For Unix, refactor OSSL_sleep() to use nanosleep() instead of usleep()

usleep() is obsolete since POSIX.1-2001 and removed in POSIX.1-2008,
in favor of nanosleep(), which has been presen

For Unix, refactor OSSL_sleep() to use nanosleep() instead of usleep()

usleep() is obsolete since POSIX.1-2001 and removed in POSIX.1-2008,
in favor of nanosleep(), which has been present since POSIX.1-2001.

The exceptions for DJGPP and TANDEM are preserved. Also, just in case
nanosleep() turns out to be unavailable on any Unix machinery that we
are unaware of, we allow a revert to using usleep() by defining
OPENSSL_USE_USLEEP.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24173)

show more ...

Introduce new internal hashtable implementation

Create a new hashtable that is more efficient than the existing LHASH_OF
implementation. the new ossl_ht api offers several new features

Introduce new internal hashtable implementation

Create a new hashtable that is more efficient than the existing LHASH_OF
implementation. the new ossl_ht api offers several new features that
improve performance opportunistically

* A more generalized hash function. Currently using fnv1a, provides a
more general hash function, but can still be overridden where needed

* Improved locking and reference counting. This hash table is
internally locked with an RCU lock, and optionally reference counts
elements, allowing for users to not have to create and manage their
own read/write locks

* Lockless operation. The hash table can be configured to operate
locklessly on the read side, improving performance, at the sacrifice
of the ability to grow the hash table or delete elements from it

* A filter function allowing for the retrieval of several elements at a
time matching a given criteria without having to hold a lock
permanently

* a doall_until iterator variant, that allows callers which need to
iterate over the entire hash table until a given condition is met (as
defined by the return value of the iterator callback). This allows
for callers attempting to do expensive cache searches for a small
number of elements to terminate the iteration early, saving cpu cycles

* Dynamic type safety. The hash table provides operations to set and
get data of a specific type without having to define a type at the
instatiation point

* Multiple data type storage. The hash table can store multiple data
types allowing for more flexible usage

* Ubsan safety. Because the API deals with concrete single types
(HT_KEY and HT_VALUE), leaving specific type casting to the call
recipient with dynamic type validation, this implementation is safe
from the ubsan undefined behavior warnings that require additional
thunking on callbacks.

Testing of this new hashtable with an equivalent hash function, I can
observe approximately a 6% performance improvement in the lhash_test

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23671)

show more ...

Create a rudimentary symbol scanning script

We would like to be able to log and audit the symbols we use in openssl
so that we might catch when a new platform symbols is referecned

Create a rudimentary symbol scanning script

We would like to be able to log and audit the symbols we use in openssl
so that we might catch when a new platform symbols is referecned

Add such a script (just on unix platforms for now) that gathers the used
symbols not belonging to libcrypto or libssl, and compare it to a prior
known set of used symbols. Error out if a new symbol is found

Add this script to the ci workflow in CI to capture newly
introduced platform symbols

Fixes #22330

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22478)

show more ...