| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
Formerly used by ASN1_STRING_TABLE_{add,cleanup}() which were removed two
years ago. Annotate why STABLE_NO_MASK stays: as usual, security/xca ends
up being the sole consumer of some nonsense. Apparently it needs its own
reimplementation of ASN1_STRING_set_by_NID(), another removable public API
that should never have been exposed.
ok kenjiro
|
| |
|
|
| |
ok kenjiro
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
What Netscape fucked up just had to be embraced by secure boot and
other nonsense. First OpenSSL wanted to be strict (which we inherited)
then Rich Salz Postel-ized this and made OpenSSL bypass this check by
default and added a flag to be strict 10 years ago.
Now sthen found that PHP 8.5 uses/exposes this flag.
Follows OpenSSL 6b2ebe43 (2016)
ok kenjiro
|
| |
|
|
|
|
|
|
| |
While the latter is more general in that it also works on 1-complement
achitectures, we don't care about that. Adjust documentation and the
only error check for it in libcrypto.
ok deraadt
|
| |
|
|
|
|
| |
to the right section and mention the value returned
if X509_VERIFY_PARAM_set_hostflags(3) was never called;
OK tb@ kenjiro@
|
| |
|
|
| |
ok kenjiro
|
| |
|
|
| |
(for our purposes).
|
| |
|
|
|
|
| |
Not installed for nearly a decade since it only "documents" internal
functions and structs and the internal function doco gets more out of
sync with reality with every (much needed) pass over bn/
|
| |
|
|
|
|
|
|
| |
Given that RFC 5652 does not override the earlier (and simpler)
standards but instead strives to remain compatible, referencing
both the original and the latest versions seems helpful.
OK tb@
|
| |
|
|
|
|
|
| |
Document the change of behavor from pk7_attr.c r1.17: the time is now
validated to be in correct RFC 5280 time format.
ok kenjiro
|
| |
|
|
|
| |
because PEM_X509_INFO_read(3) no longer exists.
Requested by tb@.
|
| | |
|
| |
|
|
| |
because tb@ removed them from Symbols.list rev. 1.220 today.
|
| | |
|
| |
|
|
|
| |
These annoying and careless inconsistencies were introduced when const
was sprinkled everywhere without rhyme or reason.
|
| | |
|
| | |
|
| |
|
|
|
| |
These have been taking a const pkey ever since they were added in
OpenSSL 1.0.0.
|
| |
|
|
| |
ok job kenjiro
|
| |
|
|
| |
This was changed a bit more than two years ago.
|
| |
|
|
|
|
|
| |
10% of our manual pages using this macro employed useless quoting anyway.
Remove these quotes such that they do not incite fear, uncertainty,
and doubt in developers who happen to look at these pages.
jmc@ and tb@ agree with the direction.
|
| |
|
|
|
|
|
|
| |
claiming that the "add" functions add anything. Indicate that they
are mostly NOOPs nowadays, but without being overly specific.
Also, more explicitly discourage abusing OpenSSL_add_all_algorithms(3)
for loadiing a configuration file.
Guidance and OK tb@.
|
| | |
|
| |
|
|
|
| |
are no longer public, so delete their manual pages.
OK tb@
|
| |
|
|
|
|
|
| |
descriptions of CMS_REUSE_DIGEST, PKCS7_REUSE_DIGEST, SMIME_BINARY,
and SMIME_CRLFEOL and some improved wordings from that former page to
SMIME_write_CMS(3) and SMIME_write_PKCS7(3), with some further polishing.
Feedback and OK tb@.
|
| |
|
|
|
|
| |
and since SMIME_write_ASN1(3) is no longer public,
replace the .Xr to it with some other pointers.
OK tb@
|
| |
|
|
|
|
| |
so link to SMIME_read_CMS(3), SMIME_read_PKCS7(3), SMIME_write_CMS(3),
and/or SMIME_write_PKCS7(3) instead;
OK tb@
|
| |
|
|
|
|
| |
so link to SMIME_read_CMS(3) or SMIME_read_PKCS7(3) instead,
and sprinkle a few other .Xrs that may be helpful;
OK tb@
|
| |
|
|
|
| |
because these functions no longer exist.
OK tb@
|
| |
|
|
| |
OK tb@
|
| |
|
|
| |
"sounds good" tb@
|
| | |
|
| |
|
|
|
| |
that no longer exists, and add .Lb;
OK tb@
|
| | |
|
| | |
|
| |
|
|
|
| |
The _cb() variants were only documented as intentionally undocumented.
Be that as it may, they left the building more than a year ago.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This replaces the giant, poor quality and outdated EC_GROUP_copy.3,
EC_GROUP_new.3, and EC_POINT_new.3 manuals with seven new manuals
written from scratch.
* EC_GROUP_new_by_curve_name() is the entry point for builtin curves,
* EC_GROUP_new_curve_GFp() describes lower level API that should not
usually be needed apart from a handful of accessors.
* EC_GROUP_check() contains two functions that applications should not
need because either you know for certain something is an elliptic
curve (so these checks are pointless) or you should not use it.
* EC_GROUP_get_curve_name() describes some low level ASN.1 footguns
and corresponding getters.
* EC_POINT_new() contains the simple EC_POINT allocation and freeing API
* EC_POINT_get_affine_coordinates() contains the coordinate accessors
* EC_POINT_point2oct() is about encoding elliptic curve points
While all this is quite far from perfect, the diff is getting too big
and it will be easier to improve this in tree. It is definitely more
repetitive than I would like it to be.
Reviews, tweaks and general feedback are of course welcome.
discussed with jsing
|
| |
|
|
|
|
|
|
|
| |
-This type should be considered opaque and fields should not be modified
-or accessed directly.
The type has long been opaque and reasonable people will not do things
that permit them to access the fields of opaque types directly. Of course,
in the vicinity of OpenSSL code and API all sorts of insanity actually exist.
|
| |
|
|
|
| |
The mix of SHA256 and SHA-256 is jarring, so use FIPS's spelling.
Leave HMAC-SHA256 as it is and fix a nearby RIPEMD-160.
|
