Commit Graph

1356 Commits

Author SHA1 Message Date
Matt Caswell
f3b9257f82 Minor documentation tweak
Update the return type for SSL_state in the documentation.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:39:46 +00:00
Rich Salz
a528d4f0a9 Remove SSLeay history, etc., from docs
If something was "present in all versions" of SSLeay, or if it was
added to a version of SSLeay (and therefore predates OpenSSL),
remove mention of it.  Documentation history now starts with OpenSSL.

Remove mention of all history before OpenSSL 0.9.8, inclusive.

Remove all AUTHOR sections.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-10-28 17:23:51 -04:00
Rich Salz
6f5c030320 Remove HAMC_cleanup
Old API for use with OpenSSL-0.9.6.  Remove it.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-10-27 16:07:56 -04:00
Alessandro Ghedini
d900a015b5 Fix typos
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-23 19:52:08 +02:00
Adam Eijdenberg
8cbb048c3e Clarify return values for EVP_DigestVerifyFinal.
Previous language was unclear.  New language isn't pretty but I believe
it is more accurate.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-22 18:27:48 -04:00
Matt Caswell
21cd6e006c Don't use SSLv23_server_method in an example
The function SSLv23_server_method() is an old name. New code should use
TLS_server_method() instead. Therefore don't use SSLv23_server_method() in
an example in the docs.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-21 16:22:19 +01:00
Matt Caswell
8b7080b0b7 Remove Obsolete engines
There are a number of engines in the OpenSSL source code which are now
obsolete. The following engines have been removed: 4758cca, aep, atalla,
cswift, nuron, sureware.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-15 17:02:06 +01:00
Matt Caswell
c84f7f4a74 Change the DEFAULT ciphersuites to exclude DES, RC4 and RC2
This patch updates the "DEFAULT" cipherstring to be
"ALL:!COMPLEMENTOFDEFAULT:!eNULL". COMPLEMENTOFDEFAULT is now defined
internally by a flag on each ciphersuite indicating whether it should be
excluded from DEFAULT or not. This gives us control at an individual
ciphersuite level as to exactly what is in DEFAULT and what is not.

Finally all DES, RC4 and RC2 ciphersuites are added to COMPLEMENTOFDEFAULT
and hence removed from DEFAULT.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-30 19:15:06 +01:00
Matt Caswell
40e2d76bec Document -no-CApath and -no-CAfile
Add documentation to all the appropriate apps for the new -no-CApath and
-no-CAfile options.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-25 14:49:59 +01:00
Matt Caswell
631fb6af5f Document the default CA path functions
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-25 14:49:59 +01:00
Matt Caswell
468f043ece Clarify DTLSv1_listen documentation
Clarify that user code is required to allocate sufficient space for the
addressing scheme in use in the call to DTLSv1_listen.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-23 13:53:27 +01:00
Matt Caswell
ca7256fbd9 Add DTLSv1_listen documentation
Adds a new man page to cover the DTLSv1_listen() function.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-23 13:53:27 +01:00
Matt Caswell
35d15a3952 Add -listen documentation
This commit adds documentation for the new -listen option to s_server. Along
the way it also adds documentation for -dtls, -dtls1 and -dtls1_2 which was
missing.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-23 13:53:27 +01:00
Dr. Stephen Henson
69d492eac8 Document X509_get0_subject_key_id()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-22 21:15:55 +01:00
Emilia Kasper
21b0fa9118 Document BUF_strnlen
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 19:52:41 +02:00
Emilia Kasper
58e3457a82 BUF_strdup and friends: update docs
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 19:51:53 +02:00
Dr. Stephen Henson
035014cd22 Update SEE ALSO sections.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:42:20 +01:00
Dr. Stephen Henson
dd332cea9f Document signature accessors.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:42:20 +01:00
Dr. Stephen Henson
047dd81efe Extension parsing and encoding docs.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:15:42 +01:00
Dr. Stephen Henson
d8db9a0df5 Document i2d_re_X509_REQ_tbs() and i2d_re_X509_CRL_tbs().
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:15:42 +01:00
Dr. Stephen Henson
73a7e8de17 Document X509_REVOKED functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:15:42 +01:00
Dr. Stephen Henson
94eae38011 Document X509 sign and verify functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:15:42 +01:00
Dr. Stephen Henson
e7fabc5ea5 Document X509 public key functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:15:42 +01:00
Dr. Stephen Henson
5571ea886f Document X509 name get and set functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:15:42 +01:00
Dr. Stephen Henson
5f74a40540 Document X509 version functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-22 13:15:42 +01:00
Dr. Stephen Henson
03706afa30 Use default field separator.
If the field separator isn't specified through -nameopt then use
XN_FLAG_SEP_CPLUS_SPC instead of printing nothing and returing an error.

PR#2397

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-11 20:50:48 +01:00
Rich Salz
ff2f6bb084 Fix rehash/c_rehash doc and behavior.
Both now warn once if directory isn't writeable.
Both now warn on file-write errors (multiple times).
Update manpage to describe both program and script correctly.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-09-08 15:13:57 -04:00
Richard Levitte
e51fb759a6 Adjust the general fill-column in doc/dir-locals.example.el
Having a general fill-column of 78 may look nice at first sight, but
if the edited text gets indented a bit afterward (such as with git
comments in 'git log'), it suddenly turns not so nice on a classic 80
columns terminal.  A fill-column of 70 will serve us better.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-08 00:59:50 +02:00
Timo Teras
8f6f1441a3 Add rehash command to openssl
On Unix/Linux platforms, merge c_rehash script into openssl as a
C program.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-06 18:03:54 -04:00
David Woodhouse
d35ff2c0ad RT3951: Add X509_V_FLAG_NO_CHECK_TIME to suppress time check
In some environments, such as firmware, the current system time is entirely
meaningless. Provide a clean mechanism to suppress the checks against it.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-05 16:17:15 -04:00
Dr. Stephen Henson
361136f4b3 Document extension functions
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-01 20:37:45 +01:00
Rich Salz
8db7878106 RT3767: openssl_button.gif should be PNG
No, we should just delete it.  And updated the README

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-01 11:56:14 -04:00
Dr. Stephen Henson
d8c054f2da Remove asn1-kludge option.
Remove asn1-kludge option from the req utility. It was a decade old
workaround for CAs and software which required an invalid encoding
of PKCS#10 certificate requests: omitting the attributes field even
though it is not OPTIONAL.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-31 20:58:33 +01:00
Ben Kaduk
36ac7bc8a9 GH367 follow-up, for more clarity
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-08-31 13:46:12 -04:00
Richard Levitte
6dc08048d9 Remove auto-fill-mode
Apparently, emacs sees changes to auto-fill-mode as insecure

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-31 18:15:33 +02:00
Richard Levitte
0927f0d822 Add an example .dir-locals.el
This file, when copied to .dir-locals.el in the OpenSSL source top,
will make sure that the CC mode style "OpenSSL-II" will be used for
all C files.

Additionally, I makes sure that tabs are never used as indentation
character, regardless of the emacs mode, and that the fill column is
78.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-31 18:15:32 +02:00
Richard Levitte
d9b3554b2d Add emacs CC mode style for OpenSSL
This hopefully conforms closely enough to the current code style.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-31 18:15:32 +02:00
Ismo Puustinen
f00a10b897 GH367: Fix dsa keygen for too-short seed
If the seed value for dsa key generation is too short (< qsize),
return an error. Also update the documentation.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-08-27 22:57:00 -04:00
Rich Salz
c03726ca41 Various doc fixes.
Make all mention of digest algorithm use "any supported algorithm"

RT2071, some new manpages from Victor B. Wagner <vitus@cryptocom.ru>:
    X509_LOOKUP_hash_dir.pod
    X509_check_ca.pod
    X509_check_issued.pod

RT 1600:
    Remove references to non-existant objects(3)
    Add RETURN VALUES to BIO_do_accept page.

RT1818:
    RSA_sign Can return values other than 0 on failure.

RT3634:
    Fix AES CBC aliases (Steffen Nurpmeso <sdaoden@yandex.com>)

RT3678:
    Some clarifications to BIO_new_pair
    (Devchandra L Meetei <dlmeetei@gmail.com>)

RT3787:
    Fix some EVP_ function return values
    (Laetitia Baudoin <lbaudoin@google.com>)

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-27 14:27:28 -04:00
Viktor Dukhovni
208b2d541d GH correct organizationalUnitName
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-26 17:31:10 -04:00
Markus Rinne
fe50cd7ad4 RT4019: Duplicate -hmac flag in dgst.pod
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-08-25 12:15:53 -04:00
Rich Salz
32c5e0ba0f GH372: Remove duplicate flags
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-08-25 12:10:54 -04:00
Rich Salz
2c4969708c Small cleanup of crypto.pod
Came up on the mailing list, from Ken Goldman.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-24 18:21:54 -04:00
Rich Salz
9b86974e0c Fix L<> content in manpages
L<foo|foo> is sub-optimal  If the xref is the same as the title,
which is what we do, then you only need L<foo>.  This fixes all
1457 occurrences in 349 files.  Approximately.  (And pod used to
need both.)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-08-21 15:11:50 -04:00
Dr. Stephen Henson
f8f5f8369d add CCM docs
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-08-14 06:57:32 +01:00
Dr. Stephen Henson
2fd7fb99db Update docs.
Clarify and update documention for extra chain certificates.

PR#3878.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-14 06:28:00 +01:00
Dr. Stephen Henson
6d5f8265ce Documentation for SSL_check_chain()
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-14 06:24:38 +01:00
Rich Salz
ade44dcb16 Remove Gost94 signature algorithm.
This was obsolete in 2001.  This is not the same as Gost94 digest.
Thanks to Dmitry Belyavsky <beldmit@gmail.com> for review and advice.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-08-11 18:23:29 -04:00
David Woodhouse
2bfbeb2645 RT3998: fix X509_check_host.pod release to 1.0.2
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Ben Laurie <ben@openssl.org>
2015-08-08 18:13:25 -04:00
Rich Salz
740ceb5b0c Various doc fixes from GH pull requests
Thanks folks:
        348 Benjamin Kaduk
        317 Christian Brueffer
        254 Erik Tews
        253 Erik Tews
        219 Carl Mehner
        155 (ghost)
        95 mancha
        51 DominikNeubauer

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-07-31 12:27:27 -04:00
Kai Engert
898ea7b855 RT3742: Add xmpp_server to s_client.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-31 11:19:45 -04:00
Dr. Stephen Henson
69a3a9f5d9 CAMELLIA PSK ciphersuites from RFC6367
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:55:33 +01:00
Dr. Stephen Henson
b2f8ab8681 Add PSK ciphersuites to docs
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-30 14:55:33 +01:00
Dr. Stephen Henson
14815a99d5 Document signature algorithm setting functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-28 16:56:04 +01:00
Dr. Stephen Henson
797a89a15a Add some OCSP documentation.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-07-28 16:56:04 +01:00
Dr. Stephen Henson
8a00dbd83e Document shared sigalgs functions.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-07-23 02:51:38 +01:00
Dr. Stephen Henson
429261d0d8 SSL_CONF additions.
Add support for loading verify and chain stores in SSL_CONF.

Commands to set verify mode and client CA names.

Add documentation.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-07-21 13:56:24 +01:00
Rich Salz
0bc2f36555 Remove obsolete key formats.
Remove support for RSA_NET and Netscape key format (-keyform n).

Also removed documentation of SGC.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-07-16 01:06:48 -04:00
mancha
31d6c0b2b0 Fix author credit for e5c0bc6
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-07-15 06:48:53 -04:00
Rich Salz
9e2e7b34eb Revert "Missing perldoc markup around < literal"
This reverts commit e5c0bc6cc4.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-07-15 06:48:53 -04:00
Rich Salz
5b89036c41 Can't use -trusted with -CA{path,file}
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-07-14 07:46:20 -04:00
GitHub User
e5c0bc6cc4 Missing perldoc markup around < literal
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-07-14 01:32:18 -04:00
Dr. Stephen Henson
2fc52c912a correct example
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-07-09 21:22:42 +01:00
Matt Caswell
7f3f41d816 Extend -show_chain option to verify to show more info
The -show_chain flag to the verify command line app shows information about
the chain that has been built. This commit adds the text "untrusted" against
those certificates that have been used from the untrusted list.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-07-07 21:57:12 +01:00
Matt Caswell
79a55b1f27 Add documentation for some missing verify options
Fills in a couple of verify options that were lacking documentation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-07-07 21:57:11 +01:00
Matt Caswell
aae41f8c54 Reject calls to X509_verify_cert that have not been reinitialised
The function X509_verify_cert checks the value of |ctx->chain| at the
beginning, and if it is NULL then it initialises it, along with the value
of ctx->untrusted. The normal way to use X509_verify_cert() is to first
call X509_STORE_CTX_init(); then set up various parameters etc; then call
X509_verify_cert(); then check the results; and finally call
X509_STORE_CTX_cleanup(). The initial call to X509_STORE_CTX_init() sets
|ctx->chain| to NULL. The only place in the OpenSSL codebase  where
|ctx->chain| is set to anything other than a non NULL value is in
X509_verify_cert itself. Therefore the only ways that |ctx->chain| could be
non NULL on entry to X509_verify_cert is if one of the following occurs:
1) An application calls X509_verify_cert() twice without re-initialising
in between.
2) An application reaches inside the X509_STORE_CTX structure and changes
the value of |ctx->chain| directly.

With regards to the second of these, we should discount this - it should
not be supported to allow this.

With regards to the first of these, the documentation is not exactly
crystal clear, but the implication is that you must call
X509_STORE_CTX_init() before each call to X509_verify_cert(). If you fail
to do this then, at best, the results would be undefined.

Calling X509_verify_cert() with |ctx->chain| set to a non NULL value is
likely to have unexpected results, and could be dangerous. This commit
changes the behaviour of X509_verify_cert() so that it causes an error if
|ctx->chain| is anything other than NULL (because this indicates that we
have not been initialised properly). It also clarifies the associated
documentation. This is a follow up commit to CVE-2015-1793.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-07-07 21:57:11 +01:00
Richard Levitte
9cf315ef90 Document the nameopt change
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-07-07 14:50:10 +02:00
Dr. Stephen Henson
5727582cf5 document -2 return value
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-07-06 18:34:13 +01:00
Dr. Stephen Henson
77672802a6 Add docs for ssl verification parameter functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-24 22:16:54 +01:00
Rich Salz
74924dcb38 More secure storage of key material.
Add secure heap for storage of private keys (when possible).
Add BIO_s_secmem(), CBIGNUM, etc.
Add BIO_CTX_secure_new so all BIGNUM's in the context are secure.
Contributed by Akamai Technologies under the Corporate CLA.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-06-23 17:09:35 -04:00
Vitezslav Cizek
4ba81134dc GH297: Fix NAME section of SSL_CTX_use_serverinfo.pod
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-23 08:19:06 -04:00
Emilia Kasper
a8e4ac6a2f Remove SSL_OP_TLS_BLOCK_PADDING_BUG
This is a workaround so old that nobody remembers what buggy clients
it was for. It's also been broken in stable branches for two years and
nobody noticed (see
https://boringssl-review.googlesource.com/#/c/1694/).

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-06-10 13:55:11 +02:00
Jeffrey Walton
82c4d79318 Explicitly mention PKCS5_PBKDF2_HMAC in EVP doc.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-08 20:20:24 -04:00
Kurt Roeckx
26c79d5641 Properly check certificate in case of export ciphers.
Reviewed-by: Matt Caswell <matt@openssl.org>
MR #588
2015-06-09 00:46:59 +02:00
Jeffrey Walton
f20bb4eb18 RT3472: Doc pkcs8 -iter flag is in OpenSSL 1.1
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-06-02 11:58:03 -04:00
Dr. Stephen Henson
f097f81c89 PEM doc fixes
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-28 18:00:28 +01:00
Matt Caswell
d9f1c639d5 Change return type of the new accessors
The new accessors SSL_get_client_random, SSL_get_server_random and
SSL_SESSION_get_master_key should return a size_t to match the type of the
|outlen| parameter.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-28 16:55:15 +01:00
Matt Caswell
6b8f5d0d43 Change the new functions to use size_t
Change the new SSL_get_client_random(), SSL_get_server_random() and
SSL_SESSION_get_master_key() functions to use size_t for |outlen| instead of
int.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-28 16:05:56 +01:00
Nick Mathewson
7470cefcb2 Clarify that SSL3_RANDOM_SIZE is a constant, for now.
Signed-off-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-28 16:05:49 +01:00
Nick Mathewson
858618e7e0 Add new functions to extract {client,server}_random, master_key
Tor uses these values to implement a low-rent clone of RFC 5705 (which,
in our defense, we came up with before RFC 5705 existed).  But now that
ssl_st is opaque, we need another way to get at them.

Includes documentation, with suitable warnings about not actually
using these functions.

Signed-off-by: Nick Mathewson <nickm@torproject.org>
Signed-off-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-28 16:05:01 +01:00
Nick Mathewson
9ef175148b Add a documentation clarification suggested by Matt Caswell
Signed-off-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-28 16:00:47 +01:00
Nick Mathewson
831eef2cf5 Add SSL_get_client_ciphers() to return ciphers from ClientHello
On the server side, if you want to know which ciphers the client
offered, you had to use session->ciphers.  But that field is no
longer visible, so we need a method to get at it.

Signed-off-by: Nick Mathewson <nickm@torproject.org>
Signed-off-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-28 16:00:23 +01:00
Dr. Stephen Henson
0ceb8b74f5 scrypt in pkcs8 util
Add support for PKCS#8 private key encryption using the scrypt algorithm
in the pkcs8 utility. Update documentation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-26 13:09:26 +01:00
Matt Caswell
13f8eb4730 Remove export static DH ciphersuites
Remove support for the two export grade static DH ciphersuites. These two
ciphersuites were newly added (along with a number of other static DH
ciphersuites) to 1.0.2. However the two export ones have *never* worked
since they were introduced. It seems strange in any case to be adding new
export ciphersuites, and given "logjam" it also does not seem correct to
fix them.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-22 23:58:52 +01:00
Matt Caswell
efee575ad4 Fix off-by-one in BN_rand
If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte
buffer overflow can occur. There are no such instances within the OpenSSL at
the moment.

Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for
discovering and reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-05-22 23:40:38 +01:00
Matt Caswell
7cc18d8158 Reject negative shifts for BN_rshift and BN_lshift
The functions BN_rshift and BN_lshift shift their arguments to the right or
left by a specified number of bits. Unpredicatable results (including
crashes) can occur if a negative number is supplied for the shift value.

Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian
for discovering and reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-05-22 23:15:02 +01:00
Matt Caswell
e481f9b90b Remove support for OPENSSL_NO_TLSEXT
Given the pervasive nature of TLS extensions it is inadvisable to run
OpenSSL without support for them. It also means that maintaining
the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
not well tested). Therefore it is being removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-22 23:10:51 +01:00
Michael Trapp
552bf8ec5e RT266: Add HTTP proxy/CONNECT to s_client
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-22 16:56:59 -04:00
Dr. Stephen Henson
c5f2810581 Add functions to convert between uint64_t and ASN1_INTEGER.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-20 15:04:19 +01:00
Emilia Kasper
1554d55318 Remove dh512.pem
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-20 15:10:26 +02:00
Emilia Kasper
1f302db3e7 Update documentation with Diffie-Hellman best practices.
- Do not advise generation of DH parameters with dsaparam to save
computation time.
- Promote use of custom parameters more, and explicitly forbid use of
built-in parameters weaker than 2048 bits.
- Advise the callback to ignore <keylength> - it is currently called
with 1024 bits, but this value can and should be safely ignored by
servers.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-20 15:10:26 +02:00
Emilia Kasper
b5a379aae5 dhparam: fix documentation
The default bitlength is now 2048. Also clarify that either the number
of bits or the generator must be present:

$ openssl dhparam -2
and
$ openssl dhparam 2048
generate parameters but
$ openssl dhparam
does not.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-20 15:10:26 +02:00
Dr. Stephen Henson
6c5b6cb035 ASN1 INTEGER refactor.
Rewrite and tidy ASN1_INTEGER and ASN1_ENUMERATED handling.

Remove code duplication.

New functions to convert between int64_t and ASN.1 types without the
quirks of the old long conversion functions.

Add documentation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-18 18:38:42 +01:00
Matt Caswell
a27e81ee54 Version negotiation rewrite doc updates
Update various documentation references to the new TLS_*_method names. Also
add a CHANGES entry.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-05-16 09:20:44 +01:00
Rich Salz
c490a5512e RT1207: document SSL_COMP_free_compression_methods.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-13 13:00:37 -04:00
Matt Caswell
e36827f6d1 Remove remaining Kerberos references
Following on from the removal of libcrypto and libssl support for Kerberos
this commit removes all remaining references to Kerberos.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-13 15:08:10 +01:00
Dr. Stephen Henson
253617806d Additional X509_ALGOR documentation
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-12 02:09:49 +01:00
Dr. Stephen Henson
fae4772c24 Add SSL_use_certificate_chain_file function
Add SSL_use_certiicate_chain file functions: this is works the same
way as SSL_CTX_use_certificate_chain_file but for an SSL structure.

Update SSL_CONF code to use the new function.
Update docs.
Update ordinals.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-08 18:43:44 +01:00
Dr. Stephen Henson
656b26055c SSL_CONF table reorganisation.
Add command line switch entries to table and return SSL_CONF_TYPE_NONE for
them in SSL_CONF_cmd_value_type.

Update docs.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-06 14:17:42 +01:00
Alok Menghrajani
5812e6f175 Fixes some typos in doc/ssl/
This is the last of Alok's PR260
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-03 08:52:11 -04:00
Alok Menghrajani
4c583c3659 Fixes some typos in doc/apps/
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-03 08:51:43 -04:00
Alok Menghrajani
186bb90705 RT3802: Fixes typos in doc/crypto/
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-03 08:51:23 -04:00
Rich Salz
8332f91cc0 fix various typo's
https://github.com/openssl/openssl/pull/176 (CHANGES)
 https://rt.openssl.org/Ticket/Display.html?id=3545 (objects.txt)
 https://rt.openssl.org/Ticket/Display.html?id=3796 (verify.pod)

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-03 08:50:34 -04:00
Rich Salz
23a1d5e97c free NULL cleanup 7
This gets BN_.*free:
    BN_BLINDING_free BN_CTX_free BN_FLG_FREE BN_GENCB_free
    BN_MONT_CTX_free BN_RECP_CTX_free BN_clear_free BN_free BUF_MEM_free

Also fix a call to DSA_SIG_free to ccgost engine and remove some #ifdef'd
dead code in engines/e_ubsec.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 21:37:06 -04:00
Rich Salz
222561fe8e free NULL cleanup 5a
Don't check for NULL before calling a free routine.  This gets X509_.*free:
    x509_name_ex_free X509_policy_tree_free X509_VERIFY_PARAM_free
    X509_STORE_free X509_STORE_CTX_free X509_PKEY_free
    X509_OBJECT_free_contents X509_LOOKUP_free X509_INFO_free

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-30 17:33:59 -04:00
Rich Salz
46aa607867 apps-cleanup: the doc fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-25 16:07:28 -04:00
Dr. Stephen Henson
98c9ce2f55 SSL_CIPHER lookup functions.
Add tables to convert between SSL_CIPHER fields and indices for ciphers
and MACs.

Reorganise ssl_ciph.c to use tables to lookup values and load them.

New functions SSL_CIPHER_get_cipher_nid and SSL_CIPHER_get_digest_nid.

Add documentation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-22 15:00:53 +01:00
Rich Salz
62adbcee39 free NULL cleanup 10
Avoid checking for NULL before calling free functions.  This gets
ssl.*free:
    ssl_sess_cert_free ssl_free ssl_excert_free ssl_cert_free
    SSL_free SSL_SRP_CTX_free SSL_SESSION_free SSL_CTX_free
    SSL_CTX_SRP_CTX_free SSL_CONF_CTX_free

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-04-11 10:22:36 -04:00
Rich Salz
be739b0cc0 Drop CA.sh for CA.pl
Remove CA.sh script and use CA.pl for testing, etc.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-08 14:07:39 -04:00
Dr. Stephen Henson
22f5bd3dd2 New ASN1_TYPE SEQUENCE functions.
Add new functions ASN1_TYPE_pack_sequence and ASN1_TYPE_unpack_sequence:
these encode and decode ASN.1 SEQUENCE using an ASN1_TYPE structure.

Update ordinals.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-30 22:01:31 +01:00
Rich Salz
c5ba2d9904 free NULL cleanup
EVP_.*free; this gets:
        EVP_CIPHER_CTX_free EVP_PKEY_CTX_free EVP_PKEY_asn1_free
        EVP_PKEY_asn1_set_free EVP_PKEY_free EVP_PKEY_free_it
        EVP_PKEY_meth_free; and also EVP_CIPHER_CTX_cleanup

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-28 10:54:15 -04:00
Dr. Stephen Henson
dd14f91171 ASN1_TYPE documentation.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-26 21:59:17 +00:00
Rich Salz
8fdc3734c0 free NULL cleanup.
This gets EC_GROUP_clear_free EC_GROUP_free, EC_KEY_free,
EC_POINT_clear_free, EC_POINT_free

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-25 18:35:24 -04:00
Matt Caswell
17dd65e6e1 Resolve swallowed returns codes
The recent updates to libssl to enforce stricter return code checking, left
a small number of instances behind where return codes were being swallowed
(typically because the function they were being called from was declared as
void). This commit fixes those instances to handle the return codes more
appropriately.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-25 18:52:13 +00:00
Rich Salz
ca3a82c3b3 free NULL cleanup
This commit handles BIO_ACCEPT_free BIO_CB_FREE BIO_CONNECT_free
BIO_free BIO_free_all BIO_vfree

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-25 11:31:18 -04:00
Dr. Stephen Henson
2011b169fa Support key loading from certificate file
Support loading of key and certificate from the same file if
SSL_CONF_FLAG_REQUIRE_PRIVATE is set. This is done by remembering the
filename used for each certificate type and attempting to load a private
key from the file when SSL_CONF_CTX_finish is called.

Update docs.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-25 14:19:04 +00:00
Matt Caswell
302d38e3f7 Deprecate RAND_pseudo_bytes
The justification for RAND_pseudo_bytes is somewhat dubious, and the reality
is that it is frequently being misused. RAND_bytes and RAND_pseudo_bytes in
the default implementation both end up calling ssleay_rand_bytes. Both may
return -1 in an error condition. If there is insufficient entropy then
both will return 0, but RAND_bytes will additionally add an error to the
error queue. They both return 1 on success.
Therefore the fundamental difference between the two is that one will add an
error to the error queue with insufficient entory whilst the other will not.
Frequently there are constructions of this form:

if(RAND_pseudo_bytes(...) <= 1)
	goto err;

In the above form insufficient entropy is treated as an error anyway, so
RAND_bytes is probably the better form to use.

This form is also seen:
if(!RAND_pseudo_bytes(...))
	goto err;

This is technically not correct at all since a -1 return value is
incorrectly handled - but this form will also treat insufficient entropy as
an error.

Within libssl it is required that you have correctly seeded your entropy
pool and so there seems little benefit in using RAND_pseudo_bytes.
Similarly in libcrypto many operations also require a correctly seeded
entropy pool and so in most interesting cases you would be better off
using RAND_bytes anyway. There is a significant risk of RAND_pseudo_bytes
being incorrectly used in scenarios where security can be compromised by
insufficient entropy.

If you are not using the default implementation, then most engines use the
same function to implement RAND_bytes and RAND_pseudo_bytes in any case.

Given its misuse, limited benefit, and potential to compromise security,
RAND_pseudo_bytes has been deprecated.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-25 12:38:19 +00:00
Rich Salz
d64070838e free NULL cleanup
Start ensuring all OpenSSL "free" routines allow NULL, and remove
any if check before calling them.
This gets DH_free, DSA_free, RSA_free

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 23:17:16 -04:00
Dr. Stephen Henson
2e43027757 make ASN1_OBJECT opaque
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 17:35:58 +00:00
Dr. Stephen Henson
7b68c30da0 Configuration file examples.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 12:22:52 +00:00
Rich Salz
0dfb9398bb free NULL cleanup
Start ensuring all OpenSSL "free" routines allow NULL, and remove
any if check before calling them.
This gets ASN1_OBJECT_free and ASN1_STRING_free.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-24 07:52:24 -04:00
Dr. Stephen Henson
3d764db7a2 additional configuration documentation
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-12 13:31:43 +00:00
Dr. Stephen Henson
e3013932df Additional CMS documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-08 16:18:21 +00:00
Viktor Szakats
63a3c45582 GitHub 237: Use https for IETF links
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-03-07 21:24:40 -05:00
Rich Salz
9f7f8eced5 Cleanup some doc files
ACKNOWLEDGEMENTS is now spelled correctly :)
README.ASN1 talked about 0.9.6, so it's deleted.
I turned doc/standards.txt into a set of one-line summaries of RFCs, and
also updated the pointers to original sources (to be web links)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-01 20:46:38 -05:00
Matt Caswell
7a4dadc3a6 Removed support for SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG. Also removed
the "-hack" option from s_server that set this option.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-26 23:22:46 +00:00
Matt Caswell
f7812493a0 Update the SHA* documentation
Updates to include SHA224, SHA256, SHA384 and SHA512. In particular note
the restriction on setting md to NULL with regards to thread safety.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-25 20:52:34 +00:00
Rainer Jung
64d2733176 Fix NAME section of d2i_ECPKParameters to prevent broken symlinks when using
the extract-names.pl script.

RT#3718

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-02-25 20:46:51 +00:00
Matt Caswell
12e0ea306a Fix some minor documentation issues
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:13:34 +00:00
Matt Caswell
09f278f925 Add dire warnings about the "reuse" capability of the d2i_* functions.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:13:19 +00:00
Matt Caswell
93b83d0626 Provide documentation for i2d_ECPrivateKey and d2i_ECPrivateKey
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:13:14 +00:00
Matt Caswell
fa7b01115b Add documentation for the -no_alt_chains option for various apps, as well as
the X509_V_FLAG_NO_ALT_CHAINS flag.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-02-25 09:15:10 +00:00
Dr. Stephen Henson
384dee5124 Document -no_explicit
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-02-24 15:27:33 +00:00
Dr. Stephen Henson
15b5d6585d typo
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-02-22 14:43:09 +00:00
Dr. Stephen Henson
146ca72cca Add additional EC documentation.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-21 00:45:06 +00:00
Matt Caswell
b7c9187b32 Add SSL_SESSION_get0_ticket API function.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-10 22:54:27 +00:00
Matt Caswell
f2baac27d5 Provide the API functions SSL_SESSION_has_ticket and
SSL_SESSION_get_ticket_lifetime_hint. The latter has been reported as
required to fix Qt for OpenSSL 1.1.0. I have also added the former in order
to determine whether a ticket is present or not - otherwise it is difficult
to know whether a zero lifetime hint is because the server set it to 0, or
because there is no ticket.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-10 22:54:09 +00:00
Emilia Kasper
0923e7df9e Fix hostname validation in the command-line tool to honour negative return values.
Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion
and result in a negative return value, which the "x509 -checkhost" command-line option
incorrectly interpreted as success.

Also update X509_check_host docs to reflect reality.

Thanks to Sean Burford (Google) for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-10 15:35:20 +01:00
Matt Caswell
0350ef69ad Remove stray "=back". This was causing newer versions of pod2man to choke.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-09 09:13:09 +00:00
Matt Caswell
3ffbe00808 Apache Traffic Server has a need to set the rbio without touching the wbio.
There is no mechanism to do that at the moment - SSL_set_bio makes changes
to the wbio even if you pass in SSL_get_wbio().

This commit introduces two new API functions SSL_set_rbio() and
SSL_set_wbio(). These do the same job as SSL_set_bio() except they enable
you to manage the rbio and wbio individually.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-07 14:29:16 +00:00
Matt Caswell
3c33c6f6b1 Remove support for SSL_OP_NETSCAPE_CA_DN_BUG.
This is an ancient bug workaround for Netscape clients. The documentation
talks about versions 3.x and 4.x beta.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-06 11:35:07 +00:00
Dr. Stephen Henson
a724e79ed7 Preliminary ASN1_TIME documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-02-03 16:47:57 +00:00
Dr. Stephen Henson
156a872233 Add SSL_get_extms_support documentation.
Document SSL_get_extms_support().

Modify behaviour of SSL_get_extms_support() so it returns -1 if the
master secret support of the peer is not known (e.g. handshake in progress).
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-03 14:50:08 +00:00
Rich Salz
c303d4d868 old_des fix windows build, remove docs
Remove outdated doc files.
Fix windows build after old_des was removed.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-02 22:40:36 -05:00
Rich Salz
625a9baf11 Finish removal of DSS
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-28 12:21:55 -05:00
Matt Caswell
e640fa0200 Harmonise use of EVP_CTRL_GET_TAG/EVP_CTRL_SET_TAG/EVP_CTRL_SET_IVLEN
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-28 10:39:01 +00:00
Rich Salz
646e8c1d6b Dead code removal: Fortezza identifiers
Not interested in helping the NSA in the slightest.
And anyway, it was never implemented, #if'd out.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-27 21:00:03 -05:00
Rich Salz
63c574f6a6 OPENSSL_NO_XXX cleanup: OPENSSL_NO_BUF_FREELISTS
Remove OPENSSL_NO_BUF_FREELISTS. This was turned on by default,
so the work here is removing the 'maintain our own freelist' code.
Also removed a minor old Windows-multibyte/widechar conversion flag.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-27 16:43:53 -05:00
Rich Salz
474e469bbd OPENSSL_NO_xxx cleanup: SHA
Remove support for SHA0 and DSS0 (they were broken), and remove
the ability to attempt to build without SHA (it didn't work).
For simplicity, remove the option of not building various SHA algorithms;
you could argue that SHA_224/256/384/512 should be kept, since they're
like crypto algorithms, but I decided to go the other way.
So these options are gone:
	GENUINE_DSA         OPENSSL_NO_SHA0
	OPENSSL_NO_SHA      OPENSSL_NO_SHA1
	OPENSSL_NO_SHA224   OPENSSL_NO_SHA256
	OPENSSL_NO_SHA384   OPENSSL_NO_SHA512

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-27 12:34:45 -05:00
Rich Salz
109f1031a8 OPENSSL_NO_xxx cleanup: DEC-CBCM removed
A DES algorithm mode, known attacks, no EVP support.
Flushed.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-27 10:02:39 -05:00
Matt Caswell
8507474564 Provide documentation for all SSL(_CTX)?_(get|set)(_default)?_read_ahead
functions.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-01-27 14:28:41 +00:00
Rich Salz
abdd677125 Make OPENSSL_config truly ignore errors.
Per discussion: should not exit. Should not print to stderr.
Errors are ignored.  Updated doc to reflect that, and the fact
that this function is to be avoided.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-01-25 21:07:20 -05:00
Rich Salz
39a24e8889 Cleanup old doc/*; remove CHANGES.SSLeay
Removed CHANGES.SSLeay

Udpate README to be current.

Updated fignerprints.txt to list only current release signers and
to explain that is what it's used for.

Removed the following:
	c-indentation.el -- doesn't go with our coding style
	openssl-shared.txt -- old info about shared library aides
	openssl.txt -- old info about X509v3 extension support/syntax
	ssleay.txt -- old info about OpenSSL's predecessor, back when
		programmers coded on COBOL sheets by candlelight

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-22 12:38:57 -05:00
Rich Salz
a09474dd2d Some cleanup of L<> markup in pod files
Show only the #define, not the values, in BIO_f_buffer.  Data
abstraction and we can remove a "see also" entry.

Remove internal forward reference to NOTES in EVP_EncryptInit; just
say "see below" as we do in the other pages.

Add missing (3) in pem.pod so the L<> entry is consistent.
Fix entry to point to the "master" page, not the symlink'd one.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-06 12:16:24 -05:00
Dr. Stephen Henson
ce325c60c7 Only allow ephemeral RSA keys in export ciphersuites.
OpenSSL clients would tolerate temporary RSA keys in non-export
ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which
enabled this server side. Remove both options as they are a
protocol violation.

Thanks to Karthikeyan Bhargavan for reporting this issue.
(CVE-2015-0204)
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-06 02:06:39 +00:00
Dr. Stephen Henson
63eab8a620 Remove MS SGC
MS Server gated cryptography is obsolete and dates from the time of export
restrictions on strong encryption and is only used by ancient versions of
MSIE.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-02 22:56:54 +00:00
Thorsten Glaser
5075e52e6f Document openssl dgst -hmac option
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-30 16:46:46 +01:00
Alok Menghrajani
67472bd82b Improves certificates HOWTO
* adds links to various related documents.
* fixes a few typos.
* rewords a few sentences.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-22 16:23:24 +01:00
Richard Levitte
7cfab40f43 Small typo
Reviewed-by: Stephen Henson <steve@openssl.org>
2014-12-22 14:30:23 +01:00
Rich Salz
e03af1789f Minor doc fixes.
In EVP_EncryptInit remove duplicate mention of EVP_idea_cbc()
In EVP_PKEY_CTX_ctrl.pod remove EVP_PKEY_get_default_digest_nid
since it is documented elsewhere.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-11 17:05:57 -05:00
Matt Caswell
e35af275d5 Update documentation following BN opaquify
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 21:41:36 +00:00
Matt Caswell
e4bbee9633 Add documentation for OCB mode
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 10:28:56 +00:00
Emilia Kasper
376e2ca3e3 Clarify the return values for SSL_get_shared_curve.
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-12-05 18:31:21 +01:00
Kurt Roeckx
45f55f6a5b Remove SSLv2 support
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 11:55:03 +01:00
Richard Levitte
8123d158ab Correct some layout issues, convert all remaining tabs to appropriate amounts of spaces.
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-11-28 16:56:37 +01:00
Alok Menghrajani
03b637a730 Improves the proxy certificates howto doc.
The current documentation contains a bunch of spelling and grammar mistakes. I also
found it hard to understand some paragraphs, so here is my attempt to improve its
readability.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-11-28 16:55:59 +01:00
André Guerreiro
de87dd46c1 Add documentation on -timeout option in the ocsp utility
PR#3612

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-27 14:07:50 +00:00
Matt Caswell
6484958645 Updates to X509_NAME_get_index_by_NID.pod submitted by user Bernardh via the wiki
Minor changes made by Matt Caswell

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-27 13:56:07 +00:00
Matt Caswell
f281b8df70 Updates to X509_NAME_add_entry_by_txt.pod submitted by user Bernardh via the wiki
Minor changes made by Matt Caswell.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-27 13:55:54 +00:00
Matt Caswell
34890ac18e Updates to EVP_PKEY_encrypt.pod submitted by user Bernardh via the wiki
Minor changes made by Matt Caswell.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-11-27 13:55:37 +00:00
Rich Salz
14d3b76be8 RT3488: Update doc for OPENSSL_config
Fix CONF_load_modules to CONF_modules_load.
Document that it calls exit.
Advise against using it now.
Add an error print to stderr.

Reviewed-by: Matt Caswell <matt@openssl.org>
2014-11-20 13:40:03 -05:00
Alok Menghrajani
5211e094de Fixes a minor typo in the EVP docs.
Out is the buffer which needs to contain at least inl + cipher_block_size - 1 bytes. Outl
is just an int*.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-11-12 21:03:52 +00:00
Kurt Roeckx
bfc973f46c Fix spelling of EECDH
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-11-10 10:57:26 +01:00
Bodo Moeller
98f1ac7df5 Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-21 22:43:08 +02:00
Bodo Moeller
fb0e87fb67 Add TLS_FALLBACK_SCSV documentation, and move s_client -fallback_scsv
handling out of #ifndef OPENSSL_NO_DTLS1 section.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-10-15 10:43:50 +02:00
Rich Salz
5aed169305 RT3462: Document actions when data==NULL
If data is NULL, return the size needed to hold the
derived key.  No other API to do this, so document
the behavior.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-10-03 10:39:00 -04:00
Rich Salz
9208640a36 RT2309: Fix podpage MMNNFFPPS->MNNFFPPS
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-09-30 16:31:11 -04:00
Dr. Stephen Henson
5886354dcc Use correct function name: CMS_add1_signer()
Reviewed-by: Matt Caswell <matt@openssl.org>
2014-09-25 00:03:27 +01:00
Rich Salz
e8185aea87 RT3291: Add -crl and -revoke options to CA.pl
Document the new features

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-18 21:45:41 -04:00
Matthias Andree
a787c2590e RT2272: Add old-style hash to c_rehash
In addition to Matthias's change, I also added -n to
not remove links. And updated the manpage.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-08 11:34:44 -04:00
Rich Salz
e9edfc4196 RT468: SSL_CTX_sess_set_cache_size wrong
The documentation is wrong about what happens when the
session cache fills up.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-08 11:26:03 -04:00
Scott Schaefer
fe7573042f RT2518: fix pod2man errors
pod2man now complains when item tags are not sequential.
Also complains about missing =back and other tags.
Silence the warnings; most were already done.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-09-08 11:18:30 -04:00
Rich Salz
2afb29b480 RT992: RSA_check_key should have a callback arg
The original RT request included a patch.  By the time
we got around to doing it, however, the callback scheme
had changed. So I wrote a new function RSA_check_key_ex()
that uses the BN_GENCB callback.  But thanks very much
to Vinet Sharma <vineet.sharma@gmail.com> for the
initial implementation.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-08 11:11:49 -04:00
Rich Salz
4f13dabe72 RT1834: Fix PKCS7_verify return value
The function returns 0 or 1, only.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-09-08 10:43:08 -04:00
Emilia Kasper
95b1752cc7 Add i2d_re_X509_tbs
i2d_re_X509_tbs re-encodes the TBS portion of the certificate.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-09-05 17:18:06 +02:00
Adam Williamson
3aba132d61 RT3511: doc fix; req default serial is random
RT842, closed back in 2004, changed the default serial number
to be a random number rather than zero.  Finally time to update
the doc

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-08-31 23:40:56 -04:00
TANABE Hiroyasu
80ec8d4e3e RT1325,2973: Add more extensions to c_rehash
Add .crt/.cer/.crl to the filenames parsed.

I also updated the podpage (since it didn't exist when
this ticket was first created, nor when it was re-created
seven years later).

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-08-31 00:36:09 -04:00
Rich Salz
d1bea969e8 RT2119,3407: Updated to dgst.pod
Re-order algorithm list.
Be consistent in command synopsis.
Add content about signing.
Add EXAMPLE section
Add some missing options: -r, -fips-fingerprint -non-fips-allow
Various other fixes.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-08-30 10:03:22 -04:00
Rich Salz
8b77d64e99 RT2379: Additional typo fix
Andy found an additional typo "can be can be".
Now I have that silly "Que sera sera" song stuck in my head.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-08-30 09:55:56 -04:00
James Westby
cf2239b3b3 RT1941: c_rehash.pod is missing
Add the file written by James Westby, graciously contributed
under the terms of the OpenSSL license.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-08-30 09:50:48 -04:00
Rich Salz
07e3b31fae RT2379: Bug in BIO_set_accept_port.pod
The doc says that port can be "*" to mean any port.
That's wrong.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2014-08-29 16:45:02 -04:00
Rich Salz
c7497f34fb RT1665,2300: Crypto doc cleanups
RT1665: aes documentation.

Paul Green wrote a nice aes.pod file.
But we now encourage the EVP interface.
So I took his RT item and used it as impetus to add
the AES modes to EVP_EncryptInit.pod
I also noticed that rc4.pod has spurious references to some other
cipher pages, so I removed them.

RT2300: Clean up MD history (merged into RT1665)

Put HISTORY section only in EVP_DigestInit.pod. Also add words
to discourage use of older cipher-specific API, and remove SEE ALSO
links that point to them.

Make sure digest pages have a NOTE that says use EVP_DigestInit.

Review feedback:
More cleanup in EVP_EncryptInit.pod
Fixed SEE ALSO links in ripemd160.pod, sha.pod, mdc2.pod, blowfish.pod,
rc4.d, and des.pod.  Re-order sections in des.pod for consistency

Reviewed-by: Matt Caswell <matt@openssl.org>
2014-08-28 18:55:50 -04:00
Rich Salz
8d4193305b RT3102: Document -verify_error_return flag
Also moved some options around so all the "verify" options.
are clumped together.

Reviewed-by: Matt Caswell <matt@openssl.org>
2014-08-28 17:11:25 -04:00
Dr. Stephen Henson
f3f56c2a87 Custom extension documentation.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-08-28 17:06:53 +01:00
Matt Caswell
f063e30fe9 RT3065: automatically generate a missing EC public key
When d2i_ECPrivateKey reads a private key with a missing (optional) public key,
generate one automatically from the group and private key.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-08-27 19:49:35 +02:00
Mihai Militaru
7b3e11c544 RT2210: Add missing EVP_cleanup to example
I also removed some trailing whitespace and cleaned
up the "see also" list.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
2014-08-27 12:53:40 -04:00
David Gatwood
fa60b90950 RT1744: SSL_CTX_set_dump_dh() doc feedback
The description of when the server creates a DH key is
confusing.  This cleans it up.
(rsalz: also removed trailing whitespace.)

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2014-08-26 13:47:23 -04:00
Jan Schaumann
fd4592be3a RT1804: fix EXAMPLE in EVP_EncryptInit.pod
The EXAMPLE that used FILE and RC2 doesn't compile due to a
few minor errors.  Tweak to use IDEA and AES-128. Remove
examples about RC2 and RC5.

Reviewed-by: Emilia Kasper <emilia@openssl.org>
2014-08-25 10:25:02 -04:00
Matt Caswell
2dd8cb3b95 Typo fixes to evp documentation.
This patch was submitted by user "Kox" via the wiki

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-08-24 21:24:28 +01:00
Emilia Kasper
d64c533a20 Improve EVP_PKEY_sign documentation
Clarify the intended use of EVP_PKEY_sign. Make the code example compile.

Reviewed-by: Dr Stephen Henson <steve@openssl.org>
2014-08-22 15:00:11 +02:00