X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=Configure;h=c53c316e2d82ea848020138c134211e5184ded63;hp=ba8cd964c3f261a9c9e7267b2fcf98ed89280a31;hb=6703c4ea87b30554283deaa5df1f8d68725d3ee4;hpb=33b188a8e82df57208ec8263c263f8b6f47e8255 diff --git a/Configure b/Configure index ba8cd964c3..c53c316e2d 100755 --- a/Configure +++ b/Configure @@ -14,7 +14,7 @@ use File::Spec::Functions; # see INSTALL for instructions. -my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] [--config=FILE] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] [--config=FILE] os/compiler[:flags]\n"; # Options: # @@ -30,18 +30,6 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta # default). This needn't be set in advance, you can # just as well use "make INSTALL_PREFIX=/whatever install". # -# --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected -# to live in the subdirectory lib/ and the header files in -# include/. A value is required. -# --with-krb5-lib Declare where the Kerberos 5 libraries live. A value is -# required. -# (Default: KRB5_DIR/lib) -# --with-krb5-include Declare where the Kerberos 5 header files live. A -# value is required. -# (Default: KRB5_DIR/include) -# --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently -# supported values are "MIT" and "Heimdal". A value is required. -# # --test-sanity Make a number of sanity checks on the data in this file. # This is a debugging tool for OpenSSL developers. # @@ -59,7 +47,6 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta # no-asm do not use assembler # no-dso do not compile in any native shared-library methods. This # will ensure that all methods just return NULL. -# no-krb5 do not compile in any KRB5 library or code. # [no-]zlib [don't] compile support for zlib compression. # zlib-dynamic Like "zlib", but the zlib library is expected to be a shared # library and will be loaded in run-time by the OpenSSL library. @@ -110,9 +97,16 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta # Minimum warning options... any contributions to OpenSSL should at least get # past these. -my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DDEBUG_UNUSED"; +my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DDEBUG_UNUSED"; -my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum"; +# These are used in addition to $gcc_devteam_warn when the compiler is clang. +# TODO(openssl-team): fix problems and investigate if (at least) the +# following warnings can also be enabled: +# -Wswitch-enum, -Wunused-macros, -Wmissing-field-initializers, +# -Wcast-align, +# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token +# -Wextended-offsetof +my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Qunused-arguments -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations"; my $strict_warnings = 0; @@ -369,6 +363,7 @@ my %table=( template => 1, cpuid_obj => "sparcv9cap.o sparccpuid.o", bn_obj => "bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o", + ec_obj => "ecp_nistz256.o ecp_nistz256-sparcv9.o", des_obj => "des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o", aes_obj => "aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o", md5_obj => "md5-sparcv9.o", @@ -425,6 +420,8 @@ my %table=( aarch64_asm => { template => 1, cpuid_obj => "armcap.o arm64cpuid.o mem_clr.o", + ec_obj => "ecp_nistz256.o ecp_nistz256-armv8.o", + bn_obj => "bn_asm.o armv8-mont.o", aes_obj => "aes_core.o aes_cbc.o aesv8-armx.o vpaes-armv8.o", sha1_obj => "sha1-armv8.o sha256-armv8.o sha512-armv8.o", modes_obj => "ghashv8-armx.o", @@ -771,21 +768,20 @@ my $no_threads=0; my $threads=0; my $no_shared=0; # but "no-shared" is default my $zlib=1; # but "no-zlib" is default -my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used -my $no_rfc3779=1; # but "no-rfc3779" is default +my $no_rfc3779=0; my $no_asm=0; my $no_dso=0; my $no_gmp=0; my @skip=(); my $Makefile="Makefile"; my $des_locl="crypto/des/des_locl.h"; -my $des ="crypto/des/des.h"; -my $bn ="crypto/bn/bn.h"; -my $md2 ="crypto/md2/md2.h"; -my $rc4 ="crypto/rc4/rc4.h"; +my $des ="include/openssl/des.h"; +my $bn ="include/openssl/bn.h"; +my $md2 ="include/openssl/md2.h"; +my $rc4 ="include/openssl/rc4.h"; my $rc4_locl="crypto/rc4/rc4_locl.h"; -my $idea ="crypto/idea/idea.h"; -my $rc2 ="crypto/rc2/rc2.h"; +my $idea ="include/openssl/idea.h"; +my $rc2 ="include/openssl/rc2.h"; my $bf ="crypto/bf/bf_locl.h"; my $bn_asm ="bn_asm.o"; my $des_enc="des_enc.o fcrypt_b.o"; @@ -800,6 +796,86 @@ my $default_ranlib; my $perl; my $fips=0; +# Explicitelly known options that are possible to disable. They can +# be regexps, and will be used like this: /^no-${option}$/ +# For developers: keep it sorted alphabetically + +my @disablables = ( + "aes", + "asm", + "bf", + "camellia", + "capieng", + "cast", + "cmac", + "cms", + "comp", + "ct", + "deprecated", + "des", + "dgram", + "dh", + "dsa", + "dso", + "dtls1?", + "dynamic[-_]engine", + "ec", + "ec2m", + "ec_nistp_64_gcc_128", + "engine", + "err", # Really??? + "gmp", + "gost", + "heartbeats", + "hmac", + "hw(-.+)?", + "idea", + "jpake", + "locking", # Really??? + "md2", + "md4", + "md5", + "mdc2", + "md[-_]ghost94", + "nextprotoneg", + "ocb", + "ocsp", + "posix-io", + "psk", + "rc2", + "rc4", + "rc5", + "rdrand", + "rfc3779", + "rijndael", # Old AES name + "rmd160", + "rsa", + "scrypt", + "sct", + "sctp", + "seed", + "sha", + "shared", + "sock", + "srp", + "srtp", + "sse2", + "ssl", + "ssl3", + "ssl3-method", + "ssl-trace", + "static-engine", + "stdio", + "store", + "threads", + "tls", + "tls1", + "unit-test", + "whirlpool", + "zlib", + "zlib-dynamic", + ); + # All of the following is disabled by default (RC5 was enabled before 0.9.8): my %disabled = ( # "what" => "comment" [or special keyword "experimental"] @@ -809,7 +885,6 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental "jpake" => "experimental", "md2" => "default", "rc5" => "default", - "rfc3779" => "default", "sctp" => "default", "shared" => "default", "ssl-trace" => "default", @@ -822,7 +897,7 @@ my @experimental = (); # This is what $depflags will look like with the above defaults # (we need this to see if we should advise the user to run "make depend"): -my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST"; +my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST"; # Explicit "no-..." options will be collected in %disabled along with the defaults. # To remove something from %disabled, use "enable-foo" (unless it's experimental). @@ -845,10 +920,8 @@ my $openssl_thread_defines; my $openssl_sys_defines=""; my $openssl_other_defines; my $libs; -my $libkrb5=""; my $target; my $options; -my $symlink; my $make_depend=0; my %withargs=(); my $build_prefix = "release_"; @@ -869,12 +942,12 @@ while($argv_unprocessed) $libs=""; $target=""; $options=""; - $symlink=1; $argv_unprocessed=0; $argvstring=join(' ',@argvcopy); PROCESS_ARGS: + my %unsupported_options = (); foreach (@argvcopy) { s /^-no-/no-/; # some people just can't read the instructions @@ -886,6 +959,15 @@ PROCESS_ARGS: s /^zlib$/enable-zlib/; s /^zlib-dynamic$/enable-zlib-dynamic/; + if (/^(no|disable|enable|experimental)-(.+)$/) + { + my $word = $2; + if (!grep { $word =~ /^${_}$/ } @disablables) + { + $unsupported_options{$_} = 1; + next; + } + } if (/^no-(.+)$/ || /^disable-(.+)$/) { if (!($disabled{$1} eq "experimental")) @@ -996,10 +1078,6 @@ PROCESS_ARGS: { $install_prefix=$1; } - elsif (/^--with-krb5-(dir|lib|include|flavor)=(.*)$/) - { - $withargs{"krb5-".$1}=$2; - } elsif (/^--with-zlib-lib=(.*)$/) { $withargs{"zlib-lib"}=$1; @@ -1058,6 +1136,12 @@ PROCESS_ARGS: { $options .= " ".$_; } } } + + if (keys %unsupported_options) + { + die "***** Unsupported options: ", + join(", ", keys %unsupported_options), "\n"; + } } @@ -1067,11 +1151,6 @@ if ($processor eq "386") $disabled{"sse2"} = "forced"; } -if (!defined($withargs{"krb5-flavor"}) || $withargs{"krb5-flavor"} eq "") - { - $disabled{"krb5"} = "krb5-flavor not specified"; - } - if (!defined($disabled{"zlib-dynamic"})) { # "zlib-dynamic" was specifically enabled, so enable "zlib" @@ -1101,23 +1180,13 @@ if (defined($disabled{"md5"}) || defined($disabled{"sha"}) $disabled{"tls1"} = "forced"; } -if (defined($disabled{"tls1"})) - { - $disabled{"tlsext"} = "forced"; - } if (defined($disabled{"ec"}) || defined($disabled{"dsa"}) - || defined($disabled{"dh"})) + || defined($disabled{"dh"}) || defined($disabled{"stdio"})) { $disabled{"gost"} = "forced"; } -# SRP and HEARTBEATS require TLSEXT -if (defined($disabled{"tlsext"})) - { - $disabled{"srp"} = "forced"; - $disabled{"heartbeats"} = "forced"; - } if ($target eq "TABLE") { foreach $target (sort keys %table) { @@ -1192,8 +1261,6 @@ foreach (sort (keys %disabled)) { } elsif (/^zlib-dynamic$/) { } - elsif (/^symlinks$/) - { $symlink = 0; } elsif (/^sse2$/) { $no_sse2 = 1; } else @@ -1216,19 +1283,14 @@ foreach (sort (keys %disabled)) $openssl_algorithm_defines .= "#define OPENSSL_NO_$ALGO\n"; print " OPENSSL_NO_$ALGO"; - if (/^krb5$/) - { $no_krb5 = 1; } - else - { - push @skip, $algo; - # fix-up crypto/directory name(s) - $skip[$#skip]="whrlpool" if $algo eq "whirlpool"; - $skip[$#skip]="ripemd" if $algo eq "rmd160"; + push @skip, $algo; + # fix-up crypto/directory name(s) + $skip[$#skip]="whrlpool" if $algo eq "whirlpool"; + $skip[$#skip]="ripemd" if $algo eq "rmd160"; - print " (skip dir)"; + print " (skip dir)"; - $depflags .= " -DOPENSSL_NO_$ALGO"; - } + $depflags .= " -DOPENSSL_NO_$ALGO"; } } @@ -1347,62 +1409,6 @@ my $no_user_cflags=0; if ($flags ne "") { $cflags="$flags$cflags"; } else { $no_user_cflags=1; } -# Kerberos settings. The flavor must be provided from outside, either through -# the script "config" or manually. -if (!$no_krb5) - { - my ($lresolv, $lpath, $lext); - if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/) - { - die "Sorry, Heimdal is currently not supported\n"; - } - ##### HACK to force use of Heimdal. - ##### WARNING: Since we don't really have adequate support for Heimdal, - ##### using this will break the build. You'll have to make - ##### changes to the source, and if you do, please send - ##### patches to openssl-dev@openssl.org - if ($withargs{"krb5-flavor"} =~ /^force-[Hh]eimdal$/) - { - warn "Heimdal isn't really supported. Your build WILL break\n"; - warn "If you fix the problems, please send a patch to openssl-dev\@openssl.org\n"; - $withargs{"krb5-dir"} = "/usr/heimdal" - if $withargs{"krb5-dir"} eq ""; - $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. - "/lib -lgssapi -lkrb5 -lcom_err" - if $withargs{"krb5-lib"} eq "" && !$IsMK1MF; - $cflags="-DKRB5_HEIMDAL $cflags"; - } - if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/) - { - $withargs{"krb5-dir"} = "/usr/kerberos" - if $withargs{"krb5-dir"} eq ""; - $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. - "/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto" - if $withargs{"krb5-lib"} eq "" && !$IsMK1MF; - $cflags="-DKRB5_MIT $cflags"; - $withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//; - if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/) - { - $cflags="-DKRB5_MIT_OLD11 $cflags"; - } - } - LRESOLV: - foreach $lpath ("/lib", "/usr/lib") - { - foreach $lext ("a", "so") - { - $lresolv = "$lpath/libresolv.$lext"; - last LRESOLV if (-r "$lresolv"); - $lresolv = ""; - } - } - $withargs{"krb5-lib"} .= " -lresolv" - if ("$lresolv" ne ""); - $withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include" - if $withargs{"krb5-include"} eq "" && - $withargs{"krb5-dir"} ne ""; - } - # The DSO code currently always implements all functions so that no # applications will have to worry about that from a compilation point # of view. However, the "method"s may return zero unless that platform @@ -1702,7 +1708,7 @@ my $shlib_version_history = "unknown"; my $shlib_major = "unknown"; my $shlib_minor = "unknown"; -open(IN,') { $version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /; @@ -1725,13 +1731,23 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/) $shlib_minor=$2; } +my $ecc = $cc; +$ecc = "clang" if `$cc --version 2>&1` =~ /clang/; + if ($strict_warnings) { my $wopt; - die "ERROR --strict-warnings requires gcc or clang" unless ($cc =~ /gcc$/ or $cc =~ /clang$/); + die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc(-\d(\.\d)*)?$/ or $ecc =~ /clang$/); foreach $wopt (split /\s+/, $gcc_devteam_warn) { - $cflags .= " $wopt" unless ($cflags =~ /$wopt/) + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) + } + if ($ecc eq "clang") + { + foreach $wopt (split /\s+/, $clang_devteam_warn) + { + $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) + } } } @@ -1784,7 +1800,7 @@ while () s/^CC=.*$/CC= $cc/; s/^AR=\s*ar/AR= $ar/; s/^RANLIB=.*/RANLIB= $ranlib/; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc" || ($cc eq 'cc' && $target =~ /darwin/); + s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang"; } s/^CFLAG=.*$/CFLAG= $cflags/; s/^DEPFLAG=.*$/DEPFLAG=$depflags/; @@ -1811,8 +1827,6 @@ while () s/^PROCESSOR=.*/PROCESSOR= $processor/; s/^ARFLAGS=.*/ARFLAGS= $arflags/; s/^PERL=.*/PERL= $perl/; - s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/; - s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/; s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/; s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; @@ -1871,8 +1885,6 @@ print "PROCESSOR =$processor\n"; print "RANLIB =$ranlib\n"; print "ARFLAGS =$arflags\n"; print "PERL =$perl\n"; -print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n" - if $withargs{"krb5-include"} ne ""; my $des_ptr=0; my $des_risc1=0; @@ -1923,8 +1935,8 @@ foreach (sort split(/\s+/,$bn_ops)) } open(IN,'crypto/opensslconf.h.new') || die "unable to create crypto/opensslconf.h.new:$!\n"; +unlink("include/openssl/opensslconf.h.new") || die "unable to remove old include/openssl/opensslconf.h.new:$!\n" if -e "include/openssl/opensslconf.h.new"; +open(OUT,'>include/openssl/opensslconf.h.new') || die "unable to create include/openssl/opensslconf.h.new:$!\n"; print OUT "/* opensslconf.h */\n"; print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n"; @@ -2039,8 +2051,8 @@ print OUT "#ifdef __cplusplus\n"; print OUT "}\n"; print OUT "#endif\n"; close(OUT); -rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h"; -rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n"; +rename("include/openssl/opensslconf.h","include/openssl/opensslconf.h.bak") || die "unable to rename include/openssl/opensslconf.h\n" if -e "include/openssl/opensslconf.h"; +rename("include/openssl/opensslconf.h.new","include/openssl/opensslconf.h") || die "unable to rename include/openssl/opensslconf.h.new\n"; # Fix the date @@ -2067,6 +2079,16 @@ print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int; print "BF_PTR used\n" if $bf_ptr == 1; print "BF_PTR2 used\n" if $bf_ptr == 2; +{ + my $perlguess = $perl =~ m@^/@ ? $perl : '/usr/local/bin/perl'; + + &dofile("tools/c_rehash",$perlguess, + '^#!/' => '#!%s', + '^my \$dir;$' => 'my $dir = "' . $openssldir . '";', + '^my \$prefix;$' => 'my $prefix = "' . $prefix . '";'); + &dofile("apps/CA.pl",$perl, + '^#!/' => '#!%s'); +} if($IsMK1MF) { open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h"; printf OUT <