Add missing security rules about NULL check to various manpages

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas M

Add missing security rules about NULL check to various manpages

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25083)

show more ...

Copyright year updates


Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes

[Docs] Notes about freeing objects

- Free objects returned from PEM read
- Free objects returned from d2i_*

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz

[Docs] Notes about freeing objects

- Free objects returned from PEM read
- Free objects returned from d2i_*

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24478)

show more ...

Add RFC 5755 attribute certificate support

Add support for attribute certificates (v2) as described
in RFC 5755 profile.

Attribute certificates provide a mechanism to manage aut

Add RFC 5755 attribute certificate support

Add support for attribute certificates (v2) as described
in RFC 5755 profile.

Attribute certificates provide a mechanism to manage authorization
information separately from the identity information provided by
public key certificates.

This initial patch adds the ASN.1 definitions
and I/O API. Accessor functions for the certificate fields
will be added in subsequent patches.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes

pem_password_cb(3): References to other man pages

Refer to OSSL_ENCODER_to_bio and OSSL_DECODER_from_bio man pages.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-b

pem_password_cb(3): References to other man pages

Refer to OSSL_ENCODER_to_bio and OSSL_DECODER_from_bio man pages.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18164)

show more ...

pem_password_cb: Clarify the documentation on passphrases

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17320)

Clarify the deprecation warnings in the docs

There was recently an instance where a user was confused by the
deprecation warnings in the docs. They believed the warning applied to
th

Clarify the deprecation warnings in the docs

There was recently an instance where a user was confused by the
deprecation warnings in the docs. They believed the warning applied to
the immediately preceding function declarations, when it fact it applied
to the following function declarations.

https://mta.openssl.org/pipermail/openssl-users/2021-December/014665.html

We clarify the wording to make it clear that the warning applies to the
following functions.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17180)

show more ...

Clarify the PEM docs

Make it clear how the existing PEM functions can be used to create an
X509, X509_REQ or X509_CRL object with an associated libctx/propq.

Fixes #16966

Clarify the PEM docs

Make it clear how the existing PEM functions can be used to create an
X509, X509_REQ or X509_CRL object with an associated libctx/propq.

Fixes #16966

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17012)

show more ...

PEM_read_...: document that garbage and other PEM data is skipped

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15949)

Rename all getters to use get/get0 in name

For functions that exist in 1.1.1 provide a simple aliases via #define.

Fixes #15236

Functions with OSSL_DECODER_, OSSL_ENCODER_,

Rename all getters to use get/get0 in name

For functions that exist in 1.1.1 provide a simple aliases via #define.

Fixes #15236

Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)

show more ...

Add migration guide for 3.0

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14710)

Update deprecated API's in the documentation.

The reported issue related to EC_KEY deprecations
Fixes #14545

Searches were done in the pod files for all libcrypto.num
entrie

Update deprecated API's in the documentation.

The reported issue related to EC_KEY deprecations
Fixes #14545

Searches were done in the pod files for all libcrypto.num
entries containing DEPRECATEDIN_3_0 to find additional missing entries.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14564)

show more ...

PEM: Add a more generic way to implement PEM _ex functions for libctx

This also adds the following functions, for completeness:

PEM_write_PrivateKey_ex(), PEM_write_bio_PrivateKey_e

PEM: Add a more generic way to implement PEM _ex functions for libctx

This also adds the following functions, for completeness:

PEM_write_PrivateKey_ex(), PEM_write_bio_PrivateKey_ex(),
PEM_write_PUBKEY_ex, PEM_write_bio_PUBKEY_ex

Fixes #13542

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13547)

show more ...

Rename OPENSSL_CTX prefix to OSSL_LIB_CTX

Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

Rename OPENSSL_CTX prefix to OSSL_LIB_CTX

Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

The OPENSSL_CTX type stands out a little by using a different prefix.
For consistency reasons, this type is renamed to OSSL_LIB_CTX.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)

show more ...

Run the withlibctx.pl script

Automatically rename all instances of _with_libctx() to _ex() as per
our coding style.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged fro

Run the withlibctx.pl script

Automatically rename all instances of _with_libctx() to _ex() as per
our coding style.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12970)

show more ...

PEM: Add more library context aware PEM readers

PEM_read_bio_PUBKEY_ex() and PEM_read_bio_Parameters_ex() are added to
complete PEM_read_bio_PrivateKey_ex(). They are all refactored to

PEM: Add more library context aware PEM readers

PEM_read_bio_PUBKEY_ex() and PEM_read_bio_Parameters_ex() are added to
complete PEM_read_bio_PrivateKey_ex(). They are all refactored to be
wrappers around the same internal function.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12673)

show more ...

Add X509 related libctx changes.

- In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx().

Add X509 related libctx changes.

- In order to not add many X509_XXXX_with_libctx() functions the libctx and propq may be stored in the X509 object via a call to X509_new_with_libctx().
- Loading via PEM_read_bio_X509() or d2i_X509() should pass in a created cert using X509_new_with_libctx().
- Renamed some XXXX_ex() to XXX_with_libctx() for X509 API's.
- Removed the extra parameters in check_purpose..
- X509_digest() has been modified so that it expects a const EVP_MD object() and then internally it does the fetch when it needs to (via ASN1_item_digest_with_libctx()).
- Added API's that set the libctx when they load such as X509_STORE_new_with_libctx() so that the cert chains can be verified.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12153)

show more ...

Fix typos and repeated words

CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from ht

Fix typos and repeated words

CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12320)

show more ...

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)

Document the new libctx aware private key functions

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11494)

Add documentation for PEM_{read,write}_bio_Parameters()

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10113)

Make manuals with TYPE conform with man-pages(7)

Details from man-pages(7) that are used:

Formatting conventions for manual pages describing functions

...

Make manuals with TYPE conform with man-pages(7)

Details from man-pages(7) that are used:

Formatting conventions for manual pages describing functions

...
Variable names should, like argument names, be specified in italics.
...

Formatting conventions (general)

...
Special macros, which are usually in uppercase, are in bold.
Exception: don't boldface NULL.
...

Furthermore, for TYPE used as a placeholder for types and correponding
part of function names, we extrapolate that it's both a type and a
variable, and should therefore be bold (typical for types and function
names) and italic (typical for variables). POD processors don'e know
this, so we have to help them along. Therefore:

SPARSE_ARRAY_OF(TYPE) => B<SPARSE_ARRAY_OF>(B<I<TYPE>>)
ossl_sa_TYPE_num() => B<ossl_sa_I<TYPE>_num>()
TYPE => B<I<TYPE>>

There are some other less typical uses where one simply has to give
formatting some extra though.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10041)

show more ...

Update various man pages to place HISTORY section after SEE ALSO

SEE ALSO before HISTORY is the more common pattern in OpenSSL manual
pages and seems to be the prevalent order based on s

Update various man pages to place HISTORY section after SEE ALSO

SEE ALSO before HISTORY is the more common pattern in OpenSSL manual
pages and seems to be the prevalent order based on sampling my system
manual pages.

Fixes #8631

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8729)

show more ...

constify *_dup() and *i2d_*() and related functions as far as possible, introducing DECLARE_ASN1_DUP_FUNCTION

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell

constify *_dup() and *i2d_*() and related functions as far as possible, introducing DECLARE_ASN1_DUP_FUNCTION

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8029)

show more ...