-:
-eval 'exec perl -S $0 ${1+"$@"}'
- if $running_under_some_shell;
+#! /usr/bin/env perl
+# -*- mode: perl; -*-
+
##
## Configure -- OpenSSL source tree configuration script
## If editing this file, run this command before committing
#
# --cross-compile-prefix Add specified prefix to binutils components.
#
+# --api One of 0.9.8, 1.0.0 or 1.1.0. Do not compile support for
+# interfaces deprecated as of the specified OpenSSL version.
+#
# no-hw-xxx do not compile support for specific crypto hardware.
# Generic OpenSSL-style methods relating to this support
# are always compiled but return NULL if the hardware
# Minimum warning options... any contributions to OpenSSL should at least get
# past these.
-my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DDEBUG_UNUSED";
+my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Werror -DREF_CHECK -DDEBUG_UNUSED";
# These are used in addition to $gcc_devteam_warn when the compiler is clang.
# TODO(openssl-team): fix problems and investigate if (at least) the
# -Wextended-offsetof
my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Qunused-arguments -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations";
+# Warn that "make depend" should be run?
+my $warn_make_depend = 0;
+
+# These are used in addition to $gcc_devteam_warn unless this is a mingw build.
+# This adds backtrace information to the memory leak info.
+my $memleak_devteam_backtrace = "-rdynamic -DCRYPTO_MDEBUG_BACKTRACE";
+
+
my $strict_warnings = 0;
my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
# seems to be sufficient?
my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
+#
+# API compability name to version number mapping.
+#
+my $maxapi = "1.1.0"; # API for "no-deprecated" builds
+my $apitable = {
+ "1.1.0" => "0x10100000L",
+ "1.0.0" => "0x10000000L",
+ "0.9.8" => "0x00908000L",
+};
+
# table of known configurations, read in from files
#
# The content of each entry can take one of two forms:
# cmll_obj => $cmll_obj,
# modes_obj => $modes_obj,
# engines_obj => $engines_obj,
+# chacha_obj => $wp_obj,
+# poly1305_obj => $cmll_obj,
# dso_scheme => $dso_scheme,
# shared_target => $shared_target,
# shared_cflag => $shared_cflag,
my $no_rfc3779=0;
my $no_asm=0;
my $no_dso=0;
-my $no_gmp=0;
my @skip=();
my $Makefile="Makefile";
my $des_locl="crypto/des/des_locl.h";
my $rc4_enc="rc4_enc.o rc4_skey.o";
my $rc5_enc="rc5_enc.o";
my $cmll_enc="camellia.o cmll_misc.o cmll_cbc.o";
+my $chacha_enc="chacha_enc.o";
my $processor="";
my $default_ranlib;
my $perl;
"camellia",
"capieng",
"cast",
+ "chacha",
"cmac",
"cms",
"comp",
+ "crypto-mdebug",
"ct",
"deprecated",
"des",
"dh",
"dsa",
"dso",
- "dtls1?",
+ "dtls",
"dynamic[-_]engine",
"ec",
"ec2m",
"ec_nistp_64_gcc_128",
"engine",
"err", # Really???
- "gmp",
"gost",
"heartbeats",
"hmac",
"nextprotoneg",
"ocb",
"ocsp",
+ "poly1305",
"posix-io",
"psk",
"rc2",
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
my %disabled = ( # "what" => "comment" [or special keyword "experimental"]
- "deprecated" => "default",
"ec_nistp_64_gcc_128" => "default",
- "gmp" => "default",
"jpake" => "experimental",
"md2" => "default",
"rc5" => "default",
- "sctp" => "default",
+ "sctp" => "default",
"shared" => "default",
"ssl-trace" => "default",
"store" => "experimental",
"unit-test" => "default",
"zlib" => "default",
- "zlib-dynamic" => "default"
+ "zlib-dynamic" => "default",
+ "crypto-mdebug" => "default",
);
my @experimental = ();
# This is what $depflags will look like with the above defaults
# (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
+my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
# Explicit "no-..." options will be collected in %disabled along with the defaults.
# To remove something from %disabled, use "enable-foo" (unless it's experimental).
my $libs;
my $target;
my $options;
+my $api;
my $make_depend=0;
my %withargs=();
my $build_prefix = "release_";
$argvstring=join(' ',@argvcopy);
PROCESS_ARGS:
+ {
+ my %unsupported_options = ();
foreach (@argvcopy)
{
s /^-no-/no-/; # some people just can't read the instructions
my $word = $2;
if (!grep { $word =~ /^${_}$/ } @disablables)
{
- warn "Unsupported option ${word}, ignored...\n";
+ $unsupported_options{$_} = 1;
next;
}
}
{
if (open(IN,"<$Makefile"))
{
+ my $config_args_found=0;
while (<IN>)
{
chomp;
if (grep(/^reconf/,@argvcopy));
print "Reconfiguring with: $argvstring\n";
$argv_unprocessed=1;
- close(IN);
- last PROCESS_ARGS;
+ $config_args_found=1;
+ }
+ elsif (/^CROSS_COMPILE=\s*(.*)/)
+ {
+ $ENV{CROSS_COMPILE}=$1;
+ }
+ elsif (/^CC=\s*(?:\$\(CROSS_COMPILE\))?(.*?)$/)
+ {
+ $ENV{CC}=$1;
}
}
close(IN);
+ last PROCESS_ARGS if ($config_args_found);
}
die "Insufficient data to reconfigure, please do a normal configuration\n";
}
{
$prefix=$1;
}
+ elsif (/^--api=(.*)$/)
+ {
+ $api=$1;
+ }
elsif (/^--libdir=(.*)$/)
{
$libdir=$1;
{ $options .= " ".$_; }
}
}
- }
+ if (defined($api) && !exists $apitable->{$api}) {
+ die "***** Unsupported api compatibility level: $api\n",
+ }
+
+ if (keys %unsupported_options)
+ {
+ die "***** Unsupported options: ",
+ join(", ", keys %unsupported_options), "\n";
+ }
+ }
+ }
if ($processor eq "386")
$disabled{"tls1"} = "forced";
}
+if (defined($disabled{"dgram"}))
+ {
+ $disabled{"dtls"} = "forced";
+ }
if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
|| defined($disabled{"dh"}) || defined($disabled{"stdio"}))
my $cmll_obj = $table{$target}->{cmll_obj};
my $modes_obj = $table{$target}->{modes_obj};
my $engines_obj = $table{$target}->{engines_obj};
+my $chacha_obj = $table{$target}->{chacha_obj};
+my $poly1305_obj = $table{$target}->{poly1305_obj};
my $perlasm_scheme = $table{$target}->{perlasm_scheme};
my $dso_scheme = $table{$target}->{dso_scheme};
my $shared_target = $table{$target}->{shared_target};
{
$cpuid_obj=$bn_obj=$ec_obj=
$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj=
- $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj="";
+ $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj=
+ $chacha_obj=$poly1305_obj="";
$cflags=~s/\-D[BL]_ENDIAN// if ($fips);
$thread_cflags=~s/\-D[BL]_ENDIAN// if ($fips);
}
}
}
-#Build the library with OPENSSL_USE_DEPRECATED if deprecation is not disabled
-if(!defined($disabled{"deprecated"}))
- {
- $cflags = "-DOPENSSL_USE_DEPRECATED $cflags";
- }
+# With "deprecated" disable all deprecated features.
+if (defined($disabled{"deprecated"})) {
+ $api = $maxapi;
+}
# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
my $shared_mark = "";
{
$cflags.=" -DECP_NISTZ256_ASM";
}
+$chacha_obj=$chacha_enc unless ($chacha_obj =~ /\.o$/);
+if ($poly1305_obj =~ /\.o$/)
+ {
+ $cflags.=" -DPOLY1305_ASM";
+ }
# "Stringify" the C flags string. This permits it to be made part of a string
# and works as well on command lines.
while (<IN>)
{
$version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
- $version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/;
+ $version_num=$1 if /OPENSSL.VERSION.NUMBER.*(0x\S+)/;
$shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/;
$shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/;
}
$shlib_minor=$2;
}
+if (defined($api)) {
+ my $apiflag = sprintf("-DOPENSSL_API_COMPAT=%s", $apitable->{$api});
+ $default_depflags .= " $apiflag";
+ $cflags .= " $apiflag";
+}
+
my $ecc = $cc;
$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc(-\d(\.\d)*)?$/ or $ecc =~ /clang$/);
foreach $wopt (split /\s+/, $gcc_devteam_warn)
{
- $cflags .= " $wopt" unless ($cflags =~ /$wopt/)
+ $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
}
if ($ecc eq "clang")
{
foreach $wopt (split /\s+/, $clang_devteam_warn)
{
- $cflags .= " $wopt" unless ($cflags =~ /$wopt/)
+ $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
}
}
+ if ($target !~ /^mingw/)
+ {
+ foreach $wopt (split /\s+/, $memleak_devteam_backtrace)
+ {
+ $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
+ }
+ if ($target =~ /^BSD-/)
+ {
+ $lflags .= " -lexecinfo";
+ }
+ }
}
open(IN,"<Makefile.org") || die "unable to read Makefile.org:$!\n";
s/^WP_ASM_OBJ=.*$/WP_ASM_OBJ= $wp_obj/;
s/^CMLL_ENC=.*$/CMLL_ENC= $cmll_obj/;
s/^MODES_ASM_OBJ.=*$/MODES_ASM_OBJ= $modes_obj/;
+ s/^CHACHA_ENC=.*$/CHACHA_ENC= $chacha_obj/;
+ s/^POLY1305_ASM_OBJ=.*$/POLY1305_ASM_OBJ= $poly1305_obj/;
s/^ENGINES_ASM_OBJ.=*$/ENGINES_ASM_OBJ= $engines_obj/;
s/^PERLASM_SCHEME=.*$/PERLASM_SCHEME= $perlasm_scheme/;
s/^PROCESSOR=.*/PROCESSOR= $processor/;
print "CMLL_ENC =$cmll_obj\n";
print "MODES_OBJ =$modes_obj\n";
print "ENGINES_OBJ =$engines_obj\n";
+print "CHACHA_ENC =$chacha_obj\n";
+print "POLY1305_OBJ =$poly1305_obj\n";
print "PROCESSOR =$processor\n";
print "RANLIB =$ranlib\n";
print "ARFLAGS =$arflags\n";
print OUT "extern \"C\" {\n";
print OUT "#endif\n";
print OUT "/* OpenSSL was configured with the following options: */\n";
+
+my $openssl_api_defines = "";
+if (defined($api)) {
+ $openssl_api_defines = sprintf "#define OPENSSL_MIN_API %s\n", $apitable->{$api};
+}
my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
$openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n# endif\n#endif/mg;
$openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n# define $1\n# endif/mg;
$openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
$openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
$openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
+
print OUT $openssl_sys_defines;
print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n";
print OUT $openssl_experimental_defines;
+print OUT $openssl_api_defines;
print OUT "\n";
print OUT $openssl_algorithm_defines;
print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n\n";
(system $make_command.$make_targets) == 0 or die "make $make_targets failed"
if $make_targets ne "";
if ($depflags ne $default_depflags && !$make_depend) {
- print <<EOF;
-
-Since you've disabled or enabled at least one algorithm, you need to do
-the following before building:
-
- make depend
-EOF
- }
+ $warn_make_depend++;
+ }
}
# create the ms/version32.rc file if needed
if ($IsMK1MF && ($target !~ /^netware/)) {
my ($v1, $v2, $v3, $v4);
- if ($version_num =~ /(^[0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) {
+ if ($version_num =~ /^0x([0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{1})L$/i) {
$v1=hex $1;
$v2=hex $2;
$v3=hex $3;
print <<\EOF if ($no_shared_warn);
-You gave the option 'shared'. Normally, that would give you shared libraries.
-Unfortunately, the OpenSSL configuration doesn't include shared library support
-for this platform yet, so it will pretend you gave the option 'no-shared'. If
-you can inform the developpers (openssl-dev\@openssl.org) how to support shared
-libraries on this platform, they will at least look at it and try their best
-(but please first make sure you have tried with a current version of OpenSSL).
+You gave the option 'shared', which is not supported on this platform, so
+we will pretend you gave the option 'no-shared'. If you know how to implement
+shared libraries, please let us know (but please first make sure you have
+tried with a current version of OpenSSL).
+EOF
+
+print <<EOF if ($warn_make_depend);
+
+*** Because of configuration changes, you MUST do the following before
+*** building:
+
+ make depend
EOF
exit(0);
\$cmll_obj = $table{$target}->{cmll_obj}
\$modes_obj = $table{$target}->{modes_obj}
\$engines_obj = $table{$target}->{engines_obj}
+\$chacha_obj = $table{$target}->{chacha_obj}
+\$poly1305_obj = $table{$target}->{poly1305_obj}
\$perlasm_scheme = $table{$target}->{perlasm_scheme}
\$dso_scheme = $table{$target}->{dso_scheme}
\$shared_target= $table{$target}->{shared_target}
"cmll_obj",
"modes_obj",
"engines_obj",
+ "chacha_obj",
+ "poly1305_obj",
"perlasm_scheme",
"dso_scheme",
"shared_target",