Commit Graph

2829 Commits

Author SHA1 Message Date
Richard Levitte
df8f116ecd Add doc/build.info to build the documentation
This build.info is entirely generated when configuring

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6236)
2019-11-29 09:51:17 +01:00
moehuster
3c86a2b5c8 Fix L<EVP_MD_CTX_set_pkey_ctx> links
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10420)

(cherry picked from commit ca7c982821)
2019-11-28 16:53:54 +01:00
Rich Salz
d86925e6bd Use option/parameter consistently.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10135)
2019-11-28 13:58:51 +01:00
Rich Salz
22bb8c2545 Document more env var stuff, fix some typo's
Add openssl-env.pod
Also fix up many other environment page formatting nits.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10135)
2019-11-28 13:58:51 +01:00
Richard Levitte
2a03823606 doc/man7/proxy-certificates.pod: New guide for proxy certificates
This replaces doc/HOWTO/proxy_certificates.txt

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10507)
2019-11-27 16:18:28 +01:00
Dr. Matthias St. Pierre
23f3993127 Remove RANDFILE settings from configuration files
OpenSSL 1.1.1 introduced a new CSPRNG with an improved seeding
mechanism, which makes it dispensable to define a RANDFILE for
saving and restoring randomness. This commit removes the RANDFILE
declarations from our own configuration files and adds documentation
that this option is not needed anymore and retained mainly for
compatibility reasons.

Fixes #10433

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10436)
2019-11-24 08:35:14 +01:00
Matt Caswell
e44192d14b Documentation updates due to naming tweaks
Also documents our new canonical naming.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10092)
2019-11-21 15:49:58 +00:00
Richard Levitte
6a835fcfb1 Replumbing: pre-populate the EVP namemap with commonly known names
This adds ossl_namemap_empty(), to detect if a namemap is empty and
can thereby be pre-populated.

This also affects the way legacy NIDs are looked up in
evp_cipher_from_dispatch() and evp_md_from_dispatch().  Instead of
trying to find the NID directly, look up the legacy method structure
and grab the NID from there.  The reason is that NIDs can be aliases
for other NIDs, which looks like a clash even if wasn't really one.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8984)
2019-11-20 14:22:35 +01:00
Rich Salz
92de469fbd Document command parameters.
Add documentation for all commands that have parameters.
Fix a couple of minor doc and programming bugs, too.

Fixes #10313

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10371)
2019-11-20 09:49:52 +01:00
Pauli
bdbf2df2e6 Properties: make query cache reference count aware.
The property query cache was not reference count aware and this could cause
problems if the property store removes an algorithm while it is being returned
from an asynchronous query.  This change makes the cache reference count aware
and avoids disappearing algorithms.

A side effect of this change is that the reference counts are now owned by the
cache and store.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10408)
2019-11-18 18:51:26 +10:00
Anthony Hu
2555285fa5 Add missing EVP_PKEY_METHOD accessors for digestsign and digestverify
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10388)
2019-11-17 08:27:06 +01:00
Rich Salz
d7cea0b8f5 Fix some broken doc links
Replace L<> link to header-file with a C<> reference.
Change some broken L<provider(3)> links to L<provider(7)>.
For consistency, rename four cipher pages to have a specific mode.
Fix up all references to any "generic" names to point to specific names.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10100)
2019-11-15 17:20:33 +01:00
Tomas Mraz
a90311fead A few fixes in the EVP_KDF-KB and EVP_KDF-KRB5KDF manpages
The context and label is info and salt respectively - fix
the example in KB manpage for that.

There are some typos and bug in EVP_KDF_derive call in the
KRB5KDF example.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10426)
2019-11-14 17:26:16 +01:00
Matt Caswell
d8fef6da57 Document various new/changes EVP_PKEY_CTX_* functions
We have converted a number of macros to functions and made them work
with providers. We've also added some *_ex() variants that needed
documenting.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10152)
2019-11-14 09:29:46 +00:00
Matt Caswell
c68f5050db Document the public EVP_ASYM_CIPHER releated functions
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10152)
2019-11-14 09:29:46 +00:00
Matt Caswell
11d876df50 Add documentation for the Asymmetric Cipher Operation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10152)
2019-11-14 09:29:46 +00:00
Richard Levitte
10e7216e50 CORE: Add a generic callback function type
This offers a very generic way to define a callback as well as calling
it.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10412)
2019-11-14 08:22:29 +01:00
Nicola Tuveri
3cc26f2eba Extend docs for EC_POINT conversion functions
Add more explicit documentation about the relation between
EC_POINT_point2oct(), EC_POINT_point2hex(), EC_POINT_point2bn() and
their reverse.

In particular highlight that EC_POINT_point2oct() and
EC_POINT_oct2point() conform to, respectively, Sec. 2.3.3 and Sec. 2.3.4
of the SECG SEC 1 standard (which is the normative reference for the
already mentioned RFC 5480), highlighting with a note how this affect
the encoding/decoding of the point at infinity (which in contrast with
any other valid generic point of a curve is assigned an exceptional
fixed octet string encoding, i.e., 0x00).

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10329)
2019-11-13 18:02:51 +02:00
Jon Spillett
eb389a75c0 Add missing docs for some PKCS12 functions
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9752)
2019-11-12 18:14:31 +01:00
Dr. David von Oheimb
40fa9d9ef7 add OPENSSL_FUNC.pod documenting OPENSSL_MSTR, OPENSSL_FUNC, and friends
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10236)
2019-11-12 16:12:38 +00:00
Richard Levitte
ee669781d5 SSL: Document SSL_add_{file,dir,store}_cert_subjects_to_stack()
This also removes the incorrect documentation comments by those
functions, and fixes a bug in SSL_add_store_cert_subjects_to_stack(),
where the condition for recursive addition was 'depth == 0' when it
should be 'depth > 0'.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10402)
2019-11-12 13:38:36 +01:00
Richard Levitte
0255c1742a Add a .pragma directive for configuration files
Currently added pragma:

.pragma dollarid:on

This allows dollar signs to be a keyword character unless it's
followed by a opening brace or parenthesis.

Fixes #8207

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8882)
2019-11-12 13:33:12 +01:00
Dmitry Belyavskiy
b6db6612d1 Fix cut'n'paste typos in the provider-digest pod
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10398)
2019-11-11 21:17:18 +03:00
Rich Salz
1903a9b77a Fix L<xxx(1)> links to be L<openssl-xxx(1)>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10328)
2019-11-10 18:58:50 +01:00
Richard Levitte
26b7cc0d20 Cleanup include/openssl/opensslv.h.in
Now that we generate include/openssl/opensslv.h, there's no point
keeping some macross around, we can just set a simpler set to their
respective value and be done with it.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10218)
2019-11-08 16:12:57 +01:00
Shane Lontis
eb173822b2 Add AES SIV ciphers to default provider
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10120)
2019-11-08 12:14:44 +10:00
Richard Levitte
46e2dd05ef Add EVP functionality to create domain params and keys by user data
This is the EVP operation that corresponds to creating direct RSA, DH
and DSA keys and set their numbers, to then assign them to an EVP_PKEY,
but done entirely using an algorithm agnostic EVP interface.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10187)
2019-11-07 11:50:39 +01:00
Rich Salz
ccd9e70d4e Strip much out of ssl.pod
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10208)
2019-11-06 19:38:32 +01:00
Rich Salz
98ca37e4aa Add L<ssl(7)> to all SSL pages
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10208)
2019-11-06 19:38:32 +01:00
Rich Salz
16f8a61830 Remove outdated info from man7/ssl
There were two paragraphs of useful information about SSL_dup, so
copy that to the right manpage.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10208)
2019-11-06 19:38:32 +01:00
Richard Levitte
0e52100400 EVP: Make the SIGNATURE implementation leaner
Because the algorithm to use is decided already when creating an
EVP_PKEY_CTX regardless of how it was created, it turns out that it's
unnecessary to provide the SIGNATURE method explicitly, and rather
always have it be fetched implicitly.

This means fewer changes for applications that want to use new
signature algorithms / implementations.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10303)
2019-11-05 22:22:29 +01:00
Richard Levitte
c0e0984f12 EVP: Make the KEYEXCH implementation leaner
Because the algorithm to use is decided already when creating an
EVP_PKEY_CTX regardless of how it was created, it turns out that it's
unnecessary to provide the KEYEXCH method explicitly, and rather
always have it be fetched implicitly.

This means fewer changes for applications that want to use new key
exchange algorithms / implementations.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10305)
2019-11-05 22:20:06 +01:00
Richard Levitte
bdb0e04fd0 Document added SSL functions related to X509_LOOKUP_store
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
2019-11-03 18:40:17 +01:00
Richard Levitte
849d91a62c Document X509_LOOKUP_store
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
2019-11-03 18:38:23 +01:00
Richard Levitte
fd3397fc47 Add -CAstore and similar to all openssl commands that have -CApath
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8442)
2019-11-03 18:38:23 +01:00
Richard Levitte
3ee348b0dc Change EVP_PKEY_CTX_new_provided() to take a library context too.
With provided algorithms, the library context is ever present, so of
course it should be specified alongside the algorithm name and
property query string.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10308)
2019-11-03 18:33:43 +01:00
Richard Levitte
909ef4de31 doc/man3/OSSL_PARAM.pod: Clarify return_size with integer types
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
(Merged from https://github.com/openssl/openssl/pull/10326)
2019-11-03 11:19:04 +01:00
Rich Salz
6e4618a0d7 Fix L<> entries without sections
Add sections (almost always "(3)" to L<> references that were missing
them. Among other things, this
Fixes: #10226

Also remove two references to non-existant manpages that have never
existed, and with the 3.0 structure, are unlikely to do so.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10240)
2019-10-31 14:26:34 +01:00
Rich Salz
9fcb9702fb Infrastructure for templated doc in POD files
Use new doc-build capabilities
Add -i flag to dofile.
Add doc/man1 to SUBDIRS for the new templated doc files
Rewrite commit a397aca (merged from PR 10118) to use the doc-template stuff.
Put template references in common place
Template options and text come at the end of command-specific options:
opt_x, opt_trust, opt_r (in that order).
Refactor xchain options.
Do doc-nits after building generated sources.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10159)
2019-10-31 14:19:29 +01:00
Jakub Zelenka
2aa28a1abc Fix SYNOPSIS for ASN1_ENUMERATED_get_int64 and ASN1_ENUMERATED_set_int64
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9823)
2019-10-31 11:15:31 +00:00
Dr. David von Oheimb
4dde554c6a chunk 5 of CMP contribution to OpenSSL
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10036)
2019-10-29 14:17:39 +00:00
Matt Caswell
c549cb46e0 Fix a copy&paste error in the TLSv1.3 server side PSK documentation
The introductory paragraph for the TLSv1.3 server side PSK documentation
is a copy & paste of the client side documentation which has not been
updated with the server side equivalent information.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10245)
2019-10-28 13:07:42 +00:00
Pauli
2d3c5ee161 Clarify the description of the NULL argument in SSL_set1_host().
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10253)
2019-10-28 22:16:50 +10:00
Rich Salz
1b0d1bf7f1 Fix broken links, mainly typo's
Also tweak find-doc-nits while fixing a bug (don't need .in files)

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10239)
2019-10-24 08:45:25 -04:00
Rich Salz
d318389eff Document "get/set-app-data" macros.
Documenting the macros removes 14 undocumented items.
Merged three separate manpages into one.
Rename the DRBG CRYPTO_EX define into RAND_DRBG, but keep the old one
for API compatibility.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10216)
2019-10-23 08:31:21 -04:00
Rich Salz
777182a0c7 Document the -inform, etc., in openssl.pod
Add P12 format description.
Remove PEM NOTES sections; it's in openssl.pod

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10142)
2019-10-23 10:53:03 +02:00
Rich Salz
3c77a41b30 Fix some wording and markup
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10214)
2019-10-23 10:24:57 +02:00
Simo Sorce
33f54da3dd Add KRB5KDF from RFC 3961
Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9949)
2019-10-23 08:32:48 +02:00
Nicola Tuveri
eb2ff0408a Fix doc for EC_GROUP_set_curve()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9874)
2019-10-23 00:50:01 +03:00
Nicola Tuveri
4fc55c1da9 Improve formatting for man3/EC_GROUP_new.pod
- Use `()` to qualify function names, consistently
- Limit line width to 80 chars

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9874)
2019-10-23 00:49:46 +03:00