Remove the possibility to disable the UI module entirely

Instead, make it possible to disable the console reader that's part of
the UI module. This makes it possible to use the UI API a

Remove the possibility to disable the UI module entirely

Instead, make it possible to disable the console reader that's part of
the UI module. This makes it possible to use the UI API and other UI
methods in environments where the console reader isn't useful.

To disable the console reader, configure with 'no-ui-console' /
'disable-ui-console'.

'no-ui' / 'disable-ui' is now an alias for 'no-ui-console' /
'disable-ui-console'.

Fixes #3806

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3820)

show more ...

Drop support for OPENSSL_NO_TLS1_3_METHOD

There are no public TLSv1_3_*method() functions so
OPENSSL_NO_TLS1_3_METHOD doesn't make any sense and should be removed.

Reviewed-by:

Drop support for OPENSSL_NO_TLS1_3_METHOD

There are no public TLSv1_3_*method() functions so
OPENSSL_NO_TLS1_3_METHOD doesn't make any sense and should be removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3800)

show more ...

Add the STORE module

This STORE module adds the following functionality:

- A function OSSL_STORE_open(), OSSL_STORE_load() and OSSL_STORE_close()
that accesses a URI and helps

Add the STORE module

This STORE module adds the following functionality:

- A function OSSL_STORE_open(), OSSL_STORE_load() and OSSL_STORE_close()
that accesses a URI and helps loading the supported objects (PKEYs,
CERTs and CRLs for the moment) from it.
- An opaque type OSSL_STORE_INFO that holds information on each loaded
object.
- A few functions to retrieve desired data from a OSSL_STORE_INFO
reference.
- Functions to register and unregister loaders for different URI
schemes. This enables dynamic addition of loaders from applications
or from engines.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)

show more ...

Add new /dev/crypto engine

Based on cryptodev-linux

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3744)

Configure: give config targets the possibility to enable or disable features

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3745)

Remove non-accurate description in Configure script

For DES and 3DES based ciphers are also enabled by this option.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: R

Remove non-accurate description in Configure script

For DES and 3DES based ciphers are also enabled by this option.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3707)

show more ...

Reorder Configure output

"Configuring..." was displayed with './Configure LIST'. This reorders
the display of that line to happen after the "targets" LIST, TABLE and
HASH have been

Reorder Configure output

"Configuring..." was displayed with './Configure LIST'. This reorders
the display of that line to happen after the "targets" LIST, TABLE and
HASH have been checked.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3702)

show more ...

Remove duplicates from clang_devteam_warnings

Since the clang_devteam_warnings are appended to the gcc_devteam_warnings
when strict-warnings are requested, any items present in both the

Remove duplicates from clang_devteam_warnings

Since the clang_devteam_warnings are appended to the gcc_devteam_warnings
when strict-warnings are requested, any items present in both the gcc
and clang variables will be duplicated in the cflags used for clang builds.
Remove the extra copy from the clang-specific flags in favor of the
gcc_devteam_warnings that are used for all strict-warnings builds.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3239)

show more ...

Add -Wextra to gcc devteam warnings

clang already has it; let's flip the switch and deal with the fallout.
Exclude -Wunused-parameter, as we have many places where we keep unused
par

Add -Wextra to gcc devteam warnings

clang already has it; let's flip the switch and deal with the fallout.
Exclude -Wunused-parameter, as we have many places where we keep unused
parameters to conform to a uniform vtable-like interface.
Also exclude -Wmissing-field-initializers; it's okay to rely on
the standard-mandated behavior of filling out with 0/NULL.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3239)

show more ...

Make it possible to build static-only libraries

The trick is to use the .a extension explicitely in the build.info files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from

Make it possible to build static-only libraries

The trick is to use the .a extension explicitely in the build.info files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3243)

show more ...

Configure: recognize -framework as linker option [on Apple OSes].

This is handy for internal iOS tests, when you have to make it work
in sandbox.

Reviewed-by: Richard Levitte <l

Configure: recognize -framework as linker option [on Apple OSes].

This is handy for internal iOS tests, when you have to make it work
in sandbox.

Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...

Configure: use 5.10.0, don't require...

Configure started with 'require 5.10.0', but if executed by older perl
it failed with "might be runaway multi-line // string" instead of
natur

Configure: use 5.10.0, don't require...

Configure started with 'require 5.10.0', but if executed by older perl
it failed with "might be runaway multi-line // string" instead of
naturally expected "Perl v5.10.0 required--this is only v5.x.y".

Reviewed-by: Richard Levitte <levitte@openssl.org>

show more ...

More typo fixes

Fix some comments too
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.

More typo fixes

Fix some comments too
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3069)

show more ...

Make the TLSv1.3 downgrade mechanism a configurable option

Make it disabled by default. When TLSv1.3 is out of draft we can remove
this option and have it enabled all the time.

Make the TLSv1.3 downgrade mechanism a configurable option

Make it disabled by default. When TLSv1.3 is out of draft we can remove
this option and have it enabled all the time.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022)

show more ...

Add a platform specific configuration checker

For each platform, we may need to perform some basic checks to see
that available tools perform as we expect them.

For the moment,

Add a platform specific configuration checker

For each platform, we may need to perform some basic checks to see
that available tools perform as we expect them.

For the moment, the added checkers test that Perl gives the expected
path format. This should help MingW users to see if they run an
appropriate Perl implementation, for example.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2851)

show more ...

More Configure cleanup. Remove
- util/incore
- util/fipslink.pl
- the unused "baseaddr" configure switch

Reviewed-by: Stephen Henson <steve@openssl.org>

Clean up references to FIPS

This removes the fips configure option. This option is broken as the
required FIPS code is not available.

FIPS_mode() and FIPS_mode_set() are retaine

Clean up references to FIPS

This removes the fips configure option. This option is broken as the
required FIPS code is not available.

FIPS_mode() and FIPS_mode_set() are retained for compatibility, but
FIPS_mode() always returns 0, and FIPS_mode_set() can only be used to
turn FIPS mode off.

Reviewed-by: Stephen Henson <steve@openssl.org>

show more ...

Add -Wundef to --strict-warnings options.

Avoid a -Wundef warning in refcount.h
Avoid a -Wundef warning in o_str.c
Avoid a -Wundef warning in testutil.h
Include internal/cryptlib

Add -Wundef to --strict-warnings options.

Avoid a -Wundef warning in refcount.h
Avoid a -Wundef warning in o_str.c
Avoid a -Wundef warning in testutil.h
Include internal/cryptlib.h before openssl/stack.h
to avoid use of undefined symbol OPENSSL_API_COMPAT.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2712)

show more ...

Remove -Wno-parentheses-equality from gcc --strict-warnings options.
There has never been any gcc option of that kind.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Ric

Remove -Wno-parentheses-equality from gcc --strict-warnings options.
There has never been any gcc option of that kind.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2705)

show more ...

Implementation of the ARIA cipher as described in RFC 5794.

This implementation is written in endian agnostic C code. No attempt
at providing machine specific assembly code has been made

Implementation of the ARIA cipher as described in RFC 5794.

This implementation is written in endian agnostic C code. No attempt
at providing machine specific assembly code has been made. This
implementation expands the evptests by including the test cases from
RFC 5794 and ARIA official site rather than providing an individual
test case. Support for ARIA has been integrated into the command line
applications, but not TLS. Implemented modes are CBC, CFB1, CFB8,
CFB128, CTR, ECB and OFB128.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2337)

show more ...

If all versions of a proto are disabled, disabled the proto as well

For example, 'no-dtls1 no-dtls1_2' will imply 'no-dtls'

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged fr

If all versions of a proto are disabled, disabled the proto as well

For example, 'no-dtls1 no-dtls1_2' will imply 'no-dtls'

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2670)

show more ...

Add support for parameterized SipHash

The core SipHash supports either 8 or 16-byte output and a configurable
number of rounds.
The default behavior, as added to EVP, is to use 16-by

Add support for parameterized SipHash

The core SipHash supports either 8 or 16-byte output and a configurable
number of rounds.
The default behavior, as added to EVP, is to use 16-byte output and
2,4 rounds, which matches the behavior of most implementations.
There is an EVP_PKEY_CTRL that can control the output size.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2216)

show more ...

Add -Wno-parentheses-equality to dev-warnings.

Also fix a block comment formatting glitch.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/open

Add -Wno-parentheses-equality to dev-warnings.

Also fix a block comment formatting glitch.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2327)

show more ...

Fix compilation with no-ec

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)

Also set the CXXFLAG to the user supplied flags

Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #2025