summaryrefslogtreecommitdiffstats
path: root/doc (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Per other commands, make progress dots in req only w/ -verbosePhilip Prindeville2023-09-061-0/+7
| | | | | | | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21937)
* CMP: generalize ossl_cmp_calc_protection() to handle Edwards curves correctlyDr. David von Oheimb2023-09-051-0/+3
| | | | | | | | Fixes #21564 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21884)
* Added 'saltlen' option to the OpenSSL enc command line app.slontis2023-09-041-2/+15
| | | | | | | | | | | This allows PBKDF2 to change the saltlen to something other than the new default value of 16. Previously this app hardwired the salt length to a maximum of 8 bytes. Non PBKDF2 mode uses EVP_BytesToKey() internally, which is documented to only allow 8 bytes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21858)
* Added a 'saltlen' option to the openssl pkcs8 command line app.slontis2023-09-041-0/+7
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21858)
* Change PBES2 KDF default salt length to 16 bytes.slontis2023-09-041-1/+11
| | | | | | | | | | | | | The PKCS5 (RFC 8018) standard uses a 64 bit salt length for PBE, and recommends a minimum of 64 bits for PBES2. For FIPS compliance PBKDF2 requires a salt length of 128 bits. This affects OpenSSL command line applications such as "genrsa" and "pkcs8" and API's such as PEM_write_bio_PrivateKey() that are reliant on the default salt length. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21858)
* Fix typo in openssl-pkeyutl(1)Sumitra Sharma2023-09-021-1/+1
| | | | | | | | | | | | | | Changed "than" to "then" for improved clarity and correctness. CLA: trivial Fixes #21543 Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/21925)
* Add a test for QUIC non IO retry errorsMatt Caswell2023-09-021-0/+7
| | | | | | | | | Test that errors such as SSL_ERROR_WANT_RETRY_VERIFY are properly handled by QUIC connections. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21922)
* Minor fixesHugo Landau2023-09-011-1/+1
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21905)
* QUIC: Note differences in SSL_wantHugo Landau2023-09-011-0/+4
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21905)
* QUIC: Update API overview documentHugo Landau2023-09-011-4/+21
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21905)
* QUIC: Note that SSL_set_shutdown is not supportedHugo Landau2023-09-011-0/+2
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21905)
* QUIC: Update API tableHugo Landau2023-09-011-34/+38
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21905)
* BIO: Emphasise API contract for BIO_sendmmsg/BIO_recvmmsgHugo Landau2023-09-011-0/+4
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21905)
* BIO: Allow third parties to use integers instead of pointers for poll ↵Hugo Landau2023-09-011-6/+6
| | | | | | | | descriptors Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21905)
* QUIC API: Revise SSL_get_conn_close_info to use a flags fieldHugo Landau2023-09-012-21/+31
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21905)
* Document OSSL_get_thread_support_flags()Hugo Landau2023-09-011-1/+19
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21905)
* QUIC APL: Allow stream origin to be queriedHugo Landau2023-09-011-3/+14
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21905)
* Minor fixesHugo Landau2023-09-012-4/+4
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21715)
* Minor updatesHugo Landau2023-09-011-5/+7
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21715)
* Add manpagesHugo Landau2023-09-012-3/+40
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21715)
* QUIC DDD: Final reportHugo Landau2023-09-012-0/+343
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21715)
* QUIC DDD: ddd-02-conn-nonblocking-threads: Unplanned changesHugo Landau2023-09-011-3/+26
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21715)
* QUIC DDD: ddd-02-conn-nonblocking-threads: Planned changesHugo Landau2023-09-011-0/+12
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21715)
* QUIC DDD: ddd-06-mem-uv: Unplanned changesHugo Landau2023-09-011-7/+57
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21715)
* QUIC DDD: ddd-06-mem-uv: Planned changesHugo Landau2023-09-011-0/+98
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21715)
* QUIC DDD: ddd-05-mem-nonblocking: Unplanned changesHugo Landau2023-09-011-3/+22
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21715)
* QUIC DDD: ddd-05-mem-nonblocking: Planned changesHugo Landau2023-09-011-2/+25
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21715)
* QUIC DDD: ddd-04-fd-nonblocking: Unplanned changesHugo Landau2023-09-011-5/+28
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21715)
* QUIC DDD: ddd-04-fd-nonblocking: Planned changesHugo Landau2023-09-011-6/+117
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21715)
* QUIC DDD: ddd-03-fd-blocking: Unplanned changesHugo Landau2023-09-011-1/+13
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21715)
* QUIC DDD: ddd-03-fd-blocking: Planned changesHugo Landau2023-09-011-0/+8
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21715)
* QUIC DDD: ddd-02-conn-nonblocking: Unplanned changesHugo Landau2023-09-011-9/+49
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21715)
* QUIC DDD: ddd-02-conn-nonblocking: Planned changesHugo Landau2023-09-011-6/+117
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21715)
* QUIC DDD: ddd-01-conn-blocking: Unplanned changesHugo Landau2023-09-011-1/+13
| | | | | | | | | - QUIC_client_method() renamed due to namespacing - QUIC mandates use of ALPN Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21715)
* QUIC DDD: ddd-01-conn-blocking: Planned changesHugo Landau2023-09-011-0/+4
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21715)
* QUIC DDD: Update makefileHugo Landau2023-09-011-8/+13
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21715)
* QUIC DDD: Add unchanged copy of ddd-02-conn-nonblocking to serve as base for ↵Hugo Landau2023-09-011-0/+298
| | | | | | | | thread-assisted variant Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21715)
* QUIC DDD: Allow target host:port to be set from command lineHugo Landau2023-09-016-21/+73
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21715)
* QUIC DDD: Fix bug in ddd-06-mem-uvHugo Landau2023-09-011-3/+4
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21715)
* Design document of the run-time parameters activationDmitry Belyavskiy2023-08-301-0/+78
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21604)
* OSSL_PROVIDER_load_exDmitry Belyavskiy2023-08-301-0/+16
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21604)
* Tweak documentation for WAIT_PEERHugo Landau2023-08-301-1/+3
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21815)
* Tweak documentation for WAIT_PEERHugo Landau2023-08-301-0/+3
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21815)
* QUIC APL: Support waiting for peer-initiated shutdownHugo Landau2023-08-301-0/+19
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21815)
* QUIC APL: Implement backpressure on stream creationHugo Landau2023-08-251-2/+26
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21811)
* Changed the default value of the "ess_cert_id_alg" optionolszomal2023-08-251-1/+1
| | | | | | | | | | This is used to calculate the TSA's public key certificate identifier. The default algorithm is changed from sha1 to sha256. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21794)
* The canonical localhost IPv6 address is [::1] not [::]Tomas Mraz2023-08-252-3/+3
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/21825)
* Always use uint8_t for TLS record typeTomas Mraz2023-08-251-1/+1
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21823)
* Avoid issues with endianness when type is used in SSL_trace()Tomas Mraz2023-08-251-1/+1
| | | | | | | | | | | The TLS record type is a single byte value so we can use uint8_t for it. This allows passing its address directly to SSL_trace() instead of converting it to a single byte type first. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21823)
* Add a link to the multi-stream QUIC client tutorial from the introductionMatt Caswell2023-08-251-0/+2
| | | | | | | | We've added a new page to the guide so we should add a link to it. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21765)