Add debuginfo build target

In the webinar we are currently producing on debugging openssl
applications, we talk about ways to allow debugable binaries without
having to ship all the

Add debuginfo build target

In the webinar we are currently producing on debugging openssl
applications, we talk about ways to allow debugable binaries without
having to ship all the debug DWARF information to production systems.

Add an optional target to do that DWARF separation to aid users

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25174)

show more ...

jitter: add a new provider containing a jitter entropy source alone

This entropy source can be used instead of SEED-SRC. Sample
openssl.cnf configuration is provided. It is built as a se

jitter: add a new provider containing a jitter entropy source alone

This entropy source can be used instead of SEED-SRC. Sample
openssl.cnf configuration is provided. It is built as a separate
provider, because it is likely to require less frequent updates than
fips provider. The same build likely can span multiple generations of
FIPS 140 standard revisions.

Note that rand-instances currently chain from public/private instances
to primary, prior to consuming the seed. Thus currently a unique ESV
needs to be obtained, and resue of jitterentropy.a certificate is not
possible as is. Separately a patch will be sent to allow for
unchaining public/private RAND instances for the purpose of reusing
ESV.

Also I do wonder if it makes sense to create a fips variant of stock
SEED-SRC entropy source, which in addition to using getrandom() also
verifies that the kernel is operating in FIPS mode and thus is likely
a validated entropy source. As in on Linux, check that
/proc/sys/crypto/fips_enabled is set to 1, and similar checks on
Windows / MacOS and so on.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24844)

show more ...

Security hardening: Expose Build flags for Position Independed Execution (PIE)

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged fr

Security hardening: Expose Build flags for Position Independed Execution (PIE)

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22596)

show more ...

Add ZSTD compression support (RFC8478bis)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/

Add ZSTD compression support (RFC8478bis)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18186)

show more ...

Add brotli compression support (RFC7924)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/p

Add brotli compression support (RFC7924)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18186)

show more ...

Build resource files

We need to compile with [brcc32.exe][1] and link with [ilink32.exe][2].
The latter expects the `.res` files to be given in the final comma-
separated section in

Build resource files

We need to compile with [brcc32.exe][1] and link with [ilink32.exe][2].
The latter expects the `.res` files to be given in the final comma-
separated section in the command line (after the `.def` file).

[1]: http://docwiki.embarcadero.com/RADStudio/Sydney/en/BRCC32.EXE,_the_Resource_Compiler
[2]: http://docwiki.embarcadero.com/RADStudio/Sydney/en/Using_ILINK32_and_ILINK64_on_the_Command_Line#Command-Line_Elements

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13540)

show more ...

Move VS Tools configuration to VC-common target

The Windows toolchain is composed of utilites from both the Windows SDK
and the Visual Studio Build Tools. Move the configuration of the l

Move VS Tools configuration to VC-common target

The Windows toolchain is composed of utilites from both the Windows SDK
and the Visual Studio Build Tools. Move the configuration of the latter
utilities into the `VC-common` template inside `10-main.conf`, while
leaving the former utilities in `BASE_Windows`. This allows for other
Windows compilers to be configured inheriting from `BASE_Windows`.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13540)

show more ...

Improve robustness and performance of building Unix static libraries

This is a fixup of 385deae79f26dd685339d3141a06d04d6bd753cd, which solved #12116

Reviewed-by: Paul Dale <paul.da

Improve robustness and performance of building Unix static libraries

This is a fixup of 385deae79f26dd685339d3141a06d04d6bd753cd, which solved #12116

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12821)

show more ...

Building: Build Unix static libraries one object file at a time

We're hitting problems that the 'ar' command line becomes too long for
some 'make' versions, or the shell it uses.

Building: Build Unix static libraries one object file at a time

We're hitting problems that the 'ar' command line becomes too long for
some 'make' versions, or the shell it uses.

We therefore change the way we create a static library by doing so one
object file at a time. This is slower, but has better guarantees to
work properly on limited systems.

Fixes #12116

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12706)

show more ...

In OpenSSL builds, declare STACK for datatypes ...

... and only *define* them in the source files that need them.
Use DEFINE_OR_DECLARE which is set appropriately for internal builds

In OpenSSL builds, declare STACK for datatypes ...

... and only *define* them in the source files that need them.
Use DEFINE_OR_DECLARE which is set appropriately for internal builds
and not non-deprecated builds.

Deprecate stack-of-block

Better documentation

Move some ASN1 struct typedefs to types.h

Update ParseC to handle this. Most of all, ParseC needed to be more
consistent. The handlers are "recursive", in so far that they are called
again and again until they terminate, which depends entirely on what the
"massager" returns. There's a comment at the beginning of ParseC that
explains how that works. {Richard Levtte}

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10669)

show more ...

Configuration: synchronise the variables on the build file templates

For some reason, we didn't use some of the possible target attributes
in the Unix Makefile template, and there was a

Configuration: synchronise the variables on the build file templates

For some reason, we didn't use some of the possible target attributes
in the Unix Makefile template, and there was a similar but much
smaller lack of use in the Windows makefile template as well.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10753)

show more ...

Configure: final cleanup of asm related things

Remove the *_asm templates in Configurations/00-base-templates.conf,
all attempts to inherit them, and the asm() perl function.

[e

Configure: final cleanup of asm related things

Remove the *_asm templates in Configurations/00-base-templates.conf,
all attempts to inherit them, and the asm() perl function.

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)

show more ...

Move padlock_asm_src file information to build.info files

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)

Move keccak1600_asm_src file information to build.info files

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)

Move poly1305_asm_src file information to build.info files

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)

Move chacha_asm_src file information to build.info files

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)

Move modes_asm_src file information to build.info files

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)

Move cmll_asm_src file information to build.info files

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)

Move wp_asm_src file information to build.info files

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)

Move rc5_asm_src file information to build.info files

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)

Move rmd160_asm_src file information to build.info files

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)

Move rc4_asm_src file information to build.info files

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)

Move cast_asm_src file information to build.info files

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)

Move sha1_asm_src file information to build.info files

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)

Move md5_asm_src file information to build.info files

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)