openssl.git
4 months agoREADME-FIPS: document the installation of the FIPS provider
Dr. Matthias St. Pierre [Thu, 8 Apr 2021 19:06:23 +0000 (21:06 +0200)]
README-FIPS: document the installation of the FIPS provider

Note that configuration and installation procedure has changed:

- The FIPS provider is now disabled by default and needs to
  be enabled by configuring with `enable-fips`.
- If the FIPS provider is enabled, it gets installed automatically.
  There is no extra installation step required anymore.

This is more natural and coincides with the expectation of the
user, namely "what's configured, gets installed".

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13684)

4 months agoConfigure: disable fips mode by default
Dr. Matthias St. Pierre [Sun, 25 Apr 2021 23:04:26 +0000 (01:04 +0200)]
Configure: disable fips mode by default

Building the fips provider in addition to the default provider
effectively doubles the build time. Since many users will not
need fips support, it is now disabled by default.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13684)

4 months agoConfigure: sort the disablables alphabetically
Dr. Matthias St. Pierre [Sun, 25 Apr 2021 23:01:50 +0000 (01:01 +0200)]
Configure: sort the disablables alphabetically

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13684)

4 months agobuild.info: add the Perl wrapper to build generator programs on Windows
Dr. Matthias St. Pierre [Wed, 14 Apr 2021 18:23:43 +0000 (20:23 +0200)]
build.info: add the Perl wrapper to build generator programs on Windows

Pull request #14320 introduced the ability to use compiled programs
as generators in GENERATE rules of build.info files. Those generator
calls were wrapped by the Perl wrapper (wrap.pl) in the Unix makefile
template, but not on Windows.

This commit adds the missing wrapper for Windows, because for the
`fipsmodule.cnf` target it is essential that the `openssl fipsinstall`
command does not load any preinstalled openssl configuration file.

Fixes #13680

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13684)

4 months agoConfigure/Makefile: install the fips provider if it was configured
Dr. Matthias St. Pierre [Sun, 25 Apr 2021 22:14:59 +0000 (00:14 +0200)]
Configure/Makefile: install the fips provider if it was configured

To follow the principle "what you configure is what you install",
the `make install` target now includes the installation of the
fips provider (`make install_fips`) if (and only if) OpenSSL was
configured with fips support (`enable-fips`).

The `make install_fips` target exists as well and can be used
to install just the fips provider. It requires `enable-fips`
and issues an error message if `no-fips` was configured.

The anologue holds for the 'uninstall_fips' target.

Fixes #13693

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13684)

4 months agoConfigure/Makefile: don't generate a fresh fipsmodule.cnf when installing it
Dr. Matthias St. Pierre [Wed, 14 Apr 2021 18:37:37 +0000 (20:37 +0200)]
Configure/Makefile: don't generate a fresh fipsmodule.cnf when installing it

There is already a `providers/fipsmodule.cnf` target which is required by
the tests. Instead of creating another fipsmodule.cnf, the `install_fips`
target simply copies that configuration file to its final destination.

This commit also restores the minimal dependencies to build the `install_fips`
target immediately after configuring, which was broken after the removal
of the `install_sw` dependency.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13684)

4 months agoConfigure/Makefile: separate install of the FIPS module
Dr. Matthias St. Pierre [Thu, 7 Jan 2021 17:47:01 +0000 (18:47 +0100)]
Configure/Makefile: separate install of the FIPS module

Fixes #13693

Co-authored-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13684)

4 months agoConfigure/Makefile: correct the FIPS module configuration file path
Dr. Matthias St. Pierre [Tue, 15 Dec 2020 21:44:32 +0000 (22:44 +0100)]
Configure/Makefile: correct the FIPS module configuration file path

According to the OpenSSL 3.0 Wiki, the file should be located at

    $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf

next to the openssl.cnf file.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13684)

4 months agoConfigure/Makefile: use the correct openssl app for FIPS installation
Dr. Matthias St. Pierre [Tue, 15 Dec 2020 21:34:41 +0000 (22:34 +0100)]
Configure/Makefile: use the correct openssl app for FIPS installation

The `openssl` app was previously called without a path, which
would generally invoke the system's copy of the openssl application.
Currently, that's most likely an openssl version 1.1.1 application,
which does not recognize the `fipsinstall` command and terminates
with an error message.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13684)

4 months agoConfigure/Makefile: fix the `-macopt` argument of the fipsinstall command
Dr. Matthias St. Pierre [Tue, 15 Dec 2020 18:41:58 +0000 (19:41 +0100)]
Configure/Makefile: fix the `-macopt` argument of the fipsinstall command

The FIPS hmac key is provided as a hexadezimal string, which needs to
be be prefixed with `hexkey:`, not `key:`.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13684)

4 months agorunchecker: fix no-sock build by conditioning clean up on the NO_SOCK symbol.
Pauli [Wed, 28 Apr 2021 00:38:08 +0000 (10:38 +1000)]
runchecker: fix no-sock build by conditioning clean up on the NO_SOCK symbol.

Fixes #15054

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15055)

4 months agotest: never run fipsinstall if the tests are not enabled.
Pauli [Wed, 28 Apr 2021 01:25:52 +0000 (11:25 +1000)]
test: never run fipsinstall if the tests are not enabled.

Fixes #15056

The dependency for fipsinstall was being added to the makefile regardless of
it being used.  This means that a subsequent `make test` would fail if the
command line application wasn't present.  Rather than fix the instance in question,
it is better to leave out this part of the makefile if the tests cannot be
run.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15057)

4 months agoutil/add-depends.pl: Adapt to localized /showIncludes output
Richard Levitte [Mon, 26 Apr 2021 07:28:12 +0000 (09:28 +0200)]
util/add-depends.pl: Adapt to localized /showIncludes output

It was discovered that MSVC has localized /showIncludes output.
Fortunately, it still seems to follow the same generic format, so we
can adapt the regular expression to make it language agnostic.

Fixes #14994

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/15006)

4 months agoConfiguration: rework how dependency making is handled
Richard Levitte [Mon, 26 Apr 2021 07:17:05 +0000 (09:17 +0200)]
Configuration: rework how dependency making is handled

Previously, we had dependency making pretty much hard coded in the
build file templates, with a bit of an exception for Unix family
platforms, where we had different cases depending on what dependency
making program was found.

With the Embarcadero C++ builder, a separate scheme appeared, with a
different logic.

This change merges the two, and introduces two config target
attributes:

    makedepcmd          The program to use, where this is relevant.
                        This replaces the earlier configuration
                        attribute 'makedepprog'.
    makedep_scheme      This is a keyword that can be used by build
                        files templates to produce different sorts of
                        commands, but most importantly, to pass as
                        argument to util/add-depend.pl, which uses
                        this keyword as a "producer" for the
                        dependency lines.

If the config target doesn't define the 'makedep_scheme' attribute,
Configure tries to figure it out by looking for GCC compatible
compilers or for the 'makedepend' command.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/15006)

4 months agoWindows bulding: Make dependency generation not quite as talkative
Richard Levitte [Fri, 23 Apr 2021 14:19:23 +0000 (16:19 +0200)]
Windows bulding: Make dependency generation not quite as talkative

The modified way to generate .d files had an unfortunate side effect,
that it outputs the whole preprocessed file and not just the dependency
lines, at least with MSVC's cl.  That gave util/add-depends.pl a whole
lot more to read through, which impacts greatly on the performance of
dependency treatment.

We modify the process by adding a config target attribute 'make_depend',
which can be any suitable command for generating such lines.  All it
needs is to also accept C flags and macro definitions.

Fixes #14994

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/15006)

4 months agoTest a Finished message at the wrong time results in unexpected message
Matt Caswell [Mon, 19 Apr 2021 15:46:30 +0000 (16:46 +0100)]
Test a Finished message at the wrong time results in unexpected message

We test that sending a Finished message instead of a ClientHello results
in an unexpected message error.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14930)

4 months agoDefer Finished MAC handling until after state transition
Matt Caswell [Mon, 19 Apr 2021 14:21:54 +0000 (15:21 +0100)]
Defer Finished MAC handling until after state transition

In TLS we process received messages like this:

1) Read Message Header
2) Validate and transition state based on received message type
3) Read Message Body
4) Process Message

In DTLS we read messages like this:

1) Read Message Header and Body
2) Validate and transition state based on received message type
3) Process Message

The difference is because of the stream vs datagram semantics of the
underlying transport.

In both TLS and DTLS we were doing finished MAC processing as part of
reading the message body. This means that in DTLS this was occurring
*before* the state transition has been validated. A crash was occurring
in DTLS if a Finished message was sent in an invalid state due to
assumptions in the code that certain variables would have been setup by
the time a Finished message arrives.

To avoid this problem we shift the finished MAC processing to be after
the state transition in DTLS.

Thanks to github user @bathooman for reporting this issue.

Fixes #14906

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14930)

4 months agoStore the list of activated providers in the libctx
Matt Caswell [Mon, 26 Apr 2021 13:58:40 +0000 (14:58 +0100)]
Store the list of activated providers in the libctx

The provider config module was storing the list of activated providers
in a global variable. However, because different libctxs can each load
providers via config files we need to keep the list of activated providers
separate and in the libctx.

Partially fixes #15030

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15033)

4 months agoProperly protect access to the provider flag_activated field
Matt Caswell [Fri, 23 Apr 2021 15:18:28 +0000 (16:18 +0100)]
Properly protect access to the provider flag_activated field

This was not always locked when it should be.

Fixes #15005

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15010)

4 months agoAdd a threading test for loading/unloading providers
Matt Caswell [Fri, 23 Apr 2021 13:10:07 +0000 (14:10 +0100)]
Add a threading test for loading/unloading providers

Check that we don't see any threading issues when loading/unloading a
provider from multiple threads.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15010)

4 months agoCMS ESS: Move four internal aux function to where they belong in crypto/cms
Dr. David von Oheimb [Tue, 16 Mar 2021 15:41:52 +0000 (16:41 +0100)]
CMS ESS: Move four internal aux function to where they belong in crypto/cms

Also constify and slightly refactor them.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14601)

4 months agoTS ESS: Move four internal aux function to where they belong in crypto/ts
Dr. David von Oheimb [Tue, 16 Mar 2021 15:04:08 +0000 (16:04 +0100)]
TS ESS: Move four internal aux function to where they belong in crypto/ts

Also constify and slightly refactor them.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14601)

4 months agoESS: Export three core functions, clean up TS and CMS CAdES-BES usage
Dr. David von Oheimb [Mon, 15 Mar 2021 19:24:40 +0000 (20:24 +0100)]
ESS: Export three core functions, clean up TS and CMS CAdES-BES usage

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14601)

4 months agoSkip test_fipsload when fips is disabled.
Tomas Mraz [Mon, 26 Apr 2021 10:59:23 +0000 (12:59 +0200)]
Skip test_fipsload when fips is disabled.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/15027)

4 months agoExplicitly enable or disable fips if it is or is not relevant for the test
Tomas Mraz [Mon, 26 Apr 2021 10:19:49 +0000 (12:19 +0200)]
Explicitly enable or disable fips if it is or is not relevant for the test

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/15027)

4 months agoAdd X509 version constants.
David Benjamin [Thu, 11 Mar 2021 19:43:04 +0000 (14:43 -0500)]
Add X509 version constants.

The X509 version APIs return the numerical values of the version
numbers, which are one off from the names. This is a bit confusing.
Where they don't get it wrong (accidentally making an "X509v4"
certificate), callers tend to try commenting every call site to explain
the mismatch, including in OpenSSL itself.

Define constants for these values, so code can be self-documenting and
callers are nudged towards the right values.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14549)

4 months agomemleaktest with MSVC's AddressSanitizer
Kevin Cadieux [Fri, 19 Mar 2021 20:54:05 +0000 (13:54 -0700)]
memleaktest with MSVC's AddressSanitizer

Disabling memleaktest under MSVC because leak detection is not a supported feature with MSVC's AddressSanitizer. Leaving ASan enabled in this case causes a test failure because the test suite is expecting the leak to be detected.

CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14581)

4 months agoOPENSSL_sk functions are effectively already documented
Tomas Mraz [Mon, 29 Mar 2021 12:18:10 +0000 (14:18 +0200)]
OPENSSL_sk functions are effectively already documented

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14728)

4 months agoImprove the implementation of X509_STORE_CTX_get1_issuer()
Tomas Mraz [Mon, 29 Mar 2021 10:41:18 +0000 (12:41 +0200)]
Improve the implementation of X509_STORE_CTX_get1_issuer()

It is possible for the stack of X509_OBJECTs held in an X509_STORE_CTX to
have a custom compare function associated with it. Normally (by default)
this uses X509_NAME_cmp(). The X509_STORE_CTX_get1_issuer() function
assumed that it would always be X509_NAME_cmp().

By implementing OPENSSL_sk_find_all() function we can avoid explicitly
using X509_NAME_cmp() in X509_STORE_CTX_get1_issuer().

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14728)

4 months agoAdd testing for updated cipher IV
Jon Spillett [Tue, 27 Apr 2021 04:56:00 +0000 (14:56 +1000)]
Add testing for updated cipher IV

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15041)

4 months agoUse "canonical" names when matching the output of the commands
Tomas Mraz [Mon, 26 Apr 2021 13:04:53 +0000 (15:04 +0200)]
Use "canonical" names when matching the output of the commands

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15028)

4 months agoSkip GOST engine tests in out of tree builds
Tomas Mraz [Mon, 26 Apr 2021 11:12:28 +0000 (13:12 +0200)]
Skip GOST engine tests in out of tree builds

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15028)

4 months agoPrefer fetch over legacy get_digestby/get_cipherby
Tomas Mraz [Mon, 26 Apr 2021 10:08:27 +0000 (12:08 +0200)]
Prefer fetch over legacy get_digestby/get_cipherby

Fixes #14198

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15028)

4 months agoRename some globals, add ossl prefix.
Rich Salz [Mon, 26 Apr 2021 17:35:51 +0000 (13:35 -0400)]
Rename some globals, add ossl prefix.

Fixes: 13562

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15035)

4 months agoAdd system guessing for linux64-riscv64 target
Andreas Schwab [Sun, 25 Apr 2021 17:29:45 +0000 (19:29 +0200)]
Add system guessing for linux64-riscv64 target

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15023)

4 months agoTest that we don't have a memory leak in d2i_ASN1_OBJECT.
Shane Lontis [Wed, 21 Apr 2021 03:49:29 +0000 (13:49 +1000)]
Test that we don't have a memory leak in d2i_ASN1_OBJECT.

Fixes #14667

Reworked test supplied by @smcpeak into a unit test.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14938)

(cherry picked from commit 7c65179ad95d0f6f598ee82e763fce2567fe5802)

4 months agoASN1: Ensure that d2i_ASN1_OBJECT() frees the strings on ASN1_OBJECT reuse
Richard Levitte [Tue, 20 Apr 2021 06:43:30 +0000 (08:43 +0200)]
ASN1: Ensure that d2i_ASN1_OBJECT() frees the strings on ASN1_OBJECT reuse

The 'sn' and 'ln' strings may be dynamically allocated, and the
ASN1_OBJECT flags have a bit set to say this.  If an ASN1_OBJECT with
such strings is passed to d2i_ASN1_OBJECT() for reuse, the strings
must be freed, or there is a memory leak.

Fixes #14667

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14938)

(cherry picked from commit 65b88a75921533ada8b465bc8d5c0817ad927947)

4 months agoadd verbosity for pyca job
Paul Kehrer [Sun, 25 Apr 2021 19:28:23 +0000 (14:28 -0500)]
add verbosity for pyca job

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15018)

4 months agore-add pyca/cryptography testing
Paul Kehrer [Sat, 24 Apr 2021 20:55:25 +0000 (15:55 -0500)]
re-add pyca/cryptography testing

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15018)

4 months agoadd wycheproof submodule
Paul Kehrer [Sat, 24 Apr 2021 20:55:08 +0000 (15:55 -0500)]
add wycheproof submodule

This is used with the pyca/cryptography test suite

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15018)

4 months agoupdated pyca/cryptography submodule version
Paul Kehrer [Sat, 24 Apr 2021 19:42:20 +0000 (14:42 -0500)]
updated pyca/cryptography submodule version

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15018)

4 months agoAvoid #include with inline function on C++Builder
Tanzinul Islam [Sun, 25 Apr 2021 18:59:29 +0000 (19:59 +0100)]
Avoid #include with inline function on C++Builder

Commit 6b2978406 exposed a bug with C++Builder's Clang-based compilers,
which cause inline function definitions in C translation units to not
be found by the linker. Disable the inclusion of the triggering header.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15025)

4 months agoDeprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters().
Shane Lontis [Fri, 23 Apr 2021 00:53:03 +0000 (10:53 +1000)]
Deprecate EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters().

The replacement functions EVP_PKEY_eq() and EVP_PKEY_parameters_eq()
already exist.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14997)

4 months agoDoc updates for DH/DSA examples
Shane Lontis [Tue, 20 Apr 2021 03:29:26 +0000 (13:29 +1000)]
Doc updates for DH/DSA examples

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14936)

4 months agoFixes related to separation of DH and DHX types
Shane Lontis [Thu, 15 Apr 2021 08:25:17 +0000 (18:25 +1000)]
Fixes related to separation of DH and DHX types

Fix dh_rfc5114 option in genpkey.

Fixes #14145
Fixes #13956
Fixes #13952
Fixes #13871
Fixes #14054
Fixes #14444

Updated documentation for app to indicate what options are available for
DH and DHX keys.

DH and DHX now have different keymanager gen_set_params() methods.

Added CHANGES entry to indicate the breaking change.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14883)

4 months agoAdd type_name member to provided methods and use it
Tomas Mraz [Fri, 16 Apr 2021 14:22:03 +0000 (16:22 +0200)]
Add type_name member to provided methods and use it

Fixes #14701

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14898)

4 months agoDocumentation fix for openssl-verify certificates
Klaas van Schelven [Wed, 31 Mar 2021 08:44:20 +0000 (10:44 +0200)]
Documentation fix for openssl-verify certificates

`openssl verify` silently ignores any but the first certificate in the
`certificates` argument.

See #14675

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14754)

5 months agoAPPS: Improve diagnostics for string options and options expecting int >= 0
Dr. David von Oheimb [Wed, 21 Apr 2021 11:08:21 +0000 (13:08 +0200)]
APPS: Improve diagnostics for string options and options expecting int >= 0

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14970)

5 months agoAPPS: Prevent ASAN hickup on idempotent strncpy() in opt_progname()
Dr. David von Oheimb [Wed, 21 Apr 2021 11:51:03 +0000 (13:51 +0200)]
APPS: Prevent ASAN hickup on idempotent strncpy() in opt_progname()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14970)

5 months agoTEST: correct test/recipes/30-test_evp_data/evppkey_ecdh.txt
Richard Levitte [Fri, 23 Apr 2021 13:52:02 +0000 (15:52 +0200)]
TEST: correct test/recipes/30-test_evp_data/evppkey_ecdh.txt

Some keys with groups that aren't supported by FIPS were still used
for Derive stanzas, even when testing with the FIPS provider.
This was due to the flaw in evp_keymgmt_util_try_import() that meant
that even though the key was invalid for FIPS, it could still come
through, because the imported keydata wasn't cleared on import error.
With that flaw corrected, these few Derive stanzas start failing.

We mitigate this by making of "offending" Derive stanzas only
available with the default provider.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15008)

5 months agoSTORE: Simplify error filtering in der2obj_decode()
Richard Levitte [Fri, 23 Apr 2021 13:47:59 +0000 (15:47 +0200)]
STORE: Simplify error filtering in der2obj_decode()

We do here like in all other decoder implementations, drop all errors
that were caused by a failing asn1_d2i_read_bio(), as it's most likely
to mean that the input isn't DER, and another decoder implementation,
if there is any left, should have a go.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15008)

5 months agocrypto/store/ossl_result.c: Better filtering of errors
Richard Levitte [Fri, 23 Apr 2021 13:44:39 +0000 (15:44 +0200)]
crypto/store/ossl_result.c: Better filtering of errors

The diverse variants of try_XXX() were filtering errors independently
of each other.  It's better done in ossl_store_handle_load_result()
itself, where we have control over the overall success and failure of
the attempts.

Fixes #14973

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15008)

5 months agoEVP: evp_keymgmt_util_try_import() should clean up on failed import
Richard Levitte [Fri, 23 Apr 2021 13:40:30 +0000 (15:40 +0200)]
EVP: evp_keymgmt_util_try_import() should clean up on failed import

If evp_keymgmt_util_try_import() allocated keydata, and the import
itself fails, it should deallocate keydata.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15008)

5 months agoDon't remove $(TARFILE) when cleaning
Richard Levitte [Thu, 22 Apr 2021 12:37:40 +0000 (14:37 +0200)]
Don't remove $(TARFILE) when cleaning

This file is outside the source tree, so we have no business removing
it.  This is especially concerning if that was the tarball the user
had to create the source tree.

Fixes #14981

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14985)

5 months agotest: separate some DES based tests out to permit a no-des build to work
Pauli [Thu, 22 Apr 2021 00:21:30 +0000 (10:21 +1000)]
test: separate some DES based tests out to permit a no-des build to work

One of the KDFs and one of the MACs use DES as an underlying algorithm in some
tests.  Separate these out into their own files which are conditionally excluded.

Fixes #14958

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14975)

5 months agotest: fix test_evp_kdf when DES is disabled.
Pauli [Thu, 22 Apr 2021 00:05:47 +0000 (10:05 +1000)]
test: fix test_evp_kdf when DES is disabled.

Fixes #14958

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14975)

5 months agoRunchecker fix for the no-autoerrinit build
Pauli [Thu, 22 Apr 2021 01:04:28 +0000 (11:04 +1000)]
Runchecker fix for the no-autoerrinit build

In this case, there was a slight different error output format that wasn't
being accounted for in the error test.

Fixes #14961

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14976)

5 months agoRunchecker: fix failure with no-autoalginit option by disabling FIPS
Pauli [Thu, 22 Apr 2021 06:43:13 +0000 (16:43 +1000)]
Runchecker: fix failure with no-autoalginit option by disabling FIPS

With this option, the openssl command line tool is not created.  Without that
it is impossible to create the fipsmodule.cnf file that the tests would
otherwise depend upon.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14979)

5 months agoRunchecker: fix TLS curves test failure with no-tls1_3 option
Pauli [Thu, 22 Apr 2021 06:13:10 +0000 (16:13 +1000)]
Runchecker: fix TLS curves test failure with no-tls1_3 option

The TLS curves test strong assumes that TLS 1.2 and TLS 1.3 are present.
It is only conditioned out if TLS 1.2 isn't.  This changes also conditions
it out if TLS 1.3 isn't present.

Fixes ##14965

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14978)

5 months agoRunchecker: fix no-ec2m build which was trying to validate the e2cm curves
Pauli [Thu, 22 Apr 2021 01:50:15 +0000 (11:50 +1000)]
Runchecker: fix no-ec2m build which was trying to validate the e2cm curves

The evp_extra_test program was trying to validate these curves when they were
not build.

Fixes #14959

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14977)

5 months agoTrivial shortcuts for EVP_PKEY_eq()
Tomas Mraz [Tue, 20 Apr 2021 14:39:00 +0000 (16:39 +0200)]
Trivial shortcuts for EVP_PKEY_eq()

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14942)

5 months agoRemove obsolete comment
Dr. Matthias St. Pierre [Wed, 21 Apr 2021 11:12:38 +0000 (13:12 +0200)]
Remove obsolete comment

Fixes #14968

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14969)

5 months agoAdded Perl installation instructions to NOTES-PERL.md for HPE NonStop.
Randall S. Becker [Mon, 19 Apr 2021 17:32:36 +0000 (13:32 -0400)]
Added Perl installation instructions to NOTES-PERL.md for HPE NonStop.

Fixes #14931.

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/14932)

5 months agoBIO_s_connect.pod: Improve doc of BIO_set_conn_hostname() etc.
Dr. David von Oheimb [Wed, 21 Apr 2021 10:47:35 +0000 (12:47 +0200)]
BIO_s_connect.pod: Improve doc of BIO_set_conn_hostname() etc.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14967)

5 months agoapps/cmp.c and APP_HTTP_TLS_INFO: Fix use-after-free and add proper free() function
Dr. David von Oheimb [Wed, 21 Apr 2021 11:28:00 +0000 (13:28 +0200)]
apps/cmp.c and APP_HTTP_TLS_INFO: Fix use-after-free and add proper free() function

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14971)

5 months agoRemove an unused parameter
Rich Salz [Tue, 20 Apr 2021 15:21:13 +0000 (11:21 -0400)]
Remove an unused parameter

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14943)

5 months agoSome compilers define __STDC_VERSION__ in c++
Niclas Rosenvik [Tue, 20 Apr 2021 17:14:27 +0000 (19:14 +0200)]
Some compilers define __STDC_VERSION__ in c++

Some compilers(g++ on Solaris/Illumos) define __STDC__VERSION__ in c++ .
This causes c++ code that uses openssl to break on these compilers since
_Noreturn is not a keyword in c++ .

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14944)

5 months agoRead a REQUEST not RESPONSE in ocsp responder
Rich Salz [Tue, 20 Apr 2021 18:14:00 +0000 (14:14 -0400)]
Read a REQUEST not RESPONSE in ocsp responder

Fixes: #13904

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14946)

5 months agotest_sslextension: skip tests that cannot work with no-tls1_2
Tomas Mraz [Wed, 21 Apr 2021 06:29:28 +0000 (08:29 +0200)]
test_sslextension: skip tests that cannot work with no-tls1_2

Fixes runchecker failure of no-tls1_2 build.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14955)

5 months agohttp/http_lib.c: Include stdio.h for sscanf()
Tomas Mraz [Wed, 21 Apr 2021 06:11:04 +0000 (08:11 +0200)]
http/http_lib.c: Include stdio.h for sscanf()

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14953)

5 months agoForce public key to be included unless explicitly excluded with -no_public
Wolf [Tue, 20 Apr 2021 19:08:59 +0000 (14:08 -0500)]
Force public key to be included unless explicitly excluded with -no_public

Send this before the CLA was accepted, amending to re-trigger check.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14947)

5 months agoAdd RUN_ONCE support to zlib init
Todd Short [Mon, 12 Apr 2021 19:51:59 +0000 (15:51 -0400)]
Add RUN_ONCE support to zlib init

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14940)

5 months agoFix potential NULL dereference in OSSL_PARAM_get_utf8_string()
Tomas Mraz [Mon, 19 Apr 2021 14:02:16 +0000 (16:02 +0200)]
Fix potential NULL dereference in OSSL_PARAM_get_utf8_string()

Fixes Coverity ID 1476283

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14928)

5 months agoFix potential NULL dereference in ossl_ec_key_dup()
Tomas Mraz [Mon, 19 Apr 2021 13:50:35 +0000 (15:50 +0200)]
Fix potential NULL dereference in ossl_ec_key_dup()

Fixes Coverity ID 1476282

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14928)

5 months agoRemoved dead code in linebuffer_ctrl()
Tomas Mraz [Mon, 19 Apr 2021 13:34:59 +0000 (15:34 +0200)]
Removed dead code in linebuffer_ctrl()

Fixes Coverity CID 1476284

Also add possible number truncation check.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14928)

5 months agoe_os.h: Include wspiapi.h to improve Windows backward compatibility
Prcuvu [Sat, 14 Mar 2020 03:59:11 +0000 (03:59 +0000)]
e_os.h: Include wspiapi.h to improve Windows backward compatibility

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14550)

5 months agoadd Changelog item for TLS1.3 FFDHE work
Hubert Kario [Wed, 21 Apr 2021 12:27:31 +0000 (14:27 +0200)]
add Changelog item for TLS1.3 FFDHE work

Raja added support for FFDHE in TLS 1.3 in commits 9aaecbfc98eb89,
8e63900a71df38ffdfa1f5476e86f3 in 2019, reflect this in the changelog.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14972)

5 months agoPrepare for 3.0 alpha 16
Matt Caswell [Thu, 22 Apr 2021 13:44:22 +0000 (14:44 +0100)]
Prepare for 3.0 alpha 16

Reviewed-by: Tomas Mraz <tomas@openssl.org>
5 months agoPrepare for release of 3.0 alpha 15 openssl-3.0.0-alpha15
Matt Caswell [Thu, 22 Apr 2021 13:44:12 +0000 (14:44 +0100)]
Prepare for release of 3.0 alpha 15

Reviewed-by: Tomas Mraz <tomas@openssl.org>
5 months agoUpdate copyright year
Matt Caswell [Thu, 22 Apr 2021 13:38:44 +0000 (14:38 +0100)]
Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14986)

5 months agoFix build failure with MSVC
Tomas Mraz [Thu, 22 Apr 2021 12:12:45 +0000 (14:12 +0200)]
Fix build failure with MSVC

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14983)

5 months agoAvoid the need for Configure time 128-bit int detection
Matt Caswell [Mon, 19 Apr 2021 16:31:28 +0000 (17:31 +0100)]
Avoid the need for Configure time 128-bit int detection

We just detect this at compile time instead.

This avoids cross-compilation problems where the host platform supports
128-bit ints, but the target platform does not (or vice versa). This was
causing a problem on some platforms where, dependent on the CFLAGS, 128 bit
ints were either supported or not.

Fixes #14804

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14941)

5 months agoFix typos
MichaM [Wed, 14 Apr 2021 21:45:05 +0000 (23:45 +0200)]
Fix typos

CLA: trivial

Signed-off-by: MichaM <contact-micha+github@posteo.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14879)

5 months agoAdd missing argname for keymgmt_gettable_params and keymgmt_settable_params prototypes
Nicola Tuveri [Tue, 20 Apr 2021 21:27:12 +0000 (00:27 +0300)]
Add missing argname for keymgmt_gettable_params and keymgmt_settable_params prototypes

For some reason `keymgmt_gettable_params` and `keymgmt_settable_params`
seem to be the only prototypes in `core_dispatch.h` without named
arguments.

This is annoying if `core_dispatch.h` is being parsed to extract
information and also for developers who would like the header to be
self-contained, without having to refer to the documentation every time
to check what is supposed to be passed.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14950)

5 months agoASN.1: Add some sanity checks for input len <= 0; related coding improvements
Dr. David von Oheimb [Mon, 1 Mar 2021 13:45:23 +0000 (14:45 +0100)]
ASN.1: Add some sanity checks for input len <= 0; related coding improvements

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14357)

5 months agotasn_dec.c: Add checks for it == NULL arguments; improve coding style
Dr. David von Oheimb [Mon, 1 Mar 2021 13:43:19 +0000 (14:43 +0100)]
tasn_dec.c: Add checks for it == NULL arguments; improve coding style

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14357)

5 months agoDOC: Clarify EVP_MAC_init() params vs. EVP_MAC_CTX_set_params()
Dr. David von Oheimb [Tue, 20 Apr 2021 06:30:47 +0000 (08:30 +0200)]
DOC: Clarify EVP_MAC_init() params vs. EVP_MAC_CTX_set_params()

Fixes #14855

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14937)

5 months agoUse build.info not file-wide ifndef
Rich Salz [Sun, 18 Apr 2021 14:05:32 +0000 (10:05 -0400)]
Use build.info not file-wide ifndef

If configured with no-cms, handle it in build.info like the other options.
I guess I missed doing this file in PR #11250

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14918)

5 months agoSTORE: Discard the error report filter in crypto/store/store_result.c
Richard Levitte [Fri, 16 Apr 2021 12:34:19 +0000 (14:34 +0200)]
STORE: Discard the error report filter in crypto/store/store_result.c

The error report filter was fragile, as it could potentially have to
be updated when other parts of libcrypto got updated, making a goose
chase and a maintenance problem.

We change this to regard d2i errors as something we don't care so much
about, since they are mainly part of the guessing mechanism.  The
success of the ossl_store_handle_load_result() call is based on
whether an object was actually created or not anyway.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14834)

5 months agoTEST: Adapt the EVP test
Richard Levitte [Fri, 16 Apr 2021 08:08:38 +0000 (10:08 +0200)]
TEST: Adapt the EVP test

The EVP test didn't recognise ERR_R_UNSUPPORTED, now does

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14834)

5 months agoAdapt our decoder implementations to the new way to indicate succes / failure
Richard Levitte [Mon, 12 Apr 2021 10:20:20 +0000 (12:20 +0200)]
Adapt our decoder implementations to the new way to indicate succes / failure

This includes the special decoder used in our STOREMGMT 'file:' implementation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14834)

5 months agoENCODER & DECODER: Allow decoder implementations to specify "carry on"
Richard Levitte [Mon, 12 Apr 2021 10:11:07 +0000 (12:11 +0200)]
ENCODER & DECODER: Allow decoder implementations to specify "carry on"

So far, decoder implementations would return true (1) for a successful
decode all the way, including what the callback it called returned,
and false (0) in all other cases.

This construction didn't allow to stop to decoding process on fatal
errors, nor to choose what to report in the provider code.

This is now changed so that decoders implementations are made to
return false only on errors that should stop the decoding process from
carrying on with other implementations, and return true for all other
cases, even if that didn't result in a constructed object (EVP_PKEY
for example), essentially making it OK to return "empty handed".

The success of the decoding process is now all about successfully
constructing the final object, rather than about the return value of
the decoding chain.  If no construction is attempted, the central
decoding processing code concludes that whatever the input consisted
of, it's not supported by the available decoder implementations.

Fixes #14423

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14834)

5 months agoFix memory leak in X509_REQ
Petr Gotthard [Sat, 17 Apr 2021 12:58:30 +0000 (14:58 +0200)]
Fix memory leak in X509_REQ

The propq is strdup'ed in X509_REQ_new_ex, but never freed.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14907)

5 months agoapps/cmp.c: Fix double free on OSSL_CMP_CTX_set1_p10CSR() failure
Dr. David von Oheimb [Mon, 19 Apr 2021 14:03:53 +0000 (16:03 +0200)]
apps/cmp.c: Fix double free on OSSL_CMP_CTX_set1_p10CSR() failure

Fixes #14910
Also slightly improve further error handling of setup_request_ctx().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14929)

5 months agoasn1: fix indentation
Pauli [Thu, 15 Apr 2021 00:42:01 +0000 (10:42 +1000)]
asn1: fix indentation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14881)

5 months agodsa: remove unused macro
Pauli [Wed, 14 Apr 2021 06:38:07 +0000 (16:38 +1000)]
dsa: remove unused macro

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14881)

5 months agosrp: remove references to EVP_sha1()
Pauli [Thu, 15 Apr 2021 00:35:28 +0000 (10:35 +1000)]
srp: remove references to EVP_sha1()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14881)

5 months agopem: remove references to EVP_sha1()
Pauli [Thu, 15 Apr 2021 00:35:08 +0000 (10:35 +1000)]
pem: remove references to EVP_sha1()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14881)

5 months agoocsp: remove references to EVP_sha1()
Pauli [Thu, 15 Apr 2021 00:34:48 +0000 (10:34 +1000)]
ocsp: remove references to EVP_sha1()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14881)

5 months agocms: remove most references to EVP_sha1()
Pauli [Thu, 15 Apr 2021 00:33:59 +0000 (10:33 +1000)]
cms: remove most references to EVP_sha1()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14881)