wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
18069 commits 20 branches 302 tags 153 MiB
Commit graph

1669 commits

Author SHA1 Message Date
Valentin Vidic
b2e54eb834 Add Postgres support to -starttls 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2016-10-17 23:05:36 +01:00
choury
ba6017a193 fix invalid use of incomplete type X509_STORE_CTX 
CLA: trivial

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-10-17 14:39:00 +02:00
Steven Fackler
8bdce8d160 Fix signatures of EVP_Digest{Sign,Verify}Update 
These are implemented as macros delegating to `EVP_DigestUpdate`, which
takes a `size_t` as its third argument, not an `unsigned int`.

CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-10-15 23:34:33 +01:00
Andy Polyakov
bf78883d45 doc/crypto/OPENSSL_ia32cap.pod: update assembler requirements. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-10-11 09:20:42 +02:00
Dr. Stephen Henson
5fb1005987 Add -item option to asn1parse 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-09-29 16:21:46 +01:00
Dr. Stephen Henson
56501ebd09 Add ASN1_ITEM lookup and enumerate functions. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-09-29 16:21:45 +01:00
Matt Caswell
a671b3e64a Add OCSP_RESPID_match() 
Add a function for testing whether a given OCSP_RESPID matches with a
certificate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-09-22 09:27:45 +01:00
Matt Caswell
e12c0beb5a Add the ability to set OCSP_RESPID fields 
OCSP_RESPID was made opaque in 1.1.0, but no accessors were provided for
setting the name/key value for the OCSP_RESPID.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-09-22 09:27:45 +01:00
Rich Salz
776e15f939 Dcoument -alpn flag 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-09-21 11:23:12 -04:00
Rich Salz
4588cb4443 Revert "Constify code about X509_VERIFY_PARAM" 
This reverts commit 81f9ce1e19.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-09-21 10:37:03 -04:00
Richard Levitte
6e836806ad Documentation fixup; no more ECDHParameters 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-09-20 18:24:24 +02:00
FdaSilvaYY
81f9ce1e19 Constify code about X509_VERIFY_PARAM 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1594)
 2016-09-18 00:22:00 -04:00
Rich Salz
6f0ac0e2f2 Make reference to other manpage more explicit 
Where -curves, etc., are defined: SSL_CONF_cmd

Reviewed-by: Andy Polyakov <appro@openssl.org>
 2016-09-14 18:25:40 -04:00
Richard Levitte
2e04d6cc9d Document the new SHA256 and SHA512 password generation options 
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-09-14 18:02:29 +02:00
Rich Salz
7d959c358a Add -h and -help for c_rehash script and app 
Resolves GH1515 and GH1509.

Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-09-14 08:59:48 -04:00
Rich Salz
01c09f9fde Misc BN fixes 
Never output -0; make "negative zero" an impossibility.
Do better checking on BN_rand top/bottom requirements and #bits.
Update doc.
Ignoring trailing garbage in BN_asc2bn.

Port this commit from boringSSL: https://boringssl.googlesource.com/boringssl/+/899b9b19a4cd3fe526aaf5047ab9234cdca19f7d%5E!/
        Ensure |BN_div| never gives negative zero in the no_branch code.

        Have |bn_correct_top| fix |bn->neg| if the input is zero so that we
        don't have negative zeros lying around.

        Thanks to Brian Smith for noticing.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-09-06 10:42:01 -04:00
Viktor Dukhovni
4a7b3a7b4d Un-delete still documented X509_STORE_CTX_set_verify 
It should not have been removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-24 20:30:45 +01:00
Rob Percival
cfd20f64cc Typo fixes 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
ea4b7ded52 Updates the CT_POLICY_EVAL_CTX POD 
Ownership semantics and function names have changed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
513a3cb16b Correct documentation about SCT setters resetting validation status 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
e12981019a Removes the SCT_verify* POD 
SCT_verify_v1 has been removed and SCT_verify is no longer part of the
public API.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
a0a9f36ebf Documents the SCT validation functions 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
76bfd2ccc3 Removes {o2i,i2o}_SCT_signature from PODs 
These functions have been removed from the public API.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
5edcadb127 Documents the CTLOG functions 
CTLOG_new_null() has been removed from the code, so it has also been
removed from this POD.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
0e74d7ca44 Document the i2o and o2i SCT functions 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
a8d5d13a5f Removes d2i_SCT_LIST.pod 
This is covered by d2i_X509.pod.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
4cfdabbb09 Document that SCT_set_source returns 0 on failure. 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
882babda46 Clarifies the format of a log's public key in the CONF file 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
4a388d1e05 Refer to OPENSSLDIR rather than "the OpenSSL install directory" 
The prior wording was less accurate.
See https://github.com/openssl/openssl/pull/1372#discussion_r73127000.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
32fa3da8b1 Adds history section to CT PODs 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
e469945f2c Fixes final issue in CT PODs highlighted by util/find-doc-nits.pl 
Fixes complaint "ct missing from SYNOPSIS".

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
4eabbe9d59 Renames CT_POLICY_EVAL_CTX.pod to CT_POLICY_EVAL_CTX_new.pod 
util/fix-doc-nits.pl complains that
"CT_POLICY_EVAL_CTX (filename) missing from NAME section".

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
7a2c739c00 Adds copyright section to ct.pod 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
6c3e9a71ab Adds newline after =cut in PODs 
util/find-doc-nits.pl complains that the file "doesn't end with =cut".

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
cb8145ff4a Adds missing function names to NAME section of PODs 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
ae97a654ca Add enum definitions to CT pods 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
8b12a3e75b Remove unnecessary bold tags in CT pods 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
0620ecdcd2 Add SSL_get0_peer_scts to ssl.pod 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
Rob Percival
56f3f714ef First draft of CT documentation 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-24 13:58:19 +01:00
FdaSilvaYY
0fe9123687 Constify a bit X509_NAME_get_entry 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-23 11:47:22 +02:00
FdaSilvaYY
9f5466b9b8 Constify some X509_NAME, ASN1 printing code 
ASN1_buf_print, asn1_print_*, X509_NAME_oneline, X509_NAME_print

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-23 11:47:22 +02:00
Kazuki Yamaguchi
9ba6f347fe Expose alloc functions for EC{PK,}PARAMETERS 
Declare EC{PK,}PARAMETERS_{new,free} functions in public headers. The
free functions are necessary because EC_GROUP_get_ec{pk,}parameters()
was made public by commit 60b350a3ef ("RT3676: Expose ECgroup i2d
functions").

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-22 15:10:02 +01:00
Andy Polyakov
1194ea8dc3 crypto/pkcs12: facilitate accessing data with non-interoperable password. 
Originally PKCS#12 subroutines treated password strings as ASCII.
It worked as long as they were pure ASCII, but if there were some
none-ASCII characters result was non-interoperable. But fixing it
poses problem accessing data protected with broken password. In
order to make asscess to old data possible add retry with old-style
password.

Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-22 13:52:59 +02:00
Dr. Stephen Henson
0b7347effe Add X509_getm_notBefore, X509_getm_notAfter 
Add mutable versions of X509_get0_notBefore and X509_get0_notAfter.

Rename X509_SIG_get0_mutable to X509_SIG_getm.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
 2016-08-21 18:25:23 +01:00
Rich Salz
8b8d963db5 Add BIO_get_new_index() 
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
 2016-08-19 21:04:41 -04:00
Dr. Stephen Henson
568ce3a583 Constify certificate and CRL time routines. 
Update certificate and CRL time routines to match new standard.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-19 18:40:55 +01:00
Viktor Dukhovni
c4fbed6c31 Add -dane_ee_no_namechecks s_client(1) option 
The DANE API supports a DANE_FLAG_NO_DANE_EE_NAMECHECKS option, but
there was no way to exercise/enable it via s_client.  This commit
addresses that gap.

Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-08-19 12:18:49 -04:00
Rich Salz
2a9afa4046 RT3940: For now, just document the issue. 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-08-19 11:45:07 -04:00
Dr. Stephen Henson
68c12bfc66 Add X509_get0_serialNumber() and constify OCSP_cert_to_id() 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-19 12:47:31 +01:00
Dr. Stephen Henson
11222483d7 constify X509_REQ_get0_signature() 
Reviewed-by: Matt Caswell <matt@openssl.org>
 2016-08-19 12:47:31 +01:00