1 files changed, 120 insertions, 59 deletions
diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt
index 91b85e5f14..5da519e7e4 100644
--- a/src/lib/libssl/doc/openssl.txt
+++ b/src/lib/libssl/doc/openssl.txt
@@ -1,53 +1,12 @@
 This is some preliminary documentation for OpenSSL.
-==============================================================================
+Contents:
-                            BUFFER Library
-==============================================================================
-The buffer library handles simple character arrays. Buffers are used for
-various purposes in the library, most notably memory BIOs.
-The library uses the BUF_MEM structure defined in buffer.h:
-typedef struct buf_mem_st
-{
-        int length;     /* current number of bytes */
-        char *data;
-        int max;        /* size of buffer */
-} BUF_MEM;
-'length' is the current size of the buffer in bytes, 'max' is the amount of
-memory allocated to the buffer. There are three functions which handle these
-and one "miscellaneous" function.
-BUF_MEM *BUF_MEM_new()
-This allocates a new buffer of zero size. Returns the buffer or NULL on error.
-void BUF_MEM_free(BUF_MEM *a)
-This frees up an already existing buffer. The data is zeroed before freeing
-up in case the buffer contains sensitive data.
-int BUF_MEM_grow(BUF_MEM *str, int len)
-This changes the size of an already existing buffer. It returns zero on error
+ OpenSSL X509V3 extension configuration
-or the new size (i.e. 'len'). Any data already in the buffer is preserved if
+ X509V3 Extension code: programmers guide
-it increases in size.
+ PKCS#12 Library
-char * BUF_strdup(char *str)
-This is the previously mentioned strdup function: like the standard library
-strdup() it copies a null terminated string into a block of allocated memory
-and returns a pointer to the allocated block.
-Unlike the standard C library strdup() this function uses Malloc() and so
-should be used in preference to the standard library strdup() because it can
-be used for memory leak checking or replacing the malloc() function.
-The memory allocated from BUF_strdup() should be freed up using the Free()
-function.
 ==============================================================================
               OpenSSL X509V3 extension configuration
@@ -188,7 +147,7 @@ email.1=steve@here
 email.2=steve@there
 This is because the configuration file code cannot handle the same name
-occurring twice in the same extension.
+occurring twice in the same section.
 The syntax of raw extensions is governed by the extension code: it can
 for example contain data in multiple sections. The correct syntax to
@@ -315,6 +274,41 @@ TRUE. An end user certificate MUST NOT have the CA value set to true.
 According to PKIX recommendations it should exclude the extension entirely,
 however some software may require CA set to FALSE for end entity certificates.
+Extended Key Usage.
+This extensions consists of a list of usages.
+These can either be object short names of the dotted numerical form of OIDs.
+While any OID can be used only certain values make sense. In particular the
+following PKIX, NS and MS values are meaningful:
+Value                   Meaning
+-----                   -------
+serverAuth              SSL/TLS Web Server Authentication.
+clientAuth              SSL/TLS Web Client Authentication.
+codeSigning             Code signing.
+emailProtection         E-mail Protection (S/MIME).
+timeStamping            Trusted Timestamping
+msCodeInd               Microsoft Individual Code Signing (authenticode)
+msCodeCom               Microsoft Commercial Code Signing (authenticode)
+msCTLSign               Microsoft Trust List Signing
+msSGC                   Microsoft Server Gated Crypto
+msEFS                   Microsoft Encrypted File System
+nsSGC                   Netscape Server Gated Crypto
+For example, under IE5 a CA can be used for any purpose: by including a list
+of the above usages the CA can be restricted to only authorised uses.
+Note: software packages may place additional interpretations on certificate 
+use, in particular some usages may only work for selected CAs. Don't for example
+expect just including msSGC or nsSGC will automatically mean that a certificate
+can be used for SGC ("step up" encryption) otherwise anyone could use it.
+Examples:
+extendedKeyUsage=critical,codeSigning,1.2.3.4
+extendedKeyUsage=nsSGC,msSGC
 Subject Key Identifier.
 This is really a string extension and can take two possible values. Either
@@ -361,6 +355,24 @@ that would not make sense. It does support an additional issuer:copy option
 that will copy all the subject alternative name values from the issuer 
 certificate (if possible).
+Example:
+issuserAltName = issuer:copy
+Authority Info Access.
+The authority information access extension gives details about how to access
+certain information relating to the CA. Its syntax is accessOID;location
+where 'location' has the same syntax as subject alternative name (except
+that email:copy is not supported). accessOID can be any valid OID but only
+certain values are meaningful for example OCSP and caIssuers. OCSP gives the
+location of an OCSP responder: this is used by Netscape PSM and other software.
+Example:
+authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
+authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
 CRL distribution points.
 This is a multi-valued extension that supports all the literal options of
@@ -459,16 +471,16 @@ extension in a human or machine readable form.
 1. Initialisation and cleanup.
-X509V3_add_standard_extensions();
+No special initialisation is needed before calling the extension functions.
+You used to have to call X509V3_add_standard_extensions(); but this is no longer
-This function should be called before any other extension code. It adds support
+required and this function no longer does anything.
-for some common PKIX and Netscape extensions. Additional custom extensions can
-be added as well (see later).
 void X509V3_EXT_cleanup(void);
-This function should be called last to cleanup the extension code. After this
+This function should be called to cleanup the extension code if any custom
-call no other extension calls should be made.
+extensions have been added. If no custom extensions have been added then this
+call does nothing. After this call all custom extension code is freed up but
+you can still use the standard extensions.
 2. Printing and parsing extensions.
@@ -495,6 +507,47 @@ details about the structures returned. The returned structure should be freed
 after use using the relevant free function, BASIC_CONSTRAINTS_free() for 
 example.
+void    *       X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
+void    *       X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
+void    *       X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
+void    *       X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
+These functions combine the operations of searching for extensions and
+parsing them. They search a certificate, a CRL a CRL entry or a stack
+of extensions respectively for extension whose NID is 'nid' and return
+the parsed result of NULL if an error occurred. For example:
+BASIC_CONSTRAINTS *bs;
+bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
+This will search for the basicConstraints extension and either return
+it value or NULL. NULL can mean either the extension was not found, it
+occurred more than once or it could not be parsed.
+If 'idx' is NULL then an extension is only parsed if it occurs precisely
+once. This is standard behaviour because extensions normally cannot occur
+more than once. If however more than one extension of the same type can
+occur it can be used to parse successive extensions for example:
+int i;
+void *ext;
+i = -1;
+for(;;) {
+        ext = X509_get_ext_d2i(x, nid, crit, &idx);
+        if(ext == NULL) break;
+         /* Do something with ext */
+}
+If 'crit' is not NULL and the extension was found then the int it points to
+is set to 1 for critical extensions and 0 for non critical. Therefore if the
+function returns NULL but 'crit' is set to 0 or 1 then the extension was
+found but it could not be parsed.
+The int pointed to by crit will be set to -1 if the extension was not found
+and -2 if the extension occurred more than once (this will only happen if
+idx is NULL). In both cases the function will return NULL.
 3. Generating extensions.
 An extension will typically be generated from a configuration file, or some
@@ -512,7 +565,7 @@ or CRL is due to be signed. Both return 0 on error on non zero for success.
 In each case 'conf' is the LHASH pointer of the configuration file to use
 and 'section' is the section containing the extension details.
-See the 'context functions' section for a description of the ctx paramater.
+See the 'context functions' section for a description of the ctx parameter.
 X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
@@ -531,7 +584,7 @@ takes the NID of the extension rather than its name.
 For example to produce basicConstraints with the CA flag and a path length of
 10:
-x = X509V3_EXT_conf_nid(NULL, NULL, NID_basicConstraints, "CA:TRUE,pathlen:10");
+x = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,"CA:TRUE,pathlen:10");
 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
@@ -659,7 +712,7 @@ The same as above but for an unsigned character value.
 int X509V3_add_value_bool(const char *name, int asn1_bool,
                                                STACK_OF(CONF_VALUE) **extlist);
-This adds either "TRUE" or "FALSE" depending on the value of 'ans1_bool'
+This adds either "TRUE" or "FALSE" depending on the value of 'asn1_bool'
 int X509V3_add_value_bool_nf(char *name, int asn1_bool,
                                                STACK_OF(CONF_VALUE) **extlist);
@@ -686,7 +739,7 @@ Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs
 or return a STACK_OF(CONF_VALUE).
 Raw extensions are just passed a BIO or a value and it is the extensions
-responsiblity to handle all the necessary printing.
+responsibility to handle all the necessary printing.
 There are two ways to add an extension. One is simply as an alias to an already
 existing extension. An alias is an extension that is identical in ASN1 structure
@@ -811,7 +864,7 @@ int i2r(struct v3_ext_method *method, void *ext, BIO *out, int indent);
 This function is passed the internal extension structure in the ext parameter
 and sends out a human readable version of the extension to out. The 'indent'
-paremeter should be noted to determine the necessary amount of indentation
+parameter should be noted to determine the necessary amount of indentation
 needed on the output.
 void * r2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
@@ -882,7 +935,7 @@ d2i_PKCS12_fp(fp, p12)
 This is the same but for a FILE pointer.
-3. Parsing and creation functions.
+3. High level functions.
 3.1 Parsing with PKCS12_parse().
@@ -920,6 +973,14 @@ p12 = PKCS12_create(pass, "My Certificate", pkey, cert, NULL, 0,0,0,0,0);
 i2d_PKCS12_fp(fp, p12);
 PKCS12_free(p12);
+3.3 Changing a PKCS#12 structure password.
+int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
+This changes the password of an already existing PKCS#12 structure. oldpass
+is the old password and newpass is the new one. An error occurs if the old
+password is incorrect.
 LOW LEVEL FUNCTIONS.
 In some cases the high level functions do not provide the necessary

diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt index 91b85e5f14..5da519e7e4 100644 --- a/src/lib/libssl/doc/openssl.txt +++ b/src/lib/libssl/doc/openssl.txt
@@ -1,53 +1,12 @@
1		1
2	This is some preliminary documentation for OpenSSL.	2	This is some preliminary documentation for OpenSSL.
3		3
4	==============================================================================	4	Contents:
5	BUFFER Library
6	==============================================================================
7
8	The buffer library handles simple character arrays. Buffers are used for
9	various purposes in the library, most notably memory BIOs.
10
11	The library uses the BUF_MEM structure defined in buffer.h:
12
13	typedef struct buf_mem_st
14	{
15	int length; /* current number of bytes */
16	char *data;
17	int max; /* size of buffer */
18	} BUF_MEM;
19
20	'length' is the current size of the buffer in bytes, 'max' is the amount of
21	memory allocated to the buffer. There are three functions which handle these
22	and one "miscellaneous" function.
23
24	BUF_MEM *BUF_MEM_new()
25
26	This allocates a new buffer of zero size. Returns the buffer or NULL on error.
27
28	void BUF_MEM_free(BUF_MEM *a)
29
30	This frees up an already existing buffer. The data is zeroed before freeing
31	up in case the buffer contains sensitive data.
32
33	int BUF_MEM_grow(BUF_MEM *str, int len)
34		5
35	This changes the size of an already existing buffer. It returns zero on error	6	OpenSSL X509V3 extension configuration
36	or the new size (i.e. 'len'). Any data already in the buffer is preserved if	7	X509V3 Extension code: programmers guide
37	it increases in size.	8	PKCS#12 Library
38		9
39	char * BUF_strdup(char *str)
40
41	This is the previously mentioned strdup function: like the standard library
42	strdup() it copies a null terminated string into a block of allocated memory
43	and returns a pointer to the allocated block.
44
45	Unlike the standard C library strdup() this function uses Malloc() and so
46	should be used in preference to the standard library strdup() because it can
47	be used for memory leak checking or replacing the malloc() function.
48
49	The memory allocated from BUF_strdup() should be freed up using the Free()
50	function.
51		10
52	==============================================================================	11	==============================================================================
53	OpenSSL X509V3 extension configuration	12	OpenSSL X509V3 extension configuration
@@ -188,7 +147,7 @@ email.1=steve@here
188	email.2=steve@there	147	email.2=steve@there
189		148
190	This is because the configuration file code cannot handle the same name	149	This is because the configuration file code cannot handle the same name
191	occurring twice in the same extension.	150	occurring twice in the same section.
192		151
193	The syntax of raw extensions is governed by the extension code: it can	152	The syntax of raw extensions is governed by the extension code: it can
194	for example contain data in multiple sections. The correct syntax to	153	for example contain data in multiple sections. The correct syntax to
@@ -315,6 +274,41 @@ TRUE. An end user certificate MUST NOT have the CA value set to true.
315	According to PKIX recommendations it should exclude the extension entirely,	274	According to PKIX recommendations it should exclude the extension entirely,
316	however some software may require CA set to FALSE for end entity certificates.	275	however some software may require CA set to FALSE for end entity certificates.
317		276
		277	Extended Key Usage.
		278
		279	This extensions consists of a list of usages.
		280
		281	These can either be object short names of the dotted numerical form of OIDs.
		282	While any OID can be used only certain values make sense. In particular the
		283	following PKIX, NS and MS values are meaningful:
		284
		285	Value Meaning
		286	----- -------
		287	serverAuth SSL/TLS Web Server Authentication.
		288	clientAuth SSL/TLS Web Client Authentication.
		289	codeSigning Code signing.
		290	emailProtection E-mail Protection (S/MIME).
		291	timeStamping Trusted Timestamping
		292	msCodeInd Microsoft Individual Code Signing (authenticode)
		293	msCodeCom Microsoft Commercial Code Signing (authenticode)
		294	msCTLSign Microsoft Trust List Signing
		295	msSGC Microsoft Server Gated Crypto
		296	msEFS Microsoft Encrypted File System
		297	nsSGC Netscape Server Gated Crypto
		298
		299	For example, under IE5 a CA can be used for any purpose: by including a list
		300	of the above usages the CA can be restricted to only authorised uses.
		301
		302	Note: software packages may place additional interpretations on certificate
		303	use, in particular some usages may only work for selected CAs. Don't for example
		304	expect just including msSGC or nsSGC will automatically mean that a certificate
		305	can be used for SGC ("step up" encryption) otherwise anyone could use it.
		306
		307	Examples:
		308
		309	extendedKeyUsage=critical,codeSigning,1.2.3.4
		310	extendedKeyUsage=nsSGC,msSGC
		311
318	Subject Key Identifier.	312	Subject Key Identifier.
319		313
320	This is really a string extension and can take two possible values. Either	314	This is really a string extension and can take two possible values. Either
@@ -361,6 +355,24 @@ that would not make sense. It does support an additional issuer:copy option
361	that will copy all the subject alternative name values from the issuer	355	that will copy all the subject alternative name values from the issuer
362	certificate (if possible).	356	certificate (if possible).
363		357
		358	Example:
		359
		360	issuserAltName = issuer:copy
		361
		362	Authority Info Access.
		363
		364	The authority information access extension gives details about how to access
		365	certain information relating to the CA. Its syntax is accessOID;location
		366	where 'location' has the same syntax as subject alternative name (except
		367	that email:copy is not supported). accessOID can be any valid OID but only
		368	certain values are meaningful for example OCSP and caIssuers. OCSP gives the
		369	location of an OCSP responder: this is used by Netscape PSM and other software.
		370
		371	Example:
		372
		373	authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
		374	authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
		375
364	CRL distribution points.	376	CRL distribution points.
365		377
366	This is a multi-valued extension that supports all the literal options of	378	This is a multi-valued extension that supports all the literal options of
@@ -459,16 +471,16 @@ extension in a human or machine readable form.
459		471
460	1. Initialisation and cleanup.	472	1. Initialisation and cleanup.
461		473
462	X509V3_add_standard_extensions();	474	No special initialisation is needed before calling the extension functions.
463		475	You used to have to call X509V3_add_standard_extensions(); but this is no longer
464	This function should be called before any other extension code. It adds support	476	required and this function no longer does anything.
465	for some common PKIX and Netscape extensions. Additional custom extensions can
466	be added as well (see later).
467		477
468	void X509V3_EXT_cleanup(void);	478	void X509V3_EXT_cleanup(void);
469		479
470	This function should be called last to cleanup the extension code. After this	480	This function should be called to cleanup the extension code if any custom
471	call no other extension calls should be made.	481	extensions have been added. If no custom extensions have been added then this
		482	call does nothing. After this call all custom extension code is freed up but
		483	you can still use the standard extensions.
472		484
473	2. Printing and parsing extensions.	485	2. Printing and parsing extensions.
474		486
@@ -495,6 +507,47 @@ details about the structures returned. The returned structure should be freed
495	after use using the relevant free function, BASIC_CONSTRAINTS_free() for	507	after use using the relevant free function, BASIC_CONSTRAINTS_free() for
496	example.	508	example.
497		509
		510	void * X509_get_ext_d2i(X509 x, int nid, int crit, int *idx);
		511	void * X509_CRL_get_ext_d2i(X509_CRL x, int nid, int crit, int *idx);
		512	void * X509_REVOKED_get_ext_d2i(X509_REVOKED x, int nid, int crit, int *idx);
		513	void * X509V3_get_d2i(STACK_OF(X509_EXTENSION) x, int nid, int crit, int *idx);
		514
		515	These functions combine the operations of searching for extensions and
		516	parsing them. They search a certificate, a CRL a CRL entry or a stack
		517	of extensions respectively for extension whose NID is 'nid' and return
		518	the parsed result of NULL if an error occurred. For example:
		519
		520	BASIC_CONSTRAINTS *bs;
		521	bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
		522
		523	This will search for the basicConstraints extension and either return
		524	it value or NULL. NULL can mean either the extension was not found, it
		525	occurred more than once or it could not be parsed.
		526
		527	If 'idx' is NULL then an extension is only parsed if it occurs precisely
		528	once. This is standard behaviour because extensions normally cannot occur
		529	more than once. If however more than one extension of the same type can
		530	occur it can be used to parse successive extensions for example:
		531
		532	int i;
		533	void *ext;
		534
		535	i = -1;
		536	for(;;) {
		537	ext = X509_get_ext_d2i(x, nid, crit, &idx);
		538	if(ext == NULL) break;
		539	/* Do something with ext */
		540	}
		541
		542	If 'crit' is not NULL and the extension was found then the int it points to
		543	is set to 1 for critical extensions and 0 for non critical. Therefore if the
		544	function returns NULL but 'crit' is set to 0 or 1 then the extension was
		545	found but it could not be parsed.
		546
		547	The int pointed to by crit will be set to -1 if the extension was not found
		548	and -2 if the extension occurred more than once (this will only happen if
		549	idx is NULL). In both cases the function will return NULL.
		550
498	3. Generating extensions.	551	3. Generating extensions.
499		552
500	An extension will typically be generated from a configuration file, or some	553	An extension will typically be generated from a configuration file, or some
@@ -512,7 +565,7 @@ or CRL is due to be signed. Both return 0 on error on non zero for success.
512	In each case 'conf' is the LHASH pointer of the configuration file to use	565	In each case 'conf' is the LHASH pointer of the configuration file to use
513	and 'section' is the section containing the extension details.	566	and 'section' is the section containing the extension details.
514		567
515	See the 'context functions' section for a description of the ctx paramater.	568	See the 'context functions' section for a description of the ctx parameter.
516		569
517		570
518	X509_EXTENSION X509V3_EXT_conf(LHASH conf, X509V3_CTX ctx, char name,	571	X509_EXTENSION X509V3_EXT_conf(LHASH conf, X509V3_CTX ctx, char name,
@@ -531,7 +584,7 @@ takes the NID of the extension rather than its name.
531	For example to produce basicConstraints with the CA flag and a path length of	584	For example to produce basicConstraints with the CA flag and a path length of
532	10:	585	10:
533		586
534	x = X509V3_EXT_conf_nid(NULL, NULL, NID_basicConstraints, "CA:TRUE,pathlen:10");	587	x = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,"CA:TRUE,pathlen:10");
535		588
536		589
537	X509_EXTENSION X509V3_EXT_i2d(int ext_nid, int crit, void ext_struc);	590	X509_EXTENSION X509V3_EXT_i2d(int ext_nid, int crit, void ext_struc);
@@ -659,7 +712,7 @@ The same as above but for an unsigned character value.
659	int X509V3_add_value_bool(const char *name, int asn1_bool,	712	int X509V3_add_value_bool(const char *name, int asn1_bool,
660	STACK_OF(CONF_VALUE) **extlist);	713	STACK_OF(CONF_VALUE) **extlist);
661		714
662	This adds either "TRUE" or "FALSE" depending on the value of 'ans1_bool'	715	This adds either "TRUE" or "FALSE" depending on the value of 'asn1_bool'
663		716
664	int X509V3_add_value_bool_nf(char *name, int asn1_bool,	717	int X509V3_add_value_bool_nf(char *name, int asn1_bool,
665	STACK_OF(CONF_VALUE) **extlist);	718	STACK_OF(CONF_VALUE) **extlist);
@@ -686,7 +739,7 @@ Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs
686	or return a STACK_OF(CONF_VALUE).	739	or return a STACK_OF(CONF_VALUE).
687		740
688	Raw extensions are just passed a BIO or a value and it is the extensions	741	Raw extensions are just passed a BIO or a value and it is the extensions
689	responsiblity to handle all the necessary printing.	742	responsibility to handle all the necessary printing.
690		743
691	There are two ways to add an extension. One is simply as an alias to an already	744	There are two ways to add an extension. One is simply as an alias to an already
692	existing extension. An alias is an extension that is identical in ASN1 structure	745	existing extension. An alias is an extension that is identical in ASN1 structure
@@ -811,7 +864,7 @@ int i2r(struct v3_ext_method method, void ext, BIO *out, int indent);
811		864
812	This function is passed the internal extension structure in the ext parameter	865	This function is passed the internal extension structure in the ext parameter
813	and sends out a human readable version of the extension to out. The 'indent'	866	and sends out a human readable version of the extension to out. The 'indent'
814	paremeter should be noted to determine the necessary amount of indentation	867	parameter should be noted to determine the necessary amount of indentation
815	needed on the output.	868	needed on the output.
816		869
817	void * r2i(struct v3_ext_method method, struct v3_ext_ctx ctx, char *str);	870	void * r2i(struct v3_ext_method method, struct v3_ext_ctx ctx, char *str);
@@ -882,7 +935,7 @@ d2i_PKCS12_fp(fp, p12)
882		935
883	This is the same but for a FILE pointer.	936	This is the same but for a FILE pointer.
884		937
885	3. Parsing and creation functions.	938	3. High level functions.
886		939
887	3.1 Parsing with PKCS12_parse().	940	3.1 Parsing with PKCS12_parse().
888		941
@@ -920,6 +973,14 @@ p12 = PKCS12_create(pass, "My Certificate", pkey, cert, NULL, 0,0,0,0,0);
920	i2d_PKCS12_fp(fp, p12);	973	i2d_PKCS12_fp(fp, p12);
921	PKCS12_free(p12);	974	PKCS12_free(p12);
922		975
		976	3.3 Changing a PKCS#12 structure password.
		977
		978	int PKCS12_newpass(PKCS12 p12, char oldpass, char *newpass);
		979
		980	This changes the password of an already existing PKCS#12 structure. oldpass
		981	is the old password and newpass is the new one. An error occurs if the old
		982	password is incorrect.
		983
923	LOW LEVEL FUNCTIONS.	984	LOW LEVEL FUNCTIONS.
924		985
925	In some cases the high level functions do not provide the necessary	986	In some cases the high level functions do not provide the necessary