diff options
Diffstat (limited to 'openssl/doc')
96 files changed, 3500 insertions, 450 deletions
diff --git a/openssl/doc/HOWTO/certificates.txt b/openssl/doc/HOWTO/certificates.txt index a8a34c7ab..65f8fc829 100644 --- a/openssl/doc/HOWTO/certificates.txt +++ b/openssl/doc/HOWTO/certificates.txt @@ -3,22 +3,22 @@ 1. Introduction -How you handle certificates depend a great deal on what your role is. +How you handle certificates depends a great deal on what your role is. Your role can be one or several of: - - User of some client software - - User of some server software + - User of some client application + - User of some server application - Certificate authority This file is for users who wish to get a certificate of their own. -Certificate authorities should read ca.txt. +Certificate authorities should read https://www.openssl.org/docs/apps/ca.html. In all the cases shown below, the standard configuration file, as compiled into openssl, will be used. You may find it in /etc/, -/usr/local/ssl/ or somewhere else. The name is openssl.cnf, and -is better described in another HOWTO <config.txt?>. If you want to -use a different configuration file, use the argument '-config {file}' -with the command shown below. +/usr/local/ssl/ or somewhere else. By default the file is named +openssl.cnf and is described at https://www.openssl.org/docs/apps/config.html. +You can specify a different configuration file using the +'-config {file}' argument with the commands shown below. 2. Relationship with keys @@ -29,24 +29,26 @@ somewhere. With OpenSSL, public keys are easily derived from private keys, so before you create a certificate or a certificate request, you need to create a private key. -Private keys are generated with 'openssl genrsa' if you want a RSA -private key, or 'openssl gendsa' if you want a DSA private key. -Further information on how to create private keys can be found in -another HOWTO <keys.txt?>. The rest of this text assumes you have -a private key in the file privkey.pem. +Private keys are generated with 'openssl genrsa -out privkey.pem' if +you want a RSA private key, or if you want a DSA private key: +'openssl dsaparam -out dsaparam.pem 2048; openssl gendsa -out privkey.pem dsaparam.pem'. + +The private keys created by these commands are not passphrase protected; +it might or might not be the desirable thing. Further information on how to +create private keys can be found at https://www.openssl.org/docs/HOWTO/keys.txt. +The rest of this text assumes you have a private key in the file privkey.pem. 3. Creating a certificate request -To create a certificate, you need to start with a certificate -request (or, as some certificate authorities like to put -it, "certificate signing request", since that's exactly what they do, -they sign it and give you the result back, thus making it authentic -according to their policies). A certificate request can then be sent -to a certificate authority to get it signed into a certificate, or if -you have your own certificate authority, you may sign it yourself, or -if you need a self-signed certificate (because you just want a test -certificate or because you are setting up your own CA). +To create a certificate, you need to start with a certificate request +(or, as some certificate authorities like to put it, "certificate +signing request", since that's exactly what they do, they sign it and +give you the result back, thus making it authentic according to their +policies). A certificate request is sent to a certificate authority +to get it signed into a certificate. You can also sign the certificate +yourself if you have your own certificate authority or create a +self-signed certificate (typically for testing purpose). The certificate request is created like this: @@ -55,12 +57,14 @@ The certificate request is created like this: Now, cert.csr can be sent to the certificate authority, if they can handle files in PEM format. If not, use the extra argument '-outform' followed by the keyword for the format to use (see another HOWTO -<formats.txt?>). In some cases, that isn't sufficient and you will -have to be more creative. +<formats.txt?>). In some cases, -outform does not let you output the +certificate request in the right format and you will have to use one +of the various other commands that are exposed by openssl (or get +creative and use a combination of tools). -When the certificate authority has then done the checks the need to -do (and probably gotten payment from you), they will hand over your -new certificate to you. +The certificate authority performs various checks (according to their +policies) and usually waits for payment from you. Once that is +complete, they send you your new certificate. Section 5 will tell you more on how to handle the certificate you received. @@ -68,11 +72,12 @@ received. 4. Creating a self-signed test certificate -If you don't want to deal with another certificate authority, or just -want to create a test certificate for yourself. This is similar to -creating a certificate request, but creates a certificate instead of -a certificate request. This is NOT the recommended way to create a -CA certificate, see ca.txt. +You can create a self-signed certificate if you don't want to deal +with a certificate authority, or if you just want to create a test +certificate for yourself. This is similar to creating a certificate +request, but creates a certificate instead of a certificate request. +This is NOT the recommended way to create a CA certificate, see +https://www.openssl.org/docs/apps/ca.html. openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 @@ -93,13 +98,13 @@ certificate and your key to various formats, most often also putting them together into one file. The ways to do this is described in another HOWTO <formats.txt?>, I will just mention the simplest case. In the case of a raw DER thing in PEM format, and assuming that's all -right for yor applications, simply concatenating the certificate and +right for your applications, simply concatenating the certificate and the key into a new file and using that one should be enough. With some applications, you don't even have to do that. -By now, you have your cetificate and your private key and can start -using the software that depend on it. +By now, you have your certificate and your private key and can start +using applications that depend on it. -- Richard Levitte diff --git a/openssl/doc/HOWTO/proxy_certificates.txt b/openssl/doc/HOWTO/proxy_certificates.txt index f98ec3607..d78be2f14 100644 --- a/openssl/doc/HOWTO/proxy_certificates.txt +++ b/openssl/doc/HOWTO/proxy_certificates.txt @@ -1,74 +1,69 @@ -<DRAFT!> HOWTO proxy certificates 0. WARNING -NONE OF THE CODE PRESENTED HERE HAVE BEEN CHECKED! They are just an -example to show you how things can be done. There may be typos or -type conflicts, and you will have to resolve them. +NONE OF THE CODE PRESENTED HERE HAS BEEN CHECKED! The code is just examples to +show you how things could be done. There might be typos or type conflicts, and +you will have to resolve them. 1. Introduction -Proxy certificates are defined in RFC 3820. They are really usual -certificates with the mandatory extension proxyCertInfo. +Proxy certificates are defined in RFC 3820. They are really usual certificates +with the mandatory extension proxyCertInfo. -Proxy certificates are issued by an End Entity (typically a user), -either directly with the EE certificate as issuing certificate, or by -extension through an already issued proxy certificate.. They are used -to extend rights to some other entity (a computer process, typically, -or sometimes to the user itself), so it can perform operations in the -name of the owner of the EE certificate. +Proxy certificates are issued by an End Entity (typically a user), either +directly with the EE certificate as issuing certificate, or by extension through +an already issued proxy certificate. Proxy certificates are used to extend +rights to some other entity (a computer process, typically, or sometimes to the +user itself). This allows the entity to perform operations on behalf of the +owner of the EE certificate. See http://www.ietf.org/rfc/rfc3820.txt for more information. 2. A warning about proxy certificates -Noone seems to have tested proxy certificates with security in mind. -Basically, to this date, it seems that proxy certificates have only -been used in a world that's highly aware of them. What would happen -if an unsuspecting application is to validate a chain of certificates -that contains proxy certificates? It would usually consider the leaf -to be the certificate to check for authorisation data, and since proxy -certificates are controlled by the EE certificate owner alone, it's -would be normal to consider what the EE certificate owner could do -with them. +No one seems to have tested proxy certificates with security in mind. To this +date, it seems that proxy certificates have only been used in a context highly +aware of them. -subjectAltName and issuerAltName are forbidden in proxy certificates, -and this is enforced in OpenSSL. The subject must be the same as the -issuer, with one commonName added on. +Existing applications might misbehave when trying to validate a chain of +certificates which use a proxy certificate. They might incorrectly consider the +leaf to be the certificate to check for authorisation data, which is controlled +by the EE certificate owner. -Possible threats are, as far as has been imagined so far: +subjectAltName and issuerAltName are forbidden in proxy certificates, and this +is enforced in OpenSSL. The subject must be the same as the issuer, with one +commonName added on. + +Possible threats we can think of at this time include: - impersonation through commonName (think server certificates). - - use of additional extensions, possibly non-standard ones used in - certain environments, that would grant extra or different - authorisation rights. + - use of additional extensions, possibly non-standard ones used in certain + environments, that would grant extra or different authorisation rights. + +For these reasons, OpenSSL requires that the use of proxy certificates be +explicitly allowed. Currently, this can be done using the following methods: -For this reason, OpenSSL requires that the use of proxy certificates -be explicitely allowed. Currently, this can be done using the -following methods: + - if the application directly calls X509_verify_cert(), it can first call: - - if the application calls X509_verify_cert() itself, it can do the - following prior to that call (ctx is the pointer passed in the call - to X509_verify_cert()): + X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); - X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); + Where ctx is the pointer which then gets passed to X509_verify_cert(). - - in all other cases, proxy certificate validation can be enabled - before starting the application by setting the envirnoment variable - OPENSSL_ALLOW_PROXY_CERTS with some non-empty value. + - proxy certificate validation can be enabled before starting the application + by setting the environment variable OPENSSL_ALLOW_PROXY_CERTS. -There are thoughts to allow proxy certificates with a line in the -default openssl.cnf, but that's still in the future. +In the future, it might be possible to enable proxy certificates by editing +openssl.cnf. -3. How to create proxy cerificates +3. How to create proxy certificates -It's quite easy to create proxy certificates, by taking advantage of -the lack of checks of the 'openssl x509' application (*ahem*). But -first, you need to create a configuration section that contains a -definition of the proxyCertInfo extension, a little like this: +Creating proxy certificates is quite easy, by taking advantage of a lack of +checks in the 'openssl x509' application (*ahem*). You must first create a +configuration section that contains a definition of the proxyCertInfo extension, +for example: [ v3_proxy ] # A proxy certificate MUST NEVER be a CA certificate. @@ -77,10 +72,10 @@ definition of the proxyCertInfo extension, a little like this: # Usual authority key ID authorityKeyIdentifier=keyid,issuer:always - # Now, for the extension that marks this certificate as a proxy one + # The extension which marks this certificate as a proxy proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB -It's also possible to give the proxy extension in a separate section: +It's also possible to specify the proxy extension in a separate section: proxyCertInfo=critical,@proxy_ext @@ -89,96 +84,85 @@ It's also possible to give the proxy extension in a separate section: pathlen=0 policy=text:BC -The policy value has a specific syntax, {syntag}:{string}, where the -syntag determines what will be done with the string. The recognised -syntags are as follows: - - text indicates that the string is simply the bytes, not - encoded in any kind of way: +The policy value has a specific syntax, {syntag}:{string}, where the syntag +determines what will be done with the string. The following syntags are +recognised: - policy=text:räksmörgås + text indicates that the string is simply bytes, without any encoding: - Previous versions of this design had a specific tag - for UTF-8 text. However, since the bytes are copied - as-is anyway, there's no need for it. Instead, use - the text: tag, like this: + policy=text:räksmörgÃ¥s - policy=text:räksmörgÃ¥s + Previous versions of this design had a specific tag for UTF-8 text. + However, since the bytes are copied as-is anyway, there is no need for + such a specific tag. - hex indicates the string is encoded in hex, with colons - between each byte (every second hex digit): + hex indicates the string is encoded in hex, with colons between each byte + (every second hex digit): - policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73 + policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73 - Previous versions of this design had a tag to insert a - complete DER blob. However, the only legal use for - this would be to surround the bytes that would go with - the hex: tag with what's needed to construct a correct - OCTET STRING. Since hex: does that, the DER tag felt - superfluous, and was therefore removed. + Previous versions of this design had a tag to insert a complete DER + blob. However, the only legal use for this would be to surround the + bytes that would go with the hex: tag with whatever is needed to + construct a correct OCTET STRING. The DER tag therefore felt + superfluous, and was removed. - file indicates that the text of the policy should really be - taken from a file. The string is then really a file - name. This is useful for policies that are large - (more than a few of lines) XML documents, for example. + file indicates that the text of the policy should really be taken from a + file. The string is then really a file name. This is useful for + policies that are large (more than a few lines, e.g. XML documents). The 'policy' setting can be split up in multiple lines like this: 0.policy=This is - 1.polisy= a multi- + 1.policy= a multi- 2.policy=line policy. -NOTE: the proxy policy value is the part that determines the rights -granted to the process using the proxy certificate. The value is -completely dependent on the application reading and interpretting it! +NOTE: the proxy policy value is the part which determines the rights granted to +the process using the proxy certificate. The value is completely dependent on +the application reading and interpreting it! -Now that you have created an extension section for your proxy -certificate, you can now easily create a proxy certificate like this: +Now that you have created an extension section for your proxy certificate, you +can easily create a proxy certificate by doing: - openssl req -new -config openssl.cnf \ - -out proxy.req -keyout proxy.key - openssl x509 -req -CAcreateserial -in proxy.req -days 7 \ - -out proxy.crt -CA user.crt -CAkey user.key \ - -extfile openssl.cnf -extensions v3_proxy + openssl req -new -config openssl.cnf -out proxy.req -keyout proxy.key + openssl x509 -req -CAcreateserial -in proxy.req -days 7 -out proxy.crt \ + -CA user.crt -CAkey user.key -extfile openssl.cnf -extensions v3_proxy -It's just as easy to create a proxy certificate using another proxy -certificate as issuer (note that I'm using a different configuration -section for it): +You can also create a proxy certificate using another proxy certificate as +issuer (note: I'm using a different configuration section for it): - openssl req -new -config openssl.cnf \ - -out proxy2.req -keyout proxy2.key - openssl x509 -req -CAcreateserial -in proxy2.req -days 7 \ - -out proxy2.crt -CA proxy.crt -CAkey proxy.key \ - -extfile openssl.cnf -extensions v3_proxy2 + openssl req -new -config openssl.cnf -out proxy2.req -keyout proxy2.key + openssl x509 -req -CAcreateserial -in proxy2.req -days 7 -out proxy2.crt \ + -CA proxy.crt -CAkey proxy.key -extfile openssl.cnf -extensions v3_proxy2 4. How to have your application interpret the policy? -The basic way to interpret proxy policies is to prepare some default -rights, then do a check of the proxy certificate against the a chain -of proxy certificates, user certificate and CA certificates, and see -what rights came out by the end. Sounds easy, huh? It almost is. +The basic way to interpret proxy policies is to start with some default rights, +then compute the resulting rights by checking the proxy certificate against +the chain of proxy certificates, user certificate and CA certificates. You then +use the final computed rights. Sounds easy, huh? It almost is. -The slightly complicated part is how to pass data between your +The slightly complicated part is figuring out how to pass data between your application and the certificate validation procedure. You need the following ingredients: - - a callback routing that will be called for every certificate that's - validated. It will be called several times for each certificates, - so you must be attentive to when it's a good time to do the proxy - policy interpretation and check, as well as to fill in the defaults - when the EE certificate is checked. + - a callback function that will be called for every certificate being + validated. The callback be called several times for each certificate, + so you must be careful to do the proxy policy interpretation at the right + time. You also need to fill in the defaults when the EE certificate is + checked. - - a structure of data that's shared between your application code and - the callback. + - a data structure that is shared between your application code and the + callback. - a wrapper function that sets it all up. - - an ex_data index function that creates an index into the generic - ex_data store that's attached to an X509 validation context. + - an ex_data index function that creates an index into the generic ex_data + store that is attached to an X509 validation context. -This is some cookbook code for you to fill in: +Here is some skeleton code you can fill in: /* In this example, I will use a view of granted rights as a bit array, one bit for each possible right. */ @@ -210,7 +194,7 @@ This is some cookbook code for you to fill in: static int verify_callback(int ok, X509_STORE_CTX *ctx) { if (ok == 1) /* It's REALLY important you keep the proxy policy - check within this secion. It's important to know + check within this section. It's important to know that when ok is 1, the certificates are checked from top to bottom. You get the CA root first, followed by the possible chain of intermediate @@ -221,7 +205,7 @@ This is some cookbook code for you to fill in: if (xs->ex_flags & EXFLAG_PROXY) { - YOUR_RIGHTS *rights = + YOUR_RIGHTS *rights = (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx, get_proxy_auth_ex_data_idx()); PROXY_CERT_INFO_EXTENSION *pci = @@ -250,12 +234,12 @@ This is some cookbook code for you to fill in: bit array and fill it with the rights granted by the current proxy certificate, then use it as a mask on the accumulated rights bit array, and - voilà, you now have a new accumulated rights bit + voilà , you now have a new accumulated rights bit array. */ { int i; YOUR_RIGHTS tmp_rights; - memset(tmp_rights.rights, 0, sizeof(tmp_rights.rights)); + memset(tmp_rights.rights, 0, sizeof(tmp_rights.rights)); /* process_rights() is supposed to be a procedure that takes a string and it's length, interprets @@ -276,7 +260,7 @@ This is some cookbook code for you to fill in: { /* We have a EE certificate, let's use it to set default! */ - YOUR_RIGHTS *rights = + YOUR_RIGHTS *rights = (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx, get_proxy_auth_ex_data_idx()); diff --git a/openssl/doc/apps/c_rehash.pod b/openssl/doc/apps/c_rehash.pod index c564e8631..ccce29e47 100644 --- a/openssl/doc/apps/c_rehash.pod +++ b/openssl/doc/apps/c_rehash.pod @@ -10,13 +10,19 @@ c_rehash - Create symbolic links to files named by the hash values =head1 SYNOPSIS B<c_rehash> +B<[-old]> +B<[-h]> +B<[-n]> +B<[-v]> [ I<directory>...] =head1 DESCRIPTION -B<c_rehash> scans directories and calculates a hash value of each C<.pem> +B<c_rehash> scans directories and calculates a hash value of each +C<.pem>, C<.crt>, C<.cer>, or C<.crl> file in the specified directory list and creates symbolic links for each file, where the name of the link is the hash value. +(If the platform does not support symbolic links, a copy is made.) This utility is useful as many programs that use OpenSSL require directories to be set up like this in order to find certificates. @@ -34,6 +40,7 @@ is a hexadecimal character and B<D> is a single decimal digit. When processing a directory, B<c_rehash> will first remove all links that have a name in that syntax. If you have links in that format used for other purposes, they will be removed. +To skip the removal step, use the B<-n> flag. Hashes for CRL's look similar except the letter B<r> appears after the period, like this: C<HHHHHHHH.rD>. @@ -42,7 +49,7 @@ incrementing the B<D> value. Duplicates are found by comparing the full SHA-1 fingerprint. A warning will be displayed if a duplicate is found. -A warning will also be displayed if there are B<.pem> files that +A warning will also be displayed if there are files that cannot be parsed as either a certificate or a CRL. The program uses the B<openssl> program to compute the hashes and @@ -51,13 +58,39 @@ B<OPENSSL> environment variable to the full pathname. Any program can be used, it will be invoked as follows for either a certificate or CRL: - $OPENSSL x509 -hash -fingerprint -noout -in FFFFFF - $OPENSSL crl -hash -fingerprint -noout -in FFFFFF + $OPENSSL x509 -hash -fingerprint -noout -in FILENAME + $OPENSSL crl -hash -fingerprint -noout -in FILENAME -where B<FFFFFF> is the filename. It must output the hash of the +where B<FILENAME> is the filename. It must output the hash of the file on the first line, and the fingerprint on the second, optionally prefixed with some text and an equals sign. +=head1 OPTIONS + +=over 4 + +=item B<-old> + +Use old-style hashing (MD5, as opposed to SHA-1) for generating +links for releases before 1.0.0. Note that current versions will +not use the old style. + +=item B<-h> + +Display a brief usage message. + +=item B<-n> + +Do not remove existing links. +This is needed when keeping new and old-style links in the same directory. + +=item B<-v> + +Print messages about old links removed and new links created. +By default, B<c_rehash> only lists each directory as it is processed. + +=back + =head1 ENVIRONMENT =over diff --git a/openssl/doc/apps/ciphers.pod b/openssl/doc/apps/ciphers.pod index 6086d0a71..4eeb55be2 100644 --- a/openssl/doc/apps/ciphers.pod +++ b/openssl/doc/apps/ciphers.pod @@ -175,14 +175,14 @@ cipher suites using RSA key exchange. =item B<kDHr>, B<kDHd>, B<kDH> cipher suites using DH key agreement and DH certificates signed by CAs with RSA -and DSS keys or either respectively. Not implemented. +and DSS keys or either respectively. -=item B<kEDH> +=item B<kDHE>, B<kEDH> cipher suites using ephemeral DH key agreement, including anonymous cipher suites. -=item B<EDH> +=item B<DHE>, B<EDH> cipher suites using authenticated ephemeral DH key agreement. @@ -200,12 +200,12 @@ cipher suites using DH, including anonymous DH, ephemeral DH and fixed DH. cipher suites using fixed ECDH key agreement signed by CAs with RSA and ECDSA keys or either respectively. -=item B<kEECDH> +=item B<kECDHE>, B<kEECDH> cipher suites using ephemeral ECDH key agreement, including anonymous cipher suites. -=item B<EECDHE> +=item B<ECDHE>, B<EECDH> cipher suites using authenticated ephemeral ECDH key agreement. @@ -229,7 +229,7 @@ cipher suites using DSS authentication, i.e. the certificates carry DSS keys. =item B<aDH> cipher suites effectively using DH authentication, i.e. the certificates carry -DH keys. Not implemented. +DH keys. =item B<aECDH> @@ -331,6 +331,18 @@ cipher suites using GOST 28147-89 MAC B<instead of> HMAC. cipher suites using pre-shared keys (PSK). +=item B<SUITEB128>, B<SUITEB128ONLY>, B<SUITEB192> + +enables suite B mode operation using 128 (permitting 192 bit mode by peer) +128 bit (not permitting 192 bit by peer) or 192 bit level of security +respectively. If used these cipherstrings should appear first in the cipher +list and anything after them is ignored. Setting Suite B mode has additional +consequences required to comply with RFC6460. In particular the supported +signature algorithms is reduced to support only ECDSA and SHA256 or SHA384, +only the elliptic curves P-256 and P-384 can be used and only the two suite B +compliant ciphersuites (ECDHE-ECDSA-AES128-GCM-SHA256 and +ECDHE-ECDSA-AES256-GCM-SHA384) are permissible. + =back =head1 CIPHER SUITE NAMES @@ -353,12 +365,12 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA - SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented. - SSL_DH_DSS_WITH_DES_CBC_SHA Not implemented. - SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. - SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented. - SSL_DH_RSA_WITH_DES_CBC_SHA Not implemented. - SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. + SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-DH-DSS-DES-CBC-SHA + SSL_DH_DSS_WITH_DES_CBC_SHA DH-DSS-DES-CBC-SHA + SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH-DSS-DES-CBC3-SHA + SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DH-RSA-DES-CBC-SHA + SSL_DH_RSA_WITH_DES_CBC_SHA DH-RSA-DES-CBC-SHA + SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH-RSA-DES-CBC3-SHA SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA SSL_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA @@ -413,10 +425,10 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA - TLS_DH_DSS_WITH_AES_128_CBC_SHA Not implemented. - TLS_DH_DSS_WITH_AES_256_CBC_SHA Not implemented. - TLS_DH_RSA_WITH_AES_128_CBC_SHA Not implemented. - TLS_DH_RSA_WITH_AES_256_CBC_SHA Not implemented. + TLS_DH_DSS_WITH_AES_128_CBC_SHA DH-DSS-AES128-SHA + TLS_DH_DSS_WITH_AES_256_CBC_SHA DH-DSS-AES256-SHA + TLS_DH_RSA_WITH_AES_128_CBC_SHA DH-RSA-AES128-SHA + TLS_DH_RSA_WITH_AES_256_CBC_SHA DH-RSA-AES256-SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA @@ -431,10 +443,10 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA - TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA Not implemented. - TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA Not implemented. - TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA Not implemented. - TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA Not implemented. + TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA DH-DSS-CAMELLIA128-SHA + TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA DH-DSS-CAMELLIA256-SHA + TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA DH-RSA-CAMELLIA128-SHA + TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA DH-RSA-CAMELLIA256-SHA TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE-DSS-CAMELLIA128-SHA TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE-DSS-CAMELLIA256-SHA @@ -448,8 +460,8 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. TLS_RSA_WITH_SEED_CBC_SHA SEED-SHA - TLS_DH_DSS_WITH_SEED_CBC_SHA Not implemented. - TLS_DH_RSA_WITH_SEED_CBC_SHA Not implemented. + TLS_DH_DSS_WITH_SEED_CBC_SHA DH-DSS-SEED-SHA + TLS_DH_RSA_WITH_SEED_CBC_SHA DH-RSA-SEED-SHA TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE-DSS-SEED-SHA TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE-RSA-SEED-SHA @@ -517,15 +529,15 @@ Note: these ciphers can also be used in SSL v3. TLS_RSA_WITH_AES_128_GCM_SHA256 AES128-GCM-SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 AES256-GCM-SHA384 - TLS_DH_RSA_WITH_AES_128_CBC_SHA256 Not implemented. - TLS_DH_RSA_WITH_AES_256_CBC_SHA256 Not implemented. - TLS_DH_RSA_WITH_AES_128_GCM_SHA256 Not implemented. - TLS_DH_RSA_WITH_AES_256_GCM_SHA384 Not implemented. + TLS_DH_RSA_WITH_AES_128_CBC_SHA256 DH-RSA-AES128-SHA256 + TLS_DH_RSA_WITH_AES_256_CBC_SHA256 DH-RSA-AES256-SHA256 + TLS_DH_RSA_WITH_AES_128_GCM_SHA256 DH-RSA-AES128-GCM-SHA256 + TLS_DH_RSA_WITH_AES_256_GCM_SHA384 DH-RSA-AES256-GCM-SHA384 - TLS_DH_DSS_WITH_AES_128_CBC_SHA256 Not implemented. - TLS_DH_DSS_WITH_AES_256_CBC_SHA256 Not implemented. - TLS_DH_DSS_WITH_AES_128_GCM_SHA256 Not implemented. - TLS_DH_DSS_WITH_AES_256_GCM_SHA384 Not implemented. + TLS_DH_DSS_WITH_AES_128_CBC_SHA256 DH-DSS-AES128-SHA256 + TLS_DH_DSS_WITH_AES_256_CBC_SHA256 DH-DSS-AES256-SHA256 + TLS_DH_DSS_WITH_AES_128_GCM_SHA256 DH-DSS-AES128-GCM-SHA256 + TLS_DH_DSS_WITH_AES_256_GCM_SHA384 DH-DSS-AES256-GCM-SHA384 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE-RSA-AES128-SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE-RSA-AES256-SHA256 @@ -581,9 +593,6 @@ Note: these ciphers can also be used in SSL v3. =head1 NOTES -The non-ephemeral DH modes are currently unimplemented in OpenSSL -because there is no support for DH certificates. - Some compiled versions of OpenSSL may not include all the ciphers listed here because some ciphers were excluded at compile time. diff --git a/openssl/doc/apps/cms.pod b/openssl/doc/apps/cms.pod index 75b698834..76dbf2ca3 100644 --- a/openssl/doc/apps/cms.pod +++ b/openssl/doc/apps/cms.pod @@ -57,6 +57,7 @@ B<openssl> B<cms> [B<-secretkeyid id>] [B<-econtent_type type>] [B<-inkey file>] +[B<-keyopt name:parameter>] [B<-passin arg>] [B<-rand file(s)>] [B<cert.pem...>] @@ -321,8 +322,13 @@ verification was successful. =item B<-recip file> -the recipients certificate when decrypting a message. This certificate -must match one of the recipients of the message or an error occurs. +when decrypting a message this specifies the recipients certificate. The +certificate must match one of the recipients of the message or an error +occurs. + +When encrypting a message this option may be used multiple times to specify +each recipient. This form B<must> be used if customised parameters are +required (for example to specify RSA-OAEP). =item B<-keyid> @@ -381,6 +387,13 @@ private key must be included in the certificate file specified with the B<-recip> or B<-signer> file. When signing this option can be used multiple times to specify successive keys. +=item B<-keyopt name:opt> + +for signing and encryption this option can be used multiple times to +set customised parameters for the preceding key or certificate. It can +currently be used to set RSA-PSS for signing, RSA-OAEP for encryption +or to modify default parameters for ECDH. + =item B<-passin arg> the private key password source. For more information about the format of B<arg> @@ -508,6 +521,10 @@ The B<-compress> option. The B<-secretkey> option when used with B<-encrypt>. +The use of PSS with B<-sign>. + +The use of OAEP or non-RSA keys with B<-encrypt>. + Additionally the B<-EncryptedData_create> and B<-data_create> type cannot be processed by the older B<smime> command. @@ -588,6 +605,21 @@ Add a signer to an existing message: openssl cms -resign -in mail.msg -signer newsign.pem -out mail2.msg +Sign mail using RSA-PSS: + + openssl cms -sign -in message.txt -text -out mail.msg \ + -signer mycert.pem -keyopt rsa_padding_mode:pss + +Create encrypted mail using RSA-OAEP: + + openssl cms -encrypt -in plain.txt -out mail.msg \ + -recip cert.pem -keyopt rsa_padding_mode:oaep + +Use SHA256 KDF with an ECDH certificate: + + openssl cms -encrypt -in plain.txt -out mail.msg \ + -recip ecdhcert.pem -keyopt ecdh_kdf_md:sha256 + =head1 BUGS The MIME parser isn't very clever: it seems to handle most messages that I've @@ -613,5 +645,14 @@ No revocation checking is done on the signer's certificate. The use of multiple B<-signer> options and the B<-resign> command were first added in OpenSSL 1.0.0 +The B<keyopt> option was first added in OpenSSL 1.1.0 + +The use of B<-recip> to specify the recipient when encrypting mail was first +added to OpenSSL 1.1.0 + +Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0. + +The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added +to OpenSSL 1.1.0. =cut diff --git a/openssl/doc/apps/dgst.pod b/openssl/doc/apps/dgst.pod index 2414c5337..9e15798d8 100644 --- a/openssl/doc/apps/dgst.pod +++ b/openssl/doc/apps/dgst.pod @@ -13,6 +13,8 @@ B<openssl> B<dgst> [B<-hex>] [B<-binary>] [B<-r>] +[B<-hmac arg>] +[B<-non-fips-allow>] [B<-out filename>] [B<-sign filename>] [B<-keyform arg>] @@ -62,6 +64,15 @@ output the digest or signature in binary form. output the digest in the "coreutils" format used by programs like B<sha1sum>. +=item B<-hmac arg> + +set the HMAC key to "arg". + +=item B<-non-fips-allow> + +Allow use of non FIPS digest when in FIPS mode. This has no effect when not in +FIPS mode. + =item B<-out filename> filename to output to, or standard output by default. diff --git a/openssl/doc/apps/genpkey.pod b/openssl/doc/apps/genpkey.pod index c74d097fb..929edcd26 100644 --- a/openssl/doc/apps/genpkey.pod +++ b/openssl/doc/apps/genpkey.pod @@ -128,6 +128,15 @@ The number of bits in the prime parameter B<p>. The value to use for the generator B<g>. +=item B<dh_rfc5114:num> + +If this option is set then the appropriate RFC5114 parameters are used +instead of generating new parameters. The value B<num> can take the +values 1, 2 or 3 corresponding to RFC5114 DH parameters consisting of +1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup +and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections +2.1, 2.2 and 2.3 respectively. + =back =head1 EC PARAMETER GENERATION OPTIONS @@ -206,6 +215,10 @@ Generate 1024 bit DH parameters: openssl genpkey -genparam -algorithm DH -out dhp.pem \ -pkeyopt dh_paramgen_prime_len:1024 +Output RFC5114 2048 bit DH parameters with 224 bit subgroup: + + openssl genpkey -genparam -algorithm DH -out dhp.pem -pkeyopt dh_rfc5114:2 + Generate DH key from parameters: openssl genpkey -paramfile dhp.pem -out dhkey.pem diff --git a/openssl/doc/apps/ocsp.pod b/openssl/doc/apps/ocsp.pod index af2e12e41..38f026afc 100644 --- a/openssl/doc/apps/ocsp.pod +++ b/openssl/doc/apps/ocsp.pod @@ -133,6 +133,10 @@ if the B<host> option is present then the OCSP request is sent to the host B<hostname> on port B<port>. B<path> specifies the HTTP path name to use or "/" by default. +=item B<-timeout seconds> + +connection timeout to the OCSP responder in seconds + =item B<-CAfile file>, B<-CApath pathname> file or pathname containing trusted CA certificates. These are used to verify diff --git a/openssl/doc/apps/pkcs8.pod b/openssl/doc/apps/pkcs8.pod index 84abee78f..6901f1f3f 100644 --- a/openssl/doc/apps/pkcs8.pod +++ b/openssl/doc/apps/pkcs8.pod @@ -20,6 +20,7 @@ B<openssl> B<pkcs8> [B<-embed>] [B<-nsdb>] [B<-v2 alg>] +[B<-v2prf alg>] [B<-v1 alg>] [B<-engine id>] @@ -118,6 +119,12 @@ private keys with OpenSSL then this doesn't matter. The B<alg> argument is the encryption algorithm to use, valid values include B<des>, B<des3> and B<rc2>. It is recommended that B<des3> is used. +=item B<-v2prf alg> + +This option sets the PRF algorithm to use with PKCS#5 v2.0. A typical value +values would be B<hmacWithSHA256>. If this option isn't set then the default +for the cipher is used or B<hmacWithSHA1> if there is no default. + =item B<-v1 alg> This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete @@ -195,6 +202,11 @@ DES: openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem +Convert a private from traditional to PKCS#5 v2.0 format using AES with +256 bits in CBC mode and B<hmacWithSHA256> PRF: + + openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA256 -out enckey.pem + Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm (DES): diff --git a/openssl/doc/apps/req.pod b/openssl/doc/apps/req.pod index 0730d117b..df68cb092 100644 --- a/openssl/doc/apps/req.pod +++ b/openssl/doc/apps/req.pod @@ -235,8 +235,8 @@ this option outputs a self signed certificate instead of a certificate request. This is typically used to generate a test certificate or a self signed root CA. The extensions added to the certificate (if any) are specified in the configuration file. Unless specified -using the B<set_serial> option B<0> will be used for the serial -number. +using the B<set_serial> option, a large random number will be used for +the serial number. =item B<-days n> diff --git a/openssl/doc/apps/s_client.pod b/openssl/doc/apps/s_client.pod index b021c730c..aad59b181 100644 --- a/openssl/doc/apps/s_client.pod +++ b/openssl/doc/apps/s_client.pod @@ -37,6 +37,9 @@ B<openssl> B<s_client> [B<-no_ssl2>] [B<-no_ssl3>] [B<-no_tls1>] +[B<-no_tls1_1>] +[B<-no_tls1_2>] +[B<-fallback_scsv>] [B<-bugs>] [B<-cipher cipherlist>] [B<-serverpref>] @@ -47,6 +50,7 @@ B<openssl> B<s_client> [B<-sess_out filename>] [B<-sess_in filename>] [B<-rand file(s)>] +[B<-serverinfo types>] [B<-status>] [B<-nextprotoneg protocols>] @@ -196,16 +200,19 @@ Use the PSK key B<key> when using a PSK cipher suite. The key is given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. -=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> +=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> these options disable the use of certain SSL or TLS protocols. By default the initial handshake uses a method which should be compatible with all servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. -Unfortunately there are a lot of ancient and broken servers in use which +Unfortunately there are still ancient and broken servers in use which cannot handle this technique and will fail to connect. Some servers only -work if TLS is turned off with the B<-no_tls> option others will only -support SSL v2 and may need the B<-ssl2> option. +work if TLS is turned off. + +=item B<-fallback_scsv> + +Send TLS_FALLBACK_SCSV in the ClientHello. =item B<-bugs> @@ -261,6 +268,13 @@ Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item B<-serverinfo types> + +a list of comma-separated TLS Extension Types (numbers between 0 and +65535). Each type will be sent as an empty ClientHello TLS Extension. +The server's response (if any) will be encoded and displayed as a PEM +file. + =item B<-status> sends a certificate status request to the server (OCSP stapling). The server diff --git a/openssl/doc/apps/s_server.pod b/openssl/doc/apps/s_server.pod index 2105b603b..b37f410fb 100644 --- a/openssl/doc/apps/s_server.pod +++ b/openssl/doc/apps/s_server.pod @@ -45,7 +45,6 @@ B<openssl> B<s_server> [B<-no_ssl3>] [B<-no_tls1>] [B<-no_dhe>] -[B<-no_ecdhe>] [B<-bugs>] [B<-hack>] [B<-www>] @@ -56,6 +55,8 @@ B<openssl> B<s_server> [B<-no_ticket>] [B<-id_prefix arg>] [B<-rand file(s)>] +[B<-serverinfo file>] +[B<-no_resumption_on_reneg>] [B<-status>] [B<-status_verbose>] [B<-status_timeout nsec>] @@ -138,11 +139,6 @@ a static set of parameters hard coded into the s_server program will be used. if this option is set then no DH parameters will be loaded effectively disabling the ephemeral DH cipher suites. -=item B<-no_ecdhe> - -if this option is set then no ECDH parameters will be loaded effectively -disabling the ephemeral ECDH cipher suites. - =item B<-no_tmp_rsa> certain export cipher suites sometimes use a temporary RSA key, this option @@ -295,6 +291,18 @@ Multiple files can be specified separated by a OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. +=item B<-serverinfo file> + +a file containing one or more blocks of PEM data. Each PEM block +must encode a TLS ServerHello extension (2 bytes type, 2 bytes length, +followed by "length" bytes of extension data). If the client sends +an empty TLS ClientHello extension matching the type, the corresponding +ServerHello extension will be returned. + +=item B<-no_resumption_on_reneg> + +set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. + =item B<-status> enables certificate status request support (aka OCSP stapling). diff --git a/openssl/doc/apps/verify.pod b/openssl/doc/apps/verify.pod index 0c8e4926c..df0153435 100644 --- a/openssl/doc/apps/verify.pod +++ b/openssl/doc/apps/verify.pod @@ -12,6 +12,9 @@ B<openssl> B<verify> [B<-purpose purpose>] [B<-policy arg>] [B<-ignore_critical>] +[B<-attime timestamp>] +[B<-check_ss_sig>] +[B<-crlfile file>] [B<-crl_check>] [B<-crl_check_all>] [B<-policy_check>] @@ -25,7 +28,6 @@ B<openssl> B<verify> [B<-untrusted file>] [B<-help>] [B<-issuer_checks>] -[B<-attime timestamp>] [B<-verbose>] [B<->] [certificates] @@ -51,6 +53,26 @@ create symbolic links to a directory of certificates. A file of trusted certificates. The file should contain multiple certificates in PEM format concatenated together. +=item B<-attime timestamp> + +Perform validation checks using time specified by B<timestamp> and not +current system time. B<timestamp> is the number of seconds since +01.01.1970 (UNIX time). + +=item B<-check_ss_sig> + +Verify the signature on the self-signed root CA. This is disabled by default +because it doesn't add any security. + +=item B<-crlfile file> + +File containing one or more CRL's (in PEM format) to load. + +=item B<-crl_check> + +Checks end entity certificate validity by attempting to look up a valid CRL. +If a valid CRL cannot be found an error occurs. + =item B<-untrusted file> A file of untrusted certificates. The file should contain multiple certificates @@ -80,12 +102,6 @@ rejected. The presence of rejection messages does not itself imply that anything is wrong; during the normal verification process, several rejections may take place. -=item B<-attime timestamp> - -Perform validation checks using time specified by B<timestamp> and not -current system time. B<timestamp> is the number of seconds since -01.01.1970 (UNIX time). - =item B<-policy arg> Enable policy processing and add B<arg> to the user-initial-policy-set (see diff --git a/openssl/doc/apps/x509.pod b/openssl/doc/apps/x509.pod index 6109389e0..a1326edee 100644 --- a/openssl/doc/apps/x509.pod +++ b/openssl/doc/apps/x509.pod @@ -51,6 +51,7 @@ B<openssl> B<x509> [B<-CAkey filename>] [B<-CAcreateserial>] [B<-CAserial filename>] +[B<-force_pubkey key>] [B<-text>] [B<-certopt option>] [B<-C>] @@ -418,6 +419,15 @@ specified then the extensions should either be contained in the unnamed L<x509v3_config(5)|x509v3_config(5)> manual page for details of the extension section format. +=item B<-force_pubkey key> + +when a certificate is created set its public key to B<key> instead of the +key in the certificate or certificate request. This option is useful for +creating certificates where the algorithm can't normally sign requests, for +example DH. + +The format or B<key> can be specified using the B<-keyform> option. + =back =head2 NAME OPTIONS diff --git a/openssl/doc/crypto/ASN1_STRING_length.pod b/openssl/doc/crypto/ASN1_STRING_length.pod index a08e9a0fa..f651e4f2a 100644 --- a/openssl/doc/crypto/ASN1_STRING_length.pod +++ b/openssl/doc/crypto/ASN1_STRING_length.pod @@ -3,7 +3,7 @@ =head1 NAME ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, -ASN1_STRING_length_set, ASN1_STRING_type, ASN1_STRING_data - +ASN1_STRING_length_set, ASN1_STRING_type, ASN1_STRING_data, ASN1_STRING_to_UTF8 - ASN1_STRING utility functions =head1 SYNOPSIS diff --git a/openssl/doc/crypto/ASN1_STRING_print_ex.pod b/openssl/doc/crypto/ASN1_STRING_print_ex.pod index 3891b8879..19c82ff1e 100644 --- a/openssl/doc/crypto/ASN1_STRING_print_ex.pod +++ b/openssl/doc/crypto/ASN1_STRING_print_ex.pod @@ -2,7 +2,7 @@ =head1 NAME -ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp - ASN1_STRING output routines. +ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp, ASN1_STRING_print - ASN1_STRING output routines. =head1 SYNOPSIS diff --git a/openssl/doc/crypto/BIO_f_ssl.pod b/openssl/doc/crypto/BIO_f_ssl.pod index bc5861ab3..a9f23f1dd 100644 --- a/openssl/doc/crypto/BIO_f_ssl.pod +++ b/openssl/doc/crypto/BIO_f_ssl.pod @@ -108,7 +108,7 @@ SSL BIOs are exceptional in that if the underlying transport is non blocking they can still request a retry in exceptional circumstances. Specifically this will happen if a session renegotiation takes place during a BIO_read() operation, one -case where this happens is when SGC or step up occurs. +case where this happens is when step up occurs. In OpenSSL 0.9.6 and later the SSL flag SSL_AUTO_RETRY can be set to disable this behaviour. That is when this flag is set diff --git a/openssl/doc/crypto/BIO_find_type.pod b/openssl/doc/crypto/BIO_find_type.pod index bd3b25619..259520032 100644 --- a/openssl/doc/crypto/BIO_find_type.pod +++ b/openssl/doc/crypto/BIO_find_type.pod @@ -2,7 +2,7 @@ =head1 NAME -BIO_find_type, BIO_next - BIO chain traversal +BIO_find_type, BIO_next, BIO_method_type - BIO chain traversal =head1 SYNOPSIS diff --git a/openssl/doc/crypto/BIO_s_accept.pod b/openssl/doc/crypto/BIO_s_accept.pod index b80b6ae48..560c1128e 100644 --- a/openssl/doc/crypto/BIO_s_accept.pod +++ b/openssl/doc/crypto/BIO_s_accept.pod @@ -2,7 +2,7 @@ =head1 NAME -BIO_s_accept, BIO_set_accept_port, BIO_get_accept_port, +BIO_s_accept, BIO_set_accept_port, BIO_get_accept_port, BIO_new_accept, BIO_set_nbio_accept, BIO_set_accept_bios, BIO_set_bind_mode, BIO_get_bind_mode, BIO_do_accept - accept BIO diff --git a/openssl/doc/crypto/BIO_s_connect.pod b/openssl/doc/crypto/BIO_s_connect.pod index bcf7d8dca..18ece4c91 100644 --- a/openssl/doc/crypto/BIO_s_connect.pod +++ b/openssl/doc/crypto/BIO_s_connect.pod @@ -2,7 +2,7 @@ =head1 NAME -BIO_s_connect, BIO_set_conn_hostname, BIO_set_conn_port, +BIO_s_connect, BIO_new_connect, BIO_set_conn_hostname, BIO_set_conn_port, BIO_set_conn_ip, BIO_set_conn_int_port, BIO_get_conn_hostname, BIO_get_conn_port, BIO_get_conn_ip, BIO_get_conn_int_port, BIO_set_nbio, BIO_do_connect - connect BIO diff --git a/openssl/doc/crypto/BN_BLINDING_new.pod b/openssl/doc/crypto/BN_BLINDING_new.pod index da06e4446..06d7ea20a 100644 --- a/openssl/doc/crypto/BN_BLINDING_new.pod +++ b/openssl/doc/crypto/BN_BLINDING_new.pod @@ -4,7 +4,7 @@ BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert, BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex, -BN_BLINDING_get_thread_id, BN_BLINDING_set_thread_id, BN_BLINDING_get_flags, +BN_BLINDING_get_thread_id, BN_BLINDING_set_thread_id, BN_BLINDING_thread_id, BN_BLINDING_get_flags, BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM functions. @@ -84,7 +84,7 @@ or NULL in case of an error. BN_BLINDING_update(), BN_BLINDING_convert(), BN_BLINDING_invert(), BN_BLINDING_convert_ex() and BN_BLINDING_invert_ex() return 1 on -success and 0 if an error occured. +success and 0 if an error occurred. BN_BLINDING_thread_id() returns a pointer to the thread id object within a B<BN_BLINDING> object. diff --git a/openssl/doc/crypto/BN_CTX_new.pod b/openssl/doc/crypto/BN_CTX_new.pod index ad8d07db8..bbedbb177 100644 --- a/openssl/doc/crypto/BN_CTX_new.pod +++ b/openssl/doc/crypto/BN_CTX_new.pod @@ -10,9 +10,12 @@ BN_CTX_new, BN_CTX_init, BN_CTX_free - allocate and free BN_CTX structures BN_CTX *BN_CTX_new(void); + void BN_CTX_free(BN_CTX *c); + +Deprecated: + void BN_CTX_init(BN_CTX *c); - void BN_CTX_free(BN_CTX *c); =head1 DESCRIPTION @@ -22,8 +25,7 @@ is rather expensive when used in conjunction with repeated subroutine calls, the B<BN_CTX> structure is used. BN_CTX_new() allocates and initializes a B<BN_CTX> -structure. BN_CTX_init() initializes an existing uninitialized -B<BN_CTX>. +structure. BN_CTX_free() frees the components of the B<BN_CTX>, and if it was created by BN_CTX_new(), also the structure itself. @@ -31,6 +33,8 @@ If L<BN_CTX_start(3)|BN_CTX_start(3)> has been used on the B<BN_CTX>, L<BN_CTX_end(3)|BN_CTX_end(3)> must be called before the B<BN_CTX> may be freed by BN_CTX_free(). +BN_CTX_init() (deprecated) initializes an existing uninitialized B<BN_CTX>. +This should not be used for new programs. Use BN_CTX_new() instead. =head1 RETURN VALUES diff --git a/openssl/doc/crypto/BN_generate_prime.pod b/openssl/doc/crypto/BN_generate_prime.pod index 7dccacbc1..bf1b5308a 100644 --- a/openssl/doc/crypto/BN_generate_prime.pod +++ b/openssl/doc/crypto/BN_generate_prime.pod @@ -2,12 +2,31 @@ =head1 NAME -BN_generate_prime, BN_is_prime, BN_is_prime_fasttest - generate primes and test for primality +BN_generate_prime_ex, BN_is_prime_ex, BN_is_prime_fasttest_ex, BN_GENCB_call, +BN_GENCB_set_old, BN_GENCB_set, BN_generate_prime, BN_is_prime, +BN_is_prime_fasttest - generate primes and test for primality =head1 SYNOPSIS #include <openssl/bn.h> + int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add, + const BIGNUM *rem, BN_GENCB *cb); + + int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb); + + int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, + int do_trial_division, BN_GENCB *cb); + + int BN_GENCB_call(BN_GENCB *cb, int a, int b); + + #define BN_GENCB_set_old(gencb, callback, cb_arg) ... + + #define BN_GENCB_set(gencb, callback, cb_arg) ... + + +Deprecated: + BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add, BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg); @@ -20,27 +39,27 @@ BN_generate_prime, BN_is_prime, BN_is_prime_fasttest - generate primes and test =head1 DESCRIPTION -BN_generate_prime() generates a pseudo-random prime number of B<num> -bits. +BN_generate_prime_ex() generates a pseudo-random prime number of +bit length B<bits>. If B<ret> is not B<NULL>, it will be used to store the number. -If B<callback> is not B<NULL>, it is called as follows: +If B<cb> is not B<NULL>, it is used as follows: =over 4 =item * -B<callback(0, i, cb_arg)> is called after generating the i-th +B<BN_GENCB_call(cb, 0, i)> is called after generating the i-th potential prime number. =item * -While the number is being tested for primality, B<callback(1, j, -cb_arg)> is called as described below. +While the number is being tested for primality, +B<BN_GENCB_call(cb, 1, j)> is called as described below. =item * -When a prime has been found, B<callback(2, i, cb_arg)> is called. +When a prime has been found, B<BN_GENCB_call(cb, 2, i)> is called. =back @@ -54,38 +73,67 @@ generator. If B<safe> is true, it will be a safe prime (i.e. a prime p so that (p-1)/2 is also prime). -The PRNG must be seeded prior to calling BN_generate_prime(). +The PRNG must be seeded prior to calling BN_generate_prime_ex(). The prime number generation has a negligible error probability. -BN_is_prime() and BN_is_prime_fasttest() test if the number B<a> is +BN_is_prime_ex() and BN_is_prime_fasttest_ex() test if the number B<p> is prime. The following tests are performed until one of them shows that -B<a> is composite; if B<a> passes all these tests, it is considered +B<p> is composite; if B<p> passes all these tests, it is considered prime. -BN_is_prime_fasttest(), when called with B<do_trial_division == 1>, +BN_is_prime_fasttest_ex(), when called with B<do_trial_division == 1>, first attempts trial division by a number of small primes; -if no divisors are found by this test and B<callback> is not B<NULL>, -B<callback(1, -1, cb_arg)> is called. +if no divisors are found by this test and B<cb> is not B<NULL>, +B<BN_GENCB_call(cb, 1, -1)> is called. If B<do_trial_division == 0>, this test is skipped. -Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin -probabilistic primality test with B<checks> iterations. If -B<checks == BN_prime_checks>, a number of iterations is used that +Both BN_is_prime_ex() and BN_is_prime_fasttest_ex() perform a Miller-Rabin +probabilistic primality test with B<nchecks> iterations. If +B<nchecks == BN_prime_checks>, a number of iterations is used that yields a false positive rate of at most 2^-80 for random input. -If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called +If B<cb> is not B<NULL>, B<BN_GENCB_call(cb, 1, j)> is called after the j-th iteration (j = 0, 1, ...). B<ctx> is a pre-allocated B<BN_CTX> (to save the overhead of allocating and freeing the structure in a loop), or B<NULL>. +BN_GENCB_call calls the callback function held in the B<BN_GENCB> structure +and passes the ints B<a> and B<b> as arguments. There are two types of +B<BN_GENCB> structure that are supported: "new" style and "old" style. New +programs should prefer the "new" style, whilst the "old" style is provided +for backwards compatibility purposes. + +For "new" style callbacks a BN_GENCB structure should be initialised with a +call to BN_GENCB_set, where B<gencb> is a B<BN_GENCB *>, B<callback> is of +type B<int (*callback)(int, int, BN_GENCB *)> and B<cb_arg> is a B<void *>. +"Old" style callbacks are the same except they are initialised with a call +to BN_GENCB_set_old and B<callback> is of type +B<void (*callback)(int, int, void *)>. + +A callback is invoked through a call to B<BN_GENCB_call>. This will check +the type of the callback and will invoke B<callback(a, b, gencb)> for new +style callbacks or B<callback(a, b, cb_arg)> for old style. + +BN_generate_prime (deprecated) works in the same way as +BN_generate_prime_ex but expects an old style callback function +directly in the B<callback> parameter, and an argument to pass to it in +the B<cb_arg>. Similarly BN_is_prime and BN_is_prime_fasttest are +deprecated and can be compared to BN_is_prime_ex and +BN_is_prime_fasttest_ex respectively. + =head1 RETURN VALUES -BN_generate_prime() returns the prime number on success, B<NULL> otherwise. +BN_generate_prime_ex() return 1 on success or 0 on error. -BN_is_prime() returns 0 if the number is composite, 1 if it is -prime with an error probability of less than 0.25^B<checks>, and +BN_is_prime_ex(), BN_is_prime_fasttest_ex(), BN_is_prime() and +BN_is_prime_fasttest() return 0 if the number is composite, 1 if it is +prime with an error probability of less than 0.25^B<nchecks>, and -1 on error. +BN_generate_prime() returns the prime number on success, B<NULL> otherwise. + +Callback functions should return 1 on success or 0 on error. + The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. =head1 SEE ALSO diff --git a/openssl/doc/crypto/BN_rand.pod b/openssl/doc/crypto/BN_rand.pod index 81f93c2eb..d6b975ccf 100644 --- a/openssl/doc/crypto/BN_rand.pod +++ b/openssl/doc/crypto/BN_rand.pod @@ -2,7 +2,7 @@ =head1 NAME -BN_rand, BN_pseudo_rand - generate pseudo-random number +BN_rand, BN_pseudo_rand, BN_rand_range, BN_pseudo_rand_range - generate pseudo-random number =head1 SYNOPSIS diff --git a/openssl/doc/crypto/CMS_add0_cert.pod b/openssl/doc/crypto/CMS_add0_cert.pod index 9c13f488f..8678ca18a 100644 --- a/openssl/doc/crypto/CMS_add0_cert.pod +++ b/openssl/doc/crypto/CMS_add0_cert.pod @@ -2,7 +2,7 @@ =head1 NAME - CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_get1_crls, - CMS certificate and CRL utility functions +CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_get1_crls, - CMS certificate and CRL utility functions =head1 SYNOPSIS diff --git a/openssl/doc/crypto/CMS_get0_RecipientInfos.pod b/openssl/doc/crypto/CMS_get0_RecipientInfos.pod index e0355423e..fe49772a8 100644 --- a/openssl/doc/crypto/CMS_get0_RecipientInfos.pod +++ b/openssl/doc/crypto/CMS_get0_RecipientInfos.pod @@ -2,7 +2,7 @@ =head1 NAME - CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_signer_id,CMS_RecipientInfo_ktri_cert_cmp, CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, CMS_RecipientInfo_decrypt - CMS envelopedData RecipientInfo routines +CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_RecipientInfo_ktri_get0_signer_id,CMS_RecipientInfo_ktri_cert_cmp, CMS_RecipientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, CMS_RecipientInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, CMS_RecipientInfo_decrypt, CMS_RecipientInfo_encrypt - CMS envelopedData RecipientInfo routines =head1 SYNOPSIS @@ -20,6 +20,7 @@ int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key, size_t keylen); int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); + int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); =head1 DESCRIPTION @@ -66,6 +67,11 @@ CMS_RecipientInfo_decrypt() attempts to decrypt CMS_RecipientInfo structure B<ri> in structure B<cms>. A key must have been associated with the structure first. +CMS_RecipientInfo_encrypt() attempts to encrypt CMS_RecipientInfo structure +B<ri> in structure B<cms>. A key must have been associated with the structure +first and the content encryption key must be available: for example by a +previous call to CMS_RecipientInfo_decrypt(). + =head1 NOTES The main purpose of these functions is to enable an application to lookup @@ -81,6 +87,13 @@ any appropriate means it can then associated with the structure and CMS_RecpientInfo_decrypt() called. If successful CMS_decrypt() can be called with a NULL key to decrypt the enveloped content. +The CMS_RecipientInfo_encrypt() can be used to add a new recipient to an +existing enveloped data structure. Typically an application will first decrypt +an appropriate CMS_RecipientInfo structure to make the content encrypt key +available, it will then add a new recipient using a function such as +CMS_add1_recipient_cert() and finally encrypt the content encryption key +using CMS_RecipientInfo_encrypt(). + =head1 RETURN VALUES CMS_get0_RecipientInfos() returns all CMS_RecipientInfo structures, or NULL if @@ -89,6 +102,7 @@ an error occurs. CMS_RecipientInfo_ktri_get0_signer_id(), CMS_RecipientInfo_set0_pkey(), CMS_RecipientInfo_kekri_get0_id(), CMS_RecipientInfo_set0_key() and CMS_RecipientInfo_decrypt() return 1 for success or 0 if an error occurs. +CMS_RecipientInfo_encrypt() return 1 for success or 0 if an error occurs. CMS_RecipientInfo_ktri_cert_cmp() and CMS_RecipientInfo_kekri_cmp() return 0 for a successful comparison and non zero otherwise. diff --git a/openssl/doc/crypto/CMS_get0_SignerInfos.pod b/openssl/doc/crypto/CMS_get0_SignerInfos.pod index 47f6d2a04..b46c0e07a 100644 --- a/openssl/doc/crypto/CMS_get0_SignerInfos.pod +++ b/openssl/doc/crypto/CMS_get0_SignerInfos.pod @@ -2,7 +2,7 @@ =head1 NAME - CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_cert_cmp, CMS_set1_signer_certs - CMS signedData signer functions. +CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp, CMS_set1_signer_cert - CMS signedData signer functions. =head1 SYNOPSIS @@ -11,6 +11,7 @@ STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno); + ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); @@ -24,6 +25,11 @@ associated with a specific CMS_SignerInfo structure B<si>. Either the keyidentifier will be set in B<keyid> or B<both> issuer name and serial number in B<issuer> and B<sno>. +CMS_SignerInfo_get0_signature() retrieves the signature associated with +B<si> in a pointer to an ASN1_OCTET_STRING structure. This pointer returned +corresponds to the internal signature value if B<si> so it may be read or +modified. + CMS_SignerInfo_cert_cmp() compares the certificate B<cert> against the signer identifier B<si>. It returns zero if the comparison is successful and non zero if not. diff --git a/openssl/doc/crypto/CMS_verify.pod b/openssl/doc/crypto/CMS_verify.pod index 8f26fdab0..7a2c1ee25 100644 --- a/openssl/doc/crypto/CMS_verify.pod +++ b/openssl/doc/crypto/CMS_verify.pod @@ -2,7 +2,7 @@ =head1 NAME - CMS_verify - verify a CMS SignedData structure +CMS_verify, CMS_get0_signers - verify a CMS SignedData structure =head1 SYNOPSIS diff --git a/openssl/doc/crypto/DH_generate_parameters.pod b/openssl/doc/crypto/DH_generate_parameters.pod index 9081e9ea7..7f81a04d9 100644 --- a/openssl/doc/crypto/DH_generate_parameters.pod +++ b/openssl/doc/crypto/DH_generate_parameters.pod @@ -2,32 +2,39 @@ =head1 NAME -DH_generate_parameters, DH_check - generate and check Diffie-Hellman parameters + +DH_generate_parameters_ex, DH_generate_parameters, +DH_check - generate and check Diffie-Hellman parameters =head1 SYNOPSIS #include <openssl/dh.h> - DH *DH_generate_parameters(int prime_len, int generator, - void (*callback)(int, int, void *), void *cb_arg); + int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb); int DH_check(DH *dh, int *codes); +Deprecated: + + DH *DH_generate_parameters(int prime_len, int generator, + void (*callback)(int, int, void *), void *cb_arg); + =head1 DESCRIPTION -DH_generate_parameters() generates Diffie-Hellman parameters that can -be shared among a group of users, and returns them in a newly -allocated B<DH> structure. The pseudo-random number generator must be +DH_generate_parameters_ex() generates Diffie-Hellman parameters that can +be shared among a group of users, and stores them in the provided B<DH> +structure. The pseudo-random number generator must be seeded prior to calling DH_generate_parameters(). B<prime_len> is the length in bits of the safe prime to be generated. B<generator> is a small number E<gt> 1, typically 2 or 5. A callback function may be used to provide feedback about the progress -of the key generation. If B<callback> is not B<NULL>, it will be +of the key generation. If B<cb> is not B<NULL>, it will be called as described in L<BN_generate_prime(3)|BN_generate_prime(3)> while a random prime -number is generated, and when a prime has been found, B<callback(3, -0, cb_arg)> is called. +number is generated, and when a prime has been found, B<BN_GENCB_call(cb, 3, 0)> +is called. See L<BN_generate_prime(3)|BN_generate_prime(3)> for information on +the BN_GENCB_call() function. DH_check() validates Diffie-Hellman parameters. It checks that B<p> is a safe prime, and that B<g> is a suitable generator. In the case of an @@ -38,19 +45,21 @@ checked, i.e. it does not equal 2 or 5. =head1 RETURN VALUES -DH_generate_parameters() returns a pointer to the DH structure, or -NULL if the parameter generation fails. The error codes can be -obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +DH_generate_parameters_ex() and DH_check() return 1 if the check could be +performed, 0 otherwise. + +DH_generate_parameters() (deprecated) returns a pointer to the DH structure, or +NULL if the parameter generation fails. -DH_check() returns 1 if the check could be performed, 0 otherwise. +The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. =head1 NOTES -DH_generate_parameters() may run for several hours before finding a -suitable prime. +DH_generate_parameters_ex() and DH_generate_parameters() may run for several +hours before finding a suitable prime. -The parameters generated by DH_generate_parameters() are not to be -used in signature schemes. +The parameters generated by DH_generate_parameters_ex() and DH_generate_parameters() +are not to be used in signature schemes. =head1 BUGS diff --git a/openssl/doc/crypto/DSA_generate_parameters.pod b/openssl/doc/crypto/DSA_generate_parameters.pod index be7c924ff..16a67f22b 100644 --- a/openssl/doc/crypto/DSA_generate_parameters.pod +++ b/openssl/doc/crypto/DSA_generate_parameters.pod @@ -2,20 +2,26 @@ =head1 NAME -DSA_generate_parameters - generate DSA parameters +DSA_generate_parameters_ex, DSA_generate_parameters - generate DSA parameters =head1 SYNOPSIS #include <openssl/dsa.h> + int DSA_generate_parameters_ex(DSA *dsa, int bits, + const unsigned char *seed,int seed_len, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); + +Deprecated: + DSA *DSA_generate_parameters(int bits, unsigned char *seed, int seed_len, int *counter_ret, unsigned long *h_ret, void (*callback)(int, int, void *), void *cb_arg); =head1 DESCRIPTION -DSA_generate_parameters() generates primes p and q and a generator g -for use in the DSA. +DSA_generate_parameters_ex() generates primes p and q and a generator g +for use in the DSA and stores the result in B<dsa>. B<bits> is the length of the prime to be generated; the DSS allows a maximum of 1024 bits. @@ -25,64 +31,74 @@ generated at random. Otherwise, the seed is used to generate them. If the given seed does not yield a prime q, a new random seed is chosen and placed at B<seed>. -DSA_generate_parameters() places the iteration count in +DSA_generate_parameters_ex() places the iteration count in *B<counter_ret> and a counter used for finding a generator in *B<h_ret>, unless these are B<NULL>. A callback function may be used to provide feedback about the progress -of the key generation. If B<callback> is not B<NULL>, it will be -called as follows: +of the key generation. If B<cb> is not B<NULL>, it will be +called as shown below. For information on the BN_GENCB structure and the +BN_GENCB_call function discussed below, refer to +L<BN_generate_prime(3)|BN_generate_prime(3)>. =over 4 =item * -When a candidate for q is generated, B<callback(0, m++, cb_arg)> is called +When a candidate for q is generated, B<BN_GENCB_call(cb, 0, m++)> is called (m is 0 for the first candidate). =item * When a candidate for q has passed a test by trial division, -B<callback(1, -1, cb_arg)> is called. +B<BN_GENCB_call(cb, 1, -1)> is called. While a candidate for q is tested by Miller-Rabin primality tests, -B<callback(1, i, cb_arg)> is called in the outer loop +B<BN_GENCB_call(cb, 1, i)> is called in the outer loop (once for each witness that confirms that the candidate may be prime); i is the loop counter (starting at 0). =item * -When a prime q has been found, B<callback(2, 0, cb_arg)> and -B<callback(3, 0, cb_arg)> are called. +When a prime q has been found, B<BN_GENCB_call(cb, 2, 0)> and +B<BN_GENCB_call(cb, 3, 0)> are called. =item * Before a candidate for p (other than the first) is generated and tested, -B<callback(0, counter, cb_arg)> is called. +B<BN_GENCB_call(cb, 0, counter)> is called. =item * When a candidate for p has passed the test by trial division, -B<callback(1, -1, cb_arg)> is called. +B<BN_GENCB_call(cb, 1, -1)> is called. While it is tested by the Miller-Rabin primality test, -B<callback(1, i, cb_arg)> is called in the outer loop +B<BN_GENCB_call(cb, 1, i)> is called in the outer loop (once for each witness that confirms that the candidate may be prime). i is the loop counter (starting at 0). =item * -When p has been found, B<callback(2, 1, cb_arg)> is called. +When p has been found, B<BN_GENCB_call(cb, 2, 1)> is called. =item * -When the generator has been found, B<callback(3, 1, cb_arg)> is called. +When the generator has been found, B<BN_GENCB_call(cb, 3, 1)> is called. =back +DSA_generate_parameters() (deprecated) works in much the same way as for DSA_generate_parameters_ex, except that no B<dsa> parameter is passed and +instead a newly allocated B<DSA> structure is returned. Additionally "old +style" callbacks are used instead of the newer BN_GENCB based approach. +Refer to L<BN_generate_prime(3)|BN_generate_prime(3)> for further information. + =head1 RETURN VALUE +DSA_generate_parameters_ex() returns a 1 on success, or 0 otherwise. + DSA_generate_parameters() returns a pointer to the DSA structure, or -B<NULL> if the parameter generation fails. The error codes can be -obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +B<NULL> if the parameter generation fails. + +The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. =head1 BUGS @@ -91,7 +107,7 @@ Seed lengths E<gt> 20 are not supported. =head1 SEE ALSO L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, -L<DSA_free(3)|DSA_free(3)> +L<DSA_free(3)|DSA_free(3)>, L<BN_generate_prime(3)|BN_generate_prime(3)> =head1 HISTORY diff --git a/openssl/doc/crypto/EC_GFp_simple_method.pod b/openssl/doc/crypto/EC_GFp_simple_method.pod new file mode 100755 index 000000000..aff20ac17 --- /dev/null +++ b/openssl/doc/crypto/EC_GFp_simple_method.pod @@ -0,0 +1,60 @@ +=pod + +=head1 NAME + +EC_GFp_simple_method, EC_GFp_mont_method, EC_GFp_nist_method, EC_GFp_nistp224_method, EC_GFp_nistp256_method, EC_GFp_nistp521_method, EC_GF2m_simple_method, EC_METHOD_get_field_type - Functions for obtaining B<EC_METHOD> objects. + +=head1 SYNOPSIS + + #include <openssl/ec.h> + + const EC_METHOD *EC_GFp_simple_method(void); + const EC_METHOD *EC_GFp_mont_method(void); + const EC_METHOD *EC_GFp_nist_method(void); + const EC_METHOD *EC_GFp_nistp224_method(void); + const EC_METHOD *EC_GFp_nistp256_method(void); + const EC_METHOD *EC_GFp_nistp521_method(void); + + const EC_METHOD *EC_GF2m_simple_method(void); + + int EC_METHOD_get_field_type(const EC_METHOD *meth); + +=head1 DESCRIPTION + +The Elliptic Curve library provides a number of different implementations through a single common interface. +When constructing a curve using EC_GROUP_new (see L<EC_GROUP_new(3)|EC_GROUP_new(3)>) an +implementation method must be provided. The functions described here all return a const pointer to an +B<EC_METHOD> structure that can be passed to EC_GROUP_NEW. It is important that the correct implementation +type for the form of curve selected is used. + +For F2^m curves there is only one implementation choice, i.e. EC_GF2_simple_method. + +For Fp curves the lowest common denominator implementation is the EC_GFp_simple_method implementation. All +other implementations are based on this one. EC_GFp_mont_method builds on EC_GFp_simple_method but adds the +use of montgomery multiplication (see L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)>). EC_GFp_nist_method +offers an implementation optimised for use with NIST recommended curves (NIST curves are available through +EC_GROUP_new_by_curve_name as described in L<EC_GROUP_new(3)|EC_GROUP_new(3)>). + +The functions EC_GFp_nistp224_method, EC_GFp_nistp256_method and EC_GFp_nistp521_method offer 64 bit +optimised implementations for the NIST P224, P256 and P521 curves respectively. Note, however, that these +implementations are not available on all platforms. + +EC_METHOD_get_field_type identifies what type of field the EC_METHOD structure supports, which will be either +F2^m or Fp. If the field type is Fp then the value B<NID_X9_62_prime_field> is returned. If the field type is +F2^m then the value B<NID_X9_62_characteristic_two_field> is returned. These values are defined in the +obj_mac.h header file. + +=head1 RETURN VALUES + +All EC_GFp* functions and EC_GF2m_simple_method always return a const pointer to an EC_METHOD structure. + +EC_METHOD_get_field_type returns an integer that identifies the type of field the EC_METHOD structure supports. + +=head1 SEE ALSO + +L<crypto(3)|crypto(3)>, L<ec(3)|ec(3)>, L<EC_GROUP_new(3)|EC_GROUP_new(3)>, L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>, +L<EC_POINT_new(3)|EC_POINT_new(3)>, L<EC_POINT_add(3)|EC_POINT_add(3)>, L<EC_KEY_new(3)|EC_KEY_new(3)>, +L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)>, +L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)> + +=cut diff --git a/openssl/doc/crypto/EC_GROUP_copy.pod b/openssl/doc/crypto/EC_GROUP_copy.pod new file mode 100755 index 000000000..954af469d --- /dev/null +++ b/openssl/doc/crypto/EC_GROUP_copy.pod @@ -0,0 +1,174 @@ +=pod + +=head1 NAME + +EC_GROUP_copy, EC_GROUP_dup, EC_GROUP_method_of, EC_GROUP_set_generator, EC_GROUP_get0_generator, EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_set_curve_name, EC_GROUP_get_curve_name, EC_GROUP_set_asn1_flag, EC_GROUP_get_asn1_flag, EC_GROUP_set_point_conversion_form, EC_GROUP_get_point_conversion_form, EC_GROUP_get0_seed, EC_GROUP_get_seed_len, EC_GROUP_set_seed, EC_GROUP_get_degree, EC_GROUP_check, EC_GROUP_check_discriminant, EC_GROUP_cmp, EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis, EC_GROUP_get_pentanomial_basis - Functions for manipulating B<EC_GROUP> objects. + +=head1 SYNOPSIS + + #include <openssl/ec.h> + #include <openssl/bn.h> + + int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); + EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); + + const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); + + int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor); + const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); + + int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); + int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx); + + void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); + int EC_GROUP_get_curve_name(const EC_GROUP *group); + + void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); + int EC_GROUP_get_asn1_flag(const EC_GROUP *group); + + void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form); + point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); + + unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); + size_t EC_GROUP_get_seed_len(const EC_GROUP *); + size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); + + int EC_GROUP_get_degree(const EC_GROUP *group); + + int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); + + int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); + + int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); + + int EC_GROUP_get_basis_type(const EC_GROUP *); + int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); + int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, + unsigned int *k2, unsigned int *k3); + +=head1 DESCRIPTION + +EC_GROUP_copy copies the curve B<src> into B<dst>. Both B<src> and B<dst> must use the same EC_METHOD. + +EC_GROUP_dup creates a new EC_GROUP object and copies the content from B<src> to the newly created +EC_GROUP object. + +EC_GROUP_method_of obtains the EC_METHOD of B<group>. + +EC_GROUP_set_generator sets curve paramaters that must be agreed by all participants using the curve. These +paramaters include the B<generator>, the B<order> and the B<cofactor>. The B<generator> is a well defined point on the +curve chosen for cryptographic operations. Integers used for point multiplications will be between 0 and +n-1 where n is the B<order>. The B<order> multipied by the B<cofactor> gives the number of points on the curve. + +EC_GROUP_get0_generator returns the generator for the identified B<group>. + +The functions EC_GROUP_get_order and EC_GROUP_get_cofactor populate the provided B<order> and B<cofactor> parameters +with the respective order and cofactors for the B<group>. + +The functions EC_GROUP_set_curve_name and EC_GROUP_get_curve_name, set and get the NID for the curve respectively +(see L<EC_GROUP_new(3)|EC_GROUP_new(3)>). If a curve does not have a NID associated with it, then EC_GROUP_get_curve_name +will return 0. + +The asn1_flag value on a curve is used to determine whether there is a specific ASN1 OID to describe the curve or not. +If the asn1_flag is 1 then this is a named curve with an associated ASN1 OID. If not then asn1_flag is 0. The functions +EC_GROUP_get_asn1_flag and EC_GROUP_set_asn1_flag get and set the status of the asn1_flag for the curve. If set then +the curve_name must also be set. + +The point_coversion_form for a curve controls how EC_POINT data is encoded as ASN1 as defined in X9.62 (ECDSA). +point_conversion_form_t is an enum defined as follows: + + typedef enum { + /** the point is encoded as z||x, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_COMPRESSED = 2, + /** the point is encoded as z||x||y, where z is the octet 0x02 */ + POINT_CONVERSION_UNCOMPRESSED = 4, + /** the point is encoded as z||x||y, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_HYBRID = 6 + } point_conversion_form_t; + + +For POINT_CONVERSION_UNCOMPRESSED the point is encoded as an octet signifying the UNCOMPRESSED form has been used followed by +the octets for x, followed by the octets for y. + +For any given x co-ordinate for a point on a curve it is possible to derive two possible y values. For +POINT_CONVERSION_COMPRESSED the point is encoded as an octet signifying that the COMPRESSED form has been used AND which of +the two possible solutions for y has been used, followed by the octets for x. + +For POINT_CONVERSION_HYBRID the point is encoded as an octet signifying the HYBRID form has been used AND which of the two +possible solutions for y has been used, followed by the octets for x, followed by the octets for y. + +The functions EC_GROUP_set_point_conversion_form and EC_GROUP_get_point_conversion_form set and get the point_conversion_form +for the curve respectively. + +ANSI X9.62 (ECDSA standard) defines a method of generating the curve parameter b from a random number. This provides advantages +in that a parameter obtained in this way is highly unlikely to be susceptible to special purpose attacks, or have any trapdoors in it. +If the seed is present for a curve then the b parameter was generated in a verifiable fashion using that seed. The OpenSSL EC library +does not use this seed value but does enable you to inspect it using EC_GROUP_get0_seed. This returns a pointer to a memory block +containing the seed that was used. The length of the memory block can be obtained using EC_GROUP_get_seed_len. A number of the +builtin curves within the library provide seed values that can be obtained. It is also possible to set a custom seed using +EC_GROUP_set_seed and passing a pointer to a memory block, along with the length of the seed. Again, the EC library will not use +this seed value, although it will be preserved in any ASN1 based communications. + +EC_GROUP_get_degree gets the degree of the field. For Fp fields this will be the number of bits in p. For F2^m fields this will be +the value m. + +The function EC_GROUP_check_discriminant calculates the discriminant for the curve and verifies that it is valid. +For a curve defined over Fp the discriminant is given by the formula 4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is +simply b. In either case for the curve to be valid the discriminant must be non zero. + +The function EC_GROUP_check performs a number of checks on a curve to verify that it is valid. Checks performed include +verifying that the discriminant is non zero; that a generator has been defined; that the generator is on the curve and has +the correct order. + +EC_GROUP_cmp compares B<a> and B<b> to determine whether they represent the same curve or not. + +The functions EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis and EC_GROUP_get_pentanomial_basis should only be called for curves +defined over an F2^m field. Addition and multiplication operations within an F2^m field are performed using an irreducible polynomial +function f(x). This function is either a trinomial of the form: + +f(x) = x^m + x^k + 1 with m > k >= 1 + +or a pentanomial of the form: + +f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1 + +The function EC_GROUP_get_basis_type returns a NID identifying whether a trinomial or pentanomial is in use for the field. The +function EC_GROUP_get_trinomial_basis must only be called where f(x) is of the trinomial form, and returns the value of B<k>. Similary +the function EC_GROUP_get_pentanomial_basis must only be called where f(x) is of the pentanomial form, and returns the values of B<k1>, +B<k2> and B<k3> respectively. + +=head1 RETURN VALUES + +The following functions return 1 on success or 0 on error: EC_GROUP_copy, EC_GROUP_set_generator, EC_GROUP_check, +EC_GROUP_check_discriminant, EC_GROUP_get_trinomial_basis and EC_GROUP_get_pentanomial_basis. + +EC_GROUP_dup returns a pointer to the duplicated curve, or NULL on error. + +EC_GROUP_method_of returns the EC_METHOD implementation in use for the given curve or NULL on error. + +EC_GROUP_get0_generator returns the generator for the given curve or NULL on error. + +EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_get_curve_name, EC_GROUP_get_asn1_flag, EC_GROUP_get_point_conversion_form +and EC_GROUP_get_degree return the order, cofactor, curve name (NID), ASN1 flag, point_conversion_form and degree for the +specified curve respectively. If there is no curve name associated with a curve then EC_GROUP_get_curve_name will return 0. + +EC_GROUP_get0_seed returns a pointer to the seed that was used to generate the parameter b, or NULL if the seed is not +specified. EC_GROUP_get_seed_len returns the length of the seed or 0 if the seed is not specified. + +EC_GROUP_set_seed returns the length of the seed that has been set. If the supplied seed is NULL, or the supplied seed length is +0, the the return value will be 1. On error 0 is returned. + +EC_GROUP_cmp returns 0 if the curves are equal, 1 if they are not equal, or -1 on error. + +EC_GROUP_get_basis_type returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasis (as defined in <openssl/obj_mac.h>) for a +trinomial or pentanomial respectively. Alternatively in the event of an error a 0 is returned. + +=head1 SEE ALSO + +L<crypto(3)|crypto(3)>, L<ec(3)|ec(3)>, L<EC_GROUP_new(3)|EC_GROUP_new(3)>, +L<EC_POINT_new(3)|EC_POINT_new(3)>, L<EC_POINT_add(3)|EC_POINT_add(3)>, L<EC_KEY_new(3)|EC_KEY_new(3)>, +L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)> + +=cut diff --git a/openssl/doc/crypto/EC_GROUP_new.pod b/openssl/doc/crypto/EC_GROUP_new.pod new file mode 100755 index 000000000..ff55bf33a --- /dev/null +++ b/openssl/doc/crypto/EC_GROUP_new.pod @@ -0,0 +1,95 @@ +=pod + +=head1 NAME + +EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_new_curve_GFp, EC_GROUP_new_curve_GF2m, EC_GROUP_new_by_curve_name, EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m, EC_get_builtin_curves - Functions for creating and destroying B<EC_GROUP> objects. + +=head1 SYNOPSIS + + #include <openssl/ec.h> + #include <openssl/bn.h> + + EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); + void EC_GROUP_free(EC_GROUP *group); + void EC_GROUP_clear_free(EC_GROUP *group); + + EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + EC_GROUP *EC_GROUP_new_by_curve_name(int nid); + + int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + + size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); + +=head1 DESCRIPTION + +Within the library there are two forms of elliptic curve that are of interest. The first form is those defined over the +prime field Fp. The elements of Fp are the integers 0 to p-1, where p is a prime number. This gives us a revised +elliptic curve equation as follows: + +y^2 mod p = x^3 +ax + b mod p + +The second form is those defined over a binary field F2^m where the elements of the field are integers of length at +most m bits. For this form the elliptic curve equation is modified to: + +y^2 + xy = x^3 + ax^2 + b (where b != 0) + +Operations in a binary field are performed relative to an B<irreducible polynomial>. All such curves with OpenSSL +use a trinomial or a pentanomial for this parameter. + +A new curve can be constructed by calling EC_GROUP_new, using the implementation provided by B<meth> (see +L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>). It is then necessary to call either EC_GROUP_set_curve_GFp or +EC_GROUP_set_curve_GF2m as appropriate to create a curve defined over Fp or over F2^m respectively. + +EC_GROUP_set_curve_GFp sets the curve parameters B<p>, B<a> and B<b> for a curve over Fp stored in B<group>. +EC_group_get_curve_GFp obtains the previously set curve parameters. + +EC_GROUP_set_curve_GF2m sets the equivalent curve parameters for a curve over F2^m. In this case B<p> represents +the irreducible polybnomial - each bit represents a term in the polynomial. Therefore there will either be three +or five bits set dependant on whether the polynomial is a trinomial or a pentanomial. +EC_group_get_curve_GF2m obtains the previously set curve parameters. + +The functions EC_GROUP_new_curve_GFp and EC_GROUP_new_curve_GF2m are shortcuts for calling EC_GROUP_new and the +appropriate EC_group_set_curve function. An appropriate default implementation method will be used. + +Whilst the library can be used to create any curve using the functions described above, there are also a number of +predefined curves that are available. In order to obtain a list of all of the predefined curves, call the function +EC_get_builtin_curves. The parameter B<r> should be an array of EC_builtin_curve structures of size B<nitems>. The function +will populate the B<r> array with information about the builtin curves. If B<nitems> is less than the total number of +curves available, then the first B<nitems> curves will be returned. Otherwise the total number of curves will be +provided. The return value is the total number of curves available (whether that number has been populated in B<r> or +not). Passing a NULL B<r>, or setting B<nitems> to 0 will do nothing other than return the total number of curves available. +The EC_builtin_curve structure is defined as follows: + + typedef struct { + int nid; + const char *comment; + } EC_builtin_curve; + +Each EC_builtin_curve item has a unique integer id (B<nid>), and a human readable comment string describing the curve. + +In order to construct a builtin curve use the function EC_GROUP_new_by_curve_name and provide the B<nid> of the curve to +be constructed. + +EC_GROUP_free frees the memory associated with the EC_GROUP. + +EC_GROUP_clear_free destroys any sensitive data held within the EC_GROUP and then frees its memory. + +=head1 RETURN VALUES + +All EC_GROUP_new* functions return a pointer to the newly constructed group, or NULL on error. + +EC_get_builtin_curves returns the number of builtin curves that are available. + +EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m return 1 on success or 0 on error. + +=head1 SEE ALSO + +L<crypto(3)|crypto(3)>, L<ec(3)|ec(3)>, L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>, +L<EC_POINT_new(3)|EC_POINT_new(3)>, L<EC_POINT_add(3)|EC_POINT_add(3)>, L<EC_KEY_new(3)|EC_KEY_new(3)>, +L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)> + +=cut diff --git a/openssl/doc/crypto/EC_KEY_new.pod b/openssl/doc/crypto/EC_KEY_new.pod new file mode 100755 index 000000000..2027569f4 --- /dev/null +++ b/openssl/doc/crypto/EC_KEY_new.pod @@ -0,0 +1,120 @@ +=pod + +=head1 NAME + +EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, EC_KEY_new_by_curve_name, EC_KEY_free, EC_KEY_copy, EC_KEY_dup, EC_KEY_up_ref, EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, EC_KEY_set_public_key, EC_KEY_get_enc_flags, EC_KEY_set_enc_flags, EC_KEY_get_conv_form, EC_KEY_set_conv_form, EC_KEY_get_key_method_data, EC_KEY_insert_key_method_data, EC_KEY_set_asn1_flag, EC_KEY_precompute_mult, EC_KEY_generate_key, EC_KEY_check_key, EC_KEY_set_public_key_affine_coordinates - Functions for creating, destroying and manipulating B<EC_KEY> objects. + +=head1 SYNOPSIS + + #include <openssl/ec.h> + #include <openssl/bn.h> + + EC_KEY *EC_KEY_new(void); + int EC_KEY_get_flags(const EC_KEY *key); + void EC_KEY_set_flags(EC_KEY *key, int flags); + void EC_KEY_clear_flags(EC_KEY *key, int flags); + EC_KEY *EC_KEY_new_by_curve_name(int nid); + void EC_KEY_free(EC_KEY *key); + EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); + EC_KEY *EC_KEY_dup(const EC_KEY *src); + int EC_KEY_up_ref(EC_KEY *key); + const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); + int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); + const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); + int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); + const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); + int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); + unsigned int EC_KEY_get_enc_flags(const EC_KEY *key); + void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); + point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); + void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); + void *EC_KEY_get_key_method_data(EC_KEY *key, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); + void EC_KEY_insert_key_method_data(EC_KEY *key, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); + void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); + int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); + int EC_KEY_generate_key(EC_KEY *key); + int EC_KEY_check_key(const EC_KEY *key); + int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y); + +=head1 DESCRIPTION + +An EC_KEY represents a public key and (optionaly) an associated private key. A new EC_KEY (with no associated curve) can be constructed by calling EC_KEY_new. +The reference count for the newly created EC_KEY is initially set to 1. A curve can be associated with the EC_KEY by calling +EC_KEY_set_group. + +Alternatively a new EC_KEY can be constructed by calling EC_KEY_new_by_curve_name and supplying the nid of the associated curve. Refer to L<EC_GROUP_new(3)|EC_GROUP_new(3)> for a description of curve names. This function simply wraps calls to EC_KEY_new and +EC_GROUP_new_by_curve_name. + +Calling EC_KEY_free decrements the reference count for the EC_KEY object, and if it has dropped to zero then frees the memory associated +with it. + +EC_KEY_copy copies the contents of the EC_KEY in B<src> into B<dest>. + +EC_KEY_dup creates a new EC_KEY object and copies B<ec_key> into it. + +EC_KEY_up_ref increments the reference count associated with the EC_KEY object. + +EC_KEY_generate_key generates a new public and private key for the supplied B<eckey> object. B<eckey> must have an EC_GROUP object +associated with it before calling this function. The private key is a random integer (0 < priv_key < order, where order is the order +of the EC_GROUP object). The public key is an EC_POINT on the curve calculated by multiplying the generator for the curve by the +private key. + +EC_KEY_check_key performs various sanity checks on the EC_KEY object to confirm that it is valid. + +EC_KEY_set_public_key_affine_coordinates sets the public key for B<key> based on its affine co-ordinates, i.e. it constructs an EC_POINT +object based on the supplied B<x> and B<y> values and sets the public key to be this EC_POINT. It will also performs certain sanity checks +on the key to confirm that it is valid. + +The functions EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_KEY_set_private_key, EC_KEY_get0_public_key, and EC_KEY_set_public_key get and set the EC_GROUP object, the private key and the EC_POINT public key for the B<key> respectively. + +The functions EC_KEY_get_enc_flags and EC_KEY_set_enc_flags get and set the value of the encoding flags for the B<key>. There are two encoding +flags currently defined - EC_PKEY_NO_PARAMETERS and EC_PKEY_NO_PUBKEY. These flags define the behaviour of how the B<key> is +converted into ASN1 in a call to i2d_ECPrivateKey. If EC_PKEY_NO_PARAMETERS is set then the public parameters for the curve are not encoded +along with the private key. If EC_PKEY_NO_PUBKEY is set then the public key is not encoded along with the private key. + +When reading a private key encoded with EC_PKEY_NO_PUBKEY, +d2i_ECPrivateKey generates the missing public key +automatically. Private keys encoded with EC_PKEY_NO_PARAMETERS cannot +be loaded using d2i_ECPrivateKey. + +The functions EC_KEY_get_conv_form and EC_KEY_set_conv_form get and set the point_conversion_form for the B<key>. For a description +of point_conversion_forms please refer to L<EC_POINT_new(3)|EC_POINT_new(3)>. + +EC_KEY_insert_key_method_data and EC_KEY_get_key_method_data enable the caller to associate arbitary additional data specific to the +elliptic curve scheme being used with the EC_KEY object. This data is treated as a "black box" by the ec library. The data to be stored by EC_KEY_insert_key_method_data is provided in the B<data> parameter, which must have have associated functions for duplicating, freeing and "clear_freeing" the data item. If a subsequent EC_KEY_get_key_method_data call is issued, the functions for duplicating, freeing and "clear_freeing" the data item must be provided again, and they must be the same as they were when the data item was inserted. + +EC_KEY_set_flags sets the flags in the B<flags> parameter on the EC_KEY object. Any flags that are already set are left set. The currently defined standard flags are EC_FLAG_NON_FIPS_ALLOW and EC_FLAG_FIPS_CHECKED. In addition there is the flag EC_FLAG_COFACTOR_ECDH which is specific to ECDH and is defined in ecdh.h. EC_KEY_get_flags returns the current flags that are set for this EC_KEY. EC_KEY_clear_flags clears the flags indicated by the B<flags> parameter. All other flags are left in their existing state. + +EC_KEY_set_asn1_flag sets the asn1_flag on the underlying EC_GROUP object (if set). Refer to L<EC_GROUP_copy(3)|EC_GROUP_copy(3)> for further information on the asn1_flag. + +EC_KEY_precompute_mult stores multiples of the underlying EC_GROUP generator for faster point multiplication. See also L<EC_POINT_add(3)|EC_POINT_add(3)>. + + +=head1 RETURN VALUES + +EC_KEY_new, EC_KEY_new_by_curve_name and EC_KEY_dup return a pointer to the newly created EC_KEY object, or NULL on error. + +EC_KEY_get_flags returns the flags associated with the EC_KEY object as an integer. + +EC_KEY_copy returns a pointer to the destination key, or NULL on error. + +EC_KEY_up_ref, EC_KEY_set_group, EC_KEY_set_private_key, EC_KEY_set_public_key, EC_KEY_precompute_mult, EC_KEY_generate_key, EC_KEY_check_key and EC_KEY_set_public_key_affine_coordinates return 1 on success or 0 on error. + +EC_KEY_get0_group returns the EC_GROUP associated with the EC_KEY. + +EC_KEY_get0_private_key returns the private key associated with the EC_KEY. + +EC_KEY_get_enc_flags returns the value of the current encoding flags for the EC_KEY. + +EC_KEY_get_conv_form return the point_conversion_form for the EC_KEY. + + +=head1 SEE ALSO + +L<crypto(3)|crypto(3)>, L<ec(3)|ec(3)>, L<EC_GROUP_new(3)|EC_GROUP_new(3)>, L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>, +L<EC_POINT_new(3)|EC_POINT_new(3)>, L<EC_POINT_add(3)|EC_POINT_add(3)>, +L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)> + +=cut diff --git a/openssl/doc/crypto/EC_POINT_add.pod b/openssl/doc/crypto/EC_POINT_add.pod new file mode 100755 index 000000000..ae9264084 --- /dev/null +++ b/openssl/doc/crypto/EC_POINT_add.pod @@ -0,0 +1,72 @@ +=pod + +=head1 NAME + +EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp, EC_POINT_make_affine, EC_POINTs_make_affine, EC_POINTs_mul, EC_POINT_mul, EC_GROUP_precompute_mult, EC_GROUP_have_precompute_mult - Functions for performing mathematical operations and tests on B<EC_POINT> objects. + +=head1 SYNOPSIS + + #include <openssl/ec.h> + #include <openssl/bn.h> + + int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); + int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx); + int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); + int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); + int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx); + int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); + int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); + int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx); + int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); + int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); + int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); + int EC_GROUP_have_precompute_mult(const EC_GROUP *group); + + +=head1 DESCRIPTION + +EC_POINT_add adds the two points B<a> and B<b> and places the result in B<r>. Similarly EC_POINT_dbl doubles the point B<a> and places the +result in B<r>. In both cases it is valid for B<r> to be one of B<a> or B<b>. + +EC_POINT_invert calculates the inverse of the supplied point B<a>. The result is placed back in B<a>. + +The function EC_POINT_is_at_infinity tests whether the supplied point is at infinity or not. + +EC_POINT_is_on_curve tests whether the supplied point is on the curve or not. + +EC_POINT_cmp compares the two supplied points and tests whether or not they are equal. + +The functions EC_POINT_make_affine and EC_POINTs_make_affine force the internal representation of the EC_POINT(s) into the affine +co-ordinate system. In the case of EC_POINTs_make_affine the value B<num> provides the number of points in the array B<points> to be +forced. + +EC_POINT_mul calculates the value generator * B<n> + B<q> * B<m> and stores the result in B<r>. The value B<n> may be NULL in which case the result is just B<q> * B<m>. + +EC_POINTs_mul calculates the value generator * B<n> + B<q[0]> * B<m[0]> + ... + B<q[num-1]> * B<m[num-1]>. As for EC_POINT_mul the value +B<n> may be NULL. + +The function EC_GROUP_precompute_mult stores multiples of the generator for faster point multiplication, whilst +EC_GROUP_have_precompute_mult tests whether precomputation has already been done. See L<EC_GROUP_copy(3)|EC_GROUP_copy(3)> for information +about the generator. + + +=head1 RETURN VALUES + +The following functions return 1 on success or 0 on error: EC_POINT_add, EC_POINT_dbl, EC_POINT_invert, EC_POINT_make_affine, +EC_POINTs_make_affine, EC_POINTs_make_affine, EC_POINT_mul, EC_POINTs_mul and EC_GROUP_precompute_mult. + +EC_POINT_is_at_infinity returns 1 if the point is at infinity, or 0 otherwise. + +EC_POINT_is_on_curve returns 1 if the point is on the curve, 0 if not, or -1 on error. + +EC_POINT_cmp returns 1 if the points are not equal, 0 if they are, or -1 on error. + +EC_GROUP_have_precompute_mult return 1 if a precomputation has been done, or 0 if not. + +=head1 SEE ALSO + +L<crypto(3)|crypto(3)>, L<ec(3)|ec(3)>, L<EC_GROUP_new(3)|EC_GROUP_new(3)>, L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>, +L<EC_POINT_new(3)|EC_POINT_new(3)>, L<EC_KEY_new(3)|EC_KEY_new(3)>, +L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)> + +=cut diff --git a/openssl/doc/crypto/EC_POINT_new.pod b/openssl/doc/crypto/EC_POINT_new.pod new file mode 100755 index 000000000..69eb0d1a0 --- /dev/null +++ b/openssl/doc/crypto/EC_POINT_new.pod @@ -0,0 +1,123 @@ +=pod + +=head1 NAME + +EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy, EC_POINT_dup, EC_POINT_method_of, EC_POINT_set_to_infinity, EC_POINT_set_Jprojective_coordinates, EC_POINT_get_Jprojective_coordinates_GFp, EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp, EC_POINT_set_compressed_coordinates_GFp, EC_POINT_set_affine_coordinates_GF2m, EC_POINT_get_affine_coordinates_GF2m, EC_POINT_set_compressed_coordinates_GF2m, EC_POINT_point2oct, EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point, EC_POINT_point2hex, EC_POINT_hex2point - Functions for creating, destroying and manipulating B<EC_POINT> objects. + +=head1 SYNOPSIS + + #include <openssl/ec.h> + #include <openssl/bn.h> + + EC_POINT *EC_POINT_new(const EC_GROUP *group); + void EC_POINT_free(EC_POINT *point); + void EC_POINT_clear_free(EC_POINT *point); + int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); + EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); + const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); + int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); + int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx); + int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx); + int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); + int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); + int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); + int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); + size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx); + int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, + const unsigned char *buf, size_t len, BN_CTX *ctx); + BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BIGNUM *, BN_CTX *); + EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *, + EC_POINT *, BN_CTX *); + char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BN_CTX *); + EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, + EC_POINT *, BN_CTX *); + + +=head1 DESCRIPTION + +An EC_POINT represents a point on a curve. A new point is constructed by calling the function EC_POINT_new and providing the B<group> +object that the point relates to. + +EC_POINT_free frees the memory associated with the EC_POINT. + +EC_POINT_clear_free destroys any sensitive data held within the EC_POINT and then frees its memory. + +EC_POINT_copy copies the point B<src> into B<dst>. Both B<src> and B<dst> must use the same EC_METHOD. + +EC_POINT_dup creates a new EC_POINT object and copies the content from B<src> to the newly created +EC_POINT object. + +EC_POINT_method_of obtains the EC_METHOD associated with B<point>. + +A valid point on a curve is the special point at infinity. A point is set to be at infinity by calling EC_POINT_set_to_infinity. + +The affine co-ordinates for a point describe a point in terms of its x and y position. The functions +EC_POINT_set_affine_coordinates_GFp and EC_POINT_set_affine_coordinates_GF2m set the B<x> and B<y> co-ordinates for the point +B<p> defined over the curve given in B<group>. + +As well as the affine co-ordinates, a point can alternatively be described in terms of its Jacobian +projective co-ordinates (for Fp curves only). Jacobian projective co-ordinates are expressed as three values x, y and z. Working in +this co-ordinate system provides more efficient point multiplication operations. +A mapping exists between Jacobian projective co-ordinates and affine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written as an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian projective to affine co-ordinates is simple. The co-ordinate (x, y) is +mapped to (x, y, 1). To set or get the projective co-ordinates use EC_POINT_set_Jprojective_coordinates_GFp and +EC_POINT_get_Jprojective_coordinates_GFp respectively. + +Points can also be described in terms of their compressed co-ordinates. For a point (x, y), for any given value for x such that the point is +on the curve there will only ever be two possible values for y. Therefore a point can be set using the EC_POINT_set_compressed_coordinates_GFp +and EC_POINT_set_compressed_coordinates_GF2m functions where B<x> is the x co-ordinate and B<y_bit> is a value 0 or 1 to identify which of +the two possible values for y should be used. + +In addition EC_POINTs can be converted to and from various external representations. Supported representations are octet strings, BIGNUMs and hexadecimal. The format of the external representation is described by the point_conversion_form. See L<EC_GROUP_copy(3)|EC_GROUP_copy(3)> for +a description of point_conversion_form. Octet strings are stored in a buffer along with an associated buffer length. A point held in a BIGNUM is calculated by converting the point to an octet string and then converting that octet string into a BIGNUM integer. Points in hexadecimal format are stored in a NULL terminated character string where each character is one of the printable values 0-9 or A-F (or a-f). + +The functions EC_POINT_point2oct, EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point, EC_POINT_point2hex and EC_POINT_hex2point convert +from and to EC_POINTs for the formats: octet string, BIGNUM and hexadecimal respectively. + +The function EC_POINT_point2oct must be supplied with a buffer long enough to store the octet string. The return value provides the number of +octets stored. Calling the function with a NULL buffer will not perform the conversion but will still return the required buffer length. + +The function EC_POINT_point2hex will allocate sufficient memory to store the hexadecimal string. It is the caller's responsibility to free +this memory with a subsequent call to OPENSSL_free(). + +=head1 RETURN VALUES + +EC_POINT_new and EC_POINT_dup return the newly allocated EC_POINT or NULL on error. + +The following functions return 1 on success or 0 on error: EC_POINT_copy, EC_POINT_set_to_infinity, EC_POINT_set_Jprojective_coordinates_GFp, +EC_POINT_get_Jprojective_coordinates_GFp, EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp, +EC_POINT_set_compressed_coordinates_GFp, EC_POINT_set_affine_coordinates_GF2m, EC_POINT_get_affine_coordinates_GF2m, +EC_POINT_set_compressed_coordinates_GF2m and EC_POINT_oct2point. + +EC_POINT_method_of returns the EC_METHOD associated with the supplied EC_POINT. + +EC_POINT_point2oct returns the length of the required buffer, or 0 on error. + +EC_POINT_point2bn returns the pointer to the BIGNUM supplied, or NULL on error. + +EC_POINT_bn2point returns the pointer to the EC_POINT supplied, or NULL on error. + +EC_POINT_point2hex returns a pointer to the hex string, or NULL on error. + +EC_POINT_hex2point returns the pointer to the EC_POINT supplied, or NULL on error. + +=head1 SEE ALSO + +L<crypto(3)|crypto(3)>, L<ec(3)|ec(3)>, L<EC_GROUP_new(3)|EC_GROUP_new(3)>, L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>, +L<EC_POINT_add(3)|EC_POINT_add(3)>, L<EC_KEY_new(3)|EC_KEY_new(3)>, +L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)> + +=cut diff --git a/openssl/doc/crypto/ERR_remove_state.pod b/openssl/doc/crypto/ERR_remove_state.pod index 72925fb9f..a4d38c17f 100644 --- a/openssl/doc/crypto/ERR_remove_state.pod +++ b/openssl/doc/crypto/ERR_remove_state.pod @@ -2,26 +2,35 @@ =head1 NAME -ERR_remove_state - free a thread's error queue +ERR_remove_thread_state, ERR_remove_state - free a thread's error queue =head1 SYNOPSIS #include <openssl/err.h> + void ERR_remove_thread_state(const CRYPTO_THREADID *tid); + +Deprecated: + void ERR_remove_state(unsigned long pid); =head1 DESCRIPTION -ERR_remove_state() frees the error queue associated with thread B<pid>. -If B<pid> == 0, the current thread will have its error queue removed. +ERR_remove_thread_state() frees the error queue associated with thread B<tid>. +If B<tid> == B<NULL>, the current thread will have its error queue removed. Since error queue data structures are allocated automatically for new threads, they must be freed when threads are terminated in order to avoid memory leaks. +ERR_remove_state is deprecated and has been replaced by +ERR_remove_thread_state. Since threads in OpenSSL are no longer identified +by unsigned long values any argument to this function is ignored. Calling +ERR_remove_state is equivalent to B<ERR_remove_thread_state(NULL)>. + =head1 RETURN VALUE -ERR_remove_state() returns no value. +ERR_remove_thread_state and ERR_remove_state() return no value. =head1 SEE ALSO @@ -29,6 +38,8 @@ L<err(3)|err(3)> =head1 HISTORY -ERR_remove_state() is available in all versions of SSLeay and OpenSSL. +ERR_remove_state() is available in all versions of SSLeay and OpenSSL. It +was deprecated in OpenSSL 1.0.0 when ERR_remove_thread_state was introduced +and thread IDs were introduced to identify threads instead of 'unsigned long'. =cut diff --git a/openssl/doc/crypto/EVP_BytesToKey.pod b/openssl/doc/crypto/EVP_BytesToKey.pod index 0ea7d55c0..5d6059528 100644 --- a/openssl/doc/crypto/EVP_BytesToKey.pod +++ b/openssl/doc/crypto/EVP_BytesToKey.pod @@ -36,8 +36,8 @@ If the total key and IV length is less than the digest length and B<MD5> is used then the derivation algorithm is compatible with PKCS#5 v1.5 otherwise a non standard extension is used to derive the extra data. -Newer applications should use more standard algorithms such as PKCS#5 -v2.0 for key derivation. +Newer applications should use more standard algorithms such as PBKDF2 as +defined in PKCS#5v2.1 for key derivation. =head1 KEY DERIVATION ALGORITHM @@ -55,7 +55,10 @@ the IV. =head1 RETURN VALUES -EVP_BytesToKey() returns the size of the derived key in bytes. +If B<data> is NULL, then EVP_BytesToKey() returns the number of bytes +needed to store the derived key. +Otherwise, EVP_BytesToKey() returns the size of the derived key in bytes, +or 0 on error. =head1 SEE ALSO diff --git a/openssl/doc/crypto/EVP_DigestInit.pod b/openssl/doc/crypto/EVP_DigestInit.pod index ac526bb6d..0895e8c39 100644 --- a/openssl/doc/crypto/EVP_DigestInit.pod +++ b/openssl/doc/crypto/EVP_DigestInit.pod @@ -4,10 +4,10 @@ EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, -EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, -EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, -EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_sha224, EVP_sha256, -EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1, EVP_mdc2, +EVP_MD_CTX_copy_ex, EVP_DigestInit, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type, +EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, +EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, +EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1, EVP_mdc2, EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines @@ -270,7 +270,7 @@ and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7. EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were -changed to return truely const EVP_MD * in OpenSSL 0.9.7. +changed to return truly const EVP_MD * in OpenSSL 0.9.7. The link between digests and signing algorithms was fixed in OpenSSL 1.0 and later, so now EVP_sha1() can be used with RSA and DSA; there is no need to diff --git a/openssl/doc/crypto/EVP_DigestVerifyInit.pod b/openssl/doc/crypto/EVP_DigestVerifyInit.pod index cfeccd96e..e0217e40c 100644 --- a/openssl/doc/crypto/EVP_DigestVerifyInit.pod +++ b/openssl/doc/crypto/EVP_DigestVerifyInit.pod @@ -11,7 +11,7 @@ EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal - EVP signat int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); - int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen); + int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen); =head1 DESCRIPTION diff --git a/openssl/doc/crypto/EVP_EncryptInit.pod b/openssl/doc/crypto/EVP_EncryptInit.pod index 4e22edcd6..fb6036f95 100644 --- a/openssl/doc/crypto/EVP_EncryptInit.pod +++ b/openssl/doc/crypto/EVP_EncryptInit.pod @@ -16,7 +16,17 @@ EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags, EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, -EVP_CIPHER_CTX_set_padding - EVP cipher routines +EVP_CIPHER_CTX_set_padding, EVP_enc_null, EVP_des_cbc, EVP_des_ecb, +EVP_des_cfb, EVP_des_ofb, EVP_des_ede_cbc, EVP_des_ede, EVP_des_ede_ofb, +EVP_des_ede_cfb, EVP_des_ede3_cbc, EVP_des_ede3, EVP_des_ede3_ofb, +EVP_des_ede3_cfb, EVP_desx_cbc, EVP_rc4, EVP_rc4_40, EVP_idea_cbc, +EVP_idea_ecb, EVP_idea_cfb, EVP_idea_ofb, EVP_idea_cbc, EVP_rc2_cbc, +EVP_rc2_ecb, EVP_rc2_cfb, EVP_rc2_ofb, EVP_rc2_40_cbc, EVP_rc2_64_cbc, +EVP_bf_cbc, EVP_bf_ecb, EVP_bf_cfb, EVP_bf_ofb, EVP_cast5_cbc, +EVP_cast5_ecb, EVP_cast5_cfb, EVP_cast5_ofb, EVP_rc5_32_12_16_cbc, +EVP_rc5_32_12_16_ecb, EVP_rc5_32_12_16_cfb, EVP_rc5_32_12_16_ofb, +EVP_aes_128_gcm, EVP_aes_192_gcm, EVP_aes_256_gcm, EVP_aes_128_ccm, +EVP_aes_192_ccm, EVP_aes_256_ccm - EVP cipher routines =head1 SYNOPSIS @@ -115,7 +125,7 @@ writes the encrypted version to B<out>. This function can be called multiple times to encrypt successive blocks of data. The amount of data written depends on the block alignment of the encrypted data: as a result the amount of data written may be anything from zero bytes -to (inl + cipher_block_size - 1) so B<outl> should contain sufficient +to (inl + cipher_block_size - 1) so B<out> should contain sufficient room. The actual number of bytes written is placed in B<outl>. If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts @@ -231,8 +241,7 @@ or the parameters cannot be set (for example the RC2 effective key length is not supported. EVP_CIPHER_CTX_ctrl() allows various cipher specific parameters to be determined -and set. Currently only the RC2 effective key length and the number of rounds of -RC5 can be set. +and set. =head1 RETURN VALUES @@ -338,8 +347,88 @@ RC5 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a cipher with an additional "number of rounds" parameter. By default the key length is set to 128 bits and 12 rounds. +=item EVP_aes_128_gcm(void), EVP_aes_192_gcm(void), EVP_aes_256_gcm(void) + +AES Galois Counter Mode (GCM) for 128, 192 and 256 bit keys respectively. +These ciphers require additional control operations to function correctly: see +L<GCM mode> section below for details. + +=item EVP_aes_128_ccm(void), EVP_aes_192_ccm(void), EVP_aes_256_ccm(void) + +AES Counter with CBC-MAC Mode (CCM) for 128, 192 and 256 bit keys respectively. +These ciphers require additional control operations to function correctly: see +CCM mode section below for details. + =back +=head1 GCM Mode + +For GCM mode ciphers the behaviour of the EVP interface is subtly altered and +several GCM specific ctrl operations are supported. + +To specify any additional authenticated data (AAD) a call to EVP_CipherUpdate(), +EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output +parameter B<out> set to B<NULL>. + +When decrypting the return value of EVP_DecryptFinal() or EVP_CipherFinal() +indicates if the operation was successful. If it does not indicate success +the authentication operation has failed and any output data B<MUST NOT> +be used as it is corrupted. + +The following ctrls are supported in GCM mode: + + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivlen, NULL); + +Sets the GCM IV length: this call can only be made before specifying an IV. If +not called a default IV length is used (96 bits for AES). + + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, taglen, tag); + +Writes B<taglen> bytes of the tag value to the buffer indicated by B<tag>. +This call can only be made when encrypting data and B<after> all data has been +processed (e.g. after an EVP_EncryptFinal() call). + + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, taglen, tag); + +Sets the expected tag to B<taglen> bytes from B<tag>. This call is only legal +when decrypting data and must be made B<before> any data is processed (e.g. +before any EVP_DecryptUpdate() call). + +See L<EXAMPLES> below for an example of the use of GCM mode. + +=head1 CCM Mode + +The behaviour of CCM mode ciphers is similar to CCM mode but with a few +additional requirements and different ctrl values. + +Like GCM mode any additional authenticated data (AAD) is passed by calling +EVP_CipherUpdate(), EVP_EncryptUpdate() or EVP_DecryptUpdate() with the output +parameter B<out> set to B<NULL>. Additionally the total plaintext or ciphertext +length B<MUST> be passed to EVP_CipherUpdate(), EVP_EncryptUpdate() or +EVP_DecryptUpdate() with the output and input parameters (B<in> and B<out>) +set to B<NULL> and the length passed in the B<inl> parameter. + +The following ctrls are supported in CCM mode: + + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, taglen, tag); + +This call is made to set the expected B<CCM> tag value when decrypting or +the length of the tag (with the B<tag> parameter set to NULL) when encrypting. +The tag length is often referred to as B<M>. If not set a default value is +used (12 for AES). + + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_L, ivlen, NULL); + +Sets the CCM B<L> value. If not set a default is used (8 for AES). + + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, ivlen, NULL); + +Sets the CCM nonce (IV) length: this call can only be made before specifying +an nonce value. The nonce length is given by B<15 - L> so it is 7 by default +for AES. + + + =head1 NOTES Where possible the B<EVP> interface to symmetric ciphers should be used in diff --git a/openssl/doc/crypto/EVP_PKEY_CTX_ctrl.pod b/openssl/doc/crypto/EVP_PKEY_CTX_ctrl.pod index 13b91f1e6..44b5fdb7f 100644 --- a/openssl/doc/crypto/EVP_PKEY_CTX_ctrl.pod +++ b/openssl/doc/crypto/EVP_PKEY_CTX_ctrl.pod @@ -2,7 +2,13 @@ =head1 NAME -EVP_PKEY_ctrl, EVP_PKEY_ctrl_str - algorithm specific control operations +EVP_PKEY_CTX_ctrl, EVP_PKEY_CTX_ctrl_str, EVP_PKEY_get_default_digest_nid, +EVP_PKEY_CTX_set_signature_md, EVP_PKEY_CTX_set_rsa_padding, +EVP_PKEY_CTX_set_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_rsa_keygen_bits, +EVP_PKEY_CTX_set_rsa_keygen_pubexp, EVP_PKEY_CTX_set_dsa_paramgen_bits, +EVP_PKEY_CTX_set_dh_paramgen_prime_len, +EVP_PKEY_CTX_set_dh_paramgen_generator, +EVP_PKEY_CTX_set_ec_paramgen_curve_nid - algorithm specific control operations =head1 SYNOPSIS @@ -45,7 +51,7 @@ B<p1> and B<p2>. Applications will not normally call EVP_PKEY_CTX_ctrl() directly but will instead call one of the algorithm specific macros below. -The function EVP_PKEY_ctrl_str() allows an application to send an algorithm +The function EVP_PKEY_CTX_ctrl_str() allows an application to send an algorithm specific control operation to a context B<ctx> in string form. This is intended to be used for options specified on the command line or in text files. The commands supported are documented in the openssl utility diff --git a/openssl/doc/crypto/EVP_PKEY_cmp.pod b/openssl/doc/crypto/EVP_PKEY_cmp.pod index 4f8185e36..0ff027c0d 100644 --- a/openssl/doc/crypto/EVP_PKEY_cmp.pod +++ b/openssl/doc/crypto/EVP_PKEY_cmp.pod @@ -23,10 +23,10 @@ doesn't use parameters. The function EVP_PKEY_copy_parameters() copies the parameters from key B<from> to key B<to>. -The funcion EVP_PKEY_cmp_parameters() compares the parameters of keys +The function EVP_PKEY_cmp_parameters() compares the parameters of keys B<a> and B<b>. -The funcion EVP_PKEY_cmp() compares the public key components and paramters +The function EVP_PKEY_cmp() compares the public key components and paramters (if present) of keys B<a> and B<b>. =head1 NOTES diff --git a/openssl/doc/crypto/EVP_PKEY_encrypt.pod b/openssl/doc/crypto/EVP_PKEY_encrypt.pod index e495a8124..6799ce101 100644 --- a/openssl/doc/crypto/EVP_PKEY_encrypt.pod +++ b/openssl/doc/crypto/EVP_PKEY_encrypt.pod @@ -43,19 +43,23 @@ indicates the operation is not supported by the public key algorithm. =head1 EXAMPLE -Encrypt data using OAEP (for RSA keys): +Encrypt data using OAEP (for RSA keys). See also L<PEM_read_PUBKEY(3)|pem(3)> or +L<d2i_X509(3)|d2i_X509(3)> for means to load a public key. You may also simply +set 'eng = NULL;' to start with the default OpenSSL RSA implementation: #include <openssl/evp.h> #include <openssl/rsa.h> + #include <openssl/engine.h> EVP_PKEY_CTX *ctx; + ENGINE *eng; unsigned char *out, *in; size_t outlen, inlen; EVP_PKEY *key; - /* NB: assumes key in, inlen are already set up + /* NB: assumes eng, key, in, inlen are already set up, * and that key is an RSA public key */ - ctx = EVP_PKEY_CTX_new(key); + ctx = EVP_PKEY_CTX_new(key,eng); if (!ctx) /* Error occurred */ if (EVP_PKEY_encrypt_init(ctx) <= 0) @@ -79,6 +83,8 @@ Encrypt data using OAEP (for RSA keys): =head1 SEE ALSO +L<d2i_X509(3)|d2i_X509(3)>, +L<engine(3)|engine(3)>, L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>, L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, diff --git a/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod b/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod index c39ac35e7..f7ca7cb79 100644 --- a/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod +++ b/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod @@ -17,7 +17,7 @@ OPENSSL_VERSION_NUMBER, SSLeay, SSLeay_version - get OpenSSL version number OPENSSL_VERSION_NUMBER is a numeric release version identifier: - MMNNFFPPS: major minor fix patch status + MNNFFPPS: major minor fix patch status The status nibble has one of the values 0 for development, 1 to e for betas 1 to 14, and f for release. diff --git a/openssl/doc/crypto/OPENSSL_ia32cap.pod b/openssl/doc/crypto/OPENSSL_ia32cap.pod index 2e659d34a..90156d219 100644 --- a/openssl/doc/crypto/OPENSSL_ia32cap.pod +++ b/openssl/doc/crypto/OPENSSL_ia32cap.pod @@ -2,42 +2,95 @@ =head1 NAME -OPENSSL_ia32cap - finding the IA-32 processor capabilities +OPENSSL_ia32cap, OPENSSL_ia32cap_loc - the IA-32 processor capabilities vector =head1 SYNOPSIS - unsigned long *OPENSSL_ia32cap_loc(void); - #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) + unsigned int *OPENSSL_ia32cap_loc(void); + #define OPENSSL_ia32cap ((OPENSSL_ia32cap_loc())[0]) =head1 DESCRIPTION Value returned by OPENSSL_ia32cap_loc() is address of a variable -containing IA-32 processor capabilities bit vector as it appears in EDX -register after executing CPUID instruction with EAX=1 input value (see -Intel Application Note #241618). Naturally it's meaningful on IA-32[E] -platforms only. The variable is normally set up automatically upon -toolkit initialization, but can be manipulated afterwards to modify -crypto library behaviour. For the moment of this writing six bits are -significant, namely: - -1. bit #28 denoting Hyperthreading, which is used to distiguish - cores with shared cache; -2. bit #26 denoting SSE2 support; -3. bit #25 denoting SSE support; -4. bit #23 denoting MMX support; -5. bit #20, reserved by Intel, is used to choose between RC4 code - pathes; -6. bit #4 denoting presence of Time-Stamp Counter. +containing IA-32 processor capabilities bit vector as it appears in +EDX:ECX register pair after executing CPUID instruction with EAX=1 +input value (see Intel Application Note #241618). Naturally it's +meaningful on x86 and x86_64 platforms only. The variable is normally +set up automatically upon toolkit initialization, but can be +manipulated afterwards to modify crypto library behaviour. For the +moment of this writing following bits are significant: + +=over + +=item bit #4 denoting presence of Time-Stamp Counter. + +=item bit #19 denoting availability of CLFLUSH instruction; + +=item bit #20, reserved by Intel, is used to choose among RC4 code paths; + +=item bit #23 denoting MMX support; + +=item bit #24, FXSR bit, denoting availability of XMM registers; + +=item bit #25 denoting SSE support; + +=item bit #26 denoting SSE2 support; + +=item bit #28 denoting Hyperthreading, which is used to distinguish +cores with shared cache; + +=item bit #30, reserved by Intel, denotes specifically Intel CPUs; + +=item bit #33 denoting availability of PCLMULQDQ instruction; + +=item bit #41 denoting SSSE3, Supplemental SSE3, support; + +=item bit #43 denoting AMD XOP support (forced to zero on non-AMD CPUs); + +=item bit #57 denoting AES-NI instruction set extension; + +=item bit #59, OSXSAVE bit, denoting availability of YMM registers; + +=item bit #60 denoting AVX extension; + +=item bit #62 denoting availability of RDRAND instruction; + +=back For example, clearing bit #26 at run-time disables high-performance -SSE2 code present in the crypto library. You might have to do this if -target OpenSSL application is executed on SSE2 capable CPU, but under -control of OS which does not support SSE2 extentions. Even though you -can manipulate the value programmatically, you most likely will find it -more appropriate to set up an environment variable with the same name -prior starting target application, e.g. on Intel P4 processor 'env -OPENSSL_ia32cap=0x12900010 apps/openssl', to achieve same effect -without modifying the application source code. Alternatively you can -reconfigure the toolkit with no-sse2 option and recompile. - -=cut +SSE2 code present in the crypto library, while clearing bit #24 +disables SSE2 code operating on 128-bit XMM register bank. You might +have to do the latter if target OpenSSL application is executed on SSE2 +capable CPU, but under control of OS that does not enable XMM +registers. Even though you can manipulate the value programmatically, +you most likely will find it more appropriate to set up an environment +variable with the same name prior starting target application, e.g. on +Intel P4 processor 'env OPENSSL_ia32cap=0x16980010 apps/openssl', or +better yet 'env OPENSSL_ia32cap=~0x1000000 apps/openssl' to achieve same +effect without modifying the application source code. Alternatively you +can reconfigure the toolkit with no-sse2 option and recompile. + +Less intuitive is clearing bit #28. The truth is that it's not copied +from CPUID output verbatim, but is adjusted to reflect whether or not +the data cache is actually shared between logical cores. This in turn +affects the decision on whether or not expensive countermeasures +against cache-timing attacks are applied, most notably in AES assembler +module. + +The vector is further extended with EBX value returned by CPUID with +EAX=7 and ECX=0 as input. Following bits are significant: + +=over + +=item bit #64+3 denoting availability of BMI1 instructions, e.g. ANDN; + +=item bit #64+5 denoting availability of AVX2 instructions; + +=item bit #64+8 denoting availability of BMI2 instructions, e.g. MUXL +and RORX; + +=item bit #64+18 denoting availability of RDSEED instruction; + +=item bit #64+19 denoting availability of ADCX and ADOX instructions; + +=back diff --git a/openssl/doc/crypto/OPENSSL_instrument_bus.pod b/openssl/doc/crypto/OPENSSL_instrument_bus.pod new file mode 100755 index 000000000..4ed83e495 --- /dev/null +++ b/openssl/doc/crypto/OPENSSL_instrument_bus.pod @@ -0,0 +1,42 @@ +=pod + +=head1 NAME + +OPENSSL_instrument_bus, OPENSSL_instrument_bus2 - instrument references to memory bus + +=head1 SYNOPSIS + + #ifdef OPENSSL_CPUID_OBJ + size_t OPENSSL_instrument_bus (int *vector,size_t num); + size_t OPENSSL_instrument_bus2(int *vector,size_t num,size_t max); + #endif + +=head1 DESCRIPTION + +It was empirically found that timings of references to primary memory +are subject to irregular, apparently non-deterministic variations. The +subroutines in question instrument these references for purposes of +gathering entropy for random number generator. In order to make it +bus-bound a 'flush cache line' instruction is used between probes. In +addition probes are added to B<vector> elements in atomic or +interlocked manner, which should contribute additional noise on +multi-processor systems. This also means that B<vector[num]> should be +zeroed upon invocation (if you want to retrieve actual probe values). + +OPENSSL_instrument_bus performs B<num> probes and records the number of +oscillator cycles every probe took. + +OPENSSL_instrument_bus2 on the other hand B<accumulates> consecutive +probes with the same value, i.e. in a way it records duration of +periods when probe values appeared deterministic. The subroutine +performs at most B<max> probes in attempt to fill the B<vector[num]>, +with B<max> value of 0 meaning "as many as it takes." + +=head1 RETURN VALUE + +Return value of 0 indicates that CPU is not capable of performing the +benchmark, either because oscillator counter or 'flush cache line' is +not available on current platform. For reference, on x86 'flush cache +line' was introduced with the SSE2 extensions. + +Otherwise number of recorded values is returned. diff --git a/openssl/doc/crypto/OPENSSL_load_builtin_modules.pod b/openssl/doc/crypto/OPENSSL_load_builtin_modules.pod index f14dfaf00..de62912ff 100644 --- a/openssl/doc/crypto/OPENSSL_load_builtin_modules.pod +++ b/openssl/doc/crypto/OPENSSL_load_builtin_modules.pod @@ -2,7 +2,7 @@ =head1 NAME -OPENSSL_load_builtin_modules - add standard configuration modules +OPENSSL_load_builtin_modules, ASN1_add_oid_module, ENGINE_add_conf_module - add standard configuration modules =head1 SYNOPSIS diff --git a/openssl/doc/crypto/OpenSSL_add_all_algorithms.pod b/openssl/doc/crypto/OpenSSL_add_all_algorithms.pod index e63411b5b..bcb79e5f6 100644 --- a/openssl/doc/crypto/OpenSSL_add_all_algorithms.pod +++ b/openssl/doc/crypto/OpenSSL_add_all_algorithms.pod @@ -2,7 +2,7 @@ =head1 NAME -OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests - +OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests, EVP_cleanup - add algorithms to internal table =head1 SYNOPSIS diff --git a/openssl/doc/crypto/PKCS7_verify.pod b/openssl/doc/crypto/PKCS7_verify.pod index 7c10a4cc3..f083306b0 100644 --- a/openssl/doc/crypto/PKCS7_verify.pod +++ b/openssl/doc/crypto/PKCS7_verify.pod @@ -2,7 +2,7 @@ =head1 NAME -PKCS7_verify - verify a PKCS#7 signedData structure +PKCS7_verify, PKCS7_get0_signers - verify a PKCS#7 signedData structure =head1 SYNOPSIS @@ -91,8 +91,8 @@ timestamp). =head1 RETURN VALUES -PKCS7_verify() returns 1 for a successful verification and zero or a negative -value if an error occurs. +PKCS7_verify() returns one for a successful verification and zero +if an error occurs. PKCS7_get0_signers() returns all signers or B<NULL> if an error occurred. diff --git a/openssl/doc/crypto/RAND_egd.pod b/openssl/doc/crypto/RAND_egd.pod index 8b8c61d16..80fa734d1 100644 --- a/openssl/doc/crypto/RAND_egd.pod +++ b/openssl/doc/crypto/RAND_egd.pod @@ -2,7 +2,7 @@ =head1 NAME -RAND_egd - query entropy gathering daemon +RAND_egd, RAND_egd_bytes, RAND_query_egd_bytes - query entropy gathering daemon =head1 SYNOPSIS diff --git a/openssl/doc/crypto/RSA_generate_key.pod b/openssl/doc/crypto/RSA_generate_key.pod index 52dbb14a5..881391a04 100644 --- a/openssl/doc/crypto/RSA_generate_key.pod +++ b/openssl/doc/crypto/RSA_generate_key.pod @@ -2,28 +2,33 @@ =head1 NAME -RSA_generate_key - generate RSA key pair +RSA_generate_key_ex, RSA_generate_key - generate RSA key pair =head1 SYNOPSIS #include <openssl/rsa.h> + int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); + +Deprecated: + RSA *RSA_generate_key(int num, unsigned long e, void (*callback)(int,int,void *), void *cb_arg); =head1 DESCRIPTION -RSA_generate_key() generates a key pair and returns it in a newly -allocated B<RSA> structure. The pseudo-random number generator must -be seeded prior to calling RSA_generate_key(). +RSA_generate_key_ex() generates a key pair and stores it in the B<RSA> +structure provided in B<rsa>. The pseudo-random number generator must +be seeded prior to calling RSA_generate_key_ex(). -The modulus size will be B<num> bits, and the public exponent will be +The modulus size will be of length B<bits>, and the public exponent will be B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure. The exponent is an odd number, typically 3, 17 or 65537. A callback function may be used to provide feedback about the -progress of the key generation. If B<callback> is not B<NULL>, it -will be called as follows: +progress of the key generation. If B<cb> is not B<NULL>, it +will be called as follows using the BN_GENCB_call() function +described on the L<BN_generate_prime(3)|BN_generate_prime(3)> page. =over 4 @@ -35,32 +40,38 @@ described in L<BN_generate_prime(3)|BN_generate_prime(3)>. =item * When the n-th randomly generated prime is rejected as not -suitable for the key, B<callback(2, n, cb_arg)> is called. +suitable for the key, B<BN_GENCB_call(cb, 2, n)> is called. =item * When a random p has been found with p-1 relatively prime to B<e>, -it is called as B<callback(3, 0, cb_arg)>. +it is called as B<BN_GENCB_call(cb, 3, 0)>. =back -The process is then repeated for prime q with B<callback(3, 1, cb_arg)>. +The process is then repeated for prime q with B<BN_GENCB_call(cb, 3, 1)>. + +RSA_generate_key is deprecated (new applications should use +RSA_generate_key_ex instead). RSA_generate_key works in the same was as +RSA_generate_key_ex except it uses "old style" call backs. See +L<BN_generate_prime(3)|BN_generate_prime(3)> for further details. =head1 RETURN VALUE -If key generation fails, RSA_generate_key() returns B<NULL>; the -error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. +If key generation fails, RSA_generate_key() returns B<NULL>. + +The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. =head1 BUGS -B<callback(2, x, cb_arg)> is used with two different meanings. +B<BN_GENCB_call(cb, 2, x)> is used with two different meanings. RSA_generate_key() goes into an infinite loop for illegal input values. =head1 SEE ALSO L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, -L<RSA_free(3)|RSA_free(3)> +L<RSA_free(3)|RSA_free(3)>, L<BN_generate_prime(3)|BN_generate_prime(3)> =head1 HISTORY diff --git a/openssl/doc/crypto/SSLeay_version.pod b/openssl/doc/crypto/SSLeay_version.pod new file mode 100755 index 000000000..1500c2af9 --- /dev/null +++ b/openssl/doc/crypto/SSLeay_version.pod @@ -0,0 +1,74 @@ +=pod + +=head1 NAME + +SSLeay_version - retrieve version/build information about OpenSSL library + +=head1 SYNOPSIS + + #include <openssl/crypto.h> + + const char *SSLeay_version(int type); + +=head1 DESCRIPTION + +SSLeay_version() returns a pointer to a constant string describing the +version of the OpenSSL library or giving information about the library +build. + +The following B<type> values are supported: + +=over 4 + +=item SSLEAY_VERSION + +The version of the OpenSSL library including the release date. + +=item SSLEAY_CFLAGS + +The compiler flags set for the compilation process in the form +"compiler: ..." if available or "compiler: information not available" +otherwise. + +=item SSLEAY_BUILT_ON + +The date of the build process in the form "built on: ..." if available +or "built on: date not available" otherwise. + +=item SSLEAY_PLATFORM + +The "Configure" target of the library build in the form "platform: ..." +if available or "platform: information not available" otherwise. + +=item SSLEAY_DIR + +The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "..."" +if available or "OPENSSLDIR: N/A" otherwise. + +=back + +=head1 RETURN VALUES + +The following return values can occur: + +=over 4 + +=item "not available" + +An invalid value for B<type> was given. + +=item Pointer to constant string + +Textual description. + +=back + +=head1 SEE ALSO + +L<crypto(3)|crypto(3)> + +=head1 HISTORY + +B<SSLEAY_DIR> was added in OpenSSL 0.9.7. + +=cut diff --git a/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod b/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod index 1afd008cb..3bdc07fcf 100644 --- a/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod +++ b/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod @@ -44,7 +44,7 @@ B<loc>. The deleted entry is returned and must be freed up. =head1 NOTES The use of string types such as B<MBSTRING_ASC> or B<MBSTRING_UTF8> -is strongly recommened for the B<type> parameter. This allows the +is strongly recommended for the B<type> parameter. This allows the internal code to correctly determine the type of the field and to apply length checks according to the relevant standards. This is done using ASN1_STRING_set_by_NID(). @@ -81,14 +81,14 @@ Create an B<X509_NAME> structure: nm = X509_NAME_new(); if (nm == NULL) /* Some error */ - if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC, - "C", "UK", -1, -1, 0)) + if (!X509_NAME_add_entry_by_txt(nm, "C", MBSTRING_ASC, + "UK", -1, -1, 0)) /* Error */ - if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC, - "O", "Disorganized Organization", -1, -1, 0)) + if (!X509_NAME_add_entry_by_txt(nm, "O", MBSTRING_ASC, + "Disorganized Organization", -1, -1, 0)) /* Error */ - if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC, - "CN", "Joe Bloggs", -1, -1, 0)) + if (!X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, + "Joe Bloggs", -1, -1, 0)) /* Error */ =head1 RETURN VALUES diff --git a/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod b/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod index 3b1f9ff43..c8a812879 100644 --- a/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod +++ b/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod @@ -59,6 +59,10 @@ X509_NAME_get_index_by_OBJ() should be used followed by X509_NAME_get_entry() on any matching indices and then the various B<X509_NAME_ENTRY> utility functions on the result. +The list of all relevant B<NID_*> and B<OBJ_* codes> can be found in +the source code header files E<lt>openssl/obj_mac.hE<gt> and/or +E<lt>openssl/objects.hE<gt>. + =head1 EXAMPLES Process all entries: diff --git a/openssl/doc/crypto/X509_STORE_CTX_get_error.pod b/openssl/doc/crypto/X509_STORE_CTX_get_error.pod index 60e8332ae..be00ff1fe 100644 --- a/openssl/doc/crypto/X509_STORE_CTX_get_error.pod +++ b/openssl/doc/crypto/X509_STORE_CTX_get_error.pod @@ -32,7 +32,7 @@ checks. X509_STORE_CTX_get_error_depth() returns the B<depth> of the error. This is a non-negative integer representing where in the certificate chain the error -occurred. If it is zero it occured in the end entity certificate, one if +occurred. If it is zero it occurred in the end entity certificate, one if it is the certificate which signed the end entity certificate and so on. X509_STORE_CTX_get_current_cert() returns the certificate in B<ctx> which @@ -246,11 +246,11 @@ Some feature of a certificate extension is not supported. Unused. =item B<X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation> -A name constraint violation occured in the permitted subtrees. +A name constraint violation occurred in the permitted subtrees. =item B<X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation> -A name constraint violation occured in the excluded subtrees. +A name constraint violation occurred in the excluded subtrees. =item B<X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported> @@ -270,7 +270,7 @@ a garbage extension or some new feature not currently supported. =item B<X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error> -An error occured when attempting to verify the CRL path. This error can only +An error occurred when attempting to verify the CRL path. This error can only happen if extended CRL checking is enabled. =item B<X509_V_ERR_APPLICATION_VERIFICATION: application verification failure> diff --git a/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index 46cac2bea..347d48dfe 100644 --- a/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/openssl/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -2,7 +2,7 @@ =head1 NAME -X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies - X509 verification parameters +X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose, X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth, X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_time, X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies, X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host, X509_VERIFY_PARAM_set_hostflags, X509_VERIFY_PARAM_get0_peername, X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip, X509_VERIFY_PARAM_set1_ip_asc - X509 verification parameters =head1 SYNOPSIS @@ -26,6 +26,19 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_ge void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); + int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); + int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); + void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, + unsigned int flags); + char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param); + int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, + const char *email, size_t emaillen); + int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, + const unsigned char *ip, size_t iplen); + int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc); + =head1 DESCRIPTION These functions manipulate the B<X509_VERIFY_PARAM> structure associated with @@ -61,12 +74,63 @@ X509_VERIFY_PARAM_set_depth() sets the maximum verification depth to B<depth>. That is the maximum number of untrusted CA certificates that can appear in a chain. +X509_VERIFY_PARAM_set1_host() sets the expected DNS hostname to +B<name> clearing any previously specified host name or names. If +B<name> is NULL, or empty the list of hostnames is cleared, and +name checks are not performed on the peer certificate. If B<name> +is NUL-terminated, B<namelen> may be zero, otherwise B<namelen> +must be set to the length of B<name>. When a hostname is specified, +certificate verification automatically invokes L<X509_check_host(3)> +with flags equal to the B<flags> argument given to +B<X509_VERIFY_PARAM_set_hostflags()> (default zero). Applications +are strongly advised to use this interface in preference to explicitly +calling L<X509_check_host(3)>, hostname checks are out of scope +with the DANE-EE(3) certificate usage, and the internal check will +be suppressed as appropriate when DANE support is added to OpenSSL. + +X509_VERIFY_PARAM_add1_host() adds B<name> as an additional reference +identifer that can match the peer's certificate. Any previous names +set via X509_VERIFY_PARAM_set1_host() or X509_VERIFY_PARAM_add1_host() +are retained, no change is made if B<name> is NULL or empty. When +multiple names are configured, the peer is considered verified when +any name matches. + +X509_VERIFY_PARAM_get0_peername() returns the DNS hostname or subject +CommonName from the peer certificate that matched one of the reference +identifiers. When wildcard matching is not disabled, or when a +reference identifier specifies a parent domain (starts with ".") +rather than a hostname, the peer name may be a wildcard name or a +sub-domain of the reference identifier respectively. The return +string is allocated by the library and is no longer valid once the +associated B<param> argument is freed. Applications must not free +the return value. + +X509_VERIFY_PARAM_set1_email() sets the expected RFC822 email address to +B<email>. If B<email> is NUL-terminated, B<emaillen> may be zero, otherwise +B<emaillen> must be set to the length of B<email>. When an email address +is specified, certificate verification automatically invokes +L<X509_check_email(3)>. + +X509_VERIFY_PARAM_set1_ip() sets the expected IP address to B<ip>. +The B<ip> argument is in binary format, in network byte-order and +B<iplen> must be set to 4 for IPv4 and 16 for IPv6. When an IP +address is specified, certificate verification automatically invokes +L<X509_check_ip(3)>. + +X509_VERIFY_PARAM_set1_ip_asc() sets the expected IP address to +B<ipasc>. The B<ipasc> argument is a NUL-terminal ASCII string: +dotted decimal quad for IPv4 and colon-separated hexadecimal for +IPv6. The condensed "::" notation is supported for IPv6 addresses. + =head1 RETURN VALUES -X509_VERIFY_PARAM_set_flags(), X509_VERIFY_PARAM_clear_flags(), +X509_VERIFY_PARAM_set_flags(), X509_VERIFY_PARAM_clear_flags(), X509_VERIFY_PARAM_set_purpose(), X509_VERIFY_PARAM_set_trust(), -X509_VERIFY_PARAM_add0_policy() and X509_VERIFY_PARAM_set1_policies() return 1 -for success and 0 for failure. +X509_VERIFY_PARAM_add0_policy() X509_VERIFY_PARAM_set1_policies(), +X509_VERIFY_PARAM_set1_host(), X509_VERIFY_PARAM_set_hostflags(), +X509_VERIFY_PARAM_set1_email(), X509_VERIFY_PARAM_set1_ip() and +X509_VERIFY_PARAM_set1_ip_asc() return 1 for success and 0 for +failure. X509_VERIFY_PARAM_get_flags() returns the current verification flags. @@ -162,7 +226,10 @@ connections associated with an B<SSL_CTX> structure B<ctx>: =head1 SEE ALSO -L<X509_verify_cert(3)|X509_verify_cert(3)> +L<X509_verify_cert(3)|X509_verify_cert(3)>, +L<X509_check_host(3)|X509_check_host(3)>, +L<X509_check_email(3)|X509_check_email(3)>, +L<X509_check_ip(3)|X509_check_ip(3)> =head1 HISTORY diff --git a/openssl/doc/crypto/X509_check_host.pod b/openssl/doc/crypto/X509_check_host.pod new file mode 100755 index 000000000..f8b530df9 --- /dev/null +++ b/openssl/doc/crypto/X509_check_host.pod @@ -0,0 +1,137 @@ +=pod + +=head1 NAME + +X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc - X.509 certificate matching + +=head1 SYNOPSIS + + #include <openssl/x509.h> + + int X509_check_host(X509 *, const char *name, size_t namelen, + unsigned int flags, char **peername); + int X509_check_email(X509 *, const char *address, size_t addresslen, + unsigned int flags); + int X509_check_ip(X509 *, const unsigned char *address, size_t addresslen, + unsigned int flags); + int X509_check_ip_asc(X509 *, const char *address, unsigned int flags); + +=head1 DESCRIPTION + +The certificate matching functions are used to check whether a +certificate matches a given host name, email address, or IP address. +The validity of the certificate and its trust level has to be checked by +other means. + +X509_check_host() checks if the certificate Subject Alternative +Name (SAN) or Subject CommonName (CN) matches the specified host +name, which must be encoded in the preferred name syntax described +in section 3.5 of RFC 1034. By default, wildcards are supported +and they match only in the left-most label; but they may match +part of that label with an explicit prefix or suffix. For example, +by default, the host B<name> "www.example.com" would match a +certificate with a SAN or CN value of "*.example.com", "w*.example.com" +or "*w.example.com". + +Per section 6.4.2 of RFC 6125, B<name> values representing international +domain names must be given in A-label form. The B<namelen> argument +must be the number of characters in the name string or zero in which +case the length is calculated with strlen(B<name>). When B<name> starts +with a dot (e.g ".example.com"), it will be matched by a certificate +valid for any sub-domain of B<name>, (see also +B<X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS> below). + +When the certificate is matched, and B<peername> is not NULL, a +pointer to a copy of the matching SAN or CN from the peer certificate +is stored at the address passed in B<peername>. The application +is responsible for freeing the peername via OPENSSL_free() when it +is no longer needed. + +X509_check_email() checks if the certificate matches the specified +email B<address>. Only the mailbox syntax of RFC 822 is supported, +comments are not allowed, and no attempt is made to normalize quoted +characters. The B<addresslen> argument must be the number of +characters in the address string or zero in which case the length +is calculated with strlen(B<address>). + +X509_check_ip() checks if the certificate matches a specified IPv4 or +IPv6 address. The B<address> array is in binary format, in network +byte order. The length is either 4 (IPv4) or 16 (IPv6). Only +explicitly marked addresses in the certificates are considered; IP +addresses stored in DNS names and Common Names are ignored. + +X509_check_ip_asc() is similar, except that the NUL-terminated +string B<address> is first converted to the internal representation. + +The B<flags> argument is usually 0. It can be the bitwise OR of the +flags: + +=over 4 + +=item B<X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT>, + +=item B<X509_CHECK_FLAG_NO_WILDCARDS>, + +=item B<X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS>, + +=item B<X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS>. + +=item B<X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS>. + +=back + +The B<X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT> flag causes the function +to consider the subject DN even if the certificate contains at least +one subject alternative name of the right type (DNS name or email +address as appropriate); the default is to ignore the subject DN +when at least one corresponding subject alternative names is present. + +If set, B<X509_CHECK_FLAG_NO_WILDCARDS> disables wildcard +expansion; this only applies to B<X509_check_host>. + +If set, B<X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS> suppresses support +for "*" as wildcard pattern in labels that have a prefix or suffix, +such as: "www*" or "*www"; this only aplies to B<X509_check_host>. + +If set, B<X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS> allows a "*" that +constitutes the complete label of a DNS name (e.g. "*.example.com") +to match more than one label in B<name>; this flag only applies +to B<X509_check_host>. + +If set, B<X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS> restricts B<name> +values which start with ".", that would otherwise match any sub-domain +in the peer certificate, to only match direct child sub-domains. +Thus, for instance, with this flag set a B<name> of ".example.com" +would match a peer certificate with a DNS name of "www.example.com", +but would not match a peer certificate with a DNS name of +"www.sub.example.com"; this flag only applies to B<X509_check_host>. + +=head1 RETURN VALUES + +The functions return 1 for a successful match, 0 for a failed match +and -1 for an internal error: typically a memory allocation failure. + +X509_check_ip_asc() can also return -2 if the IP address string is malformed. + +=head1 NOTES + +Applications are encouraged to use X509_VERIFY_PARAM_set1_host() +rather than explicitly calling L<X509_check_host(3)>. Host name +checks are out of scope with the DANE-EE(3) certificate usage, +and the internal checks will be suppressed as appropriate when +DANE support is added to OpenSSL. + +=head1 SEE ALSO + +L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>, +L<X509_VERIFY_PARAM_set1_host(3)|X509_VERIFY_PARAM_set1_host(3)>, +L<X509_VERIFY_PARAM_add1_host(3)|X509_VERIFY_PARAM_add1_host(3)>, +L<X509_VERIFY_PARAM_set1_email(3)|X509_VERIFY_PARAM_set1_email(3)>, +L<X509_VERIFY_PARAM_set1_ip(3)|X509_VERIFY_PARAM_set1_ip(3)>, +L<X509_VERIFY_PARAM_set1_ipasc(3)|X509_VERIFY_PARAM_set1_ipasc(3)> + +=head1 HISTORY + +These functions were added in OpenSSL 1.1.0. + +=cut diff --git a/openssl/doc/crypto/crypto.pod b/openssl/doc/crypto/crypto.pod index 7a527992b..f18edfe30 100644 --- a/openssl/doc/crypto/crypto.pod +++ b/openssl/doc/crypto/crypto.pod @@ -56,7 +56,7 @@ L<pkcs7(3)|pkcs7(3)>, L<pkcs12(3)|pkcs12(3)> =item INTERNAL FUNCTIONS -L<bn(3)|bn(3)>, L<buffer(3)|buffer(3)>, L<lhash(3)|lhash(3)>, +L<bn(3)|bn(3)>, L<buffer(3)|buffer(3)>, L<ec(3)|ec(3)>, L<lhash(3)|lhash(3)>, L<objects(3)|objects(3)>, L<stack(3)|stack(3)>, L<txt_db(3)|txt_db(3)> diff --git a/openssl/doc/crypto/d2i_DSAPublicKey.pod b/openssl/doc/crypto/d2i_DSAPublicKey.pod index 22c1b50f2..e99937649 100644 --- a/openssl/doc/crypto/d2i_DSAPublicKey.pod +++ b/openssl/doc/crypto/d2i_DSAPublicKey.pod @@ -3,7 +3,7 @@ =head1 NAME d2i_DSAPublicKey, i2d_DSAPublicKey, d2i_DSAPrivateKey, i2d_DSAPrivateKey, -d2i_DSA_PUBKEY, i2d_DSA_PUBKEY, d2i_DSA_SIG, i2d_DSA_SIG - DSA key encoding +d2i_DSA_PUBKEY, i2d_DSA_PUBKEY, d2i_DSAparams, i2d_DSAparams, d2i_DSA_SIG, i2d_DSA_SIG - DSA key encoding and parsing functions. =head1 SYNOPSIS diff --git a/openssl/doc/crypto/d2i_ECPKParameters.pod b/openssl/doc/crypto/d2i_ECPKParameters.pod new file mode 100755 index 000000000..3768c410d --- /dev/null +++ b/openssl/doc/crypto/d2i_ECPKParameters.pod @@ -0,0 +1,84 @@ +=pod + +=head1 NAME + +d2i_ECPKParameters, i2d_ECPKParameters, d2i_ECPKParameters_bio, i2d_ECPKParameters_bio, d2i_ECPKParameters_fp, i2d_ECPKParameters_fp(fp,x), ECPKParameters_print, ECPKParameters_print_fp - Functions for decoding and encoding ASN1 representations of elliptic curve entities + +=head1 SYNOPSIS + + #include <openssl/ec.h> + + EC_GROUP *d2i_ECPKParameters(EC_GROUP **px, const unsigned char **in, long len); + int i2d_ECPKParameters(const EC_GROUP *x, unsigned char **out); + #define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x) + #define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x) + #define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \ + (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x)) + #define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ + (unsigned char *)(x)) + int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); + int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); + + +=head1 DESCRIPTION + +The ECPKParameters encode and decode routines encode and parse the public parameters for an +B<EC_GROUP> structure, which represents a curve. + +d2i_ECPKParameters() attempts to decode B<len> bytes at B<*in>. If +successful a pointer to the B<EC_GROUP> structure is returned. If an error +occurred then B<NULL> is returned. If B<px> is not B<NULL> then the +returned structure is written to B<*px>. If B<*px> is not B<NULL> +then it is assumed that B<*px> contains a valid B<EC_GROUP> +structure and an attempt is made to reuse it. If the call is +successful B<*in> is incremented to the byte following the +parsed data. + +i2d_ECPKParameters() encodes the structure pointed to by B<x> into DER format. +If B<out> is not B<NULL> is writes the DER encoded data to the buffer +at B<*out>, and increments it to point after the data just written. +If the return value is negative an error occurred, otherwise it +returns the length of the encoded data. + +If B<*out> is B<NULL> memory will be allocated for a buffer and the encoded +data written to it. In this case B<*out> is not incremented and it points to +the start of the data just written. + +d2i_ECPKParameters_bio() is similar to d2i_ECPKParameters() except it attempts +to parse data from BIO B<bp>. + +d2i_ECPKParameters_fp() is similar to d2i_ECPKParameters() except it attempts +to parse data from FILE pointer B<fp>. + +i2d_ECPKParameters_bio() is similar to i2d_ECPKParameters() except it writes +the encoding of the structure B<x> to BIO B<bp> and it +returns 1 for success and 0 for failure. + +i2d_ECPKParameters_fp() is similar to i2d_ECPKParameters() except it writes +the encoding of the structure B<x> to BIO B<bp> and it +returns 1 for success and 0 for failure. + +These functions are very similar to the X509 functions described in L<d2i_X509(3)|d2i_X509(3)>, +where further notes and examples are available. + +The ECPKParameters_print and ECPKParameters_print_fp functions print a human-readable output +of the public parameters of the EC_GROUP to B<bp> or B<fp>. The output lines are indented by B<off> spaces. + +=head1 RETURN VALUES + +d2i_ECPKParameters(), d2i_ECPKParameters_bio() and d2i_ECPKParameters_fp() return a valid B<EC_GROUP> structure +or B<NULL> if an error occurs. + +i2d_ECPKParameters() returns the number of bytes successfully encoded or a negative +value if an error occurs. + +i2d_ECPKParameters_bio(), i2d_ECPKParameters_fp(), ECPKParameters_print and ECPKParameters_print_fp +return 1 for success and 0 if an error occurs. + +=head1 SEE ALSO + +L<crypto(3)|crypto(3)>, L<ec(3)|ec(3)>, L<EC_GROUP_new(3)|EC_GROUP_new(3)>, L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>, +L<EC_POINT_new(3)|EC_POINT_new(3)>, L<EC_POINT_add(3)|EC_POINT_add(3)>, L<EC_KEY_new(3)|EC_KEY_new(3)>, +L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>, L<d2i_X509(3)|d2i_X509(3)> + +=cut diff --git a/openssl/doc/crypto/d2i_X509.pod b/openssl/doc/crypto/d2i_X509.pod index 298ec54a4..fea6e868e 100644 --- a/openssl/doc/crypto/d2i_X509.pod +++ b/openssl/doc/crypto/d2i_X509.pod @@ -18,6 +18,8 @@ i2d_X509_fp - X509 encode and decode functions int i2d_X509_bio(BIO *bp, X509 *x); int i2d_X509_fp(FILE *fp, X509 *x); + int i2d_re_X509_tbs(X509 *x, unsigned char **out); + =head1 DESCRIPTION The X509 encode and decode routines encode and parse an @@ -57,11 +59,17 @@ i2d_X509_fp() is similar to i2d_X509() except it writes the encoding of the structure B<x> to BIO B<bp> and it returns 1 for success and 0 for failure. +i2d_re_X509_tbs() is similar to i2d_X509() except it encodes +only the TBSCertificate portion of the certificate. + =head1 NOTES The letters B<i> and B<d> in for example B<i2d_X509> stand for -"internal" (that is an internal C structure) and "DER". So that -B<i2d_X509> converts from internal to DER. +"internal" (that is an internal C structure) and "DER". So +B<i2d_X509> converts from internal to DER. The "re" in +B<i2d_re_X509_tbs> stands for "re-encode", and ensures that a fresh +encoding is generated in case the object has been modified after +creation (see the BUGS section). The functions can also understand B<BER> forms. @@ -206,6 +214,21 @@ fields entirely and will not be parsed by d2i_X509(). This may be fixed in future so code should not assume that i2d_X509() will always succeed. +The encoding of the TBSCertificate portion of a certificate is cached +in the B<X509> structure internally to improve encoding performance +and to ensure certificate signatures are verified correctly in some +certificates with broken (non-DER) encodings. + +Any function which encodes an X509 structure such as i2d_X509(), +i2d_X509_fp() or i2d_X509_bio() may return a stale encoding if the +B<X509> structure has been modified after deserialization or previous +serialization. + +If, after modification, the B<X509> object is re-signed with X509_sign(), +the encoding is automatically renewed. Otherwise, the encoding of the +TBSCertificate portion of the B<X509> can be manually renewed by calling +i2d_re_X509_tbs(). + =head1 RETURN VALUES d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure diff --git a/openssl/doc/crypto/d2i_X509_CRL.pod b/openssl/doc/crypto/d2i_X509_CRL.pod index 224f9e082..675d38b3e 100644 --- a/openssl/doc/crypto/d2i_X509_CRL.pod +++ b/openssl/doc/crypto/d2i_X509_CRL.pod @@ -2,7 +2,7 @@ =head1 NAME -d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_509_CRL_fp, +d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_X509_CRL_fp, i2d_X509_CRL_bio, i2d_X509_CRL_fp - PKCS#10 certificate request functions. =head1 SYNOPSIS diff --git a/openssl/doc/crypto/ec.pod b/openssl/doc/crypto/ec.pod new file mode 100755 index 000000000..7d57ba8ea --- /dev/null +++ b/openssl/doc/crypto/ec.pod @@ -0,0 +1,201 @@ +=pod + +=head1 NAME + +ec - Elliptic Curve functions + +=head1 SYNOPSIS + + #include <openssl/ec.h> + #include <openssl/bn.h> + + const EC_METHOD *EC_GFp_simple_method(void); + const EC_METHOD *EC_GFp_mont_method(void); + const EC_METHOD *EC_GFp_nist_method(void); + const EC_METHOD *EC_GFp_nistp224_method(void); + const EC_METHOD *EC_GFp_nistp256_method(void); + const EC_METHOD *EC_GFp_nistp521_method(void); + + const EC_METHOD *EC_GF2m_simple_method(void); + + EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); + void EC_GROUP_free(EC_GROUP *group); + void EC_GROUP_clear_free(EC_GROUP *group); + int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); + EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); + const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); + int EC_METHOD_get_field_type(const EC_METHOD *meth); + int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor); + const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); + int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); + int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx); + void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); + int EC_GROUP_get_curve_name(const EC_GROUP *group); + void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); + int EC_GROUP_get_asn1_flag(const EC_GROUP *group); + void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form); + point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); + unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); + size_t EC_GROUP_get_seed_len(const EC_GROUP *); + size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); + int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_get_degree(const EC_GROUP *group); + int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); + int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); + int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); + EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + EC_GROUP *EC_GROUP_new_by_curve_name(int nid); + + size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); + + EC_POINT *EC_POINT_new(const EC_GROUP *group); + void EC_POINT_free(EC_POINT *point); + void EC_POINT_clear_free(EC_POINT *point); + int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); + EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); + const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); + int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); + int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx); + int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx); + int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); + int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); + int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); + int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); + size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx); + int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, + const unsigned char *buf, size_t len, BN_CTX *ctx); + BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BIGNUM *, BN_CTX *); + EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *, + EC_POINT *, BN_CTX *); + char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BN_CTX *); + EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, + EC_POINT *, BN_CTX *); + + int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); + int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx); + int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); + int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); + int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx); + int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); + int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); + int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx); + int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); + int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); + int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); + int EC_GROUP_have_precompute_mult(const EC_GROUP *group); + + int EC_GROUP_get_basis_type(const EC_GROUP *); + int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); + int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, + unsigned int *k2, unsigned int *k3); + EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); + int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); + #define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x) + #define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x) + #define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \ + (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x)) + #define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ + (unsigned char *)(x)) + int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); + int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); + + EC_KEY *EC_KEY_new(void); + int EC_KEY_get_flags(const EC_KEY *key); + void EC_KEY_set_flags(EC_KEY *key, int flags); + void EC_KEY_clear_flags(EC_KEY *key, int flags); + EC_KEY *EC_KEY_new_by_curve_name(int nid); + void EC_KEY_free(EC_KEY *key); + EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); + EC_KEY *EC_KEY_dup(const EC_KEY *src); + int EC_KEY_up_ref(EC_KEY *key); + const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); + int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); + const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); + int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); + const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); + int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); + unsigned EC_KEY_get_enc_flags(const EC_KEY *key); + void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); + point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); + void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); + void *EC_KEY_get_key_method_data(EC_KEY *key, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); + void EC_KEY_insert_key_method_data(EC_KEY *key, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); + void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); + int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); + int EC_KEY_generate_key(EC_KEY *key); + int EC_KEY_check_key(const EC_KEY *key); + int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y); + + EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len); + int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out); + + EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len); + int i2d_ECParameters(EC_KEY *key, unsigned char **out); + + EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); + int i2o_ECPublicKey(EC_KEY *key, unsigned char **out); + int ECParameters_print(BIO *bp, const EC_KEY *key); + int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); + int ECParameters_print_fp(FILE *fp, const EC_KEY *key); + int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); + #define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) + #define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL) + + +=head1 DESCRIPTION + +This library provides an extensive set of functions for performing operations on elliptic curves over finite fields. +In general an elliptic curve is one with an equation of the form: + +y^2 = x^3 + ax + b + +An B<EC_GROUP> structure is used to represent the definition of an elliptic curve. Points on a curve are stored using an +B<EC_POINT> structure. An B<EC_KEY> is used to hold a private/public key pair, where a private key is simply a BIGNUM and a +public key is a point on a curve (represented by an B<EC_POINT>). + +The library contains a number of alternative implementations of the different functions. Each implementation is optimised +for different scenarios. No matter which implementation is being used, the interface remains the same. The library +handles calling the correct implementation when an interface function is invoked. An implementation is represented by +an B<EC_METHOD> structure. + +The creation and destruction of B<EC_GROUP> objects is described in L<EC_GROUP_new(3)|EC_GROUP_new(3)>. Functions for +manipulating B<EC_GROUP> objects are described in L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>. + +Functions for creating, destroying and manipulating B<EC_POINT> objects are explained in L<EC_POINT_new(3)|EC_POINT_new(3)>, +whilst functions for performing mathematical operations and tests on B<EC_POINTs> are coverd in L<EC_POINT_add(3)|EC_POINT_add(3)>. + +For working with private and public keys refer to L<EC_KEY_new(3)|EC_KEY_new(3)>. Implementations are covered in +L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>. + +For information on encoding and decoding curve parameters to and from ASN1 see L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)>. + +=head1 SEE ALSO + +L<crypto(3)|crypto(3)>, L<EC_GROUP_new(3)|EC_GROUP_new(3)>, L<EC_GROUP_copy(3)|EC_GROUP_copy(3)>, +L<EC_POINT_new(3)|EC_POINT_new(3)>, L<EC_POINT_add(3)|EC_POINT_add(3)>, L<EC_KEY_new(3)|EC_KEY_new(3)>, +L<EC_GFp_simple_method(3)|EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)|d2i_ECPKParameters(3)> + + +=cut diff --git a/openssl/doc/crypto/ecdsa.pod b/openssl/doc/crypto/ecdsa.pod index 59a5916de..46c071b73 100644 --- a/openssl/doc/crypto/ecdsa.pod +++ b/openssl/doc/crypto/ecdsa.pod @@ -2,7 +2,7 @@ =head1 NAME -ecdsa - Elliptic Curve Digital Signature Algorithm +ECDSA_SIG_new, ECDSA_SIG_free, i2d_ECDSA_SIG, d2i_ECDSA_SIG, ECDSA_size, ECDSA_sign_setup, ECDSA_sign, ECDSA_sign_ex, ECDSA_verify, ECDSA_do_sign, ECDSA_do_sign_ex, ECDSA_do_verify - Elliptic Curve Digital Signature Algorithm =head1 SYNOPSIS diff --git a/openssl/doc/crypto/evp.pod b/openssl/doc/crypto/evp.pod index 9faa34924..29fab9fd5 100644 --- a/openssl/doc/crypto/evp.pod +++ b/openssl/doc/crypto/evp.pod @@ -13,22 +13,58 @@ evp - high-level cryptographic functions The EVP library provides a high-level interface to cryptographic functions. -B<EVP_Seal>I<...> and B<EVP_Open>I<...> provide public key encryption -and decryption to implement digital "envelopes". +L<B<EVP_Seal>I<...>|EVP_SealInit(3)> and L<B<EVP_Open>I<...>|EVP_OpenInit(3)> +provide public key encryption and decryption to implement digital "envelopes". -The B<EVP_Sign>I<...> and B<EVP_Verify>I<...> functions implement -digital signatures. +The L<B<EVP_DigestSign>I<...>|EVP_DigestSignInit(3)> and +L<B<EVP_DigestVerify>I<...>|EVP_DigestVerifyInit(3)> functions implement +digital signatures and Message Authentication Codes (MACs). Also see the older +L<B<EVP_Sign>I<...>|EVP_SignInit(3)> and L<B<EVP_Verify>I<...>|EVP_VerifyInit(3)> +functions. -Symmetric encryption is available with the B<EVP_Encrypt>I<...> -functions. The B<EVP_Digest>I<...> functions provide message digests. +Symmetric encryption is available with the L<B<EVP_Encrypt>I<...>|EVP_EncryptInit(3)> +functions. The L<B<EVP_Digest>I<...>|EVP_DigestInit(3)> functions provide message digests. The B<EVP_PKEY>I<...> functions provide a high level interface to -asymmetric algorithms. +asymmetric algorithms. To create a new EVP_PKEY see +L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>. EVP_PKEYs can be associated +with a private key of a particular algorithm by using the functions +described on the L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)> page, or +new keys can be generated using L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)>. +EVP_PKEYs can be compared using L<EVP_PKEY_cmp(3)|EVP_PKEY_cmp(3)>, or printed using +L<EVP_PKEY_print_private(3)|EVP_PKEY_print_private(3)>. + +The EVP_PKEY functions support the full range of asymmetric algorithm operations: + +=over + +=item For key agreement see L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> + +=item For signing and verifying see L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)> and L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>. +However, note that +these functions do not perform a digest of the data to be signed. Therefore +normally you would use the L<B<EVP_DigestSign>I<...>|EVP_DigestSignInit(3)> +functions for this purpose. + +=item For encryption and decryption see L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)> +and L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)> respectively. However, note that +these functions perform encryption and decryption only. As public key +encryption is an expensive operation, normally you would wrap +an encrypted message in a "digital envelope" using the L<B<EVP_Seal>I<...>|EVP_SealInit(3)> and +L<B<EVP_Open>I<...>|EVP_OpenInit(3)> functions. + +=back + +The L<EVP_BytesToKey(3)|EVP_BytesToKey(3)> function provides some limited support for password +based encryption. Careful selection of the parameters will provide a PKCS#5 PBKDF1 compatible +implementation. However, new applications should not typically use this (preferring, for example, +PBKDF2 from PCKS#5). -Algorithms are loaded with OpenSSL_add_all_algorithms(3). +Algorithms are loaded with L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>. All the symmetric algorithms (ciphers), digests and asymmetric algorithms -(public key algorithms) can be replaced by ENGINE modules providing alternative +(public key algorithms) can be replaced by L<ENGINE|engine(3)> modules providing alternative implementations. If ENGINE implementations of ciphers or digests are registered as defaults, then the various EVP functions will automatically use those implementations automatically in preference to built in software @@ -47,8 +83,20 @@ L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, L<EVP_OpenInit(3)|EVP_OpenInit(3)>, L<EVP_SealInit(3)|EVP_SealInit(3)>, +L<EVP_DigestSignInit(3)|EVP_DigestSignInit(3)>, L<EVP_SignInit(3)|EVP_SignInit(3)>, L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>, +L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>, +L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)>, +L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)>, +L<EVP_PKEY_print_private(3)|EVP_PKEY_print_private(3)>, +L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>, +L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>, +L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>, +L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>, +L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>, +L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)>, +L<EVP_BytesToKey(3)|EVP_BytesToKey(3)>, L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>, L<engine(3)|engine(3)> diff --git a/openssl/doc/crypto/hmac.pod b/openssl/doc/crypto/hmac.pod index d92138d27..58a57f47b 100644 --- a/openssl/doc/crypto/hmac.pod +++ b/openssl/doc/crypto/hmac.pod @@ -2,8 +2,8 @@ =head1 NAME -HMAC, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup - HMAC message -authentication code +HMAC, HMAC_CTX_init, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_cleanup, +HMAC_cleanup - HMAC message authentication code =head1 SYNOPSIS diff --git a/openssl/doc/crypto/i2d_PKCS7_bio_stream.pod b/openssl/doc/crypto/i2d_PKCS7_bio_stream.pod index dc4d884c5..a37231e26 100644 --- a/openssl/doc/crypto/i2d_PKCS7_bio_stream.pod +++ b/openssl/doc/crypto/i2d_PKCS7_bio_stream.pod @@ -23,7 +23,7 @@ streaming. =head1 BUGS -The prefix "d2i" is arguably wrong because the function outputs BER format. +The prefix "i2d" is arguably wrong because the function outputs BER format. =head1 RETURN VALUES diff --git a/openssl/doc/crypto/rand.pod b/openssl/doc/crypto/rand.pod index 1c068c85b..d102df2ee 100644 --- a/openssl/doc/crypto/rand.pod +++ b/openssl/doc/crypto/rand.pod @@ -39,7 +39,7 @@ Since the introduction of the ENGINE API, the recommended way of controlling default implementations is by using the ENGINE API functions. The default B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by RAND_get_rand_method(), is only used if no ENGINE has been set as the default -"rand" implementation. Hence, these two functions are no longer the recommened +"rand" implementation. Hence, these two functions are no longer the recommended way to control defaults. If an alternative B<RAND_METHOD> implementation is being used (either set diff --git a/openssl/doc/ssl/SSL_CIPHER_get_name.pod b/openssl/doc/ssl/SSL_CIPHER_get_name.pod index 2e113be60..c598f4d4c 100644 --- a/openssl/doc/ssl/SSL_CIPHER_get_name.pod +++ b/openssl/doc/ssl/SSL_CIPHER_get_name.pod @@ -109,6 +109,16 @@ If SSL_CIPHER_description() cannot handle a built-in cipher, the according description of the cipher property is B<unknown>. This case should not occur. +The standard terminology for ephemeral Diffie-Hellman schemes is DHE +(finite field) or ECDHE (elliptic curve). This version of OpenSSL +idiosyncratically reports these schemes as EDH and EECDH, even though +it also accepts the standard terminology. + +It is recommended to use the standard terminology (DHE and ECDHE) +during configuration (e.g. via SSL_CTX_set_cipher_list) for clarity of +configuration. OpenSSL versions after 1.0.2 will report the standard +terms via SSL_CIPHER_get_name and SSL_CIPHER_description. + =head1 RETURN VALUES See DESCRIPTION @@ -116,6 +126,7 @@ See DESCRIPTION =head1 SEE ALSO L<ssl(3)|ssl(3)>, L<SSL_get_current_cipher(3)|SSL_get_current_cipher(3)>, -L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>, L<ciphers(1)|ciphers(1)> +L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>, L<ciphers(1)|ciphers(1)>, +L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)> =cut diff --git a/openssl/doc/ssl/SSL_CONF_CTX_new.pod b/openssl/doc/ssl/SSL_CONF_CTX_new.pod new file mode 100755 index 000000000..a9ccb049f --- /dev/null +++ b/openssl/doc/ssl/SSL_CONF_CTX_new.pod @@ -0,0 +1,40 @@ +=pod + +=head1 NAME + +SSL_CONF_CTX_new, SSL_CONF_CTX_free - SSL configuration allocation functions + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + SSL_CONF_CTX *SSL_CONF_CTX_new(void); + void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); + +=head1 DESCRIPTION + +The function SSL_CONF_CTX_new() allocates and initialises an B<SSL_CONF_CTX> +structure for use with the SSL_CONF functions. + +The function SSL_CONF_CTX_free() frees up the context B<cctx>. + +=head1 RETURN VALUES + +SSL_CONF_CTX_new() returns either the newly allocated B<SSL_CONF_CTX> structure +or B<NULL> if an error occurs. + +SSL_CONF_CTX_free() does not return a value. + +=head1 SEE ALSO + +L<SSL_CONF_CTX_set_flags(3)|SSL_CONF_CTX_set_flags(3)>, +L<SSL_CONF_CTX_set_ssl_ctx(3)|SSL_CONF_CTX_set_ssl_ctx(3)>, +L<SSL_CONF_CTX_set1_prefix(3)|SSL_CONF_CTX_set1_prefix(3)>, +L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)>, +L<SSL_CONF_cmd_argv(3)|SSL_CONF_cmd_argv(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.2 + +=cut diff --git a/openssl/doc/ssl/SSL_CONF_CTX_set1_prefix.pod b/openssl/doc/ssl/SSL_CONF_CTX_set1_prefix.pod new file mode 100755 index 000000000..76990188d --- /dev/null +++ b/openssl/doc/ssl/SSL_CONF_CTX_set1_prefix.pod @@ -0,0 +1,49 @@ +=pod + +=head1 NAME + +SSL_CONF_CTX_set1_prefix - Set configuration context command prefix + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + unsigned int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *prefix); + +=head1 DESCRIPTION + +The function SSL_CONF_CTX_set1_prefix() sets the command prefix of B<cctx> +to B<prefix>. If B<prefix> is B<NULL> it is restored to the default value. + +=head1 NOTES + +Command prefixes alter the commands recognised by subsequent SSL_CTX_cmd() +calls. For example for files, if the prefix "SSL" is set then command names +such as "SSLProtocol", "SSLOptions" etc. are recognised instead of "Protocol" +and "Options". Similarly for command lines if the prefix is "--ssl-" then +"--ssl-no_tls1_2" is recognised instead of "-no_tls1_2". + +If the B<SSL_CONF_FLAG_CMDLINE> flag is set then prefix checks are case +sensitive and "-" is the default. In the unlikely even an application +explicitly wants to set no prefix it must be explicitly set to "". + +If the B<SSL_CONF_FLAG_FILE> flag is set then prefix checks are case +insensitive and no prefix is the default. + +=head1 RETURN VALUES + +SSL_CONF_CTX_set1_prefix() returns 1 for success and 0 for failure. + +=head1 SEE ALSO + +L<SSL_CONF_CTX_new(3)|SSL_CONF_CTX_new(3)>, +L<SSL_CONF_CTX_set_flags(3)|SSL_CONF_CTX_set_flags(3)>, +L<SSL_CONF_CTX_set_ssl_ctx(3)|SSL_CONF_CTX_set_ssl_ctx(3)>, +L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)>, +L<SSL_CONF_cmd_argv(3)|SSL_CONF_cmd_argv(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.2 + +=cut diff --git a/openssl/doc/ssl/SSL_CONF_CTX_set_flags.pod b/openssl/doc/ssl/SSL_CONF_CTX_set_flags.pod new file mode 100755 index 000000000..ab87efcc2 --- /dev/null +++ b/openssl/doc/ssl/SSL_CONF_CTX_set_flags.pod @@ -0,0 +1,68 @@ +=pod + +=head1 NAME + +SSL_CONF_CTX_set_flags, SSL_CONF_CTX_clear_flags - Set of clear SSL configuration context flags + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); + unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); + +=head1 DESCRIPTION + +The function SSL_CONF_CTX_set_flags() sets B<flags> in the context B<cctx>. + +The function SSL_CONF_CTX_clear_flags() clears B<flags> in the context B<cctx>. + +=head1 NOTES + +The flags set affect how subsequent calls to SSL_CONF_cmd() or +SSL_CONF_argv() behave. + +Currently the following B<flags> values are recognised: + +=over 4 + +=item SSL_CONF_FLAG_CMDLINE, SSL_CONF_FLAG_FILE + +recognise options intended for command line or configuration file use. At +least one of these flags must be set. + +=item SSL_CONF_FLAG_CLIENT, SSL_CONF_FLAG_SERVER + +recognise options intended for use in SSL/TLS clients or servers. One or +both of these flags must be set. + +=item SSL_CONF_CERTIFICATE + +recognise certificate and private key options. + +=item SSL_CONF_FLAG_SHOW_ERRORS + +indicate errors relating to unrecognised options or missing arguments in +the error queue. If this option isn't set such errors are only reflected +in the return values of SSL_CONF_set_cmd() or SSL_CONF_set_argv() + +=back + +=head1 RETURN VALUES + +SSL_CONF_CTX_set_flags() and SSL_CONF_CTX_clear_flags() returns the new flags +value after setting or clearing flags. + +=head1 SEE ALSO + +L<SSL_CONF_CTX_new(3)|SSL_CONF_CTX_new(3)>, +L<SSL_CONF_CTX_set_ssl_ctx(3)|SSL_CONF_CTX_set_ssl_ctx(3)>, +L<SSL_CONF_CTX_set1_prefix(3)|SSL_CONF_CTX_set1_prefix(3)>, +L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)>, +L<SSL_CONF_cmd_argv(3)|SSL_CONF_cmd_argv(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.2 + +=cut diff --git a/openssl/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod b/openssl/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod new file mode 100755 index 000000000..2049a5336 --- /dev/null +++ b/openssl/doc/ssl/SSL_CONF_CTX_set_ssl_ctx.pod @@ -0,0 +1,47 @@ +=pod + +=head1 NAME + +SSL_CONF_CTX_set_ssl_ctx, SSL_CONF_CTX_set_ssl - set context to configure + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); + void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); + +=head1 DESCRIPTION + +SSL_CONF_CTX_set_ssl_ctx() sets the context associated with B<cctx> to the +B<SSL_CTX> structure B<ctx>. Any previous B<SSL> or B<SSL_CTX> associated with +B<cctx> is cleared. Subsequent calls to SSL_CONF_cmd() will be sent to +B<ctx>. + +SSL_CONF_CTX_set_ssl() sets the context associated with B<cctx> to the +B<SSL> structure B<ssl>. Any previous B<SSL> or B<SSL_CTX> associated with +B<cctx> is cleared. Subsequent calls to SSL_CONF_cmd() will be sent to +B<ssl>. + +=head1 NOTES + +The context need not be set or it can be set to B<NULL> in which case only +syntax checking of commands is performed, where possible. + +=head1 RETURN VALUES + +SSL_CONF_CTX_set_ssl_ctx() and SSL_CTX_set_ssl() do not return a value. + +=head1 SEE ALSO + +L<SSL_CONF_CTX_new(3)|SSL_CONF_CTX_new(3)>, +L<SSL_CONF_CTX_set_flags(3)|SSL_CONF_CTX_set_flags(3)>, +L<SSL_CONF_CTX_set1_prefix(3)|SSL_CONF_CTX_set1_prefix(3)>, +L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)>, +L<SSL_CONF_cmd_argv(3)|SSL_CONF_cmd_argv(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.2 + +=cut diff --git a/openssl/doc/ssl/SSL_CONF_cmd.pod b/openssl/doc/ssl/SSL_CONF_cmd.pod new file mode 100755 index 000000000..6d073cb9f --- /dev/null +++ b/openssl/doc/ssl/SSL_CONF_cmd.pod @@ -0,0 +1,433 @@ +=pod + +=head1 NAME + +SSL_CONF_cmd - send configuration command + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); + int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); + int SSL_CONF_finish(SSL_CONF_CTX *cctx); + +=head1 DESCRIPTION + +The function SSL_CONF_cmd() performs configuration operation B<cmd> with +optional parameter B<value> on B<ctx>. Its purpose is to simplify application +configuration of B<SSL_CTX> or B<SSL> structures by providing a common +framework for command line options or configuration files. + +SSL_CONF_cmd_value_type() returns the type of value that B<cmd> refers to. + +The function SSL_CONF_finish() must be called after all configuration +operations have been completed. It is used to finalise any operations +or to process defaults. + +=head1 SUPPORTED COMMAND LINE COMMANDS + +Currently supported B<cmd> names for command lines (i.e. when the +flag B<SSL_CONF_CMDLINE> is set) are listed below. Note: all B<cmd> names +are case sensitive. Unless otherwise stated commands can be used by +both clients and servers and the B<value> parameter is not used. The default +prefix for command line commands is B<-> and that is reflected below. + +=over 4 + +=item B<-sigalgs> + +This sets the supported signature algorithms for TLS v1.2. For clients this +value is used directly for the supported signature algorithms extension. For +servers it is used to determine which signature algorithms to support. + +The B<value> argument should be a colon separated list of signature algorithms +in order of decreasing preference of the form B<algorithm+hash>. B<algorithm> +is one of B<RSA>, B<DSA> or B<ECDSA> and B<hash> is a supported algorithm +OID short name such as B<SHA1>, B<SHA224>, B<SHA256>, B<SHA384> of B<SHA512>. +Note: algorithm and hash names are case sensitive. + +If this option is not set then all signature algorithms supported by the +OpenSSL library are permissible. + +=item B<-client_sigalgs> + +This sets the supported signature algorithms associated with client +authentication for TLS v1.2. For servers the value is used in the supported +signature algorithms field of a certificate request. For clients it is +used to determine which signature algorithm to with the client certificate. +If a server does not request a certificate this option has no effect. + +The syntax of B<value> is identical to B<-sigalgs>. If not set then +the value set for B<-sigalgs> will be used instead. + +=item B<-curves> + +This sets the supported elliptic curves. For clients the curves are +sent using the supported curves extension. For servers it is used +to determine which curve to use. This setting affects curves used for both +signatures and key exchange, if applicable. + +The B<value> argument is a colon separated list of curves. The curve can be +either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name (e.g +B<prime256v1>). Curve names are case sensitive. + +=item B<-named_curve> + +This sets the temporary curve used for ephemeral ECDH modes. Only used by +servers + +The B<value> argument is a curve name or the special value B<auto> which +picks an appropriate curve based on client and server preferences. The curve +can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name +(e.g B<prime256v1>). Curve names are case sensitive. + +=item B<-cipher> + +Sets the cipher suite list to B<value>. Note: syntax checking of B<value> is +currently not performed unless a B<SSL> or B<SSL_CTX> structure is +associated with B<cctx>. + +=item B<-cert> + +Attempts to use the file B<value> as the certificate for the appropriate +context. It currently uses SSL_CTX_use_certificate_chain_file() if an B<SSL_CTX> +structure is set or SSL_use_certificate_file() with filetype PEM if an B<SSL> +structure is set. This option is only supported if certificate operations +are permitted. + +=item B<-key> + +Attempts to use the file B<value> as the private key for the appropriate +context. This option is only supported if certificate operations +are permitted. Note: if no B<-key> option is set then a private key is +not loaded: it does not currently use the B<-cert> file. + +=item B<-dhparam> + +Attempts to use the file B<value> as the set of temporary DH parameters for +the appropriate context. This option is only supported if certificate +operations are permitted. + +=item B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> + +Disables protocol support for SSLv2, SSLv3, TLS 1.0, TLS 1.1 or TLS 1.2 +by setting the corresponding options B<SSL_OP_NO_SSL2>, B<SSL_OP_NO_SSL3>, +B<SSL_OP_NO_TLS1>, B<SSL_OP_NO_TLS1_1> and B<SSL_OP_NO_TLS1_2> respectively. + +=item B<-bugs> + +Various bug workarounds are set, same as setting B<SSL_OP_ALL>. + +=item B<-no_comp> + +Disables support for SSL/TLS compression, same as setting B<SSL_OP_NO_COMPRESS>. + +=item B<-no_ticket> + +Disables support for session tickets, same as setting B<SSL_OP_NO_TICKET>. + +=item B<-serverpref> + +Use server and not client preference order when determining which cipher suite, +signature algorithm or elliptic curve to use for an incoming connection. +Equivalent to B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers. + +=item B<-no_resumption_on_reneg> + +set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers. + +=item B<-legacyrenegotiation> + +permits the use of unsafe legacy renegotiation. Equivalent to setting +B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>. + +=item B<-legacy_server_connect>, B<-no_legacy_server_connect> + +permits or prohibits the use of unsafe legacy renegotiation for OpenSSL +clients only. Equivalent to setting or clearing B<SSL_OP_LEGACY_SERVER_CONNECT>. +Set by default. + +=item B<-strict> + +enables strict mode protocol handling. Equivalent to setting +B<SSL_CERT_FLAG_TLS_STRICT>. + +=item B<-debug_broken_protocol> + +disables various checks and permits several kinds of broken protocol behaviour +for testing purposes: it should B<NEVER> be used in anything other than a test +environment. Only supported if OpenSSL is configured with +B<-DOPENSSL_SSL_DEBUG_BROKEN_PROTOCOL>. + +=back + +=head1 SUPPORTED CONFIGURATION FILE COMMANDS + +Currently supported B<cmd> names for configuration files (i.e. when the +flag B<SSL_CONF_FLAG_FILE> is set) are listed below. All configuration file +B<cmd> names and are case insensitive so B<signaturealgorithms> is recognised +as well as B<SignatureAlgorithms>. Unless otherwise stated the B<value> names +are also case insensitive. + +Note: the command prefix (if set) alters the recognised B<cmd> values. + +=over 4 + +=item B<CipherString> + +Sets the cipher suite list to B<value>. Note: syntax checking of B<value> is +currently not performed unless an B<SSL> or B<SSL_CTX> structure is +associated with B<cctx>. + +=item B<Certificate> + +Attempts to use the file B<value> as the certificate for the appropriate +context. It currently uses SSL_CTX_use_certificate_chain_file() if an B<SSL_CTX> +structure is set or SSL_use_certificate_file() with filetype PEM if an B<SSL> +structure is set. This option is only supported if certificate operations +are permitted. + +=item B<PrivateKey> + +Attempts to use the file B<value> as the private key for the appropriate +context. This option is only supported if certificate operations +are permitted. Note: if no B<-key> option is set then a private key is +not loaded: it does not currently use the B<Certificate> file. + +=item B<DHParameters> + +Attempts to use the file B<value> as the set of temporary DH parameters for +the appropriate context. This option is only supported if certificate +operations are permitted. + +=item B<SignatureAlgorithms> + +This sets the supported signature algorithms for TLS v1.2. For clients this +value is used directly for the supported signature algorithms extension. For +servers it is used to determine which signature algorithms to support. + +The B<value> argument should be a colon separated list of signature algorithms +in order of decreasing preference of the form B<algorithm+hash>. B<algorithm> +is one of B<RSA>, B<DSA> or B<ECDSA> and B<hash> is a supported algorithm +OID short name such as B<SHA1>, B<SHA224>, B<SHA256>, B<SHA384> of B<SHA512>. +Note: algorithm and hash names are case sensitive. + +If this option is not set then all signature algorithms supported by the +OpenSSL library are permissible. + +=item B<ClientSignatureAlgorithms> + +This sets the supported signature algorithms associated with client +authentication for TLS v1.2. For servers the value is used in the supported +signature algorithms field of a certificate request. For clients it is +used to determine which signature algorithm to with the client certificate. + +The syntax of B<value> is identical to B<SignatureAlgorithms>. If not set then +the value set for B<SignatureAlgorithms> will be used instead. + +=item B<Curves> + +This sets the supported elliptic curves. For clients the curves are +sent using the supported curves extension. For servers it is used +to determine which curve to use. This setting affects curves used for both +signatures and key exchange, if applicable. + +The B<value> argument is a colon separated list of curves. The curve can be +either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name (e.g +B<prime256v1>). Curve names are case sensitive. + +=item B<ECDHParameters> + +This sets the temporary curve used for ephemeral ECDH modes. Only used by +servers + +The B<value> argument is a curve name or the special value B<Automatic> which +picks an appropriate curve based on client and server preferences. The curve +can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name +(e.g B<prime256v1>). Curve names are case sensitive. + +=item B<Protocol> + +The supported versions of the SSL or TLS protocol. + +The B<value> argument is a comma separated list of supported protocols to +enable or disable. If an protocol is preceded by B<-> that version is disabled. +All versions are enabled by default, though applications may choose to +explicitly disable some. Currently supported protocol values are B<SSLv2>, +B<SSLv3>, B<TLSv1>, B<TLSv1.1> and B<TLSv1.2>. The special value B<ALL> refers +to all supported versions. + +=item B<Options> + +The B<value> argument is a comma separated list of various flags to set. +If a flag string is preceded B<-> it is disabled. See the +B<SSL_CTX_set_options> function for more details of individual options. + +Each option is listed below. Where an operation is enabled by default +the B<-flag> syntax is needed to disable it. + +B<SessionTicket>: session ticket support, enabled by default. Inverse of +B<SSL_OP_NO_TICKET>: that is B<-SessionTicket> is the same as setting +B<SSL_OP_NO_TICKET>. + +B<Compression>: SSL/TLS compression support, enabled by default. Inverse +of B<SSL_OP_NO_COMPRESSION>. + +B<EmptyFragments>: use empty fragments as a countermeasure against a +SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers. It +is set by default. Inverse of B<SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS>. + +B<Bugs>: enable various bug workarounds. Same as B<SSL_OP_ALL>. + +B<DHSingle>: enable single use DH keys, set by default. Inverse of +B<SSL_OP_DH_SINGLE>. Only used by servers. + +B<ECDHSingle> enable single use ECDH keys, set by default. Inverse of +B<SSL_OP_ECDH_SINGLE>. Only used by servers. + +B<ServerPreference> use server and not client preference order when +determining which cipher suite, signature algorithm or elliptic curve +to use for an incoming connection. Equivalent to +B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers. + +B<NoResumptionOnRenegotiation> set +B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> flag. Only used by servers. + +B<UnsafeLegacyRenegotiation> permits the use of unsafe legacy renegotiation. +Equivalent to B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>. + +B<UnsafeLegacyServerConnect> permits the use of unsafe legacy renegotiation +for OpenSSL clients only. Equivalent to B<SSL_OP_LEGACY_SERVER_CONNECT>. +Set by default. + +=back + +=head1 SUPPORTED COMMAND TYPES + +The function SSL_CONF_cmd_value_type() currently returns one of the following +types: + +=over 4 + +=item B<SSL_CONF_TYPE_UNKNOWN> + +The B<cmd> string is unrecognised, this return value can be use to flag +syntax errors. + +=item B<SSL_CONF_TYPE_STRING> + +The value is a string without any specific structure. + +=item B<SSL_CONF_TYPE_FILE> + +The value is a file name. + +=item B<SSL_CONF_TYPE_DIR> + +The value is a directory name. + +=back + +=head1 NOTES + +The order of operations is significant. This can be used to set either defaults +or values which cannot be overridden. For example if an application calls: + + SSL_CONF_cmd(ctx, "Protocol", "-SSLv2"); + SSL_CONF_cmd(ctx, userparam, uservalue); + +it will disable SSLv2 support by default but the user can override it. If +however the call sequence is: + + SSL_CONF_cmd(ctx, userparam, uservalue); + SSL_CONF_cmd(ctx, "Protocol", "-SSLv2"); + +SSLv2 is B<always> disabled and attempt to override this by the user are +ignored. + +By checking the return code of SSL_CTX_cmd() it is possible to query if a +given B<cmd> is recognised, this is useful is SSL_CTX_cmd() values are +mixed with additional application specific operations. + +For example an application might call SSL_CTX_cmd() and if it returns +-2 (unrecognised command) continue with processing of application specific +commands. + +Applications can also use SSL_CTX_cmd() to process command lines though the +utility function SSL_CTX_cmd_argv() is normally used instead. One way +to do this is to set the prefix to an appropriate value using +SSL_CONF_CTX_set1_prefix(), pass the current argument to B<cmd> and the +following argument to B<value> (which may be NULL). + +In this case if the return value is positive then it is used to skip that +number of arguments as they have been processed by SSL_CTX_cmd(). If -2 is +returned then B<cmd> is not recognised and application specific arguments +can be checked instead. If -3 is returned a required argument is missing +and an error is indicated. If 0 is returned some other error occurred and +this can be reported back to the user. + +The function SSL_CONF_cmd_value_type() can be used by applications to +check for the existence of a command or to perform additional syntax +checking or translation of the command value. For example if the return +value is B<SSL_CONF_TYPE_FILE> an application could translate a relative +pathname to an absolute pathname. + +=head1 EXAMPLES + +Set supported signature algorithms: + + SSL_CONF_cmd(ctx, "SignatureAlgorithms", "ECDSA+SHA256:RSA+SHA256:DSA+SHA256"); + +Enable all protocols except SSLv3 and SSLv2: + + SSL_CONF_cmd(ctx, "Protocol", "ALL,-SSLv3,-SSLv2"); + +Only enable TLSv1.2: + + SSL_CONF_cmd(ctx, "Protocol", "-ALL,TLSv1.2"); + +Disable TLS session tickets: + + SSL_CONF_cmd(ctx, "Options", "-SessionTicket"); + +Set supported curves to P-256, P-384: + + SSL_CONF_cmd(ctx, "Curves", "P-256:P-384"); + +Set automatic support for any elliptic curve for key exchange: + + SSL_CONF_cmd(ctx, "ECDHParameters", "Automatic"); + +=head1 RETURN VALUES + +SSL_CONF_cmd() returns 1 if the value of B<cmd> is recognised and B<value> is +B<NOT> used and 2 if both B<cmd> and B<value> are used. In other words it +returns the number of arguments processed. This is useful when processing +command lines. + +A return value of -2 means B<cmd> is not recognised. + +A return value of -3 means B<cmd> is recognised and the command requires a +value but B<value> is NULL. + +A return code of 0 indicates that both B<cmd> and B<value> are valid but an +error occurred attempting to perform the operation: for example due to an +error in the syntax of B<value> in this case the error queue may provide +additional information. + +SSL_CONF_finish() returns 1 for success and 0 for failure. + +=head1 SEE ALSO + +L<SSL_CONF_CTX_new(3)|SSL_CONF_CTX_new(3)>, +L<SSL_CONF_CTX_set_flags(3)|SSL_CONF_CTX_set_flags(3)>, +L<SSL_CONF_CTX_set1_prefix(3)|SSL_CONF_CTX_set1_prefix(3)>, +L<SSL_CONF_CTX_set_ssl_ctx(3)|SSL_CONF_CTX_set_ssl_ctx(3)>, +L<SSL_CONF_cmd_argv(3)|SSL_CONF_cmd_argv(3)> + +=head1 HISTORY + +SSL_CONF_cmd() was first added to OpenSSL 1.0.2 + +=cut diff --git a/openssl/doc/ssl/SSL_CONF_cmd_argv.pod b/openssl/doc/ssl/SSL_CONF_cmd_argv.pod new file mode 100755 index 000000000..6e66441cd --- /dev/null +++ b/openssl/doc/ssl/SSL_CONF_cmd_argv.pod @@ -0,0 +1,42 @@ +=pod + +=head1 NAME + +SSL_CONF_cmd_argv - SSL configuration command line processing. + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); + +=head1 DESCRIPTION + +The function SSL_CONF_cmd_argv() processes at most two command line +arguments from B<pargv> and B<pargc>. The values of B<pargv> and B<pargc> +are updated to reflect the number of command options processed. The B<pargc> +argument can be set to B<NULL> is it is not used. + +=head1 RETURN VALUES + +SSL_CONF_cmd_argv() returns the number of command arguments processed: 0, 1, 2 +or a negative error code. + +If -2 is returned then an argument for a command is missing. + +If -1 is returned the command is recognised but couldn't be processed due +to an error: for example a syntax error in the argument. + +=head1 SEE ALSO + +L<SSL_CONF_CTX_new(3)|SSL_CONF_CTX_new(3)>, +L<SSL_CONF_CTX_set_flags(3)|SSL_CONF_CTX_set_flags(3)>, +L<SSL_CONF_CTX_set1_prefix(3)|SSL_CONF_CTX_set1_prefix(3)>, +L<SSL_CONF_CTX_set_ssl_ctx(3)|SSL_CONF_CTX_set_ssl_ctx(3)>, +L<SSL_CONF_cmd(3)|SSL_CONF_cmd(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.2 + +=cut diff --git a/openssl/doc/ssl/SSL_CTX_add1_chain_cert.pod b/openssl/doc/ssl/SSL_CTX_add1_chain_cert.pod new file mode 100755 index 000000000..b999f0941 --- /dev/null +++ b/openssl/doc/ssl/SSL_CTX_add1_chain_cert.pod @@ -0,0 +1,150 @@ +=pod + +=head1 NAME + +SSL_CTX_set0_chain, SSL_CTX_set1_chain, SSL_CTX_add0_chain_cert, +SSL_CTX_add1_chain_cert, SSL_CTX_get0_chain_certs, SSL_CTX_clear_chain_certs, +SSL_set0_chain, SSL_set1_chain, SSL_add0_chain_cert, SSL_add1_chain_cert, +SSL_get0_chain_certs, SSL_clear_chain_certs, SSL_CTX_build_cert_chain, +SSL_build_cert_chain, SSL_CTX_select_current_cert, +SSL_select_current_cert, SSL_CTX_set_current_cert, SSL_set_current_cert - extra +chain certificate processing + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *sk); + int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *sk); + int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509); + int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509); + int SSL_CTX_get0_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk); + int SSL_CTX_clear_chain_certs(SSL_CTX *ctx); + + int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *sk); + int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *sk); + int SSL_add0_chain_cert(SSL *ssl, X509 *x509); + int SSL_add1_chain_cert(SSL *ssl, X509 *x509); + int SSL_get0_chain_certs(SSL *ssl, STACK_OF(X509) **sk); + int SSL_clear_chain_certs(SSL *ssl); + + int SSL_CTX_build_cert_chain(SSL_CTX *ctx, flags); + int SSL_build_cert_chain(SSL *ssl, flags); + + int SSL_CTX_select_current_cert(SSL_CTX *ctx, X509 *x509); + int SSL_select_current_cert(SSL *ssl, X509 *x509); + int SSL_CTX_set_current_cert(SSL_CTX *ctx, long op); + int SSL_set_current_cert(SSL *ssl, long op); + +=head1 DESCRIPTION + +SSL_CTX_set0_chain() and SSL_CTX_set1_chain() set the certificate chain +associated with the current certificate of B<ctx> to B<sk>. + +SSL_CTX_add0_chain_cert() and SSL_CTX_add1_chain_cert() append the single +certificate B<x509> to the chain associated with the current certificate of +B<ctx>. + +SSL_CTX_get0_chain_certs() retrieves the chain associated with the current +certificate of B<ctx>. + +SSL_CTX_clear_chain_certs() clears any existing chain associated with the +current certificate of B<ctx>. (This is implemented by calling +SSL_CTX_set0_chain() with B<sk> set to B<NULL>). + +SSL_CTX_build_cert_chain() builds the certificate chain for B<ctx> normally +this uses the chain store or the verify store if the chain store is not set. +If the function is successful the built chain will replace any existing chain. +The B<flags> parameter can be set to B<SSL_BUILD_CHAIN_FLAG_UNTRUSTED> to use +existing chain certificates as untrusted CAs, B<SSL_BUILD_CHAIN_FLAG_NO_ROOT> +to omit the root CA from the built chain, B<SSL_BUILD_CHAIN_FLAG_CHECK> to +use all existing chain certificates only to build the chain (effectively +sanity checking and rearranging them if necessary), the flag +B<SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR> ignores any errors during verification: +if flag B<SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR> is also set verification errors +are cleared from the error queue. + +Each of these functions operates on the I<current> end entity +(i.e. server or client) certificate. This is the last certificate loaded or +selected on the corresponding B<ctx> structure. + +SSL_CTX_select_current_cert() selects B<x509> as the current end entity +certificate, but only if B<x509> has already been loaded into B<ctx> using a +function such as SSL_CTX_use_certificate(). + +SSL_set0_chain(), SSL_set1_chain(), SSL_add0_chain_cert(), +SSL_add1_chain_cert(), SSL_get0_chain_certs(), SSL_clear_chain_certs(), +SSL_build_cert_chain(), SSL_select_current_cert() and SSL_set_current_cert() +are similar except they apply to SSL structure B<ssl>. + +SSL_CTX_set_current_cert() changes the current certificate to a value based +on the B<op> argument. Currently B<op> can be B<SSL_CERT_SET_FIRST> to use +the first valid certificate or B<SSL_CERT_SET_NEXT> to set the next valid +certificate after the current certificate. These two operations can be +used to iterate over all certificates in an B<SSL_CTX> structure. + +SSL_set_current_cert() also supports the option B<SSL_CERT_SET_SERVER>. +If B<ssl> is a server and has sent a certificate to a connected client +this option sets that certificate to the current certificate and returns 1. +If the negotiated ciphersuite is anonymous (and thus no certificate will +be sent) 2 is returned and the current certificate is unchanged. If B<ssl> +is not a server or a certificate has not been sent 0 is returned and +the current certificate is unchanged. + +All these functions are implemented as macros. Those containing a B<1> +increment the reference count of the supplied certificate or chain so it must +be freed at some point after the operation. Those containing a B<0> do +not increment reference counts and the supplied certificate or chain +B<MUST NOT> be freed after the operation. + +=head1 NOTES + +The chains associate with an SSL_CTX structure are copied to any SSL +structures when SSL_new() is called. SSL structures will not be affected +by any chains subsequently changed in the parent SSL_CTX. + +One chain can be set for each key type supported by a server. So, for example, +an RSA and a DSA certificate can (and often will) have different chains. + +The functions SSL_CTX_build_cert_chain() and SSL_build_cert_chain() can +be used to check application configuration and to ensure any necessary +subordinate CAs are sent in the correct order. Misconfigured applications +sending incorrect certificate chains often cause problems with peers. + +For example an application can add any set of certificates using +SSL_CTX_use_certificate_chain_file() then call SSL_CTX_build_cert_chain() +with the option B<SSL_BUILD_CHAIN_FLAG_CHECK> to check and reorder them. + +Applications can issue non fatal warnings when checking chains by setting +the flag B<SSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS> and checking the return +value. + +Calling SSL_CTX_build_cert_chain() or SSL_build_cert_chain() is more +efficient than the automatic chain building as it is only performed once. +Automatic chain building is performed on each new session. + +If any certificates are added using these functions no certificates added +using SSL_CTX_add_extra_chain_cert() will be used. + +=head1 RETURN VALUES + +SSL_set_current_cert() with B<SSL_CERT_SET_SERVER> return 1 for success, 2 if +no server certificate is used because the ciphersuites is anonymous and 0 +for failure. + +SSL_CTX_build_cert_chain() and SSL_build_cert_chain() return 1 for success +and 0 for failure. If the flag B<SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR> and +a verification error occurs then 2 is returned. + +All other functions return 1 for success and 0 for failure. + + +=head1 SEE ALSO + +L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.2. + +=cut diff --git a/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod b/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod index 5955ee1cb..8e832a57e 100644 --- a/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod +++ b/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod @@ -32,7 +32,8 @@ Only one set of extra chain certificates can be specified per SSL_CTX structure. Different chains for different certificates (for example if both RSA and DSA certificates are specified by the same server) or different SSL structures with the same parent SSL_CTX cannot be specified using this -function. +function. For more flexibility functions such as SSL_add1_chain_cert() should +be used instead. =head1 RETURN VALUES @@ -45,5 +46,15 @@ L<ssl(3)|ssl(3)>, L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>, L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>, L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> +L<SSL_CTX_set0_chain(3)|SSL_CTX_set0_chain(3)> +L<SSL_CTX_set1_chain(3)|SSL_CTX_set1_chain(3)> +L<SSL_CTX_add0_chain_cert(3)|SSL_CTX_add0_chain_cert(3)> +L<SSL_CTX_add1_chain_cert(3)|SSL_CTX_add1_chain_cert(3)> +L<SSL_set0_chain(3)|SSL_set0_chain(3)> +L<SSL_set1_chain(3)|SSL_set1_chain(3)> +L<SSL_add0_chain_cert(3)|SSL_add0_chain_cert(3)> +L<SSL_add1_chain_cert(3)|SSL_add1_chain_cert(3)> +L<SSL_CTX_build_cert_chain(3)|SSL_CTX_build_cert_chain(3)> +L<SSL_build_cert_chain(3)|SSL_build_cert_chain(3)> =cut diff --git a/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod b/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod index c8b99f4ee..4aeda096d 100644 --- a/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod +++ b/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod @@ -15,6 +15,7 @@ SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size - manipulate session ca SSL_CTX_sess_set_cache_size() sets the size of the internal session cache of context B<ctx> to B<t>. +This value is a hint and not an absolute; see the notes below. SSL_CTX_sess_get_cache_size() returns the currently valid session cache size. @@ -25,8 +26,9 @@ currently 1024*20, so that up to 20000 sessions can be held. This size can be modified using the SSL_CTX_sess_set_cache_size() call. A special case is the size 0, which is used for unlimited size. -When the maximum number of sessions is reached, no more new sessions are -added to the cache. New space may be added by calling +If adding the session makes the cache exceed its size, then unused +sessions are dropped from the end of the cache. +Cache space may also be reclaimed by calling L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> to remove expired sessions. diff --git a/openssl/doc/ssl/SSL_CTX_set1_curves.pod b/openssl/doc/ssl/SSL_CTX_set1_curves.pod new file mode 100755 index 000000000..18d0c9ac3 --- /dev/null +++ b/openssl/doc/ssl/SSL_CTX_set1_curves.pod @@ -0,0 +1,103 @@ +=pod + +=head1 NAME + +SSL_CTX_set1_curves, SSL_CTX_set1_curves_list, SSL_set1_curves, +SSL_set1_curves_list, SSL_get1_curves, SSL_get_shared_curve, +SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto - EC supported curve functions + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + int SSL_CTX_set1_curves(SSL_CTX *ctx, int *clist, int clistlen); + int SSL_CTX_set1_curves_list(SSL_CTX *ctx, char *list); + + int SSL_set1_curves(SSL *ssl, int *clist, int clistlen); + int SSL_set1_curves_list(SSL *ssl, char *list); + + int SSL_get1_curves(SSL *ssl, int *curves); + int SSL_get_shared_curve(SSL *s, int n); + + int SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int onoff); + int SSL_set_ecdh_auto(SSL *s, int onoff); + +=head1 DESCRIPTION + +SSL_CTX_set1_curves() sets the supported curves for B<ctx> to B<clistlen> +curves in the array B<clist>. The array consist of all NIDs of curves in +preference order. For a TLS client the curves are used directly in the +supported curves extension. For a TLS server the curves are used to +determine the set of shared curves. + +SSL_CTX_set1_curves_list() sets the supported curves for B<ctx> to +string B<list>. The string is a colon separated list of curve NIDs or +names, for example "P-521:P-384:P-256". + +SSL_set1_curves() and SSL_set1_curves_list() are similar except they set +supported curves for the SSL structure B<ssl>. + +SSL_get1_curves() returns the set of supported curves sent by a client +in the supported curves extension. It returns the total number of +supported curves. The B<curves> parameter can be B<NULL> to simply +return the number of curves for memory allocation purposes. The +B<curves> array is in the form of a set of curve NIDs in preference +order. It can return zero if the client did not send a supported curves +extension. + +SSL_get_shared_curve() returns shared curve B<n> for a server-side +SSL B<ssl>. If B<n> is -1 then the total number of shared curves is +returned, which may be zero. Other than for diagnostic purposes, +most applications will only be interested in the first shared curve +so B<n> is normally set to zero. If the value B<n> is out of range, +NID_undef is returned. + +SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() set automatic curve +selection for server B<ctx> or B<ssl> to B<onoff>. If B<onoff> is 1 then +the highest preference curve is automatically used for ECDH temporary +keys used during key exchange. + +All these functions are implemented as macros. + +=head1 NOTES + +If an application wishes to make use of several of these functions for +configuration purposes either on a command line or in a file it should +consider using the SSL_CONF interface instead of manually parsing options. + +The functions SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() can be used to +make a server always choose the most appropriate curve for a client. If set +it will override any temporary ECDH parameters set by a server. Previous +versions of OpenSSL could effectively only use a single ECDH curve set +using a function such as SSL_CTX_set_ecdh_tmp(). Newer applications should +just call: + + SSL_CTX_set_ecdh_auto(ctx, 1); + +and they will automatically support ECDH using the most appropriate shared +curve. + +=head1 RETURN VALUES + +SSL_CTX_set1_curves(), SSL_CTX_set1_curves_list(), SSL_set1_curves(), +SSL_set1_curves_list(), SSL_CTX_set_ecdh_auto() and SSL_set_ecdh_auto() +return 1 for success and 0 for failure. + +SSL_get1_curves() returns the number of curves, which may be zero. + +SSL_get_shared_curve() returns the NID of shared curve B<n> or NID_undef if there +is no shared curve B<n>; or the total number of shared curves if B<n> +is -1. + +When called on a client B<ssl>, SSL_get_shared_curve() has no meaning and +returns -1. + +=head1 SEE ALSO + +L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.2. + +=cut diff --git a/openssl/doc/ssl/SSL_CTX_set1_verify_cert_store.pod b/openssl/doc/ssl/SSL_CTX_set1_verify_cert_store.pod new file mode 100755 index 000000000..493cca481 --- /dev/null +++ b/openssl/doc/ssl/SSL_CTX_set1_verify_cert_store.pod @@ -0,0 +1,91 @@ +=pod + +=head1 NAME + +SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, +SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, +SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, +SSL_set0_chain_cert_store, SSL_set1_chain_cert_store - set certificate +verification or chain store + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); + int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); + int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); + int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); + + int SSL_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); + int SSL_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); + int SSL_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); + int SSL_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); + +=head1 DESCRIPTION + +SSL_CTX_set0_verify_cert_store() and SSL_CTX_set1_verify_cert_store() +set the certificate store used for certificate verification to B<st>. + +SSL_CTX_set0_chain_cert_store() and SSL_CTX_set1_chain_cert_store() +set the certificate store used for certificate chain building to B<st>. + +SSL_set0_verify_cert_store(), SSL_set1_verify_cert_store(), +SSL_set0_chain_cert_store() and SSL_set1_chain_cert_store() are similar +except they apply to SSL structure B<ssl>. + +All these functions are implemented as macros. Those containing a B<1> +increment the reference count of the supplied store so it must +be freed at some point after the operation. Those containing a B<0> do +not increment reference counts and the supplied store B<MUST NOT> be freed +after the operation. + +=head1 NOTES + +The stores pointers associated with an SSL_CTX structure are copied to any SSL +structures when SSL_new() is called. As a result SSL structures will not be +affected if the parent SSL_CTX store pointer is set to a new value. + +The verification store is used to verify the certificate chain sent by the +peer: that is an SSL/TLS client will use the verification store to verify +the server's certificate chain and a SSL/TLS server will use it to verify +any client certificate chain. + +The chain store is used to build the certificate chain. + +If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set or a certificate chain is +configured already (for example using the functions such as +L<SSL_CTX_add1_chain_cert(3)|SSL_CTX_add1_chain_cert(3)> or +L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>) then +automatic chain building is disabled. + +If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set then automatic chain building +is disabled. + +If the chain or the verification store is not set then the store associated +with the parent SSL_CTX is used instead to retain compatibility with previous +versions of OpenSSL. + +=head1 RETURN VALUES + +All these functions return 1 for success and 0 for failure. + +=head1 SEE ALSO + +L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)> +L<SSL_CTX_set0_chain(3)|SSL_CTX_set0_chain(3)> +L<SSL_CTX_set1_chain(3)|SSL_CTX_set1_chain(3)> +L<SSL_CTX_add0_chain_cert(3)|SSL_CTX_add0_chain_cert(3)> +L<SSL_CTX_add1_chain_cert(3)|SSL_CTX_add1_chain_cert(3)> +L<SSL_set0_chain(3)|SSL_set0_chain(3)> +L<SSL_set1_chain(3)|SSL_set1_chain(3)> +L<SSL_add0_chain_cert(3)|SSL_add0_chain_cert(3)> +L<SSL_add1_chain_cert(3)|SSL_add1_chain_cert(3)> +L<SSL_CTX_build_cert_chain(3)|SSL_CTX_build_cert_chain(3)> +L<SSL_build_cert_chain(3)|SSL_build_cert_chain(3)> + +=head1 HISTORY + +These functions were first added to OpenSSL 1.0.2. + +=cut diff --git a/openssl/doc/ssl/SSL_CTX_set_cert_cb.pod b/openssl/doc/ssl/SSL_CTX_set_cert_cb.pod new file mode 100755 index 000000000..141d828f5 --- /dev/null +++ b/openssl/doc/ssl/SSL_CTX_set_cert_cb.pod @@ -0,0 +1,68 @@ +=pod + +=head1 NAME + +SSL_CTX_set_cert_cb, SSL_set_cert_cb - handle certificate callback function + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg), void *arg); + void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg); + + int (*cert_cb)(SSL *ssl, void *arg); + +=head1 DESCRIPTION + +SSL_CTX_set_cert_cb() and SSL_set_cert_cb() sets the B<cert_cb()> callback, +B<arg> value is pointer which is passed to the application callback. + +When B<cert_cb()> is NULL, no callback function is used. + +cert_cb() is the application defined callback. It is called before a +certificate will be used by a client or server. The callback can then inspect +the passed B<ssl> structure and set or clear any appropriate certificates. If +the callback is successful it B<MUST> return 1 even if no certificates have +been set. A zero is returned on error which will abort the handshake with a +fatal internal error alert. A negative return value will suspend the handshake +and the handshake function will return immediately. +L<SSL_get_error(3)|SSL_get_error(3)> will return SSL_ERROR_WANT_X509_LOOKUP to +indicate, that the handshake was suspended. The next call to the handshake +function will again lead to the call of cert_cb(). It is the job of the +cert_cb() to store information about the state of the last call, +if required to continue. + +=head1 NOTES + +An application will typically call SSL_use_certificate() and +SSL_use_PrivateKey() to set the end entity certificate and private key. +It can add intermediate and optionally the root CA certificates using +SSL_add1_chain_cert(). + +It might also call SSL_certs_clear() to delete any certificates associated +with the B<SSL> object. + +The certificate callback functionality supercedes the (largely broken) +functionality provided by the old client certificate callback interface. +It is B<always> called even is a certificate is already set so the callback +can modify or delete the existing certificate. + +A more advanced callback might examine the handshake parameters and set +whatever chain is appropriate. For example a legacy client supporting only +TLS v1.0 might receive a certificate chain signed using SHA1 whereas a +TLS v1.2 client which advertises support for SHA256 could receive a chain +using SHA256. + +Normal server sanity checks are performed on any certificates set +by the callback. So if an EC chain is set for a curve the client does not +support it will B<not> be used. + +=head1 SEE ALSO + +L<ssl(3)|ssl(3)>, L<SSL_use_certificate(3)|SSL_use_certificate(3)>, +L<SSL_add1_chain_cert(3)|SSL_add1_chain_cert(3)>, +L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>, +L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)> + +=cut diff --git a/openssl/doc/ssl/SSL_CTX_set_cert_store.pod b/openssl/doc/ssl/SSL_CTX_set_cert_store.pod index 6acf0d9f9..846416e06 100644 --- a/openssl/doc/ssl/SSL_CTX_set_cert_store.pod +++ b/openssl/doc/ssl/SSL_CTX_set_cert_store.pod @@ -42,6 +42,13 @@ L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> family of functions. This document must therefore be updated when documentation about the X509_STORE object and its handling becomes available. +=head1 RESTRICTIONS + +The X509_STORE structure used by an SSL_CTX is used for verifying peer +certificates and building certificate chains, it is also shared by +every child SSL structure. Applications wanting finer control can use +functions such as SSL_CTX_set1_verify_cert_store() instead. + =head1 RETURN VALUES SSL_CTX_set_cert_store() does not return diagnostic output. diff --git a/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod b/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod index bd4df4abd..c84a8314b 100644 --- a/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod +++ b/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod @@ -41,7 +41,7 @@ RSA export ciphers with a keylength of 512 bits for the RSA key require a temporary 512 bit RSA key, as typically the supplied key has a length of 1024 bit (see L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>). -RSA ciphers using EDH need a certificate and key and additional DH-parameters +RSA ciphers using DHE need a certificate and key and additional DH-parameters (see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>). A DSA cipher can only be chosen, when a DSA certificate is available. diff --git a/openssl/doc/ssl/SSL_CTX_set_custom_cli_ext.pod b/openssl/doc/ssl/SSL_CTX_set_custom_cli_ext.pod new file mode 100755 index 000000000..3fceef925 --- /dev/null +++ b/openssl/doc/ssl/SSL_CTX_set_custom_cli_ext.pod @@ -0,0 +1,133 @@ +=pod + +=head1 NAME + +SSL_CTX_add_client_custom_ext, SSL_CTX_add_server_custom_ext - custom TLS extension handling + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + + int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + + int SSL_extension_supported(unsigned int ext_type); + + typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type, + const unsigned char **out, + size_t *outlen, int *al, + void *add_arg); + + typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type, + const unsigned char *out, + void *add_arg); + + typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type, + const unsigned char *in, + size_t inlen, int *al, + void *parse_arg); + + +=head1 DESCRIPTION + +SSL_CTX_add_client_custom_ext() adds a custom extension for a TLS client +with extension type B<ext_type> and callbacks B<add_cb>, B<free_cb> and +B<parse_cb>. + +SSL_CTX_add_server_custom_ext() adds a custom extension for a TLS server +with extension type B<ext_type> and callbacks B<add_cb>, B<free_cb> and +B<parse_cb>. + +In both cases the extension type must not be handled by OpenSSL internally +or an error occurs. + +SSL_extension_supported() returns 1 if the extension B<ext_type> is handled +internally by OpenSSL and 0 otherwise. + +=head1 EXTENSION CALLBACKS + +The callback B<add_cb> is called to send custom extension data to be +included in ClientHello for TLS clients or ServerHello for servers. The +B<ext_type> parameter is set to the extension type which will be added and +B<add_arg> to the value set when the extension handler was added. + +If the application wishes to include the extension B<ext_type> it should +set B<*out> to the extension data, set B<*outlen> to the length of the +extension data and return 1. + +If the B<add_cb> does not wish to include the extension it must return 0. + +If B<add_cb> returns -1 a fatal handshake error occurs using the TLS +alert value specified in B<*al>. + +For clients (but not servers) if B<add_cb> is set to NULL a zero length +extension is added for B<ext_type>. + +For clients every registered B<add_cb> is always called to see if the +application wishes to add an extension to ClientHello. + +For servers every registered B<add_cb> is called once if and only if the +corresponding extension was received in ClientHello to see if the application +wishes to add the extension to ServerHello. That is, if no corresponding extension +was received in ClientHello then B<add_cb> will not be called. + +If an extension is added (that is B<add_cb> returns 1) B<free_cb> is called +(if it is set) with the value of B<out> set by the add callback. It can be +used to free up any dynamic extension data set by B<add_cb>. Since B<out> is +constant (to permit use of constant data in B<add_cb>) applications may need to +cast away const to free the data. + +The callback B<parse_cb> receives data for TLS extensions. For TLS clients +the extension data will come from ServerHello and for TLS servers it will +come from ClientHello. + +The extension data consists of B<inlen> bytes in the buffer B<in> for the +extension B<extension_type>. + +If the B<parse_cb> considers the extension data acceptable it must return +1. If it returns 0 or a negative value a fatal handshake error occurs +using the TLS alert value specified in B<*al>. + +The buffer B<in> is a temporary internal buffer which will not be valid after +the callback returns. + +=head1 NOTES + +The B<add_arg> and B<parse_arg> parameters can be set to arbitrary values +which will be passed to the corresponding callbacks. They can, for example, +be used to store the extension data received in a convenient structure or +pass the extension data to be added or freed when adding extensions. + +The B<ext_type> parameter corresponds to the B<extension_type> field of +RFC5246 et al. It is B<not> a NID. + +If the same custom extension type is received multiple times a fatal +B<decode_error> alert is sent and the handshake aborts. If a custom extension +is received in ServerHello which was not sent in ClientHello a fatal +B<unsupported_extension> alert is sent and the handshake is aborted. The +ServerHello B<add_cb> callback is only called if the corresponding extension +was received in ClientHello. This is compliant with the TLS specifications. +This behaviour ensures that each callback is called at most once and that +an application can never send unsolicited extensions. + +=head1 RETURN VALUES + +SSL_CTX_add_client_custom_ext() and SSL_CTX_add_server_custom_ext() return 1 for +success and 0 for failure. A failure can occur if an attempt is made to +add the same B<ext_type> more than once, if an attempt is made to use an +extension type handled internally by OpenSSL or if an internal error occurs +(for example a memory allocation failure). + +SSL_extension_supported() returns 1 if the extension B<ext_type> is handled +internally by OpenSSL and 0 otherwise. + +=cut diff --git a/openssl/doc/ssl/SSL_CTX_set_mode.pod b/openssl/doc/ssl/SSL_CTX_set_mode.pod index 8cb669dae..2a5aaa555 100644 --- a/openssl/doc/ssl/SSL_CTX_set_mode.pod +++ b/openssl/doc/ssl/SSL_CTX_set_mode.pod @@ -71,6 +71,16 @@ SSL_CTX->freelist_max_len, which defaults to 32. Using this flag can save around 34k per idle SSL connection. This flag has no effect on SSL v2 connections, or on DTLS connections. +=item SSL_MODE_SEND_FALLBACK_SCSV + +Send TLS_FALLBACK_SCSV in the ClientHello. +To be set only by applications that reconnect with a downgraded protocol +version; see draft-ietf-tls-downgrade-scsv-00 for details. + +DO NOT ENABLE THIS if your application attempts a normal handshake. +Only use this in explicit fallback retries, following the guidance +in draft-ietf-tls-downgrade-scsv-00. + =back =head1 RETURN VALUES diff --git a/openssl/doc/ssl/SSL_CTX_set_options.pod b/openssl/doc/ssl/SSL_CTX_set_options.pod index 6e6b5e6d8..e80a72cd4 100644 --- a/openssl/doc/ssl/SSL_CTX_set_options.pod +++ b/openssl/doc/ssl/SSL_CTX_set_options.pod @@ -158,15 +158,7 @@ temporary/ephemeral DH parameters are used. =item SSL_OP_EPHEMERAL_RSA -Always use ephemeral (temporary) RSA key when doing RSA operations -(see L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>). -According to the specifications this is only done, when a RSA key -can only be used for signature operations (namely under export ciphers -with restricted RSA keylength). By setting this option, ephemeral -RSA keys are always used. This option breaks compatibility with the -SSL/TLS specifications and may lead to interoperability problems with -clients and should therefore never be used. Ciphers with EDH (ephemeral -Diffie-Hellman) key exchange should be used instead. +This option is no longer implemented and is treated as no op. =item SSL_OP_CIPHER_SERVER_PREFERENCE diff --git a/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod b/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod index 534643cd9..94c55b804 100644 --- a/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod +++ b/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod @@ -70,25 +70,18 @@ the TLS standard, when the RSA key can be used for signing only, that is for export ciphers. Using ephemeral RSA key exchange for other purposes violates the standard and can break interoperability with clients. It is therefore strongly recommended to not use ephemeral RSA key -exchange and use EDH (Ephemeral Diffie-Hellman) key exchange instead +exchange and use DHE (Ephemeral Diffie-Hellman) key exchange instead in order to achieve forward secrecy (see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>). -On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default -and must be explicitly enabled using the SSL_OP_EPHEMERAL_RSA option of -L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, violating the TLS/SSL -standard. When ephemeral RSA key exchange is required for export ciphers, -it will automatically be used without this option! - -An application may either directly specify the key or can supply the key via -a callback function. The callback approach has the advantage, that the -callback may generate the key only in case it is actually needed. As the -generation of a RSA key is however costly, it will lead to a significant -delay in the handshake procedure. Another advantage of the callback function -is that it can supply keys of different size (e.g. for SSL_OP_EPHEMERAL_RSA -usage) while the explicit setting of the key is only useful for key size of -512 bits to satisfy the export restricted ciphers and does give away key length -if a longer key would be allowed. +An application may either directly specify the key or can supply the key via a +callback function. The callback approach has the advantage, that the callback +may generate the key only in case it is actually needed. As the generation of a +RSA key is however costly, it will lead to a significant delay in the handshake +procedure. Another advantage of the callback function is that it can supply +keys of different size while the explicit setting of the key is only useful for +key size of 512 bits to satisfy the export restricted ciphers and does give +away key length if a longer key would be allowed. The B<tmp_rsa_callback> is called with the B<keylength> needed and the B<is_export> information. The B<is_export> flag is set, when the diff --git a/openssl/doc/ssl/SSL_CTX_use_certificate.pod b/openssl/doc/ssl/SSL_CTX_use_certificate.pod index 10be95fdb..80321b858 100644 --- a/openssl/doc/ssl/SSL_CTX_use_certificate.pod +++ b/openssl/doc/ssl/SSL_CTX_use_certificate.pod @@ -109,10 +109,9 @@ this B<ssl>, the last item added into B<ctx> will be checked. =head1 NOTES -The internal certificate store of OpenSSL can hold two private key/certificate -pairs at a time: one key/certificate of type RSA and one key/certificate -of type DSA. The certificate used depends on the cipher select, see -also L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>. +The internal certificate store of OpenSSL can hold several private +key/certificate pairs at a time. The certificate used depends on the +cipher selected, see also L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>. When reading certificates and private keys from file, files of type SSL_FILETYPE_ASN1 (also known as B<DER>, binary encoding) can only contain @@ -122,16 +121,13 @@ Files of type SSL_FILETYPE_PEM can contain more than one item. SSL_CTX_use_certificate_chain_file() adds the first certificate found in the file to the certificate store. The other certificates are added -to the store of chain certificates using -L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>. -There exists only one extra chain store, so that the same chain is appended -to both types of certificates, RSA and DSA! If it is not intended to use -both type of certificate at the same time, it is recommended to use the -SSL_CTX_use_certificate_chain_file() instead of the -SSL_CTX_use_certificate_file() function in order to allow the use of -complete certificate chains even when no trusted CA storage is used or -when the CA issuing the certificate shall not be added to the trusted -CA storage. +to the store of chain certificates using L<SSL_CTX_add1_chain_cert(3)|SSL_CTX_add1_chain_cert(3)>. Note: versions of OpenSSL before 1.0.2 only had a single +certificate chain store for all certificate types, OpenSSL 1.0.2 and later +have a separate chain store for each type. SSL_CTX_use_certificate_chain_file() +should be used instead of the SSL_CTX_use_certificate_file() function in order +to allow the use of complete certificate chains even when no trusted CA +storage is used or when the CA issuing the certificate shall not be added to +the trusted CA storage. If additional certificates are needed to complete the chain during the TLS negotiation, CA certificates are additionally looked up in the diff --git a/openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod b/openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod index 9da7201a9..12db0daa1 100644 --- a/openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod +++ b/openssl/doc/ssl/SSL_CTX_use_psk_identity_hint.pod @@ -83,7 +83,12 @@ Return values from the server callback are interpreted as follows: =over 4 -=item > 0 +=item Z<>0 + +PSK identity was not found. An "unknown_psk_identity" alert message +will be sent and the connection setup fails. + +=item E<gt>0 PSK identity was found and the server callback has provided the PSK successfully in parameter B<psk>. Return value is the length of @@ -96,11 +101,6 @@ data to B<psk> and return the length of the random data, so the connection will fail with decryption_error before it will be finished completely. -=item Z<>0 - -PSK identity was not found. An "unknown_psk_identity" alert message -will be sent and the connection setup fails. - =back =cut diff --git a/openssl/doc/ssl/SSL_CTX_use_serverinfo.pod b/openssl/doc/ssl/SSL_CTX_use_serverinfo.pod new file mode 100755 index 000000000..da7935c83 --- /dev/null +++ b/openssl/doc/ssl/SSL_CTX_use_serverinfo.pod @@ -0,0 +1,46 @@ +=pod + +=head1 NAME + +SSL_CTX_use_serverinfo, SSL_CTX_use_serverinfo_file + +=head1 SYNOPSIS + + #include <openssl/ssl.h> + + int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, + size_t serverinfo_length); + + int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); + +=head1 DESCRIPTION + +These functions load "serverinfo" TLS ServerHello Extensions into the SSL_CTX. +A "serverinfo" extension is returned in response to an empty ClientHello +Extension. + +SSL_CTX_use_serverinfo() loads one or more serverinfo extensions from +a byte array into B<ctx>. The extensions must be concatenated into a +sequence of bytes. Each extension must consist of a 2-byte Extension Type, +a 2-byte length, and then length bytes of extension_data. + +SSL_CTX_use_serverinfo_file() loads one or more serverinfo extensions from +B<file> into B<ctx>. The extensions must be in PEM format. Each extension +must consist of a 2-byte Extension Type, a 2-byte length, and then length +bytes of extension_data. Each PEM extension name must begin with the phrase +"BEGIN SERVERINFO FOR ". + +=head1 NOTES + +=head1 RETURN VALUES + +On success, the functions return 1. +On failure, the functions return 0. Check out the error stack to find out +the reason. + +=head1 SEE ALSO + +=head1 HISTORY + + +=cut diff --git a/openssl/doc/ssl/SSL_accept.pod b/openssl/doc/ssl/SSL_accept.pod index 223944417..89ad6bd0b 100644 --- a/openssl/doc/ssl/SSL_accept.pod +++ b/openssl/doc/ssl/SSL_accept.pod @@ -21,10 +21,7 @@ B<ssl> by setting an underlying B<BIO>. The behaviour of SSL_accept() depends on the underlying BIO. If the underlying BIO is B<blocking>, SSL_accept() will only return once the -handshake has been finished or an error occurred, except for SGC (Server -Gated Cryptography). For SGC, SSL_accept() may return with -1, but -SSL_get_error() will yield B<SSL_ERROR_WANT_READ/WRITE> and SSL_accept() -should be called again. +handshake has been finished or an error occurred. If the underlying BIO is B<non-blocking>, SSL_accept() will also return when the underlying BIO could not satisfy the needs of SSL_accept() diff --git a/openssl/doc/ssl/SSL_do_handshake.pod b/openssl/doc/ssl/SSL_do_handshake.pod index b35ddf5f1..8b590c9f1 100644 --- a/openssl/doc/ssl/SSL_do_handshake.pod +++ b/openssl/doc/ssl/SSL_do_handshake.pod @@ -23,10 +23,7 @@ L<SSL_set_accept_state(3)|SSL_set_accept_state(3)>. The behaviour of SSL_do_handshake() depends on the underlying BIO. If the underlying BIO is B<blocking>, SSL_do_handshake() will only return -once the handshake has been finished or an error occurred, except for SGC -(Server Gated Cryptography). For SGC, SSL_do_handshake() may return with -1, -but SSL_get_error() will yield B<SSL_ERROR_WANT_READ/WRITE> and -SSL_do_handshake() should be called again. +once the handshake has been finished or an error occurred. If the underlying BIO is B<non-blocking>, SSL_do_handshake() will also return when the underlying BIO could not satisfy the needs of SSL_do_handshake() diff --git a/openssl/doc/ssl/SSL_shutdown.pod b/openssl/doc/ssl/SSL_shutdown.pod index 85d4a64b0..efbff5a0a 100644 --- a/openssl/doc/ssl/SSL_shutdown.pod +++ b/openssl/doc/ssl/SSL_shutdown.pod @@ -104,7 +104,7 @@ erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. The shutdown was successfully completed. The "close notify" alert was sent and the peer's "close notify" alert was received. -=item -1 +=item E<lt>0 The shutdown was not successful because a fatal error occurred either at the protocol level or a connection failure occurred. It can also occur if diff --git a/openssl/doc/ssl/ssl.pod b/openssl/doc/ssl/ssl.pod index 6d3ee24e4..8d5b8c380 100644 --- a/openssl/doc/ssl/ssl.pod +++ b/openssl/doc/ssl/ssl.pod @@ -374,6 +374,10 @@ session instead of a context. =item int B<SSL_CTX_use_certificate_file>(SSL_CTX *ctx, char *file, int type); +=item X509 *B<SSL_CTX_get0_certificate>(const SSL_CTX *ctx); + +=item EVP_PKEY *B<SSL_CTX_get0_privatekey>(const SSL_CTX *ctx); + =item void B<SSL_CTX_set_psk_client_callback>(SSL_CTX *ctx, unsigned int (*callback)(SSL *ssl, const char *hint, char *identity, unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)); =item int B<SSL_CTX_use_psk_identity_hint>(SSL_CTX *ctx, const char *hint); @@ -507,7 +511,7 @@ connection defined in the B<SSL> structure. =item X509 *B<SSL_get_peer_certificate>(const SSL *ssl); -=item EVP_PKEY *B<SSL_get_privatekey>(SSL *ssl); +=item EVP_PKEY *B<SSL_get_privatekey>(const SSL *ssl); =item int B<SSL_get_quiet_shutdown>(const SSL *ssl); diff --git a/openssl/doc/ssleay.txt b/openssl/doc/ssleay.txt index 4d2e71486..c9b29bd97 100644 --- a/openssl/doc/ssleay.txt +++ b/openssl/doc/ssleay.txt @@ -6026,7 +6026,7 @@ one at a time, or use 'aliases' to specify the preference and order for the ciphers. There are a large number of aliases, but the most importaint are -kRSA, kDHr, kDHd and kEDH for key exchange types. +kRSA, kDHr, kDHd and kDHE for key exchange types. aRSA, aDSS, aNULL and aDH for authentication DES, 3DES, RC4, RC2, IDEA and eNULL for ciphers |