Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DjZz5_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeH4G0o2B2A8aeKVvRJ0embxUb4CXPvd9H7ordZHtBTXW39QE1Lgyv5idhL2W1I7bcLvmK1lRELekZ3XMzYsg-2FhHhR-2FmPuvbvGHC63NEqpquoPJ5tI2ZUBa58q3YvCBBbEyrXKqk9gpJUfTNh1zCpnH91mmb1B-2FfmYrCZJiNu4mXW-2BiINj3YAqihrUdsHVar33U-3D Build ID: 430514 Analysis Summary: New defects found: 0 Defects eliminated: 1
[openssl] master update
The branch master has been updated
via 57645339ab645fe5abffe14fc005b5402ce03b84 (commit)
from 04bc3c1277b8b20dc29f96933f7be592c0535aa8 (commit)
- Log -
commit 57645339ab645fe5abffe14fc005b5402ce03b84
Author: Pauli
Date: Sat Jan 1 12:43:31 2022 +1100
property: reduce memory consumption when OPENSSL_SMALL_FOOTPRINT is defined.
This takes out the lock step stacks that allow a fast property to name
resolution. Follow on from #17325.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/17388)
---
Summary of changes:
crypto/property/property_string.c | 50 +++
1 file changed, 46 insertions(+), 4 deletions(-)
diff --git a/crypto/property/property_string.c
b/crypto/property/property_string.c
index 6c61bfbbb2..9191453d5a 100644
--- a/crypto/property/property_string.c
+++ b/crypto/property/property_string.c
@@ -40,8 +40,10 @@ typedef struct {
PROP_TABLE *prop_values;
OSSL_PROPERTY_IDX prop_name_idx;
OSSL_PROPERTY_IDX prop_value_idx;
+#ifndef OPENSSL_SMALL_FOOTPRINT
STACK_OF(OPENSSL_CSTRING) *prop_namelist;
STACK_OF(OPENSSL_CSTRING) *prop_valuelist;
+#endif
} PROPERTY_STRING_DATA;
static unsigned long property_hash(const PROPERTY_STRING *a)
@@ -80,9 +82,11 @@ static void property_string_data_free(void *vpropdata)
CRYPTO_THREAD_lock_free(propdata->lock);
property_table_free(&propdata->prop_names);
property_table_free(&propdata->prop_values);
+#ifndef OPENSSL_SMALL_FOOTPRINT
sk_OPENSSL_CSTRING_free(propdata->prop_namelist);
sk_OPENSSL_CSTRING_free(propdata->prop_valuelist);
propdata->prop_namelist = propdata->prop_valuelist = NULL;
+#endif
propdata->prop_name_idx = propdata->prop_value_idx = 0;
OPENSSL_free(propdata);
@@ -99,13 +103,17 @@ static void *property_string_data_new(OSSL_LIB_CTX *ctx) {
&property_cmp);
propdata->prop_values = lh_PROPERTY_STRING_new(&property_hash,
&property_cmp);
+#ifndef OPENSSL_SMALL_FOOTPRINT
propdata->prop_namelist = sk_OPENSSL_CSTRING_new_null();
propdata->prop_valuelist = sk_OPENSSL_CSTRING_new_null();
+#endif
if (propdata->lock == NULL
-|| propdata->prop_names == NULL
-|| propdata->prop_values == NULL
+#ifndef OPENSSL_SMALL_FOOTPRINT
|| propdata->prop_namelist == NULL
-|| propdata->prop_valuelist == NULL) {
+|| propdata->prop_valuelist == NULL
+#endif
+|| propdata->prop_names == NULL
+|| propdata->prop_values == NULL) {
property_string_data_free(propdata);
return NULL;
}
@@ -141,7 +149,6 @@ static OSSL_PROPERTY_IDX ossl_property_string(OSSL_LIB_CTX
*ctx, int name,
{
PROPERTY_STRING p, *ps, *ps_new;
PROP_TABLE *t;
-STACK_OF(OPENSSL_CSTRING) *slist;
OSSL_PROPERTY_IDX *pidx;
PROPERTY_STRING_DATA *propdata
= ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_PROPERTY_STRING_INDEX,
@@ -166,19 +173,25 @@ static OSSL_PROPERTY_IDX
ossl_property_string(OSSL_LIB_CTX *ctx, int name,
pidx = name ? &propdata->prop_name_idx : &propdata->prop_value_idx;
ps = lh_PROPERTY_STRING_retrieve(t, &p);
if (ps == NULL && (ps_new = new_property_string(s, pidx)) != NULL) {
+#ifndef OPENSSL_SMALL_FOOTPRINT
+STACK_OF(OPENSSL_CSTRING) *slist;
+
slist = name ? propdata->prop_namelist : propdata->prop_valuelist;
if (sk_OPENSSL_CSTRING_push(slist, ps_new->s) <= 0) {
property_free(ps_new);
CRYPTO_THREAD_unlock(propdata->lock);
return 0;
}
+#endif
lh_PROPERTY_STRING_insert(t, ps_new);
if (lh_PROPERTY_STRING_error(t)) {
/*-
* Undo the previous push which means also decrementing the
* index and freeing the allocated storage.
*/
+#ifndef OPENSSL_SMALL_FOOTPRINT
sk_OPENSSL_CSTRING_pop(slist);
+#endif
property_free(ps_new);
--*pidx;
CRYPTO_THREAD_unlock(propdata->lock);
@@ -191,6 +204,21 @@ static OSSL_PROPERTY_IDX ossl_property_string(OSSL_LIB_CTX
*ctx, int name,
return ps != NULL ? ps->idx : 0;
}
+#ifdef OPENSSL_SMALL_FOOTPRINT
+struct find_str_st {
+const char *str;
+OSSL_PROPERTY_IDX idx;
+};
+
+static void find_str_fn(PROPERTY_STRING *prop, void *vfindstr)
+{
+struct find_str_st *findstr = vfindstr;
+
+if (prop->idx == findstr->idx)
+findstr->str = prop->s;
+}
+#endif
+
static const char *ossl_property_str(int name, OSSL_LIB_CTX *ctx,
OSSL_PROPERTY_IDX idx)
{
@@ -206,8 +234,22 @@ static const c
[openssl] master update
The branch master has been updated
via 04bc3c1277b8b20dc29f96933f7be592c0535aa8 (commit)
from 37b850738cbab74413d41033b2a4df1d69e1fa4a (commit)
- Log -
commit 04bc3c1277b8b20dc29f96933f7be592c0535aa8
Author: Dr. David von Oheimb
Date: Fri Aug 6 12:11:13 2021 +0200
Fix malloc failure handling of X509_ALGOR_set0()
Also update and slightly extend the respective documentation and simplify
some code.
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/16251)
---
Summary of changes:
crypto/asn1/a_sign.c| 18 --
crypto/asn1/x_algor.c | 31 ---
crypto/cms/cms_cd.c | 5 +++--
crypto/cms/cms_dh.c | 12 ++--
crypto/cms/cms_ec.c | 14 +++---
crypto/cms/cms_env.c| 4 ++--
crypto/cms/cms_rsa.c| 28
crypto/cms/cms_sd.c | 9 ++---
crypto/ec/ecx_meth.c| 25 +
crypto/pkcs7/pk7_lib.c | 26 ++
crypto/rsa/rsa_ameth.c | 28 +---
doc/man3/X509_ALGOR_dup.pod | 28
12 files changed, 116 insertions(+), 112 deletions(-)
diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c
index 302045cfcd..df251719f6 100644
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -247,16 +247,14 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR
*algor1,
goto err;
}
-if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
-paramtype = V_ASN1_NULL;
-else
-paramtype = V_ASN1_UNDEF;
-
-if (algor1)
-X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
-if (algor2)
-X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);
-
+paramtype = pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL ?
+V_ASN1_NULL : V_ASN1_UNDEF;
+if (algor1 != NULL
+&& !X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL))
+goto err;
+if (algor2 != NULL
+&& !X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL))
+goto err;
}
buf_len = ASN1_item_i2d(data, &buf_in, it);
diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c
index f56ec92f65..e78cf7a68b 100644
--- a/crypto/asn1/x_algor.c
+++ b/crypto/asn1/x_algor.c
@@ -33,12 +33,9 @@ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int
ptype, void *pval)
if (alg == NULL)
return 0;
-if (ptype != V_ASN1_UNDEF) {
-if (alg->parameter == NULL)
-alg->parameter = ASN1_TYPE_new();
-if (alg->parameter == NULL)
-return 0;
-}
+if (ptype != V_ASN1_UNDEF && alg->parameter == NULL
+&& (alg->parameter = ASN1_TYPE_new()) == NULL)
+return 0;
ASN1_OBJECT_free(alg->algorithm);
alg->algorithm = aobj;
@@ -68,7 +65,7 @@ X509_ALGOR *ossl_X509_ALGOR_from_nid(int nid, int ptype, void
*pval)
err:
X509_ALGOR_free(alg);
-ASN1_OBJECT_free(algo);
+/* ASN1_OBJECT_free(algo) is not needed due to OBJ_nid2obj() */
return NULL;
}
@@ -89,18 +86,12 @@ void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
}
/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
-
void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
{
-int param_type;
-
-if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT)
-param_type = V_ASN1_UNDEF;
-else
-param_type = V_ASN1_NULL;
-
-X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_get_type(md)), param_type, NULL);
+int type = md->flags & EVP_MD_FLAG_DIGALGID_ABSENT ? V_ASN1_UNDEF
+ : V_ASN1_NULL;
+(void)X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_get_type(md)), type, NULL);
}
int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b)
@@ -150,13 +141,15 @@ int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR
*src)
/* allocate and set algorithm ID from EVP_MD, default SHA1 */
int ossl_x509_algor_new_from_md(X509_ALGOR **palg, const EVP_MD *md)
{
+X509_ALGOR *alg;
+
/* Default is SHA1 so no need to create it - still success */
if (md == NULL || EVP_MD_is_a(md, "SHA1"))
return 1;
-*palg = X509_ALGOR_new();
-if (*palg == NULL)
+if ((alg = X509_ALGOR_new()) == NULL)
return 0;
-X509_ALGOR_set_md(*palg, md);
+X509_ALGOR_set_md(alg, md);
+*palg = alg;
return 1;
}
diff --git a/crypto/cms/cms_cd.c b/crypto/cms/cms_cd.c
index 6de6d55e58..a7f47a6a3d 100644
--- a/crypto/cms/cms_cd.c
+++ b/crypto/cms/cms_cd.c
@@ -50,8 +50,9 @@ CMS_ContentInfo *ossl_cms_CompressedData_create(int comp_nid,
cd->version = 0;
-X509_ALGOR_set0(cd->c
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via a8779af2f5cb76ac2563c28c1fdbdf314f0a6ebb (commit) from 46670c739d1f28c874b900e93952173d9846bec9 (commit) - Log - commit a8779af2f5cb76ac2563c28c1fdbdf314f0a6ebb Author: manison Date: Wed Jan 12 20:53:48 2022 +0100 EVP: fix evp_keymgmt_util_match so that it actually tries cross export the other way if the first attempt fails Fixes #17482 CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17487) (cherry picked from commit 37b850738cbab74413d41033b2a4df1d69e1fa4a) --- Summary of changes: crypto/evp/keymgmt_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c index 2a73e9a2be..05c4e97957 100644 --- a/crypto/evp/keymgmt_lib.c +++ b/crypto/evp/keymgmt_lib.c @@ -370,7 +370,7 @@ int evp_keymgmt_util_match(EVP_PKEY *pk1, EVP_PKEY *pk2, int selection) * but also to determine if we should attempt a cross export * the other way. There's no point doing it both ways. */ -int ok = 1; +int ok = 0; /* Complex case, where the keymgmt differ */ if (keymgmt1 != NULL
[openssl] master update
The branch master has been updated via 37b850738cbab74413d41033b2a4df1d69e1fa4a (commit) from 71396cd048072b69559b46d98cfebfd4474cd712 (commit) - Log - commit 37b850738cbab74413d41033b2a4df1d69e1fa4a Author: manison Date: Wed Jan 12 20:53:48 2022 +0100 EVP: fix evp_keymgmt_util_match so that it actually tries cross export the other way if the first attempt fails Fixes #17482 CLA: trivial Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17487) --- Summary of changes: crypto/evp/keymgmt_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c index 2a73e9a2be..05c4e97957 100644 --- a/crypto/evp/keymgmt_lib.c +++ b/crypto/evp/keymgmt_lib.c @@ -370,7 +370,7 @@ int evp_keymgmt_util_match(EVP_PKEY *pk1, EVP_PKEY *pk2, int selection) * but also to determine if we should attempt a cross export * the other way. There's no point doing it both ways. */ -int ok = 1; +int ok = 0; /* Complex case, where the keymgmt differ */ if (keymgmt1 != NULL
[openssl] master update
The branch master has been updated
via 71396cd048072b69559b46d98cfebfd4474cd712 (commit)
from 79704a88eb5aa70fa506e3e59a29fcda21f428af (commit)
- Log -
commit 71396cd048072b69559b46d98cfebfd4474cd712
Author: fangming.fang
Date: Fri Dec 24 08:29:04 2021 +
SM3 acceleration with SM3 hardware instruction on aarch64
SM3 hardware instruction is optional feature of crypto extension for
aarch64. This implementation accelerates SM3 via SM3 instructions. For
the platform not supporting SM3 instruction, the original C
implementation still works. Thanks to AliBaba for testing and reporting
the following perf numbers for Yitian710:
Benchmark on T-Head Yitian-710 2.75GHz:
Before:
type 16 bytes 64 bytes256 bytes1024 bytes 8192 bytes 16384
bytes
sm3 49297.82k 121062.63k 223106.05k 283371.52k 307574.10k
309400.92k
After (33% - 74% faster):
type 16 bytes 64 bytes256 bytes1024 bytes 8192 bytes 16384
bytes
sm3 65640.01k 179121.79k 359854.59k 481448.96k 534055.59k
538274.47k
Reviewed-by: Paul Dale
Reviewed-by: Tomas Mraz
(Merged from https://github.com/openssl/openssl/pull/17454)
---
Summary of changes:
crypto/arm64cpuid.pl| 8 ++
crypto/arm_arch.h | 1 +
crypto/armcap.c | 10 ++
crypto/sm3/asm/sm3-armv8.pl | 282
crypto/sm3/build.info | 21 +++-
crypto/sm3/sm3_local.h | 16 ++-
6 files changed, 335 insertions(+), 3 deletions(-)
create mode 100644 crypto/sm3/asm/sm3-armv8.pl
diff --git a/crypto/arm64cpuid.pl b/crypto/arm64cpuid.pl
index a86fa6073a..b30f505339 100755
--- a/crypto/arm64cpuid.pl
+++ b/crypto/arm64cpuid.pl
@@ -96,6 +96,14 @@ _armv8_cpuid_probe:
ret
.size _armv8_cpuid_probe,.-_armv8_cpuid_probe
+.globl _armv8_sm3_probe
+.type _armv8_sm3_probe,%function
+_armv8_sm3_probe:
+ AARCH64_VALID_CALL_TARGET
+ .long 0xce63c004 // sm3partw1 v4.4s, v0.4s, v3.4s
+ ret
+.size _armv8_sm3_probe,.-_armv8_sm3_probe
+
.globl OPENSSL_cleanse
.type OPENSSL_cleanse,%function
.align 5
diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h
index 848f06542c..77173cae42 100644
--- a/crypto/arm_arch.h
+++ b/crypto/arm_arch.h
@@ -79,6 +79,7 @@ extern unsigned int OPENSSL_armv8_rsa_neonized;
# define ARMV8_SHA512(1<<6)
# define ARMV8_CPUID (1<<7)
# define ARMV8_RNG (1<<8)
+# define ARMV8_SM3 (1<<9)
/*
* MIDR_EL1 system register
diff --git a/crypto/armcap.c b/crypto/armcap.c
index 72ed0a024a..93003c9121 100644
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
@@ -53,6 +53,7 @@ void _armv8_sha1_probe(void);
void _armv8_sha256_probe(void);
void _armv8_pmull_probe(void);
# ifdef __aarch64__
+void _armv8_sm3_probe(void);
void _armv8_sha512_probe(void);
unsigned int _armv8_cpuid_probe(void);
void _armv8_rng_probe(void);
@@ -169,6 +170,7 @@ static unsigned long getauxval(unsigned long key)
# define HWCAP_CE_SHA1 (1 << 5)
# define HWCAP_CE_SHA256(1 << 6)
# define HWCAP_CPUID(1 << 11)
+# define HWCAP_CE_SM3 (1 << 18)
# define HWCAP_CE_SHA512(1 << 21)
/* AT_HWCAP2 */
# define HWCAP2 26
@@ -245,6 +247,9 @@ void OPENSSL_cpuid_setup(void)
if (hwcap & HWCAP_CPUID)
OPENSSL_armcap_P |= ARMV8_CPUID;
+
+if (hwcap & HWCAP_CE_SM3)
+OPENSSL_armcap_P |= ARMV8_SM3;
# endif
}
# ifdef __aarch64__
@@ -292,6 +297,11 @@ void OPENSSL_cpuid_setup(void)
_armv8_sha512_probe();
OPENSSL_armcap_P |= ARMV8_SHA512;
}
+
+if (sigsetjmp(ill_jmp, 1) == 0) {
+_armv8_sm3_probe();
+OPENSSL_armcap_P |= ARMV8_SM3;
+}
# endif
}
# ifdef __aarch64__
diff --git a/crypto/sm3/asm/sm3-armv8.pl b/crypto/sm3/asm/sm3-armv8.pl
new file mode 100644
index 00..bb71b2eade
--- /dev/null
+++ b/crypto/sm3/asm/sm3-armv8.pl
@@ -0,0 +1,282 @@
+#! /usr/bin/env perl
+# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+#
+# This module implements support for Armv8 SM3 instructions
+
+# $output is the last argument if it looks like a file (it has an extension)
+# $flavour is the first argument if it doesn't look like a file
+$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
+$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef;
+
+$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+( $xlate="${dir}arm-xlate.pl" and -f $
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 46670c739d1f28c874b900e93952173d9846bec9 (commit) from 2ee3e38f8f456db4b5afb023ae0472ff79204369 (commit) - Log - commit 46670c739d1f28c874b900e93952173d9846bec9 Author: Shreenidhi Shedi Date: Wed Jan 12 20:55:38 2022 +0530 Add a comment to indicate ineffective macro EVP_MD_CTX_FLAG_NON_FIPS_ALLOW macro is obsolete and unused from openssl-3.0 onwards CLA: trivial Signed-off-by: Shreenidhi Shedi Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/17484) (cherry picked from commit 79704a88eb5aa70fa506e3e59a29fcda21f428af) --- Summary of changes: include/openssl/evp.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 1850381720..be57127e36 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -205,8 +205,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, * don't accidentally reuse the values for other purposes. */ -# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008/* Allow use of non FIPS -* digest in FIPS mode */ +/* This flag has no effect from openssl-3.0 onwards */ +# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* * The following PAD options are also currently ignored in 1.0.0, digest
[openssl] master update
The branch master has been updated via 79704a88eb5aa70fa506e3e59a29fcda21f428af (commit) from 8c870f6bed241ec80c67453e60592461f0d8f2b8 (commit) - Log - commit 79704a88eb5aa70fa506e3e59a29fcda21f428af Author: Shreenidhi Shedi Date: Wed Jan 12 20:55:38 2022 +0530 Add a comment to indicate ineffective macro EVP_MD_CTX_FLAG_NON_FIPS_ALLOW macro is obsolete and unused from openssl-3.0 onwards CLA: trivial Signed-off-by: Shreenidhi Shedi Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/17484) --- Summary of changes: include/openssl/evp.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 1850381720..be57127e36 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -205,8 +205,8 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, * don't accidentally reuse the values for other purposes. */ -# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008/* Allow use of non FIPS -* digest in FIPS mode */ +/* This flag has no effect from openssl-3.0 onwards */ +# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* * The following PAD options are also currently ignored in 1.0.0, digest
