Commit graph

1253 commits

Author SHA1 Message Date
Rich Salz
7644a9aef8 Rename some BUF_xxx to OPENSSL_xxx
Rename BUF_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
to OPENSSL_{strdup,strlcat,strlcpy,memdup,strndup,strnlen}
Add #define's for the old names.
Add CRYPTO_{memdup,strndup}, called by OPENSSL_{memdup,strndup} macros.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-16 16:14:49 -05:00
Matt Caswell
8caab744f5 Fix s_server problem with no-ec
s_server was trying to set the ECDH curve when no-ec was defined. This also
highlighted the fact that the -no_ecdhe option to s_server is broken, and
doesn't make any sense any more (ECDHE is on by default and the only way it
can be disabled is through the cipherstring). Therefore this commit removes
the option.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-15 11:26:38 +00:00
Dr. Stephen Henson
0c497e96c4 Update EVP_PKEY documentation.
Add EVP_PKEY_up_ref() documentation and fix various typos.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-14 23:06:14 +00:00
Dr. Stephen Henson
c01ff880d4 New function X509_get0_pubkey
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-14 23:06:14 +00:00
Dr. Stephen Henson
2872dbe1c4 Add EVP_PKEY_get0_* functions.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-14 23:06:14 +00:00
Ben Kaduk
3903e1c334 Fix typo
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-13 22:19:22 -05:00
Rich Salz
9e8b6f0427 Use SHA256 not MD5 as default digest.
(Documentation update was in the MR but not the commit.  Oops.)
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-12-12 19:25:25 -05:00
Dr. Stephen Henson
9391ba1b51 Add extension utility documentation.
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-12 14:11:20 +00:00
Dr. Stephen Henson
3a59ad98e9 add X509_up_ref() documentation
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-12 14:11:20 +00:00
Dr. Stephen Henson
e989e54f66 extension documentation
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-12 14:11:20 +00:00
Rob Stradling
ba67253db1 Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633).
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

GH: #495, MR: #1435
2015-12-10 19:27:40 +01:00
Richard Levitte
706e2462f1 Document EVP_MD constructors, destructors and manipulators
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:40:20 +01:00
Richard Levitte
716854d74e Document the HMAC changes
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:40:20 +01:00
Richard Levitte
25191fffb9 Document the EVP_MD_CTX changes
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:40:20 +01:00
Richard Levitte
9b6c00707e Document the changed HMAC API.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-07 17:36:57 +01:00
Viktor Dukhovni
d231a4010b Fix typo and improve a bit of text
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-06 22:22:44 -05:00
Viktor Dukhovni
1c735804a2 Really disable 56-bit (single-DES) ciphers
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-12-06 12:32:19 -05:00
Kurt Roeckx
361a119127 Remove support for all 40 and 56 bit ciphers.
Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #364
2015-12-05 17:45:59 +01:00
Kurt Roeckx
fe6ef2472d Remove SSL_{CTX_}set_ecdh_auto() and always enable ECDH
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2015-12-04 22:30:36 +01:00
Dr. Stephen Henson
19c6d3ea2d Remove RSA_FLAG_SIGN_VER flag.
Remove RSA_FLAG_SIGN_VER: this was origininally used to retain binary
compatibility after RSA_METHOD was extended to include rsa_sign and
rsa_verify fields. It is no longer needed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-02 18:23:29 +00:00
Dr. Stephen Henson
7f572e958b Remove legacy sign/verify from EVP_MD.
Remove sign/verify and required_pkey_type fields of EVP_MD: these are a
legacy from when digests were linked to public key types. All signing is
now handled by the corresponding EVP_PKEY_METHOD.

Only allow supported digest types in RSA EVP_PKEY_METHOD: other algorithms
already block unsupported types.

Remove now obsolete EVP_dss1() and EVP_ecdsa().

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-02 17:52:01 +00:00
Rich Salz
e6390acac9 ex_data part 2: doc fixes and CRYPTO_free_ex_index.
Add CRYPTO_free_ex_index (for shared libraries)
Unify and complete the documentation for all "ex_data" API's and objects.
Replace xxx_get_ex_new_index functions with a macro.
Added an exdata test.
Renamed the ex_data internal datatypes.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-01 11:48:37 -05:00
Rich Salz
d59c7c81e3 Remove BN_init
Rename it to be an internal function bn_init.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-30 16:10:12 -05:00
Viktor Dukhovni
9446daac5b Correct aes-128-cbc cipher name
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-11-28 15:07:34 -05:00
Matt Caswell
e113c9c59d Add documentation for BN_with_flags
Following on from the previous commit this adds some documentation for the
BN_with_flags function which is easy to misuse.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-11-26 10:20:36 +00:00
Rich Salz
35cb565a9b Turn B<...()> into ...()
For all functions, consistently use asdf() not B<asdf()>

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-11-21 11:50:01 -05:00
Matt Caswell
68487a9b06 Convert __thread to pthreads for Thread Local Storage
In theory the pthreads approach for Thread Local Storage should be more
portable.

This also changes some APIs in order to accommodate this change. In
particular ASYNC_init_pool is renamed ASYNC_init_thread and
ASYNC_free_pool is renamed ASYNC_cleanup_thread. Also introduced ASYNC_init
and ASYNC_cleanup.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:39:30 +00:00
Matt Caswell
e8dfb5bf8e Add ASYNC_block_pause and ASYNC_unblock_pause
There are potential deadlock situations that can occur if code executing
within the context of a job aquires a lock, and then pauses the job. This
adds an ability to temporarily block pauses from occuring whilst performing
work and holding a lock.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:37:17 +00:00
Matt Caswell
8227255006 Add clarification to docs on ASYNC_free_pool()
Clarify that you must only call this after all async jobs have
completed - otherwise you could get memory leaks.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:35:19 +00:00
Matt Caswell
05a6347fec Tweak async documentation based on feedback
Add some clarifications to the async documentation. Also changed
ASYNC_pause_job() so that it returns success if you are not within the
context of a job. This is so that engines can be used either asynchronously
or synchronously and can treat an error from ASYNC_pause_job() as a real
error.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:35:19 +00:00
Matt Caswell
bc8857bf70 More async documentation
Document the libssl and command line application aspects of async.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:34:35 +00:00
Matt Caswell
c00793da99 Document async capabilities
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-11-20 23:34:34 +00:00
Kurt Roeckx
32c748140f BN_sub: document that r might be the same as a or b
Reviewed-by: Rich Salz <rsalz@akamai.com>

RT #4100, MR #1264
2015-11-20 22:29:57 +01:00
Dr. Stephen Henson
2cc7acd273 Use better defaults for TSA.
Use SHA256 for TSA and setted permitted digests to a sensible value.

Based on PR#4141

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-11-20 13:40:53 +00:00
Dr. Stephen Henson
e20b472751 Add support for signer_digest option in TS.
Based on PR#2145

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-11-20 13:40:53 +00:00
Dr. Stephen Henson
ff7fbfd550 Document new functions
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-14 00:13:08 +00:00
Dr. Stephen Henson
bf24ac9b54 Update and clarify ciphers documentation.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-11-14 00:06:33 +00:00
Nathan Phillip Brink
cfb4f1efba RT2667: Add IRC support to -starttls
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-13 17:17:18 -05:00
Matt Caswell
a974e64aaa Fix SSL_use_certificate_chain_file
The new function SSL_use_certificate_chain_file was always crashing in
the internal function use_certificate_chain_file because it would pass a
NULL value for SSL_CTX *, but use_certificate_chain_file would
unconditionally try to dereference it.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-11-10 23:02:44 +00:00
Matt Caswell
3d866ea67e Minor EVP_SignInit_ex doc fix
EVP_SignInit_ex was missing from the NAME section of its man page so
typing "man EVP_SignInit_ex" failed to load the page.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-11-04 14:37:13 +00:00
Richard Levitte
8976eb249a Remove dummy argument from BIO_get_bind_mode
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-11-02 17:36:49 +01:00
Richard Levitte
0e474b8b6f Document how BIO_get_conn_ip and BIO_get_conn_int_port actually work
No dummy arguments.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-11-02 17:36:49 +01:00
Soheil Rashidi
9f07c405bb Fixed typo in rsautl.pod
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-11-02 01:57:22 -05:00
Rich Salz
b0700d2c8d Replace "SSLeay" in API with OpenSSL
All instances of SSLeay (any combination of case) were replaced with
the case-equivalent OpenSSL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 17:21:42 -04:00
Matt Caswell
87d9cafa33 Remove some SSLv2 references
There were a few remaining references to SSLv2 support which are no longer
relevant now that it has been removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 09:17:22 +00:00
Matt Caswell
5998e29035 Remove SSL_state and SSL_set_state
SSL_state has been replaced by SSL_get_state and SSL_set_state is no longer
supported.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:39:46 +00:00
Matt Caswell
35bf6e0537 Change HANDSHAKE_STATE to OSSL_HANDSHAKE_STATE
Rename the enum HANDSHAKE_STATE to OSSL_HANDSHAKE_STATE to ensure there are
no namespace clashes, and convert it into a typedef.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:39:46 +00:00
Matt Caswell
f3b9257f82 Minor documentation tweak
Update the return type for SSL_state in the documentation.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-10-30 08:39:46 +00:00
Rich Salz
a528d4f0a9 Remove SSLeay history, etc., from docs
If something was "present in all versions" of SSLeay, or if it was
added to a version of SSLeay (and therefore predates OpenSSL),
remove mention of it.  Documentation history now starts with OpenSSL.

Remove mention of all history before OpenSSL 0.9.8, inclusive.

Remove all AUTHOR sections.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-10-28 17:23:51 -04:00
Rich Salz
6f5c030320 Remove HAMC_cleanup
Old API for use with OpenSSL-0.9.6.  Remove it.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-10-27 16:07:56 -04:00