Add explanation + bugtracker link for quoted dependency workarounds

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from

Add explanation + bugtracker link for quoted dependency workarounds

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13540)

show more ...

Use cmd.exe to export env vars before commands

Microsoft NMake runs the entire command block in a single `cmd.exe`
session, so environment variables exported with `set` are seen by the

Use cmd.exe to export env vars before commands

Microsoft NMake runs the entire command block in a single `cmd.exe`
session, so environment variables exported with `set` are seen by the
following commands. C++Builder's `make.exe` doesn't use `cmd.exe` but
executes each command line separately. While it emulates only certain
shell features itself, `set` isn't one of them.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13540)

show more ...

Resurrect and modernize C++Builder config

Similar configuration to what was deleted in 8e56a422, updated for the
unified build scheme. Use the [Clang-based `bcc32c.exe`][1] to avoid a

Resurrect and modernize C++Builder config

Similar configuration to what was deleted in 8e56a422, updated for the
unified build scheme. Use the [Clang-based `bcc32c.exe`][1] to avoid a
[bug][2] with the old one, and increase the `tlib.exe` page size to 256.
Also avoid MSVC-specific C runtime library functions.

[1]: http://docwiki.embarcadero.com/RADStudio/Sydney/en/Win32_Clang-enhanced_Compilers
[2]: https://quality.embarcadero.com/browse/RSP-31630

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13540)

show more ...

Avoid redirection to quoted filename

C++Builder's `make.exe` cannot handle a command output redirection to a
quoted filename, saying: "The system cannot find the file specified."

Avoid redirection to quoted filename

C++Builder's `make.exe` cannot handle a command output redirection to a
quoted filename, saying: "The system cannot find the file specified."

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13540)

show more ...

Generalize link rule in windows-makefile.tmpl

C++Builder's [`ilink32.exe`][1] expects its different types of input /
output files to be in a particular sequence and comma-separated -- ev

Generalize link rule in windows-makefile.tmpl

C++Builder's [`ilink32.exe`][1] expects its different types of input /
output files to be in a particular sequence and comma-separated -- even
in the response file as experimentation revealed, contrary to what is
documented. The lines of the response file need to end with `+`.

Also [`setargv.obj`][2] is MSVC-specific. The C++Builder equivalent is
[`wildargs.obj`][3].

[1]: http://docwiki.embarcadero.com/RADStudio/Sydney/en/Using_ILINK32_and_ILINK64_on_the_Command_Line
[2]: https://docs.microsoft.com/en-us/cpp/c-language/expanding-wildcard-arguments?view=msvc-160
[3]: http://docwiki.embarcadero.com/RADStudio/Sydney/en/Wildcard_Arguments

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13540)

show more ...

Ensure at least one command if no dependencies

C++Builder's `make.exe` complains if a target has no dependencies (e.g.
after variable expansion) and no lines of commands. Ensure there is

Ensure at least one command if no dependencies

C++Builder's `make.exe` complains if a target has no dependencies (e.g.
after variable expansion) and no lines of commands. Ensure there is a
blank command line if the dependency list is entirely made of variables.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13540)

show more ...

Avoid quoting dependency filepaths in build tree

C++Builder's `make.exe` has a bug in finding the rule of a quoted
dependency that doesn't exist in the filesystem. So for example:

Avoid quoting dependency filepaths in build tree

C++Builder's `make.exe` has a bug in finding the rule of a quoted
dependency that doesn't exist in the filesystem. So for example:

A: "src\B" "out\C"
touch $@
out\C:
mkdir out
touch $@

leads to:
Fatal: '"out\C"' does not exist - don't know how to make it

This happens even with the `-N` option, and is different behavior from
Microsoft NMake which documents the feature of [quoted filepaths][1].

Commit cb663908 quoted all dependency filepaths, in case they are used
in a out-of-source build. The quoting is not done for target names,
however, which implies that the build directory is still expected to not
have spaces. It follows that we only need to quote non-generated source
files in dependency lists, since generated source files will be created
in the build directory.

Change the logic accordingly as a workaround, so that it works at least
for in-source builds with C++Builder's `make.exe`.

[1]: https://docs.microsoft.com/cpp/build/reference/long-filenames-in-a-makefile?view=msvc-160

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13540)

show more ...

Generalize delimiter in archiver response file

While [`lib.exe` of MSVC][1] expects newline-delimited response file
lines, [`tlib.exe` of C++Builder][2] expects lines to end with `&` in

Generalize delimiter in archiver response file

While [`lib.exe` of MSVC][1] expects newline-delimited response file
lines, [`tlib.exe` of C++Builder][2] expects lines to end with `&` in
order to read the next line.

[1]: https://docs.microsoft.com/cpp/build/reference/running-lib?view=msvc-160#lib-command-files
[2]: http://docwiki.embarcadero.com/RADStudio/Sydney/en/TLIB.EXE,_the_Library_Manager#Response_Files

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13540)

show more ...

Avoid space between "-I" and include directory

The space is problematic with C++Builder (`bcc32.exe`). MSVC (`cl.exe`)
doesn't care.

Reviewed-by: Richard Levitte <levitte@openss

Avoid space between "-I" and include directory

The space is problematic with C++Builder (`bcc32.exe`). MSVC (`cl.exe`)
doesn't care.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13540)

show more ...

Move VS Tools configuration to VC-common target

The Windows toolchain is composed of utilites from both the Windows SDK
and the Visual Studio Build Tools. Move the configuration of the l

Move VS Tools configuration to VC-common target

The Windows toolchain is composed of utilites from both the Windows SDK
and the Visual Studio Build Tools. Move the configuration of the latter
utilities into the `VC-common` template inside `10-main.conf`, while
leaving the former utilities in `BASE_Windows`. This allows for other
Windows compilers to be configured inheriting from `BASE_Windows`.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13540)

show more ...

Avoid "&&" in windows-makefile.tmpl

The `make.exe` utility shipped with Embarcadero C++Builder has a special
meaning for the [`&&` operator in commands][1]. This meaning is retained

Avoid "&&" in windows-makefile.tmpl

The `make.exe` utility shipped with Embarcadero C++Builder has a special
meaning for the [`&&` operator in commands][1]. This meaning is retained
even in Microsoft NMake compatibility mode (`make -N`). Split all
commands using this shell (`cmd.exe`) operator into two commands.

[1]: http://docwiki.embarcadero.com/RADStudio/Sydney/en/MAKE_Rules_(Explicit_and_Implicit)_and_Commands#MAKE_Command_Operators

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13540)

show more ...

Add test for the IV handling of DES based ciphers

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14882)

Do IV reset also for DES and 3DES implementations

Fixes #14704

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14882)

Change the default MANSUFFIX

We now use the MANSUFFIX "ossl" by default.

Fixes #14318

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@o

Change the default MANSUFFIX

We now use the MANSUFFIX "ossl" by default.

Fixes #14318

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14847)

show more ...

Add DHX FIPS 186-4 domain parameter validation example

Fixes #14369

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14896)

CORE: pre-populate the namemap with legacy OIDs too

This also pre-populates the namemap with names derived from the
internal EVP_PKEY_ASN1_METHODs. This requires attention, as they

CORE: pre-populate the namemap with legacy OIDs too

This also pre-populates the namemap with names derived from the
internal EVP_PKEY_ASN1_METHODs. This requires attention, as they
contain aliases that we may want (RSA == rsaEncryption), as well as
aliases that we absolutely do not want (SM2 == EC).

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14498)

show more ...

TEST: Use OSSL_MAX_NAME_SIZE instead of arbitrary number of mdname

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14498)

CORE: Register all legacy "names" when generating the initial namemap

When generating the initial namemap from EVP cipher and digest names,
we din't do it quite as thoroughly as necessar

CORE: Register all legacy "names" when generating the initial namemap

When generating the initial namemap from EVP cipher and digest names,
we din't do it quite as thoroughly as necessary, which meant that so
called "long names" weren't necessarily registered, and if anyone ever
tried to check the algorithm of an EVP_CIPHER or EVP_MD using a so
called "long name" would fail.

This doesn't deal with the fact that "long names" have a distinct role
as human readable descriptors, useful for printouts. Further changes
are necessary to deal with this.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14498)

show more ...

Modify OBJ_nid2sn(OBJ_obj2nid(...)) occurences to use OBJ_obj2txt()

The intention is to allow for OIDs for which libcrypto has no
information, but are still fetchable for OSSL_ALGORITHM

Modify OBJ_nid2sn(OBJ_obj2nid(...)) occurences to use OBJ_obj2txt()

The intention is to allow for OIDs for which libcrypto has no
information, but are still fetchable for OSSL_ALGORITHM
implementations that specify an OID amongst their names.

Fixes #14278

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14498)

show more ...

TEST: Modify how the retrieved digest name for SM2 digestsign is checked

Because of aliases, retrieved names won't always match one specific
string. A safer way to check is to fetch the

TEST: Modify how the retrieved digest name for SM2 digestsign is checked

Because of aliases, retrieved names won't always match one specific
string. A safer way to check is to fetch the digest from the
retrieved name and check it's the expected one with the help of
EVP_MD_is_a().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14498)

show more ...

TEST: Modify testutil's run_tests to display NOSUBTEST cases individually

When test cases were added with ADD_ALL_TESTS_NOSUBTEST(), all those
iteration verdicts were summarized as if it

TEST: Modify testutil's run_tests to display NOSUBTEST cases individually

When test cases were added with ADD_ALL_TESTS_NOSUBTEST(), all those
iteration verdicts were summarized as if it was one single case. This
modification gets each iteration verdict displayed separately instead.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14498)

show more ...

TEST: Modify test/evp_fetch_prov_test.c to also fetch by OID

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14498)

PROV: Add OIDs we know to all provider applicable algorithms

The OIDs were extracted with the help of libcrypto's ASN1 OID database.

While doing this, we move all the names strings

PROV: Add OIDs we know to all provider applicable algorithms

The OIDs were extracted with the help of libcrypto's ASN1 OID database.

While doing this, we move all the names strings to macro definitions,
to avoid duplication and conflicting names declarations. Those macros
are all in providers/implementations/include/prov/names.h

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14498)

show more ...

Add "origin" field to EVP_CIPHER, EVP_MD

Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch,
or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle

Add "origin" field to EVP_CIPHER, EVP_MD

Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch,
or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all
three origins. The flag is deliberately right before some function pointers,
so that compile-time failures (int/pointer) will occur, as opposed to
taking a bit in the existing "flags" field. The "global variable" flag
is non-zero, so the default case of using OPENSSL_zalloc (for provider
ciphers), will do the right thing. Ref-counting is a no-op for
Make up_ref no-op for global MD and CIPHER objects

Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as
the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate
EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add
EVP_CIPHER_CTX_get1_CIPHER().

Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common
evp_md_free_int() function.
Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common
evp_cipher_free_int() function.

Also change some flags tests to explicit test == or != zero. E.g.,
if (flags & x) --> if ((flags & x) != 0)
if (!(flags & x)) --> if ((flags & x) == 0)
Only done for those lines where "get0_cipher" calls were made.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14193)

show more ...

Standard style for all EVP_xxx_free routines

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/o

Standard style for all EVP_xxx_free routines

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14193)

show more ...