-:
-eval 'exec perl -S $0 ${1+"$@"}'
- if $running_under_some_shell;
+#! /usr/bin/env perl
+# -*- mode: perl; -*-
+
##
## Configure -- OpenSSL source tree configuration script
## If editing this file, run this command before committing
-## make -f Makefile.org TABLE
+## make -f Makefile.in TABLE
##
require 5.000;
# see INSTALL for instructions.
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] [--config=FILE] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] [--config=FILE] os/compiler[:flags]\n";
# Options:
#
# default). This needn't be set in advance, you can
# just as well use "make INSTALL_PREFIX=/whatever install".
#
-# --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected
-# to live in the subdirectory lib/ and the header files in
-# include/. A value is required.
-# --with-krb5-lib Declare where the Kerberos 5 libraries live. A value is
-# required.
-# (Default: KRB5_DIR/lib)
-# --with-krb5-include Declare where the Kerberos 5 header files live. A
-# value is required.
-# (Default: KRB5_DIR/include)
-# --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently
-# supported values are "MIT" and "Heimdal". A value is required.
-#
# --test-sanity Make a number of sanity checks on the data in this file.
# This is a debugging tool for OpenSSL developers.
#
# --cross-compile-prefix Add specified prefix to binutils components.
#
+# --api One of 0.9.8, 1.0.0 or 1.1.0. Do not compile support for
+# interfaces deprecated as of the specified OpenSSL version.
+#
# no-hw-xxx do not compile support for specific crypto hardware.
# Generic OpenSSL-style methods relating to this support
# are always compiled but return NULL if the hardware
# no-asm do not use assembler
# no-dso do not compile in any native shared-library methods. This
# will ensure that all methods just return NULL.
-# no-krb5 do not compile in any KRB5 library or code.
+# no-egd do not compile support for the entropy-gathering daemon APIs
# [no-]zlib [don't] compile support for zlib compression.
# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
# library and will be loaded in run-time by the OpenSSL library.
# Minimum warning options... any contributions to OpenSSL should at least get
# past these.
-my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DDEBUG_UNUSED";
+my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Werror -DREF_CHECK -DDEBUG_UNUSED";
+
+# These are used in addition to $gcc_devteam_warn when the compiler is clang.
+# TODO(openssl-team): fix problems and investigate if (at least) the
+# following warnings can also be enabled:
+# -Wswitch-enum, -Wunused-macros, -Wmissing-field-initializers,
+# -Wcast-align,
+# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token
+# -Wextended-offsetof
+my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Qunused-arguments -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations";
+
+# Warn that "make depend" should be run?
+my $warn_make_depend = 0;
+
+# These are used in addition to $gcc_devteam_warn unless this is a mingw build.
+# This adds backtrace information to the memory leak info.
+my $memleak_devteam_backtrace = "-rdynamic -DCRYPTO_MDEBUG_BACKTRACE";
-my $clang_disabled_warnings = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof";
my $strict_warnings = 0;
# MD2_CHAR slags pentium pros
my $x86_gcc_opts="RC4_INDEX MD2_INT";
-#$bits1="SIXTEEN_BIT ";
-#$bits2="THIRTY_TWO_BIT ";
-my $bits1="THIRTY_TWO_BIT ";
-my $bits2="SIXTY_FOUR_BIT ";
-
# As for $BSDthreads. Idea is to maintain "collective" set of flags,
# which would cover all BSD flavors. -pthread applies to them all,
# but is treated differently. OpenBSD expands is as -D_POSIX_THREAD
# seems to be sufficient?
my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
-# table of known configurations, read in from files
#
-# The content of each entry can take one of two forms:
+# API compability name to version number mapping.
#
-# - old style config-string, colon seperated fields with exactly the
-# following structure.:
-#
-# $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $ec_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $modes_obj : $engines_obj : $perlasm_scheme : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib
-#
-# We use the stringtohash function - defined below - to combine with the
-# fields and form a proper hash table from the string.
-#
-# - direct transfer of old style config string to hash table, using the names
-# of the fields as keys:
-#
-# {
-# cc => $cc,
-# cflags => $cflags,
-# unistd => $unistd,
-# thread_cflag => $thread_cflag,
-# sys_id => $sys_id,
-# lflags => $lflags,
-# bn_ops => $bn_ops,
-# cpuid_obj => $cpuid_obj,
-# bn_obj => $bn_obj,
-# ec_obj => $ec_obj,
-# des_obj => $des_obj,
-# aes_obj => $aes_obj,
-# bf_obj => $bf_obj,
-# md5_obj => $md5_obj,
-# sha1_obj => $sha1_obj,
-# cast_obj => $cast_obj,
-# rc4_obj => $rc4_obj,
-# rmd160_obj => $rmd160_obj,
-# rc5_obj => $rc5_obj,
-# wp_obj => $wp_obj,
-# cmll_obj => $cmll_obj,
-# modes_obj => $modes_obj,
-# engines_obj => $engines_obj,
-# perlasm_scheme => $perlasm_scheme,
-# dso_scheme => $dso_scheme,
-# shared_target => $shared_target,
-# shared_cflag => $shared_cflag,
-# shared_ldflag => $shared_ldflag,
-# shared_extension => $shared_extension,
-# ranlib => $ranlib,
-# arflags => $arflags,
-# multilib => $multilib
-# }
+my $maxapi = "1.1.0"; # API for "no-deprecated" builds
+my $apitable = {
+ "1.1.0" => "0x10100000L",
+ "1.0.0" => "0x10000000L",
+ "0.9.8" => "0x00908000L",
+};
+
+# table of known configurations, read in from files
#
-# - new style config hash table, which has additional attributes for debug
-# and non-debug flags to be added to the common flags, for cflags and lflags:
+# The content of each entry comes in the form of config hash table,
+# which has additional attributes for debug and non-debug flags to be
+# added to the common flags, for cflags and lflags:
#
# {
# cc => $cc,
# cmll_obj => $cmll_obj,
# modes_obj => $modes_obj,
# engines_obj => $engines_obj,
+# chacha_obj => $wp_obj,
+# poly1305_obj => $cmll_obj,
# dso_scheme => $dso_scheme,
# shared_target => $shared_target,
# shared_cflag => $shared_cflag,
# multilib => $multilib
# }
#
-# The configuration reader will do what it can to translate everything into
-# new style config hash tables, including merging $target and debug-$target
-# if they are similar enough.
-#
# The configuration hashes can refer to templates in two different manners:
#
# - as part of the hash, one can have a key called 'inherit_from' that
# }
#
-my %table=(
+our %table=(
# All these templates are merely a translation of the corresponding
# variables further up.
template => 1,
cpuid_obj => "sparcv9cap.o sparccpuid.o",
bn_obj => "bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o",
+ ec_obj => "ecp_nistz256.o ecp_nistz256-sparcv9.o",
des_obj => "des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o",
aes_obj => "aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o",
md5_obj => "md5-sparcv9.o",
aarch64_asm => {
template => 1,
cpuid_obj => "armcap.o arm64cpuid.o mem_clr.o",
+ ec_obj => "ecp_nistz256.o ecp_nistz256-armv8.o",
bn_obj => "bn_asm.o armv8-mont.o",
aes_obj => "aes_core.o aes_cbc.o aesv8-armx.o vpaes-armv8.o",
sha1_obj => "sha1-armv8.o sha256-armv8.o sha512-armv8.o",
},
);
-{ my $no_asm_templates=0;
- foreach (@ARGV) { $no_asm_templates=1 if (/^\-?no\-asm$/); }
- sub asm { $no_asm_templates?():@_; }
-}
-
-
-sub stringtohash {
- my $in = shift @_;
- if (ref($in) eq "HASH") {
- return $in;
- }
- my @stringsequence = (
- "cc",
- "cflags",
- "unistd",
- "thread_cflag",
- "sys_id",
- "lflags",
- "bn_ops",
- "cpuid_obj",
- "bn_obj",
- "ec_obj",
- "des_obj",
- "aes_obj",
- "bf_obj",
- "md5_obj",
- "sha1_obj",
- "cast_obj",
- "rc4_obj",
- "rmd160_obj",
- "rc5_obj",
- "wp_obj",
- "cmll_obj",
- "modes_obj",
- "engines_obj",
- "perlasm_scheme",
- "dso_scheme",
- "shared_target",
- "shared_cflag",
- "shared_ldflag",
- "shared_extension",
- "ranlib",
- "arflags",
- "multilib",
- );
-
- # return a ref to a hash, that's what the outer braces are for.
- return { map { shift @stringsequence => $_ } split /:/, $in };
-};
-
-# Read configuration target stanzas from a file, so that people can have
-# local files with their own definitions
-sub read_config {
- my $fname = shift;
- open(CONFFILE, "< $fname")
- or die "Can't open configuration file '$fname'!\n";
- my $x = $/;
- undef $/;
- my $content = <CONFFILE>;
- $/ = $x;
- close(CONFFILE);
- my %targets = ();
- eval $content;
-
- # Make sure we have debug- targets first
- my @keys =
- sort {
- my $a_nd = $a =~ m/^debug-/ ? $' :$a;
- my $b_nd = $b =~ m/^debug-/ ? $' :$b;
- my $res = 0;
-
- if (($a_nd == $a) == ($b_nd == $b)) {
- # they are both debug- or not, compare them as they are
- $res = $a cmp $b;
- } elsif ($a_nd != $a) {
- # $a is debug-, make it lesser
- $res = -1;
- } else {
- # $b is debug-, make $a greater
- $res = 1;
- }
- $res;
- } keys %targets;
-
- foreach (@keys) {
- if (ref($targets{$_}) ne "HASH") {
- # Value is assumed to be a string. Split it up to
- # become a hash table of parameters. Also, try to
- # merge debug- variants with the non-debug target.
-
- # Start with converting the value from a string to a
- # standardised hash of fields. Using $tohash is safe,
- # if the input is already a hash ref, it's just returned
- # back.
- $targets{$_} = stringtohash($targets{$_});
-
- # If the current target is a debug target, there might
- # be a corresponding non-debug target that we can merge
- # with. If it isn't a debug- target, we've already done
- # as much merging as we can and do not need to bother
- # with that any more.
- if ($_ =~ m/^debug-/) {
- my $debugkey = $_;
- my $nondebugkey = $';
- my $debug = $targets{$debugkey};
- my $nondebug;
-
- if ($targets{$nondebugkey}) {
- $nondebug = stringtohash($targets{$nondebugkey});
- }
-
- if ($nondebug) {
- # There's both a debug and non-debug variant of
- # this target, so we should try to merge them
- # together.
-
- # First, check that the non-debug variant isn't
- # already built up with all it should have.
- if ($nondebug->{debug_cflags}
- || $nondebug->{release_cflags}
- || $nondebug->{debug_lflags}
- || $nondebug->{release_lflags}) {
- warn "there's a debug target $debugkey to be merged with a target $nondebugkey, but the latter seems to already have both nodebug and debug information. This requires human intervention. Skipping $debugkey...";
- next;
- }
-
- # Now, check similarity.
- # For keys they have in common, support that
- # cflags and lflags can differ, otherwise they
- # must have exactly the same values for them
- # to be merged into one.
- my $similarenough = 1;
- for (keys %{$debug}) {
- if ($nondebug->{$_} ne $debug->{$_}
- && $_ !~ m/^[cl]flags$/) {
- $similarenough = 0;
- last;
- }
- }
-
- if ($similarenough) {
- # Here's where the magic happens, split the
- # options in the debug and non-debug variants
- # cflags and ldflags into three strings each,
- # one with common flags, one with extra debug
- # flags and one with extra non-debug flags.
-
- # The result ends up in %h_nondebug, which
- # becomes the merged variant when we're done.
- # for each of cflags and lflags, they are
- # replaced with cflags, debug_cflags,
- # release_cflags and similar for lflags.
- #
- # The purpose is that 'cflags' should be
- # used together with 'debug_cflags' or
- # 'release_cflags' depending on what the
- # user asks for.
- foreach (("cflags", "lflags")) {
- my @list_d = split /\s+/, $debug->{$_};
- my @list_nd = split /\s+/, $nondebug->{$_};
- my %presence = (); # bitmap
- # 1: present in @list_d
- # 2: present in @list_nd
- # 3: present in both
- map { $presence{$_} += 1; } @list_d;
- map { $presence{$_} += 2; } @list_nd;
-
- delete $nondebug->{$_};
- # Note: we build from the original lists to
- # preserve order, it might be important
- $nondebug->{"debug-".$_} =
- join(" ",
- grep { $presence{$_} == 1 } @list_d);
- $nondebug->{"nodebug-".$_} =
- join(" ",
- grep { $presence{$_} == 2 } @list_nd);
- $nondebug->{$_} =
- join(" ",
- grep { $presence{$_} == 3 } @list_d);
- }
-
- $targets{$nondebugkey} = $nondebug;
- delete $targets{$debugkey};
- }
- }
- }
- }
- }
-
- %table = (%table, %targets);
-
- # Local function to resolve inheritance
- my $resolve_inheritance;
- $resolve_inheritance =
- sub {
- my $target = shift;
- my @breadcrumbs = @_;
-
- if (grep { $_ eq $target } @breadcrumbs) {
- die "inherit_from loop! target backtrace:\n "
- ,$target,"\n ",join("\n ", @breadcrumbs),"\n";
- }
-
- # Recurse through all inheritances. They will be resolved on
- # the fly, so when this operation is done, they will all just
- # be a bunch of attributes with string values.
- # What we get here, though, are keys with references to lists
- # of the combined values of them all. We will deal with lists
- # after this stage is done.
- my %combined_inheritance = ();
- if ($table{$target}->{inherit_from}) {
- foreach (@{$table{$target}->{inherit_from}}) {
- my %inherited_config =
- $resolve_inheritance->($_, $target, @breadcrumbs);
-
- # 'template' is a marker that's considered private to
- # the config that had it.
- delete $inherited_config{template};
-
- map {
- if (!$combined_inheritance{$_}) {
- $combined_inheritance{$_} = [];
- }
- push @{$combined_inheritance{$_}}, $inherited_config{$_};
- } keys %inherited_config;
- }
- }
+# Forward declarations ###############################################
- # We won't need inherit_from in this target any more, since
- # we've resolved all the inheritances that lead to this
- delete $table{$target}->{inherit_from};
-
- # Now is the time to deal with those lists. Here's the place
- # to decide what shall be done with those lists, all based on
- # the values of the target we're currently dealing with.
- # - If a value is a coderef, it will be executed with the list
- # of inherited values as arguments.
- # - If the corresponding key doesn't have a value at all or is
- # the emoty string, the inherited value list will be run
- # through the default combiner (below), and the result
- # becomes this target's value.
- # - Otherwise, this target's value is assumed to be a string
- # that will simply override the inherited list of values.
- my $default_combiner = sub { join(' ',@_) };
-
- my %all_keys =
- map { $_ => 1 } (keys %combined_inheritance,
- keys %{$table{$target}});
- foreach (sort keys %all_keys) {
-
- # Current target doesn't have a value for the current key?
- # Assign it the default combiner, the rest of this loop
- # body will handle it just like any other coderef.
- if (!exists $table{$target}->{$_}) {
- $table{$target}->{$_} = $default_combiner;
- }
-
- my $valuetype = ref($table{$target}->{$_});
- if ($valuetype eq "CODE") {
- # CODE reference, execute it with the inherited values
- # as arguments.
- $table{$target}->{$_} =
- $table{$target}->{$_}->(@{$combined_inheritance{$_}});
- } elsif ($valuetype eq "") {
- # Scalar, just leave it as is.
- } else {
- # Some other type of reference that we don't handle.
- # Better to abort at this point.
- die "cannot handle reference type $valuetype,"
- ," found in target $target -> $_\n";
- }
- }
+# read_config(filename)
+#
+# Reads a configuration file and populates %table with the contents
+# (which the configuration file places in %targets).
+sub read_config;
- # Finally done, return the result.
- %{$table{$target}};
- };
+# resolve_config(target)
+#
+# Resolves all the late evalutations, inheritances and so on for the
+# chosen target and any target it inherits from.
+sub resolve_config;
- # Go through all new targets and resolve inheritance and template
- # references.
- foreach (keys %targets) {
- # We're ignoring the returned values here, they are only valuable
- # to the inner recursion of this function.
- $resolve_inheritance->($_);
- }
-}
my ($vol, $dir, $dummy) = File::Spec->splitpath($0);
my $pattern = File::Spec->catpath($vol, $dir, "Configurations/*.conf");
my $threads=0;
my $no_shared=0; # but "no-shared" is default
my $zlib=1; # but "no-zlib" is default
-my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used
-my $no_rfc3779=1; # but "no-rfc3779" is default
+my $no_rfc3779=0;
my $no_asm=0;
my $no_dso=0;
-my $no_gmp=0;
my @skip=();
my $Makefile="Makefile";
my $des_locl="crypto/des/des_locl.h";
my $rc4_enc="rc4_enc.o rc4_skey.o";
my $rc5_enc="rc5_enc.o";
my $cmll_enc="camellia.o cmll_misc.o cmll_cbc.o";
+my $chacha_enc="chacha_enc.o";
my $processor="";
my $default_ranlib;
my $perl;
my $fips=0;
+# Known TLS and DTLS protocols
+my @tls = qw(ssl3 tls1 tls1_1 tls1_2);
+my @dtls = qw(dtls1 dtls1_2);
+
+# Explicitelly known options that are possible to disable. They can
+# be regexps, and will be used like this: /^no-${option}$/
+# For developers: keep it sorted alphabetically
+
+my @disablables = (
+ "aes",
+ "asm",
+ "bf",
+ "camellia",
+ "capieng",
+ "cast",
+ "chacha",
+ "cmac",
+ "cms",
+ "comp",
+ "crypto-mdebug",
+ "ct",
+ "deprecated",
+ "des",
+ "dgram",
+ "dh",
+ "dsa",
+ "dso",
+ "dtls",
+ "dynamic[-_]engine",
+ "ec",
+ "ec2m",
+ "ecdh",
+ "ecdsa",
+ "ec_nistp_64_gcc_128",
+ "engine",
+ "err", # Really???
+ "gost",
+ "heartbeats",
+ "hmac",
+ "hw(-.+)?",
+ "idea",
+ "jpake",
+ "locking", # Really???
+ "md2",
+ "md4",
+ "md5",
+ "mdc2",
+ "md[-_]ghost94",
+ "nextprotoneg",
+ "ocb",
+ "ocsp",
+ "poly1305",
+ "posix-io",
+ "psk",
+ "rc2",
+ "rc4",
+ "rc5",
+ "rdrand",
+ "rfc3779",
+ "rijndael", # Old AES name
+ "rmd160",
+ "rsa",
+ "scrypt",
+ "sct",
+ "sctp",
+ "seed",
+ "sha",
+ "shared",
+ "sock",
+ "srp",
+ "srtp",
+ "sse2",
+ "ssl",
+ "ssl-trace",
+ "static-engine",
+ "stdio",
+ "store",
+ "threads",
+ "tls",
+ "unit-test",
+ "whirlpool",
+ "zlib",
+ "zlib-dynamic",
+ );
+foreach my $proto ((@tls, @dtls))
+ {
+ push(@disablables, $proto);
+ push(@disablables, "$proto-method");
+ }
+
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
my %disabled = ( # "what" => "comment" [or special keyword "experimental"]
- "deprecated" => "default",
"ec_nistp_64_gcc_128" => "default",
- "gmp" => "default",
+ "egd" => "default",
"jpake" => "experimental",
"md2" => "default",
"rc5" => "default",
- "rfc3779" => "default",
- "sctp" => "default",
+ "sctp" => "default",
"shared" => "default",
"ssl-trace" => "default",
"store" => "experimental",
"unit-test" => "default",
"zlib" => "default",
- "zlib-dynamic" => "default"
+ "zlib-dynamic" => "default",
+ "crypto-mdebug" => "default",
);
my @experimental = ();
# This is what $depflags will look like with the above defaults
# (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
+my $default_depflags = " -DOPENSSL_NO_CRYPTO_MDEBUG -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
# Explicit "no-..." options will be collected in %disabled along with the defaults.
# To remove something from %disabled, use "enable-foo" (unless it's experimental).
my $openssl_sys_defines="";
my $openssl_other_defines;
my $libs;
-my $libkrb5="";
my $target;
my $options;
+my $api;
my $make_depend=0;
my %withargs=();
my $build_prefix = "release_";
$argvstring=join(' ',@argvcopy);
PROCESS_ARGS:
+ {
+ my %unsupported_options = ();
foreach (@argvcopy)
{
s /^-no-/no-/; # some people just can't read the instructions
s /^zlib$/enable-zlib/;
s /^zlib-dynamic$/enable-zlib-dynamic/;
+ if (/^(no|disable|enable|experimental)-(.+)$/)
+ {
+ my $word = $2;
+ if (!grep { $word =~ /^${_}$/ } @disablables)
+ {
+ $unsupported_options{$_} = 1;
+ next;
+ }
+ }
if (/^no-(.+)$/ || /^disable-(.+)$/)
{
if (!($disabled{$1} eq "experimental"))
{
- if ($1 eq "ssl")
+ foreach my $proto ((@tls, @dtls))
{
- $disabled{"ssl3"} = "option(ssl)";
+ if ($1 eq "$proto-method")
+ {
+ $disabled{"$proto"} = "option($proto-method)";
+ last;
+ }
}
- elsif ($1 eq "tls")
+ if ($1 eq "dtls")
{
- $disabled{"tls1"} = "option(tls)"
+ foreach my $proto (@dtls)
+ {
+ $disabled{$proto} = "option(dtls)";
+ }
}
- elsif ($1 eq "ssl3-method")
+ elsif ($1 eq "ssl")
{
- $disabled{"ssl3-method"} = "option(ssl)";
+ # Last one of its kind
$disabled{"ssl3"} = "option(ssl)";
}
+ elsif ($1 eq "tls")
+ {
+ # XXX: Tests will fail if all SSL/TLS
+ # protocols are disabled.
+ foreach my $proto (@tls)
+ {
+ $disabled{$proto} = "option(tls)";
+ }
+ }
else
{
$disabled{$1} = "option";
$threads = 1 if ($algo eq "threads");
}
- elsif (/^--test-sanity$/)
- {
- exit(&test_sanity());
- }
elsif (/^--strict-warnings$/)
{
$strict_warnings = 1;
{
if (open(IN,"<$Makefile"))
{
+ my $config_args_found=0;
while (<IN>)
{
chomp;
if (grep(/^reconf/,@argvcopy));
print "Reconfiguring with: $argvstring\n";
$argv_unprocessed=1;
- close(IN);
- last PROCESS_ARGS;
+ $config_args_found=1;
+ }
+ elsif (/^CROSS_COMPILE=\s*(.*)/)
+ {
+ $ENV{CROSS_COMPILE}=$1;
+ }
+ elsif (/^CC=\s*(?:\$\(CROSS_COMPILE\))?(.*?)$/)
+ {
+ $ENV{CC}=$1;
}
}
close(IN);
+ last PROCESS_ARGS if ($config_args_found);
}
die "Insufficient data to reconfigure, please do a normal configuration\n";
}
{
$prefix=$1;
}
+ elsif (/^--api=(.*)$/)
+ {
+ $api=$1;
+ }
elsif (/^--libdir=(.*)$/)
{
$libdir=$1;
{
$install_prefix=$1;
}
- elsif (/^--with-krb5-(dir|lib|include|flavor)=(.*)$/)
- {
- $withargs{"krb5-".$1}=$2;
- }
elsif (/^--with-zlib-lib=(.*)$/)
{
$withargs{"zlib-lib"}=$1;
{ $options .= " ".$_; }
}
}
- }
+ if (defined($api) && !exists $apitable->{$api}) {
+ die "***** Unsupported api compatibility level: $api\n",
+ }
+
+ if (keys %unsupported_options)
+ {
+ die "***** Unsupported options: ",
+ join(", ", keys %unsupported_options), "\n";
+ }
+ }
+ }
if ($processor eq "386")
$disabled{"sse2"} = "forced";
}
-if (!defined($withargs{"krb5-flavor"}) || $withargs{"krb5-flavor"} eq "")
- {
- $disabled{"krb5"} = "krb5-flavor not specified";
- }
-
if (!defined($disabled{"zlib-dynamic"}))
{
# "zlib-dynamic" was specifically enabled, so enable "zlib"
$disabled{"ecdh"} = "forced";
}
-# SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH
+# SSL 3.0 requires MD5 and SHA and either RSA or DSA+DH
if (defined($disabled{"md5"}) || defined($disabled{"sha"})
|| (defined($disabled{"rsa"})
- && (defined($disabled{"dsa"}) || defined($disabled{"dh"}))))
+ && (defined($disabled{"dsa"}) || defined($disabled{"dh"}))))
{
$disabled{"ssl3"} = "forced";
+ $disabled{"ssl"} = "forced";
+ }
+
+# (D)TLS 1.0 and TLS 1.1 require MD5 and SHA and either RSA or DSA+DH
+# or ECDSA + ECDH. (XXX: We don't support PSK-only builds).
+#
+if (defined($disabled{"md5"}) || defined($disabled{"sha"})
+ || (defined($disabled{"rsa"})
+ && (defined($disabled{"dsa"}) || defined($disabled{"dh"}))
+ && (defined($disabled{"ecdsa"}) || defined($disabled{"ecdh"}))))
+ {
$disabled{"tls1"} = "forced";
+ $disabled{"dtls1"} = "forced";
+ $disabled{"tls1_1"} = "forced";
+ }
+
+# (D)TLS 1.2 requires either RSA or DSA+DH or ECDSA + ECDH
+# So if all are missing, we can't do either TLS or DTLS.
+# (XXX: We don't support PSK-only builds).
+#
+if (defined($disabled{"rsa"})
+ && (defined($disabled{"dsa"}) || defined($disabled{"dh"}))
+ && (defined($disabled{"ecdsa"}) || defined($disabled{"ecdh"})))
+ {
+ $disabled{"tls"} = "forced";
+ $disabled{"dtls"} = "forced";
+ foreach my $proto ((@tls, @dtls))
+ {
+ $disabled{"$proto"} = "forced";
+ }
}
-if (defined($disabled{"tls1"}))
+
+# Avoid protocol support holes. Also disable all versions below N, if version
+# N is disabled while N+1 is enabled.
+#
+my $prev_disabled = 1;
+my $force_disable = 0;
+foreach my $proto (reverse(@tls))
{
- $disabled{"tlsext"} = "forced";
+ if ($force_disable)
+ {
+ $disabled{$proto} = 1;
+ }
+ elsif (! defined($disabled{$proto}))
+ {
+ $prev_disabled = 0;
+ }
+ elsif (! $prev_disabled)
+ {
+ $force_disable = 1;
+ }
+ }
+my $prev_disabled = 1;
+my $force_disable = 0;
+foreach my $proto (reverse(@dtls))
+ {
+ if ($force_disable)
+ {
+ $disabled{$proto} = 1;
+ }
+ elsif (! defined($disabled{$proto}))
+ {
+ $prev_disabled = 0;
+ }
+ elsif (! $prev_disabled)
+ {
+ $force_disable = 1;
+ }
}
-if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
- || defined($disabled{"dh"}))
+if (defined($disabled{"dgram"}))
{
- $disabled{"gost"} = "forced";
+ $disabled{"dtls"} = "forced";
+ $disabled{"dtls1"} = "forced";
+ $disabled{"dtls1_2"} = "forced";
}
-# SRP and HEARTBEATS require TLSEXT
-if (defined($disabled{"tlsext"}))
+if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
+ || defined($disabled{"dh"}) || defined($disabled{"stdio"}))
{
- $disabled{"srp"} = "forced";
- $disabled{"heartbeats"} = "forced";
+ $disabled{"gost"} = "forced";
}
+
if ($target eq "TABLE") {
foreach $target (sort keys %table) {
print_table_entry($target, "TABLE");
# If we do not find debug-foo in the table, the target is set to foo,
# but only if the foo target has a noon-empty debug_cflags or debug_lflags
# attribute.
- if (!$table{$target} && ($table{$t}->{debug_cflags}
- || $table{$t}->{debug_lflags})) {
+ if (!$table{$target}) {
$target = $t;
}
}
+my %target = resolve_config($target);
-&usage if (!defined($table{$target})
- || $table{$target}->{template}
- || ($build_prefix eq "debug_"
- && $target !~ /^debug-/
- && !($table{$target}->{debug_cflags}
- || $table{$target}->{debug_lflags})));
+&usage if (!%target || $target{template});
if ($fips)
{
$openssl_algorithm_defines .= "#define OPENSSL_NO_$ALGO\n";
print " OPENSSL_NO_$ALGO";
- if (/^krb5$/)
- { $no_krb5 = 1; }
- else
- {
- push @skip, $algo;
- # fix-up crypto/directory name(s)
- $skip[$#skip]="whrlpool" if $algo eq "whirlpool";
- $skip[$#skip]="ripemd" if $algo eq "rmd160";
+ push @skip, $algo;
+ # fix-up crypto/directory name(s)
+ $skip[$#skip]="whrlpool" if $algo eq "whirlpool";
+ $skip[$#skip]="ripemd" if $algo eq "rmd160";
- print " (skip dir)";
+ print " (skip dir)";
- $depflags .= " -DOPENSSL_NO_$ALGO";
- }
+ $depflags .= " -DOPENSSL_NO_$ALGO";
}
}
print "IsMK1MF=$IsMK1MF\n";
# Allow environment CC to override compiler...
-my $cc = $ENV{CC} || $table{$target}->{cc};
+my $cc = $ENV{CC} || $target{cc};
# For cflags and lflags, add the debug_ or release_ attributes
# Do it in such a way that no spurious space is appended (hence the grep).
my $cflags = join(" ",
- grep { $_ } ($table{$target}->{cflags},
- $table{$target}->{$build_prefix."cflags"}));
+ grep { $_ } ($target{cflags},
+ $target{$build_prefix."cflags"}));
my $lflags = join(" ",
- grep { $_ } ($table{$target}->{lflags},
- $table{$target}->{$build_prefix."lflags"}));
-
-my $unistd = $table{$target}->{unistd};
-my $thread_cflag = $table{$target}->{thread_cflag};
-my $sys_id = $table{$target}->{sys_id};
-my $bn_ops = $table{$target}->{bn_ops};
-my $cpuid_obj = $table{$target}->{cpuid_obj};
-my $bn_obj = $table{$target}->{bn_obj};
-my $ec_obj = $table{$target}->{ec_obj};
-my $des_obj = $table{$target}->{des_obj};
-my $aes_obj = $table{$target}->{aes_obj};
-my $bf_obj = $table{$target}->{bf_obj};
-my $md5_obj = $table{$target}->{md5_obj};
-my $sha1_obj = $table{$target}->{sha1_obj};
-my $cast_obj = $table{$target}->{cast_obj};
-my $rc4_obj = $table{$target}->{rc4_obj};
-my $rmd160_obj = $table{$target}->{rmd160_obj};
-my $rc5_obj = $table{$target}->{rc5_obj};
-my $wp_obj = $table{$target}->{wp_obj};
-my $cmll_obj = $table{$target}->{cmll_obj};
-my $modes_obj = $table{$target}->{modes_obj};
-my $engines_obj = $table{$target}->{engines_obj};
-my $perlasm_scheme = $table{$target}->{perlasm_scheme};
-my $dso_scheme = $table{$target}->{dso_scheme};
-my $shared_target = $table{$target}->{shared_target};
-my $shared_cflag = $table{$target}->{shared_cflag};
-my $shared_ldflag = $table{$target}->{shared_ldflag};
-my $shared_extension = $table{$target}->{shared_extension};
-my $ranlib = $ENV{'RANLIB'} || $table{$target}->{ranlib};
+ grep { $_ } ($target{lflags},
+ $target{$build_prefix."lflags"}));
+
+my $unistd = $target{unistd};
+my $thread_cflag = $target{thread_cflag};
+my $sys_id = $target{sys_id};
+my $bn_ops = $target{bn_ops};
+my $cpuid_obj = $target{cpuid_obj};
+my $bn_obj = $target{bn_obj};
+my $ec_obj = $target{ec_obj};
+my $des_obj = $target{des_obj};
+my $aes_obj = $target{aes_obj};
+my $bf_obj = $target{bf_obj};
+my $md5_obj = $target{md5_obj};
+my $sha1_obj = $target{sha1_obj};
+my $cast_obj = $target{cast_obj};
+my $rc4_obj = $target{rc4_obj};
+my $rmd160_obj = $target{rmd160_obj};
+my $rc5_obj = $target{rc5_obj};
+my $wp_obj = $target{wp_obj};
+my $cmll_obj = $target{cmll_obj};
+my $modes_obj = $target{modes_obj};
+my $engines_obj = $target{engines_obj};
+my $chacha_obj = $target{chacha_obj};
+my $poly1305_obj = $target{poly1305_obj};
+my $perlasm_scheme = $target{perlasm_scheme};
+my $dso_scheme = $target{dso_scheme};
+my $shared_target = $target{shared_target};
+my $shared_cflag = $target{shared_cflag};
+my $shared_ldflag = $target{shared_ldflag};
+my $shared_extension = $target{shared_extension};
+my $ranlib = $ENV{'RANLIB'} || $target{ranlib};
my $ar = $ENV{'AR'} || "ar";
-my $arflags = $table{$target}->{arflags};
-my $multilib = $table{$target}->{multilib};
+my $arflags = $target{arflags};
+my $multilib = $target{multilib};
# if $prefix/lib$multilib is not an existing directory, then
# assume that it's not searched by linker automatically, in
if ($flags ne "") { $cflags="$flags$cflags"; }
else { $no_user_cflags=1; }
-# Kerberos settings. The flavor must be provided from outside, either through
-# the script "config" or manually.
-if (!$no_krb5)
- {
- my ($lresolv, $lpath, $lext);
- if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/)
- {
- die "Sorry, Heimdal is currently not supported\n";
- }
- ##### HACK to force use of Heimdal.
- ##### WARNING: Since we don't really have adequate support for Heimdal,
- ##### using this will break the build. You'll have to make
- ##### changes to the source, and if you do, please send
- ##### patches to openssl-dev@openssl.org
- if ($withargs{"krb5-flavor"} =~ /^force-[Hh]eimdal$/)
- {
- warn "Heimdal isn't really supported. Your build WILL break\n";
- warn "If you fix the problems, please send a patch to openssl-dev\@openssl.org\n";
- $withargs{"krb5-dir"} = "/usr/heimdal"
- if $withargs{"krb5-dir"} eq "";
- $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
- "/lib -lgssapi -lkrb5 -lcom_err"
- if $withargs{"krb5-lib"} eq "" && !$IsMK1MF;
- $cflags="-DKRB5_HEIMDAL $cflags";
- }
- if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/)
- {
- $withargs{"krb5-dir"} = "/usr/kerberos"
- if $withargs{"krb5-dir"} eq "";
- $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
- "/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto"
- if $withargs{"krb5-lib"} eq "" && !$IsMK1MF;
- $cflags="-DKRB5_MIT $cflags";
- $withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//;
- if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/)
- {
- $cflags="-DKRB5_MIT_OLD11 $cflags";
- }
- }
- LRESOLV:
- foreach $lpath ("/lib", "/usr/lib")
- {
- foreach $lext ("a", "so")
- {
- $lresolv = "$lpath/libresolv.$lext";
- last LRESOLV if (-r "$lresolv");
- $lresolv = "";
- }
- }
- $withargs{"krb5-lib"} .= " -lresolv"
- if ("$lresolv" ne "");
- $withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include"
- if $withargs{"krb5-include"} eq "" &&
- $withargs{"krb5-dir"} ne "";
- }
-
# The DSO code currently always implements all functions so that no
# applications will have to worry about that from a compilation point
# of view. However, the "method"s may return zero unless that platform
{
$cpuid_obj=$bn_obj=$ec_obj=
$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj=
- $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj="";
+ $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj=
+ $chacha_obj=$poly1305_obj="";
$cflags=~s/\-D[BL]_ENDIAN// if ($fips);
$thread_cflags=~s/\-D[BL]_ENDIAN// if ($fips);
}
}
}
-#Build the library with OPENSSL_USE_DEPRECATED if deprecation is not disabled
-if(!defined($disabled{"deprecated"}))
- {
- $cflags = "-DOPENSSL_USE_DEPRECATED $cflags";
- }
+# With "deprecated" disable all deprecated features.
+if (defined($disabled{"deprecated"})) {
+ $api = $maxapi;
+}
-# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
+# You will find shlib_mark1 and shlib_mark2 explained in Makefile.in
my $shared_mark = "";
if ($shared_target eq "")
{
# linker only when --prefix is not /usr.
if ($target =~ /^BSD\-/)
{
- $shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
+ $shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
}
if ($sys_id ne "")
{
$cflags.=" -DECP_NISTZ256_ASM";
}
+$chacha_obj=$chacha_enc unless ($chacha_obj =~ /\.o$/);
+if ($poly1305_obj =~ /\.o$/)
+ {
+ $cflags.=" -DPOLY1305_ASM";
+ }
# "Stringify" the C flags string. This permits it to be made part of a string
# and works as well on command lines.
while (<IN>)
{
$version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
- $version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/;
+ $version_num=$1 if /OPENSSL.VERSION.NUMBER.*(0x\S+)/;
$shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/;
$shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/;
}
$shlib_minor=$2;
}
+if (defined($api)) {
+ my $apiflag = sprintf("-DOPENSSL_API_COMPAT=%s", $apitable->{$api});
+ $default_depflags .= " $apiflag";
+ $cflags .= " $apiflag";
+}
+
+my $ecc = $cc;
+$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
+
if ($strict_warnings)
{
my $wopt;
- die "ERROR --strict-warnings requires gcc or clang" unless ($cc =~ /gcc$/ or $cc =~ /clang$/);
+ die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc(-\d(\.\d)*)?$/ or $ecc =~ /clang$/);
foreach $wopt (split /\s+/, $gcc_devteam_warn)
{
- $cflags .= " $wopt" unless ($cflags =~ /$wopt/)
+ $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
+ }
+ if ($ecc eq "clang")
+ {
+ foreach $wopt (split /\s+/, $clang_devteam_warn)
+ {
+ $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
+ }
}
+ if ($target !~ /^mingw/)
+ {
+ foreach $wopt (split /\s+/, $memleak_devteam_backtrace)
+ {
+ $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
+ }
+ if ($target =~ /^BSD-/)
+ {
+ $lflags .= " -lexecinfo";
+ }
+ }
}
-open(IN,"<Makefile.org") || die "unable to read Makefile.org:$!\n";
+open(IN,"<Makefile.in") || die "unable to read Makefile.in$!\n";
unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
+print OUT "### Generated automatically from Makefile.in by Configure.\n\n";
my $sdirs=0;
while (<IN>)
$sdirs = 0 unless /\\$/;
s/fips // if (/^DIRS=/ && !$fips);
s/engines // if (/^DIRS=/ && $disabled{"engine"});
- s/ccgost// if (/^ENGDIRS=/ && $disabled{"gost"});
s/^VERSION=.*/VERSION=$version/;
s/^MAJOR=.*/MAJOR=$major/;
s/^MINOR=.*/MINOR=$minor/;
s/^CC=.*$/CC= $cc/;
s/^AR=\s*ar/AR= $ar/;
s/^RANLIB=.*/RANLIB= $ranlib/;
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc" || ($cc eq 'cc' && $target =~ /darwin/);
+ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang";
}
s/^CFLAG=.*$/CFLAG= $cflags/;
s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
s/^WP_ASM_OBJ=.*$/WP_ASM_OBJ= $wp_obj/;
s/^CMLL_ENC=.*$/CMLL_ENC= $cmll_obj/;
s/^MODES_ASM_OBJ.=*$/MODES_ASM_OBJ= $modes_obj/;
+ s/^CHACHA_ENC=.*$/CHACHA_ENC= $chacha_obj/;
+ s/^POLY1305_ASM_OBJ=.*$/POLY1305_ASM_OBJ= $poly1305_obj/;
s/^ENGINES_ASM_OBJ.=*$/ENGINES_ASM_OBJ= $engines_obj/;
s/^PERLASM_SCHEME=.*$/PERLASM_SCHEME= $perlasm_scheme/;
s/^PROCESSOR=.*/PROCESSOR= $processor/;
s/^ARFLAGS=.*/ARFLAGS= $arflags/;
s/^PERL=.*/PERL= $perl/;
- s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
- s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/;
s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
}
close(IN);
close(OUT);
-rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
+rename($Makefile,"$Makefile.orig") || die "unable to rename $Makefile\n" if -e $Makefile;
rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
print "CC =$cc\n";
print "CMLL_ENC =$cmll_obj\n";
print "MODES_OBJ =$modes_obj\n";
print "ENGINES_OBJ =$engines_obj\n";
+print "CHACHA_ENC =$chacha_obj\n";
+print "POLY1305_OBJ =$poly1305_obj\n";
print "PROCESSOR =$processor\n";
print "RANLIB =$ranlib\n";
print "ARFLAGS =$arflags\n";
print "PERL =$perl\n";
-print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n"
- if $withargs{"krb5-include"} ne "";
my $des_ptr=0;
my $des_risc1=0;
print OUT "extern \"C\" {\n";
print OUT "#endif\n";
print OUT "/* OpenSSL was configured with the following options: */\n";
+
+my $openssl_api_defines = "";
+if (defined($api)) {
+ $openssl_api_defines = sprintf "#define OPENSSL_MIN_API %s\n", $apitable->{$api};
+}
my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
$openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n# endif\n#endif/mg;
$openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n# define $1\n# endif/mg;
$openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
$openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
$openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
+
print OUT $openssl_sys_defines;
print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n";
print OUT $openssl_experimental_defines;
+print OUT $openssl_api_defines;
print OUT "\n";
print OUT $openssl_algorithm_defines;
print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n\n";
{ printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; }
elsif (/^#((define)|(undef))\s+BN_LLONG\s*$/)
{ printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; }
- elsif (/^\#define\s+DES_LONG\s+.*/)
- { printf OUT "#define DES_LONG unsigned %s\n",
+ elsif (/^\#define\s+OSSL_DES_LONG\s+.*/)
+ { printf OUT "#define OSSL_DES_LONG unsigned %s\n",
($des_int)?'int':'long'; }
elsif (/^\#(define|undef)\s+DES_PTR/)
{ printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; }
print "BF_PTR used\n" if $bf_ptr == 1;
print "BF_PTR2 used\n" if $bf_ptr == 2;
+# Copy all Makefile.in to Makefile (except top-level)
+use File::Find;
+use IO::File;
+find(sub {
+ return if ($_ ne "Makefile.in" || $File::Find::dir eq ".");
+ my $in = IO::File->new($_, "r") or
+ die sprintf "Error reading Makefile.in in %s: !$\n",
+ $File::Find::dir;
+ my $out = IO::File->new("Makefile", "w") or
+ die sprintf "Error writing Makefile in %s: !$\n",
+ $File::Find::dir;
+ print $out "# Generated from $_, do not edit\n";
+ while (my $line = <$in>) { print $out $line }
+ $in->close() or
+ die sprintf "Error reading Makefile.in in %s: !$\n",
+ $File::Find::dir;
+ $out->close() or
+ die sprintf "Error writing Makefile in %s: !$\n",
+ $File::Find::dir;
+ }, ".");
+
+{
+ my $perlguess = $perl =~ m@^/@ ? $perl : '/usr/local/bin/perl';
+
+ &dofile("tools/c_rehash",$perlguess,
+ '^#!/' => '#!%s',
+ '^my \$dir;$' => 'my $dir = "' . $openssldir . '";',
+ '^my \$prefix;$' => 'my $prefix = "' . $prefix . '";');
+ &dofile("apps/CA.pl",$perl,
+ '^#!/' => '#!%s');
+}
if($IsMK1MF) {
open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
- printf OUT <<EOF;
+ printf OUT <<"EOF";
#ifndef MK1MF_BUILD
/* auto-generated by Configure for crypto/cversion.c:
* for Unix builds, crypto/Makefile.ssl generates functional definitions;
$make_targets .= " depend" if $depflags ne $default_depflags && $make_depend;
(system $make_command.$make_targets) == 0 or die "make $make_targets failed"
if $make_targets ne "";
- if ( $perl =~ m@^/@) {
- &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
- &dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
- } else {
- # No path for Perl known ...
- &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
- &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
- }
if ($depflags ne $default_depflags && !$make_depend) {
- print <<EOF;
-
-Since you've disabled or enabled at least one algorithm, you need to do
-the following before building:
-
- make depend
-EOF
- }
+ $warn_make_depend++;
+ }
}
# create the ms/version32.rc file if needed
if ($IsMK1MF && ($target !~ /^netware/)) {
my ($v1, $v2, $v3, $v4);
- if ($version_num =~ /(^[0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) {
+ if ($version_num =~ /^0x([0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{1})L$/i) {
$v1=hex $1;
$v2=hex $2;
$v3=hex $3;
$v4=hex $4;
}
open (OUT,">ms/version32.rc") || die "Can't open ms/version32.rc";
- print OUT <<EOF;
+ print OUT <<"EOF";
#include <winver.h>
LANGUAGE 0x09,0x01
VALUE "ProductVersion", "$version\\0"
// Optional:
//VALUE "Comments", "\\0"
- VALUE "LegalCopyright", "Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
+ VALUE "LegalCopyright", "Copyright © 1998-2015 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
//VALUE "LegalTrademarks", "\\0"
//VALUE "PrivateBuild", "\\0"
//VALUE "SpecialBuild", "\\0"
close(OUT);
}
-print <<EOF;
+print <<"EOF";
Configured for $target.
EOF
-print <<\EOF if (!$no_threads && !$threads);
+print <<"EOF" if (!$no_threads && !$threads);
The library could not be configured for supporting multi-threaded
applications as the compiler options required on this system are not known.
See file INSTALL for details if you need multi-threading.
EOF
-print <<\EOF if ($no_shared_warn);
+print <<"EOF" if ($no_shared_warn);
+
+You gave the option 'shared', which is not supported on this platform, so
+we will pretend you gave the option 'no-shared'. If you know how to implement
+shared libraries, please let us know (but please first make sure you have
+tried with a current version of OpenSSL).
+EOF
+
+print <<"EOF" if ($warn_make_depend);
-You gave the option 'shared'. Normally, that would give you shared libraries.
-Unfortunately, the OpenSSL configuration doesn't include shared library support
-for this platform yet, so it will pretend you gave the option 'no-shared'. If
-you can inform the developpers (openssl-dev\@openssl.org) how to support shared
-libraries on this platform, they will at least look at it and try their best
-(but please first make sure you have tried with a current version of OpenSSL).
+*** Because of configuration changes, you MUST do the following before
+*** building:
+
+ make depend
EOF
exit(0);
+######################################################################
+#
+# Helpers and utility functions
+#
+
+# Configuration file reading #########################################
+
+# Helper function to implement conditional inheritance depending on the
+# value of $no_asm. Used in inherit_from values as follows:
+#
+# inherit_from => [ "template", asm("asm_tmpl") ]
+#
+sub asm {
+ my @x = @_;
+ sub {
+ $no_asm ? () : @x;
+ }
+}
+
+# configuration reader, evaluates the input file as a perl script and expects
+# it to fill %targets with target configurations. Those are then added to
+# %table.
+sub read_config {
+ my $fname = shift;
+ open(CONFFILE, "< $fname")
+ or die "Can't open configuration file '$fname'!\n";
+ my $x = $/;
+ undef $/;
+ my $content = <CONFFILE>;
+ $/ = $x;
+ close(CONFFILE);
+ my %targets = ();
+ {
+ local %table = %::table; # Protect %table from tampering
+
+ eval $content;
+ warn $@ if $@;
+ }
+
+ # For each target, check that it's configured with a hash table.
+ foreach (keys %targets) {
+ if (ref($targets{$_}) ne "HASH") {
+ if (ref($targets{$_}) eq "") {
+ warn "Deprecated target configuration for $_, ignoring...\n";
+ } else {
+ warn "Misconfigured target configuration for $_ (should be a hash table), ignoring...\n";
+ }
+ delete $targets{$_};
+ }
+ }
+
+ %table = (%table, %targets);
+
+}
+
+# configuration resolver. Will only resolve all the lazy evalutation
+# codeblocks for the chozen target and all those it inherits from,
+# recursively
+sub resolve_config {
+ my $target = shift;
+ my @breadcrumbs = @_;
+
+ if (grep { $_ eq $target } @breadcrumbs) {
+ die "inherit_from loop! target backtrace:\n "
+ ,$target,"\n ",join("\n ", @breadcrumbs),"\n";
+ }
+
+ if (!defined($table{$target})) {
+ warn "Warning! target $target doesn't exist!\n";
+ return ();
+ }
+ # Recurse through all inheritances. They will be resolved on the
+ # fly, so when this operation is done, they will all just be a
+ # bunch of attributes with string values.
+ # What we get here, though, are keys with references to lists of
+ # the combined values of them all. We will deal with lists after
+ # this stage is done.
+ my %combined_inheritance = ();
+ if ($table{$target}->{inherit_from}) {
+ my @inherit_from =
+ map { ref($_) eq "CODE" ? $_->() : $_ } @{$table{$target}->{inherit_from}};
+ foreach (@inherit_from) {
+ my %inherited_config = resolve_config($_, $target, @breadcrumbs);
+
+ # 'template' is a marker that's considered private to
+ # the config that had it.
+ delete $inherited_config{template};
+
+ map {
+ if (!$combined_inheritance{$_}) {
+ $combined_inheritance{$_} = [];
+ }
+ push @{$combined_inheritance{$_}}, $inherited_config{$_};
+ } keys %inherited_config;
+ }
+ }
+
+ # We won't need inherit_from in this target any more, since we've
+ # resolved all the inheritances that lead to this
+ delete $table{$target}->{inherit_from};
+
+ # Now is the time to deal with those lists. Here's the place to
+ # decide what shall be done with those lists, all based on the
+ # values of the target we're currently dealing with.
+ # - If a value is a coderef, it will be executed with the list of
+ # inherited values as arguments.
+ # - If the corresponding key doesn't have a value at all or is the
+ # emoty string, the inherited value list will be run through the
+ # default combiner (below), and the result becomes this target's
+ # value.
+ # - Otherwise, this target's value is assumed to be a string that
+ # will simply override the inherited list of values.
+ my $default_combiner = sub { join(' ',@_) };
+
+ my %all_keys =
+ map { $_ => 1 } (keys %combined_inheritance,
+ keys %{$table{$target}});
+ foreach (sort keys %all_keys) {
+
+ # Current target doesn't have a value for the current key?
+ # Assign it the default combiner, the rest of this loop body
+ # will handle it just like any other coderef.
+ if (!exists $table{$target}->{$_}) {
+ $table{$target}->{$_} = $default_combiner;
+ }
+
+ my $valuetype = ref($table{$target}->{$_});
+ if ($valuetype eq "CODE") {
+ # CODE reference, execute it with the inherited values as
+ # arguments.
+ $table{$target}->{$_} =
+ $table{$target}->{$_}->(@{$combined_inheritance{$_}});
+ } elsif ($valuetype eq "") {
+ # Scalar, just leave it as is.
+ } else {
+ # Some other type of reference that we don't handle.
+ # Better to abort at this point.
+ die "cannot handle reference type $valuetype,"
+ ," found in target $target -> $_\n";
+ }
+ }
+
+ # Finally done, return the result.
+ return %{$table{$target}};
+}
+
sub usage
{
print STDERR $usage;
my $k=0;
foreach $i (sort keys %table)
{
+ next if $table{$i}->{template};
next if $i =~ /^debug/;
$k += length($i) + 1;
if ($k > 78)
}
foreach $i (sort keys %table)
{
+ next if $table{$i}->{template};
next if $i !~ /^debug/;
$k += length($i) + 1;
if ($k > 78)
sub print_table_entry
{
my $target = shift;
+ my %target = resolve_config($target);
my $type = shift;
# Don't print the templates
- return if $table{$target}->{template};
+ return if $target{template};
if ($type eq "TABLE") {
- print <<EOF
+ print <<"EOF"
*** $target
-\$cc = $table{$target}->{cc}
-\$cflags = $table{$target}->{cflags}
-\$debug_cflags = $table{$target}->{debug_cflags}
-\$release_cflags = $table{$target}->{release_cflags}
-\$unistd = $table{$target}->{unistd}
-\$thread_cflag = $table{$target}->{thread_cflag}
-\$sys_id = $table{$target}->{sys_id}
-\$lflags = $table{$target}->{lflags}
-\$debug_lflags = $table{$target}->{debug_lflags}
-\$release_lflags = $table{$target}->{release_lflags}
-\$bn_ops = $table{$target}->{bn_ops}
-\$cpuid_obj = $table{$target}->{cpuid_obj}
-\$bn_obj = $table{$target}->{bn_obj}
-\$ec_obj = $table{$target}->{ec_obj}
-\$des_obj = $table{$target}->{des_obj}
-\$aes_obj = $table{$target}->{aes_obj}
-\$bf_obj = $table{$target}->{bf_obj}
-\$md5_obj = $table{$target}->{md5_obj}
-\$sha1_obj = $table{$target}->{sha1_obj}
-\$cast_obj = $table{$target}->{cast_obj}
-\$rc4_obj = $table{$target}->{rc4_obj}
-\$rmd160_obj = $table{$target}->{rmd160_obj}
-\$rc5_obj = $table{$target}->{rc5_obj}
-\$wp_obj = $table{$target}->{wp_obj}
-\$cmll_obj = $table{$target}->{cmll_obj}
-\$modes_obj = $table{$target}->{modes_obj}
-\$engines_obj = $table{$target}->{engines_obj}
-\$perlasm_scheme = $table{$target}->{perlasm_scheme}
-\$dso_scheme = $table{$target}->{dso_scheme}
-\$shared_target= $table{$target}->{shared_target}
-\$shared_cflag = $table{$target}->{shared_cflag}
-\$shared_ldflag = $table{$target}->{shared_ldflag}
-\$shared_extension = $table{$target}->{shared_extension}
-\$ranlib = $table{$target}->{ranlib}
-\$arflags = $table{$target}->{arflags}
-\$multilib = $table{$target}->{multilib}
+\$cc = $target{cc}
+\$cflags = $target{cflags}
+\$debug_cflags = $target{debug_cflags}
+\$release_cflags = $target{release_cflags}
+\$unistd = $target{unistd}
+\$thread_cflag = $target{thread_cflag}
+\$sys_id = $target{sys_id}
+\$lflags = $target{lflags}
+\$debug_lflags = $target{debug_lflags}
+\$release_lflags = $target{release_lflags}
+\$bn_ops = $target{bn_ops}
+\$cpuid_obj = $target{cpuid_obj}
+\$bn_obj = $target{bn_obj}
+\$ec_obj = $target{ec_obj}
+\$des_obj = $target{des_obj}
+\$aes_obj = $target{aes_obj}
+\$bf_obj = $target{bf_obj}
+\$md5_obj = $target{md5_obj}
+\$sha1_obj = $target{sha1_obj}
+\$cast_obj = $target{cast_obj}
+\$rc4_obj = $target{rc4_obj}
+\$rmd160_obj = $target{rmd160_obj}
+\$rc5_obj = $target{rc5_obj}
+\$wp_obj = $target{wp_obj}
+\$cmll_obj = $target{cmll_obj}
+\$modes_obj = $target{modes_obj}
+\$engines_obj = $target{engines_obj}
+\$chacha_obj = $target{chacha_obj}
+\$poly1305_obj = $target{poly1305_obj}
+\$perlasm_scheme = $target{perlasm_scheme}
+\$dso_scheme = $target{dso_scheme}
+\$shared_target= $target{shared_target}
+\$shared_cflag = $target{shared_cflag}
+\$shared_ldflag = $target{shared_ldflag}
+\$shared_extension = $target{shared_extension}
+\$ranlib = $target{ranlib}
+\$arflags = $target{arflags}
+\$multilib = $target{multilib}
EOF
} elsif ($type eq "HASH") {
my @sequence = (
"cmll_obj",
"modes_obj",
"engines_obj",
+ "chacha_obj",
+ "poly1305_obj",
"perlasm_scheme",
"dso_scheme",
"shared_target",
length((sort { length($a) <=> length($b) } @sequence)[-1]);
print " '$target' => {\n";
foreach (@sequence) {
- if ($table{$target}->{$_}) {
- print " '",$_,"'"," " x ($largest - length($_))," => '",$table{$target}->{$_},"',\n";
+ if ($target{$_}) {
+ print " '",$_,"'"," " x ($largest - length($_))," => '",$target{$_},"',\n";
}
}
print " },\n";
}
}
-
-sub test_sanity
- {
- my $errorcnt = 0;
-
- print STDERR "=" x 70, "\n";
- print STDERR "=== SANITY TESTING!\n";
- print STDERR "=== No configuration will be done, all other arguments will be ignored!\n";
- print STDERR "=" x 70, "\n";
-
- foreach $target (sort keys %table)
- {
- my $pre_dso_scheme = "perlasm_scheme";
- my $dso_scheme = "dso_scheme";
- my $post_dso_scheme = "shared_target";
-
-
- if ($table{$target}->{$pre_dso_scheme} =~ /^(beos|dl|dlfcn|win32|vms)$/)
- {
- $errorcnt++;
- print STDERR "SANITY ERROR: '$target' has the dso_scheme values\n";
- print STDERR " in the previous field\n";
- }
- elsif ($table{$target}->{$post_dso_scheme} =~ /^(beos|dl|dlfcn|win32|vms)$/)
- {
- $errorcnt++;
- print STDERR "SANITY ERROR: '$target' has the dso_scheme values\n";
- print STDERR " in the following field\n";
- }
- elsif ($table{$target}->{$dso_scheme} !~ /^(beos|dl|dlfcn|win32|vms|)$/)
- {
- $errorcnt++;
- print STDERR "SANITY ERROR: '$target' has the dso_scheme field = ",$table{$target}->{$dso_scheme},"\n";
- print STDERR " valid values are 'beos', 'dl', 'dlfcn', 'win32' and 'vms'\n";
- }
- }
- print STDERR "No sanity errors detected!\n" if $errorcnt == 0;
- return $errorcnt;
- }