[openssl] master update

Dr. Paul Dale pauli at openssl.org
Wed Sep 25 21:12:59 UTC 2019 

The branch master has been updated
       via  42462e4016d85b2abc5dcd5c872a71bb7521e079 (commit)
       via  72c162abb093857b2b3ea4fa2c1785eda7d6228f (commit)
       via  560ac83b0bfc6f871075c5891f96c5817b06f7b8 (commit)
       via  f49a65d09c09b3309b711518664b8ee973ec4b96 (commit)
       via  e7f2dac96826d7988467e6293156fcb12277a040 (commit)
      from  19bd1fa1ef17ff0ac071402cb6b002f1c29e37b9 (commit)


- Log -----------------------------------------------------------------
commit 42462e4016d85b2abc5dcd5c872a71bb7521e079
Author: Pauli <paul.dale at oracle.com>
Date:   Wed Sep 25 20:43:03 2019 +1000

    Use OSSL_PARAM types.  Limits are explained in the description where appropriate.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/10011)

commit 72c162abb093857b2b3ea4fa2c1785eda7d6228f
Author: Pauli <paul.dale at oracle.com>
Date:   Wed Sep 25 20:42:42 2019 +1000

    Use OSSL_PARAM types.  Limits are explained in the description where appropriate.
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/10011)

commit 560ac83b0bfc6f871075c5891f96c5817b06f7b8
Author: Pauli <paul.dale at oracle.com>
Date:   Wed Sep 25 20:30:09 2019 +1000

    KDF section 3 clean up
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/10011)

commit f49a65d09c09b3309b711518664b8ee973ec4b96
Author: Pauli <paul.dale at oracle.com>
Date:   Wed Sep 25 20:27:36 2019 +1000

    Use OSSL_PARAM types for MAC documentation
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/10011)

commit e7f2dac96826d7988467e6293156fcb12277a040
Author: Pauli <paul.dale at oracle.com>
Date:   Wed Sep 25 20:27:27 2019 +1000

    Use OSSL_PARAM types for KDF documentation
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/10011)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/EVP_KDF.pod            |  2 +-
 doc/man3/EVP_PKEY_CTX_ctrl.pod  |  7 ++++---
 doc/man7/EVP_KDF-HKDF.pod       |  2 +-
 doc/man7/EVP_KDF-PBKDF2.pod     |  4 ++--
 doc/man7/EVP_KDF-SCRYPT.pod     | 10 +++++-----
 doc/man7/EVP_KDF-SS.pod         |  2 +-
 doc/man7/EVP_KDF-SSHKDF.pod     |  2 +-
 doc/man7/EVP_MAC-BLAKE2.pod     |  3 ++-
 doc/man7/EVP_MAC-CMAC.pod       |  7 ++++---
 doc/man7/EVP_MAC-GMAC.pod       |  7 ++++---
 doc/man7/EVP_MAC-HMAC.pod       |  9 +++++----
 doc/man7/EVP_MAC-KMAC.pod       |  3 ++-
 doc/man7/EVP_MAC-Poly1305.pod   |  3 ++-
 doc/man7/EVP_MAC-Siphash.pod    |  3 ++-
 doc/man7/provider-digest.pod    |  7 ++++---
 doc/man7/provider-mac.pod       | 14 +++++++-------
 doc/man7/provider-signature.pod |  6 ++++--
 17 files changed, 51 insertions(+), 40 deletions(-)

diff --git a/doc/man3/EVP_KDF.pod b/doc/man3/EVP_KDF.pod
index afd4b6cc6c..9fa9a17d48 100644
--- a/doc/man3/EVP_KDF.pod
+++ b/doc/man3/EVP_KDF.pod
@@ -198,7 +198,7 @@ The length must never exceed what can be given with a B<size_t>.
 
 Memory-hard password-based KDF algorithms, such as scrypt, use an amount of
 memory that depends on the load factors provided as input.
-For those KDF implementations that support it, this uint64_t parameter sets
+For those KDF implementations that support it, this B<uint64_t> parameter sets
 an upper limit on the amount of memory that may be consumed while performing
 a key derivation.
 If this memory usage limit is exceeded because the load factors are chosen
diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod
index 13ea570865..0fd500ad59 100644
--- a/doc/man3/EVP_PKEY_CTX_ctrl.pod
+++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod
@@ -163,7 +163,7 @@ The parameters currently supported by the default provider are:
 
 =over 4
 
-=item "pad" (B<OSSL_EXCHANGE_PARAM_PAD>) <uint>
+=item "pad" (B<OSSL_EXCHANGE_PARAM_PAD>) <unsigned integer>
 
 Sets the DH padding mode.
 If B<OSSL_EXCHANGE_PARAM_PAD> is 1 then the  shared secret is padded with zeroes
@@ -171,15 +171,16 @@ up to the size of the DH prime B<p>.
 If B<OSSL_EXCHANGE_PARAM_PAD> is zero (the default) then no padding is
 performed.
 
-=item "digest" (B<OSSL_SIGNATURE_PARAM_DIGEST>) <utf8 string>
+=item "digest" (B<OSSL_SIGNATURE_PARAM_DIGEST>) <UTF8 string>
 
 Gets and sets the name of the digest algorithm used for the input to the
 signature functions.
 
-=item "digest-size" (B<OSSL_SIGNATURE_PARAM_DIGEST_SIZE>) <size_t>
+=item "digest-size" (B<OSSL_SIGNATURE_PARAM_DIGEST_SIZE>) <unsigned integer>
 
 Gets and sets the output size of the digest algorithm used for the input to the
 signature functions.
+The length of the "digest-size" parameter should not exceed that of a B<size_t>.
 The internal algorithm that supports this parameter is DSA.
 
 =back
diff --git a/doc/man7/EVP_KDF-HKDF.pod b/doc/man7/EVP_KDF-HKDF.pod
index ce623039c2..d68f384034 100644
--- a/doc/man7/EVP_KDF-HKDF.pod
+++ b/doc/man7/EVP_KDF-HKDF.pod
@@ -42,7 +42,7 @@ This parameter sets the info value.
 The length of the context info buffer cannot exceed 1024 bytes;
 this should be more than enough for any normal use of HKDF.
 
-=item B<OSSL_KDF_PARAM_MODE> ("mode") <UTF8 string> or <int>
+=item B<OSSL_KDF_PARAM_MODE> ("mode") <UTF8 string> or <integer>
 
 This parameter sets the mode for the HKDF operation.
 There are three modes that are currently defined:
diff --git a/doc/man7/EVP_KDF-PBKDF2.pod b/doc/man7/EVP_KDF-PBKDF2.pod
index f90029bf4e..d93dff68cc 100644
--- a/doc/man7/EVP_KDF-PBKDF2.pod
+++ b/doc/man7/EVP_KDF-PBKDF2.pod
@@ -28,7 +28,7 @@ The supported parameters are:
 
 =item B<OSSL_KDF_PARAM_SALT> ("salt") <octet string>
 
-=item B<OSSL_KDF_PARAM_ITER> ("iter") <unsigned int>
+=item B<OSSL_KDF_PARAM_ITER> ("iter") <unsigned integer>
 
 This parameter has a default value of 2048.
 
@@ -38,7 +38,7 @@ This parameter has a default value of 2048.
 
 These parameters work as described in L<EVP_KDF(3)/PARAMETERS>.
 
-=item B<OSSL_KDF_PARAM_PKCS5> ("pkcs5") <int>
+=item B<OSSL_KDF_PARAM_PKCS5> ("pkcs5") <integer>
 
 This parameter can be used to enable or disable SP800-132 compliance checks.
 Setting the mode to 0 enables the compliance checks.
diff --git a/doc/man7/EVP_KDF-SCRYPT.pod b/doc/man7/EVP_KDF-SCRYPT.pod
index 706237f6f2..1372f6d677 100644
--- a/doc/man7/EVP_KDF-SCRYPT.pod
+++ b/doc/man7/EVP_KDF-SCRYPT.pod
@@ -49,15 +49,15 @@ The supported parameters are:
 
 These parameters work as described in L<EVP_KDF(3)/PARAMETERS>.
 
-=item B<OSSL_KDF_PARAM_SCRYPT_N> ("n") <int>
+=item B<OSSL_KDF_PARAM_SCRYPT_N> ("n") <unsigned integer>
 
-=item B<OSSL_KDF_PARAM_SCRYPT_R> ("r") <int>
+=item B<OSSL_KDF_PARAM_SCRYPT_R> ("r") <unsigned integer>
 
-=item B<OSSL_KDF_PARAM_SCRYPT_P> ("p") <int>
+=item B<OSSL_KDF_PARAM_SCRYPT_P> ("p") <unsigned integer>
 
 These parameters configure the scrypt work factors N, r and p.
-N is a parameter of type uint64_t.
-Both r and p are parameters of type uint32_t.
+N is a parameter of type B<uint64_t>.
+Both r and p are parameters of type B<uint32_t>.
 
 =back
 
diff --git a/doc/man7/EVP_KDF-SS.pod b/doc/man7/EVP_KDF-SS.pod
index 160e12ac39..0ccfe2ed28 100644
--- a/doc/man7/EVP_KDF-SS.pod
+++ b/doc/man7/EVP_KDF-SS.pod
@@ -45,7 +45,7 @@ The supported parameters are:
 
 =item B<OSSL_KDF_PARAM_MAC> ("mac") <UTF8 string>
 
-=item B<OSSL_KDF_PARAM_MAC_SIZE> ("maclen") <size_t>
+=item B<OSSL_KDF_PARAM_MAC_SIZE> ("maclen") <unsigned integer>
 
 =item B<OSSL_KDF_PARAM_SALT> ("salt") <octet string>
 
diff --git a/doc/man7/EVP_KDF-SSHKDF.pod b/doc/man7/EVP_KDF-SSHKDF.pod
index 7649f70cdb..e1350e951b 100644
--- a/doc/man7/EVP_KDF-SSHKDF.pod
+++ b/doc/man7/EVP_KDF-SSHKDF.pod
@@ -41,7 +41,7 @@ These parameters work as described in L<EVP_KDF(3)/PARAMETERS>.
 These parameters set the respective values for the KDF.
 If a value is already set, the contents are replaced.
 
-=item B<OSSL_KDF_PARAM_SSHKDF_TYPE> ("type") <int>
+=item B<OSSL_KDF_PARAM_SSHKDF_TYPE> ("type") <integer>
 
 This parameter sets the type for the SSHHKDF operation.
 There are six supported types:
diff --git a/doc/man7/EVP_MAC-BLAKE2.pod b/doc/man7/EVP_MAC-BLAKE2.pod
index 21be5223c9..15df9ce0cf 100644
--- a/doc/man7/EVP_MAC-BLAKE2.pod
+++ b/doc/man7/EVP_MAC-BLAKE2.pod
@@ -30,6 +30,7 @@ L<EVP_MAC(3)/PARAMETERS>.
 All these parameters can be set with EVP_MAC_CTX_set_params().
 Furthermore, the "size" parameter can be retrieved with
 EVP_MAC_CTX_get_params(), or with EVP_MAC_size().
+The length of the "size" parameter should not exceed that of a B<size_t>.
 
 =over 4
 
@@ -50,7 +51,7 @@ This is an optional value of at most 16 bytes for BLAKE2BMAC or 8 for
 BLAKE2SMAC.
 It is empty by default.
 
-=item B<OSSL_MAC_PARAM_SIZE> ("size") <size_t>
+=item B<OSSL_MAC_PARAM_SIZE> ("size") <unsigned integer>
 
 When set, this can be any number between between 1 and 32 for
 EVP_MAC_BLAKE2S or 64 for EVP_MAC_BLAKE2B.
diff --git a/doc/man7/EVP_MAC-CMAC.pod b/doc/man7/EVP_MAC-CMAC.pod
index 0b30c93735..75950617db 100644
--- a/doc/man7/EVP_MAC-CMAC.pod
+++ b/doc/man7/EVP_MAC-CMAC.pod
@@ -30,9 +30,9 @@ The following parameter can be set with EVP_MAC_CTX_set_params():
 
 =item B<OSSL_MAC_PARAM_KEY> ("key") <octet string>
 
-=item B<OSSL_MAC_PARAM_CIPHER> ("cipher") <utf8 string>
+=item B<OSSL_MAC_PARAM_CIPHER> ("cipher") <UTF8 string>
 
-=item B<OSSL_MAC_PARAM_PROPERTIES> ("properties") <utf8 string>
+=item B<OSSL_MAC_PARAM_PROPERTIES> ("properties") <UTF8 string>
 
 =back
 
@@ -41,11 +41,12 @@ EVP_MAC_CTX_get_params():
 
 =over 4
 
-=item B<OSSL_MAC_PARAM_SIZE> ("size") <unsigned int>
+=item B<OSSL_MAC_PARAM_SIZE> ("size") <unsigned integer>
 
 =back
 
 The "size" parameter can also be retrieved with with EVP_MAC_size().
+The length of the "size" parameter is equal to that of an B<unsigned int>.
 
 =head1 SEE ALSO
 
diff --git a/doc/man7/EVP_MAC-GMAC.pod b/doc/man7/EVP_MAC-GMAC.pod
index 79aaaa5b24..114322b97c 100644
--- a/doc/man7/EVP_MAC-GMAC.pod
+++ b/doc/man7/EVP_MAC-GMAC.pod
@@ -32,9 +32,9 @@ The following parameter can be set with EVP_MAC_CTX_set_params():
 
 =item B<OSSL_MAC_PARAM_IV> ("iv") <octet string>
 
-=item B<OSSL_MAC_PARAM_CIPHER> ("cipher") <utf8 string>
+=item B<OSSL_MAC_PARAM_CIPHER> ("cipher") <UTF8 string>
 
-=item B<OSSL_MAC_PARAM_PROPERTIES> ("properties") <utf8 string>
+=item B<OSSL_MAC_PARAM_PROPERTIES> ("properties") <UTF8 string>
 
 =back
 
@@ -43,11 +43,12 @@ EVP_MAC_CTX_get_params():
 
 =over 4
 
-=item B<OSSL_MAC_PARAM_SIZE> ("size") <unsigned int>
+=item B<OSSL_MAC_PARAM_SIZE> ("size") <unsigned integer>
 
 =back
 
 The "size" parameter can also be retrieved with EVP_MAC_size().
+The length of the "size" parameter is equal to that of an B<unsigned int>.
 
 =head1 SEE ALSO
 
diff --git a/doc/man7/EVP_MAC-HMAC.pod b/doc/man7/EVP_MAC-HMAC.pod
index 3ca2909d03..1b983b2339 100644
--- a/doc/man7/EVP_MAC-HMAC.pod
+++ b/doc/man7/EVP_MAC-HMAC.pod
@@ -32,24 +32,25 @@ The following parameter can be set with EVP_MAC_CTX_set_params():
 
 =item B<OSSL_MAC_PARAM_FLAGS> ("flags") <octet string>
 
-=item B<OSSL_MAC_PARAM_DIGEST> ("digest") <utf8 string>
+=item B<OSSL_MAC_PARAM_DIGEST> ("digest") <UTF8 string>
 
-=item B<OSSL_MAC_PARAM_PROPERTIES> ("properties") <utf8 string>
+=item B<OSSL_MAC_PARAM_PROPERTIES> ("properties") <UTF8 string>
 
 =back
 
 The "flags" parameter is passed directly to HMAC_CTX_set_flags().
 
-The following parameters can be retrieved with
+The following parameter can be retrieved with
 EVP_MAC_CTX_get_params():
 
 =over 4
 
-=item B<OSSL_MAC_PARAM_SIZE> ("size") <unsigned int>
+=item B<OSSL_MAC_PARAM_SIZE> ("size") <unsigned integer>
 
 =back
 
 The "size" parameter can also be retrieved with EVP_MAC_size().
+The length of the "size" parameter is equal to that of an B<unsigned int>.
 
 =head1 SEE ALSO
 
diff --git a/doc/man7/EVP_MAC-KMAC.pod b/doc/man7/EVP_MAC-KMAC.pod
index d241414428..0aec63100b 100644
--- a/doc/man7/EVP_MAC-KMAC.pod
+++ b/doc/man7/EVP_MAC-KMAC.pod
@@ -30,6 +30,7 @@ L<EVP_MAC(3)/PARAMETERS>.
 All these parameters can be set with EVP_MAC_CTX_set_params().
 Furthermore, the "size" parameter can be retrieved with
 EVP_MAC_CTX_get_params(), or with EVP_MAC_size().
+The length of the "size" parameter should not exceed that of a B<size_t>.
 
 =over 4
 
@@ -37,7 +38,7 @@ EVP_MAC_CTX_get_params(), or with EVP_MAC_size().
 
 =item B<OSSL_MAC_PARAM_CUSTOM> ("custom") <octet string>
 
-=item B<OSSL_MAC_PARAM_SIZE> ("size") <size_t>
+=item B<OSSL_MAC_PARAM_SIZE> ("size") <unsigned integer>
 
 =item B<OSSL_MAC_PARAM_XOF>
 
diff --git a/doc/man7/EVP_MAC-Poly1305.pod b/doc/man7/EVP_MAC-Poly1305.pod
index 5f606d66b2..6e3bf02b3c 100644
--- a/doc/man7/EVP_MAC-Poly1305.pod
+++ b/doc/man7/EVP_MAC-Poly1305.pod
@@ -37,11 +37,12 @@ EVP_MAC_CTX_get_params():
 
 =over 4
 
-=item B<OSSL_MAC_PARAM_SIZE> ("size") <unsigned int>
+=item B<OSSL_MAC_PARAM_SIZE> ("size") <unsigned integer>
 
 =back
 
 The "size" parameter can also be retrieved with with EVP_MAC_size().
+The length of the "size" parameter should not exceed that of an B<unsigned int>.
 
 =head1 SEE ALSO
 
diff --git a/doc/man7/EVP_MAC-Siphash.pod b/doc/man7/EVP_MAC-Siphash.pod
index f82a668851..7738cc0017 100644
--- a/doc/man7/EVP_MAC-Siphash.pod
+++ b/doc/man7/EVP_MAC-Siphash.pod
@@ -28,12 +28,13 @@ L<EVP_MAC(3)/PARAMETERS>.
 All these parameters can be set with EVP_MAC_CTX_set_params().
 Furthermore, the "size" parameter can be retrieved with
 EVP_MAC_CTX_get_params(), or with EVP_MAC_size().
+The length of the "size" parameter should not exceed that of a B<size_t>.
 
 =over 4
 
 =item B<OSSL_MAC_PARAM_KEY> ("key") <octet string>
 
-=item B<OSSL_MAC_PARAM_SIZE> ("size") <size_t>
+=item B<OSSL_MAC_PARAM_SIZE> ("size") <unsigned integer>
 
 =back
 
diff --git a/doc/man7/provider-digest.pod b/doc/man7/provider-digest.pod
index 3d7808452c..83989dcf8b 100644
--- a/doc/man7/provider-digest.pod
+++ b/doc/man7/provider-digest.pod
@@ -227,9 +227,10 @@ parameters are relevant to, or are understood by all digests:
 
 =over 4
 
-=item B<OSSL_DIGEST_PARAM_XOFLEN> (size_t)
+=item B<OSSL_DIGEST_PARAM_XOFLEN> (unsigned integer)
 
 Sets the digest length for extendable output functions.
+The length of the "xoflen" parameter should not exceed that of a B<size_t>.
 
 =item B<OSSL_DIGEST_PARAM_SSL3_MS> (octet string)
 
@@ -243,7 +244,7 @@ section 5.6.8.
 The next call after setting this parameter will be OP_digest_final().
 This is only relevant for implementations of SHA1 or MD5_SHA1.
 
-=item B<OSSL_DIGEST_PARAM_PAD_TYPE> (uint)
+=item B<OSSL_DIGEST_PARAM_PAD_TYPE> (unsigned integer)
 
 Sets the pad type to be used.
 The only built-in digest that uses this is MDC2.
@@ -251,7 +252,7 @@ Normally the final MDC2 block is padded with 0s.
 If the pad type is set to 2 then the final block is padded with 0x80 followed by
 0s.
 
-=item B<OSSL_DIGEST_PARAM_MICALG> (utf8 string)
+=item B<OSSL_DIGEST_PARAM_MICALG> (UTF8 string)
 
 Gets the digest Message Integrity Check algorithm string.
 This is used when creating S/MIME multipart/signed messages, as specified in
diff --git a/doc/man7/provider-mac.pod b/doc/man7/provider-mac.pod
index 77feab6b9b..f9d6e35329 100644
--- a/doc/man7/provider-mac.pod
+++ b/doc/man7/provider-mac.pod
@@ -159,7 +159,7 @@ Sets the key in the associated MAC ctx.
 
 Sets the IV of the underlying cipher, when applicable.
 
-=item B<OSSL_MAC_PARAM_CUSTOM> (utf8 string)
+=item B<OSSL_MAC_PARAM_CUSTOM> (UTF8 string)
 
 Sets the custom string in the associated MAC ctx.
 
@@ -167,31 +167,31 @@ Sets the custom string in the associated MAC ctx.
 
 Sets the salt of the underlying cipher, when applicable.
 
-=item B<OSSL_MAC_PARAM_BLOCK_XOF> (int)
+=item B<OSSL_MAC_PARAM_BLOCK_XOF> (integer)
 
 Sets XOF mode in the associated MAC ctx.
 0 means no XOF mode, 1 means XOF mode.
 
-=item B<OSSL_MAC_PARAM_FLAGS> (int)
+=item B<OSSL_MAC_PARAM_FLAGS> (integer)
 
 Gets flags associated with the MAC.
 
 =for comment We need to investigate if this is the right approach
 
-=item B<OSSL_MAC_PARAM_CIPHER> (utf8 string)
+=item B<OSSL_MAC_PARAM_CIPHER> (UTF8 string)
 
-=item B<OSSL_MAC_PARAM_DIGEST> (utf8 string)
+=item B<OSSL_MAC_PARAM_DIGEST> (UTF8 string)
 
 Sets the name of the underlying cipher or digest to be used.
 It must name a suitable algorithm for the MAC that's being used.
 
-=item B<OSSL_MAC_PARAM_PROPERTIES> (utf8 string)
+=item B<OSSL_MAC_PARAM_PROPERTIES> (UTF8 string)
 
 Sets the properties to be queried when trying to fetch the underlying algorithm.
 This must be given together with the algorithm naming parameter to be
 considered valid.
 
-=item B<OSSL_MAC_PARAM_SIZE> (int)
+=item B<OSSL_MAC_PARAM_SIZE> (integer)
 
 Can be used to get the resulting MAC size.
 
diff --git a/doc/man7/provider-signature.pod b/doc/man7/provider-signature.pod
index 1ab4831035..777b991cc6 100644
--- a/doc/man7/provider-signature.pod
+++ b/doc/man7/provider-signature.pod
@@ -194,15 +194,17 @@ algorithms:
 
 =over 4
 
-=item "digest" (B<OSSL_SIGNATURE_PARAM_DIGEST>) <utf8 string>
+=item "digest" (B<OSSL_SIGNATURE_PARAM_DIGEST>) <UTF8 string>
 
 Get or sets the name of the digest algorithm used for the input to the signature
 functions.
 
-=item "digest-size" (B<OSSL_SIGNATURE_PARAM_DIGEST_SIZE>) <size_t>
+=item "digest-size" (B<OSSL_SIGNATURE_PARAM_DIGEST_SIZE>) <unsigned integer>
 
 Gets or sets the output size of the digest algorithm used for the input to the
 signature functions.
+The length of the "digest-size" parameter should not exceed that of a B<size_t>.
+
 
 =back

More information about the openssl-commits mailing list