import of openssl-0.9.7g; tested on platforms from alpha to zaurus, ok deraadt@

5 files changed, 36 insertions, 12 deletions

diff --git a/lib/libssl/src/doc/crypto/ASN1_STRING_print_ex.pod b/lib/libssl/src/doc/crypto/ASN1_STRING_print_ex.pod
index fbf9a1f1412..d662225b87a 100644
--- a/lib/libssl/src/doc/crypto/ASN1_STRING_print_ex.pod
+++ b/lib/libssl/src/doc/crypto/ASN1_STRING_print_ex.pod
@@ -30,8 +30,8 @@ with '.'.
 
 ASN1_STRING_print() is a legacy function which should be avoided in new applications.
 
-Although there are a large number of options frequently B<ASN1_STRFLAGS_RFC2253> is 
-suitable, or on UTF8 terminals B<ASN1_STRFLAGS_RFC2253 & ~ASN1_STRFLAGS_ESC_MSB>.
+Although there are a large number of options frequently B<ASN1_STRFLGS_RFC2253> is 
+suitable, or on UTF8 terminals B<ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB>.
 
 The complete set of supported options for B<flags> is listed below.
 
@@ -72,7 +72,7 @@ octet.
 If B<ASN1_STRFLGS_DUMP_ALL> is set then any type is dumped.
 
 Normally non character string types (such as OCTET STRING) are assumed to be
-one byte per character, if B<ASN1_STRFLAGS_DUMP_UNKNOWN> is set then they will
+one byte per character, if B<ASN1_STRFLGS_DUMP_UNKNOWN> is set then they will
 be dumped instead.
 
 When a type is dumped normally just the content octets are printed, if 
diff --git a/lib/libssl/src/doc/crypto/BN_num_bytes.pod b/lib/libssl/src/doc/crypto/BN_num_bytes.pod
index 61589fb9aca..a6a2e3f8198 100644
--- a/lib/libssl/src/doc/crypto/BN_num_bytes.pod
+++ b/lib/libssl/src/doc/crypto/BN_num_bytes.pod
@@ -16,8 +16,14 @@ BN_num_bits, BN_num_bytes, BN_num_bits_word - get BIGNUM size
 
 =head1 DESCRIPTION
 
-These functions return the size of a B<BIGNUM> in bytes or bits,
-and the size of an unsigned integer in bits.
+BN_num_bytes() returns the size of a B<BIGNUM> in bytes.
+
+BN_num_bits_word() returns the number of significant bits in a word.
+If we take 0x00000432 as an example, it returns 11, not 16, not 32.
+Basically, except for a zero, it returns I<floor(log2(w))+1>.
+
+BN_num_bits() returns the number of significant bits in a B<BIGNUM>,
+following the same principle as BN_num_bits_word().
 
 BN_num_bytes() is a macro.
 
@@ -25,9 +31,23 @@ BN_num_bytes() is a macro.
 
 The size.
 
+=head1 NOTES
+
+Some have tried using BN_num_bits() on individual numbers in RSA keys,
+DH keys and DSA keys, and found that they don't always come up with
+the number of bits they expected (something like 512, 1024, 2048,
+...).  This is because generating a number with some specific number
+of bits doesn't always set the highest bits, thereby making the number
+of I<significant> bits a little lower.  If you want to know the "key
+size" of such a key, either use functions like RSA_size(), DH_size()
+and DSA_size(), or use BN_num_bytes() and multiply with 8 (although
+there's no real guarantee that will match the "key size", just a lot
+more probability).
+
 =head1 SEE ALSO
 
-L<bn(3)|bn(3)>
+L<bn(3)|bn(3)>, L<DH_size(3)|DH_size(3)>, L<DSA_size(3)|DSA_size(3)>,
+L<RSA_size(3)|RSA_size(3)>
 
 =head1 HISTORY
 
diff --git a/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod b/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod
index d287c18564b..11b35f6fd35 100644
--- a/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod
+++ b/lib/libssl/src/doc/crypto/X509_NAME_ENTRY_get_object.pod
@@ -13,11 +13,11 @@ ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
 ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
 
 int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
-int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, unsigned char *bytes, int len);
+int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
 
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, char *field, int type, unsigned char *bytes, int len);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
 X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type,unsigned char *bytes, int len);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
 
 =head1 DESCRIPTION
 
diff --git a/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod b/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod
index 4472a1c5cf7..e2ab4b0d2bb 100644
--- a/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod
+++ b/lib/libssl/src/doc/crypto/X509_NAME_add_entry_by_txt.pod
@@ -7,10 +7,14 @@ X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions
 
 =head1 SYNOPSIS
 
-int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, unsigned char *bytes, int len, int loc, int set);
+int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
+
 int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
+
 int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
+
 int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
+
 X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
 
 =head1 DESCRIPTION
diff --git a/lib/libssl/src/doc/crypto/X509_NAME_print_ex.pod b/lib/libssl/src/doc/crypto/X509_NAME_print_ex.pod
index 907c04f684f..919b9089193 100644
--- a/lib/libssl/src/doc/crypto/X509_NAME_print_ex.pod
+++ b/lib/libssl/src/doc/crypto/X509_NAME_print_ex.pod
@@ -41,8 +41,8 @@ applications.
 Although there are a large number of possible flags for most purposes
 B<XN_FLAG_ONELINE>, B<XN_FLAG_MULTILINE> or B<XN_FLAG_RFC2253> will suffice.
 As noted on the L<ASN1_STRING_print_ex(3)|ASN1_STRING_print_ex(3)> manual page
-for UTF8 terminals the B<ASN1_STRFLAGS_ESC_MSB> should be unset: so for example
-B<XN_FLAG_ONELINE & ~ASN1_STRFLAGS_ESC_MSB> would be used.
+for UTF8 terminals the B<ASN1_STRFLGS_ESC_MSB> should be unset: so for example
+B<XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB> would be used.
 
 The complete set of the flags supported by X509_NAME_print_ex() is listed below.