From a528d4f0a9a71405f3ca06e20cbd27aa1b8c0df9 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Tue, 27 Oct 2015 13:40:11 -0400 Subject: [PATCH] Remove SSLeay history, etc., from docs If something was "present in all versions" of SSLeay, or if it was added to a version of SSLeay (and therefore predates OpenSSL), remove mention of it. Documentation history now starts with OpenSSL. Remove mention of all history before OpenSSL 0.9.8, inclusive. Remove all AUTHOR sections. Reviewed-by: Tim Hudson --- doc/apps/ciphers.pod | 6 +- doc/apps/config.pod | 4 +- doc/apps/dhparam.pod | 5 - doc/apps/ec.pod | 8 -- doc/apps/ecparam.pod | 8 -- doc/apps/genpkey.pod | 12 +- doc/apps/openssl.pod | 3 - doc/apps/pkcs12.pod | 24 ---- doc/apps/ts.pod | 4 - doc/apps/tsget.pod | 4 - doc/apps/verify.pod | 5 +- doc/apps/version.pod | 4 - doc/apps/x509.pod | 7 -- doc/apps/x509v3_config.pod | 10 -- doc/crypto/ASN1_OBJECT_new.pod | 4 - doc/crypto/ASN1_generate_nconf.pod | 4 - doc/crypto/BIO_f_md.pod | 13 ++- doc/crypto/BIO_f_ssl.pod | 2 +- doc/crypto/BIO_find_type.pod | 13 --- doc/crypto/BN_BLINDING_new.pod | 12 +- doc/crypto/BN_CTX_new.pod | 4 +- doc/crypto/BN_CTX_start.pod | 4 - doc/crypto/BN_add.pod | 9 -- doc/crypto/BN_add_word.pod | 9 -- doc/crypto/BN_bn2bin.pod | 8 -- doc/crypto/BN_cmp.pod | 6 - doc/crypto/BN_copy.pod | 4 - doc/crypto/BN_generate_prime.pod | 7 +- doc/crypto/BN_mod_inverse.pod | 4 - doc/crypto/BN_mod_mul_montgomery.pod | 7 +- doc/crypto/BN_mod_mul_reciprocal.pod | 4 +- doc/crypto/BN_new.pod | 4 +- doc/crypto/BN_num_bytes.pod | 5 - doc/crypto/BN_rand.pod | 7 -- doc/crypto/BN_set_bit.pod | 6 - doc/crypto/BN_swap.pod | 4 - doc/crypto/BN_zero.pod | 9 -- doc/crypto/CMS_add0_cert.pod | 5 - doc/crypto/CMS_add1_recipient_cert.pod | 5 - doc/crypto/CMS_add1_signer.pod | 4 - doc/crypto/CMS_compress.pod | 3 +- doc/crypto/CMS_decrypt.pod | 4 - doc/crypto/CMS_encrypt.pod | 1 - doc/crypto/CMS_final.pod | 4 - doc/crypto/CMS_get0_RecipientInfos.pod | 4 - doc/crypto/CMS_get0_SignerInfos.pod | 4 - doc/crypto/CMS_get0_type.pod | 5 - doc/crypto/CMS_get1_ReceiptRequest.pod | 6 - doc/crypto/CMS_sign.pod | 2 - doc/crypto/CMS_sign_receipt.pod | 4 - doc/crypto/CMS_uncompress.pod | 4 - doc/crypto/CMS_verify.pod | 4 - doc/crypto/CMS_verify_receipt.pod | 4 - doc/crypto/CONF_modules_free.pod | 5 - doc/crypto/CONF_modules_load_file.pod | 4 - doc/crypto/CRYPTO_set_ex_data.pod | 4 - doc/crypto/DH_generate_key.pod | 5 - doc/crypto/DH_generate_parameters.pod | 8 -- doc/crypto/DH_get_ex_new_index.pod | 5 - doc/crypto/DH_new.pod | 4 - doc/crypto/DH_set_method.pod | 25 ----- doc/crypto/DH_size.pod | 1 - doc/crypto/DSA_SIG_new.pod | 4 - doc/crypto/DSA_do_sign.pod | 4 - doc/crypto/DSA_dup_DH.pod | 4 - doc/crypto/DSA_generate_key.pod | 4 - doc/crypto/DSA_generate_parameters.pod | 9 -- doc/crypto/DSA_get_ex_new_index.pod | 5 - doc/crypto/DSA_new.pod | 4 - doc/crypto/DSA_set_method.pod | 25 ----- doc/crypto/DSA_sign.pod | 5 - doc/crypto/DSA_size.pod | 4 - doc/crypto/ERR_GET_LIB.pod | 2 +- doc/crypto/ERR_clear_error.pod | 4 - doc/crypto/ERR_error_string.pod | 5 - doc/crypto/ERR_get_error.pod | 9 -- doc/crypto/ERR_load_crypto_strings.pod | 6 - doc/crypto/ERR_load_strings.pod | 6 - doc/crypto/ERR_print_errors.pod | 5 - doc/crypto/ERR_put_error.pod | 5 - doc/crypto/ERR_remove_state.pod | 4 +- doc/crypto/ERR_set_mark.pod | 4 - doc/crypto/EVP_DigestInit.pod | 16 +-- doc/crypto/EVP_EncryptInit.pod | 9 +- doc/crypto/EVP_PKEY_CTX_ctrl.pod | 6 +- doc/crypto/EVP_SealInit.pod | 4 - doc/crypto/EVP_SignInit.pod | 7 -- doc/crypto/EVP_VerifyInit.pod | 7 -- doc/crypto/OPENSSL_VERSION_NUMBER.pod | 31 ++---- doc/crypto/OPENSSL_config.pod | 8 +- doc/crypto/OPENSSL_load_builtin_modules.pod | 4 - doc/crypto/PKCS12_create.pod | 9 -- doc/crypto/PKCS12_parse.pod | 4 - doc/crypto/PKCS7_decrypt.pod | 4 - doc/crypto/PKCS7_encrypt.pod | 3 +- doc/crypto/PKCS7_sign.pod | 9 +- doc/crypto/PKCS7_verify.pod | 4 - doc/crypto/RAND_add.pod | 6 - doc/crypto/RAND_bytes.pod | 6 - doc/crypto/RAND_cleanup.pod | 4 - doc/crypto/RAND_egd.pod | 10 -- doc/crypto/RAND_load_file.pod | 7 +- doc/crypto/RAND_set_rand_method.pod | 13 +-- doc/crypto/RSA_blinding_on.pod | 4 - doc/crypto/RSA_check_key.pod | 1 - doc/crypto/RSA_generate_key.pod | 4 - doc/crypto/RSA_get_ex_new_index.pod | 5 - doc/crypto/RSA_new.pod | 4 - doc/crypto/RSA_padding_add_PKCS1_type_1.pod | 11 -- doc/crypto/RSA_print.pod | 6 - doc/crypto/RSA_private_encrypt.pod | 5 - doc/crypto/RSA_public_encrypt.pod | 5 - doc/crypto/RSA_set_method.pod | 28 ----- doc/crypto/RSA_sign.pod | 10 -- doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod | 5 - doc/crypto/RSA_size.pod | 1 - doc/crypto/SMIME_read_CMS.pod | 4 - doc/crypto/SMIME_read_PKCS7.pod | 4 - doc/crypto/SMIME_write_CMS.pod | 4 - doc/crypto/SMIME_write_PKCS7.pod | 4 - doc/crypto/SSLeay_version.pod | 4 - .../X509_STORE_CTX_get_ex_new_index.pod | 5 - doc/crypto/X509_STORE_CTX_set_verify_cb.pod | 5 - doc/crypto/X509_STORE_set_verify_cb_func.pod | 3 - doc/crypto/X509_get_subject_name.pod | 4 - doc/crypto/X509_get_version.pod | 4 - doc/crypto/X509_new.pod | 4 - doc/crypto/X509_verify_cert.pod | 4 - doc/crypto/buffer.pod | 6 +- doc/crypto/d2i_CMS_ContentInfo.pod | 4 - doc/crypto/d2i_X509.pod | 45 +------- doc/crypto/des.pod | 5 - doc/crypto/ecdsa.pod | 8 -- doc/crypto/engine.pod | 10 -- doc/crypto/hmac.pod | 6 - doc/crypto/lh_stats.pod | 6 - doc/crypto/lhash.pod | 58 +--------- doc/crypto/rand.pod | 104 +----------------- doc/crypto/rc4.pod | 4 - doc/crypto/rsa.pod | 2 +- doc/crypto/threads.pod | 4 - doc/crypto/ui.pod | 9 -- doc/ssl/DTLSv1_listen.pod | 3 +- doc/ssl/SSL_CTX_set_cert_verify_callback.pod | 8 -- doc/ssl/SSL_CTX_set_generate_session_id.pod | 6 - doc/ssl/SSL_CTX_set_max_cert_list.pod | 4 - doc/ssl/SSL_CTX_set_mode.pod | 4 - doc/ssl/SSL_CTX_set_msg_callback.pod | 5 - doc/ssl/SSL_CTX_set_options.pod | 43 +------- doc/ssl/SSL_CTX_set_session_cache_mode.pod | 5 - doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod | 4 - doc/ssl/SSL_CTX_use_certificate.pod | 6 - doc/ssl/SSL_get_error.pod | 4 - doc/ssl/SSL_library_init.pod | 6 - doc/ssl/SSL_pending.pod | 3 - doc/ssl/ssl.pod | 2 - 156 files changed, 68 insertions(+), 1110 deletions(-) diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 75982762d3..389b07c505 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -162,9 +162,7 @@ export encryption algorithms. Including 40 and 56 bits algorithms. =item B -56 bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of -56 bit export ciphers is empty unless OpenSSL has been explicitly configured -with support for experimental ciphers. +56 bit export encryption algorithms. This list is empty. =item B, B @@ -726,8 +724,6 @@ L, L, L =head1 HISTORY -The B and B selection options -for cipherlist strings were added in OpenSSL 0.9.7. The B<-V> option for the B command was added in OpenSSL 1.0.0. =cut diff --git a/doc/apps/config.pod b/doc/apps/config.pod index 22bb6c50a8..e238e15125 100644 --- a/doc/apps/config.pod +++ b/doc/apps/config.pod @@ -56,7 +56,7 @@ the sequences B<\n>, B<\r>, B<\b> and B<\t> are recognized. =head1 OPENSSL LIBRARY CONFIGURATION -In OpenSSL 0.9.7 and later applications can automatically configure certain +Applications can automatically configure certain aspects of OpenSSL using the master OpenSSL configuration file, or optionally an alternative configuration file. The B utility includes this functionality: any sub command uses the master OpenSSL configuration file @@ -106,7 +106,7 @@ as any compliant applications. For example: some_new_oid = 1.2.3.4 some_other_oid = 1.2.3.5 -In OpenSSL 0.9.8 it is also possible to set the value to the long name followed +It is also possible to set the value to the long name followed by a comma and the numerical OID form. For example: shortName = some object long name, 1.2.3.4 diff --git a/doc/apps/dhparam.pod b/doc/apps/dhparam.pod index 8bb196dea4..b0a9802009 100644 --- a/doc/apps/dhparam.pod +++ b/doc/apps/dhparam.pod @@ -141,9 +141,4 @@ There should be a way to generate and manipulate DH keys. L -=head1 HISTORY - -The B command was added in OpenSSL 0.9.5. -The B<-dsaparam> option was added in OpenSSL 0.9.6. - =cut diff --git a/doc/apps/ec.pod b/doc/apps/ec.pod index ebc49ea092..379d0a8264 100644 --- a/doc/apps/ec.pod +++ b/doc/apps/ec.pod @@ -179,12 +179,4 @@ To change the point conversion form to B: L, L, L -=head1 HISTORY - -The ec command was first introduced in OpenSSL 0.9.8. - -=head1 AUTHOR - -Nils Larsch for the OpenSSL project (http://www.openssl.org). - =cut diff --git a/doc/apps/ecparam.pod b/doc/apps/ecparam.pod index bfb155a82a..56962abe3e 100644 --- a/doc/apps/ecparam.pod +++ b/doc/apps/ecparam.pod @@ -168,12 +168,4 @@ To print out the EC parameters to standard output: L, L -=head1 HISTORY - -The ecparam command was first introduced in OpenSSL 0.9.8. - -=head1 AUTHOR - -Nils Larsch for the OpenSSL project (http://www.openssl.org) - =cut diff --git a/doc/apps/genpkey.pod b/doc/apps/genpkey.pod index d574caa867..dee9722039 100644 --- a/doc/apps/genpkey.pod +++ b/doc/apps/genpkey.pod @@ -141,7 +141,7 @@ and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections =head1 EC PARAMETER GENERATION OPTIONS -In OpenSSL 1.0.2 and later the EC parameter generation options below can also +The EC parameter generation options below can also be supplied as EC key generation options. This can (for example) generate a key from a named curve without the need to use an explicit parameter file. @@ -149,8 +149,7 @@ key from a named curve without the need to use an explicit parameter file. =item B -the EC curve to use. OpenSSL 1.0.2 and later supports NIST curve names -such as "P-256". +the EC curve to use. OpenSSL supports NIST curve names such as "P-256". =item B @@ -243,11 +242,16 @@ Generate EC key from parameters: openssl genpkey -paramfile ecp.pem -out eckey.pem -Generate EC key directly (OpenSSL 1.0.2+ only): +Generate EC key directly: openssl genpkey -algorithm EC -out eckey.pem \ -pkeyopt ec_paramgen_curve:P-384 \ -pkeyopt ec_param_enc:named_curve +=head1 HISTORY + +The ability to use NIST curve names, and to generate an EC key directly, +were added in OpenSSL 1.0.2. + =cut diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod index 30ea9bd67d..f14840447f 100644 --- a/doc/apps/openssl.pod +++ b/doc/apps/openssl.pod @@ -412,10 +412,7 @@ L, L, L =head1 HISTORY -The openssl(1) document appeared in OpenSSL 0.9.2. -The BIB<-commands> pseudo-commands were added in OpenSSL 0.9.3; The BIB<-algorithms> pseudo-commands were added in OpenSSL 1.0.0; -the BI pseudo-commands were added in OpenSSL 0.9.5a. For notes on the availability of other commands, see their individual manual pages. diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod index f8162d0c1c..811b8222be 100644 --- a/doc/apps/pkcs12.pod +++ b/doc/apps/pkcs12.pod @@ -348,30 +348,6 @@ Include some extra certificates: openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" \ -certfile othercerts.pem -=head1 BUGS - -Some would argue that the PKCS#12 standard is one big bug :-) - -Versions of OpenSSL before 0.9.6a had a bug in the PKCS#12 key generation -routines. Under rare circumstances this could produce a PKCS#12 file encrypted -with an invalid key. As a result some PKCS#12 files which triggered this bug -from other implementations (MSIE or Netscape) could not be decrypted -by OpenSSL and similarly OpenSSL could produce PKCS#12 files which could -not be decrypted by other implementations. The chances of producing such -a file are relatively small: less than 1 in 256. - -A side effect of fixing this bug is that any old invalidly encrypted PKCS#12 -files cannot no longer be parsed by the fixed version. Under such circumstances -the B utility will report that the MAC is OK but fail with a decryption -error when extracting private keys. - -This problem can be resolved by extracting the private keys and certificates -from the PKCS#12 file using an older version of OpenSSL and recreating the PKCS#12 -file from the keys and certificates using a newer version of OpenSSL. For example: - - old-openssl -in bad.p12 -out keycerts.pem - openssl -in keycerts.pem -export -name "My PKCS#12 file" -out fixed.p12 - =head1 SEE ALSO L diff --git a/doc/apps/ts.pod b/doc/apps/ts.pod index 7a55b61643..e2b555a070 100644 --- a/doc/apps/ts.pod +++ b/doc/apps/ts.pod @@ -581,10 +581,6 @@ test/testtsa). =cut -=head1 AUTHOR - -Zoltan Glozik , OpenTSA project (http://www.opentsa.org) - =head1 SEE ALSO L, L, L, diff --git a/doc/apps/tsget.pod b/doc/apps/tsget.pod index 3452c63a16..34187eb7ef 100644 --- a/doc/apps/tsget.pod +++ b/doc/apps/tsget.pod @@ -182,10 +182,6 @@ example: export TSGET tsget file1.tsq -=head1 AUTHOR - -Zoltan Glozik , OpenTSA project (http://www.opentsa.org) - =head1 SEE ALSO L, L, L, diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index afd1b95689..c9352692a8 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -283,9 +283,8 @@ certificate. If a certificate is found which is its own issuer it is assumed to be the root CA. The process of 'looking up the issuers certificate' itself involves a number -of steps. In versions of OpenSSL before 0.9.5a the first certificate whose -subject name matched the issuer of the current certificate was assumed to be -the issuers certificate. In OpenSSL 0.9.6 and later all certificates +of steps. +Ater all certificates whose subject name matches the issuer name of the current certificate are subject to further tests. The relevant authority key identifier components of the current certificate (if present) must match the subject key identifier diff --git a/doc/apps/version.pod b/doc/apps/version.pod index 58f543bc3e..61a364bf9f 100644 --- a/doc/apps/version.pod +++ b/doc/apps/version.pod @@ -58,8 +58,4 @@ OPENSSLDIR setting. The output of B would typically be used when sending in a bug report. -=head1 HISTORY - -The B<-d> option was added in OpenSSL 0.9.7. - =cut diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod index d4790605b4..1c98e9decf 100644 --- a/doc/apps/x509.pod +++ b/doc/apps/x509.pod @@ -869,11 +869,6 @@ be checked. There should be options to explicitly set such things as start and end dates rather than an offset from the current time. -The code to implement the verify behaviour described in the B -is currently being developed. It thus describes the intended behaviour rather -than the current behaviour. It is hoped that it will represent reality in -OpenSSL 0.9.5 and later. - =head1 SEE ALSO L, L, L, @@ -882,8 +877,6 @@ L =head1 HISTORY -Before OpenSSL 0.9.8, the default digest for RSA keys was MD5. - The hash algorithm used in the B<-subject_hash> and B<-issuer_hash> options before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding of the distinguished name. In OpenSSL 1.0.0 and later it is based on a diff --git a/doc/apps/x509v3_config.pod b/doc/apps/x509v3_config.pod index 297cbaa440..e965be6480 100644 --- a/doc/apps/x509v3_config.pod +++ b/doc/apps/x509v3_config.pod @@ -508,16 +508,6 @@ will only recognize the last value. This can be worked around by using the form: email.1=steve@here email.2=steve@there -=head1 HISTORY - -The X509v3 extension code was first added to OpenSSL 0.9.2. - -Policy mappings, inhibit any policy and name constraints support was added in -OpenSSL 0.9.8 - -The B and B option as well as the B option -for arbitrary extensions was added in OpenSSL 0.9.8 - =head1 SEE ALSO L, L, L, diff --git a/doc/crypto/ASN1_OBJECT_new.pod b/doc/crypto/ASN1_OBJECT_new.pod index 4bdfe021bb..486ccc91bb 100644 --- a/doc/crypto/ASN1_OBJECT_new.pod +++ b/doc/crypto/ASN1_OBJECT_new.pod @@ -39,8 +39,4 @@ ASN1_OBJECT_free() returns no value. L, L -=head1 HISTORY - -ASN1_OBJECT_new() and ASN1_OBJECT_free() are available in all versions of SSLeay and OpenSSL. - =cut diff --git a/doc/crypto/ASN1_generate_nconf.pod b/doc/crypto/ASN1_generate_nconf.pod index 8c845aca88..a95b2c8bbb 100644 --- a/doc/crypto/ASN1_generate_nconf.pod +++ b/doc/crypto/ASN1_generate_nconf.pod @@ -258,8 +258,4 @@ The error codes that can be obtained by L. L -=head1 HISTORY - -ASN1_generate_nconf() and ASN1_generate_v3() were added to OpenSSL 0.9.8 - =cut diff --git a/doc/crypto/BIO_f_md.pod b/doc/crypto/BIO_f_md.pod index 2cc41f89d2..d9aec082f8 100644 --- a/doc/crypto/BIO_f_md.pod +++ b/doc/crypto/BIO_f_md.pod @@ -58,10 +58,8 @@ If an application needs to call BIO_gets() or BIO_puts() through a chain containing digest BIOs then this can be done by prepending a buffering BIO. -Before OpenSSL 1.0.0 the call to BIO_get_md_ctx() would only work if the BIO -had been initialized for example by calling BIO_set_md() ). In OpenSSL -1.0.0 and later the context is always returned and the BIO is state is set -to initialized. This allows applications to initialize the context externally +Calling BIO_get_md_ctx() will return the context and initialize the BIO +state. This allows applications to initialize the context externally if the standard calls such as BIO_set_md() are not sufficiently flexible. =head1 RETURN VALUES @@ -139,6 +137,13 @@ and BIO_puts() should be passed to the next BIO in the chain and digest the data passed through and that digests should be retrieved using a separate BIO_ctrl() call. +=head1 HISTORY + +Before OpenSSL 1.0.0., the call to BIO_get_md_ctx() would only work if the +BIO was initialized first. + =head1 SEE ALSO TBA + +=cut diff --git a/doc/crypto/BIO_f_ssl.pod b/doc/crypto/BIO_f_ssl.pod index 00b29bdeda..bf3151f10b 100644 --- a/doc/crypto/BIO_f_ssl.pod +++ b/doc/crypto/BIO_f_ssl.pod @@ -110,7 +110,7 @@ circumstances. Specifically this will happen if a session renegotiation takes place during a BIO_read() operation, one case where this happens is when step up occurs. -In OpenSSL 0.9.6 and later the SSL flag SSL_AUTO_RETRY can be +The SSL flag SSL_AUTO_RETRY can be set to disable this behaviour. That is when this flag is set an SSL BIO using a blocking transport will never request a retry. diff --git a/doc/crypto/BIO_find_type.pod b/doc/crypto/BIO_find_type.pod index 2595200327..6e65668b4c 100644 --- a/doc/crypto/BIO_find_type.pod +++ b/doc/crypto/BIO_find_type.pod @@ -63,19 +63,6 @@ BIO_next() returns the next BIO in a chain. BIO_method_type() returns the type of the BIO B. -=head1 NOTES - -BIO_next() was added to OpenSSL 0.9.6 to provide a 'clean' way to traverse a BIO -chain or find multiple matches using BIO_find_type(). Previous versions had to -use: - - next = bio->next_bio; - -=head1 BUGS - -BIO_find_type() in OpenSSL 0.9.5a and earlier could not be safely passed a -NULL pointer for the B argument. - =head1 EXAMPLE Traverse a chain looking for digest BIOs: diff --git a/doc/crypto/BN_BLINDING_new.pod b/doc/crypto/BN_BLINDING_new.pod index 65c6eab91d..2e575c6d37 100644 --- a/doc/crypto/BN_BLINDING_new.pod +++ b/doc/crypto/BN_BLINDING_new.pod @@ -102,15 +102,7 @@ L =head1 HISTORY -BN_BLINDING_thread_id was first introduced in OpenSSL 1.0.0, and it -deprecates BN_BLINDING_set_thread_id and BN_BLINDING_get_thread_id. - -BN_BLINDING_convert_ex, BN_BLINDIND_invert_ex, BN_BLINDING_get_thread_id, -BN_BLINDING_set_thread_id, BN_BLINDING_set_flags, BN_BLINDING_get_flags -and BN_BLINDING_create_param were first introduced in OpenSSL 0.9.8 - -=head1 AUTHOR - -Nils Larsch for the OpenSSL project (http://www.openssl.org). +BN_BLINDING_thread_id() was first introduced in OpenSSL 1.0.0, and it +deprecates BN_BLINDING_set_thread_id() and BN_BLINDING_get_thread_id(). =cut diff --git a/doc/crypto/BN_CTX_new.pod b/doc/crypto/BN_CTX_new.pod index 005c9f889a..df432c77cb 100644 --- a/doc/crypto/BN_CTX_new.pod +++ b/doc/crypto/BN_CTX_new.pod @@ -62,8 +62,6 @@ L =head1 HISTORY -BN_CTX_new() and BN_CTX_free() are available in all versions on SSLeay -and OpenSSL. BN_CTX_init() was added in SSLeay 0.9.1b and removed in OpenSSL -1.1.0. +BN_CTX_init() was removed in OpenSSL 1.1.0. =cut diff --git a/doc/crypto/BN_CTX_start.pod b/doc/crypto/BN_CTX_start.pod index 57ddff6561..2e23be27a7 100644 --- a/doc/crypto/BN_CTX_start.pod +++ b/doc/crypto/BN_CTX_start.pod @@ -45,8 +45,4 @@ can be obtained by L. L -=head1 HISTORY - -BN_CTX_start(), BN_CTX_get() and BN_CTX_end() were added in OpenSSL 0.9.5. - =cut diff --git a/doc/crypto/BN_add.pod b/doc/crypto/BN_add.pod index 38eeb3cd68..942048c10d 100644 --- a/doc/crypto/BN_add.pod +++ b/doc/crypto/BN_add.pod @@ -114,13 +114,4 @@ The error codes can be obtained by L. L, L, L, L, L -=head1 HISTORY - -BN_add(), BN_sub(), BN_sqr(), BN_div(), BN_mod(), BN_mod_mul(), -BN_mod_exp() and BN_gcd() are available in all versions of SSLeay and -OpenSSL. The I argument to BN_mul() was added in SSLeay -0.9.1b. BN_exp() appeared in SSLeay 0.9.0. -BN_nnmod(), BN_mod_add(), BN_mod_sub(), and BN_mod_sqr() were added in -OpenSSL 0.9.7. - =cut diff --git a/doc/crypto/BN_add_word.pod b/doc/crypto/BN_add_word.pod index 4f472adb8a..1bbe31b0ce 100644 --- a/doc/crypto/BN_add_word.pod +++ b/doc/crypto/BN_add_word.pod @@ -49,13 +49,4 @@ B<(BN_ULONG)-1> if an error occurred. L, L, L -=head1 HISTORY - -BN_add_word() and BN_mod_word() are available in all versions of -SSLeay and OpenSSL. BN_div_word() was added in SSLeay 0.8, and -BN_sub_word() and BN_mul_word() in SSLeay 0.9.0. - -Before 0.9.8a the return value for BN_div_word() and BN_mod_word() -in case of an error was 0. - =cut diff --git a/doc/crypto/BN_bn2bin.pod b/doc/crypto/BN_bn2bin.pod index dbcd11f0e5..dd1007d2ce 100644 --- a/doc/crypto/BN_bn2bin.pod +++ b/doc/crypto/BN_bn2bin.pod @@ -84,12 +84,4 @@ L, L, L, L, L -=head1 HISTORY - -BN_bn2bin(), BN_bin2bn(), BN_print_fp() and BN_print() are available -in all versions of SSLeay and OpenSSL. - -BN_bn2hex(), BN_bn2dec(), BN_hex2bn(), BN_dec2bn(), BN_bn2mpi() and -BN_mpi2bn() were added in SSLeay 0.9.0. - =cut diff --git a/doc/crypto/BN_cmp.pod b/doc/crypto/BN_cmp.pod index 6a9e341eb8..6c33314766 100644 --- a/doc/crypto/BN_cmp.pod +++ b/doc/crypto/BN_cmp.pod @@ -39,10 +39,4 @@ the condition is true, 0 otherwise. L -=head1 HISTORY - -BN_cmp(), BN_ucmp(), BN_is_zero(), BN_is_one() and BN_is_word() are -available in all versions of SSLeay and OpenSSL. -BN_is_odd() was added in SSLeay 0.8. - =cut diff --git a/doc/crypto/BN_copy.pod b/doc/crypto/BN_copy.pod index 834440fd35..4de9c1ad17 100644 --- a/doc/crypto/BN_copy.pod +++ b/doc/crypto/BN_copy.pod @@ -27,8 +27,4 @@ by L. L, L -=head1 HISTORY - -BN_copy() and BN_dup() are available in all versions of SSLeay and OpenSSL. - =cut diff --git a/doc/crypto/BN_generate_prime.pod b/doc/crypto/BN_generate_prime.pod index 316d12fca3..90f399dea6 100644 --- a/doc/crypto/BN_generate_prime.pod +++ b/doc/crypto/BN_generate_prime.pod @@ -177,10 +177,7 @@ L, L, L =head1 HISTORY -The B arguments to BN_generate_prime() and to BN_is_prime() -were added in SSLeay 0.9.0. The B argument to BN_generate_prime() -was added in SSLeay 0.9.1. -BN_is_prime_fasttest() was added in OpenSSL 0.9.5. BN_GENCB_new, BN_GENCB_free -and BN_GENCB_get_arg were added in OpenSSL 1.1.0 +BN_GENCB_new(), BN_GENCB_free(), +and BN_GENCB_get_arg() were added in OpenSSL 1.1.0 =cut diff --git a/doc/crypto/BN_mod_inverse.pod b/doc/crypto/BN_mod_inverse.pod index 97bb378558..e54bccf5fe 100644 --- a/doc/crypto/BN_mod_inverse.pod +++ b/doc/crypto/BN_mod_inverse.pod @@ -29,8 +29,4 @@ NULL on error. The error codes can be obtained by L. L, L, L -=head1 HISTORY - -BN_mod_inverse() is available in all versions of SSLeay and OpenSSL. - =cut diff --git a/doc/crypto/BN_mod_mul_montgomery.pod b/doc/crypto/BN_mod_mul_montgomery.pod index 9a18a09b74..b4a09a26d8 100644 --- a/doc/crypto/BN_mod_mul_montgomery.pod +++ b/doc/crypto/BN_mod_mul_montgomery.pod @@ -96,11 +96,6 @@ L =head1 HISTORY -BN_MONT_CTX_new(), BN_MONT_CTX_free(), BN_MONT_CTX_set(), -BN_mod_mul_montgomery(), BN_from_montgomery() and BN_to_montgomery() -are available in all versions of SSLeay and OpenSSL. - -BN_MONT_CTX_init() and BN_MONT_CTX_copy() were added in SSLeay 0.9.1b. -BN_MONT_CTX_init was removed in OpenSSL 1.1.0 +BN_MONT_CTX_init() was removed in OpenSSL 1.1.0 =cut diff --git a/doc/crypto/BN_mod_mul_reciprocal.pod b/doc/crypto/BN_mod_mul_reciprocal.pod index 20357dcacf..f03feb2d96 100644 --- a/doc/crypto/BN_mod_mul_reciprocal.pod +++ b/doc/crypto/BN_mod_mul_reciprocal.pod @@ -83,8 +83,6 @@ L =head1 HISTORY -B was added in SSLeay 0.9.0. Before that, the function -BN_reciprocal() was used instead, and the BN_mod_mul_reciprocal() -arguments were different. BN_RECP_CTX_init was removed in OpenSSL 1.1.0 +BN_RECP_CTX_init was removed in OpenSSL 1.1.0 =cut diff --git a/doc/crypto/BN_new.pod b/doc/crypto/BN_new.pod index f5b5100083..0629b19d5e 100644 --- a/doc/crypto/BN_new.pod +++ b/doc/crypto/BN_new.pod @@ -61,8 +61,6 @@ L, L =head1 HISTORY -BN_new(), BN_clear(), BN_free() and BN_clear_free() are available in -all versions on SSLeay and OpenSSL. BN_init() was added in SSLeay -0.9.1b and removed in OpenSSL 1.1.0. +BN_init() was removed in OpenSSL 1.1.0. =cut diff --git a/doc/crypto/BN_num_bytes.pod b/doc/crypto/BN_num_bytes.pod index 54f200b2da..30ee3e54c7 100644 --- a/doc/crypto/BN_num_bytes.pod +++ b/doc/crypto/BN_num_bytes.pod @@ -49,9 +49,4 @@ more probability). L, L, L, L -=head1 HISTORY - -BN_num_bytes(), BN_num_bits() and BN_num_bits_word() are available in -all versions of SSLeay and OpenSSL. - =cut diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod index 1abcdd42db..c4f98b69ca 100644 --- a/doc/crypto/BN_rand.pod +++ b/doc/crypto/BN_rand.pod @@ -49,11 +49,4 @@ The error codes can be obtained by L. L, L, L, L, L -=head1 HISTORY - -BN_rand() is available in all versions of SSLeay and OpenSSL. -BN_pseudo_rand() was added in OpenSSL 0.9.5. The B == -1 case -and the function BN_rand_range() were added in OpenSSL 0.9.6a. -BN_pseudo_rand_range() was added in OpenSSL 0.9.6c. - =cut diff --git a/doc/crypto/BN_set_bit.pod b/doc/crypto/BN_set_bit.pod index 20c24f0413..13bf231cec 100644 --- a/doc/crypto/BN_set_bit.pod +++ b/doc/crypto/BN_set_bit.pod @@ -57,10 +57,4 @@ can be obtained by L. L, L, L -=head1 HISTORY - -BN_set_bit(), BN_clear_bit(), BN_is_bit_set(), BN_mask_bits(), -BN_lshift(), BN_lshift1(), BN_rshift(), and BN_rshift1() are available -in all versions of SSLeay and OpenSSL. - =cut diff --git a/doc/crypto/BN_swap.pod b/doc/crypto/BN_swap.pod index 8e764e39a4..04582e9fa0 100644 --- a/doc/crypto/BN_swap.pod +++ b/doc/crypto/BN_swap.pod @@ -16,8 +16,4 @@ BN_swap() exchanges the values of I and I. L -=head1 HISTORY - -BN_swap was added in OpenSSL 0.9.7. - =cut diff --git a/doc/crypto/BN_zero.pod b/doc/crypto/BN_zero.pod index 6b0c6392b4..e0f653f81e 100644 --- a/doc/crypto/BN_zero.pod +++ b/doc/crypto/BN_zero.pod @@ -47,13 +47,4 @@ unsigned long but this value is also returned on error. L, L -=head1 HISTORY - -BN_zero(), BN_one() and BN_set_word() are available in all versions of -SSLeay and OpenSSL. BN_value_one() and BN_get_word() were added in -SSLeay 0.8. - -BN_value_one() was changed to return a true const BIGNUM * in OpenSSL -0.9.7. - =cut diff --git a/doc/crypto/CMS_add0_cert.pod b/doc/crypto/CMS_add0_cert.pod index ec1280198e..dc2cf46837 100644 --- a/doc/crypto/CMS_add0_cert.pod +++ b/doc/crypto/CMS_add0_cert.pod @@ -58,9 +58,4 @@ L, L, L -=head1 HISTORY - -CMS_add0_cert(), CMS_add1_cert(), CMS_get1_certs(), CMS_add0_crl() -and CMS_get1_crls() were all first added to OpenSSL 0.9.8 - =cut diff --git a/doc/crypto/CMS_add1_recipient_cert.pod b/doc/crypto/CMS_add1_recipient_cert.pod index 4f947034bc..4efe086b9e 100644 --- a/doc/crypto/CMS_add1_recipient_cert.pod +++ b/doc/crypto/CMS_add1_recipient_cert.pod @@ -54,9 +54,4 @@ occurs. L, L, L, -=head1 HISTORY - -CMS_add1_recipient_cert() and CMS_add0_recipient_key() were added to OpenSSL -0.9.8 - =cut diff --git a/doc/crypto/CMS_add1_signer.pod b/doc/crypto/CMS_add1_signer.pod index 2bcac66aad..0f43ea7230 100644 --- a/doc/crypto/CMS_add1_signer.pod +++ b/doc/crypto/CMS_add1_signer.pod @@ -94,8 +94,4 @@ structure just added or NULL if an error occurs. L, L, L, -=head1 HISTORY - -CMS_add1_signer() was added to OpenSSL 0.9.8 - =cut diff --git a/doc/crypto/CMS_compress.pod b/doc/crypto/CMS_compress.pod index 583b1ecc89..e2ead0e51b 100644 --- a/doc/crypto/CMS_compress.pod +++ b/doc/crypto/CMS_compress.pod @@ -67,7 +67,6 @@ L, L =head1 HISTORY -CMS_compress() was added to OpenSSL 0.9.8 -The B flag was first supported in OpenSSL 1.0.0. +The B flag was added in OpenSSL 1.0.0. =cut diff --git a/doc/crypto/CMS_decrypt.pod b/doc/crypto/CMS_decrypt.pod index 99e48117d2..06bc1062bc 100644 --- a/doc/crypto/CMS_decrypt.pod +++ b/doc/crypto/CMS_decrypt.pod @@ -72,8 +72,4 @@ mentioned in CMS_verify() also applies to CMS_decrypt(). L, L -=head1 HISTORY - -CMS_decrypt() was added to OpenSSL 0.9.8 - =cut diff --git a/doc/crypto/CMS_encrypt.pod b/doc/crypto/CMS_encrypt.pod index 4750942596..b58b0fcc4c 100644 --- a/doc/crypto/CMS_encrypt.pod +++ b/doc/crypto/CMS_encrypt.pod @@ -90,7 +90,6 @@ L, L =head1 HISTORY -CMS_decrypt() was added to OpenSSL 0.9.8 The B flag was first supported in OpenSSL 1.0.0. =cut diff --git a/doc/crypto/CMS_final.pod b/doc/crypto/CMS_final.pod index 227ca839b2..c0f4ef9df2 100644 --- a/doc/crypto/CMS_final.pod +++ b/doc/crypto/CMS_final.pod @@ -34,8 +34,4 @@ CMS_final() returns 1 for success or 0 for failure. L, L, L -=head1 HISTORY - -CMS_final() was added to OpenSSL 0.9.8 - =cut diff --git a/doc/crypto/CMS_get0_RecipientInfos.pod b/doc/crypto/CMS_get0_RecipientInfos.pod index cc14af7d3e..93bebb7fda 100644 --- a/doc/crypto/CMS_get0_RecipientInfos.pod +++ b/doc/crypto/CMS_get0_RecipientInfos.pod @@ -113,8 +113,4 @@ Any error can be obtained from L. L, L -=head1 HISTORY - -These functions were first was added to OpenSSL 0.9.8 - =cut diff --git a/doc/crypto/CMS_get0_SignerInfos.pod b/doc/crypto/CMS_get0_SignerInfos.pod index 531c338c53..e6365321f1 100644 --- a/doc/crypto/CMS_get0_SignerInfos.pod +++ b/doc/crypto/CMS_get0_SignerInfos.pod @@ -74,8 +74,4 @@ Any error can be obtained from L L, L -=head1 HISTORY - -These functions were first was added to OpenSSL 0.9.8 - =cut diff --git a/doc/crypto/CMS_get0_type.pod b/doc/crypto/CMS_get0_type.pod index 75ef40ae05..80fc303dea 100644 --- a/doc/crypto/CMS_get0_type.pod +++ b/doc/crypto/CMS_get0_type.pod @@ -69,9 +69,4 @@ error can be obtained from ERR_get_error(3). L -=head1 HISTORY - -CMS_get0_type(), CMS_set1_eContentType() and CMS_get0_eContentType() were all -first added to OpenSSL 0.9.8 - =cut diff --git a/doc/crypto/CMS_get1_ReceiptRequest.pod b/doc/crypto/CMS_get1_ReceiptRequest.pod index f94baac24b..81206eb6d7 100644 --- a/doc/crypto/CMS_get1_ReceiptRequest.pod +++ b/doc/crypto/CMS_get1_ReceiptRequest.pod @@ -60,10 +60,4 @@ L, L, L, L L -=head1 HISTORY - -CMS_ReceiptRequest_create0(), CMS_add1_ReceiptRequest(), -CMS_get1_ReceiptRequest() and CMS_ReceiptRequest_get0_values() were added to -OpenSSL 0.9.8 - =cut diff --git a/doc/crypto/CMS_sign.pod b/doc/crypto/CMS_sign.pod index e05f854d86..108b13e5e7 100644 --- a/doc/crypto/CMS_sign.pod +++ b/doc/crypto/CMS_sign.pod @@ -113,8 +113,6 @@ L, L =head1 HISTORY -CMS_sign() was added to OpenSSL 0.9.8 - The B flag is only supported for detached data in OpenSSL 0.9.8, it is supported for embedded data in OpenSSL 1.0.0 and later. diff --git a/doc/crypto/CMS_sign_receipt.pod b/doc/crypto/CMS_sign_receipt.pod index 2083c88bb6..99a0b14c2f 100644 --- a/doc/crypto/CMS_sign_receipt.pod +++ b/doc/crypto/CMS_sign_receipt.pod @@ -38,8 +38,4 @@ L, L, L -=head1 HISTORY - -CMS_sign_receipt() was added to OpenSSL 0.9.8 - =cut diff --git a/doc/crypto/CMS_uncompress.pod b/doc/crypto/CMS_uncompress.pod index c6943acb24..44512a4853 100644 --- a/doc/crypto/CMS_uncompress.pod +++ b/doc/crypto/CMS_uncompress.pod @@ -47,8 +47,4 @@ mentioned in CMS_verify() also applies to CMS_decompress(). L, L -=head1 HISTORY - -CMS_uncompress() was added to OpenSSL 0.9.8 - =cut diff --git a/doc/crypto/CMS_verify.pod b/doc/crypto/CMS_verify.pod index 47ca32b188..d4baffe33b 100644 --- a/doc/crypto/CMS_verify.pod +++ b/doc/crypto/CMS_verify.pod @@ -119,8 +119,4 @@ be held in memory if it is not detached. L, L -=head1 HISTORY - -CMS_verify() was added to OpenSSL 0.9.8 - =cut diff --git a/doc/crypto/CMS_verify_receipt.pod b/doc/crypto/CMS_verify_receipt.pod index 1dcc3b8edc..15ec54c2d2 100644 --- a/doc/crypto/CMS_verify_receipt.pod +++ b/doc/crypto/CMS_verify_receipt.pod @@ -40,8 +40,4 @@ L, L, L, -=head1 HISTORY - -CMS_verify_receipt() was added to OpenSSL 0.9.8 - =cut diff --git a/doc/crypto/CONF_modules_free.pod b/doc/crypto/CONF_modules_free.pod index 866bd3f1d7..37a7b16000 100644 --- a/doc/crypto/CONF_modules_free.pod +++ b/doc/crypto/CONF_modules_free.pod @@ -39,9 +39,4 @@ None of the functions return a value. L, L, L -=head1 HISTORY - -CONF_modules_free(), CONF_modules_unload(), and CONF_modules_finish() -first appeared in OpenSSL 0.9.7. - =cut diff --git a/doc/crypto/CONF_modules_load_file.pod b/doc/crypto/CONF_modules_load_file.pod index e9930fe78e..53202a7d57 100644 --- a/doc/crypto/CONF_modules_load_file.pod +++ b/doc/crypto/CONF_modules_load_file.pod @@ -130,8 +130,4 @@ return value of the failing module (this will always be zero or negative). L, L, L, L -=head1 HISTORY - -CONF_modules_load_file and CONF_modules_load first appeared in OpenSSL 0.9.7. - =cut diff --git a/doc/crypto/CRYPTO_set_ex_data.pod b/doc/crypto/CRYPTO_set_ex_data.pod index 8b6c3dee13..9ba3fb7f92 100644 --- a/doc/crypto/CRYPTO_set_ex_data.pod +++ b/doc/crypto/CRYPTO_set_ex_data.pod @@ -46,8 +46,4 @@ L, L, L -=head1 HISTORY - -CRYPTO_set_ex_data() and CRYPTO_get_ex_data() have been available since SSLeay 0.9.0. - =cut diff --git a/doc/crypto/DH_generate_key.pod b/doc/crypto/DH_generate_key.pod index d787704bd2..b37decc490 100644 --- a/doc/crypto/DH_generate_key.pod +++ b/doc/crypto/DH_generate_key.pod @@ -42,9 +42,4 @@ The error codes can be obtained by L. L, L, L, L -=head1 HISTORY - -DH_generate_key() and DH_compute_key() are available in all versions -of SSLeay and OpenSSL. - =cut diff --git a/doc/crypto/DH_generate_parameters.pod b/doc/crypto/DH_generate_parameters.pod index ebbb1848f9..1491d9f679 100644 --- a/doc/crypto/DH_generate_parameters.pod +++ b/doc/crypto/DH_generate_parameters.pod @@ -71,12 +71,4 @@ a usable generator. L, L, L, L -=head1 HISTORY - -DH_check() is available in all versions of SSLeay and OpenSSL. -The B argument to DH_generate_parameters() was added in SSLeay 0.9.0. - -In versions before OpenSSL 0.9.5, DH_CHECK_P_NOT_STRONG_PRIME is used -instead of DH_CHECK_P_NOT_SAFE_PRIME. - =cut diff --git a/doc/crypto/DH_get_ex_new_index.pod b/doc/crypto/DH_get_ex_new_index.pod index 18714633bc..0c113c7304 100644 --- a/doc/crypto/DH_get_ex_new_index.pod +++ b/doc/crypto/DH_get_ex_new_index.pod @@ -28,9 +28,4 @@ as described in L. L, L -=head1 HISTORY - -DH_get_ex_new_index(), DH_set_ex_data() and DH_get_ex_data() are -available since OpenSSL 0.9.5. - =cut diff --git a/doc/crypto/DH_new.pod b/doc/crypto/DH_new.pod index 2d9fecdb5a..450039c728 100644 --- a/doc/crypto/DH_new.pod +++ b/doc/crypto/DH_new.pod @@ -34,8 +34,4 @@ L, L, L, L -=head1 HISTORY - -DH_new() and DH_free() are available in all versions of SSLeay and OpenSSL. - =cut diff --git a/doc/crypto/DH_set_method.pod b/doc/crypto/DH_set_method.pod index 8b80f5cc8d..62d1ee192b 100644 --- a/doc/crypto/DH_set_method.pod +++ b/doc/crypto/DH_set_method.pod @@ -97,33 +97,8 @@ DH_new_method() returns NULL and sets an error code that can be obtained by L if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. -=head1 NOTES - -As of version 0.9.7, DH_METHOD implementations are grouped together with other -algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B modules. If a -default ENGINE is specified for DH functionality using an ENGINE API function, -that will override any DH defaults set using the DH API (ie. -DH_set_default_method()). For this reason, the ENGINE API is the recommended way -to control default implementations for use in DH and other cryptographic -algorithms. - =head1 SEE ALSO L, L -=head1 HISTORY - -DH_set_default_method(), DH_get_default_method(), DH_set_method(), -DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4. - -DH_set_default_openssl_method() and DH_get_default_openssl_method() replaced -DH_set_default_method() and DH_get_default_method() respectively, and -DH_set_method() and DH_new_method() were altered to use Bs rather than -Bs during development of the engine version of OpenSSL 0.9.6. For -0.9.7, the handling of defaults in the ENGINE API was restructured so that this -change was reversed, and behaviour of the other functions resembled more closely -the previous behaviour. The behaviour of defaults in the ENGINE API now -transparently overrides the behaviour of defaults in the DH API without -requiring changing these function prototypes. - =cut diff --git a/doc/crypto/DH_size.pod b/doc/crypto/DH_size.pod index ab28072e0b..f961eaa8db 100644 --- a/doc/crypto/DH_size.pod +++ b/doc/crypto/DH_size.pod @@ -33,7 +33,6 @@ L =head1 HISTORY -DH_size() is available in all versions of SSLeay and OpenSSL. DH_bits() was added in OpenSSL 1.1.0. =cut diff --git a/doc/crypto/DSA_SIG_new.pod b/doc/crypto/DSA_SIG_new.pod index aa2cb7d125..91bb513a0b 100644 --- a/doc/crypto/DSA_SIG_new.pod +++ b/doc/crypto/DSA_SIG_new.pod @@ -33,8 +33,4 @@ DSA_SIG_free() returns no value. L, L, L -=head1 HISTORY - -DSA_SIG_new() and DSA_SIG_free() were added in OpenSSL 0.9.3. - =cut diff --git a/doc/crypto/DSA_do_sign.pod b/doc/crypto/DSA_do_sign.pod index 7a1970b2aa..6c7cb3ca93 100644 --- a/doc/crypto/DSA_do_sign.pod +++ b/doc/crypto/DSA_do_sign.pod @@ -40,8 +40,4 @@ L, L, L, L, L -=head1 HISTORY - -DSA_do_sign() and DSA_do_verify() were added in OpenSSL 0.9.3. - =cut diff --git a/doc/crypto/DSA_dup_DH.pod b/doc/crypto/DSA_dup_DH.pod index b2e5325147..350e8aa3c1 100644 --- a/doc/crypto/DSA_dup_DH.pod +++ b/doc/crypto/DSA_dup_DH.pod @@ -29,8 +29,4 @@ Be careful to avoid small subgroup attacks when using this. L, L, L -=head1 HISTORY - -DSA_dup_DH() was added in OpenSSL 0.9.4. - =cut diff --git a/doc/crypto/DSA_generate_key.pod b/doc/crypto/DSA_generate_key.pod index 34a9efba30..bf396ed582 100644 --- a/doc/crypto/DSA_generate_key.pod +++ b/doc/crypto/DSA_generate_key.pod @@ -27,8 +27,4 @@ The error codes can be obtained by L. L, L, L, L -=head1 HISTORY - -DSA_generate_key() is available since SSLeay 0.8. - =cut diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod index ae13023d42..efe46eb734 100644 --- a/doc/crypto/DSA_generate_parameters.pod +++ b/doc/crypto/DSA_generate_parameters.pod @@ -108,13 +108,4 @@ Seed lengths E 20 are not supported. L, L, L, L, L -=head1 HISTORY - -DSA_generate_parameters() appeared in SSLeay 0.8. The B -argument was added in SSLeay 0.9.0. -In versions up to OpenSSL 0.9.4, B was called -in the inner loop of the Miller-Rabin test whenever it reached the -squaring step (the parameters to B did not reveal how many -witnesses had been tested); since OpenSSL 0.9.5, B -is called as in BN_is_prime(3), i.e. once for each witness. =cut diff --git a/doc/crypto/DSA_get_ex_new_index.pod b/doc/crypto/DSA_get_ex_new_index.pod index 43b29b35cc..b9ed01b01a 100644 --- a/doc/crypto/DSA_get_ex_new_index.pod +++ b/doc/crypto/DSA_get_ex_new_index.pod @@ -28,9 +28,4 @@ as described in L. L, L -=head1 HISTORY - -DSA_get_ex_new_index(), DSA_set_ex_data() and DSA_get_ex_data() are -available since OpenSSL 0.9.5. - =cut diff --git a/doc/crypto/DSA_new.pod b/doc/crypto/DSA_new.pod index 766cfd3657..320839c87c 100644 --- a/doc/crypto/DSA_new.pod +++ b/doc/crypto/DSA_new.pod @@ -36,8 +36,4 @@ L, L, L, L -=head1 HISTORY - -DSA_new() and DSA_free() are available in all versions of SSLeay and OpenSSL. - =cut diff --git a/doc/crypto/DSA_set_method.pod b/doc/crypto/DSA_set_method.pod index fe0d6e3da9..632aadbfd3 100644 --- a/doc/crypto/DSA_set_method.pod +++ b/doc/crypto/DSA_set_method.pod @@ -111,33 +111,8 @@ DSA_new_method() returns NULL and sets an error code that can be obtained by L if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. -=head1 NOTES - -As of version 0.9.7, DSA_METHOD implementations are grouped together with other -algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B modules. If a -default ENGINE is specified for DSA functionality using an ENGINE API function, -that will override any DSA defaults set using the DSA API (ie. -DSA_set_default_method()). For this reason, the ENGINE API is the recommended way -to control default implementations for use in DSA and other cryptographic -algorithms. - =head1 SEE ALSO L, L -=head1 HISTORY - -DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(), -DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4. - -DSA_set_default_openssl_method() and DSA_get_default_openssl_method() replaced -DSA_set_default_method() and DSA_get_default_method() respectively, and -DSA_set_method() and DSA_new_method() were altered to use Bs rather than -Bs during development of the engine version of OpenSSL 0.9.6. For -0.9.7, the handling of defaults in the ENGINE API was restructured so that this -change was reversed, and behaviour of the other functions resembled more closely -the previous behaviour. The behaviour of defaults in the ENGINE API now -transparently overrides the behaviour of defaults in the DSA API without -requiring changing these function prototypes. - =cut diff --git a/doc/crypto/DSA_sign.pod b/doc/crypto/DSA_sign.pod index da923abc85..1071ccab4c 100644 --- a/doc/crypto/DSA_sign.pod +++ b/doc/crypto/DSA_sign.pod @@ -58,9 +58,4 @@ Standard, DSS), ANSI X9.30 L, L, L, L -=head1 HISTORY - -DSA_sign() and DSA_verify() are available in all versions of SSLeay. -DSA_sign_setup() was added in SSLeay 0.8. - =cut diff --git a/doc/crypto/DSA_size.pod b/doc/crypto/DSA_size.pod index bc96cbdc5d..4333d6ddf8 100644 --- a/doc/crypto/DSA_size.pod +++ b/doc/crypto/DSA_size.pod @@ -26,8 +26,4 @@ The size in bytes. L, L -=head1 HISTORY - -DSA_size() is available in all versions of SSLeay and OpenSSL. - =cut diff --git a/doc/crypto/ERR_GET_LIB.pod b/doc/crypto/ERR_GET_LIB.pod index fe31f03ee7..3f0e36ade4 100644 --- a/doc/crypto/ERR_GET_LIB.pod +++ b/doc/crypto/ERR_GET_LIB.pod @@ -46,6 +46,6 @@ L, L =head1 HISTORY ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are available in -all versions of SSLeay and OpenSSL. +all versions of OpenSSL. =cut diff --git a/doc/crypto/ERR_clear_error.pod b/doc/crypto/ERR_clear_error.pod index d1da2b68e8..e54e34c46d 100644 --- a/doc/crypto/ERR_clear_error.pod +++ b/doc/crypto/ERR_clear_error.pod @@ -22,8 +22,4 @@ ERR_clear_error() has no return value. L, L -=head1 HISTORY - -ERR_clear_error() is available in all versions of SSLeay and OpenSSL. - =cut diff --git a/doc/crypto/ERR_error_string.pod b/doc/crypto/ERR_error_string.pod index b3f9a435aa..60df430667 100644 --- a/doc/crypto/ERR_error_string.pod +++ b/doc/crypto/ERR_error_string.pod @@ -65,9 +65,4 @@ L, L L -=head1 HISTORY - -ERR_error_string() is available in all versions of SSLeay and OpenSSL. -ERR_error_string_n() was added in OpenSSL 0.9.6. - =cut diff --git a/doc/crypto/ERR_get_error.pod b/doc/crypto/ERR_get_error.pod index 90b620c623..aa5047e0c1 100644 --- a/doc/crypto/ERR_get_error.pod +++ b/doc/crypto/ERR_get_error.pod @@ -67,13 +67,4 @@ The error code, or 0 if there is no error in the queue. L, L, L -=head1 HISTORY - -ERR_get_error(), ERR_peek_error(), ERR_get_error_line() and -ERR_peek_error_line() are available in all versions of SSLeay and -OpenSSL. ERR_get_error_line_data() and ERR_peek_error_line_data() -were added in SSLeay 0.9.0. -ERR_peek_last_error(), ERR_peek_last_error_line() and -ERR_peek_last_error_line_data() were added in OpenSSL 0.9.7. - =cut diff --git a/doc/crypto/ERR_load_crypto_strings.pod b/doc/crypto/ERR_load_crypto_strings.pod index b5ff885efe..b4af1fc509 100644 --- a/doc/crypto/ERR_load_crypto_strings.pod +++ b/doc/crypto/ERR_load_crypto_strings.pod @@ -37,10 +37,4 @@ ERR_free_strings() return no values. L, L -=head1 HISTORY - -ERR_load_error_strings(), SSL_load_error_strings() and -ERR_free_strings() are available in all versions of SSLeay and -OpenSSL. - =cut diff --git a/doc/crypto/ERR_load_strings.pod b/doc/crypto/ERR_load_strings.pod index 9edf7a3de3..0e212a0269 100644 --- a/doc/crypto/ERR_load_strings.pod +++ b/doc/crypto/ERR_load_strings.pod @@ -45,10 +45,4 @@ ERR_get_next_error_library() returns a new library number. L, L -=head1 HISTORY - -ERR_load_error_strings() and ERR_PACK() are available in all versions -of SSLeay and OpenSSL. ERR_get_next_error_library() was added in -SSLeay 0.9.0. - =cut diff --git a/doc/crypto/ERR_print_errors.pod b/doc/crypto/ERR_print_errors.pod index db890a9cea..3b0defe407 100644 --- a/doc/crypto/ERR_print_errors.pod +++ b/doc/crypto/ERR_print_errors.pod @@ -43,9 +43,4 @@ L, L, L -=head1 HISTORY - -ERR_print_errors() and ERR_print_errors_fp() -are available in all versions of SSLeay and OpenSSL. - =cut diff --git a/doc/crypto/ERR_put_error.pod b/doc/crypto/ERR_put_error.pod index a87dcae7de..f0a82f6156 100644 --- a/doc/crypto/ERR_put_error.pod +++ b/doc/crypto/ERR_put_error.pod @@ -36,9 +36,4 @@ no values. L, L -=head1 HISTORY - -ERR_put_error() is available in all versions of SSLeay and OpenSSL. -ERR_add_error_data() was added in SSLeay 0.9.0. - =cut diff --git a/doc/crypto/ERR_remove_state.pod b/doc/crypto/ERR_remove_state.pod index 236aeb4572..1d20fc2dc2 100644 --- a/doc/crypto/ERR_remove_state.pod +++ b/doc/crypto/ERR_remove_state.pod @@ -38,8 +38,8 @@ L =head1 HISTORY -ERR_remove_state() is available in all versions of SSLeay and OpenSSL. It -was deprecated in OpenSSL 1.0.0 when ERR_remove_thread_state was introduced +ERR_remove_state() +was deprecated in OpenSSL 1.0.0 when ERR_remove_thread_state() was introduced and thread IDs were introduced to identify threads instead of 'unsigned long'. =cut diff --git a/doc/crypto/ERR_set_mark.pod b/doc/crypto/ERR_set_mark.pod index 122a81bf05..d30f1c0077 100644 --- a/doc/crypto/ERR_set_mark.pod +++ b/doc/crypto/ERR_set_mark.pod @@ -31,8 +31,4 @@ implies that the stack became empty, otherwise 1. L -=head1 HISTORY - -ERR_set_mark() and ERR_pop_to_mark() were added in OpenSSL 0.9.8. - =cut diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod index 2d7f0dc558..1616309728 100644 --- a/doc/crypto/EVP_DigestInit.pod +++ b/doc/crypto/EVP_DigestInit.pod @@ -189,7 +189,7 @@ EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context instead of initializing and cleaning it up on each call and allow non default implementations of digests to be specified. -In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use +If digest contexts are not cleaned up after use memory leaks will occur. Stack allocation of EVP_MD_CTX structures is common, for example: @@ -260,22 +260,8 @@ L =head1 HISTORY -EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() are -available in all versions of SSLeay and OpenSSL. - -EVP_MD_CTX_init(), EVP_MD_CTX_create(), EVP_MD_CTX_copy_ex(), -EVP_MD_CTX_cleanup(), EVP_MD_CTX_destroy(), EVP_DigestInit_ex() -and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7. - -EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(), -EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were -changed to return truly const EVP_MD * in OpenSSL 0.9.7. - The link between digests and signing algorithms was fixed in OpenSSL 1.0 and later, so now EVP_sha1() can be used with RSA and DSA; there is no need to use EVP_dss1() any more. -OpenSSL 1.0 and later does not include the MD2 digest algorithm in the -default configuration due to its security weaknesses. - =cut diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod index 9a1bdefcde..8f3216b95d 100644 --- a/doc/crypto/EVP_EncryptInit.pod +++ b/doc/crypto/EVP_EncryptInit.pod @@ -614,13 +614,6 @@ L =head1 HISTORY -EVP_CIPHER_CTX_init(), EVP_EncryptInit_ex(), EVP_EncryptFinal_ex(), -EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(), EVP_CipherInit_ex(), -EVP_CipherFinal_ex() and EVP_CIPHER_CTX_set_padding() appeared in -OpenSSL 0.9.7. - -IDEA appeared in OpenSSL 0.9.7 but was often disabled due to -patent concerns; the last patents expired in 2012. - Support for OCB mode was added in OpenSSL 1.1.0 + =cut diff --git a/doc/crypto/EVP_PKEY_CTX_ctrl.pod b/doc/crypto/EVP_PKEY_CTX_ctrl.pod index 5710cfb861..cc27e54b0c 100644 --- a/doc/crypto/EVP_PKEY_CTX_ctrl.pod +++ b/doc/crypto/EVP_PKEY_CTX_ctrl.pod @@ -108,8 +108,8 @@ for DH parameter generation. If not specified 2 is used. The EVP_PKEY_CTX_set_ec_paramgen_curve_nid() sets the EC curve for EC parameter generation to B. For EC parameter generation this macro must be called -or an error occurs because there is no default curve. In OpenSSL 1.0.2 and -later this function can also be called to set the curve explicitly when +or an error occurs because there is no default curve. +This function can also be called to set the curve explicitly when generating an EC key. The EVP_PKEY_CTX_set_ec_param_enc() sets the EC parameter encoding to @@ -117,7 +117,7 @@ B when generating EC parameters or an EC key. The encoding can be B for explicit parameters (the default in versions of OpenSSL before 1.1.0) or B to use named curve form. For maximum compatibility the named curve form should be used. Note: the -B value was only added to OpenSSL 1.1.0: previous +B value was only added to OpenSSL 1.1.0; previous versions should use 0 instead. =head1 RETURN VALUES diff --git a/doc/crypto/EVP_SealInit.pod b/doc/crypto/EVP_SealInit.pod index 50271be39b..e920e3e310 100644 --- a/doc/crypto/EVP_SealInit.pod +++ b/doc/crypto/EVP_SealInit.pod @@ -78,8 +78,4 @@ L, L, L, L -=head1 HISTORY - -EVP_SealFinal() did not return a value before OpenSSL 0.9.7. - =cut diff --git a/doc/crypto/EVP_SignInit.pod b/doc/crypto/EVP_SignInit.pod index 9a91b91a0e..51d49c8cf8 100644 --- a/doc/crypto/EVP_SignInit.pod +++ b/doc/crypto/EVP_SignInit.pod @@ -96,11 +96,4 @@ L, L, L, L, L, L, L, L -=head1 HISTORY - -EVP_SignInit(), EVP_SignUpdate() and EVP_SignFinal() are -available in all versions of SSLeay and OpenSSL. - -EVP_SignInit_ex() was added in OpenSSL 0.9.7. - =cut diff --git a/doc/crypto/EVP_VerifyInit.pod b/doc/crypto/EVP_VerifyInit.pod index ee27de198b..1a1d98098f 100644 --- a/doc/crypto/EVP_VerifyInit.pod +++ b/doc/crypto/EVP_VerifyInit.pod @@ -85,11 +85,4 @@ L, L, L, L, L, L, L, L -=head1 HISTORY - -EVP_VerifyInit(), EVP_VerifyUpdate() and EVP_VerifyFinal() are -available in all versions of SSLeay and OpenSSL. - -EVP_VerifyInit_ex() was added in OpenSSL 0.9.7 - =cut diff --git a/doc/crypto/OPENSSL_VERSION_NUMBER.pod b/doc/crypto/OPENSSL_VERSION_NUMBER.pod index f76a9d3f37..c8fed0f255 100644 --- a/doc/crypto/OPENSSL_VERSION_NUMBER.pod +++ b/doc/crypto/OPENSSL_VERSION_NUMBER.pod @@ -2,7 +2,7 @@ =head1 NAME -OPENSSL_VERSION_NUMBER, SSLeay, SSLeay_version - get OpenSSL version number +OPENSSL_VERSION_NUMBER, OpenSSL_version - get OpenSSL version number =head1 SYNOPSIS @@ -10,8 +10,7 @@ OPENSSL_VERSION_NUMBER, SSLeay, SSLeay_version - get OpenSSL version number #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL #include - long SSLeay(void); - const char *SSLeay_version(int t); + const char *OpenSSL_version(int t); =head1 DESCRIPTION @@ -44,38 +43,34 @@ except the patch level got the highest bit set, to keep continuity. The number was therefore 0x0090581f. -For backward compatibility, SSLEAY_VERSION_NUMBER is also defined. +For backward compatibility, OPENSSL_VERSION_NUMBER is also defined. -SSLeay() returns this number. The return value can be compared to the -macro to make sure that the correct version of the library has been -loaded, especially when using DLLs on Windows systems. - -SSLeay_version() returns different strings depending on B: +OpenSSL_version() returns different strings depending on B: =over 4 -=item SSLEAY_VERSION +=item OPENSSL_VERSION The text variant of the version number and the release date. For example, -"OpenSSL 0.9.5a 1 Apr 2000". +"OpenSSL 1.0.1a 15 Oct 2015". -=item SSLEAY_CFLAGS +=item OPENSSL_CFLAGS The compiler flags set for the compilation process in the form "compiler: ..." if available or "compiler: information not available" otherwise. -=item SSLEAY_BUILT_ON +=item OPENSSL_BUILT_ON The date of the build process in the form "built on: ..." if available or "built on: date not available" otherwise. -=item SSLEAY_PLATFORM +=item OPENSSL_PLATFORM The "Configure" target of the library build in the form "platform: ..." if available or "platform: information not available" otherwise. -=item SSLEAY_DIR +=item OPENSSL_DIR The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "..."" if available or "OPENSSLDIR: N/A" otherwise. @@ -92,10 +87,4 @@ The version number. L -=head1 HISTORY - -SSLeay() and SSLEAY_VERSION_NUMBER are available in all versions of SSLeay and OpenSSL. -OPENSSL_VERSION_NUMBER is available in all versions of OpenSSL. -B was added in OpenSSL 0.9.7. - =cut diff --git a/doc/crypto/OPENSSL_config.pod b/doc/crypto/OPENSSL_config.pod index cc86f24f6e..fbf8b6d2c3 100644 --- a/doc/crypto/OPENSSL_config.pod +++ b/doc/crypto/OPENSSL_config.pod @@ -42,9 +42,7 @@ Applications should instead call CONF_modules_load() during initialization (that is before starting any threads). There are several reasons why calling the OpenSSL configuration routines is -advisable. For example new ENGINE functionality was added to OpenSSL 0.9.7. -In OpenSSL 0.9.7 control functions can be supported by ENGINEs, this can be -used (among other things) to load dynamic ENGINEs from shared libraries (DSOs). +advisable. For example, to load dynamic ENGINEs from shared libraries (DSOs). However very few applications currently support the control interface and so very few can load and use dynamic ENGINEs. Equally in future more sophisticated ENGINEs will require certain control operations to customize them. If an @@ -62,8 +60,4 @@ L, L, L -=head1 HISTORY - -OPENSSL_config() and OPENSSL_no_config() first appeared in OpenSSL 0.9.7 - =cut diff --git a/doc/crypto/OPENSSL_load_builtin_modules.pod b/doc/crypto/OPENSSL_load_builtin_modules.pod index 8ff3d79460..20ca44c3b4 100644 --- a/doc/crypto/OPENSSL_load_builtin_modules.pod +++ b/doc/crypto/OPENSSL_load_builtin_modules.pod @@ -44,8 +44,4 @@ None of the functions return a value. L, L -=head1 HISTORY - -These functions first appeared in OpenSSL 0.9.7. - =cut diff --git a/doc/crypto/PKCS12_create.pod b/doc/crypto/PKCS12_create.pod index 76edc4800b..46b24c5998 100644 --- a/doc/crypto/PKCS12_create.pod +++ b/doc/crypto/PKCS12_create.pod @@ -46,11 +46,6 @@ export grade software which could use signing only keys of arbitrary size but had restrictions on the permissible sizes of keys which could be used for encryption. -=head1 NEW FUNCTIONALITY IN OPENSSL 0.9.8 - -Some additional functionality was added to PKCS12_create() in OpenSSL -0.9.8. These extensions are detailed below. - If a certificate contains an B or B then this will be used for the corresponding B or B in the PKCS12 structure. @@ -68,8 +63,4 @@ B can be set to -1 and the MAC will then be omitted entirely. L -=head1 HISTORY - -PKCS12_create was added in OpenSSL 0.9.3 - =cut diff --git a/doc/crypto/PKCS12_parse.pod b/doc/crypto/PKCS12_parse.pod index 3691a9b254..f02220e358 100644 --- a/doc/crypto/PKCS12_parse.pod +++ b/doc/crypto/PKCS12_parse.pod @@ -50,8 +50,4 @@ Attributes currently cannot be stored in the private key B structure. L -=head1 HISTORY - -PKCS12_parse was added in OpenSSL 0.9.3 - =cut diff --git a/doc/crypto/PKCS7_decrypt.pod b/doc/crypto/PKCS7_decrypt.pod index 9bb367d800..71313b80ff 100644 --- a/doc/crypto/PKCS7_decrypt.pod +++ b/doc/crypto/PKCS7_decrypt.pod @@ -48,8 +48,4 @@ mentioned in PKCS7_sign() also applies to PKCS7_verify(). L, L -=head1 HISTORY - -PKCS7_decrypt() was added to OpenSSL 0.9.5 - =cut diff --git a/doc/crypto/PKCS7_encrypt.pod b/doc/crypto/PKCS7_encrypt.pod index 71618d9c87..12475cf601 100644 --- a/doc/crypto/PKCS7_encrypt.pod +++ b/doc/crypto/PKCS7_encrypt.pod @@ -74,7 +74,6 @@ L, L =head1 HISTORY -PKCS7_decrypt() was added to OpenSSL 0.9.5 -The B flag was first supported in OpenSSL 1.0.0. +The B flag was added in OpenSSL 1.0.0. =cut diff --git a/doc/crypto/PKCS7_sign.pod b/doc/crypto/PKCS7_sign.pod index f6fe3b6e71..07d4dc4e69 100644 --- a/doc/crypto/PKCS7_sign.pod +++ b/doc/crypto/PKCS7_sign.pod @@ -80,13 +80,13 @@ BIO_new_PKCS7(). If a signer is specified it will use the default digest for the signing algorithm. This is B for both RSA and DSA keys. -In OpenSSL 1.0.0 the B, B and B parameters can all be +The B, B and B parameters can all be B if the B flag is set. One or more signers can be added using the function B. B must also be called to finalize the structure if streaming is not enabled. Alternative signing digests can also be specified using this method. -In OpenSSL 1.0.0 if B and B are NULL then a certificates only +If B and B are NULL then a certificates only PKCS#7 structure is output. In versions of OpenSSL before 1.0.0 the B and B parameters must @@ -107,9 +107,8 @@ L, L =head1 HISTORY -PKCS7_sign() was added to OpenSSL 0.9.5 - -The B flag was added in OpenSSL 1.0.0 +The B flag, and the ability for B, B, +and B parameters to be B to be was added in OpenSSL 1.0.0 The B flag was added in OpenSSL 1.0.0 diff --git a/doc/crypto/PKCS7_verify.pod b/doc/crypto/PKCS7_verify.pod index b440f4dcb3..3a5300ad79 100644 --- a/doc/crypto/PKCS7_verify.pod +++ b/doc/crypto/PKCS7_verify.pod @@ -111,8 +111,4 @@ mentioned in PKCS7_sign() also applies to PKCS7_verify(). L, L -=head1 HISTORY - -PKCS7_verify() was added to OpenSSL 0.9.5 - =cut diff --git a/doc/crypto/RAND_add.pod b/doc/crypto/RAND_add.pod index b160eeb699..d54e1f5bd9 100644 --- a/doc/crypto/RAND_add.pod +++ b/doc/crypto/RAND_add.pod @@ -68,10 +68,4 @@ The other functions do not return values. L, L, L, L -=head1 HISTORY - -RAND_seed() and RAND_screen() are available in all versions of SSLeay -and OpenSSL. RAND_add() and RAND_status() have been added in OpenSSL -0.9.5, RAND_event() in OpenSSL 0.9.5a. - =cut diff --git a/doc/crypto/RAND_bytes.pod b/doc/crypto/RAND_bytes.pod index 6a41c37103..d57618de4b 100644 --- a/doc/crypto/RAND_bytes.pod +++ b/doc/crypto/RAND_bytes.pod @@ -44,10 +44,4 @@ method. L, L, L -=head1 HISTORY - -RAND_bytes() is available in all versions of SSLeay and OpenSSL. It -has a return value since OpenSSL 0.9.5. RAND_pseudo_bytes() was added -in OpenSSL 0.9.5. - =cut diff --git a/doc/crypto/RAND_cleanup.pod b/doc/crypto/RAND_cleanup.pod index e9b3af934b..88efb9a048 100644 --- a/doc/crypto/RAND_cleanup.pod +++ b/doc/crypto/RAND_cleanup.pod @@ -22,8 +22,4 @@ RAND_cleanup() returns no value. L -=head1 HISTORY - -RAND_cleanup() is available in all versions of SSLeay and OpenSSL. - =cut diff --git a/doc/crypto/RAND_egd.pod b/doc/crypto/RAND_egd.pod index 5a28545986..4c68113809 100644 --- a/doc/crypto/RAND_egd.pod +++ b/doc/crypto/RAND_egd.pod @@ -75,14 +75,4 @@ success, and -1 if the connection failed. The PRNG state is not considered. L, L, L -=head1 HISTORY - -RAND_egd() is available since OpenSSL 0.9.5. - -RAND_egd_bytes() is available since OpenSSL 0.9.6. - -RAND_query_egd_bytes() is available since OpenSSL 0.9.7. - -The automatic query of /var/run/egd-pool et al was added in OpenSSL 0.9.7. - =cut diff --git a/doc/crypto/RAND_load_file.pod b/doc/crypto/RAND_load_file.pod index e19757e40e..debf06fa2e 100644 --- a/doc/crypto/RAND_load_file.pod +++ b/doc/crypto/RAND_load_file.pod @@ -24,7 +24,7 @@ too small for the path name, an error occurs. RAND_load_file() reads a number of bytes from file B and adds them to the PRNG. If B is non-negative, -up to to B are read; starting with OpenSSL 0.9.5, +up to to B are read; if B is -1, the complete file is read. RAND_write_file() writes a number of random bytes (currently 1024) to @@ -45,9 +45,4 @@ error. L, L, L -=head1 HISTORY - -RAND_load_file(), RAND_write_file() and RAND_file_name() are available in -all versions of SSLeay and OpenSSL. - =cut diff --git a/doc/crypto/RAND_set_rand_method.pod b/doc/crypto/RAND_set_rand_method.pod index a2828e3d47..fe7f44162d 100644 --- a/doc/crypto/RAND_set_rand_method.pod +++ b/doc/crypto/RAND_set_rand_method.pod @@ -57,7 +57,7 @@ RAND_SSLeay() return pointers to the respective methods. =head1 NOTES -As of version 0.9.7, RAND_METHOD implementations are grouped together with other +RAND_METHOD implementations are grouped together with other algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B modules. If a default ENGINE is specified for RAND functionality using an ENGINE API function, that will override any RAND defaults set using the RAND API (ie. @@ -69,15 +69,4 @@ algorithms. L, L -=head1 HISTORY - -RAND_set_rand_method(), RAND_get_rand_method() and RAND_SSLeay() are -available in all versions of OpenSSL. - -In the engine version of version 0.9.6, RAND_set_rand_method() was altered to -take an ENGINE pointer as its argument. As of version 0.9.7, that has been -reverted as the ENGINE API transparently overrides RAND defaults if used, -otherwise RAND API functions work as before. RAND_set_rand_engine() was also -introduced in version 0.9.7. - =cut diff --git a/doc/crypto/RSA_blinding_on.pod b/doc/crypto/RSA_blinding_on.pod index e512bbfe88..a323949587 100644 --- a/doc/crypto/RSA_blinding_on.pod +++ b/doc/crypto/RSA_blinding_on.pod @@ -36,8 +36,4 @@ RSA_blinding_off() returns no value. L, L -=head1 HISTORY - -RSA_blinding_on() and RSA_blinding_off() appeared in SSLeay 0.9.0. - =cut diff --git a/doc/crypto/RSA_check_key.pod b/doc/crypto/RSA_check_key.pod index ec020635f7..8fd7d1f176 100644 --- a/doc/crypto/RSA_check_key.pod +++ b/doc/crypto/RSA_check_key.pod @@ -71,7 +71,6 @@ L =head1 HISTORY -RSA_check_key() appeared in OpenSSL 0.9.4. RSA_check_key_ex() appeared after OpenSSL 1.0.2. =cut diff --git a/doc/crypto/RSA_generate_key.pod b/doc/crypto/RSA_generate_key.pod index 130acf97d5..7f6a157178 100644 --- a/doc/crypto/RSA_generate_key.pod +++ b/doc/crypto/RSA_generate_key.pod @@ -73,8 +73,4 @@ RSA_generate_key() goes into an infinite loop for illegal input values. L, L, L, L, L -=head1 HISTORY - -The B argument was added in SSLeay 0.9.0. - =cut diff --git a/doc/crypto/RSA_get_ex_new_index.pod b/doc/crypto/RSA_get_ex_new_index.pod index 9b52559543..a0f6750778 100644 --- a/doc/crypto/RSA_get_ex_new_index.pod +++ b/doc/crypto/RSA_get_ex_new_index.pod @@ -112,9 +112,4 @@ present in the parent RSA structure when it is called. L, L -=head1 HISTORY - -RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data() are -available since SSLeay 0.9.0. - =cut diff --git a/doc/crypto/RSA_new.pod b/doc/crypto/RSA_new.pod index 0ce325d5b8..4910557f31 100644 --- a/doc/crypto/RSA_new.pod +++ b/doc/crypto/RSA_new.pod @@ -35,8 +35,4 @@ L, L, L, L -=head1 HISTORY - -RSA_new() and RSA_free() are available in all versions of SSLeay and OpenSSL. - =cut diff --git a/doc/crypto/RSA_padding_add_PKCS1_type_1.pod b/doc/crypto/RSA_padding_add_PKCS1_type_1.pod index 9389254c5d..fe81e5fb41 100644 --- a/doc/crypto/RSA_padding_add_PKCS1_type_1.pod +++ b/doc/crypto/RSA_padding_add_PKCS1_type_1.pod @@ -110,15 +110,4 @@ L, L, L, L -=head1 HISTORY - -RSA_padding_add_PKCS1_type_1(), RSA_padding_check_PKCS1_type_1(), -RSA_padding_add_PKCS1_type_2(), RSA_padding_check_PKCS1_type_2(), -RSA_padding_add_SSLv23(), RSA_padding_check_SSLv23(), -RSA_padding_add_none() and RSA_padding_check_none() appeared in -SSLeay 0.9.0. - -RSA_padding_add_PKCS1_OAEP() and RSA_padding_check_PKCS1_OAEP() were -added in OpenSSL 0.9.2b. - =cut diff --git a/doc/crypto/RSA_print.pod b/doc/crypto/RSA_print.pod index 7690f31ac0..df09726eb4 100644 --- a/doc/crypto/RSA_print.pod +++ b/doc/crypto/RSA_print.pod @@ -40,10 +40,4 @@ These functions return 1 on success, 0 on error. L, L, L, L -=head1 HISTORY - -RSA_print(), RSA_print_fp(), DSA_print(), DSA_print_fp(), DH_print(), -DH_print_fp() are available in all versions of SSLeay and OpenSSL. -DSAparams_print() and DSAparams_print_fp() were added in SSLeay 0.8. - =cut diff --git a/doc/crypto/RSA_private_encrypt.pod b/doc/crypto/RSA_private_encrypt.pod index 8e4425c10b..fa4830c97e 100644 --- a/doc/crypto/RSA_private_encrypt.pod +++ b/doc/crypto/RSA_private_encrypt.pod @@ -62,9 +62,4 @@ obtained by L. L, L, L, L -=head1 HISTORY - -The B argument was added in SSLeay 0.8. RSA_NO_PADDING is -available since SSLeay 0.9.0. - =cut diff --git a/doc/crypto/RSA_public_encrypt.pod b/doc/crypto/RSA_public_encrypt.pod index 35a0fb5b9f..57f1f18583 100644 --- a/doc/crypto/RSA_public_encrypt.pod +++ b/doc/crypto/RSA_public_encrypt.pod @@ -76,9 +76,4 @@ SSL, PKCS #1 v2.0 L, L, L, L -=head1 HISTORY - -The B argument was added in SSLeay 0.8. RSA_NO_PADDING is -available since SSLeay 0.9.0, OAEP was added in OpenSSL 0.9.2b. - =cut diff --git a/doc/crypto/RSA_set_method.pod b/doc/crypto/RSA_set_method.pod index 7ccb216935..5191844e72 100644 --- a/doc/crypto/RSA_set_method.pod +++ b/doc/crypto/RSA_set_method.pod @@ -159,16 +159,6 @@ RSA_new_method() returns NULL and sets an error code that can be obtained by L if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. -=head1 NOTES - -As of version 0.9.7, RSA_METHOD implementations are grouped together with -other algorithmic APIs (eg. DSA_METHOD, EVP_CIPHER, etc) into B -modules. If a default ENGINE is specified for RSA functionality using an -ENGINE API function, that will override any RSA defaults set using the RSA -API (ie. RSA_set_default_method()). For this reason, the ENGINE API is the -recommended way to control default implementations for use in RSA and other -cryptographic algorithms. - =head1 BUGS The behaviour of RSA_flags() is a mis-feature that is left as-is for now @@ -185,22 +175,4 @@ not currently exist). L, L -=head1 HISTORY - -RSA_new_method() and RSA_set_default_method() appeared in SSLeay 0.8. -RSA_get_default_method(), RSA_set_method() and RSA_get_method() as -well as the rsa_sign and rsa_verify components of RSA_METHOD were -added in OpenSSL 0.9.4. - -RSA_set_default_openssl_method() and RSA_get_default_openssl_method() -replaced RSA_set_default_method() and RSA_get_default_method() -respectively, and RSA_set_method() and RSA_new_method() were altered to use -Bs rather than Bs during development of the engine -version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the ENGINE -API was restructured so that this change was reversed, and behaviour of the -other functions resembled more closely the previous behaviour. The -behaviour of defaults in the ENGINE API now transparently overrides the -behaviour of defaults in the RSA API without requiring changing these -function prototypes. - =cut diff --git a/doc/crypto/RSA_sign.pod b/doc/crypto/RSA_sign.pod index a526eaf8b9..94fae37e7a 100644 --- a/doc/crypto/RSA_sign.pod +++ b/doc/crypto/RSA_sign.pod @@ -43,11 +43,6 @@ RSA_verify() returns 1 on successful verification. The error codes can be obtained by L. -=head1 BUGS - -Certain signatures with an improper algorithm identifier are accepted -for compatibility with SSLeay 0.4.5 :-) - =head1 CONFORMING TO SSL, PKCS #1 v2.0 @@ -58,9 +53,4 @@ L, L, L, L -=head1 HISTORY - -RSA_sign() and RSA_verify() are available in all versions of SSLeay -and OpenSSL. - =cut diff --git a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod b/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod index 7b9ecfc714..2ba2b477f3 100644 --- a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod +++ b/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod @@ -51,9 +51,4 @@ L, L, L, L, L -=head1 HISTORY - -RSA_sign_ASN1_OCTET_STRING() and RSA_verify_ASN1_OCTET_STRING() were -added in SSLeay 0.8. - =cut diff --git a/doc/crypto/RSA_size.pod b/doc/crypto/RSA_size.pod index dc57bd14e2..eff8cdc496 100644 --- a/doc/crypto/RSA_size.pod +++ b/doc/crypto/RSA_size.pod @@ -32,7 +32,6 @@ L, L =head1 HISTORY -RSA_size() is available in all versions of SSLeay and OpenSSL. RSA_bits() was added in OpenSSL 1.1.0. =cut diff --git a/doc/crypto/SMIME_read_CMS.pod b/doc/crypto/SMIME_read_CMS.pod index 15bec5927e..4b7c14d259 100644 --- a/doc/crypto/SMIME_read_CMS.pod +++ b/doc/crypto/SMIME_read_CMS.pod @@ -63,8 +63,4 @@ L, L, L, L L -=head1 HISTORY - -SMIME_read_CMS() was added to OpenSSL 0.9.8 - =cut diff --git a/doc/crypto/SMIME_read_PKCS7.pod b/doc/crypto/SMIME_read_PKCS7.pod index 40f950fc1e..e96038b132 100644 --- a/doc/crypto/SMIME_read_PKCS7.pod +++ b/doc/crypto/SMIME_read_PKCS7.pod @@ -66,8 +66,4 @@ L, L, L, L L -=head1 HISTORY - -SMIME_read_PKCS7() was added to OpenSSL 0.9.5 - =cut diff --git a/doc/crypto/SMIME_write_CMS.pod b/doc/crypto/SMIME_write_CMS.pod index 1cd1baa362..0895825ff3 100644 --- a/doc/crypto/SMIME_write_CMS.pod +++ b/doc/crypto/SMIME_write_CMS.pod @@ -57,8 +57,4 @@ L, L, L, L L -=head1 HISTORY - -SMIME_write_CMS() was added to OpenSSL 0.9.8 - =cut diff --git a/doc/crypto/SMIME_write_PKCS7.pod b/doc/crypto/SMIME_write_PKCS7.pod index 85bc4786f7..3ba3fe64ac 100644 --- a/doc/crypto/SMIME_write_PKCS7.pod +++ b/doc/crypto/SMIME_write_PKCS7.pod @@ -58,8 +58,4 @@ L, L, L, L L -=head1 HISTORY - -SMIME_write_PKCS7() was added to OpenSSL 0.9.5 - =cut diff --git a/doc/crypto/SSLeay_version.pod b/doc/crypto/SSLeay_version.pod index c54c3fea6b..4862cd4f33 100644 --- a/doc/crypto/SSLeay_version.pod +++ b/doc/crypto/SSLeay_version.pod @@ -67,8 +67,4 @@ Textual description. L -=head1 HISTORY - -B was added in OpenSSL 0.9.7. - =cut diff --git a/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod b/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod index 58368fd532..f708329b5b 100644 --- a/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod +++ b/doc/crypto/X509_STORE_CTX_get_ex_new_index.pod @@ -33,9 +33,4 @@ structure. L -=head1 HISTORY - -X509_STORE_CTX_get_ex_new_index(), X509_STORE_CTX_set_ex_data() and -X509_STORE_CTX_get_ex_data() are available since OpenSSL 0.9.5. - =cut diff --git a/doc/crypto/X509_STORE_CTX_set_verify_cb.pod b/doc/crypto/X509_STORE_CTX_set_verify_cb.pod index 8ff47f64c0..ba35a38474 100644 --- a/doc/crypto/X509_STORE_CTX_set_verify_cb.pod +++ b/doc/crypto/X509_STORE_CTX_set_verify_cb.pod @@ -153,9 +153,4 @@ L L L -=head1 HISTORY - -X509_STORE_CTX_set_verify_cb() is available in all versions of SSLeay and -OpenSSL. - =cut diff --git a/doc/crypto/X509_STORE_set_verify_cb_func.pod b/doc/crypto/X509_STORE_set_verify_cb_func.pod index b5bc1eab36..67092db538 100644 --- a/doc/crypto/X509_STORE_set_verify_cb_func.pod +++ b/doc/crypto/X509_STORE_set_verify_cb_func.pod @@ -46,9 +46,6 @@ L =head1 HISTORY -X509_STORE_set_verify_cb_func() is available in all versions of SSLeay and -OpenSSL. - X509_STORE_set_verify_cb() was added to OpenSSL 1.0.0. =cut diff --git a/doc/crypto/X509_get_subject_name.pod b/doc/crypto/X509_get_subject_name.pod index 12b3dfece9..dcbf969ce0 100644 --- a/doc/crypto/X509_get_subject_name.pod +++ b/doc/crypto/X509_get_subject_name.pod @@ -50,10 +50,6 @@ and X509_CRL_set_issuer_name() return 1 for success and 0 for failure. =head1 HISTORY -X509_get_subject_name(), X509_set_subject_name() and X509_get_issuer_name(), -X509_set_issuer_name(), X509_REQ_set_subject_name() and -X509_CRL_set_issuer_name() are avaiable in all versions of OpenSSL. - X509_REQ_get_subject_name() is a function in OpenSSL 1.1.0 and a macro in earlier versions. diff --git a/doc/crypto/X509_get_version.pod b/doc/crypto/X509_get_version.pod index 49b99bf9d4..b02f12bd78 100644 --- a/doc/crypto/X509_get_version.pod +++ b/doc/crypto/X509_get_version.pod @@ -68,10 +68,6 @@ L =head1 HISTORY -X509_get_version(), X509_set_version() X509_REQ_get_version(), -X509_REQ_set_version(), X509_REQ_get_version() and X509_REQ_set_version() -are available in all versions of OpenSSL. - X509_get_version(), X509_REQ_get_version() and X509_CRL_get_version() are functions in OpenSSL 1.1.0, in previous versions they were macros. diff --git a/doc/crypto/X509_new.pod b/doc/crypto/X509_new.pod index 2b20af5d95..8e2ac988c0 100644 --- a/doc/crypto/X509_new.pod +++ b/doc/crypto/X509_new.pod @@ -48,8 +48,4 @@ L, L, L -=head1 HISTORY - -X509_new() and X509_free() are available in all versions of SSLeay and OpenSSL. - =cut diff --git a/doc/crypto/X509_verify_cert.pod b/doc/crypto/X509_verify_cert.pod index 1780bfef19..1d0f1e23c8 100644 --- a/doc/crypto/X509_verify_cert.pod +++ b/doc/crypto/X509_verify_cert.pod @@ -47,8 +47,4 @@ functiosn which use B. L -=head1 HISTORY - -X509_verify_cert() is available in all versions of SSLeay and OpenSSL. - =cut diff --git a/doc/crypto/buffer.pod b/doc/crypto/buffer.pod index d43518a49a..135163500f 100644 --- a/doc/crypto/buffer.pod +++ b/doc/crypto/buffer.pod @@ -79,10 +79,6 @@ L. =head1 HISTORY -BUF_MEM_new(), BUF_MEM_free() and BUF_MEM_grow() are available in all -versions of SSLeay and OpenSSL. BUF_strdup() was added in SSLeay 0.8. - -BUF_MEM_new_ex() was contributed to OpenSSL by Akamai Technologies -in May, 2014. +BUF_MEM_new_ex() was added in OpenSSL 1.1.0. =cut diff --git a/doc/crypto/d2i_CMS_ContentInfo.pod b/doc/crypto/d2i_CMS_ContentInfo.pod index 463f617332..e3142cbc13 100644 --- a/doc/crypto/d2i_CMS_ContentInfo.pod +++ b/doc/crypto/d2i_CMS_ContentInfo.pod @@ -22,8 +22,4 @@ described in the L manual page. L -=head1 HISTORY - -These functions were first added to OpenSSL 0.9.8 - =cut diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod index af29829f58..435ca1fa6b 100644 --- a/doc/crypto/d2i_X509.pod +++ b/doc/crypto/d2i_X509.pod @@ -43,7 +43,7 @@ at B<*out>, and increments it to point after the data just written. If the return value is negative an error occurred, otherwise it returns the length of the encoded data. -For OpenSSL 0.9.7 and later if B<*out> is B memory will be +If B<*out> is B memory will be allocated for a buffer and the encoded data written to it. In this case B<*out> is not incremented and it points to the start of the data just written. @@ -97,46 +97,22 @@ another will processed after it. Allocate and encode the DER encoding of an X509 structure: - int len; - unsigned char *buf, *p; - - len = i2d_X509(x, NULL); - - buf = OPENSSL_malloc(len); - - if (buf == NULL) - /* error */ - - p = buf; - - i2d_X509(x, &p); - -If you are using OpenSSL 0.9.7 or later then this can be -simplified to: - - int len; unsigned char *buf; buf = NULL; - len = i2d_X509(x, &buf); - if (len < 0) /* error */ Attempt to decode a buffer: X509 *x; - unsigned char *buf, *p; - int len; /* Something to setup buf and len */ - p = buf; - x = d2i_X509(NULL, &p, len); if (x == NULL) @@ -145,18 +121,14 @@ Attempt to decode a buffer: Alternative technique: X509 *x; - unsigned char *buf, *p; - int len; /* Something to setup buf and len */ - p = buf; - x = NULL; - if(!d2i_X509(&x, &p, len)) + if (!d2i_X509(&x, &p, len)) /* Some error */ @@ -169,16 +141,12 @@ mistake is to attempt to use a buffer directly as follows: unsigned char *buf; len = i2d_X509(x, NULL); - buf = OPENSSL_malloc(len); - if (buf == NULL) /* error */ i2d_X509(x, &buf); - /* Other stuff ... */ - OPENSSL_free(buf); This code will result in B apparently containing garbage because @@ -186,10 +154,6 @@ it was incremented after the call to point after the data just written. Also B will no longer contain the pointer allocated by B and the subsequent call to B may well crash. -The auto allocation feature (setting buf to NULL) only works on OpenSSL -0.9.7 and later. Attempts to use it on earlier versions will typically -cause a segmentation violation. - Another trap to avoid is misuse of the B argument to B: X509 *x; @@ -267,9 +231,4 @@ L, L, L -=head1 HISTORY - -d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio and i2d_X509_fp -are available in all versions of SSLeay and OpenSSL. - =cut diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod index a6938aa79a..19b6662f0f 100644 --- a/doc/crypto/des.pod +++ b/doc/crypto/des.pod @@ -312,11 +312,6 @@ functions directly. Single-key DES is insecure due to its short key size. ECB mode is not suitable for most applications; see L. -=head1 AUTHOR - -Eric Young (eay@cryptsoft.com). Modified for the OpenSSL project -(http://www.openssl.org). - =head1 SEE ALSO L, diff --git a/doc/crypto/ecdsa.pod b/doc/crypto/ecdsa.pod index f49d2cedaf..1af4feb4db 100644 --- a/doc/crypto/ecdsa.pod +++ b/doc/crypto/ecdsa.pod @@ -195,12 +195,4 @@ ANSI X9.62, US Federal Information Processing Standard FIPS 186-2 L, L -=head1 HISTORY - -The ecdsa implementation was first introduced in OpenSSL 0.9.8 - -=head1 AUTHOR - -Nils Larsch for the OpenSSL project (http://www.openssl.org). - =cut diff --git a/doc/crypto/engine.pod b/doc/crypto/engine.pod index 9424a7cf71..4d11b4ab9f 100644 --- a/doc/crypto/engine.pod +++ b/doc/crypto/engine.pod @@ -576,16 +576,6 @@ might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" - and ENGINE could therefore decide whether or not to support this "foo"-specific extension). -=head2 Future developments - -The ENGINE API and internal architecture is currently being reviewed. Slated for -possible release in 0.9.8 is support for transparent loading of "dynamic" -ENGINEs (built as self-contained shared-libraries). This would allow ENGINE -implementations to be provided independently of OpenSSL libraries and/or -OpenSSL-based applications, and would also remove any requirement for -applications to explicitly use the "dynamic" ENGINE to bind to shared-library -implementations. - =head1 SEE ALSO L, L, L, L diff --git a/doc/crypto/hmac.pod b/doc/crypto/hmac.pod index 88f5abcdb4..753617a4f1 100644 --- a/doc/crypto/hmac.pod +++ b/doc/crypto/hmac.pod @@ -89,12 +89,6 @@ L, L =head1 HISTORY -HMAC(), HMAC_Init(), HMAC_Update(), HMAC_Final() and HMAC_cleanup() -are available since SSLeay 0.9.0. - -HMAC_CTX_init(), HMAC_Init_ex() and HMAC_CTX_cleanup() are available -since OpenSSL 0.9.7. - HMAC_Init_ex(), HMAC_Update() and HMAC_Final() did not return values in versions of OpenSSL before 1.0.0. diff --git a/doc/crypto/lh_stats.pod b/doc/crypto/lh_stats.pod index 2a78c145bb..fa7bd9db86 100644 --- a/doc/crypto/lh_stats.pod +++ b/doc/crypto/lh_stats.pod @@ -51,10 +51,4 @@ These functions do not return values. L, L -=head1 HISTORY - -These functions are available in all versions of SSLeay and OpenSSL. - -This manpage is derived from the SSLeay documentation. - =cut diff --git a/doc/crypto/lhash.pod b/doc/crypto/lhash.pod index 25410fa1b5..7d39a67bc0 100644 --- a/doc/crypto/lhash.pod +++ b/doc/crypto/lhash.pod @@ -234,69 +234,13 @@ without any "const" qualifiers. lh__insert() returns B both for success and error. -=head1 INTERNALS - -The following description is based on the SSLeay documentation: - -The B library implements a hash table described in the -I in 1991. What makes this hash table -different is that as the table fills, the hash table is increased (or -decreased) in size via OPENSSL_realloc(). When a 'resize' is done, instead of -all hashes being redistributed over twice as many 'buckets', one -bucket is split. So when an 'expand' is done, there is only a minimal -cost to redistribute some values. Subsequent inserts will cause more -single 'bucket' redistributions but there will never be a sudden large -cost due to redistributing all the 'buckets'. - -The state for a particular hash table is kept in the B structure. -The decision to increase or decrease the hash table size is made -depending on the 'load' of the hash table. The load is the number of -items in the hash table divided by the size of the hash table. The -default values are as follows. If (hash->up_load E load) =E -expand. if (hash-Edown_load E load) =E contract. The -B has a default value of 1 and B has a default value -of 2. These numbers can be modified by the application by just -playing with the B and B variables. The 'load' is -kept in a form which is multiplied by 256. So -hash-Eup_load=8*256; will cause a load of 8 to be set. - -If you are interested in performance the field to watch is -num_comp_calls. The hash library keeps track of the 'hash' value for -each item so when a lookup is done, the 'hashes' are compared, if -there is a match, then a full compare is done, and -hash-Enum_comp_calls is incremented. If num_comp_calls is not equal -to num_delete plus num_retrieve it means that your hash function is -generating hashes that are the same for different values. It is -probably worth changing your hash function if this is the case because -even if your hash table has 10 items in a 'bucket', it can be searched -with 10 B compares and 10 linked list traverses. This -will be much less expensive that 10 calls to your compare function. - -lh_strhash() is a demo string hashing function: - - unsigned long lh_strhash(const char *c); - -Since the B routines would normally be passed structures, this -routine would not normally be passed to lh__new(), rather it would be -used in the function passed to lh__new(). - =head1 SEE ALSO L =head1 HISTORY -The B library is available in all versions of SSLeay and OpenSSL. -lh_error() was added in SSLeay 0.9.1b. - -This manpage is derived from the SSLeay documentation. - -In OpenSSL 0.9.7, all lhash functions that were passed function pointers -were changed for better type safety, and the function types LHASH_COMP_FN_TYPE, -LHASH_HASH_FN_TYPE, LHASH_DOALL_FN_TYPE and LHASH_DOALL_ARG_FN_TYPE -became available. - -In OpenSSL 1.0.0, the lhash interface was revamped for even better +In OpenSSL 1.0.0, the lhash interface was revamped for better type checking. =cut diff --git a/doc/crypto/rand.pod b/doc/crypto/rand.pod index 25172d954d..27a6787dbe 100644 --- a/doc/crypto/rand.pod +++ b/doc/crypto/rand.pod @@ -25,7 +25,7 @@ rand - pseudo-random number generator void RAND_set_rand_method(const RAND_METHOD *meth); const RAND_METHOD *RAND_get_rand_method(void); - RAND_METHOD *RAND_SSLeay(void); + RAND_METHOD *RAND_OpenSSL(void); void RAND_cleanup(void); @@ -62,108 +62,6 @@ seeding process whenever the application is started. L describes how to obtain random data from the PRNG. -=head1 INTERNALS - -The RAND_SSLeay() method implements a PRNG based on a cryptographic -hash function. - -The following description of its design is based on the SSLeay -documentation: - -First up I will state the things I believe I need for a good RNG. - -=over 4 - -=item 1 - -A good hashing algorithm to mix things up and to convert the RNG 'state' -to random numbers. - -=item 2 - -An initial source of random 'state'. - -=item 3 - -The state should be very large. If the RNG is being used to generate -4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum). -If your RNG state only has 128 bits, you are obviously limiting the -search space to 128 bits, not 2048. I'm probably getting a little -carried away on this last point but it does indicate that it may not be -a bad idea to keep quite a lot of RNG state. It should be easier to -break a cipher than guess the RNG seed data. - -=item 4 - -Any RNG seed data should influence all subsequent random numbers -generated. This implies that any random seed data entered will have -an influence on all subsequent random numbers generated. - -=item 5 - -When using data to seed the RNG state, the data used should not be -extractable from the RNG state. I believe this should be a -requirement because one possible source of 'secret' semi random -data would be a private key or a password. This data must -not be disclosed by either subsequent random numbers or a -'core' dump left by a program crash. - -=item 6 - -Given the same initial 'state', 2 systems should deviate in their RNG state -(and hence the random numbers generated) over time if at all possible. - -=item 7 - -Given the random number output stream, it should not be possible to determine -the RNG state or the next random number. - -=back - -The algorithm is as follows. - -There is global state made up of a 1023 byte buffer (the 'state'), a -working hash value ('md'), and a counter ('count'). - -Whenever seed data is added, it is inserted into the 'state' as -follows. - -The input is chopped up into units of 20 bytes (or less for -the last block). Each of these blocks is run through the hash -function as follows: The data passed to the hash function -is the current 'md', the same number of bytes from the 'state' -(the location determined by in incremented looping index) as -the current 'block', the new key data 'block', and 'count' -(which is incremented after each use). -The result of this is kept in 'md' and also xored into the -'state' at the same locations that were used as input into the -hash function. I -believe this system addresses points 1 (hash function; currently -SHA-1), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash -function and xor). - -When bytes are extracted from the RNG, the following process is used. -For each group of 10 bytes (or less), we do the following: - -Input into the hash function the local 'md' (which is initialized from -the global 'md' before any bytes are generated), the bytes that are to -be overwritten by the random bytes, and bytes from the 'state' -(incrementing looping index). From this digest output (which is kept -in 'md'), the top (up to) 10 bytes are returned to the caller and the -bottom 10 bytes are xored into the 'state'. - -Finally, after we have finished 'num' random bytes for the caller, -'count' (which is incremented) and the local and global 'md' are fed -into the hash function and the results are kept in the global 'md'. - -I believe the above addressed points 1 (use of SHA-1), 6 (by hashing -into the 'state' the 'old' data from the caller that is about to be -overwritten) and 7 (by not using the 10 bytes given to the caller to -update the 'state', but they are used to update 'md'). - -So of the points raised, only 2 is not addressed (but see -L). - =head1 SEE ALSO L, L, diff --git a/doc/crypto/rc4.pod b/doc/crypto/rc4.pod index cbbf5ded2b..af2a6092ed 100644 --- a/doc/crypto/rc4.pod +++ b/doc/crypto/rc4.pod @@ -50,10 +50,6 @@ functions directly. It is difficult to securely use stream ciphers. For example, do not perform multiple encryptions using the same key stream. -=head1 HISTORY - -RC4_set_key() and RC4() are available in all versions of SSLeay and OpenSSL. - =head1 SEE ALSO L diff --git a/doc/crypto/rsa.pod b/doc/crypto/rsa.pod index a1cec7f09b..ac32415e32 100644 --- a/doc/crypto/rsa.pod +++ b/doc/crypto/rsa.pod @@ -38,7 +38,7 @@ rsa - RSA public key cryptosystem const RSA_METHOD *RSA_get_default_method(void); int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); const RSA_METHOD *RSA_get_method(const RSA *rsa); - RSA_METHOD *RSA_PKCS1_SSLeay(void); + RSA_METHOD *RSA_PKCS1_OpenSSL(void); RSA_METHOD *RSA_null_method(void); int RSA_flags(const RSA *rsa); RSA *RSA_new_method(ENGINE *engine); diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod index fd43a2c15a..d98b200489 100644 --- a/doc/crypto/threads.pod +++ b/doc/crypto/threads.pod @@ -194,10 +194,6 @@ Solaris, Irix and Win32. =head1 HISTORY -CRYPTO_set_locking_callback() is -available in all versions of SSLeay and OpenSSL. -CRYPTO_num_locks() was added in OpenSSL 0.9.4. -All functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev. B and associated functions were introduced in OpenSSL 1.0.0 to replace (actually, deprecate) the previous CRYPTO_set_id_callback(), CRYPTO_get_id_callback(), and CRYPTO_thread_id() functions which assumed diff --git a/doc/crypto/ui.pod b/doc/crypto/ui.pod index bb4a8a5f3b..f03e989561 100644 --- a/doc/crypto/ui.pod +++ b/doc/crypto/ui.pod @@ -183,13 +183,4 @@ UI_set_method() changes the UI method associated with a given UI. L, L -=head1 HISTORY - -The UI section was first introduced in OpenSSL 0.9.7. - -=head1 AUTHOR - -Richard Levitte (richard@levitte.org) for the OpenSSL project -(http://www.openssl.org). - =cut diff --git a/doc/ssl/DTLSv1_listen.pod b/doc/ssl/DTLSv1_listen.pod index d5f5a525ca..19779163fe 100644 --- a/doc/ssl/DTLSv1_listen.pod +++ b/doc/ssl/DTLSv1_listen.pod @@ -89,7 +89,6 @@ L, L =head1 HISTORY -DTLSv1_listen() was added in OpenSSL 0.9.8. Its return codes were clarified in -OpenSSL 1.1.0. +DTLSv1_listen() return codes were clarified in OpenSSL 1.1.0. =cut diff --git a/doc/ssl/SSL_CTX_set_cert_verify_callback.pod b/doc/ssl/SSL_CTX_set_cert_verify_callback.pod index 8b802ab3ac..6f6fe56e3a 100644 --- a/doc/ssl/SSL_CTX_set_cert_verify_callback.pod +++ b/doc/ssl/SSL_CTX_set_cert_verify_callback.pod @@ -64,12 +64,4 @@ L, L, L, L -=head1 HISTORY - -Previous to OpenSSL 0.9.7, the I argument to B -was ignored, and I was called simply as - int (*callback)(X509_STORE_CTX *) -To compile software written for previous versions of OpenSSL, a dummy -argument will have to be added to I. - =cut diff --git a/doc/ssl/SSL_CTX_set_generate_session_id.pod b/doc/ssl/SSL_CTX_set_generate_session_id.pod index f66e3149c5..e8459c9e01 100644 --- a/doc/ssl/SSL_CTX_set_generate_session_id.pod +++ b/doc/ssl/SSL_CTX_set_generate_session_id.pod @@ -123,10 +123,4 @@ same id is already in the cache. L, L -=head1 HISTORY - -SSL_CTX_set_generate_session_id(), SSL_set_generate_session_id() -and SSL_has_matching_session_id() have been introduced in -OpenSSL 0.9.7. - =cut diff --git a/doc/ssl/SSL_CTX_set_max_cert_list.pod b/doc/ssl/SSL_CTX_set_max_cert_list.pod index 1f66b82f90..080400c583 100644 --- a/doc/ssl/SSL_CTX_set_max_cert_list.pod +++ b/doc/ssl/SSL_CTX_set_max_cert_list.pod @@ -70,8 +70,4 @@ set value. L, L, L -=head1 HISTORY - -SSL*_set/get_max_cert_list() have been introduced in OpenSSL 0.9.7. - =cut diff --git a/doc/ssl/SSL_CTX_set_mode.pod b/doc/ssl/SSL_CTX_set_mode.pod index 92706e5ef4..56f732faad 100644 --- a/doc/ssl/SSL_CTX_set_mode.pod +++ b/doc/ssl/SSL_CTX_set_mode.pod @@ -92,8 +92,4 @@ SSL_CTX_get_mode() and SSL_get_mode() return the current bitmask. L, L, L -=head1 HISTORY - -SSL_MODE_AUTO_RETRY as been added in OpenSSL 0.9.6. - =cut diff --git a/doc/ssl/SSL_CTX_set_msg_callback.pod b/doc/ssl/SSL_CTX_set_msg_callback.pod index 07498e3b8a..bcc2a4d21f 100644 --- a/doc/ssl/SSL_CTX_set_msg_callback.pod +++ b/doc/ssl/SSL_CTX_set_msg_callback.pod @@ -91,9 +91,4 @@ I will be B. L, L -=head1 HISTORY - -SSL_CTX_set_msg_callback(), SSL_CTX_set_msg_callback_arg(), -SSL_set_msg_callback() and SSL_get_msg_callback_arg() were added in OpenSSL 0.9.7. - =cut diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 519d01f5e0..3a75cdab59 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -61,18 +61,6 @@ The following B options are available: =over 4 -=item SSL_OP_MICROSOFT_SESS_ID_BUG - -As of OpenSSL 1.0.0 this option has no effect. - -=item SSL_OP_NETSCAPE_CHALLENGE_BUG - -As of OpenSSL 1.0.0 this option has no effect. - -=item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - -As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect. - =item SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG ... @@ -208,7 +196,7 @@ B section for more details. =head1 SECURE RENEGOTIATION -OpenSSL 0.9.8m and later always attempts to use secure renegotiation as +OpenSSL always attempts to use secure renegotiation as described in RFC5746. This counters the prefix attack described in CVE-2009-3555 and elsewhere. @@ -240,14 +228,6 @@ unaware of the unpatched nature of the client. If the option B is set then renegotiation B succeeds. -B a bug in OpenSSL clients earlier than 0.9.8m (all of which are -unpatched) will result in the connection hanging if it receives a -B alert. OpenSSL versions 0.9.8m and later will regard -a B alert as fatal and respond with a fatal -B alert. This is because the OpenSSL API currently has -no provision to indicate to an application that a renegotiation attempt -was refused. - =head2 Patched OpenSSL client and unpatched server. If the option B or @@ -303,24 +283,7 @@ L =head1 HISTORY -B and -B have been added in -OpenSSL 0.9.7. - -B has been added in OpenSSL 0.9.6 and was automatically -enabled with B. As of 0.9.7, it is no longer included in B -and must be explicitly set. - -B has been added in OpenSSL 0.9.6e. -Versions up to OpenSSL 0.9.6c do not include the countermeasure that -can be disabled with this option (in OpenSSL 0.9.6d, it was always -enabled). - -SSL_CTX_clear_options() and SSL_clear_options() were first added in OpenSSL -0.9.8m. - -B, B -and the function SSL_get_secure_renegotiation_support() were first added in -OpenSSL 0.9.8m. +The attempt to always try to use secure renegotiation was added in +Openssl 0.9.8m. =cut diff --git a/doc/ssl/SSL_CTX_set_session_cache_mode.pod b/doc/ssl/SSL_CTX_set_session_cache_mode.pod index 0e0ea3c519..4be9e243bd 100644 --- a/doc/ssl/SSL_CTX_set_session_cache_mode.pod +++ b/doc/ssl/SSL_CTX_set_session_cache_mode.pod @@ -129,9 +129,4 @@ L, L, L -=head1 HISTORY - -SSL_SESS_CACHE_NO_INTERNAL_STORE and SSL_SESS_CACHE_NO_INTERNAL -were introduced in OpenSSL 0.9.6h. - =cut diff --git a/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod index 1169e9b2e2..e8b973f238 100644 --- a/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod +++ b/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod @@ -185,8 +185,4 @@ L, L, L, -=head1 HISTORY - -This function was introduced in OpenSSL 0.9.8h - =cut diff --git a/doc/ssl/SSL_CTX_use_certificate.pod b/doc/ssl/SSL_CTX_use_certificate.pod index 76c4883ad0..2bb0ea60b5 100644 --- a/doc/ssl/SSL_CTX_use_certificate.pod +++ b/doc/ssl/SSL_CTX_use_certificate.pod @@ -157,10 +157,4 @@ L, L, L -=head1 HISTORY - -Support for DER encoded private keys (SSL_FILETYPE_ASN1) in -SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file() was added -in 0.9.8 . - =cut diff --git a/doc/ssl/SSL_get_error.pod b/doc/ssl/SSL_get_error.pod index 015f2c7c40..d52c27d8fe 100644 --- a/doc/ssl/SSL_get_error.pod +++ b/doc/ssl/SSL_get_error.pod @@ -107,8 +107,4 @@ OpenSSL error queue contains more information on the error. L, L -=head1 HISTORY - -SSL_get_error() was added in SSLeay 0.8. - =cut diff --git a/doc/ssl/SSL_library_init.pod b/doc/ssl/SSL_library_init.pod index 1c99e76e61..ab9d05d3db 100644 --- a/doc/ssl/SSL_library_init.pod +++ b/doc/ssl/SSL_library_init.pod @@ -43,12 +43,6 @@ and provide readable error messages. SSL_library_init() always returns "1", so it is safe to discard the return value. -=head1 NOTES - -OpenSSL 0.9.8o and 1.0.0a and later added SHA2 algorithms to SSL_library_init(). -Applications which need to use SHA2 in earlier versions of OpenSSL should call -OpenSSL_add_all_algorithms() as well. - =head1 SEE ALSO L, L, diff --git a/doc/ssl/SSL_pending.pod b/doc/ssl/SSL_pending.pod index a263241ab6..c6a79dc53f 100644 --- a/doc/ssl/SSL_pending.pod +++ b/doc/ssl/SSL_pending.pod @@ -34,9 +34,6 @@ L), additional protocol bytes may have been read containing more TLS/SSL records; these are ignored by SSL_pending(). -Up to OpenSSL 0.9.6, SSL_pending() does not check if the record type -of pending data is application data. - =head1 SEE ALSO L, diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 3466ee493d..37046c1cce 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -759,8 +759,6 @@ L =head1 HISTORY -The L document appeared in OpenSSL 0.9.2 - B, B and B where removed in OpenSSL 1.1.0. -- 2.25.1