Commit graph

2449 commits

Author SHA1 Message Date
Dr. Matthias St. Pierre
0f68b771b0 Fix misspelling errors and typos reported by codespell
Fixes #10998

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11000)
2020-02-06 16:52:07 +01:00
Jakub Jelen
6b9c86c471 doc: Fix typo in EVP_DigestSignInit manpage
CLA: trivial

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10841)

(cherry picked from commit 099a398268a298557be784528ac1d94f0f44c97c)
2020-02-06 16:15:33 +01:00
thekuwayama
2f1607989a Fix small misspelling in doc for OCSP_response_status
CLA: trivial

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10810)

(cherry picked from commit 924d041fe0c650a79449217f81880a6384ff06b2)
2020-02-06 16:12:34 +01:00
Matt Caswell
721eb8f631 Provide better documentation for SSL_get_servername()
The behaviour of SSL_get_servername() is quite complicated and depends on
numerous factors such as whether it is called on the client or the server,
whether it is called before or after the handshake, what protocol version
was negotiated, and whether a resumption was attempted or was successful.

We attempt to document the behavior more clearly.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/10018)

(cherry picked from commit 0dc7c8e8314f27ac093b2d7bc8f13d0dfd302bdb)
2020-01-30 16:12:16 +00:00
David Makepeace
081191e342 Fix type name typo in d2i/i2d documentation.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10933)

(cherry picked from commit 68229aebce159ecea7b887d6a0edd47d881a659b)
2020-01-30 16:17:03 +10:00
Benjamin Kaduk
59f92fa27e openssl-config: add example libssl system-defaults
Provide a "simple" example for affecting the systemwide default behavior
of libssl.  The large number of mandatory nested sections makes this
less simple than the main description might suggest.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10937)

(cherry picked from commit 3472082b4b6d73e0803a7c47f03e96ec0a69f77b)
2020-01-24 20:54:11 -08:00
Benjamin Kaduk
017015ceec Update SSL_CTX_sess_set_new_cb(3) docs for refcounts
The existing documentation for the new-session callback was unclear
about the requirements on the callback with respect to reference-handling
of the session object being created.  Be more explicit about the
(non-)requirements on the callback code for "success" (1) and "ignore"
(0) return values.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10848)

(cherry picked from commit 188d4ec82a9b0085ac5841cce3eda95efb94f2b4)
2020-01-16 13:41:50 -08:00
Richard Levitte
56c59ddd99 Fix documentation of return value for EVP_Digest{Sign,Verify}Init()
They never returned the negative values that the documentation stated.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10847)
2020-01-15 01:21:10 +01:00
Dr. David von Oheimb
6d5e2a4179 fix a glitch in the documentation of OCSP_sendreq_bio()
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10713)
2020-01-09 09:41:05 +01:00
Jussi Keranen
bf4006a6f9 Fix regression on x509 keyform argument
In OpenSSL pre 1.1.0, 'openssl x509 -keyform engine' was possible
and supported.  In 1.1.0, type of keyform argument is OPT_FMT_PEMDER
which doesn't support engine. This changes type of keyform argument
to OPT_FMT_PDE which means PEM, DER or engine and updates the manpage
including keyform and CAkeyform.

This restores the pre 1.1.0 behavior.

This issue is very similar than https://github.com/openssl/openssl/issues/4366

CLA: trivial

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10609)

(cherry picked from commit 0ab6fc79a9a63370be1a615729dc2a6ed0d6c89b)
2019-12-19 10:03:19 +01:00
Matt Caswell
e2af84bd45 Update the HISTORY entry for RSA_get0_pss_params()
Make a note of when this function was first introduced

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10568)
2019-12-16 14:50:07 +00:00
Matt Caswell
c1ebe0509a Backport the RSA_get0_pss_params() function from master
This is a missing accessor in order to obtain PSS parameters from an
RSA key, which should also be available in 1.1.1.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10568)
2019-12-16 14:50:07 +00:00
Rich Salz
3814dfe8df Fix docs for CRYPTO_secure_allocated
Fixes #9300

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10523)

(cherry picked from commit 20c09f00346aec3a20ceacc9c9d44c5f050e13dd)
2019-12-11 19:20:50 +01:00
Veres Lajos
3986b9bb6b Fix some typos
Reported-by: misspell-fixer <https://github.com/vlajos/misspell-fixer>

CLA: trivial

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10544)

(cherry picked from commit 79c44b4e3044aee9dc9618850d4f1ce067757b4b)
2019-12-11 19:17:00 +01:00
Dmitry Belyavskiy
03fbef9c24 Difference between EVP_CipherInit and EVP_CipherInit_ex
Fixes #10455

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10550)
2019-12-08 22:32:57 +03:00
moehuster
ca7c982821 Fix L<EVP_MD_CTX_set_pkey_ctx> links
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10420)
2019-11-28 16:48:25 +01:00
Richard Levitte
40d422fd3a doc/man7/proxy-certificates.pod: New guide for proxy certificates
This replaces doc/HOWTO/proxy_certificates.txt

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10507)

(cherry picked from commit 2a03823606b2d7e73e5dc890c3202e186511151f)
2019-11-27 16:21:15 +01:00
Anthony Hu
460a0b2b13 Add missing EVP_PKEY_METHOD accessors for digestsign and digestverify
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10388)

(cherry picked from commit 2555285fa5e4248ad4a5a0bc14ae4606443856c2)
2019-11-17 11:51:10 +01:00
Nicola Tuveri
3c25ac2d2e Extend docs for EC_POINT conversion functions
Add more explicit documentation about the relation between
EC_POINT_point2oct(), EC_POINT_point2hex(), EC_POINT_point2bn() and
their reverse.

In particular highlight that EC_POINT_point2oct() and
EC_POINT_oct2point() conform to, respectively, Sec. 2.3.3 and Sec. 2.3.4
of the SECG SEC 1 standard (which is the normative reference for the
already mentioned RFC 5480), highlighting with a note how this affect
the encoding/decoding of the point at infinity (which in contrast with
any other valid generic point of a curve is assigned an exceptional
fixed octet string encoding, i.e., 0x00).

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10329)

(cherry picked from commit 3cc26f2eba8a8c16ac559e68c05c094d7ea6bd8b)
2019-11-13 18:24:06 +02:00
Richard Levitte
9fc977c76d SSL: Document SSL_add_{file,dir}_cert_subjects_to_stack()
This also removes the incorrect documentation comments by those
functions.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10403)
2019-11-12 13:43:33 +01:00
Jakub Zelenka
689c07b8d5 Fix SYNOPSIS for ASN1_ENUMERATED_get_int64 and ASN1_ENUMERATED_set_int64
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9823)

(cherry picked from commit 2aa28a1abc893fb16b99ba77e2fecb1cbc8769c7)
2019-10-31 11:16:03 +00:00
Matt Caswell
3a9080d6f4 Fix a copy&paste error in the TLSv1.3 server side PSK documentation
The introductory paragraph for the TLSv1.3 server side PSK documentation
is a copy & paste of the client side documentation which has not been
updated with the server side equivalent information.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10245)

(cherry picked from commit c549cb46e0d3cb4e611acafae5f919b4a8df4007)
2019-10-28 13:08:42 +00:00
Nicola Tuveri
77f945bc98 Fix doc for EC_GROUP_set_curve()
(cherry picked from commit eb2ff0408ac6e934e05db7ed4006855c018584f1)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10235)
2019-10-23 01:07:28 +03:00
Nicola Tuveri
383ba7ade7 Improve formatting for man3/EC_GROUP_new.pod
- Use `()` to qualify function names, consistently
- Limit line width to 80 chars

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10235)
2019-10-23 01:04:47 +03:00
agnosticdev
c22987ce97 Update dgst.c to show a list of message digests
Fixes #9893

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10219)
2019-10-22 23:29:15 +02:00
jayaram
24c23e1f3c fixed the RETURN VALUES section in the EC_GROUP documentation
for the following functions.

EC_GROUP_get_order
EC_GROUP_get_cofactor
EC_GROUP_get_curve_name
EC_GROUP_get_asn1_flag
EC_GROUP_get_point_conversion_form
EC_GROUP_get_degree

(cherry picked from commit df3d1e84b3802acffeec11d6224e8a0e33d0aa83)

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9664)
2019-10-22 14:14:55 +03:00
Matt Caswell
abf92a9715 i2d_PublicKey was listed in 2 different man pages
find-doc-nits complains if a symbol is documented in more than one
location.

Reviewed-by: Richard Levitte <levitte@openssl.org>

(cherry picked from commit 4ff4e53f81)

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10094)
2019-10-15 16:04:47 +02:00
Pauli
109a00269d issue-8493: Fix for filenames with newlines using openssl dgst
The output format now matches coreutils *dgst tools.

[ edited to remove trailing white space ]

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>

(cherry picked from commit f3448f5481)

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10094)
2019-10-15 16:04:47 +02:00
Pauli
3c682fad5f Add documentation for the -sigopt option.
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>

(cherry picked from commit d7b2124a42)

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10094)
2019-10-15 16:04:47 +02:00
David Benjamin
44301079c8 Document and add macros for additional DSA options
EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS and EVP_PKEY_CTRL_DSA_PARAMGEN_MD are only
exposed from EVP_PKEY_CTX_ctrl, which means callers must write more error-prone
code (see also issue #1319). Add the missing wrapper macros and document them.

Reviewed-by: Matt Caswell <matt@openssl.org>

(cherry picked from commit a97faad76a)

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10094)
2019-10-15 16:04:46 +02:00
Antoine Salon
0388d212af Add missing EVP_MD documentation
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>

(cherry picked from commit 37842dfaeb)

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10094)
2019-10-15 16:04:46 +02:00
Rich Salz
f736feeabf Fix reference to PEM docs
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10101)

(cherry picked from commit 120cc034271e9ab52f92840a16784228e50564f9)
2019-10-09 17:45:21 +02:00
Richard Levitte
95e4ee81de Add documentation for PEM_{read,write}_bio_Parameters()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10113)

(cherry picked from commit 9a6abb95be42b88c7c5ebc8c97f14afdc5919aa1)
2019-10-07 11:36:48 +02:00
Christian Heimes
45ab67614a doc: EVP_DigestInit clears all flags
Mention that EVP_DigestInit() also clears all flags.

Fixes: 10031
Signed-off-by: Christian Heimes <christian@python.org>

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10032)

(cherry picked from commit 091aab66a6dbc3a3ecee7684aa30811b342f04e7)
2019-10-03 10:39:21 +10:00
Matt Caswell
b6390e8460 Correct the function names in SSL_CTX_set_stateless_cookie_generate_cb.pod
Although the synopsis used the correct function names, the description did
not. Also the description of the equivalent DTLSv1_listen() callbacks was
missing, so these have been added.

Fixes #10030

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10033)

(cherry picked from commit 84f471ecab76a16281a16c53d259bbcae358816f)
2019-09-30 15:31:44 +01:00
Richard Levitte
61df2198e2 DOC: fix documentation of som EVP_MD_CTX functions
They were documented to take an EVP_MD pointer, when they really take
an EVP_MD_CTX pointer.

Fixes #9993

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9997)
2019-09-24 13:25:27 +02:00
Jan-Frederik Rieckers
9f8deee243 Fix small typo in doc for X509_STORE_CTX_new
CLA: trivial

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9894)

(cherry picked from commit 64c1e74572f16a3e7c225f66fe85a3451ad39e68)
2019-09-15 10:05:57 +02:00
Matt Caswell
1cb7eff45b Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9847)
2019-09-10 13:56:40 +01:00
Johannes
378d53ec4d Correct documented return value for BIO_get_mem_data()
CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9643)

(cherry picked from commit 797a5b7af9)
2019-08-20 22:01:02 +10:00
Rich Salz
40cb2be7c5 Fix some pod-page ordering nits
Backport of https://github.com/openssl/openssl/pull/9602

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9632)
2019-08-19 07:49:12 +02:00
Mykola Baibuz
be4660f8d4 doc: fix link in BN_new.pod
Fixes #9622

CLA: trivial

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9627)

(cherry picked from commit faee6b2104)
2019-08-19 07:21:13 +02:00
Paul Yang
5c9261aa07 Add description in X509_STORE manipulation
Add memory management description in X509_STORE_add_cert, otherwise
users will not be aware that they are leaking memory...

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9484)

(cherry picked from commit 86333b6e0c)
2019-08-14 10:31:02 +08:00
Denis Ovsienko
2d20b26835 Remove some duplicate words from the documentation
Fixup INSTALL and a couple man pages to get rid of "the the" and "in the
in the".

CLA: trivial

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9563)

(cherry picked from commit 3c74e77bd8)
2019-08-12 16:01:00 +08:00
Vladimir Kotal
85171a929d mention what happens if OPENSSL_NO_RC2 is defined
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9415)

(cherry picked from commit 8c47e55ee6)
2019-08-09 09:47:32 +01:00
Martin Ukrop
bb00b0404d Fix reversed meaning of error codes
The meaning of the X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY and X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT error codes were still reversed in the X509_STORE_CTX_get_error function documentation.
This used to be the problem also in the verify application documentation, but was fixed on 2010-02-23 in 7d3d178.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9529)

(cherry picked from commit 6d5aa88d74)
2019-08-08 10:25:13 +01:00
Matt Caswell
da4ea0cfe6 Fix ECDSA_SIG docs
They incorrectly said that i2d_ECDSA_SIG returns 0 on error. In fact it
returns a negative value on error.

We fix this by moving the i2d_ECDSA_SIG/d2i_ECDSA_SIG docs onto the same
page as all the other d2i/i2d docs.

Fixes #9517

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9533)

(cherry picked from commit bbda79976b)
2019-08-06 11:34:10 +01:00
Dr. Matthias St. Pierre
74b9ce2d84 Add missing accessors for X509 AuthorityKeyIdentifier
Complements commit b383aa2081, which added X509_get0_authority_key_id().

 const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x);
 const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x);      [NEW]
 const ASN1_INTEGER *X509_get0_authority_serial(X509 *x);       [NEW]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9494)
2019-08-01 12:13:37 +02:00
Antoine Cœur
a5c83db4ae Fix Typos
CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9295)
2019-07-31 19:48:30 +02:00
Todd Short
686ead4537 Fix SSL_CTX_set_session_id_context() docs
Also, use define rather than sizeof

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9377)

(cherry picked from commit fe9edc9d39)
2019-07-16 13:58:18 +01:00
agnosticdev
ab2d477c0a issue-9316: Update return documentation for RAND_set_rand_engine
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9351)

(cherry picked from commit 5fe6e2311d)
2019-07-12 00:06:21 +10:00