X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=Configure;h=b27795789efc70387303655e03cd2a7672dc6f5a;hp=97c2573d7236689150009f8fc3a61827b40b5c0b;hb=82987e6119403661c45f781a8b6748941c15ade6;hpb=dee502be89e78e2979e3bd1d7724cf79daa6ef61 diff --git a/Configure b/Configure index 97c2573d72..b27795789e 100755 --- a/Configure +++ b/Configure @@ -14,7 +14,7 @@ use File::Spec::Functions; # see INSTALL for instructions. -my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] [--config=FILE] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] [--config=FILE] os/compiler[:flags]\n"; # Options: # @@ -30,18 +30,6 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta # default). This needn't be set in advance, you can # just as well use "make INSTALL_PREFIX=/whatever install". # -# --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected -# to live in the subdirectory lib/ and the header files in -# include/. A value is required. -# --with-krb5-lib Declare where the Kerberos 5 libraries live. A value is -# required. -# (Default: KRB5_DIR/lib) -# --with-krb5-include Declare where the Kerberos 5 header files live. A -# value is required. -# (Default: KRB5_DIR/include) -# --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently -# supported values are "MIT" and "Heimdal". A value is required. -# # --test-sanity Make a number of sanity checks on the data in this file. # This is a debugging tool for OpenSSL developers. # @@ -59,7 +47,6 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta # no-asm do not use assembler # no-dso do not compile in any native shared-library methods. This # will ensure that all methods just return NULL. -# no-krb5 do not compile in any KRB5 library or code. # [no-]zlib [don't] compile support for zlib compression. # zlib-dynamic Like "zlib", but the zlib library is expected to be a shared # library and will be loaded in run-time by the OpenSSL library. @@ -110,9 +97,16 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta # Minimum warning options... any contributions to OpenSSL should at least get # past these. -my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DDEBUG_UNUSED"; +my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DDEBUG_UNUSED"; -my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum"; +# These are used in addition to $gcc_devteam_warn when the compiler is clang. +# TODO(openssl-team): fix problems and investigate if (at least) the +# following warnings can also be enabled: +# -Wswitch-enum, -Wunused-macros, -Wmissing-field-initializers, +# -Wcast-align, +# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token +# -Wextended-offsetof +my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Qunused-arguments -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations"; my $strict_warnings = 0; @@ -369,6 +363,7 @@ my %table=( template => 1, cpuid_obj => "sparcv9cap.o sparccpuid.o", bn_obj => "bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o", + ec_obj => "ecp_nistz256.o ecp_nistz256-sparcv9.o", des_obj => "des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o", aes_obj => "aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o", md5_obj => "md5-sparcv9.o", @@ -425,6 +420,8 @@ my %table=( aarch64_asm => { template => 1, cpuid_obj => "armcap.o arm64cpuid.o mem_clr.o", + ec_obj => "ecp_nistz256.o ecp_nistz256-armv8.o", + bn_obj => "bn_asm.o armv8-mont.o", aes_obj => "aes_core.o aes_cbc.o aesv8-armx.o vpaes-armv8.o", sha1_obj => "sha1-armv8.o sha256-armv8.o sha512-armv8.o", modes_obj => "ghashv8-armx.o", @@ -771,8 +768,7 @@ my $no_threads=0; my $threads=0; my $no_shared=0; # but "no-shared" is default my $zlib=1; # but "no-zlib" is default -my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used -my $no_rfc3779=1; # but "no-rfc3779" is default +my $no_rfc3779=0; my $no_asm=0; my $no_dso=0; my $no_gmp=0; @@ -809,7 +805,6 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental "jpake" => "experimental", "md2" => "default", "rc5" => "default", - "rfc3779" => "default", "sctp" => "default", "shared" => "default", "ssl-trace" => "default", @@ -822,7 +817,7 @@ my @experimental = (); # This is what $depflags will look like with the above defaults # (we need this to see if we should advise the user to run "make depend"): -my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST"; +my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST"; # Explicit "no-..." options will be collected in %disabled along with the defaults. # To remove something from %disabled, use "enable-foo" (unless it's experimental). @@ -845,7 +840,6 @@ my $openssl_thread_defines; my $openssl_sys_defines=""; my $openssl_other_defines; my $libs; -my $libkrb5=""; my $target; my $options; my $make_depend=0; @@ -994,10 +988,6 @@ PROCESS_ARGS: { $install_prefix=$1; } - elsif (/^--with-krb5-(dir|lib|include|flavor)=(.*)$/) - { - $withargs{"krb5-".$1}=$2; - } elsif (/^--with-zlib-lib=(.*)$/) { $withargs{"zlib-lib"}=$1; @@ -1065,11 +1055,6 @@ if ($processor eq "386") $disabled{"sse2"} = "forced"; } -if (!defined($withargs{"krb5-flavor"}) || $withargs{"krb5-flavor"} eq "") - { - $disabled{"krb5"} = "krb5-flavor not specified"; - } - if (!defined($disabled{"zlib-dynamic"})) { # "zlib-dynamic" was specifically enabled, so enable "zlib" @@ -1099,23 +1084,13 @@ if (defined($disabled{"md5"}) || defined($disabled{"sha"}) $disabled{"tls1"} = "forced"; } -if (defined($disabled{"tls1"})) - { - $disabled{"tlsext"} = "forced"; - } if (defined($disabled{"ec"}) || defined($disabled{"dsa"}) - || defined($disabled{"dh"})) + || defined($disabled{"dh"}) || defined($disabled{"stdio"})) { $disabled{"gost"} = "forced"; } -# SRP and HEARTBEATS require TLSEXT -if (defined($disabled{"tlsext"})) - { - $disabled{"srp"} = "forced"; - $disabled{"heartbeats"} = "forced"; - } if ($target eq "TABLE") { foreach $target (sort keys %table) { @@ -1212,19 +1187,14 @@ foreach (sort (keys %disabled)) $openssl_algorithm_defines .= "#define OPENSSL_NO_$ALGO\n"; print " OPENSSL_NO_$ALGO"; - if (/^krb5$/) - { $no_krb5 = 1; } - else - { - push @skip, $algo; - # fix-up crypto/directory name(s) - $skip[$#skip]="whrlpool" if $algo eq "whirlpool"; - $skip[$#skip]="ripemd" if $algo eq "rmd160"; + push @skip, $algo; + # fix-up crypto/directory name(s) + $skip[$#skip]="whrlpool" if $algo eq "whirlpool"; + $skip[$#skip]="ripemd" if $algo eq "rmd160"; - print " (skip dir)"; + print " (skip dir)"; - $depflags .= " -DOPENSSL_NO_$ALGO"; - } + $depflags .= " -DOPENSSL_NO_$ALGO"; } } @@ -1343,62 +1313,6 @@ my $no_user_cflags=0; if ($flags ne "") { $cflags="$flags$cflags"; } else { $no_user_cflags=1; } -# Kerberos settings. The flavor must be provided from outside, either through -# the script "config" or manually. -if (!$no_krb5) - { - my ($lresolv, $lpath, $lext); - if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/) - { - die "Sorry, Heimdal is currently not supported\n"; - } - ##### HACK to force use of Heimdal. - ##### WARNING: Since we don't really have adequate support for Heimdal, - ##### using this will break the build. You'll have to make - ##### changes to the source, and if you do, please send - ##### patches to openssl-dev@openssl.org - if ($withargs{"krb5-flavor"} =~ /^force-[Hh]eimdal$/) - { - warn "Heimdal isn't really supported. Your build WILL break\n"; - warn "If you fix the problems, please send a patch to openssl-dev\@openssl.org\n"; - $withargs{"krb5-dir"} = "/usr/heimdal" - if $withargs{"krb5-dir"} eq ""; - $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. - "/lib -lgssapi -lkrb5 -lcom_err" - if $withargs{"krb5-lib"} eq "" && !$IsMK1MF; - $cflags="-DKRB5_HEIMDAL $cflags"; - } - if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/) - { - $withargs{"krb5-dir"} = "/usr/kerberos" - if $withargs{"krb5-dir"} eq ""; - $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. - "/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto" - if $withargs{"krb5-lib"} eq "" && !$IsMK1MF; - $cflags="-DKRB5_MIT $cflags"; - $withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//; - if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/) - { - $cflags="-DKRB5_MIT_OLD11 $cflags"; - } - } - LRESOLV: - foreach $lpath ("/lib", "/usr/lib") - { - foreach $lext ("a", "so") - { - $lresolv = "$lpath/libresolv.$lext"; - last LRESOLV if (-r "$lresolv"); - $lresolv = ""; - } - } - $withargs{"krb5-lib"} .= " -lresolv" - if ("$lresolv" ne ""); - $withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include" - if $withargs{"krb5-include"} eq "" && - $withargs{"krb5-dir"} ne ""; - } - # The DSO code currently always implements all functions so that no # applications will have to worry about that from a compilation point # of view. However, the "method"s may return zero unless that platform @@ -1723,12 +1637,21 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/) if ($strict_warnings) { + my $ecc = $cc; + $ecc = "clang" if `$cc --version 2>&1` =~ /clang/; my $wopt; - die "ERROR --strict-warnings requires gcc or clang" unless ($cc =~ /gcc$/ or $cc =~ /clang$/); + die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/); foreach $wopt (split /\s+/, $gcc_devteam_warn) { $cflags .= " $wopt" unless ($cflags =~ /$wopt/) } + if ($ecc eq "clang") + { + foreach $wopt (split /\s+/, $clang_devteam_warn) + { + $cflags .= " $wopt" unless ($cflags =~ /$wopt/) + } + } } open(IN,") s/^PROCESSOR=.*/PROCESSOR= $processor/; s/^ARFLAGS=.*/ARFLAGS= $arflags/; s/^PERL=.*/PERL= $perl/; - s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/; - s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/; s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/; s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; @@ -1867,8 +1788,6 @@ print "PROCESSOR =$processor\n"; print "RANLIB =$ranlib\n"; print "ARFLAGS =$arflags\n"; print "PERL =$perl\n"; -print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n" - if $withargs{"krb5-include"} ne ""; my $des_ptr=0; my $des_risc1=0; @@ -2063,6 +1982,16 @@ print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int; print "BF_PTR used\n" if $bf_ptr == 1; print "BF_PTR2 used\n" if $bf_ptr == 2; +{ + my $perlguess = $perl =~ m@^/@ ? $perl : '/usr/local/bin/perl'; + + &dofile("tools/c_rehash",$perlguess, + '^#!/' => '#!%s', + '^my \$dir;$' => 'my $dir = "' . $openssldir . '";', + '^my \$prefix;$' => 'my $prefix = "' . $prefix . '";'); + &dofile("apps/CA.pl",$perl, + '^#!/' => '#!%s'); +} if($IsMK1MF) { open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h"; printf OUT <