4 This directory contains a few sets of files that are used for
5 configuration in diverse ways:
7 *.conf Target platform configurations, please read
8 'Configurations of OpenSSL target platforms' for more
10 *.tmpl Build file templates, please read 'Build-file
11 programming with the "unified" build system' as well
12 as 'Build info files' for more information.
13 *.pm Helper scripts / modules for the main `Configure`
14 script. See 'Configure helper scripts for more
18 Configurations of OpenSSL target platforms
19 ==========================================
21 Configuration targets are a collection of facts that we know about
22 different platforms and their capabilities. We organise them in a
23 hash table, where each entry represent a specific target.
25 Note that configuration target names must be unique across all config
26 files. The Configure script does check that a config file doesn't
27 have config targets that shadow config targets from other files.
29 In each table entry, the following keys are significant:
31 inherit_from => Other targets to inherit values from.
32 Explained further below. [1]
33 template => Set to 1 if this isn't really a platform
34 target. Instead, this target is a template
35 upon which other targets can be built.
36 Explained further below. [1]
38 sys_id => System identity for systems where that
39 is difficult to determine automatically.
41 enable => Enable specific configuration features.
42 This MUST be an array of words.
43 disable => Disable specific configuration features.
44 This MUST be an array of words.
45 Note: if the same feature is both enabled
46 and disabled, disable wins.
48 cpp => The C preprocessor command, normally not
49 given, as the build file defaults are
51 cppflags => The C preprocessor flags.
52 defines => As an alternative, macro definitions may be
53 given here instead of in `cppflags'. If
54 given here, they MUST be as an array of the
55 string such as "MACRO=value", or just
56 "MACRO" for definitions without value.
57 includes => As an alternative, inclusion directories
58 may be given here instead of in `cppflags'.
59 If given here, the MUST be an array of
60 strings, one directory specification each.
61 cc => The C compiler command, usually one of "cc",
62 "gcc" or "clang". This command is normally
63 also used to link object files and
64 libraries into the final program.
65 cxx => The C++ compiler command, usually one of
66 "c++", "g++" or "clang++". This command is
67 also used when linking a program where at
68 least one of the object file is made from
70 cflags => Flags that are used at all times when
71 compiling C object files.
72 cxxflags => Flags that are used at all times when
73 compiling C++ object files. If unset, it
74 gets the same value as cflags.
75 shared_cflag => Extra compilation flags used when
76 compiling for shared libraries, typically
77 something like "-fPIC".
79 (linking is a complex thing, see [3] below)
80 ld => Linker command, usually not defined
81 (meaning the compiler command is used
83 (NOTE: this is here for future use, it's
85 lflags => Flags that are used when linking apps.
86 shared_ldflag => Flags that are used when linking shared
88 plib_lflags => Extra linking flags to appear just before
89 the libraries on the command line.
90 ex_libs => Extra libraries that are needed when
93 ar => The library archive command, the default is
95 (NOTE: this is here for future use, it's
97 arflags => Flags to be used with the library archive
98 command. On Unix, this includes the
99 command letter, 'r' by default.
101 ranlib => The library archive indexing command, the
102 default is 'ranlib' it it exists.
104 unistd => An alternative header to the typical
105 '<unistd.h>'. This is very rarely needed.
107 shared_extension => File name extension used for shared
109 obj_extension => File name extension used for object files.
110 On unix, this defaults to ".o" (NOTE: this
111 is here for future use, it's not
113 exe_extension => File name extension used for executable
114 files. On unix, this defaults to "" (NOTE:
115 this is here for future use, it's not
117 shlib_variant => A "variant" identifier inserted between the base
118 shared library name and the extension. On "unixy"
119 platforms (BSD, Linux, Solaris, MacOS/X, ...) this
120 supports installation of custom OpenSSL libraries
121 that don't conflict with other builds of OpenSSL
122 installed on the system. The variant identifier
123 becomes part of the SONAME of the library and also
124 any symbol versions (symbol versions are not used or
125 needed with MacOS/X). For example, on a system
126 where a default build would normally create the SSL
127 shared library as 'libssl.so -> libssl.so.1.1' with
128 the value of the symlink as the SONAME, a target
129 definition that sets 'shlib_variant => "-abc"' will
130 create 'libssl.so -> libssl-abc.so.1.1', again with
131 an SONAME equal to the value of the symlink. The
132 symbol versions associated with the variant library
133 would then be 'OPENSSL_ABC_<version>' rather than
134 the default 'OPENSSL_<version>'. The string inserted
135 into symbol versions is obtained by mapping all
136 letters in the "variant" identifier to upper case
137 and all non-alphanumeric characters to '_'.
139 thread_scheme => The type of threads is used on the
140 configured platform. Currently known
141 values are "(unknown)", "pthreads",
142 "uithreads" (a.k.a solaris threads) and
143 "winthreads". Except for "(unknown)", the
144 actual value is currently ignored but may
145 be used in the future. See further notes
147 dso_scheme => The type of dynamic shared objects to build
148 for. This mostly comes into play with
149 engines, but can be used for other purposes
150 as well. Valid values are "DLFCN"
151 (dlopen() et al), "DLFCN_NO_H" (for systems
152 that use dlopen() et al but do not have
153 fcntl.h), "DL" (shl_load() et al), "WIN32"
155 perlasm_scheme => The perlasm method used to created the
156 assembler files used when compiling with
157 assembler implementations.
158 shared_target => The shared library building method used.
159 This is a target found in Makefile.shared.
160 build_scheme => The scheme used to build up a Makefile.
161 In its simplest form, the value is a string
162 with the name of the build scheme.
163 The value may also take the form of a list
164 of strings, if the build_scheme is to have
165 some options. In this case, the first
166 string in the list is the name of the build
168 Currently recognised build scheme is "unified".
169 For the "unified" build scheme, this item
170 *must* be an array with the first being the
171 word "unified" and the second being a word
172 to identify the platform family.
174 multilib => On systems that support having multiple
175 implementations of a library (typically a
176 32-bit and a 64-bit variant), this is used
177 to have the different variants in different
180 bn_ops => Building options (was just bignum options in
181 the earlier history of this option, hence the
182 name). This is a string of words that describe
183 algorithms' implementation parameters that
184 are optimal for the designated target platform,
185 such as the type of integers used to build up
186 the bignum, different ways to implement certain
187 ciphers and so on. To fully comprehend the
188 meaning, the best is to read the affected
192 THIRTY_TWO_BIT bignum limbs are 32 bits,
193 this is default if no
194 option is specified, it
195 works on any supported
196 system [unless "wider"
197 limb size is implied in
199 BN_LLONG bignum limbs are 32 bits,
200 but 64-bit 'unsigned long
201 long' is used internally
203 SIXTY_FOUR_BIT_LONG bignum limbs are 64 bits
204 and sizeof(long) is 8;
205 SIXTY_FOUR_BIT bignums limbs are 64 bits,
206 but execution environment
208 RC4_CHAR RC4 key schedule is made
209 up of 'unsigned char's;
210 RC4_INT RC4 key schedule is made
211 up of 'unsigned int's;
212 EXPORT_VAR_AS_FN for shared libraries,
216 apps_aux_src => Extra source to build apps/openssl and other
217 apps, as needed by the target and that can be
218 collected in a library.
219 apps_init_src => Init source to build apps/openssl and other
220 apps, as needed by the target. This code
221 cannot be placed in a library, as the rest
222 of the code isn't expected to link to it
224 cpuid_asm_src => assembler implementation of cpuid code as
225 well as OPENSSL_cleanse().
227 bn_asm_src => Assembler implementation of core bignum
230 ec_asm_src => Assembler implementation of core EC
232 des_asm_src => Assembler implementation of core DES
233 encryption functions.
234 Defaults to 'des_enc.c fcrypt_b.c'
235 aes_asm_src => Assembler implementation of core AES
237 Defaults to 'aes_core.c aes_cbc.c'
238 bf_asm_src => Assembler implementation of core BlowFish
240 Defaults to 'bf_enc.c'
241 md5_asm_src => Assembler implementation of core MD5
243 sha1_asm_src => Assembler implementation of core SHA1,
244 functions, and also possibly SHA256 and
246 cast_asm_src => Assembler implementation of core CAST
248 Defaults to 'c_enc.c'
249 rc4_asm_src => Assembler implementation of core RC4
251 Defaults to 'rc4_enc.c rc4_skey.c'
252 rmd160_asm_src => Assembler implementation of core RMD160
254 rc5_asm_src => Assembler implementation of core RC5
256 Defaults to 'rc5_enc.c'
257 wp_asm_src => Assembler implementation of core WHIRLPOOL
259 cmll_asm_src => Assembler implementation of core CAMELLIA
261 Defaults to 'camellia.c cmll_misc.c cmll_cbc.c'
262 modes_asm_src => Assembler implementation of cipher modes,
263 currently the functions gcm_gmult_4bit and
265 padlock_asm_src => Assembler implementation of core parts of
266 the padlock engine. This is mandatory on
267 any platform where the padlock engine might
271 [1] as part of the target configuration, one can have a key called
272 'inherit_from' that indicate what other configurations to inherit
273 data from. These are resolved recursively.
275 Inheritance works as a set of default values that can be overridden
276 by corresponding key values in the inheriting configuration.
278 Note 1: any configuration table can be used as a template.
279 Note 2: pure templates have the attribute 'template => 1' and
280 cannot be used as build targets.
282 If several configurations are given in the 'inherit_from' array,
283 the values of same attribute are concatenated with space
284 separation. With this, it's possible to have several smaller
285 templates for different configuration aspects that can be combined
286 into a complete configuration.
288 instead of a scalar value or an array, a value can be a code block
289 of the form 'sub { /* your code here */ }'. This code block will
290 be called with the list of inherited values for that key as
291 arguments. In fact, the concatenation of strings is really done
292 by using 'sub { join(" ",@_) }' on the list of inherited values.
300 ignored => "This should not appear in the end result",
309 inherit_from => [ "foo", "bar" ],
310 hehe => sub { join(" ",(@_,"!!!")) },
314 The entry for "laughter" will become as follows after processing:
323 [2] OpenSSL is built with threading capabilities unless the user
324 specifies 'no-threads'. The value of the key 'thread_scheme' may
325 be "(unknown)", in which case the user MUST give some compilation
328 [3] OpenSSL has three types of things to link from object files or
331 - shared libraries; that would be libcrypto and libssl.
332 - shared objects (sometimes called dynamic libraries); that would
334 - applications; those are apps/openssl and all the test apps.
336 Very roughly speaking, linking is done like this (words in braces
337 represent the configuration settings documented at the beginning
341 {ld} $(CFLAGS) {shared_ldflag} -shared -o libfoo.so \
342 -Wl,--whole-archive libfoo.a -Wl,--no-whole-archive \
343 {plib_lflags} -lcrypto {ex_libs}
346 {ld} $(CFLAGS) {shared_ldflag} -shared -o libeng.so \
347 blah1.o blah2.o {plib_lflags} -lcrypto {ex_libs}
350 {ld} $(CFLAGS) {lflags} -o app \
351 app1.o utils.o {plib_lflags} -lssl -lcrypto {ex_libs}
354 Historically, the target configurations came in form of a string with
355 values separated by colons. This use is deprecated. The string form
358 "target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:{bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:{bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:{rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:{padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:{shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:{arflags}:{multilib}"
364 The build.info files that are spread over the source tree contain the
365 minimum information needed to build and distribute OpenSSL. It uses a
366 simple and yet fairly powerful language to determine what needs to be
367 built, from what sources, and other relationships between files.
369 For every build.info file, all file references are relative to the
370 directory of the build.info file for source files, and the
371 corresponding build directory for built files if the build tree
372 differs from the source tree.
374 When processed, every line is processed with the perl module
375 Text::Template, using the delimiters "{-" and "-}". The hashes
376 %config and %target are passed to the perl fragments, along with
377 $sourcedir and $builddir, which are the locations of the source
378 directory for the current build.info file and the corresponding build
379 directory, all relative to the top of the build tree.
381 To begin with, things to be built are declared by setting specific
390 Note that the files mentioned for PROGRAMS, LIBS and ENGINES *must* be
391 without extensions. The build file templates will figure them out.
393 For each thing to be built, it is then possible to say what sources
397 SOURCE[foo]=foo.c common.c
398 SOURCE[bar]=bar.c extra.c common.c
400 It's also possible to tell some other dependencies:
402 DEPEND[foo]=libsomething
403 DEPEND[libbar]=libsomethingelse
405 (it could be argued that 'libsomething' and 'libsomethingelse' are
406 source as well. However, the files given through SOURCE are expected
407 to be located in the source tree while files given through DEPEND are
408 expected to be located in the build tree)
410 It's also possible to depend on static libraries explicitly:
412 DEPEND[foo]=libsomething.a
413 DEPEND[libbar]=libsomethingelse.a
415 This should be rarely used, and care should be taken to make sure it's
416 only used when supported. For example, native Windows build doesn't
417 support build static libraries and DLLs at the same time, so using
418 static libraries on Windows can only be done when configured
421 One some platforms, shared libraries come with a name that's different
422 from their static counterpart. That's declared as follows:
424 SHARED_NAME[libfoo]=cygfoo-{- $config{shlibver} -}
426 The example is from Cygwin, which has a required naming convention.
428 Sometimes, it makes sense to rename an output file, for example a
431 RENAME[libfoo]=libbar
433 That lines has "libfoo" get renamed to "libbar". While it makes no
434 sense at all to just have a rename like that (why not just use
435 "libbar" everywhere?), it does make sense when it can be used
436 conditionally. See a little further below for an example.
438 In some cases, it's desirable to include some source files in the
439 shared form of a library only:
441 SHARED_SOURCE[libfoo]=dllmain.c
443 For any file to be built, it's also possible to tell what extra
444 include paths the build of their source files should use:
448 In some cases, one might want to generate some source files from
449 others, that's done as follows:
451 GENERATE[foo.s]=asm/something.pl $(CFLAGS)
452 GENERATE[bar.s]=asm/bar.S
454 The value of each GENERATE line is a command line or part of it.
455 Configure places no rules on the command line, except that the first
456 item must be the generator file. It is, however, entirely up to the
457 build file template to define exactly how those command lines should
458 be handled, how the output is captured and so on.
460 Sometimes, the generator file itself depends on other files, for
461 example if it is a perl script that depends on other perl modules.
462 This can be expressed using DEPEND like this:
464 DEPEND[asm/something.pl]=../perlasm/Foo.pm
466 There may also be cases where the exact file isn't easily specified,
467 but an inclusion directory still needs to be specified. INCLUDE can
468 be used in that case:
470 INCLUDE[asm/something.pl]=../perlasm
472 NOTE: GENERATE lines are limited to one command only per GENERATE.
474 As a last resort, it's possible to have raw build file lines, between
475 BEGINRAW and ENDRAW lines as follows:
477 BEGINRAW[Makefile(unix)]
478 haha.h: {- $builddir -}/Makefile
479 echo "/* haha */" > haha.h
480 ENDRAW[Makefile(unix)]
482 The word within square brackets is the build_file configuration item
483 or the build_file configuration item followed by the second word in the
484 build_scheme configuration item for the configured target within
485 parenthesis as shown above. For example, with the following relevant
488 build_file => "build.ninja"
489 build_scheme => [ "unified", "unix" ]
491 ... these lines will be considered:
493 BEGINRAW[build.ninja]
494 build haha.h: echo "/* haha */" > haha.h
497 BEGINRAW[build.ninja(unix)]
498 build hoho.h: echo "/* hoho */" > hoho.h
499 ENDRAW[build.ninja(unix)]
501 Should it be needed because the recipes within a RAW section might
502 clash with those generated by Configure, it's possible to tell it
503 not to generate them with the use of OVERRIDES, for example:
505 SOURCE[libfoo]=foo.c bar.c
508 BEGINRAW[Makefile(unix)]
510 $(CC) $(CFLAGS) -DSPECIAL -c -o $@ $<
511 ENDRAW[Makefile(unix)]
513 See the documentation further up for more information on configuration
516 Finally, you can have some simple conditional use of the build.info
517 information, looking like this:
527 The expression in square brackets is interpreted as a string in perl,
528 and will be seen as true if perl thinks it is, otherwise false. For
529 example, the above would have "something" used, since 1 is true.
531 Together with the use of Text::Template, this can be used as
532 conditions based on something in the passed variables, for example:
534 IF[{- $disabled{shared} -}]
536 SOURCE[libcrypto]=...
544 # VMS has a cultural standard where all libraries are prefixed.
545 # For OpenSSL, the choice is 'ossl_'
546 IF[{- $config{target} =~ /^vms/ -}]
547 RENAME[libcrypto]=ossl_libcrypto
548 RENAME[libssl]=ossl_libssl
552 Build-file programming with the "unified" build system
553 ======================================================
555 "Build files" are called "Makefile" on Unix-like operating systems,
556 "descrip.mms" for MMS on VMS, "makefile" for nmake on Windows, etc.
558 To use the "unified" build system, the target configuration needs to
559 set the three items 'build_scheme', 'build_file' and 'build_command'.
560 In the rest of this section, we will assume that 'build_scheme' is set
561 to "unified" (see the configurations documentation above for the
564 For any name given by 'build_file', the "unified" system expects a
565 template file in Configurations/ named like the build file, with
566 ".tmpl" appended, or in case of possible ambiguity, a combination of
567 the second 'build_scheme' list item and the 'build_file' name. For
568 example, if 'build_file' is set to "Makefile", the template could be
569 Configurations/Makefile.tmpl or Configurations/unix-Makefile.tmpl.
570 In case both Configurations/unix-Makefile.tmpl and
571 Configurations/Makefile.tmpl are present, the former takes
574 The build-file template is processed with the perl module
575 Text::Template, using "{-" and "-}" as delimiters that enclose the
576 perl code fragments that generate configuration-dependent content.
577 Those perl fragments have access to all the hash variables from
580 The build-file template is expected to define at least the following
581 perl functions in a perl code fragment enclosed with "{-" and "-}".
582 They are all expected to return a string with the lines they produce.
584 generatesrc - function that produces build file lines to generate
585 a source file from some input.
587 It's called like this:
589 generatesrc(src => "PATH/TO/tobegenerated",
590 generator => [ "generatingfile", ... ]
591 generator_incs => [ "INCL/PATH", ... ]
592 generator_deps => [ "dep1", ... ]
593 generator => [ "generatingfile", ... ]
594 incs => [ "INCL/PATH", ... ],
595 deps => [ "dep1", ... ],
596 intent => one of "libs", "dso", "bin" );
598 'src' has the name of the file to be generated.
599 'generator' is the command or part of command to
600 generate the file, of which the first item is
601 expected to be the file to generate from.
602 generatesrc() is expected to analyse and figure out
603 exactly how to apply that file and how to capture
604 the result. 'generator_incs' and 'generator_deps'
605 are include directories and files that the generator
606 file itself depends on. 'incs' and 'deps' are
607 include directories and files that are used if $(CC)
608 is used as an intermediary step when generating the
609 end product (the file indicated by 'src'). 'intent'
610 indicates what the generated file is going to be
613 src2obj - function that produces build file lines to build an
614 object file from source files and associated data.
616 It's called like this:
618 src2obj(obj => "PATH/TO/objectfile",
619 srcs => [ "PATH/TO/sourcefile", ... ],
620 deps => [ "dep1", ... ],
621 incs => [ "INCL/PATH", ... ]
622 intent => one of "lib", "dso", "bin" );
624 'obj' has the intended object file *without*
625 extension, src2obj() is expected to add that.
626 'srcs' has the list of source files to build the
627 object file, with the first item being the source
628 file that directly corresponds to the object file.
629 'deps' is a list of explicit dependencies. 'incs'
630 is a list of include file directories. Finally,
631 'intent' indicates what this object file is going
634 obj2lib - function that produces build file lines to build a
635 static library file ("libfoo.a" in Unix terms) from
640 obj2lib(lib => "PATH/TO/libfile",
641 objs => [ "PATH/TO/objectfile", ... ]);
643 'lib' has the intended library file name *without*
644 extension, obj2lib is expected to add that. 'objs'
645 has the list of object files (also *without*
646 extension) to build this library.
648 libobj2shlib - function that produces build file lines to build a
649 shareable object library file ("libfoo.so" in Unix
650 terms) from the corresponding static library file
655 libobj2shlib(shlib => "PATH/TO/shlibfile",
656 lib => "PATH/TO/libfile",
657 objs => [ "PATH/TO/objectfile", ... ],
658 deps => [ "PATH/TO/otherlibfile", ... ]);
660 'lib' has the intended library file name *without*
661 extension, libobj2shlib is expected to add that.
662 'shlib' has the corresponding shared library name
663 *without* extension. 'deps' has the list of other
664 libraries (also *without* extension) this library
665 needs to be linked with. 'objs' has the list of
666 object files (also *without* extension) to build
669 This function has a choice; it can use the
670 corresponding static library as input to make the
671 shared library, or the list of object files.
673 obj2dso - function that produces build file lines to build a
674 dynamic shared object file from object files.
678 obj2dso(lib => "PATH/TO/libfile",
679 objs => [ "PATH/TO/objectfile", ... ],
680 deps => [ "PATH/TO/otherlibfile",
683 This is almost the same as libobj2shlib, but the
684 intent is to build a shareable library that can be
685 loaded in runtime (a "plugin"...). The differences
686 are subtle, one of the most visible ones is that the
687 resulting shareable library is produced from object
690 obj2bin - function that produces build file lines to build an
691 executable file from object files.
695 obj2bin(bin => "PATH/TO/binfile",
696 objs => [ "PATH/TO/objectfile", ... ],
697 deps => [ "PATH/TO/libfile", ... ]);
699 'bin' has the intended executable file name
700 *without* extension, obj2bin is expected to add
701 that. 'objs' has the list of object files (also
702 *without* extension) to build this library. 'deps'
703 has the list of library files (also *without*
704 extension) that the programs needs to be linked
707 in2script - function that produces build file lines to build a
708 script file from some input.
712 in2script(script => "PATH/TO/scriptfile",
713 sources => [ "PATH/TO/infile", ... ]);
715 'script' has the intended script file name.
716 'sources' has the list of source files to build the
717 resulting script from.
719 In all cases, file file paths are relative to the build tree top, and
720 the build file actions run with the build tree top as current working
723 Make sure to end the section with these functions with a string that
724 you thing is appropriate for the resulting build file. If nothing
725 else, end it like this:
727 ""; # Make sure no lingering values end up in the Makefile
731 Configure helper scripts
732 ========================
734 Configure uses helper scripts in this directory:
739 These scripts are per platform family, to check the integrity of the
740 tools used for configuration and building. The checker script used is
741 either {build_platform}-{build_file}-checker.pm or
742 {build_platform}-checker.pm, where {build_platform} is the second
743 'build_scheme' list element from the configuration target data, and
744 {build_file} is 'build_file' from the same target data.
746 If the check succeeds, the script is expected to end with a non-zero
747 expression. If the check fails, the script can end with a zero, or
projects / openssl.git / blob