X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=Configure;h=0efed391b093daf80f4baed7205b4f27d210d879;hp=ed1e9859b26f7822c2bad39810d5ed23137b00b2;hb=a8eda4312db1f98cffda38670e2d40d36566785a;hpb=aaf878cc97478b2f4e1f72f344f5ab6247a8084a diff --git a/Configure b/Configure index ed1e9859b2..0efed391b0 100755 --- a/Configure +++ b/Configure @@ -1,10 +1,10 @@ -: -eval 'exec perl -S $0 ${1+"$@"}' - if $running_under_some_shell; +#! /usr/bin/env perl +# -*- mode: perl; -*- + ## ## Configure -- OpenSSL source tree configuration script ## If editing this file, run this command before committing -## make -f Makefile.org TABLE +## make -f Makefile.in TABLE ## require 5.000; @@ -14,7 +14,7 @@ use File::Spec::Functions; # see INSTALL for instructions. -my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] [--config=FILE] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] [--config=FILE] os/compiler[:flags]\n"; # Options: # @@ -30,23 +30,14 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta # default). This needn't be set in advance, you can # just as well use "make INSTALL_PREFIX=/whatever install". # -# --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected -# to live in the subdirectory lib/ and the header files in -# include/. A value is required. -# --with-krb5-lib Declare where the Kerberos 5 libraries live. A value is -# required. -# (Default: KRB5_DIR/lib) -# --with-krb5-include Declare where the Kerberos 5 header files live. A -# value is required. -# (Default: KRB5_DIR/include) -# --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently -# supported values are "MIT" and "Heimdal". A value is required. -# # --test-sanity Make a number of sanity checks on the data in this file. # This is a debugging tool for OpenSSL developers. # # --cross-compile-prefix Add specified prefix to binutils components. # +# --api One of 0.9.8, 1.0.0 or 1.1.0. Do not compile support for +# interfaces deprecated as of the specified OpenSSL version. +# # no-hw-xxx do not compile support for specific crypto hardware. # Generic OpenSSL-style methods relating to this support # are always compiled but return NULL if the hardware @@ -59,7 +50,7 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta # no-asm do not use assembler # no-dso do not compile in any native shared-library methods. This # will ensure that all methods just return NULL. -# no-krb5 do not compile in any KRB5 library or code. +# no-egd do not compile support for the entropy-gathering daemon APIs # [no-]zlib [don't] compile support for zlib compression. # zlib-dynamic Like "zlib", but the zlib library is expected to be a shared # library and will be loaded in run-time by the OpenSSL library. @@ -110,9 +101,24 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta # Minimum warning options... any contributions to OpenSSL should at least get # past these. -my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK"; +my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Werror -DREF_CHECK -DDEBUG_UNUSED"; + +# These are used in addition to $gcc_devteam_warn when the compiler is clang. +# TODO(openssl-team): fix problems and investigate if (at least) the +# following warnings can also be enabled: +# -Wswitch-enum, -Wunused-macros, -Wmissing-field-initializers, +# -Wcast-align, +# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token +# -Wextended-offsetof +my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Qunused-arguments -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations"; + +# Warn that "make depend" should be run? +my $warn_make_depend = 0; + +# These are used in addition to $gcc_devteam_warn unless this is a mingw build. +# This adds backtrace information to the memory leak info. +my $memleak_devteam_backtrace = "-rdynamic -DCRYPTO_MDEBUG_BACKTRACE"; -my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum"; my $strict_warnings = 0; @@ -121,37 +127,11 @@ my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; # MD2_CHAR slags pentium pros my $x86_gcc_opts="RC4_INDEX MD2_INT"; -# MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT -# Don't worry about these normally - -my $tcc="cc"; -my $tflags="-fast -Xa"; -my $tbn_mul=""; -my $tlib="-lnsl -lsocket"; #$bits1="SIXTEEN_BIT "; #$bits2="THIRTY_TWO_BIT "; my $bits1="THIRTY_TWO_BIT "; my $bits2="SIXTY_FOUR_BIT "; -my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o:ecp_nistz256.o ecp_nistz256-x86.o:des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:e_padlock-x86.o"; - -my $x86_elf_asm="$x86_asm:elf"; - -my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o:e_padlock-x86_64.o"; -my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void"; -my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o::void"; -my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o:::::::::::::void"; -my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash-alpha.o::void"; -my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::"; -my $mips32_asm=$mips64_asm; $mips32_asm =~ s/\s*sha512\-mips\.o//; -my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:"; -my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:ecp_nistz256.o ecp_nistz256-armv4.o::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o::void"; -my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o:"; -my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32"; -my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64"; -my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o:"; -my $ppc32_asm=$ppc64_asm; - # As for $BSDthreads. Idea is to maintain "collective" set of flags, # which would cover all BSD flavors. -pthread applies to them all, # but is treated differently. OpenBSD expands is as -D_POSIX_THREAD @@ -161,6 +141,15 @@ my $ppc32_asm=$ppc64_asm; # seems to be sufficient? my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; +# +# API compability name to version number mapping. +# +my $maxapi = "1.1.0"; # API for "no-deprecated" builds +my $apitable = { + "1.1.0" => "0x10100000L", + "1.0.0" => "0x10000000L", + "0.9.8" => "0x00908000L", +}; # table of known configurations, read in from files # @@ -218,14 +207,14 @@ my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; # { # cc => $cc, # cflags => $cflags, -# "debug-cflags" => $debug_cflags, -# "nodebug-cflags" => $nodebug_cflags, +# debug_cflags => $debug_cflags, +# release_cflags => $release_cflags, # unistd => $unistd, # thread_cflag => $thread_cflag, # sys_id => $sys_id, # lflags => $lflags, -# "debug-lflags" => $debug_lflags, -# "nodebug-lflags" => $nodebug_lflags, +# debug_lflags => $debug_lflags, +# release_lflags => $release_lflags, # bn_ops => $bn_ops, # cpuid_obj => $cpuid_obj, # bn_obj => $bn_obj, @@ -243,6 +232,8 @@ my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; # cmll_obj => $cmll_obj, # modes_obj => $modes_obj, # engines_obj => $engines_obj, +# chacha_obj => $wp_obj, +# poly1305_obj => $cmll_obj, # dso_scheme => $dso_scheme, # shared_target => $shared_target, # shared_cflag => $shared_cflag, @@ -256,10 +247,245 @@ my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; # The configuration reader will do what it can to translate everything into # new style config hash tables, including merging $target and debug-$target # if they are similar enough. +# +# The configuration hashes can refer to templates in two different manners: +# +# - as part of the hash, one can have a key called 'inherit_from' that +# indicate what other configuration hashes to inherit data from. +# These are resolved recursively. +# +# Inheritance works as a set of default values that can be overriden +# by corresponding attribute values in the inheriting configuration. +# +# If several configurations are given in the 'inherit_from' array, the +# values of same attribute are concatenated with space separation. +# With this, it's possible to have several smaller templates for +# different configuration aspects that can be combined into a complete +# configuration. +# +# Example: +# +# "foo" => { +# template => 1, +# haha => "haha", +# hoho => "ho" +# }, +# "bar" => { +# template => 1, +# hoho => "ho", +# hehe => "hehe" +# }, +# "laughter" => { +# inherit_from => [ "foo", "bar" ], +# } +# +# The entry for "foo" will become as follows after processing: +# +# "laughter" => { +# haha => "haha", +# hoho => "ho ho", +# hehe => "hehe" +# } +# +# Note 1: any entry from the table can be used as a template. +# Note 2: pure templates have the attribute 'template => 1' and cannot +# be used as targets. +# +# - instead of a string, one can have a code block of the form +# 'sub { /* your code here */ }', where the arguments are the list of +# inherited values for that key. In fact, the concatenation of strings +# is really done by using 'sub { join(" ",@_) }' on the list of inherited +# values. +# +# Example: +# +# "foo" => { +# template => 1, +# haha => "ha ha", +# hoho => "ho", +# ignored => "This should not appear in the end result", +# }, +# "bar" => { +# template => 1, +# haha => "ah", +# hoho => "haho", +# hehe => "hehe" +# }, +# "laughter" => { +# inherit_from => [ "foo", "bar" ], +# hehe => sub { join(" ",(@_,"!!!")) }, +# ignored => "", +# } +# +# The entry for "foo" will become as follows after processing: +# +# "laughter" => { +# haha => "ha ha ah", +# hoho => "ho haho", +# hehe => "hehe !!!", +# ignored => "" +# } +# my %table=( + + # All these templates are merely a translation of the corresponding + # variables further up. + # + # Note: as long as someone might use old style configuration strings, + # or we bother supporting that, those variables need to stay + + x86_asm => { + template => 1, + cpuid_obj => "x86cpuid.o", + bn_obj => "bn-586.o co-586.o x86-mont.o x86-gf2m.o", + ec_obj => "ecp_nistz256.o ecp_nistz256-x86.o", + des_obj => "des-586.o crypt586.o", + aes_obj => "aes-586.o vpaes-x86.o aesni-x86.o", + bf_obj => "bf-586.o", + md5_obj => "md5-586.o", + sha1_obj => "sha1-586.o sha256-586.o sha512-586.o", + rc4_obj => "rc4-586.o", + rmd160_obj => "rmd-586.o", + rc5_obj => "rc5-586.o", + wp_obj => "wp_block.o wp-mmx.o", + cmll_obj => "cmll-x86.o", + modes_obj => "ghash-x86.o", + engines_obj => "e_padlock-x86.o" + }, + x86_elf_asm => { + template => 1, + inherit_from => [ "x86_asm" ], + perlasm_scheme => "elf" + }, + x86_64_asm => { + template => 1, + cpuid_obj => "x86_64cpuid.o", + bn_obj => "x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o", + ec_obj => "ecp_nistz256.o ecp_nistz256-x86_64.o", + aes_obj => "aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o", + md5_obj => "md5-x86_64.o", + sha1_obj => "sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o", + rc4_obj => "rc4-x86_64.o rc4-md5-x86_64.o", + wp_obj => "wp-x86_64.o", + cmll_obj => "cmll-x86_64.o cmll_misc.o", + modes_obj => "ghash-x86_64.o aesni-gcm-x86_64.o", + engines_obj => "e_padlock-x86_64.o" + }, + ia64_asm => { + template => 1, + cpuid_obj => "ia64cpuid.o", + bn_obj => "bn-ia64.o ia64-mont.o", + aes_obj => "aes_core.o aes_cbc.o aes-ia64.o", + md5_obj => "md5-ia64.o", + sha1_obj => "sha1-ia64.o sha256-ia64.o sha512-ia64.o", + rc4_obj => "rc4-ia64.o rc4_skey.o", + modes_obj => "ghash-ia64.o", + perlasm_scheme => "void" + }, + sparcv9_asm => { + template => 1, + cpuid_obj => "sparcv9cap.o sparccpuid.o", + bn_obj => "bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o", + ec_obj => "ecp_nistz256.o ecp_nistz256-sparcv9.o", + des_obj => "des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o", + aes_obj => "aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o", + md5_obj => "md5-sparcv9.o", + sha1_obj => "sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o", + cmll_obj => "camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o", + modes_obj => "ghash-sparcv9.o", + perlasm_scheme => "void" + }, + sparcv8_asm => { + template => 1, + cpuid_obj => "", + bn_obj => "sparcv8.o", + des_obj => "des_enc-sparc.o fcrypt_b.o", + perlasm_scheme => "void" + }, + alpha_asm => { + template => 1, + cpuid_obj => "alphacpuid.o", + bn_obj => "bn_asm.o alpha-mont.o", + sha1_obj => "sha1-alpha.o", + modes_obj => "ghash-alpha.o", + perlasm_scheme => "void" + }, + mips32_asm => { + template => 1, + bn_obj => "bn-mips.o mips-mont.o", + aes_obj => "aes_cbc.o aes-mips.o", + sha1_obj => "sha1-mips.o sha256-mips.o", + }, + mips64_asm => { + inherit_from => [ "mips32_asm" ], + template => 1, + sha1_obj => sub { join(" ", @_, "sha512-mips.o") } + }, + s390x_asm => { + template => 1, + cpuid_obj => "s390xcap.o s390xcpuid.o", + bn_obj => "bn-s390x.o s390x-mont.o s390x-gf2m.o", + aes_obj => "aes-s390x.o aes-ctr.o aes-xts.o", + sha1_obj => "sha1-s390x.o sha256-s390x.o sha512-s390x.o", + rc4_obj => "rc4-s390x.o", + modes_obj => "ghash-s390x.o", + }, + armv4_asm => { + template => 1, + cpuid_obj => "armcap.o armv4cpuid.o", + bn_obj => "bn_asm.o armv4-mont.o armv4-gf2m.o", + ec_obj => "ecp_nistz256.o ecp_nistz256-armv4.o", + aes_obj => "aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o", + sha1_obj => "sha1-armv4-large.o sha256-armv4.o sha512-armv4.o", + modes_obj => "ghash-armv4.o ghashv8-armx.o", + perlasm_scheme => "void" + }, + aarch64_asm => { + template => 1, + cpuid_obj => "armcap.o arm64cpuid.o mem_clr.o", + ec_obj => "ecp_nistz256.o ecp_nistz256-armv8.o", + bn_obj => "bn_asm.o armv8-mont.o", + aes_obj => "aes_core.o aes_cbc.o aesv8-armx.o vpaes-armv8.o", + sha1_obj => "sha1-armv8.o sha256-armv8.o sha512-armv8.o", + modes_obj => "ghashv8-armx.o", + }, + parisc11_asm => { + template => 1, + cpuid_obj => "pariscid.o", + bn_obj => "bn_asm.o parisc-mont.o", + aes_obj => "aes_core.o aes_cbc.o aes-parisc.o", + sha1_obj => "sha1-parisc.o sha256-parisc.o sha512-parisc.o", + rc4_obj => "rc4-parisc.o", + modes_obj => "ghash-parisc.o", + perlasm_scheme => "32" + }, + parisc20_64_asm => { + template => 1, + inherit_from => [ "parisc11_asm" ], + bn_obj => sub { my $r=join(" ",@_); $r=~s/bn_asm/pa-risc2W/; $r; }, + perlasm_scheme => "64", + }, + ppc64_asm => { + template => 1, + cpuid_obj => "ppccpuid.o ppccap.o", + bn_obj => "bn-ppc.o ppc-mont.o ppc64-mont.o", + aes_obj => "aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o", + sha1_obj => "sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o", + modes_obj => "ghashp8-ppc.o", + }, + ppc32_asm => { + inherit_from => [ "ppc64_asm" ], + template => 1 + }, ); +{ my $no_asm_templates=0; + foreach (@ARGV) { $no_asm_templates=1 if (/^\-?no\-asm$/); } + sub asm { $no_asm_templates?():@_; } +} + + sub stringtohash { my $in = shift @_; if (ref($in) eq "HASH") { @@ -304,7 +530,6 @@ sub stringtohash { return { map { shift @stringsequence => $_ } split /:/, $in }; }; - # Read configuration target stanzas from a file, so that people can have # local files with their own definitions sub read_config { @@ -374,9 +599,9 @@ sub read_config { # First, check that the non-debug variant isn't # already built up with all it should have. if ($nondebug->{debug_cflags} - || $nondebug->{nodebug_cflags} + || $nondebug->{release_cflags} || $nondebug->{debug_lflags} - || $nondebug->{nodebug_lflags}) { + || $nondebug->{release_lflags}) { warn "there's a debug target $debugkey to be merged with a target $nondebugkey, but the latter seems to already have both nodebug and debug information. This requires human intervention. Skipping $debugkey..."; next; } @@ -406,11 +631,11 @@ sub read_config { # becomes the merged variant when we're done. # for each of cflags and lflags, they are # replaced with cflags, debug_cflags, - # nodebug_cflags and similar for lflags. + # release_cflags and similar for lflags. # # The purpose is that 'cflags' should be # used together with 'debug_cflags' or - # 'nodebug_cflags' depending on what the + # 'release_cflags' depending on what the # user asks for. foreach (("cflags", "lflags")) { my @list_d = split /\s+/, $debug->{$_}; @@ -445,6 +670,100 @@ sub read_config { } %table = (%table, %targets); + + # Local function to resolve inheritance + my $resolve_inheritance; + $resolve_inheritance = + sub { + my $target = shift; + my @breadcrumbs = @_; + + if (grep { $_ eq $target } @breadcrumbs) { + die "inherit_from loop! target backtrace:\n " + ,$target,"\n ",join("\n ", @breadcrumbs),"\n"; + } + + # Recurse through all inheritances. They will be resolved on + # the fly, so when this operation is done, they will all just + # be a bunch of attributes with string values. + # What we get here, though, are keys with references to lists + # of the combined values of them all. We will deal with lists + # after this stage is done. + my %combined_inheritance = (); + if ($table{$target}->{inherit_from}) { + foreach (@{$table{$target}->{inherit_from}}) { + my %inherited_config = + $resolve_inheritance->($_, $target, @breadcrumbs); + + # 'template' is a marker that's considered private to + # the config that had it. + delete $inherited_config{template}; + + map { + if (!$combined_inheritance{$_}) { + $combined_inheritance{$_} = []; + } + push @{$combined_inheritance{$_}}, $inherited_config{$_}; + } keys %inherited_config; + } + } + + # We won't need inherit_from in this target any more, since + # we've resolved all the inheritances that lead to this + delete $table{$target}->{inherit_from}; + + # Now is the time to deal with those lists. Here's the place + # to decide what shall be done with those lists, all based on + # the values of the target we're currently dealing with. + # - If a value is a coderef, it will be executed with the list + # of inherited values as arguments. + # - If the corresponding key doesn't have a value at all or is + # the emoty string, the inherited value list will be run + # through the default combiner (below), and the result + # becomes this target's value. + # - Otherwise, this target's value is assumed to be a string + # that will simply override the inherited list of values. + my $default_combiner = sub { join(' ',@_) }; + + my %all_keys = + map { $_ => 1 } (keys %combined_inheritance, + keys %{$table{$target}}); + foreach (sort keys %all_keys) { + + # Current target doesn't have a value for the current key? + # Assign it the default combiner, the rest of this loop + # body will handle it just like any other coderef. + if (!exists $table{$target}->{$_}) { + $table{$target}->{$_} = $default_combiner; + } + + my $valuetype = ref($table{$target}->{$_}); + if ($valuetype eq "CODE") { + # CODE reference, execute it with the inherited values + # as arguments. + $table{$target}->{$_} = + $table{$target}->{$_}->(@{$combined_inheritance{$_}}); + } elsif ($valuetype eq "") { + # Scalar, just leave it as is. + } else { + # Some other type of reference that we don't handle. + # Better to abort at this point. + die "cannot handle reference type $valuetype," + ," found in target $target -> $_\n"; + } + } + + # Finally done, return the result. + %{$table{$target}}; + }; + + # Go through all new targets and resolve inheritance and template + # references. + foreach (keys %targets) { + # We're ignoring the returned values here, they are only valuable + # to the inner recursion of this function. + $resolve_inheritance->($_); + } } my ($vol, $dir, $dummy) = File::Spec->splitpath($0); @@ -473,21 +792,19 @@ my $no_threads=0; my $threads=0; my $no_shared=0; # but "no-shared" is default my $zlib=1; # but "no-zlib" is default -my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used -my $no_rfc3779=1; # but "no-rfc3779" is default +my $no_rfc3779=0; my $no_asm=0; my $no_dso=0; -my $no_gmp=0; my @skip=(); my $Makefile="Makefile"; my $des_locl="crypto/des/des_locl.h"; -my $des ="crypto/des/des.h"; -my $bn ="crypto/bn/bn.h"; -my $md2 ="crypto/md2/md2.h"; -my $rc4 ="crypto/rc4/rc4.h"; +my $des ="include/openssl/des.h"; +my $bn ="include/openssl/bn.h"; +my $md2 ="include/openssl/md2.h"; +my $rc4 ="include/openssl/rc4.h"; my $rc4_locl="crypto/rc4/rc4_locl.h"; -my $idea ="crypto/idea/idea.h"; -my $rc2 ="crypto/rc2/rc2.h"; +my $idea ="include/openssl/idea.h"; +my $rc2 ="include/openssl/rc2.h"; my $bf ="crypto/bf/bf_locl.h"; my $bn_asm ="bn_asm.o"; my $des_enc="des_enc.o fcrypt_b.o"; @@ -497,34 +814,124 @@ my $cast_enc="c_enc.o"; my $rc4_enc="rc4_enc.o rc4_skey.o"; my $rc5_enc="rc5_enc.o"; my $cmll_enc="camellia.o cmll_misc.o cmll_cbc.o"; +my $chacha_enc="chacha_enc.o"; my $processor=""; my $default_ranlib; my $perl; my $fips=0; +# Known TLS and DTLS protocols +my @tls = qw(ssl3 tls1 tls1_1 tls1_2); +my @dtls = qw(dtls1 dtls1_2); + +# Explicitelly known options that are possible to disable. They can +# be regexps, and will be used like this: /^no-${option}$/ +# For developers: keep it sorted alphabetically + +my @disablables = ( + "aes", + "asm", + "bf", + "camellia", + "capieng", + "cast", + "chacha", + "cmac", + "cms", + "comp", + "crypto-mdebug", + "ct", + "deprecated", + "des", + "dgram", + "dh", + "dsa", + "dso", + "dtls", + "dynamic[-_]engine", + "ec", + "ec2m", + "ecdh", + "ecdsa", + "ec_nistp_64_gcc_128", + "engine", + "err", # Really??? + "gost", + "heartbeats", + "hmac", + "hw(-.+)?", + "idea", + "jpake", + "locking", # Really??? + "md2", + "md4", + "md5", + "mdc2", + "md[-_]ghost94", + "nextprotoneg", + "ocb", + "ocsp", + "poly1305", + "posix-io", + "psk", + "rc2", + "rc4", + "rc5", + "rdrand", + "rfc3779", + "rijndael", # Old AES name + "rmd160", + "rsa", + "scrypt", + "sct", + "sctp", + "seed", + "sha", + "shared", + "sock", + "srp", + "srtp", + "sse2", + "ssl", + "ssl-trace", + "static-engine", + "stdio", + "store", + "threads", + "tls", + "unit-test", + "whirlpool", + "zlib", + "zlib-dynamic", + ); +foreach my $proto ((@tls, @dtls)) + { + push(@disablables, $proto); + push(@disablables, "$proto-method"); + } + # All of the following is disabled by default (RC5 was enabled before 0.9.8): my %disabled = ( # "what" => "comment" [or special keyword "experimental"] - "deprecated" => "default", "ec_nistp_64_gcc_128" => "default", - "gmp" => "default", + "egd" => "default", "jpake" => "experimental", "md2" => "default", "rc5" => "default", - "rfc3779" => "default", - "sctp" => "default", + "sctp" => "default", "shared" => "default", "ssl-trace" => "default", "store" => "experimental", "unit-test" => "default", "zlib" => "default", - "zlib-dynamic" => "default" + "zlib-dynamic" => "default", + "crypto-mdebug" => "default", ); my @experimental = (); # This is what $depflags will look like with the above defaults # (we need this to see if we should advise the user to run "make depend"): -my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST"; +my $default_depflags = " -DOPENSSL_NO_CRYPTO_MDEBUG -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST"; # Explicit "no-..." options will be collected in %disabled along with the defaults. # To remove something from %disabled, use "enable-foo" (unless it's experimental). @@ -547,12 +954,12 @@ my $openssl_thread_defines; my $openssl_sys_defines=""; my $openssl_other_defines; my $libs; -my $libkrb5=""; my $target; my $options; -my $symlink; +my $api; my $make_depend=0; my %withargs=(); +my $build_prefix = "release_"; my @argvcopy=@ARGV; my $argvstring=""; @@ -570,12 +977,13 @@ while($argv_unprocessed) $libs=""; $target=""; $options=""; - $symlink=1; $argv_unprocessed=0; $argvstring=join(' ',@argvcopy); PROCESS_ARGS: + { + my %unsupported_options = (); foreach (@argvcopy) { s /^-no-/no-/; # some people just can't read the instructions @@ -587,23 +995,48 @@ PROCESS_ARGS: s /^zlib$/enable-zlib/; s /^zlib-dynamic$/enable-zlib-dynamic/; + if (/^(no|disable|enable|experimental)-(.+)$/) + { + my $word = $2; + if (!grep { $word =~ /^${_}$/ } @disablables) + { + $unsupported_options{$_} = 1; + next; + } + } if (/^no-(.+)$/ || /^disable-(.+)$/) { if (!($disabled{$1} eq "experimental")) { - if ($1 eq "ssl") + foreach my $proto ((@tls, @dtls)) { - $disabled{"ssl3"} = "option(ssl)"; + if ($1 eq "$proto-method") + { + $disabled{"$proto"} = "option($proto-method)"; + last; + } } - elsif ($1 eq "tls") + if ($1 eq "dtls") { - $disabled{"tls1"} = "option(tls)" + foreach my $proto (@dtls) + { + $disabled{$proto} = "option(dtls)"; + } } - elsif ($1 eq "ssl3-method") + elsif ($1 eq "ssl") { - $disabled{"ssl3-method"} = "option(ssl)"; + # Last one of its kind $disabled{"ssl3"} = "option(ssl)"; } + elsif ($1 eq "tls") + { + # XXX: Tests will fail if all SSL/TLS + # protocols are disabled. + foreach my $proto (@tls) + { + $disabled{$proto} = "option(tls)"; + } + } else { $disabled{$1} = "option"; @@ -627,14 +1060,23 @@ PROCESS_ARGS: { exit(&test_sanity()); } - elsif (/^--strict-warnings/) + elsif (/^--strict-warnings$/) { $strict_warnings = 1; } + elsif (/^--debug$/) + { + $build_prefix = "debug_"; + } + elsif (/^--release$/) + { + $build_prefix = "release_"; + } elsif (/^reconfigure/ || /^reconf/) { if (open(IN,"<$Makefile")) { + my $config_args_found=0; while () { chomp; @@ -646,11 +1088,19 @@ PROCESS_ARGS: if (grep(/^reconf/,@argvcopy)); print "Reconfiguring with: $argvstring\n"; $argv_unprocessed=1; - close(IN); - last PROCESS_ARGS; + $config_args_found=1; + } + elsif (/^CROSS_COMPILE=\s*(.*)/) + { + $ENV{CROSS_COMPILE}=$1; + } + elsif (/^CC=\s*(?:\$\(CROSS_COMPILE\))?(.*?)$/) + { + $ENV{CC}=$1; } } close(IN); + last PROCESS_ARGS if ($config_args_found); } die "Insufficient data to reconfigure, please do a normal configuration\n"; } @@ -677,6 +1127,10 @@ PROCESS_ARGS: { $prefix=$1; } + elsif (/^--api=(.*)$/) + { + $api=$1; + } elsif (/^--libdir=(.*)$/) { $libdir=$1; @@ -689,10 +1143,6 @@ PROCESS_ARGS: { $install_prefix=$1; } - elsif (/^--with-krb5-(dir|lib|include|flavor)=(.*)$/) - { - $withargs{"krb5-".$1}=$2; - } elsif (/^--with-zlib-lib=(.*)$/) { $withargs{"zlib-lib"}=$1; @@ -751,8 +1201,18 @@ PROCESS_ARGS: { $options .= " ".$_; } } } - } + if (defined($api) && !exists $apitable->{$api}) { + die "***** Unsupported api compatibility level: $api\n", + } + + if (keys %unsupported_options) + { + die "***** Unsupported options: ", + join(", ", keys %unsupported_options), "\n"; + } + } + } if ($processor eq "386") @@ -760,11 +1220,6 @@ if ($processor eq "386") $disabled{"sse2"} = "forced"; } -if (!defined($withargs{"krb5-flavor"}) || $withargs{"krb5-flavor"} eq "") - { - $disabled{"krb5"} = "krb5-flavor not specified"; - } - if (!defined($disabled{"zlib-dynamic"})) { # "zlib-dynamic" was specifically enabled, so enable "zlib" @@ -785,33 +1240,97 @@ if (defined($disabled{"ec"})) $disabled{"ecdh"} = "forced"; } -# SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH +# SSL 3.0 requires MD5 and SHA and either RSA or DSA+DH if (defined($disabled{"md5"}) || defined($disabled{"sha"}) || (defined($disabled{"rsa"}) - && (defined($disabled{"dsa"}) || defined($disabled{"dh"})))) + && (defined($disabled{"dsa"}) || defined($disabled{"dh"})))) { $disabled{"ssl3"} = "forced"; + $disabled{"ssl"} = "forced"; + } + +# (D)TLS 1.0 and TLS 1.1 require MD5 and SHA and either RSA or DSA+DH +# or ECDSA + ECDH. (XXX: We don't support PSK-only builds). +# +if (defined($disabled{"md5"}) || defined($disabled{"sha"}) + || (defined($disabled{"rsa"}) + && (defined($disabled{"dsa"}) || defined($disabled{"dh"})) + && (defined($disabled{"ecdsa"}) || defined($disabled{"ecdh"})))) + { $disabled{"tls1"} = "forced"; + $disabled{"dtls1"} = "forced"; + $disabled{"tls1_1"} = "forced"; } -if (defined($disabled{"tls1"})) +# (D)TLS 1.2 requires either RSA or DSA+DH or ECDSA + ECDH +# So if all are missing, we can't do either TLS or DTLS. +# (XXX: We don't support PSK-only builds). +# +if (defined($disabled{"rsa"}) + && (defined($disabled{"dsa"}) || defined($disabled{"dh"})) + && (defined($disabled{"ecdsa"}) || defined($disabled{"ecdh"}))) { - $disabled{"tlsext"} = "forced"; + $disabled{"tls"} = "forced"; + $disabled{"dtls"} = "forced"; + foreach my $proto ((@tls, @dtls)) + { + $disabled{"$proto"} = "forced"; + } } -if (defined($disabled{"ec"}) || defined($disabled{"dsa"}) - || defined($disabled{"dh"})) + +# Avoid protocol support holes. Also disable all versions below N, if version +# N is disabled while N+1 is enabled. +# +my $prev_disabled = 1; +my $force_disable = 0; +foreach my $proto (reverse(@tls)) { - $disabled{"gost"} = "forced"; + if ($force_disable) + { + $disabled{$proto} = 1; + } + elsif (! defined($disabled{$proto})) + { + $prev_disabled = 0; + } + elsif (! $prev_disabled) + { + $force_disable = 1; + } + } +my $prev_disabled = 1; +my $force_disable = 0; +foreach my $proto (reverse(@dtls)) + { + if ($force_disable) + { + $disabled{$proto} = 1; + } + elsif (! defined($disabled{$proto})) + { + $prev_disabled = 0; + } + elsif (! $prev_disabled) + { + $force_disable = 1; + } } -# SRP and HEARTBEATS require TLSEXT -if (defined($disabled{"tlsext"})) +if (defined($disabled{"dgram"})) { - $disabled{"srp"} = "forced"; - $disabled{"heartbeats"} = "forced"; + $disabled{"dtls"} = "forced"; + $disabled{"dtls1"} = "forced"; + $disabled{"dtls1_2"} = "forced"; } +if (defined($disabled{"ec"}) || defined($disabled{"dsa"}) + || defined($disabled{"dh"}) || defined($disabled{"stdio"})) + { + $disabled{"gost"} = "forced"; + } + + if ($target eq "TABLE") { foreach $target (sort keys %table) { print_table_entry($target, "TABLE"); @@ -841,21 +1360,20 @@ if ($target =~ m/^CygWin32(-.*)$/) { print "Configuring for $target\n"; +# Support for legacy targets having a name starting with 'debug-' my ($d, $t) = $target =~ m/^(debug-)?(.*)$/; -my $debug_prefix = "nodebug-"; if ($d) { - $debug_prefix = "debug-"; + $build_prefix = "debug_"; # If we do not find debug-foo in the table, the target is set to foo, - # but only if the foo target has a noon-empty debug-cflags or debug-lflags + # but only if the foo target has a noon-empty debug_cflags or debug_lflags # attribute. - if (!$table{$target} && ($table{$t}->{"debug-cflags"} - || $table{$t}->{"debug-lflags"})) { + if (!$table{$target}) { $target = $t; } } -&usage if (!defined($table{$target})); +&usage if (!defined($table{$target}) || $table{$target}->{template}); if ($fips) { @@ -880,8 +1398,6 @@ foreach (sort (keys %disabled)) { } elsif (/^zlib-dynamic$/) { } - elsif (/^symlinks$/) - { $symlink = 0; } elsif (/^sse2$/) { $no_sse2 = 1; } else @@ -904,19 +1420,14 @@ foreach (sort (keys %disabled)) $openssl_algorithm_defines .= "#define OPENSSL_NO_$ALGO\n"; print " OPENSSL_NO_$ALGO"; - if (/^krb5$/) - { $no_krb5 = 1; } - else - { - push @skip, $algo; - # fix-up crypto/directory name(s) - $skip[$#skip]="whrlpool" if $algo eq "whirlpool"; - $skip[$#skip]="ripemd" if $algo eq "rmd160"; + push @skip, $algo; + # fix-up crypto/directory name(s) + $skip[$#skip]="whrlpool" if $algo eq "whirlpool"; + $skip[$#skip]="ripemd" if $algo eq "rmd160"; - print " (skip dir)"; + print " (skip dir)"; - $depflags .= " -DOPENSSL_NO_$ALGO"; - } + $depflags .= " -DOPENSSL_NO_$ALGO"; } } @@ -960,47 +1471,49 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/] print "IsMK1MF=$IsMK1MF\n"; # Allow environment CC to override compiler... -my $cc = $ENV{CC} || $table{$t}->{cc}; +my $cc = $ENV{CC} || $table{$target}->{cc}; -# For cflags and lflags, add the debug- or nodebug- attributes +# For cflags and lflags, add the debug_ or release_ attributes # Do it in such a way that no spurious space is appended (hence the grep). my $cflags = join(" ", - grep { $_ } ($table{$t}->{cflags}, - $table{$t}->{$debug_prefix."cflags"})); + grep { $_ } ($table{$target}->{cflags}, + $table{$target}->{$build_prefix."cflags"})); my $lflags = join(" ", - grep { $_ } ($table{$t}->{lflags}, - $table{$t}->{$debug_prefix."lflags"})); - -my $unistd = $table{$t}->{unistd}; -my $thread_cflag = $table{$t}->{thread_cflag}; -my $sys_id = $table{$t}->{sys_id}; -my $bn_ops = $table{$t}->{bn_ops}; -my $cpuid_obj = $table{$t}->{cpuid_obj}; -my $bn_obj = $table{$t}->{bn_obj}; -my $ec_obj = $table{$t}->{ec_obj}; -my $des_obj = $table{$t}->{des_obj}; -my $aes_obj = $table{$t}->{aes_obj}; -my $bf_obj = $table{$t}->{bf_obj}; -my $md5_obj = $table{$t}->{md5_obj}; -my $sha1_obj = $table{$t}->{sha1_obj}; -my $cast_obj = $table{$t}->{cast_obj}; -my $rc4_obj = $table{$t}->{rc4_obj}; -my $rmd160_obj = $table{$t}->{rmd160_obj}; -my $rc5_obj = $table{$t}->{rc5_obj}; -my $wp_obj = $table{$t}->{wp_obj}; -my $cmll_obj = $table{$t}->{cmll_obj}; -my $modes_obj = $table{$t}->{modes_obj}; -my $engines_obj = $table{$t}->{engines_obj}; -my $perlasm_scheme = $table{$t}->{perlasm_scheme}; -my $dso_scheme = $table{$t}->{dso_scheme}; -my $shared_target = $table{$t}->{shared_target}; -my $shared_cflag = $table{$t}->{shared_cflag}; -my $shared_ldflag = $table{$t}->{shared_ldflag}; -my $shared_extension = $table{$t}->{shared_extension}; -my $ranlib = $ENV{'RANLIB'} || $table{$t}->{ranlib}; + grep { $_ } ($table{$target}->{lflags}, + $table{$target}->{$build_prefix."lflags"})); + +my $unistd = $table{$target}->{unistd}; +my $thread_cflag = $table{$target}->{thread_cflag}; +my $sys_id = $table{$target}->{sys_id}; +my $bn_ops = $table{$target}->{bn_ops}; +my $cpuid_obj = $table{$target}->{cpuid_obj}; +my $bn_obj = $table{$target}->{bn_obj}; +my $ec_obj = $table{$target}->{ec_obj}; +my $des_obj = $table{$target}->{des_obj}; +my $aes_obj = $table{$target}->{aes_obj}; +my $bf_obj = $table{$target}->{bf_obj}; +my $md5_obj = $table{$target}->{md5_obj}; +my $sha1_obj = $table{$target}->{sha1_obj}; +my $cast_obj = $table{$target}->{cast_obj}; +my $rc4_obj = $table{$target}->{rc4_obj}; +my $rmd160_obj = $table{$target}->{rmd160_obj}; +my $rc5_obj = $table{$target}->{rc5_obj}; +my $wp_obj = $table{$target}->{wp_obj}; +my $cmll_obj = $table{$target}->{cmll_obj}; +my $modes_obj = $table{$target}->{modes_obj}; +my $engines_obj = $table{$target}->{engines_obj}; +my $chacha_obj = $table{$target}->{chacha_obj}; +my $poly1305_obj = $table{$target}->{poly1305_obj}; +my $perlasm_scheme = $table{$target}->{perlasm_scheme}; +my $dso_scheme = $table{$target}->{dso_scheme}; +my $shared_target = $table{$target}->{shared_target}; +my $shared_cflag = $table{$target}->{shared_cflag}; +my $shared_ldflag = $table{$target}->{shared_ldflag}; +my $shared_extension = $table{$target}->{shared_extension}; +my $ranlib = $ENV{'RANLIB'} || $table{$target}->{ranlib}; my $ar = $ENV{'AR'} || "ar"; -my $arflags = $table{$t}->{arflags}; -my $multilib = $table{$t}->{multilib}; +my $arflags = $table{$target}->{arflags}; +my $multilib = $table{$target}->{multilib}; # if $prefix/lib$multilib is not an existing directory, then # assume that it's not searched by linker automatically, in @@ -1035,62 +1548,6 @@ my $no_user_cflags=0; if ($flags ne "") { $cflags="$flags$cflags"; } else { $no_user_cflags=1; } -# Kerberos settings. The flavor must be provided from outside, either through -# the script "config" or manually. -if (!$no_krb5) - { - my ($lresolv, $lpath, $lext); - if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/) - { - die "Sorry, Heimdal is currently not supported\n"; - } - ##### HACK to force use of Heimdal. - ##### WARNING: Since we don't really have adequate support for Heimdal, - ##### using this will break the build. You'll have to make - ##### changes to the source, and if you do, please send - ##### patches to openssl-dev@openssl.org - if ($withargs{"krb5-flavor"} =~ /^force-[Hh]eimdal$/) - { - warn "Heimdal isn't really supported. Your build WILL break\n"; - warn "If you fix the problems, please send a patch to openssl-dev\@openssl.org\n"; - $withargs{"krb5-dir"} = "/usr/heimdal" - if $withargs{"krb5-dir"} eq ""; - $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. - "/lib -lgssapi -lkrb5 -lcom_err" - if $withargs{"krb5-lib"} eq "" && !$IsMK1MF; - $cflags="-DKRB5_HEIMDAL $cflags"; - } - if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/) - { - $withargs{"krb5-dir"} = "/usr/kerberos" - if $withargs{"krb5-dir"} eq ""; - $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. - "/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto" - if $withargs{"krb5-lib"} eq "" && !$IsMK1MF; - $cflags="-DKRB5_MIT $cflags"; - $withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//; - if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/) - { - $cflags="-DKRB5_MIT_OLD11 $cflags"; - } - } - LRESOLV: - foreach $lpath ("/lib", "/usr/lib") - { - foreach $lext ("a", "so") - { - $lresolv = "$lpath/libresolv.$lext"; - last LRESOLV if (-r "$lresolv"); - $lresolv = ""; - } - } - $withargs{"krb5-lib"} .= " -lresolv" - if ("$lresolv" ne ""); - $withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include" - if $withargs{"krb5-include"} eq "" && - $withargs{"krb5-dir"} ne ""; - } - # The DSO code currently always implements all functions so that no # applications will have to worry about that from a compilation point # of view. However, the "method"s may return zero unless that platform @@ -1157,7 +1614,8 @@ if ($no_asm) { $cpuid_obj=$bn_obj=$ec_obj= $des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj= - $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj=""; + $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj= + $chacha_obj=$poly1305_obj=""; $cflags=~s/\-D[BL]_ENDIAN// if ($fips); $thread_cflags=~s/\-D[BL]_ENDIAN// if ($fips); } @@ -1197,13 +1655,12 @@ if ($zlib) } } -#Build the library with OPENSSL_USE_DEPRECATED if deprecation is not disabled -if(!defined($disabled{"deprecated"})) - { - $cflags = "-DOPENSSL_USE_DEPRECATED $cflags"; - } +# With "deprecated" disable all deprecated features. +if (defined($disabled{"deprecated"})) { + $api = $maxapi; +} -# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org +# You will find shlib_mark1 and shlib_mark2 explained in Makefile.in my $shared_mark = ""; if ($shared_target eq "") { @@ -1280,7 +1737,7 @@ if ($target =~ /\-icc$/) # Intel C compiler # linker only when --prefix is not /usr. if ($target =~ /^BSD\-/) { - $shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|); + $shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|); } if ($sys_id ne "") @@ -1376,6 +1833,11 @@ if ($ec_obj =~ /ecp_nistz256/) { $cflags.=" -DECP_NISTZ256_ASM"; } +$chacha_obj=$chacha_enc unless ($chacha_obj =~ /\.o$/); +if ($poly1305_obj =~ /\.o$/) + { + $cflags.=" -DPOLY1305_ASM"; + } # "Stringify" the C flags string. This permits it to be made part of a string # and works as well on command lines. @@ -1390,11 +1852,11 @@ my $shlib_version_history = "unknown"; my $shlib_major = "unknown"; my $shlib_minor = "unknown"; -open(IN,') { $version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /; - $version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/; + $version_num=$1 if /OPENSSL.VERSION.NUMBER.*(0x\S+)/; $shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/; $shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/; } @@ -1413,20 +1875,47 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/) $shlib_minor=$2; } +if (defined($api)) { + my $apiflag = sprintf("-DOPENSSL_API_COMPAT=%s", $apitable->{$api}); + $default_depflags .= " $apiflag"; + $cflags .= " $apiflag"; +} + +my $ecc = $cc; +$ecc = "clang" if `$cc --version 2>&1` =~ /clang/; + if ($strict_warnings) { my $wopt; - die "ERROR --strict-warnings requires gcc or clang" unless ($cc =~ /gcc$/ or $cc =~ /clang$/); + die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc(-\d(\.\d)*)?$/ or $ecc =~ /clang$/); foreach $wopt (split /\s+/, $gcc_devteam_warn) { - $cflags .= " $wopt" unless ($cflags =~ /$wopt/) + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) + } + if ($ecc eq "clang") + { + foreach $wopt (split /\s+/, $clang_devteam_warn) + { + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) + } } + if ($target !~ /^mingw/) + { + foreach $wopt (split /\s+/, $memleak_devteam_backtrace) + { + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) + } + if ($target =~ /^BSD-/) + { + $lflags .= " -lexecinfo"; + } + } } -open(IN,"$Makefile.new") || die "unable to create $Makefile.new:$!\n"; -print OUT "### Generated automatically from Makefile.org by Configure.\n\n"; +print OUT "### Generated automatically from Makefile.in by Configure.\n\n"; my $sdirs=0; while () @@ -1443,7 +1932,6 @@ while () $sdirs = 0 unless /\\$/; s/fips // if (/^DIRS=/ && !$fips); s/engines // if (/^DIRS=/ && $disabled{"engine"}); - s/ccgost// if (/^ENGDIRS=/ && $disabled{"gost"}); s/^VERSION=.*/VERSION=$version/; s/^MAJOR=.*/MAJOR=$major/; s/^MINOR=.*/MINOR=$minor/; @@ -1472,7 +1960,7 @@ while () s/^CC=.*$/CC= $cc/; s/^AR=\s*ar/AR= $ar/; s/^RANLIB=.*/RANLIB= $ranlib/; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc" || ($cc eq 'cc' && $target =~ /darwin/); + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang"; } s/^CFLAG=.*$/CFLAG= $cflags/; s/^DEPFLAG=.*$/DEPFLAG=$depflags/; @@ -1494,13 +1982,13 @@ while () s/^WP_ASM_OBJ=.*$/WP_ASM_OBJ= $wp_obj/; s/^CMLL_ENC=.*$/CMLL_ENC= $cmll_obj/; s/^MODES_ASM_OBJ.=*$/MODES_ASM_OBJ= $modes_obj/; + s/^CHACHA_ENC=.*$/CHACHA_ENC= $chacha_obj/; + s/^POLY1305_ASM_OBJ=.*$/POLY1305_ASM_OBJ= $poly1305_obj/; s/^ENGINES_ASM_OBJ.=*$/ENGINES_ASM_OBJ= $engines_obj/; s/^PERLASM_SCHEME=.*$/PERLASM_SCHEME= $perlasm_scheme/; s/^PROCESSOR=.*/PROCESSOR= $processor/; s/^ARFLAGS=.*/ARFLAGS= $arflags/; s/^PERL=.*/PERL= $perl/; - s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/; - s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/; s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/; s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; @@ -1534,7 +2022,7 @@ while () } close(IN); close(OUT); -rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile; +rename($Makefile,"$Makefile.orig") || die "unable to rename $Makefile\n" if -e $Makefile; rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n"; print "CC =$cc\n"; @@ -1555,12 +2043,12 @@ print "RMD160_OBJ_ASM=$rmd160_obj\n"; print "CMLL_ENC =$cmll_obj\n"; print "MODES_OBJ =$modes_obj\n"; print "ENGINES_OBJ =$engines_obj\n"; +print "CHACHA_ENC =$chacha_obj\n"; +print "POLY1305_OBJ =$poly1305_obj\n"; print "PROCESSOR =$processor\n"; print "RANLIB =$ranlib\n"; print "ARFLAGS =$arflags\n"; print "PERL =$perl\n"; -print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n" - if $withargs{"krb5-include"} ne ""; my $des_ptr=0; my $des_risc1=0; @@ -1611,8 +2099,8 @@ foreach (sort split(/\s+/,$bn_ops)) } open(IN,'crypto/opensslconf.h.new') || die "unable to create crypto/opensslconf.h.new:$!\n"; +unlink("include/openssl/opensslconf.h.new") || die "unable to remove old include/openssl/opensslconf.h.new:$!\n" if -e "include/openssl/opensslconf.h.new"; +open(OUT,'>include/openssl/opensslconf.h.new') || die "unable to create include/openssl/opensslconf.h.new:$!\n"; print OUT "/* opensslconf.h */\n"; print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n"; @@ -1620,6 +2108,11 @@ print OUT "#ifdef __cplusplus\n"; print OUT "extern \"C\" {\n"; print OUT "#endif\n"; print OUT "/* OpenSSL was configured with the following options: */\n"; + +my $openssl_api_defines = ""; +if (defined($api)) { + $openssl_api_defines = sprintf "#define OPENSSL_MIN_API %s\n", $apitable->{$api}; +} my $openssl_algorithm_defines_trans = $openssl_algorithm_defines; $openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n# endif\n#endif/mg; $openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n# define $1\n# endif/mg; @@ -1628,9 +2121,11 @@ $openssl_algorithm_defines = " /* no ciphers excluded */\n" if $openssl_algori $openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; $openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; $openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; + print OUT $openssl_sys_defines; print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n"; print OUT $openssl_experimental_defines; +print OUT $openssl_api_defines; print OUT "\n"; print OUT $openssl_algorithm_defines; print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n\n"; @@ -1683,8 +2178,8 @@ while () { printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; } elsif (/^#((define)|(undef))\s+BN_LLONG\s*$/) { printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; } - elsif (/^\#define\s+DES_LONG\s+.*/) - { printf OUT "#define DES_LONG unsigned %s\n", + elsif (/^\#define\s+OSSL_DES_LONG\s+.*/) + { printf OUT "#define OSSL_DES_LONG unsigned %s\n", ($des_int)?'int':'long'; } elsif (/^\#(define|undef)\s+DES_PTR/) { printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; } @@ -1727,8 +2222,8 @@ print OUT "#ifdef __cplusplus\n"; print OUT "}\n"; print OUT "#endif\n"; close(OUT); -rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h"; -rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n"; +rename("include/openssl/opensslconf.h","include/openssl/opensslconf.h.bak") || die "unable to rename include/openssl/opensslconf.h\n" if -e "include/openssl/opensslconf.h"; +rename("include/openssl/opensslconf.h.new","include/openssl/opensslconf.h") || die "unable to rename include/openssl/opensslconf.h.new\n"; # Fix the date @@ -1755,6 +2250,37 @@ print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int; print "BF_PTR used\n" if $bf_ptr == 1; print "BF_PTR2 used\n" if $bf_ptr == 2; +# Copy all Makefile.in to Makefile (except top-level) +use File::Find; +use IO::File; +find(sub { + return if ($_ ne "Makefile.in" || $File::Find::dir eq "."); + my $in = IO::File->new($_, "r") or + die sprintf "Error reading Makefile.in in %s: !$\n", + $File::Find::dir; + my $out = IO::File->new("Makefile", "w") or + die sprintf "Error writing Makefile in %s: !$\n", + $File::Find::dir; + print $out "# Generated from $_, do not edit\n"; + while (my $line = <$in>) { print $out $line } + $in->close() or + die sprintf "Error reading Makefile.in in %s: !$\n", + $File::Find::dir; + $out->close() or + die sprintf "Error writing Makefile in %s: !$\n", + $File::Find::dir; + }, "."); + +{ + my $perlguess = $perl =~ m@^/@ ? $perl : '/usr/local/bin/perl'; + + &dofile("tools/c_rehash",$perlguess, + '^#!/' => '#!%s', + '^my \$dir;$' => 'my $dir = "' . $openssldir . '";', + '^my \$prefix;$' => 'my $prefix = "' . $prefix . '";'); + &dofile("apps/CA.pl",$perl, + '^#!/' => '#!%s'); +} if($IsMK1MF) { open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h"; printf OUT <{template}; if ($type eq "TABLE") { print <{cc} \$cflags = $table{$target}->{cflags} -\$debug_cflags = $table{$target}->{$debug_cflags} -\$nodebug_cflags = $table{$target}->{$nodebug_cflags} +\$debug_cflags = $table{$target}->{debug_cflags} +\$release_cflags = $table{$target}->{release_cflags} \$unistd = $table{$target}->{unistd} \$thread_cflag = $table{$target}->{thread_cflag} \$sys_id = $table{$target}->{sys_id} \$lflags = $table{$target}->{lflags} -\$debug_lflags = $table{$target}->{$debug_lflags} -\$nodebug_lflags = $table{$target}->{$nodebug_lflags} +\$debug_lflags = $table{$target}->{debug_lflags} +\$release_lflags = $table{$target}->{release_lflags} \$bn_ops = $table{$target}->{bn_ops} \$cpuid_obj = $table{$target}->{cpuid_obj} \$bn_obj = $table{$target}->{bn_obj} @@ -1987,6 +2501,8 @@ sub print_table_entry \$cmll_obj = $table{$target}->{cmll_obj} \$modes_obj = $table{$target}->{modes_obj} \$engines_obj = $table{$target}->{engines_obj} +\$chacha_obj = $table{$target}->{chacha_obj} +\$poly1305_obj = $table{$target}->{poly1305_obj} \$perlasm_scheme = $table{$target}->{perlasm_scheme} \$dso_scheme = $table{$target}->{dso_scheme} \$shared_target= $table{$target}->{shared_target} @@ -2001,14 +2517,14 @@ EOF my @sequence = ( "cc", "cflags", - "debug-cflags", - "nodebug-cflags", + "debug_cflags", + "release_cflags", "unistd", "thread_cflag", "sys_id", "lflags", - "debug-lflags", - "nodebug-lflags", + "debug_lflags", + "release_lflags", "bn_ops", "cpuid_obj", "bn_obj", @@ -2026,6 +2542,8 @@ EOF "cmll_obj", "modes_obj", "engines_obj", + "chacha_obj", + "poly1305_obj", "perlasm_scheme", "dso_scheme", "shared_target",