X-Git-Url: https://git.openssl.org/gitweb/?a=blobdiff_plain;f=Configure;h=cf4902322549621f015eab7d10d4be0375abdfa6;hb=9829b5ab52cb5f1891fc48262503b7eec32351b3;hp=274712e8c992893b5e8592846444142ded9c5e98;hpb=e5ed5f6a595748e2d447ac7af2823471d2f91f45;p=openssl.git diff --git a/Configure b/Configure index 274712e8c9..cf49023225 100755 --- a/Configure +++ b/Configure @@ -57,6 +57,9 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lx # library and will be loaded in run-time by the OpenSSL library. # sctp include SCTP support # 386 generate 80386 code +# enable-weak-ssl-ciphers +# Enable weak ciphers that are disabled by default. This currently +# only includes RC4 based ciphers. # no-sse2 disables IA-32 SSE2 code, above option implies no-sse2 # no- build without specified algorithm (rsa, idea, rc5, ...) # - + compiler options are passed through @@ -124,7 +127,7 @@ my $strict_warnings = 0; # which has to be accompanied by explicit -D_THREAD_SAFE and # sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which # seems to be sufficient? -my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; +our $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; # # API compability name to version number mapping. @@ -136,9 +139,9 @@ my $apitable = { "0.9.8" => "0x00908000L", }; -my $base_target = "BASE"; # The template that all other inherit from our %table = (); our %config = (); +our %withargs = (); # Forward declarations ############################################### @@ -208,7 +211,7 @@ $config{cross_compile_prefix}=""; $config{fipslibdir}="/usr/local/ssl/fips-2.0/lib/"; my $nofipscanistercheck=0; $config{baseaddr}="0xFB00000"; -my $threads=0; +my $auto_threads=1; # enable threads automatically? true by default my $default_ranlib; $config{fips}=0; @@ -313,6 +316,7 @@ my @disablables = ( "ui", "unit-test", "whirlpool", + "weak-ssl-ciphers", "zlib", "zlib-dynamic", ); @@ -330,17 +334,21 @@ my @deprecated_disablables = ( our %disabled = ( # "what" => "comment" "ec_nistp_64_gcc_128" => "default", - "egd" => "default", - "md2" => "default", - "rc5" => "default", - "sctp" => "default", - "shared" => "default", - "ssl-trace" => "default", - "static-engine" => "default", - "unit-test" => "default", - "zlib" => "default", - "crypto-mdebug" => "default", - "heartbeats" => "default", + "egd" => "default", + "md2" => "default", + "rc5" => "default", + "sctp" => "default", + "shared" => "default", + "ssl-trace" => "default", + "ssl3" => "default", + "ssl3-method" => "default", + "static-engine" => "default", + "unit-test" => "default", + "weak-ssl-ciphers" => "default", + "zlib" => "default", + "zlib-dynamic" => "default", + "crypto-mdebug" => "default", + "heartbeats" => "default", ); # Note: => pair form used for aesthetics, not to truly make a hash table @@ -438,8 +446,7 @@ $config{openssl_other_defines}=[]; my $libs=""; my $target=""; $config{options}=""; -my %withargs=(); -my $build_prefix = "release_"; +$config{build_type} = "release"; my @argvcopy=@ARGV; @@ -570,6 +577,8 @@ foreach (@argvcopy) { $disabled{$1} = "option"; } + # No longer an automatic choice + $auto_threads = 0 if ($1 eq "threads"); } elsif (/^enable-(.+)$/) { @@ -581,10 +590,15 @@ foreach (@argvcopy) { delete $disabled{"dynamic-engine"}; } + elsif ($1 eq "zlib-dynamic") + { + delete $disabled{"zlib"}; + } my $algo = $1; delete $disabled{$algo}; - $threads = 1 if ($algo eq "threads"); + # No longer an automatic choice + $auto_threads = 0 if ($1 eq "threads"); } elsif (/^--strict-warnings$/) { @@ -592,11 +606,11 @@ foreach (@argvcopy) } elsif (/^--debug$/) { - $build_prefix = "debug_"; + $config{build_type} = "debug"; } elsif (/^--release$/) { - $build_prefix = "release_"; + $config{build_type} = "release"; } elsif (/^386$/) { $config{processor}=386; } @@ -827,7 +841,7 @@ print "Configuring for $target\n"; # Support for legacy targets having a name starting with 'debug-' my ($d, $t) = $target =~ m/^(debug-)?(.*)$/; if ($d) { - $build_prefix = "debug_"; + $config{build_type} = "debug"; # If we do not find debug-foo in the table, the target is set to foo. if (!$table{$target}) { @@ -835,13 +849,11 @@ if ($d) { } } $config{target} = $target; -delete $table{$base_target}->{template}; # or the next test will fail. my %target = resolve_config($target); &usage if (!%target || $target{template}); -# Set up defaults -my %target = ( %{$table{$base_target}}, %target ); +%target = ( %{$table{DEFAULTS}}, %target ); $target{exe_extension}=""; $target{exe_extension}=".exe" if ($config{target} eq "DJGPP" @@ -856,38 +868,24 @@ $target{dso_extension}=$target{shared_extension_simple}; if ($config{target} =~ /^(?:Cygwin|mingw)/); -$default_ranlib = which("ranlib") || "true"; -$config{perl} = $ENV{'PERL'} || which("perl5") || which("perl") || "perl"; -my $make = $ENV{'MAKE'} || "make"; - $config{cross_compile_prefix} = $ENV{'CROSS_COMPILE'} if $config{cross_compile_prefix} eq ""; -# Allow environment CC to override compiler... -$target{cc} = $ENV{CC} || $target{cc}; +# Allow overriding the names of some tools. USE WITH CARE +$config{perl} = $ENV{'PERL'} || which("perl5") || which("perl") || "perl"; +$target{cc} = $ENV{'CC'} || $target{cc} || "cc"; +$target{ranlib} = $ENV{'RANLIB'} || $target{ranlib} || which("ranlib") || "true"; +$target{ar} = $ENV{'AR'} || $target{ar} || "ar"; +$target{nm} = $ENV{'NM'} || $target{nm} || "nm"; # For cflags, lflags, plib_lflags, ex_libs and defines, add the debug_ # or release_ attributes. # Do it in such a way that no spurious space is appended (hence the grep). -$config{defines} = [ @{$target{defines}}, - @{$target{$build_prefix."defines"}} ]; -$config{cflags} = join(" ", - grep { $_ ne "" } ($target{cflags}, - $target{$build_prefix."cflags"})); -$config{lflags} = join(" ", - grep { $_ ne "" } ($target{lflags}, - $target{$build_prefix."lflags"})); -$config{plib_lflags} = join(" ", - grep { $_ ne "" } ($target{plib_lflags}, - $target{$build_prefix."plib_lflags"})); -$config{ex_libs} = join(" ", - grep { $_ ne "" } ($target{ex_libs}, - $target{$build_prefix."ex_libs"})); - -$target{ranlib} = $ENV{'RANLIB'} || $target{ranlib} || $default_ranlib; -$target{ar} = $ENV{'AR'} || "ar"; -$target{arflags} = "" if !defined($target{arflags}); -$target{nm} = "nm"; +$config{defines} = []; +$config{cflags} = ""; +$config{ex_libs} = ""; +$config{shared_ldflag} = ""; + # Make sure build_scheme is consistent. $target{build_scheme} = [ $target{build_scheme} ] if ref($target{build_scheme}) ne "ARRAY"; @@ -908,7 +906,7 @@ my ($builder, $builder_platform, @builder_opts) = if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m) { $config{cflags} .= " -mno-cygwin"; - $target{shared_ldflag} .= " -mno-cygwin"; + $config{shared_ldflag} .= " -mno-cygwin"; } if ($target =~ /linux.*-mips/ && !$disabled{asm} && $user_cflags !~ /-m(ips|arch=)/) { @@ -932,81 +930,61 @@ if (!$disabled{dso} && $target{dso_scheme} ne "") $target{dso_scheme} =~ tr/[a-z]/[A-Z]/; if ($target{dso_scheme} eq "DLFCN") { - $config{defines} = [ "DSO_DLFCN", "HAVE_DLFCN_H", - @{$config{defines}} ] + unshift @{$config{defines}}, "DSO_DLFCN", "HAVE_DLFCN_H"; } elsif ($target{dso_scheme} eq "DLFCN_NO_H") { - $config{defines} = [ "DSO_DLFCN", @{$config{defines}} ] + unshift @{$config{defines}}, "DSO_DLFCN"; } else { - $config{defines} = [ "DSO_$target{dso_scheme}", - @{$config{defines}} ] + unshift @{$config{defines}}, "DSO_$target{dso_scheme}"; } } -my $thread_cflags = ""; -my @thread_defines; -if ($target{thread_cflag} ne "(unknown)" && !$disabled{threads}) - { - # If we know how to do it, support threads by default. - $threads = 1; - } -if ($target{thread_cflag} eq "(unknown)" && $threads) - { - # If the user asked for "threads", [s]he is also expected to - # provide any system-dependent compiler options that are - # necessary. - if ($no_user_cflags && $no_user_defines) - { - print "You asked for multi-threading support, but didn't\n"; - print "provide any system-specific compiler options\n"; - exit(1); - } - push @thread_defines, "OPENSSL_THREADS"; - } -else - { - $thread_cflags=" $target{thread_cflag}"; - push @thread_defines, @{$target{thread_defines}}, "OPENSSL_THREADS"; - } - $config{ex_libs}="$libs$config{ex_libs}" if ($libs ne ""); if ($disabled{asm}) { - @{$config{defines}} = grep !/^[BL]_ENDIAN$/, @{$config{defines}} - if ($config{fips}); - } - -if ($threads) - { - $config{cflags} = "$thread_cflags $config{cflags}" if $thread_cflags; - push @{$config{defines}}, @thread_defines; - push @{$config{openssl_thread_defines}}, @thread_defines; - } - -unless ($disabled{zlib}) - { - push @{$config{defines}}, "ZLIB"; - if (defined($disabled{"zlib-dynamic"})) - { - if (defined($withargs{zlib_lib})) - { - $config{ex_libs} .= " -L" . $withargs{zlib_lib} . " -lz"; - } - else - { - $config{ex_libs} .= " -lz"; - } - } - else + if ($config{fips}) { - push @{$config{defines}}, "ZLIB_SHARED"; + @{$config{defines}} = grep !/^[BL]_ENDIAN$/, @{$config{defines}}; + @{$target{defines}} = grep !/^[BL]_ENDIAN$/, @{$target{defines}}; } } +# If threads aren't disabled, check how possible they are +unless ($disabled{threads}) { + if ($auto_threads) { + # Enabled by default, disable it forcibly if unavailable + if ($target{thread_scheme} eq "(unknown)") { + $disabled{threads} = "unavailable"; + } + } else { + # The user chose to enable threads explicitely, let's see + # if there's a chance that's possible + if ($target{thread_scheme} eq "(unknown)") { + # If the user asked for "threads" and we don't have internal + # knowledge how to do it, [s]he is expected to provide any + # system-dependent compiler options that are necessary. We + # can't truly check that the given options are correct, but + # we expect the user to know what [s]He is doing. + if ($no_user_cflags && $no_user_defines) { + die "You asked for multi-threading support, but didn't\n" + ,"provide any system-specific compiler options\n"; + } + } + } +} + +# If threads still aren't disabled, add a C macro to ensure the source +# code knows about it. Any other flag is taken care of by the configs. +unless($disabled{threads}) { + foreach (("defines", "openssl_thread_defines")) { + push @{$config{$_}}, "OPENSSL_THREADS"; + } +} + # With "deprecated" disable all deprecated features. if (defined($disabled{"deprecated"})) { $config{api} = $maxapi; @@ -1050,13 +1028,8 @@ if ($target{sys_id} ne "") push @{$config{openssl_sys_defines}}, "OPENSSL_SYS_$target{sys_id}"; } -if ($target{ranlib} eq "") - { - $target{ranlib} = $default_ranlib; - } - unless ($disabled{asm}) { - $target{cpuid_asm_src}=$table{BASE}->{cpuid_asm_src} if ($config{processor} eq "386"); + $target{cpuid_asm_src}=$table{DEFAULTS}->{cpuid_asm_src} if ($config{processor} eq "386"); $target{bn_asm_src} =~ s/\w+-gf2m.c// if (defined($disabled{ec2m})); # bn-586 is the only one implementing bn_*_part_words @@ -1079,7 +1052,7 @@ unless ($disabled{asm}) { if ($target{md5_asm_src}) { push @{$config{defines}}, "MD5_ASM"; } - $target{cast_asm_src}=$table{BASE}->{cast_asm_src} unless $disabled{pic}; # CAST assembler is not PIC + $target{cast_asm_src}=$table{DEFAULTS}->{cast_asm_src} unless $disabled{pic}; # CAST assembler is not PIC if ($target{rmd160_asm_src}) { push @{$config{defines}}, "RMD160_ASM"; } @@ -1096,9 +1069,9 @@ unless ($disabled{asm}) { } if ($target{wp_asm_src} =~ /mmx/) { if ($config{processor} eq "386") { - $target{wp_asm_src}=$table{BASE}->{wp_asm_src}; + $target{wp_asm_src}=$table{DEFAULTS}->{wp_asm_src}; } elsif (!$disabled{"whirlpool"}) { - $config{cflags}.=" -DWHIRLPOOL_ASM"; + push @{$config{defines}}, "WHIRLPOOL_ASM"; } } if ($target{modes_asm_src} =~ /ghash-/) { @@ -1266,6 +1239,8 @@ if ($builder eq "unified") { if (-f catfile($srcdir, "engines", $_, "build.info")); } + $config{build_infos} = [ ]; + foreach (@build_infos) { my $sourced = catdir($srcdir, $_->[0]); my $buildd = catdir($blddir, $_->[0]); @@ -1289,6 +1264,7 @@ if ($builder eq "unified") { my %renames = (); my %sharednames = (); + push @{$config{build_infos}}, catfile(abs2rel($sourced, $blddir), $f); my $template = Text::Template->new(TYPE => 'FILE', SOURCE => catfile($sourced, $f)); die "Something went wrong with $sourced/$f: $!\n" unless $template; @@ -1709,12 +1685,14 @@ close(OUT); print "IsMK1MF =", ($builder eq "mk1mf" ? "yes" : "no"), "\n"; print "CC =$target{cc}\n"; -print "CFLAG =$config{cflags}\n"; -print "DEFINES =",join(" ", @{$config{defines}}),"\n"; -print "LFLAG =$config{lflags}\n"; -print "PLIB_LFLAG =$config{plib_lflags}\n"; -print "EX_LIBS =$config{ex_libs}\n"; +print "CFLAG =$target{cflags} $config{cflags}\n"; +print "DEFINES =",join(" ", @{$target{defines}}, @{$config{defines}}),"\n"; +print "LFLAG =$target{lflags}\n"; +print "PLIB_LFLAG =$target{plib_lflags}\n"; +print "EX_LIBS =$target{ex_libs} $config{ex_libs}\n"; +print "APPS_OBJ =$target{apps_obj}\n"; print "CPUID_OBJ =$target{cpuid_obj}\n"; +print "UPLINK_OBJ =$target{uplink_obj}\n"; print "BN_ASM =$target{bn_obj}\n"; print "EC_ASM =$target{ec_obj}\n"; print "DES_ENC =$target{des_obj}\n"; @@ -1871,7 +1849,7 @@ print <<"EOF"; Configured for $target. EOF -print <<"EOF" if (!$disabled{threads} && !$threads); +print <<"EOF" if ($disabled{threads} eq "unavailable"); The library could not be configured for supporting multi-threaded applications as the compiler options required on this system are not known. @@ -1941,6 +1919,7 @@ sub asm { } } +our $add_called = 0; # Helper function to implement adding values to already existing configuration # values. It handles elements that are ARRAYs, CODEs and scalars sub _add { @@ -1953,18 +1932,28 @@ sub _add { my @values = map { - if (ref($_) eq "ARRAY") { - $found_array = 1; - @$_; + my $res = $_; + while (ref($res) eq "CODE") { + $res = $res->(); + } + if (defined($res)) { + if (ref($res) eq "ARRAY") { + $found_array = 1; + @$res; + } else { + $res; + } } else { - $_; + (); } } (@_); + $add_called = 1; + if ($found_array) { [ @values ]; } else { - join($separator, @values); + join($separator, grep { defined($_) && $_ ne "" } @values); } } sub add_before { @@ -2029,6 +2018,8 @@ sub resolve_config { my $target = shift; my @breadcrumbs = @_; + my $extra_checks = defined($ENV{CONFIGURE_EXTRA_CHECKS}); + if (grep { $_ eq $target } @breadcrumbs) { die "inherit_from loop! target backtrace:\n " ,$target,"\n ",join("\n ", @breadcrumbs),"\n"; @@ -2084,7 +2075,35 @@ sub resolve_config { my %all_keys = map { $_ => 1 } (keys %combined_inheritance, keys %{$table{$target}}); + + sub process_values { + my $object = shift; + my $inherited = shift; # Always a [ list ] + my $target = shift; + my $entry = shift; + + $add_called = 0; + + while(ref($object) eq "CODE") { + $object = $object->(@$inherited); + } + if (!defined($object)) { + return (); + } + elsif (ref($object) eq "ARRAY") { + local $add_called; # To make sure recursive calls don't affect it + return [ map { process_values($_, $inherited, $target, $entry) } + @$object ]; + } elsif (ref($object) eq "") { + return $object; + } else { + die "cannot handle reference type ",ref($object) + ," found in target ",$target," -> ",$entry,"\n"; + } + } + foreach (sort keys %all_keys) { + my $previous = $combined_inheritance{$_}; # Current target doesn't have a value for the current key? # Assign it the default combiner, the rest of this loop body @@ -2093,20 +2112,16 @@ sub resolve_config { $table{$target}->{$_} = $default_combiner; } - my $valuetype = ref($table{$target}->{$_}); - if ($valuetype eq "CODE") { - # CODE reference, execute it with the inherited values as - # arguments. - $table{$target}->{$_} = - $table{$target}->{$_}->(@{$combined_inheritance{$_}}); - } elsif ($valuetype eq "ARRAY" || $valuetype eq "") { - # ARRAY or Scalar, just leave it as is. - } else { - # Some other type of reference that we don't handle. - # Better to abort at this point. - die "cannot handle reference type $valuetype," - ," found in target $target -> $_\n"; - } + $table{$target}->{$_} = process_values($table{$target}->{$_}, + $combined_inheritance{$_}, + $target, $_); + unless(defined($table{$target}->{$_})) { + delete $table{$target}->{$_}; + } + if ($extra_checks && + $previous && !($add_called || $previous ~~ $table{$target}->{$_})) { + warn "$_ got replaced in $target\n"; + } } # Finally done, return the result. @@ -2181,22 +2196,11 @@ sub print_table_entry "cc", "cflags", "defines", - "debug_cflags", - "debug_defines", - "release_cflags", - "release_defines", - "thread_cflag", "unistd", "ld", "lflags", "plib_lflags", "ex_libs", - "debug_lflags", - "debug_plib_lflags", - "debug_ex_libs", - "release_lflags", - "release_plib_lflags", - "release_ex_libs", "bn_ops", "cpuid_obj", "bn_obj", @@ -2214,6 +2218,7 @@ sub print_table_entry "cmll_obj", "modes_obj", "padlock_obj", + "thread_scheme", "perlasm_scheme", "dso_scheme", "shared_target",