| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current documentation was clearly incorrect since a return of -1 from
the methods is explicitly intercepted and translated to 0. schwarze and I
both audited the tree and concluded that only 0 and 1 is possible.
OpenSSL 3 broke this API contract and now has explicit return -1 in the
convoluted 200-line maze this simple function has become with recent
provider improvements. So add a small sentence hinting at that. Nobody
will be surprised to read that with OpenSSL's characteristic penchant
for needless inconsistency the return value checks in their tree are all
over the place and sometimes incorrect.
ok schwarze (with two tweaks)
|
| |
|
|
|
|
| |
Variables of the type serialized or deserialized are called val_in or
val_out in all other manuals, so align this page to using those rather
than the confusing X509_CRL **der_out, etc.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL commit 92ada7cc (2007) removed some dead code with flawed logic
attempting to print multiple lines if the line exceeded 80 characters.
Said flawed logic was there since the start of the git history importing
SSLeay 0.8.1b in 1998 and never worked. Rumor has it that it did work prior
to that. Be that as it may, it's just wrongly documented since Henson added
the docs in commit 0711be16 (2002).
Prompted by OpenSSL issue #18004 by davidben
https://github.com/quictls/quictls/pull/168
https://github.com/quictls/quictls/issues/75
|
| |
|
|
| |
ok jsing kn
|
| |
|
|
| |
The code supporting it was removed in April 2023.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
because that's what OpenSSL 1.1 suggests. Even though that "unification"
doesn't really simplify anything but is more akin to repainting the bikeshed,
at least it doesn't cause any additional harm, so keeping recommendations
consistent may reduce the risk of code breaking in the future.
Provide an example of decryption with AES-CCM in addition to the
example of encryption already in place, because there are a number
of subtle and non-obvious differences that users have to pay
attention to.
Both ideas originally suggested by tb@.
|
| |
|
|
|
| |
While here, also add a (c) line for tb@ because he added Copyright-worthy
amounts of text to this page during the last two years.
|
| |
|
|
|
|
| |
The sentence about X509_EXTENSION_get_critical(3) in the DESCRIPTION
contained broken grammar or at least broken punctuation, and more
importantly, redundant and misplaced information. While he, shorten it.
|
| |
|
|
|
| |
Sort the list of decoding functions alphabetically by extension type.
List the printing functions that are already documented.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
correspond to an extension method.
ok schwarze
|
| | |
|
| |
|
|
|
| |
fix the name of its last parameter in the SYNOPSIS to match the DESCRIPTION,
and let the .Dt argument match the file name.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I admit this is unusually long for a manual page. But that's not my fault
as a documentation author. An example in a manual page ought to be minimal
to show what needs to be demonstrated, and this example is minimal in that
sense. Making it shorter without loosing important aspects does not seem
possible.
When an API is poorly designed, one of the consequences is that that
documentation becomes harder to understand and often longer - in this
case to the point of becoming outright intimidating. If people dislike
that, they should design better APIs in the first place rather than
blasting the poor manual page for being too long or too complicated.
OK tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
algorithm-independent EVP_EncryptInit(3) manual as another step
in making the latter leaner and more palatable.
As a side benefit, the new EVP_aes_128_ccm(3) manual page may provide
a better fighting chance to programmers who see themselves forced to
support CCM for whatever reason. It documents the mandatory, but so
far undocumented EVP_CTRL_CCM_GET_TAG control command and makes the
description of the three EVP_CTRL_CCM_SET_* control commands and the
numerous related quirks more precise.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The main benefit is moving the cumbersome and error-prone method of
using EVP_EncryptInit(3) for AES-GCM out of the important, but obese
manual page EVP_EncryptInit(3), and to create a logical place for
pointing readers to the safer and more flexible EVP_AEAD_CTX_init(3).
As a side benefit, document three control commands that were so far
undocumented and make the description of three others more precise.
Feedback and OK tb@.
|
| |
|
|
|
|
|
| |
It does *not* "work in the same way" as EVP_PKEY_new_raw_private_key(3)
but merely arrives at the same end result after doing lots of
cumbersome and unnecessary work - and on top of that, it only works
for EVP_PKEY_HMAC.
|
| |
|
|
|
|
|
|
| |
parameters that can be controlled with EVP_PKEY_CTX_ctrl(3).
But rather than providing a detailed despription, instead
point to what application programs should use instead and explain
why using the control constant directly would be a particularly bad
idea in this case.
|
| | |
|
| |
|
|
|
| |
undocumented because they are only used by the function X509_certificate_type()
which is deprecated and will eventually be deleted.
|
| |
|
|
|
|
|
|
|
| |
and document them properly in their own manual page, including the control
commands EVP_CTRL_SET_RC2_KEY_BITS and EVP_CTRL_GET_RC2_KEY_BITS that were
so far undocumented.
Arguably, the main benefit is another small step making the important,
but still obese EVP_EncryptInit(3) manual page more palatable.
|
| |
|
|
|
| |
Not that this would be particularly important, but i had to look
at the code anyway while completing the EVP documentation.
|
| |
|
|
|
| |
and EVP_CIPHER_CTX_init(3) after tb@ changed these to OpenSSL 1.1 semantics
in evp.h rev. 1.124 on March 2 this year.
|
| |
|
|
|
|
|
|
| |
because tb@ deleted almost all functions documented there from the API
in evp.h 1.127 on March 2 this year, but move the functions
EVP_PKEY_CTX_set_data(3) and EVP_PKEY_CTX_get_data(3) that we still
support to EVP_PKEY_keygen(3), because that page already documents
EVP_PKEY_CTX_set_app_data(3) and EVP_PKEY_CTX_get_app_data(3).
|
| |
|
|
|
| |
All three functions documented in this page were deleted from the API
by tb@ in evp.h rev. 1.136 on August 31 this year.
|
| |
|
|
|
| |
All the functions documented in this page were deleted from the API
by tb@ in evp.h rev. 1.126 on March 2 this year.
|
| |
|
|
|
|
| |
It's so non-obvious that even i had to do some research to find out.
Source: The file "doc/ssleay.doc" from SSLeay 0.8.1b,
see for example OpenSSL commit d02b48c6 on Dec 21, 1998.
|
| | |
|
