Commit graph

168 commits

Author SHA1 Message Date
Matt Caswell
d030892312 Add a legacy provider and put MD2 in it
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8541)
2019-04-09 10:24:43 +01:00
Matt Caswell
e75455173b Add a no-fips Configure option
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8537)
2019-04-04 23:09:47 +01:00
Richard Levitte
706b6333a6 Document the 'no-module' configuration option
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8665)
2019-04-04 12:56:57 +02:00
Richard Levitte
31b6ed76df Rework DSO API conditions and configuration option
'no-dso' is meaningless, as it doesn't get any macro defined.
Therefore, we remove all checks of OPENSSL_NO_DSO.  However, there may
be some odd platforms with no DSO scheme.  For those, we generate the
internal macro DSO_NONE aand use it.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/#8622)
2019-04-01 06:14:50 +02:00
Dr. Matthias St. Pierre
6bc62a620e Configure: disable new trace api by default
Fixes #8472

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8474)
2019-03-14 10:32:58 +01:00
Richard Levitte
284d19c2ce Add advice on setting CXX at the same time as CC
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8370)
2019-03-05 09:26:13 +01:00
Richard Levitte
ac4033d658 Configure: make C++ build tests optional and configurable
Disabled by default

Fixes #8360

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8370)
2019-03-05 09:26:13 +01:00
Richard Levitte
469ce8ff48 Deprecate the "hw" configuration options, make "padlockeng" disablable
The "hw" and "hw-.*" style options are historical artifacts, sprung
from the time when ENGINE was first designed, with hardware crypto
accelerators and HSMs in mind.

Today, these options have largely lost their value, replaced by
options such as "no-{foo}eng" and "no-engine".

This completes the transition by making "hw" and "hw-.*" deprecated,
but automatically translated into more modern variants of the same.

In the process, we get rid of the last regular expression in
Configure's @disablables, a feature that was ill supported anyway.
Also, padlock now gets treated just as every other engine.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8380)
2019-03-05 08:46:51 +01:00
Richard Levitte
62b563b9df Better phrasing around 1.1.0
Fixes #8129

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8130)
2019-01-31 16:48:00 +01:00
Matt Caswell
41999e7d35 Introduce a no-pinshared option
This option prevents OpenSSL from pinning itself in memory.

Fixes #7598

[extended tests]

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7647)
2019-01-04 13:19:39 +00:00
Todd Short
b1ceb439f2 Add RFC5297 AES-SIV support
Based originally on github.com/dfoxfranke/libaes_siv

This creates an SIV128 mode that uses EVP interfaces for the CBC, CTR
and CMAC code to reduce complexity at the cost of perfomance. The
expected use is for short inputs, not TLS-sized records.

Add multiple AAD input capacity in the EVP tests.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3540)
2018-12-12 08:16:10 +10:00
Eneas U de Queiroz
eb3fe0ee54 INSTALL: add note about devcrypto engine
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7585)
2018-12-10 13:19:26 +01:00
Boris Pismenny
69495e3df5 Configure Kernel TLS datapath
Allow users to disable ktls using the "no-ktls" option.
Also, disable ktls when cross-compiling, non-linux, or too-old-kernel.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)
2018-12-07 11:25:45 +00:00
agnosticdev
46d085096c typo-fixes: miscellaneous typo fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7277)
2018-09-21 23:55:22 +02:00
Matt Caswell
9f22c52723 Turn on TLSv1.3 downgrade protection by default
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6741)
2018-08-15 12:33:30 +01:00
Andy Polyakov
f44d7e8b47 INSTALL,NOTES.ANDROID: minor updates.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6866)
2018-08-07 08:53:12 +02:00
Andy Polyakov
f529b5cf05 INSTALL,NOTES.WIN: classify no-asm as non-production option.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6773)
2018-07-25 15:47:12 +02:00
Matt Caswell
95aec8641f Document no-sm2
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6532)
2018-06-21 10:14:06 +01:00
Rich Salz
630fe1da88 Improve wording
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6413)
2018-06-05 11:18:16 -04:00
Rich Salz
886c2e614f Make OS/X more explicit, to avoid questions
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6404)
2018-06-02 14:57:34 -04:00
Richard Levitte
b501ab6bee INSTALL: Provide better documentation for enable-ec_nistp_64_gcc_128
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6328)
2018-05-23 11:57:04 +02:00
Kurt Roeckx
148796291e Add support for getrandom() or equivalent system calls and use them by default
Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
GH: #5910
2018-04-22 20:16:02 +02:00
Bernd Edlinger
dbabc86296 Add a config option to disable automatic config loading
./config no-autoload-config

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5959)
2018-04-17 16:33:15 +02:00
Dr. Matthias St. Pierre
a73d990e2b Add documentation for the RAND_DRBG API
The RAND_DRBG API was added in PR #5462 and modified by PR #5547.
This commit adds the corresponding documention.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5461)
2018-03-30 00:10:38 +02:00
Andy Polyakov
f39276fdff Add NOTES.ANDROID.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5613)
2018-03-19 14:31:30 +01:00
Richard Levitte
ec4c389108 Clarify a couple of details around "make variables"
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5660)
2018-03-19 07:18:56 +01:00
Richard Levitte
80f2787717 INSTALL: Add a note about backward compatibility and "make variables"
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5641)
2018-03-16 12:52:06 +01:00
Richard Levitte
b92013602b Configure: disallow the mixture of compiling flags and env / make variables
Note that this might give surprising results if someone forgets an environment
variable that has been set previously.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5534)
2018-03-08 17:24:02 +01:00
Matt Caswell
034d55cd5c Some minor tweaks following TLSv1.3 becoming default
Fix a typo in INSTALL and update the link in CHANGES

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5329)
2018-02-12 14:56:45 +00:00
Matt Caswell
f518cef40c Enable TLSv1.3 by default
[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5266)
2018-02-07 21:34:18 +00:00
Peter Meerwald-Stadler
85d6ad34aa Configure: Fix configdata.pm shorthand for --dump, should be -d
INSTALL: Mention 'aria' algorithm for no-<alg>

Signed-off-by: Peter Meerwald-Stadler <pmeerw@pmeerw.net>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5215)
2018-01-31 10:16:51 +10:00
Richard Levitte
bf01fbbf31 Add a 'reconfigure' make target
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5197)
2018-01-30 12:04:21 +01:00
Richard Levitte
917a1b2e06 Document the use of configdata.pm as a script
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5185)
2018-01-29 21:56:48 +01:00
nickthetait
1af66bb724 Create troubleshooting subsection in INSTALL file
Fixes: #5130

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5178)
2018-01-28 20:15:23 +01:00
Richard Levitte
5b18235a18 Processing GNU-style "make variables" - implementation
Support the following "make variables":

AR              (GNU compatible)
ARFLAGS         (GNU Compatible)
AS              (GNU Compatible)
ASFLAGS         (GNU Compatible)
CC              (GNU Compatible)
CFLAGS          (GNU Compatible)
CXX             (GNU Compatible)
CXXFLAGS        (GNU Compatible)
CPP             (GNU Compatible)
CPPFLAGS        (GNU Compatible)
CPPDEFINES      List of CPP macro definitions.  Alternative for -D
CPPINCLUDES     List of CPP inclusion directories.  Alternative for -I
HASHBANGPERL    Perl invocation to be inserted after '#!' in public
                perl scripts.
LDFLAGS         (GNU Compatible)
LDLIBS          (GNU Compatible)
RANLIB          Program to generate library archive index
RC              Program to manipulate Windows resources
RCFLAGS         Flags for $(RC)
RM              (GNU Compatible)

Setting one of these overrides the corresponding data from our config
targets.  However, flags given directly on the configuration command
line are additional, and are therefore added to the flags coming from
one of the variables above or the config target.

Fixes #2420

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5177)
2018-01-28 07:26:11 +01:00
Richard Levitte
e7a2066944 Document how the configuration option 'reconf' works
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4818)
2017-12-08 00:36:21 +01:00
Richard Levitte
1786733e51 Document the possibility for command line argument env assignments
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4818)
2017-12-08 00:36:21 +01:00
Ronald Tse
67e247fad1 SM3: restructure to EVP internal and update doc to right location
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4616)
2017-11-06 07:21:15 +08:00
Jack Lloyd
a0c3e4fa90 SM3: Add SM3 hash function
SM3 is a secure hash function which is part of the Chinese
"Commercial Cryptography" suite of algorithms which use is
required for certain commercial applications in China.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4616)
2017-11-06 07:21:11 +08:00
Ronald Tse
f19a5ff9ab SM4: Add SM4 block cipher to EVP
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4552)
2017-10-31 15:19:14 +10:00
Matt Caswell
0a8ddc17f5 Fix description of how to report a bug in INSTALL
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4259)
2017-08-25 14:16:20 +01:00
Matt Caswell
219b4643e4 Clarify the meaning of no-stdio in INSTALL
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4259)
2017-08-25 14:14:27 +01:00
Benjamin Kaduk
cf34d54d82 drop some no-longer-relevant TODO(TLS1.3) entries
We prevent compression both when the server is parsing the ClientHello
and when the client is constructing the ClientHello.  A 1.3 ServerHello
has no way to hand us back a compression method, and we already check
that the server does not try to give us back a compression method that
we did not request, so these checks seem sufficient.

Weaken the INSTALL note slightly, as we do now expect to interoperate
with other implementations.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3131)
2017-06-12 09:19:05 +01:00
Paul Yang
a74341f9f9 Fix typo in INSTALL file
recocognised -> recognised

CLA: trivial

Signed-off-by: Paul Yang <paulyang.inf@gmail.com>

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3470)
2017-05-17 20:22:32 +02:00
Richard Levitte
62f218cb8d INSTALL: Remind people to read more if they added configuration options
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3469)
2017-05-15 15:00:05 +02:00
Richard Levitte
a3cb4cfc6a INSTALL: clarify a bit more how Configure treats "unknown" options
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3468)
2017-05-15 14:51:07 +02:00
Matt Caswell
3556b83ea2 Make the TLSv1.3 downgrade mechanism a configurable option
Make it disabled by default. When TLSv1.3 is out of draft we can remove
this option and have it enabled all the time.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022)
2017-03-24 14:07:11 +00:00
Richard Levitte
d063132737 Document how to select / deselect test group numbers
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2892)
2017-03-10 19:12:44 +01:00
Richard Levitte
45632ee3bb Add NOTES.UNIX, with a description on how to deal with runpaths
[skip ci]

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2818)
2017-03-02 07:33:27 +01:00
Todd Short
3f5616d734 Add support for parameterized SipHash
The core SipHash supports either 8 or 16-byte output and a configurable
number of rounds.
The default behavior, as added to EVP, is to use 16-byte output and
2,4 rounds, which matches the behavior of most implementations.
There is an EVP_PKEY_CTRL that can control the output size.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2216)
2017-02-01 14:14:36 -05:00