It turns out to be detrimental on some file systems that may or may not
be case sensitive (such as NTFS, which has a case sensitive mode).
Fixes#7172
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7172)
These both indicate that the file descriptor we're trying to use as a
terminal isn't, in fact, a terminal.
Fixes#7271
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7272)
Historically SSL_CTX_set_ssl_version() has reset the cipher list
to the default. Splitting TLS 1.3 ciphers to be tracked separately
caused a behavior change, in that TLS 1.3 cipher configuration was
preserved across calls to SSL_CTX_set_ssl_version(). To restore commensurate
behavior with the historical behavior, set the ciphersuites to the default as
well as setting the cipher list to the default.
Closes: #7226
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7270)
This commit reuses a variable instead of reevaluating the expression
and updates an outdated comment in the EVP test.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7242)
The latter causes problems when complex.h is #included.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7233)
Fixed a minor typo while reading the documentation.
I agree that this contribution is trivial can be freely used.
CLA: trivial
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/7221)
It simply isn't available on older versions.
Issue submitted by Mark Daniels
Fixes#7229
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7230)
(cherry picked from commit d6d6aa3521)
With the change to have separate object files by intent, VMS name
mangling gets done differently. While we previously had that for
libraries only, we must now turn that on generally for our programs,
because some of them depend in internal libraries where mangled names
are all that there is.
Dynamic modules are still built with non-mangled names, which is good
enough to show that it's possible to build with our public libraries
using our public headers.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7208)
The possibility to do this was killed when we started producing object
file names with encoded intention (and possibly different builds), and
leads to build errors.
With that, 'libobj2shlib' is renamed to 'obj2shlib' to reflect this
design change. The old name is still used if the new one isn't
available, for the sake of backward compatibility.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7198)
The new DRBG API added the aforementioned #define. However, it is
used internally only and having it defined publicly does not serve
any purpose except causing potential version compatibility problems.
Fixes#7182
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7190)
Fixes a minor typo that would cause the linker to complain about not finding -lFuzzer
CLA: trivial
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7197)
- fix to use secure URL in generated Windows resources
- fix a potentially uninitialized variable
- fix an unused variable warning
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7189)
This is in preparation for having separate CFLAGS variables for static
and for shared library builds.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7159)
This will allow to have different object files for different products,
even if they share the same source code, and possibly different builds
for those different object files.
For example, one can have something like this:
SOURCES[libfoo]=cookie.c
INCLUDES[libfoo]=include/foo
SOURCES[libbar]=cookie.c
INCLUDES[libbar]=include/bar
This would mean that the object files and libraries would be build
somewhat like this:
$(CC) -Iinclude/foo -o libfoo-lib-cookie.o cookie.c
$(AR) $(ARFLAGS) libfoo.a libfoo-lib-cookie.o
$(CC) -Iinclude/bar -o libbar-lib-cookie.o cookie.c
$(AR) $(ARFLAGS) libbar.a libbar-lib-cookie.o
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7159)
Instead, use the include settings from the products later in the process,
making it possible to have different includes for two different libraries
that share the same source code.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7159)
limit is ever reached.
This is a FIPS 140-2 requirement from IG A.5 "Key/IV Pair Uniqueness
Requirements from SP 800-38D".
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7129)
Add a check that the two keys used for AES-XTS are different.
One test case uses the same key for both of the AES-XTS keys. This causes
a failure under FIP 140-2 IG A.9. Mark the test as returning a failure.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7120)
The OMC hasn't yet decided what the next release version will be, but
it's at least going to 1.1.2, so we set that value for the moment.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7180)
Since the SSL code started using RSA_NO_PADDING, the CAPI engine became
unusable. This change fixes that.
Fixes#7131
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7174)
If sizeof(int) != sizeof(size_t) this may not work correctly.
Fixes a Coverity issue.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7168)
It's actually not a real issue but caused by the absence of the default case
which does not occur in reality but which makes coverity see a code path where
pkey remains unassigned.
Reported by Coverity Scan (CID 1423323)
[extended tests]
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7158)
Reported by Coverity Scan (CID 1439138)
[extended tests]
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7156)
