| /openssl/test/ssl-tests/ |
| H A D | 21-key-update.cnf.in | 4 # Licensed under the Apache License 2.0 (the "License"). You may not use
19 name => "update-key-client-update-not-requested",
30 name => "update-key-server-update-not-requested",
|
| H A D | 25-cipher.cnf | 11 test-6 = 6-cipher-server-pref-not-mobile
169 [6-cipher-server-pref-not-mobile]
170 ssl_conf = 6-cipher-server-pref-not-mobile-ssl
172 [6-cipher-server-pref-not-mobile-ssl]
173 server = 6-cipher-server-pref-not-mobile-server
174 client = 6-cipher-server-pref-not-mobile-client
176 [6-cipher-server-pref-not-mobile-server]
183 [6-cipher-server-pref-not-mobile-client]
|
| /openssl/include/openssl/ |
| H A D | ct.h.in | 6 * Licensed under the Apache License 2.0 (the "License"). You may not use
263 * Set *sig to point to the signature for the SCT. sig must not be NULL.
326 * Returns 0 if the SCT is invalid or could not be verified.
335 * Returns 0 if at least one SCT is invalid or could not be verified.
348 * "a" must not be NULL.
364 * "**pp" and "*pp" must not be NULL.
368 * not defined.
375 * "a" must not be NULL.
391 * "**pp" and "*pp" must not be NULL.
395 * not defined.
[all …]
|
| /openssl/doc/man3/ |
| H A D | SSL_CTX_dane_enable.pod | 91 authentication success in this case does not mean that the peer was
103 If the B<mcert> argument is not B<NULL> and a TLSA record matched a chain
106 must not be freed by the application.
130 If any of these parameters is NULL, the corresponding field is not returned.
132 data field and must not be freed by the application.
160 do not execute scripts downloaded from remote servers.
171 not match the digest algorithm, or a C<Full(0)> (binary ASN.1 DER form)
175 negative value when DANE authentication failed or was not enabled, a
274 * complete the handshake, check the verification status, and if not
298 * Resumed session was not originally verified, this connection is not
[all …]
|
| H A D | SSL_CTX_set_alpn_select_cb.pod | 60 is NULL, ALPN is not used. The B<arg> value is a pointer which is passed to
106 memory will not be modified, but the B<SSL> does keep a
113 is set to 0 if no protocol has been selected. B<data> must not be freed.
116 client's requested protocol for this connection. If the client did not
117 request any protocol or NPN is not enabled, then B<data> is set to NULL and
120 this function need not be a member of the list of supported protocols
131 nonempty, 8-bit length-prefixed, byte strings. The length-prefix byte is not
134 vector is not in the vector itself, but in a separate variable.
147 If there is no ALPN proposed in the ClientHello, the ALPN callback is not
186 ALPN protocol not selected, e.g., because no ALPN protocols are configured for
[all …]
|
| H A D | EVP_aes_128_gcm.pod | 103 WARNING: this is not intended for usage outside of TLS and requires calling of
104 some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD
114 WARNING: this is not intended for usage outside of TLS and requires calling of
115 some undocumented ctrl functions. These ciphers do not conform to the EVP AEAD
151 XTS-AES provides confidentiality but not authentication of data. It also
157 The XTS implementation in OpenSSL does not support streaming. That is there must
189 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | SSL_CTX_set_cipher_list.pod | 31 B<ssl> objects created from B<ctx>. This function does not impact TLSv1.3
74 usable and not depend on details of the library configuration (ciphers compiled
75 in). Thus no syntax checking takes place. Items that are not recognized, because
76 the corresponding ciphers are not compiled in or because they are mistyped,
95 When these conditions are not met for any cipher in the list (e.g. a
97 of 512 bits and the server is not configured to use temporary RSA
128 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | CMS_compress.pod | 23 If zlib support is not compiled into OpenSSL then CMS_compress() will return
40 practice and is not supported by SMIME_write_CMS().
43 B<not> complete and outputting its contents via a function that does not
72 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | SSL_do_handshake.pod | 29 when the underlying BIO could not satisfy the needs of SSL_do_handshake()
47 The TLS/SSL handshake was not successful but was shut down controlled and
58 The TLS/SSL handshake was not successful because a fatal error occurred either
60 not clean. It can also occur if action is needed to continue the operation
76 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | SMIME_read_PKCS7.pod | 34 If B<*bcont> is not B<NULL> then the message is clear text
41 To support future functionality if B<bcont> is not B<NULL>
53 formats may not work.
56 encoded and will not handle the case where it is in binary format
83 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | BIO_f_null.pod | 20 behaves just as though the BIO was not there.
24 As may be apparent a null filter BIO is not particularly useful.
34 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | SSL_SESSION_is_resumable.pod | 17 to resume a session or not. Returns 1 if it can or 0 if not. Note that
39 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | SSL_inject_net_dgram.pod | 24 the length of the buffer in bytes. The buffer is copied and need not remain
29 the injected packet was not actually received from the network directly by
36 on a SSL object which is not a QUIC connection SSL object.
50 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | BIO_sendmmsg.pod | 76 support for I<local> has not been enabled, processing of that B<BIO_MSG> fails.
79 I<local> may not be available on all platforms; on these platforms, these
83 system does not report a local address for a specific received message, the
118 local address support is not available for the platform.
132 functionality to transmit or receive multiple messages at a time is not
138 the number of messages successfully processed (which need not be nonzero) to
159 available or not enabled on the BIO.
163 The I<peer> field was set to a non-NULL value, but peer address support is not
168 The BIO_sendmmsg() or BIO_recvmmsg() method is not supported on the BIO.
175 Implementations of this interface which do not make system calls and thereby
[all …]
|
| H A D | OSSL_CMP_ATAV_set0.pod | 52 they must B<not> be freed up after the call because their ownership
53 is transferred to I<atav>. The I<itav> pointer must not be NULL.
66 or NULL if I<atav> is NULL or does not contain an algId.
73 -1 if I<atav> is NULL or does not contain an rsaKeyLen or cannot be parsed,
91 OSSL_CMP_ATAV_set0() and OSSL_CMP_ATAV_free() do not return a value.
113 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | SSL_want.pod | 37 nonblocking I/O. Error conditions are not handled and must be treated
67 The operation did not complete because an application callback set by
73 The operation did not complete because a certificate verification callback
85 The asynchronous job could not be started because there were no async jobs
91 The operation did not complete because an application callback set by
119 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | OpenSSL_version.pod | 62 The OpenSSL project will not touch this macro (will leave it an empty string).
78 (B<maj>) and minor (B<min>) number or not. It will evaluate to true if the
126 C<compiler: ...> if available, or C<compiler: information not available>
132 or C<built on: date not available> otherwise.
133 The date would not be available in a reproducible build, for example.
138 if available, or C<platform: information not available> otherwise.
163 or C<CPUINFO: N/A> if not available.
167 For an unknown I<t>, the text C<not available> is returned.
195 Note that on some operating systems, this is not the same as the
245 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| /openssl/doc/man1/ |
| H A D | openssl-dhparam.pod.in | 54 this option is not specified.
59 if this option is not present. The output filename should B<not> be the same
76 displays a warning if not.
81 input file is ignored and parameters are generated instead. If not
90 this option is not present but a generator (B<-2>, B<-3> or B<-5>) is
142 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | openssl-pkcs8.pod.in | 60 not used) then the input file must be in PKCS#8 format. An encrypted
63 If B<-topk8> is not used and B<PEM> mode is set the output file will be an
67 If B<-topk8> is not used and B<DER> mode is set the output file will be an
83 option is not specified. If the key is encrypted a pass phrase will be
96 prompted for. The output filename should B<not> be the same as the input
114 This option does not encrypt private keys at all and should only be used
132 Some implementations may not support custom PRF algorithms and may require
139 If not specified PKCS#5 v2.0 form is used.
155 If this value is not specified, the default for PBES2 is 16 (128 bits)
171 Some older implementations do not support PKCS#5 v2.0 format and require
[all …]
|
| /openssl/doc/designs/quic-design/ |
| H A D | connection-state-machine.md | 27 0-RTT is also not currently modelled in this analysis.
30 discerned from the requirements imposed. This does not mean that the
36 the handshake has been completed but not yet confirmed).
47 Handshake confirmation is not the same as handshake completion.
186 Key updates may not be initiated in the Terminating state.
350 <td>(packet processed if EL is not dropped)</td>
442 may not have been possible:
467 that we receive, thus this event may not always be raised.
532 this does not require modelling as additional state.
579 we are not in `TERMINATING` or `TERMINATED`.
[all …]
|
| H A D | quic-thread-assist.md | 17 However, on second glance, this does not even solve the problem, as
26 set calls, but the combination of the two would not be safe if the assist thread
36 application is not required to take the lock prior to connection
42 probably happen prior to initiating a connection, things may not be that bad.
68 - Post-handshake authentication is not allowed;
89 thread and may not be touched further. We would need to block all API calls
97 APIs we think have safe semantics here; e.g. implement only getters and not
100 enabled. Some APIs may not have ways to indicate failure; for such APIs which
|
| /openssl/test/recipes/30-test_evp_data/ |
| H A D | evppkey_ecdsa_sigalg.txt | 4 # Licensed under the Apache License 2.0 (the "License"). You may not use
184 # Test that a explicit curve is not allowed in fips mode
191 # Test that a curve with < 112 bits is not allowed in fips mode for signing
199 # Test that a non nist curve is not allowed in fips mode
207 # Test that SHA1 is not allowed in fips mode for signing
215 # Test that SHA1 is not allowed in fips mode for signing
243 # Test that SHA1 is not allowed in fips mode for signing
253 # Test that SHA1 is not allowed in fips mode for signing
|
| H A D | evppkey_ecdsa.txt | 4 # Licensed under the Apache License 2.0 (the "License"). You may not use
185 # Test that a explicit curve is not allowed in fips mode
192 # Test that a curve with < 112 bits is not allowed in fips mode for signing
200 # Test that a non nist curve is not allowed in fips mode
208 # Test that SHA1 is not allowed in fips mode for signing
216 # Test that SHA1 is not allowed in fips mode for signing
244 # Test that SHA1 is not allowed in fips mode for signing
254 # Test that SHA1 is not allowed in fips mode for signing
|
| /openssl/doc/man7/ |
| H A D | EVP_SIGNATURE-ED25519.pod | 25 require access to the complete message (not a digest of the message).
29 not require access to the complete message; they operate on a hash of
37 instance, a nonempty context-string is not permitted.
82 instance is the explicit signature algorithm name, and may not be changed
85 If a context-string is not specified, then an empty context-string is
107 The PureEdDSA instances do not support the streaming mechanism of
112 The HashEdDSA instances do not yet support the streaming mechanisms
153 /* The input "params" is not needed if default options are acceptable.
177 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | EVP_RAND.pod | 29 it is in general not necessary to utilize the EVP_RAND API directly.
67 it does not make sense for the child to be an entropy source.
73 a live entropy source may ignore and not use its parent.
105 It is I<not> thread-safe to access the <primary> DRBG directly via the
220 It is possible to add I<additional input> not only during reseeding,
229 setting B<-DOPENSSL_DEFAULT_SEED_SRC=SEED-SRC>. If not set then
240 DRBG, depending on whether automatic reseeding is available or not.
245 Calling RAND_poll() or RAND_add() is not necessary, because the DRBG
259 reseed counter is not reset.
275 NOTE: Manual reseeding is *not allowed* in FIPS mode, because
[all …]
|
