summaryrefslogtreecommitdiff
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
* doc: It is not possible to use SSL_OP_* value in preprocessor conditionsTomas Mraz2021-07-162-1/+9
| | | | | | | | Fixes #16082 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16084)
* RSA_public_decrypt is equivalent to a verify recover operationTomas Mraz2021-07-162-5/+6
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/16068)
* doc: document the params arguments to the initialisation functions.Pauli2021-07-152-4/+8
| | | | | | | | | These were accidentally omitted when the arguments were added globally. Fixes #16067 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16072)
* Make EVP_PKEY_check() be an alias for EVP_PKEY_pairwise_check()Tomas Mraz2021-07-151-1/+1
| | | | | | | | | | | | The implementation of EVP_PKEY_pairwise_check() is also changed to handle the legacy keys. Fixes #16046 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16069)
* doc: Document that incomplete certificates return errorTomas Mraz2021-07-154-6/+10
| | | | | | | Fixes #16065 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16070)
* doc: document the new opt_legacy_okay() function's behaviourPauli2021-07-121-1/+9
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16022)
* Improve doc of OSSL_HTTP_REQ_CTX_set_expected() on timeout param < 0Dr. David von Oheimb2021-07-111-2/+4
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16029)
* doc: update documentation to note removal of ERR_GET_FUNC()Pauli2021-07-061-8/+6
| | | | | Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16004)
* doc: include PBKDF1 documentation in build.infoPauli2021-07-051-0/+6
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15967)
* doc: add PBKDF1 provider documentationPauli2021-07-051-0/+82
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15967)
* PEM_read_...: document that garbage and other PEM data is skippedTomas Mraz2021-07-021-0/+4
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15949)
* doc: Mention the update of der data pointers in d2i/i2dTomas Mraz2021-07-012-2/+6
| | | | | | | | Fixes #15958 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15959)
* DOC: clarify OPENSSL_API_COMPATRichard Levitte2021-07-011-2/+4
| | | | | | | | Fixes #15928 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15956)
* OSSL_CRMF_{CERTTEMPLATE,CERTID}_get0_serialNumber(): Make result const for ↵Dr. David von Oheimb2021-06-301-4/+5
| | | | | | | | | | | consistency Also make doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod consistent with crmf.h.in regarding const results Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15790)
* CMP: Add missing getter functions to CRMF API and CMP APIDr. David von Oheimb2021-06-305-7/+62
| | | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15790)
* Missing link to fips_config documentationDmitry Belyavskiy2021-06-291-2/+1
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15940)
* doc: make error checking in ticket handling code explicitHubert Kario2021-06-291-4/+10
| | | | | | | Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15918)
* DOC: Clarify the role of EKUs including defaults for TLS client and server useDr. David von Oheimb2021-06-269-30/+67
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14199)
* doc: update up call documentationPauli2021-06-261-1/+7
| | | | | | | Some of the BIO functions weren't included in the provider-base documentation. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15909)
* Fix two typos in OSSL_trace_enabled.podTheo Buehler2021-06-261-2/+2
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15894)
* CMP: Improve reporting of error codes and related strings via 'error' msgDr. David von Oheimb2021-06-251-3/+6
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15879)
* CMP: Clean up internal message creation API and its documentationDr. David von Oheimb2021-06-253-64/+114
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15879)
* Fix a race in ossl_provider_add_to_store()Matt Caswell2021-06-241-2/+9
| | | | | | | | | | | | | | If two threads both attempt to load the same provider at the same time, they will first both check to see if the provider already exists. If it doesn't then they will both then create new provider objects and call the init function. However only one of the threads will be successful in adding the provider to the store. For the "losing" thread we should still return "success", but we should deinitialise and free the no longer required provider object, and return the object that exists in the store. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15854)
* Update documentation following updates to the provider codeMatt Caswell2021-06-243-18/+22
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15854)
* Set use_fallbacks to zero when we add a provider to the storeMatt Caswell2021-06-241-6/+3
| | | | | | | | | | Update use_fallbacks to zero when we add a provider to the store rather than when we activate it. Its only at the point that we add it to the store that it is actually usable and visible to other threads. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15854)
* Instantiate predefined providers just-in-timeMatt Caswell2021-06-241-10/+1
| | | | | | | | | | Previously we instantiated all the predefined providers at the point that we create the provider store. Instead we move them to be instantiated as we need them. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15854)
* Documentation: SM2 keys can use only the SM2 curveTomas Mraz2021-06-242-1/+6
| | | | | | | Fixes #14411 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15875)
* doc: Document that the OBJ creation functions don't lock.Pauli2021-06-242-0/+6
| | | | | | | | | | | Neither OBJ_create() nor OBJ_add_sigid() use locks. They are not thread safe. They can and will cause the other OBJ_ query functions to fail in mysterious ways if called concurrently with them. There is no problem calling multiple query functions concurrently. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15865)
* Some clear guidelines for the legacy algs.Dmitry Belyavskiy2021-06-241-0/+6
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15860)
* EVP: Change the output size type of EVP_Q_digest() and EVP_Q_mac()Richard Levitte2021-06-232-6/+7
| | | | | | | | | | | This makes them more consistent with other new interfaces. Fixes #15839 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15861)
* Change self test for AES_CGM to perform both an encrypt and decrypt.Shane Lontis2021-06-221-1/+1
| | | | | | | | | | | This is a request from the lab that changes the AES_GCM test back to perform both a encrypt and decrypt. (This makes no logical sense since this is not an inverse cipher). I have left the AES_ECB decrypt test in (although it may not be needed) since it is actually testing the inverse cipher case. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15844)
* Update copyright yearMatt Caswell2021-06-1726-26/+26
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15801)
* HTTP client: fix use of OSSL_HTTP_adapt_proxy(), which is needed also in cmp.cDr. David von Oheimb2021-06-161-0/+22
| | | | | | | For this reason, export this function, which allows removing http_local.h Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15764)
* X509_digest_sig(): Improve default hash for EdDSA and allow to return the ↵Dr. David von Oheimb2021-06-161-10/+19
| | | | | | | | chosen default Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15762)
* doc: document the various get_cipher functions in the commands lib.Pauli2021-06-161-5/+12
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15747)
* Add missing migration_guide API mappings.Shane Lontis2021-06-161-0/+24
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15732)
* Add documentation for the newly added OBJ up callsMatt Caswell2021-06-162-23/+62
| | | | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15681)
* doc: finish the provider child up call documentationPauli2021-06-161-1/+7
| | | | | | | | | | The bulk of the documentation was there but it wasn't quite complete. Fixes #15678 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15734)
* Disabling Encrypt-then-MAC extension in s_client/s_serverDmitry Belyavskiy2021-06-153-1/+12
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15735)
* s_server: make -rev option easier to find (mention echo)Hubert Kario2021-06-151-3/+2
| | | | | | | | | | | | Since the service is echo-like (see TCP port 7 from RFC 862 or gnutls-serv --echo), make it easier to find by mentioning "echo" in the description of it in the help message an man page Also fixes the man page inconsistency ("sends it back to the server") Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/15739)
* Remove "-immedate_renegotiation" optionRich Salz2021-06-152-9/+2
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15415)
* spkac: document -digest optionPauli2021-06-151-0/+8
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15687)
* Rename OSSL_HTTP_set_request() to OSSL_HTTP_set1_request() for clarityDr. David von Oheimb2021-06-111-12/+12
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15697)
* HTTP client: Fix GET request handling when rctx is reused (keep-alive)Dr. David von Oheimb2021-06-111-9/+12
| | | | | | | This also updates the documentation of OSSL_HTTP_REQ_CTX_set1_req(). Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15697)
* Add support for ISO 8601 datetime formatWilliam Edmisten2021-06-114-5/+28
| | | | | | | | | | | | | | Fixes #5430 Added the configuration file option "date_opt" to the openssl applications ca, crl and x509. Added ASN1_TIME_print_ex which supports the new datetime format using the flag ASN1_DTFLGS_ISO8601 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14384)
* BIO_write_ex: No error only on 0 bytes to writeTomas Mraz2021-06-111-2/+5
| | | | | | | Fixes #15682 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15672)
* Fix FIPS provider value in docsTodd Short2021-06-111-1/+1
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15676)
* STORE: Make OSSL_STORE_LOADER_fetch() consistent with all other fetch functionsRichard Levitte2021-06-111-3/+3
| | | | | | | | | | The argument order was different on this one. Fixes #15688 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15689)
* Document that provider name can be a full pathTomas Mraz2021-06-112-2/+12
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15680)
* doc: fix OSSL_PARAM_BLD pointers in the examplePetr Gotthard2021-06-101-8/+8
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15663)
View Lorry Controller Status