diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man1/openssl-cmp.pod.in | 31 | ||||
| -rw-r--r-- | doc/man1/openssl-cms.pod.in | 4 | ||||
| -rw-r--r-- | doc/man1/openssl-ts.pod.in | 4 | ||||
| -rw-r--r-- | doc/man3/BIO_s_mem.pod | 22 | ||||
| -rw-r--r-- | doc/man3/CMS_sign.pod | 4 | ||||
| -rw-r--r-- | doc/man3/EVP_MAC.pod | 4 | ||||
| -rw-r--r-- | doc/man3/EVP_SIGNATURE.pod | 4 | ||||
| -rw-r--r-- | doc/man3/OSSL_CMP_CTX_new.pod | 30 | ||||
| -rw-r--r-- | doc/man3/OSSL_CMP_exec_certreq.pod | 16 | ||||
| -rw-r--r-- | doc/man3/OSSL_HTTP_REQ_CTX.pod | 12 | ||||
| -rw-r--r-- | doc/man3/OSSL_HTTP_transfer.pod | 9 | ||||
| -rw-r--r-- | doc/man3/PKCS12_create.pod | 9 | ||||
| -rw-r--r-- | doc/man3/PKCS12_gen_mac.pod | 2 | ||||
| -rw-r--r-- | doc/man3/SSL_new.pod | 4 | ||||
| -rw-r--r-- | doc/man3/d2i_RSAPrivateKey.pod | 6 | ||||
| -rw-r--r-- | doc/man3/d2i_X509.pod | 2 | ||||
| -rw-r--r-- | doc/man5/x509v3_config.pod | 4 | ||||
| -rw-r--r-- | doc/man7/EVP_KDF-PKCS12KDF.pod | 8 | ||||
| -rw-r--r-- | doc/man7/migration_guide.pod | 9 |
19 files changed, 124 insertions, 60 deletions
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 4250deb426fc..9240916fce40 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -659,11 +659,12 @@ is typically used when authenticating with pre-shared key (password-based MAC). =item B<-secret> I<arg> -Prefer PBM-based message protection with given source of a secret value. -The secret is used for creating PBM-based protection of outgoing messages -and (as far as needed) for validating PBM-based protection of incoming messages. -PBM stands for Password-Based Message Authentication Code. +Provides the source of a secret value to use with MAC-based message protection. This takes precedence over the B<-cert> and B<-key> options. +The secret is used for creating MAC-based protection of outgoing messages +and for validating incoming messages that have MAC-based protection. +The algorithm used by default is Password-Based Message Authentication Code (PBM) +as defined in RFC 4210 section 5.1.3.1. For more information about the format of I<arg> see L<openssl-passphrase-options(1)>. @@ -682,7 +683,8 @@ while the subject of B<-oldcert> or B<-subjectName> may provide fallback values. The issuer of this certificate is used as one of the recipient fallback values and as fallback issuer entry in the certificate template of IR/CR/KUR messages. -When using signature-based message protection, this "protection certificate" +When performing signature-based message protection, +this "protection certificate", also called "signer certificate", will be included first in the extraCerts field of outgoing messages and the signature is done with the corresponding key. In Initialization Request (IR) messages this can be used for authenticating @@ -713,8 +715,8 @@ have no effect on the certificate verification enabled via this option. The corresponding private key file for the client's current certificate given in the B<-cert> option. -This will be used for signature-based message protection unless -the B<-secret> option indicating PBM or B<-unprotected_requests> is given. +This will be used for signature-based message protection unless the B<-secret> +option indicating MAC-based protection or B<-unprotected_requests> is given. It is also used as a fallback for the B<-newkey> option with IR/CR/KUR messages. @@ -730,7 +732,7 @@ L<openssl-passphrase-options(1)>. =item B<-digest> I<name> Specifies name of supported digest to use in RFC 4210's MSG_SIG_ALG -and as the one-way function (OWF) in MSG_MAC_ALG. +and as the one-way function (OWF) in C<MSG_MAC_ALG>. If applicable, this is used for message protection and proof-of-possession (POPO) signatures. To see the list of supported digests, use C<openssl list -digest-commands>. @@ -738,7 +740,7 @@ Defaults to C<sha256>. =item B<-mac> I<name> -Specifies the name of the MAC algorithm in MSG_MAC_ALG. +Specifies the name of the MAC algorithm in C<MSG_MAC_ALG>. To get the names of supported MAC algorithms use C<openssl list -mac-algorithms> and possibly combine such a name with the name of a supported digest algorithm, e.g., hmacWithSHA256. @@ -1097,6 +1099,13 @@ only affect the certificate verification enabled via the B<-out_trusted> option. =head1 NOTES +When a client obtains from a CMP server CA certificates that it is going to +trust, for instance via the C<caPubs> field of a certificate response, +authentication of the CMP server is particularly critical. +So special care must be taken setting up server authentication +using B<-trusted> and related options for certificate-based authentication +or B<-secret> for MAC-based protection. + When setting up CMP configurations and experimenting with enrollment options typically various errors occur until the configuration is correct and complete. When the CMP server reports an error the client will by default @@ -1166,7 +1175,7 @@ In order to update the enrolled certificate one may call openssl cmp -section insta,kur -using with PBM-based protection or +using MAC-based protection with PBM or openssl cmp -section insta,kur,signature @@ -1225,7 +1234,7 @@ Then it can start using the new cert and key. -newkey cl_key_new.pem -certout cl_cert.pem cp cl_key_new.pem cl_key.pem -This command sequence can be repated as often as needed. +This command sequence can be repeated as often as needed. =head2 Requesting information from CMP server diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in index c63a7f330ba6..65a61ee97f1d 100644 --- a/doc/man1/openssl-cms.pod.in +++ b/doc/man1/openssl-cms.pod.in @@ -391,7 +391,7 @@ option. =item I<recipient-cert> ... This is an alternative to using the B<-recip> option when encrypting a message. -One or more certificate filennames may be given. +One or more certificate filenames may be given. =item B<-I<cipher>> @@ -902,7 +902,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man1/openssl-ts.pod.in b/doc/man1/openssl-ts.pod.in index 6f7182020247..3e7f7c4be94b 100644 --- a/doc/man1/openssl-ts.pod.in +++ b/doc/man1/openssl-ts.pod.in @@ -490,7 +490,7 @@ Default is no. (Optional) =item B<ess_cert_id_alg> This option specifies the hash function to be used to calculate the TSA's -public key certificate identifier. Default is sha256. (Optional) +public key certificate identifier. Default is sha1. (Optional) =back @@ -652,7 +652,7 @@ L<ossl_store-file(7)> =head1 COPYRIGHT -Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_s_mem.pod b/doc/man3/BIO_s_mem.pod index 6b3cc6a2dae9..3bbc3e7fcf02 100644 --- a/doc/man3/BIO_s_mem.pod +++ b/doc/man3/BIO_s_mem.pod @@ -59,6 +59,8 @@ positive return value B<v> should be set to a negative value, typically -1. BIO_get_mem_data() sets *B<pp> to a pointer to the start of the memory BIOs data and returns the total amount of data available. It is implemented as a macro. +Note the pointer returned by this call is informative, no transfer of ownership +of this memory is implied. See notes on BIO_set_close(). BIO_set_mem_buf() sets the internal BUF_MEM structure to B<bm> and sets the close flag to B<c>, that is B<c> should be either BIO_CLOSE or BIO_NOCLOSE. @@ -114,6 +116,10 @@ preceding that write operation cannot be undone. Calling BIO_get_mem_ptr() prior to a BIO_reset() call with BIO_FLAGS_NONCLEAR_RST set has the same effect as a write operation. +Calling BIO_set_close() with BIO_NOCLOSE orphans the BUF_MEM internal to the +BIO, _not_ its actual data buffer. See the examples section for the proper +method for claiming ownership of the data pointer for a deferred free operation. + =head1 BUGS There should be an option to set the maximum size of a memory BIO. @@ -151,10 +157,24 @@ Extract the BUF_MEM structure from a memory BIO and then free up the BIO: BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */ BIO_free(mem); +Extract the BUF_MEM ptr, claim ownership of the internal data and free the BIO +and BUF_MEM structure: + + BUF_MEM *bptr; + char *data; + + BIO_get_mem_data(bio, &data); + BIO_get_mem_ptr(bio, &bptr); + BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free orphans BUF_MEM */ + BIO_free(bio); + bptr->data = NULL; /* Tell BUF_MEM to orphan data */ + BUF_MEM_free(bptr); + ... + free(data); =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/CMS_sign.pod b/doc/man3/CMS_sign.pod index 0d812756aef5..03bfc6fce16a 100644 --- a/doc/man3/CMS_sign.pod +++ b/doc/man3/CMS_sign.pod @@ -105,7 +105,7 @@ The function CMS_sign() is a basic CMS signing function whose output will be suitable for many purposes. For finer control of the output format the B<certs>, B<signcert> and B<pkey> parameters can all be B<NULL> and the B<CMS_PARTIAL> flag set. Then one or more signers can be added using the -function CMS_sign_add1_signer(), non default digests can be used and custom +function CMS_add1_signer(), non default digests can be used and custom attributes added. CMS_final() must then be called to finalize the structure if streaming is not enabled. @@ -132,7 +132,7 @@ The CMS_sign_ex() method was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod index 13482ac5e188..56ac92a48672 100644 --- a/doc/man3/EVP_MAC.pod +++ b/doc/man3/EVP_MAC.pod @@ -181,7 +181,7 @@ EVP_MAC_CTX_set_params() passes chosen parameters to the underlying context, given a context I<ctx>. The set of parameters given with I<params> determine exactly what parameters are passed down. -If I<params> are NULL, the unterlying context should do nothing and return 1. +If I<params> are NULL, the underlying context should do nothing and return 1. Note that a parameter that is unknown in the underlying context is simply ignored. Also, what happens when a needed parameter isn't passed down is @@ -481,7 +481,7 @@ These functions were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_SIGNATURE.pod b/doc/man3/EVP_SIGNATURE.pod index 600522085398..1f534ef33810 100644 --- a/doc/man3/EVP_SIGNATURE.pod +++ b/doc/man3/EVP_SIGNATURE.pod @@ -61,7 +61,7 @@ EVP_SIGNATURE_get0_provider() returns the provider that I<signature> was fetched from. EVP_SIGNATURE_do_all_provided() traverses all SIGNATURE implemented by all -activated roviders in the given library context I<libctx>, and for each of the +activated providers in the given library context I<libctx>, and for each of the implementations, calls the given function I<fn> with the implementation method and the given I<arg> as argument. @@ -106,7 +106,7 @@ The functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index e81fb08b00d6..ce7db8f2f086 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -182,7 +182,7 @@ clearing the internal CMP transaction (aka session) status, PKIStatusInfo, and any previous results (newCert, newChain, caPubs, and extraCertsIn) from the last executed transaction. It also clears any ITAVs that were added by OSSL_CMP_CTX_push0_genm_ITAV(). -All other field values (i.e., CMP options) are retained for potential re-use. +All other field values (i.e., CMP options) are retained for potential reuse. OSSL_CMP_CTX_set_option() sets the given value for the given option (e.g., OSSL_CMP_OPT_IMPLICIT_CONFIRM) in the given OSSL_CMP_CTX structure. @@ -260,12 +260,12 @@ The following options can be set: =item B<OSSL_CMP_OPT_OWF_ALGNID> The NID of the digest algorithm to be used as one-way function (OWF) - in RFC 4210's MSG_MAC_ALG for PBM-based message protection. + for MAC-based message protection with password-based MAC (PBM). + See RFC 4210 section 5.1.3.1 for details. Default is SHA256. =item B<OSSL_CMP_OPT_MAC_ALGNID> - The NID of the MAC algorithm to be used in RFC 4210's MSG_MAC_ALG - for PBM-based message protection. + The NID of the MAC algorithm to be used for message protection with PBM. Default is HMAC-SHA1 as per RFC 4210. =item B<OSSL_CMP_OPT_REVOCATION_REASON> @@ -450,8 +450,8 @@ The reference counts of those certificates handled successfully are increased. OSSL_CMP_CTX_get0_untrusted(OSSL_CMP_CTX *ctx) returns a pointer to the list of untrusted certs, which may be empty if unset. -OSSL_CMP_CTX_set1_cert() sets the CMP signer certificate -related to the private key used for CMP message protection. +OSSL_CMP_CTX_set1_cert() sets the CMP signer certificate, also called protection +certificate, related to the private key for signature-based message protection. Therefore the public key of this I<cert> must correspond to the private key set before or thereafter via OSSL_CMP_CTX_set1_pkey(). When using signature-based protection of CMP request messages @@ -481,15 +481,15 @@ OSSL_CMP_CTX_set1_pkey() sets the client's private key corresponding to the CMP signer certificate set via OSSL_CMP_CTX_set1_cert(). This key is used create signature-based protection (protectionAlg = MSG_SIG_ALG) of outgoing messages -unless a PBM secret has been set via OSSL_CMP_CTX_set1_secretValue(). +unless a symmetric secret has been set via OSSL_CMP_CTX_set1_secretValue(). The I<pkey> argument may be NULL to clear the entry. -OSSL_CMP_CTX_set1_secretValue() sets the byte string I<sec> with length I<len> -as PBM secret in the given I<ctx> or clears it if the I<sec> argument is NULL. -If present, this secret is used to create PBM-based protection of outgoing -messages and to verify any PBM-based protection of incoming messages -(protectionAlg = MSG_MAC_ALG). PBM stands for Password-Based MAC. -PBM-based protection takes precedence over signature-based protection. +OSSL_CMP_CTX_set1_secretValue() sets in I<ctx> the byte string I<sec> of length +I<len> to use as pre-shared secret, or clears it if the I<sec> argument is NULL. +If present, this secret is used to create MAC-based authentication and integrity +protection (rather than applying signature-based protection) +of outgoing messages and to verify authenticity and integrity of incoming +messages that have MAC-based protection (protectionAlg = C<MSG_MAC_ALG>). OSSL_CMP_CTX_set1_referenceValue() sets the given referenceValue I<ref> with length I<len> in the given I<ctx> or clears it if the I<ref> argument is NULL. @@ -500,7 +500,7 @@ then the sender field will contain the NULL-DN and the senderKID field of the CMP message header must be set. When signature-based protection is used the senderKID will be set to the subjectKeyIdentifier of the CMP signer certificate as far as present. -If not present or when PBM-based protection is used +If not present or when MAC-based protection is used the I<ref> value is taken as the fallback value for the senderKID. OSSL_CMP_CTX_set1_recipient() sets the recipient name that will be used in the @@ -731,7 +731,7 @@ Set up a CMP client context for sending requests and verifying responses: OSSL_CMP_CTX_set1_serverPath(cmp_ctx, path_or_alias); OSSL_CMP_CTX_set0_trustedStore(cmp_ctx, ts); -Set up client credentials for password-based protection (PBM): +Set up symmetric credentials for MAC-based message protection such as PBM: OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, ref, ref_len); OSSL_CMP_CTX_set1_secretValue(cmp_ctx, sec, sec_len); diff --git a/doc/man3/OSSL_CMP_exec_certreq.pod b/doc/man3/OSSL_CMP_exec_certreq.pod index b0d81c7c41a9..0cabc3bad5ac 100644 --- a/doc/man3/OSSL_CMP_exec_certreq.pod +++ b/doc/man3/OSSL_CMP_exec_certreq.pod @@ -42,7 +42,7 @@ client-server transactions, i.e., sequences of CMP requests and responses. All functions take a populated OSSL_CMP_CTX structure as their first argument. Usually the server name, port, and path ("CMP alias") need to be set, as well as -credentials the client can use for authenticating itself to the client. +credentials the client can use for authenticating itself to the server. In order to authenticate the server the client typically needs a trust store. The functions return their respective main results directly, while there are also accessor functions for retrieving various results and status information @@ -72,7 +72,7 @@ and need to be filled in using L<OSSL_CMP_CTX_set1_subjectName(3)>, L<OSSL_CMP_CTX_set0_newPkey(3)>, L<OSSL_CMP_CTX_set1_oldCert(3)>, etc. For P10CR, L<OSSL_CMP_CTX_set1_p10CSR(3)> needs to be used instead. The enrollment session may be blocked by sleeping until the addressed -CA (or an intermedate PKI component) can fully process and answer the request. +CA (or an intermediate PKI component) can fully process and answer the request. OSSL_CMP_try_certreq() is an alternative to the above functions that is more flexible regarding what to do after receiving a checkAfter value. @@ -119,9 +119,17 @@ See RFC 4210 section 5.3.19 and appendix E.5 for details. CMP is defined in RFC 4210 (and CRMF in RFC 4211). -So far the CMP client implementation is limited to one request per CMP message +The CMP client implementation is limited to one request per CMP message (and consequently to at most one response component per CMP message). +When a client obtains from a CMP server CA certificates that it is going to +trust, for instance via the caPubs field of a certificate response, +authentication of the CMP server is particularly critical. +So special care must be taken setting up server authentication in I<ctx> +using functions such as +L<OSSL_CMP_CTX_set0_trustedStore(3)> (for certificate-based authentication) or +L<OSSL_CMP_CTX_set1_secretValue(3)> (for MAC-based protection). + =head1 RETURN VALUES OSSL_CMP_exec_certreq(), OSSL_CMP_exec_IR_ses(), OSSL_CMP_exec_CR_ses(), @@ -163,7 +171,7 @@ The OpenSSL CMP support was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_HTTP_REQ_CTX.pod b/doc/man3/OSSL_HTTP_REQ_CTX.pod index ee61034aa731..6216420e4ffe 100644 --- a/doc/man3/OSSL_HTTP_REQ_CTX.pod +++ b/doc/man3/OSSL_HTTP_REQ_CTX.pod @@ -72,12 +72,16 @@ which collects the HTTP request header lines. OSSL_HTTP_REQ_CTX_free() frees up the HTTP request context I<rctx>. The I<rbio> is not free'd, I<wbio> will be free'd if I<free_wbio> is set. -OSSL_HTTP_REQ_CTX_set_request_line() adds the HTTP request line to the context. +OSSL_HTTP_REQ_CTX_set_request_line() adds the 1st HTTP request line to I<rctx>. The HTTP method is determined by I<method_POST>, which should be 1 to indicate C<POST> or 0 to indicate C<GET>. -I<server> and I<port> may be set to indicate a proxy server and port -that the request should go through, otherwise they should be left NULL. -I<path> is the HTTP request path; if left NULL, C</> is used. +I<server> and I<port> may be set to give the server and the optional port that +an HTTP proxy shall forward the request to, otherwise they must be left NULL. +I<path> provides the HTTP request path; if left NULL, C</> is used. +For backward compatibility, I<path> may begin with C<http://> and thus convey +an absoluteURI. In this case it indicates HTTP proxy use and provides also the +server (and optionally the port) that the proxy shall forward the request to. +In this case the I<server> and I<port> arguments must be NULL. OSSL_HTTP_REQ_CTX_add1_header() adds header I<name> with value I<value> to the context I<rctx>. It can be called more than once to add multiple header lines. diff --git a/doc/man3/OSSL_HTTP_transfer.pod b/doc/man3/OSSL_HTTP_transfer.pod index 3337f6d4a35e..716e365ef50d 100644 --- a/doc/man3/OSSL_HTTP_transfer.pod +++ b/doc/man3/OSSL_HTTP_transfer.pod @@ -161,8 +161,11 @@ NULL) to print additional diagnostic information in a user-oriented way. OSSL_HTTP_set1_request() sets up in I<rctx> the request header and content data and expectations on the response using the following parameters. -If <rctx> indicates using a proxy for HTTP (but not HTTPS), the server hostname -(and optionally port) needs to be placed in the header and thus must be present. +If <rctx> indicates using a proxy for HTTP (but not HTTPS), the server host +(and optionally port) needs to be placed in the header; thus it must be present +in I<rctx>. +For backward compatibility, the server (and optional port) may also be given in +the I<path> argument beginning with C<http://> (thus giving an absoluteURI). If I<path> is NULL it defaults to "/". If I<req> is NULL the HTTP GET method will be used to send the request else HTTP POST with the contents of I<req> and optional I<content_type>, where @@ -274,7 +277,7 @@ All the functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/PKCS12_create.pod b/doc/man3/PKCS12_create.pod index dc0f06d9d323..92e588062a36 100644 --- a/doc/man3/PKCS12_create.pod +++ b/doc/man3/PKCS12_create.pod @@ -42,7 +42,8 @@ can all be set to zero and sensible defaults will be used. These defaults are: AES password based encryption (PBES2 with PBKDF2 and AES-256-CBC) for private keys and certificates, the PBKDF2 and MAC key derivation iteration count of B<PKCS12_DEFAULT_ITER> (currently 2048), and -MAC algorithm HMAC with SHA2-256. +MAC algorithm HMAC with SHA2-256. The MAC key derivation algorithm used +for the outer PKCS#12 structure is PKCS12KDF. The default MAC iteration count is 1 in order to retain compatibility with old software which did not interpret MAC iteration counts. If such compatibility @@ -68,6 +69,8 @@ I<nid_key> or I<nid_cert> can be set to -1 indicating that no encryption should be used. I<mac_iter> can be set to -1 and the MAC will then be omitted entirely. +This can be useful when running with the FIPS provider as the PKCS12KDF +is not a FIPS approvable algorithm. PKCS12_create() makes assumptions regarding the encoding of the given pass phrase. @@ -83,7 +86,9 @@ IETF RFC 7292 (L<https://tools.ietf.org/html/rfc7292>) =head1 SEE ALSO +L<EVP_KDF-PKCS12KDF(7)>, L<d2i_PKCS12(3)>, +L<OSSL_PROVIDER-FIPS(7)>, L<passphrase-encoding(7)> =head1 HISTORY @@ -96,7 +101,7 @@ standards. =head1 COPYRIGHT -Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/PKCS12_gen_mac.pod b/doc/man3/PKCS12_gen_mac.pod index 37bcd572d841..a72df145fedd 100644 --- a/doc/man3/PKCS12_gen_mac.pod +++ b/doc/man3/PKCS12_gen_mac.pod @@ -22,6 +22,7 @@ PKCS12_verify_mac - Functions to create and manipulate a PKCS#12 structure PKCS12_gen_mac() generates an HMAC over the entire PKCS#12 object using the supplied password along with a set of already configured parameters. +The default key generation mechanism used is PKCS12KDF. PKCS12_verify_mac() verifies the PKCS#12 object's HMAC using the supplied password. @@ -57,6 +58,7 @@ IETF RFC 7292 (L<https://tools.ietf.org/html/rfc7292>) =head1 SEE ALSO L<d2i_PKCS12(3)>, +L<EVP_KDF-PKCS12KDF(7)>, L<PKCS12_create(3)>, L<passphrase-encoding(7)> diff --git a/doc/man3/SSL_new.pod b/doc/man3/SSL_new.pod index 59d275523f98..2b522769169b 100644 --- a/doc/man3/SSL_new.pod +++ b/doc/man3/SSL_new.pod @@ -35,7 +35,7 @@ MUST NOT have yet started the SSL handshake. For connections that are not in their initial state SSL_dup() just increments an internal reference count and returns the I<same> handle. It may be possible to use L<SSL_clear(3)> to recycle an SSL handle that is not in its initial -state for re-use, but this is best avoided. Instead, save and restore +state for reuse, but this is best avoided. Instead, save and restore the session, if desired, and construct a fresh handle for each connection. The subset of settings in I<s> that are duplicated are: @@ -124,7 +124,7 @@ L<ssl(7)> =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/d2i_RSAPrivateKey.pod b/doc/man3/d2i_RSAPrivateKey.pod index b4f5b4660900..08cd2c85e5bd 100644 --- a/doc/man3/d2i_RSAPrivateKey.pod +++ b/doc/man3/d2i_RSAPrivateKey.pod @@ -28,7 +28,6 @@ d2i_RSA_PUBKEY_fp, d2i_DHparams, d2i_DHparams_bio, d2i_DHparams_fp, -d2i_ECPKParameters, d2i_ECParameters, d2i_ECPrivateKey, d2i_ECPrivateKey_bio, @@ -56,7 +55,6 @@ i2d_DSA_PUBKEY, i2d_DSA_PUBKEY_bio, i2d_DSA_PUBKEY_fp, i2d_DSAparams, -i2d_ECPKParameters, i2d_ECParameters, i2d_ECPrivateKey, i2d_ECPrivateKey_bio, @@ -205,7 +203,7 @@ I<selection> and I<structure> as follows: =item B<i2d_I<TYPE>PrivateKey>() translates into: - int selection = EVP_PKEY_PRIVATE_KEY; + int selection = EVP_PKEY_KEYPAIR; const char *structure = "type-specific"; =item B<i2d_I<TYPE>PublicKey>() translates into: @@ -309,7 +307,7 @@ L<i2d_PUBKEY(3)> =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod index c79a964e6d7f..9226ef77c394 100644 --- a/doc/man3/d2i_X509.pod +++ b/doc/man3/d2i_X509.pod @@ -53,6 +53,7 @@ d2i_DIST_POINT, d2i_DIST_POINT_NAME, d2i_DSA_SIG, d2i_ECDSA_SIG, +d2i_ECPKParameters, d2i_EDIPARTYNAME, d2i_ESS_CERT_ID, d2i_ESS_CERT_ID_V2, @@ -223,6 +224,7 @@ i2d_DIST_POINT, i2d_DIST_POINT_NAME, i2d_DSA_SIG, i2d_ECDSA_SIG, +i2d_ECPKParameters, i2d_EDIPARTYNAME, i2d_ESS_CERT_ID, i2d_ESS_CERT_ID_V2, diff --git a/doc/man5/x509v3_config.pod b/doc/man5/x509v3_config.pod index 1830092394bc..044904022d89 100644 --- a/doc/man5/x509v3_config.pod +++ b/doc/man5/x509v3_config.pod @@ -93,7 +93,7 @@ numeric identifier, as shown here: email.2 = steve@example.org The syntax of raw extensions is defined by the source code that parses -the extension but should be documened. +the extension but should be documented. See L</Certificate Policies> for an example of a raw extension. If an extension type is unsupported, then the I<arbitrary> extension syntax @@ -590,7 +590,7 @@ L<ASN1_generate_nconf(3)> =head1 COPYRIGHT -Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/EVP_KDF-PKCS12KDF.pod b/doc/man7/EVP_KDF-PKCS12KDF.pod index 7edde1dc9bf7..986536569864 100644 --- a/doc/man7/EVP_KDF-PKCS12KDF.pod +++ b/doc/man7/EVP_KDF-PKCS12KDF.pod @@ -46,6 +46,9 @@ RFC 7292 section B.3. =head1 NOTES +This algorithm is not available in the FIPS provider as it is not FIPS +approvable. + A typical application of this algorithm is to derive keying material for an encryption algorithm from a password in the "pass", a salt in "salt", and an iteration count. @@ -68,7 +71,8 @@ L<EVP_KDF_CTX_new(3)>, L<EVP_KDF_CTX_free(3)>, L<EVP_KDF_CTX_set_params(3)>, L<EVP_KDF_derive(3)>, -L<EVP_KDF(3)/PARAMETERS> +L<EVP_KDF(3)/PARAMETERS>, +L<OSSL_PROVIDER-FIPS(7)> =head1 HISTORY @@ -76,7 +80,7 @@ This functionality was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod index 1847e9813cbb..61641324a7fc 100644 --- a/doc/man7/migration_guide.pod +++ b/doc/man7/migration_guide.pod @@ -306,6 +306,15 @@ context and property query and will call an extended version of the key/IV derivation function which supports these parameters. This includes L<EVP_PBE_CipherInit_ex(3)>, L<EVP_PBE_find_ex(3)> and L<EVP_PBE_scrypt_ex(3)>. +=head4 PKCS#12 KDF versus FIPS + +Unlike in 1.x.y, the PKCS12KDF algorithm used when a PKCS#12 structure +is created with a MAC that does not work with the FIPS provider as the PKCS12KDF +is not a FIPS approvable mechanism. + +See L<EVP_KDF-PKCS12KDF(7)>, L<PKCS12_create(3)>, L<openssl-pkcs12(1)>, +L<OSSL_PROVIDER-FIPS(7)>. + =head4 Windows thread synchronization changes Windows thread synchronization uses read/write primitives (SRWLock) when |