| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
By API misdesign, it cannot be opaque. The incorrect documentation was
added as a part of a huge commit with a lot of churn. CRYPTO_EX_DATA
typically lives as an embedded struct of an opaque struct, but it can
also be used by applications, for example to initialize libssl.
documentation error pointed out by jsing
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Remove their documentation and mark some associated constants as
intentionally undocumented until they will be removed from public
headers.
|
|
be added in the upcoming bump.
|
|
|
|
|
|
openssl.cnf.5 will need a major overhaul. But that isn't new...
|
|
|
|
|
|
These will be made internal and will likely go away. The OBJ_add_sigid.3
manual should probably be renamed; this can be done in a second step.
|
|
This function will be made internal-only and likely be renamed/rewritten.
|
|
|
|
|
|
ENGINE_get_default_{ECDH,ECDSA} will go away and won't come back. Replace
their documentation with the missing ENGINE_get_defaulT_EC. In the unlikely
event that we will need to bring back ENGINE after the next bump, this
manual will not be outdated and incomplete.
|
|
ENGINE_{get,set}_{ECDH,ECDSA} will go away and won't come back. Replace
their documentation with the missing ENGINE_{get,set}_EC. In the unlikely
event that we will need to bring back ENGINE after the next bump, this
manual will not be outdated and incomplete.
|
|
This way we will have a manual corresponding to an existing function after
the next bump.
|
|
Their BN_get_rfc*_prime_* aliases from the OpenSSL 1.1 API will remain.
Perhaps the manual should be moved to BN_get_rfc3526_prime_8192.3; that
can be done in a second step.
|
|
These very poorly designed interfaces will go away, so stop documenting
them.
|
|
|
|
|
|
|
|
|
|
As usual, this has a lot of room for improvement, but it is better than
nothing at all. It leaves a dangling reference to EVP_MD_CTX_md_data(),
which I leave for schwarze to document. This is a terrible API and the
way it is used in the wild is terrifying.
|
|
After the GF2m removal, this function always returns 0, so adjust the
documentation and remove EC_GROUP_get_{trinomial,pentanomial}_basis()
that were left behind. Also add a tiny grammar tweak in the HISTORY
section.
|
|
|
|
of the X509_CRL_INFO object. It should have been called "thisUpdate"
like in RFC 5280 section 5.1 (and in its precursor RFC 2459). Then again,
RFC 2459 was only published in 1999, so maybe the terminology wasn't
firmly established yet when Young wrote his code several years earlier -
just guessing, neither we nor the OpenSSL folks appear to know the real
reasons...
Anyway, we have been stuck with the "lastUpdate" names in the API for
more than two decades now, so clarify in the documentation what they
refer to and what they really mean.
Requested by and OK tb@.
|
|
Suggestion from MaÅgorzata Olszówka, they noted:
"The original wording suggests that it is required to execute
CMS_get0_signers() after CMS_verify(), while it is CMS_get0_signers()
that requires prior successful invocation of CMS_verify()."
OK tb@
|
|
- move a sentence out of a Bd block
- add some .Pp for spacing
- avoid a double colon on a sentence and the usage of second person
- mark STORE_CTX with .Vt
- change one Vt -> Dv (done after this has been ok'd by beck)
ok beck@
|
|
|
|
This is an un-revert with nits of the previously landed change
to do this which broke libtls. libtls has now been changed to
not use this function.
This change ensures that if something is returned it is "text"
(UTF-8) and a C string not containing a NUL byte. Historically
callers to this function assume the result is text and a C string
however the OpenSSL version simply hands them the bytes from an
ASN1_STRING and expects them to know bad things can happen which
they almost universally do not check for. Partly inspired by
goings on in boringssl.
ok jsing@ tb@
|
|
This takes much of the language that boring uses to document
the verify callback, and corrects the historical horror that
OpenSSL introduced years ago by suggesting people ignore expiry
dates using the callback instead of the verify flags.
nits by jsg@ and tb@
ok tb@
|
|
in x509_vpm.c r1.39.
|
|
|
|
With this the only -Tlint warnings are about Xr to undocumented functions:
EVP_CIPHER_CTX_copy, EVP_CIPHER_CTX_get_cipher_data, X509V3_EXT_get_nid.
|
|
|
|
|
|
|
|
|
|
ok tb@
|
|
|
|
With input from beck and jsing
|
