Commit Graph

5114 Commits

Author SHA1 Message Date
Peiwei Hu
7b08f2566b Remove the negative return values of EVP_KDF_* functions in documents
None of the EVP_KDF_* functions will ever return a negative value.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25811)
2024-11-22 12:11:34 +01:00
wangcheng
4c41aa4b33 Add CTX copy function for EVP_MD to optimize the performance of EVP_MD_CTX_copy_ex.
1. Add OSSL_FUNC_digest_copyctx_fn function for EVP_MD, which is used to copy algctx from the old EVP_MD_CTX to the new one.

2. Add implementation of OSSL_FUNC_digest_copyctx_fn function for default providers.

3. Modify EVP_MD_CTX_copy_ex: When the fetched digest is the same in in and out contexts, use the copy function to copy the members in EVP_MD_CTX if the OSSL_FUNC_digest_copyctx_fn function exists. Otherwise, use the previous method to copy.

4. Add documentation for OSSL_FUNC_digest_copyctx function in doc/man7/provider-digest.pod.

5. Add testcase.

Fixes #25703

Signed-off-by: wangcheng <bangwangnj@163.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25726)
2024-11-20 14:12:53 +01:00
Neil Horman
63b671626e Make ossl_trace_param_values an official api function
lots of people may want to print params to a buffer.  Make it part of
our api

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25630)
2024-11-19 08:38:25 -05:00
Alicja Kario
eaf4da97c9 man ECDSA_sign(3): fix wrong variable names
the parameters in the function definitions use `siglen` not `sig_len`,
this fixes the doc text.

Signed-off-by: Alicja Kario <hkario@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25927)
2024-11-13 17:32:45 +01:00
Andrew Dinh
ef39dd058b Change "a SSL" to "an SSL"
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25868)
2024-11-13 17:24:40 +01:00
Dr. David von Oheimb
577ec498bd Fix doc and use of_X509v3_add_extensions() in case sk_X509_EXTENSION_num(exts) <= 0
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25631)
2024-11-13 17:19:58 +01:00
Jonathan M. Wilbur
1f7d2a2887 feat: define and use ossl_bio_print_hex
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25429)
2024-11-13 11:53:34 +01:00
Jonathan M. Wilbur
044b95837a doc: the attributeDescriptor X.509v3 extension
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25429)
2024-11-13 11:53:34 +01:00
Dr. David von Oheimb
012353bdf2 openssl-pkeyutl.pod.in: improve description of -rawin and -digest options
Fixes #25827

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25831)
2024-11-09 12:06:38 +01:00
Dr. David von Oheimb
26a826c2d1 openssl-pkeyutl.pod.in: add that -sign is default op, update claim on hash needed for -sign/-verify, etc.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25831)
2024-11-09 12:06:07 +01:00
Matt Caswell
d1669a14d1 Fix the default_md example in the ca docs
We should not have an example showing the default_md as md5.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25856)
2024-11-05 11:12:33 +00:00
Michael Baentsch
b9881e8eb1 Document extensibility of -groups parameter via providers
Also add brainpool curves

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25821)
2024-11-04 12:01:18 +01:00
Frederik Wedel-Heinen
357e27342e Support DEFAULT keyword and '-' prefix in SSL_CTX_set1_groups_list()
Fixes #25790

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25813)
2024-11-04 11:49:49 +01:00
Dr. David von Oheimb
50c0241de2 APPS/pkeyutl: -digest implies -rawin and can only be used with -sign and -verify
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22910)
2024-11-04 10:19:02 +01:00
Dr. David von Oheimb
c7764dacdf APPS/pkeyutl: improve -rawin usability (implied by Ed25519 and Ed448) and doc
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22910)
2024-11-04 10:18:24 +01:00
Aditya
539b17b658 apps: Change default cipher to aes-256-cbc for req, cms and smime apps
Update `CHANGES.md` and `NEWS.md`; remove `no-des` guard from req, cms,
and smime apps

Update MAN pages for default cipher; fix styling by removing braces around single statements

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25839)
2024-11-04 09:56:55 +01:00
Zheyu Shen
1d160dbf39 Fix incorrect openssl-smime doc sample command for encrypt
Original documented sample command causes error. PEM recipient cert argument needs to go last.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25829)
2024-11-01 17:27:19 +01:00
Aditya
bca1bb2977 req: Add -cipher option to specify private key encryption cipher
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25796)
2024-10-30 11:55:23 +00:00
Dr. David von Oheimb
72d3e9bac4 TRACE: automatically respect disabled categories
by fixing OSSL_trace_begin() to return NULL when given category is not enabled

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25652)
2024-10-23 15:16:37 +02:00
Michael Baentsch
37aa1143c3 Improve documentation about duplicate algorithm registrations
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25624)
2024-10-23 15:10:49 +02:00
Dmitry Misharov
e84878a7eb update logo
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25725)
2024-10-21 11:49:25 +01:00
Neil Horman
5dffe6afb0 updating docs to reflect security risks for SSLKEYLOGFILE
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25297)
2024-10-21 11:34:35 +01:00
Neil Horman
97d4b67cca Add documentation for SSLKEYLOGFILE
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25297)
2024-10-21 11:34:35 +01:00
Richard Levitte
0f8ff8fc25 [DOC] Document the OPENSSL_WINCTX type for OpenSSL_version()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25693)
2024-10-17 13:33:06 +02:00
Tomas Mraz
6bb62ab826 openssl-info.pod.in: Add windowscontext option to synopsis in doc
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25712)
2024-10-16 20:00:19 +02:00
Richard Levitte
5f3fefe2f3 Add 'openssl info' item for the Windows install context
This information is already present as an 'openssl version' item.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25694)
2024-10-16 19:29:53 +02:00
Christopher Triantafilis
f1607c8a2c Update documentation for SSL_SESSION_set_time_ex()
Fixes #24322

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25665)
2024-10-14 12:20:24 +02:00
slontis
01244adfc6 fipsinstall: Save the 'status indicator' if the FIPS provider is 3.0.X.
Fixes #23400

The 3.1 FIPS provider no longer writes out the 'status indicator' by
default due to changes related to FIPS 140-3 requirements. For Backwards
compatability if the fipsinstall detects it is loading a 3.0.X FIPS
provider then it will save the 'status indicator' by default.

Disclaimer: Using a fipsinstall command line utility that is not supplied
with the FIPS provider tarball source is not recommended.

This PR deliberately does not attempt to exclude any additional options
that were added after 3.0.X. These additional options will be ignored by older
providers.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/23689)
2024-10-11 14:52:37 +02:00
Dr. David von Oheimb
ee0bf38e87 improve and move text on OPENSSL_TRACE from doc/man1/openssl.pod to doc/man7/openssl-env.pod
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25540)
2024-10-09 12:11:01 +02:00
Dr. David von Oheimb
187952d449 APPS/storeutl: fix case where uri and outfile are the same
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25559)
2024-10-09 11:10:19 +02:00
Pauli
47ebeb1c10 doc: add note about fips jitter option
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25498)
2024-10-09 13:53:10 +11:00
Pauli
4bdbd830ac doc: add note about the configuration option for the jitter source.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25498)
2024-10-09 13:53:10 +11:00
Dimitri John Ledkov
6f08353a4b doc: EVP_KDF document the semantic meaning of output
Explicitely document what semantic meaning do various EVP_KDF
algorithms produce.

PBKDF2 produces cryptographic keys that are subject to cryptographic
security measures, for example as defined in NIST SP 800-132.

All other algorithms produce keying material, not subject to explicit
output length checks in any known standards.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25610)
2024-10-08 16:05:59 +02:00
Dmitry Belyavskiy
e647220c00 Documenting CRL download usage and restrictions
Fixes #25603

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25608)
2024-10-08 15:59:38 +02:00
Neil Horman
1c1223ff53 Add some documentation to describe the encap/decap requirements
Document the fact that we now require unwrappedlen/wrappedlen to be set
to the size of the unwrapped/wrapped buffers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25522)
2024-10-07 17:47:17 +02:00
Dr. David von Oheimb
c8359abb88 APPS/pkey: fix case where infile and outfile are the same
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)
2024-10-04 12:09:33 +02:00
Dr. David von Oheimb
d5c4a8aecc APPS/pkcs8: fix case where infile and outfile are the same
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)
2024-10-04 12:09:33 +02:00
Dr. David von Oheimb
421e8d7af8 APPS/ocsp: fix case where reqin and outfile are the same
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)
2024-10-04 12:09:33 +02:00
Dr. David von Oheimb
1dbb67c4f1 APPS/{ecparam,pkeyparam}: fix case where infile and outfile are the same
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)
2024-10-04 12:09:33 +02:00
Dr. David von Oheimb
32189981a3 APPS/dsaparam: fix case where infile and outfile are the same
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)
2024-10-04 12:09:33 +02:00
Dr. David von Oheimb
9ae1e6596f APPS/dhparam: fix case where infile and outfile are the same
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25552)
2024-10-04 12:09:33 +02:00
Dimitri John Ledkov
fc68cf21b5 kdfs: implement key length check in X9.42
Similar to other KDFs, the input key should be 112 bits long.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25529)
2024-09-30 20:03:49 +02:00
Dimitri John Ledkov
3be6387588 docs: document options added in openssl-fipsinstall 3.4+
Document new command line options added in 3.4.0

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25546)
2024-09-30 10:49:02 +01:00
Dimitri John Ledkov
9331a202fe docs: document options added in openssl-fipsinstall 3.2+
Document new command line options added in 3.2.0

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25546)
2024-09-30 10:48:29 +01:00
Dimitri John Ledkov
1b52b24aa4 docs: document options added in openssl-fipsinstall 3.1+
Document new command line options added in 3.1.0

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25546)
2024-09-30 10:46:28 +01:00
Dimitri John Ledkov
634d84324a docs: add HISTORY section to openssl-fipsinstall (3.0+)
Documents when the command was added.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25546)
2024-09-30 10:45:28 +01:00
Pauli
d927eb2950 doc: fix typo in CRNG test documentation.
To match changes in #25526

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25536)
2024-09-30 17:57:18 +10:00
Зишан Мирза
3ef1b7426b Check file name for not being NULL before opening it
Fixes #24416

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25458)
2024-09-26 20:35:26 +02:00
Зишан Мирза
4f899849ce Fix examples in EVP_PKEY_encapsulate/decapsulate documentation
Fixes #25448

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25450)
2024-09-26 10:29:57 +02:00
Vladimir Kotal
e7abc2118f document the format of DSA signature
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23762)
2024-09-23 22:37:03 +02:00