Some primitives are designed to be used in a multi-threaded environment,
if supported, e.g., Argon2.
This patch adds support for preemptive threading and basic synchronization
primitives for platforms compliant with POSIX threads or Windows CRT.
Native functions are wrapped to provide a common (internal) API.
Threading support can be disabled at compile time. If enabled, threading
is disabled by default and needs to be explicitly enabled by the user.
Thread enablement requires an explicit limit on the number of threads that
OpenSSL may spawn (non-negative integer/infinity). The limit may be changed.
Signed-off-by: Čestmír Kalina <ckalina@redhat.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12255)
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/19262)
CLA: trivial
Actually there is no option called `no-{ssl|tls|tls1_3|dtls}-method`.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18872)
Supports Linux, MacOS and FreeBSD
Disabled by default, enabled via `enabled-tfo`
Some tests
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8692)
Looks more like manpage format. :)
Also remove `{{..}}` notation and rewrite around it.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16329)
Different tests may use unexpectedly different versions of perl,
depending on whether they hardcode the path to the perl executable or if
they resolve the path from the environment. This fixes it so that the
same perl is always used.
Fix some trailing whitespace and spelling mistakes as well.
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16362)
And document the -w option
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16325)
Describe current relationship between config and Configure.
Put the environment variable list in alphabetical order.
Add description of KERNEL_BITS.
Add new variable CONFIG_NOWAIT.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16325)
There doesn't appear to be a good reason to omit protocol message tracing by default.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15665)
Use it in the automated workflows.
Fixes: #15247
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15248)
A pair of the disabled string checks were incorrect.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15082)
Note that configuration and installation procedure has changed:
- The FIPS provider is now disabled by default and needs to
be enabled by configuring with `enable-fips`.
- If the FIPS provider is enabled, it gets installed automatically.
There is no extra installation step required anymore.
This is more natural and coincides with the expectation of the
user, namely "what's configured, gets installed".
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13684)
Some requirements and build hints for assembler modules compilation were
moved from doc/man3/OPENSSL_ia32cap.pod to INSTALL.md.
Fixes#14674
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14683)
In many locations, the files have been converted to markdown
syntactically, but don't utilize the power of markdown yet.
Here, instead of just repeating the file name, the markdown link
now shows the title of the document.
Additionally, the notes are now reference in the same order in both
the README and the INSTALL file.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14042)
Some of the notes and readme files have been converted to markdown
format recently and renamed during this process. While adding the
.md extension was a natural step, switching to mixed cases was not
a change to the better, it gives them a ragged appearance:
NOTES.ANDROID => NOTES-Android.md
NOTES.DJGPP => NOTES-DJGPP.md
NOTES.PERL => NOTES-Perl.md
NOTES.UNIX => NOTES-Unix.md
NOTES.VMS => NOTES-VMS.md
NOTES.VALGRIND => NOTES-Valgrind.md
NOTES.WIN => NOTES-Windows.txt
README.ENGINE => README-Engine.md
README.FIPS => README-FIPS.md
Moreover, the NOTES-Windows.txt file is the only file which has been
converted to markdown but has received a .txt file extension.
This doesn't make sense, because the OpenSSL users on Windows will
need to read the other markdown documents as well. Since they are
developers, we can trust them to be able to associate their favorite
editor with the .md extension.
In fact, having a comment at the beginning of the file saying that it
is in markdown format but we didn't dare to add the correct extension
in order not to overwhelm our Windows users can be interpreted either
as unintentionally funny or disrespectful ;-)
This commit suggests the following more consistent renaming:
NOTES.ANDROID => NOTES-ANDROID.md
NOTES.DJGPP => NOTES-DJGPP.md
NOTES.PERL => NOTES-PERL.md
NOTES.UNIX => NOTES-UNIX.md
NOTES.VMS => NOTES-VMS.md
NOTES.VALGRIND => NOTES-VALGRIND.md
NOTES.WIN => NOTES-WINDOWS.md
README.ENGINE => README-ENGINES.md
README.FIPS => README-FIPS.md
(note the plural in README-ENGINES, anticipating a README-PROVIDERS)
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14042)
CLA: trivial
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12320)
Make the improved semantics of VFO replace the previous VF and remove VFO
Add warnings about overriding use of HARNESS_VERBOSE* variables
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12279)
Change default FIPS HMAC KEY from all-zero's
Use default FIPSKEY if not given on command line.
Make all -macopt in fipsinstall optional
Make all tests, except fipsinstall, use the default -macopt and
-mac_name flags.
Define and use FIPSDIR variable on VMS/MMS.
Also use SRCDIR/BLDDIR in SRCTOP/BLDTOP.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12235)
'config' is now a mere wrapper for backward compatibility.
All documentation is changed accordingly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
We have a notational convention in INSTALL.md, which says this among
others:
> Any line starting with a dollar sign is a command line.
>
> $ command
>
> The dollar sign indicates the shell prompt and is not to be entered as
> part of the command.
That notation exists to make it clear what is a command line and
what's output from that command line.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12257)
For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be
performed. (See https://github.com/usnistgov/ACVP). These tests are very similiar to the old CAVS tests.
This PR uses a hardwired subset of these test vectors to perform similiar operations,
to show the usage and prove that the API's are able to perform the required operations.
It may also help with communication with the lab (i.e- The lab could add a test here to show
a unworking use case - which we can then address).
The EVP layer performs these tests instead of calling lower level API's
as was done in the old FOM.
Some of these tests require access to internals that are not normally allowed/required.
The config option 'acvp_tests' (enabled by default) has been added so that this
access may be removed.
The mechanism has been implemented as additional OSSL_PARAM values that can be set and get.
A callback mechanism did not seem to add any additional benefit.
These params will not be added to the gettables lists.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11572)
The main fixes were errors in itemized lists "*)" instead of "*"
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11770)
The UI interface itself is never disabled, but the console backend may
be. 'no-ui' is a deprecated backward compatibility alias for
'no-ui-console'.
Fixes#11551
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11553)
Todd Short
Čestmír Kalina
Thiago Suchorski
Slanterns
Tomas Mraz
Dimitris Apostolou
Orr Toledano
Rich Salz
a1346054
Arran Cudbard-Bell
Pauli
Dr. Matthias St. Pierre
Andrey Matyukov
Richard Levitte
Pauli
Dr. David von Oheimb
Liang Liu
Tomas Mraz
Shane Lontis
Pauli
Gustaf Neumann
Jean-Christophe Fillion-Robin