summaryrefslogtreecommitdiff
path: root/doc/man3
Commit message (Collapse)AuthorAgeFilesLines
...
* rand/randfile.c: permit non-regular files in RAND_load_file.Andy Polyakov2018-03-271-7/+3
| | | | | | | | | | | | Apparently applications rely on RAND_load_file's ability to work with non-regular files, customarily with /dev/urandom, so that the ban was not exactly appropriate. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5737)
* man3/OPENSSL_ia32cap.pod: update assembler version requirements.Andy Polyakov2018-03-221-2/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Document EC_POINT_get_affine_coordinates_*.David Benjamin2018-03-211-1/+4
| | | | | | | | | In particular, x and y may be NULL, as used in ecdsa_ossl.c. Make use of this in ecdh_ossl.c as well, to save an otherwise unnecessary temporary. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5532)
* Convert _meth_get_ functions to const gettersJack Bates2018-03-215-30/+30
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2181)
* Remove mention of link between message digests and public key algorithms.Pauli2018-03-212-10/+0
| | | | | | | | | | | | | | | The comment in EVP_DigestInit.pod is: > Returns the NID of the public key signing algorithm associated with this digest. For example EVP_sha1() is associated with RSA so this will return B<NID_sha1WithRSAEncryption>. Since digests and signature algorithms are no longer linked this function is only retained for compatibility reasons. I.e. there is no link anymore. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5682)
* Update copyright yearMatt Caswell2018-03-2018-18/+18
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5689)
* Apply system_default configuration on SSL_CTX_new().Tomas Mraz2018-03-191-1/+1
| | | | | | | | | When SSL_CTX is created preinitialize it with system default configuration from system_default section. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4848)
* Don't use a ssl specific DRBG anymoreKurt Roeckx2018-03-191-14/+0
| | | | | | | | | | | | Since the public and private DRBG are per thread we don't need one per ssl object anymore. It could also try to get entropy from a DRBG that's really from an other thread because the SSL object moved to an other thread. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5547)
* Fix bio callback backward compatibilityBernd Edlinger2018-03-191-7/+11
| | | | | | | | | | Don't pass a pointer to uninitialized processed value for BIO_CB_READ and BIO_CB_WRITE Check the correct cmd code in BIO_callback_ctrl Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5516)
* Document the replay protection capabilitiesMatt Caswell2018-03-191-8/+49
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5644)
* Fix miscellaneous typos in docs and sourceDr. Matthias St. Pierre2018-03-171-1/+1
| | | | | | | | | | - d2i_PKC8PrivateKey -> d2i_PKCS8PrivateKey - bechmark -> benchmark - ciperhsuite -> ciphersuite - EncyptedPreMasterSecret -> EncryptedPreMasterSecret Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5570)
* Rename EVP_PKEY_new_private_key()/EVP_PKEY_new_public_key()Matt Caswell2018-03-153-26/+26
| | | | | | | | Renamed to EVP_PKEY_new_raw_private_key()/EVP_new_raw_public_key() as per feedback. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5520)
* Add functions for setting the new EVP_PKEY_ASN1_METHOD functionsMatt Caswell2018-03-151-2/+24
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5520)
* Add documentation for the newly added EVP_PKEY_new*() functionsMatt Caswell2018-03-152-13/+79
| | | | | | | Also adds some documentation for related existing functions/macros Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5520)
* Add documentation for TLSv1.3 ciphersuite configurationMatt Caswell2018-03-142-11/+64
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5392)
* Introduce SSL_CTX_set_stateless_cookie_{generate,verify}_cbBenjamin Saunders2018-03-122-2/+61
| | | | | | | | | | These functions are similar to SSL_CTX_set_cookie_{generate,verify}_cb, but used for the application-controlled portion of TLS1.3 stateless handshake cookies rather than entire DTLSv1 cookies. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5463)
* Session Ticket app dataTodd Short2018-03-121-0/+149
| | | | | | | | Adds application data into the encrypted session ticket Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3802)
* Fix propotype to include the const qualifierKurt Roeckx2018-03-111-7/+7
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> GH: #5582
* Fixed a handful of typosAlex Gaynor2018-03-107-10/+10
| | | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5583)
* Document more X509_STORE functionsBenjamin Kaduk2018-03-091-0/+100
| | | | | | | | | | | | | | X509_STORE_set_verify_cb_func.pod has documentation for various callbacks and function pointers that can be set and retrieved, but neither it nor X509_STORE_new has much documentation for the actual purpose and usage of X509_STORE objects. Remedy this disparity with new documentation for adding certificates and CRLs, expected usage, and for modifying the default verifification behavior. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3958)
* Fix doc-nitsBen Kaduk2018-03-091-1/+1
| | | | | | | | Remove a space from a whitespace-only line. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5575)
* Add SSL/SSL_CTX_use_cert_and_key()Todd Short2018-03-091-2/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add functions that will do the work of assigning certificate, privatekey and chain certs to an SSL or SSL_CTX. If no privatekey is given, use the publickey. This will permit the keys to pass validation for both ECDSA and RSA. If a private key has already been set for the certificate, it is discarded. A real private key can be set later. This is an all-or-nothing setting of these parameters. Unlike the SSL/SSL_CTX_use_certificate() and SSL/SSL_CTX_use_PrivateKey() functions, the existing cert or privatekey is not modified (i.e. parameters copied). This permits the existing cert/privatekey to be replaced. It replaces the sequence of: * SSL_use_certificate() * SSL_use_privatekey() * SSL_set1_chain() And may actually be faster, as multiple checks are consolidated. The private key can be NULL, if so an ENGINE module needs to contain the actual private key that is to be used. Note that ECDH (using the certificate's ECDSA key) ciphers do not work without the private key being present, based on how the private key is used in ECDH. ECDH does not offer PFS; ECDHE ciphers should be used instead. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/1130)
* Fixed a spelling mistake in ASN1_TIME_set.podAlex Gaynor2018-03-091-1/+1
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5569)
* Give more information in the SSL_stateless return codeMatt Caswell2018-03-091-2/+3
| | | | | | | | | | Allow users to distinguish between an error occurring and an HRR being issued. Fixes #5549 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5562)
* Update documentation for the new PSK behaviourMatt Caswell2018-03-092-58/+78
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5554)
* Fixed several readability issues in DH_generate_parameters.podAlex Gaynor2018-03-081-4/+4
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5553)
* Corrected two typos in a man pageAlex Gaynor2018-03-071-2/+2
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5542)
* BIO_s_mem.pod: fix indirection for out parameter **ppDr. Matthias St. Pierre2018-03-071-2/+2
| | | | | | | BIO_get_mem_data() and BIO_get_mem_ptr() assign to *pp, not pp Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5544)
* Fix typo in ASN1_STRING_length docIvan Filenko2018-03-011-2/+2
| | | | | | | | CLA: trivial Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5458)
* Do not set a nonzero default max_early_dataBenjamin Kaduk2018-02-281-3/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When early data support was first added, this seemed like a good idea, as it would allow applications to just add SSL_read_early_data() calls as needed and have things "Just Work". However, for applications that do not use TLS 1.3 early data, there is a negative side effect. Having a nonzero max_early_data in a SSL_CTX (and thus, SSL objects derived from it) means that when generating a session ticket, tls_construct_stoc_early_data() will indicate to the client that the server supports early data. This is true, in that the implementation of TLS 1.3 (i.e., OpenSSL) does support early data, but does not necessarily indicate that the server application supports early data, when the default value is nonzero. In this case a well-intentioned client would send early data along with its resumption attempt, which would then be ignored by the server application, a waste of network bandwidth. Since, in order to successfully use TLS 1.3 early data, the application must introduce calls to SSL_read_early_data(), it is not much additional burden to require that the application also calls SSL_{CTX_,}set_max_early_data() in order to enable the feature; doing so closes this scenario where early data packets would be sent on the wire but ignored. Update SSL_read_early_data.pod accordingly, and make s_server and our test programs into applications that are compliant with the new requirements on applications that use early data. Fixes #4725 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5483)
* Tell the ciphers which DRBG to use for generating random bytes.Kurt Roeckx2018-02-281-0/+14
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #4672
* Fixed typo in description of EVP_CIPHER_meth_set_iv_length().David Makepeace2018-02-281-1/+1
| | | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5477)
* Fix documentation link to reference man3xemdetia2018-02-271-2/+2
| | | | | | | | CLA: trivial Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5473)
* Update copyright yearMatt Caswell2018-02-275-5/+5
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Export keying material using early exporter master secretTatsuhiro Tsujikawa2018-02-261-4/+27
| | | | | | | | | This commit adds SSL_export_keying_material_early() which exports keying material using early exporter master secret. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5252)
* STORE: Add documentation on search criteriaRichard Levitte2018-02-233-9/+240
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2688)
* STORE: Add documentation on expecting specific infosRichard Levitte2018-02-232-5/+81
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2688)
* Update EC_POINT_new.podPer Sandström2018-02-221-1/+1
| | | | | | | | | | CLA: trivial fix typo: EC_point2buf => EC_POINT_point2buf Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5367)
* Add BIO_bind function to bind local address for a socket.John Hughes2018-02-191-3/+8
| | | | | | | | | Add -bind option to s_client application to allow specification of local address for connection. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5272)
* Add X509_get0_authority_key_id() functionMassimiliano Pala2018-02-191-0/+6
| | | | | | | | | This function makes it easier to retrieve a reference to the authority key identifier (akid->keyid) inside a certificate. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5271)
* Avoid mentioning uninitialised contexts.Pauli2018-02-192-10/+7
| | | | | | | | | All contexts must be initialised because they can only be created using the _new() calls. Remove the outdated mentions of uninitialised and initialised contexts. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/5388)
* PEM_read_bio_PrivateKey.pod: replace geek speek by something more seriousDr. Matthias St. Pierre2018-02-141-3/+3
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5369)
* d2i_X509.pod: clarify usage of the 'pp' function parameterDr. Matthias St. Pierre2018-02-141-9/+11
| | | | | | | | | The 'pp' function parameters of d2i_TYPE() and i2d_TYPE() are referenced in the DESCRIPTION section as 'in' resp. 'out'. This commit renames the references to 'ppin' resp. 'ppout' and adds an explaining sentence. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5365)
* Update copyright yearMatt Caswell2018-02-1310-10/+10
| | | | Reviewed-by: Richard Levitte <levitte@openssl.org>
* Fix include in manpage of X509_check_hostDaniël van Eeden2018-02-111-1/+1
| | | | | | | | | | Fixes Issue #5255 CLA: trivial Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5256)
* CRYPTO_THREAD_run_once.pod: fix typo and punktuationDr. Matthias St. Pierre2018-02-091-3/+3
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5293)
* Add MiddleboxCompat option to SSL_CONF_cmd man pageMatt Caswell2018-02-051-0/+6
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5244)
* Document SSL_OP_ENABLE_MIDDLEBOX_COMPATMatt Caswell2018-02-021-0/+9
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5237)
* Add OPENSSL_VERSION_AT_LEASTMichael Richardson2018-02-011-0/+5
| | | | | | | | | | | | added macro to create version number use the macro to build OPENSSL_VERSION_AT_LEAST(maj,min,fix) so that customers of libssl (such as ruby-openssl) do not need to be so aware of openssl version numbers. includes updates to ssl(7) and OPENSSL_VERSION_NUMBER(3) man page Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5212)
* Fix doc nitsTodd Short2018-02-011-5/+5
| | | | | | Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4964)
View Lorry Controller Status