Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

The original RT request included a patch.  By the time
we got around to doing it, however, the callback scheme
had changed. So I wrote a new function RSA_check_key_ex()
that uses the BN_GENCB callback.  But thanks very much
to Vinet Sharma <vineet.sharma@gmail.com> for the
initial implementation.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

The function returns 0 or 1, only.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

The function returns 0 or 1, only.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

i2d_re_X509_tbs re-encodes the TBS portion of the certificate.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NDr Stephen Henson <steve@openssl.org>

Andy found an additional typo "can be can be".
Now I have that silly "Que sera sera" song stuck in my head.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

The doc says that port can be "*" to mean any port.
That's wrong.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

RT1665: aes documentation.

Paul Green wrote a nice aes.pod file.
But we now encourage the EVP interface.
So I took his RT item and used it as impetus to add
the AES modes to EVP_EncryptInit.pod
I also noticed that rc4.pod has spurious references to some other
cipher pages, so I removed them.

RT2300: Clean up MD history (merged into RT1665)

Put HISTORY section only in EVP_DigestInit.pod. Also add words
to discourage use of older cipher-specific API, and remove SEE ALSO
links that point to them.

Make sure digest pages have a NOTE that says use EVP_DigestInit.

Review feedback:
More cleanup in EVP_EncryptInit.pod
Fixed SEE ALSO links in ripemd160.pod, sha.pod, mdc2.pod, blowfish.pod,
rc4.d, and des.pod.  Re-order sections in des.pod for consistency
Reviewed-by: NMatt Caswell <matt@openssl.org>

When d2i_ECPrivateKey reads a private key with a missing (optional) public key,
generate one automatically from the group and private key.
Reviewed-by: NDr Stephen Henson <steve@openssl.org>

I also removed some trailing whitespace and cleaned
up the "see also" list.
Reviewed-by: NEmilia Kasper <emilia@openssl.org>

The EXAMPLE that used FILE and RC2 doesn't compile due to a
few minor errors.  Tweak to use IDEA and AES-128. Remove
examples about RC2 and RC5.
Reviewed-by: NEmilia Kasper <emilia@openssl.org>

This patch was submitted by user "Kox" via the wiki
Reviewed-by: NTim Hudson <tjh@openssl.org>

Clarify the intended use of EVP_PKEY_sign. Make the code example compile.
Reviewed-by: NDr Stephen Henson <steve@openssl.org>

I also found a couple of others (padlock and signinit)
and fixed them.
Reviewed-by: NEmilia Kasper <emilia@openssl.org>

The file param is "const char*" not "char*"
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

In two OpenSSL manual pages, in the NAME section, the last word of the
name list is followed by a stray trailing comma. While this may seem
minor, it is worth fixing because it may confuse some makewhatis(8)
implementations.

While here, also add the missing word "size" to the one line
description in SSL_CTX_set_max_cert_list(3).

Reviewed by: Dr Stephen Henson <shenson@drh-consultancy.co.uk>

Reviewed-by: Emilia Kasper

Many of these were already fixed, this catches the last
few that were missed.

Many of these were already fixed, this catches the last
few that were missed.

statement of opinion rather than a fact.
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

PR#1675
Reviewed-by: NMatt Caswell <matt@openssl.org>

PR#3456
Reviewed-by: NStephen Henson <steve@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Based on feedback from Jeffrey Walton.

Reduces number of silly casts in OpenSSL code and likely most
applications.  Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().

Pass address of X509_VERIFY_PARAM_ID peername to X509_check_host().
Document modified interface.

Declaration, memory management, accessor and documentation.

    298 424 656 882 939 1630 1807 2263 2294 2311 2424 2623
    2637 2686 2697 2921 2922 2940 3055 3112 3156 3177 3277

ERR_get_error(3) references the non-existent
ERR_get_last_error_line_data instead of the one that does exist,
ERR_peek_last_error_line_data.

PR#3283

IN parameter.

Under the old docs, the only thing stated was "at most
EVP_PKEY_size(pkey) bytes will be written". It was kind of misleading
since it appears EVP_PKEY_size(pkey) WILL be written regardless of the
signature's buffer size.

PR#3173

Implemented as STACK_OF(OPENSSL_STRING).

A client reference identity of ".example.com" matches a server
certificate presented identity that is any sub-domain of "example.com"
(e.g. "www.sub.example.com).

With the X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS flag, it matches
only direct child sub-domains (e.g. "www.sub.example.com").

Fixes to host checking wild card support and add support for
setting host checking flags when verifying a certificate
chain.