Commit graph

1764 commits

Author SHA1 Message Date
Rob Percival
65b3dff76b apps/req.c: flag "-new" is implied by "-precert"
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/843)
2017-02-22 10:40:30 -05:00
Rob Percival
7bb89f094d Documentation for the -precert flag for "openssl req"
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/843)
2017-02-22 10:40:30 -05:00
Dmitry Belyavskiy
a7c04f2b54 Provided support for the -nameopt flag in s_client, s_server and s_time
commands.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2695)
2017-02-21 13:50:00 -05:00
Pauli
d42d0a4dc7 Implementation of the ARIA cipher as described in RFC 5794.
This implementation is written in endian agnostic C code. No attempt
at providing machine specific assembly code has been made. This
implementation expands the evptests by including the test cases from
RFC 5794 and ARIA official site rather than providing an individual
test case. Support for ARIA has been integrated into the command line
applications, but not TLS. Implemented modes are CBC, CFB1, CFB8,
CFB128, CTR, ECB and OFB128.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2337)
2017-02-21 11:51:45 +01:00
Dmitry Belyavskiy
ad39b31c1c Added '-nameopt' option to the verify command.
It makes possible to print the certificate's DN correctly in case of verification errors.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2656)
2017-02-20 19:35:14 -05:00
Matt Caswell
4fbfe86ae3 Don't use an enum in the return type for a public API function
We use an int instead. That means SSL_key_update() also should use an int.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609)
2017-02-17 10:28:01 +00:00
Matt Caswell
3982063756 Add documentation for SSL_key_update() and SSL_get_key_update_type()
This also adds documentation for the pre-existing and related
SSL_renegotiate*() functions.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2609)
2017-02-17 10:28:01 +00:00
Robert Scheck
20967afb7f Add Sieve support (RFC 5804) to s_client ("-starttls sieve")
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2300)
2017-02-14 14:15:28 -05:00
Darren Tucker
4fd7b54dc2 DES keys are not 7 days long.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2604)
2017-02-13 11:50:44 +01:00
Matt Caswell
fbc9eeaaa3 Fix a typo in the X509_get0_subject_key_id() documentation
Fixes a copy&paste error

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2568)
2017-02-09 10:38:52 +00:00
Dr. Stephen Henson
21d94d4424 Update documentation
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2550)
2017-02-08 02:16:28 +00:00
Rich Salz
e9681f8314 Centralize documentation about config file location
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2569)
2017-02-07 21:10:55 -05:00
Peter Wu
4bf73e9f86 apps: Add support for writing a keylog file
The server and client demos (s_client and s_server) are extended with a
-keylogfile option. This is similar as setting the SSLKEYLOGFILE
environment variable for NSS and creates a keylog file which is suitable
for Wireshark.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2343)
2017-02-07 19:20:56 +01:00
Rich Salz
be4c82aa76 Fix parsing of serial# in req
Reported by Jakub Wilk.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2556)
2017-02-06 09:48:21 -05:00
Rich Salz
bb6c5e7f69 Doc fix
Reported by Alexander Köppe

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2557)
2017-02-06 09:13:35 -05:00
Robert Scheck
8f85aa6bd3 Add NNTP support (RFC 4642) to s_client ("-starttls nntp")
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2310)
2017-02-03 09:49:54 -05:00
Todd Short
3f5616d734 Add support for parameterized SipHash
The core SipHash supports either 8 or 16-byte output and a configurable
number of rounds.
The default behavior, as added to EVP, is to use 16-byte output and
2,4 rounds, which matches the behavior of most implementations.
There is an EVP_PKEY_CTRL that can control the output size.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2216)
2017-02-01 14:14:36 -05:00
Dr. Stephen Henson
a593cffe48 Update documentation
Add details of the use of PSS for signature algorithms.

Document SSL_get_peer_signature_nid() and SSL_get_peer_signature_type_nid().

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2301)
2017-01-30 13:00:17 +00:00
Richard Levitte
6f8950a3cc Document DH_check_params()
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2017-01-26 10:54:01 +00:00
FdaSilvaYY
d2a5699998 Few nit's
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1618)
2017-01-25 09:06:34 +00:00
FdaSilvaYY
28b86f313b Fix some extra or missing whitespaces...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1618)
2017-01-25 09:06:34 +00:00
Todd Short
52ad5b60e3 Add support for Poly1305 in EVP_PKEY
Add Poly1305 as a "signed" digest.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2128)
2017-01-24 15:40:37 +01:00
Cory Benfield
2f5f49d146 Add documentation for the key logging callbacks
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1646)
2017-01-23 17:07:43 +01:00
Gaétan Njinang
037f2c3f48 'openssl passwd' command can now compute AIX MD5-based passwords hashes.
The difference between the AIX MD5 password algorithm and the standard MD5
password algorithm is that in AIX there is no magic string while in the
standard MD5 password algorithm the magic string is "$1$"

Documentation of '-aixmd5' option of 'openssl passwd' command is added.

1 test is added in test/recipes/20-test-passwd.t

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2251)
2017-01-21 10:44:23 -05:00
Markus Triska
424baabdf5 correct 3 mistakes
CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2257)
2017-01-19 12:45:04 -05:00
Dr. Stephen Henson
137096a7ea Defines and strings for special salt length values, add tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2236)
2017-01-18 15:04:49 +00:00
Dr. Stephen Henson
79ebfc4681 Add support for -1, -2 salt lengths for PSS only keys.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2236)
2017-01-18 15:04:49 +00:00
Markus Triska
1f164c6fad Correct reference to SSL_get_peer_cert_chain().
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
CLA: trivial
(Merged from https://github.com/openssl/openssl/pull/2247)
2017-01-18 01:40:36 +01:00
xemdetia
ef3f621ed5 Fix man3 reference to CRYPTO_secure_used
CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2238)
2017-01-16 16:33:39 -05:00
Rich Salz
5071824321 Fix "failure rate" bugs
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2228)
2017-01-13 15:47:02 -05:00
Rich Salz
3e5d9da5fc Make X509_Digest,others public
Also, if want SHA1 then use the pre-computed value if there.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2223)
2017-01-12 16:39:41 -05:00
Rich Salz
d49661ced5 Rename file so "ls" works on 80 columns
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2221)
2017-01-12 15:40:40 -05:00
Rich Salz
a68d8c7b77 Add documentation
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1252)
2017-01-12 14:04:41 -05:00
Rich Salz
329f2f4a42 GH2176: Add X509_VERIFY_PARAM_get_time
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2208)
2017-01-12 09:54:09 -05:00
Richard Levitte
23103a52e9 UI documentation fixup
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2218)
2017-01-12 15:23:15 +01:00
Richard Levitte
78b19e90b4 Add a few documentation lines about UI_OpenSSL()
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2204)
2017-01-11 18:27:27 +01:00
Richard Levitte
cc10f22755 Document the UI utility functions
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2204)
2017-01-11 18:27:27 +01:00
Richard Levitte
18cfc668ea Add an application data field in the UI_METHOD
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2204)
2017-01-11 18:27:27 +01:00
Rich Salz
684b16953b Fix typo in Blake2 function names
Fixes GitHub issue 2169.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2207)
2017-01-10 16:36:03 -05:00
Rich Salz
3adc41dd22 Rename "verify_cb" to SSL_verify_cb
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)
2017-01-09 16:09:50 -05:00
Rich Salz
121677b487 Doc nits: callback function typedefs
Enhance find-doc-nits to be better about finding typedefs for
callback functions.  Fix all nits it now finds.  Added some new
typedef names to ssl.h some of which were documented but did not
exist

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2151)
2017-01-09 16:09:50 -05:00
Dr. Stephen Henson
76951372af Documentation clarification and fixes.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:52 +00:00
Dr. Stephen Henson
c916505092 Add documentation for PSS control operations.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:51 +00:00
Dr. Stephen Henson
7751098ecd document RSA-PSS algorithm options
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
2017-01-08 01:42:50 +00:00
Markus Triska
67adf0a7c2 replace "will lookup up" by "will look up"
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
CLA: trivial
(Merged from https://github.com/openssl/openssl/pull/2145)
2016-12-29 01:29:39 +01:00
Finn Hakansson
0b742f93ea Fix typo.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
CLA: trivial
(Merged from https://github.com/openssl/openssl/pull/2086)
2016-12-18 21:44:42 +01:00
Andy Polyakov
569204be90 man3/OPENSSL_ia32cap.pod: clarify AVX512 support in clang context.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-15 17:57:38 +01:00
Rich Salz
a47bc28317 Add X509_VERIFY_PARAM inheritance flag set/get
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2079)
2016-12-13 14:30:21 -05:00
Rich Salz
3dfda1a636 Fix various doc nits.
find-doc-nits warns if you don't give a "what to do flag"
Don't use regexps for section names, just strings:  More consistency.
Rename "COMMAND OPTIONS" to OPTIONS.
Fix a couple of other nit-level things.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2076)
2016-12-13 12:12:35 -05:00
Dmitry Belyavskiy
498180de5c Typo fixed
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2075)
2016-12-12 09:28:56 -05:00