summaryrefslogtreecommitdiff
path: root/doc/build.info
Commit message (Collapse)AuthorAgeFilesLines
* QUIC man(7) DocumentationHugo Landau2023-05-171-0/+6
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19899)
* QUIC APL: De-publicise SSL_attach_stream/SSL_detach_streamHugo Landau2023-05-121-6/+6
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC MSST: Rename SSL_set_incoming_stream_reject_policyHugo Landau2023-05-121-6/+6
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC MSST: make updateHugo Landau2023-05-121-0/+54
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* RFC7250 (RPK) supportTodd Short2023-03-281-0/+12
| | | | | | | | | | | | | | Add support for the RFC7250 certificate-type extensions. Alows the use of only private keys for connection (i.e. certs not needed). Add APIs Add unit tests Add documentation Add s_client/s_server support Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18185)
* QUIC: Add tests for datagram injection APIHugo Landau2023-03-221-0/+6
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20451)
* providers: add Argon2 KDFČestmír Kalina2023-03-171-0/+6
| | | | | | | | | | https://datatracker.ietf.org/doc/rfc9106/ Signed-off-by: Čestmír Kalina <ckalina@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12256)
* Add documentation for "NULL" cipher and digest algorithms.slontis2023-02-281-0/+12
| | | | | | | | Fixes #20340 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20356)
* QUIC: Add documentation for stream and connection shutdown functionsHugo Landau2023-01-271-0/+6
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19897)
* QUIC CSM: Tweak docs for tick functions, add DTLSv1 docsHugo Landau2023-01-131-0/+12
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)
* QUIC CSM: Documentation for new APIsHugo Landau2023-01-131-0/+36
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)
* Documentation for EVP_PKEY_CTX_get0_pkey() and EVP_PKEY_CTX_get0_peerkey().Nikhil Bisht2023-01-101-0/+6
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19962)
* Docs: Move deprecated ECDSA_ functions into a separate file.slontis2022-12-221-0/+6
| | | | | | | | | | Fixes #19829 Examples added for setting/getting ECDSA SIG related r and s values Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19936)
* BIO_s_dgram: add documentation and hazard warningsHugo Landau2022-12-151-0/+6
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19795)
* Move the description of the core types into their own pagesRichard Levitte2022-12-081-0/+24
| | | | | | | | | | This expands on some of the core type descriptions, and also makes it easier to find the documentation for each type, at least on Unix, with a simple call like "man OSSL_ALGORITHM". Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19842)
* Implement deterministic ECDSA sign (RFC6979)slontis2022-11-301-0/+6
| | | | | | | | | | | | | | | | | This PR is based off the contributions in PR #9223 by Jemmy1228. It has been modified and reworked to: (1) Work with providers (2) Support ECDSA and DSA (3) Add a KDF HMAC_DRBG implementation that shares code with the RAND HMAC_DRBG. A nonce_type is passed around inside the Signing API's, in order to support any future deterministic algorithms. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18809)
* Implements Hybrid Public Key Encryption (HPKE) as per RFC9180.Stephen Farrell2022-11-251-0/+6
| | | | | | | | | | | | | | | | | | | | | | | This supports all the modes, suites and export mechanisms defined in RFC9180 and should be relatively easily extensible if/as new suites are added. The APIs are based on the pseudo-code from the RFC, e.g. OSS_HPKE_encap() roughly maps to SetupBaseS(). External APIs are defined in include/openssl/hpke.h and documented in doc/man3/OSSL_HPKE_CTX_new.pod. Tests (test/hpke_test.c) include verifying a number of the test vectors from the RFC as well as round-tripping for all the modes and suites. We have demonstrated interoperability with other HPKE implementations via a fork [1] that implements TLS Encrypted ClientHello (ECH) which uses HPKE. @slontis provided huge help in getting this done and this makes extensive use of the KEM handling code from his PR#19068. [1] https://github.com/sftcd/openssl/tree/ECH-draft-13c Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17172)
* Add doc for EVP_ASYM_CIPHER-RSA and clean up OSSL_PROVIDER-FIPS.pod.slontis2022-11-181-2/+8
| | | | | | | | | Removed fields from missingcrypto.txt that are no longer missing. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19692)
* Add support for compressed certificates (RFC8879)Todd Short2022-10-181-0/+6
| | | | | | | | | | * Compressed Certificate extension (server/client) * Server certificates (send/receive) * Client certificate (send/receive) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
* Add brotli compression support (RFC7924)Todd Short2022-10-181-0/+6
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
* Rename ossl_sleep() to OSSL_sleep() and make it publicRichard Levitte2022-10-061-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | ossl_sleep() was implemented as a static inline function in internal/e_os.h, using usleep() on Unix and Sleep() on Windows. So far well and good. However, it also has a fallback implementation for systems that do not have usleep() or Sleep(), and that implementation happens to use ossl_time_now(), which is a normal function, private to libcrypto, and is judged to be too complex to sanely make into a static inline function. This fallback creates a problem, because we do use ossl_sleep() in apps/ and a few test programs in test/, and when they are linked with libcrypto in shared library form, ossl_time_now() can't be found, since it's not publicly exposed. Something needs to give, and the easiest, and hopefully sanest answer is to make ossl_sleep() a publicly exposed function, which requires a slight name change. Documentation and 'make update' result included. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19330)
* Add documentation for the OPENSSL_gmtime functionsTodd Short2022-09-261-0/+6
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19257)
* Allow PKCS12 export to set arbitrary bag attributesGraham Woodward2022-09-231-0/+6
| | | | | | Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19025)
* Add HPKE DHKEM provider support for EC, X25519 and X448.slontis2022-09-231-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The code is derived from @sftcd's work in PR #17172. This PR puts the DHKEM algorithms into the provider layer as KEM algorithms for EC and ECX. This PR only implements the DHKEM component of HPKE as specified in RFC 9180. crypto/hpke/hpke_util.c has been added for fuctions that will be shared between DHKEM and HPKE. API's for EVP_PKEY_auth_encapsulate_init() and EVP_PKEY_auth_decapsulate_init() have been added to support authenticated encapsulation. auth_init() functions were chosen rather that a EVP_PKEY_KEM_set_auth() interface to support future algorithms that could possibly need different init functions. Internal code has been refactored, so that it can be shared between the DHKEM and other systems. Since DHKEM operates on low level keys it needs to be able to do low level ECDH and ECXDH calls without converting the keys back into EVP_PKEY/EVP_PKEY_CTX form. See ossl_ecx_compute_key(), ossl_ec_public_from_private() DHKEM requires API's to derive a key using a seed (IKM). This did not sit well inside the DHKEM itself as dispatch functions. This functionality fits better inside the EC and ECX keymanagers keygen, since they are just variations of keygen where the private key is generated in a different manner. This should mainly be used for testing purposes. See ossl_ec_generate_key_dhkem(). It supports this by allowing a settable param to be passed to keygen (See OSSL_PKEY_PARAM_DHKEM_IKM). The keygen calls code within ec and ecx dhkem implementation to handle this. See ossl_ecx_dhkem_derive_private() and ossl_ec_dhkem_derive_private(). These 2 functions are also used by the EC/ECX DHKEM implementations to generate the sender ephemeral keys. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19068)
* BIO_s_dgram_pairHugo Landau2022-09-231-0/+6
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18442)
* Add support for loading root CAs from Windows crypto APIHugo Landau2022-09-141-0/+6
| | | | | | | | Fixes #18020. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18070)
* add missing doc of X509_REQ_get_extensions() and ↵Dr. David von Oheimb2022-08-241-0/+6
| | | | | | | | | X509_REQ_add_extensions{,_nid}() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18931)
* BIO_sendmmsg/BIO_recvmmsg (API only)Hugo Landau2022-08-191-0/+6
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18923)
* Add OSSL_QUIC methods to headers and manual pagesTomas Mraz2022-06-031-0/+6
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18307)
* X509{,_LOOKUP}: Improve distinction between not found and fatal/internal errorDr. David von Oheimb2022-05-041-0/+6
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/14417)
* Public API functions OPENSSL_str[n]casecmpDmitry Belyavskiy2022-04-221-0/+6
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18069)
* Add manpages for SSL_get_certificate, SSL_get_private_keyHugo Landau2022-03-141-0/+6
| | | | | | | | | This is as I understand these functions from reading the code. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17815)
* Replace handling of negative verification result with SSL_set_retry_verify()Tomas Mraz2022-03-141-0/+6
| | | | | | | | | | | | | | | | Provide a different mechanism to indicate that the application wants to retry the verification. The negative result of the callback function now indicates an error again. Instead the SSL_set_retry_verify() can be called from the callback to indicate that the handshake should be suspended. Fixes #17568 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17825)
* EVP: Allow a fallback for operations that work with an EVP_PKEYRichard Levitte2021-10-271-6/+6
| | | | | | | | | | | | | | | | | | | | | | | Functions like EVP_PKEY_sign_init() do an implicit fetch of the operation implementation (EVP_SIGNATURE in this case), then get the KEYMGMT from the same provider, and tries to export the key there if necessary. If an export of the key isn't possible (because the provider that holds the key is an HSM and therefore can't export), we would simply fail without looking any further. This change modifies the behaviour a bit by trying a second fetch of the operation implementation, but specifically from the provider of the EVP_PKEY that's being used. This is done with the same properties that were used with the initial operation implementation fetch, and should therefore be safe, allowing only what those properties allow. Fixes #16614 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
* doc: include PVK KDFdocumentation in build.infoPauli2021-09-281-0/+6
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15968)
* Add default provider support for Keccak 224, 256, 384 and 512Ulrich Müller2021-09-231-0/+6
| | | | | | | | Fixes issue openssl#13033 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16594)
* update doc/build.infoPauli2021-08-051-0/+6
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/16203)
* doc: include PBKDF1 documentation in build.infoPauli2021-07-051-0/+6
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15967)
* doc: build changes for PKEY life cycle documentationPauli2021-06-081-0/+7
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15637)
* doc: add build info for cipher life cycle documentationPauli2021-06-081-1/+8
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15637)
* doc: add digest life cycle documentationPauli2021-06-081-1/+8
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15637)
* Add documentation for newly added ASN1 functionsMatt Caswell2021-06-051-0/+18
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15591)
* Rename all getters to use get/get0 in nameTomas Mraz2021-06-011-6/+6
| | | | | | | | | | | | | | For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
* Enhance the encoder/decoder tests to allow testing with a non-default ↵Jon Spillett2021-06-011-0/+6
| | | | | | | | | library context and configurable providers Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14587)
* Add Docs for EVP_CIPHER-*Shane Lontis2021-05-281-0/+78
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15416)
* doc: process images when installingPauli2021-05-221-0/+6
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15399)
* Add migration guide for 3.0Shane Lontis2021-05-201-0/+12
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14710)
* Replace EVP_PKEY_supports_digest_nidTomas Mraz2021-05-131-6/+6
| | | | | | | | | | | The EVP_PKEY_supports_digest_nid() is renamed to EVP_PKEY_digestsign_supports_digest() and implemented via EVP_DigestSignInit_ex(). Fixes #14343 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15198)
* Add ASN1_item_i2d_mem_bio(); document and improve also ASN1_item_d2i_bio()Dr. David von Oheimb2021-05-121-0/+6
| | | | | | | ASN1_item_d2i_bio(): Do not report errors in queue on BIO input being NULL Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15147)
* Add convenience functions and macros for asymmetric key generationDr. David von Oheimb2021-05-111-6/+6
| | | | | | | | | Add EVP_PKEY_gen(), EVP_PKEY_Q_gen(), EVP_RSA_gen(), and EVP_EC_gen(). Also export auxiliary function OSSL_EC_curve_nid2name() and improve deprecation info on RSA and EC key generation/management functions. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14695)
View Lorry Controller Status