David Benjamin
04f6b0fd91
RT4660: BIO_METHODs should be const.
...
BIO_new, etc., don't need a non-const BIO_METHOD. This allows all the
built-in method tables to live in .rodata.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-21 16:49:10 -04:00
Todd Short
0351baae36
Fix ALPN - more fixes
...
* Clear proposed, along with selected, before looking at ClientHello
* Add test case for above
* Clear NPN seen after selecting ALPN on server
* Minor documentation updates
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-20 21:09:32 -04:00
Dr. Stephen Henson
99cccf3643
constify DSA_SIG_get0()
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-20 19:56:56 +00:00
Alex Gaynor
270862b470
Fixed language
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-19 20:23:22 -04:00
Alex Gaynor
35ed393e5e
Fixed a bunch of typos in the docs
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-19 20:23:22 -04:00
Dr. Stephen Henson
34c2db9b56
constify ECDSA_SIG_get0()
...
PR#4436
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-19 22:04:38 +00:00
Richard Levitte
c1e350577f
Correct faulty L<> links in .pods
...
Closes RT#4450
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-19 11:39:47 +01:00
Rich Salz
71cdcfc606
Remove more unused things.
...
Moved doc/standards.txt to the web.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-18 09:40:25 -04:00
Conrado Porto Lopes Gouvêa
83f68df32f
Update EVP_CIPHER_CTX_set_padding documentation.
...
Add note about when EVP_CIPHER_CTX_set_padding should be called.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-17 21:51:25 -04:00
fbroda
08538fc0a5
General verify options to openssl ts
...
This commit adds the general verify options of ocsp, verify,
cms, etc. to the openssl timestamping app as suggested by
Stephen N. Henson in [openssl.org #4287 ]. The conflicting
"-policy" option of "openssl ts" has been renamed to
"-tspolicy". Documentation and tests have been updated.
CAVE: This will break code, which currently uses the "-policy"
option.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-15 18:42:53 +01:00
Dr. Stephen Henson
580b557b13
Update and clarify ECDSA documentation.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-14 20:59:23 +01:00
Richard Levitte
d1beebdf65
Fix typo in manual, missing ending '>'
...
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-03-14 16:52:54 +01:00
Dr. Stephen Henson
bae26b582e
Document X509_get_serialNumber and X509_set_serialNumber.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-14 00:23:13 +00:00
Dr. Stephen Henson
b36a2efd55
Add EVP_PKEY documentation.
...
Document EVP_PKEY_id() and EVP_PKEY_base_id().
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-13 19:01:42 +00:00
Rich Salz
36cc1390f2
Add doc on when to use SCT callback.
...
With help from Viktor.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-12 13:02:34 -05:00
Dr. Stephen Henson
a6eb1ce6a9
Make X509_SIG opaque.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 17:40:47 +00:00
Kurt Roeckx
208527a75d
Review comments
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 10:39:10 -05:00
Bill Cox
2d0b441267
Add blake2 support.
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 10:39:10 -05:00
Viktor Dukhovni
dd60efea95
Add X509_CHECK_FLAG_NEVER_CHECK_SUBJECT flag
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-09 20:41:28 -05:00
Kurt Roeckx
2b8fa1d56c
Deprecate the use of version-specific methods
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1824
2016-03-09 19:45:05 +01:00
Kurt Roeckx
1fc7d6664a
Fix usage of OPENSSL_NO_*_METHOD
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1824
2016-03-09 19:38:18 +01:00
Kurt Roeckx
29c4cf0cd1
Update ciphers -s documentation
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
2016-03-09 19:10:28 +01:00
Kurt Roeckx
cdc72e497d
Document SSL_get1_supported_ciphers
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
2016-03-09 19:10:28 +01:00
Kurt Roeckx
b11836a63a
Make SSL_CIPHER_get_version return a const char *
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MR: #1595
2016-03-09 19:10:28 +01:00
Rob Percival
328f36c5c5
Do not display a CT log error message if CT validation is disabled
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 13:07:09 -05:00
Rich Salz
60b350a3ef
RT3676: Expose ECgroup i2d functions
...
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-09 12:25:21 -05:00
Alessandro Ghedini
0b1a07c8a7
Convert RSA blinding to new multi-threading API
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 23:52:48 +00:00
Dr. Stephen Henson
706a13f112
Make DSA_SIG opaque.
...
This adds a new accessor function DSA_SIG_get0.
The customisation of DSA_SIG structure initialisation has been removed this
means that the 'r' and 's' components are automatically allocated when
DSA_SIG_new() is called. Update documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 17:02:16 +00:00
Alessandro Ghedini
c001ce3313
Convert CRYPTO_LOCK_X509_* to new multi-threading API
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 11:10:34 -05:00
Alessandro Ghedini
fb46be0348
Convert CRYPTO_LOCK_BIO to new multi-threading API
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 11:10:34 -05:00
Todd Short
3ec13237f0
Add cipher query functions
...
Add functions to determine authentication, key-exchange, FIPS and AEAD.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 09:19:15 -05:00
Alessandro Ghedini
8509dcc9f3
Convert ERR_STATE to new multi-threading API
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 14:11:09 +00:00
Todd Short
817cd0d52f
GH787: Fix ALPN
...
* Perform ALPN after the SNI callback; the SSL_CTX may change due to
that processing
* Add flags to indicate that we actually sent ALPN, to properly error
out if unexpectedly received.
* clean up ssl3_free() no need to explicitly clear when doing memset
* document ALPN functions
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-03-08 09:03:05 -05:00
Matt Caswell
de69bc5d1a
Fix typo in SSL_pending docs
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:42:09 +00:00
Matt Caswell
44ab2dfdf9
Rename EVP_CIPHER_CTX_cipher_data to EVP_CIPHER_CTX_get_cipher_data
...
We had the function EVP_CIPHER_CTX_cipher_data which is newly added for
1.1.0. As we now also need an EVP_CIPHER_CTX_set_cipher_data it makes
more sense for the former to be called EVP_CIPHER_CTX_get_cipher_data.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:42:09 +00:00
Matt Caswell
ccd82ef4c2
Add documentation for the EVP_CIPHER_CTX_cipher_data functions
...
The new pipeline code added a new function
EVP_CIPHER_CTX_set_cipher_data(). Add documentation for this and the
existing EVP_CIPHER_CTX_cipher_data() function.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:39:28 +00:00
Matt Caswell
0df8088132
Add documentation for new s_server/s_client options
...
Document the new split_send_frag, max_pipelines and read_buf options.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:39:28 +00:00
Matt Caswell
d7ded13af1
Add documentation for SSL_has_pending()
...
A previous commit added the SSL_has_pending() function which provides a
method for knowing whether OpenSSL has buffered, but as yet unprocessed
record data.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:39:28 +00:00
Matt Caswell
8061d964e7
Add pipelining documentation
...
Add some documentation for all of the SSL/SSL_CTX functions/ctrls for
conrolling read and write pipelining.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:39:28 +00:00
Matt Caswell
98ee75439d
Update the dasync engine to add a pipeline cipher
...
Implement aes128-cbc as a pipeline capable cipher in the dasync engine.
As dasync is just a dummy engine, it actually just performs the parallel
encrypts/decrypts in serial.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:26:04 +00:00
Rich Salz
95e040bb2b
Fix pkeyutl to KDF lnks.
...
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-07 15:02:21 -05:00
Benjamin Kaduk
d3054fb663
GH768: Minor grammar nits in CRYPTO_get_ex_new_index.pod
...
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-03-07 12:52:15 -05:00
Matt Caswell
667867cced
Add a function to detect if we have async or not
...
Add the ASYNC_is_capable() function and use it in speed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 17:23:42 +00:00
Dr. Stephen Henson
5596bda4fc
Update documentation
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 17:11:21 +00:00
Richard Levitte
6928b6171a
Change names of ordinals and libs, libeay => libcrypto and ssleay => libssl
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-05 09:02:33 +01:00
Dr. Stephen Henson
5fc3ee4b77
use saner default parameters for scrypt
...
Thanks to Colin Percival for reporting this issue.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-05 01:29:50 +00:00
Rob Percival
eb64a6c676
Documentation for new CT s_client flags
...
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 10:50:11 -05:00
Rob Percival
238d692c6a
Documentation for new SSL functions
...
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 10:50:11 -05:00
Matt Caswell
8b1a5af389
Don't build RC4 ciphersuites into libssl by default
...
RC4 based ciphersuites in libssl have been disabled by default. They can
be added back by building OpenSSL with the "enable-weak-ssl-ciphers"
Configure option at compile time.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 10:04:06 +00:00
Viktor Dukhovni
f04abe7d50
Improved HKDF and TLS1-PRF documentation
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 01:23:46 -05:00