Commit graph

60 commits

Author SHA1 Message Date
Dr. Matthias St. Pierre
f987a4dd89 man: clarify the 'random number generator must be seeded' requirement
The manual pages require for some API functions that the 'random number
generator must be seeded' before calling the function.  Initially, this
was meant literally, i.e. the OpenSSL CSPRNG had to be seeded manually
before calling these functions.

Since version 1.1.1, the CSPRNG is seeded automatically on first use,
so it's not the responsibility of the programmer anymore.  Still, he
needs to be aware that the seeding might fail.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9257)

(cherry picked from commit 262c00882a)
2019-06-27 14:48:43 +02:00
Christian Heimes
bb157fd142 Fix function names in ct(7) documentation
The correct function name is SSL_CTX_enable_ct, not SSL_CTX_ct_enable.

Signed-off-by: Christian Heimes <christian@python.org>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7916)

(cherry picked from commit 6f8b858d05)
2018-12-19 19:01:45 +01:00
Dr. Matthias St. Pierre
df75c2bfcd man: harmonize the various formulations in the HISTORY sections
While stereotyped repetitions are frowned upon in literature, they
serve a useful purpose in manual pages, because it is easier for
the user to find certain information if it is always presented in
the same way. For that reason, this commit harmonizes the varying
formulations in the HISTORY section about which functions, flags,
etc. were added in which OpenSSL version.

It also attempts to make the pod files more grep friendly by
avoiding to insert line breaks between the symbol names and the
corresponding version number in which they were introduced
(wherever possible). Some punctuation and typographical errors
were fixed on the way.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7854)
2018-12-15 22:45:39 +01:00
Matt Eaton
9b977afc0b Update RAND_DRBG.pod
Fixed a minor typo while reading the documentation.
I agree that this contribution is trivial can be freely used.

CLA: trivial

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7221)
2018-09-17 02:00:19 +03:00
Paul Yang
f922dac87d Add missing SM2err and fix doc nits
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07 18:12:26 +08:00
Paul Yang
571286b0a4 Add a SM2(7) man page
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7113)
2018-09-07 18:12:26 +08:00
Paul Yang
d3a9fb10ee Support EdDSA in apps/speed
This addresses issue #6922.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7073)
2018-09-07 14:39:19 +08:00
Hubert Kario
322755cc2a TLSv1.3 related changes to man pages
Add or update the documentation of the different man pages in relation to TLSv1.3 behaviour.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/6939)
2018-09-01 08:45:04 +08:00
parasssh
fa332bba91 Fix typos in documentation.
CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7038)
2018-08-22 22:42:11 -07:00
parasssh
723bd00473 Fix typos and errors in Ed25519.pod documentation
CLA: trivial

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7005)
2018-08-20 00:09:58 +02:00
Pauli
6e501c4719 Fix spelling errors in documentation.
Also fix some clumsy wording.

[skip_ci]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6545)
2018-06-21 14:54:27 +10:00
Nicola Tuveri
b26befb541 Fix & update documentation about RAND_priv_bytes()
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6514)
2018-06-19 17:06:38 +02:00
Richard Levitte
55c5c1b63a doc/man7/passphrase-encoding.pod: Make consistent
The man name didn't match the file name, and some places had
'password' instead of 'pass phrase'.

Fixes #6474

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6476)
2018-06-13 10:27:03 +02:00
Richard Levitte
0189bf2bbe Document UTF-8 expectation for pass phrases passed to OSSL_STORE
After some discussion, it was concluded that the better idea is to
stipulate that the pass phrases passed to the OSSL_STORE API are
expected to be UTF-8 encoded, and that all objects made accessible
through OSSL_STORE URIs should adhere to this expectation (at the
discretion of the loaders).

Email ref:
https://mta.openssl.org/pipermail/openssl-project/2018-June/000771.html

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6416)
2018-06-07 13:25:03 +02:00
Richard Levitte
166f0082e7 STORE: split off the description of the 'file' scheme loader
This includes a quick recommendation on how to name loader docmentation.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6350)
2018-06-01 19:37:09 +02:00
Richard Levitte
491c35324c Docs: add general document on how pass phrases are handled
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6179)
2018-05-14 15:56:59 +02:00
Richard Levitte
c16ab9dc63 docs: Fix typo EVP_PKEY_new_id -> EVP_PKEY_CTX_new_id
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6177)
2018-05-04 19:52:01 +02:00
Matt Caswell
3bfa4756bd Add some documentation for SSL_get_shared_ciphers()
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6113)
2018-05-02 23:30:47 +01:00
Dr. Matthias St. Pierre
b7fb239438 Revert "Add OPENSSL_VERSION_AT_LEAST"
Fixes #5961

This reverts commit 3c5a61dd0f.

The macros OPENSSL_MAKE_VERSION() and OPENSSL_VERSION_AT_LEAST() contain
errors and don't work as designed. Apart from that, their introduction
should be held back until a decision has been mad about the future
versioning scheme.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5968)
2018-04-16 18:43:52 +02:00
Richard Levitte
a8ca496ddb Split the scrypt and RSA-PSS into man3 and man7 pages
The scrypt and RSA-PSS documents were a mixture of section 3 and
section 7 material.  With pre-1.1.1 OpenSSL, this is understandable,
since we had a different directory layout.  With 1.1.1, we've moved to
the typical man-page directory layout, and the documents need to be
updated accordingly.

Also, the scrypt document contained a description of
EVP_PKEY_CTX_set1_pbe_pass(), which is a generic function rather than
an scrypt specific function, and therefore should be documented
separately.

Fixes #5802

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5942)
2018-04-13 11:55:13 +02:00
Dr. Matthias St. Pierre
f7bef277ea Minor corrections for the RAND_DRBG API documentation
- added some explaining text to a sentence that lost its context.
- removed mention of per-ssl drbg
- fix whitespace errors

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5804)
2018-04-11 18:56:03 +02:00
Dr. Matthias St. Pierre
a73d990e2b Add documentation for the RAND_DRBG API
The RAND_DRBG API was added in PR #5462 and modified by PR #5547.
This commit adds the corresponding documention.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5461)
2018-03-30 00:10:38 +02:00
Matt Caswell
f929439f61 Rename EVP_PKEY_new_private_key()/EVP_PKEY_new_public_key()
Renamed to EVP_PKEY_new_raw_private_key()/EVP_new_raw_public_key() as per
feedback.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15 12:47:27 +00:00
Matt Caswell
82dd65a2a7 Expand the 25519/448 overview man pages
Include more information about how to create keys for these algorithms.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5520)
2018-03-15 12:47:27 +00:00
Todd Short
37933acbea Add SSL/SSL_CTX_use_cert_and_key()
Add functions that will do the work of assigning certificate, privatekey
and chain certs to an SSL or SSL_CTX. If no privatekey is given, use the
publickey. This will permit the keys to pass validation for both ECDSA
and RSA. If a private key has already been set for the certificate, it
is discarded. A real private key can be set later.

This is an all-or-nothing setting of these parameters. Unlike the
SSL/SSL_CTX_use_certificate() and SSL/SSL_CTX_use_PrivateKey() functions,
the existing cert or privatekey is not modified (i.e. parameters copied).
This permits the existing cert/privatekey to be replaced.

It replaces the sequence of:
* SSL_use_certificate()
* SSL_use_privatekey()
* SSL_set1_chain()
And may actually be faster, as multiple checks are consolidated.

The private key can be NULL, if so an ENGINE module needs to contain the
actual private key that is to be used.

Note that ECDH (using the certificate's ECDSA key) ciphers do not work
without the private key being present, based on how the private key is
used in ECDH. ECDH does not offer PFS; ECDHE ciphers should be used instead.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/1130)
2018-03-09 10:28:04 -06:00
Alex Gaynor
c03dc6427c Fixed a typo in a man page
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5498)
2018-03-03 11:37:07 -05:00
Matt Caswell
a2eecb5d26 Update some documentation for X448/Ed448
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/5481)
2018-03-02 10:14:31 +00:00
Richard Levitte
6ab6deccd9 STORE: Add documentation on search criteria
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2688)
2018-02-23 07:40:42 +01:00
Richard Levitte
ce9586b98c STORE: Add documentation on expecting specific infos
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2688)
2018-02-23 07:40:42 +01:00
Matt Caswell
6738bf1417 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-02-13 13:59:25 +00:00
Michael Richardson
3c5a61dd0f Add OPENSSL_VERSION_AT_LEAST
added macro to create version number
use the macro to build OPENSSL_VERSION_AT_LEAST(maj,min,fix) so that
customers of libssl (such as ruby-openssl) do not need to be so aware of
openssl version numbers.
includes updates to ssl(7) and OPENSSL_VERSION_NUMBER(3) man page

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5212)
2018-02-01 13:22:48 -05:00
Richard Levitte
3c7d0945b6 Update copyright years on all files merged since Jan 1st 2018
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5038)
2018-01-09 05:49:01 +01:00
Dr. Matthias St. Pierre
32b28859e0 Improve readability of evp.pod
The changes are analogous to the ones made in commit 0bf340e135
to x509.pod, see PR #4924.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5012)
2018-01-04 07:52:00 -06:00
Daniel Bevenius
0bf340e135 Suggestion for improvements to x509.pod
This commit is a suggestion to hopefully improve x509.pod. I had to
re-read it the first time through and with these changes it reads a
little easier, and wondering if others agree.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4924)
2017-12-25 21:11:53 -06:00
Daniel Bevenius
631c37be32 Fix minor typo in bio.pod
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4917)
2017-12-12 12:31:12 -05:00
Daniel Bevenius
cbade36108 Minor improvements to ssl.pod
This commit contains suggestion that (hopefully) improve the
documentation in ssl.pod.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4914)
2017-12-12 13:14:45 +01:00
Johannes Bauer
6d8aba7b8c Add documentation for the scrypt PKEY_METHOD
Added manpage for the new scrypt EVP_PKEY_METHOD KDF interface.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4026)
2017-08-08 15:47:22 +01:00
Xiaoyin Liu
a970b14f8d Fix typo in documents
I scanned all files in the doc folder with a spell checker (https://github.com/EWSoftware/VSSpellChecker).
This patch (hopefully) corrected all spell errors that it found.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4065)
2017-08-01 09:30:11 +10:00
Benjamin Kaduk
d3b58b953c Remove trailing whitespace from store-related man pages
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3860)
2017-07-27 14:32:13 -05:00
Benjamin Kaduk
1fb2993d9e Catch up to the removal of OSSL_STORE_open_file()
Remove references to it in documentation.

Unfortunately, it is too late to renumber symbols in libcrypto.num
and avoid the NOEXIST entry there.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3860)
2017-07-27 14:32:13 -05:00
Rich Salz
a95d7574db Various doc fixes
Fix a =head1 section name
Fix a typo in POD label
Remove a spurious =back
Add a missing blank line
Avoid 'legacy' -- use 'deprecated' if still needed if we cannot just reword.
Always do strict checking
Do not warn about missing "RETURN VALUES" unless -s is set.
Change OpenSSL version 1.1 -> 1.1.0

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3830)
2017-07-03 10:40:33 -04:00
Richard Levitte
e2e603fe7c Add documentation for STORE functions
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:32 +02:00
Pauli
410e8c9356 Remove duplicate see also reference to BIO_s_mem.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3731)
2017-06-22 08:13:11 +10:00
Dr. Stephen Henson
d2916a5b29 Use EVP_PKEY_X25519, EVP_PKEY_ED25519 instead of NIDs where appropriate.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3585)
2017-06-21 14:11:01 +01:00
Josh Soref
27b138e9db Fix spelling errors in manpages
spelling: algorithm
spelling: anyway
spelling: assigned
spelling: authenticated
spelling: callback
spelling: certificate
spelling: compatibility
spelling: configuration
spelling: digest
spelling: encrypted
spelling: function
spelling: output
spelling: receive
spelling: renegotiation
spelling: signing
spelling: similar
spelling: string

(Merged from https://github.com/openssl/openssl/pull/3580)Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3580)
2017-06-11 16:21:33 -04:00
Dr. Stephen Henson
bf0d560938 Move and update RSA-PSS documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3621)
2017-06-06 13:37:41 +01:00
Dr. Stephen Henson
74e7836104 Add Ed25519 documentation
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
2017-05-30 20:38:21 +01:00
Rich Salz
2f61bc2ea3 Use 'over 2' for bullet lists.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3117)
2017-04-07 13:48:19 -04:00
Rich Salz
e1271ac221 Standardize on =over 4 and check for it.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3117)
2017-04-07 13:30:04 -04:00
FdaSilvaYY
69687aa829 More typo fixes
Fix some comments too
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3069)
2017-03-29 07:14:29 +02:00