X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=Configure;h=934e934dbb15c382d71b2f699e68945b7409a411;hp=f0a8accaa47aa045c585b605b03d114b994c1741;hb=76ffb43d1ade66ca60f977aabdbf43995615da92;hpb=e36827f6d10ed64abb1b374b6f11b79225d04205 diff --git a/Configure b/Configure index f0a8accaa4..934e934dbb 100755 --- a/Configure +++ b/Configure @@ -1,10 +1,10 @@ -: -eval 'exec perl -S $0 ${1+"$@"}' - if $running_under_some_shell; +#! /usr/bin/env perl +# -*- mode: perl; -*- + ## ## Configure -- OpenSSL source tree configuration script ## If editing this file, run this command before committing -## make -f Makefile.org TABLE +## make -f Makefile.in TABLE ## require 5.000; @@ -14,7 +14,7 @@ use File::Spec::Functions; # see INSTALL for instructions. -my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] [--config=FILE] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] [--config=FILE] os/compiler[:flags]\n"; # Options: # @@ -35,6 +35,9 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta # # --cross-compile-prefix Add specified prefix to binutils components. # +# --api One of 0.9.8, 1.0.0 or 1.1.0. Do not compile support for +# interfaces deprecated as of the specified OpenSSL version. +# # no-hw-xxx do not compile support for specific crypto hardware. # Generic OpenSSL-style methods relating to this support # are always compiled but return NULL if the hardware @@ -47,6 +50,7 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta # no-asm do not use assembler # no-dso do not compile in any native shared-library methods. This # will ensure that all methods just return NULL. +# no-egd do not compile support for the entropy-gathering daemon APIs # [no-]zlib [don't] compile support for zlib compression. # zlib-dynamic Like "zlib", but the zlib library is expected to be a shared # library and will be loaded in run-time by the OpenSSL library. @@ -97,17 +101,24 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta # Minimum warning options... any contributions to OpenSSL should at least get # past these. -my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DDEBUG_UNUSED"; +my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Werror -DREF_CHECK -DDEBUG_UNUSED"; # These are used in addition to $gcc_devteam_warn when the compiler is clang. # TODO(openssl-team): fix problems and investigate if (at least) the -# following warnings can also be enabled: -Wconditional-uninitialized, +# following warnings can also be enabled: # -Wswitch-enum, -Wunused-macros, -Wmissing-field-initializers, -# -Wmissing-variable-declarations, -# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align, +# -Wcast-align, # -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token # -Wextended-offsetof -my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof"; +my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Qunused-arguments -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations"; + +# Warn that "make depend" should be run? +my $warn_make_depend = 0; + +# These are used in addition to $gcc_devteam_warn unless this is a mingw build. +# This adds backtrace information to the memory leak info. +my $memleak_devteam_backtrace = "-rdynamic -DCRYPTO_MDEBUG_BACKTRACE"; + my $strict_warnings = 0; @@ -116,11 +127,6 @@ my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; # MD2_CHAR slags pentium pros my $x86_gcc_opts="RC4_INDEX MD2_INT"; -#$bits1="SIXTEEN_BIT "; -#$bits2="THIRTY_TWO_BIT "; -my $bits1="THIRTY_TWO_BIT "; -my $bits2="SIXTY_FOUR_BIT "; - # As for $BSDthreads. Idea is to maintain "collective" set of flags, # which would cover all BSD flavors. -pthread applies to them all, # but is treated differently. OpenBSD expands is as -D_POSIX_THREAD @@ -130,6 +136,16 @@ my $bits2="SIXTY_FOUR_BIT "; # seems to be sufficient? my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; +# +# API compability name to version number mapping. +# +my $maxapi = "1.1.0"; # API for "no-deprecated" builds +my $apitable = { + "1.1.0" => "0x10100000L", + "1.0.0" => "0x10000000L", + "0.9.8" => "0x00908000L", +}; + # table of known configurations, read in from files # # The content of each entry can take one of two forms: @@ -211,6 +227,8 @@ my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; # cmll_obj => $cmll_obj, # modes_obj => $modes_obj, # engines_obj => $engines_obj, +# chacha_obj => $wp_obj, +# poly1305_obj => $cmll_obj, # dso_scheme => $dso_scheme, # shared_target => $shared_target, # shared_cflag => $shared_cflag, @@ -769,10 +787,9 @@ my $no_threads=0; my $threads=0; my $no_shared=0; # but "no-shared" is default my $zlib=1; # but "no-zlib" is default -my $no_rfc3779=1; # but "no-rfc3779" is default +my $no_rfc3779=0; my $no_asm=0; my $no_dso=0; -my $no_gmp=0; my @skip=(); my $Makefile="Makefile"; my $des_locl="crypto/des/des_locl.h"; @@ -792,34 +809,124 @@ my $cast_enc="c_enc.o"; my $rc4_enc="rc4_enc.o rc4_skey.o"; my $rc5_enc="rc5_enc.o"; my $cmll_enc="camellia.o cmll_misc.o cmll_cbc.o"; +my $chacha_enc="chacha_enc.o"; my $processor=""; my $default_ranlib; my $perl; my $fips=0; +# Known TLS and DTLS protocols +my @tls = qw(ssl3 tls1 tls1_1 tls1_2); +my @dtls = qw(dtls1 dtls1_2); + +# Explicitelly known options that are possible to disable. They can +# be regexps, and will be used like this: /^no-${option}$/ +# For developers: keep it sorted alphabetically + +my @disablables = ( + "aes", + "asm", + "bf", + "camellia", + "capieng", + "cast", + "chacha", + "cmac", + "cms", + "comp", + "crypto-mdebug", + "ct", + "deprecated", + "des", + "dgram", + "dh", + "dsa", + "dso", + "dtls", + "dynamic[-_]engine", + "ec", + "ec2m", + "ecdh", + "ecdsa", + "ec_nistp_64_gcc_128", + "engine", + "err", # Really??? + "gost", + "heartbeats", + "hmac", + "hw(-.+)?", + "idea", + "jpake", + "locking", # Really??? + "md2", + "md4", + "md5", + "mdc2", + "md[-_]ghost94", + "nextprotoneg", + "ocb", + "ocsp", + "poly1305", + "posix-io", + "psk", + "rc2", + "rc4", + "rc5", + "rdrand", + "rfc3779", + "rijndael", # Old AES name + "rmd160", + "rsa", + "scrypt", + "sct", + "sctp", + "seed", + "sha", + "shared", + "sock", + "srp", + "srtp", + "sse2", + "ssl", + "ssl-trace", + "static-engine", + "stdio", + "store", + "threads", + "tls", + "unit-test", + "whirlpool", + "zlib", + "zlib-dynamic", + ); +foreach my $proto ((@tls, @dtls)) + { + push(@disablables, $proto); + push(@disablables, "$proto-method"); + } + # All of the following is disabled by default (RC5 was enabled before 0.9.8): my %disabled = ( # "what" => "comment" [or special keyword "experimental"] - "deprecated" => "default", "ec_nistp_64_gcc_128" => "default", - "gmp" => "default", + "egd" => "default", "jpake" => "experimental", "md2" => "default", "rc5" => "default", - "rfc3779" => "default", - "sctp" => "default", + "sctp" => "default", "shared" => "default", "ssl-trace" => "default", "store" => "experimental", "unit-test" => "default", "zlib" => "default", - "zlib-dynamic" => "default" + "zlib-dynamic" => "default", + "crypto-mdebug" => "default", ); my @experimental = (); # This is what $depflags will look like with the above defaults # (we need this to see if we should advise the user to run "make depend"): -my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST"; +my $default_depflags = " -DOPENSSL_NO_CRYPTO_MDEBUG -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST"; # Explicit "no-..." options will be collected in %disabled along with the defaults. # To remove something from %disabled, use "enable-foo" (unless it's experimental). @@ -844,6 +951,7 @@ my $openssl_other_defines; my $libs; my $target; my $options; +my $api; my $make_depend=0; my %withargs=(); my $build_prefix = "release_"; @@ -869,6 +977,8 @@ while($argv_unprocessed) $argvstring=join(' ',@argvcopy); PROCESS_ARGS: + { + my %unsupported_options = (); foreach (@argvcopy) { s /^-no-/no-/; # some people just can't read the instructions @@ -880,23 +990,48 @@ PROCESS_ARGS: s /^zlib$/enable-zlib/; s /^zlib-dynamic$/enable-zlib-dynamic/; + if (/^(no|disable|enable|experimental)-(.+)$/) + { + my $word = $2; + if (!grep { $word =~ /^${_}$/ } @disablables) + { + $unsupported_options{$_} = 1; + next; + } + } if (/^no-(.+)$/ || /^disable-(.+)$/) { if (!($disabled{$1} eq "experimental")) { - if ($1 eq "ssl") + foreach my $proto ((@tls, @dtls)) { - $disabled{"ssl3"} = "option(ssl)"; + if ($1 eq "$proto-method") + { + $disabled{"$proto"} = "option($proto-method)"; + last; + } } - elsif ($1 eq "tls") + if ($1 eq "dtls") { - $disabled{"tls1"} = "option(tls)" + foreach my $proto (@dtls) + { + $disabled{$proto} = "option(dtls)"; + } } - elsif ($1 eq "ssl3-method") + elsif ($1 eq "ssl") { - $disabled{"ssl3-method"} = "option(ssl)"; + # Last one of its kind $disabled{"ssl3"} = "option(ssl)"; } + elsif ($1 eq "tls") + { + # XXX: Tests will fail if all SSL/TLS + # protocols are disabled. + foreach my $proto (@tls) + { + $disabled{$proto} = "option(tls)"; + } + } else { $disabled{$1} = "option"; @@ -936,6 +1071,7 @@ PROCESS_ARGS: { if (open(IN,"<$Makefile")) { + my $config_args_found=0; while () { chomp; @@ -947,11 +1083,19 @@ PROCESS_ARGS: if (grep(/^reconf/,@argvcopy)); print "Reconfiguring with: $argvstring\n"; $argv_unprocessed=1; - close(IN); - last PROCESS_ARGS; + $config_args_found=1; + } + elsif (/^CROSS_COMPILE=\s*(.*)/) + { + $ENV{CROSS_COMPILE}=$1; + } + elsif (/^CC=\s*(?:\$\(CROSS_COMPILE\))?(.*?)$/) + { + $ENV{CC}=$1; } } close(IN); + last PROCESS_ARGS if ($config_args_found); } die "Insufficient data to reconfigure, please do a normal configuration\n"; } @@ -978,6 +1122,10 @@ PROCESS_ARGS: { $prefix=$1; } + elsif (/^--api=(.*)$/) + { + $api=$1; + } elsif (/^--libdir=(.*)$/) { $libdir=$1; @@ -1048,8 +1196,18 @@ PROCESS_ARGS: { $options .= " ".$_; } } } - } + if (defined($api) && !exists $apitable->{$api}) { + die "***** Unsupported api compatibility level: $api\n", + } + + if (keys %unsupported_options) + { + die "***** Unsupported options: ", + join(", ", keys %unsupported_options), "\n"; + } + } + } if ($processor eq "386") @@ -1077,33 +1235,97 @@ if (defined($disabled{"ec"})) $disabled{"ecdh"} = "forced"; } -# SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH +# SSL 3.0 requires MD5 and SHA and either RSA or DSA+DH if (defined($disabled{"md5"}) || defined($disabled{"sha"}) || (defined($disabled{"rsa"}) - && (defined($disabled{"dsa"}) || defined($disabled{"dh"})))) + && (defined($disabled{"dsa"}) || defined($disabled{"dh"})))) { $disabled{"ssl3"} = "forced"; + $disabled{"ssl"} = "forced"; + } + +# (D)TLS 1.0 and TLS 1.1 require MD5 and SHA and either RSA or DSA+DH +# or ECDSA + ECDH. (XXX: We don't support PSK-only builds). +# +if (defined($disabled{"md5"}) || defined($disabled{"sha"}) + || (defined($disabled{"rsa"}) + && (defined($disabled{"dsa"}) || defined($disabled{"dh"})) + && (defined($disabled{"ecdsa"}) || defined($disabled{"ecdh"})))) + { $disabled{"tls1"} = "forced"; + $disabled{"dtls1"} = "forced"; + $disabled{"tls1_1"} = "forced"; + } + +# (D)TLS 1.2 requires either RSA or DSA+DH or ECDSA + ECDH +# So if all are missing, we can't do either TLS or DTLS. +# (XXX: We don't support PSK-only builds). +# +if (defined($disabled{"rsa"}) + && (defined($disabled{"dsa"}) || defined($disabled{"dh"})) + && (defined($disabled{"ecdsa"}) || defined($disabled{"ecdh"}))) + { + $disabled{"tls"} = "forced"; + $disabled{"dtls"} = "forced"; + foreach my $proto ((@tls, @dtls)) + { + $disabled{"$proto"} = "forced"; + } } -if (defined($disabled{"tls1"})) + +# Avoid protocol support holes. Also disable all versions below N, if version +# N is disabled while N+1 is enabled. +# +my $prev_disabled = 1; +my $force_disable = 0; +foreach my $proto (reverse(@tls)) { - $disabled{"tlsext"} = "forced"; + if ($force_disable) + { + $disabled{$proto} = 1; + } + elsif (! defined($disabled{$proto})) + { + $prev_disabled = 0; + } + elsif (! $prev_disabled) + { + $force_disable = 1; + } + } +my $prev_disabled = 1; +my $force_disable = 0; +foreach my $proto (reverse(@dtls)) + { + if ($force_disable) + { + $disabled{$proto} = 1; + } + elsif (! defined($disabled{$proto})) + { + $prev_disabled = 0; + } + elsif (! $prev_disabled) + { + $force_disable = 1; + } } -if (defined($disabled{"ec"}) || defined($disabled{"dsa"}) - || defined($disabled{"dh"})) +if (defined($disabled{"dgram"})) { - $disabled{"gost"} = "forced"; + $disabled{"dtls"} = "forced"; + $disabled{"dtls1"} = "forced"; + $disabled{"dtls1_2"} = "forced"; } -# SRP and HEARTBEATS require TLSEXT -if (defined($disabled{"tlsext"})) +if (defined($disabled{"ec"}) || defined($disabled{"dsa"}) + || defined($disabled{"dh"}) || defined($disabled{"stdio"})) { - $disabled{"srp"} = "forced"; - $disabled{"heartbeats"} = "forced"; + $disabled{"gost"} = "forced"; } + if ($target eq "TABLE") { foreach $target (sort keys %table) { print_table_entry($target, "TABLE"); @@ -1141,18 +1363,12 @@ if ($d) { # If we do not find debug-foo in the table, the target is set to foo, # but only if the foo target has a noon-empty debug_cflags or debug_lflags # attribute. - if (!$table{$target} && ($table{$t}->{debug_cflags} - || $table{$t}->{debug_lflags})) { + if (!$table{$target}) { $target = $t; } } -&usage if (!defined($table{$target}) - || $table{$target}->{template} - || ($build_prefix eq "debug_" - && $target !~ /^debug-/ - && !($table{$target}->{debug_cflags} - || $table{$target}->{debug_lflags}))); +&usage if (!defined($table{$target}) || $table{$target}->{template}); if ($fips) { @@ -1281,6 +1497,8 @@ my $wp_obj = $table{$target}->{wp_obj}; my $cmll_obj = $table{$target}->{cmll_obj}; my $modes_obj = $table{$target}->{modes_obj}; my $engines_obj = $table{$target}->{engines_obj}; +my $chacha_obj = $table{$target}->{chacha_obj}; +my $poly1305_obj = $table{$target}->{poly1305_obj}; my $perlasm_scheme = $table{$target}->{perlasm_scheme}; my $dso_scheme = $table{$target}->{dso_scheme}; my $shared_target = $table{$target}->{shared_target}; @@ -1391,7 +1609,8 @@ if ($no_asm) { $cpuid_obj=$bn_obj=$ec_obj= $des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj= - $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj=""; + $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj= + $chacha_obj=$poly1305_obj=""; $cflags=~s/\-D[BL]_ENDIAN// if ($fips); $thread_cflags=~s/\-D[BL]_ENDIAN// if ($fips); } @@ -1431,13 +1650,12 @@ if ($zlib) } } -#Build the library with OPENSSL_USE_DEPRECATED if deprecation is not disabled -if(!defined($disabled{"deprecated"})) - { - $cflags = "-DOPENSSL_USE_DEPRECATED $cflags"; - } +# With "deprecated" disable all deprecated features. +if (defined($disabled{"deprecated"})) { + $api = $maxapi; +} -# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org +# You will find shlib_mark1 and shlib_mark2 explained in Makefile.in my $shared_mark = ""; if ($shared_target eq "") { @@ -1514,7 +1732,7 @@ if ($target =~ /\-icc$/) # Intel C compiler # linker only when --prefix is not /usr. if ($target =~ /^BSD\-/) { - $shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|); + $shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|); } if ($sys_id ne "") @@ -1610,6 +1828,11 @@ if ($ec_obj =~ /ecp_nistz256/) { $cflags.=" -DECP_NISTZ256_ASM"; } +$chacha_obj=$chacha_enc unless ($chacha_obj =~ /\.o$/); +if ($poly1305_obj =~ /\.o$/) + { + $cflags.=" -DPOLY1305_ASM"; + } # "Stringify" the C flags string. This permits it to be made part of a string # and works as well on command lines. @@ -1628,7 +1851,7 @@ open(IN,') { $version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /; - $version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/; + $version_num=$1 if /OPENSSL.VERSION.NUMBER.*(0x\S+)/; $shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/; $shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/; } @@ -1647,29 +1870,47 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/) $shlib_minor=$2; } +if (defined($api)) { + my $apiflag = sprintf("-DOPENSSL_API_COMPAT=%s", $apitable->{$api}); + $default_depflags .= " $apiflag"; + $cflags .= " $apiflag"; +} + +my $ecc = $cc; +$ecc = "clang" if `$cc --version 2>&1` =~ /clang/; + if ($strict_warnings) { - my $ecc = $cc; - $ecc = "clang" if `$cc --version 2>&1` =~ /clang/; my $wopt; - die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/); + die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc(-\d(\.\d)*)?$/ or $ecc =~ /clang$/); foreach $wopt (split /\s+/, $gcc_devteam_warn) { - $cflags .= " $wopt" unless ($cflags =~ /$wopt/) + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) } if ($ecc eq "clang") { foreach $wopt (split /\s+/, $clang_devteam_warn) { - $cflags .= " $wopt" unless ($cflags =~ /$wopt/) + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) } } + if ($target !~ /^mingw/) + { + foreach $wopt (split /\s+/, $memleak_devteam_backtrace) + { + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) + } + if ($target =~ /^BSD-/) + { + $lflags .= " -lexecinfo"; + } + } } -open(IN,"$Makefile.new") || die "unable to create $Makefile.new:$!\n"; -print OUT "### Generated automatically from Makefile.org by Configure.\n\n"; +print OUT "### Generated automatically from Makefile.in by Configure.\n\n"; my $sdirs=0; while () @@ -1686,7 +1927,6 @@ while () $sdirs = 0 unless /\\$/; s/fips // if (/^DIRS=/ && !$fips); s/engines // if (/^DIRS=/ && $disabled{"engine"}); - s/ccgost// if (/^ENGDIRS=/ && $disabled{"gost"}); s/^VERSION=.*/VERSION=$version/; s/^MAJOR=.*/MAJOR=$major/; s/^MINOR=.*/MINOR=$minor/; @@ -1715,7 +1955,7 @@ while () s/^CC=.*$/CC= $cc/; s/^AR=\s*ar/AR= $ar/; s/^RANLIB=.*/RANLIB= $ranlib/; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc" || ($cc eq 'cc' && $target =~ /darwin/); + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang"; } s/^CFLAG=.*$/CFLAG= $cflags/; s/^DEPFLAG=.*$/DEPFLAG=$depflags/; @@ -1737,6 +1977,8 @@ while () s/^WP_ASM_OBJ=.*$/WP_ASM_OBJ= $wp_obj/; s/^CMLL_ENC=.*$/CMLL_ENC= $cmll_obj/; s/^MODES_ASM_OBJ.=*$/MODES_ASM_OBJ= $modes_obj/; + s/^CHACHA_ENC=.*$/CHACHA_ENC= $chacha_obj/; + s/^POLY1305_ASM_OBJ=.*$/POLY1305_ASM_OBJ= $poly1305_obj/; s/^ENGINES_ASM_OBJ.=*$/ENGINES_ASM_OBJ= $engines_obj/; s/^PERLASM_SCHEME=.*$/PERLASM_SCHEME= $perlasm_scheme/; s/^PROCESSOR=.*/PROCESSOR= $processor/; @@ -1775,7 +2017,7 @@ while () } close(IN); close(OUT); -rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile; +rename($Makefile,"$Makefile.orig") || die "unable to rename $Makefile\n" if -e $Makefile; rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n"; print "CC =$cc\n"; @@ -1796,6 +2038,8 @@ print "RMD160_OBJ_ASM=$rmd160_obj\n"; print "CMLL_ENC =$cmll_obj\n"; print "MODES_OBJ =$modes_obj\n"; print "ENGINES_OBJ =$engines_obj\n"; +print "CHACHA_ENC =$chacha_obj\n"; +print "POLY1305_OBJ =$poly1305_obj\n"; print "PROCESSOR =$processor\n"; print "RANLIB =$ranlib\n"; print "ARFLAGS =$arflags\n"; @@ -1859,6 +2103,11 @@ print OUT "#ifdef __cplusplus\n"; print OUT "extern \"C\" {\n"; print OUT "#endif\n"; print OUT "/* OpenSSL was configured with the following options: */\n"; + +my $openssl_api_defines = ""; +if (defined($api)) { + $openssl_api_defines = sprintf "#define OPENSSL_MIN_API %s\n", $apitable->{$api}; +} my $openssl_algorithm_defines_trans = $openssl_algorithm_defines; $openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n# endif\n#endif/mg; $openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n# define $1\n# endif/mg; @@ -1867,9 +2116,11 @@ $openssl_algorithm_defines = " /* no ciphers excluded */\n" if $openssl_algori $openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; $openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; $openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; + print OUT $openssl_sys_defines; print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n"; print OUT $openssl_experimental_defines; +print OUT $openssl_api_defines; print OUT "\n"; print OUT $openssl_algorithm_defines; print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n\n"; @@ -1922,8 +2173,8 @@ while () { printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; } elsif (/^#((define)|(undef))\s+BN_LLONG\s*$/) { printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; } - elsif (/^\#define\s+DES_LONG\s+.*/) - { printf OUT "#define DES_LONG unsigned %s\n", + elsif (/^\#define\s+OSSL_DES_LONG\s+.*/) + { printf OUT "#define OSSL_DES_LONG unsigned %s\n", ($des_int)?'int':'long'; } elsif (/^\#(define|undef)\s+DES_PTR/) { printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; } @@ -1994,9 +2245,40 @@ print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int; print "BF_PTR used\n" if $bf_ptr == 1; print "BF_PTR2 used\n" if $bf_ptr == 2; +# Copy all Makefile.in to Makefile (except top-level) +use File::Find; +use IO::File; +find(sub { + return if ($_ ne "Makefile.in" || $File::Find::dir eq "."); + my $in = IO::File->new($_, "r") or + die sprintf "Error reading Makefile.in in %s: !$\n", + $File::Find::dir; + my $out = IO::File->new("Makefile", "w") or + die sprintf "Error writing Makefile in %s: !$\n", + $File::Find::dir; + print $out "# Generated from $_, do not edit\n"; + while (my $line = <$in>) { print $out $line } + $in->close() or + die sprintf "Error reading Makefile.in in %s: !$\n", + $File::Find::dir; + $out->close() or + die sprintf "Error writing Makefile in %s: !$\n", + $File::Find::dir; + }, "."); + +{ + my $perlguess = $perl =~ m@^/@ ? $perl : '/usr/local/bin/perl'; + + &dofile("tools/c_rehash",$perlguess, + '^#!/' => '#!%s', + '^my \$dir;$' => 'my $dir = "' . $openssldir . '";', + '^my \$prefix;$' => 'my $prefix = "' . $prefix . '";'); + &dofile("apps/CA.pl",$perl, + '^#!/' => '#!%s'); +} if($IsMK1MF) { open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h"; - printf OUT <ms/version32.rc") || die "Can't open ms/version32.rc"; - print OUT < LANGUAGE 0x09,0x01 @@ -2078,7 +2346,7 @@ BEGIN VALUE "ProductVersion", "$version\\0" // Optional: //VALUE "Comments", "\\0" - VALUE "LegalCopyright", "Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" + VALUE "LegalCopyright", "Copyright © 1998-2015 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" //VALUE "LegalTrademarks", "\\0" //VALUE "PrivateBuild", "\\0" //VALUE "SpecialBuild", "\\0" @@ -2093,26 +2361,32 @@ EOF close(OUT); } -print <{template}; if ($type eq "TABLE") { - print <{cc} @@ -2222,6 +2496,8 @@ sub print_table_entry \$cmll_obj = $table{$target}->{cmll_obj} \$modes_obj = $table{$target}->{modes_obj} \$engines_obj = $table{$target}->{engines_obj} +\$chacha_obj = $table{$target}->{chacha_obj} +\$poly1305_obj = $table{$target}->{poly1305_obj} \$perlasm_scheme = $table{$target}->{perlasm_scheme} \$dso_scheme = $table{$target}->{dso_scheme} \$shared_target= $table{$target}->{shared_target} @@ -2261,6 +2537,8 @@ EOF "cmll_obj", "modes_obj", "engines_obj", + "chacha_obj", + "poly1305_obj", "perlasm_scheme", "dso_scheme", "shared_target",