[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Rich Salz
rsalz at openssl.org
Fri Apr 7 18:55:36 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via 74c29dc6eac1f6f8a8c2ca28f8c01a43beb8c15b (commit)
via ae9b7e02ecb06def1ccc1d132bd9ba7de1347518 (commit)
from 8d8cae7d3028de123a081196897b0ccedf921c6f (commit)
- Log -----------------------------------------------------------------
commit 74c29dc6eac1f6f8a8c2ca28f8c01a43beb8c15b
Author: Rich Salz <rsalz at openssl.org>
Date: Mon Apr 3 15:39:09 2017 -0400
Standardize on =over 4 and check for it.
(cherry picked from commit dfc63ccebd8262648640fc6e35fffa132102b967)
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3117)
commit ae9b7e02ecb06def1ccc1d132bd9ba7de1347518
Author: Rich Salz <rsalz at openssl.org>
Date: Fri Apr 7 13:37:47 2017 -0400
Use 'over 2' for bullet lists.
(cherry picked from commit 7ea8ceab4b21d93eb272a89bff73958010d5c2c4)
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3117)
-----------------------------------------------------------------------
Summary of changes:
doc/apps/dgst.pod | 38 ++--
doc/apps/openssl.pod | 43 ++--
doc/apps/rehash.pod | 2 +-
doc/apps/ts.pod | 25 ++-
doc/crypto/ASN1_generate_nconf.pod | 6 +-
doc/crypto/BIO_set_callback.pod | 2 +-
doc/crypto/BN_copy.pod | 2 +-
doc/crypto/BN_generate_prime.pod | 2 +-
doc/crypto/CRYPTO_THREAD_run_once.pod | 11 +-
doc/crypto/CT_POLICY_EVAL_CTX_new.pod | 4 +-
doc/crypto/DSA_generate_parameters.pod | 4 +-
doc/crypto/EVP_CIPHER_meth_new.pod | 2 +-
doc/crypto/OPENSSL_ia32cap.pod | 4 +-
doc/crypto/RSA_generate_key.pod | 2 +-
doc/crypto/SCT_new.pod | 4 +-
doc/crypto/SCT_validate.pod | 2 +-
doc/crypto/d2i_X509.pod | 6 +-
doc/crypto/des_modes.pod | 19 +-
doc/crypto/evp.pod | 2 +-
doc/ssl/SSL_set_bio.pod | 2 +-
util/find-doc-nits | 372 ---------------------------------
21 files changed, 96 insertions(+), 458 deletions(-)
delete mode 100755 util/find-doc-nits
diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod
index 3f1b02c..677f2b2 100644
--- a/doc/apps/dgst.pod
+++ b/doc/apps/dgst.pod
@@ -59,34 +59,34 @@ supported digests, use the command I<list --digest-commands>.
=item B<-c>
-print out the digest in two digit groups separated by colons, only relevant if
+Print out the digest in two digit groups separated by colons, only relevant if
B<hex> format output is used.
=item B<-d>
-print out BIO debugging information.
+Print out BIO debugging information.
=item B<-hex>
-digest is to be output as a hex dump. This is the default case for a "normal"
+Digest is to be output as a hex dump. This is the default case for a "normal"
digest as opposed to a digital signature. See NOTES below for digital
signatures using B<-hex>.
=item B<-binary>
-output the digest or signature in binary form.
+Output the digest or signature in binary form.
=item B<-r>
-output the digest in the "coreutils" format used by programs like B<sha1sum>.
+Output the digest in the "coreutils" format used by programs like B<sha1sum>.
=item B<-out filename>
-filename to output to, or standard output by default.
+Filename to output to, or standard output by default.
=item B<-sign filename>
-digitally sign the digest using the private key in "filename".
+Digitally sign the digest using the private key in "filename".
=item B<-keyform arg>
@@ -98,32 +98,31 @@ and ENGINE formats are supported.
Pass options to the signature algorithm during sign or verify operations.
Names and values of these options are algorithm-specific.
-
=item B<-passin arg>
-the private key password source. For more information about the format of B<arg>
+The private key password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
=item B<-verify filename>
-verify the signature using the public key in "filename".
+Verify the signature using the public key in "filename".
The output is either "Verification OK" or "Verification Failure".
=item B<-prverify filename>
-verify the signature using the private key in "filename".
+Verify the signature using the private key in "filename".
=item B<-signature filename>
-the actual signature to verify.
+The actual signature to verify.
=item B<-hmac key>
-create a hashed MAC using "key".
+Create a hashed MAC using "key".
=item B<-mac alg>
-create MAC (keyed Message Authentication Code). The most popular MAC
+Create MAC (keyed Message Authentication Code). The most popular MAC
algorithm is HMAC (hash-based MAC), but there are other MAC algorithms
which are not based on hash, for instance B<gost-mac> algorithm,
supported by B<ccgost> engine. MAC keys and other options should be set
@@ -134,7 +133,7 @@ via B<-macopt> parameter.
Passes options to MAC algorithm, specified by B<-mac> key.
Following options are supported by both by B<HMAC> and B<gost-mac>:
-=over 8
+=over 4
=item B<key:string>
@@ -152,7 +151,7 @@ for example exactly 32 chars for gost-mac.
=item B<-rand file(s)>
-a file or files containing random data used to seed the random number
+A file or files containing random data used to seed the random number
generator, or an EGD socket (see L<RAND_egd(3)>).
Multiple files can be specified separated by an OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
@@ -160,8 +159,7 @@ all others.
=item B<-fips-fingerprint>
-compute HMAC using a specific key
-for certain OpenSSL-FIPS operations.
+Compute HMAC using a specific key for certain OpenSSL-FIPS operations.
=item B<-engine id>
@@ -177,7 +175,7 @@ engine B<id> for digest operations.
=item B<file...>
-file or files to digest. If no files are specified then standard input is
+File or files to digest. If no files are specified then standard input is
used.
=back
@@ -230,7 +228,7 @@ The FIPS-related options were removed in OpenSSL 1.1.0
=head1 COPYRIGHT
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod
index da07cd5..7fc53c9 100644
--- a/doc/apps/openssl.pod
+++ b/doc/apps/openssl.pod
@@ -75,7 +75,7 @@ B<list>, or B<no->I<XXX> itself.)
=head2 Standard Commands
-=over 10
+=over 4
=item L<B<asn1parse>|asn1parse(1)>
@@ -91,7 +91,7 @@ Cipher Suite Description Determination.
=item L<B<cms>|cms(1)>
-CMS (Cryptographic Message Syntax) utility
+CMS (Cryptographic Message Syntax) utility.
=item L<B<crl>|crl(1)>
@@ -113,8 +113,7 @@ Obsoleted by L<B<dhparam>|dhparam(1)>.
=item L<B<dhparam>|dhparam(1)>
Generation and Management of Diffie-Hellman Parameters. Superseded by
-L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>
-
+L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>.
=item L<B<dsa>|dsa(1)>
@@ -123,15 +122,15 @@ DSA Data Management.
=item L<B<dsaparam>|dsaparam(1)>
DSA Parameter Generation and Management. Superseded by
-L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>
+L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>.
=item L<B<ec>|ec(1)>
-EC (Elliptic curve) key processing
+EC (Elliptic curve) key processing.
=item L<B<ecparam>|ecparam(1)>
-EC parameter manipulation and generation
+EC parameter manipulation and generation.
=item L<B<enc>|enc(1)>
@@ -153,7 +152,7 @@ Obsoleted by L<B<dhparam>|dhparam(1)>.
=item L<B<gendsa>|gendsa(1)>
Generation of DSA Private Key from Parameters. Superseded by
-L<B<genpkey>|genpkey(1)> and L<B<pkey>|pkey(1)>
+L<B<genpkey>|genpkey(1)> and L<B<pkey>|pkey(1)>.
=item L<B<genpkey>|genpkey(1)>
@@ -165,7 +164,7 @@ Generation of RSA Private Key. Superseded by L<B<genpkey>|genpkey(1)>.
=item L<B<nseq>|nseq(1)>
-Create or examine a Netscape certificate sequence
+Create or examine a Netscape certificate sequence.
=item L<B<ocsp>|ocsp(1)>
@@ -211,7 +210,7 @@ RSA key management.
=item L<B<rsautl>|rsautl(1)>
RSA utility for signing, verification, encryption, and decryption. Superseded
-by L<B<pkeyutl>|pkeyutl(1)>
+by L<B<pkeyutl>|pkeyutl(1)>.
=item L<B<s_client>|s_client(1)>
@@ -247,11 +246,11 @@ Algorithm Speed Measurement.
=item L<B<spkac>|spkac(1)>
-SPKAC printing and generating utility
+SPKAC printing and generating utility.
=item L<B<ts>|ts(1)>
-Time Stamping Authority tool (client/server)
+Time Stamping Authority tool (client/server).
=item L<B<verify>|verify(1)>
@@ -269,7 +268,7 @@ X.509 Certificate Data Management.
=head2 Message Digest Commands
-=over 10
+=over 4
=item B<md2>
@@ -315,7 +314,7 @@ SHA-512 Digest
=head2 Encoding and Cipher Commands
-=over 10
+=over 4
=item B<base64>
@@ -366,7 +365,7 @@ This section describes some common options with common behavior.
=head2 Common Options
-=over 10
+=over 4
=item B<-help>
@@ -384,23 +383,23 @@ password argument is given and a password is required then the user is
prompted to enter one: this will typically be read from the current
terminal with echoing turned off.
-=over 10
+=over 4
=item B<pass:password>
-the actual password is B<password>. Since the password is visible
+The actual password is B<password>. Since the password is visible
to utilities (like 'ps' under Unix) this form should only be used
where security is not important.
=item B<env:var>
-obtain the password from the environment variable B<var>. Since
+Obtain the password from the environment variable B<var>. Since
the environment of other processes is visible on certain platforms
(e.g. ps under certain Unix OSes) this option should be used with caution.
=item B<file:pathname>
-the first line of B<pathname> is the password. If the same B<pathname>
+The first line of B<pathname> is the password. If the same B<pathname>
argument is supplied to B<-passin> and B<-passout> arguments then the first
line will be used for the input password and the next line for the output
password. B<pathname> need not refer to a regular file: it could for example
@@ -408,12 +407,12 @@ refer to a device or named pipe.
=item B<fd:number>
-read the password from the file descriptor B<number>. This can be used to
+Read the password from the file descriptor B<number>. This can be used to
send the data via a pipe for example.
=item B<stdin>
-read the password from standard input.
+Read the password from standard input.
=back
@@ -441,7 +440,7 @@ manual pages.
=head1 COPYRIGHT
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/apps/rehash.pod b/doc/apps/rehash.pod
index 936fda6..1dca9b5 100644
--- a/doc/apps/rehash.pod
+++ b/doc/apps/rehash.pod
@@ -107,7 +107,7 @@ By default, B<rehash> only lists each directory as it is processed.
=head1 ENVIRONMENT
-=over
+=over 4
=item B<OPENSSL>
diff --git a/doc/apps/ts.pod b/doc/apps/ts.pod
index d807394..2ec9837 100644
--- a/doc/apps/ts.pod
+++ b/doc/apps/ts.pod
@@ -187,7 +187,6 @@ response. (Optional)
This option specifies a previously created time stamp request in DER
format that will be printed into the output file. Useful when you need
to examine the content of a request in human-readable
-
format. (Optional)
=item B<-out> request.tsq
@@ -609,25 +608,35 @@ You could also look at the 'test' directory for more examples.
If you find any bugs or you have suggestions please write to
Zoltan Glozik <zglozik at opentsa.org>. Known issues:
-=over 4
+=over 2
-=item * No support for time stamps over SMTP, though it is quite easy
+=item *
+
+No support for time stamps over SMTP, though it is quite easy
to implement an automatic e-mail based TSA with L<procmail(1)>
and L<perl(1)>. HTTP server support is provided in the form of
a separate apache module. HTTP client support is provided by
L<tsget(1)>. Pure TCP/IP protocol is not supported.
-=item * The file containing the last serial number of the TSA is not
+=item *
+
+The file containing the last serial number of the TSA is not
locked when being read or written. This is a problem if more than one
instance of L<openssl(1)> is trying to create a time stamp
response at the same time. This is not an issue when using the apache
server module, it does proper locking.
-=item * Look for the FIXME word in the source files.
+=item *
+
+Look for the FIXME word in the source files.
+
+=item *
+
+The source code should really be reviewed by somebody else, too.
-=item * The source code should really be reviewed by somebody else, too.
+=item *
-=item * More testing is needed, I have done only some basic tests (see
+More testing is needed, I have done only some basic tests (see
test/testtsa).
=back
@@ -640,7 +649,7 @@ L<config(5)>
=head1 COPYRIGHT
-Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/crypto/ASN1_generate_nconf.pod b/doc/crypto/ASN1_generate_nconf.pod
index 92f624f..bf29af6 100644
--- a/doc/crypto/ASN1_generate_nconf.pod
+++ b/doc/crypto/ASN1_generate_nconf.pod
@@ -30,7 +30,7 @@ The actual data encoded is determined by the string B<str> and
the configuration information. The general format of the string
is:
-=over 2
+=over 4
=item B<[modifier,]type[:value]>
@@ -45,7 +45,7 @@ B<value> and B<modifier> are explained below.
The supported types are listed below. Unless otherwise specified
only the B<ASCII> format is permissible.
-=over 2
+=over 4
=item B<BOOLEAN>, B<BOOL>
@@ -126,7 +126,7 @@ add EXPLICIT or IMPLICIT tagging, add wrappers or to change
the string format of the final type and value. The supported
formats are documented below.
-=over 2
+=over 4
=item B<EXPLICIT>, B<EXP>
diff --git a/doc/crypto/BIO_set_callback.pod b/doc/crypto/BIO_set_callback.pod
index ed395fa..3d15859 100644
--- a/doc/crypto/BIO_set_callback.pod
+++ b/doc/crypto/BIO_set_callback.pod
@@ -52,7 +52,7 @@ BIO_callback_fn_ex() is the type of the callback function and BIO_callback_fn()
is the type of the old format callback function. The meaning of each argument
is described below:
-=over
+=over 4
=item B<b>
diff --git a/doc/crypto/BN_copy.pod b/doc/crypto/BN_copy.pod
index 500f4b2..46de544 100644
--- a/doc/crypto/BN_copy.pod
+++ b/doc/crypto/BN_copy.pod
@@ -29,7 +29,7 @@ B<BN_FLG_CONSTTIME> flag set for constant time operations. The temporary copy in
B<dest> will share some internal state with B<b>. For this reason the following
restrictions apply to the use of B<dest>:
-=over 4
+=over 2
=item *
diff --git a/doc/crypto/BN_generate_prime.pod b/doc/crypto/BN_generate_prime.pod
index a4ef230..c97536b 100644
--- a/doc/crypto/BN_generate_prime.pod
+++ b/doc/crypto/BN_generate_prime.pod
@@ -55,7 +55,7 @@ If B<ret> is not B<NULL>, it will be used to store the number.
If B<cb> is not B<NULL>, it is used as follows:
-=over 4
+=over 2
=item *
diff --git a/doc/crypto/CRYPTO_THREAD_run_once.pod b/doc/crypto/CRYPTO_THREAD_run_once.pod
index 7795a04..b256a18 100644
--- a/doc/crypto/CRYPTO_THREAD_run_once.pod
+++ b/doc/crypto/CRYPTO_THREAD_run_once.pod
@@ -32,9 +32,10 @@ supported by OpenSSL.
The following multi-threading function are provided:
-=over 4
+=over 2
=item *
+
CRYPTO_THREAD_run_once() can be used to perform one-time initialization.
The B<once> argument must be a pointer to a static object of type
B<CRYPTO_ONCE> that was statically initialized to the value
@@ -45,22 +46,28 @@ In particular, this can be used to allocate locks in a thread-safe manner,
which can then be used with the locking functions below.
=item *
+
CRYPTO_THREAD_lock_new() allocates, initializes and returns a new read/write
lock.
=item *
+
CRYPTO_THREAD_read_lock() locks the provided B<lock> for reading.
=item *
+
CRYPTO_THREAD_write_lock() locks the provided B<lock> for writing.
=item *
+
CRYPTO_THREAD_unlock() unlocks the previously locked B<lock>.
=item *
+
CRYPTO_THREAD_lock_frees() frees the provided B<lock>.
=item *
+
CRYPTO_atomic_add() atomically adds B<amount> to B<val> and returns the
result of the operation in B<ret>. B<lock> will be locked, unless atomic
operations are supported on the specific platform. Because of this, if a
@@ -149,7 +156,7 @@ You can find out if OpenSSL was configured with thread support:
=head1 SEE ALSO
-L<crypto(3)>
+L<crypto(7)>
=head1 COPYRIGHT
diff --git a/doc/crypto/CT_POLICY_EVAL_CTX_new.pod b/doc/crypto/CT_POLICY_EVAL_CTX_new.pod
index fedc58d..7839fd3 100644
--- a/doc/crypto/CT_POLICY_EVAL_CTX_new.pod
+++ b/doc/crypto/CT_POLICY_EVAL_CTX_new.pod
@@ -32,7 +32,7 @@ This policy may be, for example, that at least one valid SCT is available. To
determine this, an SCT's timestamp and signature must be verified.
This requires:
-=over
+=over 4
=item * the public key of the log that issued the SCT
@@ -49,7 +49,7 @@ The above requirements are met using the setters described below.
CT_POLICY_EVAL_CTX_new() creates an empty policy evaluation context. This
should then be populated using:
-=over
+=over 4
=item * CT_POLICY_EVAL_CTX_set1_cert() to provide the certificate the SCTs were issued for
diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod
index ca2c2ce..fc05149 100644
--- a/doc/crypto/DSA_generate_parameters.pod
+++ b/doc/crypto/DSA_generate_parameters.pod
@@ -42,7 +42,7 @@ called as shown below. For information on the BN_GENCB structure and the
BN_GENCB_call function discussed below, refer to
L<BN_generate_prime(3)>.
-=over 4
+=over 2
=item *
@@ -107,7 +107,7 @@ Seed lengths E<gt> 20 are not supported.
=head1 SEE ALSO
-L<dsa(3)>, L<ERR_get_error(3)>, L<rand(3)>,
+L<DSA_new(3)>, L<ERR_get_error(3)>, L<RAND_bytes(3)>,
L<DSA_free(3)>, L<BN_generate_prime(3)>
=head1 COPYRIGHT
diff --git a/doc/crypto/EVP_CIPHER_meth_new.pod b/doc/crypto/EVP_CIPHER_meth_new.pod
index 6e18ed5..ef47f0f 100644
--- a/doc/crypto/EVP_CIPHER_meth_new.pod
+++ b/doc/crypto/EVP_CIPHER_meth_new.pod
@@ -82,7 +82,7 @@ With the exception of cipher modes, of which only one may be present,
several flags can be or'd together.
The available flags are:
-=over
+=over 4
=item EVP_CIPH_STREAM_CIPHER, EVP_CIPH_ECB_MODE EVP_CIPH_CBC_MODE,
EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE,
diff --git a/doc/crypto/OPENSSL_ia32cap.pod b/doc/crypto/OPENSSL_ia32cap.pod
index 7ea70c0..b0ab0ce 100644
--- a/doc/crypto/OPENSSL_ia32cap.pod
+++ b/doc/crypto/OPENSSL_ia32cap.pod
@@ -19,7 +19,7 @@ between different code paths to provide optimal performance across wide
range of processors. For the moment of this writing following bits are
significant:
-=over
+=over 4
=item bit #4 denoting presence of Time-Stamp Counter.
@@ -86,7 +86,7 @@ are applied, most notably in AES assembler module.
The capability vector is further extended with EBX value returned by
CPUID with EAX=7 and ECX=0 as input. Following bits are significant:
-=over
+=over 4
=item bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN;
diff --git a/doc/crypto/RSA_generate_key.pod b/doc/crypto/RSA_generate_key.pod
index 24e05bd..e51c0b1 100644
--- a/doc/crypto/RSA_generate_key.pod
+++ b/doc/crypto/RSA_generate_key.pod
@@ -32,7 +32,7 @@ progress of the key generation. If B<cb> is not B<NULL>, it
will be called as follows using the BN_GENCB_call() function
described on the L<BN_generate_prime(3)> page.
-=over 4
+=over 2
=item *
diff --git a/doc/crypto/SCT_new.pod b/doc/crypto/SCT_new.pod
index 086e389..23595e1 100644
--- a/doc/crypto/SCT_new.pod
+++ b/doc/crypto/SCT_new.pod
@@ -84,7 +84,7 @@ An internal representation of an SCT can be created in one of two ways.
The first option is to create a blank SCT, using SCT_new(), and then populate
it using:
-=over
+=over 4
=item * SCT_set_version() to set the SCT version.
@@ -117,7 +117,7 @@ The former takes ownership, whereas the latter makes a copy.
Alternatively, the SCT can be pre-populated from the following data using
SCT_new_from_base64():
-=over
+=over 4
=item * The SCT version (only SCT_VERSION_V1 is currently supported).
diff --git a/doc/crypto/SCT_validate.pod b/doc/crypto/SCT_validate.pod
index 9868a28..3c03e97 100644
--- a/doc/crypto/SCT_validate.pod
+++ b/doc/crypto/SCT_validate.pod
@@ -31,7 +31,7 @@ SCT_get_validation_status().
A CT_POLICY_EVAL_CTX must be provided that specifies:
-=over
+=over 4
=item * The certificate the SCT was issued for.
diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod
index 06546a4..f78d020 100644
--- a/doc/crypto/d2i_X509.pod
+++ b/doc/crypto/d2i_X509.pod
@@ -349,10 +349,10 @@ i2d_X509_SIG,
i2d_X509_VAL,
- convert objects from/to ASN.1/DER representation
-=for comment generic
-
=head1 SYNOPSIS
+=for comment generic
+
TYPE *d2i_TYPE(TYPE **a, unsigned char **pp, long length);
TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a);
TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a);
@@ -436,7 +436,7 @@ another will be processed after it.
The following points about the data types might be useful:
-=over
+=over 4
=item B<ASN1_OBJECT>
diff --git a/doc/crypto/des_modes.pod b/doc/crypto/des_modes.pod
index 5107b77..7c17969 100644
--- a/doc/crypto/des_modes.pod
+++ b/doc/crypto/des_modes.pod
@@ -1,5 +1,4 @@
=pod
-
=for comment openssl_manual_section:7
=head1 NAME
@@ -18,7 +17,7 @@ other things.
Normally, this is found as the function I<algorithm>_ecb_encrypt().
-=over 2
+=over 4
=item *
@@ -45,7 +44,7 @@ Normally, this is found as the function I<algorithm>_cbc_encrypt().
Be aware that des_cbc_encrypt() is not really DES CBC (it does
not update the IV); use des_ncbc_encrypt() instead.
-=over 2
+=over 4
=item *
@@ -77,7 +76,7 @@ An error will affect the current and the following ciphertext blocks.
Normally, this is found as the function I<algorithm>_cfb_encrypt().
-=over 2
+=over 4
=item *
@@ -124,7 +123,7 @@ An error will affect the current and the following ciphertext variables.
Normally, this is found as the function I<algorithm>_ofb_encrypt().
-=over 2
+=over 4
=item *
@@ -185,7 +184,7 @@ susceptible to a 'known plaintext' attack.
Normally, this is found as the function I<algorithm>_ecb3_encrypt().
-=over 2
+=over 4
=item *
@@ -220,8 +219,7 @@ ecb mode.
Normally, this is found as the function I<algorithm>_ede3_cbc_encrypt().
-=over 2
-
+=over 4
=item *
@@ -248,12 +246,11 @@ it to:
=head1 SEE ALSO
-L<blowfish(3)>, L<des(3)>, L<idea(3)>,
-L<rc2(3)>
+L<BF_encrypt(3)>, L<DES_crypt(3)>
=head1 COPYRIGHT
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/crypto/evp.pod b/doc/crypto/evp.pod
index 31f4590..02051df 100644
--- a/doc/crypto/evp.pod
+++ b/doc/crypto/evp.pod
@@ -38,7 +38,7 @@ L<EVP_PKEY_print_private(3)>.
The EVP_PKEY functions support the full range of asymmetric algorithm operations:
-=over
+=over 4
=item For key agreement see L<EVP_PKEY_derive(3)>
diff --git a/doc/ssl/SSL_set_bio.pod b/doc/ssl/SSL_set_bio.pod
index 104f406..4230940 100644
--- a/doc/ssl/SSL_set_bio.pod
+++ b/doc/ssl/SSL_set_bio.pod
@@ -37,7 +37,7 @@ the rules for this are much more complex. For this reason this function is
considered a legacy function and SSL_set0_rbio() and SSL_set0_wbio() should be
used in preference. The ownership rules are as follows:
-=over 4
+=over 2
=item *
diff --git a/util/find-doc-nits b/util/find-doc-nits
deleted file mode 100755
index f14e36e..0000000
--- a/util/find-doc-nits
+++ /dev/null
@@ -1,372 +0,0 @@
-#! /usr/bin/env perl
-# Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the OpenSSL license (the "License"). You may not use
-# this file except in compliance with the License. You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-require 5.10.0;
-use warnings;
-use strict;
-use Pod::Checker;
-use File::Find;
-use File::Basename;
-use File::Spec::Functions;
-use Getopt::Std;
-use lib catdir(dirname($0), "perl");
-use OpenSSL::Util::Pod;
-
-# Options.
-our($opt_s);
-our($opt_u);
-our($opt_h);
-our($opt_n);
-our($opt_l);
-
-sub help()
-{
- print <<EOF;
-Find small errors (nits) in documentation. Options:
- -l Print bogus links
- -n Print nits in POD pages
- -s Also print missing sections in POD pages (implies -n)
- -u List undocumented functions
- -h Print this help message
-EOF
- exit;
-}
-
-my $temp = '/tmp/docnits.txt';
-my $OUT;
-
-my %mandatory_sections =
- ( '*' => [ 'NAME', 'DESCRIPTION', 'COPYRIGHT' ],
- 1 => [ 'SYNOPSIS', 'OPTIONS' ],
- 3 => [ 'SYNOPSIS', 'RETURN VALUES' ],
- 5 => [ ],
- 7 => [ ] );
-
-# Cross-check functions in the NAME and SYNOPSIS section.
-sub name_synopsis()
-{
- my $id = shift;
- my $filename = shift;
- my $contents = shift;
-
- # Get NAME section and all words in it.
- return unless $contents =~ /=head1 NAME(.*)=head1 SYNOPSIS/ms;
- my $tmp = $1;
- $tmp =~ tr/\n/ /;
- print "$id trailing comma before - in NAME\n" if $tmp =~ /, *-/;
- $tmp =~ s/-.*//g;
- $tmp =~ s/,//g;
-
- my $dirname = dirname($filename);
- my $simplename = basename($filename);
- $simplename =~ s/.pod$//;
- my $foundfilename = 0;
- my %foundfilenames = ();
- my %names;
- foreach my $n ( split ' ', $tmp ) {
- $names{$n} = 1;
- $foundfilename++ if $n eq $simplename;
- $foundfilenames{$n} = 1
- if -f "$dirname/$n.pod" && $n ne $simplename;
- }
- print "$id the following exist as other .pod files:\n",
- join(" ", sort keys %foundfilenames), "\n"
- if %foundfilenames;
- print "$id $simplename (filename) missing from NAME section\n",
- unless $foundfilename;
-
- # Find all functions in SYNOPSIS
- return unless $contents =~ /=head1 SYNOPSIS(.*)=head1 DESCRIPTION/ms;
- my $syn = $1;
- foreach my $line ( split /\n+/, $syn ) {
- my $sym;
- $line =~ s/STACK_OF\([^)]+\)/int/g;
- $line =~ s/__declspec\([^)]+\)//;
- if ( $line =~ /env (\S*)=/ ) {
- # environment variable env NAME=...
- $sym = $1;
- } elsif ( $line =~ /typedef.*\(\*(\S+)\)\(.*/ ) {
- # a callback function: typedef ... (*NAME)(...
- $sym = $1;
- } elsif ( $line =~ /typedef.* (\S+);/ ) {
- # a simple typedef: typedef ... NAME;
- $sym = $1;
- } elsif ( $line =~ /enum (\S*) \{/ ) {
- # an enumeration: enum ... {
- $sym = $1;
- } elsif ( $line =~ /#define ([A-Za-z0-9_]+)/ ) {
- $sym = $1;
- } elsif ( $line =~ /([A-Za-z0-9_]+)\(/ ) {
- $sym = $1;
- }
- else {
- next;
- }
- print "$id $sym missing from NAME section\n"
- unless defined $names{$sym};
- $names{$sym} = 2;
-
- # Do some sanity checks on the prototype.
- print "$id prototype missing spaces around commas: $line\n"
- if ( $line =~ /[a-z0-9],[^ ]/ );
- }
-
- foreach my $n ( keys %names ) {
- next if $names{$n} == 2;
- print "$id $n missing from SYNOPSIS\n";
- }
-}
-
-sub check()
-{
- my $filename = shift;
- my $dirname = basename(dirname($filename));
-
- my $contents = '';
- {
- local $/ = undef;
- open POD, $filename or die "Couldn't open $filename, $!";
- $contents = <POD>;
- close POD;
- }
-
- my $id = "${filename}:1:";
-
- &name_synopsis($id, $filename, $contents)
- unless $contents =~ /=for comment generic/
- or $filename =~ m at man[157]/@;
-
- print "$id doesn't start with =pod\n"
- if $contents !~ /^=pod/;
- print "$id doesn't end with =cut\n"
- if $contents !~ /=cut\n$/;
- print "$id more than one cut line.\n"
- if $contents =~ /=cut.*=cut/ms;
- print "$id missing copyright\n"
- if $contents !~ /Copyright .* The OpenSSL Project Authors/;
- print "$id copyright not last\n"
- if $contents =~ /head1 COPYRIGHT.*=head/ms;
- print "$id head2 in All uppercase\n"
- if $contents =~ /head2\s+[A-Z ]+\n/;
- print "$id extra space after head\n"
- if $contents =~ /=head\d\s\s+/;
- print "$id period in NAME section\n"
- if $contents =~ /=head1 NAME.*\.\n.*=head1 SYNOPSIS/ms;
- print "$id POD markup in NAME section\n"
- if $contents =~ /=head1 NAME.*[<>].*=head1 SYNOPSIS/ms;
-
- # Look for multiple consecutive openssl #include lines.
- # Consecutive because of files like md5.pod. Sometimes it's okay
- # or necessary, as in ssl/SSL_set1_host.pod
- if ( $contents !~ /=for comment multiple includes/ ) {
- if ( $contents =~ /=head1 SYNOPSIS(.*)=head1 DESCRIPTION/ms ) {
- my $count = 0;
- foreach my $line ( split /\n+/, $1 ) {
- if ( $line =~ m at include <openssl/@ ) {
- if ( ++$count == 2 ) {
- print "$id has multiple includes\n";
- }
- } else {
- $count = 0;
- }
- }
- }
- }
-
- return unless $opt_s;
-
- # Find what section this page is in. If run from "." assume
- # section 3.
- my $section = 3;
- $section = $1 if $dirname =~ /man([1-9])/;
-
- foreach ((@{$mandatory_sections{'*'}}, @{$mandatory_sections{$section}})) {
- print "$id: missing $_ head1 section\n"
- if $contents !~ /^=head1\s+${_}\s*$/m;
- }
-
- open my $OUT, '>', $temp
- or die "Can't open $temp, $!";
- podchecker($filename, $OUT);
- close $OUT;
- open $OUT, '<', $temp
- or die "Can't read $temp, $!";
- while ( <$OUT> ) {
- next if /\(section\) in.*deprecated/;
- print;
- }
- close $OUT;
- unlink $temp || warn "Can't remove $temp, $!";
-}
-
-my %dups;
-
-sub parsenum()
-{
- my $file = shift;
- my @apis;
-
- open my $IN, '<', $file
- or die "Can't open $file, $!, stopped";
-
- while ( <$IN> ) {
- next if /\bNOEXIST\b/;
- next if /\bEXPORT_VAR_AS_FUNC\b/;
- push @apis, $1 if /([^\s]+).\s/;
- }
-
- close $IN;
-
- print "# Found ", scalar(@apis), " in $file\n";
- return sort @apis;
-}
-
-sub getdocced()
-{
- my $dir = shift;
- my %return;
-
- foreach my $pod ( glob("$dir/*.pod") ) {
- my %podinfo = extract_pod_info($pod);
- foreach my $n ( @{$podinfo{names}} ) {
- $return{$n} = $pod;
- print "# Duplicate $n in $pod and $dups{$n}\n"
- if defined $dups{$n} && $dups{$n} ne $pod;
- $dups{$n} = $pod;
- }
- }
-
- return %return;
-}
-
-my %docced;
-
-sub printem()
-{
- my $libname = shift;
- my $numfile = shift;
- my $count = 0;
-
- foreach my $func ( &parsenum($numfile) ) {
- next if $docced{$func};
-
- # Skip ASN1 utilities
- next if $func =~ /^ASN1_/;
-
- print "$libname:$func\n";
- $count++;
- }
- print "# Found $count missing from $numfile\n\n";
-}
-
-
-# Collection of links in each POD file.
-# filename => [ "foo(1)", "bar(3)", ... ]
-my %link_collection = ();
-# Collection of names in each POD file.
-# "name(s)" => filename
-my %name_collection = ();
-
-sub collectnames {
- my $filename = shift;
- $filename =~ m|man(\d)/|;
- my $section = $1;
- my $simplename = basename($filename, ".pod");
- my $id = "${filename}:1:";
-
- my $contents = '';
- {
- local $/ = undef;
- open POD, $filename or die "Couldn't open $filename, $!";
- $contents = <POD>;
- close POD;
- }
-
- $contents =~ /=head1 NAME([^=]*)=head1 /ms;
- my $tmp = $1;
- unless (defined $tmp) {
- print "$id weird name section\n";
- return;
- }
- $tmp =~ tr/\n/ /;
- $tmp =~ s/-.*//g;
-
- my @names = map { s/\s+//g; $_ } split(/,/, $tmp);
- unless (grep { $simplename eq $_ } @names) {
- print "$id missing $simplename\n";
- push @names, $simplename;
- }
- foreach my $name (@names) {
- next if $name eq "";
- my $name_sec = "$name($section)";
- if (! exists $name_collection{$name_sec}) {
- $name_collection{$name_sec} = $filename;
- } else { #elsif ($filename ne $name_collection{$name_sec}) {
- print "$id $name_sec also in $name_collection{$name_sec}\n";
- }
- }
-
- my @foreign_names =
- map { map { s/\s+//g; $_ } split(/,/, $_) }
- $contents =~ /=for\s+comment\s+foreign\s+manuals:\s*(.*)\n\n/;
- foreach (@foreign_names) {
- $name_collection{$_} = undef; # It still exists!
- }
-
- my @links = $contents =~ /L<
- # if the link is of the form L<something|name(s)>,
- # then remove 'something'. Note that 'something'
- # may contain POD codes as well...
- (?:(?:[^\|]|<[^>]*>)*\|)?
- # we're only interested in referenses that have
- # a one digit section number
- ([^\/>\(]+\(\d\))
- /gx;
- $link_collection{$filename} = [ @links ];
-}
-
-sub checklinks {
- foreach my $filename (sort keys %link_collection) {
- foreach my $link (@{$link_collection{$filename}}) {
- print "${filename}:1: reference to non-existing $link\n"
- unless exists $name_collection{$link};
- }
- }
-}
-
-getopts('lnshu');
-
-&help() if ( $opt_h );
-
-die "Need one of -l -n -s or -u flags.\n"
- unless $opt_l or $opt_n or $opt_s or $opt_u;
-
-if ( $opt_n or $opt_s ) {
- foreach (@ARGV ? @ARGV : glob('doc/*/*.pod')) {
- &check($_);
- }
-}
-
-if ( $opt_l ) {
- foreach (@ARGV ? @ARGV : glob('doc/*/*.pod')) {
- collectnames($_);
- }
- checklinks();
-}
-
-if ( $opt_u ) {
- my %temp = &getdocced('doc/man3');
- foreach ( keys %temp ) {
- $docced{$_} = $temp{$_};
- }
- &printem('crypto', 'util/libcrypto.num');
- &printem('ssl', 'util/libssl.num');
-}
-
-exit;
More information about the openssl-commits
mailing list