mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 16:04:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update docs: corrections, turn buffer docs into manpage, fold SHA1

Browse Source 
pages into one for improved readability, add lhash manpage
This commit is contained in:
Ulf Möller 2000-01-30 22:16:47 +00:00
parent da0fc5bf0f
commit 74235cc9ec
20 changed files with 354 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@ -31,6 +31,8 @@
o Memory leak detection now allows applications to add extra information
via a per-thread stack
o PRNG robustness improved
o Enhanced support for Alpha Linux
o Experimental MacOS support
Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:

2
doc/apps/openssl.pod
View File

@ -228,7 +228,7 @@ RC5 Cipher
L<asn1parse(1)|asn1parse(1)>, L<ca(1)|ca(1)>, L<config(5)|config(5)>,
L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkcs7(1)>, L<dgst(1)|dgst(1)>,
L<dh(1)|dh(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>,
L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>,
L<enc(1)|enc(1)>, L<gendh(1)|gendh(1)>, L<gendsa(1)|gendsa(1)>,
L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>,
L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,

2
doc/crypto/DH_get_ex_new_index.pod
View File

@ -30,7 +30,7 @@ L<RSA_get_ex_new_index()|RSA_get_ex_new_index()>, L<dh(3)|dh(3)>
=head1 HISTORY
RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data() are
DH_get_ex_new_index(), DH_set_ex_data() and DH_get_ex_data() are
available since OpenSSL 0.9.5.
=cut

3
doc/crypto/DSA_do_sign.pod
View File

@ -36,7 +36,8 @@ L<ERR_get_error(3)|ERR_get_error(3)>.
=head1 SEE ALSO
L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
L<DSA_sign(3)|DSA_sign(3)>
=head1 HISTORY

6
doc/crypto/DSA_dup_DH.pod
View File

@ -8,7 +8,7 @@ DSA_dup_DH - Create a DH structure out of DSA structure
#include <openssl/dsa.h>
DH * DSA_dup_DH(DSA *r);
DH * DSA_dup_DH(DSA *r);
=head1 DESCRIPTION
@ -21,6 +21,10 @@ contain its length.
DSA_dup_DH() returns the new B<DH> structure, and NULL on error. The
error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
=head1 NOTE
Be careful to avoid small subgroup attacks when using this.
=head1 SEE ALSO
L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>

2
doc/crypto/DSA_generate_parameters.pod
View File

@ -8,7 +8,7 @@ DSA_generate_parameters - Generate DSA parameters
#include <openssl/dsa.h>
DSA * DSA_generate_parameters(int bits, unsigned char *seed,
DSA *DSA_generate_parameters(int bits, unsigned char *seed,
int seed_len, int *counter_ret, unsigned long *h_ret,
void (*callback)(), void *cb_arg);

2
doc/crypto/DSA_get_ex_new_index.pod
View File

@ -30,7 +30,7 @@ L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, L<dsa(3)|dsa(3)>
=head1 HISTORY
DH_get_ex_new_index(), DH_set_ex_data() and DH_get_ex_data() are
DSA_get_ex_new_index(), DSA_set_ex_data() and DSA_get_ex_data() are
available since OpenSSL 0.9.5.
=cut

8
doc/crypto/DSA_set_method.pod
View File

@ -48,7 +48,7 @@ the default method is used.
struct
{
/* name of the implementation */
const char *name;
const char *name;
/* sign */
DSA_SIG *(*dsa_do_sign)(const unsigned char *dgst, int dlen,
@ -68,9 +68,9 @@ struct
BN_CTX *ctx, BN_MONT_CTX *in_mont);
/* compute r = a ^ p mod m. May be NULL */
int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx);
int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a,
const BIGNUM *p, const BIGNUM *m,
BN_CTX *ctx, BN_MONT_CTX *m_ctx);
/* called at DSA_new */
int (*init)(DSA *DSA);

6
doc/crypto/DSA_sign.pod
View File

@ -38,6 +38,9 @@ B<dsa> is the signer's public key.
The B<type> parameter is ignored.
The PRNG must be seeded before DSA_sign() (or DSA_sign_setup())
is called.
=head1 RETURN VALUES
DSA_sign() and DSA_sign_setup() return 1 on success, 0 on error.
@ -52,7 +55,8 @@ Standard, DSS), ANSI X9.30
=head1 SEE ALSO
L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<DSA_do_sign(3)|DSA_do_sign(3)>
L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
L<DSA_do_sign(3)|DSA_do_sign(3)>
=head1 HISTORY

2
doc/crypto/RAND_load_file.pod
View File

@ -8,7 +8,7 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file
#include <openssl/rand.h>
char *RAND_file_name(char *buf, int num);
const char *RAND_file_name(char *buf, int num);
int RAND_load_file(const char *filename, long max_bytes);

5
doc/crypto/RSA_print.pod
View File

@ -14,6 +14,8 @@ cryptographic parameters
#include <openssl/dsa.h>
int DSAparams_print(BIO *bp, DSA *x);
int DSAparams_print_fp(FILE *fp, DSA *x);
int DSA_print(BIO *bp, DSA *x, int offset);
int DSA_print_fp(FILE *fp, DSA *x, int offset);
@ -25,7 +27,7 @@ cryptographic parameters
=head1 DESCRIPTION
A human-readable hexadecimal output of the components of the RSA
key, DSA key or DH parameters is printed to B<bp> or B<fp>.
key, DSA parameters or key or DH parameters is printed to B<bp> or B<fp>.
The output lines are indented by B<offset> spaces.
@ -41,5 +43,6 @@ L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<rsa(3)|rsa(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)>
RSA_print(), RSA_print_fp(), DSA_print(), DSA_print_fp(), DH_print(),
DH_print_fp() are available in all versions of SSLeay and OpenSSL.
DSAparams_print() and DSAparams_print_pf() were added in SSLeay 0.8.
=cut

36
doc/crypto/SHA1.pod
View File

@ -1,36 +0,0 @@
=pod
=head1 NAME
SHA1 - Compute SHA1 hash
=head1 SYNOPSIS
#include <openssl/sha.h>
unsigned char *SHA1(const unsigned char *d, unsigned long n,
unsigned char *md);
=head1 DESCRIPTION
SHA1() computes the SHA-1 message digest of the B<n> bytes at B<d> and
places it in B<md> (which must have space for SHA_DIGEST_LENGTH == 20
bytes of output). If B<md> is NULL, the digest is placed in a static
array.
L<SHA1_Init(3)|SHA1_Init(3)> may be used if the message is not completely
stored in memory.
=head1 RETURN VALUE
SHA1() returns a pointer to the hash value.
=head1 HISTORY
SHA1() is available in all versions of SSLeay and OpenSSL.
=head1 SEE ALSO
L<sha(3)|sha(3)>, L<ripemd(3)|ripemd(3)>, L<SHA1_Init(3)|SHA1_Init(3)>
=cut

42
doc/crypto/SHA1_Init.pod
View File

@ -1,42 +0,0 @@
=pod
=head1 NAME
SHA1_Init, SHA1_Update_SHA1_Final - Compute SHA1 hash
=head1 SYNOPSIS
#include <openssl/sha.h>
void SHA1_Init(SHA_CTX *c);
void SHA1_Update(SHA_CTX *c, const unsigned char *data,
unsigned long len);
void SHA1_Final(unsigned char *md, SHA_CTX *c);
=head1 DESCRIPTION
SHA1_Init() initializes a B<SHA_CTX> structure.
SHA1_Update() can be called repeatedly with chunks of the message to
be hashed (B<len> bytes at B<data>).
SHA1_Final() places the message digest in B<md>, which must have space
for SHA_DIGEST_LENGTH == 20 bytes of output, and erases the B<SHA_CTX>.
When the entire message is available at one time, L<SHA1(3)|SHA1(3)>
can be used.
=head1 RETURN VALUES
SHA1_Init(), SHA1_Update() and SHA1_Final() do not return values.
=head1 HISTORY
SHA1_Init(), SHA1_Update() and SHA1_Final()are available in all
versions of SSLeay and OpenSSL.
=head1 SEE ALSO
L<sha(3)|sha(3)>, L<ripemd(3)|ripemd(3)>, L<SHA1(3)|SHA1(3)>
=cut

73
doc/crypto/buffer.pod Normal file
View File

@ -0,0 +1,73 @@
=pod
=head1 NAME
BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup - Simple
character arrays structure
=head1 SYNOPSIS
#include <openssl/buffer.h>
BUF_MEM *BUF_MEM_new(void);
void BUF_MEM_free(BUF_MEM *a);
int BUF_MEM_grow(BUF_MEM *str, int len);
char * BUF_strdup(const char *str);
=head1 DESCRIPTION
The buffer library handles simple character arrays. Buffers are used for
various purposes in the library, most notably memory BIOs.
The library uses the BUF_MEM structure defined in buffer.h:
typedef struct buf_mem_st
{
int length; /* current number of bytes */
char *data;
int max; /* size of buffer */
} BUF_MEM;
B<length> is the current size of the buffer in bytes, B<max> is the amount of
memory allocated to the buffer. There are three functions which handle these
and one "miscellaneous" function.
BUF_MEM_new() allocates a new buffer of zero size.
BUF_MEM_free() frees up an already existing buffer. The data is zeroed
before freeing up in case the buffer contains sensitive data.
BUF_MEM_grow() changes the size of an already existing buffer to
B<len>. Any data already in the buffer is preserved if it increases in
size.
BUF_strdup() copies a null terminated string into a block of allocated
memory and returns a pointer to the allocated block.
Unlike the standard C library strdup() this function uses Malloc() and so
should be used in preference to the standard library strdup() because it can
be used for memory leak checking or replacing the malloc() function.
The memory allocated from BUF_strdup() should be freed up using the Free()
function.
=head1 RETURN VALUES
BUF_MEM_new() returns the buffer or NULL on error.
BUF_MEM_free() has no return value.
BUF_MEM_grow() returns zero on error or the new size (i.e. B<len>).
=head1 SEE ALSO
L<bio(3)|bio(3)>
=head1 HISTORY
BUF_MEM_new(), BUF_MEM_free() and BUF_MEM_grow() are available in all
versions of SSLeay and OpenSSL. BUF_strdup() was addded in SSLeay 0.8.
=cut

9
doc/crypto/dsa.pod
View File

@ -92,6 +92,13 @@ Standard, DSS), ANSI X9.30
=head1 SEE ALSO
L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>
L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<DSA_new(3)|DSA_new(3)>,
L<DSA_size(3)|DSA_size(3)>,
L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
L<DSA_dup_DH(3)|DSA_dup_DH(3)>,
L<DSA_generate_key(3)|DSA_generate_key(3)>,
L<DSA_sign(3)|DSA_sign(3)>, L<DSA_set_method(3)|DSA_set_method(3)>,
L<DSA_get_ex_new_index(3)|DSA_get_ex_new_index(3)>,
L<RSA_print(3)|RSA_print(3)>
=cut

60
doc/crypto/lh_stats.pod Normal file
View File

@ -0,0 +1,60 @@
=pod
=head1 NAME
lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio,
lh_node_stats_bio, lh_node_usage_stats_bio - LHASH statistics
=head1 SYNOPSIS
#include <openssl/lhash.h>
void lh_stats(LHASH *table, FILE *out);
void lh_node_stats(LHASH *table, FILE *out);
void lh_node_usage_stats(LHASH *table, FILE *out);
void lh_stats_bio(LHASH *table, BIO *out);
void lh_node_stats_bio(LHASH *table, BIO *out);
void lh_node_usage_stats_bio(LHASH *table, BIO *out);
=head1 DESCRIPTION
The B<LHASH> structure records statistics about most aspects of
accessing the hash table. This is mostly a legacy of Eric Young
writing this library for the reasons of implementing what looked like
a nice algorithm rather than for a particular software product.
lh_stats() prints out statistics on the size of the hash table, how
many entries are in it, and the number and result of calls to the
routines in this library.
lh_node_stats() prints the number of entries for each 'bucket' in the
hash table.
lh_node_usage_stats() prints out a short summary of the state of the
hash table. It prints the 'load' and the 'actual load'. The load is
the average number of data items per 'bucket' in the hash table. The
'actual load' is the average number of items per 'bucket', but only
for buckets which contain entries. So the 'actual load' is the
average number of searches that will need to find an item in the hash
table, while the 'load' is the average number that will be done to
record a miss.
lh_stats_bio(), lh_node_stats_bio() and lh_node_usage_stats_bio()
are the same as the above, except that the output goes to a B<BIO>.
=head1 RETURN VALUES
These functions do not return values.
=head1 SEE ALSO
L<bio(3)|bio(3)>, L<lhash(3)|lhash(3)>
=head1 HISTORY
These functions are available in all versions of SSLeay and OpenSSL.
This manpage is derived from the SSLeay documentation.
=cut

155
doc/crypto/lhash.pod Normal file
View File

@ -0,0 +1,155 @@
=pod
=head1 NAME
lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall,
lh_doall_arg, lh_error - Dynamic hash table
=head1 SYNOPSIS
#include <openssl/lhash.h>
LHASH *lh_new(unsigned long (*hash)(/*void *a*/),
int (*compare)(/*void *a,void *b*/));
void lh_free(LHASH *table);
void *lh_insert(LHASH *table, void *data);
void *lh_delete(LHASH *table, void *data);
void *lh_retrieve(LHASH *table, void *data);
void lh_doall(LHASH *table, void (*func)(/*void *b*/));
void lh_doall_arg(LHASH *table, void (*func)(/*void *a,void *b*/),
void *arg);
int lh_error(LHASH *table);
=head1 DESCRIPTION
This library implements dynamic hash tables. The hash table entries
can be arbitrary structures. Usually they consist of key and value
fields.
lh_new() creates a new B<LHASH> structure. B<hash> takes a pointer to
the structure and returns an unsigned long hash value of its key
field. The hash value is normally truncated to a power of 2, so make
sure that your hash function returns well mixed low order
bits. B<compare> takes two arguments, and returns 0 if their keys are
equal, non-zero otherwise.
lh_free() frees the B<LHASH> structure B<table>. Allocated hash table
entries will not be freed; consider using lh_doall() to deallocate any
remaining entries in the hash table.
lh_insert() inserts the structure pointed to by B<data> into B<table>.
If there already is an entry with the same key, the old value is
replaced. Note that lh_insert() stores pointers, the data are not
copied.
lh_delete() deletes an entry from B<table>.
lh_retrieve() looks up an entry in B<table>. Normally, B<data> is
a structure with the key field(s) set; the function will return a
pointer to a fully populated structure.
lh_doall() will, for every entry in the hash table, call B<func> with
the data item as parameters.
This function can be quite useful when used as follows:
void cleanup(STUFF *a)
{ STUFF_free(a); }
lh_doall(hash,cleanup);
lh_free(hash);
This can be used to free all the entries. lh_free() then cleans up the
'buckets' that point to nothing. When doing this, be careful if you
delete entries from the hash table in B<func>: the table may decrease
in size, moving item that you are currently on down lower in the hash
table. This could cause some entries to be skipped. The best
solution to this problem is to set hash-E<gt>down_load=0 before you
start. This will stop the hash table ever being decreased in size.
lh_doall_arg() is the same as lh_doall() except that B<func> will
be called with B<arg> as the second argument.
lh_error() can be used to determine if an error occured in the last
operation. lh_error() is a macro.
=head1 RETURN VALUES
lh_new() returns B<NULL> on error, otherwise a pointer to the new
B<LHASH> structure.
When a hash table entry is replaced, lh_insert() returns the value
being replaced. B<NULL> is returned on normal operation and on error.
lh_delete() returns the entry being deleted. B<NULL> is returned if
there is no such value in the hash table.
lh_retrieve() returns the hash table entry if it has been found,
B<NULL> otherwise.
lh_error() returns 1 if an error occurred in the last operation, 0
otherwise.
lh_free(), lh_doall() and lh_doall_arg() return no values.
=head1 BUGS
lh_insert() returns B<NULL> both for success and error.
=head1 INTERNALS
The following description is based on the SSLeay documentation:
The B<lhash> library implements a hash table described in the
I<Communications of the ACM> in 1991. What makes this hash table
different is that as the table fills, the hash table is increased (or
decreased) in size via Realloc(). When a 'resize' is done, instead of
all hashes being redistributed over twice as many 'buckets', one
bucket is split. So when an 'expand' is done, there is only a minimal
cost to redistribute some values. Subsequent inserts will cause more
single 'bucket' redistributions but there will never be a sudden large
cost due to redistributing all the 'buckets'.
The state for a particular hash table is kept in the B<LHASH> structure.
The decision to increase or decrease the hash table size is made
depending on the 'load' of the hash table. The load is the number of
items in the hash table divided by the size of the hash table. The
default values are as follows. If (hash->up_load E<lt> load) =E<gt>
expand. if (hash-E<gt>down_load E<gt> load) =E<gt> contract. The
B<up_load> has a default value of 1 and B<down_load> has a default value
of 2. These numbers can be modified by the application by just
playing with the B<up_load> and B<down_load> variables. The 'load' is
kept in a form which is multiplied by 256. So
hash-E<gt>up_load=8*256; will cause a load of 8 to be set.
If you are interested in performance the field to watch is
num_comp_calls. The hash library keeps track of the 'hash' value for
each item so when a lookup is done, the 'hashes' are compared, if
there is a match, then a full compare is done, and
hash-E<gt>num_comp_calls is incremented. If num_comp_calls is not equal
to num_delete plus num_retrieve it means that your hash function is
generating hashes that are the same for different values. It is
probably worth changing your hash function if this is the case because
even if your hash table has 10 items in a 'bucket', it can be searched
with 10 B<unsigned long> compares and 10 linked list traverses. This
will be much less expensive that 10 calls to you compare function.
lh_strhash() is a demo string hashing function:
unsigned long lh_strhash(const char *c);
Since the B<LHASH> routines would normally be passed structures, this
routine would not normally be passed to lh_new(), rather it would be
used in the function passed to lh_new().
=head1 SEE ALSO
L<lh_stats(3)|lh_stats(3)>
=head1 HISTORY
The B<lhash> library is available in all versions of SSLeay and OpenSSL.
lh_error() was added in SSLeay 0.9.1b.
This manpage is derived from the SSLeay documentation.
=cut

2
doc/crypto/rand.pod
View File

@ -17,7 +17,7 @@ rand - Pseudo-random number generator
int RAND_load_file(const char *file,long max_bytes);
int RAND_write_file(const char *file);
char *RAND_file_name(char *file,int num);
const char *RAND_file_name(char *file,int num);
void RAND_set_rand_method(RAND_METHOD *meth);
RAND_METHOD *RAND_get_rand_method(void);

33
doc/crypto/sha.pod
View File

@ -2,14 +2,14 @@
=head1 NAME
sha - Secure Hash Algorithm
SHA1, SHA1_Init, SHA1_Update, SHA1_Final - Secure Hash Algorithm
=head1 SYNOPSIS
#include <openssl/sha.h>
unsigned char *SHA1(const unsigned char *d, unsigned long n,
unsigned char *md);
unsigned char *md);
void SHA1_Init(SHA_CTX *c);
void SHA1_Update(SHA_CTX *c, const unsigned char *data,
@ -21,9 +21,31 @@ sha - Secure Hash Algorithm
SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a
160 bit output.
SHA1() computes the SHA-1 message digest of the B<n>
bytes at B<d> and places it in B<md> (which must have space for
SHA_DIGEST_LENGTH == 20 bytes of output). If B<md> is NULL, the digest
is placed in a static array.
The following functions may be used if the message is not completely
stored in memory:
SHA1_Init() initializes a B<SHA_CTX> structure.
SHA1_Update() can be called repeatedly with chunks of the message to
be hashed (B<len> bytes at B<data>).
SHA1_Final() places the message digest in B<md>, which must have space
for SHA_DIGEST_LENGTH == 20 bytes of output, and erases the B<SHA_CTX>.
The predecessor of SHA-1, SHA, is also implemented, but it should be
used only when backward compatibility is required.
=head1 RETURN VALUES
SHA1() returns a pointer to the hash value.
SHA1_Init(), SHA1_Update() and SHA1_Final() do not return values.
=head1 CONFORMING TO
US Federal Information Processing Standard FIPS 180 (Secure Hash
@ -31,6 +53,11 @@ Standard), ANSI X9.30
=head1 SEE ALSO
L<ripemd(3)|ripemd(3)>, L<SHA1(3)|SHA1(3)>, L<SHA1_Init(3)|SHA1_Init(3)>
L<ripemd(3)|ripemd(3)>
=head1 HISTORY
SHA1(), SHA1_Init(), SHA1_Update() and SHA1_Final() are available in all
versions of SSLeay and OpenSSL.
=cut

48
doc/openssl.txt
View File

@ -1,54 +1,6 @@
This is some preliminary documentation for OpenSSL.
==============================================================================
BUFFER Library
==============================================================================
The buffer library handles simple character arrays. Buffers are used for
various purposes in the library, most notably memory BIOs.
The library uses the BUF_MEM structure defined in buffer.h:
typedef struct buf_mem_st
{
int length; /* current number of bytes */
char *data;
int max; /* size of buffer */
} BUF_MEM;
'length' is the current size of the buffer in bytes, 'max' is the amount of
memory allocated to the buffer. There are three functions which handle these
and one "miscellaneous" function.
BUF_MEM *BUF_MEM_new()
This allocates a new buffer of zero size. Returns the buffer or NULL on error.
void BUF_MEM_free(BUF_MEM *a)
This frees up an already existing buffer. The data is zeroed before freeing
up in case the buffer contains sensitive data.
int BUF_MEM_grow(BUF_MEM *str, int len)
This changes the size of an already existing buffer. It returns zero on error
or the new size (i.e. 'len'). Any data already in the buffer is preserved if
it increases in size.
char * BUF_strdup(char *str)
This is the previously mentioned strdup function: like the standard library
strdup() it copies a null terminated string into a block of allocated memory
and returns a pointer to the allocated block.
Unlike the standard C library strdup() this function uses Malloc() and so
should be used in preference to the standard library strdup() because it can
be used for memory leak checking or replacing the malloc() function.
The memory allocated from BUF_strdup() should be freed up using the Free()
function.
==============================================================================
OpenSSL X509V3 extension configuration
==============================================================================