summaryrefslogtreecommitdiff
path: root/doc/man7
Commit message (Collapse)AuthorAgeFilesLines
* Fix FIPS provider value in docsTodd Short2021-06-111-1/+1
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15676)
* Decoding PKCS#8: separate decoding of encrypted and unencrypted PKCS#8Richard Levitte2021-06-091-4/+6
| | | | | | | | | | | | | | | | | | | This has us switch from the 'structure' "pkcs8" to "PrivateKeyInfo", which is sensible considering we already have "SubjectPublicKeyInfo". We also add "EncryptedPrivateKeyInfo", and use it for a special decoder that detects and decrypts an EncryptedPrivateKeyInfo structured DER blob into a PrivateKeyInfo structured DER blob and passes that on to the next decoder implementation. The result of this change is that PKCS#8 decryption should only happen once per decoding instead of once for every expected key type. Furthermore, this new decoder implementation sets the data type to the OID of the algorithmIdentifier field, thus reducing how many decoder implementations are tentativaly run further down the call chain. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15498)
* doc: add PKEY life cycle documentationPauli2021-06-082-0/+713
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15637)
* doc: add references to cipher life cycle documentationPauli2021-06-081-1/+7
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15637)
* doc: add cipher life cycle documentationPauli2021-06-082-0/+370
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15637)
* doc: add references to digest life cycle documentationPauli2021-06-082-2/+8
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15637)
* doc: add digest life cycle documentationPauli2021-06-081-0/+221
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15637)
* doc: add digest lifecycle diagramPauli2021-06-081-0/+0
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15637)
* Document missing EC/SM2 paramsShane Lontis2021-06-082-1/+32
| | | | | | | | | | | Fixes #15548 Document OSSL_PKEY_PARAM_EC_PUB_X, OSSL_PKEY_PARAM_EC_PUB_Y and OSSL_PKEY_PARAM_DEFAULT_DIGEST Added a section related to parameters for SM2. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15601)
* doc: update generated image filesPauli2021-06-063-0/+0
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15616)
* ENCODER: use property definitions instead of getting implementation parametersRichard Levitte2021-06-051-34/+8
| | | | | | | | | | | | | | | | The OSSL_ENCODER library used to ask each encoder implementation for certain data in form of parameters to place them correctly in the encoder chain, if at all. These parameters were duplicates of properties of those same implementations, and therefore unnecessarily redundant. Now that we have functionality to query property definition values, those duplicates are no longer needed, and are therefore not looked at any more. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15570)
* ENCODER: Drop OSSL_ENCODER_PARAM_INPUT_TYPERichard Levitte2021-06-051-9/+0
| | | | | | | | | | This was a poor substitute for using the name of the decoder implementation, and since there is functionality to get the latter now, this parameter can be dropped. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15570)
* DECODER: use property definitions instead of getting implementation parametersRichard Levitte2021-06-051-78/+26
| | | | | | | | | | | | | | | | | | | The OSSL_DECODER library used to ask each decoder implementation for certain data in form of parameters to place them correctly in the decoder chain, if at all. These parameters were duplicates of properties of those same implementations, and therefore unnecessarily redundant. Now that we have functionality to query property definition values, those duplicates are no longer needed, and are therefore not looked at any more. This adds the "global" error reason ERR_R_INVALID_PROPERTY_DEFINITION, which can be re-used elsewhere. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15570)
* Add documentation for newly added ASN1 functionsMatt Caswell2021-06-051-5/+7
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15591)
* Rename also the OSSL_PROVIDER_name() functionTomas Mraz2021-06-011-1/+2
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
* Rename all getters to use get/get0 in nameTomas Mraz2021-06-014-9/+13
| | | | | | | | | | | | | | For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
* Migration guide updates for flags and controls.Shane Lontis2021-06-011-0/+19
| | | | | | | | | | Provided a section that links to the ctrl/flags mappings to parameters for digests and ciphers. Added "EVP_CIPHER_CTX_set_flags() ordering" to changes section. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15496)
* Teach EVP_PKEYs to say whether they were decoded from explicit paramsMatt Caswell2021-05-311-0/+5
| | | | | | | | | | Currently we explicitly downgrade an EVP_PKEY to an EC_KEY and ask the EC_KEY directly whether it was decoded from explicit parameters or not. Instead we teach EVP_PKEYs to respond to a new parameter for this purpose. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15526)
* Add Docs for EVP_CIPHER-*Shane Lontis2021-05-2817-13/+682
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15416)
* EVP_CIPHER Documentation updatesShane Lontis2021-05-281-267/+5
| | | | | | | | | | | | | | | | EVP_EncryptInit.pod now follows the pattern used in EVP_DigestInit.pod. i.e. '=item' is used for methods PARAMETERS and CONTROLS sections have been added. The PARAMETERS list has been moved from provider-cipher.pod (this file just has a link now). Missing fields were updated. The CONTROLS shows the mappings to OSSL_PARAM keys. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15416)
* Deprecate old style BIO callback callsTomas Mraz2021-05-261-0/+6
| | | | | | | | New style BIO_debug_callback_ex() function added to provide replacement for BIO_debug_callback(). Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15440)
* doc: document the MAC block size getterPauli2021-05-255-4/+45
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15427)
* Add PBKDF1 to the legacy providerJon Spillett2021-05-241-0/+8
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14326)
* doc: update core_thread_start() documentationPauli2021-05-241-5/+7
| | | | | | | It is now passed an arugment to pass to the callback Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15278)
* doc: rereference img locations into subdirectoryPauli2021-05-223-3/+3
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15399)
* doc: move images into their own subdirectoryPauli2021-05-223-0/+0
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15399)
* DOCS: Fixups of the migration guide and the FIPS module manualRichard Levitte2021-05-212-428/+940
| | | | | | | | The markup needed a few touch-ups Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/15377)
* Cleanup the missing*.txt filesMatt Caswell2021-05-211-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | One macro existed that was added since 1.1.1 and was undocumented. This had been added to missingmacro.txt. This is the wrong approach and so has been removed from there. There were some entries in missingcrypto.txt that don't exist as functions at all. There were also some which were in fact documented. Additionally 2 entries from missingcrypto.txt have been moved to missingmacro.txt. These entries existed in 1.1.1 and were undocumented. In master they have been deprecated and compatibility macros for them implemented. The replacement functions have been documented. An entry in missingcrypto111.txt was not in alphabetical order (and was also) duplicated, but the equivalent entry in missingcrypto.txt was in the correct place. This has been corrected to make comparisons between the files easier. Finally a function has been added to missingcrypto111.txt. This function did exist in 1.1.1 and was undocumented. Its unclear why this wasn't in missingcrypto111.txt to start with. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15333)
* Update copyright yearMatt Caswell2021-05-203-3/+3
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15381)
* Update documentation for global properties mirroringMatt Caswell2021-05-201-2/+7
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15242)
* Add migration guide for 3.0Shane Lontis2021-05-204-5/+2252
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14710)
* doc: document all functions in provider-base(7)Pauli2021-05-151-12/+16
| | | | | | | Fixes #13358 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15259)
* mac: improve MAC documentation (Poly 1305 key reuse, nomenclature)Pauli2021-05-141-0/+7
| | | | | | | Fixes #12441 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15237)
* Enumerating the legacy provider's cipher algorithmsDmitry Belyavskiy2021-05-131-0/+26
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15197)
* EVP_PKEY-X25519.pod: Correct EVP_PKEY_Q_keygen function name in exampleDr. David von Oheimb2021-05-131-1/+1
| | | | | | | | fixup for #14695: Add convenience functions and macros for asymmetric key generation Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15226)
* Export/import flags for FFC params changed to seperate fields.Shane Lontis2021-05-131-0/+17
| | | | | | | | | | | An extra field got added to the ffc flags related to FIPS-186-2 key validation, but this field was not handled by the export/import since the flags were done as string combinations. To keep this consistent with other object flags they are now passed as seperate OSSL_PARAM fields. Fixes 'no-cached-fetch' build which uses export/import. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15210)
* Update documentation following addition of OSSL_LIB_CTX_new_child()Matt Caswell2021-05-111-0/+54
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14991)
* Add convenience functions and macros for asymmetric key generationDr. David von Oheimb2021-05-116-29/+24
| | | | | | | | | Add EVP_PKEY_gen(), EVP_PKEY_Q_gen(), EVP_RSA_gen(), and EVP_EC_gen(). Also export auxiliary function OSSL_EC_curve_nid2name() and improve deprecation info on RSA and EC key generation/management functions. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14695)
* Crypto: Add deprecation compatibility declarations for SHA* message digest ↵Dr. David von Oheimb2021-05-081-1/+1
| | | | | | | | | functions Also add hints to SHA256_Init.pod and CHANGES.md how to replace SHA256() etc. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14741)
* Unify parameter types in documentationTomas Mraz2021-05-0712-38/+39
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15178)
* Fixes #15070. Allow custom algorithm ID ASN.1 encoding for provided ciphersJon Spillett2021-05-071-1/+1
| | | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15130)
* Update copyright yearMatt Caswell2021-05-061-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15181)
* provider-storemgmt: Document the input-type and properties parameters.Tomas Mraz2021-05-061-0/+10
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15100)
* mac: update life-cycle description and diagrams to include finalXOFPauli2021-05-052-3/+11
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15061)
* Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters().Shane Lontis2021-04-272-2/+2
| | | | | | | | | The replacement functions EVP_PKEY_eq() and EVP_PKEY_parameters_eq() already exist. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/14997)
* Doc updates for DH/DSA examplesShane Lontis2021-04-272-9/+14
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14936)
* Fixes related to separation of DH and DHX typesShane Lontis2021-04-262-29/+67
| | | | | | | | | | | | | | | | | | | | | Fix dh_rfc5114 option in genpkey. Fixes #14145 Fixes #13956 Fixes #13952 Fixes #13871 Fixes #14054 Fixes #14444 Updated documentation for app to indicate what options are available for DH and DHX keys. DH and DHX now have different keymanager gen_set_params() methods. Added CHANGES entry to indicate the breaking change. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14883)
* Add type_name member to provided methods and use itTomas Mraz2021-04-261-0/+3
| | | | | | | Fixes #14701 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14898)
* Update copyright yearMatt Caswell2021-04-224-4/+4
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14986)
* ENCODER & DECODER: Allow decoder implementations to specify "carry on"Richard Levitte2021-04-211-1/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | So far, decoder implementations would return true (1) for a successful decode all the way, including what the callback it called returned, and false (0) in all other cases. This construction didn't allow to stop to decoding process on fatal errors, nor to choose what to report in the provider code. This is now changed so that decoders implementations are made to return false only on errors that should stop the decoding process from carrying on with other implementations, and return true for all other cases, even if that didn't result in a constructed object (EVP_PKEY for example), essentially making it OK to return "empty handed". The success of the decoding process is now all about successfully constructing the final object, rather than about the return value of the decoding chain. If no construction is attempted, the central decoding processing code concludes that whatever the input consisted of, it's not supported by the available decoder implementations. Fixes #14423 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14834)
View Lorry Controller Status