diff options
97 files changed, 18790 insertions, 0 deletions
diff --git a/LIBTLS_VERSION b/LIBTLS_VERSION new file mode 100644 index 0000000..77c98b5 --- /dev/null +++ b/LIBTLS_VERSION @@ -0,0 +1 @@ +20:1:0 diff --git a/Makefile.am b/Makefile.am new file mode 100644 index 0000000..942abf9 --- /dev/null +++ b/Makefile.am @@ -0,0 +1,38 @@ +include $(top_srcdir)/Makefile.am.common + +lib_LTLIBRARIES = libtls.la + +EXTRA_DIST = VERSION +EXTRA_DIST += CMakeLists.txt +EXTRA_DIST += tls.sym + +libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined -export-symbols $(top_srcdir)/tls/tls.sym +libtls_la_LIBADD = $(abs_top_builddir)/ssl/libssl.la +libtls_la_LIBADD += $(abs_top_builddir)/crypto/libcrypto.la +libtls_la_LIBADD += $(PLATFORM_LDADD) + +libtls_la_CPPFLAGS = $(AM_CPPFLAGS) +if OPENSSLDIR_DEFINED +libtls_la_CPPFLAGS += -DTLS_DEFAULT_CA_FILE=\"@OPENSSLDIR@/cert.pem\" +else +libtls_la_CPPFLAGS += -DTLS_DEFAULT_CA_FILE=\"$(sysconfdir)/ssl/cert.pem\" +endif + +libtls_la_SOURCES = tls.c +libtls_la_SOURCES += tls_client.c +libtls_la_SOURCES += tls_bio_cb.c +libtls_la_SOURCES += tls_config.c +libtls_la_SOURCES += tls_conninfo.c +libtls_la_SOURCES += tls_keypair.c +libtls_la_SOURCES += tls_server.c +libtls_la_SOURCES += tls_ocsp.c +libtls_la_SOURCES += tls_peer.c +libtls_la_SOURCES += tls_util.c +libtls_la_SOURCES += tls_verify.c +noinst_HEADERS = tls_internal.h + +if HOST_WIN +libtls_la_SOURCES += compat/ftruncate.c +libtls_la_SOURCES += compat/pread.c +libtls_la_SOURCES += compat/pwrite.c +endif diff --git a/Makefile.am.common b/Makefile.am.common new file mode 100644 index 0000000..87aa807 --- /dev/null +++ b/Makefile.am.common @@ -0,0 +1,3 @@ +AM_CFLAGS = +AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat -DLIBRESSL_INTERNAL +AM_CPPFLAGS += -D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS= diff --git a/VERSION b/VERSION new file mode 100644 index 0000000..252fb77 --- /dev/null +++ b/VERSION @@ -0,0 +1,2 @@ +3.2.0 + diff --git a/compat/arc4random.c b/compat/arc4random.c new file mode 100644 index 0000000..2bb4dbf --- /dev/null +++ b/compat/arc4random.c @@ -0,0 +1,196 @@ +/* $OpenBSD: arc4random.c,v 1.55 2019/03/24 17:56:54 deraadt Exp $ */ + +/* + * Copyright (c) 1996, David Mazieres <dm@uun.org> + * Copyright (c) 2008, Damien Miller <djm@openbsd.org> + * Copyright (c) 2013, Markus Friedl <markus@openbsd.org> + * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * ChaCha based random number generator for OpenBSD. + */ + +#include <fcntl.h> +#include <limits.h> +#include <signal.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <sys/types.h> +#include <sys/time.h> + +#define KEYSTREAM_ONLY +#include "chacha_private.h" + +#define minimum(a, b) ((a) < (b) ? (a) : (b)) + +#if defined(__GNUC__) || defined(_MSC_VER) +#define inline __inline +#else /* __GNUC__ || _MSC_VER */ +#define inline +#endif /* !__GNUC__ && !_MSC_VER */ + +#define KEYSZ 32 +#define IVSZ 8 +#define BLOCKSZ 64 +#define RSBUFSZ (16*BLOCKSZ) + +/* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */ +static struct _rs { + size_t rs_have; /* valid bytes at end of rs_buf */ + size_t rs_count; /* bytes till reseed */ +} *rs; + +/* Maybe be preserved in fork children, if _rs_allocate() decides. */ +static struct _rsx { + chacha_ctx rs_chacha; /* chacha context for random keystream */ + u_char rs_buf[RSBUFSZ]; /* keystream blocks */ +} *rsx; + +static inline int _rs_allocate(struct _rs **, struct _rsx **); +static inline void _rs_forkdetect(void); +#include "arc4random.h" + +static inline void _rs_rekey(u_char *dat, size_t datlen); + +static inline void +_rs_init(u_char *buf, size_t n) +{ + if (n < KEYSZ + IVSZ) + return; + + if (rs == NULL) { + if (_rs_allocate(&rs, &rsx) == -1) + _exit(1); + } + + chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8, 0); + chacha_ivsetup(&rsx->rs_chacha, buf + KEYSZ); +} + +static void +_rs_stir(void) +{ + u_char rnd[KEYSZ + IVSZ]; + + if (getentropy(rnd, sizeof rnd) == -1) + _getentropy_fail(); + + if (!rs) + _rs_init(rnd, sizeof(rnd)); + else + _rs_rekey(rnd, sizeof(rnd)); + explicit_bzero(rnd, sizeof(rnd)); /* discard source seed */ + + /* invalidate rs_buf */ + rs->rs_have = 0; + memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf)); + + rs->rs_count = 1600000; +} + +static inline void +_rs_stir_if_needed(size_t len) +{ + _rs_forkdetect(); + if (!rs || rs->rs_count <= len) + _rs_stir(); + if (rs->rs_count <= len) + rs->rs_count = 0; + else + rs->rs_count -= len; +} + +static inline void +_rs_rekey(u_char *dat, size_t datlen) +{ +#ifndef KEYSTREAM_ONLY + memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf)); +#endif + /* fill rs_buf with the keystream */ + chacha_encrypt_bytes(&rsx->rs_chacha, rsx->rs_buf, + rsx->rs_buf, sizeof(rsx->rs_buf)); + /* mix in optional user provided data */ + if (dat) { + size_t i, m; + + m = minimum(datlen, KEYSZ + IVSZ); + for (i = 0; i < m; i++) + rsx->rs_buf[i] ^= dat[i]; + } + /* immediately reinit for backtracking resistance */ + _rs_init(rsx->rs_buf, KEYSZ + IVSZ); + memset(rsx->rs_buf, 0, KEYSZ + IVSZ); + rs->rs_have = sizeof(rsx->rs_buf) - KEYSZ - IVSZ; +} + +static inline void +_rs_random_buf(void *_buf, size_t n) +{ + u_char *buf = (u_char *)_buf; + u_char *keystream; + size_t m; + + _rs_stir_if_needed(n); + while (n > 0) { + if (rs->rs_have > 0) { + m = minimum(n, rs->rs_have); + keystream = rsx->rs_buf + sizeof(rsx->rs_buf) + - rs->rs_have; + memcpy(buf, keystream, m); + memset(keystream, 0, m); + buf += m; + n -= m; + rs->rs_have -= m; + } + if (rs->rs_have == 0) + _rs_rekey(NULL, 0); + } +} + +static inline void +_rs_random_u32(uint32_t *val) +{ + u_char *keystream; + + _rs_stir_if_needed(sizeof(*val)); + if (rs->rs_have < sizeof(*val)) + _rs_rekey(NULL, 0); + keystream = rsx->rs_buf + sizeof(rsx->rs_buf) - rs->rs_have; + memcpy(val, keystream, sizeof(*val)); + memset(keystream, 0, sizeof(*val)); + rs->rs_have -= sizeof(*val); +} + +uint32_t +arc4random(void) +{ + uint32_t val; + + _ARC4_LOCK(); + _rs_random_u32(&val); + _ARC4_UNLOCK(); + return val; +} + +void +arc4random_buf(void *buf, size_t n) +{ + _ARC4_LOCK(); + _rs_random_buf(buf, n); + _ARC4_UNLOCK(); +} diff --git a/compat/arc4random.h b/compat/arc4random.h new file mode 100644 index 0000000..ffa3239 --- /dev/null +++ b/compat/arc4random.h @@ -0,0 +1,38 @@ +#ifndef LIBCRYPTOCOMPAT_ARC4RANDOM_H +#define LIBCRYPTOCOMPAT_ARC4RANDOM_H + +#include <sys/param.h> + +#if defined(_AIX) +#include "arc4random_aix.h" + +#elif defined(__FreeBSD__) +#include "arc4random_freebsd.h" + +#elif defined(__hpux) +#include "arc4random_hpux.h" + +#elif defined(__linux__) +#include "arc4random_linux.h" + +#elif defined(__midipix__) +#include "arc4random_linux.h" + +#elif defined(__NetBSD__) +#include "arc4random_netbsd.h" + +#elif defined(__APPLE__) +#include "arc4random_osx.h" + +#elif defined(__sun) +#include "arc4random_solaris.h" + +#elif defined(_WIN32) +#include "arc4random_win.h" + +#else +#error "No arc4random hooks defined for this platform." + +#endif + +#endif diff --git a/compat/arc4random_aix.h b/compat/arc4random_aix.h new file mode 100644 index 0000000..3142a1f --- /dev/null +++ b/compat/arc4random_aix.h @@ -0,0 +1,81 @@ +/* $OpenBSD: arc4random_aix.h,v 1.2 2016/06/30 12:19:51 bcook Exp $ */ + +/* + * Copyright (c) 1996, David Mazieres <dm@uun.org> + * Copyright (c) 2008, Damien Miller <djm@openbsd.org> + * Copyright (c) 2013, Markus Friedl <markus@openbsd.org> + * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Stub functions for portability. + */ + +#include <sys/mman.h> + +#include <pthread.h> +#include <signal.h> + +static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER; +#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx) +#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx) + +#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f)) + +static inline void +_getentropy_fail(void) +{ + raise(SIGKILL); +} + +static volatile sig_atomic_t _rs_forked; + +static inline void +_rs_forkhandler(void) +{ + _rs_forked = 1; +} + +static inline void +_rs_forkdetect(void) +{ + static pid_t _rs_pid = 0; + pid_t pid = getpid(); + + if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) { + _rs_pid = pid; + _rs_forked = 0; + if (rs) + memset(rs, 0, sizeof(*rs)); + } +} + +static inline int +_rs_allocate(struct _rs **rsp, struct _rsx **rsxp) +{ + if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) + return (-1); + + if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) { + munmap(*rsp, sizeof(**rsp)); + *rsp = NULL; + return (-1); + } + + _ARC4_ATFORK(_rs_forkhandler); + return (0); +} diff --git a/compat/arc4random_freebsd.h b/compat/arc4random_freebsd.h new file mode 100644 index 0000000..3faa5e4 --- /dev/null +++ b/compat/arc4random_freebsd.h @@ -0,0 +1,87 @@ +/* $OpenBSD: arc4random_freebsd.h,v 1.4 2016/06/30 12:19:51 bcook Exp $ */ + +/* + * Copyright (c) 1996, David Mazieres <dm@uun.org> + * Copyright (c) 2008, Damien Miller <djm@openbsd.org> + * Copyright (c) 2013, Markus Friedl <markus@openbsd.org> + * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Stub functions for portability. + */ + +#include <sys/mman.h> + +#include <pthread.h> +#include <signal.h> + +static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER; +#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx) +#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx) + +/* + * Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10) if + * a program does not link to -lthr. Callbacks registered with pthread_atfork() + * appear to fail silently. So, it is not always possible to detect a PID + * wraparound. + */ +#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f)) + +static inline void +_getentropy_fail(void) +{ + raise(SIGKILL); +} + +static volatile sig_atomic_t _rs_forked; + +static inline void +_rs_forkhandler(void) +{ + _rs_forked = 1; +} + +static inline void +_rs_forkdetect(void) +{ + static pid_t _rs_pid = 0; + pid_t pid = getpid(); + + if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) { + _rs_pid = pid; + _rs_forked = 0; + if (rs) + memset(rs, 0, sizeof(*rs)); + } +} + +static inline int +_rs_allocate(struct _rs **rsp, struct _rsx **rsxp) +{ + if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) + return (-1); + + if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) { + munmap(*rsp, sizeof(**rsp)); + *rsp = NULL; + return (-1); + } + + _ARC4_ATFORK(_rs_forkhandler); + return (0); +} diff --git a/compat/arc4random_hpux.h b/compat/arc4random_hpux.h new file mode 100644 index 0000000..2a3fe8c --- /dev/null +++ b/compat/arc4random_hpux.h @@ -0,0 +1,81 @@ +/* $OpenBSD: arc4random_hpux.h,v 1.3 2016/06/30 12:19:51 bcook Exp $ */ + +/* + * Copyright (c) 1996, David Mazieres <dm@uun.org> + * Copyright (c) 2008, Damien Miller <djm@openbsd.org> + * Copyright (c) 2013, Markus Friedl <markus@openbsd.org> + * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Stub functions for portability. + */ + +#include <sys/mman.h> + +#include <pthread.h> +#include <signal.h> + +static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER; +#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx) +#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx) + +#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f)) + +static inline void +_getentropy_fail(void) +{ + raise(SIGKILL); +} + +static volatile sig_atomic_t _rs_forked; + +static inline void +_rs_forkhandler(void) +{ + _rs_forked = 1; +} + +static inline void +_rs_forkdetect(void) +{ + static pid_t _rs_pid = 0; + pid_t pid = getpid(); + + if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) { + _rs_pid = pid; + _rs_forked = 0; + if (rs) + memset(rs, 0, sizeof(*rs)); + } +} + +static inline int +_rs_allocate(struct _rs **rsp, struct _rsx **rsxp) +{ + if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) + return (-1); + + if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) { + munmap(*rsp, sizeof(**rsp)); + *rsp = NULL; + return (-1); + } + + _ARC4_ATFORK(_rs_forkhandler); + return (0); +} diff --git a/compat/arc4random_linux.h b/compat/arc4random_linux.h new file mode 100644 index 0000000..5e1cf34 --- /dev/null +++ b/compat/arc4random_linux.h @@ -0,0 +1,88 @@ +/* $OpenBSD: arc4random_linux.h,v 1.12 2019/07/11 10:37:28 inoguchi Exp $ */ + +/* + * Copyright (c) 1996, David Mazieres <dm@uun.org> + * Copyright (c) 2008, Damien Miller <djm@openbsd.org> + * Copyright (c) 2013, Markus Friedl <markus@openbsd.org> + * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Stub functions for portability. + */ + +#include <sys/mman.h> + +#include <pthread.h> +#include <signal.h> + +static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER; +#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx) +#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx) + +#if defined(__GLIBC__) && !(defined(__UCLIBC__) && !defined(__ARCH_USE_MMU__)) +extern void *__dso_handle; +extern int __register_atfork(void (*)(void), void(*)(void), void (*)(void), void *); +#define _ARC4_ATFORK(f) __register_atfork(NULL, NULL, (f), __dso_handle) +#else +#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f)) +#endif + +static inline void +_getentropy_fail(void) +{ + raise(SIGKILL); +} + +static volatile sig_atomic_t _rs_forked; + +static inline void +_rs_forkhandler(void) +{ + _rs_forked = 1; +} + +static inline void +_rs_forkdetect(void) +{ + static pid_t _rs_pid = 0; + pid_t pid = getpid(); + + /* XXX unusual calls to clone() can bypass checks */ + if (_rs_pid == 0 || _rs_pid == 1 || _rs_pid != pid || _rs_forked) { + _rs_pid = pid; + _rs_forked = 0; + if (rs) + memset(rs, 0, sizeof(*rs)); + } +} + +static inline int +_rs_allocate(struct _rs **rsp, struct _rsx **rsxp) +{ + if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) + return (-1); + + if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) { + munmap(*rsp, sizeof(**rsp)); + *rsp = NULL; + return (-1); + } + + _ARC4_ATFORK(_rs_forkhandler); + return (0); +} diff --git a/compat/arc4random_netbsd.h b/compat/arc4random_netbsd.h new file mode 100644 index 0000000..611997d --- /dev/null +++ b/compat/arc4random_netbsd.h @@ -0,0 +1,87 @@ +/* $OpenBSD: arc4random_netbsd.h,v 1.3 2016/06/30 12:19:51 bcook Exp $ */ + +/* + * Copyright (c) 1996, David Mazieres <dm@uun.org> + * Copyright (c) 2008, Damien Miller <djm@openbsd.org> + * Copyright (c) 2013, Markus Friedl <markus@openbsd.org> + * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Stub functions for portability. + */ + +#include <sys/mman.h> + +#include <pthread.h> +#include <signal.h> + +static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER; +#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx) +#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx) + +/* + * Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10) if + * a program does not link to -lthr. Callbacks registered with pthread_atfork() + * appear to fail silently. So, it is not always possible to detect a PID + * wraparound. + */ +#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f)) + +static inline void +_getentropy_fail(void) +{ + raise(SIGKILL); +} + +static volatile sig_atomic_t _rs_forked; + +static inline void +_rs_forkhandler(void) +{ + _rs_forked = 1; +} + +static inline void +_rs_forkdetect(void) +{ + static pid_t _rs_pid = 0; + pid_t pid = getpid(); + + if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) { + _rs_pid = pid; + _rs_forked = 0; + if (rs) + memset(rs, 0, sizeof(*rs)); + } +} + +static inline int +_rs_allocate(struct _rs **rsp, struct _rsx **rsxp) +{ + if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) + return (-1); + + if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) { + munmap(*rsp, sizeof(**rsp)); + *rsp = NULL; + return (-1); + } + + _ARC4_ATFORK(_rs_forkhandler); + return (0); +} diff --git a/compat/arc4random_osx.h b/compat/arc4random_osx.h new file mode 100644 index 0000000..818ae6b --- /dev/null +++ b/compat/arc4random_osx.h @@ -0,0 +1,81 @@ +/* $OpenBSD: arc4random_osx.h,v 1.11 2016/06/30 12:19:51 bcook Exp $ */ + +/* + * Copyright (c) 1996, David Mazieres <dm@uun.org> + * Copyright (c) 2008, Damien Miller <djm@openbsd.org> + * Copyright (c) 2013, Markus Friedl <markus@openbsd.org> + * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Stub functions for portability. + */ + +#include <sys/mman.h> + +#include <pthread.h> +#include <signal.h> + +static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER; +#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx) +#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx) + +#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f)) + +static inline void +_getentropy_fail(void) +{ + raise(SIGKILL); +} + +static volatile sig_atomic_t _rs_forked; + +static inline void +_rs_forkhandler(void) +{ + _rs_forked = 1; +} + +static inline void +_rs_forkdetect(void) +{ + static pid_t _rs_pid = 0; + pid_t pid = getpid(); + + if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) { + _rs_pid = pid; + _rs_forked = 0; + if (rs) + memset(rs, 0, sizeof(*rs)); + } +} + +static inline int +_rs_allocate(struct _rs **rsp, struct _rsx **rsxp) +{ + if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) + return (-1); + + if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) { + munmap(*rsp, sizeof(**rsp)); + *rsp = NULL; + return (-1); + } + + _ARC4_ATFORK(_rs_forkhandler); + return (0); +} diff --git a/compat/arc4random_solaris.h b/compat/arc4random_solaris.h new file mode 100644 index 0000000..b1084cd --- /dev/null +++ b/compat/arc4random_solaris.h @@ -0,0 +1,81 @@ +/* $OpenBSD: arc4random_solaris.h,v 1.10 2016/06/30 12:19:51 bcook Exp $ */ + +/* + * Copyright (c) 1996, David Mazieres <dm@uun.org> + * Copyright (c) 2008, Damien Miller <djm@openbsd.org> + * Copyright (c) 2013, Markus Friedl <markus@openbsd.org> + * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Stub functions for portability. + */ + +#include <sys/mman.h> + +#include <pthread.h> +#include <signal.h> + +static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER; +#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx) +#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx) + +#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f)) + +static inline void +_getentropy_fail(void) +{ + raise(SIGKILL); +} + +static volatile sig_atomic_t _rs_forked; + +static inline void +_rs_forkhandler(void) +{ + _rs_forked = 1; +} + +static inline void +_rs_forkdetect(void) +{ + static pid_t _rs_pid = 0; + pid_t pid = getpid(); + + if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) { + _rs_pid = pid; + _rs_forked = 0; + if (rs) + memset(rs, 0, sizeof(*rs)); + } +} + +static inline int +_rs_allocate(struct _rs **rsp, struct _rsx **rsxp) +{ + if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) + return (-1); + + if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) { + munmap(*rsp, sizeof(**rsp)); + *rsp = NULL; + return (-1); + } + + _ARC4_ATFORK(_rs_forkhandler); + return (0); +} diff --git a/compat/arc4random_uniform.c b/compat/arc4random_uniform.c new file mode 100644 index 0000000..06cd29c --- /dev/null +++ b/compat/arc4random_uniform.c @@ -0,0 +1,56 @@ +/* $OpenBSD: arc4random_uniform.c,v 1.3 2019/01/20 02:59:07 bcook Exp $ */ + +/* + * Copyright (c) 2008, Damien Miller <djm@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <stdint.h> +#include <stdlib.h> + +/* + * Calculate a uniformly distributed random number less than upper_bound + * avoiding "modulo bias". + * + * Uniformity is achieved by generating new random numbers until the one + * returned is outside the range [0, 2**32 % upper_bound). This + * guarantees the selected random number will be inside + * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound) + * after reduction modulo upper_bound. + */ +uint32_t +arc4random_uniform(uint32_t upper_bound) +{ + uint32_t r, min; + + if (upper_bound < 2) + return 0; + + /* 2**32 % x == (2**32 - x) % x */ + min = -upper_bound % upper_bound; + + /* + * This could theoretically loop forever but each retry has + * p > 0.5 (worst case, usually far better) of selecting a + * number inside the range we need, so it should rarely need + * to re-roll. + */ + for (;;) { + r = arc4random(); + if (r >= min) + break; + } + + return r % upper_bound; +} diff --git a/compat/arc4random_win.h b/compat/arc4random_win.h new file mode 100644 index 0000000..deec8a1 --- /dev/null +++ b/compat/arc4random_win.h @@ -0,0 +1,78 @@ +/* $OpenBSD: arc4random_win.h,v 1.6 2016/06/30 12:17:29 bcook Exp $ */ + +/* + * Copyright (c) 1996, David Mazieres <dm@uun.org> + * Copyright (c) 2008, Damien Miller <djm@openbsd.org> + * Copyright (c) 2013, Markus Friedl <markus@openbsd.org> + * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Stub functions for portability. + */ + +#include <windows.h> + +static volatile HANDLE arc4random_mtx = NULL; + +/* + * Initialize the mutex on the first lock attempt. On collision, each thread + * will attempt to allocate a mutex and compare-and-swap it into place as the + * global mutex. On failure to swap in the global mutex, the mutex is closed. + */ +#define _ARC4_LOCK() { \ + if (!arc4random_mtx) { \ + HANDLE p = CreateMutex(NULL, FALSE, NULL); \ + if (InterlockedCompareExchangePointer((void **)&arc4random_mtx, (void *)p, NULL)) \ + CloseHandle(p); \ + } \ + WaitForSingleObject(arc4random_mtx, INFINITE); \ +} \ + +#define _ARC4_UNLOCK() ReleaseMutex(arc4random_mtx) + +static inline void +_getentropy_fail(void) +{ + TerminateProcess(GetCurrentProcess(), 0); +} + +static inline int +_rs_allocate(struct _rs **rsp, struct _rsx **rsxp) +{ + *rsp = VirtualAlloc(NULL, sizeof(**rsp), + MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); + if (*rsp == NULL) + return (-1); + + *rsxp = VirtualAlloc(NULL, sizeof(**rsxp), + MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); + if (*rsxp == NULL) { + VirtualFree(*rsp, 0, MEM_RELEASE); + *rsp = NULL; + return (-1); + } + return (0); +} + +static inline void +_rs_forkhandler(void) +{ +} + +static inline void +_rs_forkdetect(void) +{ +} diff --git a/compat/bsd-asprintf.c b/compat/bsd-asprintf.c new file mode 100644 index 0000000..3728bc5 --- /dev/null +++ b/compat/bsd-asprintf.c @@ -0,0 +1,96 @@ +/* + * Copyright (c) 2004 Darren Tucker. + * + * Based originally on asprintf.c from OpenBSD: + * Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef HAVE_ASPRINTF + +#include <errno.h> +#include <limits.h> /* for INT_MAX */ +#include <stdarg.h> +#include <stdio.h> /* for vsnprintf */ +#include <stdlib.h> + +#ifndef VA_COPY +# ifdef HAVE_VA_COPY +# define VA_COPY(dest, src) va_copy(dest, src) +# else +# ifdef HAVE___VA_COPY +# define VA_COPY(dest, src) __va_copy(dest, src) +# else +# define VA_COPY(dest, src) (dest) = (src) +# endif +# endif +#endif + +#define INIT_SZ 128 + +int +vasprintf(char **str, const char *fmt, va_list ap) +{ + int ret; + va_list ap2; + char *string, *newstr; + size_t len; + + if ((string = malloc(INIT_SZ)) == NULL) + goto fail; + + VA_COPY(ap2, ap); + ret = vsnprintf(string, INIT_SZ, fmt, ap2); + va_end(ap2); + if (ret >= 0 && ret < INIT_SZ) { /* succeeded with initial alloc */ + *str = string; + } else if (ret == INT_MAX || ret < 0) { /* Bad length */ + free(string); + goto fail; + } else { /* bigger than initial, realloc allowing for nul */ + len = (size_t)ret + 1; + if ((newstr = realloc(string, len)) == NULL) { + free(string); + goto fail; + } + VA_COPY(ap2, ap); + ret = vsnprintf(newstr, len, fmt, ap2); + va_end(ap2); + if (ret < 0 || (size_t)ret >= len) { /* failed with realloc'ed string */ + free(newstr); + goto fail; + } + *str = newstr; + } + return (ret); + +fail: + *str = NULL; + errno = ENOMEM; + return (-1); +} + +int asprintf(char **str, const char *fmt, ...) +{ + va_list ap; + int ret; + + *str = NULL; + va_start(ap, fmt); + ret = vasprintf(str, fmt, ap); + va_end(ap); + + return ret; +} +#endif diff --git a/compat/chacha_private.h b/compat/chacha_private.h new file mode 100644 index 0000000..7c3680f --- /dev/null +++ b/compat/chacha_private.h @@ -0,0 +1,222 @@ +/* +chacha-merged.c version 20080118 +D. J. Bernstein +Public domain. +*/ + +/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */ + +typedef unsigned char u8; +typedef unsigned int u32; + +typedef struct +{ + u32 input[16]; /* could be compressed */ +} chacha_ctx; + +#define U8C(v) (v##U) +#define U32C(v) (v##U) + +#define U8V(v) ((u8)(v) & U8C(0xFF)) +#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) + +#define ROTL32(v, n) \ + (U32V((v) << (n)) | ((v) >> (32 - (n)))) + +#define U8TO32_LITTLE(p) \ + (((u32)((p)[0]) ) | \ + ((u32)((p)[1]) << 8) | \ + ((u32)((p)[2]) << 16) | \ + ((u32)((p)[3]) << 24)) + +#define U32TO8_LITTLE(p, v) \ + do { \ + (p)[0] = U8V((v) ); \ + (p)[1] = U8V((v) >> 8); \ + (p)[2] = U8V((v) >> 16); \ + (p)[3] = U8V((v) >> 24); \ + } while (0) + +#define ROTATE(v,c) (ROTL32(v,c)) +#define XOR(v,w) ((v) ^ (w)) +#define PLUS(v,w) (U32V((v) + (w))) +#define PLUSONE(v) (PLUS((v),1)) + +#define QUARTERROUND(a,b,c,d) \ + a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ + c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ + a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ + c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); + +static const char sigma[16] = "expand 32-byte k"; +static const char tau[16] = "expand 16-byte k"; + +static void +chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits) +{ + const char *constants; + + x->input[4] = U8TO32_LITTLE(k + 0); + x->input[5] = U8TO32_LITTLE(k + 4); + x->input[6] = U8TO32_LITTLE(k + 8); + x->input[7] = U8TO32_LITTLE(k + 12); + if (kbits == 256) { /* recommended */ + k += 16; + constants = sigma; + } else { /* kbits == 128 */ + constants = tau; + } + x->input[8] = U8TO32_LITTLE(k + 0); + x->input[9] = U8TO32_LITTLE(k + 4); + x->input[10] = U8TO32_LITTLE(k + 8); + x->input[11] = U8TO32_LITTLE(k + 12); + x->input[0] = U8TO32_LITTLE(constants + 0); + x->input[1] = U8TO32_LITTLE(constants + 4); + x->input[2] = U8TO32_LITTLE(constants + 8); + x->input[3] = U8TO32_LITTLE(constants + 12); +} + +static void +chacha_ivsetup(chacha_ctx *x,const u8 *iv) +{ + x->input[12] = 0; + x->input[13] = 0; + x->input[14] = U8TO32_LITTLE(iv + 0); + x->input[15] = U8TO32_LITTLE(iv + 4); +} + +static void +chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes) +{ + u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; + u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; + u8 *ctarget = NULL; + u8 tmp[64]; + u_int i; + + if (!bytes) return; + + j0 = x->input[0]; + j1 = x->input[1]; + j2 = x->input[2]; + j3 = x->input[3]; + j4 = x->input[4]; + j5 = x->input[5]; + j6 = x->input[6]; + j7 = x->input[7]; + j8 = x->input[8]; + j9 = x->input[9]; + j10 = x->input[10]; + j11 = x->input[11]; + j12 = x->input[12]; + j13 = x->input[13]; + j14 = x->input[14]; + j15 = x->input[15]; + + for (;;) { + if (bytes < 64) { + for (i = 0;i < bytes;++i) tmp[i] = m[i]; + m = tmp; + ctarget = c; + c = tmp; + } + x0 = j0; + x1 = j1; + x2 = j2; + x3 = j3; + x4 = j4; + x5 = j5; + x6 = j6; + x7 = j7; + x8 = j8; + x9 = j9; + x10 = j10; + x11 = j11; + x12 = j12; + x13 = j13; + x14 = j14; + x15 = j15; + for (i = 20;i > 0;i -= 2) { + QUARTERROUND( x0, x4, x8,x12) + QUARTERROUND( x1, x5, x9,x13) + QUARTERROUND( x2, x6,x10,x14) + QUARTERROUND( x3, x7,x11,x15) + QUARTERROUND( x0, x5,x10,x15) + QUARTERROUND( x1, x6,x11,x12) + QUARTERROUND( x2, x7, x8,x13) + QUARTERROUND( x3, x4, x9,x14) + } + x0 = PLUS(x0,j0); + x1 = PLUS(x1,j1); + x2 = PLUS(x2,j2); + x3 = PLUS(x3,j3); + x4 = PLUS(x4,j4); + x5 = PLUS(x5,j5); + x6 = PLUS(x6,j6); + x7 = PLUS(x7,j7); + x8 = PLUS(x8,j8); + x9 = PLUS(x9,j9); + x10 = PLUS(x10,j10); + x11 = PLUS(x11,j11); + x12 = PLUS(x12,j12); + x13 = PLUS(x13,j13); + x14 = PLUS(x14,j14); + x15 = PLUS(x15,j15); + +#ifndef KEYSTREAM_ONLY + x0 = XOR(x0,U8TO32_LITTLE(m + 0)); + x1 = XOR(x1,U8TO32_LITTLE(m + 4)); + x2 = XOR(x2,U8TO32_LITTLE(m + 8)); + x3 = XOR(x3,U8TO32_LITTLE(m + 12)); + x4 = XOR(x4,U8TO32_LITTLE(m + 16)); + x5 = XOR(x5,U8TO32_LITTLE(m + 20)); + x6 = XOR(x6,U8TO32_LITTLE(m + 24)); + x7 = XOR(x7,U8TO32_LITTLE(m + 28)); + x8 = XOR(x8,U8TO32_LITTLE(m + 32)); + x9 = XOR(x9,U8TO32_LITTLE(m + 36)); + x10 = XOR(x10,U8TO32_LITTLE(m + 40)); + x11 = XOR(x11,U8TO32_LITTLE(m + 44)); + x12 = XOR(x12,U8TO32_LITTLE(m + 48)); + x13 = XOR(x13,U8TO32_LITTLE(m + 52)); + x14 = XOR(x14,U8TO32_LITTLE(m + 56)); + x15 = XOR(x15,U8TO32_LITTLE(m + 60)); +#endif + + j12 = PLUSONE(j12); + if (!j12) { + j13 = PLUSONE(j13); + /* stopping at 2^70 bytes per nonce is user's responsibility */ + } + + U32TO8_LITTLE(c + 0,x0); + U32TO8_LITTLE(c + 4,x1); + U32TO8_LITTLE(c + 8,x2); + U32TO8_LITTLE(c + 12,x3); + U32TO8_LITTLE(c + 16,x4); + U32TO8_LITTLE(c + 20,x5); + U32TO8_LITTLE(c + 24,x6); + U32TO8_LITTLE(c + 28,x7); + U32TO8_LITTLE(c + 32,x8); + U32TO8_LITTLE(c + 36,x9); + U32TO8_LITTLE(c + 40,x10); + U32TO8_LITTLE(c + 44,x11); + U32TO8_LITTLE(c + 48,x12); + U32TO8_LITTLE(c + 52,x13); + U32TO8_LITTLE(c + 56,x14); + U32TO8_LITTLE(c + 60,x15); + + if (bytes <= 64) { + if (bytes < 64) { + for (i = 0;i < bytes;++i) ctarget[i] = c[i]; + } + x->input[12] = j12; + x->input[13] = j13; + return; + } + bytes -= 64; + c += 64; +#ifndef KEYSTREAM_ONLY + m += 64; +#endif + } +} diff --git a/compat/explicit_bzero.c b/compat/explicit_bzero.c new file mode 100644 index 0000000..5dd0103 --- /dev/null +++ b/compat/explicit_bzero.c @@ -0,0 +1,19 @@ +/* $OpenBSD: explicit_bzero.c,v 1.4 2015/08/31 02:53:57 guenther Exp $ */ +/* + * Public domain. + * Written by Matthew Dempsky. + */ + +#include <string.h> + +__attribute__((weak)) void +__explicit_bzero_hook(void *buf, size_t len) +{ +} + +void +explicit_bzero(void *buf, size_t len) +{ + memset(buf, 0, len); + __explicit_bzero_hook(buf, len); +} diff --git a/compat/explicit_bzero_win.c b/compat/explicit_bzero_win.c new file mode 100644 index 0000000..0d09d90 --- /dev/null +++ b/compat/explicit_bzero_win.c @@ -0,0 +1,13 @@ +/* + * Public domain. + * Win32 explicit_bzero compatibility shim. + */ + +#include <windows.h> +#include <string.h> + +void +explicit_bzero(void *buf, size_t len) +{ + SecureZeroMemory(buf, len); +} diff --git a/compat/freezero.c b/compat/freezero.c new file mode 100644 index 0000000..31face3 --- /dev/null +++ b/compat/freezero.c @@ -0,0 +1,32 @@ +/* + * Copyright (c) 2008, 2010, 2011, 2016 Otto Moerbeek <otto@drijf.net> + * Copyright (c) 2012 Matthew Dempsky <matthew@openbsd.org> + * Copyright (c) 2008 Damien Miller <djm@openbsd.org> + * Copyright (c) 2000 Poul-Henning Kamp <phk@FreeBSD.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <string.h> +#include <stdlib.h> + +void +freezero(void *ptr, size_t sz) +{ + /* This is legal. */ + if (ptr == NULL) + return; + + explicit_bzero(ptr, sz); + free(ptr); +} diff --git a/compat/ftruncate.c b/compat/ftruncate.c new file mode 100644 index 0000000..e825e50 --- /dev/null +++ b/compat/ftruncate.c @@ -0,0 +1,17 @@ +/* + * Public domain + * + * Kinichiro Inoguchi <inoguchi@openbsd.org> + */ + +#ifdef _WIN32 + +#include <unistd.h> + +int +ftruncate(int fd, off_t length) +{ + return _chsize(fd, length); +} + +#endif diff --git a/compat/getentropy_aix.c b/compat/getentropy_aix.c new file mode 100644 index 0000000..422e685 --- /dev/null +++ b/compat/getentropy_aix.c @@ -0,0 +1,402 @@ +/* $OpenBSD: getentropy_aix.c,v 1.7 2020/05/17 14:44:20 deraadt Exp $ */ + +/* + * Copyright (c) 2015 Michael Felt <aixtools@gmail.com> + * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> + * Copyright (c) 2014 Bob Beck <beck@obtuse.com> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 + */ +/* + * -lperfstat is needed for the psuedo entropy data + */ + +#include <sys/mman.h> +#include <sys/procfs.h> +#include <sys/protosw.h> +#include <sys/resource.h> +#include <sys/socket.h> +#include <sys/stat.h> +#include <sys/statvfs.h> +#include <sys/timers.h> +#include <errno.h> +#include <fcntl.h> +#include <signal.h> +#include <stdio.h> +#include <string.h> +#include <termios.h> + +#include <openssl/sha.h> + +#include <libperfstat.h> + +#define REPEAT 5 +#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) + +#define HX(a, b) \ + do { \ + if ((a)) \ + HD(errno); \ + else \ + HD(b); \ + } while (0) + +#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) +#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) +#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) + +int getentropy(void *buf, size_t len); + +static int getentropy_urandom(void *buf, size_t len, const char *path, + int devfscheck); +static int getentropy_fallback(void *buf, size_t len); + +int +getentropy(void *buf, size_t len) +{ + int ret = -1; + + if (len > 256) { + errno = EIO; + return (-1); + } + + /* + * Try to get entropy with /dev/urandom + */ + ret = getentropy_urandom(buf, len, "/dev/urandom", 0); + if (ret != -1) + return (ret); + + /* + * Entropy collection via /dev/urandom has failed. + * + * No other API exists for collecting entropy, and we have + * no failsafe way to get it on AIX that is not sensitive + * to resource exhaustion. + * + * We have very few options: + * - Even syslog_r is unsafe to call at this low level, so + * there is no way to alert the user or program. + * - Cannot call abort() because some systems have unsafe + * corefiles. + * - Could raise(SIGKILL) resulting in silent program termination. + * - Return EIO, to hint that arc4random's stir function + * should raise(SIGKILL) + * - Do the best under the circumstances.... + * + * This code path exists to bring light to the issue that AIX + * does not provide a failsafe API for entropy collection. + * + * We hope this demonstrates that AIX should consider + * providing a new failsafe API which works in a chroot or + * when file descriptors are exhausted. + */ +#undef FAIL_INSTEAD_OF_TRYING_FALLBACK +#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK + raise(SIGKILL); +#endif + ret = getentropy_fallback(buf, len); + if (ret != -1) + return (ret); + + errno = EIO; + return (ret); +} + +static int +getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck) +{ + struct stat st; + size_t i; + int fd, flags; + int save_errno = errno; + +start: + + flags = O_RDONLY; +#ifdef O_NOFOLLOW + flags |= O_NOFOLLOW; +#endif +#ifdef O_CLOEXEC + flags |= O_CLOEXEC; +#endif + fd = open(path, flags, 0); + if (fd == -1) { + if (errno == EINTR) + goto start; + goto nodevrandom; + } +#ifndef O_CLOEXEC + fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); +#endif + + /* Lightly verify that the device node looks sane */ + if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) { + close(fd); + goto nodevrandom; + } + for (i = 0; i < len; ) { + size_t wanted = len - i; + ssize_t ret = read(fd, (char *)buf + i, wanted); + + if (ret == -1) { + if (errno == EAGAIN || errno == EINTR) + continue; + close(fd); + goto nodevrandom; + } + i += ret; + } + close(fd); + errno = save_errno; + return (0); /* satisfied */ +nodevrandom: + errno = EIO; + return (-1); +} + +static const int cl[] = { + CLOCK_REALTIME, +#ifdef CLOCK_MONOTONIC + CLOCK_MONOTONIC, +#endif +#ifdef CLOCK_MONOTONIC_RAW + CLOCK_MONOTONIC_RAW, +#endif +#ifdef CLOCK_TAI + CLOCK_TAI, +#endif +#ifdef CLOCK_VIRTUAL + CLOCK_VIRTUAL, +#endif +#ifdef CLOCK_UPTIME + CLOCK_UPTIME, +#endif +#ifdef CLOCK_PROCESS_CPUTIME_ID + CLOCK_PROCESS_CPUTIME_ID, +#endif +#ifdef CLOCK_THREAD_CPUTIME_ID + CLOCK_THREAD_CPUTIME_ID, +#endif +}; + +static int +getentropy_fallback(void *buf, size_t len) +{ + uint8_t results[SHA512_DIGEST_LENGTH]; + int save_errno = errno, e, pgs = sysconf(_SC_PAGESIZE), faster = 0, repeat; + static int cnt; + struct timespec ts; + struct timeval tv; + perfstat_cpu_total_t cpustats; +#ifdef _AIX61 + perfstat_cpu_total_wpar_t cpustats_wpar; +#endif + perfstat_partition_total_t lparstats; + perfstat_disk_total_t diskinfo; + perfstat_netinterface_total_t netinfo; + struct rusage ru; + sigset_t sigset; + struct stat st; + SHA512_CTX ctx; + static pid_t lastpid; + pid_t pid; + size_t i, ii, m; + char *p; + + pid = getpid(); + if (lastpid == pid) { + faster = 1; + repeat = 2; + } else { + faster = 0; + lastpid = pid; + repeat = REPEAT; + } + for (i = 0; i < len; ) { + int j; + SHA512_Init(&ctx); + for (j = 0; j < repeat; j++) { + HX((e = gettimeofday(&tv, NULL)) == -1, tv); + if (e != -1) { + cnt += (int)tv.tv_sec; + cnt += (int)tv.tv_usec; + } + + HX(perfstat_cpu_total(NULL, &cpustats, + sizeof(cpustats), 1) == -1, cpustats); + +#ifdef _AIX61 + HX(perfstat_cpu_total_wpar(NULL, &cpustats_wpar, + sizeof(cpustats_wpar), 1) == -1, cpustats_wpar); +#endif + + HX(perfstat_partition_total(NULL, &lparstats, + sizeof(lparstats), 1) == -1, lparstats); + + HX(perfstat_disk_total(NULL, &diskinfo, + sizeof(diskinfo), 1) == -1, diskinfo); + + HX(perfstat_netinterface_total(NULL, &netinfo, + sizeof(netinfo), 1) == -1, netinfo); + + for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++) + HX(clock_gettime(cl[ii], &ts) == -1, ts); + + HX((pid = getpid()) == -1, pid); + HX((pid = getsid(pid)) == -1, pid); + HX((pid = getppid()) == -1, pid); + HX((pid = getpgid(0)) == -1, pid); + HX((e = getpriority(0, 0)) == -1, e); + + if (!faster) { + ts.tv_sec = 0; + ts.tv_nsec = 1; + (void) nanosleep(&ts, NULL); + } + + HX(sigpending(&sigset) == -1, sigset); + HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, + sigset); + + HF(getentropy); /* an addr in this library */ + HF(printf); /* an addr in libc */ + p = (char *)&p; + HD(p); /* an addr on stack */ + p = (char *)&errno; + HD(p); /* the addr of errno */ + + if (i == 0) { + struct sockaddr_storage ss; + struct statvfs stvfs; + struct termios tios; + socklen_t ssl; + off_t off; + + /* + * Prime-sized mappings encourage fragmentation; + * thus exposing some address entropy. + */ + struct mm { + size_t npg; + void *p; + } mm[] = { + { 17, MAP_FAILED }, { 3, MAP_FAILED }, + { 11, MAP_FAILED }, { 2, MAP_FAILED }, + { 5, MAP_FAILED }, { 3, MAP_FAILED }, + { 7, MAP_FAILED }, { 1, MAP_FAILED }, + { 57, MAP_FAILED }, { 3, MAP_FAILED }, + { 131, MAP_FAILED }, { 1, MAP_FAILED }, + }; + + for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { + HX(mm[m].p = mmap(NULL, + mm[m].npg * pgs, + PROT_READ|PROT_WRITE, + MAP_PRIVATE|MAP_ANON, -1, + (off_t)0), mm[m].p); + if (mm[m].p != MAP_FAILED) { + size_t mo; + + /* Touch some memory... */ + p = mm[m].p; + mo = cnt % + (mm[m].npg * pgs - 1); + p[mo] = 1; + cnt += (int)((long)(mm[m].p) + / pgs); + } + + /* Check cnts and times... */ + for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); + ii++) { + HX((e = clock_gettime(cl[ii], + &ts)) == -1, ts); + if (e != -1) + cnt += (int)ts.tv_nsec; + } + + HX((e = getrusage(RUSAGE_SELF, + &ru)) == -1, ru); + if (e != -1) { + cnt += (int)ru.ru_utime.tv_sec; + cnt += (int)ru.ru_utime.tv_usec; + } + } + + for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { + if (mm[m].p != MAP_FAILED) + munmap(mm[m].p, mm[m].npg * pgs); + mm[m].p = MAP_FAILED; + } + + HX(stat(".", &st) == -1, st); + HX(statvfs(".", &stvfs) == -1, stvfs); + + HX(stat("/", &st) == -1, st); + HX(statvfs("/", &stvfs) == -1, stvfs); + + HX((e = fstat(0, &st)) == -1, st); + if (e == -1) { + if (S_ISREG(st.st_mode) || + S_ISFIFO(st.st_mode) || + S_ISSOCK(st.st_mode)) { + HX(fstatvfs(0, &stvfs) == -1, + stvfs); + HX((off = lseek(0, (off_t)0, + SEEK_CUR)) < 0, off); + } + if (S_ISCHR(st.st_mode)) { + HX(tcgetattr(0, &tios) == -1, + tios); + } else if (S_ISSOCK(st.st_mode)) { + memset(&ss, 0, sizeof ss); + ssl = sizeof(ss); + HX(getpeername(0, + (void *)&ss, &ssl) == -1, + ss); + } + } + + HX((e = getrusage(RUSAGE_CHILDREN, + &ru)) == -1, ru); + if (e != -1) { + cnt += (int)ru.ru_utime.tv_sec; + cnt += (int)ru.ru_utime.tv_usec; + } + } else { + /* Subsequent hashes absorb previous result */ + HD(results); + } + + HX((e = gettimeofday(&tv, NULL)) == -1, tv); + if (e != -1) { + cnt += (int)tv.tv_sec; + cnt += (int)tv.tv_usec; + } + + HD(cnt); + } + SHA512_Final(results, &ctx); + memcpy((char *)buf + i, results, MINIMUM(sizeof(results), len - i)); + i += MINIMUM(sizeof(results), len - i); + } + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); + errno = save_errno; + return (0); /* satisfied */ +} diff --git a/compat/getentropy_freebsd.c b/compat/getentropy_freebsd.c new file mode 100644 index 0000000..30cd68e --- /dev/null +++ b/compat/getentropy_freebsd.c @@ -0,0 +1,62 @@ +/* $OpenBSD: getentropy_freebsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $ */ + +/* + * Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org> + * Copyright (c) 2014 Brent Cook <bcook@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 + */ + +#include <sys/types.h> +#include <sys/sysctl.h> + +#include <errno.h> +#include <stddef.h> + +/* + * Derived from lib/libc/gen/arc4random.c from FreeBSD. + */ +static size_t +getentropy_sysctl(u_char *buf, size_t size) +{ + int mib[2]; + size_t len, done; + + mib[0] = CTL_KERN; + mib[1] = KERN_ARND; + done = 0; + + do { + len = size; + if (sysctl(mib, 2, buf, &len, NULL, 0) == -1) + return (done); + done += len; + buf += len; + size -= len; + } while (size > 0); + + return (done); +} + +int +getentropy(void *buf, size_t len) +{ + if (len <= 256 && getentropy_sysctl(buf, len) == len) + return (0); + + errno = EIO; + return (-1); +} diff --git a/compat/getentropy_hpux.c b/compat/getentropy_hpux.c new file mode 100644 index 0000000..c981880 --- /dev/null +++ b/compat/getentropy_hpux.c @@ -0,0 +1,396 @@ +/* $OpenBSD: getentropy_hpux.c,v 1.7 2020/05/17 14:44:20 deraadt Exp $ */ + +/* + * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> + * Copyright (c) 2014 Bob Beck <beck@obtuse.com> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 + */ + +#include <sys/types.h> +#include <sys/param.h> +#include <sys/ioctl.h> +#include <sys/resource.h> +#include <sys/syscall.h> +#include <sys/statvfs.h> +#include <sys/socket.h> +#include <sys/mount.h> +#include <sys/mman.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <stdlib.h> +#include <stdint.h> +#include <stdio.h> +#include <termios.h> +#include <fcntl.h> +#include <signal.h> +#include <string.h> +#include <errno.h> +#include <unistd.h> +#include <time.h> +#include <openssl/sha.h> + +#include <sys/vfs.h> + +#include <sys/pstat.h> + +#define REPEAT 5 +#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) + +#define HX(a, b) \ + do { \ + if ((a)) \ + HD(errno); \ + else \ + HD(b); \ + } while (0) + +#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) +#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) +#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) + +int getentropy(void *buf, size_t len); + +static int getentropy_urandom(void *buf, size_t len, const char *path, + int devfscheck); +static int getentropy_fallback(void *buf, size_t len); + +int +getentropy(void *buf, size_t len) +{ + int ret = -1; + + if (len > 256) { + errno = EIO; + return (-1); + } + + /* + * Try to get entropy with /dev/urandom + */ + ret = getentropy_urandom(buf, len, "/dev/urandom", 0); + if (ret != -1) + return (ret); + + /* + * Entropy collection via /dev/urandom has failed. + * + * No other API exists for collecting entropy, and we have + * no failsafe way to get it on hpux that is not sensitive + * to resource exhaustion. + * + * We have very few options: + * - Even syslog_r is unsafe to call at this low level, so + * there is no way to alert the user or program. + * - Cannot call abort() because some systems have unsafe + * corefiles. + * - Could raise(SIGKILL) resulting in silent program termination. + * - Return EIO, to hint that arc4random's stir function + * should raise(SIGKILL) + * - Do the best under the circumstances.... + * + * This code path exists to bring light to the issue that hpux + * does not provide a failsafe API for entropy collection. + * + * We hope this demonstrates that hpux should consider + * providing a new failsafe API which works in a chroot or + * when file descriptors are exhausted. + */ +#undef FAIL_INSTEAD_OF_TRYING_FALLBACK +#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK + raise(SIGKILL); +#endif + ret = getentropy_fallback(buf, len); + if (ret != -1) + return (ret); + + errno = EIO; + return (ret); +} + +static int +getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck) +{ + struct stat st; + size_t i; + int fd, flags; + int save_errno = errno; + +start: + + flags = O_RDONLY; +#ifdef O_NOFOLLOW + flags |= O_NOFOLLOW; +#endif +#ifdef O_CLOEXEC + flags |= O_CLOEXEC; +#endif + fd = open(path, flags, 0); + if (fd == -1) { + if (errno == EINTR) + goto start; + goto nodevrandom; + } +#ifndef O_CLOEXEC + fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); +#endif + + /* Lightly verify that the device node looks sane */ + if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) { + close(fd); + goto nodevrandom; + } + for (i = 0; i < len; ) { + size_t wanted = len - i; + ssize_t ret = read(fd, (char *)buf + i, wanted); + + if (ret == -1) { + if (errno == EAGAIN || errno == EINTR) + continue; + close(fd); + goto nodevrandom; + } + i += ret; + } + close(fd); + errno = save_errno; + return (0); /* satisfied */ +nodevrandom: + errno = EIO; + return (-1); +} + +static const int cl[] = { + CLOCK_REALTIME, +#ifdef CLOCK_MONOTONIC + CLOCK_MONOTONIC, +#endif +#ifdef CLOCK_MONOTONIC_RAW + CLOCK_MONOTONIC_RAW, +#endif +#ifdef CLOCK_TAI + CLOCK_TAI, +#endif +#ifdef CLOCK_VIRTUAL + CLOCK_VIRTUAL, +#endif +#ifdef CLOCK_UPTIME + CLOCK_UPTIME, +#endif +#ifdef CLOCK_PROCESS_CPUTIME_ID + CLOCK_PROCESS_CPUTIME_ID, +#endif +#ifdef CLOCK_THREAD_CPUTIME_ID + CLOCK_THREAD_CPUTIME_ID, +#endif +}; + +static int +getentropy_fallback(void *buf, size_t len) +{ + uint8_t results[SHA512_DIGEST_LENGTH]; + int save_errno = errno, e, pgs = sysconf(_SC_PAGESIZE), faster = 0, repeat; + static int cnt; + struct timespec ts; + struct timeval tv; + struct pst_vminfo pvi; + struct pst_vm_status pvs; + struct pst_dynamic pdy; + struct rusage ru; + sigset_t sigset; + struct stat st; + SHA512_CTX ctx; + static pid_t lastpid; + pid_t pid; + size_t i, ii, m; + char *p; + + pid = getpid(); + if (lastpid == pid) { + faster = 1; + repeat = 2; + } else { + faster = 0; + lastpid = pid; + repeat = REPEAT; + } + for (i = 0; i < len; ) { + int j; + SHA512_Init(&ctx); + for (j = 0; j < repeat; j++) { + HX((e = gettimeofday(&tv, NULL)) == -1, tv); + if (e != -1) { + cnt += (int)tv.tv_sec; + cnt += (int)tv.tv_usec; + } + + HX(pstat_getvminfo(&pvi, sizeof(pvi), 1, 0) != 1, pvi); + HX(pstat_getprocvm(&pvs, sizeof(pvs), 0, 0) != 1, pvs); + + for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++) + HX(clock_gettime(cl[ii], &ts) == -1, ts); + + HX((pid = getpid()) == -1, pid); + HX((pid = getsid(pid)) == -1, pid); + HX((pid = getppid()) == -1, pid); + HX((pid = getpgid(0)) == -1, pid); + HX((e = getpriority(0, 0)) == -1, e); + + if(pstat_getdynamic(&pdy, sizeof(pdy), 1, 0) != 1) { + HD(errno); + } else { + HD(pdy.psd_avg_1_min); + HD(pdy.psd_avg_5_min); + HD(pdy.psd_avg_15_min); + } + + if (!faster) { + ts.tv_sec = 0; + ts.tv_nsec = 1; + (void) nanosleep(&ts, NULL); + } + + HX(sigpending(&sigset) == -1, sigset); + HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, + sigset); + + HF(getentropy); /* an addr in this library */ + HF(printf); /* an addr in libc */ + p = (char *)&p; + HD(p); /* an addr on stack */ + p = (char *)&errno; + HD(p); /* the addr of errno */ + + if (i == 0) { + struct sockaddr_storage ss; + struct statvfs stvfs; + struct termios tios; + socklen_t ssl; + off_t off; + + /* + * Prime-sized mappings encourage fragmentation; + * thus exposing some address entropy. + */ + struct mm { + size_t npg; + void *p; + } mm[] = { + { 17, MAP_FAILED }, { 3, MAP_FAILED }, + { 11, MAP_FAILED }, { 2, MAP_FAILED }, + { 5, MAP_FAILED }, { 3, MAP_FAILED }, + { 7, MAP_FAILED }, { 1, MAP_FAILED }, + { 57, MAP_FAILED }, { 3, MAP_FAILED }, + { 131, MAP_FAILED }, { 1, MAP_FAILED }, + }; + + for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { + HX(mm[m].p = mmap(NULL, + mm[m].npg * pgs, + PROT_READ|PROT_WRITE, + MAP_PRIVATE|MAP_ANON, -1, + (off_t)0), mm[m].p); + if (mm[m].p != MAP_FAILED) { + size_t mo; + + /* Touch some memory... */ + p = mm[m].p; + mo = cnt % + (mm[m].npg * pgs - 1); + p[mo] = 1; + cnt += (int)((long)(mm[m].p) + / pgs); + } + + /* Check cnts and times... */ + for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); + ii++) { + HX((e = clock_gettime(cl[ii], + &ts)) == -1, ts); + if (e != -1) + cnt += (int)ts.tv_nsec; + } + + HX((e = getrusage(RUSAGE_SELF, + &ru)) == -1, ru); + if (e != -1) { + cnt += (int)ru.ru_utime.tv_sec; + cnt += (int)ru.ru_utime.tv_usec; + } + } + + for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { + if (mm[m].p != MAP_FAILED) + munmap(mm[m].p, mm[m].npg * pgs); + mm[m].p = MAP_FAILED; + } + + HX(stat(".", &st) == -1, st); + HX(statvfs(".", &stvfs) == -1, stvfs); + + HX(stat("/", &st) == -1, st); + HX(statvfs("/", &stvfs) == -1, stvfs); + + HX((e = fstat(0, &st)) == -1, st); + if (e == -1) { + if (S_ISREG(st.st_mode) || + S_ISFIFO(st.st_mode) || + S_ISSOCK(st.st_mode)) { + HX(fstatvfs(0, &stvfs) == -1, + stvfs); + HX((off = lseek(0, (off_t)0, + SEEK_CUR)) < 0, off); + } + if (S_ISCHR(st.st_mode)) { + HX(tcgetattr(0, &tios) == -1, + tios); + } else if (S_ISSOCK(st.st_mode)) { + memset(&ss, 0, sizeof ss); + ssl = sizeof(ss); + HX(getpeername(0, + (void *)&ss, &ssl) == -1, + ss); + } + } + + HX((e = getrusage(RUSAGE_CHILDREN, + &ru)) == -1, ru); + if (e != -1) { + cnt += (int)ru.ru_utime.tv_sec; + cnt += (int)ru.ru_utime.tv_usec; + } + } else { + /* Subsequent hashes absorb previous result */ + HD(results); + } + + HX((e = gettimeofday(&tv, NULL)) == -1, tv); + if (e != -1) { + cnt += (int)tv.tv_sec; + cnt += (int)tv.tv_usec; + } + + HD(cnt); + } + SHA512_Final(results, &ctx); + memcpy((char *)buf + i, results, MINIMUM(sizeof(results), len - i)); + i += MINIMUM(sizeof(results), len - i); + } + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); + errno = save_errno; + return (0); /* satisfied */ +} diff --git a/compat/getentropy_linux.c b/compat/getentropy_linux.c new file mode 100644 index 0000000..bc7a6be --- /dev/null +++ b/compat/getentropy_linux.c @@ -0,0 +1,525 @@ +/* $OpenBSD: getentropy_linux.c,v 1.47 2020/05/17 14:44:20 deraadt Exp $ */ + +/* + * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> + * Copyright (c) 2014 Bob Beck <beck@obtuse.com> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 + */ + +#define _POSIX_C_SOURCE 199309L +#define _GNU_SOURCE 1 +#include <sys/types.h> +#include <sys/param.h> +#include <sys/ioctl.h> +#include <sys/resource.h> +#include <sys/syscall.h> +#ifdef SYS__sysctl +#include <linux/sysctl.h> +#endif +#include <sys/statvfs.h> +#include <sys/socket.h> +#include <sys/mount.h> +#include <sys/mman.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <stdlib.h> +#include <stdint.h> +#include <stdio.h> +#include <link.h> +#include <termios.h> +#include <fcntl.h> +#include <signal.h> +#include <string.h> +#include <errno.h> +#include <unistd.h> +#include <time.h> +#include <openssl/sha.h> + +#include <linux/types.h> +#include <linux/random.h> +#ifdef HAVE_GETAUXVAL +#include <sys/auxv.h> +#endif +#include <sys/vfs.h> + +#define REPEAT 5 +#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) + +#define HX(a, b) \ + do { \ + if ((a)) \ + HD(errno); \ + else \ + HD(b); \ + } while (0) + +#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) +#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) +#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) + +int getentropy(void *buf, size_t len); + +#if defined(SYS_getrandom) && defined(GRND_NONBLOCK) +static int getentropy_getrandom(void *buf, size_t len); +#endif +static int getentropy_urandom(void *buf, size_t len); +#ifdef SYS__sysctl +static int getentropy_sysctl(void *buf, size_t len); +#endif +static int getentropy_fallback(void *buf, size_t len); +static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data); + +int +getentropy(void *buf, size_t len) +{ + int ret = -1; + + if (len > 256) { + errno = EIO; + return (-1); + } + +#if defined(SYS_getrandom) && defined(GRND_NONBLOCK) + /* + * Try descriptor-less getrandom(), in non-blocking mode. + * + * The design of Linux getrandom is broken. It has an + * uninitialized phase coupled with blocking behaviour, which + * is unacceptable from within a library at boot time without + * possible recovery. See http://bugs.python.org/issue26839#msg267745 + */ + ret = getentropy_getrandom(buf, len); + if (ret != -1) + return (ret); +#endif + + /* + * Try to get entropy with /dev/urandom + * + * This can fail if the process is inside a chroot or if file + * descriptors are exhausted. + */ + ret = getentropy_urandom(buf, len); + if (ret != -1) + return (ret); + +#ifdef SYS__sysctl + /* + * Try to use sysctl CTL_KERN, KERN_RANDOM, RANDOM_UUID. + * sysctl is a failsafe API, so it guarantees a result. This + * should work inside a chroot, or when file descriptors are + * exhausted. + * + * However this can fail if the Linux kernel removes support + * for sysctl. Starting in 2007, there have been efforts to + * deprecate the sysctl API/ABI, and push callers towards use + * of the chroot-unavailable fd-using /proc mechanism -- + * essentially the same problems as /dev/urandom. + * + * Numerous setbacks have been encountered in their deprecation + * schedule, so as of June 2014 the kernel ABI still exists on + * most Linux architectures. The sysctl() stub in libc is missing + * on some systems. There are also reports that some kernels + * spew messages to the console. + */ + ret = getentropy_sysctl(buf, len); + if (ret != -1) + return (ret); +#endif /* SYS__sysctl */ + + /* + * Entropy collection via /dev/urandom and sysctl have failed. + * + * No other API exists for collecting entropy. See the large + * comment block above. + * + * We have very few options: + * - Even syslog_r is unsafe to call at this low level, so + * there is no way to alert the user or program. + * - Cannot call abort() because some systems have unsafe + * corefiles. + * - Could raise(SIGKILL) resulting in silent program termination. + * - Return EIO, to hint that arc4random's stir function + * should raise(SIGKILL) + * - Do the best under the circumstances.... + * + * This code path exists to bring light to the issue that Linux + * still does not provide a failsafe API for entropy collection. + * + * We hope this demonstrates that Linux should either retain their + * sysctl ABI, or consider providing a new failsafe API which + * works in a chroot or when file descriptors are exhausted. + */ +#undef FAIL_INSTEAD_OF_TRYING_FALLBACK +#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK + raise(SIGKILL); +#endif + ret = getentropy_fallback(buf, len); + if (ret != -1) + return (ret); + + errno = EIO; + return (ret); +} + +#if defined(SYS_getrandom) && defined(GRND_NONBLOCK) +static int +getentropy_getrandom(void *buf, size_t len) +{ + int pre_errno = errno; + int ret; + if (len > 256) + return (-1); + do { + ret = syscall(SYS_getrandom, buf, len, GRND_NONBLOCK); + } while (ret == -1 && errno == EINTR); + + if (ret != len) + return (-1); + errno = pre_errno; + return (0); +} +#endif + +static int +getentropy_urandom(void *buf, size_t len) +{ + struct stat st; + size_t i; + int fd, cnt, flags; + int save_errno = errno; + +start: + + flags = O_RDONLY; +#ifdef O_NOFOLLOW + flags |= O_NOFOLLOW; +#endif +#ifdef O_CLOEXEC + flags |= O_CLOEXEC; +#endif + fd = open("/dev/urandom", flags, 0); + if (fd == -1) { + if (errno == EINTR) + goto start; + goto nodevrandom; + } +#ifndef O_CLOEXEC + fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); +#endif + + /* Lightly verify that the device node looks sane */ + if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) { + close(fd); + goto nodevrandom; + } + if (ioctl(fd, RNDGETENTCNT, &cnt) == -1) { + close(fd); + goto nodevrandom; + } + for (i = 0; i < len; ) { + size_t wanted = len - i; + ssize_t ret = read(fd, (char *)buf + i, wanted); + + if (ret == -1) { + if (errno == EAGAIN || errno == EINTR) + continue; + close(fd); + goto nodevrandom; + } + i += ret; + } + close(fd); + errno = save_errno; + return (0); /* satisfied */ +nodevrandom: + errno = EIO; + return (-1); +} + +#ifdef SYS__sysctl +static int +getentropy_sysctl(void *buf, size_t len) +{ + static int mib[] = { CTL_KERN, KERN_RANDOM, RANDOM_UUID }; + size_t i; + int save_errno = errno; + + for (i = 0; i < len; ) { + size_t chunk = MINIMUM(len - i, 16); + + /* SYS__sysctl because some systems already removed sysctl() */ + struct __sysctl_args args = { + .name = mib, + .nlen = 3, + .oldval = (char *)buf + i, + .oldlenp = &chunk, + }; + if (syscall(SYS__sysctl, &args) != 0) + goto sysctlfailed; + i += chunk; + } + errno = save_errno; + return (0); /* satisfied */ +sysctlfailed: + errno = EIO; + return (-1); +} +#endif /* SYS__sysctl */ + +static const int cl[] = { + CLOCK_REALTIME, +#ifdef CLOCK_MONOTONIC + CLOCK_MONOTONIC, +#endif +#ifdef CLOCK_MONOTONIC_RAW + CLOCK_MONOTONIC_RAW, +#endif +#ifdef CLOCK_TAI + CLOCK_TAI, +#endif +#ifdef CLOCK_VIRTUAL + CLOCK_VIRTUAL, +#endif +#ifdef CLOCK_UPTIME + CLOCK_UPTIME, +#endif +#ifdef CLOCK_PROCESS_CPUTIME_ID + CLOCK_PROCESS_CPUTIME_ID, +#endif +#ifdef CLOCK_THREAD_CPUTIME_ID + CLOCK_THREAD_CPUTIME_ID, +#endif +}; + +static int +getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data) +{ + SHA512_CTX *ctx = data; + + SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr)); + return (0); +} + +static int +getentropy_fallback(void *buf, size_t len) +{ + uint8_t results[SHA512_DIGEST_LENGTH]; + int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat; + static int cnt; + struct timespec ts; + struct timeval tv; + struct rusage ru; + sigset_t sigset; + struct stat st; + SHA512_CTX ctx; + static pid_t lastpid; + pid_t pid; + size_t i, ii, m; + char *p; + + pid = getpid(); + if (lastpid == pid) { + faster = 1; + repeat = 2; + } else { + faster = 0; + lastpid = pid; + repeat = REPEAT; + } + for (i = 0; i < len; ) { + int j; + SHA512_Init(&ctx); + for (j = 0; j < repeat; j++) { + HX((e = gettimeofday(&tv, NULL)) == -1, tv); + if (e != -1) { + cnt += (int)tv.tv_sec; + cnt += (int)tv.tv_usec; + } + + dl_iterate_phdr(getentropy_phdr, &ctx); + + for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++) + HX(clock_gettime(cl[ii], &ts) == -1, ts); + + HX((pid = getpid()) == -1, pid); + HX((pid = getsid(pid)) == -1, pid); + HX((pid = getppid()) == -1, pid); + HX((pid = getpgid(0)) == -1, pid); + HX((e = getpriority(0, 0)) == -1, e); + + if (!faster) { + ts.tv_sec = 0; + ts.tv_nsec = 1; + (void) nanosleep(&ts, NULL); + } + + HX(sigpending(&sigset) == -1, sigset); + HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, + sigset); + + HF(getentropy); /* an addr in this library */ + HF(printf); /* an addr in libc */ + p = (char *)&p; + HD(p); /* an addr on stack */ + p = (char *)&errno; + HD(p); /* the addr of errno */ + + if (i == 0) { + struct sockaddr_storage ss; + struct statvfs stvfs; + struct termios tios; + struct statfs stfs; + socklen_t ssl; + off_t off; + + /* + * Prime-sized mappings encourage fragmentation; + * thus exposing some address entropy. + */ + struct mm { + size_t npg; + void *p; + } mm[] = { + { 17, MAP_FAILED }, { 3, MAP_FAILED }, + { 11, MAP_FAILED }, { 2, MAP_FAILED }, + { 5, MAP_FAILED }, { 3, MAP_FAILED }, + { 7, MAP_FAILED }, { 1, MAP_FAILED }, + { 57, MAP_FAILED }, { 3, MAP_FAILED }, + { 131, MAP_FAILED }, { 1, MAP_FAILED }, + }; + + for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { + HX(mm[m].p = mmap(NULL, + mm[m].npg * pgs, + PROT_READ|PROT_WRITE, + MAP_PRIVATE|MAP_ANON, -1, + (off_t)0), mm[m].p); + if (mm[m].p != MAP_FAILED) { + size_t mo; + + /* Touch some memory... */ + p = mm[m].p; + mo = cnt % + (mm[m].npg * pgs - 1); + p[mo] = 1; + cnt += (int)((long)(mm[m].p) + / pgs); + } + + /* Check cnts and times... */ + for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); + ii++) { + HX((e = clock_gettime(cl[ii], + &ts)) == -1, ts); + if (e != -1) + cnt += (int)ts.tv_nsec; + } + + HX((e = getrusage(RUSAGE_SELF, + &ru)) == -1, ru); + if (e != -1) { + cnt += (int)ru.ru_utime.tv_sec; + cnt += (int)ru.ru_utime.tv_usec; + } + } + + for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { + if (mm[m].p != MAP_FAILED) + munmap(mm[m].p, mm[m].npg * pgs); + mm[m].p = MAP_FAILED; + } + + HX(stat(".", &st) == -1, st); + HX(statvfs(".", &stvfs) == -1, stvfs); + HX(statfs(".", &stfs) == -1, stfs); + + HX(stat("/", &st) == -1, st); + HX(statvfs("/", &stvfs) == -1, stvfs); + HX(statfs("/", &stfs) == -1, stfs); + + HX((e = fstat(0, &st)) == -1, st); + if (e == -1) { + if (S_ISREG(st.st_mode) || + S_ISFIFO(st.st_mode) || + S_ISSOCK(st.st_mode)) { + HX(fstatvfs(0, &stvfs) == -1, + stvfs); + HX(fstatfs(0, &stfs) == -1, + stfs); + HX((off = lseek(0, (off_t)0, + SEEK_CUR)) < 0, off); + } + if (S_ISCHR(st.st_mode)) { + HX(tcgetattr(0, &tios) == -1, + tios); + } else if (S_ISSOCK(st.st_mode)) { + memset(&ss, 0, sizeof ss); + ssl = sizeof(ss); + HX(getpeername(0, + (void *)&ss, &ssl) == -1, + ss); + } + } + + HX((e = getrusage(RUSAGE_CHILDREN, + &ru)) == -1, ru); + if (e != -1) { + cnt += (int)ru.ru_utime.tv_sec; + cnt += (int)ru.ru_utime.tv_usec; + } + } else { + /* Subsequent hashes absorb previous result */ + HD(results); + } + + HX((e = gettimeofday(&tv, NULL)) == -1, tv); + if (e != -1) { + cnt += (int)tv.tv_sec; + cnt += (int)tv.tv_usec; + } + + HD(cnt); + } +#ifdef HAVE_GETAUXVAL +#ifdef AT_RANDOM + /* Not as random as you think but we take what we are given */ + p = (char *) getauxval(AT_RANDOM); + if (p) + HR(p, 16); +#endif +#ifdef AT_SYSINFO_EHDR + p = (char *) getauxval(AT_SYSINFO_EHDR); + if (p) + HR(p, pgs); +#endif +#ifdef AT_BASE + p = (char *) getauxval(AT_BASE); + if (p) + HD(p); +#endif +#endif + + SHA512_Final(results, &ctx); + memcpy((char *)buf + i, results, MINIMUM(sizeof(results), len - i)); + i += MINIMUM(sizeof(results), len - i); + } + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); + errno = save_errno; + return (0); /* satisfied */ +} diff --git a/compat/getentropy_netbsd.c b/compat/getentropy_netbsd.c new file mode 100644 index 0000000..45d68c9 --- /dev/null +++ b/compat/getentropy_netbsd.c @@ -0,0 +1,64 @@ +/* $OpenBSD: getentropy_netbsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $ */ + +/* + * Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org> + * Copyright (c) 2014 Brent Cook <bcook@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 + */ + +#include <sys/types.h> +#include <sys/sysctl.h> + +#include <errno.h> +#include <stddef.h> + +/* + * Derived from lib/libc/gen/arc4random.c from FreeBSD. + */ +static size_t +getentropy_sysctl(u_char *buf, size_t size) +{ + int mib[2]; + size_t len, done; + + mib[0] = CTL_KERN; + mib[1] = KERN_ARND; + done = 0; + + do { + len = size; + if (sysctl(mib, 2, buf, &len, NULL, 0) == -1) + return (done); + done += len; + buf += len; + size -= len; + } while (size > 0); + + return (done); +} + +int +getentropy(void *buf, size_t len) +{ + if (len <= 256 && + getentropy_sysctl(buf, len) == len) { + return (0); + } + + errno = EIO; + return (-1); +} diff --git a/compat/getentropy_osx.c b/compat/getentropy_osx.c new file mode 100644 index 0000000..5d4067b --- /dev/null +++ b/compat/getentropy_osx.c @@ -0,0 +1,417 @@ +/* $OpenBSD: getentropy_osx.c,v 1.13 2020/05/17 14:44:20 deraadt Exp $ */ + +/* + * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> + * Copyright (c) 2014 Bob Beck <beck@obtuse.com> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 + */ + +#include <TargetConditionals.h> +#include <sys/types.h> +#include <sys/param.h> +#include <sys/ioctl.h> +#include <sys/resource.h> +#include <sys/syscall.h> +#include <sys/sysctl.h> +#include <sys/statvfs.h> +#include <sys/socket.h> +#include <sys/mount.h> +#include <sys/mman.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <stdlib.h> +#include <stdint.h> +#include <stdio.h> +#include <termios.h> +#include <fcntl.h> +#include <signal.h> +#include <string.h> +#include <errno.h> +#include <unistd.h> +#include <time.h> +#include <mach/mach_time.h> +#include <mach/mach_host.h> +#include <mach/host_info.h> +#if TARGET_OS_OSX +#include <sys/socketvar.h> +#include <sys/vmmeter.h> +#endif +#include <netinet/in.h> +#include <netinet/tcp.h> +#if TARGET_OS_OSX +#include <netinet/udp.h> +#include <netinet/ip_var.h> +#include <netinet/tcp_var.h> +#include <netinet/udp_var.h> +#endif +#include <CommonCrypto/CommonDigest.h> +#define SHA512_Update(a, b, c) (CC_SHA512_Update((a), (b), (c))) +#define SHA512_Init(xxx) (CC_SHA512_Init((xxx))) +#define SHA512_Final(xxx, yyy) (CC_SHA512_Final((xxx), (yyy))) +#define SHA512_CTX CC_SHA512_CTX +#define SHA512_DIGEST_LENGTH CC_SHA512_DIGEST_LENGTH + +#define REPEAT 5 +#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) + +#define HX(a, b) \ + do { \ + if ((a)) \ + HD(errno); \ + else \ + HD(b); \ + } while (0) + +#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) +#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) +#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) + +int getentropy(void *buf, size_t len); + +static int getentropy_urandom(void *buf, size_t len); +static int getentropy_fallback(void *buf, size_t len); + +int +getentropy(void *buf, size_t len) +{ + int ret = -1; + + if (len > 256) { + errno = EIO; + return (-1); + } + + /* + * Try to get entropy with /dev/urandom + * + * This can fail if the process is inside a chroot or if file + * descriptors are exhausted. + */ + ret = getentropy_urandom(buf, len); + if (ret != -1) + return (ret); + + /* + * Entropy collection via /dev/urandom and sysctl have failed. + * + * No other API exists for collecting entropy, and we have + * no failsafe way to get it on OSX that is not sensitive + * to resource exhaustion. + * + * We have very few options: + * - Even syslog_r is unsafe to call at this low level, so + * there is no way to alert the user or program. + * - Cannot call abort() because some systems have unsafe + * corefiles. + * - Could raise(SIGKILL) resulting in silent program termination. + * - Return EIO, to hint that arc4random's stir function + * should raise(SIGKILL) + * - Do the best under the circumstances.... + * + * This code path exists to bring light to the issue that OSX + * does not provide a failsafe API for entropy collection. + * + * We hope this demonstrates that OSX should consider + * providing a new failsafe API which works in a chroot or + * when file descriptors are exhausted. + */ +#undef FAIL_INSTEAD_OF_TRYING_FALLBACK +#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK + raise(SIGKILL); +#endif + ret = getentropy_fallback(buf, len); + if (ret != -1) + return (ret); + + errno = EIO; + return (ret); +} + +static int +getentropy_urandom(void *buf, size_t len) +{ + struct stat st; + size_t i; + int fd, flags; + int save_errno = errno; + +start: + + flags = O_RDONLY; +#ifdef O_NOFOLLOW + flags |= O_NOFOLLOW; +#endif +#ifdef O_CLOEXEC + flags |= O_CLOEXEC; +#endif + fd = open("/dev/urandom", flags, 0); + if (fd == -1) { + if (errno == EINTR) + goto start; + goto nodevrandom; + } +#ifndef O_CLOEXEC + fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); +#endif + + /* Lightly verify that the device node looks sane */ + if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) { + close(fd); + goto nodevrandom; + } + for (i = 0; i < len; ) { + size_t wanted = len - i; + ssize_t ret = read(fd, (char *)buf + i, wanted); + + if (ret == -1) { + if (errno == EAGAIN || errno == EINTR) + continue; + close(fd); + goto nodevrandom; + } + i += ret; + } + close(fd); + errno = save_errno; + return (0); /* satisfied */ +nodevrandom: + errno = EIO; + return (-1); +} + +#if TARGET_OS_OSX +static int tcpmib[] = { CTL_NET, AF_INET, IPPROTO_TCP, TCPCTL_STATS }; +static int udpmib[] = { CTL_NET, AF_INET, IPPROTO_UDP, UDPCTL_STATS }; +static int ipmib[] = { CTL_NET, AF_INET, IPPROTO_IP, IPCTL_STATS }; +#endif +static int kmib[] = { CTL_KERN, KERN_USRSTACK }; +static int hwmib[] = { CTL_HW, HW_USERMEM }; + +static int +getentropy_fallback(void *buf, size_t len) +{ + uint8_t results[SHA512_DIGEST_LENGTH]; + int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat; + static int cnt; + struct timespec ts; + struct timeval tv; + struct rusage ru; + sigset_t sigset; + struct stat st; + SHA512_CTX ctx; + static pid_t lastpid; + pid_t pid; + size_t i, ii, m; + char *p; +#if TARGET_OS_OSX + struct tcpstat tcpstat; + struct udpstat udpstat; + struct ipstat ipstat; +#endif + u_int64_t mach_time; + unsigned int idata; + void *addr; + + pid = getpid(); + if (lastpid == pid) { + faster = 1; + repeat = 2; + } else { + faster = 0; + lastpid = pid; + repeat = REPEAT; + } + for (i = 0; i < len; ) { + int j; + SHA512_Init(&ctx); + for (j = 0; j < repeat; j++) { + HX((e = gettimeofday(&tv, NULL)) == -1, tv); + if (e != -1) { + cnt += (int)tv.tv_sec; + cnt += (int)tv.tv_usec; + } + + mach_time = mach_absolute_time(); + HD(mach_time); + + ii = sizeof(addr); + HX(sysctl(kmib, sizeof(kmib) / sizeof(kmib[0]), + &addr, &ii, NULL, 0) == -1, addr); + + ii = sizeof(idata); + HX(sysctl(hwmib, sizeof(hwmib) / sizeof(hwmib[0]), + &idata, &ii, NULL, 0) == -1, idata); + +#if TARGET_OS_OSX + ii = sizeof(tcpstat); + HX(sysctl(tcpmib, sizeof(tcpmib) / sizeof(tcpmib[0]), + &tcpstat, &ii, NULL, 0) == -1, tcpstat); + + ii = sizeof(udpstat); + HX(sysctl(udpmib, sizeof(udpmib) / sizeof(udpmib[0]), + &udpstat, &ii, NULL, 0) == -1, udpstat); + + ii = sizeof(ipstat); + HX(sysctl(ipmib, sizeof(ipmib) / sizeof(ipmib[0]), + &ipstat, &ii, NULL, 0) == -1, ipstat); +#endif + + HX((pid = getpid()) == -1, pid); + HX((pid = getsid(pid)) == -1, pid); + HX((pid = getppid()) == -1, pid); + HX((pid = getpgid(0)) == -1, pid); + HX((e = getpriority(0, 0)) == -1, e); + + if (!faster) { + ts.tv_sec = 0; + ts.tv_nsec = 1; + (void) nanosleep(&ts, NULL); + } + + HX(sigpending(&sigset) == -1, sigset); + HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, + sigset); + + HF(getentropy); /* an addr in this library */ + HF(printf); /* an addr in libc */ + p = (char *)&p; + HD(p); /* an addr on stack */ + p = (char *)&errno; + HD(p); /* the addr of errno */ + + if (i == 0) { + struct sockaddr_storage ss; + struct statvfs stvfs; + struct termios tios; + struct statfs stfs; + socklen_t ssl; + off_t off; + + /* + * Prime-sized mappings encourage fragmentation; + * thus exposing some address entropy. + */ + struct mm { + size_t npg; + void *p; + } mm[] = { + { 17, MAP_FAILED }, { 3, MAP_FAILED }, + { 11, MAP_FAILED }, { 2, MAP_FAILED }, + { 5, MAP_FAILED }, { 3, MAP_FAILED }, + { 7, MAP_FAILED }, { 1, MAP_FAILED }, + { 57, MAP_FAILED }, { 3, MAP_FAILED }, + { 131, MAP_FAILED }, { 1, MAP_FAILED }, + }; + + for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { + HX(mm[m].p = mmap(NULL, + mm[m].npg * pgs, + PROT_READ|PROT_WRITE, + MAP_PRIVATE|MAP_ANON, -1, + (off_t)0), mm[m].p); + if (mm[m].p != MAP_FAILED) { + size_t mo; + + /* Touch some memory... */ + p = mm[m].p; + mo = cnt % + (mm[m].npg * pgs - 1); + p[mo] = 1; + cnt += (int)((long)(mm[m].p) + / pgs); + } + + /* Check cnts and times... */ + mach_time = mach_absolute_time(); + HD(mach_time); + cnt += (int)mach_time; + + HX((e = getrusage(RUSAGE_SELF, + &ru)) == -1, ru); + if (e != -1) { + cnt += (int)ru.ru_utime.tv_sec; + cnt += (int)ru.ru_utime.tv_usec; + } + } + + for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { + if (mm[m].p != MAP_FAILED) + munmap(mm[m].p, mm[m].npg * pgs); + mm[m].p = MAP_FAILED; + } + + HX(stat(".", &st) == -1, st); + HX(statvfs(".", &stvfs) == -1, stvfs); + HX(statfs(".", &stfs) == -1, stfs); + + HX(stat("/", &st) == -1, st); + HX(statvfs("/", &stvfs) == -1, stvfs); + HX(statfs("/", &stfs) == -1, stfs); + + HX((e = fstat(0, &st)) == -1, st); + if (e == -1) { + if (S_ISREG(st.st_mode) || + S_ISFIFO(st.st_mode) || + S_ISSOCK(st.st_mode)) { + HX(fstatvfs(0, &stvfs) == -1, + stvfs); + HX(fstatfs(0, &stfs) == -1, + stfs); + HX((off = lseek(0, (off_t)0, + SEEK_CUR)) < 0, off); + } + if (S_ISCHR(st.st_mode)) { + HX(tcgetattr(0, &tios) == -1, + tios); + } else if (S_ISSOCK(st.st_mode)) { + memset(&ss, 0, sizeof ss); + ssl = sizeof(ss); + HX(getpeername(0, + (void *)&ss, &ssl) == -1, + ss); + } + } + + HX((e = getrusage(RUSAGE_CHILDREN, + &ru)) == -1, ru); + if (e != -1) { + cnt += (int)ru.ru_utime.tv_sec; + cnt += (int)ru.ru_utime.tv_usec; + } + } else { + /* Subsequent hashes absorb previous result */ + HD(results); + } + + HX((e = gettimeofday(&tv, NULL)) == -1, tv); + if (e != -1) { + cnt += (int)tv.tv_sec; + cnt += (int)tv.tv_usec; + } + + HD(cnt); + } + + SHA512_Final(results, &ctx); + memcpy((char *)buf + i, results, MINIMUM(sizeof(results), len - i)); + i += MINIMUM(sizeof(results), len - i); + } + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); + errno = save_errno; + return (0); /* satisfied */ +} diff --git a/compat/getentropy_solaris.c b/compat/getentropy_solaris.c new file mode 100644 index 0000000..cf5b9bf --- /dev/null +++ b/compat/getentropy_solaris.c @@ -0,0 +1,422 @@ +/* $OpenBSD: getentropy_solaris.c,v 1.14 2020/05/17 14:44:20 deraadt Exp $ */ + +/* + * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> + * Copyright (c) 2014 Bob Beck <beck@obtuse.com> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 + */ + +#include <sys/types.h> +#include <sys/param.h> +#include <sys/ioctl.h> +#include <sys/resource.h> +#include <sys/syscall.h> +#include <sys/statvfs.h> +#include <sys/socket.h> +#include <sys/mount.h> +#include <sys/mman.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <stdlib.h> +#include <stdint.h> +#include <stdio.h> +#include <link.h> +#include <termios.h> +#include <fcntl.h> +#include <signal.h> +#include <string.h> +#include <errno.h> +#include <unistd.h> +#include <time.h> +#include <sys/sha2.h> +#define SHA512_Init SHA512Init +#define SHA512_Update SHA512Update +#define SHA512_Final SHA512Final + +#include <sys/vfs.h> +#include <sys/statfs.h> +#include <sys/loadavg.h> + +#define REPEAT 5 +#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) + +#define HX(a, b) \ + do { \ + if ((a)) \ + HD(errno); \ + else \ + HD(b); \ + } while (0) + +#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) +#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) +#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) + +int getentropy(void *buf, size_t len); + +static int getentropy_urandom(void *buf, size_t len, const char *path, + int devfscheck); +static int getentropy_fallback(void *buf, size_t len); +static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data); + +int +getentropy(void *buf, size_t len) +{ + int ret = -1; + + if (len > 256) { + errno = EIO; + return (-1); + } + + /* + * Try to get entropy with /dev/urandom + * + * Solaris provides /dev/urandom as a symbolic link to + * /devices/pseudo/random@0:urandom which is provided by + * a devfs filesystem. Best practice is to use O_NOFOLLOW, + * so we must try the unpublished name directly. + * + * This can fail if the process is inside a chroot which lacks + * the devfs mount, or if file descriptors are exhausted. + */ + ret = getentropy_urandom(buf, len, + "/devices/pseudo/random@0:urandom", 1); + if (ret != -1) + return (ret); + + /* + * Unfortunately, chroot spaces on Solaris are sometimes setup + * with direct device node of the well-known /dev/urandom name + * (perhaps to avoid dragging all of devfs into the space). + * + * This can fail if the process is inside a chroot or if file + * descriptors are exhausted. + */ + ret = getentropy_urandom(buf, len, "/dev/urandom", 0); + if (ret != -1) + return (ret); + + /* + * Entropy collection via /dev/urandom has failed. + * + * No other API exists for collecting entropy, and we have + * no failsafe way to get it on Solaris that is not sensitive + * to resource exhaustion. + * + * We have very few options: + * - Even syslog_r is unsafe to call at this low level, so + * there is no way to alert the user or program. + * - Cannot call abort() because some systems have unsafe + * corefiles. + * - Could raise(SIGKILL) resulting in silent program termination. + * - Return EIO, to hint that arc4random's stir function + * should raise(SIGKILL) + * - Do the best under the circumstances.... + * + * This code path exists to bring light to the issue that Solaris + * does not provide a failsafe API for entropy collection. + * + * We hope this demonstrates that Solaris should consider + * providing a new failsafe API which works in a chroot or + * when file descriptors are exhausted. + */ +#undef FAIL_INSTEAD_OF_TRYING_FALLBACK +#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK + raise(SIGKILL); +#endif + ret = getentropy_fallback(buf, len); + if (ret != -1) + return (ret); + + errno = EIO; + return (ret); +} + +static int +getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck) +{ + struct stat st; + size_t i; + int fd, flags; + int save_errno = errno; + +start: + + flags = O_RDONLY; +#ifdef O_NOFOLLOW + flags |= O_NOFOLLOW; +#endif +#ifdef O_CLOEXEC + flags |= O_CLOEXEC; +#endif + fd = open(path, flags, 0); + if (fd == -1) { + if (errno == EINTR) + goto start; + goto nodevrandom; + } +#ifndef O_CLOEXEC + fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); +#endif + + /* Lightly verify that the device node looks sane */ + if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode) || + (devfscheck && (strcmp(st.st_fstype, "devfs") != 0))) { + close(fd); + goto nodevrandom; + } + for (i = 0; i < len; ) { + size_t wanted = len - i; + ssize_t ret = read(fd, (char *)buf + i, wanted); + + if (ret == -1) { + if (errno == EAGAIN || errno == EINTR) + continue; + close(fd); + goto nodevrandom; + } + i += ret; + } + close(fd); + errno = save_errno; + return (0); /* satisfied */ +nodevrandom: + errno = EIO; + return (-1); +} + +static const int cl[] = { + CLOCK_REALTIME, +#ifdef CLOCK_MONOTONIC + CLOCK_MONOTONIC, +#endif +#ifdef CLOCK_MONOTONIC_RAW + CLOCK_MONOTONIC_RAW, +#endif +#ifdef CLOCK_TAI + CLOCK_TAI, +#endif +#ifdef CLOCK_VIRTUAL + CLOCK_VIRTUAL, +#endif +#ifdef CLOCK_UPTIME + CLOCK_UPTIME, +#endif +#ifdef CLOCK_PROCESS_CPUTIME_ID + CLOCK_PROCESS_CPUTIME_ID, +#endif +#ifdef CLOCK_THREAD_CPUTIME_ID + CLOCK_THREAD_CPUTIME_ID, +#endif +}; + +static int +getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data) +{ + SHA512_CTX *ctx = data; + + SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr)); + return (0); +} + +static int +getentropy_fallback(void *buf, size_t len) +{ + uint8_t results[SHA512_DIGEST_LENGTH]; + int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat; + static int cnt; + struct timespec ts; + struct timeval tv; + double loadavg[3]; + struct rusage ru; + sigset_t sigset; + struct stat st; + SHA512_CTX ctx; + static pid_t lastpid; + pid_t pid; + size_t i, ii, m; + char *p; + + pid = getpid(); + if (lastpid == pid) { + faster = 1; + repeat = 2; + } else { + faster = 0; + lastpid = pid; + repeat = REPEAT; + } + for (i = 0; i < len; ) { + int j; + SHA512_Init(&ctx); + for (j = 0; j < repeat; j++) { + HX((e = gettimeofday(&tv, NULL)) == -1, tv); + if (e != -1) { + cnt += (int)tv.tv_sec; + cnt += (int)tv.tv_usec; + } + + dl_iterate_phdr(getentropy_phdr, &ctx); + + for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++) + HX(clock_gettime(cl[ii], &ts) == -1, ts); + + HX((pid = getpid()) == -1, pid); + HX((pid = getsid(pid)) == -1, pid); + HX((pid = getppid()) == -1, pid); + HX((pid = getpgid(0)) == -1, pid); + HX((e = getpriority(0, 0)) == -1, e); + HX((getloadavg(loadavg, 3) == -1), loadavg); + + if (!faster) { + ts.tv_sec = 0; + ts.tv_nsec = 1; + (void) nanosleep(&ts, NULL); + } + + HX(sigpending(&sigset) == -1, sigset); + HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, + sigset); + + HF(getentropy); /* an addr in this library */ + HF(printf); /* an addr in libc */ + p = (char *)&p; + HD(p); /* an addr on stack */ + p = (char *)&errno; + HD(p); /* the addr of errno */ + + if (i == 0) { + struct sockaddr_storage ss; + struct statvfs stvfs; + struct termios tios; + socklen_t ssl; + off_t off; + + /* + * Prime-sized mappings encourage fragmentation; + * thus exposing some address entropy. + */ + struct mm { + size_t npg; + void *p; + } mm[] = { + { 17, MAP_FAILED }, { 3, MAP_FAILED }, + { 11, MAP_FAILED }, { 2, MAP_FAILED }, + { 5, MAP_FAILED }, { 3, MAP_FAILED }, + { 7, MAP_FAILED }, { 1, MAP_FAILED }, + { 57, MAP_FAILED }, { 3, MAP_FAILED }, + { 131, MAP_FAILED }, { 1, MAP_FAILED }, + }; + + for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { + HX(mm[m].p = mmap(NULL, + mm[m].npg * pgs, + PROT_READ|PROT_WRITE, + MAP_PRIVATE|MAP_ANON, -1, + (off_t)0), mm[m].p); + if (mm[m].p != MAP_FAILED) { + size_t mo; + + /* Touch some memory... */ + p = mm[m].p; + mo = cnt % + (mm[m].npg * pgs - 1); + p[mo] = 1; + cnt += (int)((long)(mm[m].p) + / pgs); + } + + /* Check cnts and times... */ + for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); + ii++) { + HX((e = clock_gettime(cl[ii], + &ts)) == -1, ts); + if (e != -1) + cnt += (int)ts.tv_nsec; + } + + HX((e = getrusage(RUSAGE_SELF, + &ru)) == -1, ru); + if (e != -1) { + cnt += (int)ru.ru_utime.tv_sec; + cnt += (int)ru.ru_utime.tv_usec; + } + } + + for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { + if (mm[m].p != MAP_FAILED) + munmap(mm[m].p, mm[m].npg * pgs); + mm[m].p = MAP_FAILED; + } + + HX(stat(".", &st) == -1, st); + HX(statvfs(".", &stvfs) == -1, stvfs); + + HX(stat("/", &st) == -1, st); + HX(statvfs("/", &stvfs) == -1, stvfs); + + HX((e = fstat(0, &st)) == -1, st); + if (e == -1) { + if (S_ISREG(st.st_mode) || + S_ISFIFO(st.st_mode) || + S_ISSOCK(st.st_mode)) { + HX(fstatvfs(0, &stvfs) == -1, + stvfs); + HX((off = lseek(0, (off_t)0, + SEEK_CUR)) < 0, off); + } + if (S_ISCHR(st.st_mode)) { + HX(tcgetattr(0, &tios) == -1, + tios); + } else if (S_ISSOCK(st.st_mode)) { + memset(&ss, 0, sizeof ss); + ssl = sizeof(ss); + HX(getpeername(0, + (void *)&ss, &ssl) == -1, + ss); + } + } + + HX((e = getrusage(RUSAGE_CHILDREN, + &ru)) == -1, ru); + if (e != -1) { + cnt += (int)ru.ru_utime.tv_sec; + cnt += (int)ru.ru_utime.tv_usec; + } + } else { + /* Subsequent hashes absorb previous result */ + HD(results); + } + + HX((e = gettimeofday(&tv, NULL)) == -1, tv); + if (e != -1) { + cnt += (int)tv.tv_sec; + cnt += (int)tv.tv_usec; + } + + HD(cnt); + } + SHA512_Final(results, &ctx); + memcpy((char *)buf + i, results, MINIMUM(sizeof(results), len - i)); + i += MINIMUM(sizeof(results), len - i); + } + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); + errno = save_errno; + return (0); /* satisfied */ +} diff --git a/compat/getentropy_win.c b/compat/getentropy_win.c new file mode 100644 index 0000000..2abeb27 --- /dev/null +++ b/compat/getentropy_win.c @@ -0,0 +1,59 @@ +/* $OpenBSD: getentropy_win.c,v 1.5 2016/08/07 03:27:21 tb Exp $ */ + +/* + * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org> + * Copyright (c) 2014, Bob Beck <beck@obtuse.com> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 + */ + +#include <windows.h> +#include <errno.h> +#include <stdint.h> +#include <sys/types.h> +#include <wincrypt.h> +#include <process.h> + +int getentropy(void *buf, size_t len); + +/* + * On Windows, CryptGenRandom is supposed to be a well-seeded + * cryptographically strong random number generator. + */ +int +getentropy(void *buf, size_t len) +{ + HCRYPTPROV provider; + + if (len > 256) { + errno = EIO; + return (-1); + } + + if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT) == 0) + goto fail; + if (CryptGenRandom(provider, len, buf) == 0) { + CryptReleaseContext(provider, 0); + goto fail; + } + CryptReleaseContext(provider, 0); + return (0); + +fail: + errno = EIO; + return (-1); +} diff --git a/compat/getpagesize.c b/compat/getpagesize.c new file mode 100644 index 0000000..cbaae92 --- /dev/null +++ b/compat/getpagesize.c @@ -0,0 +1,18 @@ +/* $OpenBSD$ */ + +#include <unistd.h> + +#ifdef _WIN32 +#include <windows.h> +#endif + +int +getpagesize(void) { +#ifdef _WIN32 + SYSTEM_INFO system_info; + GetSystemInfo(&system_info); + return system_info.dwPageSize; +#else + return sysconf(_SC_PAGESIZE); +#endif +} diff --git a/compat/getprogname_linux.c b/compat/getprogname_linux.c new file mode 100644 index 0000000..1850e86 --- /dev/null +++ b/compat/getprogname_linux.c @@ -0,0 +1,23 @@ +#include <stdlib.h> + +#include <errno.h> + +const char * +getprogname(void) +{ +#if defined(__ANDROID_API__) && __ANDROID_API__ < 21 + /* + * Android added getprogname with API 21, so we should not end up here + * with APIs newer than 21. + * https://github.com/aosp-mirror/platform_bionic/blob/1eb6d3/libc/include/stdlib.h#L160 + * + * Since Android is using portions of OpenBSD libc, it should have + * a symbol called __progname. + * https://github.com/aosp-mirror/platform_bionic/commit/692207 + */ + extern const char *__progname; + return __progname; +#else + return program_invocation_short_name; +#endif +} diff --git a/compat/getprogname_unimpl.c b/compat/getprogname_unimpl.c new file mode 100644 index 0000000..339c54a --- /dev/null +++ b/compat/getprogname_unimpl.c @@ -0,0 +1,7 @@ +#include <stdlib.h> + +const char * +getprogname(void) +{ + return "?"; +} diff --git a/compat/getprogname_windows.c b/compat/getprogname_windows.c new file mode 100644 index 0000000..eb04ec0 --- /dev/null +++ b/compat/getprogname_windows.c @@ -0,0 +1,13 @@ +#include <stdlib.h> + +#include <windows.h> + +const char * +getprogname(void) +{ + static char progname[MAX_PATH + 1]; + DWORD length = GetModuleFileName(NULL, progname, sizeof (progname) - 1); + if (length < 0) + return "?"; + return progname; +} diff --git a/compat/posix_win.c b/compat/posix_win.c new file mode 100644 index 0000000..30c93cd --- /dev/null +++ b/compat/posix_win.c @@ -0,0 +1,245 @@ +/* + * Public domain + * + * BSD socket emulation code for Winsock2 + * File IO compatibility shims + * Brent Cook <bcook@openbsd.org> + * Kinichiro Inoguchi <inoguchi@openbsd.org> + */ + +#define NO_REDEF_POSIX_FUNCTIONS + +#include <windows.h> +#include <ws2tcpip.h> + +#include <errno.h> +#include <fcntl.h> +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +void +posix_perror(const char *s) +{ + fprintf(stderr, "%s: %s\n", s, strerror(errno)); +} + +FILE * +posix_fopen(const char *path, const char *mode) +{ + if (strchr(mode, 'b') == NULL) { + char *bin_mode = NULL; + if (asprintf(&bin_mode, "%sb", mode) == -1) + return NULL; + FILE *f = fopen(path, bin_mode); + free(bin_mode); + return f; + } + + return fopen(path, mode); +} + +int +posix_open(const char *path, ...) +{ + va_list ap; + int mode = 0; + int flags; + + va_start(ap, path); + flags = va_arg(ap, int); + if (flags & O_CREAT) + mode = va_arg(ap, int); + va_end(ap); + + flags |= O_BINARY; + if (flags & O_CLOEXEC) { + flags &= ~O_CLOEXEC; + flags |= O_NOINHERIT; + } + flags &= ~O_NONBLOCK; + return open(path, flags, mode); +} + +char * +posix_fgets(char *s, int size, FILE *stream) +{ + char *ret = fgets(s, size, stream); + if (ret != NULL) { + size_t end = strlen(ret); + if (end >= 2 && ret[end - 2] == '\r' && ret[end - 1] == '\n') { + ret[end - 2] = '\n'; + ret[end - 1] = '\0'; + } + } + return ret; +} + +int +posix_rename(const char *oldpath, const char *newpath) +{ + return MoveFileEx(oldpath, newpath, MOVEFILE_REPLACE_EXISTING) ? 0 : -1; +} + +static int +wsa_errno(int err) +{ + switch (err) { + case WSAENOBUFS: + errno = ENOMEM; + break; + case WSAEACCES: + errno = EACCES; + break; + case WSANOTINITIALISED: + errno = EPERM; + break; + case WSAEHOSTUNREACH: + case WSAENETDOWN: + errno = EIO; + break; + case WSAEFAULT: + errno = EFAULT; + break; + case WSAEINTR: + errno = EINTR; + break; + case WSAEINVAL: + errno = EINVAL; + break; + case WSAEINPROGRESS: + errno = EINPROGRESS; + break; + case WSAEWOULDBLOCK: + errno = EAGAIN; + break; + case WSAEOPNOTSUPP: + errno = ENOTSUP; + break; + case WSAEMSGSIZE: + errno = EFBIG; + break; + case WSAENOTSOCK: + errno = ENOTSOCK; + break; + case WSAENOPROTOOPT: + errno = ENOPROTOOPT; + break; + case WSAECONNREFUSED: + errno = ECONNREFUSED; + break; + case WSAEAFNOSUPPORT: + errno = EAFNOSUPPORT; + break; + case WSAEBADF: + errno = EBADF; + break; + case WSAENETRESET: + case WSAENOTCONN: + case WSAECONNABORTED: + case WSAECONNRESET: + case WSAESHUTDOWN: + case WSAETIMEDOUT: + errno = EPIPE; + break; + } + return -1; +} + +int +posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) +{ + int rc = connect(sockfd, addr, addrlen); + if (rc == SOCKET_ERROR) + return wsa_errno(WSAGetLastError()); + return rc; +} + +int +posix_close(int fd) +{ + if (closesocket(fd) == SOCKET_ERROR) { + int err = WSAGetLastError(); + return (err == WSAENOTSOCK || err == WSAEBADF || + err == WSANOTINITIALISED) ? + close(fd) : wsa_errno(err); + } + return 0; +} + +ssize_t +posix_read(int fd, void *buf, size_t count) +{ + ssize_t rc = recv(fd, buf, count, 0); + if (rc == SOCKET_ERROR) { + int err = WSAGetLastError(); + return (err == WSAENOTSOCK || err == WSAEBADF || + err == WSANOTINITIALISED) ? + read(fd, buf, count) : wsa_errno(err); + } + return rc; +} + +ssize_t +posix_write(int fd, const void *buf, size_t count) +{ + ssize_t rc = send(fd, buf, count, 0); + if (rc == SOCKET_ERROR) { + int err = WSAGetLastError(); + return (err == WSAENOTSOCK || err == WSAEBADF || + err == WSANOTINITIALISED) ? + write(fd, buf, count) : wsa_errno(err); + } + return rc; +} + +int +posix_getsockopt(int sockfd, int level, int optname, + void *optval, socklen_t *optlen) +{ + int rc = getsockopt(sockfd, level, optname, (char *)optval, optlen); + return rc == 0 ? 0 : wsa_errno(WSAGetLastError()); + +} + +int +posix_setsockopt(int sockfd, int level, int optname, + const void *optval, socklen_t optlen) +{ + int rc = setsockopt(sockfd, level, optname, (char *)optval, optlen); + return rc == 0 ? 0 : wsa_errno(WSAGetLastError()); +} + +uid_t getuid(void) +{ + /* Windows fstat sets 0 as st_uid */ + return 0; +} + +#ifdef _MSC_VER +struct timezone; +int gettimeofday(struct timeval * tp, struct timezone * tzp) +{ + /* + * Note: some broken versions only have 8 trailing zero's, the correct + * epoch has 9 trailing zero's + */ + static const uint64_t EPOCH = ((uint64_t) 116444736000000000ULL); + + SYSTEMTIME system_time; + FILETIME file_time; + uint64_t time; + + GetSystemTime(&system_time); + SystemTimeToFileTime(&system_time, &file_time); + time = ((uint64_t)file_time.dwLowDateTime); + time += ((uint64_t)file_time.dwHighDateTime) << 32; + + tp->tv_sec = (long)((time - EPOCH) / 10000000L); + tp->tv_usec = (long)(system_time.wMilliseconds * 1000); + return 0; +} + +#endif diff --git a/compat/pread.c b/compat/pread.c new file mode 100644 index 0000000..b9d6b09 --- /dev/null +++ b/compat/pread.c @@ -0,0 +1,29 @@ +/* + * Public domain + * + * Kinichiro Inoguchi <inoguchi@openbsd.org> + */ + +#ifdef _WIN32 + +#define NO_REDEF_POSIX_FUNCTIONS + +#include <unistd.h> + +ssize_t +pread(int d, void *buf, size_t nbytes, off_t offset) +{ + off_t cpos, opos, rpos; + ssize_t bytes; + if((cpos = lseek(d, 0, SEEK_CUR)) == -1) + return -1; + if((opos = lseek(d, offset, SEEK_SET)) == -1) + return -1; + if((bytes = read(d, buf, nbytes)) == -1) + return -1; + if((rpos = lseek(d, cpos, SEEK_SET)) == -1) + return -1; + return bytes; +} + +#endif diff --git a/compat/pwrite.c b/compat/pwrite.c new file mode 100644 index 0000000..82f5f55 --- /dev/null +++ b/compat/pwrite.c @@ -0,0 +1,29 @@ +/* + * Public domain + * + * Kinichiro Inoguchi <inoguchi@openbsd.org> + */ + +#ifdef _WIN32 + +#define NO_REDEF_POSIX_FUNCTIONS + +#include <unistd.h> + +ssize_t +pwrite(int d, const void *buf, size_t nbytes, off_t offset) +{ + off_t cpos, opos, rpos; + ssize_t bytes; + if((cpos = lseek(d, 0, SEEK_CUR)) == -1) + return -1; + if((opos = lseek(d, offset, SEEK_SET)) == -1) + return -1; + if((bytes = write(d, buf, nbytes)) == -1) + return -1; + if((rpos = lseek(d, cpos, SEEK_SET)) == -1) + return -1; + return bytes; +} + +#endif diff --git a/compat/reallocarray.c b/compat/reallocarray.c new file mode 100644 index 0000000..43f0b69 --- /dev/null +++ b/compat/reallocarray.c @@ -0,0 +1,38 @@ +/* $OpenBSD: reallocarray.c,v 1.3 2015/09/13 08:31:47 guenther Exp $ */ +/* + * Copyright (c) 2008 Otto Moerbeek <otto@drijf.net> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <sys/types.h> +#include <errno.h> +#include <stdint.h> +#include <stdlib.h> + +/* + * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX + * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW + */ +#define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4)) + +void * +reallocarray(void *optr, size_t nmemb, size_t size) +{ + if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && + nmemb > 0 && SIZE_MAX / nmemb < size) { + errno = ENOMEM; + return NULL; + } + return realloc(optr, size * nmemb); +} diff --git a/compat/strcasecmp.c b/compat/strcasecmp.c new file mode 100644 index 0000000..e5da89c --- /dev/null +++ b/compat/strcasecmp.c @@ -0,0 +1,105 @@ +/* $OpenBSD: strcasecmp.c,v 1.7 2015/08/31 02:53:57 guenther Exp $ */ + +/* + * Copyright (c) 1987, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <string.h> + +typedef unsigned char u_char; + +/* + * This array is designed for mapping upper and lower case letter + * together for a case independent comparison. The mappings are + * based upon ascii character sequences. + */ +static const u_char charmap[] = { + '\000', '\001', '\002', '\003', '\004', '\005', '\006', '\007', + '\010', '\011', '\012', '\013', '\014', '\015', '\016', '\017', + '\020', '\021', '\022', '\023', '\024', '\025', '\026', '\027', + '\030', '\031', '\032', '\033', '\034', '\035', '\036', '\037', + '\040', '\041', '\042', '\043', '\044', '\045', '\046', '\047', + '\050', '\051', '\052', '\053', '\054', '\055', '\056', '\057', + '\060', '\061', '\062', '\063', '\064', '\065', '\066', '\067', + '\070', '\071', '\072', '\073', '\074', '\075', '\076', '\077', + '\100', '\141', '\142', '\143', '\144', '\145', '\146', '\147', + '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157', + '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167', + '\170', '\171', '\172', '\133', '\134', '\135', '\136', '\137', + '\140', '\141', '\142', '\143', '\144', '\145', '\146', '\147', + '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157', + '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167', + '\170', '\171', '\172', '\173', '\174', '\175', '\176', '\177', + '\200', '\201', '\202', '\203', '\204', '\205', '\206', '\207', + '\210', '\211', '\212', '\213', '\214', '\215', '\216', '\217', + '\220', '\221', '\222', '\223', '\224', '\225', '\226', '\227', + '\230', '\231', '\232', '\233', '\234', '\235', '\236', '\237', + '\240', '\241', '\242', '\243', '\244', '\245', '\246', '\247', + '\250', '\251', '\252', '\253', '\254', '\255', '\256', '\257', + '\260', '\261', '\262', '\263', '\264', '\265', '\266', '\267', + '\270', '\271', '\272', '\273', '\274', '\275', '\276', '\277', + '\300', '\301', '\302', '\303', '\304', '\305', '\306', '\307', + '\310', '\311', '\312', '\313', '\314', '\315', '\316', '\317', + '\320', '\321', '\322', '\323', '\324', '\325', '\326', '\327', + '\330', '\331', '\332', '\333', '\334', '\335', '\336', '\337', + '\340', '\341', '\342', '\343', '\344', '\345', '\346', '\347', + '\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357', + '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367', + '\370', '\371', '\372', '\373', '\374', '\375', '\376', '\377', +}; + +int +strcasecmp(const char *s1, const char *s2) +{ + const u_char *cm = charmap; + const u_char *us1 = (const u_char *)s1; + const u_char *us2 = (const u_char *)s2; + + while (cm[*us1] == cm[*us2++]) + if (*us1++ == '\0') + return (0); + return (cm[*us1] - cm[*--us2]); +} + +int +strncasecmp(const char *s1, const char *s2, size_t n) +{ + if (n != 0) { + const u_char *cm = charmap; + const u_char *us1 = (const u_char *)s1; + const u_char *us2 = (const u_char *)s2; + + do { + if (cm[*us1] != cm[*us2++]) + return (cm[*us1] - cm[*--us2]); + if (*us1++ == '\0') + break; + } while (--n != 0); + } + return (0); +} diff --git a/compat/strlcpy.c b/compat/strlcpy.c new file mode 100644 index 0000000..2fa498c --- /dev/null +++ b/compat/strlcpy.c @@ -0,0 +1,50 @@ +/* $OpenBSD: strlcpy.c,v 1.16 2019/01/25 00:19:25 millert Exp $ */ + +/* + * Copyright (c) 1998, 2015 Todd C. Miller <millert@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <sys/types.h> +#include <string.h> + +/* + * Copy string src to buffer dst of size dsize. At most dsize-1 + * chars will be copied. Always NUL terminates (unless dsize == 0). + * Returns strlen(src); if retval >= dsize, truncation occurred. + */ +size_t +strlcpy(char *dst, const char *src, size_t dsize) +{ + const char *osrc = src; + size_t nleft = dsize; + + /* Copy as many bytes as will fit. */ + if (nleft != 0) { + while (--nleft != 0) { + if ((*dst++ = *src++) == '\0') + break; + } + } + + /* Not enough room in dst, add NUL and traverse rest of src. */ + if (nleft == 0) { + if (dsize != 0) + *dst = '\0'; /* NUL-terminate dst */ + while (*src++) + ; + } + + return(src - osrc - 1); /* count does not include NUL */ +} diff --git a/compat/strsep.c b/compat/strsep.c new file mode 100644 index 0000000..c5d6511 --- /dev/null +++ b/compat/strsep.c @@ -0,0 +1,70 @@ +/* $OpenBSD: strsep.c,v 1.8 2015/08/31 02:53:57 guenther Exp $ */ + +/*- + * Copyright (c) 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <string.h> + +/* + * Get next token from string *stringp, where tokens are possibly-empty + * strings separated by characters from delim. + * + * Writes NULs into the string at *stringp to end tokens. + * delim need not remain constant from call to call. + * On return, *stringp points past the last NUL written (if there might + * be further tokens), or is NULL (if there are definitely no more tokens). + * + * If *stringp is NULL, strsep returns NULL. + */ +char * +strsep(char **stringp, const char *delim) +{ + char *s; + const char *spanp; + int c, sc; + char *tok; + + if ((s = *stringp) == NULL) + return (NULL); + for (tok = s;;) { + c = *s++; + spanp = delim; + do { + if ((sc = *spanp++) == c) { + if (c == 0) + s = NULL; + else + s[-1] = 0; + *stringp = s; + return (tok); + } + } while (sc != 0); + } + /* NOTREACHED */ +} diff --git a/compat/timegm.c b/compat/timegm.c new file mode 100644 index 0000000..2658445 --- /dev/null +++ b/compat/timegm.c @@ -0,0 +1,220 @@ +/* + * ---------------------------------------------------------------------- + * Copyright © 2005-2014 Rich Felker, et al. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * ---------------------------------------------------------------------- + */ + +#include <errno.h> +#include <limits.h> +#include <time.h> + +/* 2000-03-01 (mod 400 year, immediately after feb29 */ +#define LEAPOCH (946684800LL + 86400*(31+29)) + +#define DAYS_PER_400Y (365*400 + 97) +#define DAYS_PER_100Y (365*100 + 24) +#define DAYS_PER_4Y (365*4 + 1) + +static int __month_to_secs(int month, int is_leap) +{ + static const int secs_through_month[] = { + 0, 31*86400, 59*86400, 90*86400, + 120*86400, 151*86400, 181*86400, 212*86400, + 243*86400, 273*86400, 304*86400, 334*86400 }; + int t = secs_through_month[month]; + if (is_leap && month >= 2) t+=86400; + return t; +} + +static long long __year_to_secs(long long year, int *is_leap) +{ + if (year-2ULL <= 136) { + int y = year; + int leaps = (y-68)>>2; + if (!((y-68)&3)) { + leaps--; + if (is_leap) *is_leap = 1; + } else if (is_leap) *is_leap = 0; + return 31536000*(y-70) + 86400*leaps; + } + + int cycles, centuries, leaps, rem; + + if (!is_leap) is_leap = &(int){0}; + cycles = (year-100) / 400; + rem = (year-100) % 400; + if (rem < 0) { + cycles--; + rem += 400; + } + if (!rem) { + *is_leap = 1; + centuries = 0; + leaps = 0; + } else { + if (rem >= 200) { + if (rem >= 300) centuries = 3, rem -= 300; + else centuries = 2, rem -= 200; + } else { + if (rem >= 100) centuries = 1, rem -= 100; + else centuries = 0; + } + if (!rem) { + *is_leap = 0; + leaps = 0; + } else { + leaps = rem / 4U; + rem %= 4U; + *is_leap = !rem; + } + } + + leaps += 97*cycles + 24*centuries - *is_leap; + + return (year-100) * 31536000LL + leaps * 86400LL + 946684800 + 86400; +} + +static long long __tm_to_secs(const struct tm *tm) +{ + int is_leap; + long long year = tm->tm_year; + int month = tm->tm_mon; + if (month >= 12 || month < 0) { + int adj = month / 12; + month %= 12; + if (month < 0) { + adj--; + month += 12; + } + year += adj; + } + long long t = __year_to_secs(year, &is_leap); + t += __month_to_secs(month, is_leap); + t += 86400LL * (tm->tm_mday-1); + t += 3600LL * tm->tm_hour; + t += 60LL * tm->tm_min; + t += tm->tm_sec; + return t; +} + +static int __secs_to_tm(long long t, struct tm *tm) +{ + long long days, secs; + int remdays, remsecs, remyears; + int qc_cycles, c_cycles, q_cycles; + int years, months; + int wday, yday, leap; + static const char days_in_month[] = {31,30,31,30,31,31,30,31,30,31,31,29}; + + /* Reject time_t values whose year would overflow int */ + if (t < INT_MIN * 31622400LL || t > INT_MAX * 31622400LL) + return -1; + + secs = t - LEAPOCH; + days = secs / 86400; + remsecs = secs % 86400; + if (remsecs < 0) { + remsecs += 86400; + days--; + } + + wday = (3+days)%7; + if (wday < 0) wday += 7; + + qc_cycles = days / DAYS_PER_400Y; + remdays = days % DAYS_PER_400Y; + if (remdays < 0) { + remdays += DAYS_PER_400Y; + qc_cycles--; + } + + c_cycles = remdays / DAYS_PER_100Y; + if (c_cycles == 4) c_cycles--; + remdays -= c_cycles * DAYS_PER_100Y; + + q_cycles = remdays / DAYS_PER_4Y; + if (q_cycles == 25) q_cycles--; + remdays -= q_cycles * DAYS_PER_4Y; + + remyears = remdays / 365; + if (remyears == 4) remyears--; + remdays -= remyears * 365; + + leap = !remyears && (q_cycles || !c_cycles); + yday = remdays + 31 + 28 + leap; + if (yday >= 365+leap) yday -= 365+leap; + + years = remyears + 4*q_cycles + 100*c_cycles + 400*qc_cycles; + + for (months=0; days_in_month[months] <= remdays; months++) + remdays -= days_in_month[months]; + + if (years+100 > INT_MAX || years+100 < INT_MIN) + return -1; + + tm->tm_year = years + 100; + tm->tm_mon = months + 2; + if (tm->tm_mon >= 12) { + tm->tm_mon -=12; + tm->tm_year++; + } + tm->tm_mday = remdays + 1; + tm->tm_wday = wday; + tm->tm_yday = yday; + + tm->tm_hour = remsecs / 3600; + tm->tm_min = remsecs / 60 % 60; + tm->tm_sec = remsecs % 60; + + return 0; +} + +#ifdef _WIN32 +struct tm *__gmtime_r(const time_t *t, struct tm *tm) +{ + if (__secs_to_tm(*t, tm) < 0) { + errno = EOVERFLOW; + return 0; + } + tm->tm_isdst = 0; + return tm; +} +#endif + +time_t timegm(struct tm *tm) +{ + struct tm new; + long long t = __tm_to_secs(tm); + if (__secs_to_tm(t, &new) < 0) { + errno = EOVERFLOW; + return -1; + } +#if SIZEOF_TIME_T != 8 + if (t > (long long)INT_MAX || t < (long long)INT_MIN) { + errno = EOVERFLOW; + return -1; + } +#endif + *tm = new; + tm->tm_isdst = 0; + return t; +} diff --git a/compat/timingsafe_memcmp.c b/compat/timingsafe_memcmp.c new file mode 100644 index 0000000..bb210a3 --- /dev/null +++ b/compat/timingsafe_memcmp.c @@ -0,0 +1,46 @@ +/* $OpenBSD: timingsafe_memcmp.c,v 1.2 2015/08/31 02:53:57 guenther Exp $ */ +/* + * Copyright (c) 2014 Google Inc. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <limits.h> +#include <string.h> + +int +timingsafe_memcmp(const void *b1, const void *b2, size_t len) +{ + const unsigned char *p1 = b1, *p2 = b2; + size_t i; + int res = 0, done = 0; + + for (i = 0; i < len; i++) { + /* lt is -1 if p1[i] < p2[i]; else 0. */ + int lt = (p1[i] - p2[i]) >> CHAR_BIT; + + /* gt is -1 if p1[i] > p2[i]; else 0. */ + int gt = (p2[i] - p1[i]) >> CHAR_BIT; + + /* cmp is 1 if p1[i] > p2[i]; -1 if p1[i] < p2[i]; else 0. */ + int cmp = lt - gt; + + /* set res = cmp if !done. */ + res |= cmp & ~done; + + /* set done if p1[i] != p2[i]. */ + done |= lt | gt; + } + + return (res); +} diff --git a/configure.ac b/configure.ac new file mode 100644 index 0000000..888ca19 --- /dev/null +++ b/configure.ac @@ -0,0 +1,165 @@ +# Copyright (c) 2014-2015 Brent Cook +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +AC_INIT([libressl], m4_esyscmd([tr -d '\n' < VERSION])) +AC_SUBST([LIBCRYPTO_VERSION], m4_esyscmd([tr -d '\n' < crypto/VERSION])) +AC_SUBST([LIBSSL_VERSION], m4_esyscmd([tr -d '\n' < ssl/VERSION])) +AC_SUBST([LIBTLS_VERSION], m4_esyscmd([tr -d '\n' < tls/VERSION])) + +AC_CANONICAL_HOST +AM_INIT_AUTOMAKE([subdir-objects foreign]) +AC_CONFIG_MACRO_DIR([m4]) + +m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) + +# This must be saved before AC_PROG_CC +USER_CFLAGS="$CFLAGS" + +AC_PROG_CC([cc gcc]) +AC_PROG_CC_STDC +AM_PROG_CC_C_O +AC_PROG_LIBTOOL +LT_INIT + +CHECK_OS_OPTIONS + +CHECK_C_HARDENING_OPTIONS + +DISABLE_AS_EXECUTABLE_STACK +AM_PROG_AS + +DISABLE_COMPILER_WARNINGS + +# Check if the certhash command should be built +AC_CHECK_FUNCS([symlink]) +AM_CONDITIONAL([BUILD_CERTHASH], [test "x$ac_cv_func_symlink" = xyes]) + +# Check if funopen exists +AC_CHECK_FUNC([funopen]) + +CHECK_LIBC_COMPAT +CHECK_SYSCALL_COMPAT +CHECK_CRYPTO_COMPAT +CHECK_VA_COPY +CHECK_B64_NTOP + +AC_ARG_WITH([openssldir], + AS_HELP_STRING([--with-openssldir], + [Set the default openssl directory]), + OPENSSLDIR="$withval" + AC_SUBST(OPENSSLDIR) +) +AM_CONDITIONAL([OPENSSLDIR_DEFINED], [test x$with_openssldir != x]) + +AC_ARG_ENABLE([extratests], + AS_HELP_STRING([--enable-extratests], [Enable extra tests that may be unreliable on some platforms])) +AM_CONDITIONAL([ENABLE_EXTRATESTS], [test "x$enable_extratests" = xyes]) + +AC_ARG_ENABLE([tests], + [AS_HELP_STRING([--disable-tests], [Disable tests @<:@default=enabled@:>@])], + [ + if ! test "x${enable_tests}" = "xyes"; then + enable_tests="no" + fi], + [enable_tests="yes"]) +AM_CONDITIONAL([ENABLE_TESTS], [test "x$enable_tests" = xyes]) + +# Add CPU-specific alignment flags +old_cflags=$CFLAGS +CFLAGS="$CFLAGS -I$srcdir/include" +AC_MSG_CHECKING([if BSWAP4 builds without __STRICT_ALIGNMENT]) +AC_TRY_COMPILE([#include "$srcdir/crypto/modes/modes_lcl.h"], + [int a = 0; BSWAP4(a);], + AC_MSG_RESULT([yes]) + BSWAP4=yes, + AC_MSG_RESULT([no]) + BSWAP4=no) +CFLAGS="$old_cflags" + +AS_CASE([$host_cpu], + [*sparc*], [CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT"], + [*arm*], [host_cpu=arm], + [*amd64*], [host_cpu=x86_64 HOSTARCH=intel], + [i?86], [HOSTARCH=intel], + [x86_64], [HOSTARCH=intel] +) +AS_IF([test "x$BSWAP4" = "xyes" -a "$host_cpu" = "arm" ],,CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT") +AM_CONDITIONAL([HOST_CPU_IS_INTEL], [test "x$HOSTARCH" = "xintel"]) + +AC_MSG_CHECKING([if .gnu.warning accepts long strings]) +AC_LINK_IFELSE([AC_LANG_SOURCE([[ +extern void SSLv3_method(); +__asm__(".section .gnu.warning.SSLv3_method\n\t.ascii \"SSLv3_method is insecure\"\n\t.text"); +int main() {return 0;} +]])], [ + AC_DEFINE(HAS_GNU_WARNING_LONG, 1, [Define if .gnu.warning accepts long strings.]) + AC_MSG_RESULT(yes) +], [ + AC_MSG_RESULT(no) +]) + +AC_ARG_ENABLE([asm], + AS_HELP_STRING([--disable-asm], [Disable assembly])) +AM_CONDITIONAL([OPENSSL_NO_ASM], [test "x$enable_asm" = "xno"]) + +# Conditionally enable assembly by default +AM_CONDITIONAL([HOST_ASM_ELF_ARM], + [test "x$HOST_ABI" = "xelf" -a "$host_cpu" = "arm" -a "x$enable_asm" != "xno"]) +AM_CONDITIONAL([HOST_ASM_ELF_X86_64], + [test "x$HOST_ABI" = "xelf" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"]) +AM_CONDITIONAL([HOST_ASM_MACOSX_X86_64], + [test "x$HOST_ABI" = "xmacosx" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"]) +AM_CONDITIONAL([HOST_ASM_MASM_X86_64], + [test "x$HOST_ABI" = "xmasm" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"]) +AM_CONDITIONAL([HOST_ASM_MINGW64_X86_64], + [test "x$HOST_ABI" = "xmingw64" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"]) + +# Check if time_t is sized correctly +AC_CHECK_SIZEOF([time_t], [time.h]) + +AC_CONFIG_FILES([ + Makefile + include/Makefile + include/openssl/Makefile + crypto/Makefile + ssl/Makefile + tls/Makefile + tests/Makefile + apps/Makefile + apps/ocspcheck/Makefile + apps/openssl/Makefile + apps/nc/Makefile + man/Makefile + libcrypto.pc + libssl.pc + libtls.pc + openssl.pc +]) + +AM_CONDITIONAL([SMALL_TIME_T], [test "$ac_cv_sizeof_time_t" = "4"]) +if test "$ac_cv_sizeof_time_t" = "4"; then + AC_DEFINE([SMALL_TIME_T]) + echo " ** Warning, this system is unable to represent times past 2038" + echo " ** It will behave incorrectly when handling valid RFC5280 dates" + + if test "$host_os" = "mingw32" ; then + echo " **" + echo " ** You can solve this by adjusting the build flags in your" + echo " ** mingw-w64 toolchain. Refer to README.windows for details." + fi +fi + +AC_REQUIRE_AUX_FILE([tap-driver.sh]) + +AC_OUTPUT diff --git a/include/Makefile.am b/include/Makefile.am new file mode 100644 index 0000000..6d808cc --- /dev/null +++ b/include/Makefile.am @@ -0,0 +1,45 @@ +include $(top_srcdir)/Makefile.am.common + +EXTRA_DIST = CMakeLists.txt + +SUBDIRS = openssl + +noinst_HEADERS = pqueue.h +noinst_HEADERS += compat/dirent.h +noinst_HEADERS += compat/dirent_msvc.h +noinst_HEADERS += compat/err.h +noinst_HEADERS += compat/fcntl.h +noinst_HEADERS += compat/limits.h +noinst_HEADERS += compat/netdb.h +noinst_HEADERS += compat/poll.h +noinst_HEADERS += compat/pthread.h +noinst_HEADERS += compat/readpassphrase.h +noinst_HEADERS += compat/resolv.h +noinst_HEADERS += compat/stdio.h +noinst_HEADERS += compat/stdlib.h +noinst_HEADERS += compat/string.h +noinst_HEADERS += compat/syslog.h +noinst_HEADERS += compat/time.h +noinst_HEADERS += compat/unistd.h +noinst_HEADERS += compat/win32netcompat.h + +noinst_HEADERS += compat/arpa/inet.h +noinst_HEADERS += compat/arpa/nameser.h + +noinst_HEADERS += compat/machine/endian.h + +noinst_HEADERS += compat/netinet/in.h +noinst_HEADERS += compat/netinet/ip.h +noinst_HEADERS += compat/netinet/tcp.h + +noinst_HEADERS += compat/sys/ioctl.h +noinst_HEADERS += compat/sys/mman.h +noinst_HEADERS += compat/sys/param.h +noinst_HEADERS += compat/sys/select.h +noinst_HEADERS += compat/sys/socket.h +noinst_HEADERS += compat/sys/stat.h +noinst_HEADERS += compat/sys/time.h +noinst_HEADERS += compat/sys/types.h +noinst_HEADERS += compat/sys/uio.h + +include_HEADERS = tls.h diff --git a/include/compat/arpa/inet.h b/include/compat/arpa/inet.h new file mode 100644 index 0000000..4422f41 --- /dev/null +++ b/include/compat/arpa/inet.h @@ -0,0 +1,15 @@ +/* + * Public domain + * arpa/inet.h compatibility shim + */ + +#ifndef _WIN32 +#include_next <arpa/inet.h> +#else +#include <win32netcompat.h> + +#ifndef AI_ADDRCONFIG +#define AI_ADDRCONFIG 0x00000400 +#endif + +#endif diff --git a/include/compat/fcntl.h b/include/compat/fcntl.h new file mode 100644 index 0000000..7dfedc6 --- /dev/null +++ b/include/compat/fcntl.h @@ -0,0 +1,32 @@ +/* + * Public domain + * fcntl.h compatibility shim + */ + +#ifndef _WIN32 +#include_next <fcntl.h> +#else + +#ifdef _MSC_VER +#if _MSC_VER >= 1900 +#include <../ucrt/fcntl.h> +#else +#include <../include/fcntl.h> +#endif +#else +#include_next <fcntl.h> +#endif + +#endif + +#ifndef O_NONBLOCK +#define O_NONBLOCK 0x100000 +#endif + +#ifndef O_CLOEXEC +#define O_CLOEXEC 0x200000 +#endif + +#ifndef FD_CLOEXEC +#define FD_CLOEXEC 1 +#endif diff --git a/include/compat/limits.h b/include/compat/limits.h new file mode 100644 index 0000000..73cccfc --- /dev/null +++ b/include/compat/limits.h @@ -0,0 +1,25 @@ +/* + * Public domain + * limits.h compatibility shim + */ + +#ifdef _MSC_VER +#include <../include/limits.h> +#if _MSC_VER >= 1900 +#include <../ucrt/stdlib.h> +#else +#include <../include/stdlib.h> +#endif +#ifndef PATH_MAX +#define PATH_MAX _MAX_PATH +#endif +#else +#include_next <limits.h> +#endif + +#ifdef __hpux +#include <sys/param.h> +#ifndef PATH_MAX +#define PATH_MAX MAXPATHLEN +#endif +#endif diff --git a/include/compat/netdb.h b/include/compat/netdb.h new file mode 100644 index 0000000..d36b91d --- /dev/null +++ b/include/compat/netdb.h @@ -0,0 +1,10 @@ +/* + * Public domain + * netdb.h compatibility shim + */ + +#ifndef _WIN32 +#include_next <netdb.h> +#else +#include <win32netcompat.h> +#endif diff --git a/include/compat/netinet/in.h b/include/compat/netinet/in.h new file mode 100644 index 0000000..d1afb27 --- /dev/null +++ b/include/compat/netinet/in.h @@ -0,0 +1,19 @@ +/* + * Public domain + * netinet/in.h compatibility shim + */ + +#ifndef _WIN32 +#include_next <netinet/in.h> +#else +#include <win32netcompat.h> +#endif + +#ifndef LIBCRYPTOCOMPAT_NETINET_IN_H +#define LIBCRYPTOCOMPAT_NETINET_IN_H + +#ifdef __ANDROID__ +typedef uint16_t in_port_t; +#endif + +#endif diff --git a/include/compat/netinet/ip.h b/include/compat/netinet/ip.h new file mode 100644 index 0000000..6019f7d --- /dev/null +++ b/include/compat/netinet/ip.h @@ -0,0 +1,47 @@ +/* + * Public domain + * netinet/ip.h compatibility shim + */ + +#if defined(__hpux) +#include <netinet/in_systm.h> +#endif + +#ifndef _WIN32 +#include_next <netinet/ip.h> +#else +#include <win32netcompat.h> +#endif + +/* + * Definitions for DiffServ Codepoints as per RFC2474 + */ +#ifndef IPTOS_DSCP_CS0 +#define IPTOS_DSCP_CS0 0x00 +#define IPTOS_DSCP_CS1 0x20 +#define IPTOS_DSCP_CS2 0x40 +#define IPTOS_DSCP_CS3 0x60 +#define IPTOS_DSCP_CS4 0x80 +#define IPTOS_DSCP_CS5 0xa0 +#define IPTOS_DSCP_CS6 0xc0 +#define IPTOS_DSCP_CS7 0xe0 +#endif + +#ifndef IPTOS_DSCP_AF11 +#define IPTOS_DSCP_AF11 0x28 +#define IPTOS_DSCP_AF12 0x30 +#define IPTOS_DSCP_AF13 0x38 +#define IPTOS_DSCP_AF21 0x48 +#define IPTOS_DSCP_AF22 0x50 +#define IPTOS_DSCP_AF23 0x58 +#define IPTOS_DSCP_AF31 0x68 +#define IPTOS_DSCP_AF32 0x70 +#define IPTOS_DSCP_AF33 0x78 +#define IPTOS_DSCP_AF41 0x88 +#define IPTOS_DSCP_AF42 0x90 +#define IPTOS_DSCP_AF43 0x98 +#endif + +#ifndef IPTOS_DSCP_EF +#define IPTOS_DSCP_EF 0xb8 +#endif diff --git a/include/compat/netinet/tcp.h b/include/compat/netinet/tcp.h new file mode 100644 index 0000000..c98cf74 --- /dev/null +++ b/include/compat/netinet/tcp.h @@ -0,0 +1,10 @@ +/* + * Public domain + * netinet/tcp.h compatibility shim + */ + +#ifndef _WIN32 +#include_next <netinet/tcp.h> +#else +#include <win32netcompat.h> +#endif diff --git a/include/compat/pthread.h b/include/compat/pthread.h new file mode 100644 index 0000000..8b8c3c6 --- /dev/null +++ b/include/compat/pthread.h @@ -0,0 +1,86 @@ +/* + * Public domain + * pthread.h compatibility shim + */ + +#ifndef LIBCRYPTOCOMPAT_PTHREAD_H +#define LIBCRYPTOCOMPAT_PTHREAD_H + +#ifdef _WIN32 + +#include <windows.h> + +/* + * Static once initialization values. + */ +#define PTHREAD_ONCE_INIT { INIT_ONCE_STATIC_INIT } + +/* + * Once definitions. + */ +struct pthread_once { + INIT_ONCE once; +}; +typedef struct pthread_once pthread_once_t; + +static inline BOOL CALLBACK +_pthread_once_win32_cb(PINIT_ONCE once, PVOID param, PVOID *context) +{ + void (*cb) (void) = param; + cb(); + return TRUE; +} + +static inline int +pthread_once(pthread_once_t *once, void (*cb) (void)) +{ + BOOL rc = InitOnceExecuteOnce(&once->once, _pthread_once_win32_cb, cb, NULL); + if (rc == 0) + return -1; + else + return 0; +} + +typedef DWORD pthread_t; + +static inline pthread_t +pthread_self(void) +{ + return GetCurrentThreadId(); +} + +static inline int +pthread_equal(pthread_t t1, pthread_t t2) +{ + return t1 == t2; +} + +typedef CRITICAL_SECTION pthread_mutex_t; +typedef void pthread_mutexattr_t; + +static inline int +pthread_mutex_init(pthread_mutex_t *mutex, const pthread_mutexattr_t *attr) +{ + InitializeCriticalSection(mutex); + return 0; +} + +static inline int +pthread_mutex_lock(pthread_mutex_t *mutex) +{ + EnterCriticalSection(mutex); + return 0; +} + +static inline int +pthread_mutex_unlock(pthread_mutex_t *mutex) +{ + LeaveCriticalSection(mutex); + return 0; +} + +#else +#include_next <pthread.h> +#endif + +#endif diff --git a/include/compat/stdio.h b/include/compat/stdio.h new file mode 100644 index 0000000..d5725c9 --- /dev/null +++ b/include/compat/stdio.h @@ -0,0 +1,51 @@ +/* + * Public domain + * stdio.h compatibility shim + */ + +#ifndef LIBCRYPTOCOMPAT_STDIO_H +#define LIBCRYPTOCOMPAT_STDIO_H + +#ifdef _MSC_VER +#if _MSC_VER >= 1900 +#include <../ucrt/stdlib.h> +#include <../ucrt/corecrt_io.h> +#include <../ucrt/stdio.h> +#else +#include <../include/stdio.h> +#endif +#else +#include_next <stdio.h> +#endif + +#ifndef HAVE_ASPRINTF +#include <stdarg.h> +int vasprintf(char **str, const char *fmt, va_list ap); +int asprintf(char **str, const char *fmt, ...); +#endif + +#ifdef _WIN32 + +#if defined(_MSC_VER) +#define __func__ __FUNCTION__ +#endif + +void posix_perror(const char *s); +FILE * posix_fopen(const char *path, const char *mode); +char * posix_fgets(char *s, int size, FILE *stream); +int posix_rename(const char *oldpath, const char *newpath); + +#ifndef NO_REDEF_POSIX_FUNCTIONS +#define perror(errnum) posix_perror(errnum) +#define fopen(path, mode) posix_fopen(path, mode) +#define fgets(s, size, stream) posix_fgets(s, size, stream) +#define rename(oldpath, newpath) posix_rename(oldpath, newpath) +#endif + +#ifdef _MSC_VER +#define snprintf _snprintf +#endif + +#endif + +#endif diff --git a/include/compat/stdlib.h b/include/compat/stdlib.h new file mode 100644 index 0000000..2eaea24 --- /dev/null +++ b/include/compat/stdlib.h @@ -0,0 +1,47 @@ +/* + * stdlib.h compatibility shim + * Public domain + */ + +#ifdef _MSC_VER +#if _MSC_VER >= 1900 +#include <../ucrt/stdlib.h> +#else +#include <../include/stdlib.h> +#endif +#else +#include_next <stdlib.h> +#endif + +#ifndef LIBCRYPTOCOMPAT_STDLIB_H +#define LIBCRYPTOCOMPAT_STDLIB_H + +#include <sys/types.h> +#include <stdint.h> + +#ifndef HAVE_ARC4RANDOM_BUF +uint32_t arc4random(void); +void arc4random_buf(void *_buf, size_t n); +uint32_t arc4random_uniform(uint32_t upper_bound); +#endif + +#ifndef HAVE_FREEZERO +void freezero(void *ptr, size_t sz); +#endif + +#ifndef HAVE_GETPROGNAME +const char * getprogname(void); +#endif + +void *reallocarray(void *, size_t, size_t); + +#ifndef HAVE_RECALLOCARRAY +void *recallocarray(void *, size_t, size_t, size_t); +#endif + +#ifndef HAVE_STRTONUM +long long strtonum(const char *nptr, long long minval, + long long maxval, const char **errstr); +#endif + +#endif diff --git a/include/compat/string.h b/include/compat/string.h new file mode 100644 index 0000000..4bf7519 --- /dev/null +++ b/include/compat/string.h @@ -0,0 +1,87 @@ +/* + * Public domain + * string.h compatibility shim + */ + +#ifndef LIBCRYPTOCOMPAT_STRING_H +#define LIBCRYPTOCOMPAT_STRING_H + +#ifdef _MSC_VER +#if _MSC_VER >= 1900 +#include <../ucrt/string.h> +#else +#include <../include/string.h> +#endif +#else +#include_next <string.h> +#endif + +#include <sys/types.h> + +#if defined(__sun) || defined(_AIX) || defined(__hpux) +/* Some functions historically defined in string.h were placed in strings.h by + * SUS. Use the same hack as OS X and FreeBSD use to work around on AIX, + * Solaris, and HPUX. + */ +#include <strings.h> +#endif + +#ifndef HAVE_STRCASECMP +int strcasecmp(const char *s1, const char *s2); +int strncasecmp(const char *s1, const char *s2, size_t len); +#endif + +#ifndef HAVE_STRLCPY +size_t strlcpy(char *dst, const char *src, size_t siz); +#endif + +#ifndef HAVE_STRLCAT +size_t strlcat(char *dst, const char *src, size_t siz); +#endif + +#ifndef HAVE_STRNDUP +char * strndup(const char *str, size_t maxlen); +/* the only user of strnlen is strndup, so only build it if needed */ +#ifndef HAVE_STRNLEN +size_t strnlen(const char *str, size_t maxlen); +#endif +#endif + +#ifndef HAVE_STRSEP +char *strsep(char **stringp, const char *delim); +#endif + +#ifndef HAVE_EXPLICIT_BZERO +void explicit_bzero(void *, size_t); +#endif + +#ifndef HAVE_TIMINGSAFE_BCMP +int timingsafe_bcmp(const void *b1, const void *b2, size_t n); +#endif + +#ifndef HAVE_TIMINGSAFE_MEMCMP +int timingsafe_memcmp(const void *b1, const void *b2, size_t len); +#endif + +#ifndef HAVE_MEMMEM +void * memmem(const void *big, size_t big_len, const void *little, + size_t little_len); +#endif + +#ifdef _WIN32 +#include <errno.h> + +static inline char * +posix_strerror(int errnum) +{ + if (errnum == ECONNREFUSED) { + return "Connection refused"; + } + return strerror(errnum); +} + +#define strerror(errnum) posix_strerror(errnum) + +#endif + +#endif diff --git a/include/compat/sys/ioctl.h b/include/compat/sys/ioctl.h new file mode 100644 index 0000000..a255506 --- /dev/null +++ b/include/compat/sys/ioctl.h @@ -0,0 +1,11 @@ +/* + * Public domain + * sys/ioctl.h compatibility shim + */ + +#ifndef _WIN32 +#include_next <sys/ioctl.h> +#else +#include <win32netcompat.h> +#define ioctl(fd, type, arg) ioctlsocket(fd, type, arg) +#endif diff --git a/include/compat/sys/mman.h b/include/compat/sys/mman.h new file mode 100644 index 0000000..d9eb6a9 --- /dev/null +++ b/include/compat/sys/mman.h @@ -0,0 +1,19 @@ +/* + * Public domain + * sys/mman.h compatibility shim + */ + +#include_next <sys/mman.h> + +#ifndef LIBCRYPTOCOMPAT_MMAN_H +#define LIBCRYPTOCOMPAT_MMAN_H + +#ifndef MAP_ANON +#ifdef MAP_ANONYMOUS +#define MAP_ANON MAP_ANONYMOUS +#else +#error "System does not support mapping anonymous pages?" +#endif +#endif + +#endif diff --git a/include/compat/sys/param.h b/include/compat/sys/param.h new file mode 100644 index 0000000..70488f8 --- /dev/null +++ b/include/compat/sys/param.h @@ -0,0 +1,15 @@ +/* + * Public domain + * sys/param.h compatibility shim + */ + +#ifndef LIBCRYPTOCOMPAT_SYS_PARAM_H +#define LIBCRYPTOCOMPAT_SYS_PARAM_H + +#ifdef _MSC_VER +#include <winsock2.h> +#else +#include_next <sys/param.h> +#endif + +#endif diff --git a/include/compat/sys/socket.h b/include/compat/sys/socket.h new file mode 100644 index 0000000..10eb05f --- /dev/null +++ b/include/compat/sys/socket.h @@ -0,0 +1,17 @@ +/* + * Public domain + * sys/socket.h compatibility shim + */ + +#ifndef _WIN32 +#include_next <sys/socket.h> +#else +#include <win32netcompat.h> +#endif + +#if !defined(SOCK_NONBLOCK) || !defined(SOCK_CLOEXEC) +#define SOCK_CLOEXEC 0x8000 /* set FD_CLOEXEC */ +#define SOCK_NONBLOCK 0x4000 /* set O_NONBLOCK */ +int bsd_socketpair(int domain, int type, int protocol, int socket_vector[2]); +#define socketpair(d,t,p,sv) bsd_socketpair(d,t,p,sv) +#endif diff --git a/include/compat/sys/stat.h b/include/compat/sys/stat.h new file mode 100644 index 0000000..b88da1d --- /dev/null +++ b/include/compat/sys/stat.h @@ -0,0 +1,121 @@ +/* + * Public domain + * sys/stat.h compatibility shim + */ + +#ifndef LIBCRYPTOCOMPAT_SYS_STAT_H +#define LIBCRYPTOCOMPAT_SYS_STAT_H + +#ifndef _MSC_VER +#include_next <sys/stat.h> + +/* for old MinGW */ +#ifndef S_IRWXU +#define S_IRWXU 0 +#endif +#ifndef S_IRWXG +#define S_IRWXG 0 +#endif +#ifndef S_IRGRP +#define S_IRGRP 0 +#endif +#ifndef S_IRWXO +#define S_IRWXO 0 +#endif +#ifndef S_IROTH +#define S_IROTH 0 +#endif + +#else + +#include <windows.h> +#if _MSC_VER >= 1900 +#include <../ucrt/sys/stat.h> +#else +#include <../include/sys/stat.h> +#endif + +/* File type and permission flags for stat() */ +#if !defined(S_IFMT) +# define S_IFMT _S_IFMT /* File type mask */ +#endif +#if !defined(S_IFDIR) +# define S_IFDIR _S_IFDIR /* Directory */ +#endif +#if !defined(S_IFCHR) +# define S_IFCHR _S_IFCHR /* Character device */ +#endif +#if !defined(S_IFFIFO) +# define S_IFFIFO _S_IFFIFO /* Pipe */ +#endif +#if !defined(S_IFREG) +# define S_IFREG _S_IFREG /* Regular file */ +#endif +#if !defined(S_IREAD) +# define S_IREAD _S_IREAD /* Read permission */ +#endif +#if !defined(S_IWRITE) +# define S_IWRITE _S_IWRITE /* Write permission */ +#endif +#if !defined(S_IEXEC) +# define S_IEXEC _S_IEXEC /* Execute permission */ +#endif +#if !defined(S_IFIFO) +# define S_IFIFO _S_IFIFO /* Pipe */ +#endif +#if !defined(S_IFBLK) +# define S_IFBLK 0 /* Block device */ +#endif +#if !defined(S_IFLNK) +# define S_IFLNK 0 /* Link */ +#endif +#if !defined(S_IFSOCK) +# define S_IFSOCK 0 /* Socket */ +#endif + +#if defined(_MSC_VER) +# define S_IRWXU 0 /* RWX user */ +# define S_IRUSR S_IREAD /* Read user */ +# define S_IWUSR S_IWRITE /* Write user */ +# define S_IXUSR 0 /* Execute user */ +# define S_IRWXG 0 /* RWX group */ +# define S_IRGRP 0 /* Read group */ +# define S_IWGRP 0 /* Write group */ +# define S_IXGRP 0 /* Execute group */ +# define S_IRWXO 0 /* RWX others */ +# define S_IROTH 0 /* Read others */ +# define S_IWOTH 0 /* Write others */ +# define S_IXOTH 0 /* Execute others */ +#endif + +/* File type flags for d_type */ +#define DT_UNKNOWN 0 +#define DT_REG S_IFREG +#define DT_DIR S_IFDIR +#define DT_FIFO S_IFIFO +#define DT_SOCK S_IFSOCK +#define DT_CHR S_IFCHR +#define DT_BLK S_IFBLK +#define DT_LNK S_IFLNK + +/* Macros for converting between st_mode and d_type */ +#define IFTODT(mode) ((mode) & S_IFMT) +#define DTTOIF(type) (type) + +/* + * File type macros. Note that block devices, sockets and links cannot be + * distinguished on Windows and the macros S_ISBLK, S_ISSOCK and S_ISLNK are + * only defined for compatibility. These macros should always return false + * on Windows. + */ +#define S_ISFIFO(mode) (((mode) & S_IFMT) == S_IFIFO) +#define S_ISDIR(mode) (((mode) & S_IFMT) == S_IFDIR) +#define S_ISREG(mode) (((mode) & S_IFMT) == S_IFREG) +#define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK) +#define S_ISSOCK(mode) (((mode) & S_IFMT) == S_IFSOCK) +#define S_ISCHR(mode) (((mode) & S_IFMT) == S_IFCHR) +#define S_ISBLK(mode) (((mode) & S_IFMT) == S_IFBLK) + +#endif + +#endif diff --git a/include/compat/sys/time.h b/include/compat/sys/time.h new file mode 100644 index 0000000..76428c1 --- /dev/null +++ b/include/compat/sys/time.h @@ -0,0 +1,28 @@ +/* + * Public domain + * sys/time.h compatibility shim + */ + +#ifndef LIBCRYPTOCOMPAT_SYS_TIME_H +#define LIBCRYPTOCOMPAT_SYS_TIME_H + +#ifdef _MSC_VER +#include <winsock2.h> +int gettimeofday(struct timeval *tp, void *tzp); +#else +#include_next <sys/time.h> +#endif + +#ifndef timersub +#define timersub(tvp, uvp, vvp) \ + do { \ + (vvp)->tv_sec = (tvp)->tv_sec - (uvp)->tv_sec; \ + (vvp)->tv_usec = (tvp)->tv_usec - (uvp)->tv_usec; \ + if ((vvp)->tv_usec < 0) { \ + (vvp)->tv_sec--; \ + (vvp)->tv_usec += 1000000; \ + } \ + } while (0) +#endif + +#endif diff --git a/include/compat/sys/types.h b/include/compat/sys/types.h new file mode 100644 index 0000000..4967843 --- /dev/null +++ b/include/compat/sys/types.h @@ -0,0 +1,81 @@ +/* + * Public domain + * sys/types.h compatibility shim + */ + +#ifdef _MSC_VER +#if _MSC_VER >= 1900 +#include <../ucrt/sys/types.h> +#else +#include <../include/sys/types.h> +#endif +#else +#include_next <sys/types.h> +#endif + +#ifndef LIBCRYPTOCOMPAT_SYS_TYPES_H +#define LIBCRYPTOCOMPAT_SYS_TYPES_H + +#include <stdint.h> + +#ifdef __MINGW32__ +#include <_bsd_types.h> +typedef uint32_t in_addr_t; +typedef uint32_t uid_t; +#endif + +#ifdef _MSC_VER +typedef unsigned char u_char; +typedef unsigned short u_short; +typedef unsigned int u_int; +typedef uint32_t in_addr_t; +typedef uint32_t mode_t; +typedef uint32_t uid_t; + +#include <basetsd.h> +typedef SSIZE_T ssize_t; + +#ifndef SSIZE_MAX +#ifdef _WIN64 +#define SSIZE_MAX _I64_MAX +#else +#define SSIZE_MAX INT_MAX +#endif +#endif + +#endif + +#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__bounded__) +# define __bounded__(x, y, z) +#endif + +#if !defined(HAVE_ATTRIBUTE__DEAD) && !defined(__dead) +#ifdef _MSC_VER +#define __dead __declspec(noreturn) +#else +#define __dead __attribute__((__noreturn__)) +#endif +#endif + +#ifdef _WIN32 +#define __warn_references(sym,msg) +#else + +#ifndef __warn_references + +#ifndef __STRING +#define __STRING(x) #x +#endif + +#if defined(__GNUC__) && defined (HAS_GNU_WARNING_LONG) +#define __warn_references(sym,msg) \ + __asm__(".section .gnu.warning." __STRING(sym) \ + "\n\t.ascii \"" msg "\"\n\t.text"); +#else +#define __warn_references(sym,msg) +#endif + +#endif /* __warn_references */ +#endif /* _WIN32 */ + +#endif diff --git a/include/compat/time.h b/include/compat/time.h new file mode 100644 index 0000000..540807d --- /dev/null +++ b/include/compat/time.h @@ -0,0 +1,60 @@ +/* + * Public domain + * sys/time.h compatibility shim + */ + +#ifdef _MSC_VER +#if _MSC_VER >= 1900 +#include <../ucrt/time.h> +#else +#include <../include/time.h> +#endif +#else +#include_next <time.h> +#endif + +#ifndef LIBCRYPTOCOMPAT_TIME_H +#define LIBCRYPTOCOMPAT_TIME_H + +#ifdef _WIN32 +struct tm *__gmtime_r(const time_t * t, struct tm * tm); +#define gmtime_r(tp, tm) __gmtime_r(tp, tm) +#endif + +#ifndef HAVE_TIMEGM +time_t timegm(struct tm *tm); +#endif + +#ifndef CLOCK_MONOTONIC +#define CLOCK_MONOTONIC CLOCK_REALTIME +#endif + +#ifndef CLOCK_REALTIME +#define CLOCK_REALTIME 0 +#endif + +#ifndef _WIN32 +#ifndef HAVE_CLOCK_GETTIME +typedef int clockid_t; +int clock_gettime(clockid_t clock_id, struct timespec *tp); +#endif + +#ifdef timespecsub +#define HAVE_TIMESPECSUB +#endif + +#ifndef HAVE_TIMESPECSUB +#define timespecsub(tsp, usp, vsp) \ + do { \ + (vsp)->tv_sec = (tsp)->tv_sec - (usp)->tv_sec; \ + (vsp)->tv_nsec = (tsp)->tv_nsec - (usp)->tv_nsec; \ + if ((vsp)->tv_nsec < 0) { \ + (vsp)->tv_sec--; \ + (vsp)->tv_nsec += 1000000000L; \ + } \ + } while (0) +#endif + +#endif + +#endif diff --git a/include/compat/unistd.h b/include/compat/unistd.h new file mode 100644 index 0000000..5e6ab1d --- /dev/null +++ b/include/compat/unistd.h @@ -0,0 +1,78 @@ +/* + * Public domain + * unistd.h compatibility shim + */ + +#ifndef LIBCRYPTOCOMPAT_UNISTD_H +#define LIBCRYPTOCOMPAT_UNISTD_H + +#ifndef _MSC_VER + +#include_next <unistd.h> + +#ifdef __MINGW32__ +int ftruncate(int fd, off_t length); +uid_t getuid(void); +ssize_t pread(int d, void *buf, size_t nbytes, off_t offset); +ssize_t pwrite(int d, const void *buf, size_t nbytes, off_t offset); +#endif + +#else + +#include <stdlib.h> +#include <io.h> +#include <process.h> + +#define STDOUT_FILENO 1 +#define STDERR_FILENO 2 + +#define R_OK 4 +#define W_OK 2 +#define X_OK 0 +#define F_OK 0 + +#define SEEK_SET 0 +#define SEEK_CUR 1 +#define SEEK_END 2 + +#define access _access + +#ifdef _MSC_VER +#include <windows.h> +static inline unsigned int sleep(unsigned int seconds) +{ + Sleep(seconds * 1000); + return seconds; +} +#endif + +int ftruncate(int fd, off_t length); +uid_t getuid(void); +ssize_t pread(int d, void *buf, size_t nbytes, off_t offset); +ssize_t pwrite(int d, const void *buf, size_t nbytes, off_t offset); + +#endif + +#ifndef HAVE_GETENTROPY +int getentropy(void *buf, size_t buflen); +#else +/* + * Solaris 11.3 adds getentropy(2), but defines the function in sys/random.h + */ +#if defined(__sun) +#include <sys/random.h> +#endif +#endif + +#ifndef HAVE_GETPAGESIZE +int getpagesize(void); +#endif + +#define pledge(request, paths) 0 +#define unveil(path, permissions) 0 + +#ifndef HAVE_PIPE2 +int pipe2(int fildes[2], int flags); +#endif + +#endif diff --git a/include/compat/win32netcompat.h b/include/compat/win32netcompat.h new file mode 100644 index 0000000..eabebe9 --- /dev/null +++ b/include/compat/win32netcompat.h @@ -0,0 +1,57 @@ +/* + * Public domain + * + * BSD socket emulation code for Winsock2 + * Brent Cook <bcook@openbsd.org> + */ + +#ifndef LIBCRYPTOCOMPAT_WIN32NETCOMPAT_H +#define LIBCRYPTOCOMPAT_WIN32NETCOMPAT_H + +#ifdef _WIN32 + +#include <ws2tcpip.h> +#include <errno.h> +#include <unistd.h> + +#ifndef SHUT_RDWR +#define SHUT_RDWR SD_BOTH +#endif +#ifndef SHUT_RD +#define SHUT_RD SD_RECEIVE +#endif +#ifndef SHUT_WR +#define SHUT_WR SD_SEND +#endif + +int posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen); + +int posix_open(const char *path, ...); + +int posix_close(int fd); + +ssize_t posix_read(int fd, void *buf, size_t count); + +ssize_t posix_write(int fd, const void *buf, size_t count); + +int posix_getsockopt(int sockfd, int level, int optname, + void *optval, socklen_t *optlen); + +int posix_setsockopt(int sockfd, int level, int optname, + const void *optval, socklen_t optlen); + +#ifndef NO_REDEF_POSIX_FUNCTIONS +#define connect(sockfd, addr, addrlen) posix_connect(sockfd, addr, addrlen) +#define open(path, ...) posix_open(path, __VA_ARGS__) +#define close(fd) posix_close(fd) +#define read(fd, buf, count) posix_read(fd, buf, count) +#define write(fd, buf, count) posix_write(fd, buf, count) +#define getsockopt(sockfd, level, optname, optval, optlen) \ + posix_getsockopt(sockfd, level, optname, optval, optlen) +#define setsockopt(sockfd, level, optname, optval, optlen) \ + posix_setsockopt(sockfd, level, optname, optval, optlen) +#endif + +#endif + +#endif diff --git a/include/tls.h b/include/tls.h new file mode 100644 index 0000000..de6d257 --- /dev/null +++ b/include/tls.h @@ -0,0 +1,226 @@ +/* $OpenBSD: tls.h,v 1.58 2020/01/22 06:44:02 beck Exp $ */ +/* + * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef HEADER_TLS_H +#define HEADER_TLS_H + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef _MSC_VER +#ifndef LIBRESSL_INTERNAL +#include <basetsd.h> +typedef SSIZE_T ssize_t; +#endif +#endif + +#include <sys/types.h> + +#include <stddef.h> +#include <stdint.h> + +#define TLS_API 20200120 + +#define TLS_PROTOCOL_TLSv1_0 (1 << 1) +#define TLS_PROTOCOL_TLSv1_1 (1 << 2) +#define TLS_PROTOCOL_TLSv1_2 (1 << 3) +#define TLS_PROTOCOL_TLSv1_3 (1 << 4) + +#define TLS_PROTOCOL_TLSv1 \ + (TLS_PROTOCOL_TLSv1_0|TLS_PROTOCOL_TLSv1_1|\ + TLS_PROTOCOL_TLSv1_2|TLS_PROTOCOL_TLSv1_3) + +#define TLS_PROTOCOLS_ALL TLS_PROTOCOL_TLSv1 +#define TLS_PROTOCOLS_DEFAULT (TLS_PROTOCOL_TLSv1_2|TLS_PROTOCOL_TLSv1_3) + +#define TLS_WANT_POLLIN -2 +#define TLS_WANT_POLLOUT -3 + +/* RFC 6960 Section 2.3 */ +#define TLS_OCSP_RESPONSE_SUCCESSFUL 0 +#define TLS_OCSP_RESPONSE_MALFORMED 1 +#define TLS_OCSP_RESPONSE_INTERNALERROR 2 +#define TLS_OCSP_RESPONSE_TRYLATER 3 +#define TLS_OCSP_RESPONSE_SIGREQUIRED 4 +#define TLS_OCSP_RESPONSE_UNAUTHORIZED 5 + +/* RFC 6960 Section 2.2 */ +#define TLS_OCSP_CERT_GOOD 0 +#define TLS_OCSP_CERT_REVOKED 1 +#define TLS_OCSP_CERT_UNKNOWN 2 + +/* RFC 5280 Section 5.3.1 */ +#define TLS_CRL_REASON_UNSPECIFIED 0 +#define TLS_CRL_REASON_KEY_COMPROMISE 1 +#define TLS_CRL_REASON_CA_COMPROMISE 2 +#define TLS_CRL_REASON_AFFILIATION_CHANGED 3 +#define TLS_CRL_REASON_SUPERSEDED 4 +#define TLS_CRL_REASON_CESSATION_OF_OPERATION 5 +#define TLS_CRL_REASON_CERTIFICATE_HOLD 6 +#define TLS_CRL_REASON_REMOVE_FROM_CRL 8 +#define TLS_CRL_REASON_PRIVILEGE_WITHDRAWN 9 +#define TLS_CRL_REASON_AA_COMPROMISE 10 + +#define TLS_MAX_SESSION_ID_LENGTH 32 +#define TLS_TICKET_KEY_SIZE 48 + +struct tls; +struct tls_config; + +typedef ssize_t (*tls_read_cb)(struct tls *_ctx, void *_buf, size_t _buflen, + void *_cb_arg); +typedef ssize_t (*tls_write_cb)(struct tls *_ctx, const void *_buf, + size_t _buflen, void *_cb_arg); + +int tls_init(void); + +const char *tls_config_error(struct tls_config *_config); +const char *tls_error(struct tls *_ctx); + +struct tls_config *tls_config_new(void); +void tls_config_free(struct tls_config *_config); + +const char *tls_default_ca_cert_file(void); + +int tls_config_add_keypair_file(struct tls_config *_config, + const char *_cert_file, const char *_key_file); +int tls_config_add_keypair_mem(struct tls_config *_config, const uint8_t *_cert, + size_t _cert_len, const uint8_t *_key, size_t _key_len); +int tls_config_add_keypair_ocsp_file(struct tls_config *_config, + const char *_cert_file, const char *_key_file, + const char *_ocsp_staple_file); +int tls_config_add_keypair_ocsp_mem(struct tls_config *_config, const uint8_t *_cert, + size_t _cert_len, const uint8_t *_key, size_t _key_len, + const uint8_t *_staple, size_t _staple_len); +int tls_config_set_alpn(struct tls_config *_config, const char *_alpn); +int tls_config_set_ca_file(struct tls_config *_config, const char *_ca_file); +int tls_config_set_ca_path(struct tls_config *_config, const char *_ca_path); +int tls_config_set_ca_mem(struct tls_config *_config, const uint8_t *_ca, + size_t _len); +int tls_config_set_cert_file(struct tls_config *_config, + const char *_cert_file); +int tls_config_set_cert_mem(struct tls_config *_config, const uint8_t *_cert, + size_t _len); +int tls_config_set_ciphers(struct tls_config *_config, const char *_ciphers); +int tls_config_set_crl_file(struct tls_config *_config, const char *_crl_file); +int tls_config_set_crl_mem(struct tls_config *_config, const uint8_t *_crl, + size_t _len); +int tls_config_set_dheparams(struct tls_config *_config, const char *_params); +int tls_config_set_ecdhecurve(struct tls_config *_config, const char *_curve); +int tls_config_set_ecdhecurves(struct tls_config *_config, const char *_curves); +int tls_config_set_key_file(struct tls_config *_config, const char *_key_file); +int tls_config_set_key_mem(struct tls_config *_config, const uint8_t *_key, + size_t _len); +int tls_config_set_keypair_file(struct tls_config *_config, + const char *_cert_file, const char *_key_file); +int tls_config_set_keypair_mem(struct tls_config *_config, const uint8_t *_cert, + size_t _cert_len, const uint8_t *_key, size_t _key_len); +int tls_config_set_keypair_ocsp_file(struct tls_config *_config, + const char *_cert_file, const char *_key_file, const char *_staple_file); +int tls_config_set_keypair_ocsp_mem(struct tls_config *_config, const uint8_t *_cert, + size_t _cert_len, const uint8_t *_key, size_t _key_len, + const uint8_t *_staple, size_t staple_len); +int tls_config_set_ocsp_staple_mem(struct tls_config *_config, + const uint8_t *_staple, size_t _len); +int tls_config_set_ocsp_staple_file(struct tls_config *_config, + const char *_staple_file); +int tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols); +int tls_config_set_session_fd(struct tls_config *_config, int _session_fd); +int tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth); + +void tls_config_prefer_ciphers_client(struct tls_config *_config); +void tls_config_prefer_ciphers_server(struct tls_config *_config); + +void tls_config_insecure_noverifycert(struct tls_config *_config); +void tls_config_insecure_noverifyname(struct tls_config *_config); +void tls_config_insecure_noverifytime(struct tls_config *_config); +void tls_config_verify(struct tls_config *_config); + +void tls_config_ocsp_require_stapling(struct tls_config *_config); +void tls_config_verify_client(struct tls_config *_config); +void tls_config_verify_client_optional(struct tls_config *_config); + +void tls_config_clear_keys(struct tls_config *_config); +int tls_config_parse_protocols(uint32_t *_protocols, const char *_protostr); + +int tls_config_set_session_id(struct tls_config *_config, + const unsigned char *_session_id, size_t _len); +int tls_config_set_session_lifetime(struct tls_config *_config, int _lifetime); +int tls_config_add_ticket_key(struct tls_config *_config, uint32_t _keyrev, + unsigned char *_key, size_t _keylen); + +struct tls *tls_client(void); +struct tls *tls_server(void); +int tls_configure(struct tls *_ctx, struct tls_config *_config); +void tls_reset(struct tls *_ctx); +void tls_free(struct tls *_ctx); + +int tls_accept_fds(struct tls *_ctx, struct tls **_cctx, int _fd_read, + int _fd_write); +int tls_accept_socket(struct tls *_ctx, struct tls **_cctx, int _socket); +int tls_accept_cbs(struct tls *_ctx, struct tls **_cctx, + tls_read_cb _read_cb, tls_write_cb _write_cb, void *_cb_arg); +int tls_connect(struct tls *_ctx, const char *_host, const char *_port); +int tls_connect_fds(struct tls *_ctx, int _fd_read, int _fd_write, + const char *_servername); +int tls_connect_servername(struct tls *_ctx, const char *_host, + const char *_port, const char *_servername); +int tls_connect_socket(struct tls *_ctx, int _s, const char *_servername); +int tls_connect_cbs(struct tls *_ctx, tls_read_cb _read_cb, + tls_write_cb _write_cb, void *_cb_arg, const char *_servername); +int tls_handshake(struct tls *_ctx); +ssize_t tls_read(struct tls *_ctx, void *_buf, size_t _buflen); +ssize_t tls_write(struct tls *_ctx, const void *_buf, size_t _buflen); +int tls_close(struct tls *_ctx); + +int tls_peer_cert_provided(struct tls *_ctx); +int tls_peer_cert_contains_name(struct tls *_ctx, const char *_name); + +const char *tls_peer_cert_hash(struct tls *_ctx); +const char *tls_peer_cert_issuer(struct tls *_ctx); +const char *tls_peer_cert_subject(struct tls *_ctx); +time_t tls_peer_cert_notbefore(struct tls *_ctx); +time_t tls_peer_cert_notafter(struct tls *_ctx); +const uint8_t *tls_peer_cert_chain_pem(struct tls *_ctx, size_t *_len); + +const char *tls_conn_alpn_selected(struct tls *_ctx); +const char *tls_conn_cipher(struct tls *_ctx); +int tls_conn_cipher_strength(struct tls *_ctx); +const char *tls_conn_servername(struct tls *_ctx); +int tls_conn_session_resumed(struct tls *_ctx); +const char *tls_conn_version(struct tls *_ctx); + +uint8_t *tls_load_file(const char *_file, size_t *_len, char *_password); +void tls_unload_file(uint8_t *_buf, size_t len); + +int tls_ocsp_process_response(struct tls *_ctx, const unsigned char *_response, + size_t _size); +int tls_peer_ocsp_cert_status(struct tls *_ctx); +int tls_peer_ocsp_crl_reason(struct tls *_ctx); +time_t tls_peer_ocsp_next_update(struct tls *_ctx); +int tls_peer_ocsp_response_status(struct tls *_ctx); +const char *tls_peer_ocsp_result(struct tls *_ctx); +time_t tls_peer_ocsp_revocation_time(struct tls *_ctx); +time_t tls_peer_ocsp_this_update(struct tls *_ctx); +const char *tls_peer_ocsp_url(struct tls *_ctx); + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_TLS_H */ diff --git a/libtls.pc.in b/libtls.pc.in new file mode 100644 index 0000000..82a6a71 --- /dev/null +++ b/libtls.pc.in @@ -0,0 +1,16 @@ +#libtls pkg-config source file + +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ + +Name: LibreSSL-libtls +Description: Secure communications using the TLS socket protocol. +Version: @VERSION@ +Requires: +Requires.private: libcrypto libssl +Conflicts: +Libs: -L${libdir} -ltls +Libs.private: @LIBS@ -lcrypto -lssl @PLATFORM_LDADD@ +Cflags: -I${includedir} diff --git a/m4/check-hardening-options.m4 b/m4/check-hardening-options.m4 new file mode 100644 index 0000000..3ffdb1a --- /dev/null +++ b/m4/check-hardening-options.m4 @@ -0,0 +1,109 @@ + +AC_DEFUN([CHECK_CFLAG], [ + AC_LANG_ASSERT(C) + AC_MSG_CHECKING([if $saved_CC supports "$1"]) + old_cflags="$CFLAGS" + CFLAGS="$1 -Wall -Werror" + AC_TRY_LINK([ + #include <stdio.h> + ], + [printf("Hello")], + AC_MSG_RESULT([yes]) + CFLAGS=$old_cflags + HARDEN_CFLAGS="$HARDEN_CFLAGS $1", + AC_MSG_RESULT([no]) + CFLAGS=$old_cflags + [$2]) +]) + +AC_DEFUN([CHECK_LDFLAG], [ + AC_LANG_ASSERT(C) + AC_MSG_CHECKING([if $saved_LD supports "$1"]) + old_ldflags="$LDFLAGS" + LDFLAGS="$1 -Wall -Werror" + AC_TRY_LINK([ + #include <stdio.h> + ], + [printf("Hello")], + AC_MSG_RESULT([yes]) + LDFLAGS=$old_ldflags + HARDEN_LDFLAGS="$HARDEN_LDFLAGS $1", + AC_MSG_RESULT([no]) + LDFLAGS=$old_ldflags + [$2]) +]) + +AC_DEFUN([DISABLE_AS_EXECUTABLE_STACK], [ + save_cflags="$CFLAGS" + CFLAGS= + AC_MSG_CHECKING([whether AS supports .note.GNU-stack]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ + __asm__(".section .note.GNU-stack,\"\",@progbits");]])], + [AC_MSG_RESULT([yes])] + [AM_CFLAGS=-DHAVE_GNU_STACK], + [AC_MSG_RESULT([no])] + ) + CFLAGS="$save_cflags $AM_CFLAGS" +]) + + +AC_DEFUN([CHECK_C_HARDENING_OPTIONS], [ + + AC_ARG_ENABLE([hardening], + [AS_HELP_STRING([--disable-hardening], + [Disable options to frustrate memory corruption exploits])], + [], [enable_hardening=yes]) + + AC_ARG_ENABLE([windows-ssp], + [AS_HELP_STRING([--enable-windows-ssp], + [Enable building the stack smashing protection on + Windows. This currently distributing libssp-0.dll.])]) + + # We want to check for compiler flag support. Prior to clang v5.1, there was no + # way to make clang's "argument unused" warning fatal. So we invoke the + # compiler through a wrapper script that greps for this message. + saved_CC="$CC" + saved_LD="$LD" + flag_wrap="$srcdir/scripts/wrap-compiler-for-flag-check" + CC="$flag_wrap $CC" + LD="$flag_wrap $LD" + + AS_IF([test "x$enable_hardening" = "xyes"], [ + # Tell GCC to NOT optimize based on signed arithmetic overflow + CHECK_CFLAG([[-fno-strict-overflow]]) + + # _FORTIFY_SOURCE replaces builtin functions with safer versions. + CHECK_CFLAG([[-D_FORTIFY_SOURCE=2]]) + + # Enable read only relocations + CHECK_LDFLAG([[-Wl,-z,relro]]) + CHECK_LDFLAG([[-Wl,-z,now]]) + + # Windows security flags + AS_IF([test "x$HOST_OS" = "xwin"], [ + CHECK_LDFLAG([[-Wl,--nxcompat]]) + CHECK_LDFLAG([[-Wl,--dynamicbase]]) + CHECK_LDFLAG([[-Wl,--high-entropy-va]]) + ]) + + # Use stack-protector-strong if available; if not, fallback to + # stack-protector-all which is considered to be overkill + AS_IF([test "x$enable_windows_ssp" = "xyes" -o "x$HOST_OS" != "xwin"], [ + CHECK_CFLAG([[-fstack-protector-strong]], + CHECK_CFLAG([[-fstack-protector-all]], + AC_MSG_WARN([compiler does not appear to support stack protection]) + ) + ) + AS_IF([test "x$HOST_OS" = "xwin"], [ + AC_SEARCH_LIBS([__stack_chk_guard],[ssp]) + ]) + ]) + ]) + + # Restore CC, LD + CC="$saved_CC" + LD="$saved_LD" + + CFLAGS="$CFLAGS $HARDEN_CFLAGS" + LDFLAGS="$LDFLAGS $HARDEN_LDFLAGS" +]) diff --git a/m4/check-libc.m4 b/m4/check-libc.m4 new file mode 100644 index 0000000..e511f6d --- /dev/null +++ b/m4/check-libc.m4 @@ -0,0 +1,169 @@ +AC_DEFUN([CHECK_LIBC_COMPAT], [ +# Check for libc headers +AC_CHECK_HEADERS([err.h readpassphrase.h]) +# Check for general libc functions +AC_CHECK_FUNCS([asprintf freezero memmem]) +AC_CHECK_FUNCS([readpassphrase reallocarray recallocarray]) +AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strsep strtonum]) +AC_CHECK_FUNCS([timegm _mkgmtime timespecsub]) +AC_CHECK_FUNCS([getprogname syslog syslog_r]) +AC_CACHE_CHECK([for getpagesize], ac_cv_func_getpagesize, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ +// Since Android NDK v16 getpagesize is defined as inline inside unistd.h +#ifdef __ANDROID__ +# include <unistd.h> +#endif + ]], [[ + getpagesize(); +]])], + [ ac_cv_func_getpagesize="yes" ], + [ ac_cv_func_getpagesize="no" + ]) +]) +AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes]) +AM_CONDITIONAL([HAVE_FREEZERO], [test "x$ac_cv_func_freezero" = xyes]) +AM_CONDITIONAL([HAVE_GETPAGESIZE], [test "x$ac_cv_func_getpagesize" = xyes]) +AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes]) +AM_CONDITIONAL([HAVE_READPASSPHRASE], [test "x$ac_cv_func_readpassphrase" = xyes]) +AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes]) +AM_CONDITIONAL([HAVE_RECALLOCARRAY], [test "x$ac_cv_func_recallocarray" = xyes]) +AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes]) +AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes]) +AM_CONDITIONAL([HAVE_STRNDUP], [test "x$ac_cv_func_strndup" = xyes]) +AM_CONDITIONAL([HAVE_STRNLEN], [test "x$ac_cv_func_strnlen" = xyes]) +AM_CONDITIONAL([HAVE_STRSEP], [test "x$ac_cv_func_strsep" = xyes]) +AM_CONDITIONAL([HAVE_STRTONUM], [test "x$ac_cv_func_strtonum" = xyes]) +AM_CONDITIONAL([HAVE_TIMEGM], [test "x$ac_cv_func_timegm" = xyes]) +AM_CONDITIONAL([HAVE_GETPROGNAME], [test "x$ac_cv_func_getprogname" = xyes]) +AM_CONDITIONAL([HAVE_SYSLOG], [test "x$ac_cv_func_syslog" = xyes]) +AM_CONDITIONAL([HAVE_SYSLOG_R], [test "x$ac_cv_func_syslog_r" = xyes]) +]) + +AC_DEFUN([CHECK_SYSCALL_COMPAT], [ +AC_CHECK_FUNCS([accept4 pipe2 pledge poll socketpair]) +AM_CONDITIONAL([HAVE_ACCEPT4], [test "x$ac_cv_func_accept4" = xyes]) +AM_CONDITIONAL([HAVE_PIPE2], [test "x$ac_cv_func_pipe2" = xyes]) +AM_CONDITIONAL([HAVE_PLEDGE], [test "x$ac_cv_func_pledge" = xyes]) +AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes]) +AM_CONDITIONAL([HAVE_SOCKETPAIR], [test "x$ac_cv_func_socketpair" = xyes]) +]) + +AC_DEFUN([CHECK_B64_NTOP], [ +AC_SEARCH_LIBS([b64_ntop],[resolv]) +AC_SEARCH_LIBS([__b64_ntop],[resolv]) +AC_CACHE_CHECK([for b64_ntop], ac_cv_have_b64_ntop_arg, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> +#include <resolv.h> + ]], [[ b64_ntop(NULL, 0, NULL, 0); ]])], + [ ac_cv_have_b64_ntop_arg="yes" ], + [ ac_cv_have_b64_ntop_arg="no" + ]) +]) +AM_CONDITIONAL([HAVE_B64_NTOP], [test "x$ac_cv_func_b64_ntop_arg" = xyes]) +]) + +AC_DEFUN([CHECK_CRYPTO_COMPAT], [ +# Check crypto-related libc functions and syscalls +AC_CHECK_FUNCS([arc4random arc4random_buf arc4random_uniform]) +AC_CHECK_FUNCS([explicit_bzero getauxval]) + +AC_CACHE_CHECK([for getentropy], ac_cv_func_getentropy, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ +#include <sys/types.h> +#include <unistd.h> + +/* + * Explanation: + * + * - iOS <= 10.1 fails because of missing sys/random.h + * + * - in macOS 10.12 getentropy is not tagged as introduced in + * 10.12 so we cannot use it for target < 10.12 + */ +#ifdef __APPLE__ +# include <AvailabilityMacros.h> +# include <TargetConditionals.h> + +# if (TARGET_OS_IPHONE || TARGET_OS_SIMULATOR) +# include <sys/random.h> /* Not available as of iOS <= 10.1 */ +# else + +# include <sys/random.h> /* Pre 10.12 systems should die here */ + +/* Based on: https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21 */ +# ifndef MAC_OS_X_VERSION_10_12 +# define MAC_OS_X_VERSION_10_12 101200 /* Robustness */ +# endif +# if defined(MAC_OS_X_VERSION_MIN_REQUIRED) +# if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12 +# error "Targeting on Mac OSX 10.11 or earlier" +# endif +# endif + +# endif +#endif /* __APPLE__ */ + ]], [[ + char buffer; + (void)getentropy(&buffer, sizeof (buffer)); +]])], + [ ac_cv_func_getentropy="yes" ], + [ ac_cv_func_getentropy="no" + ]) +]) + +AC_CHECK_FUNCS([timingsafe_bcmp timingsafe_memcmp]) +AM_CONDITIONAL([HAVE_ARC4RANDOM], [test "x$ac_cv_func_arc4random" = xyes]) +AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], [test "x$ac_cv_func_arc4random_buf" = xyes]) +AM_CONDITIONAL([HAVE_ARC4RANDOM_UNIFORM], [test "x$ac_cv_func_arc4random_uniform" = xyes]) +AM_CONDITIONAL([HAVE_EXPLICIT_BZERO], [test "x$ac_cv_func_explicit_bzero" = xyes]) +AM_CONDITIONAL([HAVE_GETENTROPY], [test "x$ac_cv_func_getentropy" = xyes]) +AM_CONDITIONAL([HAVE_TIMINGSAFE_BCMP], [test "x$ac_cv_func_timingsafe_bcmp" = xyes]) +AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp" = xyes]) + +# Override arc4random_buf implementations with known issues +AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], + [test "x$USE_BUILTIN_ARC4RANDOM" != xyes \ + -a "x$ac_cv_func_arc4random_buf" = xyes]) + +# Check for getentropy fallback dependencies +AC_CHECK_FUNCS([getauxval]) +AC_SEARCH_LIBS([dl_iterate_phdr],[dl]) +AC_CHECK_FUNCS([dl_iterate_phdr]) + +AC_SEARCH_LIBS([pthread_once],[pthread]) +AC_SEARCH_LIBS([pthread_mutex_lock],[pthread]) +AC_SEARCH_LIBS([clock_gettime],[rt posix4]) +AC_CHECK_FUNCS([clock_gettime]) +AM_CONDITIONAL([HAVE_CLOCK_GETTIME], [test "x$ac_cv_func_clock_gettime" = xyes]) +]) + +AC_DEFUN([CHECK_VA_COPY], [ +AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ +#include <stdarg.h> +va_list x,y; + ]], [[ va_copy(x,y); ]])], + [ ac_cv_have_va_copy="yes" ], + [ ac_cv_have_va_copy="no" + ]) +]) +if test "x$ac_cv_have_va_copy" = "xyes" ; then + AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists]) +fi + +AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ +#include <stdarg.h> +va_list x,y; + ]], [[ __va_copy(x,y); ]])], + [ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no" + ]) +]) +if test "x$ac_cv_have___va_copy" = "xyes" ; then + AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists]) +fi +]) diff --git a/m4/check-os-options.m4 b/m4/check-os-options.m4 new file mode 100644 index 0000000..8241aee --- /dev/null +++ b/m4/check-os-options.m4 @@ -0,0 +1,142 @@ +AC_DEFUN([CHECK_OS_OPTIONS], [ + +CFLAGS="$CFLAGS -Wall -std=gnu99 -fno-strict-aliasing" +BUILD_NC=yes + +case $host_os in + *aix*) + HOST_OS=aix + if test "`echo $CC | cut -d ' ' -f 1`" != "gcc" ; then + CFLAGS="-qnoansialias $USER_CFLAGS" + fi + AC_SUBST([PLATFORM_LDADD], ['-lperfstat']) + ;; + *cygwin*) + HOST_OS=cygwin + CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE" + ;; + *darwin*) + HOST_OS=darwin + HOST_ABI=macosx + # + # Don't use arc4random on systems before 10.12 because of + # weak seed on failure to open /dev/random, based on latest + # public source: + # http://www.opensource.apple.com/source/Libc/Libc-997.90.3/gen/FreeBSD/arc4random.c + # + # We use the presence of getentropy() to detect 10.12. The + # following check take into account that: + # + # - iOS <= 10.1 fails because of missing getentropy and + # hence they miss sys/random.h + # + # - in macOS 10.12 getentropy is not tagged as introduced in + # 10.12 so we cannot use it for target < 10.12 + # + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include <AvailabilityMacros.h> +#include <unistd.h> +#include <sys/random.h> /* Systems without getentropy() should die here */ + +/* Based on: https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21 */ +#ifndef MAC_OS_X_VERSION_10_12 +# define MAC_OS_X_VERSION_10_12 101200 +#endif +#if defined(MAC_OS_X_VERSION_MIN_REQUIRED) +# if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12 +# error "Running on Mac OSX 10.11 or earlier" +# endif +#endif + ]], [[ +char buf[1]; getentropy(buf, 1); + ]])], + [ USE_BUILTIN_ARC4RANDOM=no ], + [ USE_BUILTIN_ARC4RANDOM=yes ] + ) + AC_MSG_CHECKING([whether to use builtin arc4random]) + AC_MSG_RESULT([$USE_BUILTIN_ARC4RANDOM]) + # Not available on iOS + AC_CHECK_HEADER([arpa/telnet.h], [], [BUILD_NC=no]) + ;; + *freebsd*) + HOST_OS=freebsd + HOST_ABI=elf + # fork detection missing, weak seed on failure + # https://svnweb.freebsd.org/base/head/lib/libc/gen/arc4random.c?revision=268642&view=markup + USE_BUILTIN_ARC4RANDOM=yes + AC_SUBST([PROG_LDADD], ['-lthr']) + ;; + *hpux*) + HOST_OS=hpux; + if test "`echo $CC | cut -d ' ' -f 1`" = "gcc" ; then + CFLAGS="$CFLAGS -mlp64" + else + CFLAGS="-g -O2 +DD64 +Otype_safety=off $USER_CFLAGS" + fi + CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT" + ;; + *linux*) + HOST_OS=linux + HOST_ABI=elf + CPPFLAGS="$CPPFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE" + ;; + *midipix*) + HOST_OS=midipix + CPPFLAGS="$CPPFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE" + ;; + *netbsd*) + HOST_OS=netbsd + HOST_ABI=elf + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include <sys/param.h> +#if __NetBSD_Version__ < 700000001 + undefined +#endif + ]], [[]])], + [ USE_BUILTIN_ARC4RANDOM=no ], + [ USE_BUILTIN_ARC4RANDOM=yes ] + ) + CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE" + ;; + *openbsd* | *bitrig*) + HOST_OS=openbsd + HOST_ABI=elf + AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD gcc has bounded]) + AC_DEFINE([HAVE_ATTRIBUTE__DEAD], [1], [OpenBSD gcc has __dead]) + ;; + *mingw*) + HOST_OS=win + HOST_ABI=mingw64 + BUILD_NC=no + CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D__USE_MINGW_ANSI_STDIO" + CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS" + CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600" + CPPFLAGS="$CPPFLAGS" + AC_SUBST([PLATFORM_LDADD], ['-lws2_32']) + ;; + *solaris*) + HOST_OS=solaris + HOST_ABI=elf + CPPFLAGS="$CPPFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP" + AC_SUBST([PLATFORM_LDADD], ['-ldl -lnsl -lsocket']) + ;; + *) ;; +esac + +AC_ARG_ENABLE([nc], + AS_HELP_STRING([--enable-nc], [Enable installing TLS-enabled nc(1)])) +AM_CONDITIONAL([ENABLE_NC], [test "x$enable_nc" = xyes]) +AM_CONDITIONAL([BUILD_NC], [test x$BUILD_NC = xyes -o "x$enable_nc" = xyes]) + +AM_CONDITIONAL([HOST_AIX], [test x$HOST_OS = xaix]) +AM_CONDITIONAL([HOST_CYGWIN], [test x$HOST_OS = xcygwin]) +AM_CONDITIONAL([HOST_DARWIN], [test x$HOST_OS = xdarwin]) +AM_CONDITIONAL([HOST_FREEBSD], [test x$HOST_OS = xfreebsd]) +AM_CONDITIONAL([HOST_HPUX], [test x$HOST_OS = xhpux]) +AM_CONDITIONAL([HOST_LINUX], [test x$HOST_OS = xlinux]) +AM_CONDITIONAL([HOST_MIDIPIX], [test x$HOST_OS = xmidipix]) +AM_CONDITIONAL([HOST_NETBSD], [test x$HOST_OS = xnetbsd]) +AM_CONDITIONAL([HOST_OPENBSD], [test x$HOST_OS = xopenbsd]) +AM_CONDITIONAL([HOST_SOLARIS], [test x$HOST_OS = xsolaris]) +AM_CONDITIONAL([HOST_WIN], [test x$HOST_OS = xwin]) +]) diff --git a/m4/disable-compiler-warnings.m4 b/m4/disable-compiler-warnings.m4 new file mode 100644 index 0000000..2792722 --- /dev/null +++ b/m4/disable-compiler-warnings.m4 @@ -0,0 +1,29 @@ +AC_DEFUN([DISABLE_COMPILER_WARNINGS], [ +# Clang throws a lot of warnings when it does not understand a flag. Disable +# this warning for now so other warnings are visible. +AC_MSG_CHECKING([if compiling with clang]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [[ +#ifndef __clang__ + not clang +#endif + ]])], + [CLANG=yes], + [CLANG=no] +) +AC_MSG_RESULT([$CLANG]) +AS_IF([test "x$CLANG" = "xyes"], [CLANG_FLAGS=-Qunused-arguments]) +CFLAGS="$CFLAGS $CLANG_FLAGS" +LDFLAGS="$LDFLAGS $CLANG_FLAGS" + +# Removing the dependency on -Wno-pointer-sign should be a goal. These are +# largely unsigned char */char* mismatches in asn1 functions. +save_cflags="$CFLAGS" +CFLAGS=-Wno-pointer-sign +AC_MSG_CHECKING([whether CC supports -Wno-pointer-sign]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], + [AC_MSG_RESULT([yes])] + [AM_CFLAGS=-Wno-pointer-sign], + [AC_MSG_RESULT([no])] +) +CFLAGS="$save_cflags $AM_CFLAGS" +]) diff --git a/man/Makefile.am b/man/Makefile.am new file mode 100644 index 0000000..e169064 --- /dev/null +++ b/man/Makefile.am @@ -0,0 +1,5611 @@ +EXTRA_DIST = CMakeLists.txt +dist_man3_MANS = +dist_man5_MANS = +dist_man3_MANS += BIO_f_ssl.3 +dist_man3_MANS += DTLSv1_listen.3 +dist_man3_MANS += OPENSSL_init_ssl.3 +dist_man3_MANS += PEM_read_SSL_SESSION.3 +dist_man3_MANS += SSL_CIPHER_get_name.3 +dist_man3_MANS += SSL_COMP_add_compression_method.3 +dist_man3_MANS += SSL_CTX_add1_chain_cert.3 +dist_man3_MANS += SSL_CTX_add_extra_chain_cert.3 +dist_man3_MANS += SSL_CTX_add_session.3 +dist_man3_MANS += SSL_CTX_ctrl.3 +dist_man3_MANS += SSL_CTX_flush_sessions.3 +dist_man3_MANS += SSL_CTX_free.3 +dist_man3_MANS += SSL_CTX_get0_certificate.3 +dist_man3_MANS += SSL_CTX_get_ex_new_index.3 +dist_man3_MANS += SSL_CTX_get_verify_mode.3 +dist_man3_MANS += SSL_CTX_load_verify_locations.3 +dist_man3_MANS += SSL_CTX_new.3 +dist_man3_MANS += SSL_CTX_sess_number.3 +dist_man3_MANS += SSL_CTX_sess_set_cache_size.3 +dist_man3_MANS += SSL_CTX_sess_set_get_cb.3 +dist_man3_MANS += SSL_CTX_sessions.3 +dist_man3_MANS += SSL_CTX_set1_groups.3 +dist_man3_MANS += SSL_CTX_set_alpn_select_cb.3 +dist_man3_MANS += SSL_CTX_set_cert_store.3 +dist_man3_MANS += SSL_CTX_set_cert_verify_callback.3 +dist_man3_MANS += SSL_CTX_set_cipher_list.3 +dist_man3_MANS += SSL_CTX_set_client_CA_list.3 +dist_man3_MANS += SSL_CTX_set_client_cert_cb.3 +dist_man3_MANS += SSL_CTX_set_default_passwd_cb.3 +dist_man3_MANS += SSL_CTX_set_generate_session_id.3 +dist_man3_MANS += SSL_CTX_set_info_callback.3 +dist_man3_MANS += SSL_CTX_set_max_cert_list.3 +dist_man3_MANS += SSL_CTX_set_min_proto_version.3 +dist_man3_MANS += SSL_CTX_set_mode.3 +dist_man3_MANS += SSL_CTX_set_msg_callback.3 +dist_man3_MANS += SSL_CTX_set_options.3 +dist_man3_MANS += SSL_CTX_set_quiet_shutdown.3 +dist_man3_MANS += SSL_CTX_set_read_ahead.3 +dist_man3_MANS += SSL_CTX_set_session_cache_mode.3 +dist_man3_MANS += SSL_CTX_set_session_id_context.3 +dist_man3_MANS += SSL_CTX_set_ssl_version.3 +dist_man3_MANS += SSL_CTX_set_timeout.3 +dist_man3_MANS += SSL_CTX_set_tlsext_servername_callback.3 +dist_man3_MANS += SSL_CTX_set_tlsext_status_cb.3 +dist_man3_MANS += SSL_CTX_set_tlsext_ticket_key_cb.3 +dist_man3_MANS += SSL_CTX_set_tlsext_use_srtp.3 +dist_man3_MANS += SSL_CTX_set_tmp_dh_callback.3 +dist_man3_MANS += SSL_CTX_set_tmp_rsa_callback.3 +dist_man3_MANS += SSL_CTX_set_verify.3 +dist_man3_MANS += SSL_CTX_use_certificate.3 +dist_man3_MANS += SSL_SESSION_free.3 +dist_man3_MANS += SSL_SESSION_get0_peer.3 +dist_man3_MANS += SSL_SESSION_get_compress_id.3 +dist_man3_MANS += SSL_SESSION_get_ex_new_index.3 +dist_man3_MANS += SSL_SESSION_get_id.3 +dist_man3_MANS += SSL_SESSION_get_protocol_version.3 +dist_man3_MANS += SSL_SESSION_get_time.3 +dist_man3_MANS += SSL_SESSION_has_ticket.3 +dist_man3_MANS += SSL_SESSION_new.3 +dist_man3_MANS += SSL_SESSION_print.3 +dist_man3_MANS += SSL_SESSION_set1_id_context.3 +dist_man3_MANS += SSL_accept.3 +dist_man3_MANS += SSL_alert_type_string.3 +dist_man3_MANS += SSL_clear.3 +dist_man3_MANS += SSL_connect.3 +dist_man3_MANS += SSL_copy_session_id.3 +dist_man3_MANS += SSL_do_handshake.3 +dist_man3_MANS += SSL_dup.3 +dist_man3_MANS += SSL_dup_CA_list.3 +dist_man3_MANS += SSL_export_keying_material.3 +dist_man3_MANS += SSL_free.3 +dist_man3_MANS += SSL_get_SSL_CTX.3 +dist_man3_MANS += SSL_get_certificate.3 +dist_man3_MANS += SSL_get_ciphers.3 +dist_man3_MANS += SSL_get_client_CA_list.3 +dist_man3_MANS += SSL_get_client_random.3 +dist_man3_MANS += SSL_get_current_cipher.3 +dist_man3_MANS += SSL_get_default_timeout.3 +dist_man3_MANS += SSL_get_error.3 +dist_man3_MANS += SSL_get_ex_data_X509_STORE_CTX_idx.3 +dist_man3_MANS += SSL_get_ex_new_index.3 +dist_man3_MANS += SSL_get_fd.3 +dist_man3_MANS += SSL_get_peer_cert_chain.3 +dist_man3_MANS += SSL_get_peer_certificate.3 +dist_man3_MANS += SSL_get_rbio.3 +dist_man3_MANS += SSL_get_server_tmp_key.3 +dist_man3_MANS += SSL_get_session.3 +dist_man3_MANS += SSL_get_shared_ciphers.3 +dist_man3_MANS += SSL_get_state.3 +dist_man3_MANS += SSL_get_verify_result.3 +dist_man3_MANS += SSL_get_version.3 +dist_man3_MANS += SSL_library_init.3 +dist_man3_MANS += SSL_load_client_CA_file.3 +dist_man3_MANS += SSL_new.3 +dist_man3_MANS += SSL_num_renegotiations.3 +dist_man3_MANS += SSL_pending.3 +dist_man3_MANS += SSL_read.3 +dist_man3_MANS += SSL_renegotiate.3 +dist_man3_MANS += SSL_rstate_string.3 +dist_man3_MANS += SSL_session_reused.3 +dist_man3_MANS += SSL_set1_param.3 +dist_man3_MANS += SSL_set_bio.3 +dist_man3_MANS += SSL_set_connect_state.3 +dist_man3_MANS += SSL_set_fd.3 +dist_man3_MANS += SSL_set_max_send_fragment.3 +dist_man3_MANS += SSL_set_session.3 +dist_man3_MANS += SSL_set_shutdown.3 +dist_man3_MANS += SSL_set_tmp_ecdh.3 +dist_man3_MANS += SSL_set_verify_result.3 +dist_man3_MANS += SSL_shutdown.3 +dist_man3_MANS += SSL_state_string.3 +dist_man3_MANS += SSL_want.3 +dist_man3_MANS += SSL_write.3 +dist_man3_MANS += d2i_SSL_SESSION.3 +dist_man3_MANS += ssl.3 +dist_man3_MANS += ACCESS_DESCRIPTION_new.3 +dist_man3_MANS += AES_encrypt.3 +dist_man3_MANS += ASN1_INTEGER_get.3 +dist_man3_MANS += ASN1_OBJECT_new.3 +dist_man3_MANS += ASN1_STRING_TABLE_add.3 +dist_man3_MANS += ASN1_STRING_length.3 +dist_man3_MANS += ASN1_STRING_new.3 +dist_man3_MANS += ASN1_STRING_print_ex.3 +dist_man3_MANS += ASN1_TIME_set.3 +dist_man3_MANS += ASN1_TYPE_get.3 +dist_man3_MANS += ASN1_generate_nconf.3 +dist_man3_MANS += ASN1_item_d2i.3 +dist_man3_MANS += ASN1_item_new.3 +dist_man3_MANS += ASN1_put_object.3 +dist_man3_MANS += ASN1_time_parse.3 +dist_man3_MANS += AUTHORITY_KEYID_new.3 +dist_man3_MANS += BASIC_CONSTRAINTS_new.3 +dist_man3_MANS += BF_set_key.3 +dist_man3_MANS += BIO_ctrl.3 +dist_man3_MANS += BIO_f_base64.3 +dist_man3_MANS += BIO_f_buffer.3 +dist_man3_MANS += BIO_f_cipher.3 +dist_man3_MANS += BIO_f_md.3 +dist_man3_MANS += BIO_f_null.3 +dist_man3_MANS += BIO_find_type.3 +dist_man3_MANS += BIO_get_data.3 +dist_man3_MANS += BIO_get_ex_new_index.3 +dist_man3_MANS += BIO_meth_new.3 +dist_man3_MANS += BIO_new.3 +dist_man3_MANS += BIO_new_CMS.3 +dist_man3_MANS += BIO_printf.3 +dist_man3_MANS += BIO_push.3 +dist_man3_MANS += BIO_read.3 +dist_man3_MANS += BIO_s_accept.3 +dist_man3_MANS += BIO_s_bio.3 +dist_man3_MANS += BIO_s_connect.3 +dist_man3_MANS += BIO_s_fd.3 +dist_man3_MANS += BIO_s_file.3 +dist_man3_MANS += BIO_s_mem.3 +dist_man3_MANS += BIO_s_null.3 +dist_man3_MANS += BIO_s_socket.3 +dist_man3_MANS += BIO_set_callback.3 +dist_man3_MANS += BIO_should_retry.3 +dist_man3_MANS += BN_BLINDING_new.3 +dist_man3_MANS += BN_CTX_new.3 +dist_man3_MANS += BN_CTX_start.3 +dist_man3_MANS += BN_add.3 +dist_man3_MANS += BN_add_word.3 +dist_man3_MANS += BN_bn2bin.3 +dist_man3_MANS += BN_cmp.3 +dist_man3_MANS += BN_copy.3 +dist_man3_MANS += BN_generate_prime.3 +dist_man3_MANS += BN_get0_nist_prime_521.3 +dist_man3_MANS += BN_mod_inverse.3 +dist_man3_MANS += BN_mod_mul_montgomery.3 +dist_man3_MANS += BN_mod_mul_reciprocal.3 +dist_man3_MANS += BN_new.3 +dist_man3_MANS += BN_num_bytes.3 +dist_man3_MANS += BN_rand.3 +dist_man3_MANS += BN_set_bit.3 +dist_man3_MANS += BN_set_flags.3 +dist_man3_MANS += BN_set_negative.3 +dist_man3_MANS += BN_swap.3 +dist_man3_MANS += BN_zero.3 +dist_man3_MANS += BUF_MEM_new.3 +dist_man3_MANS += CMS_ContentInfo_new.3 +dist_man3_MANS += CMS_add0_cert.3 +dist_man3_MANS += CMS_add1_recipient_cert.3 +dist_man3_MANS += CMS_add1_signer.3 +dist_man3_MANS += CMS_compress.3 +dist_man3_MANS += CMS_decrypt.3 +dist_man3_MANS += CMS_encrypt.3 +dist_man3_MANS += CMS_final.3 +dist_man3_MANS += CMS_get0_RecipientInfos.3 +dist_man3_MANS += CMS_get0_SignerInfos.3 +dist_man3_MANS += CMS_get0_type.3 +dist_man3_MANS += CMS_get1_ReceiptRequest.3 +dist_man3_MANS += CMS_sign.3 +dist_man3_MANS += CMS_sign_receipt.3 +dist_man3_MANS += CMS_uncompress.3 +dist_man3_MANS += CMS_verify.3 +dist_man3_MANS += CMS_verify_receipt.3 +dist_man3_MANS += CONF_modules_free.3 +dist_man3_MANS += CONF_modules_load_file.3 +dist_man3_MANS += CRYPTO_get_mem_functions.3 +dist_man3_MANS += CRYPTO_lock.3 +dist_man3_MANS += CRYPTO_memcmp.3 +dist_man3_MANS += CRYPTO_set_ex_data.3 +dist_man3_MANS += DES_set_key.3 +dist_man3_MANS += DH_generate_key.3 +dist_man3_MANS += DH_generate_parameters.3 +dist_man3_MANS += DH_get0_pqg.3 +dist_man3_MANS += DH_get_ex_new_index.3 +dist_man3_MANS += DH_new.3 +dist_man3_MANS += DH_set_method.3 +dist_man3_MANS += DH_size.3 +dist_man3_MANS += DIST_POINT_new.3 +dist_man3_MANS += DSA_SIG_new.3 +dist_man3_MANS += DSA_do_sign.3 +dist_man3_MANS += DSA_dup_DH.3 +dist_man3_MANS += DSA_generate_key.3 +dist_man3_MANS += DSA_generate_parameters.3 +dist_man3_MANS += DSA_get0_pqg.3 +dist_man3_MANS += DSA_get_ex_new_index.3 +dist_man3_MANS += DSA_meth_new.3 +dist_man3_MANS += DSA_new.3 +dist_man3_MANS += DSA_set_method.3 +dist_man3_MANS += DSA_sign.3 +dist_man3_MANS += DSA_size.3 +dist_man3_MANS += ECDH_compute_key.3 +dist_man3_MANS += ECDSA_SIG_new.3 +dist_man3_MANS += EC_GFp_simple_method.3 +dist_man3_MANS += EC_GROUP_copy.3 +dist_man3_MANS += EC_GROUP_new.3 +dist_man3_MANS += EC_KEY_METHOD_new.3 +dist_man3_MANS += EC_KEY_new.3 +dist_man3_MANS += EC_POINT_add.3 +dist_man3_MANS += EC_POINT_new.3 +dist_man3_MANS += ENGINE_add.3 +dist_man3_MANS += ENGINE_ctrl.3 +dist_man3_MANS += ENGINE_get_default_RSA.3 +dist_man3_MANS += ENGINE_init.3 +dist_man3_MANS += ENGINE_new.3 +dist_man3_MANS += ENGINE_register_RSA.3 +dist_man3_MANS += ENGINE_register_all_RSA.3 +dist_man3_MANS += ENGINE_set_RSA.3 +dist_man3_MANS += ENGINE_set_default.3 +dist_man3_MANS += ENGINE_set_flags.3 +dist_man3_MANS += ENGINE_unregister_RSA.3 +dist_man3_MANS += ERR.3 +dist_man3_MANS += ERR_GET_LIB.3 +dist_man3_MANS += ERR_asprintf_error_data.3 +dist_man3_MANS += ERR_clear_error.3 +dist_man3_MANS += ERR_error_string.3 +dist_man3_MANS += ERR_get_error.3 +dist_man3_MANS += ERR_load_crypto_strings.3 +dist_man3_MANS += ERR_load_strings.3 +dist_man3_MANS += ERR_print_errors.3 +dist_man3_MANS += ERR_put_error.3 +dist_man3_MANS += ERR_remove_state.3 +dist_man3_MANS += ERR_set_mark.3 +dist_man3_MANS += ESS_SIGNING_CERT_new.3 +dist_man3_MANS += EVP_AEAD_CTX_init.3 +dist_man3_MANS += EVP_BytesToKey.3 +dist_man3_MANS += EVP_DigestInit.3 +dist_man3_MANS += EVP_DigestSignInit.3 +dist_man3_MANS += EVP_DigestVerifyInit.3 +dist_man3_MANS += EVP_EncodeInit.3 +dist_man3_MANS += EVP_EncryptInit.3 +dist_man3_MANS += EVP_OpenInit.3 +dist_man3_MANS += EVP_PKEY_CTX_ctrl.3 +dist_man3_MANS += EVP_PKEY_CTX_new.3 +dist_man3_MANS += EVP_PKEY_asn1_get_count.3 +dist_man3_MANS += EVP_PKEY_asn1_new.3 +dist_man3_MANS += EVP_PKEY_cmp.3 +dist_man3_MANS += EVP_PKEY_decrypt.3 +dist_man3_MANS += EVP_PKEY_derive.3 +dist_man3_MANS += EVP_PKEY_encrypt.3 +dist_man3_MANS += EVP_PKEY_get_default_digest_nid.3 +dist_man3_MANS += EVP_PKEY_keygen.3 +dist_man3_MANS += EVP_PKEY_meth_get0_info.3 +dist_man3_MANS += EVP_PKEY_meth_new.3 +dist_man3_MANS += EVP_PKEY_new.3 +dist_man3_MANS += EVP_PKEY_print_private.3 +dist_man3_MANS += EVP_PKEY_set1_RSA.3 +dist_man3_MANS += EVP_PKEY_sign.3 +dist_man3_MANS += EVP_PKEY_verify.3 +dist_man3_MANS += EVP_PKEY_verify_recover.3 +dist_man3_MANS += EVP_SealInit.3 +dist_man3_MANS += EVP_SignInit.3 +dist_man3_MANS += EVP_VerifyInit.3 +dist_man3_MANS += EVP_aes_128_cbc.3 +dist_man3_MANS += EVP_camellia_128_cbc.3 +dist_man3_MANS += EVP_des_cbc.3 +dist_man3_MANS += EVP_rc4.3 +dist_man3_MANS += EVP_sm3.3 +dist_man3_MANS += EVP_sm4_cbc.3 +dist_man3_MANS += EVP_whirlpool.3 +dist_man3_MANS += EXTENDED_KEY_USAGE_new.3 +dist_man3_MANS += GENERAL_NAME_new.3 +dist_man3_MANS += HMAC.3 +dist_man3_MANS += MD5.3 +dist_man3_MANS += NAME_CONSTRAINTS_new.3 +dist_man3_MANS += OBJ_nid2obj.3 +dist_man3_MANS += OCSP_CRLID_new.3 +dist_man3_MANS += OCSP_REQUEST_new.3 +dist_man3_MANS += OCSP_SERVICELOC_new.3 +dist_man3_MANS += OCSP_cert_to_id.3 +dist_man3_MANS += OCSP_request_add1_nonce.3 +dist_man3_MANS += OCSP_resp_find_status.3 +dist_man3_MANS += OCSP_response_status.3 +dist_man3_MANS += OCSP_sendreq_new.3 +dist_man3_MANS += OPENSSL_VERSION_NUMBER.3 +dist_man3_MANS += OPENSSL_cleanse.3 +dist_man3_MANS += OPENSSL_config.3 +dist_man3_MANS += OPENSSL_init_crypto.3 +dist_man3_MANS += OPENSSL_load_builtin_modules.3 +dist_man3_MANS += OPENSSL_malloc.3 +dist_man3_MANS += OPENSSL_sk_new.3 +dist_man3_MANS += OpenSSL_add_all_algorithms.3 +dist_man3_MANS += PEM_bytes_read_bio.3 +dist_man3_MANS += PEM_read.3 +dist_man3_MANS += PEM_read_bio_PrivateKey.3 +dist_man3_MANS += PEM_write_bio_CMS_stream.3 +dist_man3_MANS += PEM_write_bio_PKCS7_stream.3 +dist_man3_MANS += PKCS12_SAFEBAG_new.3 +dist_man3_MANS += PKCS12_create.3 +dist_man3_MANS += PKCS12_new.3 +dist_man3_MANS += PKCS12_newpass.3 +dist_man3_MANS += PKCS12_parse.3 +dist_man3_MANS += PKCS5_PBKDF2_HMAC.3 +dist_man3_MANS += PKCS7_dataFinal.3 +dist_man3_MANS += PKCS7_dataInit.3 +dist_man3_MANS += PKCS7_decrypt.3 +dist_man3_MANS += PKCS7_encrypt.3 +dist_man3_MANS += PKCS7_new.3 +dist_man3_MANS += PKCS7_set_content.3 +dist_man3_MANS += PKCS7_set_type.3 +dist_man3_MANS += PKCS7_sign.3 +dist_man3_MANS += PKCS7_sign_add_signer.3 +dist_man3_MANS += PKCS7_verify.3 +dist_man3_MANS += PKCS8_PRIV_KEY_INFO_new.3 +dist_man3_MANS += PKEY_USAGE_PERIOD_new.3 +dist_man3_MANS += POLICYINFO_new.3 +dist_man3_MANS += PROXY_POLICY_new.3 +dist_man3_MANS += RAND_add.3 +dist_man3_MANS += RAND_bytes.3 +dist_man3_MANS += RAND_load_file.3 +dist_man3_MANS += RAND_set_rand_method.3 +dist_man3_MANS += RC4.3 +dist_man3_MANS += RIPEMD160.3 +dist_man3_MANS += RSA_PSS_PARAMS_new.3 +dist_man3_MANS += RSA_blinding_on.3 +dist_man3_MANS += RSA_check_key.3 +dist_man3_MANS += RSA_generate_key.3 +dist_man3_MANS += RSA_get0_key.3 +dist_man3_MANS += RSA_get_ex_new_index.3 +dist_man3_MANS += RSA_meth_new.3 +dist_man3_MANS += RSA_new.3 +dist_man3_MANS += RSA_padding_add_PKCS1_type_1.3 +dist_man3_MANS += RSA_pkey_ctx_ctrl.3 +dist_man3_MANS += RSA_print.3 +dist_man3_MANS += RSA_private_encrypt.3 +dist_man3_MANS += RSA_public_encrypt.3 +dist_man3_MANS += RSA_set_method.3 +dist_man3_MANS += RSA_sign.3 +dist_man3_MANS += RSA_sign_ASN1_OCTET_STRING.3 +dist_man3_MANS += RSA_size.3 +dist_man3_MANS += SHA1.3 +dist_man3_MANS += SMIME_read_CMS.3 +dist_man3_MANS += SMIME_read_PKCS7.3 +dist_man3_MANS += SMIME_write_CMS.3 +dist_man3_MANS += SMIME_write_PKCS7.3 +dist_man3_MANS += STACK_OF.3 +dist_man3_MANS += SXNET_new.3 +dist_man3_MANS += TS_REQ_new.3 +dist_man3_MANS += UI_UTIL_read_pw.3 +dist_man3_MANS += UI_create_method.3 +dist_man3_MANS += UI_get_string_type.3 +dist_man3_MANS += UI_new.3 +dist_man3_MANS += X25519.3 +dist_man3_MANS += X509V3_get_d2i.3 +dist_man3_MANS += X509_ALGOR_dup.3 +dist_man3_MANS += X509_ATTRIBUTE_new.3 +dist_man3_MANS += X509_CINF_new.3 +dist_man3_MANS += X509_CRL_get0_by_serial.3 +dist_man3_MANS += X509_CRL_new.3 +dist_man3_MANS += X509_EXTENSION_set_object.3 +dist_man3_MANS += X509_INFO_new.3 +dist_man3_MANS += X509_LOOKUP_hash_dir.3 +dist_man3_MANS += X509_NAME_ENTRY_get_object.3 +dist_man3_MANS += X509_NAME_add_entry_by_txt.3 +dist_man3_MANS += X509_NAME_get_index_by_NID.3 +dist_man3_MANS += X509_NAME_new.3 +dist_man3_MANS += X509_NAME_print_ex.3 +dist_man3_MANS += X509_OBJECT_get0_X509.3 +dist_man3_MANS += X509_PUBKEY_new.3 +dist_man3_MANS += X509_REQ_new.3 +dist_man3_MANS += X509_REVOKED_new.3 +dist_man3_MANS += X509_SIG_new.3 +dist_man3_MANS += X509_STORE_CTX_get_error.3 +dist_man3_MANS += X509_STORE_CTX_get_ex_new_index.3 +dist_man3_MANS += X509_STORE_CTX_new.3 +dist_man3_MANS += X509_STORE_CTX_set_verify_cb.3 +dist_man3_MANS += X509_STORE_load_locations.3 +dist_man3_MANS += X509_STORE_new.3 +dist_man3_MANS += X509_STORE_set1_param.3 +dist_man3_MANS += X509_STORE_set_verify_cb_func.3 +dist_man3_MANS += X509_VERIFY_PARAM_set_flags.3 +dist_man3_MANS += X509_check_ca.3 +dist_man3_MANS += X509_check_host.3 +dist_man3_MANS += X509_check_issued.3 +dist_man3_MANS += X509_check_private_key.3 +dist_man3_MANS += X509_check_purpose.3 +dist_man3_MANS += X509_cmp.3 +dist_man3_MANS += X509_cmp_time.3 +dist_man3_MANS += X509_digest.3 +dist_man3_MANS += X509_get0_notBefore.3 +dist_man3_MANS += X509_get0_signature.3 +dist_man3_MANS += X509_get1_email.3 +dist_man3_MANS += X509_get_pubkey.3 +dist_man3_MANS += X509_get_serialNumber.3 +dist_man3_MANS += X509_get_subject_name.3 +dist_man3_MANS += X509_get_version.3 +dist_man3_MANS += X509_new.3 +dist_man3_MANS += X509_sign.3 +dist_man3_MANS += X509_verify_cert.3 +dist_man3_MANS += X509v3_get_ext_by_NID.3 +dist_man3_MANS += bn_dump.3 +dist_man3_MANS += crypto.3 +dist_man3_MANS += d2i_ASN1_NULL.3 +dist_man3_MANS += d2i_ASN1_OBJECT.3 +dist_man3_MANS += d2i_ASN1_OCTET_STRING.3 +dist_man3_MANS += d2i_ASN1_SEQUENCE_ANY.3 +dist_man3_MANS += d2i_AUTHORITY_KEYID.3 +dist_man3_MANS += d2i_BASIC_CONSTRAINTS.3 +dist_man3_MANS += d2i_CMS_ContentInfo.3 +dist_man3_MANS += d2i_DHparams.3 +dist_man3_MANS += d2i_DIST_POINT.3 +dist_man3_MANS += d2i_DSAPublicKey.3 +dist_man3_MANS += d2i_ECPKParameters.3 +dist_man3_MANS += d2i_ESS_SIGNING_CERT.3 +dist_man3_MANS += d2i_GENERAL_NAME.3 +dist_man3_MANS += d2i_OCSP_REQUEST.3 +dist_man3_MANS += d2i_OCSP_RESPONSE.3 +dist_man3_MANS += d2i_PKCS12.3 +dist_man3_MANS += d2i_PKCS7.3 +dist_man3_MANS += d2i_PKCS8PrivateKey_bio.3 +dist_man3_MANS += d2i_PKCS8_PRIV_KEY_INFO.3 +dist_man3_MANS += d2i_PKEY_USAGE_PERIOD.3 +dist_man3_MANS += d2i_POLICYINFO.3 +dist_man3_MANS += d2i_PROXY_POLICY.3 +dist_man3_MANS += d2i_PrivateKey.3 +dist_man3_MANS += d2i_RSAPublicKey.3 +dist_man3_MANS += d2i_TS_REQ.3 +dist_man3_MANS += d2i_X509.3 +dist_man3_MANS += d2i_X509_ALGOR.3 +dist_man3_MANS += d2i_X509_ATTRIBUTE.3 +dist_man3_MANS += d2i_X509_CRL.3 +dist_man3_MANS += d2i_X509_EXTENSION.3 +dist_man3_MANS += d2i_X509_NAME.3 +dist_man3_MANS += d2i_X509_REQ.3 +dist_man3_MANS += d2i_X509_SIG.3 +dist_man3_MANS += des_read_pw.3 +dist_man3_MANS += evp.3 +dist_man3_MANS += get_rfc3526_prime_8192.3 +dist_man3_MANS += i2d_CMS_bio_stream.3 +dist_man3_MANS += i2d_PKCS7_bio_stream.3 +dist_man3_MANS += lh_new.3 +dist_man3_MANS += lh_stats.3 +dist_man3_MANS += tls_accept_socket.3 +dist_man3_MANS += tls_client.3 +dist_man3_MANS += tls_config_ocsp_require_stapling.3 +dist_man3_MANS += tls_config_set_protocols.3 +dist_man3_MANS += tls_config_set_session_id.3 +dist_man3_MANS += tls_config_verify.3 +dist_man3_MANS += tls_conn_version.3 +dist_man3_MANS += tls_connect.3 +dist_man3_MANS += tls_init.3 +dist_man3_MANS += tls_load_file.3 +dist_man3_MANS += tls_ocsp_process_response.3 +dist_man3_MANS += tls_read.3 +dist_man5_MANS += openssl.cnf.5 +dist_man5_MANS += x509v3.cnf.5 +install-data-hook: + ln -sf "ACCESS_DESCRIPTION_new.3" "$(DESTDIR)$(mandir)/man3/ACCESS_DESCRIPTION_free.3" + ln -sf "ACCESS_DESCRIPTION_new.3" "$(DESTDIR)$(mandir)/man3/AUTHORITY_INFO_ACCESS_free.3" + ln -sf "ACCESS_DESCRIPTION_new.3" "$(DESTDIR)$(mandir)/man3/AUTHORITY_INFO_ACCESS_new.3" + ln -sf "AES_encrypt.3" "$(DESTDIR)$(mandir)/man3/AES_cbc_encrypt.3" + ln -sf "AES_encrypt.3" "$(DESTDIR)$(mandir)/man3/AES_decrypt.3" + ln -sf "AES_encrypt.3" "$(DESTDIR)$(mandir)/man3/AES_set_decrypt_key.3" + ln -sf "AES_encrypt.3" "$(DESTDIR)$(mandir)/man3/AES_set_encrypt_key.3" + ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_get.3" + ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_set.3" + ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_to_BN.3" + ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_set.3" + ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_to_BN.3" + ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/BN_to_ASN1_ENUMERATED.3" + ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/BN_to_ASN1_INTEGER.3" + ln -sf "ASN1_INTEGER_get.3" "$(DESTDIR)$(mandir)/man3/i2a_ASN1_INTEGER.3" + ln -sf "ASN1_OBJECT_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_free.3" + ln -sf "ASN1_STRING_TABLE_add.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_cleanup.3" + ln -sf "ASN1_STRING_TABLE_add.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_get.3" + ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_cmp.3" + ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_dup.3" + ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_set.3" + ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_cmp.3" + ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_data.3" + ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_dup.3" + ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_get0_data.3" + ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_length_set.3" + ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set.3" + ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_to_UTF8.3" + ln -sf "ASN1_STRING_length.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_type.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_free.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_new.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_BMPSTRING_free.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_BMPSTRING_new.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_free.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_new.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_free.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_new.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALSTRING_free.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALSTRING_new.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_IA5STRING_free.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_IA5STRING_new.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_free.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_new.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_free.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_new.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLESTRING_free.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLESTRING_new.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLE_free.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLE_new.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_free.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_type_new.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_T61STRING_free.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_T61STRING_new.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_free.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_new.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UNIVERSALSTRING_free.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UNIVERSALSTRING_new.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_free.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_new.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTF8STRING_free.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTF8STRING_new.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_VISIBLESTRING_free.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_VISIBLESTRING_new.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/DIRECTORYSTRING_free.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/DIRECTORYSTRING_new.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/DISPLAYTEXT_free.3" + ln -sf "ASN1_STRING_new.3" "$(DESTDIR)$(mandir)/man3/DISPLAYTEXT_new.3" + ln -sf "ASN1_STRING_print_ex.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_print.3" + ln -sf "ASN1_STRING_print_ex.3" "$(DESTDIR)$(mandir)/man3/ASN1_STRING_print_ex_fp.3" + ln -sf "ASN1_STRING_print_ex.3" "$(DESTDIR)$(mandir)/man3/ASN1_tag2str.3" + ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_adj.3" + ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_check.3" + ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_print.3" + ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_set.3" + ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_set_string.3" + ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_adj.3" + ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_check.3" + ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_print.3" + ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_string.3" + ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_to_generalizedtime.3" + ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_adj.3" + ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_check.3" + ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_cmp_time_t.3" + ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_print.3" + ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_set.3" + ln -sf "ASN1_TIME_set.3" "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_set_string.3" + ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_cmp.3" + ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_free.3" + ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_new.3" + ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set.3" + ln -sf "ASN1_TYPE_get.3" "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set1.3" + ln -sf "ASN1_generate_nconf.3" "$(DESTDIR)$(mandir)/man3/ASN1_generate_v3.3" + ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_bio.3" + ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_fp.3" + ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_dup.3" + ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d.3" + ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_bio.3" + ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_fp.3" + ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_print.3" + ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TYPE.3" + ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TYPE.3" + ln -sf "ASN1_item_new.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_free.3" + ln -sf "ASN1_put_object.3" "$(DESTDIR)$(mandir)/man3/ASN1_put_eoc.3" + ln -sf "ASN1_time_parse.3" "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_tm.3" + ln -sf "ASN1_time_parse.3" "$(DESTDIR)$(mandir)/man3/ASN1_time_tm_cmp.3" + ln -sf "AUTHORITY_KEYID_new.3" "$(DESTDIR)$(mandir)/man3/AUTHORITY_KEYID_free.3" + ln -sf "BASIC_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/BASIC_CONSTRAINTS_free.3" + ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_cbc_encrypt.3" + ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_cfb64_encrypt.3" + ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_decrypt.3" + ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_ecb_encrypt.3" + ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_encrypt.3" + ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_ofb64_encrypt.3" + ln -sf "BF_set_key.3" "$(DESTDIR)$(mandir)/man3/BF_options.3" + ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_callback_ctrl.3" + ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_ctrl_pending.3" + ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_ctrl_wpending.3" + ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_eof.3" + ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_flush.3" + ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_get_close.3" + ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_get_info_callback.3" + ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_int_ctrl.3" + ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_pending.3" + ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_ptr_ctrl.3" + ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_reset.3" + ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_seek.3" + ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_close.3" + ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_info_callback.3" + ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_tell.3" + ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_wpending.3" + ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/bio_info_cb.3" + ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_get_buffer_num_lines.3" + ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_read_data.3" + ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_size.3" + ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_set_read_buffer_size.3" + ln -sf "BIO_f_buffer.3" "$(DESTDIR)$(mandir)/man3/BIO_set_write_buffer_size.3" + ln -sf "BIO_f_cipher.3" "$(DESTDIR)$(mandir)/man3/BIO_get_cipher_ctx.3" + ln -sf "BIO_f_cipher.3" "$(DESTDIR)$(mandir)/man3/BIO_get_cipher_status.3" + ln -sf "BIO_f_cipher.3" "$(DESTDIR)$(mandir)/man3/BIO_set_cipher.3" + ln -sf "BIO_f_md.3" "$(DESTDIR)$(mandir)/man3/BIO_get_md.3" + ln -sf "BIO_f_md.3" "$(DESTDIR)$(mandir)/man3/BIO_get_md_ctx.3" + ln -sf "BIO_f_md.3" "$(DESTDIR)$(mandir)/man3/BIO_set_md.3" + ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_do_handshake.3" + ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_get_num_renegotiates.3" + ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_get_ssl.3" + ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_new_buffer_ssl_connect.3" + ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_new_ssl.3" + ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_new_ssl_connect.3" + ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_ssl.3" + ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_mode.3" + ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_bytes.3" + ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_timeout.3" + ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_ssl_copy_session_id.3" + ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_ssl_shutdown.3" + ln -sf "BIO_find_type.3" "$(DESTDIR)$(mandir)/man3/BIO_method_type.3" + ln -sf "BIO_find_type.3" "$(DESTDIR)$(mandir)/man3/BIO_next.3" + ln -sf "BIO_get_data.3" "$(DESTDIR)$(mandir)/man3/BIO_get_shutdown.3" + ln -sf "BIO_get_data.3" "$(DESTDIR)$(mandir)/man3/BIO_set_data.3" + ln -sf "BIO_get_data.3" "$(DESTDIR)$(mandir)/man3/BIO_set_init.3" + ln -sf "BIO_get_data.3" "$(DESTDIR)$(mandir)/man3/BIO_set_shutdown.3" + ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/BIO_get_ex_data.3" + ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/BIO_set_ex_data.3" + ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDH_get_ex_data.3" + ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDH_get_ex_new_index.3" + ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDH_set_ex_data.3" + ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDSA_get_ex_data.3" + ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDSA_get_ex_new_index.3" + ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ECDSA_set_ex_data.3" + ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_ex_data.3" + ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_ex_new_index.3" + ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_ex_data.3" + ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_data.3" + ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_new_index.3" + ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ex_data.3" + ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_data.3" + ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_new_index.3" + ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/TYPE_set_ex_data.3" + ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/UI_get_ex_data.3" + ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/UI_get_ex_new_index.3" + ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/UI_set_ex_data.3" + ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_get_ex_data.3" + ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_get_ex_new_index.3" + ln -sf "BIO_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_set_ex_data.3" + ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_get_new_index.3" + ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_free.3" + ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_get_callback_ctrl.3" + ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_get_create.3" + ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_get_ctrl.3" + ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_get_destroy.3" + ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_get_gets.3" + ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_get_puts.3" + ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_get_read.3" + ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_get_write.3" + ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_set_callback_ctrl.3" + ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_set_create.3" + ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_set_ctrl.3" + ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_set_destroy.3" + ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_set_gets.3" + ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_set_puts.3" + ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_set_read.3" + ln -sf "BIO_meth_new.3" "$(DESTDIR)$(mandir)/man3/BIO_meth_set_write.3" + ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_free.3" + ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_free_all.3" + ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_set.3" + ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_up_ref.3" + ln -sf "BIO_new.3" "$(DESTDIR)$(mandir)/man3/BIO_vfree.3" + ln -sf "BIO_printf.3" "$(DESTDIR)$(mandir)/man3/BIO_snprintf.3" + ln -sf "BIO_printf.3" "$(DESTDIR)$(mandir)/man3/BIO_vprintf.3" + ln -sf "BIO_printf.3" "$(DESTDIR)$(mandir)/man3/BIO_vsnprintf.3" + ln -sf "BIO_push.3" "$(DESTDIR)$(mandir)/man3/BIO_pop.3" + ln -sf "BIO_read.3" "$(DESTDIR)$(mandir)/man3/BIO_gets.3" + ln -sf "BIO_read.3" "$(DESTDIR)$(mandir)/man3/BIO_puts.3" + ln -sf "BIO_read.3" "$(DESTDIR)$(mandir)/man3/BIO_write.3" + ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_do_accept.3" + ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_get_accept_port.3" + ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_get_bind_mode.3" + ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_new_accept.3" + ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_set_accept_bios.3" + ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_set_accept_port.3" + ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_set_bind_mode.3" + ln -sf "BIO_s_accept.3" "$(DESTDIR)$(mandir)/man3/BIO_set_nbio_accept.3" + ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_ctrl_get_read_request.3" + ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_ctrl_get_write_guarantee.3" + ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_ctrl_reset_read_request.3" + ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_destroy_bio_pair.3" + ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_get_read_request.3" + ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_get_write_buf_size.3" + ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_get_write_guarantee.3" + ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_make_bio_pair.3" + ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_new_bio_pair.3" + ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_set_write_buf_size.3" + ln -sf "BIO_s_bio.3" "$(DESTDIR)$(mandir)/man3/BIO_shutdown_wr.3" + ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_do_connect.3" + ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_get_conn_hostname.3" + ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_get_conn_int_port.3" + ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_get_conn_ip.3" + ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_get_conn_port.3" + ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_new_connect.3" + ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_set_conn_hostname.3" + ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_set_conn_int_port.3" + ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_set_conn_ip.3" + ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_set_conn_port.3" + ln -sf "BIO_s_connect.3" "$(DESTDIR)$(mandir)/man3/BIO_set_nbio.3" + ln -sf "BIO_s_fd.3" "$(DESTDIR)$(mandir)/man3/BIO_get_fd.3" + ln -sf "BIO_s_fd.3" "$(DESTDIR)$(mandir)/man3/BIO_new_fd.3" + ln -sf "BIO_s_fd.3" "$(DESTDIR)$(mandir)/man3/BIO_set_fd.3" + ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_append_filename.3" + ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_get_fp.3" + ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_new_file.3" + ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_new_fp.3" + ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_read_filename.3" + ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_rw_filename.3" + ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_set_fp.3" + ln -sf "BIO_s_file.3" "$(DESTDIR)$(mandir)/man3/BIO_write_filename.3" + ln -sf "BIO_s_mem.3" "$(DESTDIR)$(mandir)/man3/BIO_get_mem_data.3" + ln -sf "BIO_s_mem.3" "$(DESTDIR)$(mandir)/man3/BIO_get_mem_ptr.3" + ln -sf "BIO_s_mem.3" "$(DESTDIR)$(mandir)/man3/BIO_new_mem_buf.3" + ln -sf "BIO_s_mem.3" "$(DESTDIR)$(mandir)/man3/BIO_set_mem_buf.3" + ln -sf "BIO_s_mem.3" "$(DESTDIR)$(mandir)/man3/BIO_set_mem_eof_return.3" + ln -sf "BIO_s_socket.3" "$(DESTDIR)$(mandir)/man3/BIO_new_socket.3" + ln -sf "BIO_set_callback.3" "$(DESTDIR)$(mandir)/man3/BIO_callback_fn.3" + ln -sf "BIO_set_callback.3" "$(DESTDIR)$(mandir)/man3/BIO_debug_callback.3" + ln -sf "BIO_set_callback.3" "$(DESTDIR)$(mandir)/man3/BIO_get_callback.3" + ln -sf "BIO_set_callback.3" "$(DESTDIR)$(mandir)/man3/BIO_get_callback_arg.3" + ln -sf "BIO_set_callback.3" "$(DESTDIR)$(mandir)/man3/BIO_set_callback_arg.3" + ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_get_retry_BIO.3" + ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_get_retry_reason.3" + ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_retry_type.3" + ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_should_io_special.3" + ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_should_read.3" + ln -sf "BIO_should_retry.3" "$(DESTDIR)$(mandir)/man3/BIO_should_write.3" + ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_convert.3" + ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_convert_ex.3" + ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_create_param.3" + ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_free.3" + ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_get_flags.3" + ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_get_thread_id.3" + ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_invert.3" + ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_invert_ex.3" + ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_set_flags.3" + ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_set_thread_id.3" + ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_thread_id.3" + ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_update.3" + ln -sf "BN_CTX_new.3" "$(DESTDIR)$(mandir)/man3/BN_CTX_free.3" + ln -sf "BN_CTX_new.3" "$(DESTDIR)$(mandir)/man3/BN_CTX_init.3" + ln -sf "BN_CTX_start.3" "$(DESTDIR)$(mandir)/man3/BN_CTX_end.3" + ln -sf "BN_CTX_start.3" "$(DESTDIR)$(mandir)/man3/BN_CTX_get.3" + ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_div.3" + ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_exp.3" + ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_gcd.3" + ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod.3" + ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_add.3" + ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_exp.3" + ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_mul.3" + ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_sqr.3" + ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mod_sub.3" + ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_mul.3" + ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_nnmod.3" + ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_sqr.3" + ln -sf "BN_add.3" "$(DESTDIR)$(mandir)/man3/BN_sub.3" + ln -sf "BN_add_word.3" "$(DESTDIR)$(mandir)/man3/BN_div_word.3" + ln -sf "BN_add_word.3" "$(DESTDIR)$(mandir)/man3/BN_mod_word.3" + ln -sf "BN_add_word.3" "$(DESTDIR)$(mandir)/man3/BN_mul_word.3" + ln -sf "BN_add_word.3" "$(DESTDIR)$(mandir)/man3/BN_sub_word.3" + ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_asc2bn.3" + ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_bin2bn.3" + ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_bn2dec.3" + ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_bn2hex.3" + ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_bn2mpi.3" + ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_dec2bn.3" + ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_hex2bn.3" + ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_mpi2bn.3" + ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_print.3" + ln -sf "BN_bn2bin.3" "$(DESTDIR)$(mandir)/man3/BN_print_fp.3" + ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_is_odd.3" + ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_is_one.3" + ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_is_word.3" + ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_is_zero.3" + ln -sf "BN_cmp.3" "$(DESTDIR)$(mandir)/man3/BN_ucmp.3" + ln -sf "BN_copy.3" "$(DESTDIR)$(mandir)/man3/BN_dup.3" + ln -sf "BN_copy.3" "$(DESTDIR)$(mandir)/man3/BN_with_flags.3" + ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_GENCB_call.3" + ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_GENCB_free.3" + ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_GENCB_get_arg.3" + ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_GENCB_new.3" + ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_GENCB_set.3" + ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_GENCB_set_old.3" + ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_generate_prime_ex.3" + ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_is_prime.3" + ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_is_prime_ex.3" + ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest.3" + ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest_ex.3" + ln -sf "BN_get0_nist_prime_521.3" "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_192.3" + ln -sf "BN_get0_nist_prime_521.3" "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_224.3" + ln -sf "BN_get0_nist_prime_521.3" "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_256.3" + ln -sf "BN_get0_nist_prime_521.3" "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_384.3" + ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_copy.3" + ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_free.3" + ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_init.3" + ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_new.3" + ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set.3" + ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_from_montgomery.3" + ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_to_montgomery.3" + ln -sf "BN_mod_mul_reciprocal.3" "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_free.3" + ln -sf "BN_mod_mul_reciprocal.3" "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_init.3" + ln -sf "BN_mod_mul_reciprocal.3" "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_new.3" + ln -sf "BN_mod_mul_reciprocal.3" "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_set.3" + ln -sf "BN_mod_mul_reciprocal.3" "$(DESTDIR)$(mandir)/man3/BN_div_recp.3" + ln -sf "BN_new.3" "$(DESTDIR)$(mandir)/man3/BN_clear.3" + ln -sf "BN_new.3" "$(DESTDIR)$(mandir)/man3/BN_clear_free.3" + ln -sf "BN_new.3" "$(DESTDIR)$(mandir)/man3/BN_free.3" + ln -sf "BN_new.3" "$(DESTDIR)$(mandir)/man3/BN_init.3" + ln -sf "BN_num_bytes.3" "$(DESTDIR)$(mandir)/man3/BN_num_bits.3" + ln -sf "BN_num_bytes.3" "$(DESTDIR)$(mandir)/man3/BN_num_bits_word.3" + ln -sf "BN_rand.3" "$(DESTDIR)$(mandir)/man3/BN_pseudo_rand.3" + ln -sf "BN_rand.3" "$(DESTDIR)$(mandir)/man3/BN_pseudo_rand_range.3" + ln -sf "BN_rand.3" "$(DESTDIR)$(mandir)/man3/BN_rand_range.3" + ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_clear_bit.3" + ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_is_bit_set.3" + ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_lshift.3" + ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_lshift1.3" + ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_mask_bits.3" + ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_rshift.3" + ln -sf "BN_set_bit.3" "$(DESTDIR)$(mandir)/man3/BN_rshift1.3" + ln -sf "BN_set_flags.3" "$(DESTDIR)$(mandir)/man3/BN_get_flags.3" + ln -sf "BN_set_negative.3" "$(DESTDIR)$(mandir)/man3/BN_is_negative.3" + ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_get_word.3" + ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_one.3" + ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_set_word.3" + ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_value_one.3" + ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_MEM_free.3" + ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow.3" + ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow_clean.3" + ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_reverse.3" + ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_strdup.3" + ln -sf "CMS_ContentInfo_new.3" "$(DESTDIR)$(mandir)/man3/CMS_ContentInfo_free.3" + ln -sf "CMS_ContentInfo_new.3" "$(DESTDIR)$(mandir)/man3/CMS_ContentInfo_print_ctx.3" + ln -sf "CMS_ContentInfo_new.3" "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_free.3" + ln -sf "CMS_ContentInfo_new.3" "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_new.3" + ln -sf "CMS_add0_cert.3" "$(DESTDIR)$(mandir)/man3/CMS_add0_crl.3" + ln -sf "CMS_add0_cert.3" "$(DESTDIR)$(mandir)/man3/CMS_add1_cert.3" + ln -sf "CMS_add0_cert.3" "$(DESTDIR)$(mandir)/man3/CMS_add1_crl.3" + ln -sf "CMS_add0_cert.3" "$(DESTDIR)$(mandir)/man3/CMS_get1_certs.3" + ln -sf "CMS_add0_cert.3" "$(DESTDIR)$(mandir)/man3/CMS_get1_crls.3" + ln -sf "CMS_add1_recipient_cert.3" "$(DESTDIR)$(mandir)/man3/CMS_add0_recipient_key.3" + ln -sf "CMS_add1_signer.3" "$(DESTDIR)$(mandir)/man3/CMS_SignerInfo_sign.3" + ln -sf "CMS_decrypt.3" "$(DESTDIR)$(mandir)/man3/CMS_decrypt_set1_key.3" + ln -sf "CMS_decrypt.3" "$(DESTDIR)$(mandir)/man3/CMS_decrypt_set1_pkey.3" + ln -sf "CMS_get0_RecipientInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_decrypt.3" + ln -sf "CMS_get0_RecipientInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_encrypt.3" + ln -sf "CMS_get0_RecipientInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_kekri_get0_id.3" + ln -sf "CMS_get0_RecipientInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_kekri_id_cmp.3" + ln -sf "CMS_get0_RecipientInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_ktri_cert_cmp.3" + ln -sf "CMS_get0_RecipientInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_ktri_get0_signer_id.3" + ln -sf "CMS_get0_RecipientInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_set0_key.3" + ln -sf "CMS_get0_RecipientInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_set0_pkey.3" + ln -sf "CMS_get0_RecipientInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_type.3" + ln -sf "CMS_get0_SignerInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_SignerInfo_cert_cmp.3" + ln -sf "CMS_get0_SignerInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_SignerInfo_get0_signature.3" + ln -sf "CMS_get0_SignerInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_SignerInfo_get0_signer_id.3" + ln -sf "CMS_get0_SignerInfos.3" "$(DESTDIR)$(mandir)/man3/CMS_SignerInfo_set1_signer_cert.3" + ln -sf "CMS_get0_type.3" "$(DESTDIR)$(mandir)/man3/CMS_get0_content.3" + ln -sf "CMS_get0_type.3" "$(DESTDIR)$(mandir)/man3/CMS_get0_eContentType.3" + ln -sf "CMS_get0_type.3" "$(DESTDIR)$(mandir)/man3/CMS_set1_eContentType.3" + ln -sf "CMS_get1_ReceiptRequest.3" "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_create0.3" + ln -sf "CMS_get1_ReceiptRequest.3" "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_get0_values.3" + ln -sf "CMS_get1_ReceiptRequest.3" "$(DESTDIR)$(mandir)/man3/CMS_add1_ReceiptRequest.3" + ln -sf "CMS_verify.3" "$(DESTDIR)$(mandir)/man3/CMS_get0_signers.3" + ln -sf "CONF_modules_free.3" "$(DESTDIR)$(mandir)/man3/CONF_modules_finish.3" + ln -sf "CONF_modules_free.3" "$(DESTDIR)$(mandir)/man3/CONF_modules_unload.3" + ln -sf "CONF_modules_load_file.3" "$(DESTDIR)$(mandir)/man3/CONF_modules_load.3" + ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_MEM_LEAK_CB.3" + ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_ctrl.3" + ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks.3" + ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks_cb.3" + ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks_fp.3" + ln -sf "CRYPTO_get_mem_functions.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_set_mem_functions.3" + ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cmp.3" + ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cpy.3" + ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_current.3" + ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_hash.3" + ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_add.3" + ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_r_lock.3" + ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_r_unlock.3" + ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_w_lock.3" + ln -sf "CRYPTO_lock.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_w_unlock.3" + ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_dup.3" + ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_free.3" + ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_new.3" + ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_free_ex_data.3" + ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_get_ex_data.3" + ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_get_ex_new_index.3" + ln -sf "CRYPTO_set_ex_data.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_new_ex_data.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_cbc_cksum.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_cfb64_encrypt.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_cfb_encrypt.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_crypt.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ecb2_encrypt.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ecb3_encrypt.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ecb_encrypt.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede2_cbc_encrypt.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede2_cfb64_encrypt.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede2_ofb64_encrypt.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede3_cbc_encrypt.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede3_cbcm_encrypt.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede3_cfb64_encrypt.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ede3_ofb64_encrypt.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_enc_read.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_enc_write.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_fcrypt.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_is_weak_key.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_key_sched.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ncbc_encrypt.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ofb64_encrypt.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_ofb_encrypt.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_pcbc_encrypt.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_quad_cksum.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_random_key.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_set_key_checked.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_set_key_unchecked.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_set_odd_parity.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_string_to_2keys.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_string_to_key.3" + ln -sf "DES_set_key.3" "$(DESTDIR)$(mandir)/man3/DES_xcbc_encrypt.3" + ln -sf "DH_generate_key.3" "$(DESTDIR)$(mandir)/man3/DH_compute_key.3" + ln -sf "DH_generate_parameters.3" "$(DESTDIR)$(mandir)/man3/DH_check.3" + ln -sf "DH_generate_parameters.3" "$(DESTDIR)$(mandir)/man3/DH_generate_parameters_ex.3" + ln -sf "DH_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DH_clear_flags.3" + ln -sf "DH_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DH_get0_engine.3" + ln -sf "DH_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DH_get0_key.3" + ln -sf "DH_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DH_set0_key.3" + ln -sf "DH_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DH_set0_pqg.3" + ln -sf "DH_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DH_set_flags.3" + ln -sf "DH_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DH_set_length.3" + ln -sf "DH_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DH_test_flags.3" + ln -sf "DH_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/DH_get_ex_data.3" + ln -sf "DH_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/DH_set_ex_data.3" + ln -sf "DH_new.3" "$(DESTDIR)$(mandir)/man3/DH_free.3" + ln -sf "DH_new.3" "$(DESTDIR)$(mandir)/man3/DH_up_ref.3" + ln -sf "DH_set_method.3" "$(DESTDIR)$(mandir)/man3/DH_OpenSSL.3" + ln -sf "DH_set_method.3" "$(DESTDIR)$(mandir)/man3/DH_get_default_method.3" + ln -sf "DH_set_method.3" "$(DESTDIR)$(mandir)/man3/DH_new_method.3" + ln -sf "DH_set_method.3" "$(DESTDIR)$(mandir)/man3/DH_set_default_method.3" + ln -sf "DH_size.3" "$(DESTDIR)$(mandir)/man3/DH_bits.3" + ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/CRL_DIST_POINTS_free.3" + ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/CRL_DIST_POINTS_new.3" + ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/DIST_POINT_NAME_free.3" + ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/DIST_POINT_NAME_new.3" + ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/DIST_POINT_free.3" + ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/ISSUING_DIST_POINT_free.3" + ln -sf "DIST_POINT_new.3" "$(DESTDIR)$(mandir)/man3/ISSUING_DIST_POINT_new.3" + ln -sf "DSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/DSA_SIG_free.3" + ln -sf "DSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/DSA_SIG_get0.3" + ln -sf "DSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/DSA_SIG_set0.3" + ln -sf "DSA_do_sign.3" "$(DESTDIR)$(mandir)/man3/DSA_do_verify.3" + ln -sf "DSA_generate_parameters.3" "$(DESTDIR)$(mandir)/man3/DSA_generate_parameters_ex.3" + ln -sf "DSA_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DSA_clear_flags.3" + ln -sf "DSA_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DSA_get0_engine.3" + ln -sf "DSA_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DSA_get0_key.3" + ln -sf "DSA_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DSA_set0_key.3" + ln -sf "DSA_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DSA_set0_pqg.3" + ln -sf "DSA_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DSA_set_flags.3" + ln -sf "DSA_get0_pqg.3" "$(DESTDIR)$(mandir)/man3/DSA_test_flags.3" + ln -sf "DSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/DSA_get_ex_data.3" + ln -sf "DSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/DSA_set_ex_data.3" + ln -sf "DSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/DSA_meth_dup.3" + ln -sf "DSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/DSA_meth_free.3" + ln -sf "DSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/DSA_meth_set_finish.3" + ln -sf "DSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/DSA_meth_set_sign.3" + ln -sf "DSA_new.3" "$(DESTDIR)$(mandir)/man3/DSA_free.3" + ln -sf "DSA_new.3" "$(DESTDIR)$(mandir)/man3/DSA_up_ref.3" + ln -sf "DSA_set_method.3" "$(DESTDIR)$(mandir)/man3/DSA_OpenSSL.3" + ln -sf "DSA_set_method.3" "$(DESTDIR)$(mandir)/man3/DSA_get_default_method.3" + ln -sf "DSA_set_method.3" "$(DESTDIR)$(mandir)/man3/DSA_new_method.3" + ln -sf "DSA_set_method.3" "$(DESTDIR)$(mandir)/man3/DSA_set_default_method.3" + ln -sf "DSA_sign.3" "$(DESTDIR)$(mandir)/man3/DSA_sign_setup.3" + ln -sf "DSA_sign.3" "$(DESTDIR)$(mandir)/man3/DSA_verify.3" + ln -sf "ECDH_compute_key.3" "$(DESTDIR)$(mandir)/man3/ECDH_size.3" + ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_OpenSSL.3" + ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_SIG_free.3" + ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_SIG_get0.3" + ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_SIG_set0.3" + ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_do_sign.3" + ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_do_sign_ex.3" + ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_do_verify.3" + ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_get_default_method.3" + ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_set_default_method.3" + ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_set_method.3" + ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_sign.3" + ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_sign_ex.3" + ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_sign_setup.3" + ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_size.3" + ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_verify.3" + ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/d2i_ECDSA_SIG.3" + ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/i2d_ECDSA_SIG.3" + ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GF2m_simple_method.3" + ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_mont_method.3" + ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_nist_method.3" + ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp224_method.3" + ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp256_method.3" + ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp521_method.3" + ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_METHOD_get_field_type.3" + ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_check.3" + ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_check_discriminant.3" + ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_cmp.3" + ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_dup.3" + ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get0_generator.3" + ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get0_seed.3" + ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_asn1_flag.3" + ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_basis_type.3" + ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_cofactor.3" + ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_name.3" + ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_degree.3" + ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_order.3" + ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_pentanomial_basis.3" + ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_point_conversion_form.3" + ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_seed_len.3" + ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_trinomial_basis.3" + ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_method_of.3" + ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_asn1_flag.3" + ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_name.3" + ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_generator.3" + ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_point_conversion_form.3" + ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_seed.3" + ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_clear_free.3" + ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_free.3" + ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GF2m.3" + ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GFp.3" + ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_by_curve_name.3" + ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GF2m.3" + ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GFp.3" + ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GF2m.3" + ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GFp.3" + ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_get_builtin_curves.3" + ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_free.3" + ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_get_compute_key.3" + ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_get_init.3" + ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_get_keygen.3" + ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_get_sign.3" + ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_get_verify.3" + ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_set_compute_key.3" + ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_set_init.3" + ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_set_keygen.3" + ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_set_sign.3" + ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_set_verify.3" + ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_OpenSSL.3" + ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_default_method.3" + ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_method.3" + ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_new_method.3" + ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_default_method.3" + ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_method.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_check_key.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_clear_flags.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_copy.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_dup.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_free.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_generate_key.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_group.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_private_key.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_public_key.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_conv_form.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_enc_flags.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_flags.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_key_method_data.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_insert_key_method_data.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_new_by_curve_name.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_precompute_mult.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_print.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_print_fp.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_asn1_flag.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_conv_form.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_enc_flags.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_flags.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_group.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_private_key.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key_affine_coordinates.3" + ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_up_ref.3" + ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_have_precompute_mult.3" + ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_precompute_mult.3" + ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_cmp.3" + ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_dbl.3" + ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_invert.3" + ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_is_at_infinity.3" + ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_is_on_curve.3" + ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_make_affine.3" + ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_mul.3" + ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINTs_make_affine.3" + ln -sf "EC_POINT_add.3" "$(DESTDIR)$(mandir)/man3/EC_POINTs_mul.3" + ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_bn2point.3" + ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_clear_free.3" + ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_copy.3" + ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_dup.3" + ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_free.3" + ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_get_Jprojective_coordinates_GFp.3" + ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GF2m.3" + ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GFp.3" + ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_hex2point.3" + ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_method_of.3" + ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_oct2point.3" + ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_point2bn.3" + ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_point2hex.3" + ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_point2oct.3" + ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_Jprojective_coordinates_GFp.3" + ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GF2m.3" + ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GFp.3" + ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GF2m.3" + ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GFp.3" + ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_to_infinity.3" + ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_by_id.3" + ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_cleanup.3" + ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_first.3" + ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_id.3" + ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_last.3" + ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_name.3" + ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_next.3" + ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_prev.3" + ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_remove.3" + ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_id.3" + ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_name.3" + ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_CTRL_FUNC_PTR.3" + ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_cmd_is_executable.3" + ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd.3" + ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd_string.3" + ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_cmd_defns.3" + ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ctrl_function.3" + ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_cmd_defns.3" + ln -sf "ENGINE_ctrl.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ctrl_function.3" + ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher_engine.3" + ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DH.3" + ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DSA.3" + ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_ECDH.3" + ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_ECDSA.3" + ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_RAND.3" + ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest_engine.3" + ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_table_flags.3" + ln -sf "ENGINE_get_default_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_table_flags.3" + ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_GEN_INT_FUNC_PTR.3" + ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_finish.3" + ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_finish_function.3" + ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_init_function.3" + ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_finish_function.3" + ln -sf "ENGINE_init.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_init_function.3" + ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_GEN_INT_FUNC_PTR.3" + ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_free.3" + ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_destroy_function.3" + ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_destroy_function.3" + ln -sf "ENGINE_new.3" "$(DESTDIR)$(mandir)/man3/ENGINE_up_ref.3" + ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_DH.3" + ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_DSA.3" + ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDH.3" + ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDSA.3" + ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_RAND.3" + ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_STORE.3" + ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_ciphers.3" + ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_complete.3" + ln -sf "ENGINE_register_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_digests.3" + ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_builtin_engines.3" + ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_load_dynamic.3" + ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DH.3" + ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DSA.3" + ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDH.3" + ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDSA.3" + ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_RAND.3" + ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_STORE.3" + ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ciphers.3" + ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_complete.3" + ln -sf "ENGINE_register_all_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_digests.3" + ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_CIPHERS_PTR.3" + ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_DIGESTS_PTR.3" + ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_DH.3" + ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_DSA.3" + ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ECDH.3" + ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ECDSA.3" + ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_RAND.3" + ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_RSA.3" + ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_STORE.3" + ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher.3" + ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_ciphers.3" + ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest.3" + ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_digests.3" + ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_DH.3" + ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_DSA.3" + ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ECDH.3" + ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ECDSA.3" + ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_RAND.3" + ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_STORE.3" + ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_ciphers.3" + ln -sf "ENGINE_set_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_digests.3" + ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DH.3" + ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DSA.3" + ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDH.3" + ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDSA.3" + ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RAND.3" + ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RSA.3" + ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ciphers.3" + ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_digests.3" + ln -sf "ENGINE_set_default.3" "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_string.3" + ln -sf "ENGINE_set_flags.3" "$(DESTDIR)$(mandir)/man3/ENGINE_get_flags.3" + ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DH.3" + ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DSA.3" + ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDH.3" + ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDSA.3" + ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_RAND.3" + ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_STORE.3" + ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ciphers.3" + ln -sf "ENGINE_unregister_RSA.3" "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_digests.3" + ln -sf "ERR_GET_LIB.3" "$(DESTDIR)$(mandir)/man3/ERR_FATAL_ERROR.3" + ln -sf "ERR_GET_LIB.3" "$(DESTDIR)$(mandir)/man3/ERR_GET_FUNC.3" + ln -sf "ERR_GET_LIB.3" "$(DESTDIR)$(mandir)/man3/ERR_GET_REASON.3" + ln -sf "ERR_error_string.3" "$(DESTDIR)$(mandir)/man3/ERR_error_string_n.3" + ln -sf "ERR_error_string.3" "$(DESTDIR)$(mandir)/man3/ERR_func_error_string.3" + ln -sf "ERR_error_string.3" "$(DESTDIR)$(mandir)/man3/ERR_lib_error_string.3" + ln -sf "ERR_error_string.3" "$(DESTDIR)$(mandir)/man3/ERR_reason_error_string.3" + ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_get_error_line.3" + ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_get_error_line_data.3" + ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_error.3" + ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_error_line.3" + ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_error_line_data.3" + ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error.3" + ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line.3" + ln -sf "ERR_get_error.3" "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line_data.3" + ln -sf "ERR_load_crypto_strings.3" "$(DESTDIR)$(mandir)/man3/ERR_free_strings.3" + ln -sf "ERR_load_crypto_strings.3" "$(DESTDIR)$(mandir)/man3/SSL_load_error_strings.3" + ln -sf "ERR_load_strings.3" "$(DESTDIR)$(mandir)/man3/ERR_PACK.3" + ln -sf "ERR_load_strings.3" "$(DESTDIR)$(mandir)/man3/ERR_get_next_error_library.3" + ln -sf "ERR_print_errors.3" "$(DESTDIR)$(mandir)/man3/ERR_print_errors_cb.3" + ln -sf "ERR_print_errors.3" "$(DESTDIR)$(mandir)/man3/ERR_print_errors_fp.3" + ln -sf "ERR_put_error.3" "$(DESTDIR)$(mandir)/man3/ERR_add_error_data.3" + ln -sf "ERR_put_error.3" "$(DESTDIR)$(mandir)/man3/ERR_add_error_vdata.3" + ln -sf "ERR_remove_state.3" "$(DESTDIR)$(mandir)/man3/ERR_remove_thread_state.3" + ln -sf "ERR_set_mark.3" "$(DESTDIR)$(mandir)/man3/ERR_pop_to_mark.3" + ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_CERT_ID_free.3" + ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_CERT_ID_new.3" + ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_ISSUER_SERIAL_free.3" + ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_ISSUER_SERIAL_new.3" + ln -sf "ESS_SIGNING_CERT_new.3" "$(DESTDIR)$(mandir)/man3/ESS_SIGNING_CERT_free.3" + ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_cleanup.3" + ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_open.3" + ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_seal.3" + ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_key_length.3" + ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_max_overhead.3" + ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_max_tag_len.3" + ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_AEAD_nonce_length.3" + ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_aead_aes_128_gcm.3" + ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_aead_aes_256_gcm.3" + ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_aead_chacha20_poly1305.3" + ln -sf "EVP_AEAD_CTX_init.3" "$(DESTDIR)$(mandir)/man3/EVP_aead_xchacha20_poly1305.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_Digest.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestFinal.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestFinal_ex.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestInit_ex.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestUpdate.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MAX_MD_SIZE.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_block_size.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_cleanup.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy_ex.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_create.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_ctrl.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_destroy.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_free.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_init.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_md.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_new.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_reset.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_size.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_type.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_block_size.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_pkey_type.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_size.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_MD_type.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_dss.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_dss1.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyname.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_digestbynid.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyobj.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_md5.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_md5_sha1.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_md_null.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_ripemd160.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha1.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha224.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha256.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha384.3" + ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha512.3" + ln -sf "EVP_DigestSignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestSignFinal.3" + ln -sf "EVP_DigestSignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestSignUpdate.3" + ln -sf "EVP_DigestVerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestVerifyFinal.3" + ln -sf "EVP_DigestVerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestVerifyUpdate.3" + ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecodeBlock.3" + ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecodeFinal.3" + ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecodeInit.3" + ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecodeUpdate.3" + ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_ENCODE_CTX_free.3" + ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_ENCODE_CTX_new.3" + ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncodeBlock.3" + ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncodeFinal.3" + ln -sf "EVP_EncodeInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncodeUpdate.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_block_size.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cipher.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cleanup.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_clear_flags.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_ctrl.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_flags.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_free.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_get_app_data.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_get_iv.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_init.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_iv_length.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_key_length.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_mode.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_new.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_nid.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_rand_key.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_reset.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_app_data.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_flags.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_iv.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_key_length.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_padding.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_test_flags.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_type.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_asn1_to_param.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_block_size.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_flags.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_iv_length.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_key_length.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_mode.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_nid.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_param_to_asn1.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_type.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_Cipher.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal_ex.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherInit.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherInit_ex.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_CipherUpdate.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecryptFinal.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecryptFinal_ex.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecryptInit.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecryptInit_ex.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DecryptUpdate.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncryptFinal.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncryptFinal_ex.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncryptInit_ex.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_EncryptUpdate.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_bf_cbc.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_bf_cfb.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_bf_cfb64.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_bf_ecb.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_bf_ofb.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_cast5_cbc.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_cast5_cfb.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_cast5_cfb64.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_cast5_ecb.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_cast5_ofb.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_chacha20.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_enc_null.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbyname.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbynid.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbyobj.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_idea_cbc.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_idea_cfb.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_idea_cfb64.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_idea_ecb.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_idea_ofb.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_40_cbc.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_64_cbc.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_cbc.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb64.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_ecb.3" + ln -sf "EVP_EncryptInit.3" "$(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3" + ln -sf "EVP_OpenInit.3" "$(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3" + ln -sf "EVP_OpenInit.3" "$(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3" + ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3" + ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get0_ecdh_kdf_ukm.3" + ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get1_id.3" + ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get1_id_len.3" + ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_cofactor_mode.3" + ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_md.3" + ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_outlen.3" + ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_type.3" + ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_signature_md.3" + ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set0_ecdh_kdf_ukm.3" + ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set1_id.3" + ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_generator.3" + ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_prime_len.3" + ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dsa_paramgen_bits.3" + ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_param_enc.3" + ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_paramgen_curve_nid.3" + ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_cofactor_mode.3" + ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_md.3" + ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_outlen.3" + ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_type.3" + ln -sf "EVP_PKEY_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_signature_md.3" + ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_dup.3" + ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_free.3" + ln -sf "EVP_PKEY_CTX_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_new_id.3" + ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find.3" + ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find_str.3" + ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0.3" + ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0_info.3" + ln -sf "EVP_PKEY_asn1_get_count.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_asn1.3" + ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_add0.3" + ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_add_alias.3" + ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_copy.3" + ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_free.3" + ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_ctrl.3" + ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_free.3" + ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_param.3" + ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_private.3" + ln -sf "EVP_PKEY_asn1_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_public.3" + ln -sf "EVP_PKEY_cmp.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_cmp_parameters.3" + ln -sf "EVP_PKEY_cmp.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_copy_parameters.3" + ln -sf "EVP_PKEY_cmp.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_missing_parameters.3" + ln -sf "EVP_PKEY_decrypt.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_decrypt_init.3" + ln -sf "EVP_PKEY_derive.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_init.3" + ln -sf "EVP_PKEY_derive.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_set_peer.3" + ln -sf "EVP_PKEY_encrypt.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_encrypt_init.3" + ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_app_data.3" + ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_cb.3" + ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_keygen_info.3" + ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_app_data.3" + ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_cb.3" + ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_gen_cb.3" + ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_keygen_init.3" + ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen.3" + ln -sf "EVP_PKEY_keygen.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen_init.3" + ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_add0.3" + ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_copy.3" + ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_find.3" + ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_free.3" + ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_cleanup.3" + ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_copy.3" + ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_ctrl.3" + ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_decrypt.3" + ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_derive.3" + ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_encrypt.3" + ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_init.3" + ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_keygen.3" + ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_paramgen.3" + ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_sign.3" + ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_signctx.3" + ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_verify.3" + ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_verify_recover.3" + ln -sf "EVP_PKEY_meth_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_verifyctx.3" + ln -sf "EVP_PKEY_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_free.3" + ln -sf "EVP_PKEY_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_new_mac_key.3" + ln -sf "EVP_PKEY_new.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_up_ref.3" + ln -sf "EVP_PKEY_print_private.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_print_params.3" + ln -sf "EVP_PKEY_print_private.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_print_public.3" + ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign.3" + ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DH.3" + ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DSA.3" + ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_EC_KEY.3" + ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_GOST.3" + ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_RSA.3" + ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_base_id.3" + ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0.3" + ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_DH.3" + ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_DSA.3" + ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_EC_KEY.3" + ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_RSA.3" + ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_hmac.3" + ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DH.3" + ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DSA.3" + ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_EC_KEY.3" + ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_RSA.3" + ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_id.3" + ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DH.3" + ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DSA.3" + ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_EC_KEY.3" + ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set_type.3" + ln -sf "EVP_PKEY_set1_RSA.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_type.3" + ln -sf "EVP_PKEY_sign.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_sign_init.3" + ln -sf "EVP_PKEY_verify.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_init.3" + ln -sf "EVP_PKEY_verify_recover.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_recover_init.3" + ln -sf "EVP_SealInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SealFinal.3" + ln -sf "EVP_SealInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SealUpdate.3" + ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_bits.3" + ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_size.3" + ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SignFinal.3" + ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SignInit_ex.3" + ln -sf "EVP_SignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_SignUpdate.3" + ln -sf "EVP_VerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_VerifyFinal.3" + ln -sf "EVP_VerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_VerifyInit_ex.3" + ln -sf "EVP_VerifyInit.3" "$(DESTDIR)$(mandir)/man3/EVP_VerifyUpdate.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cbc_hmac_sha1.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ccm.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb1.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb128.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb8.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ctr.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ecb.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_gcm.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ofb.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_wrap.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_128_xts.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cbc.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ccm.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cfb.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cfb1.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cfb128.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cfb8.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ctr.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ecb.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_gcm.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ofb.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_192_wrap.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cbc.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cbc_hmac_sha1.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ccm.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cfb.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cfb1.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cfb128.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cfb8.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ctr.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ecb.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_gcm.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ofb.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_wrap.3" + ln -sf "EVP_aes_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_aes_256_xts.3" + ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_cfb.3" + ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_cfb1.3" + ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_cfb128.3" + ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_cfb8.3" + ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_ecb.3" + ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_ofb.3" + ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_cbc.3" + ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_cfb.3" + ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_cfb1.3" + ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_cfb128.3" + ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_cfb8.3" + ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_ecb.3" + ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_ofb.3" + ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_cbc.3" + ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_cfb.3" + ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_cfb1.3" + ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_cfb128.3" + ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_cfb8.3" + ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_ecb.3" + ln -sf "EVP_camellia_128_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_ofb.3" + ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_cfb.3" + ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_cfb1.3" + ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_cfb64.3" + ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_cfb8.3" + ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ecb.3" + ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede.3" + ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3.3" + ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cbc.3" + ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb.3" + ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb1.3" + ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb64.3" + ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb8.3" + ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_ecb.3" + ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_ofb.3" + ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede_cbc.3" + ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede_cfb.3" + ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede_cfb64.3" + ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede_ecb.3" + ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ede_ofb.3" + ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_des_ofb.3" + ln -sf "EVP_des_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_desx_cbc.3" + ln -sf "EVP_rc4.3" "$(DESTDIR)$(mandir)/man3/EVP_rc4_40.3" + ln -sf "EVP_rc4.3" "$(DESTDIR)$(mandir)/man3/EVP_rc4_hmac_md5.3" + ln -sf "EVP_sm4_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_sm4_cfb.3" + ln -sf "EVP_sm4_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_sm4_cfb128.3" + ln -sf "EVP_sm4_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_sm4_ctr.3" + ln -sf "EVP_sm4_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_sm4_ecb.3" + ln -sf "EVP_sm4_cbc.3" "$(DESTDIR)$(mandir)/man3/EVP_sm4_ofb.3" + ln -sf "EXTENDED_KEY_USAGE_new.3" "$(DESTDIR)$(mandir)/man3/EXTENDED_KEY_USAGE_free.3" + ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/EDIPARTYNAME_free.3" + ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/EDIPARTYNAME_new.3" + ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_NAMES_free.3" + ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_NAMES_new.3" + ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_NAME_free.3" + ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/OTHERNAME_free.3" + ln -sf "GENERAL_NAME_new.3" "$(DESTDIR)$(mandir)/man3/OTHERNAME_new.3" + ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_cleanup.3" + ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_copy.3" + ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_free.3" + ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_get_md.3" + ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_init.3" + ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_new.3" + ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_reset.3" + ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_CTX_set_flags.3" + ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_Final.3" + ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_Init.3" + ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_Init_ex.3" + ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_Update.3" + ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_cleanup.3" + ln -sf "HMAC.3" "$(DESTDIR)$(mandir)/man3/HMAC_size.3" + ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD4.3" + ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD4_Final.3" + ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD4_Init.3" + ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD4_Update.3" + ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD5_Final.3" + ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD5_Init.3" + ln -sf "MD5.3" "$(DESTDIR)$(mandir)/man3/MD5_Update.3" + ln -sf "NAME_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_free.3" + ln -sf "NAME_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_new.3" + ln -sf "NAME_CONSTRAINTS_new.3" "$(DESTDIR)$(mandir)/man3/NAME_CONSTRAINTS_free.3" + ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_cleanup.3" + ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_cmp.3" + ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_create.3" + ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_dup.3" + ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_ln2nid.3" + ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_nid2ln.3" + ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_nid2sn.3" + ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_obj2nid.3" + ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_obj2txt.3" + ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_sn2nid.3" + ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_txt2nid.3" + ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/OBJ_txt2obj.3" + ln -sf "OBJ_nid2obj.3" "$(DESTDIR)$(mandir)/man3/i2t_ASN1_OBJECT.3" + ln -sf "OCSP_CRLID_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_CRLID_free.3" + ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_ONEREQ_free.3" + ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_ONEREQ_new.3" + ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQINFO_free.3" + ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQINFO_new.3" + ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQUEST_free.3" + ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_SIGNATURE_free.3" + ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_SIGNATURE_new.3" + ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_request_add0_id.3" + ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_request_add1_cert.3" + ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_request_onereq_count.3" + ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_request_onereq_get0.3" + ln -sf "OCSP_REQUEST_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_request_sign.3" + ln -sf "OCSP_SERVICELOC_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_SERVICELOC_free.3" + ln -sf "OCSP_SERVICELOC_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_url_svcloc_new.3" + ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_CERTID_free.3" + ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_CERTID_new.3" + ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_cert_id_new.3" + ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_id_cmp.3" + ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_id_get0_info.3" + ln -sf "OCSP_cert_to_id.3" "$(DESTDIR)$(mandir)/man3/OCSP_id_issuer_cmp.3" + ln -sf "OCSP_request_add1_nonce.3" "$(DESTDIR)$(mandir)/man3/OCSP_basic_add1_nonce.3" + ln -sf "OCSP_request_add1_nonce.3" "$(DESTDIR)$(mandir)/man3/OCSP_check_nonce.3" + ln -sf "OCSP_request_add1_nonce.3" "$(DESTDIR)$(mandir)/man3/OCSP_copy_nonce.3" + ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_CERTSTATUS_free.3" + ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_CERTSTATUS_new.3" + ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_REVOKEDINFO_free.3" + ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_REVOKEDINFO_new.3" + ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_SINGLERESP_free.3" + ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_SINGLERESP_get0_id.3" + ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_SINGLERESP_new.3" + ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_basic_verify.3" + ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_cert_status_str.3" + ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_check_validity.3" + ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_resp_count.3" + ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_resp_find.3" + ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_resp_get0.3" + ln -sf "OCSP_resp_find_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_single_get0_status.3" + ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_BASICRESP_free.3" + ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_BASICRESP_new.3" + ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPBYTES_free.3" + ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPBYTES_new.3" + ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPDATA_free.3" + ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPDATA_new.3" + ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPID_free.3" + ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPID_new.3" + ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPONSE_free.3" + ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_RESPONSE_new.3" + ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_basic_sign.3" + ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_response_create.3" + ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_response_get1_basic.3" + ln -sf "OCSP_response_status.3" "$(DESTDIR)$(mandir)/man3/OCSP_response_status_str.3" + ln -sf "OCSP_sendreq_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_add1_header.3" + ln -sf "OCSP_sendreq_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_free.3" + ln -sf "OCSP_sendreq_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_set1_req.3" + ln -sf "OCSP_sendreq_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_parse_url.3" + ln -sf "OCSP_sendreq_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_sendreq_bio.3" + ln -sf "OCSP_sendreq_new.3" "$(DESTDIR)$(mandir)/man3/OCSP_sendreq_nbio.3" + ln -sf "OPENSSL_VERSION_NUMBER.3" "$(DESTDIR)$(mandir)/man3/LIBRESSL_VERSION_NUMBER.3" + ln -sf "OPENSSL_VERSION_NUMBER.3" "$(DESTDIR)$(mandir)/man3/LIBRESSL_VERSION_TEXT.3" + ln -sf "OPENSSL_VERSION_NUMBER.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_VERSION_TEXT.3" + ln -sf "OPENSSL_VERSION_NUMBER.3" "$(DESTDIR)$(mandir)/man3/OpenSSL_version.3" + ln -sf "OPENSSL_VERSION_NUMBER.3" "$(DESTDIR)$(mandir)/man3/OpenSSL_version_num.3" + ln -sf "OPENSSL_VERSION_NUMBER.3" "$(DESTDIR)$(mandir)/man3/SSLeay.3" + ln -sf "OPENSSL_VERSION_NUMBER.3" "$(DESTDIR)$(mandir)/man3/SSLeay_version.3" + ln -sf "OPENSSL_config.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_no_config.3" + ln -sf "OPENSSL_init_crypto.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_init.3" + ln -sf "OPENSSL_load_builtin_modules.3" "$(DESTDIR)$(mandir)/man3/ASN1_add_oid_module.3" + ln -sf "OPENSSL_load_builtin_modules.3" "$(DESTDIR)$(mandir)/man3/ENGINE_add_conf_module.3" + ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_free.3" + ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_malloc.3" + ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_realloc.3" + ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_strdup.3" + ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_free.3" + ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_realloc.3" + ln -sf "OPENSSL_malloc.3" "$(DESTDIR)$(mandir)/man3/OPENSSL_strdup.3" + ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_delete.3" + ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_delete_ptr.3" + ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_dup.3" + ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_find.3" + ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_find_ex.3" + ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_free.3" + ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_insert.3" + ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_is_sorted.3" + ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_new.3" + ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_new_null.3" + ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_num.3" + ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_pop.3" + ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_pop_free.3" + ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_push.3" + ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_set.3" + ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_set_cmp_func.3" + ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_shift.3" + ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_sort.3" + ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_unshift.3" + ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_value.3" + ln -sf "OPENSSL_sk_new.3" "$(DESTDIR)$(mandir)/man3/sk_zero.3" + ln -sf "OpenSSL_add_all_algorithms.3" "$(DESTDIR)$(mandir)/man3/EVP_cleanup.3" + ln -sf "OpenSSL_add_all_algorithms.3" "$(DESTDIR)$(mandir)/man3/OpenSSL_add_all_ciphers.3" + ln -sf "OpenSSL_add_all_algorithms.3" "$(DESTDIR)$(mandir)/man3/OpenSSL_add_all_digests.3" + ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_do_header.3" + ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_get_EVP_CIPHER_INFO.3" + ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio.3" + ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_write.3" + ln -sf "PEM_read.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio.3" + ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_SSL_SESSION.3" + ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_write_SSL_SESSION.3" + ln -sf "PEM_read_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_SSL_SESSION.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_CMS.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DHparams.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSAPrivateKey.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSA_PUBKEY.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_DSAparams.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_ECPKParameters.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_ECPrivateKey.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_EC_PUBKEY.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_NETSCAPE_CERT_SEQUENCE.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS7.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8_PRIV_KEY_INFO.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PUBKEY.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PrivateKey.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPrivateKey.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPublicKey.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_RSA_PUBKEY.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_AUX.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_CRL.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_X509_REQ.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_CMS.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DHparams.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAPrivateKey.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSA_PUBKEY.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAparams.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPKParameters.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPrivateKey.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_EC_PUBKEY.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS7.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8_PRIV_KEY_INFO.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PUBKEY.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPrivateKey.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPublicKey.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSA_PUBKEY.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_AUX.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_CRL.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_REQ.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_CMS.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DHparams.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSAPrivateKey.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSA_PUBKEY.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_DSAparams.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_ECPKParameters.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_ECPrivateKey.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_EC_PUBKEY.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_NETSCAPE_CERT_SEQUENCE.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS7.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey_nid.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8_PRIV_KEY_INFO.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PUBKEY.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PrivateKey.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPrivateKey.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPublicKey.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_RSA_PUBKEY.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_AUX.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_CRL.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ_NEW.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_CMS.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DHparams.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAPrivateKey.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSA_PUBKEY.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAparams.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPKParameters.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPrivateKey.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_EC_PUBKEY.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_NETSCAPE_CERT_SEQUENCE.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS7.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey_nid.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8_PRIV_KEY_INFO.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PUBKEY.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PrivateKey.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPrivateKey.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPublicKey.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSA_PUBKEY.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_AUX.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_CRL.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ_NEW.3" + ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/pem_password_cb.3" + ln -sf "PKCS12_SAFEBAG_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_BAGS_free.3" + ln -sf "PKCS12_SAFEBAG_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_BAGS_new.3" + ln -sf "PKCS12_SAFEBAG_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_SAFEBAG_free.3" + ln -sf "PKCS12_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_MAC_DATA_free.3" + ln -sf "PKCS12_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_MAC_DATA_new.3" + ln -sf "PKCS12_new.3" "$(DESTDIR)$(mandir)/man3/PKCS12_free.3" + ln -sf "PKCS5_PBKDF2_HMAC.3" "$(DESTDIR)$(mandir)/man3/PKCS5_PBKDF2_HMAC_SHA1.3" + ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_DIGEST_free.3" + ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_DIGEST_new.3" + ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENCRYPT_free.3" + ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENCRYPT_new.3" + ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENC_CONTENT_free.3" + ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENC_CONTENT_new.3" + ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENVELOPE_free.3" + ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ENVELOPE_new.3" + ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_free.3" + ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_new.3" + ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_RECIP_INFO_free.3" + ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_RECIP_INFO_new.3" + ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNED_free.3" + ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNED_new.3" + ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNER_INFO_free.3" + ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNER_INFO_new.3" + ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGN_ENVELOPE_free.3" + ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_SIGN_ENVELOPE_new.3" + ln -sf "PKCS7_new.3" "$(DESTDIR)$(mandir)/man3/PKCS7_free.3" + ln -sf "PKCS7_set_content.3" "$(DESTDIR)$(mandir)/man3/PKCS7_content_new.3" + ln -sf "PKCS7_set_type.3" "$(DESTDIR)$(mandir)/man3/PKCS7_set0_type_other.3" + ln -sf "PKCS7_verify.3" "$(DESTDIR)$(mandir)/man3/PKCS7_get0_signers.3" + ln -sf "PKCS8_PRIV_KEY_INFO_new.3" "$(DESTDIR)$(mandir)/man3/PKCS8_PRIV_KEY_INFO_free.3" + ln -sf "PKEY_USAGE_PERIOD_new.3" "$(DESTDIR)$(mandir)/man3/PKEY_USAGE_PERIOD_free.3" + ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_free.3" + ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_new.3" + ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/NOTICEREF_free.3" + ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/NOTICEREF_new.3" + ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICYINFO_free.3" + ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICYQUALINFO_free.3" + ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICYQUALINFO_new.3" + ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICY_CONSTRAINTS_free.3" + ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICY_CONSTRAINTS_new.3" + ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICY_MAPPING_free.3" + ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/POLICY_MAPPING_new.3" + ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/USERNOTICE_free.3" + ln -sf "POLICYINFO_new.3" "$(DESTDIR)$(mandir)/man3/USERNOTICE_new.3" + ln -sf "PROXY_POLICY_new.3" "$(DESTDIR)$(mandir)/man3/PROXY_CERT_INFO_EXTENSION_free.3" + ln -sf "PROXY_POLICY_new.3" "$(DESTDIR)$(mandir)/man3/PROXY_CERT_INFO_EXTENSION_new.3" + ln -sf "PROXY_POLICY_new.3" "$(DESTDIR)$(mandir)/man3/PROXY_POLICY_free.3" + ln -sf "RAND_add.3" "$(DESTDIR)$(mandir)/man3/RAND_cleanup.3" + ln -sf "RAND_add.3" "$(DESTDIR)$(mandir)/man3/RAND_poll.3" + ln -sf "RAND_add.3" "$(DESTDIR)$(mandir)/man3/RAND_seed.3" + ln -sf "RAND_add.3" "$(DESTDIR)$(mandir)/man3/RAND_status.3" + ln -sf "RAND_bytes.3" "$(DESTDIR)$(mandir)/man3/RAND_pseudo_bytes.3" + ln -sf "RAND_load_file.3" "$(DESTDIR)$(mandir)/man3/RAND_file_name.3" + ln -sf "RAND_load_file.3" "$(DESTDIR)$(mandir)/man3/RAND_write_file.3" + ln -sf "RAND_set_rand_method.3" "$(DESTDIR)$(mandir)/man3/RAND_SSLeay.3" + ln -sf "RAND_set_rand_method.3" "$(DESTDIR)$(mandir)/man3/RAND_get_rand_method.3" + ln -sf "RC4.3" "$(DESTDIR)$(mandir)/man3/RC4_set_key.3" + ln -sf "RIPEMD160.3" "$(DESTDIR)$(mandir)/man3/RIPEMD160_Final.3" + ln -sf "RIPEMD160.3" "$(DESTDIR)$(mandir)/man3/RIPEMD160_Init.3" + ln -sf "RIPEMD160.3" "$(DESTDIR)$(mandir)/man3/RIPEMD160_Update.3" + ln -sf "RSA_PSS_PARAMS_new.3" "$(DESTDIR)$(mandir)/man3/RSA_PSS_PARAMS_free.3" + ln -sf "RSA_blinding_on.3" "$(DESTDIR)$(mandir)/man3/RSA_blinding_off.3" + ln -sf "RSA_generate_key.3" "$(DESTDIR)$(mandir)/man3/RSA_generate_key_ex.3" + ln -sf "RSA_get0_key.3" "$(DESTDIR)$(mandir)/man3/RSA_clear_flags.3" + ln -sf "RSA_get0_key.3" "$(DESTDIR)$(mandir)/man3/RSA_get0_crt_params.3" + ln -sf "RSA_get0_key.3" "$(DESTDIR)$(mandir)/man3/RSA_get0_factors.3" + ln -sf "RSA_get0_key.3" "$(DESTDIR)$(mandir)/man3/RSA_set0_crt_params.3" + ln -sf "RSA_get0_key.3" "$(DESTDIR)$(mandir)/man3/RSA_set0_factors.3" + ln -sf "RSA_get0_key.3" "$(DESTDIR)$(mandir)/man3/RSA_set0_key.3" + ln -sf "RSA_get0_key.3" "$(DESTDIR)$(mandir)/man3/RSA_set_flags.3" + ln -sf "RSA_get0_key.3" "$(DESTDIR)$(mandir)/man3/RSA_test_flags.3" + ln -sf "RSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_dup.3" + ln -sf "RSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_free.3" + ln -sf "RSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_new.3" + ln -sf "RSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/RSA_get_ex_data.3" + ln -sf "RSA_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/RSA_set_ex_data.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_dup.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_free.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get0_app_data.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get0_name.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_bn_mod_exp.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_finish.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_flags.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_init.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_keygen.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_mod_exp.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_priv_dec.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_priv_enc.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_pub_dec.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_pub_enc.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_sign.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_get_verify.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set0_app_data.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set1_name.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_bn_mod_exp.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_finish.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_flags.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_init.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_keygen.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_mod_exp.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_priv_dec.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_priv_enc.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_pub_dec.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_pub_enc.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_sign.3" + ln -sf "RSA_meth_new.3" "$(DESTDIR)$(mandir)/man3/RSA_meth_set_verify.3" + ln -sf "RSA_new.3" "$(DESTDIR)$(mandir)/man3/RSAPrivateKey_dup.3" + ln -sf "RSA_new.3" "$(DESTDIR)$(mandir)/man3/RSAPublicKey_dup.3" + ln -sf "RSA_new.3" "$(DESTDIR)$(mandir)/man3/RSA_free.3" + ln -sf "RSA_new.3" "$(DESTDIR)$(mandir)/man3/RSA_up_ref.3" + ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_OAEP.3" + ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_type_2.3" + ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_add_none.3" + ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_OAEP.3" + ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_1.3" + ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_2.3" + ln -sf "RSA_padding_add_PKCS1_type_1.3" "$(DESTDIR)$(mandir)/man3/RSA_padding_check_none.3" + ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get0_rsa_oaep_label.3" + ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_mgf1_md.3" + ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_oaep_md.3" + ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_padding.3" + ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_pss_saltlen.3" + ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set0_rsa_oaep_label.3" + ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_bits.3" + ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_pubexp.3" + ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_mgf1_md.3" + ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_oaep_md.3" + ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_padding.3" + ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3" + ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md.3" + ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen.3" + ln -sf "RSA_pkey_ctx_ctrl.3" "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_saltlen.3" + ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DHparams_print.3" + ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DHparams_print_fp.3" + ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSA_print.3" + ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSA_print_fp.3" + ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSAparams_print.3" + ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/DSAparams_print_fp.3" + ln -sf "RSA_print.3" "$(DESTDIR)$(mandir)/man3/RSA_print_fp.3" + ln -sf "RSA_private_encrypt.3" "$(DESTDIR)$(mandir)/man3/RSA_public_decrypt.3" + ln -sf "RSA_public_encrypt.3" "$(DESTDIR)$(mandir)/man3/RSA_private_decrypt.3" + ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_PKCS1_SSLeay.3" + ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_flags.3" + ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_get_default_method.3" + ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_get_method.3" + ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_new_method.3" + ln -sf "RSA_set_method.3" "$(DESTDIR)$(mandir)/man3/RSA_set_default_method.3" + ln -sf "RSA_sign.3" "$(DESTDIR)$(mandir)/man3/RSA_verify.3" + ln -sf "RSA_sign_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/RSA_verify_ASN1_OCTET_STRING.3" + ln -sf "RSA_size.3" "$(DESTDIR)$(mandir)/man3/RSA_bits.3" + ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA1_Final.3" + ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA1_Init.3" + ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA1_Update.3" + ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA224.3" + ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA224_Final.3" + ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA224_Init.3" + ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA224_Update.3" + ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA256.3" + ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA256_Final.3" + ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA256_Init.3" + ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA256_Update.3" + ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA384.3" + ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA384_Final.3" + ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA384_Init.3" + ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA384_Update.3" + ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA512.3" + ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA512_Final.3" + ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA512_Init.3" + ln -sf "SHA1.3" "$(DESTDIR)$(mandir)/man3/SHA512_Update.3" + ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_description.3" + ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_auth_nid.3" + ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_bits.3" + ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_cipher_nid.3" + ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_digest_nid.3" + ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_id.3" + ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_kx_nid.3" + ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_version.3" + ln -sf "SSL_CIPHER_get_name.3" "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_is_aead.3" + ln -sf "SSL_COMP_add_compression_method.3" "$(DESTDIR)$(mandir)/man3/SSL_COMP_get_compression_methods.3" + ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_add0_chain_cert.3" + ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_chain_certs.3" + ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get0_chain_certs.3" + ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set0_chain.3" + ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_chain.3" + ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_add0_chain_cert.3" + ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_add1_chain_cert.3" + ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_chain_certs.3" + ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_get0_chain_certs.3" + ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_set0_chain.3" + ln -sf "SSL_CTX_add1_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_set1_chain.3" + ln -sf "SSL_CTX_add_extra_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_extra_chain_certs.3" + ln -sf "SSL_CTX_add_extra_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_extra_chain_certs.3" + ln -sf "SSL_CTX_add_extra_chain_cert.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_extra_chain_certs_only.3" + ln -sf "SSL_CTX_add_session.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_remove_session.3" + ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_callback_ctrl.3" + ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_callback_ctrl.3" + ln -sf "SSL_CTX_ctrl.3" "$(DESTDIR)$(mandir)/man3/SSL_ctrl.3" + ln -sf "SSL_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ex_data.3" + ln -sf "SSL_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ex_data.3" + ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_callback.3" + ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_depth.3" + ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_get_verify_callback.3" + ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_get_verify_depth.3" + ln -sf "SSL_CTX_get_verify_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_get_verify_mode.3" + ln -sf "SSL_CTX_load_verify_locations.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_default_verify_paths.3" + ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/DTLS_client_method.3" + ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/DTLS_method.3" + ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/DTLS_server_method.3" + ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/DTLSv1_client_method.3" + ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/DTLSv1_method.3" + ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/DTLSv1_server_method.3" + ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_up_ref.3" + ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/SSLv23_client_method.3" + ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/SSLv23_method.3" + ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/SSLv23_server_method.3" + ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLS_client_method.3" + ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLS_method.3" + ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLS_server_method.3" + ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_1_client_method.3" + ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_1_method.3" + ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_1_server_method.3" + ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_2_client_method.3" + ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_2_method.3" + ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_2_server_method.3" + ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_client_method.3" + ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_method.3" + ln -sf "SSL_CTX_new.3" "$(DESTDIR)$(mandir)/man3/TLSv1_server_method.3" + ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept.3" + ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_good.3" + ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_renegotiate.3" + ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cache_full.3" + ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cb_hits.3" + ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect.3" + ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_good.3" + ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_renegotiate.3" + ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_hits.3" + ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_misses.3" + ln -sf "SSL_CTX_sess_number.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_timeouts.3" + ln -sf "SSL_CTX_sess_set_cache_size.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_cache_size.3" + ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_get_cb.3" + ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_new_cb.3" + ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_remove_cb.3" + ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_new_cb.3" + ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_remove_cb.3" + ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/get_session_cb.3" + ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/new_session_cb.3" + ln -sf "SSL_CTX_sess_set_get_cb.3" "$(DESTDIR)$(mandir)/man3/remove_session_cb.3" + ln -sf "SSL_CTX_set1_groups.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_curves.3" + ln -sf "SSL_CTX_set1_groups.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_curves_list.3" + ln -sf "SSL_CTX_set1_groups.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_groups_list.3" + ln -sf "SSL_CTX_set1_groups.3" "$(DESTDIR)$(mandir)/man3/SSL_set1_curves.3" + ln -sf "SSL_CTX_set1_groups.3" "$(DESTDIR)$(mandir)/man3/SSL_set1_curves_list.3" + ln -sf "SSL_CTX_set1_groups.3" "$(DESTDIR)$(mandir)/man3/SSL_set1_groups.3" + ln -sf "SSL_CTX_set1_groups.3" "$(DESTDIR)$(mandir)/man3/SSL_set1_groups_list.3" + ln -sf "SSL_CTX_set_alpn_select_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_alpn_protos.3" + ln -sf "SSL_CTX_set_alpn_select_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_get0_alpn_selected.3" + ln -sf "SSL_CTX_set_alpn_select_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_select_next_proto.3" + ln -sf "SSL_CTX_set_alpn_select_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_set_alpn_protos.3" + ln -sf "SSL_CTX_set_cert_store.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_cert_store.3" + ln -sf "SSL_CTX_set_cipher_list.3" "$(DESTDIR)$(mandir)/man3/SSL_set_cipher_list.3" + ln -sf "SSL_CTX_set_client_CA_list.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_add_client_CA.3" + ln -sf "SSL_CTX_set_client_CA_list.3" "$(DESTDIR)$(mandir)/man3/SSL_add_client_CA.3" + ln -sf "SSL_CTX_set_client_CA_list.3" "$(DESTDIR)$(mandir)/man3/SSL_set_client_CA_list.3" + ln -sf "SSL_CTX_set_client_cert_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_cert_cb.3" + ln -sf "SSL_CTX_set_client_cert_cb.3" "$(DESTDIR)$(mandir)/man3/client_cert_cb.3" + ln -sf "SSL_CTX_set_default_passwd_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_default_passwd_cb.3" + ln -sf "SSL_CTX_set_default_passwd_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_default_passwd_cb_userdata.3" + ln -sf "SSL_CTX_set_default_passwd_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_default_passwd_cb_userdata.3" + ln -sf "SSL_CTX_set_default_passwd_cb.3" "$(DESTDIR)$(mandir)/man3/pem_password_cb.3" + ln -sf "SSL_CTX_set_generate_session_id.3" "$(DESTDIR)$(mandir)/man3/GEN_SESSION_CB.3" + ln -sf "SSL_CTX_set_generate_session_id.3" "$(DESTDIR)$(mandir)/man3/SSL_has_matching_session_id.3" + ln -sf "SSL_CTX_set_generate_session_id.3" "$(DESTDIR)$(mandir)/man3/SSL_set_generate_session_id.3" + ln -sf "SSL_CTX_set_info_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_info_callback.3" + ln -sf "SSL_CTX_set_info_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_get_info_callback.3" + ln -sf "SSL_CTX_set_info_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_info_callback.3" + ln -sf "SSL_CTX_set_max_cert_list.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_cert_list.3" + ln -sf "SSL_CTX_set_max_cert_list.3" "$(DESTDIR)$(mandir)/man3/SSL_get_max_cert_list.3" + ln -sf "SSL_CTX_set_max_cert_list.3" "$(DESTDIR)$(mandir)/man3/SSL_set_max_cert_list.3" + ln -sf "SSL_CTX_set_min_proto_version.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_proto_version.3" + ln -sf "SSL_CTX_set_min_proto_version.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_min_proto_version.3" + ln -sf "SSL_CTX_set_min_proto_version.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_proto_version.3" + ln -sf "SSL_CTX_set_min_proto_version.3" "$(DESTDIR)$(mandir)/man3/SSL_get_max_proto_version.3" + ln -sf "SSL_CTX_set_min_proto_version.3" "$(DESTDIR)$(mandir)/man3/SSL_get_min_proto_version.3" + ln -sf "SSL_CTX_set_min_proto_version.3" "$(DESTDIR)$(mandir)/man3/SSL_set_max_proto_version.3" + ln -sf "SSL_CTX_set_min_proto_version.3" "$(DESTDIR)$(mandir)/man3/SSL_set_min_proto_version.3" + ln -sf "SSL_CTX_set_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_mode.3" + ln -sf "SSL_CTX_set_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_mode.3" + ln -sf "SSL_CTX_set_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_mode.3" + ln -sf "SSL_CTX_set_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_get_mode.3" + ln -sf "SSL_CTX_set_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_set_mode.3" + ln -sf "SSL_CTX_set_msg_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_msg_callback_arg.3" + ln -sf "SSL_CTX_set_msg_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback.3" + ln -sf "SSL_CTX_set_msg_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback_arg.3" + ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_options.3" + ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_options.3" + ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_options.3" + ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_get_options.3" + ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_get_secure_renegotiation_support.3" + ln -sf "SSL_CTX_set_options.3" "$(DESTDIR)$(mandir)/man3/SSL_set_options.3" + ln -sf "SSL_CTX_set_quiet_shutdown.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_quiet_shutdown.3" + ln -sf "SSL_CTX_set_quiet_shutdown.3" "$(DESTDIR)$(mandir)/man3/SSL_get_quiet_shutdown.3" + ln -sf "SSL_CTX_set_quiet_shutdown.3" "$(DESTDIR)$(mandir)/man3/SSL_set_quiet_shutdown.3" + ln -sf "SSL_CTX_set_read_ahead.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_default_read_ahead.3" + ln -sf "SSL_CTX_set_read_ahead.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_read_ahead.3" + ln -sf "SSL_CTX_set_read_ahead.3" "$(DESTDIR)$(mandir)/man3/SSL_get_read_ahead.3" + ln -sf "SSL_CTX_set_read_ahead.3" "$(DESTDIR)$(mandir)/man3/SSL_set_read_ahead.3" + ln -sf "SSL_CTX_set_session_cache_mode.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_session_cache_mode.3" + ln -sf "SSL_CTX_set_session_id_context.3" "$(DESTDIR)$(mandir)/man3/SSL_set_session_id_context.3" + ln -sf "SSL_CTX_set_ssl_version.3" "$(DESTDIR)$(mandir)/man3/SSL_get_ssl_method.3" + ln -sf "SSL_CTX_set_ssl_version.3" "$(DESTDIR)$(mandir)/man3/SSL_set_ssl_method.3" + ln -sf "SSL_CTX_set_timeout.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_timeout.3" + ln -sf "SSL_CTX_set_tlsext_servername_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tlsext_servername_arg.3" + ln -sf "SSL_CTX_set_tlsext_servername_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_get_servername.3" + ln -sf "SSL_CTX_set_tlsext_servername_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_get_servername_type.3" + ln -sf "SSL_CTX_set_tlsext_servername_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_host_name.3" + ln -sf "SSL_CTX_set_tlsext_status_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_tlsext_status_arg.3" + ln -sf "SSL_CTX_set_tlsext_status_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_tlsext_status_cb.3" + ln -sf "SSL_CTX_set_tlsext_status_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tlsext_status_arg.3" + ln -sf "SSL_CTX_set_tlsext_status_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_get_tlsext_status_ocsp_resp.3" + ln -sf "SSL_CTX_set_tlsext_status_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_status_ocsp_resp.3" + ln -sf "SSL_CTX_set_tlsext_status_cb.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_status_type.3" + ln -sf "SSL_CTX_set_tlsext_use_srtp.3" "$(DESTDIR)$(mandir)/man3/SSL_get_selected_srtp_profile.3" + ln -sf "SSL_CTX_set_tlsext_use_srtp.3" "$(DESTDIR)$(mandir)/man3/SSL_get_srtp_profiles.3" + ln -sf "SSL_CTX_set_tlsext_use_srtp.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_use_srtp.3" + ln -sf "SSL_CTX_set_tmp_dh_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_dh.3" + ln -sf "SSL_CTX_set_tmp_dh_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh.3" + ln -sf "SSL_CTX_set_tmp_dh_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh_callback.3" + ln -sf "SSL_CTX_set_tmp_rsa_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_need_tmp_RSA.3" + ln -sf "SSL_CTX_set_tmp_rsa_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_rsa.3" + ln -sf "SSL_CTX_set_tmp_rsa_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_need_tmp_RSA.3" + ln -sf "SSL_CTX_set_tmp_rsa_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa.3" + ln -sf "SSL_CTX_set_tmp_rsa_callback.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa_callback.3" + ln -sf "SSL_CTX_set_verify.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_verify_depth.3" + ln -sf "SSL_CTX_set_verify.3" "$(DESTDIR)$(mandir)/man3/SSL_set_verify.3" + ln -sf "SSL_CTX_set_verify.3" "$(DESTDIR)$(mandir)/man3/SSL_set_verify_depth.3" + ln -sf "SSL_CTX_set_verify.3" "$(DESTDIR)$(mandir)/man3/verify_callback.3" + ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_check_private_key.3" + ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey.3" + ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_ASN1.3" + ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_file.3" + ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey.3" + ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_ASN1.3" + ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_file.3" + ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_ASN1.3" + ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_file.3" + ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_mem.3" + ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_file.3" + ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_check_private_key.3" + ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey.3" + ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_ASN1.3" + ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_file.3" + ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey.3" + ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_ASN1.3" + ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_file.3" + ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_certificate.3" + ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_certificate_ASN1.3" + ln -sf "SSL_CTX_use_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_use_certificate_file.3" + ln -sf "SSL_SESSION_free.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_up_ref.3" + ln -sf "SSL_SESSION_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_ex_data.3" + ln -sf "SSL_SESSION_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_ex_data.3" + ln -sf "SSL_SESSION_get_id.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set1_id.3" + ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_timeout.3" + ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_time.3" + ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_timeout.3" + ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_get_time.3" + ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_get_timeout.3" + ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_set_time.3" + ln -sf "SSL_SESSION_get_time.3" "$(DESTDIR)$(mandir)/man3/SSL_set_timeout.3" + ln -sf "SSL_SESSION_has_ticket.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_ticket_lifetime_hint.3" + ln -sf "SSL_SESSION_print.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_print_fp.3" + ln -sf "SSL_SESSION_set1_id_context.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get0_id_context.3" + ln -sf "SSL_alert_type_string.3" "$(DESTDIR)$(mandir)/man3/SSL_alert_desc_string.3" + ln -sf "SSL_alert_type_string.3" "$(DESTDIR)$(mandir)/man3/SSL_alert_desc_string_long.3" + ln -sf "SSL_alert_type_string.3" "$(DESTDIR)$(mandir)/man3/SSL_alert_type_string_long.3" + ln -sf "SSL_get_certificate.3" "$(DESTDIR)$(mandir)/man3/SSL_get_privatekey.3" + ln -sf "SSL_get_ciphers.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ciphers.3" + ln -sf "SSL_get_ciphers.3" "$(DESTDIR)$(mandir)/man3/SSL_get1_supported_ciphers.3" + ln -sf "SSL_get_ciphers.3" "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_list.3" + ln -sf "SSL_get_ciphers.3" "$(DESTDIR)$(mandir)/man3/SSL_get_client_ciphers.3" + ln -sf "SSL_get_client_CA_list.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_CA_list.3" + ln -sf "SSL_get_client_random.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_master_key.3" + ln -sf "SSL_get_client_random.3" "$(DESTDIR)$(mandir)/man3/SSL_get_server_random.3" + ln -sf "SSL_get_current_cipher.3" "$(DESTDIR)$(mandir)/man3/SSL_get_cipher.3" + ln -sf "SSL_get_current_cipher.3" "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_bits.3" + ln -sf "SSL_get_current_cipher.3" "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_name.3" + ln -sf "SSL_get_current_cipher.3" "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_version.3" + ln -sf "SSL_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_get_ex_data.3" + ln -sf "SSL_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/SSL_set_ex_data.3" + ln -sf "SSL_get_fd.3" "$(DESTDIR)$(mandir)/man3/SSL_get_rfd.3" + ln -sf "SSL_get_fd.3" "$(DESTDIR)$(mandir)/man3/SSL_get_wfd.3" + ln -sf "SSL_get_rbio.3" "$(DESTDIR)$(mandir)/man3/SSL_get_wbio.3" + ln -sf "SSL_get_session.3" "$(DESTDIR)$(mandir)/man3/SSL_get0_session.3" + ln -sf "SSL_get_session.3" "$(DESTDIR)$(mandir)/man3/SSL_get1_session.3" + ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_in_accept_init.3" + ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_in_before.3" + ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_in_connect_init.3" + ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_in_init.3" + ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_is_init_finished.3" + ln -sf "SSL_get_state.3" "$(DESTDIR)$(mandir)/man3/SSL_state.3" + ln -sf "SSL_get_version.3" "$(DESTDIR)$(mandir)/man3/SSL_version.3" + ln -sf "SSL_library_init.3" "$(DESTDIR)$(mandir)/man3/OpenSSL_add_ssl_algorithms.3" + ln -sf "SSL_library_init.3" "$(DESTDIR)$(mandir)/man3/SSLeay_add_ssl_algorithms.3" + ln -sf "SSL_load_client_CA_file.3" "$(DESTDIR)$(mandir)/man3/SSL_add_dir_cert_subjects_to_stack.3" + ln -sf "SSL_load_client_CA_file.3" "$(DESTDIR)$(mandir)/man3/SSL_add_file_cert_subjects_to_stack.3" + ln -sf "SSL_new.3" "$(DESTDIR)$(mandir)/man3/SSL_up_ref.3" + ln -sf "SSL_num_renegotiations.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_num_renegotiations.3" + ln -sf "SSL_num_renegotiations.3" "$(DESTDIR)$(mandir)/man3/SSL_total_renegotiations.3" + ln -sf "SSL_read.3" "$(DESTDIR)$(mandir)/man3/SSL_peek.3" + ln -sf "SSL_renegotiate.3" "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_abbreviated.3" + ln -sf "SSL_renegotiate.3" "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_pending.3" + ln -sf "SSL_rstate_string.3" "$(DESTDIR)$(mandir)/man3/SSL_rstate_string_long.3" + ln -sf "SSL_set1_param.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get0_param.3" + ln -sf "SSL_set1_param.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_param.3" + ln -sf "SSL_set1_param.3" "$(DESTDIR)$(mandir)/man3/SSL_get0_param.3" + ln -sf "SSL_set_connect_state.3" "$(DESTDIR)$(mandir)/man3/SSL_is_server.3" + ln -sf "SSL_set_connect_state.3" "$(DESTDIR)$(mandir)/man3/SSL_set_accept_state.3" + ln -sf "SSL_set_fd.3" "$(DESTDIR)$(mandir)/man3/SSL_set_rfd.3" + ln -sf "SSL_set_fd.3" "$(DESTDIR)$(mandir)/man3/SSL_set_wfd.3" + ln -sf "SSL_set_max_send_fragment.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_send_fragment.3" + ln -sf "SSL_set_shutdown.3" "$(DESTDIR)$(mandir)/man3/SSL_get_shutdown.3" + ln -sf "SSL_set_tmp_ecdh.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ecdh_auto.3" + ln -sf "SSL_set_tmp_ecdh.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_ecdh.3" + ln -sf "SSL_set_tmp_ecdh.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_ecdh_callback.3" + ln -sf "SSL_set_tmp_ecdh.3" "$(DESTDIR)$(mandir)/man3/SSL_set_ecdh_auto.3" + ln -sf "SSL_set_tmp_ecdh.3" "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_ecdh_callback.3" + ln -sf "SSL_state_string.3" "$(DESTDIR)$(mandir)/man3/SSL_state_string_long.3" + ln -sf "SSL_want.3" "$(DESTDIR)$(mandir)/man3/SSL_want_nothing.3" + ln -sf "SSL_want.3" "$(DESTDIR)$(mandir)/man3/SSL_want_read.3" + ln -sf "SSL_want.3" "$(DESTDIR)$(mandir)/man3/SSL_want_write.3" + ln -sf "SSL_want.3" "$(DESTDIR)$(mandir)/man3/SSL_want_x509_lookup.3" + ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/SXNETID_free.3" + ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/SXNETID_new.3" + ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/SXNET_free.3" + ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/d2i_SXNET.3" + ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/d2i_SXNETID.3" + ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/i2d_SXNET.3" + ln -sf "SXNET_new.3" "$(DESTDIR)$(mandir)/man3/i2d_SXNETID.3" + ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_ACCURACY_free.3" + ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_ACCURACY_new.3" + ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_MSG_IMPRINT_free.3" + ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_MSG_IMPRINT_new.3" + ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_REQ_free.3" + ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_RESP_free.3" + ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_RESP_new.3" + ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_STATUS_INFO_free.3" + ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_STATUS_INFO_new.3" + ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_TST_INFO_free.3" + ln -sf "TS_REQ_new.3" "$(DESTDIR)$(mandir)/man3/TS_TST_INFO_new.3" + ln -sf "UI_UTIL_read_pw.3" "$(DESTDIR)$(mandir)/man3/UI_UTIL_read_pw_string.3" + ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_destroy_method.3" + ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_closer.3" + ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_flusher.3" + ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_opener.3" + ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_prompt_constructor.3" + ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_reader.3" + ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_get_writer.3" + ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_closer.3" + ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_flusher.3" + ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_opener.3" + ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_prompt_constructor.3" + ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_reader.3" + ln -sf "UI_create_method.3" "$(DESTDIR)$(mandir)/man3/UI_method_set_writer.3" + ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get0_action_string.3" + ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get0_output_string.3" + ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get0_result_string.3" + ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get0_test_string.3" + ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get_input_flags.3" + ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get_result_maxsize.3" + ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_get_result_minsize.3" + ln -sf "UI_get_string_type.3" "$(DESTDIR)$(mandir)/man3/UI_set_result.3" + ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_OpenSSL.3" + ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_error_string.3" + ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_info_string.3" + ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_input_boolean.3" + ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_input_string.3" + ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_user_data.3" + ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_add_verify_string.3" + ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_construct_prompt.3" + ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_ctrl.3" + ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_dup_error_string.3" + ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_dup_info_string.3" + ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_dup_input_boolean.3" + ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_dup_input_string.3" + ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_dup_verify_string.3" + ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_free.3" + ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_get0_result.3" + ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_get0_user_data.3" + ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_get_default_method.3" + ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_get_method.3" + ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_new_method.3" + ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_process.3" + ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_set_default_method.3" + ln -sf "UI_new.3" "$(DESTDIR)$(mandir)/man3/UI_set_method.3" + ln -sf "X25519.3" "$(DESTDIR)$(mandir)/man3/X25519_keypair.3" + ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509V3_EXT_d2i.3" + ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509V3_EXT_i2d.3" + ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509V3_add1_i2d.3" + ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_add1_ext_i2d.3" + ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_extensions.3" + ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_d2i.3" + ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_add1_ext_i2d.3" + ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get0_extensions.3" + ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_d2i.3" + ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_add1_ext_i2d.3" + ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_get0_extensions.3" + ln -sf "X509V3_get_d2i.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext_d2i.3" + ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_cmp.3" + ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_free.3" + ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_get0.3" + ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_new.3" + ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set0.3" + ln -sf "X509_ALGOR_dup.3" "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set_md.3" + ln -sf "X509_ATTRIBUTE_new.3" "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_free.3" + ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_free.3" + ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_new.3" + ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_CINF_free.3" + ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_VAL_free.3" + ln -sf "X509_CINF_new.3" "$(DESTDIR)$(mandir)/man3/X509_VAL_new.3" + ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_add0_revoked.3" + ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_by_cert.3" + ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_REVOKED.3" + ln -sf "X509_CRL_get0_by_serial.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_sort.3" + ln -sf "X509_CRL_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_INFO_free.3" + ln -sf "X509_CRL_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_INFO_new.3" + ln -sf "X509_CRL_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_dup.3" + ln -sf "X509_CRL_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_free.3" + ln -sf "X509_CRL_new.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_up_ref.3" + ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_NID.3" + ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_OBJ.3" + ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_free.3" + ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_critical.3" + ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_data.3" + ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_object.3" + ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_new.3" + ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_set_critical.3" + ln -sf "X509_EXTENSION_set_object.3" "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_set_data.3" + ln -sf "X509_INFO_new.3" "$(DESTDIR)$(mandir)/man3/X509_INFO_free.3" + ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_file.3" + ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_load_cert_crl_file.3" + ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_load_cert_file.3" + ln -sf "X509_LOOKUP_hash_dir.3" "$(DESTDIR)$(mandir)/man3/X509_load_crl_file.3" + ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_NID.3" + ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_OBJ.3" + ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_txt.3" + ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_free.3" + ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_get_data.3" + ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_new.3" + ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_data.3" + ln -sf "X509_NAME_ENTRY_get_object.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_object.3" + ln -sf "X509_NAME_add_entry_by_txt.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry.3" + ln -sf "X509_NAME_add_entry_by_txt.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_NID.3" + ln -sf "X509_NAME_add_entry_by_txt.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_OBJ.3" + ln -sf "X509_NAME_add_entry_by_txt.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_delete_entry.3" + ln -sf "X509_NAME_get_index_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_entry_count.3" + ln -sf "X509_NAME_get_index_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_get_entry.3" + ln -sf "X509_NAME_get_index_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_get_index_by_OBJ.3" + ln -sf "X509_NAME_get_index_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_NID.3" + ln -sf "X509_NAME_get_index_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_OBJ.3" + ln -sf "X509_NAME_new.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_free.3" + ln -sf "X509_NAME_print_ex.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_oneline.3" + ln -sf "X509_NAME_print_ex.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_print.3" + ln -sf "X509_NAME_print_ex.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_print_ex_fp.3" + ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_free_contents.3" + ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_get0_X509_CRL.3" + ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_get_type.3" + ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_idx_by_subject.3" + ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_retrieve_by_subject.3" + ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_retrieve_match.3" + ln -sf "X509_OBJECT_get0_X509.3" "$(DESTDIR)$(mandir)/man3/X509_OBJECT_up_ref_count.3" + ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_free.3" + ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get.3" + ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get0.3" + ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get0_param.3" + ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_set.3" + ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_set0_param.3" + ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY.3" + ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_bio.3" + ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_fp.3" + ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY.3" + ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_bio.3" + ln -sf "X509_PUBKEY_new.3" "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_fp.3" + ln -sf "X509_REQ_new.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_free.3" + ln -sf "X509_REQ_new.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_new.3" + ln -sf "X509_REQ_new.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_free.3" + ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_dup.3" + ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_free.3" + ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get0_revocationDate.3" + ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get0_serialNumber.3" + ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_revocationDate.3" + ln -sf "X509_REVOKED_new.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_serialNumber.3" + ln -sf "X509_SIG_new.3" "$(DESTDIR)$(mandir)/man3/X509_SIG_free.3" + ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_cert.3" + ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_chain.3" + ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get1_chain.3" + ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_current_cert.3" + ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_error_depth.3" + ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_error.3" + ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_verify_cert_error_string.3" + ln -sf "X509_STORE_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_ex_data.3" + ln -sf "X509_STORE_CTX_get_ex_new_index.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_ex_data.3" + ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_cleanup.3" + ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_free.3" + ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_param.3" + ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_store.3" + ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_untrusted.3" + ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_init.3" + ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_crls.3" + ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3" + ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_trusted_stack.3" + ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_untrusted.3" + ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_cert.3" + ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3" + ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3" + ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_flags.3" + ln -sf "X509_STORE_CTX_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3" + ln -sf "X509_STORE_load_locations.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_default_paths.3" + ln -sf "X509_STORE_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_free.3" + ln -sf "X509_STORE_new.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_up_ref.3" + ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_add_cert.3" + ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_add_crl.3" + ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_objects.3" + ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_param.3" + ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get_ex_data.3" + ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_get_ex_new_index.3" + ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_depth.3" + ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_ex_data.3" + ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_flags.3" + ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_purpose.3" + ln -sf "X509_STORE_set1_param.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_trust.3" + ln -sf "X509_STORE_set_verify_cb_func.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_set_verify_cb.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_policy.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_table.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add1_host.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_clear_flags.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_free.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0_name.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0_peername.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_count.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_depth.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_flags.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_lookup.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_new.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_email.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_host.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_ip.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_ip_asc.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_name.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_policies.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_depth.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_hostflags.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_purpose.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_time.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_trust.3" + ln -sf "X509_VERIFY_PARAM_set_flags.3" "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_table_cleanup.3" + ln -sf "X509_check_host.3" "$(DESTDIR)$(mandir)/man3/X509_check_email.3" + ln -sf "X509_check_host.3" "$(DESTDIR)$(mandir)/man3/X509_check_ip.3" + ln -sf "X509_check_host.3" "$(DESTDIR)$(mandir)/man3/X509_check_ip_asc.3" + ln -sf "X509_check_private_key.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_check_private_key.3" + ln -sf "X509_cmp.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_cmp.3" + ln -sf "X509_cmp.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_match.3" + ln -sf "X509_cmp.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_cmp.3" + ln -sf "X509_cmp.3" "$(DESTDIR)$(mandir)/man3/X509_issuer_and_serial_cmp.3" + ln -sf "X509_cmp.3" "$(DESTDIR)$(mandir)/man3/X509_issuer_name_cmp.3" + ln -sf "X509_cmp.3" "$(DESTDIR)$(mandir)/man3/X509_subject_name_cmp.3" + ln -sf "X509_cmp_time.3" "$(DESTDIR)$(mandir)/man3/X509_cmp_current_time.3" + ln -sf "X509_cmp_time.3" "$(DESTDIR)$(mandir)/man3/X509_time_adj.3" + ln -sf "X509_cmp_time.3" "$(DESTDIR)$(mandir)/man3/X509_time_adj_ex.3" + ln -sf "X509_digest.3" "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_digest.3" + ln -sf "X509_digest.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_digest.3" + ln -sf "X509_digest.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_digest.3" + ln -sf "X509_digest.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_digest.3" + ln -sf "X509_digest.3" "$(DESTDIR)$(mandir)/man3/X509_pubkey_digest.3" + ln -sf "X509_get0_notBefore.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_lastUpdate.3" + ln -sf "X509_get0_notBefore.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_nextUpdate.3" + ln -sf "X509_get0_notBefore.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_set1_lastUpdate.3" + ln -sf "X509_get0_notBefore.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_set1_nextUpdate.3" + ln -sf "X509_get0_notBefore.3" "$(DESTDIR)$(mandir)/man3/X509_get0_notAfter.3" + ln -sf "X509_get0_notBefore.3" "$(DESTDIR)$(mandir)/man3/X509_getm_notAfter.3" + ln -sf "X509_get0_notBefore.3" "$(DESTDIR)$(mandir)/man3/X509_getm_notBefore.3" + ln -sf "X509_get0_notBefore.3" "$(DESTDIR)$(mandir)/man3/X509_set1_notAfter.3" + ln -sf "X509_get0_notBefore.3" "$(DESTDIR)$(mandir)/man3/X509_set1_notBefore.3" + ln -sf "X509_get0_signature.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_signature.3" + ln -sf "X509_get0_signature.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_signature_nid.3" + ln -sf "X509_get0_signature.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get0_signature.3" + ln -sf "X509_get0_signature.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_signature_nid.3" + ln -sf "X509_get0_signature.3" "$(DESTDIR)$(mandir)/man3/X509_get0_tbs_sigalg.3" + ln -sf "X509_get0_signature.3" "$(DESTDIR)$(mandir)/man3/X509_get_signature_nid.3" + ln -sf "X509_get1_email.3" "$(DESTDIR)$(mandir)/man3/X509_email_free.3" + ln -sf "X509_get1_email.3" "$(DESTDIR)$(mandir)/man3/X509_get1_ocsp.3" + ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_pubkey.3" + ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_set_pubkey.3" + ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_get0_pubkey.3" + ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_get_X509_PUBKEY.3" + ln -sf "X509_get_pubkey.3" "$(DESTDIR)$(mandir)/man3/X509_set_pubkey.3" + ln -sf "X509_get_serialNumber.3" "$(DESTDIR)$(mandir)/man3/X509_set_serialNumber.3" + ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_issuer.3" + ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_set_issuer_name.3" + ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_subject_name.3" + ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_set_subject_name.3" + ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_get_issuer_name.3" + ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_set_issuer_name.3" + ln -sf "X509_get_subject_name.3" "$(DESTDIR)$(mandir)/man3/X509_set_subject_name.3" + ln -sf "X509_get_version.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_version.3" + ln -sf "X509_get_version.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_set_version.3" + ln -sf "X509_get_version.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_get_version.3" + ln -sf "X509_get_version.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_set_version.3" + ln -sf "X509_get_version.3" "$(DESTDIR)$(mandir)/man3/X509_set_version.3" + ln -sf "X509_new.3" "$(DESTDIR)$(mandir)/man3/X509_chain_up_ref.3" + ln -sf "X509_new.3" "$(DESTDIR)$(mandir)/man3/X509_dup.3" + ln -sf "X509_new.3" "$(DESTDIR)$(mandir)/man3/X509_free.3" + ln -sf "X509_new.3" "$(DESTDIR)$(mandir)/man3/X509_up_ref.3" + ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_sign.3" + ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_sign_ctx.3" + ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_verify.3" + ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_sign.3" + ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_sign_ctx.3" + ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_REQ_verify.3" + ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_sign_ctx.3" + ln -sf "X509_sign.3" "$(DESTDIR)$(mandir)/man3/X509_verify.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_add_ext.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_delete_ext.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_NID.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_OBJ.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_critical.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_count.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_add_ext.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_delete_ext.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_NID.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_OBJ.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_critical.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_count.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_add_ext.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_delete_ext.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_NID.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_OBJ.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_critical.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509_get_ext_count.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_add_ext.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_delete_ext.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_get_ext.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_by_OBJ.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_by_critical.3" + ln -sf "X509v3_get_ext_by_NID.3" "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_count.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_add_words.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_check_top.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_cmp_words.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_div_words.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_expand.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_expand2.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_fix_top.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_add_words.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_comba4.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_comba8.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_high.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_low_normal.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_low_recursive.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_normal.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_part_recursive.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_recursive.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_mul_words.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_set_high.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_set_low.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_set_max.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_comba4.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_comba8.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_normal.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_recursive.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sqr_words.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_sub_words.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/bn_wexpand.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/mul.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/mul_add.3" + ln -sf "bn_dump.3" "$(DESTDIR)$(mandir)/man3/sqr.3" + ln -sf "d2i_ASN1_NULL.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_NULL.3" + ln -sf "d2i_ASN1_OBJECT.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_OBJECT.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_BIT_STRING.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_BMPSTRING.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_ENUMERATED.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_GENERALIZEDTIME.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_GENERALSTRING.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_IA5STRING.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_INTEGER.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_PRINTABLE.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_PRINTABLESTRING.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_T61STRING.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TIME.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UINTEGER.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UNIVERSALSTRING.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UTCTIME.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UTF8STRING.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_VISIBLESTRING.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_DIRECTORYSTRING.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/d2i_DISPLAYTEXT.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_BIT_STRING.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_BMPSTRING.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_ENUMERATED.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_GENERALIZEDTIME.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_GENERALSTRING.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_IA5STRING.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_INTEGER.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_OCTET_STRING.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_PRINTABLE.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_PRINTABLESTRING.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_T61STRING.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TIME.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UNIVERSALSTRING.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UTCTIME.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UTF8STRING.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_VISIBLESTRING.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_DIRECTORYSTRING.3" + ln -sf "d2i_ASN1_OCTET_STRING.3" "$(DESTDIR)$(mandir)/man3/i2d_DISPLAYTEXT.3" + ln -sf "d2i_ASN1_SEQUENCE_ANY.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_SET_ANY.3" + ln -sf "d2i_ASN1_SEQUENCE_ANY.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_SEQUENCE_ANY.3" + ln -sf "d2i_ASN1_SEQUENCE_ANY.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_SET_ANY.3" + ln -sf "d2i_AUTHORITY_KEYID.3" "$(DESTDIR)$(mandir)/man3/i2d_AUTHORITY_KEYID.3" + ln -sf "d2i_BASIC_CONSTRAINTS.3" "$(DESTDIR)$(mandir)/man3/d2i_EXTENDED_KEY_USAGE.3" + ln -sf "d2i_BASIC_CONSTRAINTS.3" "$(DESTDIR)$(mandir)/man3/i2d_BASIC_CONSTRAINTS.3" + ln -sf "d2i_BASIC_CONSTRAINTS.3" "$(DESTDIR)$(mandir)/man3/i2d_EXTENDED_KEY_USAGE.3" + ln -sf "d2i_CMS_ContentInfo.3" "$(DESTDIR)$(mandir)/man3/d2i_CMS_ReceiptRequest.3" + ln -sf "d2i_CMS_ContentInfo.3" "$(DESTDIR)$(mandir)/man3/d2i_CMS_bio.3" + ln -sf "d2i_CMS_ContentInfo.3" "$(DESTDIR)$(mandir)/man3/i2d_CMS_ContentInfo.3" + ln -sf "d2i_CMS_ContentInfo.3" "$(DESTDIR)$(mandir)/man3/i2d_CMS_ReceiptRequest.3" + ln -sf "d2i_CMS_ContentInfo.3" "$(DESTDIR)$(mandir)/man3/i2d_CMS_bio.3" + ln -sf "d2i_DHparams.3" "$(DESTDIR)$(mandir)/man3/i2d_DHparams.3" + ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/d2i_ACCESS_DESCRIPTION.3" + ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/d2i_AUTHORITY_INFO_ACCESS.3" + ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/d2i_CRL_DIST_POINTS.3" + ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/d2i_DIST_POINT_NAME.3" + ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/d2i_ISSUING_DIST_POINT.3" + ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_ACCESS_DESCRIPTION.3" + ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_AUTHORITY_INFO_ACCESS.3" + ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_CRL_DIST_POINTS.3" + ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_DIST_POINT.3" + ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_DIST_POINT_NAME.3" + ln -sf "d2i_DIST_POINT.3" "$(DESTDIR)$(mandir)/man3/i2d_ISSUING_DIST_POINT.3" + ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/DSAparams_dup.3" + ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey.3" + ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey_bio.3" + ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey_fp.3" + ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY.3" + ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY_bio.3" + ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY_fp.3" + ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSA_SIG.3" + ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSAparams.3" + ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSAparams_bio.3" + ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_DSAparams_fp.3" + ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey.3" + ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey_bio.3" + ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey_fp.3" + ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAPublicKey.3" + ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY.3" + ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY_bio.3" + ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY_fp.3" + ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSA_SIG.3" + ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAparams.3" + ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAparams_bio.3" + ln -sf "d2i_DSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_DSAparams_fp.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/ECPKParameters_print.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/ECPKParameters_print_fp.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/ECParameters_dup.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/ECParameters_print.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/ECParameters_print_fp.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_bio.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_fp.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECParameters.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey_bio.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey_fp.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY_bio.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY_fp.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_bio.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_fp.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECParameters.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey_bio.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey_fp.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY_bio.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY_fp.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/i2o_ECPublicKey.3" + ln -sf "d2i_ECPKParameters.3" "$(DESTDIR)$(mandir)/man3/o2i_ECPublicKey.3" + ln -sf "d2i_ESS_SIGNING_CERT.3" "$(DESTDIR)$(mandir)/man3/d2i_ESS_CERT_ID.3" + ln -sf "d2i_ESS_SIGNING_CERT.3" "$(DESTDIR)$(mandir)/man3/d2i_ESS_ISSUER_SERIAL.3" + ln -sf "d2i_ESS_SIGNING_CERT.3" "$(DESTDIR)$(mandir)/man3/i2d_ESS_CERT_ID.3" + ln -sf "d2i_ESS_SIGNING_CERT.3" "$(DESTDIR)$(mandir)/man3/i2d_ESS_ISSUER_SERIAL.3" + ln -sf "d2i_ESS_SIGNING_CERT.3" "$(DESTDIR)$(mandir)/man3/i2d_ESS_SIGNING_CERT.3" + ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/d2i_EDIPARTYNAME.3" + ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/d2i_GENERAL_NAMES.3" + ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/d2i_OTHERNAME.3" + ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_EDIPARTYNAME.3" + ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_GENERAL_NAME.3" + ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_GENERAL_NAMES.3" + ln -sf "d2i_GENERAL_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_OTHERNAME.3" + ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CERTID.3" + ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_ONEREQ.3" + ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_REQINFO.3" + ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SERVICELOC.3" + ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SIGNATURE.3" + ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CERTID.3" + ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_ONEREQ.3" + ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REQINFO.3" + ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REQUEST.3" + ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SERVICELOC.3" + ln -sf "d2i_OCSP_REQUEST.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SIGNATURE.3" + ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_BASICRESP.3" + ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CERTSTATUS.3" + ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CRLID.3" + ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPBYTES.3" + ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPDATA.3" + ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPID.3" + ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_REVOKEDINFO.3" + ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SINGLERESP.3" + ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_BASICRESP.3" + ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CERTSTATUS.3" + ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CRLID.3" + ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPBYTES.3" + ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPDATA.3" + ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPID.3" + ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPONSE.3" + ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REVOKEDINFO.3" + ln -sf "d2i_OCSP_RESPONSE.3" "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SINGLERESP.3" + ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_BAGS.3" + ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_MAC_DATA.3" + ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_SAFEBAG.3" + ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_bio.3" + ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_fp.3" + ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12.3" + ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_BAGS.3" + ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_MAC_DATA.3" + ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_SAFEBAG.3" + ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_bio.3" + ln -sf "d2i_PKCS12.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_fp.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_DIGEST.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENCRYPT.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENC_CONTENT.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENVELOPE.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ISSUER_AND_SERIAL.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_RECIP_INFO.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGNED.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGNER_INFO.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGN_ENVELOPE.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_bio.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_fp.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_DIGEST.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENCRYPT.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENC_CONTENT.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENVELOPE.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ISSUER_AND_SERIAL.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_NDEF.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_RECIP_INFO.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGNED.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGNER_INFO.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGN_ENVELOPE.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_bio.3" + ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_fp.3" + ln -sf "d2i_PKCS8PrivateKey_bio.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS8PrivateKey_fp.3" + ln -sf "d2i_PKCS8PrivateKey_bio.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_bio.3" + ln -sf "d2i_PKCS8PrivateKey_bio.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_fp.3" + ln -sf "d2i_PKCS8PrivateKey_bio.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_bio.3" + ln -sf "d2i_PKCS8PrivateKey_bio.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_fp.3" + ln -sf "d2i_PKCS8_PRIV_KEY_INFO.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_PRIV_KEY_INFO_bio.3" + ln -sf "d2i_PKCS8_PRIV_KEY_INFO.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_PRIV_KEY_INFO_fp.3" + ln -sf "d2i_PKCS8_PRIV_KEY_INFO.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO.3" + ln -sf "d2i_PKCS8_PRIV_KEY_INFO.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO_bio.3" + ln -sf "d2i_PKCS8_PRIV_KEY_INFO.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO_fp.3" + ln -sf "d2i_PKEY_USAGE_PERIOD.3" "$(DESTDIR)$(mandir)/man3/i2d_PKEY_USAGE_PERIOD.3" + ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/d2i_CERTIFICATEPOLICIES.3" + ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/d2i_NOTICEREF.3" + ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/d2i_POLICYQUALINFO.3" + ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/d2i_USERNOTICE.3" + ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/i2d_CERTIFICATEPOLICIES.3" + ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/i2d_NOTICEREF.3" + ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/i2d_POLICYINFO.3" + ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/i2d_POLICYQUALINFO.3" + ln -sf "d2i_POLICYINFO.3" "$(DESTDIR)$(mandir)/man3/i2d_USERNOTICE.3" + ln -sf "d2i_PROXY_POLICY.3" "$(DESTDIR)$(mandir)/man3/d2i_PROXY_CERT_INFO_EXTENSION.3" + ln -sf "d2i_PROXY_POLICY.3" "$(DESTDIR)$(mandir)/man3/i2d_PROXY_CERT_INFO_EXTENSION.3" + ln -sf "d2i_PROXY_POLICY.3" "$(DESTDIR)$(mandir)/man3/i2d_PROXY_POLICY.3" + ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/d2i_AutoPrivateKey.3" + ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/d2i_PrivateKey_bio.3" + ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/d2i_PrivateKey_fp.3" + ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/d2i_PublicKey.3" + ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_bio.3" + ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_fp.3" + ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PrivateKey.3" + ln -sf "d2i_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/i2d_PublicKey.3" + ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_Netscape_RSA.3" + ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey.3" + ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey_bio.3" + ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey_fp.3" + ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSAPublicKey_bio.3" + ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSAPublicKey_fp.3" + ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSA_PSS_PARAMS.3" + ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY.3" + ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY_bio.3" + ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY_fp.3" + ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_Netscape_RSA.3" + ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey.3" + ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey_bio.3" + ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey_fp.3" + ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey.3" + ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey_bio.3" + ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey_fp.3" + ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSA_PSS_PARAMS.3" + ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY.3" + ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY_bio.3" + ln -sf "d2i_RSAPublicKey.3" "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY_fp.3" + ln -sf "d2i_SSL_SESSION.3" "$(DESTDIR)$(mandir)/man3/i2d_SSL_SESSION.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_ACCURACY.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT_bio.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT_fp.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_REQ_bio.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_REQ_fp.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP_bio.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP_fp.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_STATUS_INFO.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO_bio.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO_fp.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_ACCURACY.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT_bio.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT_fp.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ_bio.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ_fp.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP_bio.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP_fp.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_STATUS_INFO.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO_bio.3" + ln -sf "d2i_TS_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO_fp.3" + ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_AUX.3" + ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CERT_AUX.3" + ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CINF.3" + ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_VAL.3" + ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_bio.3" + ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_fp.3" + ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509.3" + ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_AUX.3" + ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CERT_AUX.3" + ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CINF.3" + ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_VAL.3" + ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_bio.3" + ln -sf "d2i_X509.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_fp.3" + ln -sf "d2i_X509_ALGOR.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_ALGOR.3" + ln -sf "d2i_X509_ATTRIBUTE.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_ATTRIBUTE.3" + ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_INFO.3" + ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_bio.3" + ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_fp.3" + ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_REVOKED.3" + ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL.3" + ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_INFO.3" + ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_bio.3" + ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_fp.3" + ln -sf "d2i_X509_CRL.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_REVOKED.3" + ln -sf "d2i_X509_EXTENSION.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_EXTENSIONS.3" + ln -sf "d2i_X509_EXTENSION.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_EXTENSION.3" + ln -sf "d2i_X509_EXTENSION.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_EXTENSIONS.3" + ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_dup.3" + ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_dup.3" + ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_get0_der.3" + ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/X509_NAME_hash.3" + ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_NAME_ENTRY.3" + ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_NAME.3" + ln -sf "d2i_X509_NAME.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_NAME_ENTRY.3" + ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_INFO.3" + ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_bio.3" + ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_fp.3" + ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ.3" + ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_INFO.3" + ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_bio.3" + ln -sf "d2i_X509_REQ.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_fp.3" + ln -sf "d2i_X509_SIG.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_bio.3" + ln -sf "d2i_X509_SIG.3" "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_fp.3" + ln -sf "d2i_X509_SIG.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_bio.3" + ln -sf "d2i_X509_SIG.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_fp.3" + ln -sf "d2i_X509_SIG.3" "$(DESTDIR)$(mandir)/man3/i2d_X509_SIG.3" + ln -sf "des_read_pw.3" "$(DESTDIR)$(mandir)/man3/EVP_read_pw_string.3" + ln -sf "des_read_pw.3" "$(DESTDIR)$(mandir)/man3/des_read_pw_string.3" + ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/BN_get_rfc2409_prime_1024.3" + ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/BN_get_rfc2409_prime_768.3" + ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_1536.3" + ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_2048.3" + ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_3072.3" + ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_4096.3" + ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_6144.3" + ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_8192.3" + ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc2409_prime_1024.3" + ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc2409_prime_768.3" + ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_1536.3" + ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_2048.3" + ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_3072.3" + ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_4096.3" + ln -sf "get_rfc3526_prime_8192.3" "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_6144.3" + ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/DECLARE_LHASH_OF.3" + ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/LHASH_COMP_FN_TYPE.3" + ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/LHASH_DOALL_ARG_FN_TYPE.3" + ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/LHASH_DOALL_FN_TYPE.3" + ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/LHASH_HASH_FN_TYPE.3" + ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_delete.3" + ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_doall.3" + ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_doall_arg.3" + ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_error.3" + ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_free.3" + ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_insert.3" + ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_new.3" + ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_<type>_retrieve.3" + ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_delete.3" + ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_doall.3" + ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_doall_arg.3" + ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_error.3" + ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_free.3" + ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_insert.3" + ln -sf "lh_new.3" "$(DESTDIR)$(mandir)/man3/lh_retrieve.3" + ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_stats.3" + ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_stats_bio.3" + ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats.3" + ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats_bio.3" + ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_stats_bio.3" + ln -sf "tls_accept_socket.3" "$(DESTDIR)$(mandir)/man3/tls_accept_cbs.3" + ln -sf "tls_accept_socket.3" "$(DESTDIR)$(mandir)/man3/tls_accept_fds.3" + ln -sf "tls_client.3" "$(DESTDIR)$(mandir)/man3/tls_configure.3" + ln -sf "tls_client.3" "$(DESTDIR)$(mandir)/man3/tls_free.3" + ln -sf "tls_client.3" "$(DESTDIR)$(mandir)/man3/tls_reset.3" + ln -sf "tls_client.3" "$(DESTDIR)$(mandir)/man3/tls_server.3" + ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_parse_protocols.3" + ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_client.3" + ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_server.3" + ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_alpn.3" + ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ciphers.3" + ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_dheparams.3" + ln -sf "tls_config_set_protocols.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ecdhecurves.3" + ln -sf "tls_config_set_session_id.3" "$(DESTDIR)$(mandir)/man3/tls_config_add_ticket_key.3" + ln -sf "tls_config_set_session_id.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_session_fd.3" + ln -sf "tls_config_set_session_id.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_session_lifetime.3" + ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifycert.3" + ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifyname.3" + ln -sf "tls_config_verify.3" "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifytime.3" + ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_alpn_selected.3" + ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_cipher.3" + ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_cipher_strength.3" + ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_servername.3" + ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_conn_session_resumed.3" + ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_chain_pem.3" + ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_contains_name.3" + ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_hash.3" + ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_issuer.3" + ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notafter.3" + ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notbefore.3" + ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_provided.3" + ln -sf "tls_conn_version.3" "$(DESTDIR)$(mandir)/man3/tls_peer_cert_subject.3" + ln -sf "tls_connect.3" "$(DESTDIR)$(mandir)/man3/tls_connect_cbs.3" + ln -sf "tls_connect.3" "$(DESTDIR)$(mandir)/man3/tls_connect_fds.3" + ln -sf "tls_connect.3" "$(DESTDIR)$(mandir)/man3/tls_connect_servername.3" + ln -sf "tls_connect.3" "$(DESTDIR)$(mandir)/man3/tls_connect_socket.3" + ln -sf "tls_init.3" "$(DESTDIR)$(mandir)/man3/tls_config_error.3" + ln -sf "tls_init.3" "$(DESTDIR)$(mandir)/man3/tls_config_free.3" + ln -sf "tls_init.3" "$(DESTDIR)$(mandir)/man3/tls_config_new.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_file.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_mem.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_ocsp_file.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_ocsp_mem.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_clear_keys.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_file.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_mem.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_path.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_cert_file.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_cert_mem.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_crl_file.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_crl_mem.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_key_file.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_key_mem.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_file.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_mem.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_ocsp_file.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_ocsp_mem.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ocsp_staple_file.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_ocsp_staple_mem.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_set_verify_depth.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_verify_client.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_config_verify_client_optional.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_default_ca_cert_file.3" + ln -sf "tls_load_file.3" "$(DESTDIR)$(mandir)/man3/tls_unload_file.3" + ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_cert_status.3" + ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_crl_reason.3" + ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_next_update.3" + ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_response_status.3" + ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_result.3" + ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_revocation_time.3" + ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_this_update.3" + ln -sf "tls_ocsp_process_response.3" "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_url.3" + ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_close.3" + ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_error.3" + ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_handshake.3" + ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_reset.3" + ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_write.3" + +uninstall-local: + -rm -f "$(DESTDIR)$(mandir)/man3/ACCESS_DESCRIPTION_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/AUTHORITY_INFO_ACCESS_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/AUTHORITY_INFO_ACCESS_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/AES_cbc_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/AES_decrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/AES_set_decrypt_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/AES_set_encrypt_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_get.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_set.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_to_BN.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_set.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_to_BN.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_to_ASN1_ENUMERATED.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_to_ASN1_INTEGER.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2a_ASN1_INTEGER.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OBJECT_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_cleanup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_TABLE_get.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_cmp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_set.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_cmp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_get0_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_length_set.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_set.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_to_UTF8.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_type.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BIT_STRING_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BMPSTRING_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_BMPSTRING_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_ENUMERATED_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALSTRING_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALSTRING_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_IA5STRING_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_IA5STRING_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_INTEGER_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_OCTET_STRING_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLESTRING_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLESTRING_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLE_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_PRINTABLE_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_type_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_T61STRING_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_T61STRING_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UNIVERSALSTRING_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UNIVERSALSTRING_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTF8STRING_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTF8STRING_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_VISIBLESTRING_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_VISIBLESTRING_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DIRECTORYSTRING_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DIRECTORYSTRING_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DISPLAYTEXT_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DISPLAYTEXT_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_print.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_STRING_print_ex_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_tag2str.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_adj.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_check.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_print.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_set.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_GENERALIZEDTIME_set_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_adj.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_check.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_print.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_to_generalizedtime.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_adj.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_check.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_cmp_time_t.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_print.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_set.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_UTCTIME_set_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_cmp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TYPE_set1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_generate_v3.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_d2i_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_print.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TYPE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TYPE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_put_eoc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_TIME_set_tm.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_time_tm_cmp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/AUTHORITY_KEYID_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BASIC_CONSTRAINTS_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BF_cbc_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BF_cfb64_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BF_decrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BF_ecb_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BF_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BF_ofb64_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BF_options.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_callback_ctrl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_ctrl_pending.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_ctrl_wpending.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_eof.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_flush.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_close.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_info_callback.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_int_ctrl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_pending.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_ptr_ctrl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_reset.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_seek.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_close.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_info_callback.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_tell.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_wpending.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bio_info_cb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_buffer_num_lines.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_read_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_buffer_size.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_read_buffer_size.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_write_buffer_size.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_cipher_ctx.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_cipher_status.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_cipher.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_md.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_md_ctx.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_md.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_do_handshake.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_num_renegotiates.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_ssl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_buffer_ssl_connect.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_ssl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_ssl_connect.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_ssl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_mode.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_bytes.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_ssl_renegotiate_timeout.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_ssl_copy_session_id.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_ssl_shutdown.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_method_type.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_next.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_shutdown.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_shutdown.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECDH_get_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECDH_get_ex_new_index.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECDH_set_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_get_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_get_ex_new_index.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_set_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_ex_new_index.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ex_new_index.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TYPE_get_ex_new_index.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TYPE_set_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_get_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_get_ex_new_index.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_set_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ex_new_index.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_set_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_new_index.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_get_callback_ctrl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_get_create.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_get_ctrl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_get_destroy.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_get_gets.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_get_puts.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_get_read.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_get_write.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_set_callback_ctrl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_set_create.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_set_ctrl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_set_destroy.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_set_gets.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_set_puts.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_set_read.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_meth_set_write.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_free_all.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_up_ref.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_vfree.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_snprintf.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_vprintf.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_vsnprintf.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_pop.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_gets.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_puts.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_write.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_do_accept.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_accept_port.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_bind_mode.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_accept.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_accept_bios.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_accept_port.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_bind_mode.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_nbio_accept.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_ctrl_get_read_request.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_ctrl_get_write_guarantee.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_ctrl_reset_read_request.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_destroy_bio_pair.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_read_request.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_write_buf_size.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_write_guarantee.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_make_bio_pair.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_bio_pair.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_write_buf_size.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_shutdown_wr.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_do_connect.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_conn_hostname.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_conn_int_port.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_conn_ip.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_conn_port.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_connect.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_conn_hostname.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_conn_int_port.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_conn_ip.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_conn_port.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_nbio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_fd.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_fd.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_fd.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_append_filename.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_read_filename.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_rw_filename.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_write_filename.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_mem_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_mem_ptr.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_mem_buf.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_mem_buf.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_mem_eof_return.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_new_socket.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_callback_fn.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_debug_callback.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_callback.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_callback_arg.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_callback_arg.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_retry_BIO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_retry_reason.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_retry_type.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_should_io_special.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_should_read.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BIO_should_write.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_convert.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_convert_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_create_param.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_get_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_get_thread_id.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_invert.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_invert_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_set_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_set_thread_id.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_thread_id.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_update.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_CTX_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_CTX_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_CTX_end.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_CTX_get.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_div.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_exp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_gcd.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_add.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_exp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_mul.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_sqr.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_sub.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_mul.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_nnmod.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_sqr.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_sub.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_div_word.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_mod_word.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_mul_word.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_sub_word.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_asc2bn.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_bin2bn.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_bn2dec.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_bn2hex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_bn2mpi.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_dec2bn.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_hex2bn.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_mpi2bn.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_print.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_print_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_is_odd.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_is_one.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_is_word.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_is_zero.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_ucmp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_with_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_GENCB_call.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_GENCB_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_GENCB_get_arg.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_GENCB_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_GENCB_set.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_GENCB_set_old.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_generate_prime_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_is_prime.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_is_prime_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_192.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_224.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_256.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_384.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_copy.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_from_montgomery.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_to_montgomery.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_RECP_CTX_set.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_div_recp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_clear.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_clear_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_num_bits.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_num_bits_word.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_pseudo_rand.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_pseudo_rand_range.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_rand_range.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_clear_bit.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_is_bit_set.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_lshift.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_lshift1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_mask_bits.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_rshift.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_rshift1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_get_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_is_negative.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_get_word.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_one.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_set_word.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_value_one.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BUF_MEM_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow_clean.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BUF_reverse.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BUF_strdup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_ContentInfo_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_ContentInfo_print_ctx.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_add0_crl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_add1_cert.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_add1_crl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_get1_certs.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_get1_crls.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_add0_recipient_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_SignerInfo_sign.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_decrypt_set1_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_decrypt_set1_pkey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_decrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_kekri_get0_id.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_kekri_id_cmp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_ktri_cert_cmp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_ktri_get0_signer_id.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_set0_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_set0_pkey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_RecipientInfo_type.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_SignerInfo_cert_cmp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_SignerInfo_get0_signature.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_SignerInfo_get0_signer_id.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_SignerInfo_set1_signer_cert.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_get0_content.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_get0_eContentType.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_set1_eContentType.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_create0.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_ReceiptRequest_get0_values.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_add1_ReceiptRequest.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CMS_get0_signers.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CONF_modules_finish.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CONF_modules_unload.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CONF_modules_load.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_MEM_LEAK_CB.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_ctrl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks_cb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_mem_leaks_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_set_mem_functions.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cmp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_cpy.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_current.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_THREADID_hash.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_add.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_r_lock.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_r_unlock.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_w_lock.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_w_unlock.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_free_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_get_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_get_ex_new_index.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_new_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_cbc_cksum.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_cfb64_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_cfb_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_crypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_ecb2_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_ecb3_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_ecb_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_ede2_cbc_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_ede2_cfb64_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_ede2_ofb64_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_ede3_cbc_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_ede3_cbcm_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_ede3_cfb64_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_ede3_ofb64_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_enc_read.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_enc_write.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_fcrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_is_weak_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_key_sched.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_ncbc_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_ofb64_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_ofb_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_pcbc_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_quad_cksum.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_random_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_set_key_checked.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_set_key_unchecked.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_set_odd_parity.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_string_to_2keys.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_string_to_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DES_xcbc_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DH_compute_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DH_check.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DH_generate_parameters_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DH_clear_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DH_get0_engine.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DH_get0_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DH_set0_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DH_set0_pqg.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DH_set_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DH_set_length.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DH_test_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DH_get_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DH_set_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DH_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DH_up_ref.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DH_OpenSSL.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DH_get_default_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DH_new_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DH_set_default_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DH_bits.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRL_DIST_POINTS_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRL_DIST_POINTS_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DIST_POINT_NAME_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DIST_POINT_NAME_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DIST_POINT_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ISSUING_DIST_POINT_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ISSUING_DIST_POINT_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_SIG_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_SIG_get0.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_SIG_set0.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_do_verify.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_generate_parameters_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_clear_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_get0_engine.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_get0_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_set0_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_set0_pqg.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_set_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_test_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_get_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_set_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_meth_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_meth_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_meth_set_finish.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_meth_set_sign.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_up_ref.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_OpenSSL.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_get_default_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_new_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_set_default_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_sign_setup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_verify.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECDH_size.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_OpenSSL.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_SIG_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_SIG_get0.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_SIG_set0.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_do_sign.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_do_sign_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_do_verify.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_get_default_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_set_default_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_set_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_sign.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_sign_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_sign_setup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_size.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_verify.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECDSA_SIG.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECDSA_SIG.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GF2m_simple_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_mont_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_nist_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp224_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp256_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp521_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_METHOD_get_field_type.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_check.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_check_discriminant.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_cmp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get0_generator.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get0_seed.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_asn1_flag.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_basis_type.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_cofactor.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_name.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_degree.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_order.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_pentanomial_basis.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_point_conversion_form.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_seed_len.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_trinomial_basis.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_method_of.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_asn1_flag.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_name.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_generator.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_point_conversion_form.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_seed.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_clear_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GF2m.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GFp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_by_curve_name.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GF2m.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GFp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GF2m.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GFp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_get_builtin_curves.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_get_compute_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_get_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_get_keygen.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_get_sign.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_get_verify.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_set_compute_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_set_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_set_keygen.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_set_sign.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_set_verify.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_OpenSSL.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_default_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_new_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_default_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_check_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_clear_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_copy.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_generate_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_group.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_private_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get0_public_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_conv_form.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_enc_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_key_method_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_insert_key_method_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_new_by_curve_name.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_precompute_mult.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_print.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_print_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_asn1_flag.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_conv_form.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_enc_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_group.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_private_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_set_public_key_affine_coordinates.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_up_ref.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_have_precompute_mult.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_precompute_mult.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_cmp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_dbl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_invert.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_is_at_infinity.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_is_on_curve.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_make_affine.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_mul.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINTs_make_affine.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINTs_mul.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_bn2point.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_clear_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_copy.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_get_Jprojective_coordinates_GFp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GF2m.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GFp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_hex2point.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_method_of.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_oct2point.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_point2bn.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_point2hex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_point2oct.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_Jprojective_coordinates_GFp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GF2m.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GFp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GF2m.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GFp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_to_infinity.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_by_id.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_cleanup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_first.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_id.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_last.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_name.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_next.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_prev.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_remove.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_id.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_name.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_CTRL_FUNC_PTR.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_cmd_is_executable.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_ctrl_cmd_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_cmd_defns.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ctrl_function.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_cmd_defns.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ctrl_function.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher_engine.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DH.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_DSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_ECDH.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_ECDSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_default_RAND.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest_engine.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_table_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_table_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_GEN_INT_FUNC_PTR.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_finish.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_finish_function.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_init_function.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_finish_function.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_init_function.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_GEN_INT_FUNC_PTR.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_destroy_function.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_destroy_function.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_up_ref.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_DH.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_DSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDH.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_ECDSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_RAND.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_STORE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_ciphers.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_complete.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_digests.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_builtin_engines.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_load_dynamic.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DH.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_DSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDH.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ECDSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_RAND.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_STORE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_ciphers.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_complete.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_register_all_digests.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_CIPHERS_PTR.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_DIGESTS_PTR.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_DH.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_DSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ECDH.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ECDSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_RAND.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_RSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_STORE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_cipher.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_ciphers.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_digest.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_digests.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_DH.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_DSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ECDH.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ECDSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_RAND.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_STORE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_ciphers.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_digests.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DH.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_DSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDH.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ECDSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RAND.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_RSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_ciphers.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_digests.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_set_default_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_get_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DH.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_DSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDH.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ECDSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_RAND.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_STORE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_ciphers.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_unregister_digests.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_FATAL_ERROR.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_GET_FUNC.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_GET_REASON.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_error_string_n.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_func_error_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_lib_error_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_reason_error_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_get_error_line.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_get_error_line_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_error.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_error_line.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_error_line_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_peek_last_error_line_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_free_strings.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_load_error_strings.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_PACK.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_get_next_error_library.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_print_errors_cb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_print_errors_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_add_error_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_add_error_vdata.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_remove_thread_state.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ERR_pop_to_mark.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ESS_CERT_ID_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ESS_CERT_ID_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ESS_ISSUER_SERIAL_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ESS_ISSUER_SERIAL_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ESS_SIGNING_CERT_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_cleanup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_open.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_CTX_seal.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_key_length.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_max_overhead.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_max_tag_len.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_AEAD_nonce_length.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aead_aes_128_gcm.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aead_aes_256_gcm.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aead_chacha20_poly1305.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aead_xchacha20_poly1305.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_Digest.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestFinal.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestFinal_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestInit_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestUpdate.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MAX_MD_SIZE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_block_size.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_cleanup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_copy_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_create.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_ctrl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_destroy.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_md.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_reset.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_size.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_CTX_type.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_block_size.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_pkey_type.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_size.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_MD_type.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_dss.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_dss1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyname.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_digestbynid.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_digestbyobj.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_md5.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_md5_sha1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_md_null.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_ripemd160.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha224.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha256.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha384.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha512.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestSignFinal.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestSignUpdate.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestVerifyFinal.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestVerifyUpdate.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecodeBlock.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecodeFinal.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecodeInit.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecodeUpdate.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_ENCODE_CTX_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_ENCODE_CTX_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncodeBlock.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncodeFinal.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncodeUpdate.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_block_size.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cipher.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_cleanup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_clear_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_ctrl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_get_app_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_get_iv.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_iv_length.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_key_length.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_mode.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_nid.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_rand_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_reset.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_app_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_iv.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_key_length.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_set_padding.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_test_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_CTX_type.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_asn1_to_param.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_block_size.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_iv_length.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_key_length.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_mode.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_nid.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_param_to_asn1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CIPHER_type.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_Cipher.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherFinal_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherInit.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherInit_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_CipherUpdate.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecryptFinal.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecryptFinal_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecryptInit.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecryptInit_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_DecryptUpdate.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncryptFinal.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncryptFinal_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncryptInit_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_EncryptUpdate.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_bf_cbc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_bf_cfb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_bf_cfb64.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_bf_ecb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_bf_ofb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_cast5_cbc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_cast5_cfb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_cast5_cfb64.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_cast5_ecb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_cast5_ofb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_chacha20.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_enc_null.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbyname.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbynid.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_get_cipherbyobj.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_idea_cbc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_idea_cfb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_idea_cfb64.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_idea_ecb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_idea_ofb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_40_cbc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_64_cbc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_cbc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_cfb64.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_ecb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc2_ofb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_OpenFinal.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_OpenUpdate.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_ctrl_str.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get0_ecdh_kdf_ukm.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get1_id.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get1_id_len.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_cofactor_mode.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_md.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_outlen.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_ecdh_kdf_type.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_signature_md.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set0_ecdh_kdf_ukm.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set1_id.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_generator.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dh_paramgen_prime_len.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_dsa_paramgen_bits.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_param_enc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ec_paramgen_curve_nid.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_cofactor_mode.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_md.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_outlen.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_ecdh_kdf_type.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_signature_md.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_new_id.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_find_str.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_get0_info.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_asn1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_add0.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_add_alias.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_copy.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_ctrl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_param.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_private.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_asn1_set_public.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_cmp_parameters.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_copy_parameters.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_missing_parameters.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_decrypt_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_derive_set_peer.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_encrypt_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_app_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_cb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_keygen_info.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_app_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_cb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_gen_cb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_keygen_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_paramgen_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_add0.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_copy.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_find.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_cleanup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_copy.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_ctrl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_decrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_derive.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_encrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_keygen.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_paramgen.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_sign.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_signctx.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_verify.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_verify_recover.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_meth_set_verifyctx.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_new_mac_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_up_ref.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_print_params.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_print_public.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DH.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_DSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_EC_KEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_GOST.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_assign_RSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_base_id.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_DH.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_DSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_EC_KEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_RSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get0_hmac.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DH.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_DSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_EC_KEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_get1_RSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_id.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DH.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_DSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set1_EC_KEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_set_type.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_type.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_sign_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_verify_recover_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_SealFinal.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_SealUpdate.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_bits.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_size.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_SignFinal.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_SignInit_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_SignUpdate.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_VerifyFinal.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_VerifyInit_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_VerifyUpdate.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cbc_hmac_sha1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ccm.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb128.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_cfb8.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ctr.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ecb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_gcm.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_ofb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_wrap.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_128_xts.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cbc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ccm.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cfb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cfb1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cfb128.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_cfb8.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ctr.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ecb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_gcm.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_ofb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_192_wrap.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cbc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cbc_hmac_sha1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ccm.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cfb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cfb1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cfb128.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_cfb8.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ctr.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ecb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_gcm.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_ofb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_wrap.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_aes_256_xts.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_cfb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_cfb1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_cfb128.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_cfb8.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_ecb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_128_ofb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_cbc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_cfb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_cfb1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_cfb128.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_cfb8.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_ecb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_192_ofb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_cbc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_cfb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_cfb1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_cfb128.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_cfb8.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_ecb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_camellia_256_ofb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_cfb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_cfb1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_cfb64.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_cfb8.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ecb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cbc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb64.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_cfb8.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_ecb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede3_ofb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede_cbc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede_cfb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede_cfb64.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede_ecb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ede_ofb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_des_ofb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_desx_cbc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc4_40.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_rc4_hmac_md5.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_sm4_cfb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_sm4_cfb128.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_sm4_ctr.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_sm4_ecb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_sm4_ofb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EXTENDED_KEY_USAGE_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EDIPARTYNAME_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EDIPARTYNAME_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_NAMES_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_NAMES_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_NAME_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OTHERNAME_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OTHERNAME_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_cleanup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_copy.3" + -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_get_md.3" + -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_reset.3" + -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_CTX_set_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_Final.3" + -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_Init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_Init_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_Update.3" + -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_cleanup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/HMAC_size.3" + -rm -f "$(DESTDIR)$(mandir)/man3/MD4.3" + -rm -f "$(DESTDIR)$(mandir)/man3/MD4_Final.3" + -rm -f "$(DESTDIR)$(mandir)/man3/MD4_Init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/MD4_Update.3" + -rm -f "$(DESTDIR)$(mandir)/man3/MD5_Final.3" + -rm -f "$(DESTDIR)$(mandir)/man3/MD5_Init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/MD5_Update.3" + -rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/GENERAL_SUBTREE_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/NAME_CONSTRAINTS_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_cleanup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_cmp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_create.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_ln2nid.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_nid2ln.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_nid2sn.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_obj2nid.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_obj2txt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_sn2nid.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_txt2nid.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OBJ_txt2obj.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2t_ASN1_OBJECT.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_CRLID_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_ONEREQ_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_ONEREQ_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQINFO_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQINFO_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQUEST_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_SIGNATURE_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_SIGNATURE_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_request_add0_id.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_request_add1_cert.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_request_onereq_count.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_request_onereq_get0.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_request_sign.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_SERVICELOC_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_url_svcloc_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_CERTID_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_CERTID_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_cert_id_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_id_cmp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_id_get0_info.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_id_issuer_cmp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_basic_add1_nonce.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_check_nonce.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_copy_nonce.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_CERTSTATUS_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_CERTSTATUS_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REVOKEDINFO_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REVOKEDINFO_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_SINGLERESP_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_SINGLERESP_get0_id.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_SINGLERESP_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_basic_verify.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_cert_status_str.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_check_validity.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_resp_count.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_resp_find.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_resp_get0.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_single_get0_status.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_BASICRESP_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_BASICRESP_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPBYTES_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPBYTES_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPDATA_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPDATA_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPID_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPID_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPONSE_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_RESPONSE_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_basic_sign.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_response_create.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_response_get1_basic.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_response_status_str.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_add1_header.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_REQ_CTX_set1_req.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_parse_url.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_sendreq_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OCSP_sendreq_nbio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/LIBRESSL_VERSION_NUMBER.3" + -rm -f "$(DESTDIR)$(mandir)/man3/LIBRESSL_VERSION_TEXT.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_VERSION_TEXT.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OpenSSL_version.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OpenSSL_version_num.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSLeay.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSLeay_version.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_no_config.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ASN1_add_oid_module.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_add_conf_module.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_malloc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_realloc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_strdup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_realloc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OPENSSL_strdup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/sk_delete.3" + -rm -f "$(DESTDIR)$(mandir)/man3/sk_delete_ptr.3" + -rm -f "$(DESTDIR)$(mandir)/man3/sk_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/sk_find.3" + -rm -f "$(DESTDIR)$(mandir)/man3/sk_find_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/sk_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/sk_insert.3" + -rm -f "$(DESTDIR)$(mandir)/man3/sk_is_sorted.3" + -rm -f "$(DESTDIR)$(mandir)/man3/sk_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/sk_new_null.3" + -rm -f "$(DESTDIR)$(mandir)/man3/sk_num.3" + -rm -f "$(DESTDIR)$(mandir)/man3/sk_pop.3" + -rm -f "$(DESTDIR)$(mandir)/man3/sk_pop_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/sk_push.3" + -rm -f "$(DESTDIR)$(mandir)/man3/sk_set.3" + -rm -f "$(DESTDIR)$(mandir)/man3/sk_set_cmp_func.3" + -rm -f "$(DESTDIR)$(mandir)/man3/sk_shift.3" + -rm -f "$(DESTDIR)$(mandir)/man3/sk_sort.3" + -rm -f "$(DESTDIR)$(mandir)/man3/sk_unshift.3" + -rm -f "$(DESTDIR)$(mandir)/man3/sk_value.3" + -rm -f "$(DESTDIR)$(mandir)/man3/sk_zero.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_cleanup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OpenSSL_add_all_ciphers.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OpenSSL_add_all_digests.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_do_header.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_get_EVP_CIPHER_INFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_SSL_SESSION.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_SSL_SESSION.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_SSL_SESSION.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_CMS.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DHparams.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSAPrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSA_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_DSAparams.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_ECPKParameters.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_ECPrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_EC_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_NETSCAPE_CERT_SEQUENCE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS7.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8_PRIV_KEY_INFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSAPublicKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_RSA_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_AUX.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_CRL.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_X509_REQ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_CMS.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DHparams.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAPrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSA_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_DSAparams.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPKParameters.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_EC_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS7.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8_PRIV_KEY_INFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSAPublicKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_RSA_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_AUX.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_CRL.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_X509_REQ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_CMS.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DHparams.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSAPrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSA_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_DSAparams.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_ECPKParameters.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_ECPrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_EC_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_NETSCAPE_CERT_SEQUENCE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS7.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey_nid.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8_PRIV_KEY_INFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_RSAPublicKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_RSA_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_AUX.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_CRL.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_X509_REQ_NEW.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_CMS.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DHparams.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAPrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSA_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_DSAparams.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPKParameters.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_EC_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_NETSCAPE_CERT_SEQUENCE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS7.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey_nid.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8_PRIV_KEY_INFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSAPublicKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_RSA_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_AUX.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_CRL.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_X509_REQ_NEW.3" + -rm -f "$(DESTDIR)$(mandir)/man3/pem_password_cb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_BAGS_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_BAGS_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_SAFEBAG_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_MAC_DATA_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_MAC_DATA_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS12_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS5_PBKDF2_HMAC_SHA1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_DIGEST_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_DIGEST_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENCRYPT_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENCRYPT_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENC_CONTENT_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENC_CONTENT_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENVELOPE_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ENVELOPE_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_RECIP_INFO_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_RECIP_INFO_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNED_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNED_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNER_INFO_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGNER_INFO_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGN_ENVELOPE_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_SIGN_ENVELOPE_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_content_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_set0_type_other.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_get0_signers.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS8_PRIV_KEY_INFO_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKEY_USAGE_PERIOD_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CERTIFICATEPOLICIES_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/NOTICEREF_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/NOTICEREF_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/POLICYINFO_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/POLICYQUALINFO_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/POLICYQUALINFO_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/POLICY_CONSTRAINTS_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/POLICY_CONSTRAINTS_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/POLICY_MAPPING_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/POLICY_MAPPING_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/USERNOTICE_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/USERNOTICE_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PROXY_CERT_INFO_EXTENSION_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PROXY_CERT_INFO_EXTENSION_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PROXY_POLICY_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RAND_cleanup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RAND_poll.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RAND_seed.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RAND_status.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RAND_pseudo_bytes.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RAND_file_name.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RAND_write_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RAND_SSLeay.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RAND_get_rand_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RC4_set_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RIPEMD160_Final.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RIPEMD160_Init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RIPEMD160_Update.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_PSS_PARAMS_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_blinding_off.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_generate_key_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_clear_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_get0_crt_params.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_get0_factors.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_set0_crt_params.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_set0_factors.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_set0_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_set_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_test_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/CRYPTO_EX_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_get_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_set_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get0_app_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get0_name.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_bn_mod_exp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_finish.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_keygen.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_mod_exp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_priv_dec.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_priv_enc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_pub_dec.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_pub_enc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_sign.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_get_verify.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set0_app_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set1_name.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_bn_mod_exp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_finish.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_keygen.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_mod_exp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_priv_dec.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_priv_enc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_pub_dec.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_pub_enc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_sign.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_meth_set_verify.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSAPrivateKey_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSAPublicKey_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_up_ref.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_OAEP.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_PKCS1_type_2.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_add_none.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_OAEP.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_PKCS1_type_2.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_padding_check_none.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get0_rsa_oaep_label.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_mgf1_md.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_oaep_md.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_padding.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_get_rsa_pss_saltlen.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set0_rsa_oaep_label.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_bits.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_keygen_pubexp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_mgf1_md.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_oaep_md.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_padding.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_PKEY_CTX_set_rsa_pss_saltlen.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DHparams_print.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DHparams_print_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_print.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSA_print_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSAparams_print.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSAparams_print_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_print_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_public_decrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_private_decrypt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_PKCS1_SSLeay.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_get_default_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_get_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_new_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_set_default_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_verify.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_verify_ASN1_OCTET_STRING.3" + -rm -f "$(DESTDIR)$(mandir)/man3/RSA_bits.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SHA1_Final.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SHA1_Init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SHA1_Update.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SHA224.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SHA224_Final.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SHA224_Init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SHA224_Update.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SHA256.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SHA256_Final.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SHA256_Init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SHA256_Update.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SHA384.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SHA384_Final.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SHA384_Init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SHA384_Update.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SHA512.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SHA512_Final.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SHA512_Init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SHA512_Update.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_description.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_auth_nid.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_bits.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_cipher_nid.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_digest_nid.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_id.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_kx_nid.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_get_version.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CIPHER_is_aead.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_COMP_get_compression_methods.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_add0_chain_cert.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_chain_certs.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get0_chain_certs.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set0_chain.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_chain.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_add0_chain_cert.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_add1_chain_cert.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_chain_certs.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get0_chain_certs.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set0_chain.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set1_chain.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_extra_chain_certs.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_extra_chain_certs.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_extra_chain_certs_only.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_remove_session.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_callback_ctrl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_callback_ctrl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_ctrl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_callback.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_verify_depth.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_verify_callback.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_verify_depth.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_verify_mode.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_default_verify_paths.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DTLS_client_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DTLS_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DTLS_server_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DTLSv1_client_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DTLSv1_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DTLSv1_server_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_up_ref.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSLv23_client_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSLv23_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSLv23_server_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TLS_client_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TLS_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TLS_server_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_1_client_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_1_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_1_server_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_2_client_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_2_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_2_server_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_client_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TLSv1_server_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_good.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_accept_renegotiate.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cache_full.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_cb_hits.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_good.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_connect_renegotiate.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_hits.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_misses.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_timeouts.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_cache_size.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_get_cb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_new_cb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_get_remove_cb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_new_cb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_sess_set_remove_cb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/get_session_cb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/new_session_cb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/remove_session_cb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_curves.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_curves_list.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_groups_list.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set1_curves.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set1_curves_list.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set1_groups.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set1_groups_list.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_alpn_protos.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get0_alpn_selected.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_select_next_proto.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_alpn_protos.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_cert_store.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_cipher_list.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_add_client_CA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_add_client_CA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_client_CA_list.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_cert_cb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/client_cert_cb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_default_passwd_cb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_default_passwd_cb_userdata.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_default_passwd_cb_userdata.3" + -rm -f "$(DESTDIR)$(mandir)/man3/pem_password_cb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/GEN_SESSION_CB.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_has_matching_session_id.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_generate_session_id.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_info_callback.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_info_callback.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_info_callback.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_cert_list.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_max_cert_list.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_max_cert_list.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_proto_version.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_min_proto_version.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_proto_version.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_max_proto_version.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_min_proto_version.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_max_proto_version.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_min_proto_version.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_mode.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_mode.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_mode.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_mode.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_mode.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_msg_callback_arg.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_msg_callback_arg.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_clear_options.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_options.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_options.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_options.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_secure_renegotiation_support.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_options.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_quiet_shutdown.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_quiet_shutdown.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_quiet_shutdown.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_default_read_ahead.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_read_ahead.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_read_ahead.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_read_ahead.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_session_cache_mode.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_session_id_context.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_ssl_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_ssl_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_timeout.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tlsext_servername_arg.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_servername.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_servername_type.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_host_name.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_tlsext_status_arg.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_tlsext_status_cb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tlsext_status_arg.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_tlsext_status_ocsp_resp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_status_ocsp_resp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_status_type.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_selected_srtp_profile.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_srtp_profiles.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tlsext_use_srtp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_dh.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_dh_callback.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_need_tmp_RSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_rsa.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_need_tmp_RSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_rsa_callback.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_verify_depth.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_verify.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_verify_depth.3" + -rm -f "$(DESTDIR)$(mandir)/man3/verify_callback.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_check_private_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_ASN1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_PrivateKey_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_ASN1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_RSAPrivateKey_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_ASN1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_chain_mem.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_use_certificate_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_check_private_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_ASN1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_PrivateKey_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_ASN1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_RSAPrivateKey_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_certificate.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_certificate_ASN1.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_use_certificate_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_up_ref.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set1_id.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_timeout.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_time.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_timeout.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_time.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_timeout.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_time.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_timeout.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_ticket_lifetime_hint.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_print_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get0_id_context.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_alert_desc_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_alert_desc_string_long.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_alert_type_string_long.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_privatekey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_ciphers.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get1_supported_ciphers.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_list.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_client_ciphers.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_client_CA_list.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_master_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_server_random.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_cipher.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_bits.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_name.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_cipher_version.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_rfd.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_wfd.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_wbio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get0_session.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get1_session.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_in_accept_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_in_before.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_in_connect_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_in_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_is_init_finished.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_state.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_version.3" + -rm -f "$(DESTDIR)$(mandir)/man3/OpenSSL_add_ssl_algorithms.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSLeay_add_ssl_algorithms.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_add_dir_cert_subjects_to_stack.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_add_file_cert_subjects_to_stack.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_up_ref.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_num_renegotiations.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_total_renegotiations.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_peek.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_abbreviated.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_pending.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_rstate_string_long.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get0_param.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set1_param.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get0_param.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_is_server.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_accept_state.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_rfd.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_wfd.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_send_fragment.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_shutdown.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_ecdh_auto.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_ecdh.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_tmp_ecdh_callback.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_ecdh_auto.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_tmp_ecdh_callback.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_state_string_long.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_want_nothing.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_want_read.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_want_write.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SSL_want_x509_lookup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SXNETID_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SXNETID_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/SXNET_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_SXNET.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_SXNETID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_SXNET.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_SXNETID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TS_ACCURACY_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TS_ACCURACY_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TS_MSG_IMPRINT_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TS_MSG_IMPRINT_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TS_REQ_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TS_RESP_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TS_RESP_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TS_STATUS_INFO_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TS_STATUS_INFO_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TS_TST_INFO_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/TS_TST_INFO_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_UTIL_read_pw_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_destroy_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_closer.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_flusher.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_opener.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_prompt_constructor.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_reader.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_method_get_writer.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_closer.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_flusher.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_opener.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_prompt_constructor.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_reader.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_method_set_writer.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_action_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_output_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_result_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_test_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_get_input_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_get_result_maxsize.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_get_result_minsize.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_set_result.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_OpenSSL.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_add_error_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_add_info_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_add_input_boolean.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_add_input_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_add_user_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_add_verify_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_construct_prompt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_ctrl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_dup_error_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_dup_info_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_dup_input_boolean.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_dup_input_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_dup_verify_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_result.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_get0_user_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_get_default_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_get_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_new_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_process.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_set_default_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/UI_set_method.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X25519_keypair.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509V3_EXT_d2i.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509V3_EXT_i2d.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509V3_add1_i2d.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_add1_ext_i2d.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_extensions.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_d2i.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_add1_ext_i2d.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get0_extensions.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_d2i.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_add1_ext_i2d.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_get0_extensions.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext_d2i.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_cmp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_get0.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set0.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_ALGOR_set_md.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_ATTRIBUTE_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CERT_AUX_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CINF_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VAL_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VAL_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_add0_revoked.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_by_cert.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_REVOKED.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_sort.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_INFO_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_INFO_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_up_ref.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_NID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_create_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_critical.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_get_object.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_set_critical.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_EXTENSION_set_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_INFO_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_LOOKUP_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_load_cert_crl_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_load_cert_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_load_crl_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_NID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_create_by_txt.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_get_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_set_object.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_NID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_add_entry_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_delete_entry.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_entry_count.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_get_entry.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_get_index_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_NID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_get_text_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_oneline.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_print.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_print_ex_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_free_contents.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_get0_X509_CRL.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_get_type.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_idx_by_subject.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_retrieve_by_subject.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_retrieve_match.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_OBJECT_up_ref_count.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get0.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_get0_param.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_set.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_PUBKEY_set0_param.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PUBKEY_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PUBKEY_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_INFO_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get0_revocationDate.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get0_serialNumber.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_revocationDate.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_set_serialNumber.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_SIG_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_cert.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_chain.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get1_chain.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_current_cert.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_error_depth.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_error.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_verify_cert_error_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_cleanup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_param.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_store.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_untrusted.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_init.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_crls.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_param.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_trusted_stack.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_untrusted.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_cert.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_chain.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_default.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_trusted_stack.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_default_paths.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_up_ref.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_add_cert.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_add_crl.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_objects.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get0_param.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_get_ex_new_index.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_depth.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_ex_data.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_purpose.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_trust.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_set_verify_cb.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_policy.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add0_table.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_add1_host.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_clear_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0_name.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get0_peername.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_count.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_depth.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_get_flags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_lookup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_email.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_host.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_ip.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_ip_asc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_name.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set1_policies.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_depth.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_hostflags.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_purpose.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_time.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_set_trust.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_VERIFY_PARAM_table_cleanup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_check_email.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_check_ip.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_check_ip_asc.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_check_private_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_cmp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_match.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_cmp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_issuer_and_serial_cmp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_issuer_name_cmp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_subject_name_cmp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_cmp_current_time.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_time_adj.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_time_adj_ex.3" + -rm -f "$(DESTDIR)$(mandir)/man3/PKCS7_ISSUER_AND_SERIAL_digest.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_digest.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_digest.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_digest.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_pubkey_digest.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_lastUpdate.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_nextUpdate.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_set1_lastUpdate.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_set1_nextUpdate.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_get0_notAfter.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_getm_notAfter.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_getm_notBefore.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_set1_notAfter.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_set1_notBefore.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get0_signature.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_signature_nid.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get0_signature.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_signature_nid.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_get0_tbs_sigalg.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_get_signature_nid.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_email_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_get1_ocsp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_pubkey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_set_pubkey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_get0_pubkey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_get_X509_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_set_pubkey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_set_serialNumber.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_issuer.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_set_issuer_name.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_subject_name.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_set_subject_name.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_get_issuer_name.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_set_issuer_name.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_set_subject_name.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_version.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_set_version.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_get_version.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_set_version.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_set_version.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_chain_up_ref.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_up_ref.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_sign.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_sign_ctx.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_verify.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_sign.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_sign_ctx.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REQ_verify.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_sign_ctx.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_verify.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_add_ext.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_delete_ext.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_NID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_by_critical.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_CRL_get_ext_count.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_add_ext.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_delete_ext.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_NID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_by_critical.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_REVOKED_get_ext_count.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_add_ext.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_delete_ext.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_NID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext_by_critical.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_get_ext_count.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509v3_add_ext.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509v3_delete_ext.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509v3_get_ext.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_by_OBJ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_by_critical.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509v3_get_ext_count.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_add_words.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_check_top.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_cmp_words.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_div_words.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_expand.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_expand2.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_fix_top.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_add_words.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_comba4.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_comba8.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_high.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_low_normal.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_low_recursive.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_normal.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_part_recursive.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_recursive.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_mul_words.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_set_high.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_set_low.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_set_max.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_comba4.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_comba8.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_normal.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_recursive.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_sqr_words.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_sub_words.3" + -rm -f "$(DESTDIR)$(mandir)/man3/bn_wexpand.3" + -rm -f "$(DESTDIR)$(mandir)/man3/mul.3" + -rm -f "$(DESTDIR)$(mandir)/man3/mul_add.3" + -rm -f "$(DESTDIR)$(mandir)/man3/sqr.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_NULL.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_OBJECT.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_BIT_STRING.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_BMPSTRING.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_ENUMERATED.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_GENERALIZEDTIME.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_GENERALSTRING.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_IA5STRING.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_INTEGER.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_PRINTABLE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_PRINTABLESTRING.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_T61STRING.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TIME.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UINTEGER.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UNIVERSALSTRING.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UTCTIME.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_UTF8STRING.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_VISIBLESTRING.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_DIRECTORYSTRING.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_DISPLAYTEXT.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_BIT_STRING.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_BMPSTRING.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_ENUMERATED.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_GENERALIZEDTIME.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_GENERALSTRING.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_IA5STRING.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_INTEGER.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_OCTET_STRING.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_PRINTABLE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_PRINTABLESTRING.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_T61STRING.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TIME.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UNIVERSALSTRING.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UTCTIME.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_UTF8STRING.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_VISIBLESTRING.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_DIRECTORYSTRING.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_DISPLAYTEXT.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_SET_ANY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_SEQUENCE_ANY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_SET_ANY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_AUTHORITY_KEYID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_EXTENDED_KEY_USAGE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_BASIC_CONSTRAINTS.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_EXTENDED_KEY_USAGE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_CMS_ReceiptRequest.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_CMS_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_CMS_ContentInfo.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_CMS_ReceiptRequest.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_CMS_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_DHparams.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ACCESS_DESCRIPTION.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_AUTHORITY_INFO_ACCESS.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_CRL_DIST_POINTS.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_DIST_POINT_NAME.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ISSUING_DIST_POINT.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ACCESS_DESCRIPTION.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_AUTHORITY_INFO_ACCESS.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_CRL_DIST_POINTS.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_DIST_POINT.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_DIST_POINT_NAME.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ISSUING_DIST_POINT.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DSAparams_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSAPrivateKey_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSA_PUBKEY_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSA_SIG.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSAparams.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSAparams_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_DSAparams_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAPrivateKey_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAPublicKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSA_PUBKEY_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSA_SIG.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAparams.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAparams_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_DSAparams_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECPKParameters_print.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECPKParameters_print_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECParameters_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECParameters_print.3" + -rm -f "$(DESTDIR)$(mandir)/man3/ECParameters_print_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECPKParameters_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECParameters.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECPrivateKey_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_EC_PUBKEY_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPKParameters_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECParameters.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECPrivateKey_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_EC_PUBKEY_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2o_ECPublicKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/o2i_ECPublicKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ESS_CERT_ID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_ESS_ISSUER_SERIAL.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ESS_CERT_ID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ESS_ISSUER_SERIAL.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_ESS_SIGNING_CERT.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_EDIPARTYNAME.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_GENERAL_NAMES.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_OTHERNAME.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_EDIPARTYNAME.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_GENERAL_NAME.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_GENERAL_NAMES.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_OTHERNAME.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CERTID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_ONEREQ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_REQINFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SERVICELOC.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SIGNATURE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CERTID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_ONEREQ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REQINFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REQUEST.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SERVICELOC.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SIGNATURE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_BASICRESP.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CERTSTATUS.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_CRLID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPBYTES.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPDATA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_RESPID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_REVOKEDINFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_OCSP_SINGLERESP.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_BASICRESP.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CERTSTATUS.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_CRLID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPBYTES.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPDATA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPID.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_RESPONSE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_REVOKEDINFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_OCSP_SINGLERESP.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_BAGS.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_MAC_DATA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_SAFEBAG.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS12_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_BAGS.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_MAC_DATA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_SAFEBAG.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS12_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_DIGEST.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENCRYPT.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENC_CONTENT.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ENVELOPE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_ISSUER_AND_SERIAL.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_RECIP_INFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGNED.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGNER_INFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_SIGN_ENVELOPE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS7_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_DIGEST.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENCRYPT.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENC_CONTENT.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENVELOPE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ISSUER_AND_SERIAL.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_NDEF.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_RECIP_INFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGNED.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGNER_INFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGN_ENVELOPE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS8PrivateKey_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKey_nid_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_PRIV_KEY_INFO_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_PRIV_KEY_INFO_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_PRIV_KEY_INFO_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKEY_USAGE_PERIOD.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_CERTIFICATEPOLICIES.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_NOTICEREF.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_POLICYQUALINFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_USERNOTICE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_CERTIFICATEPOLICIES.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_NOTICEREF.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_POLICYINFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_POLICYQUALINFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_USERNOTICE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PROXY_CERT_INFO_EXTENSION.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PROXY_CERT_INFO_EXTENSION.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PROXY_POLICY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_AutoPrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PrivateKey_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PrivateKey_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PublicKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8PrivateKeyInfo_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PublicKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_Netscape_RSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSAPrivateKey_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSAPublicKey_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSAPublicKey_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSA_PSS_PARAMS.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_RSA_PUBKEY_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_Netscape_RSA.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPrivateKey_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSAPublicKey_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSA_PSS_PARAMS.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_RSA_PUBKEY_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_SSL_SESSION.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_ACCURACY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_MSG_IMPRINT_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_REQ_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_REQ_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_RESP_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_STATUS_INFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_TS_TST_INFO_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_ACCURACY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_MSG_IMPRINT_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_REQ_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_RESP_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_STATUS_INFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_TS_TST_INFO_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_AUX.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CERT_AUX.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CINF.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_VAL.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_AUX.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CERT_AUX.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CINF.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_VAL.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_ALGOR.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_ATTRIBUTE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_INFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_CRL_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_REVOKED.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_INFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_CRL_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_REVOKED.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_EXTENSIONS.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_EXTENSION.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_EXTENSIONS.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_ENTRY_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_dup.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_get0_der.3" + -rm -f "$(DESTDIR)$(mandir)/man3/X509_NAME_hash.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_NAME_ENTRY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_NAME.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_NAME_ENTRY.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_INFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_X509_REQ_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_INFO.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_REQ_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/d2i_PKCS8_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS8_fp.3" + -rm -f "$(DESTDIR)$(mandir)/man3/i2d_X509_SIG.3" + -rm -f "$(DESTDIR)$(mandir)/man3/EVP_read_pw_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/des_read_pw_string.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_get_rfc2409_prime_1024.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_get_rfc2409_prime_768.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_1536.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_2048.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_3072.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_4096.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_6144.3" + -rm -f "$(DESTDIR)$(mandir)/man3/BN_get_rfc3526_prime_8192.3" + -rm -f "$(DESTDIR)$(mandir)/man3/get_rfc2409_prime_1024.3" + -rm -f "$(DESTDIR)$(mandir)/man3/get_rfc2409_prime_768.3" + -rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_1536.3" + -rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_2048.3" + -rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_3072.3" + -rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_4096.3" + -rm -f "$(DESTDIR)$(mandir)/man3/get_rfc3526_prime_6144.3" + -rm -f "$(DESTDIR)$(mandir)/man3/DECLARE_LHASH_OF.3" + -rm -f "$(DESTDIR)$(mandir)/man3/LHASH_COMP_FN_TYPE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/LHASH_DOALL_ARG_FN_TYPE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/LHASH_DOALL_FN_TYPE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/LHASH_HASH_FN_TYPE.3" + -rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_delete.3" + -rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_doall.3" + -rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_doall_arg.3" + -rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_error.3" + -rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_insert.3" + -rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/lh_<type>_retrieve.3" + -rm -f "$(DESTDIR)$(mandir)/man3/lh_delete.3" + -rm -f "$(DESTDIR)$(mandir)/man3/lh_doall.3" + -rm -f "$(DESTDIR)$(mandir)/man3/lh_doall_arg.3" + -rm -f "$(DESTDIR)$(mandir)/man3/lh_error.3" + -rm -f "$(DESTDIR)$(mandir)/man3/lh_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/lh_insert.3" + -rm -f "$(DESTDIR)$(mandir)/man3/lh_retrieve.3" + -rm -f "$(DESTDIR)$(mandir)/man3/lh_node_stats.3" + -rm -f "$(DESTDIR)$(mandir)/man3/lh_node_stats_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats.3" + -rm -f "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/lh_stats_bio.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_accept_cbs.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_accept_fds.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_configure.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_reset.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_server.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_parse_protocols.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_client.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_prefer_ciphers_server.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_alpn.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ciphers.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_dheparams.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ecdhecurves.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_add_ticket_key.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_session_fd.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_session_lifetime.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifycert.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifyname.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_insecure_noverifytime.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_alpn_selected.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_cipher.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_cipher_strength.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_servername.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_conn_session_resumed.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_chain_pem.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_contains_name.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_hash.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_issuer.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notafter.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_notbefore.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_provided.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_cert_subject.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_connect_cbs.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_connect_fds.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_connect_servername.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_connect_socket.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_error.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_free.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_new.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_mem.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_ocsp_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_add_keypair_ocsp_mem.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_clear_keys.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_mem.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ca_path.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_cert_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_cert_mem.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_crl_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_crl_mem.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_key_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_key_mem.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_mem.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_ocsp_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_keypair_ocsp_mem.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ocsp_staple_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_ocsp_staple_mem.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_set_verify_depth.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_verify_client.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_config_verify_client_optional.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_default_ca_cert_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_unload_file.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_cert_status.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_crl_reason.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_next_update.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_response_status.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_result.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_revocation_time.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_this_update.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_peer_ocsp_url.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_close.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_error.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_handshake.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_reset.3" + -rm -f "$(DESTDIR)$(mandir)/man3/tls_write.3" diff --git a/man/tls_accept_socket.3 b/man/tls_accept_socket.3 new file mode 100644 index 0000000..931b934 --- /dev/null +++ b/man/tls_accept_socket.3 @@ -0,0 +1,107 @@ +.\" $OpenBSD: tls_accept_socket.3,v 1.4 2018/05/26 12:35:26 schwarze Exp $ +.\" +.\" Copyright (c) 2015 Ted Unangst <tedu@openbsd.org> +.\" Copyright (c) 2015 Joel Sing <jsing@openbsd.org> +.\" Copyright (c) 2016 Brent Cook <bcook@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: May 26 2018 $ +.Dt TLS_ACCEPT_SOCKET 3 +.Os +.Sh NAME +.Nm tls_accept_socket , +.Nm tls_accept_fds , +.Nm tls_accept_cbs +.Nd accept an incoming client connection in a TLS server +.Sh SYNOPSIS +.In tls.h +.Ft int +.Fo tls_accept_socket +.Fa "struct tls *tls" +.Fa "struct tls **cctx" +.Fa "int socket" +.Fc +.Ft int +.Fo tls_accept_fds +.Fa "struct tls *tls" +.Fa "struct tls **cctx" +.Fa "int fd_read" +.Fa "int fd_write" +.Fc +.Ft int +.Fo tls_accept_cbs +.Fa "struct tls *tls" +.Fa "struct tls **cctx" +.Fa "ssize_t (*tls_read_cb)(struct tls *ctx,\ + void *buf, size_t buflen, void *cb_arg)" +.Fa "ssize_t (*tls_write_cb)(struct tls *ctx,\ + const void *buf, size_t buflen, void *cb_arg)" +.Fa "void *cb_arg" +.Fc +.Sh DESCRIPTION +After creating a TLS server context +.Fa tls +with +.Xr tls_server 3 +and configuring it with +.Xr tls_configure 3 , +a server can accept a new client connection by calling +.Fn tls_accept_socket +on an already established socket connection. +.Pp +Alternatively, a new client connection can be accepted over a pair of existing +file descriptors by calling +.Fn tls_accept_fds . +.Pp +Calling +.Fn tls_accept_cbs +allows read and write callback functions to handle data transfers. +The specified +.Fa cb_arg +parameter is passed back to the functions, +and can contain a pointer to any caller-specified data. +.Pp +All these functions create a new context suitable for reading and writing +and return it in +.Pf * Fa cctx . +.Sh RETURN VALUES +These functions return 0 on success or -1 on error. +.Sh SEE ALSO +.Xr tls_close 3 , +.Xr tls_config_set_session_id 3 , +.Xr tls_configure 3 , +.Xr tls_connect 3 , +.Xr tls_init 3 , +.Xr tls_server 3 +.Sh HISTORY +.Fn tls_accept_socket +appeared in +.Ox 5.6 +and got its final name in +.Ox 5.7 . +.Pp +.Fn tls_accept_fds +appeared in +.Ox 5.8 +and +.Fn tls_accept_cbs +in +.Ox 6.1 . +.Sh AUTHORS +.An Joel Sing Aq Mt jsing@openbsd.org +.Pp +.An -nosplit +.Fn tls_accept_cbs +was written by +.An Tobias Pape Aq Mt tobias@netshed.de . diff --git a/man/tls_client.3 b/man/tls_client.3 new file mode 100644 index 0000000..98f58d4 --- /dev/null +++ b/man/tls_client.3 @@ -0,0 +1,110 @@ +.\" $OpenBSD: tls_client.3,v 1.4 2017/08/12 03:41:48 jsing Exp $ +.\" +.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: August 12 2017 $ +.Dt TLS_CLIENT 3 +.Os +.Sh NAME +.Nm tls_client , +.Nm tls_server , +.Nm tls_configure , +.Nm tls_reset , +.Nm tls_free +.Nd configure a TLS connection +.Sh SYNOPSIS +.In tls.h +.Ft struct tls * +.Fn tls_client void +.Ft struct tls * +.Fn tls_server void +.Ft int +.Fo tls_configure +.Fa "struct tls *ctx" +.Fa "struct tls_config *config" +.Fc +.Ft void +.Fn tls_free "struct tls *ctx" +.Ft void +.Fn tls_reset "struct tls *ctx" +.Sh DESCRIPTION +A TLS connection is represented as a +.Vt struct tls +object called a +.Dq context . +A new context is created by either the +.Fn tls_client +or +.Fn tls_server +functions. +.Fn tls_client +is used in TLS client programs, +.Fn tls_server +in TLS server programs. +.Pp +The context can then be configured with the function +.Fn tls_configure . +The same +.Vt tls_config +object can be used to configure multiple contexts. +.Pp +After configuration, +.Xr tls_connect 3 +can be called on objects created with +.Fn tls_client , +and +.Xr tls_accept_socket 3 +on objects created with +.Fn tls_server . +.Pp +After use, a TLS context should be closed with +.Xr tls_close 3 , +and then freed by calling +.Fn tls_free . +If +.Fn tls_free +is called with an argument of +.Dv NULL , +no action occurs. +.Pp +A TLS context can be reset by calling +.Fn tls_reset , +allowing for it to be reused. +This is essentially equivalent to calling +.Fn tls_free , +followed by a call to the same function that was used to originally allocate +the TLS context. +.Sh RETURN VALUES +.Fn tls_client +and +.Fn tls_server +return +.Dv NULL +on error or an out of memory condition. +.Pp +.Fn tls_configure +returns 0 on success or -1 on error. +.Sh SEE ALSO +.Xr tls_accept_socket 3 , +.Xr tls_config_new 3 , +.Xr tls_connect 3 , +.Xr tls_init 3 +.Sh HISTORY +These functions appeared in +.Ox 5.6 +and got their final names in +.Ox 5.7 . +.Sh AUTHORS +.An Joel Sing Aq Mt jsing@openbsd.org diff --git a/man/tls_config_ocsp_require_stapling.3 b/man/tls_config_ocsp_require_stapling.3 new file mode 100644 index 0000000..a0694d3 --- /dev/null +++ b/man/tls_config_ocsp_require_stapling.3 @@ -0,0 +1,40 @@ +.\" $OpenBSD: tls_config_ocsp_require_stapling.3,v 1.5 2017/01/31 20:53:50 jmc Exp $ +.\" +.\" Copyright (c) 2016 Bob Beck <beck@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: January 31 2017 $ +.Dt TLS_CONFIG_OCSP_REQUIRE_STAPLING 3 +.Os +.Sh NAME +.Nm tls_config_ocsp_require_stapling +.Nd OCSP configuration for libtls +.Sh SYNOPSIS +.In tls.h +.Ft void +.Fn tls_config_ocsp_require_stapling "struct tls_config *config" +.Sh DESCRIPTION +.Fn tls_config_ocsp_require_stapling +requires that a valid stapled OCSP response be provided +during the TLS handshake. +.Sh SEE ALSO +.Xr tls_config_add_keypair_file 3 , +.Xr tls_handshake 3 , +.Xr tls_init 3 , +.Xr tls_ocsp_process_response 3 +.Sh HISTORY +These functions appeared in +.Ox 6.1 . +.Sh AUTHORS +.An Bob Beck Aq Mt beck@openbsd.org diff --git a/man/tls_config_set_protocols.3 b/man/tls_config_set_protocols.3 new file mode 100644 index 0000000..0aed5b9 --- /dev/null +++ b/man/tls_config_set_protocols.3 @@ -0,0 +1,197 @@ +.\" $OpenBSD: tls_config_set_protocols.3,v 1.8 2020/01/22 06:46:34 beck Exp $ +.\" +.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> +.\" Copyright (c) 2015, 2016 Joel Sing <jsing@openbsd.org> +.\" Copyright (c) 2015 Bob Beck <beck@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: January 22 2020 $ +.Dt TLS_CONFIG_SET_PROTOCOLS 3 +.Os +.Sh NAME +.Nm tls_config_set_protocols , +.Nm tls_config_parse_protocols , +.Nm tls_config_set_alpn , +.Nm tls_config_set_ciphers , +.Nm tls_config_set_dheparams , +.Nm tls_config_set_ecdhecurves , +.Nm tls_config_prefer_ciphers_client , +.Nm tls_config_prefer_ciphers_server +.Nd TLS protocol and cipher selection +.Sh SYNOPSIS +.In tls.h +.Ft int +.Fo tls_config_set_protocols +.Fa "struct tls_config *config" +.Fa "uint32_t protocols" +.Fc +.Ft int +.Fo tls_config_parse_protocols +.Fa "uint32_t *protocols" +.Fa "const char *protostr" +.Fc +.Ft int +.Fo tls_config_set_alpn +.Fa "struct tls_config *config" +.Fa "const char *alpn" +.Fc +.Ft int +.Fo tls_config_set_ciphers +.Fa "struct tls_config *config" +.Fa "const char *ciphers" +.Fc +.Ft int +.Fo tls_config_set_dheparams +.Fa "struct tls_config *config" +.Fa "const char *params" +.Fc +.Ft int +.Fo tls_config_set_ecdhecurves +.Fa "struct tls_config *config" +.Fa "const char *curves" +.Fc +.Ft void +.Fn tls_config_prefer_ciphers_client "struct tls_config *config" +.Ft void +.Fn tls_config_prefer_ciphers_server "struct tls_config *config" +.Sh DESCRIPTION +These functions modify a configuration by setting parameters. +The configuration options apply to both clients and servers, unless noted +otherwise. +.Pp +.Fn tls_config_set_protocols +specifies which versions of the TLS protocol may be used. +Possible values are the bitwise OR of: +.Pp +.Bl -tag -width "TLS_PROTOCOL_TLSv1_2" -offset indent -compact +.It Dv TLS_PROTOCOL_TLSv1_0 +.It Dv TLS_PROTOCOL_TLSv1_1 +.It Dv TLS_PROTOCOL_TLSv1_2 +.It Dv TLS_PROTOCOL_TLSv1_3 +.El +.Pp +Additionally, the values +.Dv TLS_PROTOCOL_TLSv1 +(TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3), +.Dv TLS_PROTOCOLS_ALL +(all supported protocols) and +.Dv TLS_PROTOCOLS_DEFAULT +(TLSv1.2 and TLSv1.3) may be used. +.Pp +The +.Fn tls_config_parse_protocols +utility function parses a protocol string and returns the corresponding +value via the +.Ar protocols +argument. +This value can then be passed to the +.Fn tls_config_set_protocols +function. +The protocol string is a comma or colon separated list of keywords. +Valid keywords are tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3, all (all supported +protocols), default (an alias for secure), legacy (an alias for all) and +secure (currently TLSv1.2 and TLSv1.3). +If a value has a negative prefix (in the form of a leading exclamation mark) +then it is removed from the list of available protocols, rather than being +added to it. +.Pp +.Fn tls_config_set_alpn +sets the ALPN protocols that are supported. +The alpn string is a comma separated list of protocols, in order of preference. +.Pp +.Fn tls_config_set_ciphers +sets the list of ciphers that may be used. +Lists of ciphers are specified by name, and the +permitted names are: +.Pp +.Bl -tag -width "insecure" -offset indent -compact +.It Dv "secure" (or alias "default") +.It Dv "compat" +.It Dv "legacy" +.It Dv "insecure" (or alias "all") +.El +.Pp +Alternatively, libssl cipher strings can be specified. +See the CIPHERS section of +.Xr openssl 1 +for further information. +.Pp +.Fn tls_config_set_dheparams +specifies the parameters that will be used during Diffie-Hellman Ephemeral +(DHE) key exchange. +Possible values are "none", "auto" and "legacy". +In "auto" mode, the key size for the ephemeral key is automatically selected +based on the size of the private key being used for signing. +In "legacy" mode, 1024 bit ephemeral keys are used. +The default value is "none", which disables DHE key exchange. +.Pp +.Fn tls_config_set_ecdhecurves +specifies the names of the elliptic curves that may be used during Elliptic +Curve Diffie-Hellman Ephemeral (ECDHE) key exchange. +This is a comma separated list, given in order of preference. +The special value of "default" will use the default curves (currently X25519, +P-256 and P-384). +This function replaces +.Fn tls_config_set_ecdhecurve , +which is deprecated. +.Pp +.Fn tls_config_prefer_ciphers_client +prefers ciphers in the client's cipher list when selecting a cipher suite +(server only). +This is considered to be less secure than preferring the server's list. +.Pp +.Fn tls_config_prefer_ciphers_server +prefers ciphers in the server's cipher list when selecting a cipher suite +(server only). +This is considered to be more secure than preferring the client's list and is +the default. +.Sh RETURN VALUES +These functions return 0 on success or -1 on error. +.Sh SEE ALSO +.Xr tls_config_ocsp_require_stapling 3 , +.Xr tls_config_set_session_id 3 , +.Xr tls_config_verify 3 , +.Xr tls_init 3 , +.Xr tls_load_file 3 +.Sh HISTORY +.Fn tls_config_set_ciphers +appeared in +.Ox 5.6 +and got its final name in +.Ox 5.7 . +.Pp +.Fn tls_config_set_protocols , +.Fn tls_config_parse_protocols , +.Fn tls_config_set_dheparams , +and +.Fn tls_config_set_ecdhecurve +appeared in +.Ox 5.7 , +.Fn tls_config_prefer_ciphers_client +and +.Fn tls_config_prefer_ciphers_server +in +.Ox 5.9 , +and +.Fn tls_config_set_alpn +in +.Ox 6.1 . +.Sh AUTHORS +.An Joel Sing Aq Mt jsing@openbsd.org +with contributions from +.An Ted Unangst Aq Mt tedu@openbsd.org +.Pq Fn tls_config_set_ciphers +and +.An Reyk Floeter Aq Mt reyk@openbsd.org +.Pq Fn tls_config_set_ecdhecurve diff --git a/man/tls_config_set_session_id.3 b/man/tls_config_set_session_id.3 new file mode 100644 index 0000000..d969e01 --- /dev/null +++ b/man/tls_config_set_session_id.3 @@ -0,0 +1,105 @@ +.\" $OpenBSD: tls_config_set_session_id.3,v 1.5 2018/02/10 06:07:43 jsing Exp $ +.\" +.\" Copyright (c) 2017 Claudio Jeker <claudio@openbsd.org> +.\" Copyright (c) 2018 Joel Sing <jsing@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: February 10 2018 $ +.Dt TLS_CONFIG_SET_SESSION_ID 3 +.Os +.Sh NAME +.Nm tls_config_set_session_fd , +.Nm tls_config_set_session_id , +.Nm tls_config_set_session_lifetime , +.Nm tls_config_add_ticket_key +.Nd configure resuming of TLS handshakes +.Sh SYNOPSIS +.In tls.h +.Ft int +.Fo tls_config_set_session_fd +.Fa "struct tls_config *config" +.Fa "int session_fd" +.Fc +.Ft int +.Fo tls_config_set_session_id +.Fa "struct tls_config *config" +.Fa "const unsigned char *session_id" +.Fa "size_t len" +.Fc +.Ft int +.Fo tls_config_set_session_lifetime +.Fa "struct tls_config *config" +.Fa "int lifetime" +.Fc +.Ft int +.Fo tls_config_add_ticket_key +.Fa "struct tls_config *config" +.Fa "uint32_t keyrev" +.Fa "unsigned char *key" +.Fa "size_t keylen" +.Fc +.Sh DESCRIPTION +.Fn tls_config_set_session_fd +sets a file descriptor to be used to manage data for TLS sessions (client only). +The given file descriptor must be a regular file and be owned by the current +user, with permissions being restricted to only allow the owner to read and +write the file (0600). +If the file has a non-zero length, the client will attempt to read session +data from this file and resume the previous TLS session with the server. +Upon a successful handshake the file will be updated with current session +data, if available. +The caller is responsible for closing this file descriptor, after all TLS +contexts that have been configured to use it have been freed via +.Fn tls_free . +.Pp +.Fn tls_config_set_session_id +sets the session identifier that will be used by the TLS server when +sessions are enabled (server only). +By default a random value is used. +.Pp +.Fn tls_config_set_session_lifetime +sets the lifetime to be used for TLS sessions (server only). +Session support is disabled if a lifetime of zero is specified, which is the +default. +.Pp +.Fn tls_config_add_ticket_key +adds a key used for the encryption and authentication of TLS tickets +(server only). +By default keys are generated and rotated automatically based on their lifetime. +This function should only be used to synchronise ticket encryption key across +multiple processes. +Re-adding a known key will result in an error, unless it is the most recently +added key. +.Sh RETURN VALUES +These functions return 0 on success or -1 on error. +.Sh SEE ALSO +.Xr tls_accept_socket 3 , +.Xr tls_config_set_protocols 3 , +.Xr tls_init 3 , +.Xr tls_load_file 3 , +.Xr tls_server 3 +.Sh HISTORY +.Fn tls_config_set_session_id , +.Fn tls_config_set_session_lifetime +and +.Fn tls_config_add_ticket_key +appeared in +.Ox 6.1 . +.Pp +.Fn tls_config_set_session_fd +appeared in +.Ox 6.3 . +.Sh AUTHORS +.An Claudio Jeker Aq Mt claudio@openbsd.org +.An Joel Sing Aq Mt jsing@openbsd.org diff --git a/man/tls_config_verify.3 b/man/tls_config_verify.3 new file mode 100644 index 0000000..4a43c83 --- /dev/null +++ b/man/tls_config_verify.3 @@ -0,0 +1,79 @@ +.\" $OpenBSD: tls_config_verify.3,v 1.4 2017/03/02 11:05:50 jmc Exp $ +.\" +.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> +.\" Copyright (c) 2015 Joel Sing <jsing@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 2 2017 $ +.Dt TLS_CONFIG_VERIFY 3 +.Os +.Sh NAME +.Nm tls_config_verify , +.Nm tls_config_insecure_noverifycert , +.Nm tls_config_insecure_noverifyname , +.Nm tls_config_insecure_noverifytime +.Nd insecure TLS configuration +.Sh SYNOPSIS +.In tls.h +.Ft void +.Fn tls_config_verify "struct tls_config *config" +.Ft void +.Fn tls_config_insecure_noverifycert "struct tls_config *config" +.Ft void +.Fn tls_config_insecure_noverifyname "struct tls_config *config" +.Ft void +.Fn tls_config_insecure_noverifytime "struct tls_config *config" +.Sh DESCRIPTION +These functions disable parts of the normal certificate verification +process, resulting in insecure configurations. +Be very careful when using them. +.Pp +.Fn tls_config_insecure_noverifycert +disables certificate verification and OCSP validation. +.Pp +.Fn tls_config_insecure_noverifyname +disables server name verification (client only). +.Pp +.Fn tls_config_insecure_noverifytime +disables validity checking of certificates and OCSP validation. +.Pp +.Fn tls_config_verify +reenables server name and certificate verification. +.Sh SEE ALSO +.Xr tls_client 3 , +.Xr tls_config_ocsp_require_stapling 3 , +.Xr tls_config_set_protocols 3 , +.Xr tls_conn_version 3 , +.Xr tls_connect 3 , +.Xr tls_handshake 3 , +.Xr tls_init 3 +.Sh HISTORY +.Fn tls_config_verify +appeared in +.Ox 5.6 +and got its final name in +.Ox 5.7 . +.Pp +.Fn tls_config_insecure_noverifycert +and +.Fn tls_config_insecure_noverifyname +appeared in +.Ox 5.7 +and +.Nm tls_config_insecure_noverifytime +in +.Ox 5.9 . +.Sh AUTHORS +.An Joel Sing Aq Mt jsing@openbsd.org +.An Ted Unangst Aq Mt tedu@openbsd.org diff --git a/man/tls_conn_version.3 b/man/tls_conn_version.3 new file mode 100644 index 0000000..9ab6932 --- /dev/null +++ b/man/tls_conn_version.3 @@ -0,0 +1,214 @@ +.\" $OpenBSD: tls_conn_version.3,v 1.10 2019/11/02 13:43:14 jsing Exp $ +.\" +.\" Copyright (c) 2015 Bob Beck <beck@openbsd.org> +.\" Copyright (c) 2016, 2018 Joel Sing <jsing@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 2 2019 $ +.Dt TLS_CONN_VERSION 3 +.Os +.Sh NAME +.Nm tls_conn_version , +.Nm tls_conn_cipher , +.Nm tls_conn_cipher_strength , +.Nm tls_conn_alpn_selected , +.Nm tls_conn_servername , +.Nm tls_conn_session_resumed , +.Nm tls_peer_cert_provided , +.Nm tls_peer_cert_contains_name , +.Nm tls_peer_cert_chain_pem , +.Nm tls_peer_cert_issuer , +.Nm tls_peer_cert_subject , +.Nm tls_peer_cert_hash , +.Nm tls_peer_cert_notbefore , +.Nm tls_peer_cert_notafter +.Nd inspect an established TLS connection +.Sh SYNOPSIS +.In tls.h +.Ft const char * +.Fn tls_conn_version "struct tls *ctx" +.Ft const char * +.Fn tls_conn_cipher "struct tls *ctx" +.Ft int +.Fn tls_conn_cipher_strength "struct tls *ctx" +.Ft const char * +.Fn tls_conn_alpn_selected "struct tls *ctx" +.Ft const char * +.Fn tls_conn_servername "struct tls *ctx" +.Ft int +.Fn tls_conn_session_resumed "struct tls *ctx" +.Ft int +.Fn tls_peer_cert_provided "struct tls *ctx" +.Ft int +.Fo tls_peer_cert_contains_name +.Fa "struct tls *ctx" +.Fa "const char *name" +.Fc +.Ft const uint8_t * +.Fo tls_peer_cert_chain_pem +.Fa "struct tls *ctx" +.Fa "size_t *size" +.Fc +.Ft const char * +.Fn tls_peer_cert_issuer "struct tls *ctx" +.Ft const char * +.Fn tls_peer_cert_subject "struct tls *ctx" +.Ft const char * +.Fn tls_peer_cert_hash "struct tls *ctx" +.Ft time_t +.Fn tls_peer_cert_notbefore "struct tls *ctx" +.Ft time_t +.Fn tls_peer_cert_notafter "struct tls *ctx" +.Sh DESCRIPTION +These functions return information about a TLS connection and will only +succeed after the handshake is complete (the connection information applies +to both clients and servers, unless noted otherwise): +.Pp +.Fn tls_conn_version +returns a string corresponding to a TLS version negotiated with the peer +connected to +.Ar ctx . +.Pp +.Fn tls_conn_cipher +returns a string corresponding to the cipher suite negotiated with the peer +connected to +.Ar ctx . +.Pp +.Fn tls_conn_cipher_strength +returns the strength in bits for the symmetric cipher that is being +used with the peer connected to +.Ar ctx . +.Pp +.Fn tls_conn_alpn_selected +returns a string that specifies the ALPN protocol selected for use with the peer +connected to +.Ar ctx . +If no protocol was selected then NULL is returned. +.Pp +.Fn tls_conn_servername +returns a string corresponding to the servername that the client connected to +.Ar ctx +requested by sending a TLS Server Name Indication extension (server only). +.Pp +.Fn tls_conn_session_resumed +indicates whether a TLS session has been resumed during the handshake with +the server connected to +.Ar ctx +(client only). +.Pp +.Fn tls_peer_cert_provided +checks if the peer of +.Ar ctx +has provided a certificate. +.Pp +.Fn tls_peer_cert_contains_name +checks if the peer of a TLS +.Ar ctx +has provided a certificate that contains a +SAN or CN that matches +.Ar name . +.Pp +.Fn tls_peer_cert_chain_pem +returns a pointer to memory containing a PEM-encoded certificate chain for the +peer certificate from +.Ar ctx . +.Pp +.Fn tls_peer_cert_subject +returns a string +corresponding to the subject of the peer certificate from +.Ar ctx . +.Pp +.Fn tls_peer_cert_issuer +returns a string +corresponding to the issuer of the peer certificate from +.Ar ctx . +.Pp +.Fn tls_peer_cert_hash +returns a string +corresponding to a hash of the raw peer certificate from +.Ar ctx +prefixed by a hash name followed by a colon. +The hash currently used is SHA256, though this +could change in the future. +The hash string for a certificate in file +.Ar mycert.crt +can be generated using the commands: +.Bd -literal -offset indent +h=$(openssl x509 -outform der -in mycert.crt | sha256) +printf "SHA256:${h}\\n" +.Ed +.Pp +.Fn tls_peer_cert_notbefore +returns the time corresponding to the start of the validity period of +the peer certificate from +.Ar ctx . +.Pp +.Fn tls_peer_cert_notafter +returns the time corresponding to the end of the validity period of +the peer certificate from +.Ar ctx . +.Sh RETURN VALUES +The +.Fn tls_conn_session_resumed +function returns 1 if a TLS session was resumed or 0 if it was not. +.Pp +The +.Fn tls_peer_cert_provided +and +.Fn tls_peer_cert_contains_name +functions return 1 if the check succeeds or 0 if it does not. +.Pp +.Fn tls_peer_cert_notbefore +and +.Fn tls_peer_cert_notafter +return a time in epoch-seconds on success or -1 on error. +.Pp +The functions that return a pointer return +.Dv NULL +on error or an out of memory condition. +.Sh SEE ALSO +.Xr tls_configure 3 , +.Xr tls_handshake 3 , +.Xr tls_init 3 , +.Xr tls_ocsp_process_response 3 +.Sh HISTORY +.Fn tls_conn_version , +.Fn tls_conn_cipher , +.Fn tls_peer_cert_provided , +.Fn tls_peer_cert_contains_name , +.Fn tls_peer_cert_issuer , +.Fn tls_peer_cert_subject , +.Fn tls_peer_cert_hash , +.Fn tls_peer_cert_notbefore , +and +.Fn tls_peer_cert_notafter +appeared in +.Ox 5.9 . +.Pp +.Fn tls_conn_servername +and +.Fn tls_conn_alpn_selected +appeared in +.Ox 6.1 . +.Pp +.Fn tls_conn_session_resumed +appeared in +.Ox 6.3 . +.Pp +.Fn tls_conn_cipher_strength +appeared in +.Ox 6.7 . +.Sh AUTHORS +.An Bob Beck Aq Mt beck@openbsd.org +.An Joel Sing Aq Mt jsing@openbsd.org diff --git a/man/tls_connect.3 b/man/tls_connect.3 new file mode 100644 index 0000000..4c4f01c --- /dev/null +++ b/man/tls_connect.3 @@ -0,0 +1,144 @@ +.\" $OpenBSD: tls_connect.3,v 1.4 2018/07/09 19:51:18 tb Exp $ +.\" +.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> +.\" Copyright (c) 2014, 2015 Joel Sing <jsing@openbsd.org> +.\" Copyright (c) 2016 Brent Cook <bcook@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 9 2018 $ +.Dt TLS_CONNECT 3 +.Os +.Sh NAME +.Nm tls_connect , +.Nm tls_connect_fds , +.Nm tls_connect_servername , +.Nm tls_connect_socket , +.Nm tls_connect_cbs +.Nd instruct a TLS client to establish a connection +.Sh SYNOPSIS +.In tls.h +.Ft int +.Fo tls_connect +.Fa "struct tls *ctx" +.Fa "const char *host" +.Fa "const char *port" +.Fc +.Ft int +.Fo tls_connect_fds +.Fa "struct tls *ctx" +.Fa "int fd_read" +.Fa "int fd_write" +.Fa "const char *servername" +.Fc +.Ft int +.Fo tls_connect_servername +.Fa "struct tls *ctx" +.Fa "const char *host" +.Fa "const char *port" +.Fa "const char *servername" +.Fc +.Ft int +.Fo tls_connect_socket +.Fa "struct tls *ctx" +.Fa "int s" +.Fa "const char *servername" +.Fc +.Ft int +.Fo tls_connect_cbs +.Fa "struct tls *ctx" +.Fa "ssize_t (*tls_read_cb)(struct tls *ctx,\ + void *buf, size_t buflen, void *cb_arg)" +.Fa "ssize_t (*tls_write_cb)(struct tls *ctx,\ + const void *buf, size_t buflen, void *cb_arg)" +.Fa "void *cb_arg" +.Fa "const char *servername" +.Fc +.Sh DESCRIPTION +After creating a TLS client context with +.Xr tls_client 3 +and configuring it with +.Xr tls_configure 3 , +a client connection is initiated by calling +.Fn tls_connect . +This function will create a new socket, connect to the specified +.Fa host +and +.Fa port , +and then establish a secure connection. +The +.Fa port +may be numeric or a service name. +If it is +.Dv NULL , +then a +.Fa host +of the format "hostname:port" is permitted. +The name to use for verification is inferred from the +.Ar host +value. +.Pp +The +.Fn tls_connect_servername +function has the same behaviour, however the name to use for verification is +explicitly provided, for the case where the TLS server name differs from the +DNS name. +.Pp +An already existing socket can be upgraded to a secure connection by calling +.Fn tls_connect_socket . +.Pp +Alternatively, a secure connection can be established over a pair of existing +file descriptors by calling +.Fn tls_connect_fds . +.Pp +Calling +.Fn tls_connect_cbs +allows read and write callback functions to handle data transfers. +The specified cb_arg parameter is passed back to the functions, +and can contain a pointer to any caller-specified data. +.Sh RETURN VALUES +These functions return 0 on success or -1 on error. +.Sh SEE ALSO +.Xr tls_accept_socket 3 , +.Xr tls_client 3 , +.Xr tls_close 3 , +.Xr tls_config_ocsp_require_stapling 3 , +.Xr tls_configure 3 , +.Xr tls_handshake 3 , +.Xr tls_init 3 +.Sh HISTORY +.Fn tls_connect +and +.Fn tls_connect_socket +appeared in +.Ox 5.6 +and got their final names in +.Ox 5.7 . +.Pp +.Fn tls_connect_fds +and +.Fn tls_connect_servername +appeared in +.Ox 5.7 +and +.Fn tls_connect_cbs +in +.Ox 6.1 . +.Sh AUTHORS +.An Joel Sing Aq Mt jsing@openbsd.org +.An Reyk Floeter Aq Mt reyk@openbsd.org +.Pp +.An -nosplit +.Fn tls_connect_cbs +was written by +.An Tobias Pape Aq Mt tobias@netshed.de . diff --git a/man/tls_init.3 b/man/tls_init.3 new file mode 100644 index 0000000..5579981 --- /dev/null +++ b/man/tls_init.3 @@ -0,0 +1,180 @@ +.\" $OpenBSD: tls_init.3,v 1.13 2018/07/09 19:47:20 tb Exp $ +.\" +.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> +.\" Copyright (c) 2016 Joel Sing <jsing@openbsd.org> +.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 9 2018 $ +.Dt TLS_INIT 3 +.Os +.Sh NAME +.Nm tls_init , +.Nm tls_config_new , +.Nm tls_config_free , +.Nm tls_config_error +.Nd initialize TLS client and server API +.Sh SYNOPSIS +.In tls.h +.Ft int +.Fn tls_init void +.Ft struct tls_config * +.Fn tls_config_new void +.Ft void +.Fn tls_config_free "struct tls_config *config" +.Ft const char * +.Fn tls_config_error "struct tls_config *config" +.Sh DESCRIPTION +The +.Nm tls +family of functions establishes a secure communications channel +using the TLS socket protocol. +Both clients and servers are supported. +.Pp +The +.Fn tls_init +function initializes global data structures. +It is no longer necessary to call this function directly, +since it is invoked internally when needed. +It may be called more than once, and may be called concurrently. +.Pp +Before a connection is created, a configuration must be created. +The +.Fn tls_config_new +function allocates, initializes, and returns a new default configuration +object that can be used for future connections. +Several functions exist to change the options of the configuration; see +.Xr tls_config_set_protocols 3 , +.Xr tls_load_file 3 , +.Xr tls_config_ocsp_require_stapling 3 , +and +.Xr tls_config_verify 3 . +.Pp +The +.Fn tls_config_error +function may be used to retrieve a string containing more information +about the most recent error relating to a configuration. +.Pp +A TLS connection object is created by +.Xr tls_client 3 +or +.Xr tls_server 3 +and configured with +.Xr tls_configure 3 . +.Pp +A client connection is initiated after configuration by calling +.Xr tls_connect 3 . +A server can accept a new client connection by calling +.Xr tls_accept_socket 3 +on an already established socket connection. +.Pp +Two functions are provided for input and output, +.Xr tls_read 3 +and +.Xr tls_write 3 . +Both automatically perform the +.Xr tls_handshake 3 +when needed. +.Pp +The properties of established TLS connections +can be inspected with the functions described in +.Xr tls_conn_version 3 +and +.Xr tls_ocsp_process_response 3 . +.Pp +After use, a TLS connection should be closed with +.Xr tls_close 3 +and then freed by calling +.Xr tls_free 3 . +.Pp +When no more contexts are to be configured, +the configuration object should be freed by calling +.Fn tls_config_free . +It is safe to call +.Fn tls_config_free +as soon as the final call to +.Fn tls_configure +has been made. +If +.Fa config +is +.Dv NULL , +no action occurs. +.Sh RETURN VALUES +.Fn tls_init +returns 0 on success or -1 on error. +.Pp +.Fn tls_config_new +returns +.Dv NULL +on error or an out of memory condition. +.Pp +.Fn tls_config_error +returns +.Dv NULL +if no error occurred with +.Fa config +at all, or if memory allocation failed while trying to assemble the +string describing the most recent error related to +.Fa config . +.Sh SEE ALSO +.Xr tls_accept_socket 3 , +.Xr tls_client 3 , +.Xr tls_config_ocsp_require_stapling 3 , +.Xr tls_config_set_protocols 3 , +.Xr tls_config_verify 3 , +.Xr tls_conn_version 3 , +.Xr tls_connect 3 , +.Xr tls_load_file 3 , +.Xr tls_ocsp_process_response 3 , +.Xr tls_read 3 +.Sh HISTORY +The +.Nm tls +API first appeared in +.Ox 5.6 +as a response to the unnecessary challenges other APIs present in +order to use them safely. +.Pp +All functions were renamed from +.Fn ressl_* +to +.Fn tls_* +for +.Ox 5.7 . +.Pp +.Fn tls_config_error +appeared in +.Ox 6.0 . +.Sh AUTHORS +.An Joel Sing Aq Mt jsing@openbsd.org +.An Ted Unangst Aq Mt tedu@openbsd.org +.Pp +Many others contributed to various parts of the library; see the +individual manual pages for more information. +.Sh CAVEATS +The function +.Fn tls_config_error +returns an internal pointer. +It must not be freed by the application, or a double free error +will occur. +The pointer will become invalid when the next error occurs with +.Fa config . +Consequently, if the application may need the message at a later +time, it has to copy the string before calling the next +.Sy libtls +function involving +.Fa config , +or a segmentation fault or read access to unintended data is the +likely result. diff --git a/man/tls_load_file.3 b/man/tls_load_file.3 new file mode 100644 index 0000000..d836a04 --- /dev/null +++ b/man/tls_load_file.3 @@ -0,0 +1,371 @@ +.\" $OpenBSD: tls_load_file.3,v 1.11 2018/11/29 14:24:23 tedu Exp $ +.\" +.\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> +.\" Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org> +.\" Copyright (c) 2015 Bob Beck <beck@openbsd.org> +.\" Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 29 2018 $ +.Dt TLS_LOAD_FILE 3 +.Os +.Sh NAME +.Nm tls_load_file , +.Nm tls_unload_file , +.Nm tls_config_set_ca_file , +.Nm tls_config_set_ca_path , +.Nm tls_config_set_ca_mem , +.Nm tls_config_set_cert_file , +.Nm tls_config_set_cert_mem , +.Nm tls_config_set_crl_file , +.Nm tls_config_set_crl_mem , +.Nm tls_config_set_key_file , +.Nm tls_config_set_key_mem , +.Nm tls_config_set_ocsp_staple_mem , +.Nm tls_config_set_ocsp_staple_file , +.Nm tls_config_set_keypair_file , +.Nm tls_config_set_keypair_mem , +.Nm tls_config_set_keypair_ocsp_file , +.Nm tls_config_set_keypair_ocsp_mem , +.Nm tls_config_add_keypair_file , +.Nm tls_config_add_keypair_ocsp_mem , +.Nm tls_config_add_keypair_ocsp_file , +.Nm tls_config_add_keypair_mem , +.Nm tls_config_clear_keys , +.Nm tls_config_set_verify_depth , +.Nm tls_config_verify_client , +.Nm tls_config_verify_client_optional , +.Nm tls_default_ca_cert_file +.Nd TLS certificate and key configuration +.Sh SYNOPSIS +.In tls.h +.Ft uint8_t * +.Fo tls_load_file +.Fa "const char *file" +.Fa "size_t *len" +.Fa "char *password" +.Fc +.Ft void +.Fo tls_unload_file +.Fa "uint8_t *buf" +.Fa "size_t len" +.Fc +.Ft int +.Fo tls_config_set_ca_file +.Fa "struct tls_config *config" +.Fa "const char *ca_file" +.Fc +.Ft int +.Fo tls_config_set_ca_path +.Fa "struct tls_config *config" +.Fa "const char *ca_path" +.Fc +.Ft int +.Fo tls_config_set_ca_mem +.Fa "struct tls_config *config" +.Fa "const uint8_t *cert" +.Fa "size_t len" +.Fc +.Ft int +.Fo tls_config_set_cert_file +.Fa "struct tls_config *config" +.Fa "const char *cert_file" +.Fc +.Ft int +.Fo tls_config_set_cert_mem +.Fa "struct tls_config *config" +.Fa "const uint8_t *cert" +.Fa "size_t len" +.Fc +.Ft int +.Fo tls_config_set_crl_file +.Fa "struct tls_config *config" +.Fa "const char *crl_file" +.Fc +.Ft int +.Fo tls_config_set_crl_mem +.Fa "struct tls_config *config" +.Fa "const uint8_t *crl" +.Fa "size_t len" +.Fc +.Ft int +.Fo tls_config_set_key_file +.Fa "struct tls_config *config" +.Fa "const char *key_file" +.Fc +.Ft int +.Fo tls_config_set_key_mem +.Fa "struct tls_config *config" +.Fa "const uint8_t *key" +.Fa "size_t len" +.Fc +.Ft int +.Fo tls_config_set_ocsp_staple_mem +.Fa "struct tls_config *config" +.Fa "const uint8_t *staple" +.Fa "size_t len" +.Fc +.Ft int +.Fo tls_config_set_ocsp_staple_file +.Fa "struct tls_config *config" +.Fa "const char *staple_file" +.Fc +.Ft int +.Fo tls_config_set_keypair_file +.Fa "struct tls_config *config" +.Fa "const char *cert_file" +.Fa "const char *key_file" +.Fc +.Ft int +.Fo tls_config_set_keypair_mem +.Fa "struct tls_config *config" +.Fa "const uint8_t *cert" +.Fa "size_t cert_len" +.Fa "const uint8_t *key" +.Fa "size_t key_len" +.Fc +.Ft int +.Fo tls_config_set_keypair_ocsp_file +.Fa "struct tls_config *config" +.Fa "const char *cert_file" +.Fa "const char *key_file" +.Fa "const char *staple_file" +.Fc +.Ft int +.Fo tls_config_set_keypair_ocsp_mem +.Fa "struct tls_config *config" +.Fa "const uint8_t *cert" +.Fa "size_t cert_len" +.Fa "const uint8_t *key" +.Fa "size_t key_len" +.Fa "const uint8_t *staple" +.Fa "size_t staple_len" +.Fc +.Ft int +.Fo tls_config_add_keypair_file +.Fa "struct tls_config *config" +.Fa "const char *cert_file" +.Fa "const char *key_file" +.Fc +.Ft int +.Fo tls_config_add_keypair_mem +.Fa "struct tls_config *config" +.Fa "const uint8_t *cert" +.Fa "size_t cert_len" +.Fa "const uint8_t *key" +.Fa "size_t key_len" +.Fc +.Ft int +.Fo tls_config_add_keypair_ocsp_file +.Fa "struct tls_config *config" +.Fa "const char *cert_file" +.Fa "const char *key_file" +.Fa "const char *staple_file" +.Fc +.Ft int +.Fo tls_config_add_keypair_ocsp_mem +.Fa "struct tls_config *config" +.Fa "const uint8_t *cert" +.Fa "size_t cert_len" +.Fa "const uint8_t *key" +.Fa "size_t key_len" +.Fa "const uint8_t *staple" +.Fa "size_t staple_len" +.Fc +.Ft void +.Fn tls_config_clear_keys "struct tls_config *config" +.Ft int +.Fo tls_config_set_verify_depth +.Fa "struct tls_config *config" +.Fa "int verify_depth" +.Fc +.Ft void +.Fn tls_config_verify_client "struct tls_config *config" +.Ft void +.Fn tls_config_verify_client_optional "struct tls_config *config" +.Ft const char * +.Fn tls_default_ca_cert_file "void" +.Sh DESCRIPTION +.Fn tls_load_file +loads a certificate or key from disk into memory to be used with +.Fn tls_config_set_ca_mem , +.Fn tls_config_set_cert_mem , +.Fn tls_config_set_crl_mem +or +.Fn tls_config_set_key_mem . +A private key will be decrypted if the optional +.Ar password +argument is specified. +.Pp +.Fn tls_unload_file +unloads the memory that was returned from an earlier +.Fn tls_load_file +call, ensuring that the memory contents is discarded. +.Pp +.Fn tls_default_ca_cert_file +returns the path of the file that contains the default root certificates. +.Pp +.Fn tls_config_set_ca_file +sets the filename used to load a file +containing the root certificates. +.Pp +.Fn tls_config_set_ca_path +sets the path (directory) which should be searched for root +certificates. +.Pp +.Fn tls_config_set_ca_mem +sets the root certificates directly from memory. +.Pp +.Fn tls_config_set_cert_file +sets file from which the public certificate will be read. +.Pp +.Fn tls_config_set_cert_mem +sets the public certificate directly from memory. +.Pp +.Fn tls_config_set_crl_file +sets the filename used to load a file containing the +Certificate Revocation List (CRL). +.Pp +.Fn tls_config_set_crl_mem +sets the CRL directly from memory. +.Pp +.Fn tls_config_set_key_file +sets the file from which the private key will be read. +.Pp +.Fn tls_config_set_key_mem +directly sets the private key from memory. +.Pp +.Fn tls_config_set_ocsp_staple_file +sets a DER-encoded OCSP response to be stapled during the TLS handshake from +the specified file. +.Pp +.Fn tls_config_set_ocsp_staple_mem +sets a DER-encoded OCSP response to be stapled during the TLS handshake from +memory. +.Pp +.Fn tls_config_set_keypair_file +sets the files from which the public certificate, and private key will be read. +.Pp +.Fn tls_config_set_keypair_mem +directly sets the public certificate, and private key from memory. +.Pp +.Fn tls_config_set_keypair_ocsp_file +sets the files from which the public certificate, private key, and DER-encoded +OCSP staple will be read. +.Pp +.Fn tls_config_set_keypair_ocsp_mem +directly sets the public certificate, private key, and DER-encoded OCSP staple +from memory. +.Pp +.Fn tls_config_add_keypair_file +adds an additional public certificate, and private key from the specified files, +used as an alternative certificate for Server Name Indication (server only). +.Pp +.Fn tls_config_add_keypair_mem +adds an additional public certificate, and private key from memory, used as an +alternative certificate for Server Name Indication (server only). +.Pp +.Fn tls_config_add_keypair_ocsp_file +adds an additional public certificate, private key, and DER-encoded OCSP staple +from the specified files, used as an alternative certificate for Server Name +Indication (server only). +.Pp +.Fn tls_config_add_keypair_ocsp_mem +adds an additional public certificate, private key, and DER-encoded OCSP staple +from memory, used as an alternative certificate for Server Name Indication +(server only). +.Pp +.Fn tls_config_clear_keys +clears any secret keys from memory. +.Pp +.Fn tls_config_set_verify_depth +limits the number of intermediate certificates that will be followed during +certificate validation. +.Pp +.Fn tls_config_verify_client +enables client certificate verification, requiring the client to send +a certificate (server only). +.Pp +.Fn tls_config_verify_client_optional +enables client certificate verification, without requiring the client +to send a certificate (server only). +.Sh RETURN VALUES +.Fn tls_load_file +returns +.Dv NULL +on error or an out of memory condition. +.Pp +The other functions return 0 on success or -1 on error. +.Sh SEE ALSO +.Xr tls_config_ocsp_require_stapling 3 , +.Xr tls_config_set_protocols 3 , +.Xr tls_config_set_session_id 3 , +.Xr tls_configure 3 , +.Xr tls_init 3 +.Sh HISTORY +.Fn tls_config_set_ca_file , +.Fn tls_config_set_ca_path , +.Fn tls_config_set_cert_file , +.Fn tls_config_set_cert_mem , +.Fn tls_config_set_key_file , +.Fn tls_config_set_key_mem , +and +.Fn tls_config_set_verify_depth +appeared in +.Ox 5.6 +and got their final names in +.Ox 5.7 . +.Pp +.Fn tls_load_file , +.Fn tls_config_set_ca_mem , +and +.Fn tls_config_clear_keys +appeared in +.Ox 5.7 . +.Pp +.Fn tls_config_verify_client +and +.Fn tls_config_verify_client_optional +appeared in +.Ox 5.9 . +.Pp +.Fn tls_config_set_keypair_file +and +.Fn tls_config_set_keypair_mem +appeared in +.Ox 6.0 , +and +.Fn tls_config_add_keypair_file +and +.Fn tls_config_add_keypair_mem +in +.Ox 6.1 . +.Pp +.Fn tls_config_set_crl_file +and +.Fn tls_config_set_crl_mem +appeared in +.Ox 6.2 . +.Sh AUTHORS +.An Joel Sing Aq Mt jsing@openbsd.org +with contibutions from +.An Ted Unangst Aq Mt tedu@openbsd.org +and +.An Bob Beck Aq Mt beck@openbsd.org . +.Pp +.Fn tls_load_file +and +.Fn tls_config_set_ca_mem +were written by +.An Reyk Floeter Aq Mt reyk@openbsd.org . diff --git a/man/tls_ocsp_process_response.3 b/man/tls_ocsp_process_response.3 new file mode 100644 index 0000000..6e3aa4a --- /dev/null +++ b/man/tls_ocsp_process_response.3 @@ -0,0 +1,167 @@ +.\" $OpenBSD: tls_ocsp_process_response.3,v 1.6 2018/07/24 02:01:34 tb Exp $ +.\" +.\" Copyright (c) 2016 Bob Beck <beck@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 24 2018 $ +.Dt TLS_OCSP_PROCESS_RESPONSE 3 +.Os +.Sh NAME +.Nm tls_ocsp_process_response , +.Nm tls_peer_ocsp_url , +.Nm tls_peer_ocsp_response_status , +.Nm tls_peer_ocsp_cert_status , +.Nm tls_peer_ocsp_crl_reason , +.Nm tls_peer_ocsp_result , +.Nm tls_peer_ocsp_revocation_time , +.Nm tls_peer_ocsp_this_update , +.Nm tls_peer_ocsp_next_update +.Nd inspect an OCSP response +.Sh SYNOPSIS +.In tls.h +.Ft int +.Fo tls_ocsp_process_response +.Fa "struct tls *ctx" +.Fa "const unsigned char *response" +.Fa "size_t size" +.Fc +.Ft const char * +.Fn tls_peer_ocsp_url "struct tls *ctx" +.Ft int +.Fn tls_peer_ocsp_response_status "struct tls *ctx" +.Ft int +.Fn tls_peer_ocsp_cert_status "struct tls *ctx" +.Ft int +.Fn tls_peer_ocsp_crl_reason "struct tls *ctx" +.Ft const char * +.Fn tls_peer_ocsp_result "struct tls *ctx" +.Ft time_t +.Fn tls_peer_ocsp_revocation_time "struct tls *ctx" +.Ft time_t +.Fn tls_peer_ocsp_this_update "struct tls *ctx" +.Ft time_t +.Fn tls_peer_ocsp_next_update "struct tls *ctx" +.Sh DESCRIPTION +.Fn tls_ocsp_process_response +processes a raw OCSP response in +.Ar response +of size +.Ar size +to check the revocation status of the peer certificate from +.Ar ctx . +A successful return code of 0 indicates that the certificate +has not been revoked. +.Pp +.Fn tls_peer_ocsp_url +returns the URL for OCSP validation of the peer certificate from +.Ar ctx . +.Pp +The following functions return information about the peer certificate from +.Ar ctx +that was obtained by validating a stapled OCSP response during the handshake, +or via a previous call to +.Fn tls_ocsp_process_response . +.Pp +.Fn tls_peer_ocsp_response_status +returns the OCSP response status as per RFC 6960 section 2.3. +.Pp +.Fn tls_peer_ocsp_cert_status +returns the OCSP certificate status code as per RFC 6960 section 2.2. +.Pp +.Fn tls_peer_ocsp_crl_reason +returns the OCSP certificate revocation reason status code as per RFC 5280 +section 5.3.1. +.Pp +.Fn tls_peer_ocsp_result +returns a textual representation of the OCSP status code +returned by one of the previous three functions. +If the OCSP response was valid and the certificate was not +revoked, the string indicates the OCSP certificate status. +Otherwise, the string indicates +the OCSP certificate revocation reason or the OCSP error. +.Pp +.Fn tls_peer_ocsp_revocation_time +returns the OCSP revocation time. +.Pp +.Fn tls_peer_ocsp_this_update +returns the OCSP this update time. +.Pp +.Fn tls_peer_ocsp_next_update +returns the OCSP next update time. +.Sh RETURN VALUES +.Fn tls_ocsp_process_response +returns 0 on success or -1 on error. +.Pp +.Fn tls_peer_ocsp_url +and +.Fn tls_peer_ocsp_result +return +.Dv NULL +on error or an out of memory condition. +.Pp +The +.Fn tls_peer_ocsp_response_status +function returns one of +.Dv TLS_OCSP_RESPONSE_SUCCESSFUL , +.Dv TLS_OCSP_RESPONSE_MALFORMED , +.Dv TLS_OCSP_RESPONSE_INTERNALERROR , +.Dv TLS_OCSP_RESPONSE_TRYLATER , +.Dv TLS_OCSP_RESPONSE_SIGREQUIRED , +or +.Dv TLS_OCSP_RESPONSE_UNAUTHORIZED +on success or -1 on error. +.Pp +The +.Fn tls_peer_ocsp_cert_status +function returns one of +.Dv TLS_OCSP_CERT_GOOD , +.Dv TLS_OCSP_CERT_REVOKED , +or +.Dv TLS_OCSP_CERT_UNKNOWN +on success, and -1 on error. +.Pp +The +.Fn tls_peer_ocsp_crl_reason +function returns one of +.Dv TLS_CRL_REASON_UNSPECIFIED , +.Dv TLS_CRL_REASON_KEY_COMPROMISE , +.Dv TLS_CRL_REASON_CA_COMPROMISE , +.Dv TLS_CRL_REASON_AFFILIATION_CHANGED , +.Dv TLS_CRL_REASON_SUPERSEDED , +.Dv TLS_CRL_REASON_CESSATION_OF_OPERATION , +.Dv TLS_CRL_REASON_CERTIFICATE_HOLD , +.Dv TLS_CRL_REASON_REMOVE_FROM_CRL , +.Dv TLS_CRL_REASON_PRIVILEGE_WITHDRAWN , +or +.Dv TLS_CRL_REASON_AA_COMPROMISE +on success or -1 on error. +.Pp +.Fn tls_peer_ocsp_revocation_time , +.Fn tls_peer_ocsp_this_update , +and +.Fn tls_peer_ocsp_next_update +return a time in epoch-seconds on success or -1 on error. +.Sh SEE ALSO +.Xr tls_client 3 , +.Xr tls_config_ocsp_require_stapling 3 , +.Xr tls_conn_version 3 , +.Xr tls_connect 3 , +.Xr tls_handshake 3 , +.Xr tls_init 3 +.Sh HISTORY +These functions appeared in +.Ox 6.1 . +.Sh AUTHORS +.An Bob Beck Aq Mt beck@openbsd.org +.An Marko Kreen Aq Mt markokr@gmail.com diff --git a/man/tls_read.3 b/man/tls_read.3 new file mode 100644 index 0000000..d928975 --- /dev/null +++ b/man/tls_read.3 @@ -0,0 +1,245 @@ +.\" $OpenBSD: tls_read.3,v 1.7 2019/07/09 17:58:33 jsing Exp $ +.\" +.\" Copyright (c) 2014, 2015 Ted Unangst <tedu@openbsd.org> +.\" Copyright (c) 2015 Doug Hogan <doug@openbsd.org> +.\" Copyright (c) 2015 Joel Sing <jsing@openbsd.org> +.\" Copyright (c) 2015 Bob Beck <beck@openbsd.org> +.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 9 2019 $ +.Dt TLS_READ 3 +.Os +.Sh NAME +.Nm tls_read , +.Nm tls_write , +.Nm tls_handshake , +.Nm tls_error , +.Nm tls_close , +.Nm tls_reset +.Nd use a TLS connection +.Sh SYNOPSIS +.In tls.h +.Ft ssize_t +.Fo tls_read +.Fa "struct tls *ctx" +.Fa "void *buf" +.Fa "size_t buflen" +.Fc +.Ft ssize_t +.Fo tls_write +.Fa "struct tls *ctx" +.Fa "const void *buf" +.Fa "size_t buflen" +.Fc +.Ft int +.Fn tls_handshake "struct tls *ctx" +.Ft const char * +.Fn tls_error "struct tls *ctx" +.Ft int +.Fn tls_close "struct tls *ctx" +.Ft void +.Fn tls_reset "struct tls *ctx" +.Sh DESCRIPTION +.Fn tls_read +reads +.Fa buflen +bytes of data from the socket into +.Fa buf . +It returns the amount of data read. +.Pp +.Fn tls_write +writes +.Fa buflen +bytes of data from +.Fa buf +to the socket. +It returns the amount of data written. +.Pp +.Fn tls_handshake +explicitly performs the TLS handshake. +It is only necessary to call this function if you need to guarantee that the +handshake has completed, as both +.Fn tls_read +and +.Fn tls_write +automatically perform the TLS handshake when necessary. +.Pp +The +.Fn tls_error +function may be used to retrieve a string containing more information +about the most recent error relating to a context. +.Pp +.Fn tls_close +closes a connection after use. +Only the TLS layer will be shut down and the caller is responsible for closing +the file descriptors, unless the connection was established using +.Xr tls_connect 3 +or +.Xr tls_connect_servername 3 . +After closing the connection, +.Fa ctx +can be passed to +.Xr tls_free 3 . +.\" XXX Fn tls_reset does what? +.Sh RETURN VALUES +.Fn tls_read +and +.Fn tls_write +return a size on success or -1 on error. +.Pp +.Fn tls_handshake +and +.Fn tls_close +return 0 on success or -1 on error. +.Pp +The +.Fn tls_read , +.Fn tls_write , +.Fn tls_handshake , +and +.Fn tls_close +functions also have two special return values: +.Pp +.Bl -tag -width "TLS_WANT_POLLOUT" -offset indent -compact +.It Dv TLS_WANT_POLLIN +The underlying read file descriptor needs to be readable in order to continue. +.It Dv TLS_WANT_POLLOUT +The underlying write file descriptor needs to be writeable in order to continue. +.El +.Pp +In the case of blocking file descriptors, the same function call should be +repeated immediately. +In the case of non-blocking file descriptors, the same function call should be +repeated when the required condition has been met. +.Pp +Callers of these functions cannot rely on the value of the global +.Ar errno . +To prevent mishandling of error conditions, +.Fn tls_read , +.Fn tls_write , +.Fn tls_handshake , +and +.Fn tls_close +all explicitly clear +.Ar errno . +.Pp +.Fn tls_error +returns +.Dv NULL +if no error occurred with +.Fa ctx +during or since the last call to +.Fn tls_handshake , +.Fn tls_read , +.Fn tls_write , +.Fn tls_close , +or +.Fn tls_reset +involving +.Fa ctx , +or if memory allocation failed while trying to assemble the string +describing the most recent error related to +.Fa ctx . +.Sh EXAMPLES +The following example demonstrates how to handle TLS writes on a blocking +file descriptor: +.Bd -literal -offset indent +\&... +while (len > 0) { + ssize_t ret; + + ret = tls_write(ctx, buf, len); + if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) + continue; + if (ret == -1) + errx(1, "tls_write: %s", tls_error(ctx)); + buf += ret; + len -= ret; +} +\&... +.Ed +.Pp +The following example demonstrates how to handle TLS writes on a +non-blocking file descriptor using +.Xr poll 2 : +.Bd -literal -offset indent +\&... +pfd[0].fd = fd; +pfd[0].events = POLLIN|POLLOUT; +while (len > 0) { + nready = poll(pfd, 1, 0); + if (nready == -1) + err(1, "poll"); + if ((pfd[0].revents & (POLLERR|POLLNVAL))) + errx(1, "bad fd %d", pfd[0].fd); + if ((pfd[0].revents & (pfd[0].events|POLLHUP))) { + ssize_t ret; + + ret = tls_write(ctx, buf, len); + if (ret == TLS_WANT_POLLIN) + pfd[0].events = POLLIN; + else if (ret == TLS_WANT_POLLOUT) + pfd[0].events = POLLOUT; + else if (ret == -1) + errx(1, "tls_write: %s", tls_error(ctx)); + else { + buf += ret; + len -= ret; + } + } +} +\&... +.Ed +.Sh SEE ALSO +.Xr tls_accept_socket 3 , +.Xr tls_configure 3 , +.Xr tls_conn_version 3 , +.Xr tls_connect 3 , +.Xr tls_init 3 , +.Xr tls_ocsp_process_response 3 +.Sh HISTORY +.Fn tls_read , +.Fn tls_write , +.Fn tls_error , +.Fn tls_close , +and +.Fn tls_reset +appeared in +.Ox 5.6 +and got their final names in +.Ox 5.7 . +.Pp +.Fn tls_handshake +appeared in +.Ox 5.9 . +.Sh AUTHORS +.An Joel Sing Aq Mt jsing@openbsd.org +with contributions from +.An Bob Beck Aq Mt beck@openbsd.org +.Sh CAVEATS +The function +.Fn tls_error +returns an internal pointer. +It must not be freed by the application, or a double free error +will occur. +The pointer will become invalid when the next error occurs with +.Fa ctx . +Consequently, if the application may need the message at a later +time, it has to copy the string before calling the next +.Sy libtls +function involving +.Fa ctx , +or a segmentation fault or read access to unintended data is the +likely result. diff --git a/tls.c b/tls.c new file mode 100644 index 0000000..3d6723b --- /dev/null +++ b/tls.c @@ -0,0 +1,828 @@ +/* $OpenBSD: tls.c,v 1.85 2020/05/24 15:12:54 jsing Exp $ */ +/* + * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <sys/socket.h> + +#include <errno.h> +#include <limits.h> +#include <pthread.h> +#include <stdlib.h> +#include <unistd.h> + +#include <openssl/bio.h> +#include <openssl/err.h> +#include <openssl/evp.h> +#include <openssl/pem.h> +#include <openssl/safestack.h> +#include <openssl/ssl.h> +#include <openssl/x509.h> + +#include <tls.h> +#include "tls_internal.h" + +static struct tls_config *tls_config_default; + +static int tls_init_rv = -1; + +static void +tls_do_init(void) +{ + OPENSSL_init_ssl(OPENSSL_INIT_NO_LOAD_CONFIG, NULL); + + if (BIO_sock_init() != 1) + return; + + if ((tls_config_default = tls_config_new_internal()) == NULL) + return; + + tls_config_default->refcount++; + + tls_init_rv = 0; +} + +int +tls_init(void) +{ + static pthread_once_t once = PTHREAD_ONCE_INIT; + + if (pthread_once(&once, tls_do_init) != 0) + return -1; + + return tls_init_rv; +} + +const char * +tls_error(struct tls *ctx) +{ + return ctx->error.msg; +} + +void +tls_error_clear(struct tls_error *error) +{ + free(error->msg); + error->msg = NULL; + error->num = 0; + error->tls = 0; +} + +static int +tls_error_vset(struct tls_error *error, int errnum, const char *fmt, va_list ap) +{ + char *errmsg = NULL; + int rv = -1; + + tls_error_clear(error); + + error->num = errnum; + error->tls = 1; + + if (vasprintf(&errmsg, fmt, ap) == -1) { + errmsg = NULL; + goto err; + } + + if (errnum == -1) { + error->msg = errmsg; + return (0); + } + + if (asprintf(&error->msg, "%s: %s", errmsg, strerror(errnum)) == -1) { + error->msg = NULL; + goto err; + } + rv = 0; + + err: + free(errmsg); + + return (rv); +} + +int +tls_error_set(struct tls_error *error, const char *fmt, ...) +{ + va_list ap; + int errnum, rv; + + errnum = errno; + + va_start(ap, fmt); + rv = tls_error_vset(error, errnum, fmt, ap); + va_end(ap); + + return (rv); +} + +int +tls_error_setx(struct tls_error *error, const char *fmt, ...) +{ + va_list ap; + int rv; + + va_start(ap, fmt); + rv = tls_error_vset(error, -1, fmt, ap); + va_end(ap); + + return (rv); +} + +int +tls_config_set_error(struct tls_config *config, const char *fmt, ...) +{ + va_list ap; + int errnum, rv; + + errnum = errno; + + va_start(ap, fmt); + rv = tls_error_vset(&config->error, errnum, fmt, ap); + va_end(ap); + + return (rv); +} + +int +tls_config_set_errorx(struct tls_config *config, const char *fmt, ...) +{ + va_list ap; + int rv; + + va_start(ap, fmt); + rv = tls_error_vset(&config->error, -1, fmt, ap); + va_end(ap); + + return (rv); +} + +int +tls_set_error(struct tls *ctx, const char *fmt, ...) +{ + va_list ap; + int errnum, rv; + + errnum = errno; + + va_start(ap, fmt); + rv = tls_error_vset(&ctx->error, errnum, fmt, ap); + va_end(ap); + + return (rv); +} + +int +tls_set_errorx(struct tls *ctx, const char *fmt, ...) +{ + va_list ap; + int rv; + + va_start(ap, fmt); + rv = tls_error_vset(&ctx->error, -1, fmt, ap); + va_end(ap); + + return (rv); +} + +int +tls_set_ssl_errorx(struct tls *ctx, const char *fmt, ...) +{ + va_list ap; + int rv; + + /* Only set an error if a more specific one does not already exist. */ + if (ctx->error.tls != 0) + return (0); + + va_start(ap, fmt); + rv = tls_error_vset(&ctx->error, -1, fmt, ap); + va_end(ap); + + return (rv); +} + +struct tls_sni_ctx * +tls_sni_ctx_new(void) +{ + return (calloc(1, sizeof(struct tls_sni_ctx))); +} + +void +tls_sni_ctx_free(struct tls_sni_ctx *sni_ctx) +{ + if (sni_ctx == NULL) + return; + + SSL_CTX_free(sni_ctx->ssl_ctx); + X509_free(sni_ctx->ssl_cert); + + free(sni_ctx); +} + +struct tls * +tls_new(void) +{ + struct tls *ctx; + + if ((ctx = calloc(1, sizeof(*ctx))) == NULL) + return (NULL); + + tls_reset(ctx); + + if (tls_configure(ctx, tls_config_default) == -1) { + free(ctx); + return NULL; + } + + return (ctx); +} + +int +tls_configure(struct tls *ctx, struct tls_config *config) +{ + if (config == NULL) + config = tls_config_default; + + pthread_mutex_lock(&config->mutex); + config->refcount++; + pthread_mutex_unlock(&config->mutex); + + tls_config_free(ctx->config); + + ctx->config = config; + ctx->keypair = config->keypair; + + if ((ctx->flags & TLS_SERVER) != 0) + return (tls_configure_server(ctx)); + + return (0); +} + +int +tls_cert_hash(X509 *cert, char **hash) +{ + char d[EVP_MAX_MD_SIZE], *dhex = NULL; + int dlen, rv = -1; + + free(*hash); + *hash = NULL; + + if (X509_digest(cert, EVP_sha256(), d, &dlen) != 1) + goto err; + + if (tls_hex_string(d, dlen, &dhex, NULL) != 0) + goto err; + + if (asprintf(hash, "SHA256:%s", dhex) == -1) { + *hash = NULL; + goto err; + } + + rv = 0; + err: + free(dhex); + + return (rv); +} + +int +tls_cert_pubkey_hash(X509 *cert, char **hash) +{ + char d[EVP_MAX_MD_SIZE], *dhex = NULL; + int dlen, rv = -1; + + free(*hash); + *hash = NULL; + + if (X509_pubkey_digest(cert, EVP_sha256(), d, &dlen) != 1) + goto err; + + if (tls_hex_string(d, dlen, &dhex, NULL) != 0) + goto err; + + if (asprintf(hash, "SHA256:%s", dhex) == -1) { + *hash = NULL; + goto err; + } + + rv = 0; + + err: + free(dhex); + + return (rv); +} + +int +tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx, + struct tls_keypair *keypair, int required) +{ + EVP_PKEY *pkey = NULL; + BIO *bio = NULL; + + if (!required && + keypair->cert_mem == NULL && + keypair->key_mem == NULL) + return(0); + + if (keypair->cert_mem != NULL) { + if (keypair->cert_len > INT_MAX) { + tls_set_errorx(ctx, "certificate too long"); + goto err; + } + + if (SSL_CTX_use_certificate_chain_mem(ssl_ctx, + keypair->cert_mem, keypair->cert_len) != 1) { + tls_set_errorx(ctx, "failed to load certificate"); + goto err; + } + } + + if (keypair->key_mem != NULL) { + if (keypair->key_len > INT_MAX) { + tls_set_errorx(ctx, "key too long"); + goto err; + } + + if ((bio = BIO_new_mem_buf(keypair->key_mem, + keypair->key_len)) == NULL) { + tls_set_errorx(ctx, "failed to create buffer"); + goto err; + } + if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, tls_password_cb, + NULL)) == NULL) { + tls_set_errorx(ctx, "failed to read private key"); + goto err; + } + + if (keypair->pubkey_hash != NULL) { + RSA *rsa; + /* XXX only RSA for now for relayd privsep */ + if ((rsa = EVP_PKEY_get1_RSA(pkey)) != NULL) { + RSA_set_ex_data(rsa, 0, keypair->pubkey_hash); + RSA_free(rsa); + } + } + + if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1) { + tls_set_errorx(ctx, "failed to load private key"); + goto err; + } + BIO_free(bio); + bio = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + } + + if (!ctx->config->skip_private_key_check && + SSL_CTX_check_private_key(ssl_ctx) != 1) { + tls_set_errorx(ctx, "private/public key mismatch"); + goto err; + } + + return (0); + + err: + EVP_PKEY_free(pkey); + BIO_free(bio); + + return (1); +} + +int +tls_configure_ssl(struct tls *ctx, SSL_CTX *ssl_ctx) +{ + SSL_CTX_clear_mode(ssl_ctx, SSL_MODE_AUTO_RETRY); + + SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); + SSL_CTX_set_mode(ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); + + SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2); + SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv3); + + SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1); + SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_1); + SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_2); + SSL_CTX_clear_options(ssl_ctx, SSL_OP_NO_TLSv1_3); + + if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_0) == 0) + SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1); + if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_1) == 0) + SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_1); + if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_2) == 0) + SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_2); + if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_3) == 0) + SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TLSv1_3); + + if (ctx->config->alpn != NULL) { + if (SSL_CTX_set_alpn_protos(ssl_ctx, ctx->config->alpn, + ctx->config->alpn_len) != 0) { + tls_set_errorx(ctx, "failed to set alpn"); + goto err; + } + } + + if (ctx->config->ciphers != NULL) { + if (SSL_CTX_set_cipher_list(ssl_ctx, + ctx->config->ciphers) != 1) { + tls_set_errorx(ctx, "failed to set ciphers"); + goto err; + } + } + + if (ctx->config->verify_time == 0) { + X509_VERIFY_PARAM_set_flags(ssl_ctx->param, + X509_V_FLAG_NO_CHECK_TIME); + } + + /* Disable any form of session caching by default */ + SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_OFF); + SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET); + + return (0); + + err: + return (-1); +} + +static int +tls_ssl_cert_verify_cb(X509_STORE_CTX *x509_ctx, void *arg) +{ + struct tls *ctx = arg; + int x509_err; + + if (ctx->config->verify_cert == 0) + return (1); + + if ((X509_verify_cert(x509_ctx)) < 0) { + tls_set_errorx(ctx, "X509 verify cert failed"); + return (0); + } + + x509_err = X509_STORE_CTX_get_error(x509_ctx); + if (x509_err == X509_V_OK) + return (1); + + tls_set_errorx(ctx, "certificate verification failed: %s", + X509_verify_cert_error_string(x509_err)); + + return (0); +} + +int +tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify) +{ + size_t ca_len = ctx->config->ca_len; + char *ca_mem = ctx->config->ca_mem; + char *crl_mem = ctx->config->crl_mem; + size_t crl_len = ctx->config->crl_len; + char *ca_free = NULL; + STACK_OF(X509_INFO) *xis = NULL; + X509_STORE *store; + X509_INFO *xi; + BIO *bio = NULL; + int rv = -1; + int i; + + SSL_CTX_set_verify(ssl_ctx, verify, NULL); + SSL_CTX_set_cert_verify_callback(ssl_ctx, tls_ssl_cert_verify_cb, ctx); + + if (ctx->config->verify_depth >= 0) + SSL_CTX_set_verify_depth(ssl_ctx, ctx->config->verify_depth); + + if (ctx->config->verify_cert == 0) + goto done; + + /* If no CA has been specified, attempt to load the default. */ + if (ctx->config->ca_mem == NULL && ctx->config->ca_path == NULL) { + if (tls_config_load_file(&ctx->error, "CA", tls_default_ca_cert_file(), + &ca_mem, &ca_len) != 0) + goto err; + ca_free = ca_mem; + } + + if (ca_mem != NULL) { + if (ca_len > INT_MAX) { + tls_set_errorx(ctx, "ca too long"); + goto err; + } + if (SSL_CTX_load_verify_mem(ssl_ctx, ca_mem, ca_len) != 1) { + tls_set_errorx(ctx, "ssl verify memory setup failure"); + goto err; + } + } else if (SSL_CTX_load_verify_locations(ssl_ctx, NULL, + ctx->config->ca_path) != 1) { + tls_set_errorx(ctx, "ssl verify locations failure"); + goto err; + } + + if (crl_mem != NULL) { + if (crl_len > INT_MAX) { + tls_set_errorx(ctx, "crl too long"); + goto err; + } + if ((bio = BIO_new_mem_buf(crl_mem, crl_len)) == NULL) { + tls_set_errorx(ctx, "failed to create buffer"); + goto err; + } + if ((xis = PEM_X509_INFO_read_bio(bio, NULL, tls_password_cb, + NULL)) == NULL) { + tls_set_errorx(ctx, "failed to parse crl"); + goto err; + } + store = SSL_CTX_get_cert_store(ssl_ctx); + for (i = 0; i < sk_X509_INFO_num(xis); i++) { + xi = sk_X509_INFO_value(xis, i); + if (xi->crl == NULL) + continue; + if (!X509_STORE_add_crl(store, xi->crl)) { + tls_set_error(ctx, "failed to add crl"); + goto err; + } + xi->crl = NULL; + } + X509_VERIFY_PARAM_set_flags(store->param, + X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); + } + + done: + rv = 0; + + err: + sk_X509_INFO_pop_free(xis, X509_INFO_free); + BIO_free(bio); + free(ca_free); + + return (rv); +} + +void +tls_free(struct tls *ctx) +{ + if (ctx == NULL) + return; + + tls_reset(ctx); + + free(ctx); +} + +void +tls_reset(struct tls *ctx) +{ + struct tls_sni_ctx *sni, *nsni; + + tls_config_free(ctx->config); + ctx->config = NULL; + + SSL_CTX_free(ctx->ssl_ctx); + SSL_free(ctx->ssl_conn); + X509_free(ctx->ssl_peer_cert); + + ctx->ssl_conn = NULL; + ctx->ssl_ctx = NULL; + ctx->ssl_peer_cert = NULL; + /* X509 objects in chain are freed with the SSL */ + ctx->ssl_peer_chain = NULL; + + ctx->socket = -1; + ctx->state = 0; + + free(ctx->servername); + ctx->servername = NULL; + + free(ctx->error.msg); + ctx->error.msg = NULL; + ctx->error.num = -1; + + tls_conninfo_free(ctx->conninfo); + ctx->conninfo = NULL; + + tls_ocsp_free(ctx->ocsp); + ctx->ocsp = NULL; + + for (sni = ctx->sni_ctx; sni != NULL; sni = nsni) { + nsni = sni->next; + tls_sni_ctx_free(sni); + } + ctx->sni_ctx = NULL; + + ctx->read_cb = NULL; + ctx->write_cb = NULL; + ctx->cb_arg = NULL; +} + +int +tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix) +{ + const char *errstr = "unknown error"; + unsigned long err; + int ssl_err; + + ssl_err = SSL_get_error(ssl_conn, ssl_ret); + switch (ssl_err) { + case SSL_ERROR_NONE: + case SSL_ERROR_ZERO_RETURN: + return (0); + + case SSL_ERROR_WANT_READ: + return (TLS_WANT_POLLIN); + + case SSL_ERROR_WANT_WRITE: + return (TLS_WANT_POLLOUT); + + case SSL_ERROR_SYSCALL: + if ((err = ERR_peek_error()) != 0) { + errstr = ERR_error_string(err, NULL); + } else if (ssl_ret == 0) { + if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) { + ctx->state |= TLS_EOF_NO_CLOSE_NOTIFY; + return (0); + } + errstr = "unexpected EOF"; + } else if (ssl_ret == -1) { + errstr = strerror(errno); + } + tls_set_ssl_errorx(ctx, "%s failed: %s", prefix, errstr); + return (-1); + + case SSL_ERROR_SSL: + if ((err = ERR_peek_error()) != 0) { + errstr = ERR_error_string(err, NULL); + } + tls_set_ssl_errorx(ctx, "%s failed: %s", prefix, errstr); + return (-1); + + case SSL_ERROR_WANT_CONNECT: + case SSL_ERROR_WANT_ACCEPT: + case SSL_ERROR_WANT_X509_LOOKUP: + default: + tls_set_ssl_errorx(ctx, "%s failed (%i)", prefix, ssl_err); + return (-1); + } +} + +int +tls_handshake(struct tls *ctx) +{ + int rv = -1; + + tls_error_clear(&ctx->error); + + if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) { + tls_set_errorx(ctx, "invalid operation for context"); + goto out; + } + + if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) { + tls_set_errorx(ctx, "handshake already completed"); + goto out; + } + + if ((ctx->flags & TLS_CLIENT) != 0) + rv = tls_handshake_client(ctx); + else if ((ctx->flags & TLS_SERVER_CONN) != 0) + rv = tls_handshake_server(ctx); + + if (rv == 0) { + ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn); + ctx->ssl_peer_chain = SSL_get_peer_cert_chain(ctx->ssl_conn); + if (tls_conninfo_populate(ctx) == -1) + rv = -1; + if (ctx->ocsp == NULL) + ctx->ocsp = tls_ocsp_setup_from_peer(ctx); + } + out: + /* Prevent callers from performing incorrect error handling */ + errno = 0; + return (rv); +} + +ssize_t +tls_read(struct tls *ctx, void *buf, size_t buflen) +{ + ssize_t rv = -1; + int ssl_ret; + + tls_error_clear(&ctx->error); + + if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) { + if ((rv = tls_handshake(ctx)) != 0) + goto out; + } + + if (buflen > INT_MAX) { + tls_set_errorx(ctx, "buflen too long"); + goto out; + } + + ERR_clear_error(); + if ((ssl_ret = SSL_read(ctx->ssl_conn, buf, buflen)) > 0) { + rv = (ssize_t)ssl_ret; + goto out; + } + rv = (ssize_t)tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "read"); + + out: + /* Prevent callers from performing incorrect error handling */ + errno = 0; + return (rv); +} + +ssize_t +tls_write(struct tls *ctx, const void *buf, size_t buflen) +{ + ssize_t rv = -1; + int ssl_ret; + + tls_error_clear(&ctx->error); + + if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) { + if ((rv = tls_handshake(ctx)) != 0) + goto out; + } + + if (buflen > INT_MAX) { + tls_set_errorx(ctx, "buflen too long"); + goto out; + } + + ERR_clear_error(); + if ((ssl_ret = SSL_write(ctx->ssl_conn, buf, buflen)) > 0) { + rv = (ssize_t)ssl_ret; + goto out; + } + rv = (ssize_t)tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "write"); + + out: + /* Prevent callers from performing incorrect error handling */ + errno = 0; + return (rv); +} + +int +tls_close(struct tls *ctx) +{ + int ssl_ret; + int rv = 0; + + tls_error_clear(&ctx->error); + + if ((ctx->flags & (TLS_CLIENT | TLS_SERVER_CONN)) == 0) { + tls_set_errorx(ctx, "invalid operation for context"); + rv = -1; + goto out; + } + + if (ctx->state & TLS_SSL_NEEDS_SHUTDOWN) { + ERR_clear_error(); + ssl_ret = SSL_shutdown(ctx->ssl_conn); + if (ssl_ret < 0) { + rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, + "shutdown"); + if (rv == TLS_WANT_POLLIN || rv == TLS_WANT_POLLOUT) + goto out; + } + ctx->state &= ~TLS_SSL_NEEDS_SHUTDOWN; + } + + if (ctx->socket != -1) { + if (shutdown(ctx->socket, SHUT_RDWR) != 0) { + if (rv == 0 && + errno != ENOTCONN && errno != ECONNRESET) { + tls_set_error(ctx, "shutdown"); + rv = -1; + } + } + if (close(ctx->socket) != 0) { + if (rv == 0) { + tls_set_error(ctx, "close"); + rv = -1; + } + } + ctx->socket = -1; + } + + if ((ctx->state & TLS_EOF_NO_CLOSE_NOTIFY) != 0) { + tls_set_errorx(ctx, "EOF without close notify"); + rv = -1; + } + + out: + /* Prevent callers from performing incorrect error handling */ + errno = 0; + return (rv); +} diff --git a/tls.sym b/tls.sym new file mode 100644 index 0000000..e3fcb67 --- /dev/null +++ b/tls.sym @@ -0,0 +1,90 @@ +tls_accept_cbs +tls_accept_fds +tls_accept_socket +tls_client +tls_close +tls_config_add_keypair_file +tls_config_add_keypair_mem +tls_config_add_keypair_ocsp_file +tls_config_add_keypair_ocsp_mem +tls_config_add_ticket_key +tls_config_clear_keys +tls_config_error +tls_config_free +tls_config_insecure_noverifycert +tls_config_insecure_noverifyname +tls_config_insecure_noverifytime +tls_config_new +tls_config_ocsp_require_stapling +tls_config_parse_protocols +tls_config_prefer_ciphers_client +tls_config_prefer_ciphers_server +tls_config_set_alpn +tls_config_set_ca_file +tls_config_set_ca_mem +tls_config_set_ca_path +tls_config_set_cert_file +tls_config_set_cert_mem +tls_config_set_ciphers +tls_config_set_crl_file +tls_config_set_crl_mem +tls_config_set_dheparams +tls_config_set_ecdhecurve +tls_config_set_ecdhecurves +tls_config_set_key_file +tls_config_set_key_mem +tls_config_set_keypair_file +tls_config_set_keypair_mem +tls_config_set_keypair_ocsp_file +tls_config_set_keypair_ocsp_mem +tls_config_set_ocsp_staple_mem +tls_config_set_ocsp_staple_file +tls_config_set_protocols +tls_config_set_session_id +tls_config_set_session_lifetime +tls_config_set_session_fd +tls_config_set_verify_depth +tls_config_skip_private_key_check +tls_config_verify +tls_config_verify_client +tls_config_verify_client_optional +tls_configure +tls_conn_alpn_selected +tls_conn_cipher +tls_conn_cipher_strength +tls_conn_servername +tls_conn_session_resumed +tls_conn_version +tls_connect +tls_connect_cbs +tls_connect_fds +tls_connect_servername +tls_connect_socket +tls_default_ca_cert_file +tls_error +tls_free +tls_handshake +tls_init +tls_load_file +tls_ocsp_process_response +tls_peer_cert_chain_pem +tls_peer_cert_contains_name +tls_peer_cert_hash +tls_peer_cert_issuer +tls_peer_cert_notafter +tls_peer_cert_notbefore +tls_peer_cert_provided +tls_peer_cert_subject +tls_peer_ocsp_cert_status +tls_peer_ocsp_crl_reason +tls_peer_ocsp_next_update +tls_peer_ocsp_response_status +tls_peer_ocsp_result +tls_peer_ocsp_revocation_time +tls_peer_ocsp_this_update +tls_peer_ocsp_url +tls_read +tls_reset +tls_server +tls_unload_file +tls_write diff --git a/tls_bio_cb.c b/tls_bio_cb.c new file mode 100644 index 0000000..0091808 --- /dev/null +++ b/tls_bio_cb.c @@ -0,0 +1,143 @@ +/* $OpenBSD: tls_bio_cb.c,v 1.19 2017/01/12 16:18:39 jsing Exp $ */ +/* + * Copyright (c) 2016 Tobias Pape <tobias@netshed.de> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <fcntl.h> +#include <stdlib.h> +#include <unistd.h> + +#include <openssl/bio.h> + +#include <tls.h> +#include "tls_internal.h" + +static int bio_cb_write(BIO *bio, const char *buf, int num); +static int bio_cb_read(BIO *bio, char *buf, int size); +static int bio_cb_puts(BIO *bio, const char *str); +static long bio_cb_ctrl(BIO *bio, int cmd, long num, void *ptr); + +static BIO_METHOD bio_cb_method = { + .type = BIO_TYPE_MEM, + .name = "libtls_callbacks", + .bwrite = bio_cb_write, + .bread = bio_cb_read, + .bputs = bio_cb_puts, + .ctrl = bio_cb_ctrl, +}; + +static BIO_METHOD * +bio_s_cb(void) +{ + return (&bio_cb_method); +} + +static int +bio_cb_puts(BIO *bio, const char *str) +{ + return (bio_cb_write(bio, str, strlen(str))); +} + +static long +bio_cb_ctrl(BIO *bio, int cmd, long num, void *ptr) +{ + long ret = 1; + + switch (cmd) { + case BIO_CTRL_GET_CLOSE: + ret = (long)bio->shutdown; + break; + case BIO_CTRL_SET_CLOSE: + bio->shutdown = (int)num; + break; + case BIO_CTRL_DUP: + case BIO_CTRL_FLUSH: + break; + case BIO_CTRL_INFO: + case BIO_CTRL_GET: + case BIO_CTRL_SET: + default: + ret = BIO_ctrl(bio->next_bio, cmd, num, ptr); + } + + return (ret); +} + +static int +bio_cb_write(BIO *bio, const char *buf, int num) +{ + struct tls *ctx = bio->ptr; + int rv; + + BIO_clear_retry_flags(bio); + rv = (ctx->write_cb)(ctx, buf, num, ctx->cb_arg); + if (rv == TLS_WANT_POLLIN) { + BIO_set_retry_read(bio); + rv = -1; + } else if (rv == TLS_WANT_POLLOUT) { + BIO_set_retry_write(bio); + rv = -1; + } + return (rv); +} + +static int +bio_cb_read(BIO *bio, char *buf, int size) +{ + struct tls *ctx = bio->ptr; + int rv; + + BIO_clear_retry_flags(bio); + rv = (ctx->read_cb)(ctx, buf, size, ctx->cb_arg); + if (rv == TLS_WANT_POLLIN) { + BIO_set_retry_read(bio); + rv = -1; + } else if (rv == TLS_WANT_POLLOUT) { + BIO_set_retry_write(bio); + rv = -1; + } + return (rv); +} + +int +tls_set_cbs(struct tls *ctx, tls_read_cb read_cb, tls_write_cb write_cb, + void *cb_arg) +{ + int rv = -1; + BIO *bio; + + if (read_cb == NULL || write_cb == NULL) { + tls_set_errorx(ctx, "no callbacks provided"); + goto err; + } + + ctx->read_cb = read_cb; + ctx->write_cb = write_cb; + ctx->cb_arg = cb_arg; + + if ((bio = BIO_new(bio_s_cb())) == NULL) { + tls_set_errorx(ctx, "failed to create callback i/o"); + goto err; + } + bio->ptr = ctx; + bio->init = 1; + + SSL_set_bio(ctx->ssl_conn, bio, bio); + + rv = 0; + + err: + return (rv); +} diff --git a/tls_client.c b/tls_client.c new file mode 100644 index 0000000..04e4402 --- /dev/null +++ b/tls_client.c @@ -0,0 +1,474 @@ +/* $OpenBSD: tls_client.c,v 1.45 2018/03/19 16:34:47 jsing Exp $ */ +/* + * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <sys/types.h> +#include <sys/socket.h> +#include <sys/stat.h> + +#include <arpa/inet.h> +#include <netinet/in.h> + +#include <limits.h> +#include <netdb.h> +#include <stdlib.h> +#include <unistd.h> + +#include <openssl/err.h> +#include <openssl/x509.h> + +#include <tls.h> +#include "tls_internal.h" + +struct tls * +tls_client(void) +{ + struct tls *ctx; + + if (tls_init() == -1) + return (NULL); + + if ((ctx = tls_new()) == NULL) + return (NULL); + + ctx->flags |= TLS_CLIENT; + + return (ctx); +} + +int +tls_connect(struct tls *ctx, const char *host, const char *port) +{ + return tls_connect_servername(ctx, host, port, NULL); +} + +int +tls_connect_servername(struct tls *ctx, const char *host, const char *port, + const char *servername) +{ + struct addrinfo hints, *res, *res0; + const char *h = NULL, *p = NULL; + char *hs = NULL, *ps = NULL; + int rv = -1, s = -1, ret; + + if ((ctx->flags & TLS_CLIENT) == 0) { + tls_set_errorx(ctx, "not a client context"); + goto err; + } + + if (host == NULL) { + tls_set_errorx(ctx, "host not specified"); + goto err; + } + + /* + * If port is NULL try to extract a port from the specified host, + * otherwise use the default. + */ + if ((p = (char *)port) == NULL) { + ret = tls_host_port(host, &hs, &ps); + if (ret == -1) { + tls_set_errorx(ctx, "memory allocation failure"); + goto err; + } + if (ret != 0) { + tls_set_errorx(ctx, "no port provided"); + goto err; + } + } + + h = (hs != NULL) ? hs : host; + p = (ps != NULL) ? ps : port; + + /* + * First check if the host is specified as a numeric IP address, + * either IPv4 or IPv6, before trying to resolve the host. + * The AI_ADDRCONFIG resolver option will not return IPv4 or IPv6 + * records if it is not configured on an interface; not considering + * loopback addresses. Checking the numeric addresses first makes + * sure that connection attempts to numeric addresses and especially + * 127.0.0.1 or ::1 loopback addresses are always possible. + */ + memset(&hints, 0, sizeof(hints)); + hints.ai_socktype = SOCK_STREAM; + + /* try as an IPv4 literal */ + hints.ai_family = AF_INET; + hints.ai_flags = AI_NUMERICHOST; + if (getaddrinfo(h, p, &hints, &res0) != 0) { + /* try again as an IPv6 literal */ + hints.ai_family = AF_INET6; + if (getaddrinfo(h, p, &hints, &res0) != 0) { + /* last try, with name resolution and save the error */ + hints.ai_family = AF_UNSPEC; + hints.ai_flags = AI_ADDRCONFIG; + if ((s = getaddrinfo(h, p, &hints, &res0)) != 0) { + tls_set_error(ctx, "%s", gai_strerror(s)); + goto err; + } + } + } + + /* It was resolved somehow; now try connecting to what we got */ + s = -1; + for (res = res0; res; res = res->ai_next) { + s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); + if (s == -1) { + tls_set_error(ctx, "socket"); + continue; + } + if (connect(s, res->ai_addr, res->ai_addrlen) == -1) { + tls_set_error(ctx, "connect"); + close(s); + s = -1; + continue; + } + + break; /* Connected. */ + } + freeaddrinfo(res0); + + if (s == -1) + goto err; + + if (servername == NULL) + servername = h; + + if (tls_connect_socket(ctx, s, servername) != 0) { + close(s); + goto err; + } + + ctx->socket = s; + + rv = 0; + + err: + free(hs); + free(ps); + + return (rv); +} + +static int +tls_client_read_session(struct tls *ctx) +{ + int sfd = ctx->config->session_fd; + uint8_t *session = NULL; + size_t session_len = 0; + SSL_SESSION *ss = NULL; + BIO *bio = NULL; + struct stat sb; + ssize_t n; + int rv = -1; + + if (fstat(sfd, &sb) == -1) { + tls_set_error(ctx, "failed to stat session file"); + goto err; + } + if (sb.st_size < 0 || sb.st_size > INT_MAX) { + tls_set_errorx(ctx, "invalid session file size"); + goto err; + } + session_len = (size_t)sb.st_size; + + /* A zero size file means that we do not yet have a valid session. */ + if (session_len == 0) + goto done; + + if ((session = malloc(session_len)) == NULL) + goto err; + + n = pread(sfd, session, session_len, 0); + if (n < 0 || (size_t)n != session_len) { + tls_set_error(ctx, "failed to read session file"); + goto err; + } + if ((bio = BIO_new_mem_buf(session, session_len)) == NULL) + goto err; + if ((ss = PEM_read_bio_SSL_SESSION(bio, NULL, tls_password_cb, + NULL)) == NULL) { + tls_set_errorx(ctx, "failed to parse session"); + goto err; + } + + if (SSL_set_session(ctx->ssl_conn, ss) != 1) { + tls_set_errorx(ctx, "failed to set session"); + goto err; + } + + done: + rv = 0; + + err: + freezero(session, session_len); + SSL_SESSION_free(ss); + BIO_free(bio); + + return rv; +} + +static int +tls_client_write_session(struct tls *ctx) +{ + int sfd = ctx->config->session_fd; + SSL_SESSION *ss = NULL; + BIO *bio = NULL; + long data_len; + char *data; + off_t offset; + size_t len; + ssize_t n; + int rv = -1; + + if ((ss = SSL_get1_session(ctx->ssl_conn)) == NULL) { + if (ftruncate(sfd, 0) == -1) { + tls_set_error(ctx, "failed to truncate session file"); + goto err; + } + goto done; + } + + if ((bio = BIO_new(BIO_s_mem())) == NULL) + goto err; + if (PEM_write_bio_SSL_SESSION(bio, ss) == 0) + goto err; + if ((data_len = BIO_get_mem_data(bio, &data)) <= 0) + goto err; + + len = (size_t)data_len; + offset = 0; + + if (ftruncate(sfd, len) == -1) { + tls_set_error(ctx, "failed to truncate session file"); + goto err; + } + while (len > 0) { + if ((n = pwrite(sfd, data + offset, len, offset)) == -1) { + tls_set_error(ctx, "failed to write session file"); + goto err; + } + offset += n; + len -= n; + } + + done: + rv = 0; + + err: + SSL_SESSION_free(ss); + BIO_free_all(bio); + + return (rv); +} + +static int +tls_connect_common(struct tls *ctx, const char *servername) +{ + union tls_addr addrbuf; + int rv = -1; + + if ((ctx->flags & TLS_CLIENT) == 0) { + tls_set_errorx(ctx, "not a client context"); + goto err; + } + + if (servername != NULL) { + if ((ctx->servername = strdup(servername)) == NULL) { + tls_set_errorx(ctx, "out of memory"); + goto err; + } + } + + if ((ctx->ssl_ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) { + tls_set_errorx(ctx, "ssl context failure"); + goto err; + } + + if (tls_configure_ssl(ctx, ctx->ssl_ctx) != 0) + goto err; + + if (tls_configure_ssl_keypair(ctx, ctx->ssl_ctx, + ctx->config->keypair, 0) != 0) + goto err; + + if (ctx->config->verify_name) { + if (servername == NULL) { + tls_set_errorx(ctx, "server name not specified"); + goto err; + } + } + + if (tls_configure_ssl_verify(ctx, ctx->ssl_ctx, SSL_VERIFY_PEER) == -1) + goto err; + + if (ctx->config->ecdhecurves != NULL) { + if (SSL_CTX_set1_groups(ctx->ssl_ctx, ctx->config->ecdhecurves, + ctx->config->ecdhecurves_len) != 1) { + tls_set_errorx(ctx, "failed to set ecdhe curves"); + goto err; + } + } + + if (SSL_CTX_set_tlsext_status_cb(ctx->ssl_ctx, tls_ocsp_verify_cb) != 1) { + tls_set_errorx(ctx, "ssl OCSP verification setup failure"); + goto err; + } + + if ((ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) { + tls_set_errorx(ctx, "ssl connection failure"); + goto err; + } + + if (SSL_set_app_data(ctx->ssl_conn, ctx) != 1) { + tls_set_errorx(ctx, "ssl application data failure"); + goto err; + } + + if (ctx->config->session_fd != -1) { + SSL_clear_options(ctx->ssl_conn, SSL_OP_NO_TICKET); + if (tls_client_read_session(ctx) == -1) + goto err; + } + + if (SSL_set_tlsext_status_type(ctx->ssl_conn, TLSEXT_STATUSTYPE_ocsp) != 1) { + tls_set_errorx(ctx, "ssl OCSP extension setup failure"); + goto err; + } + + /* + * RFC4366 (SNI): Literal IPv4 and IPv6 addresses are not + * permitted in "HostName". + */ + if (servername != NULL && + inet_pton(AF_INET, servername, &addrbuf) != 1 && + inet_pton(AF_INET6, servername, &addrbuf) != 1) { + if (SSL_set_tlsext_host_name(ctx->ssl_conn, servername) == 0) { + tls_set_errorx(ctx, "server name indication failure"); + goto err; + } + } + + ctx->state |= TLS_CONNECTED; + rv = 0; + + err: + return (rv); +} + +int +tls_connect_socket(struct tls *ctx, int s, const char *servername) +{ + return tls_connect_fds(ctx, s, s, servername); +} + +int +tls_connect_fds(struct tls *ctx, int fd_read, int fd_write, + const char *servername) +{ + int rv = -1; + + if (fd_read < 0 || fd_write < 0) { + tls_set_errorx(ctx, "invalid file descriptors"); + goto err; + } + + if (tls_connect_common(ctx, servername) != 0) + goto err; + + if (SSL_set_rfd(ctx->ssl_conn, fd_read) != 1 || + SSL_set_wfd(ctx->ssl_conn, fd_write) != 1) { + tls_set_errorx(ctx, "ssl file descriptor failure"); + goto err; + } + + rv = 0; + err: + return (rv); +} + +int +tls_connect_cbs(struct tls *ctx, tls_read_cb read_cb, + tls_write_cb write_cb, void *cb_arg, const char *servername) +{ + int rv = -1; + + if (tls_connect_common(ctx, servername) != 0) + goto err; + + if (tls_set_cbs(ctx, read_cb, write_cb, cb_arg) != 0) + goto err; + + rv = 0; + + err: + return (rv); +} + +int +tls_handshake_client(struct tls *ctx) +{ + X509 *cert = NULL; + int match, ssl_ret; + int rv = -1; + + if ((ctx->flags & TLS_CLIENT) == 0) { + tls_set_errorx(ctx, "not a client context"); + goto err; + } + + if ((ctx->state & TLS_CONNECTED) == 0) { + tls_set_errorx(ctx, "context not connected"); + goto err; + } + + ctx->state |= TLS_SSL_NEEDS_SHUTDOWN; + + ERR_clear_error(); + if ((ssl_ret = SSL_connect(ctx->ssl_conn)) != 1) { + rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake"); + goto err; + } + + if (ctx->config->verify_name) { + cert = SSL_get_peer_certificate(ctx->ssl_conn); + if (cert == NULL) { + tls_set_errorx(ctx, "no server certificate"); + goto err; + } + if (tls_check_name(ctx, cert, ctx->servername, &match) == -1) + goto err; + if (!match) { + tls_set_errorx(ctx, "name `%s' not present in" + " server certificate", ctx->servername); + goto err; + } + } + + ctx->state |= TLS_HANDSHAKE_COMPLETE; + + if (ctx->config->session_fd != -1) { + if (tls_client_write_session(ctx) == -1) + goto err; + } + + rv = 0; + + err: + X509_free(cert); + + return (rv); +} diff --git a/tls_config.c b/tls_config.c new file mode 100644 index 0000000..ed47170 --- /dev/null +++ b/tls_config.c @@ -0,0 +1,907 @@ +/* $OpenBSD: tls_config.c,v 1.58 2020/01/20 08:39:21 jsing Exp $ */ +/* + * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <sys/stat.h> + +#include <ctype.h> +#include <errno.h> +#include <fcntl.h> +#include <pthread.h> +#include <stdlib.h> +#include <unistd.h> + +#include <tls.h> + +#include "tls_internal.h" + +static const char default_ca_file[] = TLS_DEFAULT_CA_FILE; + +const char * +tls_default_ca_cert_file(void) +{ + return default_ca_file; +} + +int +tls_config_load_file(struct tls_error *error, const char *filetype, + const char *filename, char **buf, size_t *len) +{ + struct stat st; + int fd = -1; + ssize_t n; + + free(*buf); + *buf = NULL; + *len = 0; + + if ((fd = open(filename, O_RDONLY)) == -1) { + tls_error_set(error, "failed to open %s file '%s'", + filetype, filename); + goto err; + } + if (fstat(fd, &st) != 0) { + tls_error_set(error, "failed to stat %s file '%s'", + filetype, filename); + goto err; + } + if (st.st_size < 0) + goto err; + *len = (size_t)st.st_size; + if ((*buf = malloc(*len)) == NULL) { + tls_error_set(error, "failed to allocate buffer for " + "%s file", filetype); + goto err; + } + n = read(fd, *buf, *len); + if (n < 0 || (size_t)n != *len) { + tls_error_set(error, "failed to read %s file '%s'", + filetype, filename); + goto err; + } + close(fd); + return 0; + + err: + if (fd != -1) + close(fd); + freezero(*buf, *len); + *buf = NULL; + *len = 0; + + return -1; +} + +struct tls_config * +tls_config_new_internal(void) +{ + struct tls_config *config; + unsigned char sid[TLS_MAX_SESSION_ID_LENGTH]; + + if ((config = calloc(1, sizeof(*config))) == NULL) + return (NULL); + + if (pthread_mutex_init(&config->mutex, NULL) != 0) + goto err; + + config->refcount = 1; + config->session_fd = -1; + + if ((config->keypair = tls_keypair_new()) == NULL) + goto err; + + /* + * Default configuration. + */ + if (tls_config_set_dheparams(config, "none") != 0) + goto err; + if (tls_config_set_ecdhecurves(config, "default") != 0) + goto err; + if (tls_config_set_ciphers(config, "secure") != 0) + goto err; + + if (tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT) != 0) + goto err; + if (tls_config_set_verify_depth(config, 6) != 0) + goto err; + + /* + * Set session ID context to a random value. For the simple case + * of a single process server this is good enough. For multiprocess + * servers the session ID needs to be set by the caller. + */ + arc4random_buf(sid, sizeof(sid)); + if (tls_config_set_session_id(config, sid, sizeof(sid)) != 0) + goto err; + config->ticket_keyrev = arc4random(); + config->ticket_autorekey = 1; + + tls_config_prefer_ciphers_server(config); + + tls_config_verify(config); + + return (config); + + err: + tls_config_free(config); + return (NULL); +} + +struct tls_config * +tls_config_new(void) +{ + if (tls_init() == -1) + return (NULL); + + return tls_config_new_internal(); +} + +void +tls_config_free(struct tls_config *config) +{ + struct tls_keypair *kp, *nkp; + int refcount; + + if (config == NULL) + return; + + pthread_mutex_lock(&config->mutex); + refcount = --config->refcount; + pthread_mutex_unlock(&config->mutex); + + if (refcount > 0) + return; + + for (kp = config->keypair; kp != NULL; kp = nkp) { + nkp = kp->next; + tls_keypair_free(kp); + } + + free(config->error.msg); + + free(config->alpn); + free((char *)config->ca_mem); + free((char *)config->ca_path); + free((char *)config->ciphers); + free((char *)config->crl_mem); + free(config->ecdhecurves); + + free(config); +} + +static void +tls_config_keypair_add(struct tls_config *config, struct tls_keypair *keypair) +{ + struct tls_keypair *kp; + + kp = config->keypair; + while (kp->next != NULL) + kp = kp->next; + + kp->next = keypair; +} + +const char * +tls_config_error(struct tls_config *config) +{ + return config->error.msg; +} + +void +tls_config_clear_keys(struct tls_config *config) +{ + struct tls_keypair *kp; + + for (kp = config->keypair; kp != NULL; kp = kp->next) + tls_keypair_clear_key(kp); +} + +int +tls_config_parse_protocols(uint32_t *protocols, const char *protostr) +{ + uint32_t proto, protos = 0; + char *s, *p, *q; + int negate; + + if (protostr == NULL) { + *protocols = TLS_PROTOCOLS_DEFAULT; + return (0); + } + + if ((s = strdup(protostr)) == NULL) + return (-1); + + q = s; + while ((p = strsep(&q, ",:")) != NULL) { + while (*p == ' ' || *p == '\t') + p++; + + negate = 0; + if (*p == '!') { + negate = 1; + p++; + } + + if (negate && protos == 0) + protos = TLS_PROTOCOLS_ALL; + + proto = 0; + if (strcasecmp(p, "all") == 0 || + strcasecmp(p, "legacy") == 0) + proto = TLS_PROTOCOLS_ALL; + else if (strcasecmp(p, "default") == 0 || + strcasecmp(p, "secure") == 0) + proto = TLS_PROTOCOLS_DEFAULT; + if (strcasecmp(p, "tlsv1") == 0) + proto = TLS_PROTOCOL_TLSv1; + else if (strcasecmp(p, "tlsv1.0") == 0) + proto = TLS_PROTOCOL_TLSv1_0; + else if (strcasecmp(p, "tlsv1.1") == 0) + proto = TLS_PROTOCOL_TLSv1_1; + else if (strcasecmp(p, "tlsv1.2") == 0) + proto = TLS_PROTOCOL_TLSv1_2; + else if (strcasecmp(p, "tlsv1.3") == 0) + proto = TLS_PROTOCOL_TLSv1_3; + + if (proto == 0) { + free(s); + return (-1); + } + + if (negate) + protos &= ~proto; + else + protos |= proto; + } + + *protocols = protos; + + free(s); + + return (0); +} + +static int +tls_config_parse_alpn(struct tls_config *config, const char *alpn, + char **alpn_data, size_t *alpn_len) +{ + size_t buf_len, i, len; + char *buf = NULL; + char *s = NULL; + char *p, *q; + + free(*alpn_data); + *alpn_data = NULL; + *alpn_len = 0; + + if ((buf_len = strlen(alpn) + 1) > 65535) { + tls_config_set_errorx(config, "alpn too large"); + goto err; + } + + if ((buf = malloc(buf_len)) == NULL) { + tls_config_set_errorx(config, "out of memory"); + goto err; + } + + if ((s = strdup(alpn)) == NULL) { + tls_config_set_errorx(config, "out of memory"); + goto err; + } + + i = 0; + q = s; + while ((p = strsep(&q, ",")) != NULL) { + if ((len = strlen(p)) == 0) { + tls_config_set_errorx(config, + "alpn protocol with zero length"); + goto err; + } + if (len > 255) { + tls_config_set_errorx(config, + "alpn protocol too long"); + goto err; + } + buf[i++] = len & 0xff; + memcpy(&buf[i], p, len); + i += len; + } + + free(s); + + *alpn_data = buf; + *alpn_len = buf_len; + + return (0); + + err: + free(buf); + free(s); + + return (-1); +} + +int +tls_config_set_alpn(struct tls_config *config, const char *alpn) +{ + return tls_config_parse_alpn(config, alpn, &config->alpn, + &config->alpn_len); +} + +static int +tls_config_add_keypair_file_internal(struct tls_config *config, + const char *cert_file, const char *key_file, const char *ocsp_file) +{ + struct tls_keypair *keypair; + + if ((keypair = tls_keypair_new()) == NULL) + return (-1); + if (tls_keypair_set_cert_file(keypair, &config->error, cert_file) != 0) + goto err; + if (tls_keypair_set_key_file(keypair, &config->error, key_file) != 0) + goto err; + if (ocsp_file != NULL && + tls_keypair_set_ocsp_staple_file(keypair, &config->error, + ocsp_file) != 0) + goto err; + + tls_config_keypair_add(config, keypair); + + return (0); + + err: + tls_keypair_free(keypair); + return (-1); +} + +static int +tls_config_add_keypair_mem_internal(struct tls_config *config, const uint8_t *cert, + size_t cert_len, const uint8_t *key, size_t key_len, + const uint8_t *staple, size_t staple_len) +{ + struct tls_keypair *keypair; + + if ((keypair = tls_keypair_new()) == NULL) + return (-1); + if (tls_keypair_set_cert_mem(keypair, &config->error, cert, cert_len) != 0) + goto err; + if (tls_keypair_set_key_mem(keypair, &config->error, key, key_len) != 0) + goto err; + if (staple != NULL && + tls_keypair_set_ocsp_staple_mem(keypair, &config->error, staple, + staple_len) != 0) + goto err; + + tls_config_keypair_add(config, keypair); + + return (0); + + err: + tls_keypair_free(keypair); + return (-1); +} + +int +tls_config_add_keypair_mem(struct tls_config *config, const uint8_t *cert, + size_t cert_len, const uint8_t *key, size_t key_len) +{ + return tls_config_add_keypair_mem_internal(config, cert, cert_len, key, + key_len, NULL, 0); +} + +int +tls_config_add_keypair_file(struct tls_config *config, + const char *cert_file, const char *key_file) +{ + return tls_config_add_keypair_file_internal(config, cert_file, + key_file, NULL); +} + +int +tls_config_add_keypair_ocsp_mem(struct tls_config *config, const uint8_t *cert, + size_t cert_len, const uint8_t *key, size_t key_len, const uint8_t *staple, + size_t staple_len) +{ + return tls_config_add_keypair_mem_internal(config, cert, cert_len, key, + key_len, staple, staple_len); +} + +int +tls_config_add_keypair_ocsp_file(struct tls_config *config, + const char *cert_file, const char *key_file, const char *ocsp_file) +{ + return tls_config_add_keypair_file_internal(config, cert_file, + key_file, ocsp_file); +} + +int +tls_config_set_ca_file(struct tls_config *config, const char *ca_file) +{ + return tls_config_load_file(&config->error, "CA", ca_file, + &config->ca_mem, &config->ca_len); +} + +int +tls_config_set_ca_path(struct tls_config *config, const char *ca_path) +{ + return tls_set_string(&config->ca_path, ca_path); +} + +int +tls_config_set_ca_mem(struct tls_config *config, const uint8_t *ca, size_t len) +{ + return tls_set_mem(&config->ca_mem, &config->ca_len, ca, len); +} + +int +tls_config_set_cert_file(struct tls_config *config, const char *cert_file) +{ + return tls_keypair_set_cert_file(config->keypair, &config->error, + cert_file); +} + +int +tls_config_set_cert_mem(struct tls_config *config, const uint8_t *cert, + size_t len) +{ + return tls_keypair_set_cert_mem(config->keypair, &config->error, + cert, len); +} + +int +tls_config_set_ciphers(struct tls_config *config, const char *ciphers) +{ + SSL_CTX *ssl_ctx = NULL; + + if (ciphers == NULL || + strcasecmp(ciphers, "default") == 0 || + strcasecmp(ciphers, "secure") == 0) + ciphers = TLS_CIPHERS_DEFAULT; + else if (strcasecmp(ciphers, "compat") == 0) + ciphers = TLS_CIPHERS_COMPAT; + else if (strcasecmp(ciphers, "legacy") == 0) + ciphers = TLS_CIPHERS_LEGACY; + else if (strcasecmp(ciphers, "all") == 0 || + strcasecmp(ciphers, "insecure") == 0) + ciphers = TLS_CIPHERS_ALL; + + if ((ssl_ctx = SSL_CTX_new(SSLv23_method())) == NULL) { + tls_config_set_errorx(config, "out of memory"); + goto err; + } + if (SSL_CTX_set_cipher_list(ssl_ctx, ciphers) != 1) { + tls_config_set_errorx(config, "no ciphers for '%s'", ciphers); + goto err; + } + + SSL_CTX_free(ssl_ctx); + return tls_set_string(&config->ciphers, ciphers); + + err: + SSL_CTX_free(ssl_ctx); + return -1; +} + +int +tls_config_set_crl_file(struct tls_config *config, const char *crl_file) +{ + return tls_config_load_file(&config->error, "CRL", crl_file, + &config->crl_mem, &config->crl_len); +} + +int +tls_config_set_crl_mem(struct tls_config *config, const uint8_t *crl, + size_t len) +{ + return tls_set_mem(&config->crl_mem, &config->crl_len, crl, len); +} + +int +tls_config_set_dheparams(struct tls_config *config, const char *params) +{ + int keylen; + + if (params == NULL || strcasecmp(params, "none") == 0) + keylen = 0; + else if (strcasecmp(params, "auto") == 0) + keylen = -1; + else if (strcasecmp(params, "legacy") == 0) + keylen = 1024; + else { + tls_config_set_errorx(config, "invalid dhe param '%s'", params); + return (-1); + } + + config->dheparams = keylen; + + return (0); +} + +int +tls_config_set_ecdhecurve(struct tls_config *config, const char *curve) +{ + if (curve == NULL || + strcasecmp(curve, "none") == 0 || + strcasecmp(curve, "auto") == 0) { + curve = TLS_ECDHE_CURVES; + } else if (strchr(curve, ',') != NULL || strchr(curve, ':') != NULL) { + tls_config_set_errorx(config, "invalid ecdhe curve '%s'", + curve); + return (-1); + } + + return tls_config_set_ecdhecurves(config, curve); +} + +int +tls_config_set_ecdhecurves(struct tls_config *config, const char *curves) +{ + int *curves_list = NULL, *curves_new; + size_t curves_num = 0; + char *cs = NULL; + char *p, *q; + int rv = -1; + int nid; + + free(config->ecdhecurves); + config->ecdhecurves = NULL; + config->ecdhecurves_len = 0; + + if (curves == NULL || strcasecmp(curves, "default") == 0) + curves = TLS_ECDHE_CURVES; + + if ((cs = strdup(curves)) == NULL) { + tls_config_set_errorx(config, "out of memory"); + goto err; + } + + q = cs; + while ((p = strsep(&q, ",:")) != NULL) { + while (*p == ' ' || *p == '\t') + p++; + + nid = OBJ_sn2nid(p); + if (nid == NID_undef) + nid = OBJ_ln2nid(p); + if (nid == NID_undef) + nid = EC_curve_nist2nid(p); + if (nid == NID_undef) { + tls_config_set_errorx(config, + "invalid ecdhe curve '%s'", p); + goto err; + } + + if ((curves_new = reallocarray(curves_list, curves_num + 1, + sizeof(int))) == NULL) { + tls_config_set_errorx(config, "out of memory"); + goto err; + } + curves_list = curves_new; + curves_list[curves_num] = nid; + curves_num++; + } + + config->ecdhecurves = curves_list; + config->ecdhecurves_len = curves_num; + curves_list = NULL; + + rv = 0; + + err: + free(cs); + free(curves_list); + + return (rv); +} + +int +tls_config_set_key_file(struct tls_config *config, const char *key_file) +{ + return tls_keypair_set_key_file(config->keypair, &config->error, + key_file); +} + +int +tls_config_set_key_mem(struct tls_config *config, const uint8_t *key, + size_t len) +{ + return tls_keypair_set_key_mem(config->keypair, &config->error, + key, len); +} + +static int +tls_config_set_keypair_file_internal(struct tls_config *config, + const char *cert_file, const char *key_file, const char *ocsp_file) +{ + if (tls_config_set_cert_file(config, cert_file) != 0) + return (-1); + if (tls_config_set_key_file(config, key_file) != 0) + return (-1); + if (ocsp_file != NULL && + tls_config_set_ocsp_staple_file(config, ocsp_file) != 0) + return (-1); + + return (0); +} + +static int +tls_config_set_keypair_mem_internal(struct tls_config *config, const uint8_t *cert, + size_t cert_len, const uint8_t *key, size_t key_len, + const uint8_t *staple, size_t staple_len) +{ + if (tls_config_set_cert_mem(config, cert, cert_len) != 0) + return (-1); + if (tls_config_set_key_mem(config, key, key_len) != 0) + return (-1); + if ((staple != NULL) && + (tls_config_set_ocsp_staple_mem(config, staple, staple_len) != 0)) + return (-1); + + return (0); +} + +int +tls_config_set_keypair_file(struct tls_config *config, + const char *cert_file, const char *key_file) +{ + return tls_config_set_keypair_file_internal(config, cert_file, key_file, + NULL); +} + +int +tls_config_set_keypair_mem(struct tls_config *config, const uint8_t *cert, + size_t cert_len, const uint8_t *key, size_t key_len) +{ + return tls_config_set_keypair_mem_internal(config, cert, cert_len, + key, key_len, NULL, 0); +} + +int +tls_config_set_keypair_ocsp_file(struct tls_config *config, + const char *cert_file, const char *key_file, const char *ocsp_file) +{ + return tls_config_set_keypair_file_internal(config, cert_file, key_file, + ocsp_file); +} + +int +tls_config_set_keypair_ocsp_mem(struct tls_config *config, const uint8_t *cert, + size_t cert_len, const uint8_t *key, size_t key_len, + const uint8_t *staple, size_t staple_len) +{ + return tls_config_set_keypair_mem_internal(config, cert, cert_len, + key, key_len, staple, staple_len); +} + + +int +tls_config_set_protocols(struct tls_config *config, uint32_t protocols) +{ + config->protocols = protocols; + + return (0); +} + +int +tls_config_set_session_fd(struct tls_config *config, int session_fd) +{ + struct stat sb; + mode_t mugo; + + if (session_fd == -1) { + config->session_fd = session_fd; + return (0); + } + + if (fstat(session_fd, &sb) == -1) { + tls_config_set_error(config, "failed to stat session file"); + return (-1); + } + if (!S_ISREG(sb.st_mode)) { + tls_config_set_errorx(config, + "session file is not a regular file"); + return (-1); + } + + if (sb.st_uid != getuid()) { + tls_config_set_errorx(config, "session file has incorrect " + "owner (uid %i != %i)", sb.st_uid, getuid()); + return (-1); + } + mugo = sb.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO); + if (mugo != (S_IRUSR|S_IWUSR)) { + tls_config_set_errorx(config, "session file has incorrect " + "permissions (%o != 600)", mugo); + return (-1); + } + + config->session_fd = session_fd; + + return (0); +} + +int +tls_config_set_verify_depth(struct tls_config *config, int verify_depth) +{ + config->verify_depth = verify_depth; + + return (0); +} + +void +tls_config_prefer_ciphers_client(struct tls_config *config) +{ + config->ciphers_server = 0; +} + +void +tls_config_prefer_ciphers_server(struct tls_config *config) +{ + config->ciphers_server = 1; +} + +void +tls_config_insecure_noverifycert(struct tls_config *config) +{ + config->verify_cert = 0; +} + +void +tls_config_insecure_noverifyname(struct tls_config *config) +{ + config->verify_name = 0; +} + +void +tls_config_insecure_noverifytime(struct tls_config *config) +{ + config->verify_time = 0; +} + +void +tls_config_verify(struct tls_config *config) +{ + config->verify_cert = 1; + config->verify_name = 1; + config->verify_time = 1; +} + +void +tls_config_ocsp_require_stapling(struct tls_config *config) +{ + config->ocsp_require_stapling = 1; +} + +void +tls_config_verify_client(struct tls_config *config) +{ + config->verify_client = 1; +} + +void +tls_config_verify_client_optional(struct tls_config *config) +{ + config->verify_client = 2; +} + +void +tls_config_skip_private_key_check(struct tls_config *config) +{ + config->skip_private_key_check = 1; +} + +int +tls_config_set_ocsp_staple_file(struct tls_config *config, const char *staple_file) +{ + return tls_keypair_set_ocsp_staple_file(config->keypair, &config->error, + staple_file); +} + +int +tls_config_set_ocsp_staple_mem(struct tls_config *config, const uint8_t *staple, + size_t len) +{ + return tls_keypair_set_ocsp_staple_mem(config->keypair, &config->error, + staple, len); +} + +int +tls_config_set_session_id(struct tls_config *config, + const unsigned char *session_id, size_t len) +{ + if (len > TLS_MAX_SESSION_ID_LENGTH) { + tls_config_set_errorx(config, "session ID too large"); + return (-1); + } + memset(config->session_id, 0, sizeof(config->session_id)); + memcpy(config->session_id, session_id, len); + return (0); +} + +int +tls_config_set_session_lifetime(struct tls_config *config, int lifetime) +{ + if (lifetime > TLS_MAX_SESSION_TIMEOUT) { + tls_config_set_errorx(config, "session lifetime too large"); + return (-1); + } + if (lifetime != 0 && lifetime < TLS_MIN_SESSION_TIMEOUT) { + tls_config_set_errorx(config, "session lifetime too small"); + return (-1); + } + + config->session_lifetime = lifetime; + return (0); +} + +int +tls_config_add_ticket_key(struct tls_config *config, uint32_t keyrev, + unsigned char *key, size_t keylen) +{ + struct tls_ticket_key newkey; + int i; + + if (TLS_TICKET_KEY_SIZE != keylen || + sizeof(newkey.aes_key) + sizeof(newkey.hmac_key) > keylen) { + tls_config_set_errorx(config, + "wrong amount of ticket key data"); + return (-1); + } + + keyrev = htonl(keyrev); + memset(&newkey, 0, sizeof(newkey)); + memcpy(newkey.key_name, &keyrev, sizeof(keyrev)); + memcpy(newkey.aes_key, key, sizeof(newkey.aes_key)); + memcpy(newkey.hmac_key, key + sizeof(newkey.aes_key), + sizeof(newkey.hmac_key)); + newkey.time = time(NULL); + + for (i = 0; i < TLS_NUM_TICKETS; i++) { + struct tls_ticket_key *tk = &config->ticket_keys[i]; + if (memcmp(newkey.key_name, tk->key_name, + sizeof(tk->key_name)) != 0) + continue; + + /* allow re-entry of most recent key */ + if (i == 0 && memcmp(newkey.aes_key, tk->aes_key, + sizeof(tk->aes_key)) == 0 && memcmp(newkey.hmac_key, + tk->hmac_key, sizeof(tk->hmac_key)) == 0) + return (0); + tls_config_set_errorx(config, "ticket key already present"); + return (-1); + } + + memmove(&config->ticket_keys[1], &config->ticket_keys[0], + sizeof(config->ticket_keys) - sizeof(config->ticket_keys[0])); + config->ticket_keys[0] = newkey; + + config->ticket_autorekey = 0; + + return (0); +} + +int +tls_config_ticket_autorekey(struct tls_config *config) +{ + unsigned char key[TLS_TICKET_KEY_SIZE]; + int rv; + + arc4random_buf(key, sizeof(key)); + rv = tls_config_add_ticket_key(config, config->ticket_keyrev++, key, + sizeof(key)); + config->ticket_autorekey = 1; + return (rv); +} diff --git a/tls_conninfo.c b/tls_conninfo.c new file mode 100644 index 0000000..d44dc84 --- /dev/null +++ b/tls_conninfo.c @@ -0,0 +1,346 @@ +/* $OpenBSD: tls_conninfo.c,v 1.21 2019/11/02 13:37:59 jsing Exp $ */ +/* + * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> + * Copyright (c) 2015 Bob Beck <beck@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <stdio.h> + +#include <openssl/x509.h> + +#include <tls.h> +#include "tls_internal.h" + +int ASN1_time_tm_clamp_notafter(struct tm *tm); + +int +tls_hex_string(const unsigned char *in, size_t inlen, char **out, + size_t *outlen) +{ + static const char hex[] = "0123456789abcdef"; + size_t i, len; + char *p; + + if (outlen != NULL) + *outlen = 0; + + if (inlen >= SIZE_MAX) + return (-1); + if ((*out = reallocarray(NULL, inlen + 1, 2)) == NULL) + return (-1); + + p = *out; + len = 0; + for (i = 0; i < inlen; i++) { + p[len++] = hex[(in[i] >> 4) & 0x0f]; + p[len++] = hex[in[i] & 0x0f]; + } + p[len++] = 0; + + if (outlen != NULL) + *outlen = len; + + return (0); +} + +static int +tls_get_peer_cert_hash(struct tls *ctx, char **hash) +{ + *hash = NULL; + if (ctx->ssl_peer_cert == NULL) + return (0); + + if (tls_cert_hash(ctx->ssl_peer_cert, hash) == -1) { + tls_set_errorx(ctx, "unable to compute peer certificate hash - out of memory"); + *hash = NULL; + return -1; + } + return 0; +} + +static int +tls_get_peer_cert_issuer(struct tls *ctx, char **issuer) +{ + X509_NAME *name = NULL; + + *issuer = NULL; + if (ctx->ssl_peer_cert == NULL) + return (-1); + if ((name = X509_get_issuer_name(ctx->ssl_peer_cert)) == NULL) + return (-1); + *issuer = X509_NAME_oneline(name, 0, 0); + if (*issuer == NULL) + return (-1); + return (0); +} + +static int +tls_get_peer_cert_subject(struct tls *ctx, char **subject) +{ + X509_NAME *name = NULL; + + *subject = NULL; + if (ctx->ssl_peer_cert == NULL) + return (-1); + if ((name = X509_get_subject_name(ctx->ssl_peer_cert)) == NULL) + return (-1); + *subject = X509_NAME_oneline(name, 0, 0); + if (*subject == NULL) + return (-1); + return (0); +} + +static int +tls_get_peer_cert_times(struct tls *ctx, time_t *notbefore, + time_t *notafter) +{ + struct tm before_tm, after_tm; + ASN1_TIME *before, *after; + + if (ctx->ssl_peer_cert == NULL) + return (-1); + + memset(&before_tm, 0, sizeof(before_tm)); + memset(&after_tm, 0, sizeof(after_tm)); + + if ((before = X509_get_notBefore(ctx->ssl_peer_cert)) == NULL) + goto err; + if ((after = X509_get_notAfter(ctx->ssl_peer_cert)) == NULL) + goto err; + if (ASN1_time_parse(before->data, before->length, &before_tm, 0) == -1) + goto err; + if (ASN1_time_parse(after->data, after->length, &after_tm, 0) == -1) + goto err; + if (!ASN1_time_tm_clamp_notafter(&after_tm)) + goto err; + if ((*notbefore = timegm(&before_tm)) == -1) + goto err; + if ((*notafter = timegm(&after_tm)) == -1) + goto err; + + return (0); + + err: + return (-1); +} + +static int +tls_get_peer_cert_info(struct tls *ctx) +{ + if (ctx->ssl_peer_cert == NULL) + return (0); + + if (tls_get_peer_cert_hash(ctx, &ctx->conninfo->hash) == -1) + goto err; + if (tls_get_peer_cert_subject(ctx, &ctx->conninfo->subject) == -1) + goto err; + if (tls_get_peer_cert_issuer(ctx, &ctx->conninfo->issuer) == -1) + goto err; + if (tls_get_peer_cert_times(ctx, &ctx->conninfo->notbefore, + &ctx->conninfo->notafter) == -1) + goto err; + + return (0); + + err: + return (-1); +} + +static int +tls_conninfo_alpn_proto(struct tls *ctx) +{ + const unsigned char *p; + unsigned int len; + + free(ctx->conninfo->alpn); + ctx->conninfo->alpn = NULL; + + SSL_get0_alpn_selected(ctx->ssl_conn, &p, &len); + if (len > 0) { + if ((ctx->conninfo->alpn = malloc(len + 1)) == NULL) + return (-1); + memcpy(ctx->conninfo->alpn, p, len); + ctx->conninfo->alpn[len] = '\0'; + } + + return (0); +} + +static int +tls_conninfo_cert_pem(struct tls *ctx) +{ + int i, rv = -1; + BIO *membio = NULL; + BUF_MEM *bptr = NULL; + + if (ctx->ssl_peer_cert == NULL) + return 0; + if ((membio = BIO_new(BIO_s_mem()))== NULL) + goto err; + + /* + * We have to write the peer cert out separately, because + * the certificate chain may or may not contain it. + */ + if (!PEM_write_bio_X509(membio, ctx->ssl_peer_cert)) + goto err; + for (i = 0; i < sk_X509_num(ctx->ssl_peer_chain); i++) { + X509 *chaincert = sk_X509_value(ctx->ssl_peer_chain, i); + if (chaincert != ctx->ssl_peer_cert && + !PEM_write_bio_X509(membio, chaincert)) + goto err; + } + + BIO_get_mem_ptr(membio, &bptr); + free(ctx->conninfo->peer_cert); + ctx->conninfo->peer_cert_len = 0; + if ((ctx->conninfo->peer_cert = malloc(bptr->length)) == NULL) + goto err; + ctx->conninfo->peer_cert_len = bptr->length; + memcpy(ctx->conninfo->peer_cert, bptr->data, + ctx->conninfo->peer_cert_len); + + /* BIO_free() will kill BUF_MEM - because we have not set BIO_NOCLOSE */ + rv = 0; + err: + BIO_free(membio); + return rv; +} + +static int +tls_conninfo_session(struct tls *ctx) +{ + ctx->conninfo->session_resumed = SSL_session_reused(ctx->ssl_conn); + + return 0; +} + +int +tls_conninfo_populate(struct tls *ctx) +{ + const char *tmp; + + tls_conninfo_free(ctx->conninfo); + + if ((ctx->conninfo = calloc(1, sizeof(struct tls_conninfo))) == NULL) { + tls_set_errorx(ctx, "out of memory"); + goto err; + } + + if (tls_conninfo_alpn_proto(ctx) == -1) + goto err; + + if ((tmp = SSL_get_cipher(ctx->ssl_conn)) == NULL) + goto err; + if ((ctx->conninfo->cipher = strdup(tmp)) == NULL) + goto err; + ctx->conninfo->cipher_strength = SSL_get_cipher_bits(ctx->ssl_conn, NULL); + + if (ctx->servername != NULL) { + if ((ctx->conninfo->servername = + strdup(ctx->servername)) == NULL) + goto err; + } + + if ((tmp = SSL_get_version(ctx->ssl_conn)) == NULL) + goto err; + if ((ctx->conninfo->version = strdup(tmp)) == NULL) + goto err; + + if (tls_get_peer_cert_info(ctx) == -1) + goto err; + + if (tls_conninfo_cert_pem(ctx) == -1) + goto err; + + if (tls_conninfo_session(ctx) == -1) + goto err; + + return (0); + + err: + tls_conninfo_free(ctx->conninfo); + ctx->conninfo = NULL; + + return (-1); +} + +void +tls_conninfo_free(struct tls_conninfo *conninfo) +{ + if (conninfo == NULL) + return; + + free(conninfo->alpn); + free(conninfo->cipher); + free(conninfo->servername); + free(conninfo->version); + + free(conninfo->hash); + free(conninfo->issuer); + free(conninfo->subject); + + free(conninfo->peer_cert); + + free(conninfo); +} + +const char * +tls_conn_alpn_selected(struct tls *ctx) +{ + if (ctx->conninfo == NULL) + return (NULL); + return (ctx->conninfo->alpn); +} + +const char * +tls_conn_cipher(struct tls *ctx) +{ + if (ctx->conninfo == NULL) + return (NULL); + return (ctx->conninfo->cipher); +} + +int +tls_conn_cipher_strength(struct tls *ctx) +{ + if (ctx->conninfo == NULL) + return (0); + return (ctx->conninfo->cipher_strength); +} + +const char * +tls_conn_servername(struct tls *ctx) +{ + if (ctx->conninfo == NULL) + return (NULL); + return (ctx->conninfo->servername); +} + +int +tls_conn_session_resumed(struct tls *ctx) +{ + if (ctx->conninfo == NULL) + return (0); + return (ctx->conninfo->session_resumed); +} + +const char * +tls_conn_version(struct tls *ctx) +{ + if (ctx->conninfo == NULL) + return (NULL); + return (ctx->conninfo->version); +} diff --git a/tls_internal.h b/tls_internal.h new file mode 100644 index 0000000..1dd5f45 --- /dev/null +++ b/tls_internal.h @@ -0,0 +1,298 @@ +/* $OpenBSD: tls_internal.h,v 1.77 2019/11/16 21:39:52 beck Exp $ */ +/* + * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> + * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef HEADER_TLS_INTERNAL_H +#define HEADER_TLS_INTERNAL_H + +#include <pthread.h> + +#include <arpa/inet.h> +#include <netinet/in.h> + +#include <openssl/ssl.h> + +__BEGIN_HIDDEN_DECLS + +#ifndef TLS_DEFAULT_CA_FILE +#define TLS_DEFAULT_CA_FILE "/etc/ssl/cert.pem" +#endif + +#define TLS_CIPHERS_DEFAULT "TLSv1.3:TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE" +#define TLS_CIPHERS_COMPAT "HIGH:!aNULL" +#define TLS_CIPHERS_LEGACY "HIGH:MEDIUM:!aNULL" +#define TLS_CIPHERS_ALL "ALL:!aNULL:!eNULL" + +#define TLS_ECDHE_CURVES "X25519,P-256,P-384" + +union tls_addr { + struct in_addr ip4; + struct in6_addr ip6; +}; + +struct tls_error { + char *msg; + int num; + int tls; +}; + +struct tls_keypair { + struct tls_keypair *next; + + char *cert_mem; + size_t cert_len; + char *key_mem; + size_t key_len; + char *ocsp_staple; + size_t ocsp_staple_len; + char *pubkey_hash; +}; + +#define TLS_MIN_SESSION_TIMEOUT (4) +#define TLS_MAX_SESSION_TIMEOUT (24 * 60 * 60) + +#define TLS_NUM_TICKETS 4 +#define TLS_TICKET_NAME_SIZE 16 +#define TLS_TICKET_AES_SIZE 32 +#define TLS_TICKET_HMAC_SIZE 16 + +struct tls_ticket_key { + /* The key_name must be 16 bytes according to -lssl */ + unsigned char key_name[TLS_TICKET_NAME_SIZE]; + unsigned char aes_key[TLS_TICKET_AES_SIZE]; + unsigned char hmac_key[TLS_TICKET_HMAC_SIZE]; + time_t time; +}; + +struct tls_config { + struct tls_error error; + + pthread_mutex_t mutex; + int refcount; + + char *alpn; + size_t alpn_len; + const char *ca_path; + char *ca_mem; + size_t ca_len; + const char *ciphers; + int ciphers_server; + char *crl_mem; + size_t crl_len; + int dheparams; + int *ecdhecurves; + size_t ecdhecurves_len; + struct tls_keypair *keypair; + int ocsp_require_stapling; + uint32_t protocols; + unsigned char session_id[TLS_MAX_SESSION_ID_LENGTH]; + int session_fd; + int session_lifetime; + struct tls_ticket_key ticket_keys[TLS_NUM_TICKETS]; + uint32_t ticket_keyrev; + int ticket_autorekey; + int verify_cert; + int verify_client; + int verify_depth; + int verify_name; + int verify_time; + int skip_private_key_check; +}; + +struct tls_conninfo { + char *alpn; + char *cipher; + int cipher_strength; + char *servername; + int session_resumed; + char *version; + + char *hash; + char *issuer; + char *subject; + + uint8_t *peer_cert; + size_t peer_cert_len; + + time_t notbefore; + time_t notafter; +}; + +#define TLS_CLIENT (1 << 0) +#define TLS_SERVER (1 << 1) +#define TLS_SERVER_CONN (1 << 2) + +#define TLS_EOF_NO_CLOSE_NOTIFY (1 << 0) +#define TLS_CONNECTED (1 << 1) +#define TLS_HANDSHAKE_COMPLETE (1 << 2) +#define TLS_SSL_NEEDS_SHUTDOWN (1 << 3) + +struct tls_ocsp_result { + const char *result_msg; + int response_status; + int cert_status; + int crl_reason; + time_t this_update; + time_t next_update; + time_t revocation_time; +}; + +struct tls_ocsp { + /* responder location */ + char *ocsp_url; + + /* cert data, this struct does not own these */ + X509 *main_cert; + STACK_OF(X509) *extra_certs; + + struct tls_ocsp_result *ocsp_result; +}; + +struct tls_sni_ctx { + struct tls_sni_ctx *next; + + struct tls_keypair *keypair; + + SSL_CTX *ssl_ctx; + X509 *ssl_cert; +}; + +struct tls { + struct tls_config *config; + struct tls_keypair *keypair; + + struct tls_error error; + + uint32_t flags; + uint32_t state; + + char *servername; + int socket; + + SSL *ssl_conn; + SSL_CTX *ssl_ctx; + + struct tls_sni_ctx *sni_ctx; + + X509 *ssl_peer_cert; + STACK_OF(X509) *ssl_peer_chain; + + struct tls_conninfo *conninfo; + + struct tls_ocsp *ocsp; + + tls_read_cb read_cb; + tls_write_cb write_cb; + void *cb_arg; +}; + +int tls_set_mem(char **_dest, size_t *_destlen, const void *_src, + size_t _srclen); +int tls_set_string(const char **_dest, const char *_src); + +struct tls_keypair *tls_keypair_new(void); +void tls_keypair_clear_key(struct tls_keypair *_keypair); +void tls_keypair_free(struct tls_keypair *_keypair); +int tls_keypair_set_cert_file(struct tls_keypair *_keypair, + struct tls_error *_error, const char *_cert_file); +int tls_keypair_set_cert_mem(struct tls_keypair *_keypair, + struct tls_error *_error, const uint8_t *_cert, size_t _len); +int tls_keypair_set_key_file(struct tls_keypair *_keypair, + struct tls_error *_error, const char *_key_file); +int tls_keypair_set_key_mem(struct tls_keypair *_keypair, + struct tls_error *_error, const uint8_t *_key, size_t _len); +int tls_keypair_set_ocsp_staple_file(struct tls_keypair *_keypair, + struct tls_error *_error, const char *_ocsp_file); +int tls_keypair_set_ocsp_staple_mem(struct tls_keypair *_keypair, + struct tls_error *_error, const uint8_t *_staple, size_t _len); +int tls_keypair_load_cert(struct tls_keypair *_keypair, + struct tls_error *_error, X509 **_cert); + +struct tls_sni_ctx *tls_sni_ctx_new(void); +void tls_sni_ctx_free(struct tls_sni_ctx *sni_ctx); + +struct tls_config *tls_config_new_internal(void); + +struct tls *tls_new(void); +struct tls *tls_server_conn(struct tls *ctx); + +int tls_check_name(struct tls *ctx, X509 *cert, const char *servername, + int *match); +int tls_configure_server(struct tls *ctx); + +int tls_configure_ssl(struct tls *ctx, SSL_CTX *ssl_ctx); +int tls_configure_ssl_keypair(struct tls *ctx, SSL_CTX *ssl_ctx, + struct tls_keypair *keypair, int required); +int tls_configure_ssl_verify(struct tls *ctx, SSL_CTX *ssl_ctx, int verify); + +int tls_handshake_client(struct tls *ctx); +int tls_handshake_server(struct tls *ctx); + +int tls_config_load_file(struct tls_error *error, const char *filetype, + const char *filename, char **buf, size_t *len); +int tls_config_ticket_autorekey(struct tls_config *config); +int tls_host_port(const char *hostport, char **host, char **port); + +int tls_set_cbs(struct tls *ctx, + tls_read_cb read_cb, tls_write_cb write_cb, void *cb_arg); + +void tls_error_clear(struct tls_error *error); +int tls_error_set(struct tls_error *error, const char *fmt, ...) + __attribute__((__format__ (printf, 2, 3))) + __attribute__((__nonnull__ (2))); +int tls_error_setx(struct tls_error *error, const char *fmt, ...) + __attribute__((__format__ (printf, 2, 3))) + __attribute__((__nonnull__ (2))); +int tls_config_set_error(struct tls_config *cfg, const char *fmt, ...) + __attribute__((__format__ (printf, 2, 3))) + __attribute__((__nonnull__ (2))); +int tls_config_set_errorx(struct tls_config *cfg, const char *fmt, ...) + __attribute__((__format__ (printf, 2, 3))) + __attribute__((__nonnull__ (2))); +int tls_set_error(struct tls *ctx, const char *fmt, ...) + __attribute__((__format__ (printf, 2, 3))) + __attribute__((__nonnull__ (2))); +int tls_set_errorx(struct tls *ctx, const char *fmt, ...) + __attribute__((__format__ (printf, 2, 3))) + __attribute__((__nonnull__ (2))); +int tls_set_ssl_errorx(struct tls *ctx, const char *fmt, ...) + __attribute__((__format__ (printf, 2, 3))) + __attribute__((__nonnull__ (2))); + +int tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, + const char *prefix); + +int tls_conninfo_populate(struct tls *ctx); +void tls_conninfo_free(struct tls_conninfo *conninfo); + +int tls_ocsp_verify_cb(SSL *ssl, void *arg); +int tls_ocsp_stapling_cb(SSL *ssl, void *arg); +void tls_ocsp_free(struct tls_ocsp *ctx); +struct tls_ocsp *tls_ocsp_setup_from_peer(struct tls *ctx); +int tls_hex_string(const unsigned char *_in, size_t _inlen, char **_out, + size_t *_outlen); +int tls_cert_hash(X509 *_cert, char **_hash); +int tls_cert_pubkey_hash(X509 *_cert, char **_hash); + +int tls_password_cb(char *_buf, int _size, int _rwflag, void *_u); + +__END_HIDDEN_DECLS + +/* XXX this function is not fully hidden so relayd can use it */ +void tls_config_skip_private_key_check(struct tls_config *config); + +#endif /* HEADER_TLS_INTERNAL_H */ diff --git a/tls_keypair.c b/tls_keypair.c new file mode 100644 index 0000000..a98e5c2 --- /dev/null +++ b/tls_keypair.c @@ -0,0 +1,169 @@ +/* $OpenBSD: tls_keypair.c,v 1.6 2018/04/07 16:35:34 jsing Exp $ */ +/* + * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <openssl/bio.h> +#include <openssl/err.h> +#include <openssl/pem.h> + +#include <tls.h> + +#include "tls_internal.h" + +struct tls_keypair * +tls_keypair_new(void) +{ + return calloc(1, sizeof(struct tls_keypair)); +} + +static int +tls_keypair_pubkey_hash(struct tls_keypair *keypair, struct tls_error *error) +{ + X509 *cert = NULL; + int rv = -1; + + free(keypair->pubkey_hash); + keypair->pubkey_hash = NULL; + + if (keypair->cert_mem == NULL) { + rv = 0; + goto done; + } + + if (tls_keypair_load_cert(keypair, error, &cert) == -1) + goto err; + if (tls_cert_pubkey_hash(cert, &keypair->pubkey_hash) == -1) + goto err; + + rv = 0; + + err: + X509_free(cert); + done: + return (rv); +} + +void +tls_keypair_clear_key(struct tls_keypair *keypair) +{ + freezero(keypair->key_mem, keypair->key_len); + keypair->key_mem = NULL; + keypair->key_len = 0; +} + +int +tls_keypair_set_cert_file(struct tls_keypair *keypair, struct tls_error *error, + const char *cert_file) +{ + if (tls_config_load_file(error, "certificate", cert_file, + &keypair->cert_mem, &keypair->cert_len) == -1) + return -1; + return tls_keypair_pubkey_hash(keypair, error); +} + +int +tls_keypair_set_cert_mem(struct tls_keypair *keypair, struct tls_error *error, + const uint8_t *cert, size_t len) +{ + if (tls_set_mem(&keypair->cert_mem, &keypair->cert_len, cert, len) == -1) + return -1; + return tls_keypair_pubkey_hash(keypair, error); +} + +int +tls_keypair_set_key_file(struct tls_keypair *keypair, struct tls_error *error, + const char *key_file) +{ + tls_keypair_clear_key(keypair); + return tls_config_load_file(error, "key", key_file, + &keypair->key_mem, &keypair->key_len); +} + +int +tls_keypair_set_key_mem(struct tls_keypair *keypair, struct tls_error *error, + const uint8_t *key, size_t len) +{ + tls_keypair_clear_key(keypair); + return tls_set_mem(&keypair->key_mem, &keypair->key_len, key, len); +} + +int +tls_keypair_set_ocsp_staple_file(struct tls_keypair *keypair, + struct tls_error *error, const char *ocsp_file) +{ + return tls_config_load_file(error, "ocsp", ocsp_file, + &keypair->ocsp_staple, &keypair->ocsp_staple_len); +} + +int +tls_keypair_set_ocsp_staple_mem(struct tls_keypair *keypair, + struct tls_error *error, const uint8_t *staple, size_t len) +{ + return tls_set_mem(&keypair->ocsp_staple, &keypair->ocsp_staple_len, + staple, len); +} + +void +tls_keypair_free(struct tls_keypair *keypair) +{ + if (keypair == NULL) + return; + + tls_keypair_clear_key(keypair); + + free(keypair->cert_mem); + free(keypair->ocsp_staple); + free(keypair->pubkey_hash); + + free(keypair); +} + +int +tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error, + X509 **cert) +{ + char *errstr = "unknown"; + BIO *cert_bio = NULL; + int ssl_err; + int rv = -1; + + X509_free(*cert); + *cert = NULL; + + if (keypair->cert_mem == NULL) { + tls_error_set(error, "keypair has no certificate"); + goto err; + } + if ((cert_bio = BIO_new_mem_buf(keypair->cert_mem, + keypair->cert_len)) == NULL) { + tls_error_set(error, "failed to create certificate bio"); + goto err; + } + if ((*cert = PEM_read_bio_X509(cert_bio, NULL, tls_password_cb, + NULL)) == NULL) { + if ((ssl_err = ERR_peek_error()) != 0) + errstr = ERR_error_string(ssl_err, NULL); + tls_error_set(error, "failed to load certificate: %s", errstr); + goto err; + } + + rv = 0; + + err: + BIO_free(cert_bio); + + return (rv); +} diff --git a/tls_ocsp.c b/tls_ocsp.c new file mode 100644 index 0000000..32c372e --- /dev/null +++ b/tls_ocsp.c @@ -0,0 +1,453 @@ +/* $OpenBSD: tls_ocsp.c,v 1.19 2019/12/03 14:56:42 tb Exp $ */ +/* + * Copyright (c) 2015 Marko Kreen <markokr@gmail.com> + * Copyright (c) 2016 Bob Beck <beck@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <sys/types.h> + +#include <arpa/inet.h> +#include <netinet/in.h> + +#include <openssl/err.h> +#include <openssl/ocsp.h> +#include <openssl/x509.h> + +#include <tls.h> +#include "tls_internal.h" + +#define MAXAGE_SEC (14*24*60*60) +#define JITTER_SEC (60) + +/* + * State for request. + */ + +static struct tls_ocsp * +tls_ocsp_new(void) +{ + return (calloc(1, sizeof(struct tls_ocsp))); +} + +void +tls_ocsp_free(struct tls_ocsp *ocsp) +{ + if (ocsp == NULL) + return; + + X509_free(ocsp->main_cert); + free(ocsp->ocsp_result); + free(ocsp->ocsp_url); + + free(ocsp); +} + +static int +tls_ocsp_asn1_parse_time(struct tls *ctx, ASN1_GENERALIZEDTIME *gt, time_t *gt_time) +{ + struct tm tm; + + if (gt == NULL) + return -1; + /* RFC 6960 specifies that all times in OCSP must be GENERALIZEDTIME */ + if (ASN1_time_parse(gt->data, gt->length, &tm, + V_ASN1_GENERALIZEDTIME) == -1) + return -1; + if ((*gt_time = timegm(&tm)) == -1) + return -1; + return 0; +} + +static int +tls_ocsp_fill_info(struct tls *ctx, int response_status, int cert_status, + int crl_reason, ASN1_GENERALIZEDTIME *revtime, + ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd) +{ + struct tls_ocsp_result *info = NULL; + + free(ctx->ocsp->ocsp_result); + ctx->ocsp->ocsp_result = NULL; + + if ((info = calloc(1, sizeof (struct tls_ocsp_result))) == NULL) { + tls_set_error(ctx, "calloc"); + return -1; + } + info->response_status = response_status; + info->cert_status = cert_status; + info->crl_reason = crl_reason; + if (info->response_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) { + info->result_msg = + OCSP_response_status_str(info->response_status); + } else if (info->cert_status != V_OCSP_CERTSTATUS_REVOKED) { + info->result_msg = OCSP_cert_status_str(info->cert_status); + } else { + info->result_msg = OCSP_crl_reason_str(info->crl_reason); + } + info->revocation_time = info->this_update = info->next_update = -1; + if (revtime != NULL && + tls_ocsp_asn1_parse_time(ctx, revtime, &info->revocation_time) != 0) { + tls_set_error(ctx, + "unable to parse revocation time in OCSP reply"); + goto err; + } + if (thisupd != NULL && + tls_ocsp_asn1_parse_time(ctx, thisupd, &info->this_update) != 0) { + tls_set_error(ctx, + "unable to parse this update time in OCSP reply"); + goto err; + } + if (nextupd != NULL && + tls_ocsp_asn1_parse_time(ctx, nextupd, &info->next_update) != 0) { + tls_set_error(ctx, + "unable to parse next update time in OCSP reply"); + goto err; + } + ctx->ocsp->ocsp_result = info; + return 0; + + err: + free(info); + return -1; +} + +static OCSP_CERTID * +tls_ocsp_get_certid(X509 *main_cert, STACK_OF(X509) *extra_certs, + SSL_CTX *ssl_ctx) +{ + X509_NAME *issuer_name; + X509 *issuer; + X509_STORE_CTX storectx; + X509_OBJECT tmpobj; + OCSP_CERTID *cid = NULL; + X509_STORE *store; + + if ((issuer_name = X509_get_issuer_name(main_cert)) == NULL) + return NULL; + + if (extra_certs != NULL) { + issuer = X509_find_by_subject(extra_certs, issuer_name); + if (issuer != NULL) + return OCSP_cert_to_id(NULL, main_cert, issuer); + } + + if ((store = SSL_CTX_get_cert_store(ssl_ctx)) == NULL) + return NULL; + if (X509_STORE_CTX_init(&storectx, store, main_cert, extra_certs) != 1) + return NULL; + if (X509_STORE_get_by_subject(&storectx, X509_LU_X509, issuer_name, + &tmpobj) == 1) { + cid = OCSP_cert_to_id(NULL, main_cert, tmpobj.data.x509); + X509_OBJECT_free_contents(&tmpobj); + } + X509_STORE_CTX_cleanup(&storectx); + return cid; +} + +struct tls_ocsp * +tls_ocsp_setup_from_peer(struct tls *ctx) +{ + struct tls_ocsp *ocsp = NULL; + STACK_OF(OPENSSL_STRING) *ocsp_urls = NULL; + + if ((ocsp = tls_ocsp_new()) == NULL) + goto err; + + /* steal state from ctx struct */ + ocsp->main_cert = SSL_get_peer_certificate(ctx->ssl_conn); + ocsp->extra_certs = SSL_get_peer_cert_chain(ctx->ssl_conn); + if (ocsp->main_cert == NULL) { + tls_set_errorx(ctx, "no peer certificate for OCSP"); + goto err; + } + + ocsp_urls = X509_get1_ocsp(ocsp->main_cert); + if (ocsp_urls == NULL) { + tls_set_errorx(ctx, "no OCSP URLs in peer certificate"); + goto err; + } + + ocsp->ocsp_url = strdup(sk_OPENSSL_STRING_value(ocsp_urls, 0)); + if (ocsp->ocsp_url == NULL) { + tls_set_errorx(ctx, "out of memory"); + goto err; + } + + X509_email_free(ocsp_urls); + return ocsp; + + err: + tls_ocsp_free(ocsp); + X509_email_free(ocsp_urls); + return NULL; +} + +static int +tls_ocsp_verify_response(struct tls *ctx, OCSP_RESPONSE *resp) +{ + OCSP_BASICRESP *br = NULL; + ASN1_GENERALIZEDTIME *revtime = NULL, *thisupd = NULL, *nextupd = NULL; + OCSP_CERTID *cid = NULL; + STACK_OF(X509) *combined = NULL; + int response_status=0, cert_status=0, crl_reason=0; + int ret = -1; + unsigned long flags; + + if ((br = OCSP_response_get1_basic(resp)) == NULL) { + tls_set_errorx(ctx, "cannot load ocsp reply"); + goto err; + } + + /* + * Skip validation of 'extra_certs' as this should be done + * already as part of main handshake. + */ + flags = OCSP_TRUSTOTHER; + + /* now verify */ + if (OCSP_basic_verify(br, ctx->ocsp->extra_certs, + SSL_CTX_get_cert_store(ctx->ssl_ctx), flags) != 1) { + tls_set_error(ctx, "ocsp verify failed"); + goto err; + } + + /* signature OK, look inside */ + response_status = OCSP_response_status(resp); + if (response_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) { + tls_set_errorx(ctx, "ocsp verify failed: response - %s", + OCSP_response_status_str(response_status)); + goto err; + } + + cid = tls_ocsp_get_certid(ctx->ocsp->main_cert, + ctx->ocsp->extra_certs, ctx->ssl_ctx); + if (cid == NULL) { + tls_set_errorx(ctx, "ocsp verify failed: no issuer cert"); + goto err; + } + + if (OCSP_resp_find_status(br, cid, &cert_status, &crl_reason, + &revtime, &thisupd, &nextupd) != 1) { + tls_set_errorx(ctx, "ocsp verify failed: no result for cert"); + goto err; + } + + if (OCSP_check_validity(thisupd, nextupd, JITTER_SEC, + MAXAGE_SEC) != 1) { + tls_set_errorx(ctx, + "ocsp verify failed: ocsp response not current"); + goto err; + } + + if (tls_ocsp_fill_info(ctx, response_status, cert_status, + crl_reason, revtime, thisupd, nextupd) != 0) + goto err; + + /* finally can look at status */ + if (cert_status != V_OCSP_CERTSTATUS_GOOD && cert_status != + V_OCSP_CERTSTATUS_UNKNOWN) { + tls_set_errorx(ctx, "ocsp verify failed: revoked cert - %s", + OCSP_crl_reason_str(crl_reason)); + goto err; + } + ret = 0; + + err: + sk_X509_free(combined); + OCSP_CERTID_free(cid); + OCSP_BASICRESP_free(br); + return ret; +} + +/* + * Process a raw OCSP response from an OCSP server request. + * OCSP details can then be retrieved with tls_peer_ocsp_* functions. + * returns 0 if certificate ok, -1 otherwise. + */ +static int +tls_ocsp_process_response_internal(struct tls *ctx, const unsigned char *response, + size_t size) +{ + int ret; + OCSP_RESPONSE *resp; + + resp = d2i_OCSP_RESPONSE(NULL, &response, size); + if (resp == NULL) { + tls_ocsp_free(ctx->ocsp); + ctx->ocsp = NULL; + tls_set_error(ctx, "unable to parse OCSP response"); + return -1; + } + ret = tls_ocsp_verify_response(ctx, resp); + OCSP_RESPONSE_free(resp); + return ret; +} + +/* TLS handshake verification callback for stapled requests */ +int +tls_ocsp_verify_cb(SSL *ssl, void *arg) +{ + const unsigned char *raw = NULL; + int size, res = -1; + struct tls *ctx; + + if ((ctx = SSL_get_app_data(ssl)) == NULL) + return -1; + + size = SSL_get_tlsext_status_ocsp_resp(ssl, &raw); + if (size <= 0) { + if (ctx->config->ocsp_require_stapling) { + tls_set_errorx(ctx, "no stapled OCSP response provided"); + return 0; + } + return 1; + } + + tls_ocsp_free(ctx->ocsp); + if ((ctx->ocsp = tls_ocsp_setup_from_peer(ctx)) == NULL) + return 0; + + if (ctx->config->verify_cert == 0 || ctx->config->verify_time == 0) + return 1; + + res = tls_ocsp_process_response_internal(ctx, raw, size); + + return (res == 0) ? 1 : 0; +} + + +/* Staple the OCSP information in ctx->ocsp to the server handshake. */ +int +tls_ocsp_stapling_cb(SSL *ssl, void *arg) +{ + int ret = SSL_TLSEXT_ERR_ALERT_FATAL; + unsigned char *ocsp_staple = NULL; + struct tls *ctx; + + if ((ctx = SSL_get_app_data(ssl)) == NULL) + goto err; + + if (ctx->keypair == NULL || ctx->keypair->ocsp_staple == NULL || + ctx->keypair->ocsp_staple_len == 0) + return SSL_TLSEXT_ERR_NOACK; + + if ((ocsp_staple = malloc(ctx->keypair->ocsp_staple_len)) == NULL) + goto err; + + memcpy(ocsp_staple, ctx->keypair->ocsp_staple, + ctx->keypair->ocsp_staple_len); + + if (SSL_set_tlsext_status_ocsp_resp(ctx->ssl_conn, ocsp_staple, + ctx->keypair->ocsp_staple_len) != 1) + goto err; + + ret = SSL_TLSEXT_ERR_OK; + err: + if (ret != SSL_TLSEXT_ERR_OK) + free(ocsp_staple); + + return ret; +} + +/* + * Public API + */ + +/* Retrieve OCSP URL from peer certificate, if present. */ +const char * +tls_peer_ocsp_url(struct tls *ctx) +{ + if (ctx->ocsp == NULL) + return NULL; + return ctx->ocsp->ocsp_url; +} + +const char * +tls_peer_ocsp_result(struct tls *ctx) +{ + if (ctx->ocsp == NULL) + return NULL; + if (ctx->ocsp->ocsp_result == NULL) + return NULL; + return ctx->ocsp->ocsp_result->result_msg; +} + +int +tls_peer_ocsp_response_status(struct tls *ctx) +{ + if (ctx->ocsp == NULL) + return -1; + if (ctx->ocsp->ocsp_result == NULL) + return -1; + return ctx->ocsp->ocsp_result->response_status; +} + +int +tls_peer_ocsp_cert_status(struct tls *ctx) +{ + if (ctx->ocsp == NULL) + return -1; + if (ctx->ocsp->ocsp_result == NULL) + return -1; + return ctx->ocsp->ocsp_result->cert_status; +} + +int +tls_peer_ocsp_crl_reason(struct tls *ctx) +{ + if (ctx->ocsp == NULL) + return -1; + if (ctx->ocsp->ocsp_result == NULL) + return -1; + return ctx->ocsp->ocsp_result->crl_reason; +} + +time_t +tls_peer_ocsp_this_update(struct tls *ctx) +{ + if (ctx->ocsp == NULL) + return -1; + if (ctx->ocsp->ocsp_result == NULL) + return -1; + return ctx->ocsp->ocsp_result->this_update; +} + +time_t +tls_peer_ocsp_next_update(struct tls *ctx) +{ + if (ctx->ocsp == NULL) + return -1; + if (ctx->ocsp->ocsp_result == NULL) + return -1; + return ctx->ocsp->ocsp_result->next_update; +} + +time_t +tls_peer_ocsp_revocation_time(struct tls *ctx) +{ + if (ctx->ocsp == NULL) + return -1; + if (ctx->ocsp->ocsp_result == NULL) + return -1; + return ctx->ocsp->ocsp_result->revocation_time; +} + +int +tls_ocsp_process_response(struct tls *ctx, const unsigned char *response, + size_t size) +{ + if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0) + return -1; + return tls_ocsp_process_response_internal(ctx, response, size); +} diff --git a/tls_peer.c b/tls_peer.c new file mode 100644 index 0000000..ec97a30 --- /dev/null +++ b/tls_peer.c @@ -0,0 +1,99 @@ +/* $OpenBSD: tls_peer.c,v 1.8 2017/04/10 17:11:13 jsing Exp $ */ +/* + * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> + * Copyright (c) 2015 Bob Beck <beck@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <stdio.h> + +#include <openssl/x509.h> + +#include <tls.h> +#include "tls_internal.h" + +const char * +tls_peer_cert_hash(struct tls *ctx) +{ + if (ctx->conninfo == NULL) + return (NULL); + return (ctx->conninfo->hash); +} +const char * +tls_peer_cert_issuer(struct tls *ctx) +{ + if (ctx->conninfo == NULL) + return (NULL); + return (ctx->conninfo->issuer); +} + +const char * +tls_peer_cert_subject(struct tls *ctx) +{ + if (ctx->conninfo == NULL) + return (NULL); + return (ctx->conninfo->subject); +} + +int +tls_peer_cert_provided(struct tls *ctx) +{ + return (ctx->ssl_peer_cert != NULL); +} + +int +tls_peer_cert_contains_name(struct tls *ctx, const char *name) +{ + int match; + + if (ctx->ssl_peer_cert == NULL) + return (0); + + if (tls_check_name(ctx, ctx->ssl_peer_cert, name, &match) == -1) + return (0); + + return (match); +} + +time_t +tls_peer_cert_notbefore(struct tls *ctx) +{ + if (ctx->ssl_peer_cert == NULL) + return (-1); + if (ctx->conninfo == NULL) + return (-1); + return (ctx->conninfo->notbefore); +} + +time_t +tls_peer_cert_notafter(struct tls *ctx) +{ + if (ctx->ssl_peer_cert == NULL) + return (-1); + if (ctx->conninfo == NULL) + return (-1); + return (ctx->conninfo->notafter); +} + +const uint8_t * +tls_peer_cert_chain_pem(struct tls *ctx, size_t *size) +{ + if (ctx->ssl_peer_cert == NULL) + return (NULL); + if (ctx->conninfo == NULL) + return (NULL); + *size = ctx->conninfo->peer_cert_len; + return (ctx->conninfo->peer_cert); +} + diff --git a/tls_server.c b/tls_server.c new file mode 100644 index 0000000..a709a2b --- /dev/null +++ b/tls_server.c @@ -0,0 +1,454 @@ +/* $OpenBSD: tls_server.c,v 1.45 2019/05/13 22:36:01 bcook Exp $ */ +/* + * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <sys/socket.h> + +#include <arpa/inet.h> + +#include <openssl/ec.h> +#include <openssl/err.h> +#include <openssl/ssl.h> + +#include <tls.h> +#include "tls_internal.h" + +struct tls * +tls_server(void) +{ + struct tls *ctx; + + if (tls_init() == -1) + return (NULL); + + if ((ctx = tls_new()) == NULL) + return (NULL); + + ctx->flags |= TLS_SERVER; + + return (ctx); +} + +struct tls * +tls_server_conn(struct tls *ctx) +{ + struct tls *conn_ctx; + + if ((conn_ctx = tls_new()) == NULL) + return (NULL); + + conn_ctx->flags |= TLS_SERVER_CONN; + + pthread_mutex_lock(&ctx->config->mutex); + ctx->config->refcount++; + pthread_mutex_unlock(&ctx->config->mutex); + + conn_ctx->config = ctx->config; + conn_ctx->keypair = ctx->config->keypair; + + return (conn_ctx); +} + +static int +tls_server_alpn_cb(SSL *ssl, const unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, void *arg) +{ + struct tls *ctx = arg; + + if (SSL_select_next_proto((unsigned char**)out, outlen, + ctx->config->alpn, ctx->config->alpn_len, in, inlen) == + OPENSSL_NPN_NEGOTIATED) + return (SSL_TLSEXT_ERR_OK); + + return (SSL_TLSEXT_ERR_NOACK); +} + +static int +tls_servername_cb(SSL *ssl, int *al, void *arg) +{ + struct tls *ctx = (struct tls *)arg; + struct tls_sni_ctx *sni_ctx; + union tls_addr addrbuf; + struct tls *conn_ctx; + const char *name; + int match; + + if ((conn_ctx = SSL_get_app_data(ssl)) == NULL) + goto err; + + if ((name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)) == + NULL) { + /* + * The servername callback gets called even when there is no + * TLS servername extension provided by the client. Sigh! + */ + return (SSL_TLSEXT_ERR_NOACK); + } + + /* + * Per RFC 6066 section 3: ensure that name is not an IP literal. + * + * While we should treat this as an error, a number of clients + * (Python, Ruby and Safari) are not RFC compliant. To avoid handshake + * failures, pretend that we did not receive the extension. + */ + if (inet_pton(AF_INET, name, &addrbuf) == 1 || + inet_pton(AF_INET6, name, &addrbuf) == 1) + return (SSL_TLSEXT_ERR_NOACK); + + free((char *)conn_ctx->servername); + if ((conn_ctx->servername = strdup(name)) == NULL) + goto err; + + /* Find appropriate SSL context for requested servername. */ + for (sni_ctx = ctx->sni_ctx; sni_ctx != NULL; sni_ctx = sni_ctx->next) { + if (tls_check_name(ctx, sni_ctx->ssl_cert, name, + &match) == -1) + goto err; + if (match) { + conn_ctx->keypair = sni_ctx->keypair; + SSL_set_SSL_CTX(conn_ctx->ssl_conn, sni_ctx->ssl_ctx); + return (SSL_TLSEXT_ERR_OK); + } + } + + /* No match, use the existing context/certificate. */ + return (SSL_TLSEXT_ERR_OK); + + err: + /* + * There is no way to tell libssl that an internal failure occurred. + * The only option we have is to return a fatal alert. + */ + *al = TLS1_AD_INTERNAL_ERROR; + return (SSL_TLSEXT_ERR_ALERT_FATAL); +} + +static struct tls_ticket_key * +tls_server_ticket_key(struct tls_config *config, unsigned char *keyname) +{ + struct tls_ticket_key *key = NULL; + time_t now; + int i; + + now = time(NULL); + if (config->ticket_autorekey == 1) { + if (now - 3 * (config->session_lifetime / 4) > + config->ticket_keys[0].time) { + if (tls_config_ticket_autorekey(config) == -1) + return (NULL); + } + } + for (i = 0; i < TLS_NUM_TICKETS; i++) { + struct tls_ticket_key *tk = &config->ticket_keys[i]; + if (now - config->session_lifetime > tk->time) + continue; + if (keyname == NULL || timingsafe_memcmp(keyname, + tk->key_name, sizeof(tk->key_name)) == 0) { + key = tk; + break; + } + } + return (key); +} + +static int +tls_server_ticket_cb(SSL *ssl, unsigned char *keyname, unsigned char *iv, + EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int mode) +{ + struct tls_ticket_key *key; + struct tls *tls_ctx; + + if ((tls_ctx = SSL_get_app_data(ssl)) == NULL) + return (-1); + + if (mode == 1) { + /* create new session */ + key = tls_server_ticket_key(tls_ctx->config, NULL); + if (key == NULL) { + tls_set_errorx(tls_ctx, "no valid ticket key found"); + return (-1); + } + + memcpy(keyname, key->key_name, sizeof(key->key_name)); + arc4random_buf(iv, EVP_MAX_IV_LENGTH); + EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, + key->aes_key, iv); + HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key), + EVP_sha256(), NULL); + return (0); + } else { + /* get key by name */ + key = tls_server_ticket_key(tls_ctx->config, keyname); + if (key == NULL) + return (0); + + EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, + key->aes_key, iv); + HMAC_Init_ex(hctx, key->hmac_key, sizeof(key->hmac_key), + EVP_sha256(), NULL); + + /* time to renew the ticket? is it the primary key? */ + if (key != &tls_ctx->config->ticket_keys[0]) + return (2); + return (1); + } +} + +static int +tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx, + struct tls_keypair *keypair) +{ + SSL_CTX_free(*ssl_ctx); + + if ((*ssl_ctx = SSL_CTX_new(SSLv23_server_method())) == NULL) { + tls_set_errorx(ctx, "ssl context failure"); + goto err; + } + + SSL_CTX_set_options(*ssl_ctx, SSL_OP_NO_CLIENT_RENEGOTIATION); + + if (SSL_CTX_set_tlsext_servername_callback(*ssl_ctx, + tls_servername_cb) != 1) { + tls_set_error(ctx, "failed to set servername callback"); + goto err; + } + if (SSL_CTX_set_tlsext_servername_arg(*ssl_ctx, ctx) != 1) { + tls_set_error(ctx, "failed to set servername callback arg"); + goto err; + } + + if (tls_configure_ssl(ctx, *ssl_ctx) != 0) + goto err; + if (tls_configure_ssl_keypair(ctx, *ssl_ctx, keypair, 1) != 0) + goto err; + if (ctx->config->verify_client != 0) { + int verify = SSL_VERIFY_PEER; + if (ctx->config->verify_client == 1) + verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; + if (tls_configure_ssl_verify(ctx, *ssl_ctx, verify) == -1) + goto err; + } + + if (ctx->config->alpn != NULL) + SSL_CTX_set_alpn_select_cb(*ssl_ctx, tls_server_alpn_cb, + ctx); + + if (ctx->config->dheparams == -1) + SSL_CTX_set_dh_auto(*ssl_ctx, 1); + else if (ctx->config->dheparams == 1024) + SSL_CTX_set_dh_auto(*ssl_ctx, 2); + + if (ctx->config->ecdhecurves != NULL) { + SSL_CTX_set_ecdh_auto(*ssl_ctx, 1); + if (SSL_CTX_set1_groups(*ssl_ctx, ctx->config->ecdhecurves, + ctx->config->ecdhecurves_len) != 1) { + tls_set_errorx(ctx, "failed to set ecdhe curves"); + goto err; + } + } + + if (ctx->config->ciphers_server == 1) + SSL_CTX_set_options(*ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); + + if (SSL_CTX_set_tlsext_status_cb(*ssl_ctx, tls_ocsp_stapling_cb) != 1) { + tls_set_errorx(ctx, "failed to add OCSP stapling callback"); + goto err; + } + + if (ctx->config->session_lifetime > 0) { + /* set the session lifetime and enable tickets */ + SSL_CTX_set_timeout(*ssl_ctx, ctx->config->session_lifetime); + SSL_CTX_clear_options(*ssl_ctx, SSL_OP_NO_TICKET); + if (!SSL_CTX_set_tlsext_ticket_key_cb(*ssl_ctx, + tls_server_ticket_cb)) { + tls_set_error(ctx, + "failed to set the TLS ticket callback"); + goto err; + } + } + + if (SSL_CTX_set_session_id_context(*ssl_ctx, ctx->config->session_id, + sizeof(ctx->config->session_id)) != 1) { + tls_set_error(ctx, "failed to set session id context"); + goto err; + } + + return (0); + + err: + SSL_CTX_free(*ssl_ctx); + *ssl_ctx = NULL; + + return (-1); +} + +static int +tls_configure_server_sni(struct tls *ctx) +{ + struct tls_sni_ctx **sni_ctx; + struct tls_keypair *kp; + + if (ctx->config->keypair->next == NULL) + return (0); + + /* Set up additional SSL contexts for SNI. */ + sni_ctx = &ctx->sni_ctx; + for (kp = ctx->config->keypair->next; kp != NULL; kp = kp->next) { + if ((*sni_ctx = tls_sni_ctx_new()) == NULL) { + tls_set_errorx(ctx, "out of memory"); + goto err; + } + (*sni_ctx)->keypair = kp; + if (tls_configure_server_ssl(ctx, &(*sni_ctx)->ssl_ctx, kp) == -1) + goto err; + if (tls_keypair_load_cert(kp, &ctx->error, + &(*sni_ctx)->ssl_cert) == -1) + goto err; + sni_ctx = &(*sni_ctx)->next; + } + + return (0); + + err: + return (-1); +} + +int +tls_configure_server(struct tls *ctx) +{ + if (tls_configure_server_ssl(ctx, &ctx->ssl_ctx, + ctx->config->keypair) == -1) + goto err; + if (tls_configure_server_sni(ctx) == -1) + goto err; + + return (0); + + err: + return (-1); +} + +static struct tls * +tls_accept_common(struct tls *ctx) +{ + struct tls *conn_ctx = NULL; + + if ((ctx->flags & TLS_SERVER) == 0) { + tls_set_errorx(ctx, "not a server context"); + goto err; + } + + if ((conn_ctx = tls_server_conn(ctx)) == NULL) { + tls_set_errorx(ctx, "connection context failure"); + goto err; + } + + if ((conn_ctx->ssl_conn = SSL_new(ctx->ssl_ctx)) == NULL) { + tls_set_errorx(ctx, "ssl failure"); + goto err; + } + + if (SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx) != 1) { + tls_set_errorx(ctx, "ssl application data failure"); + goto err; + } + + return conn_ctx; + + err: + tls_free(conn_ctx); + + return (NULL); +} + +int +tls_accept_socket(struct tls *ctx, struct tls **cctx, int s) +{ + return (tls_accept_fds(ctx, cctx, s, s)); +} + +int +tls_accept_fds(struct tls *ctx, struct tls **cctx, int fd_read, int fd_write) +{ + struct tls *conn_ctx; + + if ((conn_ctx = tls_accept_common(ctx)) == NULL) + goto err; + + if (SSL_set_rfd(conn_ctx->ssl_conn, fd_read) != 1 || + SSL_set_wfd(conn_ctx->ssl_conn, fd_write) != 1) { + tls_set_errorx(ctx, "ssl file descriptor failure"); + goto err; + } + + *cctx = conn_ctx; + + return (0); + err: + tls_free(conn_ctx); + *cctx = NULL; + + return (-1); +} + +int +tls_accept_cbs(struct tls *ctx, struct tls **cctx, + tls_read_cb read_cb, tls_write_cb write_cb, void *cb_arg) +{ + struct tls *conn_ctx; + + if ((conn_ctx = tls_accept_common(ctx)) == NULL) + goto err; + + if (tls_set_cbs(conn_ctx, read_cb, write_cb, cb_arg) != 0) + goto err; + + *cctx = conn_ctx; + + return (0); + err: + tls_free(conn_ctx); + *cctx = NULL; + + return (-1); +} + +int +tls_handshake_server(struct tls *ctx) +{ + int ssl_ret; + int rv = -1; + + if ((ctx->flags & TLS_SERVER_CONN) == 0) { + tls_set_errorx(ctx, "not a server connection context"); + goto err; + } + + ctx->state |= TLS_SSL_NEEDS_SHUTDOWN; + + ERR_clear_error(); + if ((ssl_ret = SSL_accept(ctx->ssl_conn)) != 1) { + rv = tls_ssl_error(ctx, ctx->ssl_conn, ssl_ret, "handshake"); + goto err; + } + + ctx->state |= TLS_HANDSHAKE_COMPLETE; + rv = 0; + + err: + return (rv); +} diff --git a/tls_util.c b/tls_util.c new file mode 100644 index 0000000..b144fb1 --- /dev/null +++ b/tls_util.c @@ -0,0 +1,225 @@ +/* $OpenBSD: tls_util.c,v 1.14 2019/04/13 18:47:58 tb Exp $ */ +/* + * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> + * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org> + * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <sys/stat.h> + +#include <stdlib.h> +#include <unistd.h> +#include <fcntl.h> + +#include "tls.h" +#include "tls_internal.h" + +static void * +memdup(const void *in, size_t len) +{ + void *out; + + if ((out = malloc(len)) == NULL) + return NULL; + memcpy(out, in, len); + return out; +} + +int +tls_set_mem(char **dest, size_t *destlen, const void *src, size_t srclen) +{ + free(*dest); + *dest = NULL; + *destlen = 0; + if (src != NULL) { + if ((*dest = memdup(src, srclen)) == NULL) + return -1; + *destlen = srclen; + } + return 0; +} + +int +tls_set_string(const char **dest, const char *src) +{ + free((char *)*dest); + *dest = NULL; + if (src != NULL) + if ((*dest = strdup(src)) == NULL) + return -1; + return 0; +} + +/* + * Extract the host and port from a colon separated value. For a literal IPv6 + * address the address must be contained with square braces. If a host and + * port are successfully extracted, the function will return 0 and the + * caller is responsible for freeing the host and port. If no port is found + * then the function will return 1, with both host and port being NULL. + * On memory allocation failure -1 will be returned. + */ +int +tls_host_port(const char *hostport, char **host, char **port) +{ + char *h, *p, *s; + int rv = 1; + + *host = NULL; + *port = NULL; + + if ((s = strdup(hostport)) == NULL) + goto err; + + h = p = s; + + /* See if this is an IPv6 literal with square braces. */ + if (p[0] == '[') { + h++; + if ((p = strchr(s, ']')) == NULL) + goto done; + *p++ = '\0'; + } + + /* Find the port seperator. */ + if ((p = strchr(p, ':')) == NULL) + goto done; + + /* If there is another separator then we have issues. */ + if (strchr(p + 1, ':') != NULL) + goto done; + + *p++ = '\0'; + + if (asprintf(host, "%s", h) == -1) { + *host = NULL; + goto err; + } + if (asprintf(port, "%s", p) == -1) { + *port = NULL; + goto err; + } + + rv = 0; + goto done; + + err: + free(*host); + *host = NULL; + free(*port); + *port = NULL; + rv = -1; + + done: + free(s); + + return (rv); +} + +int +tls_password_cb(char *buf, int size, int rwflag, void *u) +{ + size_t len; + + if (size < 0) + return (0); + + if (u == NULL) { + memset(buf, 0, size); + return (0); + } + + if ((len = strlcpy(buf, u, size)) >= (size_t)size) + return (0); + + return (len); +} + +uint8_t * +tls_load_file(const char *name, size_t *len, char *password) +{ + FILE *fp; + EVP_PKEY *key = NULL; + BIO *bio = NULL; + char *data; + uint8_t *buf = NULL; + struct stat st; + size_t size = 0; + int fd = -1; + ssize_t n; + + *len = 0; + + if ((fd = open(name, O_RDONLY)) == -1) + return (NULL); + + /* Just load the file into memory without decryption */ + if (password == NULL) { + if (fstat(fd, &st) != 0) + goto err; + if (st.st_size < 0) + goto err; + size = (size_t)st.st_size; + if ((buf = malloc(size)) == NULL) + goto err; + n = read(fd, buf, size); + if (n < 0 || (size_t)n != size) + goto err; + close(fd); + goto done; + } + + /* Or read the (possibly) encrypted key from file */ + if ((fp = fdopen(fd, "r")) == NULL) + goto err; + fd = -1; + + key = PEM_read_PrivateKey(fp, NULL, tls_password_cb, password); + fclose(fp); + if (key == NULL) + goto err; + + /* Write unencrypted key to memory buffer */ + if ((bio = BIO_new(BIO_s_mem())) == NULL) + goto err; + if (!PEM_write_bio_PrivateKey(bio, key, NULL, NULL, 0, NULL, NULL)) + goto err; + if ((size = BIO_get_mem_data(bio, &data)) <= 0) + goto err; + if ((buf = malloc(size)) == NULL) + goto err; + memcpy(buf, data, size); + + BIO_free_all(bio); + EVP_PKEY_free(key); + + done: + *len = size; + return (buf); + + err: + if (fd != -1) + close(fd); + freezero(buf, size); + BIO_free_all(bio); + EVP_PKEY_free(key); + + return (NULL); +} + +void +tls_unload_file(uint8_t *buf, size_t len) +{ + freezero(buf, len); +} diff --git a/tls_verify.c b/tls_verify.c new file mode 100644 index 0000000..acbe163 --- /dev/null +++ b/tls_verify.c @@ -0,0 +1,280 @@ +/* $OpenBSD: tls_verify.c,v 1.20 2018/02/05 00:52:24 jsing Exp $ */ +/* + * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <sys/socket.h> + +#include <arpa/inet.h> +#include <netinet/in.h> + +#include <string.h> + +#include <openssl/x509v3.h> + +#include <tls.h> +#include "tls_internal.h" + +static int +tls_match_name(const char *cert_name, const char *name) +{ + const char *cert_domain, *domain, *next_dot; + + if (strcasecmp(cert_name, name) == 0) + return 0; + + /* Wildcard match? */ + if (cert_name[0] == '*') { + /* + * Valid wildcards: + * - "*.domain.tld" + * - "*.sub.domain.tld" + * - etc. + * Reject "*.tld". + * No attempt to prevent the use of eg. "*.co.uk". + */ + cert_domain = &cert_name[1]; + /* Disallow "*" */ + if (cert_domain[0] == '\0') + return -1; + /* Disallow "*foo" */ + if (cert_domain[0] != '.') + return -1; + /* Disallow "*.." */ + if (cert_domain[1] == '.') + return -1; + next_dot = strchr(&cert_domain[1], '.'); + /* Disallow "*.bar" */ + if (next_dot == NULL) + return -1; + /* Disallow "*.bar.." */ + if (next_dot[1] == '.') + return -1; + + domain = strchr(name, '.'); + + /* No wildcard match against a name with no host part. */ + if (name[0] == '.') + return -1; + /* No wildcard match against a name with no domain part. */ + if (domain == NULL || strlen(domain) == 1) + return -1; + + if (strcasecmp(cert_domain, domain) == 0) + return 0; + } + + return -1; +} + +/* + * See RFC 5280 section 4.2.1.6 for SubjectAltName details. + * alt_match is set to 1 if a matching alternate name is found. + * alt_exists is set to 1 if any known alternate name exists in the certificate. + */ +static int +tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name, + int *alt_match, int *alt_exists) +{ + STACK_OF(GENERAL_NAME) *altname_stack = NULL; + union tls_addr addrbuf; + int addrlen, type; + int count, i; + int rv = 0; + + *alt_match = 0; + *alt_exists = 0; + + altname_stack = X509_get_ext_d2i(cert, NID_subject_alt_name, + NULL, NULL); + if (altname_stack == NULL) + return 0; + + if (inet_pton(AF_INET, name, &addrbuf) == 1) { + type = GEN_IPADD; + addrlen = 4; + } else if (inet_pton(AF_INET6, name, &addrbuf) == 1) { + type = GEN_IPADD; + addrlen = 16; + } else { + type = GEN_DNS; + addrlen = 0; + } + + count = sk_GENERAL_NAME_num(altname_stack); + for (i = 0; i < count; i++) { + GENERAL_NAME *altname; + + altname = sk_GENERAL_NAME_value(altname_stack, i); + + if (altname->type == GEN_DNS || altname->type == GEN_IPADD) + *alt_exists = 1; + + if (altname->type != type) + continue; + + if (type == GEN_DNS) { + unsigned char *data; + int format, len; + + format = ASN1_STRING_type(altname->d.dNSName); + if (format == V_ASN1_IA5STRING) { + data = ASN1_STRING_data(altname->d.dNSName); + len = ASN1_STRING_length(altname->d.dNSName); + + if (len < 0 || (size_t)len != strlen(data)) { + tls_set_errorx(ctx, + "error verifying name '%s': " + "NUL byte in subjectAltName, " + "probably a malicious certificate", + name); + rv = -1; + break; + } + + /* + * Per RFC 5280 section 4.2.1.6: + * " " is a legal domain name, but that + * dNSName must be rejected. + */ + if (strcmp(data, " ") == 0) { + tls_set_errorx(ctx, + "error verifying name '%s': " + "a dNSName of \" \" must not be " + "used", name); + rv = -1; + break; + } + + if (tls_match_name(data, name) == 0) { + *alt_match = 1; + break; + } + } else { +#ifdef DEBUG + fprintf(stdout, "%s: unhandled subjectAltName " + "dNSName encoding (%d)\n", getprogname(), + format); +#endif + } + + } else if (type == GEN_IPADD) { + unsigned char *data; + int datalen; + + datalen = ASN1_STRING_length(altname->d.iPAddress); + data = ASN1_STRING_data(altname->d.iPAddress); + + if (datalen < 0) { + tls_set_errorx(ctx, + "Unexpected negative length for an " + "IP address: %d", datalen); + rv = -1; + break; + } + + /* + * Per RFC 5280 section 4.2.1.6: + * IPv4 must use 4 octets and IPv6 must use 16 octets. + */ + if (datalen == addrlen && + memcmp(data, &addrbuf, addrlen) == 0) { + *alt_match = 1; + break; + } + } + } + + sk_GENERAL_NAME_pop_free(altname_stack, GENERAL_NAME_free); + return rv; +} + +static int +tls_check_common_name(struct tls *ctx, X509 *cert, const char *name, + int *cn_match) +{ + X509_NAME *subject_name; + char *common_name = NULL; + union tls_addr addrbuf; + int common_name_len; + int rv = 0; + + *cn_match = 0; + + subject_name = X509_get_subject_name(cert); + if (subject_name == NULL) + goto done; + + common_name_len = X509_NAME_get_text_by_NID(subject_name, + NID_commonName, NULL, 0); + if (common_name_len < 0) + goto done; + + common_name = calloc(common_name_len + 1, 1); + if (common_name == NULL) + goto done; + + X509_NAME_get_text_by_NID(subject_name, NID_commonName, common_name, + common_name_len + 1); + + /* NUL bytes in CN? */ + if (common_name_len < 0 || + (size_t)common_name_len != strlen(common_name)) { + tls_set_errorx(ctx, "error verifying name '%s': " + "NUL byte in Common Name field, " + "probably a malicious certificate", name); + rv = -1; + goto done; + } + + /* + * We don't want to attempt wildcard matching against IP addresses, + * so perform a simple comparison here. + */ + if (inet_pton(AF_INET, name, &addrbuf) == 1 || + inet_pton(AF_INET6, name, &addrbuf) == 1) { + if (strcmp(common_name, name) == 0) + *cn_match = 1; + goto done; + } + + if (tls_match_name(common_name, name) == 0) + *cn_match = 1; + + done: + free(common_name); + return rv; +} + +int +tls_check_name(struct tls *ctx, X509 *cert, const char *name, int *match) +{ + int alt_exists; + + *match = 0; + + if (tls_check_subject_altname(ctx, cert, name, match, + &alt_exists) == -1) + return -1; + + /* + * As per RFC 6125 section 6.4.4, if any known alternate name existed + * in the certificate, we do not attempt to match on the CN. + */ + if (*match || alt_exists) + return 0; + + return tls_check_common_name(ctx, cert, name, match); +} |