summaryrefslogtreecommitdiff
path: root/INSTALL
Commit message (Collapse)AuthorAgeFilesLines
* doc: convert standard project docs to markdownDr. Matthias St. Pierre2020-02-261-1339/+0
| | | | | | | | | In the first step, we just add the .md extension and move some files around, without changing any content. These changes will occur in the following commits. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10545)
* Deprecate most of debug-memoryRich Salz2019-12-141-11/+3
| | | | | | | | | | | | | | | | | | | | | Fixes #8322 The leak-checking (and backtrace option, on some platforms) provided by crypto-mdebug and crypto-mdebug-backtrace have been mostly neutered; only the "make malloc fail" capability remains. OpenSSL recommends using the compiler's leak-detection instead. The OPENSSL_DEBUG_MEMORY environment variable is no longer used. CRYPTO_mem_ctrl(), CRYPTO_set_mem_debug(), CRYPTO_mem_leaks(), CRYPTO_mem_leaks_fp() and CRYPTO_mem_leaks_cb() return a failure code. CRYPTO_mem_debug_{malloc,realloc,free}() have been removed. All of the above are now deprecated. Merge (now really small) mem_dbg.c into mem.c Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10572)
* Add better support for using deprecated symbols internallyRichard Levitte2019-12-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | OPENSSL_SUPPRESS_DEPRECATED only does half the job, in telling the deprecation macros not to add the warning attribute. However, with 'no-deprecated', the symbols are still removed entirely, while we might still want to use them internally. The solution is to permit <openssl/opensslconf.h> macros to be modified internally, such as undefining OPENSSL_NO_DEPRECATED in this case. However, with the way <openssl/opensslconf.h> includes <openssl/macros.h>, that's easier said than done. That's solved by generating <openssl/configuration.h> instead, and add a new <openssl/opensslconf.h> that includes <openssl/configuration.h> as well as <openssl/macros.h>, thus allowing to replace an inclusion of <openssl/opensslconf.h> with this: #include <openssl/configuration.h> #undef OPENSSL_NO_DEPRECATED #define OPENSSL_SUPPRESS_DEPRECATED #include <openssl/macros.h> Or simply add the following prior to any other openssl inclusion: #include <openssl/configuration.h> #undef OPENSSL_NO_DEPRECATED #define OPENSSL_SUPPRESS_DEPRECATED Note that undefining OPENSSL_NO_DEPRECATED must never be done by applications, since the symbols must still be exported by the library. Internal test programs are excempt of this rule, though. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10608)
* Fix some typosVeres Lajos2019-12-111-1/+1
| | | | | | | | | | Reported-by: misspell-fixer <https://github.com/vlajos/misspell-fixer> CLA: trivial Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10544)
* Adapt *.tmpl to generate docs at build timeRichard Levitte2019-11-291-1/+9
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6236)
* Update INSTALL to document the changed '--api' and 'no-deprecated'Richard Levitte2019-11-071-11/+18
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10364)
* Configure: accept Windows style compiler optionsDr. Matthias St. Pierre2019-10-131-3/+12
| | | | | | | | | | | Currently the Configure command only supports passing UNIX style options (`-opt`) to the compiler. Passing Windows style options (`/opt`) yields an error. Fortunately, the compiler accepts both types of options, nevertheless this commit fixes that discrimination of Windows users. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9961)
* Fix building statically without any dso supportBernd Edlinger2019-09-161-0/+3
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9895)
* Rework test/run_tests.pl to support selective verbosity and TAP copyRichard Levitte2019-09-121-4/+10
| | | | | | | | | | | | | | | | | | | | | | | | This includes a complete rework of how we use TAP::Harness, by adding a TAP::Parser subclass that allows additional callbacks to be passed to perform what we need. The TAP::Parser callbacks we add are: ALL to print all the TAP output to a file (conditionally) to collect all the TAP output to an array (conditionally) EOF to print all the collected TAP output (if there is any) if any subtest failed To get TAP output to file, the environment variable HARNESS_TAP_COPY must be defined, with a file name as value. That file will be overwritten unconditionally. To get TAP output displayed on failure, the make variable VERBOSE_FAILURE or VF must be defined with a non-emoty value. Additionally, the output of test recipe names has been changed to only display its basename. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9862)
* INSTALL: clarify documentation of the --api=x.y.z deprecation optionDr. Matthias St. Pierre2019-08-151-1/+4
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9599)
* Remove some duplicate words from the documentationDenis Ovsienko2019-08-121-1/+1
| | | | | | | | | | | Fixup INSTALL and a couple man pages to get rid of "the the" and "in the in the". CLA: trivial Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9563)
* Clarify the INSTALL instructionsMatt Caswell2019-08-081-2/+20
| | | | | | | | | Ensure users understand that they need to have appropriate permissions to write to the install location. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9268)
* Improve the Windows OneCore target support. (Add targets for building ↵MouriNaruto2019-06-101-0/+3
| | | | | | | | libraries for Windows Store apps.) Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8917)
* Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSLAndreas Kretschmer2019-05-301-0/+3
| | | | | | | | | | | | | | | Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712) CMP and CRMF API is added to libcrypto, and the "cmp" app to the openssl CLI. Adds extensive man pages and tests. Integration into build scripts. Incremental pull request based on OpenSSL commit 1362190b1b78 of 2018-09-26 3rd chunk: CMP ASN.1 structures (in crypto/cmp/cmp_asn.c) and related files Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8669)
* Test of uniformity of BN_rand_range output.Pauli2019-05-291-0/+5
| | | | | | | | | | | | | | Rework the test so that it fails far less often. A number of independent tests are executed and 5% are expected to fail. The number of such failures follows a binomial distribution which permits a statistical test a 0.01% expected failure rate. There is a command line option to enable the stochastic range checking. It is off by default. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8830)
* Add documentation for running unit tests under ValgrindTodd Short2019-05-031-0/+1
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8867)
* Add a legacy provider and put MD2 in itMatt Caswell2019-04-091-0/+4
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8541)
* Add a no-fips Configure optionMatt Caswell2019-04-041-0/+3
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8537)
* Document the 'no-module' configuration optionRichard Levitte2019-04-041-0/+4
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8665)
* Rework DSO API conditions and configuration optionRichard Levitte2019-04-011-3/+0
| | | | | | | | | | 'no-dso' is meaningless, as it doesn't get any macro defined. Therefore, we remove all checks of OPENSSL_NO_DSO. However, there may be some odd platforms with no DSO scheme. For those, we generate the internal macro DSO_NONE aand use it. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/#8622)
* Configure: disable new trace api by defaultDr. Matthias St. Pierre2019-03-141-0/+4
| | | | | | | Fixes #8472 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8474)
* Add advice on setting CXX at the same time as CCRichard Levitte2019-03-051-1/+6
| | | | | Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8370)
* Configure: make C++ build tests optional and configurableRichard Levitte2019-03-051-0/+13
| | | | | | | | | Disabled by default Fixes #8360 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8370)
* Deprecate the "hw" configuration options, make "padlockeng" disablableRichard Levitte2019-03-051-3/+5
| | | | | | | | | | | | | | | | | | | The "hw" and "hw-.*" style options are historical artifacts, sprung from the time when ENGINE was first designed, with hardware crypto accelerators and HSMs in mind. Today, these options have largely lost their value, replaced by options such as "no-{foo}eng" and "no-engine". This completes the transition by making "hw" and "hw-.*" deprecated, but automatically translated into more modern variants of the same. In the process, we get rid of the last regular expression in Configure's @disablables, a feature that was ill supported anyway. Also, padlock now gets treated just as every other engine. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8380)
* Better phrasing around 1.1.0Richard Levitte2019-01-311-5/+5
| | | | | | | | Fixes #8129 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/8130)
* Introduce a no-pinshared optionMatt Caswell2019-01-041-0/+18
| | | | | | | | | | | This option prevents OpenSSL from pinning itself in memory. Fixes #7598 [extended tests] Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7647)
* Add RFC5297 AES-SIV supportTodd Short2018-12-121-3/+3
| | | | | | | | | | | | | | Based originally on github.com/dfoxfranke/libaes_siv This creates an SIV128 mode that uses EVP interfaces for the CBC, CTR and CMAC code to reduce complexity at the cost of perfomance. The expected use is for short inputs, not TLS-sized records. Add multiple AAD input capacity in the EVP tests. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3540)
* INSTALL: add note about devcrypto engineEneas U de Queiroz2018-12-101-0/+5
| | | | | | | | Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7585)
* Configure Kernel TLS datapathBoris Pismenny2018-12-071-0/+9
| | | | | | | | | | | | Allow users to disable ktls using the "no-ktls" option. Also, disable ktls when cross-compiling, non-linux, or too-old-kernel. Signed-off-by: Boris Pismenny <borisp@mellanox.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5253)
* typo-fixes: miscellaneous typo fixesagnosticdev2018-09-211-5/+5
| | | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7277)
* Turn on TLSv1.3 downgrade protection by defaultMatt Caswell2018-08-151-10/+0
| | | | | | Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6741)
* INSTALL,NOTES.ANDROID: minor updates.Andy Polyakov2018-08-071-4/+6
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6866)
* INSTALL,NOTES.WIN: classify no-asm as non-production option.Andy Polyakov2018-07-251-2/+4
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6773)
* Document no-sm2Matt Caswell2018-06-211-3/+3
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6532)
* Improve wordingRich Salz2018-06-051-1/+2
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6413)
* Make OS/X more explicit, to avoid questionsRich Salz2018-06-021-2/+2
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6404)
* INSTALL: Provide better documentation for enable-ec_nistp_64_gcc_128Richard Levitte2018-05-231-2/+7
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6328)
* Add support for getrandom() or equivalent system calls and use them by defaultKurt Roeckx2018-04-221-1/+2
| | | | | Reviewed-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> GH: #5910
* Add a config option to disable automatic config loadingBernd Edlinger2018-04-171-0/+4
| | | | | | | ./config no-autoload-config Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5959)
* Add documentation for the RAND_DRBG APIDr. Matthias St. Pierre2018-03-301-9/+48
| | | | | | | | | The RAND_DRBG API was added in PR #5462 and modified by PR #5547. This commit adds the corresponding documention. Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5461)
* Add NOTES.ANDROID.Andy Polyakov2018-03-191-0/+1
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5613)
* Clarify a couple of details around "make variables"Richard Levitte2018-03-191-3/+7
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5660)
* INSTALL: Add a note about backward compatibility and "make variables"Richard Levitte2018-03-161-1/+19
| | | | | Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5641)
* Configure: disallow the mixture of compiling flags and env / make variablesRichard Levitte2018-03-081-21/+3
| | | | | | | | Note that this might give surprising results if someone forgets an environment variable that has been set previously. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5534)
* Some minor tweaks following TLSv1.3 becoming defaultMatt Caswell2018-02-121-1/+1
| | | | | | | Fix a typo in INSTALL and update the link in CHANGES Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5329)
* Enable TLSv1.3 by defaultMatt Caswell2018-02-071-15/+12
| | | | | | | [extended tests] Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5266)
* Configure: Fix configdata.pm shorthand for --dump, should be -dPeter Meerwald-Stadler2018-01-311-5/+5
| | | | | | | | | | | INSTALL: Mention 'aria' algorithm for no-<alg> Signed-off-by: Peter Meerwald-Stadler <pmeerw@pmeerw.net> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/5215)
* Add a 'reconfigure' make targetRichard Levitte2018-01-301-0/+5
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5197)
* Document the use of configdata.pm as a scriptRichard Levitte2018-01-291-0/+16
| | | | | Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5185)
* Create troubleshooting subsection in INSTALL filenickthetait2018-01-281-8/+20
| | | | | | | | Fixes: #5130 Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5178)
View Lorry Controller Status