Commit Graph

35413 Commits

Author SHA1 Message Date
Neil Horman
42230f294a Convert check-format-commits.sh to use allowlist
Initially check-format-commits.sh tried to check everything, using a
banlist to exlude files not appropriate for checking.

Its becoming clear that that approach isn't workable, given that the
number of files that we should not check far outweighs the number of
files that we should check.

Ideally we should be checking .c files, .h files and their .in
counterparts, everything else should be excluded (at least for now)

convert the script to using an allowlist, only checking the above list,
and ignoring everything else

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24865)
2024-07-13 12:23:52 -04:00
Matt Caswell
e8c7febc8f Fix a minor typo in the documentation of RAND_set_seed_source_type()
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24858)
2024-07-12 18:08:44 +02:00
Richard Levitte
edb5dd56fc fix(stylecheck): Take advantage of check-format-commit.sh's new capability
.github/workflows/style-checks.yml now runs util/check-format-commit.sh
with the whole range of commits of the given PR.  This allows code style
fixups to be in a separate commit.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24856)
2024-07-12 15:37:07 +01:00
Richard Levitte
c2083f4ec6 feat: enhance util/check-format-commit.sh to be able to handle a commit range
Additionally, the 'git diff' call is modified to not show context lines, as
it's confusing to have style nits displayed on lines the author of the
commits hasn't touched.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24856)
2024-07-12 15:36:50 +01:00
erbsland-dev
b74646b627 Document Internal EVP_MD_CTX_ Flags
Add documentation for the internal flags `EVP_MD_CTX_FLAG_CLEANED` and
`EVP_MD_CTX_FLAG_REUSE`, explicitly stating that these flags are for
internal use only and must not be used in user code.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24829)
2024-07-12 15:54:35 +02:00
Georgi Valkov
20da3dabc4 o_fopen: fix coding style and build error with VS2010
Follow the coding style to place variable definitions before code

Fixes a build error on Windows 2003 with VS2010 introduced in [1]
crypto\o_fopen.c(45) : error C2143: syntax error : missing ';' before 'type'
crypto\o_fopen.c(46) : error C2275: 'DWORD' : illegal use of this type as an expression
        E:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\include\windef.h(152) : see declaration of 'DWORD'
crypto\o_fopen.c(46) : error C2146: syntax error : missing ';' before identifier 'flags'
crypto\o_fopen.c(46) : error C2065: 'flags' : undeclared identifier

[1] 917f37195a

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24853)
2024-07-12 11:23:56 +01:00
Tomas Mraz
b24a8200ab x_attrib.c: Fix print_hex() function
- Better handle 0 length input
- Use OPENSSL_buf2hexstr() instead of OPENSSL_buf2hexstr_ex()
  which fixes insufficient length of the allocate buffer.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24771)
2024-07-12 11:20:35 +01:00
Hongren Zheng
6cf42ad392 riscv: Fix cpuid_obj asm checks for sm4/sm3
Similar to #22881 / #23752

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/24486)
2024-07-12 11:09:02 +01:00
Richard Levitte
6eb648941e fix: drop DSA <=> dsaWithSHA1 aliasing
For some reason, DSA has been aliased with dsaWithSHA1 for an eternity.
They are not the same, though, and should never have been aliased in the
first place.

This was first discovered with 'openssl list':

    $ openssl list -signature-algorithms
    ...
    { 1.2.840.10040.4.1, 1.2.840.10040.4.3, 1.3.14.3.2.12, 1.3.14.3.2.13, 1.3.14.3.2.27, DSA, DSA-old, DSA-SHA, DSA-SHA1, DSA-SHA1-old, dsaEncryption, dsaEncryption-old, dsaWithSHA, dsaWithSHA1, dsaWithSHA1-old } @ default

This isn't good at all, as it confuses the key algorithms signature
function with a signature scheme that involves SHA1, and it makes it
look like OpenSSL's providers offer a DSA-SHA1 implementation (which
they currently do not do).

Breaking this aliasing apart (i.e. aliasing DSA, DSA-old, dsaEncryption
and dsaEncryption-old separately from the names that involve SHA) appears
harmless as far as OpenSSL's test suite goes.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24828)
2024-07-12 11:20:23 +02:00
Dmitry Misharov
8b591dceef deploy docs.openssl.org on doc changes
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24839)
2024-07-12 10:59:15 +02:00
Neil Horman
861e1f450c ignore various files in commit checker
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24845)
2024-07-11 23:13:47 -04:00
sashan
ad33d62396 EVP_DigestUpdate(): Check if ctx->update is set
The issue has been discovered by libFuzzer running on provider target.
There are currently three distinct reports which are addressed by
code change here.

    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69236#c1
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69243#c1
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69261#c1

the issue has been introduced with openssl 3.0.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24753)
2024-07-11 21:48:56 +02:00
Matt Caswell
939dd479ac Limit the number of commands that can be used in the quic-lcidm fuzzer
The fuzzer was reporting a spurious timeout due to excessive numbers of
commands in a single file. We limit the number of commands to avoid this.

Found by OSSFuzz

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24831)
2024-07-11 14:17:11 -04:00
Neil Horman
c86d37cec9 Modify check-format to match line length coding style
In an effort to clarify our coding style, generally line lengths SHOULD
be no longer than 80 columns but MUST be no longer than 100 columns

Modify the check-format.pl script to account for this.

Replace the -l|--sloppy-len option (which modifies the max line length
to 84 rather than 80 cols), with -l|--strict-len which reduces allowed
line length to 80 cols from the new default 100 cols).

Also fix up a typo in the docs indicating --sloppy-bodylen has a short
-l option (its actually -b)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/24841)
2024-07-11 12:28:25 -04:00
dependabot[bot]
00163371fa Dependabot update
CLA: trivial

(deps): Bump actions/setup-python

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.1.0 to 5.1.1.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v5.1.0...v5.1.1)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24843)
2024-07-11 09:53:55 +02:00
slontis
06da147373 Add FIPS indicators to evp_test
evp_test code needed to be modified to defer setting algorithm contexts
until the run phase. The parse functions also defer setting into the context
until the run phase, which allows the context to initialize in a controlled order.
This allows params to be passed into the algorithm init function.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24623)
2024-07-11 08:29:54 +10:00
slontis
c13ddf0a6c Change all existing FIPS configurable checks to use FIPS indicators.
This changes the logic to always do the security checks and then decide
what to do based on if this passes or not. Failure of a check causes
either a failure OR the FIPS indicator callback to be triggered.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24623)
2024-07-11 08:29:43 +10:00
slontis
d4848934a6 Add FIPS indicator helpers
Each provider algorithm context can use these helpers to add indicator
support.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24623)
2024-07-11 08:29:43 +10:00
slontis
0557d6c62b Add FIPS indicator callback.
Add a FIPS indicator callback that can be set via
OSSL_INDICATOR_set_callback(). This callback is intended to be run
whenever a non approved algorithm check has occurred and strict checking
has been disabled.The callback may be used to
log non approved algorithms. The callback is passed a type and
description string as well as the cbarg specified in OSSL_INDICATOR_set_callback.
The return value can be either 0 or 1.
A value of 0 can be used for testing purposes to force an error to occur from the algorithm
that called the callback.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24623)
2024-07-11 08:29:43 +10:00
Jiasheng Jiang
45cada1339 apps/rehash.c: Add the check for the EVP_MD_get_size()
Add the check for the return value of EVP_MD_get_size() to avoid invalid negative
numbers and then explicitly cast from int to size_t.

Add the check to prevent that EVP_MD_get_size() returns a value greater
than EVP_MAX_MD_SIZE.

Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24802)
2024-07-10 18:23:44 +02:00
Dr. David von Oheimb
eaf577c865 extend X509_REQ_add_extensions_nid() and thuis APPS/req to support augmenting/overriding existing extensions
Fixes #11169

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24792)
2024-07-10 16:19:26 +02:00
Dr. David von Oheimb
4925af7bb8 add X509v3_add_extensions()
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24792)
2024-07-10 16:19:26 +02:00
Dr. David von Oheimb
94b40ec455 refactor and constify X509_REQ_get_extensions()
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24792)
2024-07-10 16:19:26 +02:00
Dr. David von Oheimb
b0ebb87ab5 constify ossl_x509at_add1_attr()
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24792)
2024-07-10 16:19:06 +02:00
Dr. David von Oheimb
77600210e2 X509at_add1_attr*(): extend error entry on duplicate attribute
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24792)
2024-07-10 16:19:06 +02:00
Dr. David von Oheimb
39424d9601 apps/req: avoid needless hint on using -help on duplicate extensions added via -addext
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24792)
2024-07-10 16:19:06 +02:00
Tomas Mraz
850bd09cf9 windows_comp.yml: Run openssl after it is built
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24820)
2024-07-10 15:20:49 +02:00
Neil Horman
fc22d74c53 Add a style-check workflow
Add a CI job that evaluates style issues, restricted only to lines
changed for the affected files in a given commit

Also provide a mechanism to waive those style issues.  by applying the
style:exempted label to a PR, the checks are still run (its nice to see
what they are regardless), but the test will pass CI regardless of
weather any issues are found.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24806)
2024-07-10 07:31:14 -04:00
Neil Horman
acae12eb78 Add a check-format-commit.sh script
Add a wrapper script to check-format.pl, which is capable of analyzing
commits rather than just a file.  for a provided commit this script:

1) runs check-format.pl on the files changed in the provided commit

2) filters the output of check-format.pl, only producing lines that
   match ranges of changed lines in those files

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24806)
2024-07-10 07:31:14 -04:00
erbsland-dev
2a45839778 Enhance documentation for BN_mask_bits()
Fixes #5537

Added a note that the error check for `BN_mask_bits()` depends
on the internal representation that depends on the platform's word size.
Included a reference to the `BN_num_bits()` function for precise bit checking.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24812)
2024-07-10 11:49:00 +02:00
Stephen Farrell
21dfb97596 Extend TLSv1.3 record layer padding API calls
Added SSL_set_block_padding_ex() and SSL_CTX_set_block_padding_ex()
to allow separate padding block size values for handshake messages
and application data messages.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24796)
2024-07-10 11:44:39 +02:00
erbsland-dev
b544047c99 Add documentation for deprecated CMAC_CTX functions
Fixes #5539: Create a new manual page `CMAC_CTX.pod` documenting the deprecated `CMAC_CTX` functions and add the necessary build dependencies. This page includes function descriptions, usage details, and replacement suggestions with the `EVP_MAC` interface.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24814)
2024-07-10 09:46:24 +02:00
erbsland-dev
2c1ef172f8 Add and Update Documentation for TS_VERIFY_CTX Functions
Mark the existing `TS_VERIFY_CTX_set_certs` function as deprecated in the
documentation.
Add missing documentation for the deprecated functions `TS_VERIFY_CTX_set_data`,
`TS_VERIFY_CTX_set_imprint`, and `TS_VERIFY_CTX_set_store`.
Write missing documentation for the following functions:
- `TS_VERIFY_CTX_new`
- `TS_VERIFY_CTX_init`
- `TS_VERIFY_CTX_free`
- `TS_VERIFY_CTX_cleanup`
- `TS_VERIFY_CTX_set_flags`
- `TS_VERIFY_CTX_add_flags`
- `TS_VERIFY_CTX_set0_data`
- `TS_VERIFY_CTX_set0_imprint`
- `TS_VERIFY_CTX_set0_store`
- `TS_VERIFY_CTX_set0_certs`

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24701)
2024-07-10 09:40:34 +02:00
erbsland-dev
6f811d839f Replace and Deprecate TS_VERIFY_CTX Functions
Fixes #18854

Replace and deprecate the functions `TS_VERIFY_CTX_set_data`,
`TS_VERIFY_CTX_set_store`, `TS_VERIFY_CTX_set_certs`, `TS_VERIFY_CTX_set_imprint`
with new versions: `TS_VERIFY_CTX_set0_data`,
`TS_VERIFY_CTX_set0_store`, `TS_VERIFY_CTX_set0_certs` and `TS_VERIFY_CTX_set0_imprint`.

The previous functions had poorly documented memory handling, potentially
leading to memory leaks. The new functions improve memory management and provide
clearer usage.

Also, update existing code to use the new function calls instead of the deprecated
ones.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24701)
2024-07-10 09:39:53 +02:00
olszomal
7751887025 Clarify supported curves in the s_client/s_server documentation
Mention that supported curves (aka groups) include named EC parameters
as well as X25519 and X448 or FFDHE groups.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24774)
2024-07-10 09:36:03 +02:00
Tomas Mraz
7b1e008d38 os-zoo.yml: Cleanup unnecessary -Wno-switch-default
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24787)
2024-07-10 09:34:42 +02:00
Neil Horman
d8def79838 read lock store on ossl_method_store_do_all
Theres a data race between ossl_method_store_insert and
ossl_method_store_do_all, as the latter doesn't take the property lock
before iterating.

However, we can't lock in do_all, as the call stack in several cases
later attempts to take the write lock.

The choices to fix it are I think:
1) add an argument to indicate to ossl_method_store_do_all weather to
   take the read or write lock when doing iterations, and add an
   is_locked api to the ossl_property_[read|write] lock family so that
   subsequent callers can determine if they need to take a lock or not

2) Clone the algs sparse array in ossl_method_store_do_all and use the
   clone to iterate with no lock held, ensuring that updates to the
   parent copy of the sparse array are left untoucheTheres a data race
   between ossl_method_store_insert and ossl_method_store_do_all, as the
   latter doesn't take the property lock before iterating.

I think method (2), while being a bit more expensive, is probably the
far less invasive way to go here

Fixes #24672

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24782)
2024-07-09 11:27:53 +02:00
Neil Horman
97bfbb98b0 Allow openssl version to function in the absence of a config file
the openssl application attempts to load a config file on startup
always, calling x509_get_default_cert_area() to locate the file.  On
Windows builds with -DOSSL_WINCTX set, this fails if the corresponding
registry keys are unset. allow openssl to continue to function properly
for applets that don't actually require a configuration file.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
2024-07-09 04:01:44 -04:00
Neil Horman
aa08335852 Fix sed/awk usage in windows ci jobs
The addition of sed and awk, while available in the windows vm's for CI
in powershell, don't behave as I would expect (though the same commands
work with a local installation on windows using GnuWin32).  In trying to
figure out what was going on I found it was far more stable and
predictable to use the powershell -split and -replace commands instead
of sed and awk

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
2024-07-09 04:01:44 -04:00
Neil Horman
a8f99f98d6 Avoid chicken and egg problem with reg setting
Because openssl with -DOSSL_WINCTX no longer falls back to build time
defines, we have a chicken and egg problem.  CI needs to query openssl
for its version string so registry keys can be set properly, but openssl
version refuses to run because no configuration file can be found

So we work around it by, for the purposes of setting the registry keys,
we set OPENSSL_CONF to a know config file, so that openssl version runs
properly.

Once the version is extracted, we can set the registry keys, and openssl
will function properly without OPENSSL_CONF set

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
2024-07-09 04:01:44 -04:00
Neil Horman
aa4fc5ea4a Adjust ci to only use major.minor when setting reg keys
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
2024-07-09 04:01:44 -04:00
Neil Horman
caaea8f343 Update defaults to install keys against major.minor
we want patch level updates to use the same keys, so only create the key
against the major.minor version

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
2024-07-09 04:01:44 -04:00
Neil Horman
bf74cf35cf Fixes for defaults code
Fix up some indenting, and ensure that the run_once routines don't get
defined if OSSL_WINCTX isn't defined to avoid compiler errors

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
2024-07-09 04:01:44 -04:00
Neil Horman
290452f2bd Augment version.c to not display -w options on non-windows
Don't need the -w option on non-windows builds

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
2024-07-09 04:01:44 -04:00
Neil Horman
62dd0f1762 Update NOTES-WINDOWS.md
The behavior of windows with registry keys is somewhat confusing, and
based on both build time defines, and reg key availablility.  Add a
table defining behavior in all cases

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
2024-07-09 04:01:44 -04:00
Neil Horman
7c58769a03 Add Changes entry
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
2024-07-09 04:01:44 -04:00
Neil Horman
917f37195a Allow OPENSSLDIR/ENGINESDIR/MODULESDIR to be NULL
To prevent inadvertent use of insecure directories, we need to be able
to detect and react when our new registry keys aren't set, which implies
allowing the values for the dynamic representations of
OPENSSLDIR/ENGINESDIR/MODULESDIR to return NULL.  This in turn requires
that we detect and handle NULL string in several call sites that
previously assumed they would never be NULL.  This commit fixes those up

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
2024-07-09 04:01:44 -04:00
Neil Horman
c7dae9c263 Update docs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
2024-07-09 04:01:44 -04:00
Neil Horman
4fc9e5e011 update windows_comp ci run to use new registry reads
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
2024-07-09 04:01:44 -04:00
Neil Horman
901e27982c Update NOTES-WINDOWS for typos/grammar
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
2024-07-09 04:01:44 -04:00