X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=Configure;h=305820b6f1236f8821185ecb1a699e75be1b15b0;hp=15b763c340489de1e180e37e3b67b95ebcb8484d;hb=a2ed050328b47163a67333389a83dd157d2d038c;hpb=940a09bad42c673b0dccd725ae590025c9749735 diff --git a/Configure b/Configure index 15b763c340..305820b6f1 100755 --- a/Configure +++ b/Configure @@ -57,6 +57,9 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lx # library and will be loaded in run-time by the OpenSSL library. # sctp include SCTP support # 386 generate 80386 code +# enable-weak-ssl-ciphers +# Enable weak ciphers that are disabled by default. This currently +# only includes RC4 based ciphers. # no-sse2 disables IA-32 SSE2 code, above option implies no-sse2 # no- build without specified algorithm (rsa, idea, rc5, ...) # - + compiler options are passed through @@ -124,7 +127,7 @@ my $strict_warnings = 0; # which has to be accompanied by explicit -D_THREAD_SAFE and # sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which # seems to be sufficient? -my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; +our $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; # # API compability name to version number mapping. @@ -208,7 +211,7 @@ $config{cross_compile_prefix}=""; $config{fipslibdir}="/usr/local/ssl/fips-2.0/lib/"; my $nofipscanistercheck=0; $config{baseaddr}="0xFB00000"; -my $threads=0; +my $auto_threads=1; # enable threads automatically? true by default my $default_ranlib; $config{fips}=0; @@ -313,6 +316,7 @@ my @disablables = ( "ui", "unit-test", "whirlpool", + "weak-ssl-ciphers", "zlib", "zlib-dynamic", ); @@ -330,17 +334,21 @@ my @deprecated_disablables = ( our %disabled = ( # "what" => "comment" "ec_nistp_64_gcc_128" => "default", - "egd" => "default", - "md2" => "default", - "rc5" => "default", - "sctp" => "default", - "shared" => "default", - "ssl-trace" => "default", - "static-engine" => "default", - "unit-test" => "default", - "zlib" => "default", - "crypto-mdebug" => "default", - "heartbeats" => "default", + "egd" => "default", + "md2" => "default", + "rc5" => "default", + "sctp" => "default", + "shared" => "default", + "ssl-trace" => "default", + "ssl3" => "default", + "ssl3-method" => "default", + "static-engine" => "default", + "unit-test" => "default", + "weak-ssl-ciphers" => "default", + "zlib" => "default", + "zlib-dynamic" => "default", + "crypto-mdebug" => "default", + "heartbeats" => "default", ); # Note: => pair form used for aesthetics, not to truly make a hash table @@ -438,7 +446,7 @@ $config{openssl_other_defines}=[]; my $libs=""; my $target=""; $config{options}=""; -my $build_prefix = "release_"; +$config{build_type} = "release"; my @argvcopy=@ARGV; @@ -569,6 +577,8 @@ foreach (@argvcopy) { $disabled{$1} = "option"; } + # No longer an automatic choice + $auto_threads = 0 if ($1 eq "threads"); } elsif (/^enable-(.+)$/) { @@ -580,10 +590,15 @@ foreach (@argvcopy) { delete $disabled{"dynamic-engine"}; } + elsif ($1 eq "zlib-dynamic") + { + delete $disabled{"zlib"}; + } my $algo = $1; delete $disabled{$algo}; - $threads = 1 if ($algo eq "threads"); + # No longer an automatic choice + $auto_threads = 0 if ($1 eq "threads"); } elsif (/^--strict-warnings$/) { @@ -591,11 +606,11 @@ foreach (@argvcopy) } elsif (/^--debug$/) { - $build_prefix = "debug_"; + $config{build_type} = "debug"; } elsif (/^--release$/) { - $build_prefix = "release_"; + $config{build_type} = "release"; } elsif (/^386$/) { $config{processor}=386; } @@ -826,7 +841,7 @@ print "Configuring for $target\n"; # Support for legacy targets having a name starting with 'debug-' my ($d, $t) = $target =~ m/^(debug-)?(.*)$/; if ($d) { - $build_prefix = "debug_"; + $config{build_type} = "debug"; # If we do not find debug-foo in the table, the target is set to foo. if (!$table{$target}) { @@ -866,14 +881,10 @@ $target{nm} = $ENV{'NM'} || $target{nm} || "nm"; # For cflags, lflags, plib_lflags, ex_libs and defines, add the debug_ # or release_ attributes. # Do it in such a way that no spurious space is appended (hence the grep). -$config{defines} = [ @{$target{defines}}, - @{$target{$build_prefix."defines"}} ]; -$config{cflags} = join(" ", - grep { $_ ne "" } ($target{cflags}, - $target{$build_prefix."cflags"})); -$config{ex_libs} = join(" ", - grep { $_ ne "" } ($target{ex_libs}, - $target{$build_prefix."ex_libs"})); +$config{defines} = []; +$config{cflags} = ""; +$config{ex_libs} = ""; +$config{shared_ldflag} = ""; # Make sure build_scheme is consistent. $target{build_scheme} = [ $target{build_scheme} ] @@ -895,7 +906,7 @@ my ($builder, $builder_platform, @builder_opts) = if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m) { $config{cflags} .= " -mno-cygwin"; - $target{shared_ldflag} .= " -mno-cygwin"; + $config{shared_ldflag} .= " -mno-cygwin"; } if ($target =~ /linux.*-mips/ && !$disabled{asm} && $user_cflags !~ /-m(ips|arch=)/) { @@ -919,60 +930,60 @@ if (!$disabled{dso} && $target{dso_scheme} ne "") $target{dso_scheme} =~ tr/[a-z]/[A-Z]/; if ($target{dso_scheme} eq "DLFCN") { - $config{defines} = [ "DSO_DLFCN", "HAVE_DLFCN_H", - @{$config{defines}} ] + unshift @{$config{defines}}, "DSO_DLFCN", "HAVE_DLFCN_H"; } elsif ($target{dso_scheme} eq "DLFCN_NO_H") { - $config{defines} = [ "DSO_DLFCN", @{$config{defines}} ] + unshift @{$config{defines}}, "DSO_DLFCN"; } else { - $config{defines} = [ "DSO_$target{dso_scheme}", - @{$config{defines}} ] + unshift @{$config{defines}}, "DSO_$target{dso_scheme}"; } } -my $thread_cflags = ""; -my @thread_defines; -if ($target{thread_cflag} ne "(unknown)" && !$disabled{threads}) - { - # If we know how to do it, support threads by default. - $threads = 1; - } -if ($target{thread_cflag} eq "(unknown)" && $threads) - { - # If the user asked for "threads", [s]he is also expected to - # provide any system-dependent compiler options that are - # necessary. - if ($no_user_cflags && $no_user_defines) - { - print "You asked for multi-threading support, but didn't\n"; - print "provide any system-specific compiler options\n"; - exit(1); - } - push @thread_defines, "OPENSSL_THREADS"; - } -else - { - $thread_cflags=" $target{thread_cflag}"; - push @thread_defines, @{$target{thread_defines}}, "OPENSSL_THREADS"; - } - $config{ex_libs}="$libs$config{ex_libs}" if ($libs ne ""); if ($disabled{asm}) { - @{$config{defines}} = grep !/^[BL]_ENDIAN$/, @{$config{defines}} - if ($config{fips}); + if ($config{fips}) + { + @{$config{defines}} = grep !/^[BL]_ENDIAN$/, @{$config{defines}}; + @{$target{defines}} = grep !/^[BL]_ENDIAN$/, @{$target{defines}}; + } } -if ($threads) - { - $config{cflags} = "$thread_cflags $config{cflags}" if $thread_cflags; - push @{$config{defines}}, @thread_defines; - push @{$config{openssl_thread_defines}}, @thread_defines; - } +# If threads aren't disabled, check how possible they are +unless ($disabled{threads}) { + if ($auto_threads) { + # Enabled by default, disable it forcibly if unavailable + if ($target{thread_scheme} eq "(unknown)") { + $disabled{threads} = "unavailable"; + } + } else { + # The user chose to enable threads explicitely, let's see + # if there's a chance that's possible + if ($target{thread_scheme} eq "(unknown)") { + # If the user asked for "threads" and we don't have internal + # knowledge how to do it, [s]he is expected to provide any + # system-dependent compiler options that are necessary. We + # can't truly check that the given options are correct, but + # we expect the user to know what [s]He is doing. + if ($no_user_cflags && $no_user_defines) { + die "You asked for multi-threading support, but didn't\n" + ,"provide any system-specific compiler options\n"; + } + } + } +} + +# If threads still aren't disabled, add a C macro to ensure the source +# code knows about it. Any other flag is taken care of by the configs. +unless($disabled{threads}) { + foreach (("defines", "openssl_thread_defines")) { + push @{$config{$_}}, "OPENSSL_THREADS"; + } +} # With "deprecated" disable all deprecated features. if (defined($disabled{"deprecated"})) { @@ -1060,7 +1071,7 @@ unless ($disabled{asm}) { if ($config{processor} eq "386") { $target{wp_asm_src}=$table{DEFAULTS}->{wp_asm_src}; } elsif (!$disabled{"whirlpool"}) { - $config{cflags}.=" -DWHIRLPOOL_ASM"; + push @{$config{defines}}, "WHIRLPOOL_ASM"; } } if ($target{modes_asm_src} =~ /ghash-/) { @@ -1446,9 +1457,9 @@ EOF my %known_ordinals = ( crypto => - cleanfile($sourced, catfile("util", "libeay.num"), $blddir), + cleanfile($sourced, catfile("util", "libcrypto.num"), $blddir), ssl => - cleanfile($sourced, catfile("util", "ssleay.num"), $blddir) + cleanfile($sourced, catfile("util", "libssl.num"), $blddir) ); my $o = $known_ordinals{$_}; die "Ordinals for $ddest defined more than once\n" @@ -1674,11 +1685,11 @@ close(OUT); print "IsMK1MF =", ($builder eq "mk1mf" ? "yes" : "no"), "\n"; print "CC =$target{cc}\n"; -print "CFLAG =$config{cflags}\n"; -print "DEFINES =",join(" ", @{$config{defines}}),"\n"; +print "CFLAG =$target{cflags} $config{cflags}\n"; +print "DEFINES =",join(" ", @{$target{defines}}, @{$config{defines}}),"\n"; print "LFLAG =$target{lflags}\n"; print "PLIB_LFLAG =$target{plib_lflags}\n"; -print "EX_LIBS =$config{ex_libs}\n"; +print "EX_LIBS =$target{ex_libs} $config{ex_libs}\n"; print "APPS_OBJ =$target{apps_obj}\n"; print "CPUID_OBJ =$target{cpuid_obj}\n"; print "UPLINK_OBJ =$target{uplink_obj}\n"; @@ -1804,11 +1815,11 @@ BEGIN VALUE "FileDescription", "OpenSSL Shared Library\\0" VALUE "FileVersion", "$config{version}\\0" #if defined(CRYPTO) - VALUE "InternalName", "libeay32\\0" - VALUE "OriginalFilename", "libeay32.dll\\0" + VALUE "InternalName", "libcrypto32\\0" + VALUE "OriginalFilename", "libcrypto32.dll\\0" #elif defined(SSL) - VALUE "InternalName", "ssleay32\\0" - VALUE "OriginalFilename", "ssleay32.dll\\0" + VALUE "InternalName", "libssl32\\0" + VALUE "OriginalFilename", "libssl32.dll\\0" #endif VALUE "ProductName", "The OpenSSL Toolkit\\0" VALUE "ProductVersion", "$config{version}\\0" @@ -1838,7 +1849,7 @@ print <<"EOF"; Configured for $target. EOF -print <<"EOF" if (!$disabled{threads} && !$threads); +print <<"EOF" if ($disabled{threads} eq "unavailable"); The library could not be configured for supporting multi-threaded applications as the compiler options required on this system are not known. @@ -1908,6 +1919,7 @@ sub asm { } } +our $add_called = 0; # Helper function to implement adding values to already existing configuration # values. It handles elements that are ARRAYs, CODEs and scalars sub _add { @@ -1936,6 +1948,8 @@ sub _add { } } (@_); + $add_called = 1; + if ($found_array) { [ @values ]; } else { @@ -2004,6 +2018,8 @@ sub resolve_config { my $target = shift; my @breadcrumbs = @_; + my $extra_checks = defined($ENV{CONFIGURE_EXTRA_CHECKS}); + if (grep { $_ eq $target } @breadcrumbs) { die "inherit_from loop! target backtrace:\n " ,$target,"\n ",join("\n ", @breadcrumbs),"\n"; @@ -2066,6 +2082,8 @@ sub resolve_config { my $target = shift; my $entry = shift; + $add_called = 0; + while(ref($object) eq "CODE") { $object = $object->(@$inherited); } @@ -2073,6 +2091,7 @@ sub resolve_config { return (); } elsif (ref($object) eq "ARRAY") { + local $add_called; # To make sure recursive calls don't affect it return [ map { process_values($_, $inherited, $target, $entry) } @$object ]; } elsif (ref($object) eq "") { @@ -2084,6 +2103,7 @@ sub resolve_config { } foreach (sort keys %all_keys) { + my $previous = $combined_inheritance{$_}; # Current target doesn't have a value for the current key? # Assign it the default combiner, the rest of this loop body @@ -2098,6 +2118,10 @@ sub resolve_config { unless(defined($table{$target}->{$_})) { delete $table{$target}->{$_}; } + if ($extra_checks && + $previous && !($add_called || $previous ~~ $table{$target}->{$_})) { + warn "$_ got replaced in $target\n"; + } } # Finally done, return the result. @@ -2172,22 +2196,11 @@ sub print_table_entry "cc", "cflags", "defines", - "debug_cflags", - "debug_defines", - "release_cflags", - "release_defines", - "thread_cflag", "unistd", "ld", "lflags", "plib_lflags", "ex_libs", - "debug_lflags", - "debug_plib_lflags", - "debug_ex_libs", - "release_lflags", - "release_plib_lflags", - "release_ex_libs", "bn_ops", "cpuid_obj", "bn_obj", @@ -2205,6 +2218,7 @@ sub print_table_entry "cmll_obj", "modes_obj", "padlock_obj", + "thread_scheme", "perlasm_scheme", "dso_scheme", "shared_target",