This is the length of the tag they use and should be considered an upper bound
on their strength.
This lowers their security strength to level 0.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16652)
The header is already included by <windows.h> for WinSDK 8 or later.
Actually this causes problem for WinSDK 7.1 (defaults for VS2010) that
it does not have this header while SRW Locks do exist for Windows 7.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16603)
Internal headers should be included using "" instead of <>.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16647)
This is adding robustness to the code. The fix to not mis-set the pointer
is in #16636.
Fixes#16631
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16640)
It turns out that on VMS, pod2html only recognises VMS directory
specifications if they contain a device name, which is accomplished by
making them absolute. Otherwise, a VMS build that includes building
the document HTML files ends up with an error like this:
$ perl [---.downloads.openssl-3_0-snap-20210916.util]mkpod2html.pl -i [---.downloads.openssl-3_0-snap-20210916.doc.man1]CA.pl.pod -o [.DOC.HTML.MAN1]CA.PL.HTML -t "CA.pl" -r "[---.downloads.openssl-3_0-snap-20210916.doc]"
[---.downloads.openssl-3_0-snap-20210916.util]mkpod2html.pl: error changing to directory -/-/-/downloads/openssl-3_0-snap-20210916/doc/: no such file or directory
%SYSTEM-F-ABORT, abort
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16626)
There is quite a bit of creative effort in these and even more trouble-
shooting effort. I.e. they are non-trivial from a copyright perspective.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16628)
The manual page provider-keymgmt.pod is missing the mention of the
required function OSSL_FUNC_keymgmt_has. The function
keymgmt_from_algorithm raise EVP_R_INVALID_PROVIDER_FUNCTIONS
if keymgmt->has == NULL
CLA: trivial
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16621)
(cherry picked from commit 56b8f434c7)
Fixes#16260
If the user autoloads a fips module from a config file, then it will run the self tests early (before the self test callback is set),
and they may not get triggered again during the fipsinstall process.
In order for this to happen there must already be a valid fips config file.
As the main purpose of the application is to generate the fips config file, this case has just been documented.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16475)
From openssl-3.0.0-alpha15, KTLS is turned off by default, even if
KTLS feature in compilation, which makes it difficult to use KTLS
through s_server/s_client, so a parameter option 'ktls' is added
to enable KTLS through cmdline.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16609)
From openssl-3.0.0-alpha15, KTLS is turned off by default, even if
KTLS feature in compilation, which makes it difficult to use KTLS
through s_server/s_client, so a parameter option 'ktls' is added
to enable KTLS through cmdline.
At the same time, SSL_sendfile() depends on KTLS feature to work
properly, make parameters sendfile depend on parameters ktls.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16609)
OpenSSL 1.1.1 links the simple libcrypto.so to libcrypto_variant.so,
this was inadvertently dropped.
Fixes#16605
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16608)
It is better to use array bounds for improved
gcc warning checks.
While "uint8_t*" allows arbitrary pointer arithmetic
using "uint8_t[SER_BYTES]" limits the pointer arithmetic
to the range 0..SER_BYTES.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16376)
The behaviour for what happens in a resumption connection was not quite
described correctly.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16582)
Also fix indentation in c_rehash.in to 4 spaces, where a mixture of 4 and 8
spaces was used before, in addition to tabs.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16459)
We changed the manner in which a build needing applink is detected,
but forgot to change the installation targets accordingly.
Fixes#16570
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16577)
(cherry picked from commit de36ce47bf)
Most of all, this reduces the following:
built on: built on: Wed Sep 8 19:41:55 2021 UTC
to:
built on: Wed Sep 8 19:41:55 2021 UTC
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16563)
(cherry picked from commit c1dc3536a8)
away the use of $(DEFINES), which does get populated with defines
given through configuration. This makes it impossible to configure
with extra defines on VMS. Uncommenting and moving $(DEFINES) to a
more proper spot gives the users back that ability.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16561)
(cherry picked from commit 1dc15a3330)
The MAN version was fine and so are kdf.dot and lifecycles.ods from doc/life-cycles
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16559)
This function tried to shave off the pre-release and build metadata
text from the the version number it gets, but didn't do that quite
right. Since this isn't even a documented behaviour, the easier, and
arguably more correct path is for that function not to try to shave
off anything, and for the callers to feed it the short version number,
"{MAJOR}.{MINOR}.{PATCH}", nothing more.
The build file templates are adjusted accordingly.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16556)
This affects bldtop_dir, bldtop_file, srctop_dir, srctop_file,
data_dir, data_file, result_dir, and result_file. They are all
enhanced to check that the resulting path really is a directory or a
file. They only do this if the path exists.
This allows the tests to catch if these functions are used
incorrectly, even on systems where the syntax for directories and
files is the same.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16523)
It used bldtop_dir(), which is incorrect for files.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16532)
The options -1 and -apr1 were mentioned in DESCRIPTION, not mentioning
any other options or even mentioning that there are more algorithms.
The simple fix is to remove that sentence and let the OPTIONS section
speak for itself.
Fixes#16529
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16531)
CLA:trivial
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16503)