propagate from branch 'net.randombit.botan' (head 294e2082ce9231d6165276e2f2a4153a0116aca3)

            to branch 'net.randombit.botan.c++0x' (head 0b695fad10f924601e07b009fcd781191fafcb28)

19 files changed, 132 insertions, 106 deletions

diff --git a/src/cert/cvc/cvc_ado.h b/src/cert/cvc/cvc_ado.h
index 230ee8b8d..65a39fd91 100644
--- a/src/cert/cvc/cvc_ado.h
+++ b/src/cert/cvc/cvc_ado.h
@@ -41,6 +41,7 @@ class BOTAN_DLL EAC1_1_ADO : public EAC1_1_obj<EAC1_1_ADO>
       * Create a signed CVC ADO request from to be signed (TBS) data
       * @param signer the signer used to sign the CVC ADO request
       * @param tbs_bits the TBS data to sign
+      * @param rng a random number generator
       */
       static MemoryVector<byte> make_signed(
          PK_Signer& signer,
diff --git a/src/cert/cvc/cvc_cert.h b/src/cert/cvc/cvc_cert.h
index 12bc41a9c..69d0d824a 100644
--- a/src/cert/cvc/cvc_cert.h
+++ b/src/cert/cvc/cvc_cert.h
@@ -92,7 +92,8 @@ inline bool operator!=(EAC1_1_CVC const& lhs, EAC1_1_CVC const& rhs)
 * @param holder_auth_templ the holder authorization value byte to
 * appear in the CHAT of the certificate
 * @param ced the CED to appear in the certificate
-* @param ced the CEX to appear in the certificate
+* @param cex the CEX to appear in the certificate
+* @param rng a random number generator
 */
 EAC1_1_CVC BOTAN_DLL make_cvc_cert(PK_Signer& signer,
                                    const MemoryRegion<byte>& public_key,
diff --git a/src/cert/cvc/cvc_gen_cert.h b/src/cert/cvc/cvc_gen_cert.h
index 4f98041e3..7b125c10d 100644
--- a/src/cert/cvc/cvc_gen_cert.h
+++ b/src/cert/cvc/cvc_gen_cert.h
@@ -70,6 +70,7 @@ class EAC1_1_gen_CVC : public EAC1_1_obj<Derived> // CRTP continuation from EAC1
       * Create a signed generalized CVC object.
       * @param signer the signer used to sign this object
       * @param tbs_bits the body the generalized CVC object to be signed
+      * @param rng a random number generator
       * @result the DER encoded signed generalized CVC object
       */
       static MemoryVector<byte> make_signed(
diff --git a/src/cert/cvc/cvc_self.h b/src/cert/cvc/cvc_self.h
index fb24ecd3a..f7bf6d5d8 100644
--- a/src/cert/cvc/cvc_self.h
+++ b/src/cert/cvc/cvc_self.h
@@ -97,7 +97,8 @@ namespace DE_EAC {
 * shall be entitled to read the biometrical iris image
 * @param fingerpr indicates whether the entity associated with the certificate
 * shall be entitled to read the biometrical fingerprint image
-* @param rng the rng to use
+* @param cvca_validity_months length of time in months this will be valid
+* @param rng a random number generator
 * @result the CVCA certificate created
 */
 EAC1_1_CVC BOTAN_DLL create_cvca(Private_Key const& priv_key,
@@ -146,8 +147,10 @@ EAC1_1_Req BOTAN_DLL create_cvc_req(Private_Key const& priv_key,
 * @param seqnr the sequence number of the certificate to be created
 * @param seqnr_len the number of digits the sequence number will be
 * encoded in
-* @param domestic indicates whether to sign a domestic or a foreign certificate:
-* set to true for domestic
+* @param domestic indicates whether to sign a domestic or a foreign
+* certificate: set to true for domestic
+* @param dvca_validity_months validity period in months
+* @param ca_is_validity_months validity period in months
 * @param rng a random number generator
 * @result the new certificate
 *
diff --git a/src/cert/cvc/eac_asn_obj.h b/src/cert/cvc/eac_asn_obj.h
index 3ab57d7e4..dc4f82578 100644
--- a/src/cert/cvc/eac_asn_obj.h
+++ b/src/cert/cvc/eac_asn_obj.h
@@ -26,13 +26,13 @@ class BOTAN_DLL EAC_Time : public ASN1_Object
 
       /**
       * Get a this objects value as a string.
-      * @return the date string
+      * @return date string
       */
       std::string as_string() const;
 
       /**
       * Get a this objects value as a readable formatted string.
-      * @return the date string
+      * @return date string
       */
       std::string readable_string() const;
 
@@ -71,19 +71,19 @@ class BOTAN_DLL EAC_Time : public ASN1_Object
 
       /**
       * Get the year value of this objects.
-      * @return the year value
+      * @return year value
       */
       u32bit get_year() const { return year; }
 
       /**
       * Get the month value of this objects.
-      * @return the month value
+      * @return month value
       */
       u32bit get_month() const { return month; }
 
       /**
       * Get the day value of this objects.
-      * @return the day value
+      * @return day value
       */
       u32bit get_day() const { return day; }
 
@@ -170,13 +170,13 @@ class BOTAN_DLL ASN1_EAC_String: public ASN1_Object
 
       /**
       * Get this objects string value.
-      * @return the string value
+      * @return string value
       */
       std::string value() const;
 
       /**
       * Get this objects string value.
-      * @return the string value in iso8859 encoding
+      * @return string value in iso8859 encoding
       */
       std::string iso_8859() const;
 
diff --git a/src/cert/cvc/eac_obj.h b/src/cert/cvc/eac_obj.h
index 66752b10c..eb6db3369 100644
--- a/src/cert/cvc/eac_obj.h
+++ b/src/cert/cvc/eac_obj.h
@@ -13,7 +13,7 @@
 
 namespace Botan {
 
-/*
+/**
 * TR03110 v1.1 EAC CV Certificate
 */
 template<typename Derived> // CRTP is used enable the call sequence:
diff --git a/src/cert/cvc/ecdsa_sig.h b/src/cert/cvc/ecdsa_sig.h
index 1397a92b1..a92052470 100644
--- a/src/cert/cvc/ecdsa_sig.h
+++ b/src/cert/cvc/ecdsa_sig.h
@@ -15,6 +15,9 @@
 
 namespace Botan {
 
+/**
+* Class representing an ECDSA signature
+*/
 class BOTAN_DLL ECDSA_Signature
    {
    public:
diff --git a/src/cert/cvc/signed_obj.h b/src/cert/cvc/signed_obj.h
index 0e7dd6bdb..0c0fb30af 100644
--- a/src/cert/cvc/signed_obj.h
+++ b/src/cert/cvc/signed_obj.h
@@ -24,7 +24,7 @@ class BOTAN_DLL EAC_Signed_Object
    public:
       /**
       * Get the TBS (to-be-signed) data in this object.
-      * @return the DER encoded TBS data of this object
+      * @return DER encoded TBS data of this object
       */
       virtual SecureVector<byte> tbs_data() const = 0;
 
@@ -32,7 +32,7 @@ class BOTAN_DLL EAC_Signed_Object
       * Get the signature of this object as a concatenation, i.e. if the
       * signature consists of multiple parts (like in the case of ECDSA)
       * these will be concatenated.
-      * @return the signature as a concatenation of its parts
+      * @return signature as a concatenation of its parts
       */
 
       /*
@@ -50,6 +50,7 @@ class BOTAN_DLL EAC_Signed_Object
       /**
       * Check the signature of this object.
       * @param key the public key associated with this signed object
+      * @param sig the signature we are checking
       * @return true if the signature was created by the private key
       * associated with this public key
       */
@@ -59,19 +60,20 @@ class BOTAN_DLL EAC_Signed_Object
       /**
       * Write this object DER encoded into a specified pipe.
       * @param pipe the pipe to write the encoded object to
-      * @param enc the encoding type to use
+      * @param encoding the encoding type to use
       */
-      virtual void encode(Pipe&, X509_Encoding = PEM) const = 0;
+      virtual void encode(Pipe& pipe,
+                          X509_Encoding encoding = PEM) const = 0;
 
       /**
       * BER encode this object.
-      * @return the result containing the BER representation of this object.
+      * @return result containing the BER representation of this object.
       */
       SecureVector<byte> BER_encode() const;
 
       /**
       * PEM encode this object.
-      * @return the result containing the PEM representation of this object.
+      * @return result containing the PEM representation of this object.
       */
       std::string PEM_encode() const;
 
diff --git a/src/cert/x509/certstor.h b/src/cert/x509/certstor.h
index d5004e366..2e39a7178 100644
--- a/src/cert/x509/certstor.h
+++ b/src/cert/x509/certstor.h
@@ -13,7 +13,7 @@
 
 namespace Botan {
 
-/*
+/**
 * Certificate Store Interface
 */
 class BOTAN_DLL Certificate_Store
diff --git a/src/cert/x509/crl_ent.h b/src/cert/x509/crl_ent.h
index 050356c84..ec90750db 100644
--- a/src/cert/x509/crl_ent.h
+++ b/src/cert/x509/crl_ent.h
@@ -23,19 +23,19 @@ class BOTAN_DLL CRL_Entry : public ASN1_Object
 
       /**
       * Get the serial number of the certificate associated with this entry.
-      * @return the certificate's serial number
+      * @return certificate's serial number
       */
       MemoryVector<byte> serial_number() const { return serial; }
 
       /**
       * Get the revocation date of the certificate associated with this entry
-      * @return the certificate's revocation date
+      * @return certificate's revocation date
       */
       X509_Time expire_time() const { return time; }
 
       /**
       * Get the entries reason code
-      * @return the reason code
+      * @return reason code
       */
       CRL_Code reason_code() const { return reason; }
 
@@ -49,7 +49,8 @@ class BOTAN_DLL CRL_Entry : public ASN1_Object
       * @param cert the certificate to revoke
       * @param reason the reason code to set in the entry
       */
-      CRL_Entry(const X509_Certificate&, CRL_Code = UNSPECIFIED);
+      CRL_Entry(const X509_Certificate& cert,
+                CRL_Code reason = UNSPECIFIED);
 
    private:
       bool throw_on_unknown_critical;
diff --git a/src/cert/x509/pkcs10.h b/src/cert/x509/pkcs10.h
index 9b435de52..d1be9e0d3 100644
--- a/src/cert/x509/pkcs10.h
+++ b/src/cert/x509/pkcs10.h
@@ -23,38 +23,38 @@ class BOTAN_DLL PKCS10_Request : public X509_Object
    public:
       /**
       * Get the subject public key.
-      * @return the subject public key
+      * @return subject public key
       */
       Public_Key* subject_public_key() const;
 
       /**
       * Get the raw DER encoded public key.
-      * @return the raw DER encoded public key
+      * @return raw DER encoded public key
       */
       MemoryVector<byte> raw_public_key() const;
 
       /**
       * Get the subject DN.
-      * @return the subject DN
+      * @return subject DN
       */
       X509_DN subject_dn() const;
 
       /**
       * Get the subject alternative name.
-      * @return the subject alternative name.
+      * @return subject alternative name.
       */
       AlternativeName subject_alt_name() const;
 
       /**
       * Get the key constraints for the key associated with this
       * PKCS#10 object.
-      * @return the key constraints
+      * @return key constraints
       */
       Key_Constraints constraints() const;
 
       /**
       * Get the extendend key constraints (if any).
-      * @return the extended key constraints
+      * @return extended key constraints
       */
       std::vector<OID> ex_constraints() const;
 
@@ -67,13 +67,13 @@ class BOTAN_DLL PKCS10_Request : public X509_Object
       /**
       * Return the constraint on the path length defined
       * in the BasicConstraints extension.
-      * @return the path limit
+      * @return path limit
       */
       u32bit path_limit() const;
 
       /**
       * Get the challenge password for this request
-      * @return the challenge password for this request
+      * @return challenge password for this request
       */
       std::string challenge_password() const;
 
diff --git a/src/cert/x509/x509_ca.h b/src/cert/x509/x509_ca.h
index b680bd0e4..7aca26d03 100644
--- a/src/cert/x509/x509_ca.h
+++ b/src/cert/x509/x509_ca.h
@@ -30,7 +30,7 @@ class BOTAN_DLL X509_CA
       * @param rng the rng to use
       * @param not_before the starting time for the certificate
       * @param not_after the expiration time for the certificate
-      * @return the resulting certificate
+      * @return resulting certificate
       */
       X509_Certificate sign_request(const PKCS10_Request& req,
                                     RandomNumberGenerator& rng,
@@ -39,7 +39,7 @@ class BOTAN_DLL X509_CA
 
       /**
       * Get the certificate of this CA.
-      * @return the CA certificate
+      * @return CA certificate
       */
       X509_Certificate ca_certificate() const;
 
@@ -48,7 +48,7 @@ class BOTAN_DLL X509_CA
       * @param rng the random number generator to use
       * @param next_update the time to set in next update in seconds
       * as the offset from the current time
-      * @return the new CRL
+      * @return new CRL
       */
       X509_CRL new_crl(RandomNumberGenerator& rng,
                        u32bit next_update = 0) const;
@@ -71,6 +71,7 @@ class BOTAN_DLL X509_CA
       * @param signer a signing object
       * @param rng a random number generator
       * @param sig_algo the signature algorithm identifier
+      * @param pub_key the serialized public key
       * @param not_before the start time of the certificate
       * @param not_after the end time of the certificate
       * @param issuer_dn the DN of the issuer
@@ -92,6 +93,7 @@ class BOTAN_DLL X509_CA
       * Create a new CA object.
       * @param ca_certificate the certificate of the CA
       * @param key the private key of the CA
+      * @param hash_fn name of a hash function to use for signing
       */
       X509_CA(const X509_Certificate& ca_certificate,
               const Private_Key& key,
diff --git a/src/cert/x509/x509_crl.h b/src/cert/x509/x509_crl.h
index a7903e7e6..c2b3c4f5c 100644
--- a/src/cert/x509/x509_crl.h
+++ b/src/cert/x509/x509_crl.h
@@ -31,13 +31,13 @@ class BOTAN_DLL X509_CRL : public X509_Object
 
       /**
       * Get the entries of this CRL in the form of a vector.
-      * @return a vector containing the entries of this CRL.
+      * @return vector containing the entries of this CRL.
       */
       std::vector<CRL_Entry> get_revoked() const;
 
       /**
       * Get the issuer DN of this CRL.
-      * @return the CRLs issuer DN
+      * @return CRLs issuer DN
       */
       X509_DN issuer_dn() const;
 
@@ -49,31 +49,35 @@ class BOTAN_DLL X509_CRL : public X509_Object
 
       /**
       * Get the serial number of this CRL.
-      * @return the CRLs serial number
+      * @return CRLs serial number
       */
       u32bit crl_number() const;
 
       /**
       * Get the CRL's thisUpdate value.
-      * @return the CRLs thisUpdate
+      * @return CRLs thisUpdate
       */
       X509_Time this_update() const;
 
       /**
       * Get the CRL's nextUpdate value.
-      * @return the CRLs nextdUpdate
+      * @return CRLs nextdUpdate
       */
       X509_Time next_update() const;
 
       /**
       * Construct a CRL from a data source.
       * @param source the data source providing the DER or PEM encoded CRL.
+      * @param throw_on_unknown_critical should we throw an exception
+      * if an unknown CRL extension marked as critical is encountered.
       */
-      X509_CRL(DataSource&, bool throw_on_unknown_critical = false);
+      X509_CRL(DataSource& source, bool throw_on_unknown_critical = false);
 
       /**
       * Construct a CRL from a file containing the DER or PEM encoded CRL.
       * @param filename the name of the CRL file
+      * @param throw_on_unknown_critical should we throw an exception
+      * if an unknown CRL extension marked as critical is encountered.
       */
       X509_CRL(const std::string& filename,
                bool throw_on_unknown_critical = false);
diff --git a/src/cert/x509/x509_ext.h b/src/cert/x509/x509_ext.h
index a5bfd357f..213a077a2 100644
--- a/src/cert/x509/x509_ext.h
+++ b/src/cert/x509/x509_ext.h
@@ -16,18 +16,40 @@
 
 namespace Botan {
 
-/*
+/**
 * X.509 Certificate Extension
 */
 class BOTAN_DLL Certificate_Extension
    {
    public:
+      /**
+      * @return OID representing this extension
+      */
       OID oid_of() const;
 
+      /**
+      * Make a copy of this extension
+      * @return copy of this
+      */
       virtual Certificate_Extension* copy() const = 0;
 
-      virtual void contents_to(Data_Store&, Data_Store&) const = 0;
+      /*
+      * Add the contents of this extension into the information
+      * for the subject and/or issuer, as necessary.
+      * @param subject the subject info
+      * @param issuer the issuer info
+      */
+      virtual void contents_to(Data_Store& subject,
+                               Data_Store& issuer) const = 0;
+
+      /*
+      * @return short readable name
+      */
       virtual std::string config_id() const = 0;
+
+      /*
+      * @return specific OID name
+      */
       virtual std::string oid_name() const = 0;
 
       virtual ~Certificate_Extension() {}
@@ -38,7 +60,7 @@ class BOTAN_DLL Certificate_Extension
       virtual void decode_inner(const MemoryRegion<byte>&) = 0;
    };
 
-/*
+/**
 * X.509 Certificate Extension List
 */
 class BOTAN_DLL Extensions : public ASN1_Object
@@ -65,7 +87,7 @@ class BOTAN_DLL Extensions : public ASN1_Object
 
 namespace Cert_Extension {
 
-/*
+/**
 * Basic Constraints Extension
 */
 class BOTAN_DLL Basic_Constraints : public Certificate_Extension
@@ -91,7 +113,7 @@ class BOTAN_DLL Basic_Constraints : public Certificate_Extension
       u32bit path_limit;
    };
 
-/*
+/**
 * Key Usage Constraints Extension
 */
 class BOTAN_DLL Key_Usage : public Certificate_Extension
@@ -114,7 +136,7 @@ class BOTAN_DLL Key_Usage : public Certificate_Extension
       Key_Constraints constraints;
    };
 
-/*
+/**
 * Subject Key Identifier Extension
 */
 class BOTAN_DLL Subject_Key_ID : public Certificate_Extension
@@ -138,7 +160,7 @@ class BOTAN_DLL Subject_Key_ID : public Certificate_Extension
       MemoryVector<byte> key_id;
    };
 
-/*
+/**
 * Authority Key Identifier Extension
 */
 class BOTAN_DLL Authority_Key_ID : public Certificate_Extension
@@ -162,7 +184,7 @@ class BOTAN_DLL Authority_Key_ID : public Certificate_Extension
       MemoryVector<byte> key_id;
    };
 
-/*
+/**
 * Alternative Name Extension Base Class
 */
 class BOTAN_DLL Alternative_Name : public Certificate_Extension
@@ -188,7 +210,7 @@ class BOTAN_DLL Alternative_Name : public Certificate_Extension
       AlternativeName alt_name;
    };
 
-/*
+/**
 * Subject Alternative Name Extension
 */
 class BOTAN_DLL Subject_Alternative_Name : public Alternative_Name
@@ -200,7 +222,7 @@ class BOTAN_DLL Subject_Alternative_Name : public Alternative_Name
       Subject_Alternative_Name(const AlternativeName& = AlternativeName());
    };
 
-/*
+/**
 * Issuer Alternative Name Extension
 */
 class BOTAN_DLL Issuer_Alternative_Name : public Alternative_Name
@@ -212,7 +234,7 @@ class BOTAN_DLL Issuer_Alternative_Name : public Alternative_Name
       Issuer_Alternative_Name(const AlternativeName& = AlternativeName());
    };
 
-/*
+/**
 * Extended Key Usage Extension
 */
 class BOTAN_DLL Extended_Key_Usage : public Certificate_Extension
@@ -236,7 +258,7 @@ class BOTAN_DLL Extended_Key_Usage : public Certificate_Extension
       std::vector<OID> oids;
    };
 
-/*
+/**
 * Certificate Policies Extension
 */
 class BOTAN_DLL Certificate_Policies : public Certificate_Extension
@@ -261,7 +283,7 @@ class BOTAN_DLL Certificate_Policies : public Certificate_Extension
       std::vector<OID> oids;
    };
 
-/*
+/**
 * CRL Number Extension
 */
 class BOTAN_DLL CRL_Number : public Certificate_Extension
@@ -286,7 +308,7 @@ class BOTAN_DLL CRL_Number : public Certificate_Extension
       u32bit crl_number;
    };
 
-/*
+/**
 * CRL Entry Reason Code Extension
 */
 class BOTAN_DLL CRL_ReasonCode : public Certificate_Extension
diff --git a/src/cert/x509/x509_obj.h b/src/cert/x509/x509_obj.h
index c7f92fa9d..52b76d218 100644
--- a/src/cert/x509/x509_obj.h
+++ b/src/cert/x509/x509_obj.h
@@ -33,7 +33,7 @@ class BOTAN_DLL X509_Object
       * @param rng the random number generator to use
       * @param alg_id the algorithm identifier of the signature scheme
       * @param tbs the tbs bits to be signed
-      * @return the signed X509 object
+      * @return signed X509 object
       */
       static MemoryVector<byte> make_signed(class PK_Signer* signer,
                                             RandomNumberGenerator& rng,
diff --git a/src/cert/x509/x509cert.h b/src/cert/x509/x509cert.h
index 4a9d11f7f..dc7ef4dbb 100644
--- a/src/cert/x509/x509cert.h
+++ b/src/cert/x509/x509cert.h
@@ -24,19 +24,19 @@ class BOTAN_DLL X509_Certificate : public X509_Object
    public:
      /**
      * Get the public key associated with this certificate.
-     * @return the subject public key of this certificate
+     * @return subject public key of this certificate
      */
       Public_Key* subject_public_key() const;
 
       /**
       * Get the issuer certificate DN.
-      * @return the issuer DN of this certificate
+      * @return issuer DN of this certificate
       */
       X509_DN issuer_dn() const;
 
       /**
       * Get the subject certificate DN.
-      * @return the subject DN of this certificate
+      * @return subject DN of this certificate
       */
       X509_DN subject_dn() const;
 
@@ -50,7 +50,7 @@ class BOTAN_DLL X509_Certificate : public X509_Object
       * "X509v3.BasicConstraints.is_ca", "X509v3.ExtendedKeyUsage",
       * "X509v3.CertificatePolicies", "X509v3.SubjectKeyIdentifier" or
       * "X509.Certificate.serial".
-      * @return the value(s) of the specified parameter
+      * @return value(s) of the specified parameter
       */
       std::vector<std::string> subject_info(const std::string& name) const;
 
@@ -58,43 +58,43 @@ class BOTAN_DLL X509_Certificate : public X509_Object
       * Get a value for a specific subject_info parameter name.
       * @param name the name of the paramter to look up. Possible names are
       * "X509.Certificate.v2.key_id" or "X509v3.AuthorityKeyIdentifier".
-      * @return the value(s) of the specified parameter
+      * @return value(s) of the specified parameter
       */
       std::vector<std::string> issuer_info(const std::string& name) const;
 
       /**
       * Get the notBefore of the certificate.
-      * @return the notBefore of the certificate
+      * @return notBefore of the certificate
       */
       std::string start_time() const;
 
       /**
       * Get the notAfter of the certificate.
-      * @return the notAfter of the certificate
+      * @return notAfter of the certificate
       */
       std::string end_time() const;
 
       /**
       * Get the X509 version of this certificate object.
-      * @return the X509 version
+      * @return X509 version
       */
       u32bit x509_version() const;
 
       /**
       * Get the serial number of this certificate.
-      * @return the certificates serial number
+      * @return certificates serial number
       */
       MemoryVector<byte> serial_number() const;
 
       /**
       * Get the DER encoded AuthorityKeyIdentifier of this certificate.
-      * @return the DER encoded AuthorityKeyIdentifier
+      * @return DER encoded AuthorityKeyIdentifier
       */
       MemoryVector<byte> authority_key_id() const;
 
       /**
       * Get the DER encoded SubjectKeyIdentifier of this certificate.
-      * @return the DER encoded SubjectKeyIdentifier
+      * @return DER encoded SubjectKeyIdentifier
       */
       MemoryVector<byte> subject_key_id() const;
 
@@ -113,14 +113,14 @@ class BOTAN_DLL X509_Certificate : public X509_Object
       /**
       * Get the path limit as defined in the BasicConstraints extension of
       * this certificate.
-      * @return the path limit
+      * @return path limit
       */
       u32bit path_limit() const;
 
       /**
       * Get the key constraints as defined in the KeyUsage extension of this
       * certificate.
-      * @return the key constraints
+      * @return key constraints
       */
       Key_Constraints constraints() const;
 
@@ -128,14 +128,14 @@ class BOTAN_DLL X509_Certificate : public X509_Object
       * Get the key constraints as defined in the ExtendedKeyUsage
       * extension of this
       * certificate.
-      * @return the key constraints
+      * @return key constraints
       */
       std::vector<std::string> ex_constraints() const;
 
       /**
       * Get the policies as defined in the CertificatePolicies extension
       * of this certificate.
-      * @return the certificate policies
+      * @return certificate policies
       */
       std::vector<std::string> policies() const;
 
diff --git a/src/cert/x509/x509self.cpp b/src/cert/x509/x509self.cpp
index d87c5e060..6e570d3b6 100644
--- a/src/cert/x509/x509self.cpp
+++ b/src/cert/x509/x509self.cpp
@@ -18,22 +18,6 @@ namespace Botan {
 namespace {
 
 /*
-* Shared setup for self-signed items
-*/
-MemoryVector<byte> shared_setup(const X509_Cert_Options& opts,
-                                const Private_Key& key)
-   {
-   opts.sanity_check();
-
-   Pipe key_encoder;
-   key_encoder.start_msg();
-   X509::encode(key, key_encoder, RAW_BER);
-   key_encoder.end_msg();
-
-   return key_encoder.read_all();
-   }
-
-/*
 * Load information from the X509_Cert_Options
 */
 void load_info(const X509_Cert_Options& opts, X509_DN& subject_dn,
@@ -67,7 +51,9 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts,
    X509_DN subject_dn;
    AlternativeName subject_alt;
 
-   MemoryVector<byte> pub_key = shared_setup(opts, key);
+   opts.sanity_check();
+
+   MemoryVector<byte> pub_key = X509::BER_encode(key);
    std::unique_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo));
    load_info(opts, subject_dn, subject_alt);
 
@@ -111,7 +97,9 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts,
    X509_DN subject_dn;
    AlternativeName subject_alt;
 
-   MemoryVector<byte> pub_key = shared_setup(opts, key);
+   opts.sanity_check();
+
+   MemoryVector<byte> pub_key = X509::BER_encode(key);
    std::unique_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo));
    load_info(opts, subject_dn, subject_alt);
 
diff --git a/src/cert/x509/x509self.h b/src/cert/x509/x509self.h
index 741350067..df5731050 100644
--- a/src/cert/x509/x509self.h
+++ b/src/cert/x509/x509self.h
@@ -174,7 +174,7 @@ namespace X509 {
 * associated with this self-signed certificate
 * @param hash_fn the hash function to use
 * @param rng the rng to use
-* @return the newly created self-signed certificate
+* @return newly created self-signed certificate
 */
 BOTAN_DLL X509_Certificate
 create_self_signed_cert(const X509_Cert_Options& opts,
@@ -188,7 +188,7 @@ create_self_signed_cert(const X509_Cert_Options& opts,
 * @param key the key used to sign this request
 * @param rng the rng to use
 * @param hash_fn the hash function to use
-* @return the newly created PKCS#10 request
+* @return newly created PKCS#10 request
 */
 BOTAN_DLL PKCS10_Request create_cert_req(const X509_Cert_Options& opts,
                                          const Private_Key& key,
diff --git a/src/cert/x509/x509stor.h b/src/cert/x509/x509stor.h
index 1911c6b6a..c375c19cb 100644
--- a/src/cert/x509/x509stor.h
+++ b/src/cert/x509/x509stor.h
@@ -15,7 +15,7 @@
 
 namespace Botan {
 
-/*
+/**
 * X.509 Certificate Validation Result
 */
 enum X509_Code {
@@ -43,7 +43,7 @@ enum X509_Code {
    CA_CERT_NOT_FOR_CRL_ISSUER
 };
 
-/*
+/**
 * X.509 Certificate Store
 */
 class BOTAN_DLL X509_Store
@@ -71,20 +71,6 @@ class BOTAN_DLL X509_Store
       std::vector<X509_Certificate> get_cert_chain(const X509_Certificate&);
       std::string PEM_encode() const;
 
-      /*
-      * Made CRL_Data public for XLC for Cell 0.9, otherwise cannot
-      * instantiate member variable std::vector<CRL_Data> revoked
-      */
-      class BOTAN_DLL CRL_Data
-         {
-         public:
-            X509_DN issuer;
-            MemoryVector<byte> serial, auth_key_id;
-            bool operator==(const CRL_Data&) const;
-            bool operator!=(const CRL_Data&) const;
-            bool operator<(const CRL_Data&) const;
-         };
-
       X509_Code add_crl(const X509_CRL&);
       void add_cert(const X509_Certificate&, bool = false);
       void add_certs(DataSource&);
@@ -106,6 +92,18 @@ class BOTAN_DLL X509_Store
       X509_Store(const X509_Store&);
       ~X509_Store();
    private:
+      X509_Store& operator=(const X509_Store&) { return (*this); }
+
+      class BOTAN_DLL CRL_Data
+         {
+         public:
+            X509_DN issuer;
+            MemoryVector<byte> serial, auth_key_id;
+            bool operator==(const CRL_Data&) const;
+            bool operator!=(const CRL_Data&) const;
+            bool operator<(const CRL_Data&) const;
+         };
+
       class BOTAN_DLL Cert_Info
          {
          public: