X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=Configure;h=fb4593e977a3204daca7fb0e10e1afb758764051;hp=9ff6e70dd8f2f7d521304172d526a3957f81bcce;hb=7ff970ef55a1552e5a1acc6d337250c755b7fd0d;hpb=58dd1ce91aeafb513fa9fd09740e3151c2479314

diff --git a/Configure b/Configure
index 9ff6e70dd8..fb4593e977 100755
--- a/Configure
+++ b/Configure
@@ -1,6 +1,6 @@
-:
-eval 'exec perl -S $0 ${1+"$@"}'
-    if $running_under_some_shell;
+#! /usr/bin/env perl
+# -*- mode: perl; -*-
+
 ##
 ##  Configure -- OpenSSL source tree configuration script
 ##  If editing this file, run this command before committing
@@ -35,6 +35,9 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
 #
 # --cross-compile-prefix Add specified prefix to binutils components.
 #
+# --api         One of 0.9.8, 1.0.0 or 1.1.0.  Do not compile support for
+#               interfaces deprecated as of the specified OpenSSL version.
+#
 # no-hw-xxx     do not compile support for specific crypto hardware.
 #               Generic OpenSSL-style methods relating to this support
 #               are always compiled but return NULL if the hardware
@@ -97,7 +100,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
 # Minimum warning options... any contributions to OpenSSL should at least get
 # past these.
 
-my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DDEBUG_UNUSED";
+my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Werror -DCRYPTO_MDEBUG -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DDEBUG_UNUSED";
 
 # These are used in addition to $gcc_devteam_warn when the compiler is clang.
 # TODO(openssl-team): fix problems and investigate if (at least) the
@@ -108,6 +111,14 @@ my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare
 # -Wextended-offsetof
 my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Qunused-arguments -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations";
 
+# Warn that "make depend" should be run?
+my $warn_make_depend = 0;
+
+# These are used in addition to $gcc_devteam_warn unless this is a mingw build.
+# This adds backtrace information to the memory leak info.
+my $memleak_devteam_backtrace = "-rdynamic -DCRYPTO_MDEBUG_BACKTRACE";
+
+
 my $strict_warnings = 0;
 
 my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
@@ -129,6 +140,16 @@ my $bits2="SIXTY_FOUR_BIT ";
 # seems to be sufficient?
 my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
 
+#
+# API compability name to version number mapping.
+#
+my $maxapi = "1.1.0";           # API for "no-deprecated" builds
+my $apitable = {
+    "1.1.0" => "0x10100000L",
+    "1.0.0" => "0x10000000L",
+    "0.9.8" => "0x00908000L",
+};
+
 # table of known configurations, read in from files
 #
 # The content of each entry can take one of two forms:
@@ -210,6 +231,8 @@ my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
 #	  cmll_obj => $cmll_obj,
 #	  modes_obj => $modes_obj,
 #	  engines_obj => $engines_obj,
+#	  chacha_obj => $wp_obj,
+#	  poly1305_obj => $cmll_obj,
 #	  dso_scheme => $dso_scheme,
 #	  shared_target => $shared_target,
 #	  shared_cflag => $shared_cflag,
@@ -771,7 +794,6 @@ my $zlib=1;      # but "no-zlib" is default
 my $no_rfc3779=0;
 my $no_asm=0;
 my $no_dso=0;
-my $no_gmp=0;
 my @skip=();
 my $Makefile="Makefile";
 my $des_locl="crypto/des/des_locl.h";
@@ -791,17 +813,97 @@ my $cast_enc="c_enc.o";
 my $rc4_enc="rc4_enc.o rc4_skey.o";
 my $rc5_enc="rc5_enc.o";
 my $cmll_enc="camellia.o cmll_misc.o cmll_cbc.o";
+my $chacha_enc="chacha_enc.o";
 my $processor="";
 my $default_ranlib;
 my $perl;
 my $fips=0;
 
+# Explicitelly known options that are possible to disable.  They can
+# be regexps, and will be used like this: /^no-${option}$/
+# For developers: keep it sorted alphabetically
+
+my @disablables = (
+    "aes",
+    "asm",
+    "bf",
+    "camellia",
+    "capieng",
+    "cast",
+    "chacha",
+    "cmac",
+    "cms",
+    "comp",
+    "ct",
+    "deprecated",
+    "des",
+    "dgram",
+    "dh",
+    "dsa",
+    "dso",
+    "dtls",
+    "dynamic[-_]engine",
+    "ec",
+    "ec2m",
+    "ec_nistp_64_gcc_128",
+    "engine",
+    "err",			# Really???
+    "gost",
+    "heartbeats",
+    "hmac",
+    "hw(-.+)?",
+    "idea",
+    "jpake",
+    "locking",			# Really???
+    "md2",
+    "md4",
+    "md5",
+    "mdc2",
+    "md[-_]ghost94",
+    "nextprotoneg",
+    "ocb",
+    "ocsp",
+    "poly1305",
+    "posix-io",
+    "psk",
+    "rc2",
+    "rc4",
+    "rc5",
+    "rdrand",
+    "rfc3779",
+    "rijndael",			# Old AES name
+    "rmd160",
+    "rsa",
+    "scrypt",
+    "sct",
+    "sctp",
+    "seed",
+    "sha",
+    "shared",
+    "sock",
+    "srp",
+    "srtp",
+    "sse2",
+    "ssl",
+    "ssl3",
+    "ssl3-method",
+    "ssl-trace",
+    "static-engine",
+    "stdio",
+    "store",
+    "threads",
+    "tls",
+    "tls1",
+    "unit-test",
+    "whirlpool",
+    "zlib",
+    "zlib-dynamic",
+    );
+
 # All of the following is disabled by default (RC5 was enabled before 0.9.8):
 
 my %disabled = ( # "what"         => "comment" [or special keyword "experimental"]
-		 "deprecated" => "default",
 		 "ec_nistp_64_gcc_128" => "default",
-		 "gmp"		  => "default",
 		 "jpake"          => "experimental",
 		 "md2"            => "default",
 		 "rc5"            => "default",
@@ -817,7 +919,7 @@ my @experimental = ();
 
 # This is what $depflags will look like with the above defaults
 # (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
+my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
 
 # Explicit "no-..." options will be collected in %disabled along with the defaults.
 # To remove something from %disabled, use "enable-foo" (unless it's experimental).
@@ -842,6 +944,7 @@ my $openssl_other_defines;
 my $libs;
 my $target;
 my $options;
+my $api;
 my $make_depend=0;
 my %withargs=();
 my $build_prefix = "release_";
@@ -867,6 +970,8 @@ while($argv_unprocessed)
 	$argvstring=join(' ',@argvcopy);
 
 PROCESS_ARGS:
+	{
+	my %unsupported_options = ();
 	foreach (@argvcopy)
 		{
 		s /^-no-/no-/; # some people just can't read the instructions
@@ -878,6 +983,15 @@ PROCESS_ARGS:
 		s /^zlib$/enable-zlib/;
 		s /^zlib-dynamic$/enable-zlib-dynamic/;
 
+		if (/^(no|disable|enable|experimental)-(.+)$/)
+			{
+			my $word = $2;
+			if (!grep { $word =~ /^${_}$/ } @disablables)
+				{
+				$unsupported_options{$_} = 1;
+				next;
+				}
+			}
 		if (/^no-(.+)$/ || /^disable-(.+)$/)
 			{
 			if (!($disabled{$1} eq "experimental"))
@@ -934,6 +1048,7 @@ PROCESS_ARGS:
 			{
 			if (open(IN,"<$Makefile"))
 				{
+				my $config_args_found=0;
 				while (<IN>)
 					{
 					chomp;
@@ -945,11 +1060,19 @@ PROCESS_ARGS:
 							if (grep(/^reconf/,@argvcopy));
 						print "Reconfiguring with: $argvstring\n";
 						$argv_unprocessed=1;
-						close(IN);
-						last PROCESS_ARGS;
+						$config_args_found=1;
+						}
+					elsif (/^CROSS_COMPILE=\s*(.*)/)
+						{
+						$ENV{CROSS_COMPILE}=$1;
+						}
+					elsif (/^CC=\s*(?:\$\(CROSS_COMPILE\))?(.*?)$/)
+						{
+						$ENV{CC}=$1;
 						}
 					}
 				close(IN);
+				last PROCESS_ARGS if ($config_args_found);
 				}
 			die "Insufficient data to reconfigure, please do a normal configuration\n";
 			}
@@ -976,6 +1099,10 @@ PROCESS_ARGS:
 				{
 				$prefix=$1;
 				}
+			elsif (/^--api=(.*)$/)
+				{
+				$api=$1;
+				}
 			elsif (/^--libdir=(.*)$/)
 				{
 				$libdir=$1;
@@ -1046,8 +1173,18 @@ PROCESS_ARGS:
 				{ $options .= " ".$_; }
 			}
 		}
-	}
 
+        if (defined($api) && !exists $apitable->{$api}) {
+		die "***** Unsupported api compatibility level: $api\n",
+        }
+
+	if (keys %unsupported_options)
+		{
+		die "***** Unsupported options: ",
+			join(", ", keys %unsupported_options), "\n";
+		}
+	}
+	}
 
 
 if ($processor eq "386")
@@ -1084,6 +1221,10 @@ if (defined($disabled{"md5"}) || defined($disabled{"sha"})
 	$disabled{"tls1"} = "forced";
 	}
 
+if (defined($disabled{"dgram"}))
+	{
+        $disabled{"dtls"} = "forced";
+        }
 
 if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
     || defined($disabled{"dh"}) || defined($disabled{"stdio"}))
@@ -1269,6 +1410,8 @@ my $wp_obj = $table{$target}->{wp_obj};
 my $cmll_obj = $table{$target}->{cmll_obj};
 my $modes_obj = $table{$target}->{modes_obj};
 my $engines_obj = $table{$target}->{engines_obj};
+my $chacha_obj = $table{$target}->{chacha_obj};
+my $poly1305_obj = $table{$target}->{poly1305_obj};
 my $perlasm_scheme = $table{$target}->{perlasm_scheme};
 my $dso_scheme = $table{$target}->{dso_scheme};
 my $shared_target = $table{$target}->{shared_target};
@@ -1379,7 +1522,8 @@ if ($no_asm)
 	{
 	$cpuid_obj=$bn_obj=$ec_obj=
 	$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj=
-	$modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj="";
+	$modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj=
+	$chacha_obj=$poly1305_obj="";
 	$cflags=~s/\-D[BL]_ENDIAN//		if ($fips);
 	$thread_cflags=~s/\-D[BL]_ENDIAN//	if ($fips);
 	}
@@ -1419,11 +1563,10 @@ if ($zlib)
 		}
 	}
 
-#Build the library with OPENSSL_USE_DEPRECATED if deprecation is not disabled
-if(!defined($disabled{"deprecated"}))
-	{
-	$cflags = "-DOPENSSL_USE_DEPRECATED $cflags";
-	}
+# With "deprecated" disable all deprecated features.
+if (defined($disabled{"deprecated"})) {
+        $api = $maxapi;
+}
 
 # You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
 my $shared_mark = "";
@@ -1598,6 +1741,11 @@ if ($ec_obj =~ /ecp_nistz256/)
 	{
 	$cflags.=" -DECP_NISTZ256_ASM";
 	}
+$chacha_obj=$chacha_enc	unless ($chacha_obj =~ /\.o$/);
+if ($poly1305_obj =~ /\.o$/)
+	{
+	$cflags.=" -DPOLY1305_ASM";
+	}
 
 # "Stringify" the C flags string.  This permits it to be made part of a string
 # and works as well on command lines.
@@ -1616,7 +1764,7 @@ open(IN,'<include/openssl/opensslv.h') || die "unable to read opensslv.h:$!\n";
 while (<IN>)
 	{
 	$version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
-	$version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/;
+	$version_num=$1 if /OPENSSL.VERSION.NUMBER.*(0x\S+)/;
 	$shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/;
 	$shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/;
 	}
@@ -1635,6 +1783,12 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
 	$shlib_minor=$2;
 	}
 
+if (defined($api)) {
+    my $apiflag = sprintf("-DOPENSSL_API_COMPAT=%s", $apitable->{$api});
+    $default_depflags .= " $apiflag";
+    $cflags .= " $apiflag";
+}
+
 my $ecc = $cc;
 $ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
 
@@ -1644,15 +1798,26 @@ if ($strict_warnings)
 	die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc(-\d(\.\d)*)?$/ or $ecc =~ /clang$/);
 	foreach $wopt (split /\s+/, $gcc_devteam_warn)
 		{
-		$cflags .= " $wopt" unless ($cflags =~ /$wopt/)
+		$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
 		}
 	if ($ecc eq "clang")
 		{
 		foreach $wopt (split /\s+/, $clang_devteam_warn)
 			{
-			$cflags .= " $wopt" unless ($cflags =~ /$wopt/)
+			$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
 			}
 		}
+	if ($target !~ /^mingw/)
+		{
+		foreach $wopt (split /\s+/, $memleak_devteam_backtrace)
+			{
+			$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
+			}
+                if ($target =~ /^BSD-/)
+	                {
+                        $lflags .= " -lexecinfo";
+                        }
+                }
 	}
 
 open(IN,"<Makefile.org") || die "unable to read Makefile.org:$!\n";
@@ -1726,6 +1891,8 @@ while (<IN>)
 	s/^WP_ASM_OBJ=.*$/WP_ASM_OBJ= $wp_obj/;
 	s/^CMLL_ENC=.*$/CMLL_ENC= $cmll_obj/;
 	s/^MODES_ASM_OBJ.=*$/MODES_ASM_OBJ= $modes_obj/;
+	s/^CHACHA_ENC=.*$/CHACHA_ENC= $chacha_obj/;
+	s/^POLY1305_ASM_OBJ=.*$/POLY1305_ASM_OBJ= $poly1305_obj/;
 	s/^ENGINES_ASM_OBJ.=*$/ENGINES_ASM_OBJ= $engines_obj/;
 	s/^PERLASM_SCHEME=.*$/PERLASM_SCHEME= $perlasm_scheme/;
 	s/^PROCESSOR=.*/PROCESSOR= $processor/;
@@ -1785,6 +1952,8 @@ print "RMD160_OBJ_ASM=$rmd160_obj\n";
 print "CMLL_ENC      =$cmll_obj\n";
 print "MODES_OBJ     =$modes_obj\n";
 print "ENGINES_OBJ   =$engines_obj\n";
+print "CHACHA_ENC    =$chacha_obj\n";
+print "POLY1305_OBJ  =$poly1305_obj\n";
 print "PROCESSOR     =$processor\n";
 print "RANLIB        =$ranlib\n";
 print "ARFLAGS       =$arflags\n";
@@ -1848,6 +2017,11 @@ print OUT "#ifdef  __cplusplus\n";
 print OUT "extern \"C\" {\n";
 print OUT "#endif\n";
 print OUT "/* OpenSSL was configured with the following options: */\n";
+
+my $openssl_api_defines = "";
+if (defined($api)) {
+    $openssl_api_defines = sprintf "#define OPENSSL_MIN_API %s\n", $apitable->{$api};
+}
 my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
 $openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n#  define OPENSSL_NO_$1\n# endif\n#endif/mg;
 $openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n#  define $1\n# endif/mg;
@@ -1856,9 +2030,11 @@ $openssl_algorithm_defines = "   /* no ciphers excluded */\n" if $openssl_algori
 $openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
 $openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
 $openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
+
 print OUT $openssl_sys_defines;
 print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n";
 print OUT $openssl_experimental_defines;
+print OUT $openssl_api_defines;
 print OUT "\n";
 print OUT $openssl_algorithm_defines;
 print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n\n";
@@ -2012,20 +2188,14 @@ EOF
 	(system $make_command.$make_targets) == 0 or die "make $make_targets failed"
 		if $make_targets ne "";
 	if ($depflags ne $default_depflags && !$make_depend) {
-		print <<EOF;
-
-Since you've disabled or enabled at least one algorithm, you need to do
-the following before building:
-
-	make depend
-EOF
-	}
+            $warn_make_depend++;
+        }
 }
 
 # create the ms/version32.rc file if needed
 if ($IsMK1MF && ($target !~ /^netware/)) {
 	my ($v1, $v2, $v3, $v4);
-	if ($version_num =~ /(^[0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) {
+	if ($version_num =~ /^0x([0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})L$/i) {
 		$v1=hex $1;
 		$v2=hex $2;
 		$v3=hex $3;
@@ -2098,12 +2268,18 @@ EOF
 
 print <<\EOF if ($no_shared_warn);
 
-You gave the option 'shared'.  Normally, that would give you shared libraries.
-Unfortunately, the OpenSSL configuration doesn't include shared library support
-for this platform yet, so it will pretend you gave the option 'no-shared'.  If
-you can inform the developpers (openssl-dev\@openssl.org) how to support shared
-libraries on this platform, they will at least look at it and try their best
-(but please first make sure you have tried with a current version of OpenSSL).
+You gave the option 'shared', which is not supported on this platform, so
+we will pretend you gave the option 'no-shared'.  If you know how to implement
+shared libraries, please let us know (but please first make sure you have
+tried with a current version of OpenSSL).
+EOF
+
+print <<EOF if ($warn_make_depend);
+
+*** Because of configuration changes, you MUST do the following before
+*** building:
+
+	make depend
 EOF
 
 exit(0);
@@ -2213,6 +2389,8 @@ sub print_table_entry
 \$cmll_obj     = $table{$target}->{cmll_obj}
 \$modes_obj    = $table{$target}->{modes_obj}
 \$engines_obj  = $table{$target}->{engines_obj}
+\$chacha_obj   = $table{$target}->{chacha_obj}
+\$poly1305_obj = $table{$target}->{poly1305_obj}
 \$perlasm_scheme = $table{$target}->{perlasm_scheme}
 \$dso_scheme   = $table{$target}->{dso_scheme}
 \$shared_target= $table{$target}->{shared_target}
@@ -2252,6 +2430,8 @@ EOF
 		"cmll_obj",
 		"modes_obj",
 		"engines_obj",
+		"chacha_obj",
+		"poly1305_obj",
 		"perlasm_scheme",
 		"dso_scheme",
 		"shared_target",