diff options
| -rw-r--r-- | lib/libssl/src/doc/crypto/ASN1_OBJECT_new.pod | 2 | ||||
| -rw-r--r-- | lib/libssl/src/doc/crypto/ASN1_STRING_print_ex.pod | 10 | ||||
| -rw-r--r-- | lib/libssl/src/doc/crypto/OBJ_nid2obj.pod | 2 | ||||
| -rw-r--r-- | lib/libssl/src/doc/crypto/PKCS12_create.pod | 18 | ||||
| -rw-r--r-- | lib/libssl/src/doc/crypto/PKCS7_decrypt.pod | 4 | ||||
| -rw-r--r-- | lib/libssl/src/doc/crypto/PKCS7_encrypt.pod | 61 | ||||
| -rw-r--r-- | lib/libssl/src/doc/crypto/PKCS7_sign.pod | 109 | ||||
| -rw-r--r-- | lib/libssl/src/doc/crypto/PKCS7_verify.pod | 6 | ||||
| -rw-r--r-- | lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod | 16 | ||||
| -rw-r--r-- | lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod | 16 | ||||
| -rw-r--r-- | lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod | 14 | ||||
| -rw-r--r-- | lib/libssl/src/doc/crypto/X509_NAME_print_ex.pod | 8 | ||||
| -rw-r--r-- | lib/libssl/src/doc/crypto/d2i_DSAPublicKey.pod | 5 | ||||
| -rw-r--r-- | lib/libssl/src/doc/crypto/d2i_X509.pod | 18 |
14 files changed, 103 insertions, 186 deletions
diff --git a/lib/libssl/src/doc/crypto/ASN1_OBJECT_new.pod b/lib/libssl/src/doc/crypto/ASN1_OBJECT_new.pod index 9bae40fccf1..51679bfcd97 100644 --- a/lib/libssl/src/doc/crypto/ASN1_OBJECT_new.pod +++ b/lib/libssl/src/doc/crypto/ASN1_OBJECT_new.pod @@ -6,8 +6,6 @@ ASN1_OBJECT_new, ASN1_OBJECT_free, - object allocation functions =head1 SYNOPSIS - #include <openssl/asn1.h> - ASN1_OBJECT *ASN1_OBJECT_new(void); void ASN1_OBJECT_free(ASN1_OBJECT *a); diff --git a/lib/libssl/src/doc/crypto/ASN1_STRING_print_ex.pod b/lib/libssl/src/doc/crypto/ASN1_STRING_print_ex.pod index 3891b88791d..fbf9a1f1412 100644 --- a/lib/libssl/src/doc/crypto/ASN1_STRING_print_ex.pod +++ b/lib/libssl/src/doc/crypto/ASN1_STRING_print_ex.pod @@ -30,8 +30,8 @@ with '.'. ASN1_STRING_print() is a legacy function which should be avoided in new applications. -Although there are a large number of options frequently B<ASN1_STRFLGS_RFC2253> is -suitable, or on UTF8 terminals B<ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB>. +Although there are a large number of options frequently B<ASN1_STRFLAGS_RFC2253> is +suitable, or on UTF8 terminals B<ASN1_STRFLAGS_RFC2253 & ~ASN1_STRFLAGS_ESC_MSB>. The complete set of supported options for B<flags> is listed below. @@ -43,9 +43,9 @@ interprets UTF8 sequences. Escaping takes several forms. -If the character being escaped is a 16 bit character then the form "\UXXXX" is used +If the character being escaped is a 16 bit character then the form "\WXXXX" is used using exactly four characters for the hex representation. If it is 32 bits then -"\WXXXXXXXX" is used using eight characters of its hex representation. These forms +"\UXXXXXXXX" is used using eight characters of its hex representation. These forms will only be used if UTF8 conversion is not set (see below). Printable characters are normally escaped using the backslash '\' character. If @@ -72,7 +72,7 @@ octet. If B<ASN1_STRFLGS_DUMP_ALL> is set then any type is dumped. Normally non character string types (such as OCTET STRING) are assumed to be -one byte per character, if B<ASN1_STRFLGS_DUMP_UNKNOWN> is set then they will +one byte per character, if B<ASN1_STRFLAGS_DUMP_UNKNOWN> is set then they will be dumped instead. When a type is dumped normally just the content octets are printed, if diff --git a/lib/libssl/src/doc/crypto/OBJ_nid2obj.pod b/lib/libssl/src/doc/crypto/OBJ_nid2obj.pod index 1e45dd40f6b..7dcc07923ff 100644 --- a/lib/libssl/src/doc/crypto/OBJ_nid2obj.pod +++ b/lib/libssl/src/doc/crypto/OBJ_nid2obj.pod @@ -8,8 +8,6 @@ functions =head1 SYNOPSIS - #include <openssl/objects.h> - ASN1_OBJECT * OBJ_nid2obj(int n); const char * OBJ_nid2ln(int n); const char * OBJ_nid2sn(int n); diff --git a/lib/libssl/src/doc/crypto/PKCS12_create.pod b/lib/libssl/src/doc/crypto/PKCS12_create.pod index de7cab2bdff..48f3bb8cb8e 100644 --- a/lib/libssl/src/doc/crypto/PKCS12_create.pod +++ b/lib/libssl/src/doc/crypto/PKCS12_create.pod @@ -46,24 +46,6 @@ export grade software which could use signing only keys of arbitrary size but had restrictions on the permissible sizes of keys which could be used for encryption. -=head1 NEW FUNCTIONALITY IN OPENSSL 0.9.8 - -Some additional functionality was added to PKCS12_create() in OpenSSL -0.9.8. These extensions are detailed below. - -If a certificate contains an B<alias> or B<keyid> then this will be -used for the corresponding B<friendlyName> or B<localKeyID> in the -PKCS12 structure. - -Either B<pkey>, B<cert> or both can be B<NULL> to indicate that no key or -certficate is required. In previous versions both had to be present or -a fatal error is returned. - -B<nid_key> or B<nid_cert> can be set to -1 indicating that no encryption -should be used. - -B<mac_iter> can be set to -1 and the MAC will then be omitted entirely. - =head1 SEE ALSO L<d2i_PKCS12(3)|d2i_PKCS12(3)> diff --git a/lib/libssl/src/doc/crypto/PKCS7_decrypt.pod b/lib/libssl/src/doc/crypto/PKCS7_decrypt.pod index 325699d0b6d..b0ca067b892 100644 --- a/lib/libssl/src/doc/crypto/PKCS7_decrypt.pod +++ b/lib/libssl/src/doc/crypto/PKCS7_decrypt.pod @@ -6,9 +6,7 @@ PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure =head1 SYNOPSIS - #include <openssl/pkcs7.h> - - int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); +int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); =head1 DESCRIPTION diff --git a/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod b/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod index 2cd925a7e0b..1a507b22a29 100644 --- a/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod +++ b/lib/libssl/src/doc/crypto/PKCS7_encrypt.pod @@ -6,9 +6,7 @@ PKCS7_encrypt - create a PKCS#7 envelopedData structure =head1 SYNOPSIS - #include <openssl/pkcs7.h> - - PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags); +PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags); =head1 DESCRIPTION @@ -18,56 +16,44 @@ B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags. =head1 NOTES -Only RSA keys are supported in PKCS#7 and envelopedData so the recipient -certificates supplied to this function must all contain RSA public keys, though -they do not have to be signed using the RSA algorithm. +Only RSA keys are supported in PKCS#7 and envelopedData so the recipient certificates +supplied to this function must all contain RSA public keys, though they do not have to +be signed using the RSA algorithm. -EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use -because most clients will support it. +EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because +most clients will support it. -Some old "export grade" clients may only support weak encryption using 40 or 64 -bit RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc() -respectively. +Some old "export grade" clients may only support weak encryption using 40 or 64 bit +RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc() respectively. -The algorithm passed in the B<cipher> parameter must support ASN1 encoding of -its parameters. +The algorithm passed in the B<cipher> parameter must support ASN1 encoding of its +parameters. -Many browsers implement a "sign and encrypt" option which is simply an S/MIME +Many browsers implement a "sign and encrypt" option which is simply an S/MIME envelopedData containing an S/MIME signed message. This can be readily produced by storing the S/MIME signed message in a memory BIO and passing it to PKCS7_encrypt(). The following flags can be passed in the B<flags> parameter. -If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are -prepended to the data. - -Normally the supplied content is translated into MIME canonical format (as -required by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation -occurs. This option should be used if the supplied data is in binary format -otherwise the translation will corrupt it. If B<PKCS7_BINARY> is set then -B<PKCS7_TEXT> is ignored. - -If the B<PKCS7_STREAM> flag is set a partial B<PKCS7> structure is output -suitable for streaming I/O: no data is read from the BIO B<in>. - -=head1 NOTES - -If the flag B<PKCS7_STREAM> is set the returned B<PKCS7> structure is B<not> -complete and outputting its contents via a function that does not -properly finalize the B<PKCS7> structure will give unpredictable -results. +If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended +to the data. -Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(), -PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization -can be performed by obtaining the streaming ASN1 B<BIO> directly using -BIO_new_PKCS7(). +Normally the supplied content is translated into MIME canonical format (as required +by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This +option should be used if the supplied data is in binary format otherwise the translation +will corrupt it. If B<PKCS7_BINARY> is set then B<PKCS7_TEXT> is ignored. =head1 RETURN VALUES -PKCS7_encrypt() returns either a PKCS7 structure or NULL if an error occurred. +PKCS7_encrypt() returns either a valid PKCS7 structure or NULL if an error occurred. The error can be obtained from ERR_get_error(3). +=head1 BUGS + +The lack of single pass processing and need to hold all data in memory as +mentioned in PKCS7_sign() also applies to PKCS7_verify(). + =head1 SEE ALSO L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_decrypt(3)|PKCS7_decrypt(3)> @@ -75,6 +61,5 @@ L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_decrypt(3)|PKCS7_decrypt(3)> =head1 HISTORY PKCS7_decrypt() was added to OpenSSL 0.9.5 -The B<PKCS7_STREAM> flag was first supported in OpenSSL 1.0.0. =cut diff --git a/lib/libssl/src/doc/crypto/PKCS7_sign.pod b/lib/libssl/src/doc/crypto/PKCS7_sign.pod index 64a35144f8c..fc7e649b341 100644 --- a/lib/libssl/src/doc/crypto/PKCS7_sign.pod +++ b/lib/libssl/src/doc/crypto/PKCS7_sign.pod @@ -6,16 +6,14 @@ PKCS7_sign - create a PKCS#7 signedData structure =head1 SYNOPSIS - #include <openssl/pkcs7.h> - - PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags); +PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags); =head1 DESCRIPTION -PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert> is -the certificate to sign with, B<pkey> is the corresponsding private key. -B<certs> is an optional additional set of certificates to include in the PKCS#7 -structure (for example any intermediate CAs in the chain). +PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert> +is the certificate to sign with, B<pkey> is the corresponsding private key. +B<certs> is an optional additional set of certificates to include in the +PKCS#7 structure (for example any intermediate CAs in the chain). The data to be signed is read from BIO B<data>. @@ -23,83 +21,58 @@ B<flags> is an optional set of flags. =head1 NOTES -Any of the following flags (ored together) can be passed in the B<flags> -parameter. +Any of the following flags (ored together) can be passed in the B<flags> parameter. Many S/MIME clients expect the signed content to include valid MIME headers. If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended to the data. If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the -PKCS7 structure, the signer's certificate must still be supplied in the -B<signcert> parameter though. This can reduce the size of the signature if the -signers certificate can be obtained by other means: for example a previously -signed message. - -The data being signed is included in the PKCS7 structure, unless -B<PKCS7_DETACHED> is set in which case it is omitted. This is used for PKCS7 -detached signatures which are used in S/MIME plaintext signed messages for -example. - -Normally the supplied content is translated into MIME canonical format (as -required by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation -occurs. This option should be used if the supplied data is in binary format -otherwise the translation will corrupt it. - -The signedData structure includes several PKCS#7 autenticatedAttributes -including the signing time, the PKCS#7 content type and the supported list of -ciphers in an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no -authenticatedAttributes will be used. If B<PKCS7_NOSMIMECAP> is set then just -the SMIMECapabilities are omitted. - -If present the SMIMECapabilities attribute indicates support for the following -algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of -these algorithms is disabled then it will not be included. - -If the flags B<PKCS7_STREAM> is set then the returned B<PKCS7> structure is -just initialized ready to perform the signing operation. The signing is however -B<not> performed and the data to be signed is not read from the B<data> -parameter. Signing is deferred until after the data has been written. In this -way data can be signed in a single pass. - -If the B<PKCS7_PARTIAL> flag is set a partial B<PKCS7> structure is output to -which additional signers and capabilities can be added before finalization. - +PKCS7 structure, the signer's certificate must still be supplied in the B<signcert> +parameter though. This can reduce the size of the signature if the signers certificate +can be obtained by other means: for example a previously signed message. -=head1 NOTES +The data being signed is included in the PKCS7 structure, unless B<PKCS7_DETACHED> +is set in which case it is omitted. This is used for PKCS7 detached signatures +which are used in S/MIME plaintext signed messages for example. -If the flag B<PKCS7_STREAM> is set the returned B<PKCS7> structure is B<not> -complete and outputting its contents via a function that does not properly -finalize the B<PKCS7> structure will give unpredictable results. +Normally the supplied content is translated into MIME canonical format (as required +by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This +option should be used if the supplied data is in binary format otherwise the translation +will corrupt it. -Several functions including SMIME_write_PKCS7(), i2d_PKCS7_bio_stream(), -PEM_write_bio_PKCS7_stream() finalize the structure. Alternatively finalization -can be performed by obtaining the streaming ASN1 B<BIO> directly using -BIO_new_PKCS7(). +The signedData structure includes several PKCS#7 autenticatedAttributes including +the signing time, the PKCS#7 content type and the supported list of ciphers in +an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no authenticatedAttributes +will be used. If B<PKCS7_NOSMIMECAP> is set then just the SMIMECapabilities are +omitted. -If a signer is specified it will use the default digest for the signing -algorithm. This is B<SHA1> for both RSA and DSA keys. +If present the SMIMECapabilities attribute indicates support for the following +algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any +of these algorithms is disabled then it will not be included. -In OpenSSL 1.0.0 the B<certs>, B<signcert> and B<pkey> parameters can all be -B<NULL> if the B<PKCS7_PARTIAL> flag is set. One or more signers can be added -using the function B<PKCS7_sign_add_signer()>. B<PKCS7_final()> must also be -called to finalize the structure if streaming is not enabled. Alternative -signing digests can also be specified using this method. +=head1 BUGS -In OpenSSL 1.0.0 if B<signcert> and B<pkey> are NULL then a certificates only -PKCS#7 structure is output. +PKCS7_sign() is somewhat limited. It does not support multiple signers, some +advanced attributes such as counter signatures are not supported. -In versions of OpenSSL before 1.0.0 the B<signcert> and B<pkey> parameters must -B<NOT> be NULL. +The SHA1 digest algorithm is currently always used. -=head1 BUGS +When the signed data is not detached it will be stored in memory within the +B<PKCS7> structure. This effectively limits the size of messages which can be +signed due to memory restraints. There should be a way to sign data without +having to hold it all in memory, this would however require fairly major +revisions of the OpenSSL ASN1 code. -Some advanced attributes such as counter signatures are not supported. +Clear text signing does not store the content in memory but the way PKCS7_sign() +operates means that two passes of the data must typically be made: one to compute +the signatures and a second to output the data along with the signature. There +should be a way to process the data with only a single pass. =head1 RETURN VALUES -PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error -occurred. The error can be obtained from ERR_get_error(3). +PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error occurred. +The error can be obtained from ERR_get_error(3). =head1 SEE ALSO @@ -109,8 +82,4 @@ L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_verify(3)|PKCS7_verify(3)> PKCS7_sign() was added to OpenSSL 0.9.5 -The B<PKCS7_PARTIAL> flag was added in OpenSSL 1.0.0 - -The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0 - =cut diff --git a/lib/libssl/src/doc/crypto/PKCS7_verify.pod b/lib/libssl/src/doc/crypto/PKCS7_verify.pod index 7c10a4cc3c0..07c9fdad402 100644 --- a/lib/libssl/src/doc/crypto/PKCS7_verify.pod +++ b/lib/libssl/src/doc/crypto/PKCS7_verify.pod @@ -6,11 +6,9 @@ PKCS7_verify - verify a PKCS#7 signedData structure =head1 SYNOPSIS - #include <openssl/pkcs7.h> +int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags); - int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags); - - STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); +int PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); =head1 DESCRIPTION diff --git a/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod b/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod index 41902c0d455..d287c18564b 100644 --- a/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod +++ b/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod @@ -9,17 +9,15 @@ X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions =head1 SYNOPSIS - #include <openssl/x509.h> +ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); +ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); - ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); - ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); +int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj); +int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, unsigned char *bytes, int len); - int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj); - int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len); - - X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len); - X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len); - X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, char *field, int type, unsigned char *bytes, int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type,unsigned char *bytes, int len); =head1 DESCRIPTION diff --git a/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod b/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod index 1afd008cb37..4472a1c5cf7 100644 --- a/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod +++ b/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod @@ -7,17 +7,11 @@ X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions =head1 SYNOPSIS - #include <openssl/x509.h> - - int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set); - - int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set); - - int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set); - - int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set); - - X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, unsigned char *bytes, int len, int loc, int set); +int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set); +int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set); +int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set); +X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); =head1 DESCRIPTION diff --git a/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod b/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod index 3b1f9ff43b6..333323d734e 100644 --- a/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod +++ b/lib/libssl/src/doc/crypto/X509_NAME_get_index_by_NID.pod @@ -8,16 +8,14 @@ X509_NAME lookup and enumeration functions =head1 SYNOPSIS - #include <openssl/x509.h> +int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); +int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos); - int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); - int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos); +int X509_NAME_entry_count(X509_NAME *name); +X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); - int X509_NAME_entry_count(X509_NAME *name); - X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); - - int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len); - int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len); +int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len); +int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len); =head1 DESCRIPTION diff --git a/lib/libssl/src/doc/crypto/X509_NAME_print_ex.pod b/lib/libssl/src/doc/crypto/X509_NAME_print_ex.pod index 2579a5dc9dc..907c04f684f 100644 --- a/lib/libssl/src/doc/crypto/X509_NAME_print_ex.pod +++ b/lib/libssl/src/doc/crypto/X509_NAME_print_ex.pod @@ -41,8 +41,8 @@ applications. Although there are a large number of possible flags for most purposes B<XN_FLAG_ONELINE>, B<XN_FLAG_MULTILINE> or B<XN_FLAG_RFC2253> will suffice. As noted on the L<ASN1_STRING_print_ex(3)|ASN1_STRING_print_ex(3)> manual page -for UTF8 terminals the B<ASN1_STRFLGS_ESC_MSB> should be unset: so for example -B<XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB> would be used. +for UTF8 terminals the B<ASN1_STRFLAGS_ESC_MSB> should be unset: so for example +B<XN_FLAG_ONELINE & ~ASN1_STRFLAGS_ESC_MSB> would be used. The complete set of the flags supported by X509_NAME_print_ex() is listed below. @@ -86,10 +86,10 @@ is equivalent to: B<ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS> -B<XN_FLAG_ONELINE> is a more readable one line format which is the same as: +B<XN_FLAG_ONELINE> is a more readable one line format it is the same as: B<ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN> -B<XN_FLAG_MULTILINE> is a multiline format which is the same as: +B<XN_FLAG_MULTILINE> is a multiline format is is the same as: B<ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN> B<XN_FLAG_COMPAT> uses a format identical to X509_NAME_print(): in fact it calls X509_NAME_print() internally. diff --git a/lib/libssl/src/doc/crypto/d2i_DSAPublicKey.pod b/lib/libssl/src/doc/crypto/d2i_DSAPublicKey.pod index 22c1b50f228..6ebd30427b8 100644 --- a/lib/libssl/src/doc/crypto/d2i_DSAPublicKey.pod +++ b/lib/libssl/src/doc/crypto/d2i_DSAPublicKey.pod @@ -9,7 +9,6 @@ and parsing functions. =head1 SYNOPSIS #include <openssl/dsa.h> - #include <openssl/x509.h> DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); @@ -36,8 +35,8 @@ and parsing functions. d2i_DSAPublicKey() and i2d_DSAPublicKey() decode and encode the DSA public key components structure. -d2i_DSA_PUBKEY() and i2d_DSA_PUBKEY() decode and encode an DSA public key using -a SubjectPublicKeyInfo (certificate public key) structure. +d2i_DSA_PUKEY() and i2d_DSA_PUKEY() decode and encode an DSA public key using a +SubjectPublicKeyInfo (certificate public key) structure. d2i_DSAPrivateKey(), i2d_DSAPrivateKey() decode and encode the DSA private key components. diff --git a/lib/libssl/src/doc/crypto/d2i_X509.pod b/lib/libssl/src/doc/crypto/d2i_X509.pod index 298ec54a4c3..5e3c3d09857 100644 --- a/lib/libssl/src/doc/crypto/d2i_X509.pod +++ b/lib/libssl/src/doc/crypto/d2i_X509.pod @@ -9,27 +9,27 @@ i2d_X509_fp - X509 encode and decode functions #include <openssl/x509.h> - X509 *d2i_X509(X509 **px, const unsigned char **in, int len); + X509 *d2i_X509(X509 **px, unsigned char **in, int len); int i2d_X509(X509 *x, unsigned char **out); X509 *d2i_X509_bio(BIO *bp, X509 **x); X509 *d2i_X509_fp(FILE *fp, X509 **x); - int i2d_X509_bio(BIO *bp, X509 *x); - int i2d_X509_fp(FILE *fp, X509 *x); + int i2d_X509_bio(X509 *x, BIO *bp); + int i2d_X509_fp(X509 *x, FILE *fp); =head1 DESCRIPTION The X509 encode and decode routines encode and parse an B<X509> structure, which represents an X509 certificate. -d2i_X509() attempts to decode B<len> bytes at B<*in>. If +d2i_X509() attempts to decode B<len> bytes at B<*out>. If successful a pointer to the B<X509> structure is returned. If an error occurred then B<NULL> is returned. If B<px> is not B<NULL> then the returned structure is written to B<*px>. If B<*px> is not B<NULL> then it is assumed that B<*px> contains a valid B<X509> structure and an attempt is made to reuse it. If the call is -successful B<*in> is incremented to the byte following the +successful B<*out> is incremented to the byte following the parsed data. i2d_X509() encodes the structure pointed to by B<x> into DER format. @@ -212,11 +212,11 @@ d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure or B<NULL> if an error occurs. The error code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. -i2d_X509() returns the number of bytes successfully encoded or a negative -value if an error occurs. The error code can be obtained by -L<ERR_get_error(3)|ERR_get_error(3)>. +i2d_X509(), i2d_X509_bio() and i2d_X509_fp() return a the number of bytes +successfully encoded or a negative value if an error occurs. The error code +can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. -i2d_X509_bio() and i2d_X509_fp() return 1 for success and 0 if an error +i2d_X509_bio() and i2d_X509_fp() returns 1 for success and 0 if an error occurs The error code can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. =head1 SEE ALSO |