mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-01 19:28:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
18,245 Commits 30 Branches 390 Tags 502 MiB
ed9fa2c74b
Commit Graph

1686 Commits

Author SHA1 Message Date
Matt Caswell
ed9fa2c74b Tweak the SSL_read()/SSL_write() text based on feedback received. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-11-04 12:09:46 +00:00
Matt Caswell
740bfebaf6 Clarify the return values for SSL_read_ex()/SSL_write_ex() 
Give more detail on what constitutes success/failure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-11-04 12:09:46 +00:00
Matt Caswell
8d2b1819ef Document the HMAC_size() function 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-11-04 12:09:46 +00:00
Matt Caswell
3cdc2f8fb5 Clarify the return values for the peek functions 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-11-04 12:09:46 +00:00
Matt Caswell
6782e5fdd8 Updates various man pages based on review feedback received. 
Improvements to style, grammar etc.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-11-04 12:09:46 +00:00
Matt Caswell
7714dc5ea1 Document the newly added SSL functions 
Also document SSL_peek() which was missing from the docs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-11-04 12:09:46 +00:00
Rich Salz
00bb5504cc Update CRYPTO_set_mem_debug() doc 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1842)
 2016-11-03 15:25:00 -04:00
David Woodhouse
8aefa08cfb Add documentation for DTLS_get_data_mtu() 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-11-02 14:00:12 +00:00
Matt Caswell
582a17d662 Add the SSL_METHOD for TLSv1.3 and all other base changes required 
Includes addition of the various options to s_server/s_client. Also adds
one of the new TLS1.3 ciphersuites.

This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol
and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not
a "real" TLS1.3 ciphersuite).

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-11-02 13:08:21 +00:00
Todd Short
b50052dbe8 Add SSL_CTX_set1_cert_store() 
For convenience, combine getting a new ref for the new SSL_CTX
with assigning the store and freeing the old one.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1755)
 2016-11-01 15:39:57 -04:00
Benjamin Kaduk
4e3973b457 Try to unify BIO read/write parameter names 
After the recent reworking, not everything matched up, and some
comments didn't catch up to the outl-->dlen and inl-->dlen renames
that happened during the development of the recent patches.

Try to make parameter names consistent across header, implementation,
and manual pages.

Also remove some trailing whitespace that was inadvertently introduced.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1798)
 2016-10-29 00:56:52 +02:00
Matt Caswell
b055fceb9b Document the new BIO functions introduced as part of the size_t work 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-10-28 09:48:54 +01:00
Rich Salz
99d63d4662 Move manpages to man[1357] structure. 
Move manpages to manX directories
Add Windows/VMS install fix from Richard Levitte
Update README
Fix typo's
Remove some duplicates

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-10-26 13:59:52 -04:00
Claus Assmann
8b5fffc819 Fix grammar error in SSL_CTX_set_min_proto_version 
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1762)
 2016-10-21 06:42:20 -04:00
Andrea Grandi
50c3fc00cc Fix broken link to ASYNC_get_wait_ctx and rewrap the paragraph 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1745)
 2016-10-19 08:45:02 +01:00
Andrea Grandi
efba60ca7a Add missing .pod extension to EVP_PKEY_CTX_set_tls1_prf_md 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-10-19 10:28:31 +01:00
David Woodhouse
cde6145ba1 Add SSL_OP_NO_ENCRYPT_THEN_MAC 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-10-17 23:17:39 +01:00
Valentin Vidic
b2e54eb834 Add Postgres support to -starttls 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2016-10-17 23:05:36 +01:00
choury
ba6017a193 fix invalid use of incomplete type X509_STORE_CTX 
CLA: trivial

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-10-17 14:39:00 +02:00
Steven Fackler
8bdce8d160 Fix signatures of EVP_Digest{Sign,Verify}Update 
These are implemented as macros delegating to `EVP_DigestUpdate`, which
takes a `size_t` as its third argument, not an `unsigned int`.

CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-10-15 23:34:33 +01:00
Andy Polyakov
bf78883d45 doc/crypto/OPENSSL_ia32cap.pod: update assembler requirements. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-10-11 09:20:42 +02:00
Dr. Stephen Henson
5fb1005987 Add -item option to asn1parse 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-09-29 16:21:46 +01:00
Dr. Stephen Henson
56501ebd09 Add ASN1_ITEM lookup and enumerate functions. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-09-29 16:21:45 +01:00
Matt Caswell
a671b3e64a Add OCSP_RESPID_match() 
Add a function for testing whether a given OCSP_RESPID matches with a
certificate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-09-22 09:27:45 +01:00
Matt Caswell
e12c0beb5a Add the ability to set OCSP_RESPID fields 
OCSP_RESPID was made opaque in 1.1.0, but no accessors were provided for
setting the name/key value for the OCSP_RESPID.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-09-22 09:27:45 +01:00
Rich Salz
776e15f939 Dcoument -alpn flag 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-09-21 11:23:12 -04:00
Rich Salz
4588cb4443 Revert "Constify code about X509_VERIFY_PARAM" 
This reverts commit 81f9ce1e19.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-09-21 10:37:03 -04:00
Richard Levitte
6e836806ad Documentation fixup; no more ECDHParameters 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-09-20 18:24:24 +02:00
FdaSilvaYY
81f9ce1e19 Constify code about X509_VERIFY_PARAM 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1594)
 2016-09-18 00:22:00 -04:00
Rich Salz
6f0ac0e2f2 Make reference to other manpage more explicit 
Where -curves, etc., are defined: SSL_CONF_cmd

Reviewed-by: Andy Polyakov <appro@openssl.org>
 2016-09-14 18:25:40 -04:00
Richard Levitte
2e04d6cc9d Document the new SHA256 and SHA512 password generation options 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-09-14 18:02:29 +02:00
Rich Salz
7d959c358a Add -h and -help for c_rehash script and app 
Resolves GH1515 and GH1509.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-09-14 08:59:48 -04:00
Rich Salz
01c09f9fde Misc BN fixes 
Never output -0; make "negative zero" an impossibility.
Do better checking on BN_rand top/bottom requirements and #bits.
Update doc.
Ignoring trailing garbage in BN_asc2bn.

Port this commit from boringSSL: https://boringssl.googlesource.com/boringssl/+/899b9b19a4cd3fe526aaf5047ab9234cdca19f7d%5E!/
        Ensure |BN_div| never gives negative zero in the no_branch code.

        Have |bn_correct_top| fix |bn->neg| if the input is zero so that we
        don't have negative zeros lying around.

        Thanks to Brian Smith for noticing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-09-06 10:42:01 -04:00
Viktor Dukhovni
4a7b3a7b4d Un-delete still documented X509_STORE_CTX_set_verify 
It should not have been removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-24 20:30:45 +01:00
Rob Percival
cfd20f64cc Typo fixes 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
ea4b7ded52 Updates the CT_POLICY_EVAL_CTX POD 
Ownership semantics and function names have changed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
513a3cb16b Correct documentation about SCT setters resetting validation status 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
e12981019a Removes the SCT_verify* POD 
SCT_verify_v1 has been removed and SCT_verify is no longer part of the
public API.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
a0a9f36ebf Documents the SCT validation functions 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
76bfd2ccc3 Removes {o2i,i2o}_SCT_signature from PODs 
These functions have been removed from the public API.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
5edcadb127 Documents the CTLOG functions 
CTLOG_new_null() has been removed from the code, so it has also been
removed from this POD.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
0e74d7ca44 Document the i2o and o2i SCT functions 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
a8d5d13a5f Removes d2i_SCT_LIST.pod 
This is covered by d2i_X509.pod.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
4cfdabbb09 Document that SCT_set_source returns 0 on failure. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
882babda46 Clarifies the format of a log's public key in the CONF file 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
4a388d1e05 Refer to OPENSSLDIR rather than "the OpenSSL install directory" 
The prior wording was less accurate.
See https://github.com/openssl/openssl/pull/1372#discussion_r73127000.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
32fa3da8b1 Adds history section to CT PODs 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
e469945f2c Fixes final issue in CT PODs highlighted by util/find-doc-nits.pl 
Fixes complaint "ct missing from SYNOPSIS".

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
4eabbe9d59 Renames CT_POLICY_EVAL_CTX.pod to CT_POLICY_EVAL_CTX_new.pod 
util/fix-doc-nits.pl complains that
"CT_POLICY_EVAL_CTX (filename) missing from NAME section".

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
7a2c739c00 Adds copyright section to ct.pod 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00