We also add other PQC algorithm directories that might
appear in future so they are picked-up by the script
once they appear. This requires checking whether the
directory exists.
Also update the fips sources and checksums.
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Mon Apr 13 09:35:17 2026
(Merged from https://github.com/openssl/openssl/pull/30502)
MSVC compilation on Windows cannot be reliably parallelized
with tools like jom (an nmake replacement) due to contention
on shared .pdb files used for debug info. Writes to a shared
.pdb must be serialized.
The /FS compiler flag serializes concurrent compiler writes,
but does not resolve contention when the compiler and linker
access the same .pdb file. With shared .pdb files (e.g. app.pdb),
the makefile does not prevent races between the linker and
compilation of multiple targets.
This can be resolved either by restructuring the makefile
to introduce sentinel dependencies that serialize the conflicting
steps, or by eliminating the shared .pdb entirely.
This patch takes the latter approach: it replaces /Zi with /Z7,
which embeds debug info directly into each .obj file and avoids
any shared-file contention. /Z7 is supported by all MSVC versions.
The linker-generated .pdb is unaffected.
Side effects: object files are slightly larger, and all .pdb files
are now named after their target — the shared app.pdb, ossl_static.pdb,
and dso.pdb no longer exist.
With this change, jom can be used to parallelize the build.
Fixes: #9931
Signed-off-by: Milan Broz <gmazyland@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
MergeDate: Mon Apr 13 08:46:20 2026
(Merged from https://github.com/openssl/openssl/pull/30703)
Fix this error:
```
rmdir "$PREFIX/lib64/cmake/OpenSSL"
rmdir "$PREFIX/lib64"
rmdir: failed to remove '$PREFIX/lib64': Directory not empty
```
Because `rmdir $PREFIX/lib64/cmake` is missing
CLA: trivial
Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com>
Reviewed-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
MergeDate: Mon Jan 19 11:58:05 2026
(Merged from https://github.com/openssl/openssl/pull/29472)
Before this change all manpages would contain the date when pod2man was
run. This resulted in outputs that differed between builds--or
potentially across a single build if the host clock "ticked" to the next
day when the build was being run.
This commit modifies the manpage generation process as follows:
- The date all manpages were generated will be normalized to a single
date.
- The release date specified in `VERSION.dat` is used instead of the
date/time when `pod2man` was executed OR--in the event a date isn't
specified in `VERSION.dat`--the time when the Makefiles were last
regenerated.
Embedding a consistent date into the generated manpages helps ensure that
the build process as a whole is more repeatable and helps ensure that
release versions of OpenSSL create artifacts consistent with the date
that the official release was cut.
Co-authored-by: Richard Levitte <levitte@openssl.org>
Signed-off-by: Enji Cooper <yaneurabeya@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28449)
There are some *.inc already in the repository, mostly in demos/tests
and related to some algorithm implementations. Introduction
of array_alloc.inc has made including these files in the tags generation
even more pertinent, so they are included now.
Also, this commit explicitly marks *.h files as containing C code,
overriding universal-ctags default of interpreting them as C++/ObjectiveC
ones.
Suggested-by: Neil Horman <nhorman@openssl.org>
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28059)
Add a target to allow developers to generate coverage reports for a
build like coveralls does. This will let us identify rarely used
branches when doing development, so that we can optimize them.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27839)
Coveralls is capable of reporting not only covered lines in a build, but
also the number of times a given branch was taken vs. not taken. This
will help us identify locations where we might make better use of the
openssl_likely and openssl_unlikely macros to optimize branch prediction
when building openssl
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27839)
One of the ways we can optimize our builds is with profile guided
optimization. This entails doing several things:
1) Building with --coverage
2) Running an application against the openssl library from step (1) to
generate profile data
3) rebuilding openssl using the input profile from step (2) to optimize
the build.
This new build configuration will let developers use the profiled data
to see what type of optimizations might be possible, as well as giving
end users the ability to squeeze a bit more performance out of openssl
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27839)
If make install is run with a large -j value (make install -j N , where
N < 1)
We can run into a situation in which the install fails because multiple
make depend operations are running in parallel, which will fail due to
makefile rewriting.
Serialize the install process to guarantee that those operations don't
step on one another
Fixes # 27074
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27388)
With MSVC v143, C++ Clang Compiler for Windows (18.1.8) there are
many errors similar to:
crypto\aes\libcrypto-lib-aesv8-armx.obj.asm:3795:7: error: unknown token in expression
ld1 {v2.16b},[x0],#16
CLA: trivial
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26603)
When both -o and -MT are used, GCC 4.1 prints the object file twice in
the dependency file. e.g.:
foo.o foo.o: foo.c
If the file name is long, then the second occurrence moves to the next
line. e.g.:
ssl/statem/libssl-shlib-statem_dtls.o \
ssl/statem/libssl-shlib-statem_dtls.o: ../ssl/statem/statem_dtls.c \
add-depends script scans one line at a time, so when the first line is
processed, the object file becomes a dependency itself.
Fix by removing -MT altogether.
This also fixes makedepend for nonstop platform.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25455)
Jakub Zelenka
Moryakhin Stas
Pascal Ernster
Tomas Mraz
Milan Broz
Beat Bolli
William Faber
Stephen Farrell
Neil Horman
Nikola Pajkovsky
Eugene Syromiatnikov
Daniel Kubec
Ryan Keane
Norbert Pocs
Cameron Gutman
Igor Ustinov
Randall S. Becker
Richard Levitte
Enji Cooper
Pavol Žáčik
vkryl
Dmitry Belyavskiy
GAlvare
20ioppolan
Lars Kanis
Martin Rauch
Ian Spence
Auto Vincent
Семенов Герман
Michael Baentsch
Orgad Shaneh