Commit Graph

2320 Commits

Author SHA1 Message Date
Richard Levitte
567db2c17d Add EVP_MAC API
We currently implement EVP MAC methods as EVP_PKEY methods.  This
change creates a separate EVP API for MACs, to replace the current
EVP_PKEY ones.

A note about this EVP API and how it interfaces with underlying MAC
implementations:

Other EVP APIs pass the EVP API context down to implementations, and
it can be observed that the implementations use the pointer to their
own private data almost exclusively.  The EVP_MAC API deviates from
that pattern by passing the pointer to the implementation's private
data directly, and thereby deny the implementations access to the
EVP_MAC context structure.  This change is made to provide a clearer
separation between the EVP library itself and the implementations of
its supported algorithm classes.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7393)
2018-10-29 13:35:19 +01:00
Patrick Steuer
d68af00685 s390x assembly pack: add OPENSSL_s390xcap man page.
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6813)
2018-10-17 14:03:59 +02:00
Antoine Salon
ffd89124bd EVP module documentation pass
Replace ECDH_KDF_X9_62() with internal ecdh_KDF_X9_63()

Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7345)
2018-10-17 13:22:14 +03:00
Paul Yang
19ac1bf2de Fix compiling warnings in example code
The example code in EVP_DigestInit.pod generates warnings if users try
to compile it.

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7362)
2018-10-11 11:17:36 +08:00
Benjamin Kaduk
3d362f1903 apps: allow empty attribute values with -subj
Historically (i.e., OpenSSL 1.0.x), the openssl applications would
allow for empty subject attributes to be passed via the -subj argument,
e.g., `opensl req -subj '/CN=joe/O=/OU=local' ...`.  Commit
db4c08f019 applied a badly needed rewrite
to the parse_name() helper function that parses these strings, but
in the process dropped a check that would skip attributes with no
associated value.  As a result, such strings are now treated as
hard errors and the operation fails.

Restore the check to skip empty attribute values and restore
the historical behavior.

Document the behavior for empty subject attribute values in the
corresponding applications' manual pages.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7349)
2018-10-08 16:32:47 -05:00
Ԝеѕ
4fef4981f8 Cleanup typos and grammar in DES_random_key.pod
CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7356)
2018-10-08 09:09:15 +02:00
Shane Lontis
f3002a2ed3 Change DRBG's to DRBGs
Minor change to documentation of RAND_DRBG_set_defaults()

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7326)
2018-10-02 09:25:59 +10:00
Richard Levitte
8ddbff9c08 'openssl list': add option -objects to list built in objects
Related to #6696

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6702)
2018-10-01 15:33:28 +02:00
Shane Lontis
8bf3665196 Added DRBG_HMAC & DRBG_HASH + Added defaults for setting DRBG for master/public/private + renamed generate_counter back to reseed_counter + generated new cavs data tests
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6779)
2018-09-28 07:22:13 +10:00
Antoine Salon
1362190b1b Add missing cipher aliases to openssl(1)
And references to other manpages are also added in openssl(1).

Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7314)
2018-09-26 16:58:17 +08:00
James Callahan
306bb728d7 doc/man3/SSL_set_bio.pod: Fix wrong function name in return values section
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7035)
2018-09-26 11:33:42 +08:00
Antoine Salon
eadde90bff Update enc(1) examples to more recent ciphers and key derivation algorithms
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7248)
2018-09-25 21:18:04 +03:00
Daniel Bevenius
7c69495712 Document OPENSSL_VERSION_TEXT macro
This commit documents the OPENSSL_VERSION_TEXT which is currently
missing in the man page.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7301)
2018-09-24 12:00:22 +02:00
Paul Yang
41a6fa74e6 Add some missing ciphers in 'enc' document
The original issue is #7273 and this commit fixes part of that issue.

[skip ci]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7275)
2018-09-20 23:38:52 +08:00
David Makepeace
d474100af0 Fixed typos in hkdf documentation.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7236)
2018-09-17 13:46:08 +10:00
Pauli
972f67889b Use 'i' as parameter name not 'I'.
The latter causes problems when complex.h is #included.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7233)
2018-09-17 09:14:03 +10:00
Matt Eaton
01e04f444d Update RAND_DRBG.pod
Fixed a minor typo while reading the documentation.
I agree that this contribution is trivial can be freely used.

CLA: trivial

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7221)
2018-09-17 01:56:47 +03:00
Kurt Roeckx
8e593f0a0d Improve SSL_shutdown() documentation
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
GH: #7188
2018-09-16 13:39:44 +02:00
Matt Caswell
6ef40f1fc0 Don't allow -early_data with other options where it doesn't work
-early_data is not compatible with -www, -WWW, -HTTP or -rev.

Fixes #7200

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7206)
2018-09-13 10:06:09 +01:00
Pauli
f88b9b7915 Speed for HMACs.
Add support for HMAC over any evp supported digest.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6945)
2018-09-12 08:54:21 +10:00
Matt Caswell
1212818eb0 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7176)
2018-09-11 13:45:17 +01:00
Matt Caswell
7789055376 Remove a reference to SSL_force_post_handshake_auth()
That function was removed in favour of SSL_set_post_handshake_auth().
Update the docs accordingly.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7139)
2018-09-07 11:17:55 +01:00
Paul Yang
f922dac87d Add missing SM2err and fix doc nits
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07 18:12:26 +08:00
Paul Yang
81c7945388 Allow EVP_MD_CTX_set_pkey_ctx to accept NULL pctx
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07 18:12:26 +08:00
Paul Yang
571286b0a4 Add a SM2(7) man page
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07 18:12:26 +08:00
Paul Yang
675f4ceef8 Update document for SM2 stuffs
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07 18:12:26 +08:00
Paul Yang
d3a9fb10ee Support EdDSA in apps/speed
This addresses issue #6922.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7073)
2018-09-07 14:39:19 +08:00
Matt Caswell
8ec2bde994 Clarify the return value of SSL_client_version()
The SSL_client_version() function returns the value held in the
legacy_version field of the ClientHello. This is never greater than
TLSv1.2, even if TLSv1.3 later gets negotiated.

Fixes #7079

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7095)
2018-09-04 11:34:40 +01:00
Matt Caswell
f097e87598 Clarify the EVP_DigestSignInit docs
They did not make it clear how the memory management works for the |pctx|
parameter.

Fixes #7037

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7042)
2018-09-04 11:16:05 +01:00
Jakub Wilk
785e614a95 Fix example in crl(1) man page
The default input format is PEM, so explicit "-inform DER" is needed to
read DER-encoded CRL.

CLA: trivial

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7094)
2018-09-04 12:01:24 +02:00
Richard Levitte
64a48fc7f0 Rename SSL[_CTX]_add1_CA_list -> SSL[_CTX]_add1_to_CA_list
They add a single item, so the names give a false impression of what
they do, making them hard to remember.  Better to give them a somewhat
better name.

Fixes #6930

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6931)
2018-09-03 13:10:17 +02:00
Paul Kehrer
6ad952ba75 add docs for OCSP_resp_get0_signature
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7082)
2018-09-03 06:07:22 +02:00
Paul Kehrer
20c3672174 add getter for tbsResponseData and signatureAlgorithm on OCSP_BASICRESP
fixes #7081

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7082)
2018-09-03 06:07:22 +02:00
Matt Caswell
354e010757 Add a note in the docs about sharing PSKs between TLSv1.2 and TLSv1.3
Fixes #6490

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7044)
2018-09-01 09:06:10 +08:00
Hubert Kario
322755cc2a TLSv1.3 related changes to man pages
Add or update the documentation of the different man pages in relation to TLSv1.3 behaviour.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/6939)
2018-09-01 08:45:04 +08:00
Paul Yang
21ebd2fc3f Add semicolon at the end of the function prototypes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7041)
2018-08-24 20:45:47 +08:00
parasssh
fa332bba91 Fix typos in documentation.
CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7038)
2018-08-22 22:42:11 -07:00
Andy Polyakov
2d162ea93f man3/OBJ_nid2obj.pod: mention failure code for OBJ_create.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6998)
2018-08-22 21:37:43 +02:00
Matt Caswell
f112dc82a4 Ignore the digest in req app if using EdDSA
This follows on from the previous commit, and makes the same change to
ignore the digest if we are using EdDSA.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6901)
2018-08-22 16:35:54 +01:00
Matt Caswell
aabbc24e42 Improve the usability of the ca app using EdDSA
Previously you had to supply "null" as the digest to use EdDSA. This changes
things so that any digest is ignored.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6901)
2018-08-22 16:35:54 +01:00
Jakub Wilk
a21285b363 Fix typos in documentation
CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7021)
2018-08-22 07:06:44 +02:00
Matt Caswell
e97be71804 Add support for SSL_CTX_set_post_handshake_auth()
We already have SSL_set_post_handshake_auth(). This just adds the SSL_CTX
equivalent.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6938)
2018-08-20 15:14:01 +01:00
Matt Caswell
32097b33bd Change Post Handshake auth so that it is opt-in
Having post handshake auth automatically switched on breaks some
applications written for TLSv1.2. This changes things so that an explicit
function call is required for a client to indicate support for
post-handshake auth.

Fixes #6933.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6938)
2018-08-20 15:14:01 +01:00
parasssh
723bd00473 Fix typos and errors in Ed25519.pod documentation
CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7005)
2018-08-20 00:09:58 +02:00
Andy Polyakov
d2b863643d crypto/threads_*: remove CRYPTO_atomic_{read|write}.
CRYPTO_atomic_read was added with intention to read statistics counters,
but readings are effectively indistinguishable from regular load (even
in non-lock-free case). This is because you can get out-dated value in
both cases. CRYPTO_atomic_write was added for symmetry and was never used.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/6883)
2018-08-17 12:40:39 +02:00
Matt Caswell
35e742ecac Update code for the final RFC version of TLSv1.3 (RFC8446)
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6741)
2018-08-15 12:33:30 +01:00
Andy Polyakov
d1f8b74c58 man3/OPENSSL_LH_COMPFUNC.pod: clarifications and updates.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6786)
2018-08-07 09:08:35 +02:00
Rich Salz
ed4fc85359 Some protocol versions are build-time
Clarify docs to list that some protocol flags might not be available
depending on how OpenSSL was build.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6816)
2018-07-31 11:36:44 -04:00
Matt Caswell
50db81633e Deprecate the EC curve type specific functions in 1.2.0
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6815)
2018-07-31 09:08:50 +01:00
Matt Caswell
de34e45a64 Add documentation for the new non-curve type specific EC functions
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6815)
2018-07-31 09:08:38 +01:00