Various doc fixes from GH pull requests

Thanks, folks!
        348 Benjamin Kaduk
        317 Christian Brueffer
        254 Erik Tews
        253 Erik Tews
        219 Carl Mehner
        155 (ghost)
        95 mancha
        51 DominikNeubauer

(Manually picked from 59c554b36e39256ac2cfc34dca052453e10c6d9c)
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

diff --git a/CHANGES b/CHANGES
index 27cf65ead8d841e73c1ea7329fe90d6ef4418224..2760606a5632717d74764e6a26828ce8353d47df 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -914,7 +914,7 @@
      [mancha <mancha1@zoho.com>]
 
   *) Fix eckey_priv_encode so it immediately returns an error upon a failure
      [mancha <mancha1@zoho.com>]
 
   *) Fix eckey_priv_encode so it immediately returns an error upon a failure

-     in i2d_ECPrivateKey.
+     in i2d_ECPrivateKey.  Thanks to Ted Unangst for feedback on this issue.

      [mancha <mancha1@zoho.com>]
 
   *) Fix some double frees. These are not thought to be exploitable.
      [mancha <mancha1@zoho.com>]
 
   *) Fix some double frees. These are not thought to be exploitable.

diff --git a/README b/README
index b6ffe9b1a6de03068182cf694409acf5dc14d5e4..2bdbfeac00524b0287f6bf24419aa6d0c992c4c1 100644 (file)
--- a/README
+++ b/README
@@ -1,7 +1,7 @@
 
  OpenSSL 1.0.2e-dev
 
 
  OpenSSL 1.0.2e-dev
 

- Copyright (c) 1998-2011 The OpenSSL Project
+ Copyright (c) 1998-2015 The OpenSSL Project

  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
  All rights reserved.
 
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
  All rights reserved.
 

diff --git a/doc/HOWTO/keys.txt b/doc/HOWTO/keys.txt
index 7ae2a3a11833a3750bc505d1ab9cfb626447055d..ba0314fafce046cf288c06e30ed0444309130645 100644 (file)
--- a/doc/HOWTO/keys.txt
+++ b/doc/HOWTO/keys.txt
@@ -40,9 +40,8 @@ consider insecure or to be insecure pretty soon.
 
 3. To generate a DSA key
 
 
 3. To generate a DSA key
 

-A DSA key can be used for signing only.  This is important to keep
-in mind to know what kind of purposes a certificate request with a
-DSA key can really be used for.
+A DSA key can be used for signing only.  It is important to
+know what a certificate request with a DSA key can really be used for.

 
 Generating a key for the DSA algorithm is a two-step process.  First,
 you have to generate parameters from which to generate the key:
 
 Generating a key for the DSA algorithm is a two-step process.  First,
 you have to generate parameters from which to generate the key:

diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod
index 8e0d91798ac437258ba14b378f745f6b44f8c678..744984838dc7c2de815ae9ed0994fae914b0af71 100644 (file)
--- a/doc/apps/pkcs12.pod
+++ b/doc/apps/pkcs12.pod
@@ -216,7 +216,7 @@ key is encrypted using triple DES and the certificate using 40 bit RC2.
 
 these options allow the algorithm used to encrypt the private key and
 certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name
 
 these options allow the algorithm used to encrypt the private key and
 certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name

-can be used (see B<NOTES> section for more information). If a a cipher name
+can be used (see B<NOTES> section for more information). If a cipher name

 (as output by the B<list-cipher-algorithms> command is specified then it
 is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only
 use PKCS#12 algorithms.
 (as output by the B<list-cipher-algorithms> command is specified then it
 is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only
 use PKCS#12 algorithms.

diff --git a/doc/apps/req.pod b/doc/apps/req.pod
index df68cb0921fda3fa5847d17580acca4581739f47..cb06b53066968dc962f1de2fc46cfc82afe28958 100644 (file)
--- a/doc/apps/req.pod
+++ b/doc/apps/req.pod
@@ -30,7 +30,6 @@ B<openssl> B<req>
 [B<-keygen_engine id>]
 [B<-[digest]>]
 [B<-config filename>]
 [B<-keygen_engine id>]
 [B<-[digest]>]
 [B<-config filename>]

-[B<-subj arg>]

 [B<-multivalue-rdn>]
 [B<-x509>]
 [B<-days n>]
 [B<-multivalue-rdn>]
 [B<-x509>]
 [B<-days n>]


@@ -506,16 +505,16 @@ Examine and verify certificate request:
 
 Create a private key and then generate a certificate request from it:
 
 
 Create a private key and then generate a certificate request from it:
 

- openssl genrsa -out key.pem 1024
+ openssl genrsa -out key.pem 2048

  openssl req -new -key key.pem -out req.pem
 
 The same but just using req:
 
  openssl req -new -key key.pem -out req.pem
 
 The same but just using req:
 

- openssl req -newkey rsa:1024 -keyout key.pem -out req.pem
+ openssl req -newkey rsa:2048 -keyout key.pem -out req.pem

 
 Generate a self signed root certificate:
 
 
 Generate a self signed root certificate:
 

- openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem
+ openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem

 
 Example of a file pointed to by the B<oid_file> option:
 
 
 Example of a file pointed to by the B<oid_file> option:
 


@@ -531,7 +530,7 @@ expansion:
 Sample configuration file prompting for field values:
 
  [ req ]
 Sample configuration file prompting for field values:
 
  [ req ]

- default_bits          = 1024
+ default_bits          = 2048

  default_keyfile       = privkey.pem
  distinguished_name    = req_distinguished_name
  attributes            = req_attributes
  default_keyfile       = privkey.pem
  distinguished_name    = req_distinguished_name
  attributes            = req_attributes


@@ -572,7 +571,7 @@ Sample configuration containing all field values:
  RANDFILE              = $ENV::HOME/.rnd
 
  [ req ]
  RANDFILE              = $ENV::HOME/.rnd
 
  [ req ]

- default_bits          = 1024
+ default_bits          = 2048

  default_keyfile       = keyfile.pem
  distinguished_name    = req_distinguished_name
  attributes            = req_attributes
  default_keyfile       = keyfile.pem
  distinguished_name    = req_distinguished_name
  attributes            = req_attributes

diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod
index fb6036f959ba0ce01ad27c2045a9f01368a5a810..c69e6a6d700e4edfcb66ff8cb58f2ffd33c61069 100644 (file)
--- a/doc/crypto/EVP_EncryptInit.pod
+++ b/doc/crypto/EVP_EncryptInit.pod
@@ -111,7 +111,7 @@ EVP_CIPHER_CTX_init() initializes cipher contex B<ctx>.
 EVP_EncryptInit_ex() sets up cipher context B<ctx> for encryption
 with cipher B<type> from ENGINE B<impl>. B<ctx> must be initialized
 before calling this function. B<type> is normally supplied
 EVP_EncryptInit_ex() sets up cipher context B<ctx> for encryption
 with cipher B<type> from ENGINE B<impl>. B<ctx> must be initialized
 before calling this function. B<type> is normally supplied

-by a function such as EVP_des_cbc(). If B<impl> is NULL then the
+by a function such as EVP_aes_256_cbc(). If B<impl> is NULL then the

 default implementation is used. B<key> is the symmetric key to use
 and B<iv> is the IV to use (if necessary), the actual number of bytes
 used for the key and IV depends on the cipher. It is possible to set
 default implementation is used. B<key> is the symmetric key to use
 and B<iv> is the IV to use (if necessary), the actual number of bytes
 used for the key and IV depends on the cipher. It is possible to set

diff --git a/doc/crypto/EVP_SealInit.pod b/doc/crypto/EVP_SealInit.pod
index 7d793e19ef7a1350ffe323fc82e1b4e32301b844..19112a542d8925106b78246fca7200ca6ec85499 100644 (file)
--- a/doc/crypto/EVP_SealInit.pod
+++ b/doc/crypto/EVP_SealInit.pod
@@ -25,7 +25,7 @@ encrypted using this key.
 
 EVP_SealInit() initializes a cipher context B<ctx> for encryption
 with cipher B<type> using a random secret key and IV. B<type> is normally
 
 EVP_SealInit() initializes a cipher context B<ctx> for encryption
 with cipher B<type> using a random secret key and IV. B<type> is normally

-supplied by a function such as EVP_des_cbc(). The secret key is encrypted
+supplied by a function such as EVP_aes_256_cbc(). The secret key is encrypted

 using one or more public keys, this allows the same encrypted data to be
 decrypted using any of the corresponding private keys. B<ek> is an array of
 buffers where the public key encrypted secret key will be written, each buffer
 using one or more public keys, this allows the same encrypted data to be
 decrypted using any of the corresponding private keys. B<ek> is an array of
 buffers where the public key encrypted secret key will be written, each buffer

diff --git a/doc/crypto/engine.pod b/doc/crypto/engine.pod
index f5ab1c3e50fd73476ec00ab7ede508d24aaaf94e..48741ee3062979e1b0387caefeaed7d618d45a8c 100644 (file)
--- a/doc/crypto/engine.pod
+++ b/doc/crypto/engine.pod
@@ -192,7 +192,7 @@ to use the pointer value at all, as this kind of reference is a guarantee
 that the structure can not be deallocated until the reference is released.
 
 However, a structural reference provides no guarantee that the ENGINE is
 that the structure can not be deallocated until the reference is released.
 
 However, a structural reference provides no guarantee that the ENGINE is

-initiliased and able to use any of its cryptographic
+initialised and able to use any of its cryptographic

 implementations. Indeed it's quite possible that most ENGINEs will not
 initialise at all in typical environments, as ENGINEs are typically used to
 support specialised hardware. To use an ENGINE's functionality, you need a
 implementations. Indeed it's quite possible that most ENGINEs will not
 initialise at all in typical environments, as ENGINEs are typically used to
 support specialised hardware. To use an ENGINE's functionality, you need a


@@ -201,8 +201,8 @@ specialised form of structural reference, because each functional reference
 implicitly contains a structural reference as well - however to avoid
 difficult-to-find programming bugs, it is recommended to treat the two
 kinds of reference independently. If you have a functional reference to an
 implicitly contains a structural reference as well - however to avoid
 difficult-to-find programming bugs, it is recommended to treat the two
 kinds of reference independently. If you have a functional reference to an

-ENGINE, you have a guarantee that the ENGINE has been initialised ready to
-perform cryptographic operations and will remain uninitialised
+ENGINE, you have a guarantee that the ENGINE has been initialised and
+is ready to perform cryptographic operations, and will remain initialised

 until after you have released your reference.
 
 I<Structural references>
 until after you have released your reference.
 
 I<Structural references>


@@ -370,7 +370,7 @@ I<Using a specific ENGINE implementation>
 Here we'll assume an application has been configured by its user or admin
 to want to use the "ACME" ENGINE if it is available in the version of
 OpenSSL the application was compiled with. If it is available, it should be
 Here we'll assume an application has been configured by its user or admin
 to want to use the "ACME" ENGINE if it is available in the version of
 OpenSSL the application was compiled with. If it is available, it should be

-used by default for all RSA, DSA, and symmetric cipher operation, otherwise
+used by default for all RSA, DSA, and symmetric cipher operations, otherwise

 OpenSSL should use its builtin software as per usual. The following code
 illustrates how to approach this;
 
 OpenSSL should use its builtin software as per usual. The following code
 illustrates how to approach this;
 


@@ -401,7 +401,7 @@ I<Automatically using builtin ENGINE implementations>
 
 Here we'll assume we want to load and register all ENGINE implementations
 bundled with OpenSSL, such that for any cryptographic algorithm required by
 
 Here we'll assume we want to load and register all ENGINE implementations
 bundled with OpenSSL, such that for any cryptographic algorithm required by

-OpenSSL - if there is an ENGINE that implements it and can be initialise,
+OpenSSL - if there is an ENGINE that implements it and can be initialised,

 it should be used. The following code illustrates how this can work;
 
  /* Load all bundled ENGINEs into memory and make them visible */
 it should be used. The following code illustrates how this can work;
 
  /* Load all bundled ENGINEs into memory and make them visible */