summaryrefslogtreecommitdiffstats
path: root/doc
AgeCommit message (Expand)Author
2020-06-16Improve BIO_socket_wait(), BIO_wait(), BIO_connect_retry(), and their docsDr. David von Oheimb
2020-06-16CMS_get0_signers() descriptionolszomal
2020-06-14Fix nits detected by make cmd-nitsNicola Tuveri
2020-06-13Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update()Dr. David von Oheimb
2020-06-13Improve description of CMP untrusted certs and msg 'sender' fieldDr. David von Oheimb
2020-06-13Make CMP server use same protection for response as for requestDr. David von Oheimb
2020-06-13Improve ossl_cmp_msg_check_received() and rename to ossl_cmp_msg_check_update()Dr. David von Oheimb
2020-06-13Add request URL path checking and status responses to HTTP serverDr. David von Oheimb
2020-06-13Allow subject of CMP -oldcert as sender unless protection cert is givenDr. David von Oheimb
2020-06-13Check expected sender not only for signature-protected CMP messagesDr. David von Oheimb
2020-06-13Improve description of -trusted, -srvcert, -recipient, and -expect_sender CMP...Dr. David von Oheimb
2020-06-11doc: Add a hint to man3/EVP_$hash that it is legacySebastian Andrzej Siewior
2020-06-11The EVP_MAC functions have been renamed for consistency. The EVP_MAC_CTX_*Pauli
2020-06-11kdf: make function naming consistent.Pauli
2020-06-10Make it clear that you can't use all ciphers for CMACMatt Caswell
2020-06-10Update RSA keygen to use sp800-56b by defaultShane Lontis
2020-06-08TLSv1.3: additional checks in SSL_set_record_padding_callbackVadim Fedorenko
2020-06-08Fix documentation of OSSL_STOREDr. David von Oheimb
2020-06-06Consolidate doc of BIO_do_connect() and its alias BIO_do_handshake()Dr. David von Oheimb
2020-06-05Fix a typo in SSL_CTX_set_session_ticket_cb.podBenjamin Kaduk
2020-06-05Make EVP_PKEY_[get1|set1]_tls_encodedpoint work with provided keysMatt Caswell
2020-06-05Implement OSSL_PROVIDER_get0_provider_ctx()Matt Caswell
2020-06-05Enable applications to directly call a provider's query operationMatt Caswell
2020-06-05APPS: Drop interactive mode in the 'openssl' programRichard Levitte
2020-06-05Minor doc fix for EVP_PKEY_CTX_new_from_pkeyJaimee Brown
2020-06-04Add cipher list ciphersuites which using encryption algorithm in mode CBC.Otto Hollmann
2020-06-04Update copyright yearMatt Caswell
2020-06-03Update manpage to fix examples, other minor tweaksRich Salz
2020-06-03Cleanup cert config files for testsRich Salz
2020-06-02fix a docs typoJack O'Connor
2020-06-02Move EC_METHOD to internal-onlyBilly Brumley
2020-06-01undeprecate SSL_CTX_load_verify_locations and X509_STORE_load_locationsTim Hudson
2020-05-29DOCS: add openssl-core_names.h(7)Richard Levitte
2020-05-29DOCS: add openssl-core_numbers.h(7)Richard Levitte
2020-05-28EVP_EncryptInit.pod: fix examplePatrick Steuer
2020-05-27Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_P...Dr. David von Oheimb
2020-05-27crypto/cms: add CAdES-BES signed attributes validationFdaSilvaYY
2020-05-27doc: fix trace category namesDr. Matthias St. Pierre
2020-05-27Clean up some doc nitsRich Salz
2020-05-26Fix X509_PUBKEY_cmp(), move to crypto/x509/x_pubkey.c, rename, export, and do...Dr. David von Oheimb
2020-05-26Constify X509_PUBKEY_get(), X509_PUBKEY_get0(), and X509_PUBKEY_get0_param()Dr. David von Oheimb
2020-05-26Update core_names.h fields and document most fields.Shane Lontis
2020-05-23Fix the parameter types of the CRYPTO_EX_dup function type.Bernd Edlinger
2020-05-21There is no -signreq option in CA.plmettacrawler
2020-05-20deprecate EC_POINT_make_affine and EC_POINTs_make_affineBilly Brumley
2020-05-20Add OSSL_PROVIDER_do_all()Richard Levitte
2020-05-19Update early data exchange scenarios in docraja-ashok
2020-05-19Update limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3raja-ashok
2020-05-19Introducing option SSL_OP_IGNORE_UNEXPECTED_EOFDmitry Belyavskiy
2020-05-19Use {module,install}-mac, not -checksumRich Salz
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-12 17:28:05 +0000
ired code to support both SSLv2, SSLv3 and TLSv1 in the one server and client. libcrypto.a: General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not actually logically part of it. It includes routines for the following: Ciphers libdes - EAY's libdes DES encryption package which has been floating around the net for a few years. It includes 15 'modes/variations' of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb; pcbc and a more general form of cfb and ofb) including desx in cbc mode, a fast crypt(3), and routines to read passwords from the keyboard. RC4 encryption, RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb. Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb. IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb. Digests MD5 and MD2 message digest algorithms, fast implementations, SHA (SHA-0) and SHA-1 message digest algorithms, MDC2 message digest. A DES based hash that is polular on smart cards. Public Key RSA encryption/decryption/generation. There is no limit on the number of bits. DSA encryption/decryption/generation. There is no limit on the number of bits. Diffie-Hellman key-exchange/key generation. There is no limit on the number of bits. X.509v3 certificates X509 encoding/decoding into/from binary ASN1 and a PEM based ascii-binary encoding which supports encryption with a private key. Program to generate RSA and DSA certificate requests and to generate RSA and DSA certificates. Systems The normal digital envelope routines and base64 encoding. Higher level access to ciphers and digests by name. New ciphers can be loaded at run time. The BIO io system which is a simple non-blocking IO abstraction. Current methods supported are file descriptors, sockets, socket accept, socket connect, memory buffer, buffering, SSL client/server, file pointer, encryption, digest, non-blocking testing and null. Data structures A dynamically growing hashing system A simple stack. A Configuration loader that uses a format similar to MS .ini files. openssl: A command line tool which provides the following functions: enc - a general encryption program that can encrypt/decrypt using one of 17 different cipher/mode combinations. The input/output can also be converted to/from base64 ascii encoding. dgst - a generate message digesting program that will generate message digests for any of md2, md5, sha (sha-0 or sha-1) or mdc2. asn1parse - parse and display the structure of an asn1 encoded binary file. rsa - Manipulate RSA private keys. dsa - Manipulate DSA private keys. dh - Manipulate Diffie-Hellman parameter files. dsaparam- Manipulate and generate DSA parameter files. crl - Manipulate certificate revocation lists. crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate. x509 - Manipulate x509 certificates, self-sign certificates. req - Manipulate PKCS#10 certificate requests and also generate certificate requests. genrsa - Generates an arbitrary sized RSA private key. gendsa - Generates DSA parameters. gendh - Generates a set of Diffie-Hellman parameters, the prime will be a strong prime. ca - Create certificates from PKCS#10 certificate requests. This program also maintains a database of certificates issued. verify - Check x509 certificate signatures. speed - Benchmark OpenSSL's ciphers. s_server- A test SSL server. s_client- A test SSL client. s_time - Benchmark SSL performance of SSL server programs. errstr - Convert from OpenSSL hex error codes to a readable form. nseq - Netscape certificate sequence utility PATENTS ------- Various companies hold various patents for various algorithms in various locations around the world. _YOU_ are responsible for ensuring that your use of any algorithms is legel by checking if there are any patents in your country. The file contains some of the patents that we know about or are rumoured to exist. This is not a definitive list. RSA Data Security holds software patents on the RSA and RC5 algorithms. If their ciphers are used used inside the USA (and Japan?), you must contact RSA Data Security for licencing conditions. Their web page is http://www.rsa.com/. RC4 is a trademark of RSA Data Security, so use of this label should perhaps only be used with RSA Data Security's permission. The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy, Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA. They should be contacted if that algorithm is to be used, their web page is http://www.ascom.ch/. INSTALLATION ------------ To install this package under a Unix derivative, read the INSTALL file. For a Win32 platform, read the INSTALL.W32 file. For people in the USA, it is possible to compile OpenSSL to use RSA Inc.'s public key library, RSAREF, by configuring OpenSSL with the option "rsaref". Read the documentation in the doc/ directory. It is quite rough, but it lists the functions, you will probably have to look at the code to work out how to used them. Look at the example programs. SUPPORT ------- If you have any problems with OpenSSL then please take the following steps first: - Remove ASM versions of libraries - Remove compiler optimisation flags - Add compiler debug flags (if using gcc then remove -fomit-frame-pointer before you try to debug things) If you wish to report a bug then please include the following information in any bug report: OpenSSL Details - Version, most of these details can be got from the 'openssl version -a' command. Operating System Details - Output of './config -t' - OS Name, Version - Hardware platform Compiler Details - Name - Version Application Details - Name - Version Problem Description - include steps that will reproduce the problem (if known) Stack Traceback (if the application dumps core) Report the bug to the OpenSSL project at: openssl-bugs@openssl.org HOW TO CONTRIBUTE TO OpenSSL ---------------------------- Development is coordinated on the openssl-dev mailing list (see http://www.openssl.org for information on subscribing). If you would like to submit a patch, send it to openssl-dev@openssl.org. Please be sure to include a textual explanation of what your patch does. The preferred format for changes is "diff -u" output. You might generate it like this: # cd openssl-work # [your changes] # ./Configure dist; make clean # cd .. # diff -urN openssl-orig openssl-work > mydiffs.patch
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-12 17:28:05 +0000