diff options
Diffstat (limited to 'crypto/openssl/doc')
25 files changed, 171 insertions, 132 deletions
diff --git a/crypto/openssl/doc/internal/man3/ossl_namemap_new.pod b/crypto/openssl/doc/internal/man3/ossl_namemap_new.pod index 7f4940fc9341..8879c592106b 100644 --- a/crypto/openssl/doc/internal/man3/ossl_namemap_new.pod +++ b/crypto/openssl/doc/internal/man3/ossl_namemap_new.pod @@ -4,7 +4,7 @@ ossl_namemap_new, ossl_namemap_free, ossl_namemap_stored, ossl_namemap_empty, ossl_namemap_add_name, ossl_namemap_add_names, -ossl_namemap_name2num, ossl_namemap_name2num_n, +ossl_namemap_name2num, ossl_namemap_name2num_n, ossl_namemap_num2name, ossl_namemap_doall_names - internal number E<lt>-E<gt> name map @@ -23,6 +23,8 @@ ossl_namemap_doall_names int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap, const char *name); int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap, const char *name, size_t name_len); + const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number, + int idx); int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number, void (*fn)(const char *name, void *data), void *data); @@ -64,6 +66,9 @@ ossl_namemap_name2num_n() does the same thing as ossl_namemap_name2num(), but takes a string length I<name_len> as well, allowing the caller to use a fragment of a string as a name. +ossl_namemap_num2name() finds the I<idx>th name associated with the +id I<number>. + ossl_namemap_doall_names() walks through all names associated with I<number> in the given I<namemap> and calls the function I<fn> for each of them. @@ -88,9 +93,9 @@ to lock). ossl_namemap_add_name() returns the number associated with the added string, or zero on error. -ossl_namemap_num2names() returns a pointer to a NULL-terminated list of -pointers to the names corresponding to the given number, or NULL if -it's undefined in the given B<OSSL_NAMEMAP>. +ossl_namemap_num2name() returns a pointer to I<idx>th name associated +with id I<number>, or NULL if it's undefined in the given +B<OSSL_NAMEMAP>. ossl_namemap_name2num() and ossl_namemap_name2num_n() return the number corresponding to the given name, or 0 if it's undefined in the given @@ -116,7 +121,7 @@ The functions described here were all added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man1/openssl-enc.pod.in b/crypto/openssl/doc/man1/openssl-enc.pod.in index 4d7ff3dc77e7..fb4f72ed8a19 100644 --- a/crypto/openssl/doc/man1/openssl-enc.pod.in +++ b/crypto/openssl/doc/man1/openssl-enc.pod.in @@ -193,9 +193,12 @@ Print out the key and IV used. Print out the key and IV used then immediately exit: don't do any encryption or decryption. -=item B<-bufsize> I<number> +=item B<-bufsize> I<number>[B<k>] Set the buffer size for I/O. +The maximum size that can be specified is B<2^31-1> (2147483647) bytes. +The B<k> suffix can be specified to indicate that I<number> is provided +in kibibytes (multiples of 1024 bytes). =item B<-nopad> @@ -279,7 +282,7 @@ Some of the ciphers do not have large keys and others have security implications if not used correctly. A beginner is advised to just use a strong block cipher, such as AES, in CBC mode. -All the block ciphers normally use PKCS#5 padding, also known as standard +All the block ciphers normally use PKCS#7 padding, also known as standard block padding. This allows a rudimentary integrity or password check to be performed. However, since the chance of random data passing the test is better than 1 in 256 it isn't a very good test. diff --git a/crypto/openssl/doc/man1/openssl-fipsinstall.pod.in b/crypto/openssl/doc/man1/openssl-fipsinstall.pod.in index 9dd4f5a49ffe..d44b4a7dac85 100644 --- a/crypto/openssl/doc/man1/openssl-fipsinstall.pod.in +++ b/crypto/openssl/doc/man1/openssl-fipsinstall.pod.in @@ -237,9 +237,7 @@ explicitly permitted by the various standards. =item B<-hkdf_digest_check> -Configure the module to enable a run-time digest check when deriving a key by -HKDF. -See NIST SP 800-56Cr2 for details. +This option is deprecated. =item B<-tls13_kdf_digest_check> @@ -261,9 +259,7 @@ See NIST SP 800-135r1 for details. =item B<-sskdf_digest_check> -Configure the module to enable a run-time digest check when deriving a key by -SSKDF. -See NIST SP 800-56Cr2 for details. +This option is deprecated. =item B<-x963kdf_digest_check> @@ -493,7 +489,7 @@ B<-ecdh_cofactor_check> =head1 COPYRIGHT -Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/BN_generate_prime.pod b/crypto/openssl/doc/man3/BN_generate_prime.pod index accc8a749f0c..6b8d1de19cd8 100644 --- a/crypto/openssl/doc/man3/BN_generate_prime.pod +++ b/crypto/openssl/doc/man3/BN_generate_prime.pod @@ -130,7 +130,7 @@ or all the tests passed. If B<p> passes all these tests, it is considered a probable prime. The test performed on B<p> are trial division by a number of small primes -and rounds of the of the Miller-Rabin probabilistic primality test. +and rounds of the Miller-Rabin probabilistic primality test. The functions do at least 64 rounds of the Miller-Rabin test giving a maximum false positive rate of 2^-128. @@ -148,7 +148,7 @@ and BN_is_prime_fasttest() are deprecated. BN_is_prime_fasttest() and BN_is_prime() behave just like BN_is_prime_fasttest_ex() and BN_is_prime_ex() respectively, but with the old -style call back. +style callback. B<ctx> is a preallocated B<BN_CTX> (to save the overhead of allocating and freeing the structure in a loop), or B<NULL>. @@ -246,7 +246,7 @@ BN_check_prime() was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_EncryptInit.pod b/crypto/openssl/doc/man3/EVP_EncryptInit.pod index 2c42e3969e03..3c62659319c2 100644 --- a/crypto/openssl/doc/man3/EVP_EncryptInit.pod +++ b/crypto/openssl/doc/man3/EVP_EncryptInit.pod @@ -850,7 +850,7 @@ See also EVP_CIPHER_CTX_get_key_length() and EVP_CIPHER_CTX_set_key_length(). =item "tag" (B<OSSL_CIPHER_PARAM_AEAD_TAG>) <octet string> Gets or sets the AEAD tag for the associated cipher context I<ctx>. -See L<EVP_EncryptInit(3)/AEAD Interface>. +See L<EVP_EncryptInit(3)/AEAD INTERFACE>. =item "pipeline-tag" (B<OSSL_CIPHER_PARAM_PIPELINE_AEAD_TAG>) <octet ptr> diff --git a/crypto/openssl/doc/man3/EVP_PKEY_new.pod b/crypto/openssl/doc/man3/EVP_PKEY_new.pod index 72d129deff24..0a56600c2b60 100644 --- a/crypto/openssl/doc/man3/EVP_PKEY_new.pod +++ b/crypto/openssl/doc/man3/EVP_PKEY_new.pod @@ -219,7 +219,19 @@ general private key without reference to any particular algorithm. The structure returned by EVP_PKEY_new() is empty. To add a private or public key to this empty structure use the appropriate functions described in L<EVP_PKEY_set1_RSA(3)>, L<EVP_PKEY_set1_DSA(3)>, L<EVP_PKEY_set1_DH(3)> or -L<EVP_PKEY_set1_EC_KEY(3)>. +L<EVP_PKEY_set1_EC_KEY(3)> for legacy key types implemented in internal +OpenSSL providers. + +For fully provider-managed key types (see L<provider-keymgmt(7)>), +possibly implemented in external providers, use functions such as +L<EVP_PKEY_set1_encoded_public_key(3)> or L<EVP_PKEY_fromdata(3)> +to populate key data. + +Generally caution is advised for using an B<EVP_PKEY> structure across +different library contexts: In order for an B<EVP_PKEY> to be shared by +multiple library contexts the providers associated with the library contexts +must have key managers that support the key type and implement the +OSSL_FUNC_keymgmt_import() and OSSL_FUNC_keymgmt_export() functions. =head1 RETURN VALUES diff --git a/crypto/openssl/doc/man3/EVP_aes_128_gcm.pod b/crypto/openssl/doc/man3/EVP_aes_128_gcm.pod index 485705ea7889..9bac62b10b32 100644 --- a/crypto/openssl/doc/man3/EVP_aes_128_gcm.pod +++ b/crypto/openssl/doc/man3/EVP_aes_128_gcm.pod @@ -127,7 +127,7 @@ EVP_aes_256_ocb() AES for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM), Galois Counter Mode (GCM) and OCB Mode respectively. These ciphers require additional control -operations to function correctly, see the L<EVP_EncryptInit(3)/AEAD Interface> +operations to function correctly, see the L<EVP_EncryptInit(3)/AEAD INTERFACE> section for details. =item EVP_aes_128_wrap(), @@ -184,7 +184,7 @@ L<EVP_CIPHER_meth_new(3)> =head1 COPYRIGHT -Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_aria_128_gcm.pod b/crypto/openssl/doc/man3/EVP_aria_128_gcm.pod index 91aa75ec3871..74e21444db8f 100644 --- a/crypto/openssl/doc/man3/EVP_aria_128_gcm.pod +++ b/crypto/openssl/doc/man3/EVP_aria_128_gcm.pod @@ -88,7 +88,7 @@ EVP_aria_256_gcm(), ARIA for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM) and Galois Counter Mode (GCM). These ciphers require additional control operations to function -correctly, see the L<EVP_EncryptInit(3)/AEAD Interface> section for details. +correctly, see the L<EVP_EncryptInit(3)/AEAD INTERFACE> section for details. =back @@ -113,7 +113,7 @@ L<EVP_CIPHER_meth_new(3)> =head1 COPYRIGHT -Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/EVP_chacha20.pod b/crypto/openssl/doc/man3/EVP_chacha20.pod index 7e80c8de40c9..0dfce7389b78 100644 --- a/crypto/openssl/doc/man3/EVP_chacha20.pod +++ b/crypto/openssl/doc/man3/EVP_chacha20.pod @@ -36,7 +36,7 @@ With an initial counter of 42 (2a in hex) would be expressed as: Authenticated encryption with ChaCha20-Poly1305. Like EVP_chacha20(), the key is 256 bits and the IV is 96 bits. This supports additional authenticated data (AAD) and produces a 128-bit authentication tag. See the -L<EVP_EncryptInit(3)/AEAD Interface> section for more information. +L<EVP_EncryptInit(3)/AEAD INTERFACE> section for more information. =back @@ -64,7 +64,7 @@ L<EVP_CIPHER_meth_new(3)> =head1 COPYRIGHT -Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod b/crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod index 1bddd7737069..dbc7073aac18 100644 --- a/crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod +++ b/crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod @@ -45,7 +45,12 @@ the program's dynamic memory area, where keys and other sensitive information might be stored, OpenSSL supports the concept of a "secure heap." The level and type of security guarantees depend on the operating system. It is a good idea to review the code and see if it addresses your -threat model and concerns. +threat model and concerns. It should be noted that the secure heap +uses a single read/write lock, and therefore any operations +that involve allocation or freeing of secure heap memory are serialised, +blocking other threads. With that in mind, highly concurrent applications +should enable the secure heap with caution and be aware of the performance +implications for multi-threaded code. If a secure heap is used, then private key B<BIGNUM> values are stored there. This protects long-term storage of private keys, but will not necessarily @@ -135,7 +140,7 @@ a B<size_t> in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/OSSL_CALLBACK.pod b/crypto/openssl/doc/man3/OSSL_CALLBACK.pod index 5fa8a8f08916..5550819a94b4 100644 --- a/crypto/openssl/doc/man3/OSSL_CALLBACK.pod +++ b/crypto/openssl/doc/man3/OSSL_CALLBACK.pod @@ -47,15 +47,10 @@ Additional parameters can be passed with the L<OSSL_PARAM(3)> array I<params>, =back -=begin comment RETURN VALUES doesn't make sense for a manual that only -describes a type, but document checkers still want that section, and -to have more than just the section title. - =head1 RETURN VALUES -txt - -=end comment +Functions of type B<OSSL_CALLBACK> and B<OSSL_PASSPHRASE_CALLBACK> +must return 1 on success and 0 on failure. =head1 SEE ALSO @@ -67,7 +62,7 @@ The types described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/PEM_read_CMS.pod b/crypto/openssl/doc/man3/PEM_read_CMS.pod index dbccf26cd893..880e31481029 100644 --- a/crypto/openssl/doc/man3/PEM_read_CMS.pod +++ b/crypto/openssl/doc/man3/PEM_read_CMS.pod @@ -84,9 +84,9 @@ see L<openssl_user_macros(7)>: =head1 DESCRIPTION -All of the functions described on this page are deprecated. -Applications should use OSSL_ENCODER_to_bio() and OSSL_DECODER_from_bio() -instead. +To replace the deprecated functions listed above, applications should use the +B<EVP_PKEY> type and OSSL_DECODER_from_bio() and OSSL_ENCODER_to_bio() to +read and write PEM data containing key parameters or private and public keys. In the description below, B<I<TYPE>> is used as a placeholder for any of the OpenSSL datatypes, such as B<X509>. @@ -142,7 +142,7 @@ were deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 1998-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/RAND_load_file.pod b/crypto/openssl/doc/man3/RAND_load_file.pod index baca54cb3c89..45570920ca95 100644 --- a/crypto/openssl/doc/man3/RAND_load_file.pod +++ b/crypto/openssl/doc/man3/RAND_load_file.pod @@ -19,7 +19,11 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file RAND_load_file() reads a number of bytes from file B<filename> and adds them to the PRNG. If B<max_bytes> is nonnegative, up to B<max_bytes> are read; -if B<max_bytes> is -1, the complete file is read. +if B<max_bytes> is -1, the complete file is read (unless the file +is not a regular file, in that case a fixed number of bytes, +256 in the current implementation, is attempted to be read). +RAND_load_file() can read less than the complete file or the requested number +of bytes if it doesn't fit in the return value type. Do not load the same file multiple times unless its contents have been updated by RAND_write_file() between reads. Also, note that B<filename> should be adequately protected so that an @@ -77,7 +81,7 @@ L<RAND(7)> =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_domain_flags.pod b/crypto/openssl/doc/man3/SSL_CTX_set_domain_flags.pod index 2f0911608435..cc9ad5911498 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_domain_flags.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_domain_flags.pod @@ -106,7 +106,7 @@ L<SSL_new_domain(3)>, L<openssl-quic-concurrency(7)> =head1 HISTORY -These functions were added in @QUIC_SERVER_VERSION@. +These functions were added in OpenSSL 3.5. =head1 COPYRIGHT diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_tmp_dh_callback.pod b/crypto/openssl/doc/man3/SSL_CTX_set_tmp_dh_callback.pod index a14f334cfca8..902cefdfa366 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set_tmp_dh_callback.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set_tmp_dh_callback.pod @@ -58,9 +58,11 @@ the actual key is newly generated during the negotiation. Typically applications should use well known DH parameters that have built-in support in OpenSSL. The macros SSL_CTX_set_dh_auto() and SSL_set_dh_auto() configure OpenSSL to use the default built-in DH parameters for the B<SSL_CTX> -and B<SSL> objects respectively. Passing a value of 1 in the I<onoff> parameter -switches the feature on, and passing a value of 0 switches it off. The default -setting is off. +and B<SSL> objects respectively. Passing a value of 2 or 1 in the I<onoff> +parameter switches it on. If the I<onoff> parameter is set to 2, it will force +the DH key size to 1024 if the B<SSL_CTX> or B<SSL> security level +L<SSL_CTX_set_security_level(3)> is 0 or 1. Passing a value of 0 switches +it off. The default setting is off. If "auto" DH parameters are switched on then the parameters will be selected to be consistent with the size of the key associated with the server's certificate. @@ -112,7 +114,7 @@ L<openssl-ciphers(1)>, L<openssl-dhparam(1)> =head1 COPYRIGHT -Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man3/SSL_poll.pod b/crypto/openssl/doc/man3/SSL_poll.pod index 87a1e42b1720..6047bd6750f8 100644 --- a/crypto/openssl/doc/man3/SSL_poll.pod +++ b/crypto/openssl/doc/man3/SSL_poll.pod @@ -5,12 +5,14 @@ SSL_poll, SSL_POLL_EVENT_NONE, SSL_POLL_EVENT_F, +SSL_POLL_EVENT_EL, SSL_POLL_EVENT_EC, SSL_POLL_EVENT_ECD, SSL_POLL_EVENT_ER, SSL_POLL_EVENT_EW, SSL_POLL_EVENT_R, SSL_POLL_EVENT_W, +SSL_POLL_EVENT_IC, SSL_POLL_EVENT_ISB, SSL_POLL_EVENT_ISU, SSL_POLL_EVENT_OSB, @@ -35,27 +37,29 @@ SSL_POLL_FLAG_NO_HANDLE_EVENTS #define SSL_POLL_EVENT_NONE 0 #define SSL_POLL_EVENT_F /* F (Failure) */ + #define SSL_POLL_EVENT_EL /* EL (Exception on Listener) */ #define SSL_POLL_EVENT_EC /* EC (Exception on Conn) */ #define SSL_POLL_EVENT_ECD /* ECD (Exception on Conn Drained) */ #define SSL_POLL_EVENT_ER /* ER (Exception on Read) */ #define SSL_POLL_EVENT_EW /* EW (Exception on Write) */ #define SSL_POLL_EVENT_R /* R (Readable) */ #define SSL_POLL_EVENT_W /* W (Writable) */ + #define SSL_POLL_EVENT_IC /* IC (Incoming Connection) */ #define SSL_POLL_EVENT_ISB /* ISB (Incoming Stream: Bidi) */ #define SSL_POLL_EVENT_ISU /* ISU (Incoming Stream: Uni) */ #define SSL_POLL_EVENT_OSB /* OSB (Outgoing Stream: Bidi) */ #define SSL_POLL_EVENT_OSU /* OSU (Outgoing Stream: Uni) */ - #define SSL_POLL_EVENT_RW /* R | W */ - #define SSL_POLL_EVENT_RE /* R | ER */ - #define SSL_POLL_EVENT_WE /* W | EW */ - #define SSL_POLL_EVENT_RWE /* RE | WE */ - #define SSL_POLL_EVENT_E /* EC | ER | EW */ - #define SSL_POLL_EVENT_IS /* ISB | ISU */ - #define SSL_POLL_EVENT_ISE /* IS | EC */ - #define SSL_POLL_EVENT_I /* IS */ - #define SSL_POLL_EVENT_OS /* OSB | OSU */ - #define SSL_POLL_EVENT_OSE /* OS | EC */ + #define SSL_POLL_EVENT_RW /* R | W */ + #define SSL_POLL_EVENT_RE /* R | ER */ + #define SSL_POLL_EVENT_WE /* W | EW */ + #define SSL_POLL_EVENT_RWE /* RE | WE */ + #define SSL_POLL_EVENT_E /* EL | EC | ER | EW */ + #define SSL_POLL_EVENT_IS /* ISB | ISU */ + #define SSL_POLL_EVENT_ISE /* IS | EC */ + #define SSL_POLL_EVENT_I /* IS */ + #define SSL_POLL_EVENT_OS /* OSB | OSU */ + #define SSL_POLL_EVENT_OSE /* OS | EC */ typedef struct ssl_poll_item_st { BIO_POLL_DESCRIPTOR desc; diff --git a/crypto/openssl/doc/man3/d2i_X509.pod b/crypto/openssl/doc/man3/d2i_X509.pod index df5ea65e596e..8e04c2286c57 100644 --- a/crypto/openssl/doc/man3/d2i_X509.pod +++ b/crypto/openssl/doc/man3/d2i_X509.pod @@ -588,8 +588,9 @@ freed in the event of error and I<*a> is set to NULL. B<i2d_I<TYPE>>() returns the number of bytes successfully encoded or a negative value if an error occurs. -B<i2d_I<TYPE>_bio>() and B<i2d_I<TYPE>_fp>() return 1 for success and 0 if an -error occurs. +B<i2d_I<TYPE>_bio>() and B<i2d_I<TYPE>_fp>(), +as well as i2d_ASN1_bio_stream(), +return 1 for success and 0 if an error occurs. =head1 EXAMPLES diff --git a/crypto/openssl/doc/man5/fips_config.pod b/crypto/openssl/doc/man5/fips_config.pod index a25ced338393..c3f7b8f3ab6b 100644 --- a/crypto/openssl/doc/man5/fips_config.pod +++ b/crypto/openssl/doc/man5/fips_config.pod @@ -62,17 +62,11 @@ A version number for the fips install process. Should be 1. =item B<install-status> -An indicator that the self-tests were successfully run. -This should only be written after the module has -successfully passed its self tests during installation. -If this field is not present, then the self tests will run when the module -loads. +This field is deprecated and is no longer used. =item B<install-mac> -A MAC of the value of the B<install-status> option, to prevent accidental -changes to that value. -It is written-to at the same time as B<install-status> is updated. +This field is deprecated and is no longer used. =back @@ -112,7 +106,7 @@ See L<openssl-fipsinstall(1)/OPTIONS> B<-signature_digest_check> =item B<hkdf-digest-check> -See L<openssl-fipsinstall(1)/OPTIONS> B<-hkdf_digest_check> +This option is deprecated. =item B<tls13-kdf-digest-check> @@ -128,7 +122,7 @@ See L<openssl-fipsinstall(1)/OPTIONS> B<-sshkdf_digest_check> =item B<sskdf-digest-check> -See L<openssl-fipsinstall(1)/OPTIONS> B<-sskdf_digest_check> +This option is deprecated. =item B<x963kdf-digest-check> @@ -233,7 +227,7 @@ This functionality was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man7/EVP_ASYM_CIPHER-RSA.pod b/crypto/openssl/doc/man7/EVP_ASYM_CIPHER-RSA.pod index 171a3d130ec0..2b8cf1c12fb8 100644 --- a/crypto/openssl/doc/man7/EVP_ASYM_CIPHER-RSA.pod +++ b/crypto/openssl/doc/man7/EVP_ASYM_CIPHER-RSA.pod @@ -27,7 +27,8 @@ The default provider understands these RSA padding modes in string form: This padding mode is no longer supported by the FIPS provider for key agreement and key transport. -(This is a FIPS 140-3 requirement) +(This is a FIPS 140-3 requirement). +See L<openssl-fipsinstall(1)/OPTIONS> B<-rsa_pkcs15_pad_disabled>. =item "x931" (B<OSSL_PKEY_RSA_PAD_MODE_X931>) @@ -109,7 +110,7 @@ L<OSSL_PROVIDER-FIPS(7)> =head1 COPYRIGHT -Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man7/EVP_PKEY-DSA.pod b/crypto/openssl/doc/man7/EVP_PKEY-DSA.pod index f3bed36f88a4..d386d8868a1c 100644 --- a/crypto/openssl/doc/man7/EVP_PKEY-DSA.pod +++ b/crypto/openssl/doc/man7/EVP_PKEY-DSA.pod @@ -119,7 +119,7 @@ The following sections of FIPS186-4: =head1 SEE ALSO L<EVP_PKEY-FFC(7)>, -L<EVP_SIGNATURE-DSA(7)> +L<EVP_SIGNATURE-DSA(7)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>, L<EVP_KEYMGMT(3)>, @@ -133,7 +133,7 @@ OpenSSL 3.4. See L<fips_module(7)/FIPS indicators> for more information. =head1 COPYRIGHT -Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man7/EVP_PKEY-FFC.pod b/crypto/openssl/doc/man7/EVP_PKEY-FFC.pod index 7c9848676b8c..a28bb84e0a36 100644 --- a/crypto/openssl/doc/man7/EVP_PKEY-FFC.pod +++ b/crypto/openssl/doc/man7/EVP_PKEY-FFC.pod @@ -213,7 +213,7 @@ The following sections of FIPS186-4: L<EVP_PKEY-DSA(7)>, L<EVP_PKEY-DH(7)>, L<EVP_SIGNATURE-DSA(7)>, -L<EVP_KEYEXCH-DH(7)> +L<EVP_KEYEXCH-DH(7)>, L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>, @@ -222,7 +222,7 @@ L<OSSL_PROVIDER-FIPS(7)>, =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/doc/man7/EVP_SIGNATURE-ML-DSA.pod b/crypto/openssl/doc/man7/EVP_SIGNATURE-ML-DSA.pod index 3e7cc41b2424..3b6e795f0709 100644 --- a/crypto/openssl/doc/man7/EVP_SIGNATURE-ML-DSA.pod +++ b/crypto/openssl/doc/man7/EVP_SIGNATURE-ML-DSA.pod @@ -113,7 +113,7 @@ To sign a message using an ML-DSA EVP_PKEY structure: EVP_PKEY_sign(sctx, sig, &sig_len, msg, msg_len); ... OPENSSL_free(sig); - EVP_SIGNATURE(sig_alg); + EVP_SIGNATURE_free(sig_alg); EVP_PKEY_CTX_free(sctx); } diff --git a/crypto/openssl/doc/man7/EVP_SIGNATURE-SLH-DSA.pod b/crypto/openssl/doc/man7/EVP_SIGNATURE-SLH-DSA.pod index 9ca1e077484a..de2be646ed64 100644 --- a/crypto/openssl/doc/man7/EVP_SIGNATURE-SLH-DSA.pod +++ b/crypto/openssl/doc/man7/EVP_SIGNATURE-SLH-DSA.pod @@ -109,7 +109,7 @@ To sign a message using an SLH-DSA EVP_PKEY structure: EVP_PKEY_sign(sctx, sig, &sig_len, msg, msg_len); ... OPENSSL_free(sig); - EVP_SIGNATURE(sig_alg); + EVP_SIGNATURE_free(sig_alg); EVP_PKEY_CTX_free(sctx); } diff --git a/crypto/openssl/doc/man7/OSSL_PROVIDER-FIPS.pod b/crypto/openssl/doc/man7/OSSL_PROVIDER-FIPS.pod index 571a1e99e089..d14005a89a1c 100644 --- a/crypto/openssl/doc/man7/OSSL_PROVIDER-FIPS.pod +++ b/crypto/openssl/doc/man7/OSSL_PROVIDER-FIPS.pod @@ -14,7 +14,7 @@ accredited testing laboratory. =head2 Properties The implementations in this provider specifically have these properties -defined: +defined for approved algorithms: =over 4 @@ -41,20 +41,17 @@ query. Including C<provider=fips> in your property query guarantees that the OpenSSL FIPS provider is used for cryptographic operations rather than other FIPS capable providers. -=head2 Provider parameters - -See L<provider-base(7)/Provider parameters> for a list of base parameters. -Additionally the OpenSSL FIPS provider also supports the following gettable -parameters: - -=over 4 +=head2 Approved algorithms -=item "security-checks" (B<OSSL_OSSL_PROV_PARAM_SECURITY_CHECKS>) <unsigned integer> +Algorithms that are fetched using "fips=yes" may still be unapproved if certain +conditions are not met. See L<fips_module(7)/FIPS indicators> for additional +information. -For further information refer to the L<openssl-fipsinstall(1)> option -B<-no_security_checks>. +=head2 Provider parameters -=back +See L<provider-base(7)/Provider parameters> for a list of base parameters. +The OpenSSL FIPS provider also handles FIPS indicator related parameters as +specified by L<fips_config(5)/FIPS indicator options>. =head1 OPERATIONS AND ALGORITHMS @@ -84,8 +81,6 @@ The OpenSSL FIPS provider supports these operations and algorithms: =item 3DES, see L<EVP_CIPHER-DES(7)> -This is an unapproved algorithm. - =back =head2 Message Authentication Code (MAC) @@ -212,21 +207,21 @@ for signature generation, but may be used for verification for legacy use cases. =item EC, see L<EVP_KEYMGMT-EC(7)> -=item X25519, see L<EVP_KEYMGMT-X25519(7)> - -This is an unapproved algorithm. - -=item X448, see L<EVP_KEYMGMT-X448(7)> +=item ED25519, see L<EVP_KEYMGMT-ED25519(7)> -This is an unapproved algorithm. +=item ED448, see L<EVP_KEYMGMT-ED448(7)> -=item ED25519, see L<EVP_KEYMGMT-ED25519(7)> +=item X25519, see L<EVP_KEYMGMT-X25519(7)> This is an unapproved algorithm. +The FIPS 140-3 IG states that "Curves that are included in SP 800-186 but not +included in SP 800-56Arev3 are not approved for key agreement". -=item ED448, see L<EVP_KEYMGMT-ED448(7)> +=item X448, see L<EVP_KEYMGMT-X448(7)> This is an unapproved algorithm. +The FIPS 140-3 IG states that "Curves that are included in SP 800-186 but not" +included in SP 800-56Arev3 are not approved for key agreement". =item TLS1-PRF @@ -288,8 +283,11 @@ TEST-RAND is an unapproved algorithm. =head1 SELF TESTING -One of the requirements for the FIPS module is self testing. An optional callback -mechanism is available to return information to the user using +A requirement of FIPS modules is to run cryptographic algorithm self tests. +FIPS 140-3 requires known answer tests to be run on startup as well as +conditional tests that run during cryptographic operations. + +An optional callback mechanism is available to return information to the user using L<OSSL_SELF_TEST_set_callback(3)>. The parameters passed to the callback are described in L<OSSL_SELF_TEST_new(3)> @@ -311,12 +309,10 @@ Uses HMAC SHA256 on the module file to validate that the module has not been modified. The integrity value is compared to a value written to a configuration file during installation. -=item "Install_Integrity" (B<OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY>) +=item "KAT_Integrity" (B<OSSL_SELF_TEST_TYPE_KAT_INTEGRITY>) -Uses HMAC SHA256 on a fixed string to validate that the installation process -has already been performed and the self test KATS have already been tested, -The integrity value is compared to a value written to a configuration -file after successfully running the self tests during installation. +Used during the Module Integrity test to perform a known answer test on +HMAC SHA256 prior to using it. =item "KAT_Cipher" (B<OSSL_SELF_TEST_TYPE_KAT_CIPHER>) @@ -360,24 +356,28 @@ Known answer test for a Deterministic Random Bit Generator. =item "Conditional_PCT" (B<OSSL_SELF_TEST_TYPE_PCT>) -Conditional test that is run during the generation or importing of key pairs. +Conditional test that is run during the generation of key pairs. + +=item "Import_PCT" (B<OSSL_SELF_TEST_TYPE_PCT_IMPORT>) + +Conditional test that is run during the import of key pairs. + +=item "Conditional_KAT" (B<OSSL_SELF_TEST_TYPE_PCT_KAT>) + +Conditional test run during generation that derive the public key from the +private key and checks that the public key matches. This is a SP 800-56A requirement. =item "Continuous_RNG_Test" (B<OSSL_SELF_TEST_TYPE_CRNG>) Continuous random number generator test. -=back - -The "Module_Integrity" self test is always run at startup. -The "Install_Integrity" self test is used to check if the self tests have -already been run at installation time. If they have already run then the -self tests are not run on subsequent startups. -All other self test categories are run once at installation time, except for the -"Pairwise_Consistency_Test". +=item "Install_Integrity" (B<OSSL_SELF_TEST_TYPE_INSTALL_INTEGRITY>) -There is only one instance of the "Module_Integrity" and "Install_Integrity" -self tests. All other self tests may have multiple instances. +This is deprecated. The option is no longer used since FIPS 140-3 requires +self tests to always run on startup. Previous FIPS 140-2 validations allowed +the self tests to be run just once. +=back The FIPS module passes the following descriptions(s) to OSSL_SELF_TEST_onbegin(). @@ -385,7 +385,7 @@ The FIPS module passes the following descriptions(s) to OSSL_SELF_TEST_onbegin() =item "HMAC" (B<OSSL_SELF_TEST_DESC_INTEGRITY_HMAC>) -"Module_Integrity" and "Install_Integrity" use this. +"Module_Integrity" uses this. =item "RSA" (B<OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1>) @@ -559,20 +559,6 @@ validated versions alongside F<libcrypto> and F<libssl> compiled from any release within the same major release series. This flexibility enables you to address bug fixes and CVEs that fall outside the FIPS boundary. -The FIPS provider in OpenSSL 3.1 includes some non-FIPS validated algorithms, -consequently the property query C<fips=yes> is mandatory for applications that -want to operate in a FIPS approved manner. The algorithms are: - -=over 4 - -=item Triple DES ECB - -=item Triple DES CBC - -=item EdDSA - -=back - You can load the FIPS provider into multiple library contexts as any other provider. However the following restriction applies. The FIPS provider cannot be used by multiple copies of OpenSSL libcrypto in a single process. diff --git a/crypto/openssl/doc/man7/provider-base.pod b/crypto/openssl/doc/man7/provider-base.pod index 0302900a7314..511195770581 100644 --- a/crypto/openssl/doc/man7/provider-base.pod +++ b/crypto/openssl/doc/man7/provider-base.pod @@ -154,6 +154,10 @@ provider): core_new_error OSSL_FUNC_CORE_NEW_ERROR core_set_error_debug OSSL_FUNC_CORE_SET_ERROR_DEBUG core_vset_error OSSL_FUNC_CORE_VSET_ERROR + core_set_error_mark OSSL_FUNC_CORE_SET_ERROR_MARK + core_clear_last_error_mark OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK + core_pop_error_to_mark OSSL_FUNC_CORE_POP_ERROR_TO_MARK + core_count_to_mark OSSL_FUNC_CORE_COUNT_TO_MARK core_obj_add_sigid OSSL_FUNC_CORE_OBJ_ADD_SIGID core_obj_create OSSL_FUNC_CORE_OBJ_CREATE CRYPTO_malloc OSSL_FUNC_CRYPTO_MALLOC @@ -270,6 +274,33 @@ error occurred or was reported. This corresponds to the OpenSSL function L<ERR_vset_error(3)>. +=item core_set_error_mark() + +sets a mark on the current topmost error record if there is one. + +This corresponds to the OpenSSL function L<ERR_set_mark(3)>. + +=item core_clear_last_error_mark() + +removes the last mark added if there is one. + +This corresponds to the OpenSSL function L<ERR_clear_last_mark(3)>. + +=item core_pop_error_to_mark() + +pops the top of the error stack until a mark is found. The mark is then removed. +If there is no mark, the whole stack is removed. + +This corresponds to the OpenSSL function L<ERR_pop_to_mark(3)>. + +=item core_count_to_mark() + +returns the number of entries on the error stack above the most recently +marked entry, not including that entry. If there is no mark in the error stack, +the number of entries in the error stack is returned. + +This corresponds to the OpenSSL function L<ERR_count_to_mark(3)>. + =back The core_obj_create() function registers a new OID and associated short name |