Commit Graph

9 Commits

Author SHA1 Message Date
Bernd Edlinger
64da15c40d Replace the AES-128-CBC-HMAC-SHA1 cipher in e_ossltest.c
This replaces the AES-128-CBC-HMAC-SHA1 cipher with a
non-encrypting version for use the test suite.

[extended tests]

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16693)
2021-10-06 15:18:10 +02:00
Matt Caswell
5b64ce89b0 Remove OPENSSL_NO_DH guards from libssl
This removes man unnecessary OPENSSL_NO_DH guards from libssl. Now that
libssl is entirely using the EVP APIs and implementations can be plugged
in via providers it is no longer needed to disable DH at compile time in
libssl. Instead it should detect at runtime whether DH is available from
the loaded providers.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
2021-02-05 15:20:36 +00:00
Richard Levitte
4333b89f50 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)
2021-01-28 13:54:57 +01:00
Tomas Mraz
0c8e98e615 Avoid using OSSL_PKEY_PARAM_GROUP_NAME when the key might be legacy
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
2021-01-26 15:26:49 +01:00
Shane Lontis
5b5eea4b60 Deprecate EC_KEY + Update ec apps to use EVP_PKEY
Co-author: Richard Levitte <levitte@openssl.org>
Co-author: Tomas Mraz <tmraz@openssl.org>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
2021-01-26 15:22:14 +01:00
Matt Caswell
163f6dc1f7 Implement a replacement for SSL_set_tmp_dh()
The old function took a DH as a parameter. In the new version we pass
an EVP_PKEY instead. Similarly for the SSL_CTX version of this function.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13368)
2020-11-18 14:14:52 +00:00
Matt Caswell
1b2b475517 Deprecate SSL_CTRL_SET_TMP_DH and other related ctrls
These ctrls pass around a DH object which is now deprecated, so we
deprecate the ctrls themselves.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13368)
2020-11-18 14:14:51 +00:00
Richard Levitte
6849b73ccc Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call
This was done using util/err-to-raise

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13316)
2020-11-11 12:12:11 +01:00
Matt Caswell
301fcb2843 Concentrate deprecated libssl API usage in one file
We create a new file ssl/tls_depr.c to contain functions that need to call
deprecated APIs in libssl. This enables us to remove
OPENSSL_SUPPRESS_DEPRECATED from a number of other libssl files.

The deprecated API usage is either related to ENGINEs and is needed to
continue to support applications that use such ENGINEs. Or they are needed
to support some deprecated public libssl APIs.

One other file remains in libssl that still uses deprecated APIs: s3_cbc.c
This is needed to support the deprecated SSLv3.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13135)
2020-10-16 14:47:21 +01:00