Commit Graph

2343 Commits

Author SHA1 Message Date
Antoine Salon
ac48fba036 Deprecate SSL_set_tmp_ecdh
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
2018-11-15 10:53:47 +00:00
Antoine Salon
ebfd055b29 Making SRP_user_pwd functions public
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
2018-11-15 10:53:47 +00:00
Antoine Salon
51f03f1227 Added SRP_VBASE_add0_user()
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
2018-11-15 10:53:47 +00:00
Antoine Salon
495a1e5c3a SRP module documentation
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
2018-11-15 10:53:47 +00:00
Antoine Salon
d9720a5992 Add SSL_CTX_set_tmp_ecdh.pod
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
2018-11-15 10:41:37 +00:00
Antoine Salon
dc703d6b46 SSL extra chain certificates doc
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
2018-11-15 10:41:37 +00:00
Shane Lontis
6e624a6453 KMAC implementation using EVP_MAC
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7597)
2018-11-14 07:01:09 +10:00
Viktor Dukhovni
a51c9f637c Added missing signature algorithm reflection functions
SSL_get_signature_nid()      -- local signature algorithm
    SSL_get_signature_type_nid() -- local signature algorithm key type
    SSL_get_peer_tmp_key()       -- Peer key-exchange public key
    SSL_get_tmp_key              -- local key exchange public key

Aliased pre-existing SSL_get_server_tmp_key(), which was formerly
just for clients, to SSL_get_peer_tmp_key().  Changed internal
calls to use the new name.

Reviewed-by: Matt Caswell <matt@openssl.org>
2018-11-12 16:55:38 -05:00
Matt Caswell
6e68dae85a Merge the CA list documentation for clarity
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7503)
2018-11-12 14:29:11 +00:00
Matt Caswell
9873297900 Separate ca_names handling for client and server
SSL(_CTX)?_set_client_CA_list() was a server side only function in 1.1.0.
If it was called on the client side then it was ignored. In 1.1.1 it now
makes sense to have a CA list defined for both client and server (the
client now sends it the the TLSv1.3 certificate_authorities extension).
Unfortunately some applications were using the same SSL_CTX for both
clients and servers and this resulted in some client ClientHellos being
excessively large due to the number of certificate authorities being sent.

This commit seperates out the CA list updated by
SSL(_CTX)?_set_client_CA_list() and the more generic
SSL(_CTX)?_set0_CA_list(). This means that SSL(_CTX)?_set_client_CA_list()
still has no effect on the client side. If both CA lists are set then
SSL(_CTX)?_set_client_CA_list() takes priority.

Fixes #7411

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7503)
2018-11-12 14:29:02 +00:00
Dmitry Belyavskiy
59fbc8ef9a Some deabbreviations
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7614)
2018-11-12 07:56:05 +10:00
David Woodhouse
ecbb2fca93 Add EVP_PKEY_supports_digest_nid()
Rather than relying only on mandatory default digests, add a way for
the EVP_PKEY to individually report whether each digest algorithm is
supported.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7408)
2018-11-10 03:23:14 +02:00
Matt Caswell
680bd131b6 Give a better error if an attempt is made to set a zero length groups list
Previously we indicated this as a malloc failure which isn't very
helpful.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7479)
2018-11-08 11:27:03 +00:00
Paul Yang
c1da4b2afe Add poly1305 MAC support
This is based on the latest EVP MAC interface introduced in PR #7393.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7459)
2018-11-05 13:07:07 +08:00
Pauli
748099b9e9 Clarify the POD source for the list command.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7563)
2018-11-05 09:20:19 +10:00
Pauli
afc580b9b0 GMAC implementation
Remove GMAC demo program because it has been superceded by the EVP MAC one

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7548)
2018-11-05 08:09:41 +10:00
Richard Levitte
2b201ce941 doc/man7/EVP_MAC_*.pod: incorrect english corrected
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7552)
2018-11-02 15:00:26 +01:00
Richard Levitte
d91d443f0d apps: Stop pretending to care about Netscape keys
The documentation says some commands care, but the code says differently.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7440)
2018-11-02 10:58:35 +01:00
Paul Yang
e5a8712d03 Fix a doc-nit in EVP_PKEY_CTX_ctrl.pod
[skip-ci]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7546)
2018-11-02 12:05:56 +08:00
Pauli
0d1f7ae3c9 openssl list -mac-algorithms support.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7541)
2018-11-02 08:01:09 +10:00
Richard Levitte
c89d9cdab1 EVP_MAC: Add SipHash implementation
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7494)
2018-10-30 08:09:07 +01:00
Richard Levitte
6723f86746 EVP_MAC: Add HMAC implementation
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7483)
2018-10-30 05:49:54 +01:00
Richard Levitte
f71faf2753 EVP_MAC: Add CMAC implementation
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7484)
2018-10-30 05:34:50 +01:00
Richard Levitte
567db2c17d Add EVP_MAC API
We currently implement EVP MAC methods as EVP_PKEY methods.  This
change creates a separate EVP API for MACs, to replace the current
EVP_PKEY ones.

A note about this EVP API and how it interfaces with underlying MAC
implementations:

Other EVP APIs pass the EVP API context down to implementations, and
it can be observed that the implementations use the pointer to their
own private data almost exclusively.  The EVP_MAC API deviates from
that pattern by passing the pointer to the implementation's private
data directly, and thereby deny the implementations access to the
EVP_MAC context structure.  This change is made to provide a clearer
separation between the EVP library itself and the implementations of
its supported algorithm classes.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7393)
2018-10-29 13:35:19 +01:00
Patrick Steuer
d68af00685 s390x assembly pack: add OPENSSL_s390xcap man page.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6813)
2018-10-17 14:03:59 +02:00
Antoine Salon
ffd89124bd EVP module documentation pass
Replace ECDH_KDF_X9_62() with internal ecdh_KDF_X9_63()

Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7345)
2018-10-17 13:22:14 +03:00
Paul Yang
19ac1bf2de Fix compiling warnings in example code
The example code in EVP_DigestInit.pod generates warnings if users try
to compile it.

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7362)
2018-10-11 11:17:36 +08:00
Benjamin Kaduk
3d362f1903 apps: allow empty attribute values with -subj
Historically (i.e., OpenSSL 1.0.x), the openssl applications would
allow for empty subject attributes to be passed via the -subj argument,
e.g., `opensl req -subj '/CN=joe/O=/OU=local' ...`.  Commit
db4c08f019 applied a badly needed rewrite
to the parse_name() helper function that parses these strings, but
in the process dropped a check that would skip attributes with no
associated value.  As a result, such strings are now treated as
hard errors and the operation fails.

Restore the check to skip empty attribute values and restore
the historical behavior.

Document the behavior for empty subject attribute values in the
corresponding applications' manual pages.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7349)
2018-10-08 16:32:47 -05:00
Ԝеѕ
4fef4981f8 Cleanup typos and grammar in DES_random_key.pod
CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7356)
2018-10-08 09:09:15 +02:00
Shane Lontis
f3002a2ed3 Change DRBG's to DRBGs
Minor change to documentation of RAND_DRBG_set_defaults()

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7326)
2018-10-02 09:25:59 +10:00
Richard Levitte
8ddbff9c08 'openssl list': add option -objects to list built in objects
Related to #6696

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6702)
2018-10-01 15:33:28 +02:00
Shane Lontis
8bf3665196 Added DRBG_HMAC & DRBG_HASH + Added defaults for setting DRBG for master/public/private + renamed generate_counter back to reseed_counter + generated new cavs data tests
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6779)
2018-09-28 07:22:13 +10:00
Antoine Salon
1362190b1b Add missing cipher aliases to openssl(1)
And references to other manpages are also added in openssl(1).

Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7314)
2018-09-26 16:58:17 +08:00
James Callahan
306bb728d7 doc/man3/SSL_set_bio.pod: Fix wrong function name in return values section
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7035)
2018-09-26 11:33:42 +08:00
Antoine Salon
eadde90bff Update enc(1) examples to more recent ciphers and key derivation algorithms
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7248)
2018-09-25 21:18:04 +03:00
Daniel Bevenius
7c69495712 Document OPENSSL_VERSION_TEXT macro
This commit documents the OPENSSL_VERSION_TEXT which is currently
missing in the man page.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7301)
2018-09-24 12:00:22 +02:00
Paul Yang
41a6fa74e6 Add some missing ciphers in 'enc' document
The original issue is #7273 and this commit fixes part of that issue.

[skip ci]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7275)
2018-09-20 23:38:52 +08:00
David Makepeace
d474100af0 Fixed typos in hkdf documentation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7236)
2018-09-17 13:46:08 +10:00
Pauli
972f67889b Use 'i' as parameter name not 'I'.
The latter causes problems when complex.h is #included.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7233)
2018-09-17 09:14:03 +10:00
Matt Eaton
01e04f444d Update RAND_DRBG.pod
Fixed a minor typo while reading the documentation.
I agree that this contribution is trivial can be freely used.

CLA: trivial

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7221)
2018-09-17 01:56:47 +03:00
Kurt Roeckx
8e593f0a0d Improve SSL_shutdown() documentation
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
GH: #7188
2018-09-16 13:39:44 +02:00
Matt Caswell
6ef40f1fc0 Don't allow -early_data with other options where it doesn't work
-early_data is not compatible with -www, -WWW, -HTTP or -rev.

Fixes #7200

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7206)
2018-09-13 10:06:09 +01:00
Pauli
f88b9b7915 Speed for HMACs.
Add support for HMAC over any evp supported digest.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6945)
2018-09-12 08:54:21 +10:00
Matt Caswell
1212818eb0 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7176)
2018-09-11 13:45:17 +01:00
Matt Caswell
7789055376 Remove a reference to SSL_force_post_handshake_auth()
That function was removed in favour of SSL_set_post_handshake_auth().
Update the docs accordingly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7139)
2018-09-07 11:17:55 +01:00
Paul Yang
f922dac87d Add missing SM2err and fix doc nits
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07 18:12:26 +08:00
Paul Yang
81c7945388 Allow EVP_MD_CTX_set_pkey_ctx to accept NULL pctx
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07 18:12:26 +08:00
Paul Yang
571286b0a4 Add a SM2(7) man page
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07 18:12:26 +08:00
Paul Yang
675f4ceef8 Update document for SM2 stuffs
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07 18:12:26 +08:00
Paul Yang
d3a9fb10ee Support EdDSA in apps/speed
This addresses issue #6922.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7073)
2018-09-07 14:39:19 +08:00