL_do_handshake.3
index bc93c5b9d73d..e5b72e316cef 100644
--- a/secure/lib/libssl/man/SSL_do_handshake.3
+++ b/secure/lib/libssl/man/SSL_do_handshake.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_do_handshake 3"
-.TH SSL_do_handshake 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_do_handshake 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_export_keying_material.3 b/secure/lib/libssl/man/SSL_export_keying_material.3
index 8381da9f0d20..62e8c11d92a1 100644
--- a/secure/lib/libssl/man/SSL_export_keying_material.3
+++ b/secure/lib/libssl/man/SSL_export_keying_material.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_export_keying_material 3"
-.TH SSL_export_keying_material 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_export_keying_material 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_free.3 b/secure/lib/libssl/man/SSL_free.3
index ec66ebb5d41f..fa86762a84e6 100644
--- a/secure/lib/libssl/man/SSL_free.3
+++ b/secure/lib/libssl/man/SSL_free.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_free 3"
-.TH SSL_free 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_free 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 b/secure/lib/libssl/man/SSL_get_SSL_CTX.3
index d8d3f070651d..0d829d11be1c 100644
--- a/secure/lib/libssl/man/SSL_get_SSL_CTX.3
+++ b/secure/lib/libssl/man/SSL_get_SSL_CTX.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_SSL_CTX 3"
-.TH SSL_get_SSL_CTX 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_get_SSL_CTX 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_ciphers.3 b/secure/lib/libssl/man/SSL_get_ciphers.3
index 791a2f3d71e8..9dabbf700e99 100644
--- a/secure/lib/libssl/man/SSL_get_ciphers.3
+++ b/secure/lib/libssl/man/SSL_get_ciphers.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,13 +129,16 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_ciphers 3"
-.TH SSL_get_ciphers 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_get_ciphers 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
-SSL_get_ciphers, SSL_get_cipher_list \- get list of available SSL_CIPHERs
+SSL_get_ciphers,
+SSL_get_cipher_list,
+SSL_get_shared_ciphers
+\&\- get list of available SSL_CIPHERs
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
@@ -143,6 +146,7 @@ SSL_get_ciphers, SSL_get_cipher_list \- get list of available SSL_CIPHERs
\&
\& STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl);
\& const char *SSL_get_cipher_list(const SSL *ssl, int priority);
+\& char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
@@ -154,6 +158,19 @@ is returned.
listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL,\s0 no ciphers are
available, or there are less ciphers than \fBpriority\fR available, \s-1NULL\s0
is returned.
+.PP
+\&\fISSL_get_shared_ciphers()\fR creates a colon separated and \s-1NUL\s0 terminated list of
+\&\s-1SSL_CIPHER\s0 names that are available in both the client and the server. \fBbuf\fR is
+the buffer that should be populated with the list of names and \fBsize\fR is the
+size of that buffer. A pointer to \fBbuf\fR is returned on success or \s-1NULL\s0 on
+error. If the supplied buffer is not large enough to contain the complete list
+of names then a truncated list of names will be returned. Note that just because
+a ciphersuite is available (i.e. it is configured in the cipher list) and shared
+by both the client and the server it does not mean that it is enabled (for
+example some ciphers may not be usable by a server if there is not a suitable
+certificate configured). This function will return available shared ciphersuites
+whether or not they are enabled. This is a server side function only and must
+only be called after the completion of the initial handshake.
.SH "NOTES"
.IX Header "NOTES"
The details of the ciphers obtained by \fISSL_get_ciphers()\fR can be obtained using
diff --git a/secure/lib/libssl/man/SSL_get_client_CA_list.3 b/secure/lib/libssl/man/SSL_get_client_CA_list.3
index f4480faa7333..38beb0437ca6 100644
--- a/secure/lib/libssl/man/SSL_get_client_CA_list.3
+++ b/secure/lib/libssl/man/SSL_get_client_CA_list.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_client_CA_list 3"
-.TH SSL_get_client_CA_list 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_get_client_CA_list 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_current_cipher.3 b/secure/lib/libssl/man/SSL_get_current_cipher.3
index 32c6912136b6..9646d25d9a85 100644
--- a/secure/lib/libssl/man/SSL_get_current_cipher.3
+++ b/secure/lib/libssl/man/SSL_get_current_cipher.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_current_cipher 3"
-.TH SSL_get_current_cipher 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_get_current_cipher 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_default_timeout.3 b/secure/lib/libssl/man/SSL_get_default_timeout.3
index 3a7a56179b16..00795e172879 100644
--- a/secure/lib/libssl/man/SSL_get_default_timeout.3
+++ b/secure/lib/libssl/man/SSL_get_default_timeout.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_default_timeout 3"
-.TH SSL_get_default_timeout 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_get_default_timeout 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_error.3 b/secure/lib/libssl/man/SSL_get_error.3
index fc15c86e3b61..966d4fa91fb6 100644
--- a/secure/lib/libssl/man/SSL_get_error.3
+++ b/secure/lib/libssl/man/SSL_get_error.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_error 3"
-.TH SSL_get_error 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_get_error 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
index 2e20589aeae3..a5b7dfc559eb 100644
--- a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
+++ b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3"
-.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_get_ex_new_index.3
index 0506a54daec6..28838a5bbeff 100644
--- a/secure/lib/libssl/man/SSL_get_ex_new_index.3
+++ b/secure/lib/libssl/man/SSL_get_ex_new_index.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_ex_new_index 3"
-.TH SSL_get_ex_new_index 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_get_ex_new_index 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_fd.3 b/secure/lib/libssl/man/SSL_get_fd.3
index cb9195eb29d9..cc725cb6f48b 100644
--- a/secure/lib/libssl/man/SSL_get_fd.3
+++ b/secure/lib/libssl/man/SSL_get_fd.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_fd 3"
-.TH SSL_get_fd 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_get_fd 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
index 07fc26240974..acbed28f0631 100644
--- a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
+++ b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_peer_cert_chain 3"
-.TH SSL_get_peer_cert_chain 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_get_peer_cert_chain 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_peer_certificate.3 b/secure/lib/libssl/man/SSL_get_peer_certificate.3
index 45d8722c6648..9ae89f9d9e52 100644
--- a/secure/lib/libssl/man/SSL_get_peer_certificate.3
+++ b/secure/lib/libssl/man/SSL_get_peer_certificate.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_peer_certificate 3"
-.TH SSL_get_peer_certificate 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_get_peer_certificate 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_psk_identity.3 b/secure/lib/libssl/man/SSL_get_psk_identity.3
index 93fddb3cd533..cd6f8b23740d 100644
--- a/secure/lib/libssl/man/SSL_get_psk_identity.3
+++ b/secure/lib/libssl/man/SSL_get_psk_identity.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_psk_identity 3"
-.TH SSL_get_psk_identity 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_get_psk_identity 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_rbio.3 b/secure/lib/libssl/man/SSL_get_rbio.3
index 0b0c24426dda..f6b94cf7b746 100644
--- a/secure/lib/libssl/man/SSL_get_rbio.3
+++ b/secure/lib/libssl/man/SSL_get_rbio.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_rbio 3"
-.TH SSL_get_rbio 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_get_rbio 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_session.3 b/secure/lib/libssl/man/SSL_get_session.3
index 91688beb8c5f..92ea05c491a6 100644
--- a/secure/lib/libssl/man/SSL_get_session.3
+++ b/secure/lib/libssl/man/SSL_get_session.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_session 3"
-.TH SSL_get_session 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_get_session 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -160,6 +160,11 @@ count of the \fB\s-1SSL_SESSION\s0\fR is incremented by one.
The ssl session contains all information required to re-establish the
connection without a new handshake.
.PP
+A session will be automatically removed from the session cache and marked as
+non-resumable if the connection is not closed down cleanly, e.g. if a fatal
+error occurs on the connection or \fISSL_shutdown\fR\|(3) is not called prior to
+\&\fISSL_free\fR\|(3).
+.PP
\&\fISSL_get0_session()\fR returns a pointer to the actual session. As the
reference counter is not incremented, the pointer is only valid while
the connection is in use. If \fISSL_clear\fR\|(3) or
diff --git a/secure/lib/libssl/man/SSL_get_verify_result.3 b/secure/lib/libssl/man/SSL_get_verify_result.3
index c29d41dc588e..9e4bfcd949f6 100644
--- a/secure/lib/libssl/man/SSL_get_verify_result.3
+++ b/secure/lib/libssl/man/SSL_get_verify_result.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_verify_result 3"
-.TH SSL_get_verify_result 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_get_verify_result 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_get_version.3 b/secure/lib/libssl/man/SSL_get_version.3
index deaef2126d20..41f325315123 100644
--- a/secure/lib/libssl/man/SSL_get_version.3
+++ b/secure/lib/libssl/man/SSL_get_version.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_get_version 3"
-.TH SSL_get_version 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_get_version 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -146,7 +146,9 @@ SSL_get_version \- get the protocol version of a connection.
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fISSL_get_version()\fR returns the name of the protocol used for the
-connection \fBssl\fR.
+connection \fBssl\fR. It should only be called after the initial handshake has been
+completed. Prior to that the results returned from this function may be
+unreliable.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
The following strings can be returned:
@@ -167,7 +169,7 @@ The connection uses the TLSv1.1 protocol.
The connection uses the TLSv1.2 protocol.
.IP "unknown" 4
.IX Item "unknown"
-This indicates that no version has been set (no connection established).
+This indicates an unknown protocol version.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIssl\fR\|(3)
diff --git a/secure/lib/libssl/man/SSL_library_init.3 b/secure/lib/libssl/man/SSL_library_init.3
index 16aa9be5eb96..05cf16761df7 100644
--- a/secure/lib/libssl/man/SSL_library_init.3
+++ b/secure/lib/libssl/man/SSL_library_init.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_library_init 3"
-.TH SSL_library_init 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_library_init 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_load_client_CA_file.3 b/secure/lib/libssl/man/SSL_load_client_CA_file.3
index 89d02845a1cd..86d4a4b838b1 100644
--- a/secure/lib/libssl/man/SSL_load_client_CA_file.3
+++ b/secure/lib/libssl/man/SSL_load_client_CA_file.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_load_client_CA_file 3"
-.TH SSL_load_client_CA_file 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_load_client_CA_file 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_new.3 b/secure/lib/libssl/man/SSL_new.3
index 706806444fc7..d2cde832c5c7 100644
--- a/secure/lib/libssl/man/SSL_new.3
+++ b/secure/lib/libssl/man/SSL_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_new 3"
-.TH SSL_new 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_new 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_pending.3 b/secure/lib/libssl/man/SSL_pending.3
index 79d09c2a0e1a..688f7d4e6b68 100644
--- a/secure/lib/libssl/man/SSL_pending.3
+++ b/secure/lib/libssl/man/SSL_pending.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_pending 3"
-.TH SSL_pending 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_pending 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_read.3 b/secure/lib/libssl/man/SSL_read.3
index d495796f1537..26371dd112a3 100644
--- a/secure/lib/libssl/man/SSL_read.3
+++ b/secure/lib/libssl/man/SSL_read.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_read 3"
-.TH SSL_read 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_read 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -154,7 +154,7 @@ not already explicitly performed by \fISSL_connect\fR\|(3) or
\&\fISSL_accept\fR\|(3). If the
peer requests a re-negotiation, it will be performed transparently during
the \fISSL_read()\fR operation. The behaviour of \fISSL_read()\fR depends on the
-underlying \s-1BIO. \s0
+underlying \s-1BIO.\s0
.PP
For the transparent negotiation to succeed, the \fBssl\fR must have been
initialized to client or server mode. This is being done by calling
diff --git a/secure/lib/libssl/man/SSL_rstate_string.3 b/secure/lib/libssl/man/SSL_rstate_string.3
index f7aa9042d291..b39fb8fde4f4 100644
--- a/secure/lib/libssl/man/SSL_rstate_string.3
+++ b/secure/lib/libssl/man/SSL_rstate_string.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_rstate_string 3"
-.TH SSL_rstate_string 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_rstate_string 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_session_reused.3 b/secure/lib/libssl/man/SSL_session_reused.3
index 8f2794042161..59bf2418e903 100644
--- a/secure/lib/libssl/man/SSL_session_reused.3
+++ b/secure/lib/libssl/man/SSL_session_reused.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_session_reused 3"
-.TH SSL_session_reused 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_session_reused 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_set_bio.3 b/secure/lib/libssl/man/SSL_set_bio.3
index bd1324cca52c..1f7fba072ed9 100644
--- a/secure/lib/libssl/man/SSL_set_bio.3
+++ b/secure/lib/libssl/man/SSL_set_bio.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_bio 3"
-.TH SSL_set_bio 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_set_bio 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -146,7 +146,7 @@ SSL_set_bio \- connect the SSL object with a BIO
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fISSL_set_bio()\fR connects the BIOs \fBrbio\fR and \fBwbio\fR for the read and write
-operations of the \s-1TLS/SSL \s0(encrypted) side of \fBssl\fR.
+operations of the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR.
.PP
The \s-1SSL\s0 engine inherits the behaviour of \fBrbio\fR and \fBwbio\fR, respectively.
If a \s-1BIO\s0 is non-blocking, the \fBssl\fR will also have non-blocking behaviour.
diff --git a/secure/lib/libssl/man/SSL_set_connect_state.3 b/secure/lib/libssl/man/SSL_set_connect_state.3
index de2e9588d968..3ea6a058e99b 100644
--- a/secure/lib/libssl/man/SSL_set_connect_state.3
+++ b/secure/lib/libssl/man/SSL_set_connect_state.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_connect_state 3"
-.TH SSL_set_connect_state 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_set_connect_state 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_set_fd.3 b/secure/lib/libssl/man/SSL_set_fd.3
index 80538f7b57dd..ebd43303cdb8 100644
--- a/secure/lib/libssl/man/SSL_set_fd.3
+++ b/secure/lib/libssl/man/SSL_set_fd.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_fd 3"
-.TH SSL_set_fd 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_set_fd 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -148,7 +148,7 @@ SSL_set_fd \- connect the SSL object with a file descriptor
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fISSL_set_fd()\fR sets the file descriptor \fBfd\fR as the input/output facility
-for the \s-1TLS/SSL \s0(encrypted) side of \fBssl\fR. \fBfd\fR will typically be the
+for the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. \fBfd\fR will typically be the
socket file descriptor of a network connection.
.PP
When performing the operation, a \fBsocket \s-1BIO\s0\fR is automatically created to
diff --git a/secure/lib/libssl/man/SSL_set_session.3 b/secure/lib/libssl/man/SSL_set_session.3
index 819560b1b456..72648fe41365 100644
--- a/secure/lib/libssl/man/SSL_set_session.3
+++ b/secure/lib/libssl/man/SSL_set_session.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_session 3"
-.TH SSL_set_session 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_set_session 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_set_shutdown.3 b/secure/lib/libssl/man/SSL_set_shutdown.3
index 68c03d0d12e6..be4320da5325 100644
--- a/secure/lib/libssl/man/SSL_set_shutdown.3
+++ b/secure/lib/libssl/man/SSL_set_shutdown.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_shutdown 3"
-.TH SSL_set_shutdown 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_set_shutdown 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -170,8 +170,8 @@ The shutdown state of the connection is used to determine the state of
the ssl session. If the session is still open, when
\&\fISSL_clear\fR\|(3) or \fISSL_free\fR\|(3) is called,
it is considered bad and removed according to \s-1RFC2246.\s0
-The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN
-\&\s0(according to the \s-1TLS RFC,\s0 it is acceptable to only send the \*(L"close notify\*(R"
+The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN\s0
+(according to the \s-1TLS RFC,\s0 it is acceptable to only send the \*(L"close notify\*(R"
alert but to not wait for the peer's answer, when the underlying connection
is closed).
\&\fISSL_set_shutdown()\fR can be used to set this state without sending a
diff --git a/secure/lib/libssl/man/SSL_set_verify_result.3 b/secure/lib/libssl/man/SSL_set_verify_result.3
index 21959ce76bae..f407cec3ff7a 100644
--- a/secure/lib/libssl/man/SSL_set_verify_result.3
+++ b/secure/lib/libssl/man/SSL_set_verify_result.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_set_verify_result 3"
-.TH SSL_set_verify_result 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_set_verify_result 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_shutdown.3 b/secure/lib/libssl/man/SSL_shutdown.3
index 39ed256f42d3..e81075efd4a7 100644
--- a/secure/lib/libssl/man/SSL_shutdown.3
+++ b/secure/lib/libssl/man/SSL_shutdown.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_shutdown 3"
-.TH SSL_shutdown 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_shutdown 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -181,7 +181,7 @@ complete (return value of the first call is 0). As the shutdown is not
specially handled in the SSLv2 protocol, \fISSL_shutdown()\fR will succeed on
the first call.
.PP
-The behaviour of \fISSL_shutdown()\fR additionally depends on the underlying \s-1BIO. \s0
+The behaviour of \fISSL_shutdown()\fR additionally depends on the underlying \s-1BIO.\s0
.PP
If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_shutdown()\fR will only return once the
handshake step has been finished or an error occurred.
diff --git a/secure/lib/libssl/man/SSL_state_string.3 b/secure/lib/libssl/man/SSL_state_string.3
index dc9569d4a0d0..ccafe5df56ed 100644
--- a/secure/lib/libssl/man/SSL_state_string.3
+++ b/secure/lib/libssl/man/SSL_state_string.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_state_string 3"
-.TH SSL_state_string 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_state_string 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_want.3 b/secure/lib/libssl/man/SSL_want.3
index 2624eca61ff7..c9477ba8b85a 100644
--- a/secure/lib/libssl/man/SSL_want.3
+++ b/secure/lib/libssl/man/SSL_want.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_want 3"
-.TH SSL_want 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_want 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/SSL_write.3 b/secure/lib/libssl/man/SSL_write.3
index d08d417612b0..b57f9dcd5727 100644
--- a/secure/lib/libssl/man/SSL_write.3
+++ b/secure/lib/libssl/man/SSL_write.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_write 3"
-.TH SSL_write 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SSL_write 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -154,7 +154,7 @@ not already explicitly performed by \fISSL_connect\fR\|(3) or
\&\fISSL_accept\fR\|(3). If the
peer requests a re-negotiation, it will be performed transparently during
the \fISSL_write()\fR operation. The behaviour of \fISSL_write()\fR depends on the
-underlying \s-1BIO. \s0
+underlying \s-1BIO.\s0
.PP
For the transparent negotiation to succeed, the \fBssl\fR must have been
initialized to client or server mode. This is being done by calling
diff --git a/secure/lib/libssl/man/d2i_SSL_SESSION.3 b/secure/lib/libssl/man/d2i_SSL_SESSION.3
index 5dd653875fe3..c9bf415f30d2 100644
--- a/secure/lib/libssl/man/d2i_SSL_SESSION.3
+++ b/secure/lib/libssl/man/d2i_SSL_SESSION.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "d2i_SSL_SESSION 3"
-.TH d2i_SSL_SESSION 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH d2i_SSL_SESSION 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/lib/libssl/man/ssl.3 b/secure/lib/libssl/man/ssl.3
index 249c1fd45e06..73655f63fbd1 100644
--- a/secure/lib/libssl/man/ssl.3
+++ b/secure/lib/libssl/man/ssl.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ssl 3"
-.TH ssl 3 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ssl 3 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -201,7 +201,7 @@ Currently the OpenSSL \fBssl\fR library provides the following C header files
containing the prototypes for the data structures and and functions:
.IP "\fBssl.h\fR" 4
.IX Item "ssl.h"
-That's the common header file for the \s-1SSL/TLS API. \s0 Include it into your
+That's the common header file for the \s-1SSL/TLS API.\s0 Include it into your
program to make the \s-1API\s0 of the \fBssl\fR library available. It internally
includes both more private \s-1SSL\s0 headers and headers from the \fBcrypto\fR library.
Whenever you need hard-core details on the internals of the \s-1SSL API,\s0 look
@@ -637,8 +637,8 @@ connection defined in the \fB\s-1SSL\s0\fR structure.
.IX Item "int SSL_get_read_ahead(const SSL *ssl);"
.IP "\s-1SSL_SESSION\s0 *\fBSSL_get_session\fR(const \s-1SSL\s0 *ssl);" 4
.IX Item "SSL_SESSION *SSL_get_session(const SSL *ssl);"
-.IP "char *\fBSSL_get_shared_ciphers\fR(const \s-1SSL\s0 *ssl, char *buf, int len);" 4
-.IX Item "char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len);"
+.IP "char *\fBSSL_get_shared_ciphers\fR(const \s-1SSL\s0 *ssl, char *buf, int size);" 4
+.IX Item "char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int size);"
.IP "int \fBSSL_get_shutdown\fR(const \s-1SSL\s0 *ssl);" 4
.IX Item "int SSL_get_shutdown(const SSL *ssl);"
.IP "const \s-1SSL_METHOD\s0 *\fBSSL_get_ssl_method\fR(\s-1SSL\s0 *ssl);" 4
diff --git a/secure/usr.bin/openssl/man/CA.pl.1 b/secure/usr.bin/openssl/man/CA.pl.1
index e13d6ac7363f..348189f76080 100644
--- a/secure/usr.bin/openssl/man/CA.pl.1
+++ b/secure/usr.bin/openssl/man/CA.pl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CA.PL 1"
-.TH CA.PL 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CA.PL 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/asn1parse.1 b/secure/usr.bin/openssl/man/asn1parse.1
index 039e2a87c2d5..4641fc96bd87 100644
--- a/secure/usr.bin/openssl/man/asn1parse.1
+++ b/secure/usr.bin/openssl/man/asn1parse.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1PARSE 1"
-.TH ASN1PARSE 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ASN1PARSE 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -232,7 +232,7 @@ The output will typically contain lines like this:
.PP
This example is part of a self signed certificate. Each line starts with the
offset in decimal. \fBd=XX\fR specifies the current depth. The depth is increased
-within the scope of any \s-1SET\s0 or \s-1SEQUENCE. \s0\fBhl=XX\fR gives the header length
+within the scope of any \s-1SET\s0 or \s-1SEQUENCE.\s0 \fBhl=XX\fR gives the header length
(tag and length octets) of the current type. \fBl=XX\fR gives the length of
the contents octets.
.PP
diff --git a/secure/usr.bin/openssl/man/ca.1 b/secure/usr.bin/openssl/man/ca.1
index 8e1d70174af5..dd25df487f63 100644
--- a/secure/usr.bin/openssl/man/ca.1
+++ b/secure/usr.bin/openssl/man/ca.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CA 1"
-.TH CA 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CA 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -266,11 +266,11 @@ don't output the text form of a certificate to the output file.
.IP "\fB\-startdate date\fR" 4
.IX Item "-startdate date"
this allows the start date to be explicitly set. The format of the
-date is \s-1YYMMDDHHMMSSZ \s0(the same as an \s-1ASN1\s0 UTCTime structure).
+date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure).
.IP "\fB\-enddate date\fR" 4
.IX Item "-enddate date"
this allows the expiry date to be explicitly set. The format of the
-date is \s-1YYMMDDHHMMSSZ \s0(the same as an \s-1ASN1\s0 UTCTime structure).
+date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure).
.IP "\fB\-days arg\fR" 4
.IX Item "-days arg"
the number of days to certify the certificate for.
@@ -280,7 +280,7 @@ the message digest to use. Possible values include md5, sha1 and mdc2.
This option also applies to CRLs.
.IP "\fB\-policy arg\fR" 4
.IX Item "-policy arg"
-this option defines the \s-1CA \s0\*(L"policy\*(R" to use. This is a section in
+this option defines the \s-1CA\s0 \*(L"policy\*(R" to use. This is a section in
the configuration file which decides which fields should be mandatory
or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY FORMAT\s0\fR section
for more information.
@@ -413,8 +413,8 @@ be used must be named in the \fBdefault_ca\fR option of the \fBca\fR section
of the configuration file (or in the default section of the
configuration file). Besides \fBdefault_ca\fR, the following options are
read directly from the \fBca\fR section:
- \s-1RANDFILE
-\&\s0 preserve
+ \s-1RANDFILE\s0
+ preserve
msie_hack
With the exception of \fB\s-1RANDFILE\s0\fR, this is probably a bug and may
change in future releases.
diff --git a/secure/usr.bin/openssl/man/ciphers.1 b/secure/usr.bin/openssl/man/ciphers.1
index 0b40ca33d1aa..322381635569 100644
--- a/secure/usr.bin/openssl/man/ciphers.1
+++ b/secure/usr.bin/openssl/man/ciphers.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CIPHERS 1"
-.TH CIPHERS 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CIPHERS 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -194,7 +194,7 @@ algorithms.
.PP
Lists of cipher suites can be combined in a single cipher string using the
\&\fB+\fR character. This is used as a logical \fBand\fR operation. For example
-\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1 \s0\fBand\fR the \s-1DES\s0
+\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1\s0 \fBand\fR the \s-1DES\s0
algorithms.
.PP
Each cipher string can be optionally preceded by the characters \fB!\fR,
@@ -300,7 +300,7 @@ cipher suites using authenticated ephemeral \s-1DH\s0 key agreement.
.IP "\fB\s-1ADH\s0\fR" 4
.IX Item "ADH"
anonymous \s-1DH\s0 cipher suites, note that this does not include anonymous Elliptic
-Curve \s-1DH \s0(\s-1ECDH\s0) cipher suites.
+Curve \s-1DH\s0 (\s-1ECDH\s0) cipher suites.
.IP "\fB\s-1DH\s0\fR" 4
.IX Item "DH"
cipher suites using \s-1DH,\s0 including anonymous \s-1DH,\s0 ephemeral \s-1DH\s0 and fixed \s-1DH.\s0
@@ -364,7 +364,7 @@ cipher suites using 128 bit \s-1CAMELLIA, 256\s0 bit \s-1CAMELLIA\s0 or either 1
cipher suites using triple \s-1DES.\s0
.IP "\fB\s-1DES\s0\fR" 4
.IX Item "DES"
-cipher suites using \s-1DES \s0(not triple \s-1DES\s0).
+cipher suites using \s-1DES\s0 (not triple \s-1DES\s0).
.IP "\fB\s-1RC4\s0\fR" 4
.IX Item "RC4"
cipher suites using \s-1RC4.\s0
@@ -388,7 +388,7 @@ cipher suites using \s-1SHA1.\s0
ciphersuites using \s-1SHA256\s0 or \s-1SHA384.\s0
.IP "\fBaGOST\fR" 4
.IX Item "aGOST"
-cipher suites using \s-1GOST R 34.10 \s0(either 2001 or 94) for authenticaction
+cipher suites using \s-1GOST R 34.10\s0 (either 2001 or 94) for authenticaction
(needs an engine supporting \s-1GOST\s0 algorithms).
.IP "\fBaGOST01\fR" 4
.IX Item "aGOST01"
@@ -405,7 +405,7 @@ cipher suites, using \s-1VKO 34.10\s0 key exchange, specified in the \s-1RFC 435
cipher suites, using \s-1HMAC\s0 based on \s-1GOST R 34.11\-94.\s0
.IP "\fB\s-1GOST89MAC\s0\fR" 4
.IX Item "GOST89MAC"
-cipher suites using \s-1GOST 28147\-89 MAC \s0\fBinstead of\fR \s-1HMAC.\s0
+cipher suites using \s-1GOST 28147\-89 MAC\s0 \fBinstead of\fR \s-1HMAC.\s0
.IP "\fB\s-1PSK\s0\fR" 4
.IX Item "PSK"
cipher suites using pre-shared keys (\s-1PSK\s0).
diff --git a/secure/usr.bin/openssl/man/cms.1 b/secure/usr.bin/openssl/man/cms.1
index d2baab39998f..fe2bb714a92c 100644
--- a/secure/usr.bin/openssl/man/cms.1
+++ b/secure/usr.bin/openssl/man/cms.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS 1"
-.TH CMS 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CMS 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -242,29 +242,29 @@ takes an input message and writes out a \s-1PEM\s0 encoded \s-1CMS\s0 structure.
resign a message: take an existing message and one or more new signers.
.IP "\fB\-data_create\fR" 4
.IX Item "-data_create"
-Create a \s-1CMS \s0\fBData\fR type.
+Create a \s-1CMS\s0 \fBData\fR type.
.IP "\fB\-data_out\fR" 4
.IX Item "-data_out"
\&\fBData\fR type and output the content.
.IP "\fB\-digest_create\fR" 4
.IX Item "-digest_create"
-Create a \s-1CMS \s0\fBDigestedData\fR type.
+Create a \s-1CMS\s0 \fBDigestedData\fR type.
.IP "\fB\-digest_verify\fR" 4
.IX Item "-digest_verify"
-Verify a \s-1CMS \s0\fBDigestedData\fR type and output the content.
+Verify a \s-1CMS\s0 \fBDigestedData\fR type and output the content.
.IP "\fB\-compress\fR" 4
.IX Item "-compress"
-Create a \s-1CMS \s0\fBCompressedData\fR type. OpenSSL must be compiled with \fBzlib\fR
+Create a \s-1CMS\s0 \fBCompressedData\fR type. OpenSSL must be compiled with \fBzlib\fR
support for this option to work, otherwise it will output an error.
.IP "\fB\-uncompress\fR" 4
.IX Item "-uncompress"
-Uncompress a \s-1CMS \s0\fBCompressedData\fR type and output the content. OpenSSL must be
+Uncompress a \s-1CMS\s0 \fBCompressedData\fR type and output the content. OpenSSL must be
compiled with \fBzlib\fR support for this option to work, otherwise it will
output an error.
.IP "\fB\-EncryptedData_encrypt\fR" 4
.IX Item "-EncryptedData_encrypt"
-Encrypt content using supplied symmetric key and algorithm using a \s-1CMS
-\&\s0\fBEncrytedData\fR type and output the content.
+Encrypt content using supplied symmetric key and algorithm using a \s-1CMS\s0
+\&\fBEncrytedData\fR type and output the content.
.IP "\fB\-sign_receipt\fR" 4
.IX Item "-sign_receipt"
Generate and output a signed receipt for the supplied message. The input
@@ -327,7 +327,7 @@ is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type.
.IX Item "-text"
this option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied
message if encrypting or signing. If decrypting or verifying it strips
-off text headers: if the decrypted or verified message is not of \s-1MIME \s0
+off text headers: if the decrypted or verified message is not of \s-1MIME\s0
type text/plain then an error occurs.
.IP "\fB\-noout\fR" 4
.IX Item "-noout"
@@ -353,8 +353,8 @@ digest algorithm to use when signing or resigning. If not present then the
default digest algorithm for the signing key will be used (usually \s-1SHA1\s0).
.IP "\fB\-[cipher]\fR" 4
.IX Item "-[cipher]"
-the encryption algorithm to use. For example triple \s-1DES \s0(168 bits) \- \fB\-des3\fR
-or 256 bit \s-1AES \- \s0\fB\-aes256\fR. Any standard algorithm name (as used by the
+the encryption algorithm to use. For example triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR
+or 256 bit \s-1AES\s0 \- \fB\-aes256\fR. Any standard algorithm name (as used by the
\&\fIEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for
example \fB\-aes_128_cbc\fR. See \fBenc\fR for a list of ciphers
supported by your version of OpenSSL.
@@ -420,6 +420,9 @@ occurs.
When encrypting a message this option may be used multiple times to specify
each recipient. This form \fBmust\fR be used if customised parameters are
required (for example to specify RSA-OAEP).
+.Sp
+Only certificates carrying \s-1RSA,\s0 Diffie-Hellman or \s-1EC\s0 keys are supported by this
+option.
.IP "\fB\-keyid\fR" 4
.IX Item "-keyid"
use subject key identifier to identify certificates instead of issuer name and
@@ -735,16 +738,13 @@ No revocation checking is done on the signer's certificate.
.SH "HISTORY"
.IX Header "HISTORY"
The use of multiple \fB\-signer\fR options and the \fB\-resign\fR command were first
-added in OpenSSL 1.0.0
-.PP
-The \fBkeyopt\fR option was first added in OpenSSL 1.1.0
+added in OpenSSL 1.0.0.
.PP
-The use of \fB\-recip\fR to specify the recipient when encrypting mail was first
-added to OpenSSL 1.1.0
+The \fBkeyopt\fR option was first added in OpenSSL 1.0.2.
.PP
-Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0.
+Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.0.2.
.PP
The use of non-RSA keys with \fB\-encrypt\fR and \fB\-decrypt\fR was first added
-to OpenSSL 1.1.0.
+to OpenSSL 1.0.2.
.PP
The \-no_alt_chains options was first added to OpenSSL 1.0.2b.
diff --git a/secure/usr.bin/openssl/man/crl.1 b/secure/usr.bin/openssl/man/crl.1
index ab3f41b06c9a..18a1a2edcbc7 100644
--- a/secure/usr.bin/openssl/man/crl.1
+++ b/secure/usr.bin/openssl/man/crl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CRL 1"
-.TH CRL 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CRL 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/crl2pkcs7.1 b/secure/usr.bin/openssl/man/crl2pkcs7.1
index aa63b54e463d..c1ae08dde2b3 100644
--- a/secure/usr.bin/openssl/man/crl2pkcs7.1
+++ b/secure/usr.bin/openssl/man/crl2pkcs7.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CRL2PKCS7 1"
-.TH CRL2PKCS7 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CRL2PKCS7 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/dgst.1 b/secure/usr.bin/openssl/man/dgst.1
index c0fcc3c0d6bf..eaddb0852226 100644
--- a/secure/usr.bin/openssl/man/dgst.1
+++ b/secure/usr.bin/openssl/man/dgst.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DGST 1"
-.TH DGST 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DGST 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -229,8 +229,8 @@ the actual signature to verify.
create a hashed \s-1MAC\s0 using \*(L"key\*(R".
.IP "\fB\-mac alg\fR" 4
.IX Item "-mac alg"
-create \s-1MAC \s0(keyed Message Authentication Code). The most popular \s-1MAC\s0
-algorithm is \s-1HMAC \s0(hash-based \s-1MAC\s0), but there are other \s-1MAC\s0 algorithms
+create \s-1MAC\s0 (keyed Message Authentication Code). The most popular \s-1MAC\s0
+algorithm is \s-1HMAC\s0 (hash-based \s-1MAC\s0), but there are other \s-1MAC\s0 algorithms
which are not based on hash, for instance \fBgost-mac\fR algorithm,
supported by \fBccgost\fR engine. \s-1MAC\s0 keys and other options should be set
via \fB\-macopt\fR parameter.
diff --git a/secure/usr.bin/openssl/man/dhparam.1 b/secure/usr.bin/openssl/man/dhparam.1
index 40dbe0876c31..33d01cdd00ac 100644
--- a/secure/usr.bin/openssl/man/dhparam.1
+++ b/secure/usr.bin/openssl/man/dhparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DHPARAM 1"
-.TH DHPARAM 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DHPARAM 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/dsa.1 b/secure/usr.bin/openssl/man/dsa.1
index 4e276e2a3523..ff600983c912 100644
--- a/secure/usr.bin/openssl/man/dsa.1
+++ b/secure/usr.bin/openssl/man/dsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA 1"
-.TH DSA 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DSA 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/dsaparam.1 b/secure/usr.bin/openssl/man/dsaparam.1
index 4e360a08f0b5..57a597d547f2 100644
--- a/secure/usr.bin/openssl/man/dsaparam.1
+++ b/secure/usr.bin/openssl/man/dsaparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSAPARAM 1"
-.TH DSAPARAM 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DSAPARAM 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -159,7 +159,7 @@ This command is used to manipulate or generate \s-1DSA\s0 parameter files.
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded
-form compatible with \s-1RFC2459 \s0(\s-1PKIX\s0) DSS-Parms that is a \s-1SEQUENCE\s0 consisting
+form compatible with \s-1RFC2459\s0 (\s-1PKIX\s0) DSS-Parms that is a \s-1SEQUENCE\s0 consisting
of p, q and g respectively. The \s-1PEM\s0 form is the default format: it consists
of the \fB\s-1DER\s0\fR format base64 encoded with additional header and footer lines.
.IP "\fB\-outform DER|PEM\fR" 4
diff --git a/secure/usr.bin/openssl/man/ec.1 b/secure/usr.bin/openssl/man/ec.1
index 5d2baf59cfcf..ae749d1a2d7b 100644
--- a/secure/usr.bin/openssl/man/ec.1
+++ b/secure/usr.bin/openssl/man/ec.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EC 1"
-.TH EC 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EC 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/ecparam.1 b/secure/usr.bin/openssl/man/ecparam.1
index 8353f0c9e527..88c004c9dca1 100644
--- a/secure/usr.bin/openssl/man/ecparam.1
+++ b/secure/usr.bin/openssl/man/ecparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ECPARAM 1"
-.TH ECPARAM 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ECPARAM 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/enc.1 b/secure/usr.bin/openssl/man/enc.1
index 700e9e8ef57a..aff72b88afa4 100644
--- a/secure/usr.bin/openssl/man/enc.1
+++ b/secure/usr.bin/openssl/man/enc.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ENC 1"
-.TH ENC 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ENC 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/errstr.1 b/secure/usr.bin/openssl/man/errstr.1
index c46d27042abf..dec3c719aed8 100644
--- a/secure/usr.bin/openssl/man/errstr.1
+++ b/secure/usr.bin/openssl/man/errstr.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERRSTR 1"
-.TH ERRSTR 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ERRSTR 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/gendsa.1 b/secure/usr.bin/openssl/man/gendsa.1
index a6bce3c05a47..33f91e533856 100644
--- a/secure/usr.bin/openssl/man/gendsa.1
+++ b/secure/usr.bin/openssl/man/gendsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "GENDSA 1"
-.TH GENDSA 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH GENDSA 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/genpkey.1 b/secure/usr.bin/openssl/man/genpkey.1
index 601085bbb888..ddc58bb64b03 100644
--- a/secure/usr.bin/openssl/man/genpkey.1
+++ b/secure/usr.bin/openssl/man/genpkey.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "GENPKEY 1"
-.TH GENPKEY 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH GENPKEY 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -143,7 +143,7 @@ genpkey \- generate a private key
[\fB\-out filename\fR]
[\fB\-outform PEM|DER\fR]
[\fB\-pass arg\fR]
-[\fB\-cipher\fR]
+[\fB\-\f(BIcipher\fB\fR]
[\fB\-engine id\fR]
[\fB\-paramfile file\fR]
[\fB\-algorithm alg\fR]
@@ -161,36 +161,49 @@ the output filename. If this argument is not specified then standard output is
used.
.IP "\fB\-outform DER|PEM\fR" 4
.IX Item "-outform DER|PEM"
-This specifies the output format \s-1DER\s0 or \s-1PEM.\s0
+This specifies the output format \s-1DER\s0 or \s-1PEM.\s0 The default format is \s-1PEM.\s0
.IP "\fB\-pass arg\fR" 4
.IX Item "-pass arg"
-the output file password source. For more information about the format of \fBarg\fR
+The output file password source. For more information about the format of \fBarg\fR
see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
-.IP "\fB\-cipher\fR" 4
+.IP "\fB\-\f(BIcipher\fB\fR" 4
.IX Item "-cipher"
This option encrypts the private key with the supplied cipher. Any algorithm
name accepted by \fIEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR.
.IP "\fB\-engine id\fR" 4
.IX Item "-engine id"
-specifying an engine (by its unique \fBid\fR string) will cause \fBgenpkey\fR
+Specifying an engine (by its unique \fBid\fR string) will cause \fBgenpkey\fR
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms. If used this option should precede all other
options.
.IP "\fB\-algorithm alg\fR" 4
.IX Item "-algorithm alg"
-public key algorithm to use such as \s-1RSA, DSA\s0 or \s-1DH.\s0 If used this option must
+Public key algorithm to use such as \s-1RSA, DSA\s0 or \s-1DH.\s0 If used this option must
precede any \fB\-pkeyopt\fR options. The options \fB\-paramfile\fR and \fB\-algorithm\fR
-are mutually exclusive.
+are mutually exclusive. Engines may add algorithms in addition to the standard
+built-in ones.
+.Sp
+Valid built-in algorithm names for private key generation are \s-1RSA\s0 and \s-1EC.\s0
+.Sp
+Valid built-in algorithm names for parameter generation (see the \fB\-genparam\fR
+option) are \s-1DH, DSA\s0 and \s-1EC.\s0
+.Sp
+Note that the algorithm name X9.42 \s-1DH\s0 may be used as a synonym for the \s-1DH\s0
+algorithm. These are identical and do not indicate the type of parameters that
+will be generated. Use the \fBdh_paramgen_type\fR option to indicate whether PKCS#3
+or X9.42 \s-1DH\s0 parameters are required. See \*(L"\s-1DH\s0 Parameter Generation Options\*(R"
+below for more details.
.IP "\fB\-pkeyopt opt:value\fR" 4
.IX Item "-pkeyopt opt:value"
-set the public key algorithm option \fBopt\fR to \fBvalue\fR. The precise set of
+Set the public key algorithm option \fBopt\fR to \fBvalue\fR. The precise set of
options supported depends on the public key algorithm used and its
-implementation. See \fB\s-1KEY GENERATION OPTIONS\s0\fR below for more details.
+implementation. See \*(L"\s-1KEY GENERATION OPTIONS\*(R"\s0 and
+\&\*(L"\s-1PARAMETER GENERATION OPTIONS\*(R"\s0 below for more details.
.IP "\fB\-genparam\fR" 4
.IX Item "-genparam"
-generate a set of parameters instead of a private key. If used this option must
-precede and \fB\-algorithm\fR, \fB\-paramfile\fR or \fB\-pkeyopt\fR options.
+Generate a set of parameters instead of a private key. If used this option must
+precede any \fB\-algorithm\fR, \fB\-paramfile\fR or \fB\-pkeyopt\fR options.
.IP "\fB\-paramfile filename\fR" 4
.IX Item "-paramfile filename"
Some public key algorithms generate a private key based on a set of parameters.
@@ -207,8 +220,8 @@ parameters along with the \s-1PEM\s0 or \s-1DER\s0 structure.
The options supported by each algorith and indeed each implementation of an
algorithm can vary. The options for the OpenSSL implementations are detailed
below.
-.SH "RSA KEY GENERATION OPTIONS"
-.IX Header "RSA KEY GENERATION OPTIONS"
+.SS "\s-1RSA\s0 Key Generation Options"
+.IX Subsection "RSA Key Generation Options"
.IP "\fBrsa_keygen_bits:numbits\fR" 4
.IX Item "rsa_keygen_bits:numbits"
The number of bits in the generated key. If not specified 1024 is used.
@@ -216,32 +229,68 @@ The number of bits in the generated key. If not specified 1024 is used.
.IX Item "rsa_keygen_pubexp:value"
The \s-1RSA\s0 public exponent value. This can be a large decimal or
hexadecimal value if preceded by \fB0x\fR. Default value is 65537.
-.SH "DSA PARAMETER GENERATION OPTIONS"
-.IX Header "DSA PARAMETER GENERATION OPTIONS"
+.SS "\s-1EC\s0 Key Generation Options"
+.IX Subsection "EC Key Generation Options"
+The \s-1EC\s0 key generation options can also be used for parameter generation.
+.IP "\fBec_paramgen_curve:curve\fR" 4
+.IX Item "ec_paramgen_curve:curve"
+The \s-1EC\s0 curve to use. OpenSSL supports \s-1NIST\s0 curve names such as \*(L"P\-256\*(R".
+.IP "\fBec_param_enc:encoding\fR" 4
+.IX Item "ec_param_enc:encoding"
+The encoding to use for parameters. The \*(L"encoding\*(R" parameter must be either
+\&\*(L"named_curve\*(R" or \*(L"explicit\*(R". The default value is \*(L"named_curve\*(R".
+.SH "PARAMETER GENERATION OPTIONS"
+.IX Header "PARAMETER GENERATION OPTIONS"
+The options supported by each algorithm and indeed each implementation of an
+algorithm can vary. The options for the OpenSSL implementations are detailed
+below.
+.SS "\s-1DSA\s0 Parameter Generation Options"
+.IX Subsection "DSA Parameter Generation Options"
.IP "\fBdsa_paramgen_bits:numbits\fR" 4
.IX Item "dsa_paramgen_bits:numbits"
-The number of bits in the generated parameters. If not specified 1024 is used.
-.SH "DH PARAMETER GENERATION OPTIONS"
-.IX Header "DH PARAMETER GENERATION OPTIONS"
+The number of bits in the generated prime. If not specified 1024 is used.
+.IP "\fBdsa_paramgen_q_bits:numbits\fR" 4
+.IX Item "dsa_paramgen_q_bits:numbits"
+The number of bits in the q parameter. Must be one of 160, 224 or 256. If not
+specified 160 is used.
+.IP "\fBdsa_paramgen_md:digest\fR" 4
+.IX Item "dsa_paramgen_md:digest"
+The digest to use during parameter generation. Must be one of \fBsha1\fR, \fBsha224\fR
+or \fBsha256\fR. If set, then the number of bits in \fBq\fR will match the output size
+of the specified digest and the \fBdsa_paramgen_q_bits\fR parameter will be
+ignored. If not set, then a digest will be used that gives an output matching
+the number of bits in \fBq\fR, i.e. \fBsha1\fR if q length is 160, \fBsha224\fR if it 224
+or \fBsha256\fR if it is 256.
+.SS "\s-1DH\s0 Parameter Generation Options"
+.IX Subsection "DH Parameter Generation Options"
.IP "\fBdh_paramgen_prime_len:numbits\fR" 4
.IX Item "dh_paramgen_prime_len:numbits"
-The number of bits in the prime parameter \fBp\fR.
+The number of bits in the prime parameter \fBp\fR. The default is 1024.
+.IP "\fBdh_paramgen_subprime_len:numbits\fR" 4
+.IX Item "dh_paramgen_subprime_len:numbits"
+The number of bits in the sub prime parameter \fBq\fR. The default is 256 if the
+prime is at least 2048 bits long or 160 otherwise. Only relevant if used in
+conjunction with the \fBdh_paramgen_type\fR option to generate X9.42 \s-1DH\s0 parameters.
.IP "\fBdh_paramgen_generator:value\fR" 4
.IX Item "dh_paramgen_generator:value"
-The value to use for the generator \fBg\fR.
+The value to use for the generator \fBg\fR. The default is 2.
+.IP "\fBdh_paramgen_type:value\fR" 4
+.IX Item "dh_paramgen_type:value"
+The type of \s-1DH\s0 parameters to generate. Use 0 for PKCS#3 \s-1DH\s0 and 1 for X9.42 \s-1DH.\s0
+The default is 0.
.IP "\fBdh_rfc5114:num\fR" 4
.IX Item "dh_rfc5114:num"
-If this option is set then the appropriate \s-1RFC5114\s0 parameters are used
+If this option is set, then the appropriate \s-1RFC5114\s0 parameters are used
instead of generating new parameters. The value \fBnum\fR can take the
values 1, 2 or 3 corresponding to \s-1RFC5114 DH\s0 parameters consisting of
1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup
and 2048 bit group with 256 bit subgroup as mentioned in \s-1RFC5114\s0 sections
-2.1, 2.2 and 2.3 respectively.
-.SH "EC PARAMETER GENERATION OPTIONS"
-.IX Header "EC PARAMETER GENERATION OPTIONS"
-.IP "\fBec_paramgen_curve:curve\fR" 4
-.IX Item "ec_paramgen_curve:curve"
-the \s-1EC\s0 curve to use.
+2.1, 2.2 and 2.3 respectively. If present this overrides all other \s-1DH\s0 parameter
+options.
+.SS "\s-1EC\s0 Parameter Generation Options"
+.IX Subsection "EC Parameter Generation Options"
+The \s-1EC\s0 parameter generation options are the same as for key generation. See
+\&\*(L"\s-1EC\s0 Key Generation Options\*(R" above.
.SH "GOST2001 KEY GENERATION AND PARAMETER OPTIONS"
.IX Header "GOST2001 KEY GENERATION AND PARAMETER OPTIONS"
Gost 2001 support is not enabled by default. To enable this algorithm,
@@ -293,11 +342,11 @@ Generate a 2048 bit \s-1RSA\s0 key using 3 as the public exponent:
\& \-pkeyopt rsa_keygen_pubexp:3
.Ve
.PP
-Generate 1024 bit \s-1DSA\s0 parameters:
+Generate 2048 bit \s-1DSA\s0 parameters:
.PP
.Vb 2
\& openssl genpkey \-genparam \-algorithm DSA \-out dsap.pem \e
-\& \-pkeyopt dsa_paramgen_bits:1024
+\& \-pkeyopt dsa_paramgen_bits:2048
.Ve
.PP
Generate \s-1DSA\s0 key from parameters:
@@ -306,11 +355,19 @@ Generate \s-1DSA\s0 key from parameters:
\& openssl genpkey \-paramfile dsap.pem \-out dsakey.pem
.Ve
.PP
-Generate 1024 bit \s-1DH\s0 parameters:
+Generate 2048 bit \s-1DH\s0 parameters:
.PP
.Vb 2
\& openssl genpkey \-genparam \-algorithm DH \-out dhp.pem \e
-\& \-pkeyopt dh_paramgen_prime_len:1024
+\& \-pkeyopt dh_paramgen_prime_len:2048
+.Ve
+.PP
+Generate 2048 bit X9.42 \s-1DH\s0 parameters:
+.PP
+.Vb 3
+\& openssl genpkey \-genparam \-algorithm DH \-out dhpx.pem \e
+\& \-pkeyopt dh_paramgen_prime_len:2048 \e
+\& \-pkeyopt dh_paramgen_type:1
.Ve
.PP
Output \s-1RFC5114 2048\s0 bit \s-1DH\s0 parameters with 224 bit subgroup:
@@ -324,3 +381,15 @@ Generate \s-1DH\s0 key from parameters:
.Vb 1
\& openssl genpkey \-paramfile dhp.pem \-out dhkey.pem
.Ve
+.PP
+Generate \s-1EC\s0 key directly:
+.PP
+.Vb 3
+\& openssl genpkey \-algorithm EC \-out eckey.pem \e
+\& \-pkeyopt ec_paramgen_curve:P\-384 \e
+\& \-pkeyopt ec_param_enc:named_curve
+.Ve
+.SH "HISTORY"
+.IX Header "HISTORY"
+The ability to use \s-1NIST\s0 curve names, and to generate an \s-1EC\s0 key directly,
+were added in OpenSSL 1.0.2.
diff --git a/secure/usr.bin/openssl/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1
index 97882690823a..06b9833fde51 100644
--- a/secure/usr.bin/openssl/man/genrsa.1
+++ b/secure/usr.bin/openssl/man/genrsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "GENRSA 1"
-.TH GENRSA 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH GENRSA 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/nseq.1 b/secure/usr.bin/openssl/man/nseq.1
index fa6501eec012..d29c7f501eda 100644
--- a/secure/usr.bin/openssl/man/nseq.1
+++ b/secure/usr.bin/openssl/man/nseq.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "NSEQ 1"
-.TH NSEQ 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH NSEQ 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1
index 49dce4d6182f..74d822041e58 100644
--- a/secure/usr.bin/openssl/man/ocsp.1
+++ b/secure/usr.bin/openssl/man/ocsp.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "OCSP 1"
-.TH OCSP 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH OCSP 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -247,7 +247,7 @@ if \s-1OCSP\s0 request or response creation is implied by other options (for exa
with \fBserial\fR, \fBcert\fR and \fBhost\fR options).
.IP "\fB\-url responder_url\fR" 4
.IX Item "-url responder_url"
-specify the responder \s-1URL.\s0 Both \s-1HTTP\s0 and \s-1HTTPS \s0(\s-1SSL/TLS\s0) URLs can be specified.
+specify the responder \s-1URL.\s0 Both \s-1HTTP\s0 and \s-1HTTPS\s0 (\s-1SSL/TLS\s0) URLs can be specified.
.IP "\fB\-host hostname:port\fR, \fB\-path pathname\fR" 4
.IX Item "-host hostname:port, -path pathname"
if the \fBhost\fR option is present then the \s-1OCSP\s0 request is sent to the host
diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1
index 3077b771318b..f0b6837a3f36 100644
--- a/secure/usr.bin/openssl/man/openssl.1
+++ b/secure/usr.bin/openssl/man/openssl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL 1"
-.TH OPENSSL 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH OPENSSL 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -210,7 +210,7 @@ Certificate Authority (\s-1CA\s0) Management.
Cipher Suite Description Determination.
.IP "\fBcms\fR" 10
.IX Item "cms"
-\&\s-1CMS \s0(Cryptographic Message Syntax) utility
+\&\s-1CMS\s0 (Cryptographic Message Syntax) utility
.IP "\fBcrl\fR" 10
.IX Item "crl"
Certificate Revocation List (\s-1CRL\s0) Management.
@@ -237,7 +237,7 @@ Generation and Management of Diffie-Hellman Parameters. Superseded by
\&\fBgenpkey\fR and \fBpkeyparam\fR
.IP "\fBec\fR" 10
.IX Item "ec"
-\&\s-1EC \s0(Elliptic curve) key processing
+\&\s-1EC\s0 (Elliptic curve) key processing
.IP "\fBecparam\fR" 10
.IX Item "ecparam"
\&\s-1EC\s0 parameter manipulation and generation
diff --git a/secure/usr.bin/openssl/man/passwd.1 b/secure/usr.bin/openssl/man/passwd.1
index b44fdc448b11..c0419b1af5be 100644
--- a/secure/usr.bin/openssl/man/passwd.1
+++ b/secure/usr.bin/openssl/man/passwd.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PASSWD 1"
-.TH PASSWD 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH PASSWD 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkcs12.1 b/secure/usr.bin/openssl/man/pkcs12.1
index 3e6bcd5f1614..d6b6851df98a 100644
--- a/secure/usr.bin/openssl/man/pkcs12.1
+++ b/secure/usr.bin/openssl/man/pkcs12.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS12 1"
-.TH PKCS12 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH PKCS12 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkcs7.1 b/secure/usr.bin/openssl/man/pkcs7.1
index c0f558785194..3e0fcee9f20e 100644
--- a/secure/usr.bin/openssl/man/pkcs7.1
+++ b/secure/usr.bin/openssl/man/pkcs7.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7 1"
-.TH PKCS7 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH PKCS7 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkcs8.1 b/secure/usr.bin/openssl/man/pkcs8.1
index e2cceef8ad26..9a74c124ce34 100644
--- a/secure/usr.bin/openssl/man/pkcs8.1
+++ b/secure/usr.bin/openssl/man/pkcs8.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS8 1"
-.TH PKCS8 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH PKCS8 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -352,7 +352,7 @@ keys produced and Therefore it can be assumed that the PKCS#5 v2.0
implementation is reasonably accurate at least as far as these
algorithms are concerned.
.PP
-The format of PKCS#8 \s-1DSA \s0(and other) private keys is not well documented:
+The format of PKCS#8 \s-1DSA\s0 (and other) private keys is not well documented:
it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default \s-1DSA\s0
PKCS#8 private key format complies with this standard.
.SH "BUGS"
diff --git a/secure/usr.bin/openssl/man/pkey.1 b/secure/usr.bin/openssl/man/pkey.1
index 4e5961d6f371..797329601894 100644
--- a/secure/usr.bin/openssl/man/pkey.1
+++ b/secure/usr.bin/openssl/man/pkey.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKEY 1"
-.TH PKEY 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH PKEY 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkeyparam.1 b/secure/usr.bin/openssl/man/pkeyparam.1
index c9a76a05f95a..f93976eb16fa 100644
--- a/secure/usr.bin/openssl/man/pkeyparam.1
+++ b/secure/usr.bin/openssl/man/pkeyparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKEYPARAM 1"
-.TH PKEYPARAM 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH PKEYPARAM 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkeyutl.1 b/secure/usr.bin/openssl/man/pkeyutl.1
index 49ad7b480996..c51a1170cbf3 100644
--- a/secure/usr.bin/openssl/man/pkeyutl.1
+++ b/secure/usr.bin/openssl/man/pkeyutl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKEYUTL 1"
-.TH PKEYUTL 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH PKEYUTL 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/rand.1 b/secure/usr.bin/openssl/man/rand.1
index 82f6f745e041..b3ce4d20b719 100644
--- a/secure/usr.bin/openssl/man/rand.1
+++ b/secure/usr.bin/openssl/man/rand.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RAND 1"
-.TH RAND 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RAND 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/req.1 b/secure/usr.bin/openssl/man/req.1
index 156f37e061a5..a2e8660a86a4 100644
--- a/secure/usr.bin/openssl/man/req.1
+++ b/secure/usr.bin/openssl/man/req.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "REQ 1"
-.TH REQ 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH REQ 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -310,7 +310,7 @@ the configuration file.
.Sp
Some public key algorithms may override this choice. For instance, \s-1DSA\s0
signatures always use \s-1SHA1, GOST R 34.10\s0 signatures always use
-\&\s-1GOST R 34.11\-94 \s0(\fB\-md_gost94\fR).
+\&\s-1GOST R 34.11\-94\s0 (\fB\-md_gost94\fR).
.IP "\fB\-config filename\fR" 4
.IX Item "-config filename"
this allows an alternative configuration file to be specified,
@@ -751,7 +751,7 @@ environment variable serves the same purpose but its use is discouraged.
.SH "BUGS"
.IX Header "BUGS"
OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively
-treats them as \s-1ISO\-8859\-1 \s0(Latin 1), Netscape and \s-1MSIE\s0 have similar behaviour.
+treats them as \s-1ISO\-8859\-1\s0 (Latin 1), Netscape and \s-1MSIE\s0 have similar behaviour.
This can cause problems if you need characters that aren't available in
PrintableStrings and you don't want to or can't use BMPStrings.
.PP
diff --git a/secure/usr.bin/openssl/man/rsa.1 b/secure/usr.bin/openssl/man/rsa.1
index 132fb6fc9042..59adddec669f 100644
--- a/secure/usr.bin/openssl/man/rsa.1
+++ b/secure/usr.bin/openssl/man/rsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA 1"
-.TH RSA 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RSA 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -265,7 +265,7 @@ The \s-1PEM\s0 public key format uses the header and footer lines:
\& \-\-\-\-\-END PUBLIC KEY\-\-\-\-\-
.Ve
.PP
-The \s-1PEM \s0\fBRSAPublicKey\fR format uses the header and footer lines:
+The \s-1PEM\s0 \fBRSAPublicKey\fR format uses the header and footer lines:
.PP
.Vb 2
\& \-\-\-\-\-BEGIN RSA PUBLIC KEY\-\-\-\-\-
@@ -273,7 +273,7 @@ The \s-1PEM \s0\fBRSAPublicKey\fR format uses the header and footer lines:
.Ve
.PP
The \fB\s-1NET\s0\fR form is a format compatible with older Netscape servers
-and Microsoft \s-1IIS \s0.key files, this uses unsalted \s-1RC4\s0 for its encryption.
+and Microsoft \s-1IIS\s0 .key files, this uses unsalted \s-1RC4\s0 for its encryption.
It is not very secure and so should only be used when necessary.
.PP
Some newer version of \s-1IIS\s0 have additional data in the exported .key
diff --git a/secure/usr.bin/openssl/man/rsautl.1 b/secure/usr.bin/openssl/man/rsautl.1
index 5dc33a736f09..fc1a0da59a7e 100644
--- a/secure/usr.bin/openssl/man/rsautl.1
+++ b/secure/usr.bin/openssl/man/rsautl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSAUTL 1"
-.TH RSAUTL 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RSAUTL 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/s_client.1 b/secure/usr.bin/openssl/man/s_client.1
index e9feb289d679..a02eab0c33a1 100644
--- a/secure/usr.bin/openssl/man/s_client.1
+++ b/secure/usr.bin/openssl/man/s_client.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "S_CLIENT 1"
-.TH S_CLIENT 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH S_CLIENT 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -202,7 +202,7 @@ This specifies the host and optional port to connect to. If not specified
then an attempt is made to connect to the local host on port 4433.
.IP "\fB\-servername name\fR" 4
.IX Item "-servername name"
-Set the \s-1TLS SNI \s0(Server Name Indication) extension in the ClientHello message.
+Set the \s-1TLS SNI\s0 (Server Name Indication) extension in the ClientHello message.
.IP "\fB\-cert certname\fR" 4
.IX Item "-cert certname"
The certificate to use, if one is requested by the server. The default is
@@ -254,8 +254,9 @@ be used as a test that session caching is working.
pauses 1 second between each read and write call.
.IP "\fB\-showcerts\fR" 4
.IX Item "-showcerts"
-display the whole server certificate chain: normally only the server
-certificate itself is displayed.
+Displays the server certificate list as sent by the server: it only consists of
+certificates the server has sent (in the order the server has sent them). It is
+\&\fBnot\fR a verified chain.
.IP "\fB\-prexit\fR" 4
.IX Item "-prexit"
print session information when the program exits. This will always attempt
@@ -438,7 +439,8 @@ a client certificate. Therefor merely including a client certificate
on the command line is no guarantee that the certificate works.
.PP
If there are problems verifying a server certificate then the
-\&\fB\-showcerts\fR option can be used to show the whole chain.
+\&\fB\-showcerts\fR option can be used to show all the certificates sent by the
+server.
.PP
Since the SSLv23 client hello cannot include compression methods or extensions
these will only be supported if its use is disabled, for example by using the
diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1
index dd571d601ef6..9e3198ad82a9 100644
--- a/secure/usr.bin/openssl/man/s_server.1
+++ b/secure/usr.bin/openssl/man/s_server.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "S_SERVER 1"
-.TH S_SERVER 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH S_SERVER 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -215,8 +215,8 @@ is not present a default value will be used.
.IX Item "-cert certname"
The certificate to use, most servers cipher suites require the use of a
certificate and some require a certificate with a certain public key type:
-for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS
-\&\s0(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used.
+for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS\s0
+(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used.
.IP "\fB\-certform format\fR" 4
.IX Item "-certform format"
The certificate format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default.
@@ -238,7 +238,7 @@ same manner as the \fB\-cert\fR and \fB\-key\fR options except there is no defau
if they are not specified (no additional certificate and key is used). As
noted above some cipher suites require a certificate containing a key of
a certain type. Some cipher suites need a certificate carrying an \s-1RSA\s0 key
-and some a \s-1DSS \s0(\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys
+and some a \s-1DSS\s0 (\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys
a server can support clients which only support \s-1RSA\s0 or \s-1DSS\s0 cipher suites
by using an appropriate certificate.
.IP "\fB\-dcertform format\fR, \fB\-dkeyform format\fR, \fB\-dpass arg\fR" 4
diff --git a/secure/usr.bin/openssl/man/s_time.1 b/secure/usr.bin/openssl/man/s_time.1
index 41d790d21f79..dace18071052 100644
--- a/secure/usr.bin/openssl/man/s_time.1
+++ b/secure/usr.bin/openssl/man/s_time.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "S_TIME 1"
-.TH S_TIME 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH S_TIME 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/sess_id.1 b/secure/usr.bin/openssl/man/sess_id.1
index 1cad84657be9..55e577da5e15 100644
--- a/secure/usr.bin/openssl/man/sess_id.1
+++ b/secure/usr.bin/openssl/man/sess_id.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SESS_ID 1"
-.TH SESS_ID 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SESS_ID 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/smime.1 b/secure/usr.bin/openssl/man/smime.1
index c91a00ebf932..d7d1423917d5 100644
--- a/secure/usr.bin/openssl/man/smime.1
+++ b/secure/usr.bin/openssl/man/smime.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SMIME 1"
-.TH SMIME 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SMIME 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -251,7 +251,7 @@ is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type.
.IX Item "-text"
this option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied
message if encrypting or signing. If decrypting or verifying it strips
-off text headers: if the decrypted or verified message is not of \s-1MIME \s0
+off text headers: if the decrypted or verified message is not of \s-1MIME\s0
type text/plain then an error occurs.
.IP "\fB\-CAfile file\fR" 4
.IX Item "-CAfile file"
@@ -268,8 +268,8 @@ digest algorithm to use when signing or resigning. If not present then the
default digest algorithm for the signing key will be used (usually \s-1SHA1\s0).
.IP "\fB\-[cipher]\fR" 4
.IX Item "-[cipher]"
-the encryption algorithm to use. For example \s-1DES \s0(56 bits) \- \fB\-des\fR,
-triple \s-1DES \s0(168 bits) \- \fB\-des3\fR,
+the encryption algorithm to use. For example \s-1DES\s0 (56 bits) \- \fB\-des\fR,
+triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR,
\&\fIEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for
example \fB\-aes_128_cbc\fR. See \fBenc\fR for list of ciphers
supported by your version of OpenSSL.
diff --git a/secure/usr.bin/openssl/man/speed.1 b/secure/usr.bin/openssl/man/speed.1
index 0b27152159d6..d249db4ab7e1 100644
--- a/secure/usr.bin/openssl/man/speed.1
+++ b/secure/usr.bin/openssl/man/speed.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SPEED 1"
-.TH SPEED 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SPEED 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/spkac.1 b/secure/usr.bin/openssl/man/spkac.1
index 1d5ca44be1ee..762b8a222540 100644
--- a/secure/usr.bin/openssl/man/spkac.1
+++ b/secure/usr.bin/openssl/man/spkac.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SPKAC 1"
-.TH SPKAC 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SPKAC 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -189,11 +189,11 @@ allows an alternative name form the section containing the
\&\s-1SPKAC.\s0 The default is the default section.
.IP "\fB\-noout\fR" 4
.IX Item "-noout"
-don't output the text version of the \s-1SPKAC \s0(not used if an
+don't output the text version of the \s-1SPKAC\s0 (not used if an
\&\s-1SPKAC\s0 is being created).
.IP "\fB\-pubkey\fR" 4
.IX Item "-pubkey"
-output the public key of an \s-1SPKAC \s0(not used if an \s-1SPKAC\s0 is
+output the public key of an \s-1SPKAC\s0 (not used if an \s-1SPKAC\s0 is
being created).
.IP "\fB\-verify\fR" 4
.IX Item "-verify"
@@ -224,7 +224,7 @@ Create an \s-1SPKAC\s0 using the challenge string \*(L"hello\*(R":
\& openssl spkac \-key key.pem \-challenge hello \-out spkac.cnf
.Ve
.PP
-Example of an \s-1SPKAC, \s0(long lines split up for clarity):
+Example of an \s-1SPKAC,\s0 (long lines split up for clarity):
.PP
.Vb 5
\& SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\e
diff --git a/secure/usr.bin/openssl/man/ts.1 b/secure/usr.bin/openssl/man/ts.1
index 40ec82db3dbf..34c30ebffa6f 100644
--- a/secure/usr.bin/openssl/man/ts.1
+++ b/secure/usr.bin/openssl/man/ts.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "TS 1"
-.TH TS 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH TS 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -183,7 +183,7 @@ ts \- Time Stamping Authority tool (client/server)
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBts\fR command is a basic Time Stamping Authority (\s-1TSA\s0) client and server
-application as specified in \s-1RFC 3161 \s0(Time-Stamp Protocol, \s-1TSP\s0). A
+application as specified in \s-1RFC 3161\s0 (Time-Stamp Protocol, \s-1TSP\s0). A
\&\s-1TSA\s0 can be part of a \s-1PKI\s0 deployment and its role is to provide long
term proof of the existence of a certain datum before a particular
time. Here is a brief description of the protocol:
@@ -242,7 +242,7 @@ in use. (Optional)
.IX Item "-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160|..."
The message digest to apply to the data file, it supports all the message
digest algorithms that are supported by the openssl \fBdgst\fR command.
-The default is \s-1SHA\-1. \s0(Optional)
+The default is \s-1SHA\-1.\s0 (Optional)
.IP "\fB\-policy\fR object_id" 4
.IX Item "-policy object_id"
The policy that the client expects the \s-1TSA\s0 to use for creating the
@@ -273,7 +273,7 @@ is stdout. (Optional)
.IP "\fB\-text\fR" 4
.IX Item "-text"
If this option is specified the output is human-readable text format
-instead of \s-1DER. \s0(Optional)
+instead of \s-1DER.\s0 (Optional)
.SS "Time Stamp Response generation"
.IX Subsection "Time Stamp Response generation"
A time stamp response (TimeStampResp) consists of a response status
@@ -351,7 +351,7 @@ response (TimeStampResp). (Optional)
.IP "\fB\-text\fR" 4
.IX Item "-text"
If this option is specified the output is human-readable text format
-instead of \s-1DER. \s0(Optional)
+instead of \s-1DER.\s0 (Optional)
.IP "\fB\-engine\fR id" 4
.IX Item "-engine id"
Specifying an engine (by its unique \fBid\fR string) will cause \fBts\fR
@@ -394,7 +394,7 @@ client. See the similar option of \fIverify\fR\|(1) for additional
details. Either this option or \fB\-CAfile\fR must be specified. (Optional)
.IP "\fB\-CAfile\fR trusted_certs.pem" 4
.IX Item "-CAfile trusted_certs.pem"
-The name of the file containing a set of trusted self-signed \s-1CA \s0
+The name of the file containing a set of trusted self-signed \s-1CA\s0
certificates in \s-1PEM\s0 format. See the similar option of
\&\fIverify\fR\|(1) for additional details. Either this option
or \fB\-CApath\fR must be specified.
@@ -511,7 +511,7 @@ configuration file, e.g. the example configuration file
openssl/apps/openssl.cnf will do.
.SS "Time Stamp Request"
.IX Subsection "Time Stamp Request"
-To create a time stamp request for design1.txt with \s-1SHA\-1 \s0
+To create a time stamp request for design1.txt with \s-1SHA\-1\s0
without nonce and policy and no certificate is required in the response:
.PP
.Vb 2
diff --git a/secure/usr.bin/openssl/man/tsget.1 b/secure/usr.bin/openssl/man/tsget.1
index 45fb124013d4..a04cc9594b20 100644
--- a/secure/usr.bin/openssl/man/tsget.1
+++ b/secure/usr.bin/openssl/man/tsget.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "TSGET 1"
-.TH TSGET 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH TSGET 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -225,13 +225,13 @@ certificate-based client authentication will take place. (Optional)
.IX Item "-C CA_certs.pem"
(\s-1HTTPS\s0) The trusted \s-1CA\s0 certificate store. The certificate chain of the peer's
certificate must include one of the \s-1CA\s0 certificates specified in this file.
-Either option \fB\-C\fR or option \fB\-P\fR must be given in case of \s-1HTTPS. \s0(Optional)
+Either option \fB\-C\fR or option \fB\-P\fR must be given in case of \s-1HTTPS.\s0 (Optional)
.IP "\fB\-P\fR CA_path" 4
.IX Item "-P CA_path"
(\s-1HTTPS\s0) The path containing the trusted \s-1CA\s0 certificates to verify the peer's
certificate. The directory must be prepared with the \fBc_rehash\fR
OpenSSL utility. Either option \fB\-C\fR or option \fB\-P\fR must be given in case of
-\&\s-1HTTPS. \s0(Optional)
+\&\s-1HTTPS.\s0 (Optional)
.IP "\fB\-rand\fR file:file..." 4
.IX Item "-rand file:file..."
The files containing random data for seeding the random number
diff --git a/secure/usr.bin/openssl/man/verify.1 b/secure/usr.bin/openssl/man/verify.1
index f55ce75addb0..60649b8a6c8f 100644
--- a/secure/usr.bin/openssl/man/verify.1
+++ b/secure/usr.bin/openssl/man/verify.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "VERIFY 1"
-.TH VERIFY 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH VERIFY 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/version.1 b/secure/usr.bin/openssl/man/version.1
index fa1e53308793..df5ab0084033 100644
--- a/secure/usr.bin/openssl/man/version.1
+++ b/secure/usr.bin/openssl/man/version.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "VERSION 1"
-.TH VERSION 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH VERSION 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/x509.1 b/secure/usr.bin/openssl/man/x509.1
index 84d5cca794b6..df969c81ed3f 100644
--- a/secure/usr.bin/openssl/man/x509.1
+++ b/secure/usr.bin/openssl/man/x509.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509 1"
-.TH X509 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH X509 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -559,8 +559,8 @@ field contents. For example \*(L"\s-1BMPSTRING:\s0 Hello World\*(R".
.IX Item "dump_der"
when this option is set any fields that need to be hexdumped will
be dumped using the \s-1DER\s0 encoding of the field. Otherwise just the
-content octets will be displayed. Both options use the \s-1RFC2253
-\&\s0\fB#XXXX...\fR format.
+content octets will be displayed. Both options use the \s-1RFC2253\s0
+\&\fB#XXXX...\fR format.
.IP "\fBdump_nostr\fR" 4
.IX Item "dump_nostr"
dump non character string types (for example \s-1OCTET STRING\s0) if this
@@ -780,7 +780,7 @@ so this section is useful if a chain is rejected by the verify code.
.PP
The basicConstraints extension \s-1CA\s0 flag is used to determine whether the
certificate can be used as a \s-1CA.\s0 If the \s-1CA\s0 flag is true then it is a \s-1CA,\s0
-if the \s-1CA\s0 flag is false then it is not a \s-1CA. \s0\fBAll\fR CAs should have the
+if the \s-1CA\s0 flag is false then it is not a \s-1CA.\s0 \fBAll\fR CAs should have the
\&\s-1CA\s0 flag set to true.
.PP
If the basicConstraints extension is absent then the certificate is
@@ -808,7 +808,7 @@ basicConstraints and keyUsage and V1 certificates above apply to \fBall\fR
.IP "\fB\s-1SSL\s0 Client\fR" 4
.IX Item "SSL Client"
The extended key usage extension must be absent or include the \*(L"web client
-authentication\*(R" \s-1OID. \s0 keyUsage must be absent or it must have the
+authentication\*(R" \s-1OID.\s0 keyUsage must be absent or it must have the
digitalSignature bit set. Netscape certificate type must be absent or it must
have the \s-1SSL\s0 client bit set.
.IP "\fB\s-1SSL\s0 Client \s-1CA\s0\fR" 4
diff --git a/secure/usr.bin/openssl/man/x509v3_config.1 b/secure/usr.bin/openssl/man/x509v3_config.1
index aeb5fb532a09..ab46f48c8a03 100644
--- a/secure/usr.bin/openssl/man/x509v3_config.1
+++ b/secure/usr.bin/openssl/man/x509v3_config.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509V3_CONFIG 1"
-.TH X509V3_CONFIG 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH X509V3_CONFIG 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l