aboutsummaryrefslogtreecommitdiffstats
path: root/ssl/t1_lib.c
Commit message (Collapse)AuthorAgeFilesLines
* Check that IV length is not less than zeroDmitry Belyavskiy2022-08-011-5/+10
| | | | | | | | | | | As EVP_CIPHER_CTX_get_iv_length indicates failure with -1, this error should be processed. Also the result of this function shouldn't be assigned to an unsigned variable. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18891)
* SSL object refactoring using SSL_CONNECTION objectTomas Mraz2022-07-281-115/+199
| | | | | | | | | | | | | | Make the SSL object polymorphic based on whether this is a traditional SSL connection, QUIC connection, or later to be implemented a QUIC stream. It requires adding if after every SSL_CONNECTION_FROM_SSL() call which itself has to be added to almost every public SSL_ API call. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18612)
* Improve diagnostics on setting groupsDmitry Belyavskiy2022-06-221-1/+6
| | | | | | | | | | | - If keymgmmt is not available, it's not an error but the error message persists in stack - when setting groups, it's worth saying which group is not available Fixes #18585 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18591)
* add_provider_groups: Clean up algorithm pointer on failureTomas Mraz2022-06-101-1/+1
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18494)
* Fix strict client chain check with TLS-1.3Tomas Mraz2022-06-031-8/+6
| | | | | | | | | | When TLS-1.3 is used and the server does not send any CA names the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null argument. Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17986)
* Fix a crash in ssl_security_cert_chainBernd Edlinger2022-05-241-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to the crash there is an out of memory error in X509_verify_cert which makes the chain NULL or empty. The error is ignored by ssl_add_cert_chain, and ssl_security_cert_chain crashes due to the unchecked null pointer. This is reproducible with my error injection patch. The test vector has been validated on the 1.1.1 branch but the issue is of course identical in all branches. $ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8 #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 #1 0x403ba4 in my_malloc fuzz/test-corpus.c:114 #2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230 #3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180 #4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242 #5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99 #6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286 #7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959 #8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 #9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 #10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 #11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 #12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 #13 0x403202 in FuzzerTestOneInput fuzz/server.c:740 #14 0x40371b in testfile fuzz/test-corpus.c:182 #15 0x402856 in main fuzz/test-corpus.c:226 #16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer:DEADLYSIGNAL ================================================================= ==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0) ==8400==The signal is caused by a READ memory access. ==8400==Hint: address points to the zero page. #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386 #1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84 #2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921 #3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518 #4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542 #5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562 #6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963 #7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 #8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 #9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 #10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 #11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 #12 0x403202 in FuzzerTestOneInput fuzz/server.c:740 #13 0x40371b in testfile fuzz/test-corpus.c:182 #14 0x402856 in main fuzz/test-corpus.c:226 #15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) #16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions ==8400==ABORTING Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18376)
* Update copyright yearMatt Caswell2022-05-031-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
* Add back check for the DH public key sizeTomas Mraz2022-02-171-0/+19
| | | | | | | | | | | | This is needed for TLS-1.3. Also add check for uncompressed point format for ECDHE as the other formats are not allowed by RFC 8446. Fixes #17667 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17678)
* ssl: replace ;; with ; as statement separatorPauli2022-01-181-1/+1
| | | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17528)
* Enable brainpool curves for TLS1.3Bernd Edlinger2021-11-261-37/+92
| | | | | | | | See the recently assigned brainpool code points at: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7485)
* Add return value NULL checks that were missingPauli2021-11-121-0/+2
| | | | | | | Issues located by Brian Carpenter of Geeknik's Farm. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17007)
* Omitted signature_algorithms extension alerts updatedDmitry Belyavskiy2021-08-111-2/+2
| | | | | | | Fixes #15484 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16217)
* ssl: replace tabs with spacesPauli2021-06-191-1/+1
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15824)
* ssl: do not choose auto DH groups that are weaker than the security levelPauli2021-06-191-1/+6
| | | | | | | | Fixes #15808 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15818)
* tls: remove TODOsPauli2021-06-021-1/+1
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15539)
* Rename all getters to use get/get0 in nameTomas Mraz2021-06-011-13/+13
| | | | | | | | | | | | | | For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
* Replace EVP_PKEY_supports_digest_nidTomas Mraz2021-05-131-5/+8
| | | | | | | | | | | The EVP_PKEY_supports_digest_nid() is renamed to EVP_PKEY_digestsign_supports_digest() and implemented via EVP_DigestSignInit_ex(). Fixes #14343 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15198)
* Fix some TODO(3.0) occurrences in ssl/t1_lib.cMatt Caswell2021-04-191-11/+27
| | | | | | | | | | | | | | | One was related to probing for the combination of signature and hash algorithm together. This is currently not easily possible. The TODO(3.0) is converted to a normal comment and I've raised the problem as issue number #14885 as something to resolve post 3.0. The other TODO was a hard coded limit on the number of groups that could be registered. This has been amended so that there is no limit. Fixes #14333 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14886)
* Replace OSSL_PARAM_BLD_free_params() with OSSL_PARAM_free().Shane Lontis2021-04-121-1/+1
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14785)
* Increase the upper limit on group name lengthAnthony Hu2021-03-111-2/+2
| | | | | | | | | | | | | | While all the standardized groups would fit within the old limit, with the addition of providers, some might want to experiment with new and unstandardized groups. As such, their names might not fit within the old limit. Define it as GROUP_NAME_BUFFER_LENGTH with value 64. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14502)
* tls: updates for the new additional MAC_init argumentsPauli2021-02-281-3/+2
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14310)
* tls_valid_group: Add missing dereference of okfortls13Tomas Mraz2021-02-121-1/+1
| | | | | | | Fixes #14153 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14154)
* Simplify the EVP_PKEY_XXX_fromdata_XX methods.Shane Lontis2021-02-081-2/+3
| | | | | | | | | | | | | | | | | | The existing names such as EVP_PKEY_param_fromdata_settable were a bit confusing since the 'param' referred to key params not OSSL_PARAM. To simplify the interface a 'selection' parameter will be passed instead. The changes are: (1) EVP_PKEY_fromdata_init() replaces both EVP_PKEY_key_fromdata_init() and EVP_PKEY_param_fromdata_init(). (2) EVP_PKEY_fromdata() has an additional selection parameter. (3) EVP_PKEY_fromdata_settable() replaces EVP_PKEY_key_fromdata_settable() and EVP_PKEY_param_fromdata_settable(). EVP_PKEY_fromdata_settable() also uses a selection parameter. Fixes #12989 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14076)
* Remove all OPENSSL_NO_XXX from libssl where XXX is a crypto algMatt Caswell2021-02-051-4/+2
| | | | | | | | | | | | We should no longer be relying on compile time checks in libssl for the availability of crypto algorithms. The availability of crypto algorithms should be determined at runtime based on what providers have been loaded. Fixes #13616 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
* Remove OPENSSL_NO_EC guards from libsslMatt Caswell2021-02-051-40/+2
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
* Make sure we don't use sigalgs that are not availableMatt Caswell2021-02-051-3/+10
| | | | | | | | We may have compiled in sigalg values that we can't support at runtime. Make sure we only use sigalgs that are actually enabled. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
* Add the nist group names as aliases for the normal TLS group namesMatt Caswell2021-02-051-4/+1
| | | | | | | | By recognising the nist group names directly we can avoid having to call EC_curve_nist2nid in libssl, which is not available in a no-ec build. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
* Make supported_groups code independent of EC and DHMatt Caswell2021-02-051-6/+21
| | | | | | | | | | The supported groups code was checking the OPENSSL_NO_EC and OPENSSL_NO_DH guards in order to work, and the list of default groups was based on those guards. However we now need it to work even in a no-ec and no-dh build, because new groups might be added from providers. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
* Ensure default supported groups works even with no-ec and no-dhMatt Caswell2021-02-051-16/+30
| | | | | | | | | | The default supported groups code was disabled in the event of a build with no-ec and no-dh. However now that providers can add there own groups (which might not fit into either of these categories), this is no longer appropriate. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
* Remove OPENSSL_NO_DH guards from libsslMatt Caswell2021-02-051-1/+1
| | | | | | | | | | | This removes man unnecessary OPENSSL_NO_DH guards from libssl. Now that libssl is entirely using the EVP APIs and implementations can be plugged in via providers it is no longer needed to disable DH at compile time in libssl. Instead it should detect at runtime whether DH is available from the loaded providers. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
* Remove some TODO(OpenSSL1.2) referencesMatt Caswell2021-02-041-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | We had a couple of stray references to OpenSSL1.2 in libssl. We just reword the comments to remove those references without changing any behaviour. The first one in t1_lib.c is a technical non-compliance in the TLSv1.3 spec where, under some circumstances, we offer DSA sigalgs even in a ClientHello that eventually negotiates TLSv1.3. We explicitly chose to accept this behaviour in 1.1.1 and we're not planning to change it for 3.0. The second one in s3_lib.c is regarnding the behaviour of SSL_set_tlsext_host_name(). Technically you shouldn't be able to call this from a server - but we allow it and just ignore it rather than raising an error. The TODO suggest we consider raising an error instead. However, with 3.0 we are trying to minimise breaking changes so I suggest not making this change now. Fixes #13161 Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/14037)
* Update copyright yearRichard Levitte2021-01-281-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
* Add EVP_PKEY functions to get EC conv form and field typeMatt Caswell2021-01-261-15/+9
| | | | | | | | | libssl at the moment downgrades an EVP_PKEY to an EC_KEY object in order to get the conv form and field type. Instead we provide EVP_PKEY level functions to do this. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13139)
* Deprecate EC_KEY + Update ec apps to use EVP_PKEYShane Lontis2021-01-261-14/+21
| | | | | | | | | Co-author: Richard Levitte <levitte@openssl.org> Co-author: Tomas Mraz <tmraz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13139)
* Adding TLS group name retrievalMichael Baentsch2021-01-081-1/+1
| | | | | | | | | | | | | Function SSL_group_to_name() added, together with documentation and tests. This now permits displaying names of internal and external provider-implemented groups. Partial fix of #13767 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13785)
* TLS: Use EVP_PKEY_get_group_name() to get the group nameRichard Levitte2020-12-081-15/+15
| | | | | | | | | | For the moment, we translate the result to a NID, because that's still used in several locations in libssl. Future development should change all the internals to be name based instead. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13436)
* EVP: constify the EVP_PKEY_get_*_param() argument |pkey|Richard Levitte2020-12-081-2/+0
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13436)
* Fix builds that specify both no-dh and no-ecMatt Caswell2020-11-301-9/+2
| | | | | | | | | | | | Various sections of code assumed that at least one of dh or ec would be available. We also now also need to handle cases where a provider has a key exchange algorithm and TLS-GROUP that we don't know about. Fixes #13536 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13549)
* Move some libssl global variables into SSL_CTXMatt Caswell2020-11-231-2/+2
| | | | | | | | | | | | | | | disabled_enc_mask et al were global. Now that cipher loading is done individually for each SSL_CTX, based on the libctx configured for that SSL_CTX this means that some things will be disabled for one SSL_CTX but not for another. The global variables set up the potential for different SSL_CTXs to trample on each other. We move these variables into the SSL_CTX structure. Fixes #12040 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13465)
* Convert TLS auto DH parameters to use EVP_PKEYMatt Caswell2020-11-181-20/+31
| | | | | | | | Previously a DH object was constructed and then assigned to an EVP_PKEY. Instead we now construct the EVP_PKEY directly instead. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13368)
* SSL: refactor all SSLfatal() callsRichard Levitte2020-11-111-29/+14
| | | | | | | | | Since SSLfatal() doesn't take a function code any more, we drop that argument everywhere. Also, we convert all combinations of SSLfatal() and ERR_add_data() to an SSLfatal_data() call. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13316)
* Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() callRichard Levitte2020-11-111-25/+23
| | | | | | | This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13316)
* Rename EVP_MAC_size() to EVP_MAC_CTX_get_mac_size().Shane Lontis2020-10-221-1/+1
| | | | | | | Fixes #11320 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13116)
* Concentrate deprecated libssl API usage in one fileMatt Caswell2020-10-161-26/+7
| | | | | | | | | | | | | | | | | We create a new file ssl/tls_depr.c to contain functions that need to call deprecated APIs in libssl. This enables us to remove OPENSSL_SUPPRESS_DEPRECATED from a number of other libssl files. The deprecated API usage is either related to ENGINEs and is needed to continue to support applications that use such ENGINEs. Or they are needed to support some deprecated public libssl APIs. One other file remains in libssl that still uses deprecated APIs: s3_cbc.c This is needed to support the deprecated SSLv3. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13135)
* Define OSSL_CAPABILITY_TLS_GROUP_IS_KEMNicola Tuveri2020-10-141-0/+8
| | | | | | | | Note that with this commit the optional parameter is introduced, but libssl still ignores it. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13018)
* Fix ssl_hmac_new() so that it uses the propqShane Lontis2020-09-231-1/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12944)
* Fix safestack issues in x509.hMatt Caswell2020-09-131-3/+0
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
* Fix safestack issues in ssl.hMatt Caswell2020-09-131-1/+0
| | | | | | | | | | | | | | | | | | | | | We fix 3 problems with safestack: - Including an openssl header file without linking against libcrypto can cause compilation failures (even if the app does not otherwise need to link against libcrypto). See issue #8102 - Recent changes means that applications in no-deprecated builds will need to include additional macro calls in the source code for all stacks that they need to use - which is an API break. This changes avoids that necessity. - It is not possible to write code using stacks that works in both a no-deprecated and a normal build of OpenSSL. See issue #12707. Fixes #12707 Contains a partial fix for #8102. A similar PR will be needed for hash to fully fix. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
* Revert "The EVP_MAC functions have been renamed for consistency. The ↵Matt Caswell2020-07-161-4/+4
| | | | | | | | | | | | | | EVP_MAC_CTX_*" The commit claimed to make things more consistent. In fact it makes it less so. Revert back to the previous namig convention. This reverts commit d9c2fd51e2e278bc3f7793a104ff7b4879f6d63a. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12186)
* Fix an incorrect error flow in add_provider_groupsMatt Caswell2020-07-081-1/+1
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12292)
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-19 23:06:53 +0000