summaryrefslogtreecommitdiffstats
path: root/doc (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Document version-specific utility of EVP_PKEY_Q_keygenHEADmasterMichael Baentsch3 days1-3/+4
| | | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26040)
* Minor nit fix to EVP_CipherFinal_ex() return code documentation.Frederik Wedel-Heinen3 days1-5/+8
| | | | | | Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25849)
* Use static array (length 256) for copy of OPENSSL_MALLOC_FAILURESsftcd4 days1-1/+2
| | | | | | Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26039)
* Deprecate all BIO_meth_get_*() functionsTomas Mraz4 days1-22/+46
| | | | | | | | | Their use by applications is inherently unsafe. Fixes #26047 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/26056)
* Document expected BIO operations for libsslDavid Benjamin5 days1-0/+9
| | | | | | | | | | If your custom BIO does not implement BIO_CTRL_FLUSH, it won't work, but this is not document anywhere. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26060)
* Remove the negative return values of EVP_KDF_* functions in documentsPeiwei Hu10 days1-3/+1
| | | | | | | | None of the EVP_KDF_* functions will ever return a negative value. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25811)
* Add CTX copy function for EVP_MD to optimize the performance of ↵wangcheng12 days1-0/+11
| | | | | | | | | | | | | | | | | | | | | | EVP_MD_CTX_copy_ex. 1. Add OSSL_FUNC_digest_copyctx_fn function for EVP_MD, which is used to copy algctx from the old EVP_MD_CTX to the new one. 2. Add implementation of OSSL_FUNC_digest_copyctx_fn function for default providers. 3. Modify EVP_MD_CTX_copy_ex: When the fetched digest is the same in in and out contexts, use the copy function to copy the members in EVP_MD_CTX if the OSSL_FUNC_digest_copyctx_fn function exists. Otherwise, use the previous method to copy. 4. Add documentation for OSSL_FUNC_digest_copyctx function in doc/man7/provider-digest.pod. 5. Add testcase. Fixes #25703 Signed-off-by: wangcheng <bangwangnj@163.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25726)
* Make ossl_trace_param_values an official api functionNeil Horman13 days2-0/+48
| | | | | | | | | lots of people may want to print params to a buffer. Make it part of our api Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25630)
* man ECDSA_sign(3): fix wrong variable namesAlicja Kario2024-11-131-2/+2
| | | | | | | | | | | | the parameters in the function definitions use `siglen` not `sig_len`, this fixes the doc text. Signed-off-by: Alicja Kario <hkario@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25927)
* Change "a SSL" to "an SSL"Andrew Dinh2024-11-1321-27/+27
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25868)
* Fix doc and use of_X509v3_add_extensions() in case ↵Dr. David von Oheimb2024-11-131-2/+4
| | | | | | | | sk_X509_EXTENSION_num(exts) <= 0 Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25631)
* feat: define and use ossl_bio_print_hexJonathan M. Wilbur2024-11-131-0/+32
| | | | | | Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25429)
* doc: the attributeDescriptor X.509v3 extensionJonathan M. Wilbur2024-11-132-0/+25
| | | | | | Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25429)
* openssl-pkeyutl.pod.in: improve description of -rawin and -digest optionsDr. David von Oheimb2024-11-091-22/+46
| | | | | | | | Fixes #25827 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25831)
* openssl-pkeyutl.pod.in: add that -sign is default op, update claim on hash ↵Dr. David von Oheimb2024-11-091-7/+13
| | | | | | | | needed for -sign/-verify, etc. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25831)
* Fix the default_md example in the ca docsMatt Caswell2024-11-051-1/+1
| | | | | | | | We should not have an example showing the default_md as md5. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25856)
* Document extensibility of -groups parameter via providersMichael Baentsch2024-11-041-5/+8
| | | | | | | | Also add brainpool curves Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25821)
* Support DEFAULT keyword and '-' prefix in SSL_CTX_set1_groups_list()Frederik Wedel-Heinen2024-11-041-2/+4
| | | | | | | | Fixes #25790 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25813)
* APPS/pkeyutl: -digest implies -rawin and can only be used with -sign and -verifyDr. David von Oheimb2024-11-041-4/+10
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22910)
* APPS/pkeyutl: improve -rawin usability (implied by Ed25519 and Ed448) and docDr. David von Oheimb2024-11-041-4/+9
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22910)
* apps: Change default cipher to aes-256-cbc for req, cms and smime appsAditya2024-11-043-12/+17
| | | | | | | | | | | | Update `CHANGES.md` and `NEWS.md`; remove `no-des` guard from req, cms, and smime apps Update MAN pages for default cipher; fix styling by removing braces around single statements Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25839)
* Fix incorrect openssl-smime doc sample command for encryptZheyu Shen2024-11-011-2/+2
| | | | | | | | | | Original documented sample command causes error. PEM recipient cert argument needs to go last. CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25829)
* req: Add -cipher option to specify private key encryption cipherAditya2024-10-301-0/+12
| | | | | | Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25796)
* TRACE: automatically respect disabled categoriesDr. David von Oheimb2024-10-231-2/+6
| | | | | | | | by fixing OSSL_trace_begin() to return NULL when given category is not enabled Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25652)
* Improve documentation about duplicate algorithm registrationsMichael Baentsch2024-10-233-2/+21
| | | | | | | | | Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25624)
* update logoDmitry Misharov2024-10-213-97/+28
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25725)
* updating docs to reflect security risks for SSLKEYLOGFILENeil Horman2024-10-211-1/+5
| | | | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25297)
* Add documentation for SSLKEYLOGFILENeil Horman2024-10-211-0/+8
| | | | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25297)
* [DOC] Document the OPENSSL_WINCTX type for OpenSSL_version()Richard Levitte2024-10-171-0/+9
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25693)
* openssl-info.pod.in: Add windowscontext option to synopsis in docTomas Mraz2024-10-161-0/+3
| | | | | | | Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25712)
* Add 'openssl info' item for the Windows install contextRichard Levitte2024-10-162-0/+13
| | | | | | | | This information is already present as an 'openssl version' item. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25694)
* Update documentation for SSL_SESSION_set_time_ex()Christopher Triantafilis2024-10-141-1/+3
| | | | | | | | | | Fixes #24322 CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/25665)
* fipsinstall: Save the 'status indicator' if the FIPS provider is 3.0.X.slontis2024-10-111-2/+5
| | | | | | | | | | | | | | | | | | | | Fixes #23400 The 3.1 FIPS provider no longer writes out the 'status indicator' by default due to changes related to FIPS 140-3 requirements. For Backwards compatability if the fipsinstall detects it is loading a 3.0.X FIPS provider then it will save the 'status indicator' by default. Disclaimer: Using a fipsinstall command line utility that is not supplied with the FIPS provider tarball source is not recommended. This PR deliberately does not attempt to exclude any additional options that were added after 3.0.X. These additional options will be ignored by older providers. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Hugo Landau <hlandau@devever.net> (Merged from https://github.com/openssl/openssl/pull/23689)
* improve and move text on OPENSSL_TRACE from doc/man1/openssl.pod to ↵Dr. David von Oheimb2024-10-094-105/+106
| | | | | | | | doc/man7/openssl-env.pod Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25540)
* APPS/storeutl: fix case where uri and outfile are the sameDr. David von Oheimb2024-10-091-2/+5
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25559)
* doc: add note about fips jitter optionPauli2024-10-091-0/+9
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25498)
* doc: add note about the configuration option for the jitter source.Pauli2024-10-091-0/+2
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25498)
* doc: EVP_KDF document the semantic meaning of outputDimitri John Ledkov2024-10-089-0/+18
| | | | | | | | | | | | | | | Explicitely document what semantic meaning do various EVP_KDF algorithms produce. PBKDF2 produces cryptographic keys that are subject to cryptographic security measures, for example as defined in NIST SP 800-132. All other algorithms produce keying material, not subject to explicit output length checks in any known standards. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25610)
* Documenting CRL download usage and restrictionsDmitry Belyavskiy2024-10-082-1/+6
| | | | | | | | | Fixes #25603 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25608)
* Add some documentation to describe the encap/decap requirementsNeil Horman2024-10-072-3/+9
| | | | | | | | | | Document the fact that we now require unwrappedlen/wrappedlen to be set to the size of the unwrapped/wrapped buffers Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25522)
* APPS/pkey: fix case where infile and outfile are the sameDr. David von Oheimb2024-10-041-3/+8
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25552)
* APPS/pkcs8: fix case where infile and outfile are the sameDr. David von Oheimb2024-10-041-6/+10
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25552)
* APPS/ocsp: fix case where reqin and outfile are the sameDr. David von Oheimb2024-10-041-7/+10
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25552)
* APPS/{ecparam,pkeyparam}: fix case where infile and outfile are the sameDr. David von Oheimb2024-10-042-4/+9
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25552)
* APPS/dsaparam: fix case where infile and outfile are the sameDr. David von Oheimb2024-10-041-4/+6
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25552)
* APPS/dhparam: fix case where infile and outfile are the sameDr. David von Oheimb2024-10-041-4/+6
| | | | | | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25552)
* kdfs: implement key length check in X9.42Dimitri John Ledkov2024-09-303-0/+33
| | | | | | | | | Similar to other KDFs, the input key should be 112 bits long. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25529)
* docs: document options added in openssl-fipsinstall 3.4+Dimitri John Ledkov2024-09-301-0/+28
| | | | | | | | | Document new command line options added in 3.4.0 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25546)
* docs: document options added in openssl-fipsinstall 3.2+Dimitri John Ledkov2024-09-301-0/+5
| | | | | | | | | Document new command line options added in 3.2.0 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25546)
* docs: document options added in openssl-fipsinstall 3.1+Dimitri John Ledkov2024-09-301-0/+5
| | | | | | | | | Document new command line options added in 3.1.0 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25546)
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 13:16:37 +0100