[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Fri Apr 7 18:37:05 UTC 2017
The branch master has been updated
via 2f61bc2ea306c059d8b00ddf32025a0b30346d8f (commit)
via e1271ac2212f7cde14df478558bfaae2834fa09e (commit)
via 8c32663cddc50b7afa5af40d515575b5c1d4d4c8 (commit)
via 5a3371e22164592d7ff6d69245768ed4dde89a1a (commit)
from 79b4c806a1680b631937c5cfc74a65e7b0ad97f4 (commit)
- Log -----------------------------------------------------------------
commit 2f61bc2ea306c059d8b00ddf32025a0b30346d8f
Author: Rich Salz <rsalz at openssl.org>
Date: Fri Apr 7 13:37:47 2017 -0400
Use 'over 2' for bullet lists.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3117)
commit e1271ac2212f7cde14df478558bfaae2834fa09e
Author: Rich Salz <rsalz at openssl.org>
Date: Mon Apr 3 15:39:09 2017 -0400
Standardize on =over 4 and check for it.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3117)
commit 8c32663cddc50b7afa5af40d515575b5c1d4d4c8
Author: Rich Salz <rsalz at openssl.org>
Date: Mon Apr 3 15:30:20 2017 -0400
Add missing =back
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3117)
commit 5a3371e22164592d7ff6d69245768ed4dde89a1a
Author: Rich Salz <rsalz at openssl.org>
Date: Mon Apr 3 15:29:56 2017 -0400
Check for L<foo|foo>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3117)
-----------------------------------------------------------------------
Summary of changes:
doc/man1/dgst.pod | 2 +-
doc/man1/openssl.pod | 10 +++----
doc/man1/rehash.pod | 2 +-
doc/man1/ts.pod | 22 +++++++++++----
doc/man3/ASN1_generate_nconf.pod | 6 ++--
doc/man3/BIO_set_callback.pod | 2 +-
doc/man3/BN_copy.pod | 2 +-
doc/man3/BN_generate_prime.pod | 2 +-
doc/man3/CRYPTO_THREAD_run_once.pod | 9 +++++-
doc/man3/CT_POLICY_EVAL_CTX_new.pod | 36 ++++++++++++++++-------
doc/man3/DSA_generate_parameters.pod | 2 +-
doc/man3/EVP_CIPHER_meth_new.pod | 2 +-
doc/man3/OPENSSL_ia32cap.pod | 4 +--
doc/man3/RSA_generate_key.pod | 2 +-
doc/man3/SCT_new.pod | 55 ++++++++++++++++++++++++++----------
doc/man3/SCT_validate.pod | 14 ++++++---
doc/man3/SSL_get_version.pod | 4 ++-
doc/man3/SSL_set_bio.pod | 2 +-
doc/man3/d2i_X509.pod | 2 +-
doc/man7/des_modes.pod | 2 --
doc/man7/evp.pod | 2 +-
util/find-doc-nits | 4 +++
22 files changed, 128 insertions(+), 60 deletions(-)
diff --git a/doc/man1/dgst.pod b/doc/man1/dgst.pod
index 9faaf34..677f2b2 100644
--- a/doc/man1/dgst.pod
+++ b/doc/man1/dgst.pod
@@ -133,7 +133,7 @@ via B<-macopt> parameter.
Passes options to MAC algorithm, specified by B<-mac> key.
Following options are supported by both by B<HMAC> and B<gost-mac>:
-=over 8
+=over 4
=item B<key:string>
diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
index bfac312..7fc53c9 100644
--- a/doc/man1/openssl.pod
+++ b/doc/man1/openssl.pod
@@ -75,7 +75,7 @@ B<list>, or B<no->I<XXX> itself.)
=head2 Standard Commands
-=over 10
+=over 4
=item L<B<asn1parse>|asn1parse(1)>
@@ -268,7 +268,7 @@ X.509 Certificate Data Management.
=head2 Message Digest Commands
-=over 10
+=over 4
=item B<md2>
@@ -314,7 +314,7 @@ SHA-512 Digest
=head2 Encoding and Cipher Commands
-=over 10
+=over 4
=item B<base64>
@@ -365,7 +365,7 @@ This section describes some common options with common behavior.
=head2 Common Options
-=over 10
+=over 4
=item B<-help>
@@ -383,7 +383,7 @@ password argument is given and a password is required then the user is
prompted to enter one: this will typically be read from the current
terminal with echoing turned off.
-=over 10
+=over 4
=item B<pass:password>
diff --git a/doc/man1/rehash.pod b/doc/man1/rehash.pod
index 936fda6..1dca9b5 100644
--- a/doc/man1/rehash.pod
+++ b/doc/man1/rehash.pod
@@ -107,7 +107,7 @@ By default, B<rehash> only lists each directory as it is processed.
=head1 ENVIRONMENT
-=over
+=over 4
=item B<OPENSSL>
diff --git a/doc/man1/ts.pod b/doc/man1/ts.pod
index 5b2e639..2ec9837 100644
--- a/doc/man1/ts.pod
+++ b/doc/man1/ts.pod
@@ -608,25 +608,35 @@ You could also look at the 'test' directory for more examples.
If you find any bugs or you have suggestions please write to
Zoltan Glozik <zglozik at opentsa.org>. Known issues:
-=over 4
+=over 2
+
+=item *
-=item * No support for time stamps over SMTP, though it is quite easy
+No support for time stamps over SMTP, though it is quite easy
to implement an automatic e-mail based TSA with L<procmail(1)>
and L<perl(1)>. HTTP server support is provided in the form of
a separate apache module. HTTP client support is provided by
L<tsget(1)>. Pure TCP/IP protocol is not supported.
-=item * The file containing the last serial number of the TSA is not
+=item *
+
+The file containing the last serial number of the TSA is not
locked when being read or written. This is a problem if more than one
instance of L<openssl(1)> is trying to create a time stamp
response at the same time. This is not an issue when using the apache
server module, it does proper locking.
-=item * Look for the FIXME word in the source files.
+=item *
+
+Look for the FIXME word in the source files.
+
+=item *
+
+The source code should really be reviewed by somebody else, too.
-=item * The source code should really be reviewed by somebody else, too.
+=item *
-=item * More testing is needed, I have done only some basic tests (see
+More testing is needed, I have done only some basic tests (see
test/testtsa).
=back
diff --git a/doc/man3/ASN1_generate_nconf.pod b/doc/man3/ASN1_generate_nconf.pod
index 92f624f..bf29af6 100644
--- a/doc/man3/ASN1_generate_nconf.pod
+++ b/doc/man3/ASN1_generate_nconf.pod
@@ -30,7 +30,7 @@ The actual data encoded is determined by the string B<str> and
the configuration information. The general format of the string
is:
-=over 2
+=over 4
=item B<[modifier,]type[:value]>
@@ -45,7 +45,7 @@ B<value> and B<modifier> are explained below.
The supported types are listed below. Unless otherwise specified
only the B<ASCII> format is permissible.
-=over 2
+=over 4
=item B<BOOLEAN>, B<BOOL>
@@ -126,7 +126,7 @@ add EXPLICIT or IMPLICIT tagging, add wrappers or to change
the string format of the final type and value. The supported
formats are documented below.
-=over 2
+=over 4
=item B<EXPLICIT>, B<EXP>
diff --git a/doc/man3/BIO_set_callback.pod b/doc/man3/BIO_set_callback.pod
index ed395fa..3d15859 100644
--- a/doc/man3/BIO_set_callback.pod
+++ b/doc/man3/BIO_set_callback.pod
@@ -52,7 +52,7 @@ BIO_callback_fn_ex() is the type of the callback function and BIO_callback_fn()
is the type of the old format callback function. The meaning of each argument
is described below:
-=over
+=over 4
=item B<b>
diff --git a/doc/man3/BN_copy.pod b/doc/man3/BN_copy.pod
index 500f4b2..46de544 100644
--- a/doc/man3/BN_copy.pod
+++ b/doc/man3/BN_copy.pod
@@ -29,7 +29,7 @@ B<BN_FLG_CONSTTIME> flag set for constant time operations. The temporary copy in
B<dest> will share some internal state with B<b>. For this reason the following
restrictions apply to the use of B<dest>:
-=over 4
+=over 2
=item *
diff --git a/doc/man3/BN_generate_prime.pod b/doc/man3/BN_generate_prime.pod
index a4ef230..c97536b 100644
--- a/doc/man3/BN_generate_prime.pod
+++ b/doc/man3/BN_generate_prime.pod
@@ -55,7 +55,7 @@ If B<ret> is not B<NULL>, it will be used to store the number.
If B<cb> is not B<NULL>, it is used as follows:
-=over 4
+=over 2
=item *
diff --git a/doc/man3/CRYPTO_THREAD_run_once.pod b/doc/man3/CRYPTO_THREAD_run_once.pod
index 45545c8..b256a18 100644
--- a/doc/man3/CRYPTO_THREAD_run_once.pod
+++ b/doc/man3/CRYPTO_THREAD_run_once.pod
@@ -32,9 +32,10 @@ supported by OpenSSL.
The following multi-threading function are provided:
-=over 4
+=over 2
=item *
+
CRYPTO_THREAD_run_once() can be used to perform one-time initialization.
The B<once> argument must be a pointer to a static object of type
B<CRYPTO_ONCE> that was statically initialized to the value
@@ -45,22 +46,28 @@ In particular, this can be used to allocate locks in a thread-safe manner,
which can then be used with the locking functions below.
=item *
+
CRYPTO_THREAD_lock_new() allocates, initializes and returns a new read/write
lock.
=item *
+
CRYPTO_THREAD_read_lock() locks the provided B<lock> for reading.
=item *
+
CRYPTO_THREAD_write_lock() locks the provided B<lock> for writing.
=item *
+
CRYPTO_THREAD_unlock() unlocks the previously locked B<lock>.
=item *
+
CRYPTO_THREAD_lock_frees() frees the provided B<lock>.
=item *
+
CRYPTO_atomic_add() atomically adds B<amount> to B<val> and returns the
result of the operation in B<ret>. B<lock> will be locked, unless atomic
operations are supported on the specific platform. Because of this, if a
diff --git a/doc/man3/CT_POLICY_EVAL_CTX_new.pod b/doc/man3/CT_POLICY_EVAL_CTX_new.pod
index fedc58d..4d0cae3 100644
--- a/doc/man3/CT_POLICY_EVAL_CTX_new.pod
+++ b/doc/man3/CT_POLICY_EVAL_CTX_new.pod
@@ -32,15 +32,23 @@ This policy may be, for example, that at least one valid SCT is available. To
determine this, an SCT's timestamp and signature must be verified.
This requires:
-=over
+=over 2
-=item * the public key of the log that issued the SCT
+=item *
-=item * the certificate that the SCT was issued for
+the public key of the log that issued the SCT
-=item * the issuer certificate (if the SCT was issued for a pre-certificate)
+=item *
-=item * the current time
+the certificate that the SCT was issued for
+
+=item *
+
+the issuer certificate (if the SCT was issued for a pre-certificate)
+
+=item *
+
+the current time
=back
@@ -49,22 +57,30 @@ The above requirements are met using the setters described below.
CT_POLICY_EVAL_CTX_new() creates an empty policy evaluation context. This
should then be populated using:
-=over
+=over 2
-=item * CT_POLICY_EVAL_CTX_set1_cert() to provide the certificate the SCTs were issued for
+=item *
+
+CT_POLICY_EVAL_CTX_set1_cert() to provide the certificate the SCTs were issued for
Increments the reference count of the certificate.
-=item * CT_POLICY_EVAL_CTX_set1_issuer() to provide the issuer certificate
+=item *
+
+CT_POLICY_EVAL_CTX_set1_issuer() to provide the issuer certificate
Increments the reference count of the certificate.
-=item * CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE() to provide a list of logs that are trusted as sources of SCTs
+=item *
+
+CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE() to provide a list of logs that are trusted as sources of SCTs
Holds a pointer to the CTLOG_STORE, so the CTLOG_STORE must outlive the
CT_POLICY_EVAL_CTX.
-=item * CT_POLICY_EVAL_CTX_set_time() to set the time SCTs should be compared with to determine if they are valid
+=item *
+
+CT_POLICY_EVAL_CTX_set_time() to set the time SCTs should be compared with to determine if they are valid
The SCT timestamp will be compared to this time to check whether the SCT was
issued in the future. RFC6962 states that "TLS clients MUST reject SCTs whose
diff --git a/doc/man3/DSA_generate_parameters.pod b/doc/man3/DSA_generate_parameters.pod
index 2cb20fa..fc05149 100644
--- a/doc/man3/DSA_generate_parameters.pod
+++ b/doc/man3/DSA_generate_parameters.pod
@@ -42,7 +42,7 @@ called as shown below. For information on the BN_GENCB structure and the
BN_GENCB_call function discussed below, refer to
L<BN_generate_prime(3)>.
-=over 4
+=over 2
=item *
diff --git a/doc/man3/EVP_CIPHER_meth_new.pod b/doc/man3/EVP_CIPHER_meth_new.pod
index 6e18ed5..ef47f0f 100644
--- a/doc/man3/EVP_CIPHER_meth_new.pod
+++ b/doc/man3/EVP_CIPHER_meth_new.pod
@@ -82,7 +82,7 @@ With the exception of cipher modes, of which only one may be present,
several flags can be or'd together.
The available flags are:
-=over
+=over 4
=item EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE,
EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE,
diff --git a/doc/man3/OPENSSL_ia32cap.pod b/doc/man3/OPENSSL_ia32cap.pod
index 5071659..7c5fde3 100644
--- a/doc/man3/OPENSSL_ia32cap.pod
+++ b/doc/man3/OPENSSL_ia32cap.pod
@@ -19,7 +19,7 @@ between different code paths to provide optimal performance across wide
range of processors. For the moment of this writing following bits are
significant:
-=over
+=over 4
=item bit #4 denoting presence of Time-Stamp Counter.
@@ -86,7 +86,7 @@ are applied, most notably in AES assembler module.
The capability vector is further extended with EBX value returned by
CPUID with EAX=7 and ECX=0 as input. Following bits are significant:
-=over
+=over 4
=item bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN;
diff --git a/doc/man3/RSA_generate_key.pod b/doc/man3/RSA_generate_key.pod
index 24e05bd..e51c0b1 100644
--- a/doc/man3/RSA_generate_key.pod
+++ b/doc/man3/RSA_generate_key.pod
@@ -32,7 +32,7 @@ progress of the key generation. If B<cb> is not B<NULL>, it
will be called as follows using the BN_GENCB_call() function
described on the L<BN_generate_prime(3)> page.
-=over 4
+=over 2
=item *
diff --git a/doc/man3/SCT_new.pod b/doc/man3/SCT_new.pod
index 086e389..e85b21c 100644
--- a/doc/man3/SCT_new.pod
+++ b/doc/man3/SCT_new.pod
@@ -84,31 +84,45 @@ An internal representation of an SCT can be created in one of two ways.
The first option is to create a blank SCT, using SCT_new(), and then populate
it using:
-=over
+=over 2
-=item * SCT_set_version() to set the SCT version.
+=item *
+
+SCT_set_version() to set the SCT version.
Only SCT_VERSION_V1 is currently supported.
-=item * SCT_set_log_entry_type() to set the type of certificate the SCT was issued for:
+=item *
+
+SCT_set_log_entry_type() to set the type of certificate the SCT was issued for:
B<CT_LOG_ENTRY_TYPE_X509> for a normal certificate.
B<CT_LOG_ENTRY_TYPE_PRECERT> for a pre-certificate.
-=item * SCT_set0_log_id() or SCT_set1_log_id() to set the LogID of the CT log that the SCT came from.
+=item *
+
+SCT_set0_log_id() or SCT_set1_log_id() to set the LogID of the CT log that the SCT came from.
The former takes ownership, whereas the latter makes a copy.
See RFC 6962, Section 3.2 for the definition of LogID.
-=item * SCT_set_timestamp() to set the time the SCT was issued (epoch time in milliseconds).
+=item *
+
+SCT_set_timestamp() to set the time the SCT was issued (epoch time in milliseconds).
+
+=item *
+
+SCT_set_signature_nid() to set the NID of the signature.
-=item * SCT_set_signature_nid() to set the NID of the signature.
+=item *
-=item * SCT_set0_signature() or SCT_set1_signature() to set the raw signature value.
+SCT_set0_signature() or SCT_set1_signature() to set the raw signature value.
The former takes ownership, whereas the latter makes a copy.
-=item * SCT_set0_extensions() or B<SCT_set1_extensions> to provide SCT extensions.
+=item *
+
+SCT_set0_extensions() or B<SCT_set1_extensions> to provide SCT extensions.
The former takes ownership, whereas the latter makes a copy.
@@ -117,22 +131,33 @@ The former takes ownership, whereas the latter makes a copy.
Alternatively, the SCT can be pre-populated from the following data using
SCT_new_from_base64():
-=over
+=over 2
+
+=item *
+
+The SCT version (only SCT_VERSION_V1 is currently supported).
-=item * The SCT version (only SCT_VERSION_V1 is currently supported).
+=item *
-=item * The LogID (see RFC 6962, Section 3.2), base64 encoded.
+The LogID (see RFC 6962, Section 3.2), base64 encoded.
-=item * The type of certificate the SCT was issued for:
+=item *
+The type of certificate the SCT was issued for:
B<CT_LOG_ENTRY_TYPE_X509> for a normal certificate.
B<CT_LOG_ENTRY_TYPE_PRECERT> for a pre-certificate.
-=item * The time that the SCT was issued (epoch time in milliseconds).
+=item *
+
+The time that the SCT was issued (epoch time in milliseconds).
+
+=item *
+
+The SCT extensions, base64 encoded.
-=item * The SCT extensions, base64 encoded.
+=item *
-=item * The SCT signature, base64 encoded.
+The SCT signature, base64 encoded.
=back
diff --git a/doc/man3/SCT_validate.pod b/doc/man3/SCT_validate.pod
index 9868a28..5ff0e8c 100644
--- a/doc/man3/SCT_validate.pod
+++ b/doc/man3/SCT_validate.pod
@@ -31,20 +31,26 @@ SCT_get_validation_status().
A CT_POLICY_EVAL_CTX must be provided that specifies:
-=over
+=over 2
-=item * The certificate the SCT was issued for.
+=item *
+
+The certificate the SCT was issued for.
Failure to provide the certificate will result in the validation status being
SCT_VALIDATION_STATUS_UNVERIFIED.
-=item * The issuer of that certificate.
+=item *
+
+The issuer of that certificate.
This is only required if the SCT was issued for a pre-certificate
(see RFC 6962). If it is required but not provided, the validation status will
be SCT_VALIDATION_STATUS_UNVERIFIED.
-=item * A CTLOG_STORE that contains the CT log that issued this SCT.
+=item *
+
+A CTLOG_STORE that contains the CT log that issued this SCT.
If the SCT was issued by a log that is not in this CTLOG_STORE, the validation
status will be SCT_VALIDATION_STATUS_UNKNOWN_LOG.
diff --git a/doc/man3/SSL_get_version.pod b/doc/man3/SSL_get_version.pod
index 57cacfe..f8dd85e 100644
--- a/doc/man3/SSL_get_version.pod
+++ b/doc/man3/SSL_get_version.pod
@@ -64,7 +64,7 @@ This indicates that no version has been set (no connection established).
SSL_version() and SSL_client_version() return an integer which could include any of
the following:
-=over 5
+=over 4
=item SSL3_VERSION
@@ -86,6 +86,8 @@ The connection uses the TLSv1.2 protocol.
The connection uses the TLSv1.3 protocol.
+=back
+
=head1 SEE ALSO
L<ssl(7)>
diff --git a/doc/man3/SSL_set_bio.pod b/doc/man3/SSL_set_bio.pod
index 104f406..4230940 100644
--- a/doc/man3/SSL_set_bio.pod
+++ b/doc/man3/SSL_set_bio.pod
@@ -37,7 +37,7 @@ the rules for this are much more complex. For this reason this function is
considered a legacy function and SSL_set0_rbio() and SSL_set0_wbio() should be
used in preference. The ownership rules are as follows:
-=over 4
+=over 2
=item *
diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod
index da5386b..f78d020 100644
--- a/doc/man3/d2i_X509.pod
+++ b/doc/man3/d2i_X509.pod
@@ -436,7 +436,7 @@ another will be processed after it.
The following points about the data types might be useful:
-=over
+=over 4
=item B<ASN1_OBJECT>
diff --git a/doc/man7/des_modes.pod b/doc/man7/des_modes.pod
index 89f14b8..f7415d7 100644
--- a/doc/man7/des_modes.pod
+++ b/doc/man7/des_modes.pod
@@ -124,7 +124,6 @@ Normally, this is found as the function I<algorithm>_ofb_encrypt().
=over 2
-
=item *
a number of bits (j) <= 64 are enciphered at a time.
@@ -220,7 +219,6 @@ Normally, this is found as the function I<algorithm>_ede3_cbc_encrypt().
=over 2
-
=item *
Encrypt with key1, decrypt with key2 and then encrypt with key3.
diff --git a/doc/man7/evp.pod b/doc/man7/evp.pod
index 9c9cbe0..fbc357e 100644
--- a/doc/man7/evp.pod
+++ b/doc/man7/evp.pod
@@ -36,7 +36,7 @@ L<EVP_PKEY_print_private(3)>.
The EVP_PKEY functions support the full range of asymmetric algorithm operations:
-=over
+=over 4
=item For key agreement see L<EVP_PKEY_derive(3)>
diff --git a/util/find-doc-nits b/util/find-doc-nits
index f14e36e..6369880 100755
--- a/util/find-doc-nits
+++ b/util/find-doc-nits
@@ -160,6 +160,10 @@ sub check()
if $contents =~ /=head1 NAME.*\.\n.*=head1 SYNOPSIS/ms;
print "$id POD markup in NAME section\n"
if $contents =~ /=head1 NAME.*[<>].*=head1 SYNOPSIS/ms;
+ print "$id Duplicate $1 in L<>\n"
+ if $contents =~ /L<([^>]*)\|([^>]*)>/ && $1 eq $2;
+ print "$id Bad =over $1\n"
+ if $contents =~ /=over([^ ][^24])/;
# Look for multiple consecutive openssl #include lines.
# Consecutive because of files like md5.pod. Sometimes it's okay
More information about the openssl-commits
mailing list