summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2017-01-07add missing comma in the NAME sectionIngo Schwarze
2017-01-07fix a typo in an .Xr reported by jmc@Ingo Schwarze
2017-01-07Add and remove some blank lines, in order to make X509_verify_cert()Joel Sing
(slightly) more readable.
2017-01-07a little more cleanup;Jason McIntyre
2017-01-07Revert part of r1.54 as there are at least two situations where we are stillJoel Sing
returning ok == 1, with ctx->error not being X509_V_OK. Hopefully we can restore this behaviour once these are ironed out. Discussed with beck@
2017-01-07correctly mark all documented macros found in <openssl/bn.h>Ingo Schwarze
2017-01-07Use .Fn rather than .Xr for X509_VERIFY_PARAM_lookup(),Ingo Schwarze
fixing a dead link reported by jmc@. Only about half of X509_VERIFY_PARAM is documented so far, and the extensible lookup table feels like one of the more arcane features and probably not the next thing to document.
2017-01-07Document X509_NAME_hash(3), listed in <openssl/x509.h>;Ingo Schwarze
jmc@ reported that X509_LOOKUP_hash_dir(3) references it. Even though OpenSSL does not document it, given that it is used for file names that users have to create, it is sufficiently exposed to users to be worth documenting.
2017-01-07Write a new manual page X509_STORE_load_locations(3) from scratch.Ingo Schwarze
Not documented by OpenSSL, but listed in <openssl/x509_vfy.h> and referenced from X509_LOOKUP_hash_dir(3), and clearly more important than the latter. Fixes three dead links reported by jmc@. Most of the information from SSL_CTX_load_verify_locations(3) should probably be moved here, but not all, since the SSL page also talks about SSL servers and clients and the like. As i'm not completely sure regarding the boundaries, i'm leaving that as it is for now.
2017-01-06Remove cross references to the undocumented functions X509_STORE_new(3)Ingo Schwarze
and X509_STORE_add_lookup(3) reported by jmc@. Even though these functions are public, they seem more useful internally than for application programs, so now is not the time to document them.
2017-01-06Delete a sentence containing a cross reference to an undocumentedIngo Schwarze
function that had the the sole purpose of discouraging its use. Not talking about it at all discourages using it even more. Dangling cross reference reported by jmc@.
2017-01-06resolve duplication of names and prototypes in manuals related to ex_dataIngo Schwarze
and sprinkle cross references instead; more work is obviously needed here
2017-01-06Replace two dangling .Xrs to sk_*() macros with .Fn; reported by jmc@.Ingo Schwarze
The safestack stuff is the most ill-designed user interface i have seen so far in OpenSSL. It looks positively undocumentable. At least i'm not trying to document it right now.
2017-01-06Delete a cross reference to the undocumented function X509_check_purpose(3)Ingo Schwarze
that wasn't accompanied by any related information. Reported by jmc@. There are a dozen functions handling X509_PURPOSE objects, all undocumented, a host of defines, and it seems that a callback is required. So this seems complicated, i doubt that is much used in practice, and i'm not diving into it at this point in time.
2017-01-06Remove bogus cross reference to ui_create(3) reported by jmc@Ingo Schwarze
and refer readers to the header file instead. I'm not convinced customized prompting is such a bright idea, it feels somewhat like overengineering, so i'm not documenting it right now. People who really feel compelled to roll their own prompting can go read the source code.
2017-01-06Remove dangling .Xrs to PKCS7_final(3) reported by jmc@Ingo Schwarze
and just use .Fn for now. Not counting constructors, destructors, decoders, encoders, and debuggers, six out of 24 public functions operating on PKCS7 objects are currently documented. I'm not documenting the remaining 18 ones at this point in time.
2017-01-06Remove a dangling .Xr to PKCS7_SIGNER_INFO_sign(3) reported by jmc@Ingo Schwarze
and just use .Fn for now. There are about two dozen interfaces dealing with PKCS7_SIGNER_INFO objects and none but the constructor, destructor, decoder, and encoder are documented so far. It makes no sense to document one random one, and i'm not going to document all of PKCS7_SIGNER_INFO right now.
2017-01-06Remove a dangling cross reference reported by jmc@.Ingo Schwarze
I'm not convinced documenting EVP_MD_CTX_set_flags(3) would be wise. Instead, refer people to the header file to make it more obvious that they are tinkering with internals when using such flags.
2017-01-06Add EVP_read_pw_string(3) to NAME and SYNOPSIS,Ingo Schwarze
resolving a dangling cross reference reported by jmc@. Sort NAME and SYNOPSIS to agree with .Dt and DESCRIPTION. Unify parameter names. Delete a sentence about an implementation detail that is no longer true. Mention the length limitation of the *_string() variants.
2017-01-06Delete a cross reference to the non-existent manual page BIO_set_flags(3),Ingo Schwarze
reported by jmc@. Documenting that function would be a bad idea. All other flags are used internally and should better not be tampered with. It looks like an internal function that was made public by mistake, then abused for an unrelated user interface purpose: a classic case of botched user interface design. Instead, only show how to use this function for this one specific purpose. While here, delete a sentence from the DESCRIPTION that merely duplicated content from the BUGS section.
2017-01-06Delete a sentence that attempted to explain an implementation detailIngo Schwarze
by referencing a non-existent manual page. Broken .Xr reported by jmc@.
2017-01-06fix typos in cross references reported by jmc@Ingo Schwarze
2017-01-06Delete bogus cross reference reported by jmc@.Ingo Schwarze
Documenting these trivial PKCS7_type_is_*() macros does not seem useful, at least not right now.
2017-01-06delete bogus cross references reported by jmc@Ingo Schwarze
and add some missing escaping of backslashes while here
2017-01-06tweak previous;Jason McIntyre
2017-01-05Also document the weird d2i_ASN1_UINTEGER(3), listed in <openssl/asn1.h>Ingo Schwarze
and in OpenSSL doc/man3/d2i_X509.pod (with wrong prototype).
2017-01-05Write new d2i_ASN1_OCTET_STRING(3) manual page from scratch.Ingo Schwarze
All 36 functions listed in <openssl/asn1.h> and in OpenSSL doc/man3/d2i_X509.pod, six of them with wrong prototypes.
2017-01-05Now that all non-ARMv7 platforms are gone, tedu the legacy atomicPatrick Wildt
locking code. ok kettenis@
2017-01-05Avoid a side-channel cache-timing attack that can leak the ECDSA privateJoel Sing
keys when signing. This is due to BN_mod_inverse() being used without the constant time flag being set. This issue was reported by Cesar Pereida Garcia and Billy Brumley (Tampere University of Technology). The fix was developed by Cesar Pereida Garcia.
2017-01-05minor tweaks;Jason McIntyre
2017-01-05Complete rewrite, documenting 16 additional constructor/destructor pairs.Ingo Schwarze
While OpenSSL does not document them, they are public in <openssl/asn1.h>, and OpenSSL does document the related decoders and encoders. It makes no sense to me to document object methods without documenting the public constructors as well. While here: Bugfix: The type assigned by ASN1_STRING_new() was wrong. Remove implementation details. Add small amounts of useful auxiliary information.
2017-01-04Convert ARM assembly to unified syntax. Clang demands it, binutilsPatrick Wildt
supports it as long as it's marked as unified syntax. ok bcook@ kettenis@
2017-01-04Write new d2i_ASN1_SEQUENCE_ANY(3) manual page from scratch.Ingo Schwarze
All four functions are listed in <openssl/asn1.h> and in OpenSSL doc/man3/d2i_X509.pod. Note that in the OpenSSL documentation, three of the four prototypes are incorrect.
2017-01-04Remove superfluous datatype that is 32 by default. Clang complainsPatrick Wildt
about it and it's ok to remove it. This only came up as our clang is targeted at armv7 which enables the NEON instructions. ok kettenis@
2017-01-04Remove unnecessary casts of 'a' to char * since 'a' is already char *.Todd C. Miller
This is a remnant from the original 4.4BSD code that had 'a' as void * in the function args. No binary change. OK bluhm@
2017-01-04Revert fuse_opt.c r1.17. It broke exfat-fuse and perhaps other plugins.Stefan Sperling
http://marc.info/?l=openbsd-ports&m=148170738917809&w=2 reported by yasuoka@
2017-01-04Update compiler-rt to version 3.9.1. There has only been a singlePatrick Wildt
change in the builtins that fixes the build on ARM with LLVM 3.8. ok kettenis@
2017-01-04Complete rewrite:Ingo Schwarze
Better one-line description. Specify the correct header file. Same parameter names as in ASN1_item_d2i(3). Lots of new information. The ASN1_OBJECT interfaces appear specifically designed to maximize the number and subtlety of traps, maybe in order to trap the wary along with the unwary. All the quirks, caveats, and bugs of ASN1_item_d2i(3) apply, and there are three additional ones on top in this page. It looks like that design approach was so successful that the designers managed to trap even themselves: see the new BUGS section.
2017-01-04Describe what ASN1_OBJECT_new(3), ASN1_OBJECT_free(3), OBJ_dup(3),Ingo Schwarze
and OBJ_create(3) really do rather than making broad and incomplete statements that are only true in some cases. Improve the one-line descriptions. Some minor wording improvements while here. There is obviously more work to do in the vicinity...
2017-01-03Document d2i_ASN1_TYPE(3) and i2d_ASN1_TYPE(3),Ingo Schwarze
both listed in <openssl/asn1.h> and in OpenSSL doc/man3/d2i_X509.pod. Minor wording improvements while here.
2017-01-03Tweak RETURN VALUES section. Move description of sio_pollfd() andMartin Natano
sio_nfds() return values there and add a paragraph about sio_eof(). ok jmc ratchov
2017-01-03Document ASN1_TYPE_new(3) and ASN1_TYPE_free(3), even though OpenSSLIngo Schwarze
does not document them. By being in <openssl/asn1.h>, they are public, and it makes no sense to document accessors but not document constructors and destructors. Improve the one-line description. Mention various missing details. Many wording improvements. Add some cross references.
2017-01-03If certificate verification has been disabled, do not attempt to load aJoel Sing
CA chain or specify CA paths. This prevents attempts to access the file system, which may fail due to pledge. ok bluhm@
2017-01-03Revert previous - the original code was correct since X509_verify_cert()Joel Sing
should not have changed the X509_STORE_CTX error value on success and it was initialised to X509_V_OK by X509_STORE_CTX_init(). Other software also depends on this behaviour. Previously X509_verify_cert() was mishandling the X509_STORE_CTX error value when validating alternate chains. This has been fixed and further changes now explicitly ensure that the error value will be set to X509_V_OK if X509_verify_cert() returns success.
2017-01-03Pull out, rework and dedup the code that determines the highest sharedJoel Sing
version. ok beck@ doug@
2017-01-03It takes a special style of creative writing to be unspecific about the errorBob Beck
return code of a function in a man page. Let's remove the ambiguity and half truths in here. ok jsing@
2017-01-03Add a small bit of belt and suspenders around ERR_V_OK with X509_STORE_ctxBob Beck
and X509_verify_cert - We at least make it so an an init'ed ctx is not "valid" until X509_verify_cert has actually been called, And we make it impossible to return success without having the error set to ERR_V_OK. ok jsing@
2017-01-03bring in boring's internal check_trust function to fix a bug introducedBob Beck
when we went to alternate cert chains. this correctly does not clobber the ctx->error when using an alt chain. ok jsing@
2017-01-02fix cert verify. a cert with an alt chain may verify but leave an errorTed Unangst
in the context. don't look for errors in case of success. fixes spurious verify errors. guilty change tracked and fix tested by sthen
2017-01-02Remove the (now unused) code to determine the page size. Also get rid ofMark Kettenis
the extern declaration of __got_{start,end}. ok guenther@