Commit Graph

4151 Commits

Author SHA1 Message Date
Matt Caswell
42659159f4 Undeprecate OPENSSL_VERSION_NUMBER and OpenSSL_version_num()
This macro and function were deprecated in the documentation but not in
the source.

Following an OTC vote the deprecation has been removed from the
documentation.

See https://github.com/openssl/technical-policies/issues/26

Fixes #17517

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17750)
2022-02-24 10:01:59 +11:00
msa42
0bc2fda3d3 doc: Fix KDF example for scrypt
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17745)
2022-02-24 09:23:08 +11:00
Dr. David von Oheimb
a044af49c4 X509V3_get_d2i.pod: use I<> for arguments and remove B<> around NULL
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17724)
2022-02-22 12:05:08 +01:00
Dr. David von Oheimb
2455a21f4e X509V3_get_d2i.pod: Fix glitch on X509V3_get{,_ext}_d2i and align order
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17724)
2022-02-22 12:05:08 +01:00
Dr. David von Oheimb
cd7ec0bca0 CMP: add subject of any provided CSR as default message sender
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17723)
2022-02-22 12:01:57 +01:00
yangyangtiantianlonglong
4a4f446008 doc: Refactored the example in crypto.pod
Added return value and error code in the sample

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17721)
2022-02-20 12:51:52 +01:00
yangyangtiantianlonglong
5272fdca6b doc: Update "SSL/TLS" old documentation description in openssl.pod
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17721)
2022-02-20 12:51:48 +01:00
Dimitris Apostolou
2d17290d2c Fix typo
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17713)
2022-02-20 12:43:20 +01:00
EasySec
7850cc8307 enc : add support for wrap mode
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17691)
2022-02-18 15:04:28 +11:00
Tomas Mraz
7585073892 Apply the correct Apache v2 license
There were still a few files mentioning the old OpenSSL license.

Fixes #17684

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17686)
2022-02-14 10:08:21 +01:00
Rami Khaldi
bb2fb5d7cc Implement a new flag for running s_client in a non-interactive mode
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17097)
2022-02-14 07:58:37 +01:00
Kevin K Biju
378c50f63d Added checking for buflen overflow due to MAX_MISALIGNMENT.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17646)
2022-02-11 13:42:36 +11:00
EasySec
0fdb31669f Fix small typo in EVP_KEYEXCH-ECDH.html doc example
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17657)
2022-02-09 20:07:22 +11:00
Tomas Mraz
f6f4d1cc00 doc: Add hint to use EVP_PKEY_get_bn_param to retrieve big integers
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17423)
2022-02-07 16:28:27 +01:00
Thomas1664
984cc9a028 Correct return type for BIO_ptr_ctrl
Fixes #17549
CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17636)
2022-02-07 11:49:34 +11:00
EasySec
5719dd461f openssl-dgst.pod.in: Fix documentation of -list option
Mention openssl list -digest-algorithms, NOT -digest-commands.

Move option -list just after the related option -digest.

Fix HTML formatting of section 'Examples' by adding missing
newlines and add 2 examples variant to clarify syntax of the
command.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17626)
2022-02-03 14:03:05 +01:00
Phus Lu
13a53fbf13 add SSL_get0_iana_groups() & SSL_client_hello_get_extension_order()
The function/macro allow user get groups/extensions without memory allcations.
So we could calculate the ssl fignerprint(ja3) in low cost.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16910)
2022-02-03 13:45:41 +01:00
EasySec
a841d450a4 Fix bad HTML formatting in EVP_KEYEXCH-DH.html because of missing newline in pod file
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17609)
2022-02-01 14:10:06 +11:00
yangyangtiantianlonglong
a829d53a14 apps: Add option -no_ems to s_client/s_server apps
The option SSL_OP_NO_EXTENDED_MASTER_SECRET was added in #3910.
And it is valid for versions below (D)TLS 1.2.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17597)
2022-01-28 15:32:58 +01:00
Philip Prindeville
a414fd6765 Add -verbose/-queit flags to dhparam
Allow dhparam to run quietly in scripts, etc.

For other commands that took a -verbose flag already, also support -quiet.

For genpkey which only supported -quiet, add the -verbose flag.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17336)
2022-01-28 15:24:41 +01:00
Matt Caswell
7b75b973fb Document purpose and trust setting functions
In particular:
X509_STORE_CTX_set_purpose()
X509_STORE_CTX_set_trust();
X509_STORE_CTX_purpose_inherit();

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17382)
2022-01-27 15:30:04 +00:00
Richard Levitte
17898ec601 Add support for signed BIGNUMs in the OSSL_PARAM_BLD API
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17162)
2022-01-26 21:35:39 +01:00
Richard Levitte
f1719858a0 Add support for signed BIGNUMs in the OSSL_PARAM API
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17162)
2022-01-26 21:35:39 +01:00
Richard Levitte
f5e8050fdc Add signed bn2bin and bin2bn functions
This adds the functions BN_signed_bin2bn(), BN_signed_bn2bin(),
BN_signed_lebin2bn(), BN_signed_bn2lebin(), BN_signed_native2bn(),
and BN_signed_bn2native(), all essentially doing the same job as
BN_bin2bn(), BN_bn2binpad(), BN_lebin2bn(), BN_bn2lebinpad(),
BN_native2bn(), and BN_bn2nativepad(), except that the 'signed'
ones operate on signed number bins in 2's complement form.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17139)
2022-01-20 17:58:08 +01:00
Tobias Nießen
2d280fe016 Clarify flags argument of X509_check_ip
Because no supported flag affects the behavior of X509_check_ip, the
flags argument currently has no effect.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17536)
2022-01-20 11:16:10 +01:00
Pauli
0324ae3e98 doc: document digest and cipher dup functions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17529)
2022-01-19 21:50:22 +11:00
Kevin Jones
f242ce9817 Fix mistake in ERR_peek_error_all documentation.
The `func` parameter was incorrect. It was documented as `const char *func`
instead of `const char **func`.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17522)
2022-01-18 13:32:37 +11:00
EasySec
144316d276 Fix typo in SSL_CTX_set_dh_auto
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17499)
2022-01-17 13:18:11 +11:00
Dr. David von Oheimb
04bc3c1277 Fix malloc failure handling of X509_ALGOR_set0()
Also update and slightly extend the respective documentation and simplify some code.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16251)
2022-01-14 18:47:20 +01:00
Matt Caswell
254217a4a0 Clarify the int param getter documentation
OSSL_PARAMs that are of type OSSL_PARAM_INTEGER or
OSSL_PARAM_UNSIGNED_INTEGER can be obtained using any of the functions
EVP_PKEY_get_int_param(), EVP_PKEY_get_size_t_param() or
EVP_PKEY_get_bn_param(). The former two will fail if the parameter is too
large to fit into the C variable. We clarify this in the documentation.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17445)
2022-01-12 10:14:33 +11:00
Dr. David von Oheimb
2c2724476e APPS: Add check for multiple 'unknown' options
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16416)
2022-01-11 12:45:33 +01:00
Dr. David von Oheimb
6e98b7f153 v2i_AUTHORITY_KEYID(): Improve error reporting on parsing config values/options
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16345)
2022-01-07 10:45:49 +01:00
Dimitris Apostolou
e304aa87b3 Fix typos
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17392)
2022-01-05 12:37:20 +01:00
Dr. David von Oheimb
b971d4198d CMP mock server: add -ref_cert option and corresponding ossl_cmp_mock_srv_set1_refCert()
Fixes #16041

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16050)
2022-01-04 17:04:56 +01:00
Dr. David von Oheimb
acef3b2f84 X509_cmp.pod: Point out that the X509_NAME_cmp() arguments may be NULL
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16050)
2022-01-04 17:04:44 +01:00
Dr. David von Oheimb
b6144bb8c1 X509V3_set_ctx(): Improve documentation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17358)
2022-01-03 12:46:49 +01:00
Tomas Mraz
5b5342e04f pem_password_cb: Clarify the documentation on passphrases
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17320)
2022-01-03 10:35:36 +01:00
Dr. David von Oheimb
ad1a1d715d APPS/cmp: improve diagnostics for presence of TLS options
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16747)
2021-12-30 15:04:07 +01:00
Dr. David von Oheimb
6be83cc655 OSSL_CMP_CTX: rename get/set function for trustedStore
This makes the naming more consistent, in a backward-compatible way

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17277)
2021-12-30 09:37:05 +01:00
Michael Baentsch
40586e462d document additional stack push error code
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17350)

(cherry picked from commit 0caf281324)
2021-12-28 12:02:48 +01:00
Dr. David von Oheimb
cdaf072f90 HTTP client: Fix cleanup of TLS BIO via 'bio_update_fn' callback function
Make app_http_tls_cb() tidy up on disconnect the SSL BIO it pushes on connect.
Make OSSL_HTTP_close() respect this.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17318)
2021-12-22 12:24:24 +01:00
Dr. David von Oheimb
79b2a2f2ee add OSSL_STACK_OF_X509_free() for commonly used pattern
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17307)
2021-12-21 12:11:49 +01:00
Dr. David von Oheimb
a56bb5d64e APPS/cmp: Fix logic and doc of mutually exclusive -server/-use_mock_srv/-port/-rspin options
Ignore -server with -rspin and exclude all of -use_mock_srv/-port/-rspin.
On the other hand, -server is required if no -use_mock_srv/-port/-rspin is given.
Ignore -tls_used with -use_mock_srv and -rspin; it is not supported with -port.
If -server is not given, ignore -proxy, -no_proxy, and -tls_used.
Also slightly improve the documentation of the two mock server variants.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17254)
2021-12-15 11:47:10 +01:00
Richard Levitte
e67254e4c3 Enhance the explanation of selector bits in provider-keymgmt(7)
This uncovers what has been a mere comment in an attempt to clarify
that the use of selector bits is very much at the discretion of the
provider implementation.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16765)
2021-12-13 07:52:53 +01:00
Richard Levitte
f3ba626538 Fix EVP_PKEY_eq() to be possible to use with strictly private keys
EVP_PKEY_eq() assumed that an EVP_PKEY always has the public key
component if it has a private key component.  However, this assumption
no longer strictly holds true, at least for provider backed keys.
EVP_PKEY_eq() therefore needs to be modified to specify that the
private key should be checked too (at the discretion of what's
reasonable for the implementation doing the actual comparison).

Fixes #16267

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16765)
2021-12-13 07:52:53 +01:00
Richard Levitte
391ce6d980 Fix faulty detail in BN_rand() manual
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17131)
2021-12-11 09:22:58 +01:00
Sam Eaton
44fde44193 changes opensssl typos to openssl
CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17191)
2021-12-10 15:18:22 +11:00
Dr. David von Oheimb
83b424c3f6 APPS/cmp: Fix use of OPENSSL_NO_SOCK: options like -server do not make sense with no-sock
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17226)
2021-12-09 20:17:44 +01:00
Matt Caswell
b0be101326 Fix documentation for tlsext_ticket_key
The tlsext_ticket_key functions are documented as returning 0 on success.
In fact they return 1 on success.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17210)
2021-12-07 14:23:58 +00:00
Dr. David von Oheimb
317acac5cc X509V3_set_ctx(): Clarify subject/req parameter for constructing SAN email addresses from subject DN
Also slightly improve the style of the respective code in crypto/x509/v3_san.c.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17145)
2021-12-07 15:14:49 +01:00