| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ub_email_address upper bound, 128, returned for NID_pkcs9_emailAddress,
doesn't match the PKCS#9 specification where it is 255. This was adjusted
in RFC 5280:
The ASN.1 modules in Appendix A are unchanged from RFC 3280, except
that ub-emailaddress-length was changed from 128 to 255 in order to
align with PKCS #9 [RFC2985].
Nobody seems to have noticed so far, so leave it at an XXX and a BUGS
entry for now. It also clearly has the wrong name.
Another mystery is why the RFCs suffix some upper bounds with length, but
not others. Also, OpenSSL chose to be inconsistent with that, because
inconsistency is one of the few things this library is really good at.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The unused ASN1_STRING_TABLE extensibility API will be removed in the next
major bump and the table itself will become immutable. Lightly adjust the
remaining text. In particular, update the RFC reference, stop talking about
defaults when nothing can be changed anymore, do not mention useless flags
that you will no longer be able to set and move the description of the only
remaining flag after the description of ASN1_STRING_TABLE_get().
The file will be renamed in a second step.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Remove some lies and some irrelevant historical information
about the non_ex variants and waste fewer words deprecating them.
Telling people to type longer function names and to pass an
ignored NULL argument doesn't really help anything.
Also talk less about those ignored ENGINE arguments.
OK tb@
|
| |
|
|
|
|
|
|
| |
but it is still excessively long and complicated. To reduce the amount
of distractions a bit, split out three deprecated functions into a new
manual page EVP_CIPHER_CTX_init(3). No text change.
In part suggested by tb@, who agrees with the direction.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
They document functionality that no longer exists.
|
| | |
|
| |
|
|
|
| |
There's probably more that needs to be updated here, but that can be done
another day.
|
| | |
|
| |
|
|
| |
remove two Xr to ENGINE manuals.
|
| | |
|
| | |
|
| |
|
|
| |
In particular, do not use an uninitialized engine, simply pass NULL.
|
| |
|
|
| |
where that information was missing.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
I was told not to look since it will magically get fixed. Fine. I'd still
have expected a minimal amount of care so that the manpage isn't totally
dysfunctional and missing text in the right places. Sigh.
|
| |
|
|
|
|
|
|
|
|
|
| |
This matches when BoringSSL has done, and allows for getting
rid of the dependency on system timegm() and gmtime() in libtls.
which will make life easier for portable, and remove our
dependency on the potentially very slow system versions.
ok tb@ - tb will handle the minor bump bits and expose
on the next minor bump
CVS :----------------------------------------------------------------------
|
| | |
|
| |
|
|
| |
OK tb@
|
| |
|
|
|
| |
This matches what other pages use. Also rewrite the definition of the
modular inverse to be less ugly.
|
| | |
|
| |
|
|
|
| |
The old description was vague, but strictly speaking a lie, so make it
more precise and turn the lie into a truth.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous wording was misleading since the result of X509_ALGOR_new()
is not actually an empty X509_ALGOR object. Rather, it contains the
undefined ASN1_OBJECT returned by OBJ_nid2obj(NID_undef). Therefore using
X509_ALGOR_get0(3) for error checking X509_ALGOR_set_md() is not trivial.
So: change the initial paragraph into a general intro referring to the
OpenSSL API needed to interface with X509_ALGOR and write a new paragraph
documenting X509_ALGOR_new(3) and drop the incorrect suggestion of an error
check. Notably there's now a reference to the OBJ_nid2obj() family without
which one cannot really use X509_ALGOR_* for anything at all.
With and ok schwarze
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The X509_ALGOR_set0() and X509_ALGOR_set_md() documentation comes from
upstream, which means it is as sloppy as the code and as vague as your
average upstream manpage. Be precise on what X509_ALGOR_set0() does on
different inputs and document return values and failure modes.
X509_ALGOR_set_md() is a void function that calls X509_ALGOR_set0() in a
way that can fail, leaving alg in a corrupted state. Document when that
can occur and how to avoid or detect that, but do not go too far, because
EVP_MD_meth_new(), one potential source of failures, is a whole another
can of worms.
joint work with schwarze
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We aligned with upstream behavior. Let's document it properly.
Surprisingly, OpenSSL 1.1 half-assed the docs: two parts of the manual
contradict each other. The part getting EVP_CIPHER_CTX_iv_length() right,
incorrectly documents possible -1 return value to EVP_CIPHER_iv_length().
OpenSSL 3 documentation improvement efforts seem to have tried to address
this issue with the result that the manual is now entirely wrong when it
comes to the EVP_CIPHER_CTX_iv_length() replacement. Par for the course.
|
| |
|
|
| |
crypto(3)
|
| | |
|
| |
|
|
| |
Mention sections 2.1.1 and 2.1.2 in STANDARDS
|
