Add RFC5297 AES-SIV support

Based originally on github.com/dfoxfranke/libaes_siv

This creates an SIV128 mode that uses EVP interfaces for the CBC, CTR
and CMAC code to reduce co

Add RFC5297 AES-SIV support

Based originally on github.com/dfoxfranke/libaes_siv

This creates an SIV128 mode that uses EVP interfaces for the CBC, CTR
and CMAC code to reduce complexity at the cost of perfomance. The
expected use is for short inputs, not TLS-sized records.

Add multiple AAD input capacity in the EVP tests.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3540)

show more ...

Configure: fix the version string in the configure output

Since `$config{version}` and `$config{version_num}` were removed
in commit 3a63dbef15b6, the configure output displays an empty

Configure: fix the version string in the configure output

Since `$config{version}` and `$config{version_num}` were removed
in commit 3a63dbef15b6, the configure output displays an empty
version number string in parentheses instead of the version number.

This pull request fixes that by adding new config variables
`version` and `full_version`, analogous to `OPENSSL_VERSION_STR`
and `OPENSSL_FULL_VERSION_STR`.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7841)

show more ...

Configure Kernel TLS datapath

Allow users to disable ktls using the "no-ktls" option.
Also, disable ktls when cross-compiling, non-linux, or too-old-kernel.

Signed-off-by: Boris

Configure Kernel TLS datapath

Allow users to disable ktls using the "no-ktls" option.
Also, disable ktls when cross-compiling, non-linux, or too-old-kernel.

Signed-off-by: Boris Pismenny <borisp@mellanox.com>

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5253)

show more ...

Following the license change, modify the boilerplates in last few

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/783

Following the license change, modify the boilerplates in last few

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7836)

show more ...

Refactor the computation of API version limits

Previously, the API version limit was indicated with a numeric version
number. This was "natural" in the pre-3.0.0 because the version was

Refactor the computation of API version limits

Previously, the API version limit was indicated with a numeric version
number. This was "natural" in the pre-3.0.0 because the version was
this simple number.

With 3.0.0, the version is divided into three separate numbers, and
it's only the major number that counts, but we still need to be able
to support pre-3.0.0 version limits.

Therefore, we allow OPENSSL_API_COMPAT to be defined with a pre-3.0.0
style numeric version number or with a simple major number, i.e. can
be defined like this for any application:

-D OPENSSL_API_COMPAT=0x10100000L
-D OPENSSL_API_COMPAT=3

Since the pre-3.0.0 numerical version numbers are high, it's easy to
distinguish between a simple major number and a pre-3.0.0 numerical
version number and to thereby support both forms at the same time.

Internally, we define the following macros depending on the value of
OPENSSL_API_COMPAT:

OPENSSL_API_0_9_8
OPENSSL_API_1_0_0
OPENSSL_API_1_1_0
OPENSSL_API_3

They indicate that functions marked for deprecation in the
corresponding major release shall not be built if defined.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)

show more ...

Configure: allow building without things deprecated up to and including v3.0

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>

Configure: allow building without things deprecated up to and including v3.0

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)

show more ...

Switch to MAJOR.MINOR.PATCH versioning and version 3.0.0-dev

We're strictly use version numbers of the form MAJOR.MINOR.PATCH.
Letter releases are things of days past.

The most

Switch to MAJOR.MINOR.PATCH versioning and version 3.0.0-dev

We're strictly use version numbers of the form MAJOR.MINOR.PATCH.
Letter releases are things of days past.

The most central change is that we now express the version number with
three macros, one for each part of the version number:

OPENSSL_VERSION_MAJOR
OPENSSL_VERSION_MINOR
OPENSSL_VERSION_PATCH

We also provide two additional macros to express pre-release and build
metadata information (also specified in semantic versioning):

OPENSSL_VERSION_PRE_RELEASE
OPENSSL_VERSION_BUILD_METADATA

To get the library's idea of all those values, we introduce the
following functions:

unsigned int OPENSSL_version_major(void);
unsigned int OPENSSL_version_minor(void);
unsigned int OPENSSL_version_patch(void);
const char *OPENSSL_version_pre_release(void);
const char *OPENSSL_version_build_metadata(void);

Additionally, for shared library versioning (which is out of scope in
semantic versioning, but that we still need):

OPENSSL_SHLIB_VERSION

We also provide a macro that contains the release date. This is not
part of the version number, but is extra information that we want to
be able to display:

OPENSSL_RELEASE_DATE

Finally, also provide the following convenience functions:

const char *OPENSSL_version_text(void);
const char *OPENSSL_version_text_full(void);

The following macros and functions are deprecated, and while currently
existing for backward compatibility, they are expected to disappear:

OPENSSL_VERSION_NUMBER
OPENSSL_VERSION_TEXT
OPENSSL_VERSION
OpenSSL_version_num()
OpenSSL_version()

Also, this function is introduced to replace OpenSSL_version() for all
indexes except for OPENSSL_VERSION:

OPENSSL_info()

For configuration, the option 'newversion-only' is added to disable all
the macros and functions that are mentioned as deprecated above.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)

show more ...

Configure: recognize div3w modules and add -DBN_DIV3W.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/open

Configure: recognize div3w modules and add -DBN_DIV3W.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7589)

show more ...

Configuration: only include shared_sources in dirinfo in shared config

Without this precaution, we end up having directory targets depend on
shlib object files for which there are no rul

Configuration: only include shared_sources in dirinfo in shared config

Without this precaution, we end up having directory targets depend on
shlib object files for which there are no rules.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7644)

show more ...

Simplify the processing of skipped source directories

We kept a number of arrays of directory names to keep track of exactly
which directories to look for build.info. Some of these had

Simplify the processing of skipped source directories

We kept a number of arrays of directory names to keep track of exactly
which directories to look for build.info. Some of these had the extra
function to hold the directories to actually build.

With the added SUBDIRS keyword, these arrays are no longer needed.
The logic for skipping certain directories needs to be kept, though.
That is now very much simplified, and is made opportunistic.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7558)

show more ...

Collapse different classes of macro databases

We have $config{openssl_algorithm_defines}, $config{openssl_other_defines}
and $config{openssl_thread_defines}. These are treated exactly t

Collapse different classes of macro databases

We have $config{openssl_algorithm_defines}, $config{openssl_other_defines}
and $config{openssl_thread_defines}. These are treated exactly the same
in include/openssl/opensslconf.h.in, so having them separated into three
different databases isn't necessary, the reason for the separation being
long gone. Therefore, we collapse them into one and the same,
$config{openssl_feature_defines}.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7558)

show more ...

Build: make it possibly to specify subdirs in build.info

This adds a keyword SUBDIRS for build.info, to be used like this:

SUBDIRS=foo bar

This tells Configure that it

Build: make it possibly to specify subdirs in build.info

This adds a keyword SUBDIRS for build.info, to be used like this:

SUBDIRS=foo bar

This tells Configure that it should look for 'build.info' in the
relative subdirectories 'foo' and 'bar' as well.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7558)

show more ...

Build: make it possible to assign macro definitions for specific outputs

Sometimes, some specific program or object file might need an extra
macro definition of its own. This allows tha

Build: make it possible to assign macro definitions for specific outputs

Sometimes, some specific program or object file might need an extra
macro definition of its own. This allows that to be easily done.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7553)

show more ...

GMAC implementation
Remove GMAC demo program because it has been superceded by the EVP MAC one

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/open

GMAC implementation
Remove GMAC demo program because it has been superceded by the EVP MAC one

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7548)

show more ...

Configure: ensure empty arrays aren't created inadvertently

Just refering to a hash table element as an array reference will
automatically create that element. Avoid that by defaulting

Configure: ensure empty arrays aren't created inadvertently

Just refering to a hash table element as an array reference will
automatically create that element. Avoid that by defaulting to
a separate empty array reference.

Fixes #7543

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7544)

show more ...

Configuration: when building the dirinfo structure, include shared_sources

This makes sure that any resulting directory target in the build files
also depend on object files meant for sh

Configuration: when building the dirinfo structure, include shared_sources

This makes sure that any resulting directory target in the build files
also depend on object files meant for shared libraries.

As a side effect, we move the production of the dirinfo structure from
common.tmpl to Configure, to make it easier to check the result.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7452)

show more ...

Configure: Improve warning if no random seed source was configured

The new Configure summary box (41349b5e6db) now hides the warning
about the missing seed source (2805ee1e095) too much.

Configure: Improve warning if no random seed source was configured

The new Configure summary box (41349b5e6db) now hides the warning
about the missing seed source (2805ee1e095) too much. To make it
more visible again, add warning markers.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7509)

show more ...

Configure: Reword the summary output

In commit 820e414d2830 (pr #5247) the summary output of the
Configure command was optimized towards instructing people
how to create issue report

Configure: Reword the summary output

In commit 820e414d2830 (pr #5247) the summary output of the
Configure command was optimized towards instructing people
how to create issue reports.

It turned out that the wording of this message can confuse new
OpenSSL users and make them think that they are seeing an error
message. This commit makes the summary output start with a success
to prevent a misunderstanding. Also it gives more hints to new
OpenSSL users.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7499)

show more ...

Configure: use correct variable to infer the .ld file location

We didn't notice the error because it all happened in the top directory.
Now that we use .ld files in subdirectories, the b

Configure: use correct variable to infer the .ld file location

We didn't notice the error because it all happened in the top directory.
Now that we use .ld files in subdirectories, the bug became apparent.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7347)

show more ...

Refactor linker script generation

The generation of linker scripts was badly balanced, as all sorts of
platform dependent stuff went into the top build.info, when that part
should re

Refactor linker script generation

The generation of linker scripts was badly balanced, as all sorts of
platform dependent stuff went into the top build.info, when that part
should really be made as simply and generic as possible.

Therefore, we move a lot of the "magic" to the build files templates,
since they are the place for platform dependent things. What remains
is to parametrize just enough in the build.info file to generate the
linker scripts correctly for each associated library.

"linker script" is a term usually reserved for certain Unix linkers.
However, we only use them to say what symbols should be exported, so
we use the term loosely for all platforms. The internal extension is
'.ld', and is changed by the build file templates as appropriate for
each target platform.

Note that this adds extra meaning to the value of the shared_target
attribute.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7333)

show more ...

Configure: Name object files according to the product they are part of

This will allow to have different object files for different products,
even if they share the same source code, and

Configure: Name object files according to the product they are part of

This will allow to have different object files for different products,
even if they share the same source code, and possibly different builds
for those different object files.

For example, one can have something like this:

SOURCES[libfoo]=cookie.c
INCLUDES[libfoo]=include/foo
SOURCES[libbar]=cookie.c
INCLUDES[libbar]=include/bar

This would mean that the object files and libraries would be build
somewhat like this:

$(CC) -Iinclude/foo -o libfoo-lib-cookie.o cookie.c
$(AR) $(ARFLAGS) libfoo.a libfoo-lib-cookie.o
$(CC) -Iinclude/bar -o libbar-lib-cookie.o cookie.c
$(AR) $(ARFLAGS) libbar.a libbar-lib-cookie.o

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7159)

show more ...

Configure: DON'T trickle down includes from products to sources

Instead, use the include settings from the products later in the process,
making it possible to have different includes fo

Configure: DON'T trickle down includes from products to sources

Instead, use the include settings from the products later in the process,
making it possible to have different includes for two different libraries
that share the same source code.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7159)

show more ...

Configure: don't probe for --noexecstack assembler option on Darwin.

The option has no meaning on Darwin, but it can bail out in combination
with -fembed-bitcode or -no-integrated-as...

Configure: don't probe for --noexecstack assembler option on Darwin.

The option has no meaning on Darwin, but it can bail out in combination
with -fembed-bitcode or -no-integrated-as...

Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...

Configure: warn when 'none' is the chosen seed source

Fixes #6980

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl

Configure: warn when 'none' is the chosen seed source

Fixes #6980

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6981)

show more ...

Turn on TLSv1.3 downgrade protection by default

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/

Turn on TLSv1.3 downgrade protection by default

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6741)

show more ...