Documents the CTLOG functions

CTLOG_new_null() has been removed from the code, so it has also been
removed from this POD.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

diff --git a/doc/crypto/CTLOG_new.pod b/doc/crypto/CTLOG_new.pod
index cb51f4b1f2f5e2c6630988ab9889f152d6307826..de196f4e841ca2e0d2023fcaf211133557d59f58 100644 (file)
--- a/doc/crypto/CTLOG_new.pod
+++ b/doc/crypto/CTLOG_new.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-CTLOG_new, CTLOG_new_null, CTLOG_new_from_base64, CTLOG_free,
+CTLOG_new, CTLOG_new_from_base64, CTLOG_free,
 CTLOG_get0_name, CTLOG_get0_log_id, CTLOG_get0_public_key -
 encapsulates information about a Certificate Transparency log
 
@@ -11,26 +11,47 @@ encapsulates information about a Certificate Transparency log
  #include <openssl/ct.h>
 
  CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name);
- CTLOG *CTLOG_new_null(void);
  int CTLOG_new_from_base64(CTLOG ** ct_log,
                            const char *pkey_base64, const char *name);
  void CTLOG_free(CTLOG *log);
  const char *CTLOG_get0_name(const CTLOG *log);
  void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id,
-                       size_t *log_id_len);
+                        size_t *log_id_len);
  EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log);
 
 =head1 DESCRIPTION
 
+CTLOG_new() returns a new CTLOG that represents the Certificate Transparency
+(CT) log with the given public key. A name must also be provided that can be
+used to help users identify this log. Ownership of the public key is
+transferred.
 
+CTLOG_new_from_base64() also creates a new CTLOG, but takes the public key in
+base64-encoded DER form and sets the ct_log pointer to point to the new CTLOG.
+The base64 will be decoded and the public key parsed.
 
-=head1 NOTES
+Regardless of whether CTLOG_new() or CTLOG_new_from_base64() is used, it is the
+caller's responsibility to pass the CTLOG to CTLOG_free() once it is no longer
+needed. This will delete it and, if created by CTLOG_new(), the EVP_PKEY that
+was passed to it.
 
+CTLOG_get0_name() returns the name of the log, as provided when the CTLOG was
+created. Ownership of the string remains with the CTLOG.
 
+CTLOG_get0_log_id() sets *log_id to point to a string containing that log's
+LogID (see RFC 6962). It sets *log_id_len to the length of that LogID. For a
+v1 CT log, the LogID will be a SHA-256 hash (i.e. 32 bytes long). Ownership of
+the string remains with the CTLOG.
+
+CTLOG_get0_public_key() returns the public key of the CT log. Ownership of the
+EVP_PKEY remains with the CTLOG.
+with
 
 =head1 RETURN VALUES
 
+CTLOG_new() will return NULL if an error occurs.
 
+CTLOG_new_from_base64() will return 1 on success, 0 otherwise.
 
 =head1 SEE ALSO
 

diff --git a/include/openssl/ct.h b/include/openssl/ct.h
index 2a67731520a1cc04266df96df3e56ebc409cdf23..085a4f1e75897da7e9545d7ba37155057acabe1d 100644 (file)
--- a/include/openssl/ct.h
+++ b/include/openssl/ct.h
@@ -388,6 +388,7 @@ SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len);
 
 /*
  * Creates a new CT log instance with the given |public_key| and |name|.
+ * Takes ownership of |public_key| but copies |name|.
  * Returns NULL if malloc fails or if |public_key| cannot be converted to DER.
  * Should be deleted by the caller using CTLOG_free when no longer needed.
  */