doc: Document that the OBJ creation functions don't lock.

Neither OBJ_create() nor OBJ_add_sigid() use locks. They are not thread safe.
They can and will cause the other OBJ_ query func

doc: Document that the OBJ creation functions don't lock.

Neither OBJ_create() nor OBJ_add_sigid() use locks. They are not thread safe.
They can and will cause the other OBJ_ query functions to fail in mysterious
ways if called concurrently with them.

There is no problem calling multiple query functions concurrently.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15865)

show more ...

Some clear guidelines for the legacy algs.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull

Some clear guidelines for the legacy algs.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15860)

show more ...

Adapt other parts of the source to the changed EVP_Q_digest() and EVP_Q_mac()

Fixes #15839

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <p

Adapt other parts of the source to the changed EVP_Q_digest() and EVP_Q_mac()

Fixes #15839

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15861)

show more ...

EVP: Change the output size type of EVP_Q_digest() and EVP_Q_mac()

This makes them more consistent with other new interfaces.

Fixes #15839

Reviewed-by: David von Oheimb <da

EVP: Change the output size type of EVP_Q_digest() and EVP_Q_mac()

This makes them more consistent with other new interfaces.

Fixes #15839

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15861)

show more ...

Configure: Reflect that We don't build loader_attic when dynamic-engine is disabled

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15858)

TEST: check 'loadereng' to determine if loader_attic should be tested

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15858)

Add assert.h to threads_pthread.c for NonStop thread compiles.

Fixes: #15809

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>

Reviewed-by: Richard Levitte <levitte

Add assert.h to threads_pthread.c for NonStop thread compiles.

Fixes: #15809

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15812)

show more ...

cmp_server.c: Fix check: certConf not allowed after transaction is closed

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15848)

cmp_client.c: Print checkAfter value from pollRep before it may get modified

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15848)

cmp_mock_srv.c: Fix polling mode such that it can be done multiple times

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15848)

Update dependencies for krb5 external test

Dejagnu/TCL are no longer needed. Installing kdcproxy enables krb5's
proxying tests, which exercise the krb5 TLS integration.

Signed-

Update dependencies for krb5 external test

Dejagnu/TCL are no longer needed. Installing kdcproxy enables krb5's
proxying tests, which exercise the krb5 TLS integration.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15850)

show more ...

cross-reference the DH and RSA SECLEVEL to level of security mappings

Since the DH check is used only in DHE-PSK ciphersuites, it's
easy to miss it when updating the RSA mapping. Add cro

cross-reference the DH and RSA SECLEVEL to level of security mappings

Since the DH check is used only in DHE-PSK ciphersuites, it's
easy to miss it when updating the RSA mapping. Add cross-references
so that they remain consistent.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15853)

show more ...

test/recipes/81-test_cmp_cli.t: use app() rather than cmd()

Fixes #15833

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from

test/recipes/81-test_cmp_cli.t: use app() rather than cmd()

Fixes #15833

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15846)

show more ...

test/recipes/80-test_cmp_http.t: use app() rather than cmd()

OpenSSL::Test::cmd() should be used with caution, as it is for special
cases only.
It's preferable to use OpenSSL::Test::

test/recipes/80-test_cmp_http.t: use app() rather than cmd()

OpenSSL::Test::cmd() should be used with caution, as it is for special
cases only.
It's preferable to use OpenSSL::Test::app() or OpenSSL::Test::test().

Fixes #15833

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15846)

show more ...

APPS & TEST: Use ossl_[u]intmax_t rather than [u]intmax_t

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15825)

APPS: Make fallback opt_[u]intmax() implementations based on long

Also ensure that opt_intmax() and opt_uintmax() does the right thing
if sizeof([u]intmax_t) is smaller than sizeof(ossl_

APPS: Make fallback opt_[u]intmax() implementations based on long

Also ensure that opt_intmax() and opt_uintmax() does the right thing
if sizeof([u]intmax_t) is smaller than sizeof(ossl_[u]intmax_t).

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15825)

show more ...

Fix definition of ossl_intmax_t and ossl_uintmax_t

These definitions were located away from our definitions of other
sized int and uint types. Also, the fallback typedef wasn't quite

Fix definition of ossl_intmax_t and ossl_uintmax_t

These definitions were located away from our definitions of other
sized int and uint types. Also, the fallback typedef wasn't quite
correct, and this changes it to be aliases for int64_t and uint64_t,
since those are the largest integers we commonly handle.

We also make sure to define corresponding numbers: OSSL_INTMAX_MIN,
OSSL_INTMAX_MAX and OSSL_UINTMAX_MAX

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15825)

show more ...

ec: Only build ecp_nistp521-ppc64.s if enable-ec_nistp_64_gcc_128

Signed-off-by: Martin Schwenke <martin@meltin.net>
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>

Reviewed-by

ec: Only build ecp_nistp521-ppc64.s if enable-ec_nistp_64_gcc_128

Signed-off-by: Martin Schwenke <martin@meltin.net>
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15798)

show more ...

ec: Add alignment pseudo-op at beginning of function

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Tomas Mraz <tomas@o

ec: Add alignment pseudo-op at beginning of function

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15798)

show more ...

ec: Drop uses of .cfi_startproc/.cfi_endproc pseudo-ops

These work fine on Linux but break the build on AIX.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amit

ec: Drop uses of .cfi_startproc/.cfi_endproc pseudo-ops

These work fine on Linux but break the build on AIX.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15798)

show more ...

bn: save/restore registers to/from stack

mtvsrd/mfvsrd are ISA >= 2.07 only, so this won't work for older
CPUs.

It would be possible to use this scheme only in the ISA >= 3.0

bn: save/restore registers to/from stack

mtvsrd/mfvsrd are ISA >= 2.07 only, so this won't work for older
CPUs.

It would be possible to use this scheme only in the ISA >= 3.0
implementation. However, in the future it may be possible for newer
ISAs to allow CPU implementations without a vector unit, so don't
bother. The performance improvement versus using the stack was small
anyway.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15798)

show more ...

bn: Switch $i to be unused r9

No need to save/restore because it is volatile.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

bn: Switch $i to be unused r9

No need to save/restore because it is volatile.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15798)

show more ...

bn: Drop unnecessary use of r9

This is done in other versions due to the possibility of an early
return. However, there is no early return here.

Signed-off-by: Martin Schwenke

bn: Drop unnecessary use of r9

This is done in other versions due to the possibility of an early
return. However, there is no early return here.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15798)

show more ...

bn: Update .align pseudo-ops to match convention

64-bit alignment at the beginning of functions, 32-bit alignment for
loop targets.

Signed-off-by: Martin Schwenke <martin@meltin

bn: Update .align pseudo-ops to match convention

64-bit alignment at the beginning of functions, 32-bit alignment for
loop targets.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15798)

show more ...

bn: Drop use of .p2align pseudo-op

This works on Linux but breaks the build on AIX.

Fixes #15748

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay

bn: Drop use of .p2align pseudo-op

This works on Linux but breaks the build on AIX.

Fixes #15748

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15798)

show more ...