summaryrefslogtreecommitdiff
path: root/doc/man3
Commit message (Collapse)AuthorAgeFilesLines
* ECDSA_SIG: add simple getters for commonly used struct membersDr. Matthias St. Pierre2018-05-281-2/+12
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6290)
* RSA: add simple getters for commonly used struct membersDr. Matthias St. Pierre2018-05-281-1/+21
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6290)
* DSA: add simple getters for commonly used struct membersDr. Matthias St. Pierre2018-05-281-2/+14
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6290)
* DH: fix: add simple getters for commonly used struct membersDr. Matthias St. Pierre2018-05-281-1/+5
| | | | | | | amends 6db7fadf0975 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6290)
* Improve the example getpass() implementation to show an error returnNick Mathewson2018-05-261-6/+5
| | | | | | | | | Also, modernize the code, so that it isn't trying to store a size_t into an int, and then check the int's sign. :/ Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6271)
* Update documentation for PEM callback: error is now -1.Nick Mathewson2018-05-261-1/+1
| | | | | | | | | | | | | | | | In previous versions of OpenSSL, the documentation for PEM_read_* said: The callback B<must> return the number of characters in the passphrase or 0 if an error occurred. But since c82c3462267afdbbaa5, 0 is now treated as a non-error return value. Applications that want to indicate an error need to return -1 instead. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6271)
* Skip CN DNS name constraint checks when not neededViktor Dukhovni2018-05-233-6/+24
| | | | | | | | | | | | | Only check the CN against DNS name contraints if the `X509_CHECK_FLAG_NEVER_CHECK_SUBJECT` flag is not set, and either the certificate has no DNS subject alternative names or the `X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT` flag is set. Add pertinent documentation, and touch up some stale text about name checks and DANE. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
* DH: add simple getters for commonly used DH struct membersDr. Matthias St. Pierre2018-05-181-3/+17
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6273)
* Add documentation for the ability to control the number of ticketsMatt Caswell2018-05-171-0/+68
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5227)
* Allow configuation of the number of TLSv1.3 session tickets via SSL_CONFMatt Caswell2018-05-171-0/+2
| | | | | | | | Also allows the apps to set it. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5227)
* Link in passphrase-encoding(7) in relevant documentationRichard Levitte2018-05-1410-10/+57
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6179)
* Fix typo: 'is an error occurred' in documentationDr. Matthias St. Pierre2018-05-114-4/+4
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6229)
* Rework the decrypt ticket callbackMatt Caswell2018-05-111-47/+84
| | | | | | | | | | | Don't call the decrypt ticket callback if we've already encountered a fatal error. Do call it if we have an empty ticket present. Change the return code to have 5 distinct returns codes and separate it from the input status value. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6198)
* Document when a new session ticket gets created on resumptionMatt Caswell2018-05-111-0/+6
| | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6198)
* Fix typos in x509 documentationDr. Matthias St. Pierre2018-05-092-2/+2
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6207)
* ECDSA: remove nonce padding (delegated to EC_POINT_mul)Billy Brumley2018-05-091-3/+5
| | | | | | | | | | | | | | | | | | | * EC_POINT_mul is now responsible for constant time point multiplication (for single fixed or variable point multiplication, when the scalar is in the range [0,group_order), so we need to strip the nonce padding from ECDSA. * Entry added to CHANGES * Updated EC_POINT_mul documentation - Integrate existing EC_POINT_mul and EC_POINTs_mul entries in the manpage to reflect the shift in constant-time expectations when performing a single fixed or variable point multiplication; - Add documentation to ec_method_st to reflect the updated "contract" between callers and implementations of ec_method_st.mul. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6070)
* docs: Fix typo EVP_PKEY_new_id -> EVP_PKEY_CTX_new_idRichard Levitte2018-05-041-1/+1
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6177)
* Make X509_VERIFY_PARAM_get_hostflags() take a const argMatt Caswell2018-05-021-1/+1
| | | | | | | | Commit 5b748dea5 added this function which should have taken a const argument. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6154)
* Add some documentation for SSL_get_shared_ciphers()Matt Caswell2018-05-021-3/+21
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6113)
* Add a note about Nagle's algorithm on the SSL_connect man pageMatt Caswell2018-05-021-0/+15
| | | | | | | | Fixes #4237 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/6143)
* Add getter for X509_VERIFY_PARAM_get_hostflagsMatt Caswell2018-05-011-1/+11
| | | | | | | Fixes #5061 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6139)
* Clarify BN_mod_exp docsMatt Caswell2018-05-011-1/+3
| | | | | | | | | | Specifically this is not supported with an even modulus and BN_FLG_CONSTTIME. Fixes #5082 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6137)
* Fix some errors and missing info in the CMS docsMatt Caswell2018-05-011-3/+2
| | | | | | | Fixes #5063 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6134)
* Update copyright yearMatt Caswell2018-05-014-4/+4
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6145)
* Update version docsMatt Caswell2018-04-271-7/+6
| | | | | | | | | | Make it clear that you should not attempt to get the version before the first handshake is complete. Fixes #2893 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6013)
* Update the *use_certificate* docsMatt Caswell2018-04-261-0/+7
| | | | | | | | | | Note that calling the *use_certificate* functions will replace any existing certificate of the same type. The same thing applies for private keys. Fixes #2147 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6092)
* Document when a session gets removed from cacheMatt Caswell2018-04-241-0/+5
| | | | | | | | | | | Document the fact that if a session is not closed down cleanly then the session gets removed from the cache and marked as non-resumable. Fixes #4720 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6053)
* Improve backwards compat with 1.0.2 for ECDHParametersMatt Caswell2018-04-241-4/+0
| | | | | | | | | | | | | | In 1.0.2 you could configure automatic ecdh params by using the ECDHParameters config directive and setting it to the value "+Automatic" or just "Automatic". This is no longer required in 1.1.0+ but we still recognise the "+Automatic" keyword for backwards compatibility. However we did not recognise just "Automatic" without the leading "+" which is equally valid. This commit fixes that omission. Fixes #4113 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6035)
* Ensure the thread keys are always allocated in the same orderBernd Edlinger2018-04-201-3/+3
| | | | | | | | Fixes: #5899 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5911)
* correct spelling errors detected by Debian lintianA. Schulze2018-04-193-3/+3
| | | | | | | | CLA: trivial Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5801)
* Correct an ommission in the EVP_DigestSignInit docsMatt Caswell2018-04-191-1/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5996)
* Update EVP_DigestSignInit() docsMatt Caswell2018-04-181-1/+48
| | | | | | | | | Explicitly state which digests can be used with which algorithms. Fixes #5854 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5992)
* Update the info callback documentation for TLSv1.3Matt Caswell2018-04-171-7/+21
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5874)
* SSL_CTX_set_tlsext_ticket_key_cb.pod: fix error check of RAND_bytes() callDr. Matthias St. Pierre2018-04-171-1/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5977)
* Update copyright yearRichard Levitte2018-04-175-5/+5
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5990)
* Revert "Add OPENSSL_VERSION_AT_LEAST"Dr. Matthias St. Pierre2018-04-161-5/+0
| | | | | | | | | | | | | | Fixes #5961 This reverts commit 3c5a61dd0f9d9a9eac098419bcaf47d1c296ca81. The macros OPENSSL_MAKE_VERSION() and OPENSSL_VERSION_AT_LEAST() contain errors and don't work as designed. Apart from that, their introduction should be held back until a decision has been mad about the future versioning scheme. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5968)
* Split the scrypt and RSA-PSS into man3 and man7 pagesRichard Levitte2018-04-133-0/+250
| | | | | | | | | | | | | | | | | | The scrypt and RSA-PSS documents were a mixture of section 3 and section 7 material. With pre-1.1.1 OpenSSL, this is understandable, since we had a different directory layout. With 1.1.1, we've moved to the typical man-page directory layout, and the documents need to be updated accordingly. Also, the scrypt document contained a description of EVP_PKEY_CTX_set1_pbe_pass(), which is a generic function rather than an scrypt specific function, and therefore should be documented separately. Fixes #5802 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5942)
* Docs for OpenSSL_init_crypto: there is no way to specify another fileRichard Levitte2018-04-131-4/+4
| | | | | | | | | | The documentation erroneously stated that one can change the default configuration file name. Fixes #5939 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5941)
* EVP_MD_CTX_cleanup replaced with EVP_MD_CTX_resetTheo Buehler2018-04-114-4/+4
| | | | | | | | | | | | The EVP_MD_CTX_cleanup() function was merged into EVP_MD_CTX_reset() which is called by EVP_MD_CTX_free(). Adjust the documentation to say that the latter should be used to avoid leaking memory. CLA: trivial Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5921)
* Minor corrections for the RAND_DRBG API documentationDr. Matthias St. Pierre2018-04-111-1/+1
| | | | | | | | | - added some explaining text to a sentence that lost its context. - removed mention of per-ssl drbg - fix whitespace errors Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5804)
* Document the change in the previous commit about loading the config fileMatt Caswell2018-04-051-2/+4
| | | | | | | | | When libssl is initialised it will attempt to load any config file. This ensures any system_default configuration (as per https://github.com/openssl/openssl/pull/4848) is used. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5818)
* Don't use getenv for critical functions when run as setuid/setgidBernd Edlinger2018-04-042-0/+12
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5856)
* Fix some errors in the mem leaks docsMatt Caswell2018-04-031-6/+6
| | | | | | Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5794)
* Update copyright yearMatt Caswell2018-04-0310-10/+10
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5851)
* Documentation typo fix in EVP_EncryptInit.podAlexandre Perrin2018-04-021-1/+0
| | | | | | | | | | Remove duplicate declaration of `EVP_CIPHER_key_length` in the synopsis. CLA: trivial Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5792)
* Update documentation on how to close a connectionKurt Roeckx2018-04-012-28/+46
| | | | | Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> GH: #5823
* Add documentation for the RAND_DRBG APIDr. Matthias St. Pierre2018-03-3013-115/+684
| | | | | | | | | The RAND_DRBG API was added in PR #5462 and modified by PR #5547. This commit adds the corresponding documention. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5461)
* BIO_s_accept.pod: add documentation for the new macrosVitezslav Cizek2018-03-291-3/+15
| | | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5007)
* Document BIO_{get,set}_conn_ip_family macros.Vitezslav Cizek2018-03-291-3/+13
| | | | | | | | | Add BIO_get_conn_ip_family and BIO_set_conn_ip_family macros to util/private.num and document them in BIO_s_connect.pod. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5007)
* Update the BIO_s_connect documentation after the BIO refactoring.Vitezslav Cizek2018-03-291-17/+20
| | | | | | | | | The BIO was refactored in 417be660e1cd21a2ee085569ff98b0c4249b5416, but the manual wasn't fully updated to reflect some of the changes. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5007)
View Lorry Controller Status