Commit Graph

276 Commits

Author SHA1 Message Date
Pauli
4e7991b497 Change OSSL_PARAM return size to not be a pointer.
Instead of referencing the return size from the OSSL_PARAM structure, make the
size a field within the structure.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9135)
2019-06-24 14:43:55 +10:00
Pauli
32ee452496 Remove OPENSSL_memcmp.
After avoiding OPENSSL_memcmp for EC curve comparison, there are no remaining
uses in the source code.  The function is only defined in an internal header
and thus should be safe to remove for 3.0.0.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9207)
2019-06-21 10:03:55 +10:00
Matt Caswell
52b18ce104 Add the function OPENSSL_thread_stop_ex()
This adds the ability to clean up a thread on a per OPENSSL_CTX basis.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9040)
2019-06-17 16:19:44 +01:00
Matt Caswell
7bc081dda3 Create BN_CTX_new_ex() and BN_CTX_secure_new_ex()
These variants of BN_CTX_new() and BN_CTX_secure_new() enable passing
an OPENSSL_CTX so that we can access this where needed throughout the
BIGNUM sub library.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9130)
2019-06-12 09:16:43 +01:00
Shane Lontis
83b4a24384 Make EVP_MD_CTX_ctrl() work for legacy use cases (ssl3).
This is still required currently by engines and digestsign/digestverify.
This PR contains merged in code from Richard Levitte's PR #9126.

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9103)
2019-06-11 20:25:33 +10:00
Matt Caswell
da0d114cd9 Convert drbg_lib to use OPENSSL_CTX for its global data
In preparation for moving the RAND code into the FIPS module we make
drbg_lib.c OPENSSL_CTX aware.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9039)
2019-06-07 12:04:34 +01:00
Kurt Roeckx
be5fc053ed Replace EVP_MAC_CTX_copy() by EVP_MAC_CTX_dup()
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
GH: #7651
2019-06-06 17:41:41 +02:00
Shane Lontis
d5e5e2ffaf Move digests to providers
Move digest code into the relevant providers (fips, default, legacy).
The headers are temporarily moved to be internal, and will be moved
into providers after all external references are resolved. The deprecated
digest code can not be removed until EVP_PKEY (signing) is supported by
providers. EVP_MD data can also not yet be cleaned up for the same reasons.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8763)
2019-06-04 12:09:50 +10:00
Andreas Kretschmer
8869ad4a39 Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL
Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712)

CMP and CRMF API is added to libcrypto, and the "cmp" app to the openssl CLI.
    Adds extensive man pages and tests.  Integration into build scripts.

Incremental pull request based on OpenSSL commit 1362190b1b of 2018-09-26

3rd chunk: CMP ASN.1 structures (in crypto/cmp/cmp_asn.c) and related files

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8669)
2019-05-30 11:18:52 +01:00
Shane Lontis
6aa2e59e1c Add d2i_KeyParams/i2d_KeyParams API's.
Convert EVP_PKEY Parameters to/from binary.
This wraps the low level i2d/d2i calls for DH,DSA and EC key parameters
in a similar way to Public and Private Keys.
The API's can be used by applications (including openssl apps) that only
want to use EVP_PKEY without needing to access low level key API's.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8903)
2019-05-27 21:55:10 +10:00
Richard Levitte
538f38db50 Clear CRMF vs CMP confusion
In the development of the CRMF sub-system, there seems to have been
some confusion as to what configuration option should be used.
'no-crmf' was added, but the C macro guards were using OPENSSL_NO_CMP
rather than OPENSSL_NO_CRMF...

In fact, we want 'no-cmp', but since the CRMF code is part of CMP, we
need 'no-crmf' to depend on 'no-cmp'.  We do this by making 'crmf' a
silent "option" that get affected by 'cmp' by way of %disable_cascades.
This allows options to be "aliases" for a set of other ones, silent or
not.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8897)
2019-05-20 16:19:00 +02:00
Shane Lontis
ff8029c189 Added generated files for EVP_KDF changes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8808)
2019-05-03 17:52:50 +02:00
Richard Levitte
0109e030db Add a way for the application to get OpenSSL configuration data
OpenSSL_version(OPENSSL_DIR) gives you a nicely formatted string for
display, but if all you really want is the directory itself, you were
forced to parsed the string.

This introduces a new function to get diverse configuration data from
the library, OPENSSL_info().  This works the same way as
OpenSSL_version(), but has its own series of types, currently
including:

OPENSSL_INFO_CONFIG_DIR         returns OPENSSLDIR
OPENSSL_INFO_ENGINES_DIR        returns ENGINESDIR
OPENSSL_INFO_MODULES_DIR        returns MODULESDIR
OPENSSL_INFO_DSO_EXTENSION      returns DSO_EXTENSION

OPENSSL_INFO_DIR_FILENAME_SEPARATOR     returns directory/filename separator
OPENSSL_INFO_LIST_SEPARATOR             returns list separator

For scripting purposes, this also adds the command 'openssl info'.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8709)
2019-04-23 15:51:39 +02:00
Matt Caswell
718b133a53 Implement AES CBC ciphers in the default provider
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)
2019-04-19 09:31:54 +01:00
Matt Caswell
df05f2ce6d Make EVP_Encrypt*/EVP_Decrypt* and EVP_Cipher* provider aware
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)
2019-04-19 09:31:54 +01:00
Matt Caswell
fd367b4ce3 Deprecate AES_ige_encrypt() and AES_bi_ige_encrypt()
These undocumented functions were never integrated into the EVP layer
and implement the AES Infinite Garble Extension (IGE) mode and AES
Bi-directional IGE mode. These modes were never formally standardised
and usage of these functions is believed to be very small. In particular
AES_bi_ige_encrypt() has a known bug. It accepts 2 AES keys, but only
one is ever used. The security implications are believed to be minimal,
but this issue was never fixed for backwards compatibility reasons.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8710)
2019-04-12 14:22:41 +01:00
Shane Lontis
8402cd5f75 added code to validate EC named curve parameters
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8555)
2019-04-11 12:05:38 +03:00
Paul Yang
ccf453610f Make X509_set_sm2_id consistent with other setters
This commit makes the X509_set_sm2_id to 'set0' behaviour, which means
the memory management is passed to X509 and user doesn't need to free
the sm2_id parameter later. API name also changes to X509_set0_sm2_id.

Document and test case are also updated.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8626)
2019-04-09 20:44:42 +08:00
Richard Levitte
195852fefc Params: add OSSL_PARAM_construct_end()
OSSL_PARAM_END is a macro that can only be used to initialize an
OSSL_PARAM array, not to assign an array element later on.  For
completion, we add an end constructor to facilitate that kind of
assignment.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8704)
2019-04-09 11:18:26 +02:00
Richard Levitte
cb92964563 EVP_set_default_properties(): New function to set global properties
EVP_MD_fetch() can be given a property query string.  However, there
are cases when it won't, for example in implicit fetches.  Therefore,
we also need a way to set a global property query string to be used in
all subsequent fetches.  This also applies to all future algorithm
fetching functions.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8681)
2019-04-05 15:43:37 +02:00
Matt Caswell
3653d0c224 Implement EVP_MD_fetch()
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)
2019-03-21 09:23:38 +00:00
Dmitry Belyavskiy
229f7b38f0 Providing missing accessor to EVP_PKEY.engine
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8329)
2019-03-19 10:42:33 +00:00
Matt Caswell
4acd79ff46 Guard some SM2 functions with OPENSSL_NO_SM2
Fixes the no-ec build

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8481)
2019-03-15 10:12:36 +00:00
杨洋
8267becb8b Support SM2 certificate verification
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8321)
2019-03-13 15:29:39 +08:00
Pauli
eabf91cd11 generated files
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8451)
2019-03-12 19:14:50 +01:00
David von Oheimb
a61b7f2fa6 2nd chunk: CRMF code (crypto/crmf/, ) and its integration
in INSTALL, Configure, crypto/build.info, include/openssl/crmferr.h,
crypto/err/, include/openssl/err.h, and (to be updated:) util/libcrypto.num

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7646)
2019-03-12 12:26:06 +00:00
Richard Levitte
3374dc03ed Replumbing: New public API to load or add providers
Adding a provider means creating an internal provier object and adding
it to the store.  This allows the addition of built in providers, be it
in the OpenSSL libraries or in any application.

"Loading" a provider is defined broadly.  A built in provider is already
"loaded" in essence and only needs activating, while a provider in a
dynamically loadable module requires actually loading the module itself.
In this API, "loading" a provider does both.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8287)
2019-03-11 20:40:13 +01:00
Richard Levitte
2390c573aa Add generic trace API
The idea is that the application shall be able to register output
channels or callbacks to print tracing output as it sees fit.

OpenSSL internals, on the other hand, want to print thoses texts using
normal printing routines, such as BIO_printf() or BIO_dump() through
well defined BIOs.

When the application registers callbacks, the tracing functionality
sets up an internal BIO that simply forwards received text to the
appropriate application provided callback.

Co-authored-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8198)
2019-03-06 11:15:13 +01:00
Richard Levitte
fa4d419c25 Add BN_native2bn and BN_bn2nativepad, for native BIGNUM import/export
These are a couple of utility functions, to make import and export of
BIGNUMs to byte strings in platform native for (little-endian or
big-endian) easier.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8346)
2019-02-26 22:44:48 +01:00
Pauli
3037d0aadf generated files
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8224)
2019-02-18 13:28:14 +10:00
Richard Levitte
d64b62998b Add an OpenSSL library context
The context builds on CRYPTO_EX_DATA, allowing it to be dynamically
extended with new data from the different parts of libcrypto.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8225)
2019-02-16 00:29:42 +01:00
Richard Levitte
e17f5b6a6b Add CRYPTO_alloc_ex_data()
This allows allocation of items at indexes that were created after the
CRYPTO_EX_DATA variable was initialized, using the exact same method
that was used then.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8225)
2019-02-16 00:29:20 +01:00
David Asraf
fa1f030610 Add EC_GROUP_get0_field
New function to return internal pointer for field.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8195)
2019-02-15 16:43:18 +02:00
David Makepeace
5a285addbf Added new EVP/KDF API.
Changed PKEY/KDF API to call the new API.
Added wrappers for PKCS5_PBKDF2_HMAC() and EVP_PBE_scrypt() to call the new EVP KDF APIs.
Documentation updated.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6674)
2019-02-13 12:11:49 +01:00
Antonio Iacono
e85d19c68e crypto/cms: Add support for CAdES Basic Electronic Signatures (CAdES-BES)
A CAdES Basic Electronic Signature (CAdES-BES) contains, among other
specifications, a collection of  Signing Certificate reference attributes,
stored in the signedData ether as ESS signing-certificate or as
ESS signing-certificate-v2. These are described in detail in Section 5.7.2
of RFC 5126 - CMS Advanced Electronic Signatures (CAdES).

This patch adds support for adding  ESS signing-certificate[-v2] attributes
to CMS signedData. Although it implements only a small part of the RFC, it
is sufficient many cases to enable the `openssl cms` app to create signatures
which comply with legal requirements of some European States (e.g Italy).

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7893)
2019-01-27 23:59:21 +01:00
Ping Yu
9f5a87fd66 add an additional async notification communication method based on callback
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Signed-off-by: Ping Yu <ping.yu@intel.com>
Signed-off-by: Steven Linsell <stevenx.linsell@intel.com>

(Merged from https://github.com/openssl/openssl/pull/7573)
2019-01-27 12:27:17 +00:00
Viktor Dukhovni
df1f538f28 More configurable crypto and ssl library initialization
1.  In addition to overriding the default application name,
    one can now also override the configuration file name
    and flags passed to CONF_modules_load_file().

2.  By default we still keep going when configuration file
    processing fails.  But, applications that want to be strict
    about initialization errors can now make explicit flag
    choices via non-null OPENSSL_INIT_SETTINGS that omit the
    CONF_MFLAGS_IGNORE_RETURN_CODES flag (which had so far been
    both undocumented and unused).

3.  In OPENSSL_init_ssl() do not request OPENSSL_INIT_LOAD_CONFIG
    if the options already include OPENSSL_INIT_NO_LOAD_CONFIG.

4.  Don't set up atexit() handlers when called with INIT_BASE_ONLY.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7986)
2019-01-07 14:02:28 -05:00
Todd Short
b1ceb439f2 Add RFC5297 AES-SIV support
Based originally on github.com/dfoxfranke/libaes_siv

This creates an SIV128 mode that uses EVP interfaces for the CBC, CTR
and CMAC code to reduce complexity at the cost of perfomance. The
expected use is for short inputs, not TLS-sized records.

Add multiple AAD input capacity in the EVP tests.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3540)
2018-12-12 08:16:10 +10:00
Richard Levitte
d26d2cfe95 Remove all NOEXIST symbols from ordinals files
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7740)
2018-12-07 16:02:17 +01:00
Richard Levitte
3b39185880 make update
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7740)
2018-12-07 16:02:17 +01:00
Richard Levitte
3a63dbef15 Switch to MAJOR.MINOR.PATCH versioning and version 3.0.0-dev
We're strictly use version numbers of the form MAJOR.MINOR.PATCH.
Letter releases are things of days past.

The most central change is that we now express the version number with
three macros, one for each part of the version number:

    OPENSSL_VERSION_MAJOR
    OPENSSL_VERSION_MINOR
    OPENSSL_VERSION_PATCH

We also provide two additional macros to express pre-release and build
metadata information (also specified in semantic versioning):

    OPENSSL_VERSION_PRE_RELEASE
    OPENSSL_VERSION_BUILD_METADATA

To get the library's idea of all those values, we introduce the
following functions:

    unsigned int OPENSSL_version_major(void);
    unsigned int OPENSSL_version_minor(void);
    unsigned int OPENSSL_version_patch(void);
    const char *OPENSSL_version_pre_release(void);
    const char *OPENSSL_version_build_metadata(void);

Additionally, for shared library versioning (which is out of scope in
semantic versioning, but that we still need):

    OPENSSL_SHLIB_VERSION

We also provide a macro that contains the release date.  This is not
part of the version number, but is extra information that we want to
be able to display:

    OPENSSL_RELEASE_DATE

Finally, also provide the following convenience functions:

    const char *OPENSSL_version_text(void);
    const char *OPENSSL_version_text_full(void);

The following macros and functions are deprecated, and while currently
existing for backward compatibility, they are expected to disappear:

    OPENSSL_VERSION_NUMBER
    OPENSSL_VERSION_TEXT
    OPENSSL_VERSION
    OpenSSL_version_num()
    OpenSSL_version()

Also, this function is introduced to replace OpenSSL_version() for all
indexes except for OPENSSL_VERSION:

    OPENSSL_info()

For configuration, the option 'newversion-only' is added to disable all
the macros and functions that are mentioned as deprecated above.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
2018-12-06 12:24:47 +01:00
Richard Levitte
672f943ad6 Switch future deprecation version from 1.2.0 to 3.0
This is in preparation for a switch to MAJOR.MINOR.PATCH versioning
and calling the next major version 3.0.0.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
2018-12-06 12:24:47 +01:00
Antoine Salon
ebfd055b29 Making SRP_user_pwd functions public
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
2018-11-15 10:53:47 +00:00
Antoine Salon
51f03f1227 Added SRP_VBASE_add0_user()
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)
2018-11-15 10:53:47 +00:00
David Woodhouse
ecbb2fca93 Add EVP_PKEY_supports_digest_nid()
Rather than relying only on mandatory default digests, add a way for
the EVP_PKEY to individually report whether each digest algorithm is
supported.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7408)
2018-11-10 03:23:14 +02:00
Richard Levitte
f842b6b2a4 Add convenience functions EVP_str2ctrl() and EVP_hex2ctrl()
These functions are generalizations of EVP_PKEY_CTX_str2ctrl() and
EVP_PKEY_CTX_hex2ctrl().  They will parse the value, and then pass the
parsed result and length to a callback that knows exactly how to pass
them on to a main _ctrl function, along with a context structure
pointer.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7393)
2018-10-29 13:35:19 +01:00
Richard Levitte
567db2c17d Add EVP_MAC API
We currently implement EVP MAC methods as EVP_PKEY methods.  This
change creates a separate EVP API for MACs, to replace the current
EVP_PKEY ones.

A note about this EVP API and how it interfaces with underlying MAC
implementations:

Other EVP APIs pass the EVP API context down to implementations, and
it can be observed that the implementations use the pointer to their
own private data almost exclusively.  The EVP_MAC API deviates from
that pattern by passing the pointer to the implementation's private
data directly, and thereby deny the implementations access to the
EVP_MAC context structure.  This change is made to provide a clearer
separation between the EVP library itself and the implementations of
its supported algorithm classes.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7393)
2018-10-29 13:35:19 +01:00
Antoine Salon
9453b19634 Deprecate ECDH_KDF_X9_62()
Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7345)
2018-10-17 13:22:14 +03:00
Richard Levitte
ab1e5495e4 Move ZLIB from 'platforms' to 'features'
Having it as a 'platform' was conceptually wrong from from the
beginning, and makes decoding more complicated than necessary.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)
2018-10-03 22:16:10 +02:00
Richard Levitte
7e09c5eaa5 Small cleanup (util/mkdef.pl, crypto/bio/bss_log.c, include/openssl/ocsp.h)
BIO_s_log() is declared for everyone, so should return NULL when not
actually implemented.  Also, it had explicit platform limitations in
util/mkdef.pl that didn't correspond to what was actually in code.
While at it, a few other hard coded things that have lost their
relevance were removed.

include/openssl/ocsp.h had a few duplicate declarations.

Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7331)
2018-09-30 19:46:19 +02:00