summaryrefslogtreecommitdiff
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
* doc: document the MAC block size getterPauli2021-05-256-7/+55
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15427)
* Add fipsinstall option to run self test KATS on module loadShane Lontis2021-05-252-2/+14
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15149)
* DOCS: Don't mention internal functions in public documentationRichard Levitte2021-05-251-3/+4
| | | | | | | | This time noticed in OSSL_trace_set_channel.pod, and it turned out to be easy to mention the public functions affected instead. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15422)
* Added PKCS5_PBE_keyivgen_ex() to allow PBKDF1 algorithms to be fetched for a ↵Jon Spillett2021-05-241-2/+6
| | | | | | | | specific library context Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14326)
* Add PBKDF1 to the legacy providerJon Spillett2021-05-242-0/+11
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14326)
* doc: update core_thread_start() documentationPauli2021-05-241-5/+7
| | | | | | | It is now passed an arugment to pass to the callback Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15278)
* apps/cms.c: Correct -sign output and -verify input with -binaryDr. David von Oheimb2021-05-221-2/+2
| | | | | | | | | Also add related warnings on irrelevant use of -nodetach and -content options. Fixes #15347 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15358)
* Fix upgrading docs for RSA_private_encrypt/RSA_public_decryptRobbie Harwood2021-05-221-3/+3
| | | | | | | | | | | | Despite the name, these functions manipulate signatures, which means that their replacements are the EVP_PKEY_sign/EVP_PKEY_verify family. Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/15359)
* doc: process images when installingPauli2021-05-222-0/+18
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15399)
* doc: rereference img locations into subdirectoryPauli2021-05-223-3/+3
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15399)
* doc: move images into their own subdirectoryPauli2021-05-223-0/+0
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15399)
* DOCS: Fixups of the migration guide and the FIPS module manualRichard Levitte2021-05-212-428/+940
| | | | | | | | The markup needed a few touch-ups Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/15377)
* Cleanup the missing*.txt filesMatt Caswell2021-05-214-5/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | One macro existed that was added since 1.1.1 and was undocumented. This had been added to missingmacro.txt. This is the wrong approach and so has been removed from there. There were some entries in missingcrypto.txt that don't exist as functions at all. There were also some which were in fact documented. Additionally 2 entries from missingcrypto.txt have been moved to missingmacro.txt. These entries existed in 1.1.1 and were undocumented. In master they have been deprecated and compatibility macros for them implemented. The replacement functions have been documented. An entry in missingcrypto111.txt was not in alphabetical order (and was also) duplicated, but the equivalent entry in missingcrypto.txt was in the correct place. This has been corrected to make comparisons between the files easier. Finally a function has been added to missingcrypto111.txt. This function did exist in 1.1.1 and was undocumented. Its unclear why this wasn't in missingcrypto111.txt to start with. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15333)
* BIO_s_accept.pod: Document port auto-selection feature of BIO_set_accept_port()Dr. David von Oheimb2021-05-211-0/+2
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15354)
* EVP_DigestSignInit.pod: Clarification in EVP_DigestSignFinal() parameter 'sig'Dr. David von Oheimb2021-05-211-2/+3
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15354)
* apps/cms: Clean up order of options in help output and documentationDr. David von Oheimb2021-05-201-256/+361
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15126)
* DOC: Fix nits found by new check on SYNOPSIS and OPTIONS consistencyDr. David von Oheimb2021-05-2011-24/+159
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15299)
* find-doc-nits: Check that man1 SYNOPSIS and OPTIONS contain same optionsDr. David von Oheimb2021-05-201-7/+7
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15299)
* Update copyright yearMatt Caswell2021-05-2036-36/+36
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15381)
* app: add a -store_loaders option to list.Pauli2021-05-201-0/+5
| | | | | | | | Fixes #15307 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15323)
* Update documentation for global properties mirroringMatt Caswell2021-05-202-4/+16
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15242)
* Documentation updates for mirroring of global propertiesMatt Caswell2021-05-202-0/+62
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15242)
* Add migration guide for 3.0Shane Lontis2021-05-208-16/+2273
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14710)
* Update SSL_new_session_ticket() manual for triggered sendBenjamin Kaduk2021-05-191-11/+16
| | | | | | | Document the recently added functionality. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14817)
* danetest.c: Improve code formattingDr. David von Oheimb2021-05-191-13/+13
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14422)
* X509_STORE_CTX_get1_issuer(): Simplify code, reducing risk of failureDr. David von Oheimb2021-05-191-8/+19
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14422)
* build.info: Make it possible to set attributes on SOURCE / SHARED_SOURCE stmtsRichard Levitte2021-05-191-0/+14
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15332)
* speed: Document the deficiencies of the commandTomas Mraz2021-05-191-3/+13
| | | | | | | Fixes #7032 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15330)
* apps/list: Remove obsolete -missing-help optionDr. David von Oheimb2021-05-191-5/+0
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15329)
* Make SMIME_read_CMS_ex() and SMIME_read_ASN1_ex() support binary inputDr. David von Oheimb2021-05-192-8/+17
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12959)
* bio_lib: Add BIO_get_line, correct doc of BIO_getsDr. David von Oheimb2021-05-191-7/+28
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12959)
* Remove '=for openssl ifdef'Rich Salz2021-05-1935-88/+0
| | | | | | | | No longer needed after rewrite of cmd-nits Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15311)
* DOC: Fix nits found by improved find-doc-nits -cDr. David von Oheimb2021-05-184-0/+53
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15298)
* openssl-dsa.pod.in: Fix glitch: pvk-string -> pvk-strongDr. David von Oheimb2021-05-181-1/+1
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15298)
* find-doc-nits: Make -c option (cmd-nits) independent of app build and executionDr. David von Oheimb2021-05-181-7/+7
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15298)
* apps/s_server: Add -proxy and -no_proxy optionsDr. David von Oheimb2021-05-181-0/+19
| | | | | | | Strongly related to feature request #6965 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15245)
* apps/ocsp: Add -proxy and -no_proxy optionsDr. David von Oheimb2021-05-181-1/+20
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15245)
* Add -quiet flag to genpkeyRich Salz2021-05-181-0/+5
| | | | | | | | | Picking up late suggestions to PR #6909 by Philip Prindeville <philipp@redfish-solutions.com>. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15249)
* Add SSL_OP_ALLOW_CLIENT_RENEGOTIATIONRich Salz2021-05-172-4/+19
| | | | | | | | | | | | | | | | | | | Add -client_renegotiation flag support. The -client_renegotiation flag is equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app, the config code, and the documentation. Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION to the SSL tests. We don't need to always enable it, but there are so many tests so this is the easiest thing to do. Add a test where client tries to renegotiate and it fails as expected. Add a test where server tries to renegotiate and it succeeds. The second test is supported by a new flag, -immediate_renegotiation, which is ignored on the client. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15184)
* Add doc for ERR_clear_last_mark().Shane Lontis2021-05-171-5/+8
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15258)
* Fix OSSL_DECODER_new_for_pkey() selection parameter documentationShane Lontis2021-05-172-31/+10
| | | | | | | | | | | Fixes #14518 EVP_PKEY_fromdata() already defines this value so we link to this documentation, 0 is also added as a possible input value. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15260)
* Promote SSL_get_negotiated_group() for non-TLSv1.3Benjamin Kaduk2021-05-151-7/+11
| | | | | | | | | | | | | | | | | | | It can be useful to know what group was used for the handshake's key exchange process even on non-TLS 1.3 connections. Allow this API, new in OpenSSL 3.0.0, to be used on other TLS versions as well. Since pre-TLS-1.3 key exchange occurs only on full handshakes, this necessitates adding a field to the SSL_SESSION object to carry the group information across resumptions. The key exchange group in the SSL_SESSION can also be relevant in TLS 1.3 when the resumption handshake uses the "psk_ke" key-exchange mode, so also track whether a fresh key exchange was done for TLS 1.3. Since the new field is optional in the ASN.1 sense, there is no need to increment SSL_SESSION_ASN1_VERSION (which incurs strong incompatibility churn). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14750)
* Init the child providers immediately on creation of the child libctxMatt Caswell2021-05-151-6/+1
| | | | | | | | | | | We were deferring the initial creation of the child providers until the first fetch. This is a carry over from an earlier iteration of the child lib ctx development and is no longer necessary. In fact we need to init the child providers immediately otherwise not all providers quite init correctly. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15270)
* doc: document all functions in provider-base(7)Pauli2021-05-151-12/+16
| | | | | | | Fixes #13358 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15259)
* Add OSSL_ prefix to HTTP_DEFAULT_MAX_{LINE_LENGTH,RESP_LEN}Dr. David von Oheimb2021-05-142-6/+5
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15053)
* HTTP client: Allow streaming of response data (with possibly indefinite length)Dr. David von Oheimb2021-05-142-11/+12
| | | | | | | Also clean up max_resp_len and add OSSL_HTTP_REQ_CTX_get_resp_len(). Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15053)
* HTTP client: Allow streaming of request data (for POST method)Dr. David von Oheimb2021-05-141-1/+2
| | | | | | | Also clean up OSSL_HTTP_REQ_CTX_nbio() states and make it more efficient. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15053)
* HTTP client API: Generalize to arbitrary request and response contentsDr. David von Oheimb2021-05-142-13/+24
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15053)
* OSSL_HTTP_transfer(): Fix error reporting in case rctx->server is NULLDr. David von Oheimb2021-05-141-3/+5
| | | | | | | Also improve doc of OSSL_parse_url() and OSSL_HTTP_parse_url(). Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15053)
* HTTP: Implement persistent connections (keep-alive)Dr. David von Oheimb2021-05-144-31/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Both at API and at CLI level (for the CMP app only, so far) there is a new parameter/option: keep_alive. * 0 means HTTP connections are not kept open after receiving a response, which is the default behavior for HTTP 1.0. * 1 means that persistent connections are requested. * 2 means that persistent connections are required, i.e., in case the server does not grant them an error occurs. For the CMP app the default value is 1, which means preferring to keep the connection open. For all other internal uses of the HTTP client (fetching an OCSP response, a cert, or a CRL) it does not matter because these operations just take one round trip. If the client application requested or required a persistent connection and this was granted by the server, it can keep the OSSL_HTTP_REQ_CTX * as long as it wants to send further requests and OSSL_HTTP_is_alive() returns nonzero, else it should call OSSL_HTTP_REQ_CTX_free() or OSSL_HTTP_close(). In case the client application keeps the OSSL_HTTP_REQ_CTX * but the connection then dies for any reason at the server side, it will notice this obtaining an I/O error when trying to send the next request. This requires extending the HTTP header parsing and rearranging the high-level HTTP client API. In particular: * Split the monolithic OSSL_HTTP_transfer() into OSSL_HTTP_open(), OSSL_HTTP_set_request(), a lean OSSL_HTTP_transfer(), and OSSL_HTTP_close(). * Split the timeout functionality accordingly and improve default behavior. * Extract part of OSSL_HTTP_REQ_CTX_new() to OSSL_HTTP_REQ_CTX_set_expected(). * Extend struct ossl_http_req_ctx_st accordingly. Use the new feature for the CMP client, which requires extending related transaction management of CMP client and test server. Update the documentation and extend the tests accordingly. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15053)
View Lorry Controller Status