4 This directory contains a few sets of files that are used for
5 configuration in diverse ways:
7 *.conf Target platform configurations, please read
8 'Configurations of OpenSSL target platforms' for more
10 *.tmpl Build file templates, please read 'Build-file
11 programming with the "unified" build system' as well
12 as 'Build info files' for more information.
13 *.pm Helper scripts / modules for the main `Configure`
14 script. See 'Configure helper scripts for more
18 Configurations of OpenSSL target platforms
19 ==========================================
21 Configuration targets are a collection of facts that we know about
22 different platforms and their capabilities. We organise them in a
23 hash table, where each entry represent a specific target.
25 Note that configuration target names must be unique across all config
26 files. The Configure script does check that a config file doesn't
27 have config targets that shadow config targets from other files.
29 In each table entry, the following keys are significant:
31 inherit_from => Other targets to inherit values from.
32 Explained further below. [1]
33 template => Set to 1 if this isn't really a platform
34 target. Instead, this target is a template
35 upon which other targets can be built.
36 Explained further below. [1]
38 sys_id => System identity for systems where that
39 is difficult to determine automatically.
41 enable => Enable specific configuration features.
42 This MUST be an array of words.
43 disable => Disable specific configuration features.
44 This MUST be an array of words.
45 Note: if the same feature is both enabled
46 and disabled, disable wins.
48 as => The assembler command. This is not always
49 used (for example on Unix, where the C
50 compiler is used instead).
51 asflags => Default assembler command flags [4].
52 cpp => The C preprocessor command, normally not
53 given, as the build file defaults are
55 cppflags => Default C preprocessor flags [4].
56 defines => As an alternative, macro definitions may be
57 given here instead of in `cppflags' [4].
58 If given here, they MUST be as an array of
59 the string such as "MACRO=value", or just
60 "MACRO" for definitions without value.
61 includes => As an alternative, inclusion directories
62 may be given here instead of in `cppflags'
63 [4]. If given here, the MUST be an array
64 of strings, one directory specification
66 cc => The C compiler command, usually one of "cc",
67 "gcc" or "clang". This command is normally
68 also used to link object files and
69 libraries into the final program.
70 cxx => The C++ compiler command, usually one of
71 "c++", "g++" or "clang++". This command is
72 also used when linking a program where at
73 least one of the object file is made from
75 cflags => Defaults C compiler flags [4].
76 cxxflags => Default C++ compiler flags [4]. If unset,
77 it gets the same value as cflags.
79 (linking is a complex thing, see [3] below)
80 ld => Linker command, usually not defined
81 (meaning the compiler command is used
83 (NOTE: this is here for future use, it's
85 lflags => Default flags used when linking apps,
86 shared libraries or DSOs [4].
87 ex_libs => Extra libraries that are needed when
88 linking shared libraries, DSOs or programs.
90 shared_cppflags => Extra C preprocessor flags used when
91 processing C files for shared libraries.
92 shared_cflag => Extra C compiler flags used when compiling
93 for shared libraries, typically something
95 shared_ldflag => Extra linking flags used when linking
99 module_ldflags => Has the same function as the corresponding
100 `shared_' attributes, but for building DSOs.
101 When unset, they get the same values as the
102 corresponding `shared_' attributes.
104 ar => The library archive command, the default is
106 (NOTE: this is here for future use, it's
108 arflags => Flags to be used with the library archive
109 command. On Unix, this includes the
110 command letter, 'r' by default.
112 ranlib => The library archive indexing command, the
113 default is 'ranlib' it it exists.
115 unistd => An alternative header to the typical
116 '<unistd.h>'. This is very rarely needed.
118 shared_extension => File name extension used for shared
120 obj_extension => File name extension used for object files.
121 On unix, this defaults to ".o" (NOTE: this
122 is here for future use, it's not
124 exe_extension => File name extension used for executable
125 files. On unix, this defaults to "" (NOTE:
126 this is here for future use, it's not
128 shlib_variant => A "variant" identifier inserted between the base
129 shared library name and the extension. On "unixy"
130 platforms (BSD, Linux, Solaris, MacOS/X, ...) this
131 supports installation of custom OpenSSL libraries
132 that don't conflict with other builds of OpenSSL
133 installed on the system. The variant identifier
134 becomes part of the SONAME of the library and also
135 any symbol versions (symbol versions are not used or
136 needed with MacOS/X). For example, on a system
137 where a default build would normally create the SSL
138 shared library as 'libssl.so -> libssl.so.1.1' with
139 the value of the symlink as the SONAME, a target
140 definition that sets 'shlib_variant => "-abc"' will
141 create 'libssl.so -> libssl-abc.so.1.1', again with
142 an SONAME equal to the value of the symlink. The
143 symbol versions associated with the variant library
144 would then be 'OPENSSL_ABC_<version>' rather than
145 the default 'OPENSSL_<version>'. The string inserted
146 into symbol versions is obtained by mapping all
147 letters in the "variant" identifier to upper case
148 and all non-alphanumeric characters to '_'.
150 thread_scheme => The type of threads is used on the
151 configured platform. Currently known
152 values are "(unknown)", "pthreads",
153 "uithreads" (a.k.a solaris threads) and
154 "winthreads". Except for "(unknown)", the
155 actual value is currently ignored but may
156 be used in the future. See further notes
158 dso_scheme => The type of dynamic shared objects to build
159 for. This mostly comes into play with
160 engines, but can be used for other purposes
161 as well. Valid values are "DLFCN"
162 (dlopen() et al), "DLFCN_NO_H" (for systems
163 that use dlopen() et al but do not have
164 fcntl.h), "DL" (shl_load() et al), "WIN32"
166 perlasm_scheme => The perlasm method used to created the
167 assembler files used when compiling with
168 assembler implementations.
169 shared_target => The shared library building method used.
170 This is a target found in Makefile.shared.
171 build_scheme => The scheme used to build up a Makefile.
172 In its simplest form, the value is a string
173 with the name of the build scheme.
174 The value may also take the form of a list
175 of strings, if the build_scheme is to have
176 some options. In this case, the first
177 string in the list is the name of the build
179 Currently recognised build scheme is "unified".
180 For the "unified" build scheme, this item
181 *must* be an array with the first being the
182 word "unified" and the second being a word
183 to identify the platform family.
185 multilib => On systems that support having multiple
186 implementations of a library (typically a
187 32-bit and a 64-bit variant), this is used
188 to have the different variants in different
191 bn_ops => Building options (was just bignum options in
192 the earlier history of this option, hence the
193 name). This is a string of words that describe
194 algorithms' implementation parameters that
195 are optimal for the designated target platform,
196 such as the type of integers used to build up
197 the bignum, different ways to implement certain
198 ciphers and so on. To fully comprehend the
199 meaning, the best is to read the affected
203 THIRTY_TWO_BIT bignum limbs are 32 bits,
204 this is default if no
205 option is specified, it
206 works on any supported
207 system [unless "wider"
208 limb size is implied in
210 BN_LLONG bignum limbs are 32 bits,
211 but 64-bit 'unsigned long
212 long' is used internally
214 SIXTY_FOUR_BIT_LONG bignum limbs are 64 bits
215 and sizeof(long) is 8;
216 SIXTY_FOUR_BIT bignums limbs are 64 bits,
217 but execution environment
219 RC4_CHAR RC4 key schedule is made
220 up of 'unsigned char's;
221 RC4_INT RC4 key schedule is made
222 up of 'unsigned int's;
223 EXPORT_VAR_AS_FN for shared libraries,
227 apps_aux_src => Extra source to build apps/openssl and other
228 apps, as needed by the target and that can be
229 collected in a library.
230 apps_init_src => Init source to build apps/openssl and other
231 apps, as needed by the target. This code
232 cannot be placed in a library, as the rest
233 of the code isn't expected to link to it
235 cpuid_asm_src => assembler implementation of cpuid code as
236 well as OPENSSL_cleanse().
238 bn_asm_src => Assembler implementation of core bignum
241 ec_asm_src => Assembler implementation of core EC
243 des_asm_src => Assembler implementation of core DES
244 encryption functions.
245 Defaults to 'des_enc.c fcrypt_b.c'
246 aes_asm_src => Assembler implementation of core AES
248 Defaults to 'aes_core.c aes_cbc.c'
249 bf_asm_src => Assembler implementation of core BlowFish
251 Defaults to 'bf_enc.c'
252 md5_asm_src => Assembler implementation of core MD5
254 sha1_asm_src => Assembler implementation of core SHA1,
255 functions, and also possibly SHA256 and
257 cast_asm_src => Assembler implementation of core CAST
259 Defaults to 'c_enc.c'
260 rc4_asm_src => Assembler implementation of core RC4
262 Defaults to 'rc4_enc.c rc4_skey.c'
263 rmd160_asm_src => Assembler implementation of core RMD160
265 rc5_asm_src => Assembler implementation of core RC5
267 Defaults to 'rc5_enc.c'
268 wp_asm_src => Assembler implementation of core WHIRLPOOL
270 cmll_asm_src => Assembler implementation of core CAMELLIA
272 Defaults to 'camellia.c cmll_misc.c cmll_cbc.c'
273 modes_asm_src => Assembler implementation of cipher modes,
274 currently the functions gcm_gmult_4bit and
276 padlock_asm_src => Assembler implementation of core parts of
277 the padlock engine. This is mandatory on
278 any platform where the padlock engine might
282 [1] as part of the target configuration, one can have a key called
283 'inherit_from' that indicate what other configurations to inherit
284 data from. These are resolved recursively.
286 Inheritance works as a set of default values that can be overridden
287 by corresponding key values in the inheriting configuration.
289 Note 1: any configuration table can be used as a template.
290 Note 2: pure templates have the attribute 'template => 1' and
291 cannot be used as build targets.
293 If several configurations are given in the 'inherit_from' array,
294 the values of same attribute are concatenated with space
295 separation. With this, it's possible to have several smaller
296 templates for different configuration aspects that can be combined
297 into a complete configuration.
299 instead of a scalar value or an array, a value can be a code block
300 of the form 'sub { /* your code here */ }'. This code block will
301 be called with the list of inherited values for that key as
302 arguments. In fact, the concatenation of strings is really done
303 by using 'sub { join(" ",@_) }' on the list of inherited values.
311 ignored => "This should not appear in the end result",
320 inherit_from => [ "foo", "bar" ],
321 hehe => sub { join(" ",(@_,"!!!")) },
325 The entry for "laughter" will become as follows after processing:
334 [2] OpenSSL is built with threading capabilities unless the user
335 specifies 'no-threads'. The value of the key 'thread_scheme' may
336 be "(unknown)", in which case the user MUST give some compilation
339 [3] OpenSSL has three types of things to link from object files or
342 - shared libraries; that would be libcrypto and libssl.
343 - shared objects (sometimes called dynamic libraries); that would
345 - applications; those are apps/openssl and all the test apps.
347 Very roughly speaking, linking is done like this (words in braces
348 represent the configuration settings documented at the beginning
352 {ld} $(CFLAGS) {lflags} {shared_ldflag} -o libfoo.so \
353 foo/something.o foo/somethingelse.o {ex_libs}
356 {ld} $(CFLAGS) {lflags} {module_ldflags} -o libeng.so \
357 blah1.o blah2.o -lcrypto {ex_libs}
360 {ld} $(CFLAGS) {lflags} -o app \
361 app1.o utils.o -lssl -lcrypto {ex_libs}
363 [4] There are variants of these attribute, prefixed with `lib_',
364 `dso_' or `bin_'. Those variants replace the unprefixed attribute
365 when building library, DSO or program modules specifically.
367 Historically, the target configurations came in form of a string with
368 values separated by colons. This use is deprecated. The string form
371 "target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:{bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:{bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:{rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:{padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:{shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:{arflags}:{multilib}"
377 The build.info files that are spread over the source tree contain the
378 minimum information needed to build and distribute OpenSSL. It uses a
379 simple and yet fairly powerful language to determine what needs to be
380 built, from what sources, and other relationships between files.
382 For every build.info file, all file references are relative to the
383 directory of the build.info file for source files, and the
384 corresponding build directory for built files if the build tree
385 differs from the source tree.
387 When processed, every line is processed with the perl module
388 Text::Template, using the delimiters "{-" and "-}". The hashes
389 %config and %target are passed to the perl fragments, along with
390 $sourcedir and $builddir, which are the locations of the source
391 directory for the current build.info file and the corresponding build
392 directory, all relative to the top of the build tree.
394 To begin with, things to be built are declared by setting specific
403 Note that the files mentioned for PROGRAMS, LIBS and ENGINES *must* be
404 without extensions. The build file templates will figure them out.
406 For each thing to be built, it is then possible to say what sources
410 SOURCE[foo]=foo.c common.c
411 SOURCE[bar]=bar.c extra.c common.c
413 It's also possible to tell some other dependencies:
415 DEPEND[foo]=libsomething
416 DEPEND[libbar]=libsomethingelse
418 (it could be argued that 'libsomething' and 'libsomethingelse' are
419 source as well. However, the files given through SOURCE are expected
420 to be located in the source tree while files given through DEPEND are
421 expected to be located in the build tree)
423 It's also possible to depend on static libraries explicitly:
425 DEPEND[foo]=libsomething.a
426 DEPEND[libbar]=libsomethingelse.a
428 This should be rarely used, and care should be taken to make sure it's
429 only used when supported. For example, native Windows build doesn't
430 support build static libraries and DLLs at the same time, so using
431 static libraries on Windows can only be done when configured
434 One some platforms, shared libraries come with a name that's different
435 from their static counterpart. That's declared as follows:
437 SHARED_NAME[libfoo]=cygfoo-{- $config{shlibver} -}
439 The example is from Cygwin, which has a required naming convention.
441 Sometimes, it makes sense to rename an output file, for example a
444 RENAME[libfoo]=libbar
446 That lines has "libfoo" get renamed to "libbar". While it makes no
447 sense at all to just have a rename like that (why not just use
448 "libbar" everywhere?), it does make sense when it can be used
449 conditionally. See a little further below for an example.
451 In some cases, it's desirable to include some source files in the
452 shared form of a library only:
454 SHARED_SOURCE[libfoo]=dllmain.c
456 For any file to be built, it's also possible to tell what extra
457 include paths the build of their source files should use:
461 In some cases, one might want to generate some source files from
462 others, that's done as follows:
464 GENERATE[foo.s]=asm/something.pl $(CFLAGS)
465 GENERATE[bar.s]=asm/bar.S
467 The value of each GENERATE line is a command line or part of it.
468 Configure places no rules on the command line, except that the first
469 item must be the generator file. It is, however, entirely up to the
470 build file template to define exactly how those command lines should
471 be handled, how the output is captured and so on.
473 Sometimes, the generator file itself depends on other files, for
474 example if it is a perl script that depends on other perl modules.
475 This can be expressed using DEPEND like this:
477 DEPEND[asm/something.pl]=../perlasm/Foo.pm
479 There may also be cases where the exact file isn't easily specified,
480 but an inclusion directory still needs to be specified. INCLUDE can
481 be used in that case:
483 INCLUDE[asm/something.pl]=../perlasm
485 NOTE: GENERATE lines are limited to one command only per GENERATE.
487 As a last resort, it's possible to have raw build file lines, between
488 BEGINRAW and ENDRAW lines as follows:
490 BEGINRAW[Makefile(unix)]
491 haha.h: {- $builddir -}/Makefile
492 echo "/* haha */" > haha.h
493 ENDRAW[Makefile(unix)]
495 The word within square brackets is the build_file configuration item
496 or the build_file configuration item followed by the second word in the
497 build_scheme configuration item for the configured target within
498 parenthesis as shown above. For example, with the following relevant
501 build_file => "build.ninja"
502 build_scheme => [ "unified", "unix" ]
504 ... these lines will be considered:
506 BEGINRAW[build.ninja]
507 build haha.h: echo "/* haha */" > haha.h
510 BEGINRAW[build.ninja(unix)]
511 build hoho.h: echo "/* hoho */" > hoho.h
512 ENDRAW[build.ninja(unix)]
514 Should it be needed because the recipes within a RAW section might
515 clash with those generated by Configure, it's possible to tell it
516 not to generate them with the use of OVERRIDES, for example:
518 SOURCE[libfoo]=foo.c bar.c
521 BEGINRAW[Makefile(unix)]
523 $(CC) $(CFLAGS) -DSPECIAL -c -o $@ $<
524 ENDRAW[Makefile(unix)]
526 See the documentation further up for more information on configuration
529 Finally, you can have some simple conditional use of the build.info
530 information, looking like this:
540 The expression in square brackets is interpreted as a string in perl,
541 and will be seen as true if perl thinks it is, otherwise false. For
542 example, the above would have "something" used, since 1 is true.
544 Together with the use of Text::Template, this can be used as
545 conditions based on something in the passed variables, for example:
547 IF[{- $disabled{shared} -}]
549 SOURCE[libcrypto]=...
557 # VMS has a cultural standard where all libraries are prefixed.
558 # For OpenSSL, the choice is 'ossl_'
559 IF[{- $config{target} =~ /^vms/ -}]
560 RENAME[libcrypto]=ossl_libcrypto
561 RENAME[libssl]=ossl_libssl
565 Build-file programming with the "unified" build system
566 ======================================================
568 "Build files" are called "Makefile" on Unix-like operating systems,
569 "descrip.mms" for MMS on VMS, "makefile" for nmake on Windows, etc.
571 To use the "unified" build system, the target configuration needs to
572 set the three items 'build_scheme', 'build_file' and 'build_command'.
573 In the rest of this section, we will assume that 'build_scheme' is set
574 to "unified" (see the configurations documentation above for the
577 For any name given by 'build_file', the "unified" system expects a
578 template file in Configurations/ named like the build file, with
579 ".tmpl" appended, or in case of possible ambiguity, a combination of
580 the second 'build_scheme' list item and the 'build_file' name. For
581 example, if 'build_file' is set to "Makefile", the template could be
582 Configurations/Makefile.tmpl or Configurations/unix-Makefile.tmpl.
583 In case both Configurations/unix-Makefile.tmpl and
584 Configurations/Makefile.tmpl are present, the former takes
587 The build-file template is processed with the perl module
588 Text::Template, using "{-" and "-}" as delimiters that enclose the
589 perl code fragments that generate configuration-dependent content.
590 Those perl fragments have access to all the hash variables from
593 The build-file template is expected to define at least the following
594 perl functions in a perl code fragment enclosed with "{-" and "-}".
595 They are all expected to return a string with the lines they produce.
597 generatesrc - function that produces build file lines to generate
598 a source file from some input.
600 It's called like this:
602 generatesrc(src => "PATH/TO/tobegenerated",
603 generator => [ "generatingfile", ... ]
604 generator_incs => [ "INCL/PATH", ... ]
605 generator_deps => [ "dep1", ... ]
606 generator => [ "generatingfile", ... ]
607 incs => [ "INCL/PATH", ... ],
608 deps => [ "dep1", ... ],
609 intent => one of "libs", "dso", "bin" );
611 'src' has the name of the file to be generated.
612 'generator' is the command or part of command to
613 generate the file, of which the first item is
614 expected to be the file to generate from.
615 generatesrc() is expected to analyse and figure out
616 exactly how to apply that file and how to capture
617 the result. 'generator_incs' and 'generator_deps'
618 are include directories and files that the generator
619 file itself depends on. 'incs' and 'deps' are
620 include directories and files that are used if $(CC)
621 is used as an intermediary step when generating the
622 end product (the file indicated by 'src'). 'intent'
623 indicates what the generated file is going to be
626 src2obj - function that produces build file lines to build an
627 object file from source files and associated data.
629 It's called like this:
631 src2obj(obj => "PATH/TO/objectfile",
632 srcs => [ "PATH/TO/sourcefile", ... ],
633 deps => [ "dep1", ... ],
634 incs => [ "INCL/PATH", ... ]
635 intent => one of "lib", "dso", "bin" );
637 'obj' has the intended object file *without*
638 extension, src2obj() is expected to add that.
639 'srcs' has the list of source files to build the
640 object file, with the first item being the source
641 file that directly corresponds to the object file.
642 'deps' is a list of explicit dependencies. 'incs'
643 is a list of include file directories. Finally,
644 'intent' indicates what this object file is going
647 obj2lib - function that produces build file lines to build a
648 static library file ("libfoo.a" in Unix terms) from
653 obj2lib(lib => "PATH/TO/libfile",
654 objs => [ "PATH/TO/objectfile", ... ]);
656 'lib' has the intended library file name *without*
657 extension, obj2lib is expected to add that. 'objs'
658 has the list of object files (also *without*
659 extension) to build this library.
661 libobj2shlib - function that produces build file lines to build a
662 shareable object library file ("libfoo.so" in Unix
663 terms) from the corresponding static library file
668 libobj2shlib(shlib => "PATH/TO/shlibfile",
669 lib => "PATH/TO/libfile",
670 objs => [ "PATH/TO/objectfile", ... ],
671 deps => [ "PATH/TO/otherlibfile", ... ]);
673 'lib' has the intended library file name *without*
674 extension, libobj2shlib is expected to add that.
675 'shlib' has the corresponding shared library name
676 *without* extension. 'deps' has the list of other
677 libraries (also *without* extension) this library
678 needs to be linked with. 'objs' has the list of
679 object files (also *without* extension) to build
682 This function has a choice; it can use the
683 corresponding static library as input to make the
684 shared library, or the list of object files.
686 obj2dso - function that produces build file lines to build a
687 dynamic shared object file from object files.
691 obj2dso(lib => "PATH/TO/libfile",
692 objs => [ "PATH/TO/objectfile", ... ],
693 deps => [ "PATH/TO/otherlibfile",
696 This is almost the same as libobj2shlib, but the
697 intent is to build a shareable library that can be
698 loaded in runtime (a "plugin"...). The differences
699 are subtle, one of the most visible ones is that the
700 resulting shareable library is produced from object
703 obj2bin - function that produces build file lines to build an
704 executable file from object files.
708 obj2bin(bin => "PATH/TO/binfile",
709 objs => [ "PATH/TO/objectfile", ... ],
710 deps => [ "PATH/TO/libfile", ... ]);
712 'bin' has the intended executable file name
713 *without* extension, obj2bin is expected to add
714 that. 'objs' has the list of object files (also
715 *without* extension) to build this library. 'deps'
716 has the list of library files (also *without*
717 extension) that the programs needs to be linked
720 in2script - function that produces build file lines to build a
721 script file from some input.
725 in2script(script => "PATH/TO/scriptfile",
726 sources => [ "PATH/TO/infile", ... ]);
728 'script' has the intended script file name.
729 'sources' has the list of source files to build the
730 resulting script from.
732 In all cases, file file paths are relative to the build tree top, and
733 the build file actions run with the build tree top as current working
736 Make sure to end the section with these functions with a string that
737 you thing is appropriate for the resulting build file. If nothing
738 else, end it like this:
740 ""; # Make sure no lingering values end up in the Makefile
744 Configure helper scripts
745 ========================
747 Configure uses helper scripts in this directory:
752 These scripts are per platform family, to check the integrity of the
753 tools used for configuration and building. The checker script used is
754 either {build_platform}-{build_file}-checker.pm or
755 {build_platform}-checker.pm, where {build_platform} is the second
756 'build_scheme' list element from the configuration target data, and
757 {build_file} is 'build_file' from the same target data.
759 If the check succeeds, the script is expected to end with a non-zero
760 expression. If the check fails, the script can end with a zero, or