Commit Graph

1406 Commits

Author SHA1 Message Date
David Benjamin
04f6b0fd91 RT4660: BIO_METHODs should be const.
BIO_new, etc., don't need a non-const BIO_METHOD. This allows all the
built-in method tables to live in .rodata.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-21 16:49:10 -04:00
Todd Short
0351baae36 Fix ALPN - more fixes
* Clear proposed, along with selected, before looking at ClientHello
* Add test case for above
* Clear NPN seen after selecting ALPN on server
* Minor documentation updates

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-20 21:09:32 -04:00
Dr. Stephen Henson
99cccf3643 constify DSA_SIG_get0()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-20 19:56:56 +00:00
Alex Gaynor
270862b470 Fixed language
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-19 20:23:22 -04:00
Alex Gaynor
35ed393e5e Fixed a bunch of typos in the docs
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-19 20:23:22 -04:00
Dr. Stephen Henson
34c2db9b56 constify ECDSA_SIG_get0()
PR#4436

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-19 22:04:38 +00:00
Richard Levitte
c1e350577f Correct faulty L<> links in .pods
Closes RT#4450

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-19 11:39:47 +01:00
Rich Salz
71cdcfc606 Remove more unused things.
Moved doc/standards.txt to the web.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-18 09:40:25 -04:00
Conrado Porto Lopes Gouvêa
83f68df32f Update EVP_CIPHER_CTX_set_padding documentation.
Add note about when EVP_CIPHER_CTX_set_padding should be called.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-17 21:51:25 -04:00
fbroda
08538fc0a5 General verify options to openssl ts
This commit adds the general verify options of ocsp, verify,
cms, etc. to the openssl timestamping app as suggested by
Stephen N. Henson in [openssl.org ]. The conflicting
"-policy" option of "openssl ts" has been renamed to
"-tspolicy". Documentation and tests have been updated.

CAVE: This will break code, which currently uses the "-policy"
option.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-15 18:42:53 +01:00
Dr. Stephen Henson
580b557b13 Update and clarify ECDSA documentation.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-14 20:59:23 +01:00
Richard Levitte
d1beebdf65 Fix typo in manual, missing ending '>'
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-03-14 16:52:54 +01:00
Dr. Stephen Henson
bae26b582e Document X509_get_serialNumber and X509_set_serialNumber.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-14 00:23:13 +00:00
Dr. Stephen Henson
b36a2efd55 Add EVP_PKEY documentation.
Document EVP_PKEY_id() and EVP_PKEY_base_id().

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-13 19:01:42 +00:00
Rich Salz
36cc1390f2 Add doc on when to use SCT callback.
With help from Viktor.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-12 13:02:34 -05:00
Dr. Stephen Henson
a6eb1ce6a9 Make X509_SIG opaque.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 17:40:47 +00:00
Kurt Roeckx
208527a75d Review comments
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 10:39:10 -05:00
Bill Cox
2d0b441267 Add blake2 support.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 10:39:10 -05:00
Viktor Dukhovni
dd60efea95 Add X509_CHECK_FLAG_NEVER_CHECK_SUBJECT flag
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-09 20:41:28 -05:00
Kurt Roeckx
2b8fa1d56c Deprecate the use of version-specific methods
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: 
2016-03-09 19:45:05 +01:00
Kurt Roeckx
1fc7d6664a Fix usage of OPENSSL_NO_*_METHOD
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: 
2016-03-09 19:38:18 +01:00
Kurt Roeckx
29c4cf0cd1 Update ciphers -s documentation
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: 
2016-03-09 19:10:28 +01:00
Kurt Roeckx
cdc72e497d Document SSL_get1_supported_ciphers
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: 
2016-03-09 19:10:28 +01:00
Kurt Roeckx
b11836a63a Make SSL_CIPHER_get_version return a const char *
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: 
2016-03-09 19:10:28 +01:00
Rob Percival
328f36c5c5 Do not display a CT log error message if CT validation is disabled
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 13:07:09 -05:00
Rich Salz
60b350a3ef RT3676: Expose ECgroup i2d functions
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-09 12:25:21 -05:00
Alessandro Ghedini
0b1a07c8a7 Convert RSA blinding to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 23:52:48 +00:00
Dr. Stephen Henson
706a13f112 Make DSA_SIG opaque.
This adds a new accessor function DSA_SIG_get0.
The customisation of DSA_SIG structure initialisation has been removed this
means that the 'r' and 's' components are automatically allocated when
DSA_SIG_new() is called. Update documentation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 17:02:16 +00:00
Alessandro Ghedini
c001ce3313 Convert CRYPTO_LOCK_X509_* to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 11:10:34 -05:00
Alessandro Ghedini
fb46be0348 Convert CRYPTO_LOCK_BIO to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 11:10:34 -05:00
Todd Short
3ec13237f0 Add cipher query functions
Add functions to determine authentication, key-exchange, FIPS and AEAD.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 09:19:15 -05:00
Alessandro Ghedini
8509dcc9f3 Convert ERR_STATE to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-08 14:11:09 +00:00
Todd Short
817cd0d52f GH787: Fix ALPN
* Perform ALPN after the SNI callback; the SSL_CTX may change due to
  that processing
* Add flags to indicate that we actually sent ALPN, to properly error
  out if unexpectedly received.
* clean up ssl3_free() no need to explicitly clear when doing memset
* document ALPN functions

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-03-08 09:03:05 -05:00
Matt Caswell
de69bc5d1a Fix typo in SSL_pending docs
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:42:09 +00:00
Matt Caswell
44ab2dfdf9 Rename EVP_CIPHER_CTX_cipher_data to EVP_CIPHER_CTX_get_cipher_data
We had the function EVP_CIPHER_CTX_cipher_data which is newly added for
1.1.0. As we now also need an EVP_CIPHER_CTX_set_cipher_data it makes
more sense for the former to be called EVP_CIPHER_CTX_get_cipher_data.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:42:09 +00:00
Matt Caswell
ccd82ef4c2 Add documentation for the EVP_CIPHER_CTX_cipher_data functions
The new pipeline code added a new function
EVP_CIPHER_CTX_set_cipher_data(). Add documentation for this and the
existing EVP_CIPHER_CTX_cipher_data() function.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:39:28 +00:00
Matt Caswell
0df8088132 Add documentation for new s_server/s_client options
Document the new split_send_frag, max_pipelines and read_buf options.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:39:28 +00:00
Matt Caswell
d7ded13af1 Add documentation for SSL_has_pending()
A previous commit added the SSL_has_pending() function which provides a
method for knowing whether OpenSSL has buffered, but as yet unprocessed
record data.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:39:28 +00:00
Matt Caswell
8061d964e7 Add pipelining documentation
Add some documentation for all of the SSL/SSL_CTX functions/ctrls for
conrolling read and write pipelining.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:39:28 +00:00
Matt Caswell
98ee75439d Update the dasync engine to add a pipeline cipher
Implement aes128-cbc as a pipeline capable cipher in the dasync engine.
As dasync is just a dummy engine, it actually just performs the parallel
encrypts/decrypts in serial.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-03-07 21:26:04 +00:00
Rich Salz
95e040bb2b Fix pkeyutl to KDF lnks.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-07 15:02:21 -05:00
Benjamin Kaduk
d3054fb663 GH768: Minor grammar nits in CRYPTO_get_ex_new_index.pod
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-03-07 12:52:15 -05:00
Matt Caswell
667867cced Add a function to detect if we have async or not
Add the ASYNC_is_capable() function and use it in speed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 17:23:42 +00:00
Dr. Stephen Henson
5596bda4fc Update documentation
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 17:11:21 +00:00
Richard Levitte
6928b6171a Change names of ordinals and libs, libeay => libcrypto and ssleay => libssl
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-05 09:02:33 +01:00
Dr. Stephen Henson
5fc3ee4b77 use saner default parameters for scrypt
Thanks to Colin Percival for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-05 01:29:50 +00:00
Rob Percival
eb64a6c676 Documentation for new CT s_client flags
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 10:50:11 -05:00
Rob Percival
238d692c6a Documentation for new SSL functions
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 10:50:11 -05:00
Matt Caswell
8b1a5af389 Don't build RC4 ciphersuites into libssl by default
RC4 based ciphersuites in libssl have been disabled by default. They can
be added back by building OpenSSL with the "enable-weak-ssl-ciphers"
Configure option at compile time.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 10:04:06 +00:00
Viktor Dukhovni
f04abe7d50 Improved HKDF and TLS1-PRF documentation
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 01:23:46 -05:00