#
169eca60 |
| 15-Mar-2021 |
Jon Spillett |
Enhance the encoder/decoder tests to allow testing with a non-default library context and configurable providers Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dal
Enhance the encoder/decoder tests to allow testing with a non-default library context and configurable providers Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14587)
show more ...
|
#
7f9537d5 |
| 29-May-2021 |
Shane Lontis |
Document Settable EVP_CIPHER_CTX parameter "use-bits" Added docs for EVP_CIPHER_CTX_set_flags(), EVP_CIPHER_CTX_clear_flags() and EVP_CIPHER_CTX_test_flags(). Added section for
Document Settable EVP_CIPHER_CTX parameter "use-bits" Added docs for EVP_CIPHER_CTX_set_flags(), EVP_CIPHER_CTX_clear_flags() and EVP_CIPHER_CTX_test_flags(). Added section for "FLAGS" to show parameter mappings. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15496)
show more ...
|
#
d2f82495 |
| 18-May-2021 |
Matt Caswell |
Cleanup the missing*.txt files One macro existed that was added since 1.1.1 and was undocumented. This had been added to missingmacro.txt. This is the wrong approach and so has been
Cleanup the missing*.txt files One macro existed that was added since 1.1.1 and was undocumented. This had been added to missingmacro.txt. This is the wrong approach and so has been removed from there. There were some entries in missingcrypto.txt that don't exist as functions at all. There were also some which were in fact documented. Additionally 2 entries from missingcrypto.txt have been moved to missingmacro.txt. These entries existed in 1.1.1 and were undocumented. In master they have been deprecated and compatibility macros for them implemented. The replacement functions have been documented. An entry in missingcrypto111.txt was not in alphabetical order (and was also) duplicated, but the equivalent entry in missingcrypto.txt was in the correct place. This has been corrected to make comparisons between the files easier. Finally a function has been added to missingcrypto111.txt. This function did exist in 1.1.1 and was undocumented. Its unclear why this wasn't in missingcrypto111.txt to start with. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15333)
show more ...
|
#
d6bf19a4 |
| 04-Mar-2021 |
Dr. David von Oheimb |
X509_STORE_CTX_get1_issuer(): Simplify code, reducing risk of failure Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14422)
|
#
f2ceefc3 |
| 13-May-2021 |
Shane Lontis |
Add doc for ERR_clear_last_mark(). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15258)
|
#
8f965908 |
| 04-May-2021 |
Dr. David von Oheimb |
HTTP client: Minimal changes that include the improved API This is a minimal version of pull request #15053 including all the proposed improvements to the HTTP client API and its documen
HTTP client: Minimal changes that include the improved API This is a minimal version of pull request #15053 including all the proposed improvements to the HTTP client API and its documentation but only those code adaptations strictly needed for it. The proposed new features include * support for persistent connections (keep-alive), * generalization to arbitrary request and response types, and * support for streaming BIOs for request and response data. The related API changes include: * Split the monolithic OSSL_HTTP_transfer() into OSSL_HTTP_open(), OSSL_HTTP_set_request(), a lean OSSL_HTTP_transfer(), and OSSL_HTTP_close(). * Split the timeout functionality accordingly and improve default behavior. * Extract part of OSSL_HTTP_REQ_CTX_new() to OSSL_HTTP_REQ_CTX_set_expected(). Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15147)
show more ...
|
#
08a337fa |
| 04-May-2021 |
Rich Salz |
Remove all trace of FIPS_mode functions Removed error codes, and the mention of the functions. This removal is already documented in the CHANGES doc. Reviewed-by: Shane Lontis <
Remove all trace of FIPS_mode functions Removed error codes, and the mention of the functions. This removal is already documented in the CHANGES doc. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15140)
show more ...
|
Revision tags: openssl-3.0.0-alpha12 |
|
#
b536880c |
| 17-Feb-2021 |
Jon Spillett |
Add library context and property query support into the PKCS12 API Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.
Add library context and property query support into the PKCS12 API Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14434)
show more ...
|
#
67ea4beb |
| 29-Mar-2021 |
Tomas Mraz |
OPENSSL_sk functions are effectively already documented Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14728)
|
Revision tags: OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10 |
|
#
c781eb1c |
| 08-Dec-2020 |
Andrey Matyukov |
Dual 1024-bit exponentiation optimization for Intel IceLake CPU with AVX512_IFMA + AVX512_VL instructions, primarily for RSA CRT private key operations. It uses 256-bit registers to avoid CPU
Dual 1024-bit exponentiation optimization for Intel IceLake CPU with AVX512_IFMA + AVX512_VL instructions, primarily for RSA CRT private key operations. It uses 256-bit registers to avoid CPU frequency scaling issues. The performance speedup for RSA2k signature on ICL is ~2x. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13750)
show more ...
|
#
896dcda1 |
| 08-Mar-2021 |
Dmitry Belyavskiy |
Non-const accessor to legacy keys Fixes #14466. Reverting the changes of the EVP_PKEY_get0 function. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://gi
Non-const accessor to legacy keys Fixes #14466. Reverting the changes of the EVP_PKEY_get0 function. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14468)
show more ...
|
#
7932982b |
| 28-Jan-2021 |
Dr. David von Oheimb |
OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Now handle [http[s]://][userinfo@]host[:port][/path][?query][#frag] by optionally providing any userinfo, query
OSSL_HTTP_parse_url(): Handle any userinfo, query, and fragment components Now handle [http[s]://][userinfo@]host[:port][/path][?query][#frag] by optionally providing any userinfo, query, and frag components. All usages of this function, which are client-only, silently ignore userinfo and frag components, while the query component is taken as part of the path. Update and extend the unit tests and all affected documentation. Document and deprecat OCSP_parse_url(). Fixes an issue that came up when discussing FR #14001. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14009)
show more ...
|
#
7e1d7fea |
| 17-Feb-2021 |
Matt Caswell |
Document OPENSSL_LH_flush() The function OPENSSL_LH_flush() was added since 1.1.1 and was undocumented. We also add documentation for some other OPENSSL_LH_*() functions at the same
Document OPENSSL_LH_flush() The function OPENSSL_LH_flush() was added since 1.1.1 and was undocumented. We also add documentation for some other OPENSSL_LH_*() functions at the same time. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14232)
show more ...
|
Revision tags: OpenSSL_1_1_1i, openssl-3.0.0-alpha9 |
|
#
99c166a1 |
| 11-Nov-2020 |
Shane Lontis |
Add docs for ASN1_item_sign and ASN1_item_verify functions This is to address part of issue #13192. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/o
Add docs for ASN1_item_sign and ASN1_item_verify functions This is to address part of issue #13192. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13373)
show more ...
|
#
83b6dc8d |
| 26-Dec-2020 |
Rich Salz |
Deprecate OCSP_xxx API for OSSL_HTTP_xxx Deprecations made: OCSP_REQ_CTX typedef->OSSL_HTTP_REQ_CTX OCSP_REQ_CTX_new->OSSL_HTTP_REQ_CTX_new OCSP_REQ_CTX_free->OSSL_HT
Deprecate OCSP_xxx API for OSSL_HTTP_xxx Deprecations made: OCSP_REQ_CTX typedef->OSSL_HTTP_REQ_CTX OCSP_REQ_CTX_new->OSSL_HTTP_REQ_CTX_new OCSP_REQ_CTX_free->OSSL_HTTP_REQ_CTX_free OCSP_REQ_CTX_http-> OSSL_HTTP_REQ_CTX_header OCSP_REQ_CTX_add1_header->OSSL_HTTP_REQ_CTX_add1_header OCSP_REQ_CTX_i2d->OSSL_HTTP_REQ_CTX_i2d OCSP_REQ_CTX_get0_mem_bio->OSSL_HTTP_REQ_CTX_get0_mem_bio OCSP_set_max_response_length->OSSL_HTTP_REQ_CTX_set_max_response_length OCSP_REQ_CTX_nbio_d2i->OSSL_HTTP_REQ_CTX_sendreq_d2i OCSP_REQ_CTX_nbio->OSSL_HTTP_REQ_CTX_nbio Made some editorial changes to man3/OCSP_sendreq.pod; move the NOTES text inline. Some of the original functions had no documentation: OCSP_REQ_CTX_new, OCSP_REQ_CTX_http, OCSP_REQ_CTX_get0_mem_bio, OCSP_REQ_CTX_nbio_d2i, and OCSP_REQ_CTX_nbio. Their new counterparts are now documented in doc/man3/OSSL_HTTP_REQ_CTX.pod Fixes #12234 Co-authored-by: Richard Levitte <levitte@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13742)
show more ...
|
#
41e597a0 |
| 24-Dec-2020 |
Dr. David von Oheimb |
Add X509V3_set_issuer_pkey, needed for AKID of self-issued not self-signed cert Also clean up some related auxiliary functions and documentation Reviewed-by: Tomas Mraz <tmraz@fedor
Add X509V3_set_issuer_pkey, needed for AKID of self-issued not self-signed cert Also clean up some related auxiliary functions and documentation Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13658)
show more ...
|
#
15795943 |
| 10-Dec-2020 |
Dr. David von Oheimb |
APPS: Allow OPENSSL_CONF to be empty, not loading a config file Also document the function CONF_get1_default_config_file() Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Mer
APPS: Allow OPENSSL_CONF to be empty, not loading a config file Also document the function CONF_get1_default_config_file() Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13658)
show more ...
|
#
bf973d06 |
| 28-Dec-2020 |
Dr. David von Oheimb |
Add X509_NAME_hash_ex() to be able to check if it failed due to unsupported SHA1 Deprecate X509_NAME_hash() Document X509_NAME_hash_ex(), X509_NAME_hash(), X509_{subject,issuer}_name_has
Add X509_NAME_hash_ex() to be able to check if it failed due to unsupported SHA1 Deprecate X509_NAME_hash() Document X509_NAME_hash_ex(), X509_NAME_hash(), X509_{subject,issuer}_name_hash() Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13762)
show more ...
|
#
2f06c34b |
| 11-Dec-2020 |
Rich Salz |
Document OCSP_REQ_CTX_i2d. Based on comments from David von Oheimb. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org
Document OCSP_REQ_CTX_i2d. Based on comments from David von Oheimb. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13620)
show more ...
|
#
68e91251 |
| 07-Dec-2020 |
Richard Levitte |
DOCS: Improve documentation of the EVP_PKEY type This type was previously described in a note, which is hard to find unless you already know where to look. This change makes the
DOCS: Improve documentation of the EVP_PKEY type This type was previously described in a note, which is hard to find unless you already know where to look. This change makes the description more prominent, and allows indexing by adding it in the NAMES section. The EVP_PKEY description is altered to conceptually allow an EVP_PKEY to contain a private key without a corresponding public key. This is related to an OTC vote: https://mta.openssl.org/pipermail/openssl-project/2020-December/002474.html The description of EVP_PKEY for MAC purposes is amended to fit. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/13629)
show more ...
|
#
88bddad4 |
| 04-Dec-2020 |
Richard Levitte |
EVP: Add EVP_PKEY_get_group_name() to extract the group name of a pkey This replaces the internal evp_pkey_get_EC_KEY_curve_nid() Reviewed-by: Matt Caswell <matt@openssl.org> Re
EVP: Add EVP_PKEY_get_group_name() to extract the group name of a pkey This replaces the internal evp_pkey_get_EC_KEY_curve_nid() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13436)
show more ...
|
#
f5a46ed7 |
| 12-Nov-2020 |
Richard Levitte |
Modify the ERR init functions to use the internal ERR string loaders This deprecates all the ERR_load_ functions, and moves their definition to separate C source files that can easily be
Modify the ERR init functions to use the internal ERR string loaders This deprecates all the ERR_load_ functions, and moves their definition to separate C source files that can easily be removed when those functions are finally removed. This also reduces include/openssl/kdferr.h to include cryptoerr_legacy.h, moves the declaration of ERR_load_ERR_strings() from include/openssl/err.h to include/openssl/cryptoerr_legacy.h, and finally removes the declaration of ERR_load_DSO_strings(), which was entirely internal anyway. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13390)
show more ...
|
#
e557d463 |
| 12-Nov-2020 |
Shane Lontis |
Add documentation for EVP_PKEY2PKCS8/EVP_PKCS82PKEY Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13388)
|
Revision tags: openssl-3.0.0-alpha8 |
|
#
85209c07 |
| 20-Oct-2020 |
Pauli |
Remove EVP_aes_(128|192|256)_siv functions Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13195)
|
Revision tags: openssl-3.0.0-alpha7 |
|
#
3795b2a3 |
| 09-Oct-2020 |
Matt Caswell |
Document EVP_PKEY_set1_encoded_public_key() Also documented EVP_PKEY_get1_encoded_public_key Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/op
Document EVP_PKEY_set1_encoded_public_key() Also documented EVP_PKEY_get1_encoded_public_key Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13105)
show more ...
|