/openssl/doc/man3/ |
H A D | SSL_set_default_stream_mode.pod | 7 SSL_DEFAULT_STREAM_MODE_AUTO_UNI - manage the default stream for a QUIC 22 A QUIC connection SSL object may have a default stream attached to it. A default 23 stream is a QUIC stream to which calls to L<SSL_read(3)> and L<SSL_write(3)> 24 made on a QUIC connection SSL object are redirected. Default stream handling 25 allows legacy applications to use QUIC similarly to a traditional TLS 28 When not disabled, a default stream is automatically created on an outgoing 35 L<SSL_write(3)>) after establishing a connection, OpenSSL will wait for the 41 By default, the default stream created is bidirectional. If a unidirectional 73 determine the type of a stream after a call to L<SSL_read(3)>, use 106 These functions fail if called on a QUIC stream SSL object or on a non-QUIC SSL [all …]
|
H A D | ASN1_aux_cb.pod | 84 offset into the B<ASN1_VALUE> structure where a B<CRYPTO_RWLOCK> may be 144 immediately before a "d2i" operation for the B<ASN1_VALUE>. 149 immediately after a "d2i" operation for the B<ASN1_VALUE>. 154 immediately before a "i2d" operation for the B<ASN1_VALUE>. 159 immediately after a "i2d" operation for the B<ASN1_VALUE>. 176 length encoding. The I<exarg> argument will be a pointer to a B<ASN1_STREAM_ARG> 182 length encoding. The I<exarg> argument will be a pointer to a B<ASN1_STREAM_ARG> 188 value (as used in CMS and PKCS7). The I<exarg> argument will be a pointer to a 194 value (as used in CMS and PKCS7). The I<exarg> argument will be a pointer to a 211 a value exists. [all …]
|
H A D | OSSL_trace_enabled.pod | 48 /* check whether a trace category is enabled */ 69 Tracing for a specific category is enabled at run-time if a so-called 70 I<trace channel> is attached to it. A trace channel is simply a 78 We call them a I<simple trace channel> and a I<callback trace channel>, 85 calls surrounding the trace output create a group, which acts as a 101 channel for the given I<category> in form of a BIO. 104 OSSL_trace_end() is used to end a tracing section. 123 used as follows to wrap a trace section: 188 outputs I<data> of length I<size> as a string 197 only if a specific trace category is enabled. [all …]
|
H A D | SSL_read_early_data.pod | 84 determine if a session established with a server can be used to send early data. 102 called on a new connection, i.e. it must occur before any calls to 131 called on a connection, i.e. it must occur before any calls to 145 same way as a 0 return value from L<SSL_read_ex(3)>. 192 When a session is created between a server and a client the server will specify 234 callback which is called at a point in the handshake immediately before a 276 In rare circumstances, it may be possible for a client to have a session that 279 changed to accept a lower max early data value such as by calling 287 retry with a lower maximum protocol version. 299 if a client does not send any early data. [all …]
|
H A D | SSL_CTX_set_num_tickets.pod | 33 0 then no tickets will be issued for either a normal connection or a resumption. 35 Tickets are also issued on receipt of a post-handshake certificate from the 36 client following a request by the server using 40 was used for the initial handshake. If the initial handshake was a full 46 SSL_new_session_ticket() is used by a server application to request that a new 50 delayed until the server is starting a new write operation, so that it is 52 record boundary. If the connection was at a record boundary when 58 SSL_do_handshake(). Note that a successful return from 61 ticket itself is sent, a new-session callback can be registered with 66 tickets set by a previous call to SSL_CTX_set_num_tickets() or [all …]
|
H A D | BIO_get_rpoll_descriptor.pod | 5 BIO_get_rpoll_descriptor, BIO_get_wpoll_descriptor - obtain a structure which 6 can be used to determine when a BIO object can next be read or written 27 I<*desc> with a poll descriptor. A poll descriptor is a tagged union structure 33 outputs a descriptor which can be used to determine when the BIO can 40 resource which might be represented by a poll descriptor is an OS file 49 Represents the absence of a valid poll descriptor. It may be used by 61 The resource is whatever kind of handle is used by a given OS to represent 67 successfully complete a BIO_read() operation; likewise, where a poll descriptor 70 complete a BIO_write() operation. 80 Because poll descriptors are a tagged union structure, they can represent [all …]
|
H A D | d2i_X509.pod | 400 TYPE *d2i_TYPE_bio(BIO *bp, TYPE **a); 401 TYPE *d2i_TYPE_fp(FILE *fp, TYPE **a); 406 int i2d_TYPE_fp(FILE *fp, TYPE *a); 408 int i2d_TYPE_bio(BIO *bp, TYPE *a); 420 network, writing to a file, and so on. 424 the byte following the parsed data. If I<a> is not NULL then a pointer 430 On a successful return, if I<*a> is not NULL then it is assumed that I<*a> 521 Represents a PKCS#10 certificate request. 533 been used with a valid structure being passed in via I<a>, then the object is 554 Attempt to decode a buffer: [all …]
|
H A D | EVP_PKEY_gettable_params.pod | 9 - retrieve key parameters from a key 37 EVP_PKEY_gettable_params() returns a constant list of I<params> indicating 49 EVP_PKEY_get_int_param() retrieves a key I<pkey> integer value I<*out> 50 associated with a name of I<key_name> if it fits into C<int> type. For 53 EVP_PKEY_get_size_t_param() retrieves a key I<pkey> size_t value I<*out> 57 EVP_PKEY_get_bn_param() retrieves a key I<pkey> BIGNUM value I<**bn> 58 associated with a name of I<key_name>. If I<*bn> is NULL then the BIGNUM 61 EVP_PKEY_get_utf8_string_param() get a key I<pkey> UTF8 string value into a 62 buffer I<str> of maximum size I<max_buf_sz> associated with a name of 64 value including a terminating NUL byte, or this function will fail. [all …]
|
H A D | X509_verify_cert.pod | 21 X509_build_chain() builds a certificate chain starting from I<target> 24 Else the chain must reach a trust anchor contained in I<store>. 29 On success it returns a pointer to a new stack of (up_ref'ed) certificates 35 The X509_verify_cert() function attempts to discover and validate a 39 It usually includes a target certificate to be verified, 40 a set of certificates serving as trust anchors, 60 in I<ctx> unless a target certificate is set explicitly. 62 When the verification target is a raw public key, rather than a certificate, 75 return 1 if a complete chain can be built and validated, 77 failure and internal errors) they can also return a negative code. [all …]
|
H A D | BN_mod_mul_montgomery.pod | 19 int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, 22 int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, 25 int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, 35 BN_MONT_CTX_new() allocates and initializes a B<BN_MONT_CTX> structure. 38 by precomputing its inverse and a value R. 46 BN_mod_mul_montgomery() computes Mont(I<a>,I<b>):=I<a>*I<b>*R^-1 and places 49 BN_from_montgomery() performs the Montgomery reduction I<r> = I<a>*R^-1. 51 BN_to_montgomery() computes Mont(I<a>,R^2), i.e. I<a>*R. 52 Note that I<a> must be nonnegative and smaller than the modulus. 54 For all functions, I<ctx> is a previously allocated B<BN_CTX> used for [all …]
|
H A D | SSL_free.pod | 37 When used to free a QUIC stream SSL object, the respective sending and receiving 45 If the stream has a sending part (in other words, if it is bidirectional or a 47 via a call to L<SSL_stream_conclude(3)> or L<SSL_stream_reset(3)> on the QUIC 49 the stream as though L<SSL_stream_reset(3)> were called with a QUIC application 54 If the stream has a receiving part (in other words, if it is bidirectional or a 56 that part of the stream normally (such as via a call to 57 L<SSL_stream_conclude(3)> on its own end), a call to SSL_free() automatically 59 frame with a QUIC application error code of 0. Note that as per the QUIC 65 A QUIC stream SSL object maintains a reference to a QUIC connection SSL object 66 internally, therefore a QUIC stream SSL object and its parent QUIC connection [all …]
|
H A D | ASN1_TYPE_get.pod | 12 int ASN1_TYPE_get(const ASN1_TYPE *a); 13 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); 14 int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); 15 int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); 25 such as a SEQUENCE: it is effectively equivalent to the ASN.1 ANY type. 27 ASN1_TYPE_get() returns the type of I<a> or 0 if it fails. 29 ASN1_TYPE_set() sets the value of I<a> to I<type> and I<value>. This 33 ASN1_TYPE_set1() sets the value of I<a> to I<type> a copy of I<value>. 35 ASN1_TYPE_cmp() compares ASN.1 types I<a> and I<b> and returns 0 if 59 octets of the type. If I<type> corresponds to a constructed type or [all …]
|
/openssl/doc/man7/ |
H A D | ossl-guide-introduction.pod | 10 OpenSSL is a robust, commercial-grade, full-featured toolkit for general-purpose 11 cryptography and secure communication. Its features are made available via a 15 cryptography based capabilities and to securely communicate across a network. 16 Finally, it also has a set of providers that supply implementations of a broad 34 platforms). The OpenSSL project maintains a list of these third parties at 40 into an appropriate directory. Inside that archive you will find a file named 50 Sometimes you may want to build and install OpenSSL from source on a system 51 which already has a pre-built version of OpenSSL installed on it via the 52 Operating System package management system (for example if you want to use a 56 pre-built version with a different version as this may break your system. [all …]
|
/openssl/crypto/ct/ |
H A D | ct_oct.c | 270 if (a == NULL || *a == NULL) { in STACK_OF() 278 sk = *a; in STACK_OF() 307 if (a != NULL && *a == NULL) in STACK_OF() 308 *a = sk; in STACK_OF() 312 if (a == NULL || *a == NULL) in STACK_OF() 317 int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp) in i2o_SCT_LIST() argument 325 if ((len = i2o_SCT_LIST(a, NULL)) == -1) { in i2o_SCT_LIST() 337 for (i = 0; i < sk_SCT_num(a); i++) { in i2o_SCT_LIST() 382 if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL) in STACK_OF() 389 int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out) in i2d_SCT_LIST() argument [all …]
|
/openssl/crypto/objects/ |
H A D | objects.pl | 131 foreach (sort { $a <=> $b } keys %nidn) 169 foreach (sort { $a <=> $b } keys %ordern) 187 local(@a,$oid_pref); 189 @a = split(/\s+/,$myoid); 192 if (!($a[0] =~ /^[0-9]+$/)) 194 $a[0] =~ s/-/_/g; 195 if (!defined($obj{$a[0]})) 196 { die "$ARGV[0]:$o:Undefined identifier ",$a[0],"\n"; } 197 $pref_oid = "OBJ_" . $a[0]; 199 shift @a; [all …]
|
/openssl/crypto/ripemd/asm/ |
H A D | rmd-586.pl | 105 &add($a, $e); 122 &add($a, $e); 146 &lea($a, &DWP($K,$a,$tmp2,1)); 166 &lea($a, &DWP($K,$a,$tmp1,1)); 173 &lea($a, &DWP($K,$a,$tmp2,1)); 197 &lea($a, &DWP($K,$a,$tmp2,1)); 213 &lea($a, &DWP($K,$a,$tmp1,1)); 237 &lea($a, &DWP($K,$a,$tmp2)); 254 &lea($a, &DWP($K,$a,$tmp2)); 285 &lea($a, &DWP($K,$a,$tmp2,1)); [all …]
|
/openssl/doc/man1/ |
H A D | openssl-mac.pod.in | 32 Print a usage message. 36 Input filename to calculate a MAC for, or standard input by default. 51 For CMAC it should be a CBC mode cipher e.g. AES-128-CBC. 52 For GMAC it should be a GCM mode cipher e.g. AES-128-GCM. 99 Used by KMAC128 or KMAC256 to specify a customization string. 116 Specifies the name of a supported MAC algorithm which will be used. 125 To create a hex-encoded HMAC-SHA1 MAC of a file and write to stdout: 131 To create a SipHash MAC from a file with a binary file output: 136 To create a hex-encoded CMAC-AES-128-CBC MAC from a file: 142 To create a hex-encoded KMAC128 MAC from a file with a Customisation String [all …]
|
/openssl/crypto/chacha/asm/ |
H A D | chacha-x86.pl | 67 $a="eax"; 103 &xor ($d,$a); 114 &add ($a,$b); 115 &xor ($d,$a); 309 &lea ($a,&DWP(4*16,$a)); 661 &pxor ($d,$a); 672 &pxor ($d,$a); 1045 &vpaddd ($a,$a,$b); 1053 &vpaddd ($a,$a,$b); 1102 &vpaddd ($a,$a,&QWP(16*0,"esp")); [all …]
|
/openssl/crypto/bn/ |
H A D | bn_print.c | 17 int BN_print_fp(FILE *fp, const BIGNUM *a) in BN_print_fp() argument 25 ret = BN_print(b, a); in BN_print_fp() 31 int BN_print(BIO *bp, const BIGNUM *a) in BN_print() argument 36 if ((a->neg) && BIO_write(bp, "-", 1) != 1) in BN_print() 38 if (BN_is_zero(a) && BIO_write(bp, "0", 1) != 1) in BN_print() 40 for (i = a->top - 1; i >= 0; i--) { in BN_print() 43 v = (int)((a->d[i] >> j) & 0x0f); in BN_print()
|
H A D | bn_nist.c | 372 if (BN_is_negative(a) || BN_ucmp(a, &ossl_bignum_nist_p_192_sqr) >= 0) in BN_nist_mod_192() 380 return (r == a) ? 1 : (BN_copy(r, a) != NULL); in BN_nist_mod_192() 382 if (r != a) { in BN_nist_mod_192() 517 return (r == a) ? 1 : (BN_copy(r, a) != NULL); in BN_nist_mod_224() 519 if (r != a) { in BN_nist_mod_224() 689 return (r == a) ? 1 : (BN_copy(r, a) != NULL); in BN_nist_mod_256() 691 if (r != a) { in BN_nist_mod_256() 926 return (r == a) ? 1 : (BN_copy(r, a) != NULL); in BN_nist_mod_384() 928 if (r != a) { in BN_nist_mod_384() 1178 return (r == a) ? 1 : (BN_copy(r, a) != NULL); in BN_nist_mod_521() [all …]
|
/openssl/doc/designs/ |
H A D | xof.md | 7 An extendable output function (XOF) is defined as a variable-length hash 8 function on a message in which the output can be extended to any desired length. 10 At a minimum an XOF needs to support the following pseudo-code 52 a reset, but that code was removed as it was deemed to be incorrect. 57 multiple calls are allowed. This could just be a new gettable flag (having a 73 - Final seems like a strange name to call multiple times. 77 Keep EVP_DigestFinalXOF() as a one shot function and create a new API to handle 86 - Seems like a better name. 102 Create a completely new type e.g. EVP_XOF_MD to implement XOF digests 117 Choosing a name for the API that allows multiple output calls [all …]
|
/openssl/doc/internal/man3/ |
H A D | ossl_ht_new.pod | 54 This API provides a library-internal implementation of a hashtable that provides 67 I<ht_free_fn> The function to call to free a value, may be NULL. 68 I<ht_hash_fn> The function to generate a hash value for a key, may be NULL. 97 These function are not required for use in the event a table is to be used in a 149 element which is taken from the list by a caller, they must call 160 defines the structure name, and presets a common key header. 193 HT_KEY_RESET() Resets a key's data to all zeros. 197 HT_SET_KEY_FIELD() Sets a field in a key (as defined by HT_DEF_KEY_FIELD()) to a 202 HT_SET_KEY_STRING() Performs a strncpy() of a source string to the destination 207 HT_SET_KEY_BLOB() Performs a memcpy() of a source uint8_t buffer to a [all …]
|
/openssl/crypto/ec/ |
H A D | ec2_smpl.c | 31 group->a = BN_new(); in ossl_ec_GF2m_simple_group_init() 36 BN_free(group->a); in ossl_ec_GF2m_simple_group_init() 50 BN_free(group->a); in ossl_ec_GF2m_simple_group_finish() 61 BN_clear_free(group->a); in ossl_ec_GF2m_simple_group_clear_finish() 79 if (!BN_copy(dest->a, src->a)) in ossl_ec_GF2m_simple_group_copy() 117 if (!BN_GF2m_mod_arr(group->a, a, group->poly)) in ossl_ec_GF2m_simple_group_set_curve() 151 if (a != NULL) { in ossl_ec_GF2m_simple_group_get_curve() 152 if (!BN_copy(a, group->a)) in ossl_ec_GF2m_simple_group_get_curve() 397 if (a->Z_is_one) { in ossl_ec_GF2m_simple_add() 480 return ossl_ec_GF2m_simple_add(group, r, a, a, ctx); in ossl_ec_GF2m_simple_dbl() [all …]
|
/openssl/crypto/ec/curve448/arch_32/ |
H A D | f_impl32.c | 26 const uint32_t *a = as->limb, *b = bs->limb; 34 aa[i] = a[i] + a[i + 8]; 41 accum2 += widemul(a[j - i], b[i]); 43 accum0 += widemul(a[8 + j - i], b[8 + i]); 49 accum0 -= widemul(a[8 + j - i], b[i]); 51 accum1 += widemul(a[16 + j - i], b[8 + i]); 75 const uint32_t *a = as->limb; 84 accum0 += widemul(b, a[i]); 85 accum8 += widemul(b, a[i + 8]);
|
/openssl/doc/designs/quic-design/ |
H A D | tx-packetiser.md | 171 allowed to send in a packet. 241 has a minimum size of a certain number of bytes. This does not need to be 385 - `PING`: The `PING` frame is encoded as a single byte. It is used to make a packet 520 probably due to a clear downside: if a packet is lost and it contains data for 524 if a packet is lost, typically only a single stream is held up. 551 not a major concern for discussion here. Such a parameter can easily be made 554 Thus, we choose what active stream to select to fill in a packet on a 560 When we fill a packet with a stream, we start with any applicable `RESET_STREAM` 566 in a fixed priority order; i.e., first there could be a `STOP_SENDING` frame 609 requested a probe be sent. These MUST be made ACK-eliciting (using a PING [all …]
|