Commit Graph

28172 Commits

Author SHA1 Message Date
Shane Lontis
47c076acfc Fix external symbols in the provider digest implementations.
Partial fix for #12964

This adds ossl_ names for the following symbols:

blake2b512_init,blake2b_final,blake2b_init,blake2b_init_key,
blake2b_param_init,blake2b_param_set_digest_length,blake2b_param_set_key_length,
blake2b_param_set_personal,blake2b_param_set_salt,blake2b_update,
blake2s256_init,blake2s_final,blake2s_init,blake2s_init_key,
blake2s_param_init,blake2s_param_set_digest_length,blake2s_param_set_key_length,
blake2s_param_set_personal,blake2s_param_set_salt,blake2s_update,
digest_default_get_params,digest_default_gettable_params

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14211)
2021-02-18 21:14:32 +10:00
zekeevans-mf
bcb61b39b4 Add deep copy of propq field in mac_dupctx to avoid double free
mac_dupctx() should make a copy of the propq field. Currently it
does a shallow copy which can result in a double free and crash.
The double free occurs when using a provider property string.
For example, passing in "fips=no" to SSL_CTX_new_ex() causes the
propq field to get set to that value. When mac_dupctx() and
mac_freectx() is called (ie: in SSL_write()) it ends up freeing
the reference of the original object instead of a copy.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13926)
2021-02-18 12:11:53 +01:00
Sahana Prasad
5d8ffebbcd DH: Make DH_bits(), DH_size(), and DH_security_bits() check that there are key parameters
Fixes #13569
Signed-off-by: Sahana Prasad <sahana@redhat.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13955)
2021-02-18 12:04:35 +01:00
Dr. David von Oheimb
0b3139e815 chain_build(): Call verify_cb_cert() if a preliminary error has become final
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14157)
2021-02-18 11:22:36 +01:00
Tomas Mraz
ba37b82045 dsa_check: Perform simple parameter check if seed is not available
Added primality check on p and q in the ossl_ffc_params_simple_validate().
Checking for p and q sizes in the default provider is made more
lenient.
Added two testcases for invalid parameters.

Fixes #13950

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14148)
2021-02-18 11:02:26 +01:00
Dmitry Belyavskiy
ebcaf110b2 DSA parameter check using pkeyparam
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14148)
2021-02-18 11:02:25 +01:00
Shane Lontis
e36b3c2f75 Fix external symbols in the provider cipher implementations.
Partial fix for #12964

This add ossl_ names for the following symbols.

chacha20_dinit, chacha20_einit, chacha20_initctx,
ccm_cipher, ccm_dinit, ccm_einit, ccm_generic_auth_decrypt, ccm_generic_auth_encrypt,
ccm_generic_gettag, ccm_generic_setaad, ccm_generic_setiv, ccm_get_ctx_params,
ccm_initctx, ccm_set_ctx_params, ccm_stream_final, ccm_stream_update
gcm_aad_update, gcm_cipher, gcm_cipher_final, gcm_cipher_update
gcm_dinit, gcm_einit, gcm_get_ctx_params, gcm_initctx, gcm_one_shot
gcm_set_ctx_params, gcm_setiv, gcm_stream_final, gcm_stream_update
tdes_dinit, tdes_dupctx, tdes_einit, tdes_freectx
tdes_get_ctx_params, tdes_gettable_ctx_params, tdes_newctx
PROV_CIPHER_HW_des_*,
padblock, unpadblock, tlsunpadblock, fillblock, trailingdata

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14209)
2021-02-18 19:32:20 +10:00
Dr. David von Oheimb
adc11e1b9c x509_vfy: fix mem leaks in chain_build() on malloc error Coverify CID 1473068
Fixes: Variable "sk_untrusted" going out of scope leaks the storage it points to.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14187)
2021-02-17 17:37:13 +01:00
Dr. David von Oheimb
b51bed05c2 apps/cmp.c: Improve initialization of ext_ctx structure w.r.t. CSR
Also improve doc how the -reqexts option affects the CSR given with the -csr option.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14181)
2021-02-17 17:13:32 +01:00
Dr. David von Oheimb
d44a8a16c8 apps/ca.c: Make sure ext_ctx structure gets initialized
Fixes #14175

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14181)
2021-02-17 17:13:32 +01:00
Tomas Mraz
fe75766c9c Rename OSSL_ENCODER_CTX_new_by_EVP_PKEY and OSSL_DECODER_CTX_new_by_EVP_PKEY
Additional renames done in encoder and decoder implementation
to follow the style.

Fixes #13622

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14155)
2021-02-17 15:26:12 +01:00
Richard Levitte
e5ac413b2d Fix backward incompatibility revolving around OSSL_HTTP_REQ_CTX_sendreq_d2i()
The OSSL_HTTP_REQ_CTX API has a few changes compared to the older
OCSP_REQ_CTX API which are not quite obvious at first sight.

The old OCSP_REQ_CTX_nbio_d2i() took three arguments, of which one is
an output argument, and return an int, while the newer
OSSL_HTTP_REQ_CTX_sendreq_d2i() returns the value directly and thereby
takes one less argument.

The mapping from the old to the new wasn't quite right, this corrects
it, along with a couple of X509 macros that needed the same kind of
fix.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14196)
2021-02-17 14:37:20 +01:00
Nicola Tuveri
3a962b2093 [doc/man3][OSSL_ENCODER] Move NOTES to the bottom
For consistency with `OSSL_DECODER.pod`, and `man-pages(7)`, the `NOTES`
section is moved at the end of the file.

According to `man-pages(7)` the recommended section order is:

> NAME
> SYNOPSIS
> CONFIGURATION      [Normally only in Section 4]
> DESCRIPTION
> OPTIONS            [Normally only in Sections 1, 8]
> EXIT STATUS        [Normally only in Sections 1, 8]
> RETURN VALUE       [Normally only in Sections 2, 3]
> ERRORS             [Typically only in Sections 2, 3]
> ENVIRONMENT
> FILES
> VERSIONS           [Normally only in Sections 2, 3]
> CONFORMING TO
> NOTES
> BUGS
> EXAMPLE
> SEE ALSO

This commit does not attempt to fix the order in all pages but focuses
only on `OSSL_ENCODER` which has a "twin" man page in `OSSL_DECODER`,
making the inconsistent section order quite jarring.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13932)
2021-02-17 13:20:46 +02:00
Nicola Tuveri
851b06b705 [doc/man3] Fix typo in DESCRIPTION of OSSL_ENCODER_properties
This commit fixes the DECSCRIPTION section of doc/man3/OSSL_ENCODER.pod,
where `OSSL_ENCODER_properties` was incorrectly referred to as
`OSSL_ENCODER_provider`.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13932)
2021-02-17 13:20:46 +02:00
Pauli
68883d9db8 doc: document the two new RAND functions
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14162)
2021-02-17 13:10:49 +10:00
Pauli
335e85f542 rand: update DRBGs to use the get_entropy call for seeding
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14162)
2021-02-17 13:10:49 +10:00
Pauli
78436fd146 core: add get_entropy and clear_entropy calls to RAND
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14162)
2021-02-17 13:10:49 +10:00
Pauli
e2730b8426 RNG test: add get_entropy hook for testing.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14162)
2021-02-17 13:10:49 +10:00
Pauli
9ed185a926 RNG seed: add get_entropy hook for seeding.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14162)
2021-02-17 13:10:49 +10:00
Pauli
381289f6c7 err: generated error files
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14162)
2021-02-17 13:10:49 +10:00
Pauli
79d68c4fb4 test: DRBG test with long seed.
Fixes: #14101

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14162)
2021-02-17 13:10:49 +10:00
Petr Gotthard
574ca403c8 Replace SSL_CTX_new by SSL_CTX_new_ex in apps/s_server + s_client
The `openssl s_server` and `openssl s_client` currently ignore
the `-propquery` parameter. Fix patch fixes this.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14195)
2021-02-17 11:17:54 +10:00
Petr Gotthard
5b888e931b Fix propquery handling in EVP_DigestSignInit_ex
Fixes #14183. Fix the condition to detect legacy engines, so the
`props` are considered even when libctx == NULL.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14188)
2021-02-17 11:09:46 +10:00
Richard Levitte
55e9d8cfff TEST: Add missing initialization
Compiler complained.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14204)
2021-02-16 20:02:24 +01:00
Matt Caswell
c913dbd716 Update CHANGES and NEWS for new release
Reviewed-by: Richard Levitte <levitte@openssl.org>
2021-02-16 12:33:13 +00:00
Matt Caswell
c9fb704cf3 Don't overflow the output length in EVP_CipherUpdate calls
CVE-2021-23840

Reviewed-by: Paul Dale <pauli@openssl.org>
2021-02-16 11:40:12 +00:00
Matt Caswell
c1ddd392cf Fix rsa_test to properly test RSA_SSLV23_PADDING
We test all three cases:
- An SSLv2 only client talking to a TLS capable server
- A TLS capable client talking to an SSLv2 only server
- A TLS capable client talking to a TLS capable server (should fail due
to detecting a rollback attack)

Reviewed-by: Paul Dale <pauli@openssl.org>
2021-02-16 11:36:19 +00:00
Matt Caswell
d9461cbe87 Fix the RSA_SSLV23_PADDING padding type
This also fixes the public function RSA_padding_check_SSLv23.

Commit 6555a89 changed the padding check logic in RSA_padding_check_SSLv23
so that padding is rejected if the nul delimiter byte is not immediately
preceded by at least 8 bytes containing 0x03. Prior to that commit the
padding is rejected if it *is* preceded by at least 8 bytes containing 0x03.

Presumably this change was made to be consistent with what it says in
appendix E.3 of RFC 5246. Unfortunately that RFC is in error, and the
original behaviour was correct. This is fixed in later errata issued for
that RFC.

This has no impact on libssl for modern versions of OpenSSL because
there is no protocol support for SSLv2 in these versions. However
applications that call RSA_paddin_check_SSLv23 directly, or use the
RSA_SSLV23_PADDING mode may still be impacted. The effect of the original
error is that an RSA message encrypted by an SSLv2 only client will fail to
be decrypted properly by a TLS capable server, or a message encrypted by a
TLS capable client will fail to decrypt on an SSLv2 only server. Most
significantly an RSA message encrypted by a TLS capable client will be
successfully decrypted by a TLS capable server. This last case should fail
due to a rollback being detected.

Thanks to D. Katz and Joel Luellwitz (both from Trustwave) for reporting
this issue.

CVE-2021-23839

Reviewed-by: Paul Dale <pauli@openssl.org>
2021-02-16 11:36:18 +00:00
Matt Caswell
4357b6174a Refactor rsa_test
Reduce code copying by factoring out common code into a separate function.

Reviewed-by: Paul Dale <pauli@openssl.org>
2021-02-16 11:36:18 +00:00
Matt Caswell
55869f594f Test that X509_issuer_and_serial_hash doesn't crash
Provide a certificate with a bad issuer and check that
X509_issuer_and_serial_hash doesn't crash.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
2021-02-16 11:32:32 +00:00
Matt Caswell
8130d654d1 Fix Null pointer deref in X509_issuer_and_serial_hash()
The OpenSSL public API function X509_issuer_and_serial_hash() attempts
to create a unique hash value based on the issuer and serial number data
contained within an X509 certificate. However it fails to correctly
handle any errors that may occur while parsing the issuer field (which
might occur if the issuer field is maliciously constructed). This may
subsequently result in a NULL pointer deref and a crash leading to a
potential denial of service attack.

The function X509_issuer_and_serial_hash() is never directly called by
OpenSSL itself so applications are only vulnerable if they use this
function directly and they use it on certificates that may have been
obtained from untrusted sources.

CVE-2021-23841

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
2021-02-16 11:32:32 +00:00
Tomas Mraz
c9e955dd50 Do not match RFC 5114 groups without q as it is significant
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14189)
2021-02-16 10:12:02 +00:00
Beat Bolli
62829f9f26 README-ENGINES: fix the link to the provider API README
Signed-off-by: Beat Bolli <dev@drbeat.li>

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/14173)
2021-02-15 19:33:53 +01:00
Matt Caswell
9dc9c7f2d7 Document the newly added function EVP_PKEY_param_check_quick()
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14146)
2021-02-15 14:25:37 +10:00
Matt Caswell
0217e53e33 Fix the dhparam_check test
genpkey can sometimes create files that fail "openssl dhparam -check". See
issue #14145. We had some instances of such invalid files in the
dhparam_check test. Now that "openssl dhparam -check" has been fixed to
work the same way as it did in 1.1.1 these tests were failing. We move the
invalid files inot the "invalid" directory. A future PR will have to fix
genpkey to not generate invalid files.

We also remove a "SKIP" block that was skipping tests in a no deprecated
build unnecessarily. Nothing being tested is deprecated.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14146)
2021-02-15 14:17:36 +10:00
Matt Caswell
899e25643d Implement EVP_PKEY_param_check_quick() and use it in libssl
The low level DH API has two functions for checking parameters:
DH_check_ex() and DH_check_params_ex(). The former does a "full" check,
while the latter does a "quick" check. Most importantly it skips the
check for a safe prime. We're ok without using safe primes here because
we're doing ephemeral DH.

Now that libssl is fully using the EVP API, we need a way to specify that
we want a quick check instead of a full check. Therefore we introduce
EVP_PKEY_param_check_quick() and use it.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14146)
2021-02-15 14:17:36 +10:00
Matt Caswell
aee73562d1 Run DH_check_ex() not DH_check_params_ex() when checking params
Both DH_check_ex() and DH_check_params_ex() check the parameters.
DH_check_ex() performs a more complete check, while DH_check_params_ex()
performs a lightweight check. In 1.1.1 EVP_PKEY_param_check() would call
DH_check_ex() for DH keys. For backwards compatibility we should continue
with that behaviour.

Fixes #13501

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14146)
2021-02-15 14:17:36 +10:00
Benjamin Kaduk
93e43f4c47 RSA: avoid dereferencing possibly-NULL parameter in initializers
Fix CID 1472835: the explicit NULL check for prsactx is useless when
we have already dereferenced it in the initializers.

Move the actual initialization to the function body to get the
logic sequenced properly.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14160)
2021-02-15 14:12:31 +10:00
Benjamin Kaduk
63ae847679 x509_vfy: remove redundant stack allocation
Fix CID 1472833 by removing a codepath that attempts to allocate a
stack if not already allocated, when the stack was already allocated
unconditionally a few lines previously.

Interestingly enough, this additional allocation path (and the comment
describing the need for it) were added in commit
69664d6af0, also prompted by Coverity(!).
It seems that the intervening (and much more recent) commit
d53b437f99 that allowed sk_X509_dup()
to accept a NULL argument allowed the earlier initialization path
to unconditionally allocate a stack, rendering this later allocation fully
redundant.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14161)
2021-02-15 14:08:28 +10:00
Shane Lontis
99c166a1b0 Add docs for ASN1_item_sign and ASN1_item_verify functions
This is to address part of issue #13192.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13373)
2021-02-15 11:18:13 +10:00
Pauli
09c77b87ae Remove an unnecessary free call.
64954e2f34 (r47045920)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14165)
2021-02-14 16:50:04 +10:00
Shane Lontis
8a43091bc7 Remove dead code in rsa_pkey_ctrl.
Fixes CID #1472393

Previously this switch handled CMS & PCKS7 controls (e.g ANS1_PKEY_CTRL_PKCS7_SIGN)
which fell thru to the dead code to set the X509_ALG.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14163)
2021-02-14 16:48:48 +10:00
Disconnect3d
bae3916340 passwd.c: use the actual ROUNDS_DEFAULT macro
Before this commit, the `ROUNDS_DEFAULT` macro was not used at all, while defined in the source code.
Instead, a `unsigned int rounds = 5000;` was set, which uses the same value.

This commit changes the `5000` to `ROUNDS_DEFAULT`.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14156)
2021-02-13 13:45:26 +10:00
Jay Satiro
70f2364882 NOTES-WINDOWS: fix typo
CLA: trivial

(cherry picked from commit fb97b8e8a5)

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/14042)
2021-02-12 20:41:58 +01:00
Dr. Matthias St. Pierre
a0ca1eed24 Add a skeleton README-PROVIDERS file
The current content of this README file are just meant to be a
starting point and an incentive to add more. Most of the text
was borrowed from the [OpenSSL 3.0 Wiki], which is the reason
why a added Matt as co-author. To be continued...

[OpenSSL 3.0 Wiki]: https://wiki.openssl.org/index.php/OpenSSL_3.0

Co-authored-by: Matt Caswell <matt@openssl.org>

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14042)
2021-02-12 20:41:58 +01:00
Dr. Matthias St. Pierre
d507436a26 Add deprecation note to the README-ENGINES file
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14042)
2021-02-12 20:41:32 +01:00
Dr. Matthias St. Pierre
4148581eb2 Unify the markdown links to the NOTES and README files
In many locations, the files have been converted to markdown
syntactically, but don't utilize the power of markdown yet.
Here, instead of just repeating the file name, the markdown link
now shows the title of the document.

Additionally, the notes are now reference in the same order in both
the README and the INSTALL file.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14042)
2021-02-12 20:41:32 +01:00
Dr. Matthias St. Pierre
dc589daec8 Reformat some NOTES and README files
Formatting is still very mixed in the NOTES and README files.
This commit tries to make formatting more consistent with the one
introduced in pull request #10545.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14042)
2021-02-12 20:41:27 +01:00
Dr. Matthias St. Pierre
9f1fe6a950 Revise some renamings of NOTES and README files
Some of the notes and readme files have been converted to markdown
format recently and renamed during this process. While adding the
.md extension was a natural step, switching to mixed cases was not
a change to the better, it gives them a ragged appearance:

     NOTES.ANDROID  => NOTES-Android.md
     NOTES.DJGPP    => NOTES-DJGPP.md
     NOTES.PERL     => NOTES-Perl.md
     NOTES.UNIX     => NOTES-Unix.md
     NOTES.VMS      => NOTES-VMS.md
     NOTES.VALGRIND => NOTES-Valgrind.md
     NOTES.WIN      => NOTES-Windows.txt
     README.ENGINE  => README-Engine.md
     README.FIPS    => README-FIPS.md

Moreover, the NOTES-Windows.txt file is the only file which has been
converted to markdown but has received a .txt file extension.
This doesn't make sense, because the OpenSSL users on Windows will
need to read the other markdown documents as well. Since they are
developers, we can trust them to be able to associate their favorite
editor with the .md extension.

In fact, having a comment at the beginning of the file saying that it
is in markdown format but we didn't dare to add the correct extension
in order not to overwhelm our Windows users can be interpreted either
as unintentionally funny or disrespectful ;-)

This commit suggests the following more consistent renaming:

     NOTES.ANDROID  => NOTES-ANDROID.md
     NOTES.DJGPP    => NOTES-DJGPP.md
     NOTES.PERL     => NOTES-PERL.md
     NOTES.UNIX     => NOTES-UNIX.md
     NOTES.VMS      => NOTES-VMS.md
     NOTES.VALGRIND => NOTES-VALGRIND.md
     NOTES.WIN      => NOTES-WINDOWS.md
     README.ENGINE  => README-ENGINES.md
     README.FIPS    => README-FIPS.md

(note the plural in README-ENGINES, anticipating a README-PROVIDERS)

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14042)
2021-02-12 20:35:26 +01:00
Tomas Mraz
9ff5bd612a ssl_test: Add testcases for disallowing non-TLS1.3 curves with TLS1.3
Also correctly mark max protocol version for some curves.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14154)
2021-02-12 19:05:17 +01:00