4 This directory contains a few sets of files that are used for
5 configuration in diverse ways:
7 *.conf Target platform configurations, please read
8 'Configurations of OpenSSL target platforms' for more
10 *.tmpl Build file templates, please read 'Build-file
11 programming with the "unified" build system' as well
12 as 'Build info files' for more information.
13 *.pm Helper scripts / modules for the main `Configure`
14 script. See 'Configure helper scripts for more
18 Configurations of OpenSSL target platforms
19 ==========================================
21 Configuration targets are a collection of facts that we know about
22 different platforms and their capabilities. We organise them in a
23 hash table, where each entry represent a specific target.
25 Note that configuration target names must be unique across all config
26 files. The Configure script does check that a config file doesn't
27 have config targets that shadow config targets from other files.
29 In each table entry, the following keys are significant:
31 inherit_from => Other targets to inherit values from.
32 Explained further below. [1]
33 template => Set to 1 if this isn't really a platform
34 target. Instead, this target is a template
35 upon which other targets can be built.
36 Explained further below. [1]
38 sys_id => System identity for systems where that
39 is difficult to determine automatically.
41 enable => Enable specific configuration features.
42 This MUST be an array of words.
43 disable => Disable specific configuration features.
44 This MUST be an array of words.
45 Note: if the same feature is both enabled
46 and disabled, disable wins.
48 cpp => The C preprocessor command, normally not
49 given, as the build file defaults are
51 cppflags => The C preprocessor flags.
52 defines => As an alternative, macro definitions may be
53 given here instead of in `cppflags'. If
54 given here, they MUST be as an array of the
55 string such as "MACRO=value", or just
56 "MACRO" for definitions without value.
57 includes => As an alternative, inclusion directories
58 may be given here instead of in `cppflags'.
59 If given here, the MUST be an array of
60 strings, one directory specification each.
61 cc => The C compiler command, usually one of "cc",
62 "gcc" or "clang". This command is normally
63 also used to link object files and
64 libraries into the final program.
65 cxx => The C++ compiler command, usually one of
66 "c++", "g++" or "clang++". This command is
67 also used when linking a program where at
68 least one of the object file is made from
70 cflags => Flags that are used at all times when
71 compiling C object files.
72 cxxflags => Flags that are used at all times when
73 compiling C++ object files. If unset, it
74 gets the same value as cflags.
75 shared_cflag => Extra compilation flags used when
76 compiling for shared libraries, typically
77 something like "-fPIC".
79 (linking is a complex thing, see [3] below)
80 ld => Linker command, usually not defined
81 (meaning the compiler command is used
83 (NOTE: this is here for future use, it's
85 lflags => Flags that are used when linking apps.
86 shared_ldflag => Flags that are used when linking shared
88 plib_lflags => Extra linking flags to appear just before
89 the libraries on the command line.
90 ex_libs => Extra libraries that are needed when
93 ar => The library archive command, the default is
95 (NOTE: this is here for future use, it's
97 arflags => Flags to be used with the library archive
100 ranlib => The library archive indexing command, the
101 default is 'ranlib' it it exists.
103 unistd => An alternative header to the typical
104 '<unistd.h>'. This is very rarely needed.
106 shared_extension => File name extension used for shared
108 obj_extension => File name extension used for object files.
109 On unix, this defaults to ".o" (NOTE: this
110 is here for future use, it's not
112 exe_extension => File name extension used for executable
113 files. On unix, this defaults to "" (NOTE:
114 this is here for future use, it's not
116 shlib_variant => A "variant" identifier inserted between the base
117 shared library name and the extension. On "unixy"
118 platforms (BSD, Linux, Solaris, MacOS/X, ...) this
119 supports installation of custom OpenSSL libraries
120 that don't conflict with other builds of OpenSSL
121 installed on the system. The variant identifier
122 becomes part of the SONAME of the library and also
123 any symbol versions (symbol versions are not used or
124 needed with MacOS/X). For example, on a system
125 where a default build would normally create the SSL
126 shared library as 'libssl.so -> libssl.so.1.1' with
127 the value of the symlink as the SONAME, a target
128 definition that sets 'shlib_variant => "-abc"' will
129 create 'libssl.so -> libssl-abc.so.1.1', again with
130 an SONAME equal to the value of the symlink. The
131 symbol versions associated with the variant library
132 would then be 'OPENSSL_ABC_<version>' rather than
133 the default 'OPENSSL_<version>'. The string inserted
134 into symbol versions is obtained by mapping all
135 letters in the "variant" identifier to upper case
136 and all non-alphanumeric characters to '_'.
138 thread_scheme => The type of threads is used on the
139 configured platform. Currently known
140 values are "(unknown)", "pthreads",
141 "uithreads" (a.k.a solaris threads) and
142 "winthreads". Except for "(unknown)", the
143 actual value is currently ignored but may
144 be used in the future. See further notes
146 dso_scheme => The type of dynamic shared objects to build
147 for. This mostly comes into play with
148 engines, but can be used for other purposes
149 as well. Valid values are "DLFCN"
150 (dlopen() et al), "DLFCN_NO_H" (for systems
151 that use dlopen() et al but do not have
152 fcntl.h), "DL" (shl_load() et al), "WIN32"
154 perlasm_scheme => The perlasm method used to created the
155 assembler files used when compiling with
156 assembler implementations.
157 shared_target => The shared library building method used.
158 This is a target found in Makefile.shared.
159 build_scheme => The scheme used to build up a Makefile.
160 In its simplest form, the value is a string
161 with the name of the build scheme.
162 The value may also take the form of a list
163 of strings, if the build_scheme is to have
164 some options. In this case, the first
165 string in the list is the name of the build
167 Currently recognised build scheme is "unified".
168 For the "unified" build scheme, this item
169 *must* be an array with the first being the
170 word "unified" and the second being a word
171 to identify the platform family.
173 multilib => On systems that support having multiple
174 implementations of a library (typically a
175 32-bit and a 64-bit variant), this is used
176 to have the different variants in different
179 bn_ops => Building options (was just bignum options in
180 the earlier history of this option, hence the
181 name). This is a string of words that describe
182 algorithms' implementation parameters that
183 are optimal for the designated target platform,
184 such as the type of integers used to build up
185 the bignum, different ways to implement certain
186 ciphers and so on. To fully comprehend the
187 meaning, the best is to read the affected
191 THIRTY_TWO_BIT bignum limbs are 32 bits,
192 this is default if no
193 option is specified, it
194 works on any supported
195 system [unless "wider"
196 limb size is implied in
198 BN_LLONG bignum limbs are 32 bits,
199 but 64-bit 'unsigned long
200 long' is used internally
202 SIXTY_FOUR_BIT_LONG bignum limbs are 64 bits
203 and sizeof(long) is 8;
204 SIXTY_FOUR_BIT bignums limbs are 64 bits,
205 but execution environment
207 RC4_CHAR RC4 key schedule is made
208 up of 'unsigned char's;
209 RC4_INT RC4 key schedule is made
210 up of 'unsigned int's;
211 EXPORT_VAR_AS_FN for shared libraries,
215 apps_aux_src => Extra source to build apps/openssl and other
216 apps, as needed by the target and that can be
217 collected in a library.
218 apps_init_src => Init source to build apps/openssl and other
219 apps, as needed by the target. This code
220 cannot be placed in a library, as the rest
221 of the code isn't expected to link to it
223 cpuid_asm_src => assembler implementation of cpuid code as
224 well as OPENSSL_cleanse().
226 bn_asm_src => Assembler implementation of core bignum
229 ec_asm_src => Assembler implementation of core EC
231 des_asm_src => Assembler implementation of core DES
232 encryption functions.
233 Defaults to 'des_enc.c fcrypt_b.c'
234 aes_asm_src => Assembler implementation of core AES
236 Defaults to 'aes_core.c aes_cbc.c'
237 bf_asm_src => Assembler implementation of core BlowFish
239 Defaults to 'bf_enc.c'
240 md5_asm_src => Assembler implementation of core MD5
242 sha1_asm_src => Assembler implementation of core SHA1,
243 functions, and also possibly SHA256 and
245 cast_asm_src => Assembler implementation of core CAST
247 Defaults to 'c_enc.c'
248 rc4_asm_src => Assembler implementation of core RC4
250 Defaults to 'rc4_enc.c rc4_skey.c'
251 rmd160_asm_src => Assembler implementation of core RMD160
253 rc5_asm_src => Assembler implementation of core RC5
255 Defaults to 'rc5_enc.c'
256 wp_asm_src => Assembler implementation of core WHIRLPOOL
258 cmll_asm_src => Assembler implementation of core CAMELLIA
260 Defaults to 'camellia.c cmll_misc.c cmll_cbc.c'
261 modes_asm_src => Assembler implementation of cipher modes,
262 currently the functions gcm_gmult_4bit and
264 padlock_asm_src => Assembler implementation of core parts of
265 the padlock engine. This is mandatory on
266 any platform where the padlock engine might
270 [1] as part of the target configuration, one can have a key called
271 'inherit_from' that indicate what other configurations to inherit
272 data from. These are resolved recursively.
274 Inheritance works as a set of default values that can be overridden
275 by corresponding key values in the inheriting configuration.
277 Note 1: any configuration table can be used as a template.
278 Note 2: pure templates have the attribute 'template => 1' and
279 cannot be used as build targets.
281 If several configurations are given in the 'inherit_from' array,
282 the values of same attribute are concatenated with space
283 separation. With this, it's possible to have several smaller
284 templates for different configuration aspects that can be combined
285 into a complete configuration.
287 instead of a scalar value or an array, a value can be a code block
288 of the form 'sub { /* your code here */ }'. This code block will
289 be called with the list of inherited values for that key as
290 arguments. In fact, the concatenation of strings is really done
291 by using 'sub { join(" ",@_) }' on the list of inherited values.
299 ignored => "This should not appear in the end result",
308 inherit_from => [ "foo", "bar" ],
309 hehe => sub { join(" ",(@_,"!!!")) },
313 The entry for "laughter" will become as follows after processing:
322 [2] OpenSSL is built with threading capabilities unless the user
323 specifies 'no-threads'. The value of the key 'thread_scheme' may
324 be "(unknown)", in which case the user MUST give some compilation
327 [3] OpenSSL has three types of things to link from object files or
330 - shared libraries; that would be libcrypto and libssl.
331 - shared objects (sometimes called dynamic libraries); that would
333 - applications; those are apps/openssl and all the test apps.
335 Very roughly speaking, linking is done like this (words in braces
336 represent the configuration settings documented at the beginning
340 {ld} $(CFLAGS) {shared_ldflag} -shared -o libfoo.so \
341 -Wl,--whole-archive libfoo.a -Wl,--no-whole-archive \
342 {plib_lflags} -lcrypto {ex_libs}
345 {ld} $(CFLAGS) {shared_ldflag} -shared -o libeng.so \
346 blah1.o blah2.o {plib_lflags} -lcrypto {ex_libs}
349 {ld} $(CFLAGS) {lflags} -o app \
350 app1.o utils.o {plib_lflags} -lssl -lcrypto {ex_libs}
353 Historically, the target configurations came in form of a string with
354 values separated by colons. This use is deprecated. The string form
357 "target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:{bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:{bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:{rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:{padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:{shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:{arflags}:{multilib}"
363 The build.info files that are spread over the source tree contain the
364 minimum information needed to build and distribute OpenSSL. It uses a
365 simple and yet fairly powerful language to determine what needs to be
366 built, from what sources, and other relationships between files.
368 For every build.info file, all file references are relative to the
369 directory of the build.info file for source files, and the
370 corresponding build directory for built files if the build tree
371 differs from the source tree.
373 When processed, every line is processed with the perl module
374 Text::Template, using the delimiters "{-" and "-}". The hashes
375 %config and %target are passed to the perl fragments, along with
376 $sourcedir and $builddir, which are the locations of the source
377 directory for the current build.info file and the corresponding build
378 directory, all relative to the top of the build tree.
380 To begin with, things to be built are declared by setting specific
389 Note that the files mentioned for PROGRAMS, LIBS and ENGINES *must* be
390 without extensions. The build file templates will figure them out.
392 For each thing to be built, it is then possible to say what sources
396 SOURCE[foo]=foo.c common.c
397 SOURCE[bar]=bar.c extra.c common.c
399 It's also possible to tell some other dependencies:
401 DEPEND[foo]=libsomething
402 DEPEND[libbar]=libsomethingelse
404 (it could be argued that 'libsomething' and 'libsomethingelse' are
405 source as well. However, the files given through SOURCE are expected
406 to be located in the source tree while files given through DEPEND are
407 expected to be located in the build tree)
409 It's also possible to depend on static libraries explicitly:
411 DEPEND[foo]=libsomething.a
412 DEPEND[libbar]=libsomethingelse.a
414 This should be rarely used, and care should be taken to make sure it's
415 only used when supported. For example, native Windows build doesn't
416 support build static libraries and DLLs at the same time, so using
417 static libraries on Windows can only be done when configured
420 One some platforms, shared libraries come with a name that's different
421 from their static counterpart. That's declared as follows:
423 SHARED_NAME[libfoo]=cygfoo-{- $config{shlibver} -}
425 The example is from Cygwin, which has a required naming convention.
427 Sometimes, it makes sense to rename an output file, for example a
430 RENAME[libfoo]=libbar
432 That lines has "libfoo" get renamed to "libbar". While it makes no
433 sense at all to just have a rename like that (why not just use
434 "libbar" everywhere?), it does make sense when it can be used
435 conditionally. See a little further below for an example.
437 In some cases, it's desirable to include some source files in the
438 shared form of a library only:
440 SHARED_SOURCE[libfoo]=dllmain.c
442 For any file to be built, it's also possible to tell what extra
443 include paths the build of their source files should use:
447 In some cases, one might want to generate some source files from
448 others, that's done as follows:
450 GENERATE[foo.s]=asm/something.pl $(CFLAGS)
451 GENERATE[bar.s]=asm/bar.S
453 The value of each GENERATE line is a command line or part of it.
454 Configure places no rules on the command line, except that the first
455 item must be the generator file. It is, however, entirely up to the
456 build file template to define exactly how those command lines should
457 be handled, how the output is captured and so on.
459 Sometimes, the generator file itself depends on other files, for
460 example if it is a perl script that depends on other perl modules.
461 This can be expressed using DEPEND like this:
463 DEPEND[asm/something.pl]=../perlasm/Foo.pm
465 There may also be cases where the exact file isn't easily specified,
466 but an inclusion directory still needs to be specified. INCLUDE can
467 be used in that case:
469 INCLUDE[asm/something.pl]=../perlasm
471 NOTE: GENERATE lines are limited to one command only per GENERATE.
473 As a last resort, it's possible to have raw build file lines, between
474 BEGINRAW and ENDRAW lines as follows:
476 BEGINRAW[Makefile(unix)]
477 haha.h: {- $builddir -}/Makefile
478 echo "/* haha */" > haha.h
479 ENDRAW[Makefile(unix)]
481 The word within square brackets is the build_file configuration item
482 or the build_file configuration item followed by the second word in the
483 build_scheme configuration item for the configured target within
484 parenthesis as shown above. For example, with the following relevant
487 build_file => "build.ninja"
488 build_scheme => [ "unified", "unix" ]
490 ... these lines will be considered:
492 BEGINRAW[build.ninja]
493 build haha.h: echo "/* haha */" > haha.h
496 BEGINRAW[build.ninja(unix)]
497 build hoho.h: echo "/* hoho */" > hoho.h
498 ENDRAW[build.ninja(unix)]
500 Should it be needed because the recipes within a RAW section might
501 clash with those generated by Configure, it's possible to tell it
502 not to generate them with the use of OVERRIDES, for example:
504 SOURCE[libfoo]=foo.c bar.c
507 BEGINRAW[Makefile(unix)]
509 $(CC) $(CFLAGS) -DSPECIAL -c -o $@ $<
510 ENDRAW[Makefile(unix)]
512 See the documentation further up for more information on configuration
515 Finally, you can have some simple conditional use of the build.info
516 information, looking like this:
526 The expression in square brackets is interpreted as a string in perl,
527 and will be seen as true if perl thinks it is, otherwise false. For
528 example, the above would have "something" used, since 1 is true.
530 Together with the use of Text::Template, this can be used as
531 conditions based on something in the passed variables, for example:
533 IF[{- $disabled{shared} -}]
535 SOURCE[libcrypto]=...
543 # VMS has a cultural standard where all libraries are prefixed.
544 # For OpenSSL, the choice is 'ossl_'
545 IF[{- $config{target} =~ /^vms/ -}]
546 RENAME[libcrypto]=ossl_libcrypto
547 RENAME[libssl]=ossl_libssl
551 Build-file programming with the "unified" build system
552 ======================================================
554 "Build files" are called "Makefile" on Unix-like operating systems,
555 "descrip.mms" for MMS on VMS, "makefile" for nmake on Windows, etc.
557 To use the "unified" build system, the target configuration needs to
558 set the three items 'build_scheme', 'build_file' and 'build_command'.
559 In the rest of this section, we will assume that 'build_scheme' is set
560 to "unified" (see the configurations documentation above for the
563 For any name given by 'build_file', the "unified" system expects a
564 template file in Configurations/ named like the build file, with
565 ".tmpl" appended, or in case of possible ambiguity, a combination of
566 the second 'build_scheme' list item and the 'build_file' name. For
567 example, if 'build_file' is set to "Makefile", the template could be
568 Configurations/Makefile.tmpl or Configurations/unix-Makefile.tmpl.
569 In case both Configurations/unix-Makefile.tmpl and
570 Configurations/Makefile.tmpl are present, the former takes
573 The build-file template is processed with the perl module
574 Text::Template, using "{-" and "-}" as delimiters that enclose the
575 perl code fragments that generate configuration-dependent content.
576 Those perl fragments have access to all the hash variables from
579 The build-file template is expected to define at least the following
580 perl functions in a perl code fragment enclosed with "{-" and "-}".
581 They are all expected to return a string with the lines they produce.
583 generatesrc - function that produces build file lines to generate
584 a source file from some input.
586 It's called like this:
588 generatesrc(src => "PATH/TO/tobegenerated",
589 generator => [ "generatingfile", ... ]
590 generator_incs => [ "INCL/PATH", ... ]
591 generator_deps => [ "dep1", ... ]
592 generator => [ "generatingfile", ... ]
593 incs => [ "INCL/PATH", ... ],
594 deps => [ "dep1", ... ],
595 intent => one of "libs", "dso", "bin" );
597 'src' has the name of the file to be generated.
598 'generator' is the command or part of command to
599 generate the file, of which the first item is
600 expected to be the file to generate from.
601 generatesrc() is expected to analyse and figure out
602 exactly how to apply that file and how to capture
603 the result. 'generator_incs' and 'generator_deps'
604 are include directories and files that the generator
605 file itself depends on. 'incs' and 'deps' are
606 include directories and files that are used if $(CC)
607 is used as an intermediary step when generating the
608 end product (the file indicated by 'src'). 'intent'
609 indicates what the generated file is going to be
612 src2obj - function that produces build file lines to build an
613 object file from source files and associated data.
615 It's called like this:
617 src2obj(obj => "PATH/TO/objectfile",
618 srcs => [ "PATH/TO/sourcefile", ... ],
619 deps => [ "dep1", ... ],
620 incs => [ "INCL/PATH", ... ]
621 intent => one of "lib", "dso", "bin" );
623 'obj' has the intended object file *without*
624 extension, src2obj() is expected to add that.
625 'srcs' has the list of source files to build the
626 object file, with the first item being the source
627 file that directly corresponds to the object file.
628 'deps' is a list of explicit dependencies. 'incs'
629 is a list of include file directories. Finally,
630 'intent' indicates what this object file is going
633 obj2lib - function that produces build file lines to build a
634 static library file ("libfoo.a" in Unix terms) from
639 obj2lib(lib => "PATH/TO/libfile",
640 objs => [ "PATH/TO/objectfile", ... ]);
642 'lib' has the intended library file name *without*
643 extension, obj2lib is expected to add that. 'objs'
644 has the list of object files (also *without*
645 extension) to build this library.
647 libobj2shlib - function that produces build file lines to build a
648 shareable object library file ("libfoo.so" in Unix
649 terms) from the corresponding static library file
654 libobj2shlib(shlib => "PATH/TO/shlibfile",
655 lib => "PATH/TO/libfile",
656 objs => [ "PATH/TO/objectfile", ... ],
657 deps => [ "PATH/TO/otherlibfile", ... ]);
659 'lib' has the intended library file name *without*
660 extension, libobj2shlib is expected to add that.
661 'shlib' has the corresponding shared library name
662 *without* extension. 'deps' has the list of other
663 libraries (also *without* extension) this library
664 needs to be linked with. 'objs' has the list of
665 object files (also *without* extension) to build
668 This function has a choice; it can use the
669 corresponding static library as input to make the
670 shared library, or the list of object files.
672 obj2dso - function that produces build file lines to build a
673 dynamic shared object file from object files.
677 obj2dso(lib => "PATH/TO/libfile",
678 objs => [ "PATH/TO/objectfile", ... ],
679 deps => [ "PATH/TO/otherlibfile",
682 This is almost the same as libobj2shlib, but the
683 intent is to build a shareable library that can be
684 loaded in runtime (a "plugin"...). The differences
685 are subtle, one of the most visible ones is that the
686 resulting shareable library is produced from object
689 obj2bin - function that produces build file lines to build an
690 executable file from object files.
694 obj2bin(bin => "PATH/TO/binfile",
695 objs => [ "PATH/TO/objectfile", ... ],
696 deps => [ "PATH/TO/libfile", ... ]);
698 'bin' has the intended executable file name
699 *without* extension, obj2bin is expected to add
700 that. 'objs' has the list of object files (also
701 *without* extension) to build this library. 'deps'
702 has the list of library files (also *without*
703 extension) that the programs needs to be linked
706 in2script - function that produces build file lines to build a
707 script file from some input.
711 in2script(script => "PATH/TO/scriptfile",
712 sources => [ "PATH/TO/infile", ... ]);
714 'script' has the intended script file name.
715 'sources' has the list of source files to build the
716 resulting script from.
718 In all cases, file file paths are relative to the build tree top, and
719 the build file actions run with the build tree top as current working
722 Make sure to end the section with these functions with a string that
723 you thing is appropriate for the resulting build file. If nothing
724 else, end it like this:
726 ""; # Make sure no lingering values end up in the Makefile
730 Configure helper scripts
731 ========================
733 Configure uses helper scripts in this directory:
738 These scripts are per platform family, to check the integrity of the
739 tools used for configuration and building. The checker script used is
740 either {build_platform}-{build_file}-checker.pm or
741 {build_platform}-checker.pm, where {build_platform} is the second
742 'build_scheme' list element from the configuration target data, and
743 {build_file} is 'build_file' from the same target data.
745 If the check succeeds, the script is expected to end with a non-zero
746 expression. If the check fails, the script can end with a zero, or