4 This directory contains a few sets of files that are used for
5 configuration in diverse ways:
7 *.conf Target platform configurations, please read
8 'Configurations of OpenSSL target platforms' for more
10 *.tmpl Build file templates, please read 'Build-file
11 programming with the "unified" build system' as well
12 as 'Build info files' for more information.
13 *.pm Helper scripts / modules for the main `Configure`
14 script. See 'Configure helper scripts for more
18 Configurations of OpenSSL target platforms
19 ==========================================
21 Configuration targets are a collection of facts that we know about
22 different platforms and their capabilities. We organise them in a
23 hash table, where each entry represent a specific target.
25 Note that configuration target names must be unique across all config
26 files. The Configure script does check that a config file doesn't
27 have config targets that shadow config targets from other files.
29 In each table entry, the following keys are significant:
31 inherit_from => Other targets to inherit values from.
32 Explained further below. [1]
33 template => Set to 1 if this isn't really a platform
34 target. Instead, this target is a template
35 upon which other targets can be built.
36 Explained further below. [1]
38 sys_id => System identity for systems where that
39 is difficult to determine automatically.
41 enable => Enable specific configuration features.
42 This MUST be an array of words.
43 disable => Disable specific configuration features.
44 This MUST be an array of words.
45 Note: if the same feature is both enabled
46 and disabled, disable wins.
48 cc => The C compiler command, usually one of "cc",
49 "gcc" or "clang". This command is normally
50 also used to link object files and
51 libraries into the final program.
52 cxx => The C++ compiler command, usually one of
53 "c++", "g++" or "clang++". This command is
54 also used when linking a program where at
55 least one of the object file is made from
57 cflags => Flags that are used at all times when
58 compiling C object files.
59 cxxflags => Flags that are used at all times when
60 compiling C++ object files. If unset, it
61 gets the same value as cflags.
62 defines => As an alternative, macro definitions may be
63 present here instead of in `cflags'. If
64 given here, they MUST be as an array of the
65 string such as "MACRO=value", or just
66 "MACRO" for definitions without value.
67 shared_cflag => Extra compilation flags used when
68 compiling for shared libraries, typically
69 something like "-fPIC".
71 (linking is a complex thing, see [3] below)
72 ld => Linker command, usually not defined
73 (meaning the compiler command is used
75 (NOTE: this is here for future use, it's
77 lflags => Flags that are used when linking apps.
78 shared_ldflag => Flags that are used when linking shared
80 plib_lflags => Extra linking flags to appear just before
81 the libraries on the command line.
82 ex_libs => Extra libraries that are needed when
85 ar => The library archive command, the default is
87 (NOTE: this is here for future use, it's
89 arflags => Flags to be used with the library archive
92 ranlib => The library archive indexing command, the
93 default is 'ranlib' it it exists.
95 unistd => An alternative header to the typical
96 '<unistd.h>'. This is very rarely needed.
98 shared_extension => File name extension used for shared
100 obj_extension => File name extension used for object files.
101 On unix, this defaults to ".o" (NOTE: this
102 is here for future use, it's not
104 exe_extension => File name extension used for executable
105 files. On unix, this defaults to "" (NOTE:
106 this is here for future use, it's not
108 shlib_variant => A "variant" identifier inserted between the base
109 shared library name and the extension. On "unixy"
110 platforms (BSD, Linux, Solaris, MacOS/X, ...) this
111 supports installation of custom OpenSSL libraries
112 that don't conflict with other builds of OpenSSL
113 installed on the system. The variant identifier
114 becomes part of the SONAME of the library and also
115 any symbol versions (symbol versions are not used or
116 needed with MacOS/X). For example, on a system
117 where a default build would normally create the SSL
118 shared library as 'libssl.so -> libssl.so.1.1' with
119 the value of the symlink as the SONAME, a target
120 definition that sets 'shlib_variant => "-abc"' will
121 create 'libssl.so -> libssl-abc.so.1.1', again with
122 an SONAME equal to the value of the symlink. The
123 symbol versions associated with the variant library
124 would then be 'OPENSSL_ABC_<version>' rather than
125 the default 'OPENSSL_<version>'. The string inserted
126 into symbol versions is obtained by mapping all
127 letters in the "variant" identifier to upper case
128 and all non-alphanumeric characters to '_'.
130 thread_scheme => The type of threads is used on the
131 configured platform. Currently known
132 values are "(unknown)", "pthreads",
133 "uithreads" (a.k.a solaris threads) and
134 "winthreads". Except for "(unknown)", the
135 actual value is currently ignored but may
136 be used in the future. See further notes
138 dso_scheme => The type of dynamic shared objects to build
139 for. This mostly comes into play with
140 engines, but can be used for other purposes
141 as well. Valid values are "DLFCN"
142 (dlopen() et al), "DLFCN_NO_H" (for systems
143 that use dlopen() et al but do not have
144 fcntl.h), "DL" (shl_load() et al), "WIN32"
146 perlasm_scheme => The perlasm method used to created the
147 assembler files used when compiling with
148 assembler implementations.
149 shared_target => The shared library building method used.
150 This is a target found in Makefile.shared.
151 build_scheme => The scheme used to build up a Makefile.
152 In its simplest form, the value is a string
153 with the name of the build scheme.
154 The value may also take the form of a list
155 of strings, if the build_scheme is to have
156 some options. In this case, the first
157 string in the list is the name of the build
159 Currently recognised build scheme is "unified".
160 For the "unified" build scheme, this item
161 *must* be an array with the first being the
162 word "unified" and the second being a word
163 to identify the platform family.
165 multilib => On systems that support having multiple
166 implementations of a library (typically a
167 32-bit and a 64-bit variant), this is used
168 to have the different variants in different
171 bn_ops => Building options (was just bignum options in
172 the earlier history of this option, hence the
173 name). This is a string of words that describe
174 algorithms' implementation parameters that
175 are optimal for the designated target platform,
176 such as the type of integers used to build up
177 the bignum, different ways to implement certain
178 ciphers and so on. To fully comprehend the
179 meaning, the best is to read the affected
183 THIRTY_TWO_BIT bignum limbs are 32 bits,
184 this is default if no
185 option is specified, it
186 works on any supported
187 system [unless "wider"
188 limb size is implied in
190 BN_LLONG bignum limbs are 32 bits,
191 but 64-bit 'unsigned long
192 long' is used internally
194 SIXTY_FOUR_BIT_LONG bignum limbs are 64 bits
195 and sizeof(long) is 8;
196 SIXTY_FOUR_BIT bignums limbs are 64 bits,
197 but execution environment
199 RC4_CHAR RC4 key schedule is made
200 up of 'unsigned char's;
201 RC4_INT RC4 key schedule is made
202 up of 'unsigned int's;
203 EXPORT_VAR_AS_FN for shared libraries,
207 apps_extra_src => Extra source to build apps/openssl, as
208 needed by the target.
209 cpuid_asm_src => assembler implementation of cpuid code as
210 well as OPENSSL_cleanse().
212 bn_asm_src => Assembler implementation of core bignum
215 ec_asm_src => Assembler implementation of core EC
217 des_asm_src => Assembler implementation of core DES
218 encryption functions.
219 Defaults to 'des_enc.c fcrypt_b.c'
220 aes_asm_src => Assembler implementation of core AES
222 Defaults to 'aes_core.c aes_cbc.c'
223 bf_asm_src => Assembler implementation of core BlowFish
225 Defaults to 'bf_enc.c'
226 md5_asm_src => Assembler implementation of core MD5
228 sha1_asm_src => Assembler implementation of core SHA1,
229 functions, and also possibly SHA256 and
231 cast_asm_src => Assembler implementation of core CAST
233 Defaults to 'c_enc.c'
234 rc4_asm_src => Assembler implementation of core RC4
236 Defaults to 'rc4_enc.c rc4_skey.c'
237 rmd160_asm_src => Assembler implementation of core RMD160
239 rc5_asm_src => Assembler implementation of core RC5
241 Defaults to 'rc5_enc.c'
242 wp_asm_src => Assembler implementation of core WHIRLPOOL
244 cmll_asm_src => Assembler implementation of core CAMELLIA
246 Defaults to 'camellia.c cmll_misc.c cmll_cbc.c'
247 modes_asm_src => Assembler implementation of cipher modes,
248 currently the functions gcm_gmult_4bit and
250 padlock_asm_src => Assembler implementation of core parts of
251 the padlock engine. This is mandatory on
252 any platform where the padlock engine might
256 [1] as part of the target configuration, one can have a key called
257 'inherit_from' that indicate what other configurations to inherit
258 data from. These are resolved recursively.
260 Inheritance works as a set of default values that can be overridden
261 by corresponding key values in the inheriting configuration.
263 Note 1: any configuration table can be used as a template.
264 Note 2: pure templates have the attribute 'template => 1' and
265 cannot be used as build targets.
267 If several configurations are given in the 'inherit_from' array,
268 the values of same attribute are concatenated with space
269 separation. With this, it's possible to have several smaller
270 templates for different configuration aspects that can be combined
271 into a complete configuration.
273 instead of a scalar value or an array, a value can be a code block
274 of the form 'sub { /* your code here */ }'. This code block will
275 be called with the list of inherited values for that key as
276 arguments. In fact, the concatenation of strings is really done
277 by using 'sub { join(" ",@_) }' on the list of inherited values.
285 ignored => "This should not appear in the end result",
294 inherit_from => [ "foo", "bar" ],
295 hehe => sub { join(" ",(@_,"!!!")) },
299 The entry for "laughter" will become as follows after processing:
308 [2] OpenSSL is built with threading capabilities unless the user
309 specifies 'no-threads'. The value of the key 'thread_scheme' may
310 be "(unknown)", in which case the user MUST give some compilation
313 [3] OpenSSL has three types of things to link from object files or
316 - shared libraries; that would be libcrypto and libssl.
317 - shared objects (sometimes called dynamic libraries); that would
319 - applications; those are apps/openssl and all the test apps.
321 Very roughly speaking, linking is done like this (words in braces
322 represent the configuration settings documented at the beginning
326 {ld} $(CFLAGS) {shared_ldflag} -shared -o libfoo.so \
327 -Wl,--whole-archive libfoo.a -Wl,--no-whole-archive \
328 {plib_lflags} -lcrypto {ex_libs}
331 {ld} $(CFLAGS) {shared_ldflag} -shared -o libeng.so \
332 blah1.o blah2.o {plib_lflags} -lcrypto {ex_libs}
335 {ld} $(CFLAGS) {lflags} -o app \
336 app1.o utils.o {plib_lflags} -lssl -lcrypto {ex_libs}
339 Historically, the target configurations came in form of a string with
340 values separated by colons. This use is deprecated. The string form
343 "target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:{bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:{bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:{rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:{padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:{shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:{arflags}:{multilib}"
349 The build.info files that are spread over the source tree contain the
350 minimum information needed to build and distribute OpenSSL. It uses a
351 simple and yet fairly powerful language to determine what needs to be
352 built, from what sources, and other relationships between files.
354 For every build.info file, all file references are relative to the
355 directory of the build.info file for source files, and the
356 corresponding build directory for built files if the build tree
357 differs from the source tree.
359 When processed, every line is processed with the perl module
360 Text::Template, using the delimiters "{-" and "-}". The hashes
361 %config and %target are passed to the perl fragments, along with
362 $sourcedir and $builddir, which are the locations of the source
363 directory for the current build.info file and the corresponding build
364 directory, all relative to the top of the build tree.
366 To begin with, things to be built are declared by setting specific
375 Note that the files mentioned for PROGRAMS, LIBS and ENGINES *must* be
376 without extensions. The build file templates will figure them out.
378 For each thing to be built, it is then possible to say what sources
382 SOURCE[foo]=foo.c common.c
383 SOURCE[bar]=bar.c extra.c common.c
385 It's also possible to tell some other dependencies:
387 DEPEND[foo]=libsomething
388 DEPEND[libbar]=libsomethingelse
390 (it could be argued that 'libsomething' and 'libsomethingelse' are
391 source as well. However, the files given through SOURCE are expected
392 to be located in the source tree while files given through DEPEND are
393 expected to be located in the build tree)
395 It's also possible to depend on static libraries explicitly:
397 DEPEND[foo]=libsomething.a
398 DEPEND[libbar]=libsomethingelse.a
400 This should be rarely used, and care should be taken to make sure it's
401 only used when supported. For example, native Windows build doesn't
402 support build static libraries and DLLs at the same time, so using
403 static libraries on Windows can only be done when configured
406 One some platforms, shared libraries come with a name that's different
407 from their static counterpart. That's declared as follows:
409 SHARED_NAME[libfoo]=cygfoo-{- $config{shlibver} -}
411 The example is from Cygwin, which has a required naming convention.
413 Sometimes, it makes sense to rename an output file, for example a
416 RENAME[libfoo]=libbar
418 That lines has "libfoo" get renamed to "libbar". While it makes no
419 sense at all to just have a rename like that (why not just use
420 "libbar" everywhere?), it does make sense when it can be used
421 conditionally. See a little further below for an example.
423 In some cases, it's desirable to include some source files in the
424 shared form of a library only:
426 SHARED_SOURCE[libfoo]=dllmain.c
428 For any file to be built, it's also possible to tell what extra
429 include paths the build of their source files should use:
433 In some cases, one might want to generate some source files from
434 others, that's done as follows:
436 GENERATE[foo.s]=asm/something.pl $(CFLAGS)
437 GENERATE[bar.s]=asm/bar.S
439 The value of each GENERATE line is a command line or part of it.
440 Configure places no rules on the command line, except that the first
441 item must be the generator file. It is, however, entirely up to the
442 build file template to define exactly how those command lines should
443 be handled, how the output is captured and so on.
445 Sometimes, the generator file itself depends on other files, for
446 example if it is a perl script that depends on other perl modules.
447 This can be expressed using DEPEND like this:
449 DEPEND[asm/something.pl]=../perlasm/Foo.pm
451 There may also be cases where the exact file isn't easily specified,
452 but an inclusion directory still needs to be specified. INCLUDE can
453 be used in that case:
455 INCLUDE[asm/something.pl]=../perlasm
457 NOTE: GENERATE lines are limited to one command only per GENERATE.
459 As a last resort, it's possible to have raw build file lines, between
460 BEGINRAW and ENDRAW lines as follows:
462 BEGINRAW[Makefile(unix)]
463 haha.h: {- $builddir -}/Makefile
464 echo "/* haha */" > haha.h
465 ENDRAW[Makefile(unix)]
467 The word within square brackets is the build_file configuration item
468 or the build_file configuration item followed by the second word in the
469 build_scheme configuration item for the configured target within
470 parenthesis as shown above. For example, with the following relevant
473 build_file => "build.ninja"
474 build_scheme => [ "unified", "unix" ]
476 ... these lines will be considered:
478 BEGINRAW[build.ninja]
479 build haha.h: echo "/* haha */" > haha.h
482 BEGINRAW[build.ninja(unix)]
483 build hoho.h: echo "/* hoho */" > hoho.h
484 ENDRAW[build.ninja(unix)]
486 Should it be needed because the recipes within a RAW section might
487 clash with those generated by Configure, it's possible to tell it
488 not to generate them with the use of OVERRIDES, for example:
490 SOURCE[libfoo]=foo.c bar.c
493 BEGINRAW[Makefile(unix)]
495 $(CC) $(CFLAGS) -DSPECIAL -c -o $@ $<
496 ENDRAW[Makefile(unix)]
498 See the documentation further up for more information on configuration
501 Finally, you can have some simple conditional use of the build.info
502 information, looking like this:
512 The expression in square brackets is interpreted as a string in perl,
513 and will be seen as true if perl thinks it is, otherwise false. For
514 example, the above would have "something" used, since 1 is true.
516 Together with the use of Text::Template, this can be used as
517 conditions based on something in the passed variables, for example:
519 IF[{- $disabled{shared} -}]
521 SOURCE[libcrypto]=...
529 # VMS has a cultural standard where all libraries are prefixed.
530 # For OpenSSL, the choice is 'ossl_'
531 IF[{- $config{target} =~ /^vms/ -}]
532 RENAME[libcrypto]=ossl_libcrypto
533 RENAME[libssl]=ossl_libssl
537 Build-file programming with the "unified" build system
538 ======================================================
540 "Build files" are called "Makefile" on Unix-like operating systems,
541 "descrip.mms" for MMS on VMS, "makefile" for nmake on Windows, etc.
543 To use the "unified" build system, the target configuration needs to
544 set the three items 'build_scheme', 'build_file' and 'build_command'.
545 In the rest of this section, we will assume that 'build_scheme' is set
546 to "unified" (see the configurations documentation above for the
549 For any name given by 'build_file', the "unified" system expects a
550 template file in Configurations/ named like the build file, with
551 ".tmpl" appended, or in case of possible ambiguity, a combination of
552 the second 'build_scheme' list item and the 'build_file' name. For
553 example, if 'build_file' is set to "Makefile", the template could be
554 Configurations/Makefile.tmpl or Configurations/unix-Makefile.tmpl.
555 In case both Configurations/unix-Makefile.tmpl and
556 Configurations/Makefile.tmpl are present, the former takes
559 The build-file template is processed with the perl module
560 Text::Template, using "{-" and "-}" as delimiters that enclose the
561 perl code fragments that generate configuration-dependent content.
562 Those perl fragments have access to all the hash variables from
565 The build-file template is expected to define at least the following
566 perl functions in a perl code fragment enclosed with "{-" and "-}".
567 They are all expected to return a string with the lines they produce.
569 generatesrc - function that produces build file lines to generate
570 a source file from some input.
572 It's called like this:
574 generatesrc(src => "PATH/TO/tobegenerated",
575 generator => [ "generatingfile", ... ]
576 generator_incs => [ "INCL/PATH", ... ]
577 generator_deps => [ "dep1", ... ]
578 generator => [ "generatingfile", ... ]
579 incs => [ "INCL/PATH", ... ],
580 deps => [ "dep1", ... ],
581 intent => one of "libs", "dso", "bin" );
583 'src' has the name of the file to be generated.
584 'generator' is the command or part of command to
585 generate the file, of which the first item is
586 expected to be the file to generate from.
587 generatesrc() is expected to analyse and figure out
588 exactly how to apply that file and how to capture
589 the result. 'generator_incs' and 'generator_deps'
590 are include directories and files that the generator
591 file itself depends on. 'incs' and 'deps' are
592 include directories and files that are used if $(CC)
593 is used as an intermediary step when generating the
594 end product (the file indicated by 'src'). 'intent'
595 indicates what the generated file is going to be
598 src2obj - function that produces build file lines to build an
599 object file from source files and associated data.
601 It's called like this:
603 src2obj(obj => "PATH/TO/objectfile",
604 srcs => [ "PATH/TO/sourcefile", ... ],
605 deps => [ "dep1", ... ],
606 incs => [ "INCL/PATH", ... ]
607 intent => one of "lib", "dso", "bin" );
609 'obj' has the intended object file *without*
610 extension, src2obj() is expected to add that.
611 'srcs' has the list of source files to build the
612 object file, with the first item being the source
613 file that directly corresponds to the object file.
614 'deps' is a list of explicit dependencies. 'incs'
615 is a list of include file directories. Finally,
616 'intent' indicates what this object file is going
619 obj2lib - function that produces build file lines to build a
620 static library file ("libfoo.a" in Unix terms) from
625 obj2lib(lib => "PATH/TO/libfile",
626 objs => [ "PATH/TO/objectfile", ... ]);
628 'lib' has the intended library file name *without*
629 extension, obj2lib is expected to add that. 'objs'
630 has the list of object files (also *without*
631 extension) to build this library.
633 libobj2shlib - function that produces build file lines to build a
634 shareable object library file ("libfoo.so" in Unix
635 terms) from the corresponding static library file
640 libobj2shlib(shlib => "PATH/TO/shlibfile",
641 lib => "PATH/TO/libfile",
642 objs => [ "PATH/TO/objectfile", ... ],
643 deps => [ "PATH/TO/otherlibfile", ... ]);
645 'lib' has the intended library file name *without*
646 extension, libobj2shlib is expected to add that.
647 'shlib' has the corresponding shared library name
648 *without* extension. 'deps' has the list of other
649 libraries (also *without* extension) this library
650 needs to be linked with. 'objs' has the list of
651 object files (also *without* extension) to build
654 This function has a choice; it can use the
655 corresponding static library as input to make the
656 shared library, or the list of object files.
658 obj2dso - function that produces build file lines to build a
659 dynamic shared object file from object files.
663 obj2dso(lib => "PATH/TO/libfile",
664 objs => [ "PATH/TO/objectfile", ... ],
665 deps => [ "PATH/TO/otherlibfile",
668 This is almost the same as libobj2shlib, but the
669 intent is to build a shareable library that can be
670 loaded in runtime (a "plugin"...). The differences
671 are subtle, one of the most visible ones is that the
672 resulting shareable library is produced from object
675 obj2bin - function that produces build file lines to build an
676 executable file from object files.
680 obj2bin(bin => "PATH/TO/binfile",
681 objs => [ "PATH/TO/objectfile", ... ],
682 deps => [ "PATH/TO/libfile", ... ]);
684 'bin' has the intended executable file name
685 *without* extension, obj2bin is expected to add
686 that. 'objs' has the list of object files (also
687 *without* extension) to build this library. 'deps'
688 has the list of library files (also *without*
689 extension) that the programs needs to be linked
692 in2script - function that produces build file lines to build a
693 script file from some input.
697 in2script(script => "PATH/TO/scriptfile",
698 sources => [ "PATH/TO/infile", ... ]);
700 'script' has the intended script file name.
701 'sources' has the list of source files to build the
702 resulting script from.
704 In all cases, file file paths are relative to the build tree top, and
705 the build file actions run with the build tree top as current working
708 Make sure to end the section with these functions with a string that
709 you thing is appropriate for the resulting build file. If nothing
710 else, end it like this:
712 ""; # Make sure no lingering values end up in the Makefile
716 Configure helper scripts
717 ========================
719 Configure uses helper scripts in this directory:
724 These scripts are per platform family, to check the integrity of the
725 tools used for configuration and building. The checker script used is
726 either {build_platform}-{build_file}-checker.pm or
727 {build_platform}-checker.pm, where {build_platform} is the second
728 'build_scheme' list element from the configuration target data, and
729 {build_file} is 'build_file' from the same target data.
731 If the check succeeds, the script is expected to end with a non-zero
732 expression. If the check fails, the script can end with a zero, or