##
## Configure -- OpenSSL source tree configuration script
## If editing this file, run this command before committing
-## make -f Makefile.org TABLE
+## make -f Makefile.in TABLE
##
require 5.000;
# see INSTALL for instructions.
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] [--config=FILE] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] [--config=FILE] os/compiler[:flags]\n";
# Options:
#
# no-asm do not use assembler
# no-dso do not compile in any native shared-library methods. This
# will ensure that all methods just return NULL.
+# no-egd do not compile support for the entropy-gathering daemon APIs
# [no-]zlib [don't] compile support for zlib compression.
# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
# library and will be loaded in run-time by the OpenSSL library.
my $perl;
my $fips=0;
+# Known TLS and DTLS protocols
+my @tls = qw(ssl3 tls1 tls1_1 tls1_2);
+my @dtls = qw(dtls1 dtls1_2);
+
# Explicitelly known options that are possible to disable. They can
# be regexps, and will be used like this: /^no-${option}$/
# For developers: keep it sorted alphabetically
"dynamic[-_]engine",
"ec",
"ec2m",
+ "ecdh",
+ "ecdsa",
"ec_nistp_64_gcc_128",
"engine",
"err", # Really???
"srtp",
"sse2",
"ssl",
- "ssl3",
- "ssl3-method",
"ssl-trace",
"static-engine",
"stdio",
"store",
"threads",
"tls",
- "tls1",
"unit-test",
"whirlpool",
"zlib",
"zlib-dynamic",
);
+foreach my $proto ((@tls, @dtls))
+ {
+ push(@disablables, $proto);
+ push(@disablables, "$proto-method");
+ }
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
my %disabled = ( # "what" => "comment" [or special keyword "experimental"]
"ec_nistp_64_gcc_128" => "default",
+ "egd" => "default",
"jpake" => "experimental",
"md2" => "default",
"rc5" => "default",
{
if (!($disabled{$1} eq "experimental"))
{
- if ($1 eq "ssl")
+ foreach my $proto ((@tls, @dtls))
{
- $disabled{"ssl3"} = "option(ssl)";
+ if ($1 eq "$proto-method")
+ {
+ $disabled{"$proto"} = "option($proto-method)";
+ last;
+ }
}
- elsif ($1 eq "tls")
+ if ($1 eq "dtls")
{
- $disabled{"tls1"} = "option(tls)"
+ foreach my $proto (@dtls)
+ {
+ $disabled{$proto} = "option(dtls)";
+ }
}
- elsif ($1 eq "ssl3-method")
+ elsif ($1 eq "ssl")
{
- $disabled{"ssl3-method"} = "option(ssl)";
+ # Last one of its kind
$disabled{"ssl3"} = "option(ssl)";
}
+ elsif ($1 eq "tls")
+ {
+ # XXX: Tests will fail if all SSL/TLS
+ # protocols are disabled.
+ foreach my $proto (@tls)
+ {
+ $disabled{$proto} = "option(tls)";
+ }
+ }
else
{
$disabled{$1} = "option";
$disabled{"ecdh"} = "forced";
}
-# SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH
+# SSL 3.0 requires MD5 and SHA and either RSA or DSA+DH
if (defined($disabled{"md5"}) || defined($disabled{"sha"})
|| (defined($disabled{"rsa"})
- && (defined($disabled{"dsa"}) || defined($disabled{"dh"}))))
+ && (defined($disabled{"dsa"}) || defined($disabled{"dh"}))))
{
$disabled{"ssl3"} = "forced";
+ $disabled{"ssl"} = "forced";
+ }
+
+# (D)TLS 1.0 and TLS 1.1 require MD5 and SHA and either RSA or DSA+DH
+# or ECDSA + ECDH. (XXX: We don't support PSK-only builds).
+#
+if (defined($disabled{"md5"}) || defined($disabled{"sha"})
+ || (defined($disabled{"rsa"})
+ && (defined($disabled{"dsa"}) || defined($disabled{"dh"}))
+ && (defined($disabled{"ecdsa"}) || defined($disabled{"ecdh"}))))
+ {
$disabled{"tls1"} = "forced";
+ $disabled{"dtls1"} = "forced";
+ $disabled{"tls1_1"} = "forced";
+ }
+
+# (D)TLS 1.2 requires either RSA or DSA+DH or ECDSA + ECDH
+# So if all are missing, we can't do either TLS or DTLS.
+# (XXX: We don't support PSK-only builds).
+#
+if (defined($disabled{"rsa"})
+ && (defined($disabled{"dsa"}) || defined($disabled{"dh"}))
+ && (defined($disabled{"ecdsa"}) || defined($disabled{"ecdh"})))
+ {
+ $disabled{"tls"} = "forced";
+ $disabled{"dtls"} = "forced";
+ foreach my $proto ((@tls, @dtls))
+ {
+ $disabled{"$proto"} = "forced";
+ }
+ }
+
+
+# Avoid protocol support holes. Also disable all versions below N, if version
+# N is disabled while N+1 is enabled.
+#
+my $prev_disabled = 1;
+my $force_disable = 0;
+foreach my $proto (reverse(@tls))
+ {
+ if ($force_disable)
+ {
+ $disabled{$proto} = 1;
+ }
+ elsif (! defined($disabled{$proto}))
+ {
+ $prev_disabled = 0;
+ }
+ elsif (! $prev_disabled)
+ {
+ $force_disable = 1;
+ }
+ }
+my $prev_disabled = 1;
+my $force_disable = 0;
+foreach my $proto (reverse(@dtls))
+ {
+ if ($force_disable)
+ {
+ $disabled{$proto} = 1;
+ }
+ elsif (! defined($disabled{$proto}))
+ {
+ $prev_disabled = 0;
+ }
+ elsif (! $prev_disabled)
+ {
+ $force_disable = 1;
+ }
}
if (defined($disabled{"dgram"}))
{
- $disabled{"dtls"} = "forced";
- }
+ $disabled{"dtls"} = "forced";
+ $disabled{"dtls1"} = "forced";
+ $disabled{"dtls1_2"} = "forced";
+ }
if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
|| defined($disabled{"dh"}) || defined($disabled{"stdio"}))
# If we do not find debug-foo in the table, the target is set to foo,
# but only if the foo target has a noon-empty debug_cflags or debug_lflags
# attribute.
- if (!$table{$target} && ($table{$t}->{debug_cflags}
- || $table{$t}->{debug_lflags})) {
+ if (!$table{$target}) {
$target = $t;
}
}
-&usage if (!defined($table{$target})
- || $table{$target}->{template}
- || ($build_prefix eq "debug_"
- && $target !~ /^debug-/
- && !($table{$target}->{debug_cflags}
- || $table{$target}->{debug_lflags})));
+&usage if (!defined($table{$target}) || $table{$target}->{template});
if ($fips)
{
$api = $maxapi;
}
-# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
+# You will find shlib_mark1 and shlib_mark2 explained in Makefile.in
my $shared_mark = "";
if ($shared_target eq "")
{
# linker only when --prefix is not /usr.
if ($target =~ /^BSD\-/)
{
- $shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
+ $shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
}
if ($sys_id ne "")
}
}
-open(IN,"<Makefile.org") || die "unable to read Makefile.org:$!\n";
+open(IN,"<Makefile.in") || die "unable to read Makefile.in$!\n";
unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
+print OUT "### Generated automatically from Makefile.in by Configure.\n\n";
my $sdirs=0;
while (<IN>)
$sdirs = 0 unless /\\$/;
s/fips // if (/^DIRS=/ && !$fips);
s/engines // if (/^DIRS=/ && $disabled{"engine"});
- s/ccgost// if (/^ENGDIRS=/ && $disabled{"gost"});
s/^VERSION=.*/VERSION=$version/;
s/^MAJOR=.*/MAJOR=$major/;
s/^MINOR=.*/MINOR=$minor/;
}
close(IN);
close(OUT);
-rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
+rename($Makefile,"$Makefile.orig") || die "unable to rename $Makefile\n" if -e $Makefile;
rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
print "CC =$cc\n";
{ printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; }
elsif (/^#((define)|(undef))\s+BN_LLONG\s*$/)
{ printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; }
- elsif (/^\#define\s+DES_LONG\s+.*/)
- { printf OUT "#define DES_LONG unsigned %s\n",
+ elsif (/^\#define\s+OSSL_DES_LONG\s+.*/)
+ { printf OUT "#define OSSL_DES_LONG unsigned %s\n",
($des_int)?'int':'long'; }
elsif (/^\#(define|undef)\s+DES_PTR/)
{ printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; }
print "BF_PTR used\n" if $bf_ptr == 1;
print "BF_PTR2 used\n" if $bf_ptr == 2;
+# Copy all Makefile.in to Makefile (except top-level)
+use File::Find;
+use IO::File;
+find(sub {
+ return if ($_ ne "Makefile.in" || $File::Find::dir eq ".");
+ my $in = IO::File->new($_, "r") or
+ die sprintf "Error reading Makefile.in in %s: !$\n",
+ $File::Find::dir;
+ my $out = IO::File->new("Makefile", "w") or
+ die sprintf "Error writing Makefile in %s: !$\n",
+ $File::Find::dir;
+ print $out "# Generated from $_, do not edit\n";
+ while (my $line = <$in>) { print $out $line }
+ $in->close() or
+ die sprintf "Error reading Makefile.in in %s: !$\n",
+ $File::Find::dir;
+ $out->close() or
+ die sprintf "Error writing Makefile in %s: !$\n",
+ $File::Find::dir;
+ }, ".");
+
{
my $perlguess = $perl =~ m@^/@ ? $perl : '/usr/local/bin/perl';
projects / openssl.git / blobdiff