aboutsummaryrefslogtreecommitdiffstats
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
* Constify (X509|X509V3|X509_CRL|X509_REVOKED)_get_ext_d2i ...FdaSilvaYY2016-07-251-4/+4
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Constify input parameters of methods :FdaSilvaYY2016-07-253-4/+4
| | | | | | | | - X509_NAME_entry_count, X509_ATTRIBUTE_count - X509_NAME_add_entry_by_OBJ, X509_NAME_ENTRY_create_by_OBJ, X509_NAME_ENTRY_set_object Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Constify i2t_ASN1_OBJECT, i2d_ASN1_OBJECT, i2a_ASN1_OBJECT.FdaSilvaYY2016-07-251-1/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Constify ASN1_TYPE_get, ASN1_STRING_type, ASN1_STRING_to_UTF8, ↵FdaSilvaYY2016-07-252-3/+3
| | | | | | | ASN1_TYPE_get_octetstring & co... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Constify EC_KEY_*_oct2priv() input bufferFdaSilvaYY2016-07-251-1/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1300)
* Add EVP_ENCODE_CTX_copyJakub Zelenka2016-07-241-4/+8
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1344)
* Make it possible for external code to flag a certificate as a proxy one.Richard Levitte2016-07-231-3/+8
| | | | | | | This adds the function X509_set_proxy_flag(), which sets the internal flag EXFLAG_PROXY on a given X509 structure. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Clarify digest change in HMAC_Init_ex()Dr. Stephen Henson2016-07-221-7/+11
| | | | | | RT#4603 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Fix if/for/while( in docsFdaSilvaYY2016-07-209-33/+35
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1292)
* Resolve over command syntax error which causes 'make install' to failCoty Sutherland2016-07-191-0/+9
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1312)
* Document the slight change in CRYPTO_mem_ctrl()Richard Levitte2016-07-191-1/+2
| | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* Document the slight change in ERR_get_next_error_library()Richard Levitte2016-07-191-1/+2
| | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org>
* RT4593: Add space after comma (doc nits)Rich Salz2016-07-1938-88/+88
| | | | | | | Update find-doc-nits to find errors in SYNOPSIS (the most common place where they were missing). Reviewed-by: Matt Caswell <matt@openssl.org>
* SSL test framework: port NPN and ALPN testsEmilia Kasper2016-07-191-1/+2
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Install applink.c with the public header files.Richard Levitte2016-07-141-1/+2
| | | | | | | | | This is only done for the platforms where 'OPENSSL_USE_APPLINK' is defined. Also, change the docs of OPENSSL_Applink to say where to find applink.c in the installation directory. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Add OCSP accessors.Dr. Stephen Henson2016-07-131-0/+13
| | | | | | RT#4605 Reviewed-by: Rich Salz <rsalz@openssl.org>
* Perform DANE-EE(3) name checks by defaultViktor Dukhovni2016-07-121-1/+46
| | | | | | | | | | In light of potential UKS (unknown key share) attacks on some applications, primarily browsers, despite RFC761, name checks are by default applied with DANE-EE(3) TLSA records. Applications for which UKS is not a problem can optionally disable DANE-EE(3) name checks via the new SSL_CTX_dane_set_flags() and friends. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Replace all #define's in pod pages.Rich Salz2016-07-0836-343/+279
| | | | | | | | | | | | Function-like macros are replaced with prototypes and a note that they are implemented as macros. Constants are just referenced in-line in the text. Tweak BIO_TYPE_... documentation. Also fix RT4592. Reviewed-by: Matt Caswell <matt@openssl.org>
* include/openssl: don't include <windows.h> in public headers.Andy Polyakov2016-07-084-0/+44
| | | | | | | | | | | If application uses any of Windows-specific interfaces, make it application developer's respondibility to include <windows.h>. Rationale is that <windows.h> is quite "toxic" and is sensitive to inclusion order (most notably in relation to <winsock2.h>). It's only natural to give complete control to the application developer. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
* Constify a bit more OPENSSL_sk_ APIFdaSilvaYY2016-06-301-2/+2
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1244)
* Cleanup documentation for removed functionalityMatt Caswell2016-06-302-3/+0
| | | | | | Remove some lingering references to removed functionality from docs. Reviewed-by: Stephen Henson <steve@openssl.org>
* Whitespace cleanup in appsFdaSilvaYY2016-06-291-1/+1
| | | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1264)
* Whitespace cleanup in docsFdaSilvaYY2016-06-297-9/+10
| | | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1264)
* SpellingFdaSilvaYY2016-06-299-12/+14
| | | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1264)
* evp/evp_enc.c: check for partially[!] overlapping buffersAndy Polyakov2016-06-271-1/+3
| | | | | | | | in EVP_EncryptUpdate and EVP_DecryptUpdate. It is argued that in general case it's impossible to provide guarantee that partially[!] overlapping buffers can be tolerated. Reviewed-by: Matt Caswell <matt@openssl.org>
* RT2964: Fix it via docRich Salz2016-06-261-0/+11
| | | | | | OBJ_nid2obj() and friends should be treated as const. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Revert "RT2964: Fix it via doc"Rich Salz2016-06-251-10/+0
| | | | | | This reverts commit 82f31fe4dd0dac30229fa8684229b49d2bcef404. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* RT2964: Fix it via docRich Salz2016-06-251-0/+10
| | | | | | OBJ_nid2obj() and friends should be treated as const. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
* Add -ciphers flag to enc commandRich Salz2016-06-241-0/+5
| | | | | | Don't print the full list of ciphers as part of the -help output. Reviewed-by: Andy Polyakov <appro@openssl.org>
* Add some documentation for missing HMAC functionsMatt Caswell2016-06-241-7/+32
| | | | | | This includes the newly added HMAC_CTX_get_md(). Reviewed-by: Tim Hudson <tjh@openssl.org>
* crypto/cryptlib.c: omit OPENSSL_ia32cap_loc().Andy Polyakov2016-06-221-24/+24
| | | | Reviewed-by: Rich Salz <rsalz@openssl.org>
* Spelling... and more spellingFdaSilvaYY2016-06-222-3/+3
| | | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1245)
* buf2hexstr: properly deal with empty stringKurt Roeckx2016-06-211-1/+1
| | | | | | | | | | It wrote before the start of the string found by afl Reviewed-by: Richard Levitte <levitte@openssl.org> MR: #2994
* More doc cleanupRich Salz2016-06-2174-266/+377
| | | | | | | | | | | Add missing entries to NAME section Add SYNOPSIS lines, remove old NAME entries Update find-doc-nits; better regexp's for parsing SYNOPSIS sections. Rename a couple of files to have an API name. Remove RSA_private_decrypt; it was duplicate content Update for recent doc additions Reviewed-by: Matt Caswell <matt@openssl.org>
* Allow proxy certs to be present when verifying a chainRichard Levitte2016-06-201-1/+11
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Stephen Henson <steve@openssl.org>
* doc and comment fixeshuangqinjin2016-06-204-5/+5
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1233)
* Make DSA_SIG and ECDSA_SIG getters const.Emilia Kasper2016-06-202-5/+5
| | | | | | | | | | Reorder arguments to follow convention. Also allow r/s to be NULL in DSA_SIG_get0, similarly to ECDSA_SIG_get0. This complements GH1193 which adds non-const setters. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Change the RAND_file_name documentation accordinglyRichard Levitte2016-06-201-7/+21
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org>
* Change default directory for storing the .rnd file on WindowsMatt Caswell2016-06-171-2/+10
| | | | | | | | | | | | Previously we would try %RANDFILE%, then %HOME% and finally "C:". Unfortunately this often ends up being "C:" which the user may not have write permission for. Now we try %RANDFILE% first, and then the same set of environment vars as GetTempFile() uses, i.e. %TMP%, then %TEMP%, %USERPROFILE% and %SYSTEMROOT%. If all else fails we fall back to %HOME% and only then "C:". Reviewed-by: Rich Salz <rsalz@openssl.org>
* Spelling fixesFdaSilvaYY2016-06-1611-14/+14
| | | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1219)
* Add EVP_PKEY_get0_hmac() functionNathaniel McCallum2016-06-161-5/+6
| | | | | | | | Before the addition of this function, it was impossible to read the symmetric key from an EVP_PKEY_HMAC type EVP_PKEY. Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1217)
* Change the return type of EVP_EncodeUpdateMatt Caswell2016-06-161-3/+6
| | | | | | | | Previously EVP_EncodeUpdate returned a void. However there are a couple of error conditions that can occur. Therefore the return type has been changed to an int, with 0 indicating error and 1 indicating success. Reviewed-by: Rich Salz <rsalz@openssl.org>
* Constify the parameter getters for RSA, DSA and DHRichard Levitte2016-06-153-7/+13
| | | | | | | Including documentation changes Reviewed-by: Stephen Henson <steve@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
* Constify CMS_get0_type inputFdaSilvaYY2016-06-151-1/+1
| | | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1215)
* Constify PKCS12_create, PKCS12_add_key, PKCS12_add_safe.FdaSilvaYY2016-06-151-2/+3
| | | | | Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1215)
* RT4562: Fix misleading doc on OPENSSL_configRich Salz2016-06-142-11/+12
| | | | | | Also changed the code to use "appname" not "filename" Reviewed-by: Matt Caswell <matt@openssl.org>
* Reorder the setter arguments to more consistently match that of other APIs,TJ Saunders2016-06-132-2/+2
| | | | | | | | per review comments. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1193)
* Implement DSA_SIG_set0() and ECDSA_SIG_set0(), for setting signature values.TJ Saunders2016-06-132-0/+18
| | | | | | | | | | | | | | | SSH2 implementations which use DSA_do_verify() and ECDSA_do_verify() are given the R and S values, and the data to be signed, by the client. Thus in order to validate these signatures, SSH2 implementations will digest and sign the data -- and then pass in properly provisioned DSA_SIG and ECDSA_SIG objects. Unfortunately, the existing OpenSSL-1.1.0 APIs do not allow for directly setting those R and S values in these objects, which makes using OpenSSL for such SSH2 implementations much more difficult. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1193)
* Update the SSL_set_session() documentationMatt Caswell2016-06-131-1/+5
| | | | | | | Update the SSL_set_session() documentation to reflect the fact that old bad sessions are removed from the cache if necessary. Reviewed-by: Rich Salz <rsalz@openssl.org>
* RT3809: basicConstraints is criticalRich Salz2016-06-131-1/+1
| | | | | | | This is really a security bugfix, not enhancement any more. Everyone knows critical extensions. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-17 20:29:24 +0000