This also deprecates the function, as it is not necessary any more,
and should fall out of use.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12920)
The NonStop config attributes mean that there's no separate "simple"
and "full" shared library name, they are the same. Because we assumed
that they would always differ, we ended up with this dependency:
libcrypto.so: libcrypto.so
A simple fix was all that was needed to clear that.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12960)
Some compilers / linkers allow arguments to be given in a file instead
of on the command line. We make it possible to specify this by giving
the compiler / linker flag for it, using the config attribute
'shared_argfileflag'.
This currently only impacts the build of shared libraries, as those
are potentially made up of a massive amount of object files, which has
been reported to overwhelm the command line on some platforms.
Fixes#12797
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12960)
ECX_KEY was not meant for public consumption, it was only to be
accessed indirectly via EVP routines. However, we still need internal
access for our decoders.
This partially reverts 7c664b1f1bFixes#12880
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12956)
Also improve credentials loading diagnostics for many apps.
Fixes#12840
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12893)
This streamlines with all other config targets, and draws from the
'sys_id' config attribute.
Fixes#12858
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12933)
Because there are many combinations and much repetition, we add a large
number of templates to cover all aspects, and make the actual config
entries inherit from the templates combined.
Fixes#12858
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12933)
The original names were more intuitive: the generate_counter counts the
number of generate requests, and the reseed_counter counts the number
of reseedings (of the principal DRBG).
reseed_gen_counter -> generate_counter
reseed_prop_counter -> reseed_counter
This is the anologue to commit 8380f453ec on the 1.1.1 stable branch.
The only difference is that the second renaming has already been reverted
on the master branch.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12941)
The removal of certain types of files we structured like this:
-$(RM) `find . {{options}} -print`
This isn't very kind for shells with limited command line lengths
(even when that limit is generous, in our case), so we rewrite those
like this:
-find . {{options}} -exec $(RM) {} \;
Fixes#12938
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12939)
rsa_pss_params_30_fromdata() now uses the OSSL_PKEY_PARAM_RSA_DIGEST_PROPS parameter also.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12944)
This allows a user to confirm that the DRBG their configuration specified is
being used.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12931)
This permits the default trio of DRBGs to have their type and parameters set
using configuration.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12931)
This commit changes the man page for OSSL_DECODER_CTX_new by removing
the OPENSSL_CTX parameter which matches the declaration in decoder.h.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12935)
This is required before the RAND/DRBG framework can be made user mutable.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12904)
CLA: Permission is granted by the author to the OpenSSL team to use these modifications.
Fixes#12918
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12928)
OCSP_basic_sign_ctx() in ocsp_srv.c , does not check for RSA_METHOD_FLAG_NO_CHECK.
If a key has RSA_METHOD_FLAG_NO_CHECK set, OCSP sign operations can fail
because the X509_check_private_key() can fail.
The check for the RSA_METHOD_FLAG_NO_CHECK was moved to crypto/rsa/rsa_ameth.c
as a common place to check. Checks in ssl_rsa.c were removed.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12419)
(cherry picked from commit 56e8fe0b4e)
We are considering using the format "host-nqn controller-nqn" for
psk-id in the NVMe-oF/TCP over TLS spec, it's in the current version,
but openssl's limit was 128 upto now, we need a little longer than that.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12771)
