Commit Graph

795 Commits

Author SHA1 Message Date
Jakub Zelenka
2aa28a1abc Fix SYNOPSIS for ASN1_ENUMERATED_get_int64 and ASN1_ENUMERATED_set_int64
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9823)
2019-10-31 11:15:31 +00:00
Dr. David von Oheimb
4dde554c6a chunk 5 of CMP contribution to OpenSSL
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10036)
2019-10-29 14:17:39 +00:00
Matt Caswell
c549cb46e0 Fix a copy&paste error in the TLSv1.3 server side PSK documentation
The introductory paragraph for the TLSv1.3 server side PSK documentation
is a copy & paste of the client side documentation which has not been
updated with the server side equivalent information.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10245)
2019-10-28 13:07:42 +00:00
Pauli
2d3c5ee161 Clarify the description of the NULL argument in SSL_set1_host().
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10253)
2019-10-28 22:16:50 +10:00
Rich Salz
1b0d1bf7f1 Fix broken links, mainly typo's
Also tweak find-doc-nits while fixing a bug (don't need .in files)

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10239)
2019-10-24 08:45:25 -04:00
Rich Salz
d318389eff Document "get/set-app-data" macros.
Documenting the macros removes 14 undocumented items.
Merged three separate manpages into one.
Rename the DRBG CRYPTO_EX define into RAND_DRBG, but keep the old one
for API compatibility.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10216)
2019-10-23 08:31:21 -04:00
Rich Salz
3c77a41b30 Fix some wording and markup
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10214)
2019-10-23 10:24:57 +02:00
Simo Sorce
33f54da3dd Add KRB5KDF from RFC 3961
Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9949)
2019-10-23 08:32:48 +02:00
Nicola Tuveri
eb2ff0408a Fix doc for EC_GROUP_set_curve()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9874)
2019-10-23 00:50:01 +03:00
Nicola Tuveri
4fc55c1da9 Improve formatting for man3/EC_GROUP_new.pod
- Use `()` to qualify function names, consistently
- Limit line width to 80 chars

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9874)
2019-10-23 00:49:46 +03:00
Nicola Tuveri
4a7a497229 Deprecate EC_GROUP_clear_free()
There is nothing confidential in `EC_GROUP` so really having a
`EC_GROUP_clear_free` function at all does not make much sense anymore.

See https://github.com/openssl/openssl/issues/9822

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9874)
2019-10-23 00:49:46 +03:00
jayaram
df3d1e84b3 fixed the RETURN VALUES section in the EC_GROUP documentation
for the following functions.

EC_GROUP_get_order
EC_GROUP_get_cofactor
EC_GROUP_get_curve_name
EC_GROUP_get_asn1_flag
EC_GROUP_get_point_conversion_form
EC_GROUP_get_degree

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9664)
2019-10-22 13:45:42 +03:00
Richard Levitte
f545346211 Move the version function declarations to include/openssl/crypto.h
include/openssl/crypto.h is where older similar functions already
live, and since opensslv.h became a template, it's no longer useful
for parsing by util/mknum.pl.

Affected declarations:

 unsigned int OPENSSL_version_major(void);
 unsigned int OPENSSL_version_minor(void);
 unsigned int OPENSSL_version_patch(void);
 const char *OPENSSL_version_pre_release(void);
 const char *OPENSSL_version_build_metadata(void);

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10205)
2019-10-18 12:22:00 +02:00
Richard Levitte
506cb0f632 EVP: add functions that return the name number
The returned number can be used for comparison purposes.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9979)
2019-10-17 09:16:45 +02:00
Richard Levitte
f651c727f8 EVP: add name traversal functions to all fetchable types
The following new functions all do the same thing; they traverse
the set of names assigned to implementations of each algorithm type:

EVP_MD_names_do_all(), EVP_CIPHER_names_do_all(),
EVP_MAC_names_do_all(), EVP_KEYMGMT_names_do_all(),
EVP_KEYEXCH_names_do_all(), EVP_KDF_names_do_all(),
EVP_SIGNATURE_names_do_all()

We add a warning to the documentation of EVP_CIPHER_name() and
EVP_MD_name(), as they aren't suitable to use with multiple-name
implementation.

We also remove EVP_MAC_name() and evp_KDF_name(), as they serve no
useful purpose.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9979)
2019-10-17 09:16:45 +02:00
Richard Levitte
251e610ce4 EVP: add missing common functionality
This adds the missing functions that should be common for all
fetchable EVP sub-APIs:

EVP_KEYMGMT_is_a(), EVP_KEYMGMT_do_all_provided(), EVP_KEYEXCH_is_a(),
EVP_KEYEXCH_do_all_provided(), EVP_KDF_is_a(), EVP_MD_is_a(),
EVP_SIGNATURE_do_all_provided(), EVP_SIGNATURE_is_a().

This also renames EVP_MD_do_all_ex(), EVP_CIPHER_do_all_ex(),
EVP_KDF_do_all_ex(), EVP_MAC_do_all_ex() to change '_ex'
to '_provided'.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9979)
2019-10-17 09:16:45 +02:00
Richard Levitte
ee2161e8a6 Some docs cleanup
Clean up a few manual pages that we're about to touch, according to
conventions found in Linux' man-pages(7); function arguments in
descriptions should be in italics, and types, macros and similar
should be in bold, with the exception for NULL.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9979)
2019-10-17 09:16:44 +02:00
Richard Levitte
028687c08b doc/man3/EVP_PKEY_CTX_new.pod: change markup according to conventions
Convention source is man-pages(7)

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10184)
2019-10-16 15:02:05 +02:00
Richard Levitte
a07c17ef57 Add EVP_PKEY_CTX_new_provided()
This works as much as possible EVP_PKEY_CTX_new_id(), except it takes
data that's relevant for providers, algorithm name and property query
string instead of NID and engine.

Additionally, if EVP_PKEY_CTX_new() or EVP_PKEY_CTX_new_id() was
called, the algorithm name in the EVP_PKEY context will be set to the
short name of the given NID (explicit or the one of the given
EVP_PKEY), thereby giving an easier transition from legacy methods to
provided methods.

The intent is that operations will use this information to fetch
provider methods implicitly as needed.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10184)
2019-10-16 15:02:05 +02:00
Kurt Roeckx
42619397eb Add BN_check_prime()
Add a new API to test for primes that can't be misused, deprecated the
old APIs.

Suggested by Jake Massimo and Kenneth Paterson

Reviewed-by: Paul Dale <paul.dale@oracle.com>
GH: #9272
2019-10-14 22:54:02 +02:00
Richard Levitte
f7397f0d58 Fix EVP_Cipher() for provided cipher implementations
EVP_Cipher() would return whatever ctx->cipher->ccipher() returned
with no regard for historical semantics.

We change this to first look if there is a ctx->cipher->ccipher(), and
in that case we treat the implementation as one with a custom cipher,
and "translate" it's return value like this: 0 => -1, 1 => outl, where
|outl| is the output length.

If there is no ctx->cipher->ccipher, we treat the implementation as
one without a custom cipher, call ctx->cipher->cupdate or
ctx->cipher->cfinal depending on input, and return whatever they
return (0 or 1).

Furthermore, we add a small hack in EVP_CIPHER_flags() to check if the
cipher is a provided one, and add EVP_CIPH_FLAG_CUSTOM_CIPHER to the
flags to be returned if there is a cipher->ccipher.  That way,
provided implementations never have to set that flag themselves, all
they need to do is to include a OSSL_FUNC_CIPHER_CIPHER function.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10137)
2019-10-11 15:55:36 +02:00
Richard Levitte
bb82531f65 POD: stop abusing comment
OpenSSL uses some POD directives masquerading as 'comment'
('=for comment' etc).  This is abusive and confusing.  Instead, we use
our own keyword.

    =for openssl whatever

    =begin openssl

    whatever

    =end openssl

(we have never used the multiline form, but might start one day)

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10048)
2019-10-11 15:30:57 +02:00
Rich Salz
120cc03427 Fix reference to PEM docs
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10101)
2019-10-09 17:44:04 +02:00
Richard Levitte
9a6abb95be Add documentation for PEM_{read,write}_bio_Parameters()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10113)
2019-10-07 11:35:44 +02:00
Matt Caswell
a0b6c1ffd0 Update documentation
Add documentation for EVP_DigestSignInit_ex() and
EVP_DigestVerifyInit_ex(), and add an appropriate CHANGES entry.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10013)
2019-10-03 09:47:12 +01:00
Christian Heimes
091aab66a6 doc: EVP_DigestInit clears all flags
Mention that EVP_DigestInit() also clears all flags.

Fixes: 10031
Signed-off-by: Christian Heimes <christian@python.org>

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10032)
2019-10-03 10:38:47 +10:00
Rich Salz
9c0586d5fc Fix errors found by new find-doc-nits
Also patch find-doc-nits to ignore a Microsoft trademark and not
flag it as a spelling error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10023)
2019-10-03 10:33:54 +10:00
Richard Levitte
bbecf04e78 Make manuals with TYPE conform with man-pages(7)
Details from man-pages(7) that are used:

    Formatting conventions for manual pages describing functions

        ...
        Variable names should, like argument names, be specified in italics.
        ...

    Formatting conventions (general)

        ...
        Special macros, which are usually in uppercase, are in bold.
        Exception: don't boldface NULL.
        ...

Furthermore, for TYPE used as a placeholder for types and correponding
part of function names, we extrapolate that it's both a type and a
variable, and should therefore be bold (typical for types and function
names) and italic (typical for variables).  POD processors don'e know
this, so we have to help them along.  Therefore:

   SPARSE_ARRAY_OF(TYPE)        => B<SPARSE_ARRAY_OF>(B<I<TYPE>>)
   ossl_sa_TYPE_num()           => B<ossl_sa_I<TYPE>_num>()
   TYPE                         => B<I<TYPE>>

There are some other less typical uses where one simply has to give
formatting some extra though.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10041)
2019-10-01 22:34:03 +02:00
Richard Levitte
723e9c8983 Make ASN1 manuals conform with man-pages(7)
Details from man-pages(7) that are used:

    Formatting conventions for manual pages describing functions

        ...
        Variable names should, like argument names, be specified in italics.
        ...

    Formatting conventions (general)

        ...
        Special macros, which are usually in uppercase, are in bold.
        Exception: don't boldface NULL.
        ...

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10042)
2019-10-01 22:31:30 +02:00
Rich Salz
e8769719c9 Consistent formatting of flags with args
For documentation of all commands with "-flag arg" format them
consistently: "B<-flag> I<arg>", except when arg is literal
(for example "B<-inform> B<PEM>|B<DER>")
Update find-doc-nits to complain if badly formatted strings are found.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10022)
2019-10-01 08:36:58 +02:00
Richard Levitte
dfe1752c84 Make ASYNC manuals conform with man-pages(7)
Details from man-pages(7) that are used:

     Formatting conventions for manual pages describing functions

         ...
         Variable names should, like argument names, be specified in italics.
         ...

     Formatting conventions (general)

         ...
         Special macros, which are usually in uppercase, are in bold.
         Exception: don't boldface NULL.
         ...

Additionally, expanded some lists to make better use of POD formatting.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10043)
2019-09-30 18:02:32 +02:00
Matt Caswell
84f471ecab Correct the function names in SSL_CTX_set_stateless_cookie_generate_cb.pod
Although the synopsis used the correct function names, the description did
not. Also the description of the equivalent DTLSv1_listen() callbacks was
missing, so these have been added.

Fixes #10030

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10033)
2019-09-30 15:30:57 +01:00
Dr. David von Oheimb
df0822688f Make default values by ERR_get_error_all() and friends more consistent
Unset data defaults to the empty string ("") or 0.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9948)
2019-09-30 10:29:01 +02:00
Pauli
41f7ecf30d Consistent naming for context gettable param queries .
All instances of EVP_*_CTX_gettable_params functions have been renamed
to EVP_*_gettable_ctx_params.  Except for the EVP_MD ones which were changed
already.

These functions do not take EVP_*_CTX arguments so their prior naming was
misleading.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10052)
2019-09-27 19:32:55 +10:00
Richard Levitte
8f3b8fd6f4 OSSL_PARAM functions: change to allow the data field to be NULL
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10025)
2019-09-27 19:03:34 +02:00
Richard Levitte
d4d2878347 OSSL_PARAM.pod: document the mechanism to figure out buffer sizes
When requesting parameters, it's acceptable to make a first pass with
the |data| field of some parameters being NULL.  That can be used to
help the requestor to figure out dynamically what buffer size is
needed.  For variable size parameters, there's no other way to find
out.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10025)
2019-09-27 19:03:33 +02:00
Dr. David von Oheimb
7960dbec68 Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712)

    CMP and CRMF API is added to libcrypto, and the "cmp" app to the openssl CLI.
        Adds extensive man pages and tests.  Integration into build scripts.

    Incremental pull request based on OpenSSL commit 8869ad4a39 of 2019-04-02

    4th chunk: CMP context/parameters and utilities
    in crypto/cmp/cmp_ctx.c, crypto/cmp/cmp_util.c, and related files

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9107)
2019-09-27 10:53:11 +01:00
Pauli
0c452a51a5 Reformat param description lines
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10024)
2019-09-27 16:21:51 +10:00
Pauli
42462e4016 Use OSSL_PARAM types. Limits are explained in the description where appropriate.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10011)
2019-09-26 07:10:41 +10:00
Pauli
560ac83b0b KDF section 3 clean up
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10011)
2019-09-26 07:10:41 +10:00
Patrick Steuer
19bd1fa1ef s390x assembly pack: accelerate X25519, X448, Ed25519 and Ed448
using PCC and KDSA instructions.

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10004)
2019-09-25 15:53:53 +02:00
Matt Caswell
e6879a31ef Make EVP_MD_CTX_[gettable|settable]_params() take an EVP_MD_CTX
EVP_MD_CTX_gettable_params() and EVP_MD_CTX_settable_params() were
confusingly named because they did not take an EVP_MD_CTX parameter.

In addition we add the functions EVP_MD_gettable_ctx_params() and
EVP_MD_settable_ctx_params() which do the same thing but are passed
an EVP_MD object instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9998)
2019-09-25 12:06:21 +01:00
Pauli
9bd9c440c1 Remove engine param from EVP_KDF and EVP_MAC documentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9971)
2019-09-25 11:20:42 +10:00
Richard Levitte
7c2a981ff7 DOC: fix documentation of som EVP_MD_CTX functions
They were documented to take an EVP_MD pointer, when they really take
an EVP_MD_CTX pointer.

Fixes #9993

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9996)
2019-09-24 14:42:14 +02:00
Richard Levitte
7cfa1717b8 Modify providers that keep track of underlying algorithms
With some provider implementations, there are underlying ciphers,
digests and macs.  For some of them, the name was retrieved from the
method, but since the methods do not store those any more, we add
different mechanics.

For code that needs to pass on the name of a cipher or diges via
parameters, we simply locally store the name that was used when
fetching said cipher or digest.  This will ensure that any underlying
code that needs to fetch that same cipher or digest does so with the
exact same name instead of any random name from the set of names
associated with the algorithm.

For code that needs to check what kind of algorithm was passed, we
provide EVP_{type}_is_a(), that returns true if the given method has
the given name as one of its names.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9897)
2019-09-19 14:58:17 +02:00
Pauli
b1cabee8ce Use PARAMETERS instead of PARAMETER NAMES for the heading for consistency.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9905)
2019-09-18 18:36:13 +10:00
Pauli
2710e8a888 Use "PARAMETERS" in the documentation headings.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9906)
2019-09-16 11:15:25 +10:00
Jan-Frederik Rieckers
64c1e74572 Fix small typo in doc for X509_STORE_CTX_new
CLA: trivial

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9894)
2019-09-15 10:04:43 +02:00
Pauli
7b6b194b52 Use param types instead of native types in the param descriptions
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9891)
2019-09-14 10:55:13 +10:00
Pauli
f4651268b4 Use param types for parameter descriptions. Mention a size_t limit to those where it makes sense.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9891)
2019-09-14 10:55:13 +10:00