| /openssl/ssl/ |
| H A D | ssl_asn1.c | 112 SSL_SESSION_ASN1 as; in i2d_SSL_SESSION() local
139 memset(&as, 0, sizeof(as)); in i2d_SSL_SESSION()
175 as.peer = in->peer; in i2d_SSL_SESSION()
177 as.peer_rpk = NULL; in i2d_SSL_SESSION()
203 as.flags = in->flags; in i2d_SSL_SESSION()
274 if (as == NULL) in d2i_SSL_SESSION_ex()
324 if (as->time != 0) in d2i_SSL_SESSION_ex()
329 if (as->timeout != 0) in d2i_SSL_SESSION_ex()
336 ret->peer = as->peer; in d2i_SSL_SESSION_ex()
337 as->peer = NULL; in d2i_SSL_SESSION_ex()
[all …]
|
| /openssl/doc/man3/ |
| H A D | ERR_get_error.pod | 65 such as the reason of the error,
73 An unset filename is indicated as "", i.e. an empty string.
74 An unset line number is indicated as 0.
75 An unset function name is indicated as "", i.e. an empty string.
80 ERR_peek_error_line() and ERR_peek_last_error_line() are the same as
83 *I<line>, as far as they are not NULL.
84 An unset filename is indicated as "", i.e., an empty string.
85 An unset line number is indicated as 0.
91 An unset function name is indicated as "".
96 and *I<flags>, as far as they are not NULL.
[all …]
|
| H A D | OSSL_CMP_validate_msg.pod | 37 the I<msg> sender DN (as far as present), and its subject key identifier
38 is present and matches the senderKID (as far as the latter is present).
46 as a trust anchor for the path verification of an 'acceptable' cert if it can be
50 Note that using this option is dangerous as the certificate obtained this way
52 Taking it over as a trust anchor implements trust-on-first-use (TOFU).
54 Any cert that has been found as described above is cached and tried first when
|
| H A D | SSL_in_init.pod | 37 Note that in some circumstances (such as when early data is being transferred)
42 SSL_in_connect_init() returns 1 if B<s> is acting as a client and SSL_in_init()
45 SSL_in_accept_init() returns 1 if B<s> is acting as a server and SSL_in_init()
48 SSL_in_connect_init() and SSL_in_accept_init() are implemented as macros.
54 state values. The naming format is made up of a number of elements as follows:
93 and SSL_in_accept_init() return values as indicated above.
|
| /openssl/crypto/objects/ |
| H A D | README.md | 7 The basic syntax for adding an object is as follows:
12 (0x2D) or full stop (0x2E) then Long Name is used as basis
26 OBJ_foo will be created as a result.
30 This makes sure that the name foo will be used as base name
42 Lines starting with `#` are treated as comments, as well as any line starting
|
| /openssl/doc/designs/ddd/ |
| H A D | REPORT.md | 67 as this is a common application usage pattern.
73 - Change of method (as for ddd-01-conn-blocking);
100 - Use of ALPN (as for ddd-01-conn-blocking);
164 - Use of ALPN (as for ddd-01-conn-blocking);
180 - Change of method (as for ddd-01-conn-blocking);
191 - Use of ALPN (as for ddd-01-conn-blocking).
201 - Change of method (as for ddd-01-conn-blocking);
223 - Use of ALPN (as for ddd-01-conn-blocking);
265 - Use of ALPN (as for ddd-01-conn-blocking);
292 (as for ddd-05-mem-nonblocking);
[all …]
|
| /openssl/crypto/ec/curve448/arch_32/ |
| H A D | f_impl32.c | 24 void ossl_gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs)
26 const uint32_t *a = as->limb, *b = bs->limb;
73 void ossl_gf_mulw_unsigned(gf_s * RESTRICT cs, const gf as, uint32_t b)
75 const uint32_t *a = as->limb;
101 void ossl_gf_sqr(gf_s * RESTRICT cs, const gf as)
103 ossl_gf_mul(cs, as, as); /* Performs better with a dedicated square */
|
| /openssl/crypto/x509/ |
| H A D | v3_admis.c | 238 const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority(const ADMISSION_SYNTAX *as) in ADMISSION_SYNTAX_get0_admissionAuthority() argument
240 return as->admissionAuthority; in ADMISSION_SYNTAX_get0_admissionAuthority()
243 void ADMISSION_SYNTAX_set0_admissionAuthority(ADMISSION_SYNTAX *as, in ADMISSION_SYNTAX_set0_admissionAuthority() argument
246 GENERAL_NAME_free(as->admissionAuthority); in ADMISSION_SYNTAX_set0_admissionAuthority()
247 as->admissionAuthority = aa; in ADMISSION_SYNTAX_set0_admissionAuthority()
252 return as->contentsOfAdmissions; in STACK_OF()
255 void ADMISSION_SYNTAX_set0_contentsOfAdmissions(ADMISSION_SYNTAX *as, in ADMISSION_SYNTAX_set0_contentsOfAdmissions() argument
258 sk_ADMISSIONS_pop_free(as->contentsOfAdmissions, ADMISSIONS_free); in ADMISSION_SYNTAX_set0_contentsOfAdmissions()
259 as->contentsOfAdmissions = a; in ADMISSION_SYNTAX_set0_contentsOfAdmissions()
325 STACK_OF(ASN1_STRING) *as) in PROFESSION_INFO_set0_professionItems()
[all …]
|
| /openssl/doc/man7/ |
| H A D | ossl_store-file.pod | 28 In case a file is formatted as PEM, each called file handler receives
29 the PEM name (everything following any 'C<-----BEGIN >') as well as
34 If the file isn't determined to be formatted as PEM, the content is
36 handlers as is, with no PEM name or headers.
38 Each file handler is expected to handle PEM and non-PEM content as
41 represented as an ASN.1 OCTET STRING. In raw form, it's not easily
42 possible to distinguish those from any other data coming as an ASN.1
43 OCTET STRING, so such keys would naturally be accepted as PEM files
|
| H A D | openssl-threads.pod | 14 API, as shown in L<CRYPTO_THREAD_run_once(3)/EXAMPLES>.
26 References are often increased automatically (such as when an B<X509>
45 Get methods are often thread-safe as long as the ownership requirements are
48 as discussed below.
51 as long as the API's being invoked don't modify the object; in this
52 case the parameter is usually marked in the API as C<const>.
60 internal state, such as cached values, are done with locks.
64 mutate an object, such as setting elements of a private or public key,
65 while another thread is using that object, such as verifying a signature.
76 Some API's, such as L<NCONF_load(3)> and related do no locking at all;
|
| H A D | passphrase-encoding.pod | 19 The OpenSSL library doesn't treat pass phrases in any special way as a general
30 The standard stipulates that the pass phrase shall be encoded as an ASN.1
40 Treats the received pass phrase as UTF-8 encoded and tries to re-encode it to
41 UTF-16 (which is the same as UCS-2 for characters U+0000 to U+D7FF and U+E000
49 encoding of the characters, which it stores as a BMPString.
53 for other character sets, such as any ISO-8859-X encoding other than
64 A pass phrase encoded in ISO-8859-2 could very well have a sequence such as
77 than 1.1.0 was misinterpreted as ISO-8859-1 sequences.
81 L<ossl_store(7)> acts as a general interface to access all kinds of objects,
107 For other objects, it's as legitimate to use any byte sequence (such as a
[all …]
|
| H A D | openssl-glossary.pod | 15 Cryptographic primitives such as the SHA256 digest, or AES encryption are
16 referred to in OpenSSL as "algorithms". There can be more than one
42 external format such as PEM or DER.
59 such as private and public keys, certificates, CRLs, ...
68 external format such as PEM or DER.
76 implementation such as L<EVP_MD_fetch(3)> or L<EVP_CIPHER_fetch(3)>
113 be thought of as a scope within which configuration options apply. If an
135 An operation is a group of OpenSSL functions with a common purpose such as
166 key data in unencrypted form (known as "PrivateKeyInfo") and an encrypted
167 wrapper structure (known as "EncryptedPrivateKeyInfo").
[all …]
|
| H A D | provider-storemgmt.pod | 13 * the function signatures for functions that are offered as function
54 All "functions" mentioned here are passed as function pointers between
70 L<OSSL_DISPATCH(3)> arrays are indexed by numbers that are provided as macros
71 in L<openssl-core_dispatch.h(7)>, as follows:
98 OSSL_FUNC_store_set_ctx_params() should set additional parameters, such as what
106 L<provider-object(7)>), and calls I<object_cb> with it as well as
124 referenced by I<objref> as an L<OSSL_PARAM(3)> array and pass that to the
125 I<export_cb> as well as the given I<export_cbarg>.
146 This is only useful for optimization, as the library will check that the
189 Property string to use when querying for algorithms such as the B<OSSL_DECODER>
[all …]
|
| H A D | provider-keymgmt.pod | 13 * the function signatures for functions that are offered as function
96 macros in L<openssl-core_dispatch.h(7)>, as follows:
135 represented as I<keydata> in this manual.
142 operations, such as OP_signature_sign_init() (see
186 =for comment This should used by EVP functions such as
273 OSSL_FUNC_keymgmt_load() are mandatory, as well as OSSL_FUNC_keymgmt_free() and
276 present as well.
316 RSA keys the function should just return 1 as the selected subset
347 I<param_cb> with that array as well as the given I<cbarg>.
378 keymgmt algorithms are as follows:
[all …]
|
| /openssl/dev/ |
| H A D | NEWS-FORMAT.md | 40 The structure is as follows:
53 For each release in a release line, the recommended structure is as follows:
60 <one or more blocks listed below as applicable, in order shown below>
82 is suggested, to be adjusted as appropriate:
129 verb as the opener line for this block provides the verb.
131 For consistency, use the wording `Support for ...` as the summary line if
138 Known issues can be called out as follows:
154 Significant documentation enhancements can be called out as follows:
177 Significant bug fixes or mitigations can be called out as follows:
182 * Mitigated <description of mitigation> (CVE ID as link and any other
[all …]
|
| /openssl/crypto/bn/asm/ |
| H A D | co-586.pl | 119 local($i,$as,$ae,$bs,$be,$ai,$bi);
130 $as=0;
150 $ai=$as;
173 $na=$as+($i < ($num-1));
188 $as++ if ($i < ($num-1));
210 local($i,$as,$ae,$bs,$be,$ai,$bi);
231 $as=0;
239 $ai=$as;
261 $na=$as+($i < ($num-1));
284 $as++ if ($i < ($num-1));
|
| /openssl/doc/designs/ |
| H A D | xof.md | 7 An extendable output function (XOF) is defined as a variable-length hash
27 - finalize may be done as part of the first squeeze operation
34 The assumption exists in both the high level call to EVP_DigestFinalXOF() as
35 well as in the lower level SHA3_squeeze() operation (Of which there is a generic
36 c version, as well as assembler code for different platforms).
38 A decision has to be made as to whether a new API is required, as well as
52 a reset, but that code was removed as it was deemed to be incorrect.
63 Possibly have EVP_DigestSqueeze() just as an alias method?
134 The digest can be initialized as normal using:
162 The finalize is just done as part of the squeeze operation.
[all …]
|
| /openssl/test/ |
| H A D | ecdsatest.c | 188 static int test_builtin(int n, int as) in test_builtin() argument
211 if (nid == NID_sm2 && as == EVP_PKEY_EC) { in test_builtin()
215 } else if (nid != NID_sm2 && as == EVP_PKEY_SM2) { in test_builtin()
222 as == EVP_PKEY_EC ? "EC" : "SM2"); in test_builtin()
250 || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey)) in test_builtin()
261 || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey)) in test_builtin()
266 || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey)) in test_builtin()
274 || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey)) in test_builtin()
281 || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey)) in test_builtin()
316 || (as == EVP_PKEY_SM2 && !set_sm2_id(mctx, pkey)) in test_builtin()
[all …]
|
| /openssl/test/ssl-tests/ |
| H A D | 03-custom_verify.cnf.in | 25 # Same test as above but with a custom callback that always fails.
40 # Same test as above but with a custom callback that always succeeds.
54 # Same test as above but with a custom callback that requests retry once.
80 # Same test as above but with a custom callback that always fails.
97 # Same test as above but with a custom callback that always succeeds.
129 # Same test as above but with a custom callback that always succeeds.
144 # Same test as above but with a custom callback that always fails.
|
| /openssl/ |
| H A D | NOTES-PERL.md | 18 However, if you install Perl as binary packages, the outcome might
24 install the core Perl modules as well, so you will be fine.
35 There are a number of build targets that can be viewed as "Windows".
36 Indeed, there are `VC-*` configs targeting Visual Studio C, as well as
58 Perl is installed on HPE NonStop platforms as part of the Scripting Languages
59 package T1203PAX file. The package is shipped as part of a NonStop RVU
63 instructions for your operating system release as described in the
75 in the source. It will work as a fallback if the module isn't already
89 descriptions below, `Text::Template` will serve as an example.
|
| /openssl/include/crypto/ |
| H A D | riscv_arch.def | 13 * Each RISC-V capability ends up encoded as a single set bit in an array of
15 * statement, with an argument as the extension name in all-caps,
16 * second argument as the index in the array where the capability will be stored
17 * and third argument as the index of the bit to be used to encode the
24 * and the value is set to 0, as when the hwprobe syscall returns a key of -1,
|
| /openssl/doc/man1/ |
| H A D | openssl-namedisplay-options.pod | 59 Escape the "special" characters in a field, as required by RFC 2253.
65 Escape the "special" characters in a field as required by RFC 2254 in a field.
77 values larger than 127, as described in B<esc_ctrl>.
88 Convert all strings to UTF-8 format first as required by RFC 2253.
93 will be output as C<\UXXXX> for 16 bits or C<\WXXXXXXXX> for 32 bits.
99 way. That is, the content octets are merely dumped as though one octet
106 such as C<BMPSTRING: Hello World>.
117 Dump non-character strings, such as ASN.1 B<OCTET STRING>.
119 as though each content octet represents a single character.
145 Reverse the fields of the DN as required by RFC 2253.
[all …]
|
| /openssl/doc/designs/quic-design/ |
| H A D | quic-tls.md | 22 various key points during the handshake lifecycle such as when new keys are
54 parameters. The `QUIC_TLS_ARGS` structure is as follows:
88 * marked as completed.
96 * Called when the handshake has been completed as far as the handshake
104 * Called when something has gone wrong with the connection as far as the
146 * It registers itself as a custom TLS record layer
156 `QUIC_TLS` registers itself as a custom TLS record layer. A new internal
175 above). This is passed as part of a modified `new_record_layer` call.
179 higher level secret as well as the digest to be used in the KDF - so these
180 values are now also passed through as part of the `new_record_layer` call.
[all …]
|
| /openssl/doc/man5/ |
| H A D | x509v3_config.pod | 11 and CLI options such as B<-addext>.
17 This page uses B<extensions> as the name of the section, when needed
24 If B<critical> is present then the extension will be marked as critical.
86 numeric identifier, as shown here:
165 and servers, and this is what OpenSSL assumes as well.
219 if the issuer certificate is the same as the current certificate.
255 the distinguished name to use, as a set of name-value pairs.
330 be set with the given value as the fullName field as the distributionPoint
345 The value is taken as a distinguished name fragment that is set as the
399 The value is taken as a distinguished name fragment that is set as the
[all …]
|
| /openssl/Configurations/ |
| H A D | README-design.md | 13 information database as a hash table called `%unified_info`, which is
15 or may not be the same as the source tree).
18 generate the rules for building end product files as well as
29 as scripts, library files and programs) and source files (such as C
40 end products. There are variants for them with `_NO_INST` as suffix
180 The indexes for `SOURCE` must only be end product files, such as
195 source tree (such as `crypto/bildinf.h` in the example above) are
405 we need to build `ssl/tls.o` as well as `libcrypto`, and to build the
505 supporting files are needed (such as import
523 This is almost the same as obj2shlib, but the
[all …]
|
