Commit graph

971 commits

Author SHA1 Message Date
Rich Salz
19fca4cafc RT3940: For now, just document the issue.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 2a9afa4046)
2016-08-19 11:45:57 -04:00
Richard Levitte
08327bfb26 Allow proxy certs to be present when verifying a chain
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 6ad8c48291)
2016-06-30 01:01:38 +02:00
Viktor Dukhovni
aed4d5b7cb Clarify negative return from X509_verify_cert()
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-26 16:36:35 -04:00
Dr. Stephen Henson
c3011e3e1d add documentation
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit b1b3e14fbe)
2016-05-04 13:00:17 +01:00
Matt Caswell
e903aaf894 Remove some documentation for functions not in 1.0.x
A few functions in the recently added EVP_EncodeInit docs don't apply to
the 1.0.x branches.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-03 12:54:06 +01:00
Matt Caswell
fec6d1e868 Add documentation for EVP_EncodeInit() and similar functions
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-03 11:54:00 +01:00
Kurt Roeckx
6e7a1f35b7 Remove LOW from the default
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(cherry picked from commit 29cce50897)
2016-03-07 18:57:40 +01:00
Viktor Dukhovni
abd5d8fbef Disable EXPORT and LOW SSLv3+ ciphers by default
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-03-01 11:24:02 +00:00
Viktor Dukhovni
a82cfd612b Bring SSL method documentation up to date
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-03-01 11:24:02 +00:00
Matt Caswell
8bc643efc8 Always generate DH keys for ephemeral DH cipher suites
Modified version of the commit ffaef3f15 in the master branch by Stephen
Henson. This makes the SSL_OP_SINGLE_DH_USE option a no-op and always
generates a new DH key for every handshake regardless.

This is a follow on from CVE-2016-0701. This branch is not impacted by
that CVE because it does not support X9.42 style parameters. It is still
possible to generate parameters based on primes that are not "safe",
although by default OpenSSL does not do this. The documentation does
sign post that using such parameters is unsafe if the private DH key is
reused. However to avoid accidental problems or future attacks this commit
has been backported to this branch.

Issue reported by Antonio Sanso

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-28 10:27:55 +00:00
Kurt Roeckx
ff9cef0266 File is about s_time, not s_client
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 1918e01c9f)
2016-01-10 13:14:52 +01:00
Matt Caswell
968bccee46 Add some documentation for the OCSP callback functions
Describe the usage of the OCSP callback functions on both the client and
the server side.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(cherry picked from commit c52c3b5e11)
2015-12-27 22:05:36 +00:00
Richard Levitte
0dae9636e8 Document how BIO_get_conn_ip and BIO_get_conn_int_port actually work
No dummy arguments.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 7eb5125125)
2015-12-19 22:10:32 +01:00
Matt Caswell
1fe1c65c3b Minor EVP_SignInit_ex doc fix
EVP_SignInit_ex was missing from the NAME section of its man page so
typing "man EVP_SignInit_ex" failed to load the page.

Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit 3d866ea67e)
2015-11-04 14:39:32 +00:00
Alessandro Ghedini
020bc42893 Fix typos
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit d900a015b5)
2015-10-23 20:41:17 +02:00
Adam Eijdenberg
2d404dc380 Clarify return values for EVP_DigestVerifyFinal.
Previous language was unclear.  New language isn't pretty but I believe
it is more accurate.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 8cbb048c3e)
2015-10-22 21:11:19 -04:00
Ismo Puustinen
72ac982306 GH367: use random data if seed too short.
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 6f997dc365)
2015-09-29 12:49:16 -04:00
Hubert Kario
b0c8e38e33 RT4051: fix ciphers man page typo
the alias supported by OpenSSL 1.0.1 is "EECDH" not "EECDHE"
(GH PR 405)

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-09-29 11:15:12 -04:00
Emilia Kasper
456b9820eb BUF_strdup and friends: update docs
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 58e3457a82)
(cherry picked from commit be250ee2d3)
2015-09-22 20:09:42 +02:00
Rich Salz
628c15039f This undoes GH367 for non-master
Was only approved for master, to avoid compatibility issues on
previous releases.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 6be18a2219)
2015-09-18 15:56:45 -04:00
Dr. Stephen Henson
8b5ac90e5e Use default field separator.
If the field separator isn't specified through -nameopt then use
XN_FLAG_SEP_CPLUS_SPC instead of printing nothing and returing an error.

PR#2397

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 03706afa30)
2015-09-11 20:52:58 +01:00
Ben Kaduk
a6ce498b2a GH367 follow-up, for more clarity
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 36ac7bc8a9)
2015-08-31 13:47:12 -04:00
Richard Levitte
c88f65f5b5 Remove auto-fill-mode
Apparently, emacs sees changes to auto-fill-mode as insecure

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 6dc08048d9)
2015-08-31 18:21:04 +02:00
Richard Levitte
fc90ab42db Add an example .dir-locals.el
This file, when copied to .dir-locals.el in the OpenSSL source top,
will make sure that the CC mode style "OpenSSL-II" will be used for
all C files.

Additionally, I makes sure that tabs are never used as indentation
character, regardless of the emacs mode, and that the fill column is
78.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0927f0d822)
2015-08-31 18:21:04 +02:00
Richard Levitte
8d677c10f9 Add emacs CC mode style for OpenSSL
This hopefully conforms closely enough to the current code style.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit d9b3554b2d)
2015-08-31 18:21:04 +02:00
Ismo Puustinen
9a97446468 GH367: Fix dsa keygen for too-short seed
If the seed value for dsa key generation is too short (< qsize),
return an error. Also update the documentation.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit f00a10b897)
2015-08-28 11:25:44 -04:00
Viktor Dukhovni
eb55a6f455 GH correct organizationalUnitName
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 208b2d541d)
2015-08-26 17:32:09 -04:00
Markus Rinne
86de216da3 RT4019: Duplicate -hmac flag in dgst.pod
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-08-25 12:15:03 -04:00
Rich Salz
bedcd9385f GH372: Remove duplicate flags
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 32c5e0ba0f)
2015-08-25 12:13:11 -04:00
Dr. Stephen Henson
2cf51451f3 Update docs.
Clarify and update documention for extra chain certificates.

PR#3878.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2fd7fb99db)
2015-08-14 06:35:38 +01:00
mancha
396a2dc071 Fix author credit for e5c0bc6
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-07-15 06:50:12 -04:00
Rich Salz
001c957676 Revert "Missing perldoc markup around < literal"
This reverts commit e5c0bc6cc4.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-07-15 06:50:12 -04:00
GitHub User
432785095c Missing perldoc markup around < literal
Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit e5c0bc6cc4)
2015-07-14 01:33:29 -04:00
Matt Caswell
b3b1eb5735 Reject calls to X509_verify_cert that have not been reinitialised
The function X509_verify_cert checks the value of |ctx->chain| at the
beginning, and if it is NULL then it initialises it, along with the value
of ctx->untrusted. The normal way to use X509_verify_cert() is to first
call X509_STORE_CTX_init(); then set up various parameters etc; then call
X509_verify_cert(); then check the results; and finally call
X509_STORE_CTX_cleanup(). The initial call to X509_STORE_CTX_init() sets
|ctx->chain| to NULL. The only place in the OpenSSL codebase  where
|ctx->chain| is set to anything other than a non NULL value is in
X509_verify_cert itself. Therefore the only ways that |ctx->chain| could be
non NULL on entry to X509_verify_cert is if one of the following occurs:
1) An application calls X509_verify_cert() twice without re-initialising
in between.
2) An application reaches inside the X509_STORE_CTX structure and changes
the value of |ctx->chain| directly.

With regards to the second of these, we should discount this - it should
not be supported to allow this.

With regards to the first of these, the documentation is not exactly
crystal clear, but the implication is that you must call
X509_STORE_CTX_init() before each call to X509_verify_cert(). If you fail
to do this then, at best, the results would be undefined.

Calling X509_verify_cert() with |ctx->chain| set to a non NULL value is
likely to have unexpected results, and could be dangerous. This commit
changes the behaviour of X509_verify_cert() so that it causes an error if
|ctx->chain| is anything other than NULL (because this indicates that we
have not been initialised properly). It also clarifies the associated
documentation. This is a follow up commit to CVE-2015-1793.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-07-07 22:52:36 +01:00
Dr. Stephen Henson
e5d5019a23 document -2 return value
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 5727582cf5)
2015-07-06 18:36:10 +01:00
Dr. Stephen Henson
e2cf18c635 PEM doc fixes
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit f097f81c89)
2015-05-28 18:02:19 +01:00
Matt Caswell
b484b040e3 Fix off-by-one in BN_rand
If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte
buffer overflow can occur. There are no such instances within the OpenSSL at
the moment.

Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for
discovering and reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-05-22 23:45:33 +01:00
Matt Caswell
726b5e7132 Reject negative shifts for BN_rshift and BN_lshift
The functions BN_rshift and BN_lshift shift their arguments to the right or
left by a specified number of bits. Unpredicatable results (including
crashes) can occur if a negative number is supplied for the shift value.

Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian
for discovering and reporting this issue.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 7cc18d8158)

Conflicts:
	crypto/bn/bn.h
	crypto/bn/bn_err.c
2015-05-22 23:21:55 +01:00
Matt Caswell
1c687ff4dd Add documentation for the -no_alt_chains option for various apps, as well as the X509_V_FLAG_NO_ALT_CHAINS flag.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>

Conflicts:
	doc/apps/cms.pod
	doc/apps/ocsp.pod
	doc/apps/s_client.pod
	doc/apps/s_server.pod
	doc/apps/smime.pod
	doc/apps/verify.pod
2015-05-20 23:14:25 +02:00
Emilia Kasper
ff4de7dde9 Update documentation with Diffie-Hellman best practices.
- Do not advise generation of DH parameters with dsaparam to save
computation time.
- Promote use of custom parameters more, and explicitly forbid use of
built-in parameters weaker than 2048 bits.
- Advise the callback to ignore <keylength> - it is currently called
with 1024 bits, but this value can and should be safely ignored by
servers.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-20 15:01:36 +02:00
Emilia Kasper
3372aeed2c dhparam: fix documentation
The default bitlength is now 2048. Also clarify that either the number
of bits or the generator must be present:

$ openssl dhparam -2
and
$ openssl dhparam 2048
generate parameters but
$ openssl dhparam
does not.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-05-20 15:01:36 +02:00
Dr. Stephen Henson
5d74b4b4b3 Configuration file examples.
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 7b68c30da0)
2015-03-24 12:27:36 +00:00
Dr. Stephen Henson
1a09816435 additional configuration documentation
Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 3d764db7a2)
2015-03-12 13:45:52 +00:00
Dr. Stephen Henson
876ed10574 Additional CMS documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit e3013932df)
2015-03-08 16:19:38 +00:00
Kurt Roeckx
bc2e18a3c8 Remove export ciphers from the DEFAULT cipher list
They are moved to the COMPLEMENTOFDEFAULT instead.
This also fixes SSLv2 to be part of COMPLEMENTOFDEFAULT.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit f417997a32)

Conflicts:
	ssl/ssl_ciph.c
2015-03-07 23:08:12 +01:00
Matt Caswell
1aff39de76 Fix some minor documentation issues
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:46:20 +00:00
Matt Caswell
1159e24d56 Add dire warnings about the "reuse" capability of the d2i_* functions.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-25 17:46:20 +00:00
Matt Caswell
b91058d222 Provide documentation for i2d_ECPrivateKey and d2i_ECPrivateKey
Reviewed-by: Emilia Käsper <emilia@openssl.org>

Conflicts:
	doc/crypto/EC_KEY_new.pod
	doc/crypto/EC_POINT_new.pod
2015-02-25 17:46:20 +00:00
Dr. Stephen Henson
9cd061725b Document -no_explicit
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 384dee5124)
2015-02-24 15:28:56 +00:00
Matt Caswell
53e652ae44 Provide documentation for all SSL(_CTX)?_(get|set)(_default)?_read_ahead
functions.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit 8507474564)
2015-01-27 14:35:13 +00:00