aboutsummaryrefslogtreecommitdiff
path: root/doc/man3
AgeCommit message (Collapse)AuthorFilesLines
2018-02-09CRYPTO_THREAD_run_once.pod: fix typo and punktuationDr. Matthias St. Pierre1-3/+3
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5293)
2018-02-05Add MiddleboxCompat option to SSL_CONF_cmd man pageMatt Caswell1-0/+6
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5244)
2018-02-02Document SSL_OP_ENABLE_MIDDLEBOX_COMPATMatt Caswell1-0/+9
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5237)
2018-02-01Add OPENSSL_VERSION_AT_LEASTMichael Richardson1-0/+5
added macro to create version number use the macro to build OPENSSL_VERSION_AT_LEAST(maj,min,fix) so that customers of libssl (such as ruby-openssl) do not need to be so aware of openssl version numbers. includes updates to ssl(7) and OPENSSL_VERSION_NUMBER(3) man page Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5212)
2018-02-01Fix doc nitsTodd Short1-5/+5
Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4964)
2018-02-01Add TLSv1.3 post-handshake authentication (PHA)Todd Short2-7/+72
Add SSL_verify_client_post_handshake() for servers to initiate PHA Add SSL_force_post_handshake_auth() for clients that don't have certificates initially configured, but use a certificate callback. Update SSL_CTX_set_verify()/SSL_set_verify() mode: * Add SSL_VERIFY_POST_HANDSHAKE to postpone client authentication until after the initial handshake. * Update SSL_VERIFY_CLIENT_ONCE now only sends out one CertRequest regardless of when the certificate authentication takes place; either initial handshake, re-negotiation, or post-handshake authentication. Add 'RequestPostHandshake' and 'RequirePostHandshake' SSL_CONF options that add the SSL_VERIFY_POST_HANDSHAKE to the 'Request' and 'Require' options Add support to s_client: * Enabled automatically when cert is configured * Can be forced enabled via -force_pha Add support to s_server: * Use 'c' to invoke PHA in s_server * Remove some dead code Update documentation Update unit tests: * Illegal use of PHA extension * TLSv1.3 certificate tests DTLS and TLS behave ever-so-slightly differently. So, when DTLS1.3 is implemented, it's PHA support state machine may need to be different. Add a TODO and a #error Update handshake context to deal with PHA. The handshake context for TLSv1.3 post-handshake auth is up through the ClientFinish message, plus the CertificateRequest message. Subsequent Certificate, CertificateVerify, and Finish messages are based on this handshake context (not the Certificate message per se, but it's included after the hash). KeyUpdate, NewSessionTicket, and prior Certificate Request messages are not included in post-handshake authentication. After the ClientFinished message is processed, save off the digest state for future post-handshake authentication. When post-handshake auth occurs, copy over the saved handshake context into the "main" handshake digest. This effectively discards the any KeyUpdate or NewSessionTicket messages and any prior post-handshake authentication. This, of course, assumes that the ID-22 did not mean to include any previous post-handshake authentication into the new handshake transcript. This is implied by section 4.4.1 that lists messages only up to the first ClientFinished. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4964)
2018-01-26Catch some more old sigalg names in commentsBenjamin Kaduk1-1/+1
Make the sigalg name in comments reflect one that actually exists in the draft standard. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5174)
2018-01-25Update documentation for SSL_set1_sigalgs()Benjamin Kaduk1-3/+5
These functions can now take both "sig+hash" strings and algorithm-specific identifiers like "rsa_pss_pss_sha256" that indicate a particular entry from the TLS signature algorithm registry. Also clarify that only the "_list" form allows for the new-style names (the non-"list" interfaces take sig and hasn NIDs, which cannot access all of the new-style schemes). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5068)
2018-01-24Added "B" tag to all variables.David Cooper1-6/+6
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4190)
2018-01-24Add documentation for the OCSP_basic_sign() and OCSP_basic_sign_ctx() functions.David Cooper1-2/+19
Correct error return value in OCSP_basic_sign(). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4190)
2018-01-24Updates following review of SSL_stateless() codeMatt Caswell1-1/+1
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
2018-01-24Add documentation for SSL_stateless()Matt Caswell1-43/+73
Fixes #4283 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4435)
2018-01-24SHA512/224 and SHA512/256Pauli1-3/+14
Support added for these two digests, available only via the EVP interface. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5093)
2018-01-23Improve some BN documentation.Rich Salz1-9/+14
Thanks to Nicolas Schodet for pointing this out. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5141)
2018-01-22Add accessors for AdmissionSyntaxRich Salz3-0/+197
Based on code from Matthias Ballreich, Steve Henson, and Wolf Tobias. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4724)
2018-01-19Copyright update of more files that have changed this yearRichard Levitte10-10/+10
Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/5110)
2018-01-17doc: Bad prototypes of EVP_PKEY_CTX_new()Jakub Jelen5-8/+11
CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4861)
2018-01-16Update all affected files' copyright year to 2018Paul Yang58-58/+58
Because the related PR/commits are merged in 2018... Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4976)
2018-01-16Enforce return values section checkPaul Yang2-0/+8
To avoid check failure, make dummy RETURN VALUES sections in the docs which have no real functions decribed inside... Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4976)
2018-01-16Add missing 'RETURN VALUES' sections in docPaul Yang59-61/+476
All missing sections are added. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4976)
2018-01-10Make data argument const in SSL_dane_tlsa_addPatrick Schlangen1-1/+3
The data argument of SSL_dane_tlsa_add is used read-only, so it should be const. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5056)
2018-01-09Update copyright years on all files merged since Jan 1st 2018Richard Levitte1-1/+1
Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5038)
2018-01-08Document SSL_OP_NO_RENEGOTIATION as new in 1.1.1Christian Heimes1-1/+2
Closes: https://github.com/openssl/openssl/issues/4897 Signed-off-by: Christian Heimes <christian@python.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4898)
2018-01-08Document OPENSSL_ENGINES environment variablePatrick Steuer1-1/+12
In man1/engine.pod and man3/ENGINE_add.pod Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4956)
2018-01-05Add x509(1) referenceViktor Dukhovni1-1/+2
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
2017-12-28Update the documentation for SSL_write_early_data()Matt Caswell1-4/+7
Now that we attempt to send early data in the first TCP packet along with the ClientHello, the documentation for SSL_write_early_data() needed a tweak. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4802)
2017-12-22Remove extra `the` in SSL_SESSION_set1_id.podDaniel Bevenius1-1/+1
Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4969)
2017-12-15Fix invalid function type casts.Bernd Edlinger2-8/+7
Rename bio_info_cb to BIO_info_cb. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4493)
2017-12-13Document the X509_V_FLAG_PARTIAL_CHAIN flagViktor Dukhovni1-4/+21
Also improved documentation of TRUSTED_FIRST Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-12-12Fix more OCSP_resp_get0_signer() nitsBen Kaduk1-1/+1
Fix a typo for "retrieve" and some indentation. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/4919)
2017-12-09doc/man3/EVP_EncryptInit.pod: add EVP_CIPHER_CTX_rand_keyPatrick Steuer1-0/+8
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4843)
2017-11-30Use ChaCha only if prioritized by clntTodd Short2-7/+32
IFF the client has ChaCha first, and server cipher priority is used, and the new SSL_OP_PRIORITIZE_CHACHA_FOR_MOBILE option is used, then reprioritize ChaCha above everything else. This way, A matching ChaCha cipher will be selected if there is a match. If no ChaCha ciphers match, then the other ciphers are used. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4436)
2017-11-28rsa/rsa_gen.c: harmonize keygen's ability with RSA_security_bits.Andy Polyakov1-2/+8
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4791)
2017-11-28Fix docs for EVP_EncryptUpdate and EVP_DecryptUpdateFdaSilvaYY1-2/+2
Fixes #4775 [skip ci] Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4776)
2017-11-24Fix EVP_MD_meth_new.podRichard Levitte1-2/+2
A name too many in the NAME section, and a copyright year update Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4789)
2017-11-24Correct EVP_CIPHER_meth_new.pod and EVP_MD_meth_new.podRichard Levitte2-9/+33
One had some lines copied from the other, and both were missing a proper RETURN VALUES section. Fixes #4781 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4787)
2017-11-21Support multi-prime RSA (RFC 8017)Paul Yang3-21/+94
* Introduce RSA_generate_multi_prime_key to generate multi-prime RSA private key. As well as the following functions: RSA_get_multi_prime_extra_count RSA_get0_multi_prime_factors RSA_get0_multi_prime_crt_params RSA_set0_multi_prime_params RSA_get_version * Support EVP operations for multi-prime RSA * Support ASN.1 operations for multi-prime RSA * Support multi-prime check in RSA_check_key_ex * Support multi-prime RSA in apps/genrsa and apps/speed * Support multi-prime RSA manipulation functions * Test cases and documentation are added * CHANGES is updated Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4241)
2017-11-20Support public key and param check in EVP interfacePaul Yang4-11/+68
EVP_PKEY_public_check() and EVP_PKEY_param_check() Doc and test cases are added Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4647)
2017-11-12Fix typo that cause find-doc-nits failureRich Salz1-1/+1
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4727)
2017-11-11Add an API to get the signer of an OCSP responseBenjamin Kaduk1-1/+14
Add a new function OCSP_resp_get0_signer() that looks in the certs bundled with the response as well as in additional certificates provided as a function argument, returning the certificate that signed the given response (if present). Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4573)
2017-11-08OPENSSL_ia32cap: reserve for new extensions.Andy Polyakov1-0/+5
Reviewed-by: Rich Salz <rsalz@openssl.org>
2017-11-07Various typoFdaSilvaYY3-3/+3
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4457)
2017-11-06SM3: restructure to EVP internal and update doc to right locationRonald Tse3-76/+55
Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4616)
2017-11-06SM3: Add SM3 hash functionJack Lloyd1-0/+76
SM3 is a secure hash function which is part of the Chinese "Commercial Cryptography" suite of algorithms which use is required for certain commercial applications in China. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4616)
2017-11-05Implement Maximum Fragment Length TLS extension.FdaSilvaYY1-6/+62
Based on patch from Tomasz Moń: https://groups.google.com/forum/#!topic/mailing.openssl.dev/fQxXvCg1uQY Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/1008)
2017-10-31Synchronize man3 EVP cipher list with existing implementations, adding:Ronald Tse15-171/+1181
* ARIA, SEED, Camellia * AES-XTS, OCB, CTR * Key wrap for 3DES, AES * RC4-MD5 AD * CFB modes with 1-bit and 8-bit shifts Split EVP_EncryptInit cipher list to individual man pages. Consolidate cipher bit-lengths in EVP_EncryptInit cipher list. Clarify Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4564)
2017-10-31EVP digest list: one hash algorithm per file, synchronize EVP list, overall ↵Ronald Tse13-103/+740
cleanup. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4628)
2017-10-31Fix EVP_PKEY_ASN1_METHOD manualRichard Levitte1-5/+20
Missing names slipped through Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4629)
2017-10-31SM4: Add SM4 block cipher to EVPRonald Tse1-0/+65
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4552)
2017-10-30Document EVP_PKEY_ASN1_METHOD and associated functionsRichard Levitte2-0/+449
[skip ci] Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/4596)
generated by cgit v1.1 at 2024-08-11 05:38:05 +0000