diff --git a/third_party/openssl/.gitattributes b/third_party/openssl/.gitattributes new file mode 100644 index 0000000000..15121c861c --- /dev/null +++ b/third_party/openssl/.gitattributes @@ -0,0 +1,3 @@ +*.der binary +/fuzz/corpora/** binary +*.pfx binary diff --git a/third_party/openssl/.gitignore b/third_party/openssl/.gitignore new file mode 100644 index 0000000000..7324bda1b0 --- /dev/null +++ b/third_party/openssl/.gitignore @@ -0,0 +1,174 @@ +# Ignore editor artefacts +/.dir-locals.el + +# Top level excludes +/Makefile.orig +/MINFO +/TABLE +/*.a +/*.pc +/rehash.time +/inc.* +/makefile.* +/out.* +/tmp.* +/configdata.pm + +# *all* Makefiles +Makefile +# ... except in demos +!/demos/*/Makefile + +# Links under apps +/apps/CA.pl +/apps/tsget +/apps/tsget.pl +/apps/md4.c + +# Auto generated headers +/crypto/buildinf.h +/apps/progs.h +/crypto/include/internal/*_conf.h +/openssl/include/opensslconf.h +/util/domd + +# Executables +/apps/openssl +/test/sha256t +/test/sha512t +/test/gost2814789t +/test/ssltest_old +/test/*test +/test/fips_aesavs +/test/fips_desmovs +/test/fips_dhvs +/test/fips_drbgvs +/test/fips_dssvs +/test/fips_ecdhvs +/test/fips_ecdsavs +/test/fips_rngvs +/test/fips_test_suite +/test/ssltest_old +/test/x509aux +/test/v3ext + +# Certain files that get created by tests on the fly +/test/test-runs +/test/buildtest_* + +# Fuzz stuff. +# Anything without an extension is an executable on Unix, so we keep files +# with extensions. And we keep the corpora subddir versioned as well. +# Anything more generic with extensions that should be ignored will be taken +# care of by general ignores for those extensions (*.o, *.obj, *.exe, ...) +/fuzz/* +!/fuzz/README* +!/fuzz/corpora +!/fuzz/*.* + +# Misc auto generated files +/include/openssl/opensslconf.h +/tools/c_rehash +/tools/c_rehash.pl +/util/shlib_wrap.sh +/tags +/TAGS +/crypto.map +/ssl.map + +# Windows (legacy) +/tmp32 +/tmp32.dbg +/tmp32dll +/tmp32dll.dbg +/out32 +/out32.dbg +/out32dll +/out32dll.dbg +/inc32 +/MINFO +/ms/.rnd +/ms/bcb.mak +/ms/libeay32.def +/ms/nt.mak +/ms/ntdll.mak +/ms/ssleay32.def +/ms/version32.rc + +# Files created on other branches that are not held in git, and are not +# needed on this branch +/include/openssl/asn1_mac.h +/include/openssl/des_old.h +/include/openssl/fips.h +/include/openssl/fips_rand.h +/include/openssl/krb5_asn.h +/include/openssl/kssl.h +/include/openssl/pq_compat.h +/include/openssl/ssl23.h +/include/openssl/tmdiff.h +/include/openssl/ui_compat.h +/test/fips_aesavs.c +/test/fips_desmovs.c +/test/fips_dsatest.c +/test/fips_dssvs.c +/test/fips_hmactest.c +/test/fips_randtest.c +/test/fips_rngvs.c +/test/fips_rsagtest.c +/test/fips_rsastest.c +/test/fips_rsavtest.c +/test/fips_shatest.c +/test/fips_test_suite.c +/test/shatest.c + +##### Generic patterns +# Auto generated assembly language source files +*.s +!/crypto/*/asm/*.s +/crypto/arm*.S +/crypto/*/*.S +*.asm +!/crypto/*/asm/*.asm + +# Object files +*.o +*.obj + +# editor artefacts +*.swp +.#* +\#*# +*~ + +# Certificate symbolic links +*.0 + +# All kinds of executables +*.so +*.so.* +*.dylib +*.dylib.* +*.dll +*.dll.* +*.exe +*.pyc +*.exp +*.lib +*.pdb +*.ilk +*.def +*.rc +*.res + +# Misc generated stuff +Makefile.save +/crypto/**/lib +/engines/**/lib +/ssl/**/lib +*.bak +cscope.* +*.d +pod2htmd.tmp + +# Windows manifest files +*.manifest diff --git a/third_party/openssl/.travis-apt-pin.preferences b/third_party/openssl/.travis-apt-pin.preferences new file mode 100644 index 0000000000..1797bd0414 --- /dev/null +++ b/third_party/openssl/.travis-apt-pin.preferences @@ -0,0 +1,15 @@ +Package: clang-3.9 +Pin: release o=Ubuntu +Pin-Priority: -1 + +Package: libclang-common-3.9-dev +Pin: release o=Ubuntu +Pin-Priority: -1 + +Package: libclang1-3.9 +Pin: release o=Ubuntu +Pin-Priority: -1 + +Package: libllvm3.9v4 +Pin: release o=Ubuntu +Pin-Priority: -1 diff --git a/third_party/openssl/.travis-create-release.sh b/third_party/openssl/.travis-create-release.sh new file mode 100644 index 0000000000..311cedd69c --- /dev/null +++ b/third_party/openssl/.travis-create-release.sh @@ -0,0 +1,11 @@ +#! /bin/sh + +# $1 is expected to be $TRAVIS_OS_NAME + +./Configure dist +if [ "$1" == osx ]; then + make NAME='_srcdist' TARFILE='_srcdist.tar' \ + TAR_COMMAND='$(TAR) $(TARFLAGS) -cvf -' tar +else + make TARFILE='_srcdist.tar' NAME='_srcdist' dist +fi diff --git a/third_party/openssl/.travis.yml b/third_party/openssl/.travis.yml new file mode 100644 index 0000000000..ba2b537218 --- /dev/null +++ b/third_party/openssl/.travis.yml @@ -0,0 +1,204 @@ +dist: trusty +sudo: required + +language: c +cache: ccache + +before_install: + - if [ -n "$COVERALLS" ]; then + pip install --user cpp-coveralls; + fi; + +addons: + apt: + packages: + - ccache + +os: + - linux + +compiler: + - clang + - gcc + +env: + - CONFIG_OPTS="" DESTDIR="_install" + - CONFIG_OPTS="--debug no-shared enable-crypto-mdebug enable-rc5 enable-md2" + - CONFIG_OPTS="no-pic --strict-warnings" BUILDONLY="yes" + - CONFIG_OPTS="no-engine no-shared --strict-warnings" BUILDONLY="yes" + - CONFIG_OPTS="no-stdio --strict-warnings" BUILDONLY="yes" + - CONFIG_OPTS="no-ec" BUILDONLY="yes" + - CONFIG_OPTS="no-asm --strict-warnings" BUILDONLY="yes" CHECKDOCS="yes" + +matrix: + include: + - os: linux + compiler: clang-3.9 + env: CONFIG_OPTS="--strict-warnings no-deprecated" BUILDONLY="yes" + - os: linux + compiler: gcc + env: CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers" COVERALLS="yes" + - os: linux + compiler: clang-3.9 + env: CONFIG_OPTS="enable-asan" + - os: linux + compiler: clang-3.9 + env: CONFIG_OPTS="enable-msan" + - os: linux + compiler: clang-3.9 + env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method -fno-sanitize=alignment" + - os: linux + compiler: clang-3.9 + env: CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2" + - os: linux + compiler: clang-3.9 + env: CONFIG_OPTS="no-stdio" + - os: linux + addons: + apt: + packages: + - gcc-5 + sources: + - ubuntu-toolchain-r-test + compiler: gcc-5 + env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC" + - os: linux + addons: + apt: + packages: + - binutils-mingw-w64 + - gcc-mingw-w64 + compiler: i686-w64-mingw32-gcc + env: CONFIG_OPTS="no-pic" TESTS="-test_fuzz" + - os: linux + addons: + apt: + packages: + - binutils-mingw-w64 + - gcc-mingw-w64 + compiler: i686-w64-mingw32-gcc + env: CONFIG_OPTS="no-stdio" BUILDONLY="yes" + - os: linux + addons: + apt: + packages: + - binutils-mingw-w64 + - gcc-mingw-w64 + compiler: x86_64-w64-mingw32-gcc + env: CONFIG_OPTS="no-pic" TESTS="-test_fuzz" + - os: linux + addons: + apt: + packages: + - binutils-mingw-w64 + - gcc-mingw-w64 + compiler: x86_64-w64-mingw32-gcc + env: CONFIG_OPTS="no-stdio" BUILDONLY="yes" + exclude: + - os: linux + compiler: clang + - os: osx + compiler: gcc + +before_script: + - if [ -n "$DESTDIR" ]; then + sh .travis-create-release.sh $TRAVIS_OS_NAME; + tar -xvzf _srcdist.tar.gz; + mkdir _build; + cd _build; + srcdir=../_srcdist; + top=..; + else + srcdir=.; + top=.; + fi + - if [ "$CC" == i686-w64-mingw32-gcc ]; then + export CROSS_COMPILE=${CC%%gcc}; unset CC; + $srcdir/Configure mingw $CONFIG_OPTS -Wno-pedantic-ms-format; + elif [ "$CC" == x86_64-w64-mingw32-gcc ]; then + export CROSS_COMPILE=${CC%%gcc}; unset CC; + $srcdir/Configure mingw64 $CONFIG_OPTS -Wno-pedantic-ms-format; + else + if [ "$CC" == clang-3.9 ]; then + sudo cp .travis-apt-pin.preferences /etc/apt/preferences.d/no-ubuntu-clang; + curl -sSL "http://apt.llvm.org/llvm-snapshot.gpg.key" | sudo -E apt-key add -; + echo "deb http://apt.llvm.org/trusty/ llvm-toolchain-trusty-3.9 main" | sudo tee -a /etc/apt/sources.list > /dev/null; + sudo -E apt-add-repository -y "ppa:ubuntu-toolchain-r/test"; + sudo -E apt-get -yq update; + sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install clang-3.9; + elif which ccache >/dev/null; then + CC="ccache $CC"; + fi; + $srcdir/config -v $CONFIG_OPTS; + fi + - if [ -z "$BUILDONLY" ]; then + if [ -n "$CROSS_COMPILE" ]; then + if [ "$TRAVIS_OS_NAME" == "linux" ]; then + sudo dpkg --add-architecture i386; + sudo apt-get update; + fi; + fi; + fi + - cd $top + +script: + - if [ -z "$BUILDONLY" ]; then + make="make -s"; + else + make="make"; + fi + - if [ -n "$DESTDIR" ]; then + cd _build; + top=..; + else + top=.; + fi + - if $make update; then + echo -e '+\057 MAKE UPDATE OK'; + else + echo -e '+\057 MAKE UPDATE FAILED'; false; + fi; + git diff --quiet + - if [ -n "$CHECKDOCS" ]; then + if $make doc-nits; then + echo -e '+\057\057 MAKE DOC-NITS OK'; + else + echo -e '+\057\057 MAKE DOC-NITS FAILED'; false; + fi; + fi + - if $make ; then + echo -e '+\057\057\057 MAKE OK'; + else + echo -e '+\057\057\057 MAKE FAILED'; false; + fi; + - if [ -z "$BUILDONLY" ]; then + if [ -n "$CROSS_COMPILE" ]; then + sudo apt-get -yq install wine; + export EXE_SHELL="wine" WINEPREFIX=`pwd`; + fi; + HARNESS_VERBOSE=yes make test; + else + if $make build_tests; then + echo -e '+\057\057\075 MAKE BUILD_TESTS OK'; + else + echo -e '+\057\057\075 MAKE BUILD_TESTS FAILEd'; false; + fi; + fi + - if [ -n "$DESTDIR" ]; then + mkdir "../$DESTDIR"; + if $make install install_docs DESTDIR="../$DESTDIR"; then + echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS OK'; + else + echo -e '+\057\057\057\057\057 MAKE INSTALL_DOCS FAILED'; false; + fi; + fi + - cd $top + +after_success: + - if [ -n "$COVERALLS" ]; then + coveralls -b . --gcov-options '\-lp'; + fi; + +notifications: + email: + secure: "xeGNgWO7aoaDgRvcZubposqMsj36aU8c6F0oHfw+rUqltCQ14IgYCUwzocmR2O+Pa7B3Cx5VjMfBFHbQaajZsfod8vu7g+aGq/zkjwbhsr/SR4dljJjFJXLGZjIalm9KgP6KInmVDuINfCqP+MHIY5lZkNI7DMcyHDhVc5nSKvCXV7xTDNgmstvh8rB/z51WfHDqGqfBtiuK5FDNxmvYK8OFJ5W94Lu9LDlizcxwK3GAj7arOui7Z5w8bQ6p4seUE3IvJL1Zbj0pZHxvNb6Zeb2Pn8QF1qLlN8YmBktD4aiw0ce4wYRiL87uLgcOxZY7SVXtv2XYFIYWapU/FKjCqa6vK93V/H9eZWEIYNMKnN3wXm2beqVdnKek3OeGJ8v0y7MbSfuLfRtBqbTSNYnpU1Zuo4MQAvHvEPuwCAYkYQajOSRplMH5sULFKptuVqNtOMfjL8jHb8AEoL1acYIk43ydxeYrzzas4fqgCDJ52573/u0RNdF1lkQBLkuM365OB8VRqtpnoxcdEIY/qBc/8TzZ24fxyrs5qdHFcxGSgpN2EP6cJMqpvkemnCNSdhxUqfzm22N7a3O8+4LFSBGOnHto/PwdsvF/01yGYL0LoZTnoO1i6x7AMJPBh+eyDU0ZjGhj/msjmqeb9C8vRqQ+1WjHrIS1iqCD0Czib8tUPD4=" diff --git a/third_party/openssl/ACKNOWLEDGEMENTS b/third_party/openssl/ACKNOWLEDGEMENTS new file mode 100644 index 0000000000..d21dccbb79 --- /dev/null +++ b/third_party/openssl/ACKNOWLEDGEMENTS @@ -0,0 +1,2 @@ +Please https://www.openssl.org/community/thanks.html for the current +acknowledgements. diff --git a/third_party/openssl/ACKNOWLEDGMENTS b/third_party/openssl/ACKNOWLEDGMENTS deleted file mode 100644 index 59c6f01f97..0000000000 --- a/third_party/openssl/ACKNOWLEDGMENTS +++ /dev/null @@ -1,30 +0,0 @@ -The OpenSSL project depends on volunteer efforts and financial support from -the end user community. That support comes in the form of donations and paid -sponsorships, software support contracts, paid consulting services -and commissioned software development. - -Since all these activities support the continued development and improvement -of OpenSSL we consider all these clients and customers as sponsors of the -OpenSSL project. - -We would like to identify and thank the following such sponsors for their past -or current significant support of the OpenSSL project: - -Major support: - - Qualys http://www.qualys.com/ - -Very significant support: - - OpenGear: http://www.opengear.com/ - -Significant support: - - PSW Group: http://www.psw.net/ - Acano Ltd. http://acano.com/ - -Please note that we ask permission to identify sponsors and that some sponsors -we consider eligible for inclusion here have requested to remain anonymous. - -Additional sponsorship or financial support is always welcome: for more -information please contact the OpenSSL Software Foundation. diff --git a/third_party/openssl/AUTHORS b/third_party/openssl/AUTHORS new file mode 100644 index 0000000000..48211a2746 --- /dev/null +++ b/third_party/openssl/AUTHORS @@ -0,0 +1,21 @@ + Andy Polyakov + Ben Laurie + Bodo Möller + Emilia Käsper + Eric Young + Geoff Thorpe + Holger Reif + Kurt Roeckx + Lutz Jänicke + Mark J. Cox + Matt Caswell + Nils Larsch + Paul C. Sutton + Ralf S. Engelschall + Rich Salz + Richard Levitte + Stephen Henson + Steve Marquess + Tim Hudson + Ulf Möller + Viktor Dukhovni diff --git a/third_party/openssl/CHANGES b/third_party/openssl/CHANGES index 5e9225b57c..761148aa32 100644 --- a/third_party/openssl/CHANGES +++ b/third_party/openssl/CHANGES @@ -2,6 +2,1606 @@ OpenSSL CHANGES _______________ + This is a high-level summary of the most important changes. + For a full list of changes, see the git commit log; for example, + https://github.com/openssl/openssl/commits/ and pick the appropriate + release branch. + + Changes between 1.1.0f and 1.1.0g [2 Nov 2017] + + *) bn_sqrx8x_internal carry bug on x86_64 + + There is a carry propagating bug in the x86_64 Montgomery squaring + procedure. No EC algorithms are affected. Analysis suggests that attacks + against RSA and DSA as a result of this defect would be very difficult to + perform and are not believed likely. Attacks against DH are considered just + feasible (although very difficult) because most of the work necessary to + deduce information about a private key may be performed offline. The amount + of resources required for such an attack would be very significant and + likely only accessible to a limited number of attackers. An attacker would + additionally need online access to an unpatched system using the target + private key in a scenario with persistent DH parameters and a private + key that is shared between multiple clients. + + This only affects processors that support the BMI1, BMI2 and ADX extensions + like Intel Broadwell (5th generation) and later or AMD Ryzen. + + This issue was reported to OpenSSL by the OSS-Fuzz project. + (CVE-2017-3736) + [Andy Polyakov] + + *) Malformed X.509 IPAddressFamily could cause OOB read + + If an X.509 certificate has a malformed IPAddressFamily extension, + OpenSSL could do a one-byte buffer overread. The most likely result + would be an erroneous display of the certificate in text format. + + This issue was reported to OpenSSL by the OSS-Fuzz project. + (CVE-2017-3735) + [Rich Salz] + + *) Ignore the '-named_curve auto' value for compatibility of applications + with OpenSSL 1.0.2. + [Tomas Mraz ] + + *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd. + [Emilia Käsper] + + Changes between 1.1.0e and 1.1.0f [25 May 2017] + + *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target + platform rather than 'mingw'. + [Richard Levitte] + + *) Remove the VMS-specific reimplementation of gmtime from crypto/o_times.c. + VMS C's RTL has a fully up to date gmtime() and gmtime_r() since V7.1, + which is the minimum version we support. + [Richard Levitte] + + Changes between 1.1.0d and 1.1.0e [16 Feb 2017] + + *) Encrypt-Then-Mac renegotiation crash + + During a renegotiation handshake if the Encrypt-Then-Mac extension is + negotiated where it was not in the original handshake (or vice-versa) then + this can cause OpenSSL to crash (dependant on ciphersuite). Both clients + and servers are affected. + + This issue was reported to OpenSSL by Joe Orton (Red Hat). + (CVE-2017-3733) + [Matt Caswell] + + Changes between 1.1.0c and 1.1.0d [26 Jan 2017] + + *) Truncated packet could crash via OOB read + + If one side of an SSL/TLS path is running on a 32-bit host and a specific + cipher is being used, then a truncated packet can cause that host to + perform an out-of-bounds read, usually resulting in a crash. + + This issue was reported to OpenSSL by Robert ÅšwiÄ™cki of Google. + (CVE-2017-3731) + [Andy Polyakov] + + *) Bad (EC)DHE parameters cause a client crash + + If a malicious server supplies bad parameters for a DHE or ECDHE key + exchange then this can result in the client attempting to dereference a + NULL pointer leading to a client crash. This could be exploited in a Denial + of Service attack. + + This issue was reported to OpenSSL by Guido Vranken. + (CVE-2017-3730) + [Matt Caswell] + + *) BN_mod_exp may produce incorrect results on x86_64 + + There is a carry propagating bug in the x86_64 Montgomery squaring + procedure. No EC algorithms are affected. Analysis suggests that attacks + against RSA and DSA as a result of this defect would be very difficult to + perform and are not believed likely. Attacks against DH are considered just + feasible (although very difficult) because most of the work necessary to + deduce information about a private key may be performed offline. The amount + of resources required for such an attack would be very significant and + likely only accessible to a limited number of attackers. An attacker would + additionally need online access to an unpatched system using the target + private key in a scenario with persistent DH parameters and a private + key that is shared between multiple clients. For example this can occur by + default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very + similar to CVE-2015-3193 but must be treated as a separate problem. + + This issue was reported to OpenSSL by the OSS-Fuzz project. + (CVE-2017-3732) + [Andy Polyakov] + + Changes between 1.1.0b and 1.1.0c [10 Nov 2016] + + *) ChaCha20/Poly1305 heap-buffer-overflow + + TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to + a DoS attack by corrupting larger payloads. This can result in an OpenSSL + crash. This issue is not considered to be exploitable beyond a DoS. + + This issue was reported to OpenSSL by Robert ÅšwiÄ™cki (Google Security Team) + (CVE-2016-7054) + [Richard Levitte] + + *) CMS Null dereference + + Applications parsing invalid CMS structures can crash with a NULL pointer + dereference. This is caused by a bug in the handling of the ASN.1 CHOICE + type in OpenSSL 1.1.0 which can result in a NULL value being passed to the + structure callback if an attempt is made to free certain invalid encodings. + Only CHOICE structures using a callback which do not handle NULL value are + affected. + + This issue was reported to OpenSSL by Tyler Nighswander of ForAllSecure. + (CVE-2016-7053) + [Stephen Henson] + + *) Montgomery multiplication may produce incorrect results + + There is a carry propagating bug in the Broadwell-specific Montgomery + multiplication procedure that handles input lengths divisible by, but + longer than 256 bits. Analysis suggests that attacks against RSA, DSA + and DH private keys are impossible. This is because the subroutine in + question is not used in operations with the private key itself and an input + of the attacker's direct choice. Otherwise the bug can manifest itself as + transient authentication and key negotiation failures or reproducible + erroneous outcome of public-key operations with specially crafted input. + Among EC algorithms only Brainpool P-512 curves are affected and one + presumably can attack ECDH key negotiation. Impact was not analyzed in + detail, because pre-requisites for attack are considered unlikely. Namely + multiple clients have to choose the curve in question and the server has to + share the private key among them, neither of which is default behaviour. + Even then only clients that chose the curve will be affected. + + This issue was publicly reported as transient failures and was not + initially recognized as a security issue. Thanks to Richard Morgan for + providing reproducible case. + (CVE-2016-7055) + [Andy Polyakov] + + *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0 + or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to + prevent issues where no progress is being made and the peer continually + sends unrecognised record types, using up resources processing them. + [Matt Caswell] + + *) Removed automatic addition of RPATH in shared libraries and executables, + as this was a remainder from OpenSSL 1.0.x and isn't needed any more. + [Richard Levitte] + + Changes between 1.1.0a and 1.1.0b [26 Sep 2016] + + *) Fix Use After Free for large message sizes + + The patch applied to address CVE-2016-6307 resulted in an issue where if a + message larger than approx 16k is received then the underlying buffer to + store the incoming message is reallocated and moved. Unfortunately a + dangling pointer to the old location is left which results in an attempt to + write to the previously freed location. This is likely to result in a + crash, however it could potentially lead to execution of arbitrary code. + + This issue only affects OpenSSL 1.1.0a. + + This issue was reported to OpenSSL by Robert ÅšwiÄ™cki. + (CVE-2016-6309) + [Matt Caswell] + + Changes between 1.1.0 and 1.1.0a [22 Sep 2016] + + *) OCSP Status Request extension unbounded memory growth + + A malicious client can send an excessively large OCSP Status Request + extension. If that client continually requests renegotiation, sending a + large OCSP Status Request extension each time, then there will be unbounded + memory growth on the server. This will eventually lead to a Denial Of + Service attack through memory exhaustion. Servers with a default + configuration are vulnerable even if they do not support OCSP. Builds using + the "no-ocsp" build time option are not affected. + + This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.) + (CVE-2016-6304) + [Matt Caswell] + + *) SSL_peek() hang on empty record + + OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer + sends an empty record. This could be exploited by a malicious peer in a + Denial Of Service attack. + + This issue was reported to OpenSSL by Alex Gaynor. + (CVE-2016-6305) + [Matt Caswell] + + *) Excessive allocation of memory in tls_get_message_header() and + dtls1_preprocess_fragment() + + A (D)TLS message includes 3 bytes for its length in the header for the + message. This would allow for messages up to 16Mb in length. Messages of + this length are excessive and OpenSSL includes a check to ensure that a + peer is sending reasonably sized messages in order to avoid too much memory + being consumed to service a connection. A flaw in the logic of version + 1.1.0 means that memory for the message is allocated too early, prior to + the excessive message length check. Due to way memory is allocated in + OpenSSL this could mean an attacker could force up to 21Mb to be allocated + to service a connection. This could lead to a Denial of Service through + memory exhaustion. However, the excessive message length check still takes + place, and this would cause the connection to immediately fail. Assuming + that the application calls SSL_free() on the failed connection in a timely + manner then the 21Mb of allocated memory will then be immediately freed + again. Therefore the excessive memory allocation will be transitory in + nature. This then means that there is only a security impact if: + + 1) The application does not call SSL_free() in a timely manner in the event + that the connection fails + or + 2) The application is working in a constrained environment where there is + very little free memory + or + 3) The attacker initiates multiple connection attempts such that there are + multiple connections in a state where memory has been allocated for the + connection; SSL_free() has not yet been called; and there is insufficient + memory to service the multiple requests. + + Except in the instance of (1) above any Denial Of Service is likely to be + transitory because as soon as the connection fails the memory is + subsequently freed again in the SSL_free() call. However there is an + increased risk during this period of application crashes due to the lack of + memory - which would then mean a more serious Denial of Service. + + This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.) + (CVE-2016-6307 and CVE-2016-6308) + [Matt Caswell] + + *) solaris-x86-cc, i.e. 32-bit configuration with vendor compiler, + had to be removed. Primary reason is that vendor assembler can't + assemble our modules with -KPIC flag. As result it, assembly + support, was not even available as option. But its lack means + lack of side-channel resistant code, which is incompatible with + security by todays standards. Fortunately gcc is readily available + prepackaged option, which we firmly point at... + [Andy Polyakov] + + Changes between 1.0.2h and 1.1.0 [25 Aug 2016] + + *) Windows command-line tool supports UTF-8 opt-in option for arguments + and console input. Setting OPENSSL_WIN32_UTF8 environment variable + (to any value) allows Windows user to access PKCS#12 file generated + with Windows CryptoAPI and protected with non-ASCII password, as well + as files generated under UTF-8 locale on Linux also protected with + non-ASCII password. + [Andy Polyakov] + + *) To mitigate the SWEET32 attack (CVE-2016-2183), 3DES cipher suites + have been disabled by default and removed from DEFAULT, just like RC4. + See the RC4 item below to re-enable both. + [Rich Salz] + + *) The method for finding the storage location for the Windows RAND seed file + has changed. First we check %RANDFILE%. If that is not set then we check + the directories %HOME%, %USERPROFILE% and %SYSTEMROOT% in that order. If + all else fails we fall back to C:\. + [Matt Caswell] + + *) The EVP_EncryptUpdate() function has had its return type changed from void + to int. A return of 0 indicates and error while a return of 1 indicates + success. + [Matt Caswell] + + *) The flags RSA_FLAG_NO_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME and + DH_FLAG_NO_EXP_CONSTTIME which previously provided the ability to switch + off the constant time implementation for RSA, DSA and DH have been made + no-ops and deprecated. + [Matt Caswell] + + *) Windows RAND implementation was simplified to only get entropy by + calling CryptGenRandom(). Various other RAND-related tickets + were also closed. + [Joseph Wylie Yandle, Rich Salz] + + *) The stack and lhash API's were renamed to start with OPENSSL_SK_ + and OPENSSL_LH_, respectively. The old names are available + with API compatibility. They new names are now completely documented. + [Rich Salz] + + *) Unify TYPE_up_ref(obj) methods signature. + SSL_CTX_up_ref(), SSL_up_ref(), X509_up_ref(), EVP_PKEY_up_ref(), + X509_CRL_up_ref(), X509_OBJECT_up_ref_count() methods are now returning an + int (instead of void) like all others TYPE_up_ref() methods. + So now these methods also check the return value of CRYPTO_atomic_add(), + and the validity of object reference counter. + [fdasilvayy@gmail.com] + + *) With Windows Visual Studio builds, the .pdb files are installed + alongside the installed libraries and executables. For a static + library installation, ossl_static.pdb is the associate compiler + generated .pdb file to be used when linking programs. + [Richard Levitte] + + *) Remove openssl.spec. Packaging files belong with the packagers. + [Richard Levitte] + + *) Automatic Darwin/OSX configuration has had a refresh, it will now + recognise x86_64 architectures automatically. You can still decide + to build for a different bitness with the environment variable + KERNEL_BITS (can be 32 or 64), for example: + + KERNEL_BITS=32 ./config + + [Richard Levitte] + + *) Change default algorithms in pkcs8 utility to use PKCS#5 v2.0, + 256 bit AES and HMAC with SHA256. + [Steve Henson] + + *) Remove support for MIPS o32 ABI on IRIX (and IRIX only). + [Andy Polyakov] + + *) Triple-DES ciphers have been moved from HIGH to MEDIUM. + [Rich Salz] + + *) To enable users to have their own config files and build file templates, + Configure looks in the directory indicated by the environment variable + OPENSSL_LOCAL_CONFIG_DIR as well as the in-source Configurations/ + directory. On VMS, OPENSSL_LOCAL_CONFIG_DIR is expected to be a logical + name and is used as is. + [Richard Levitte] + + *) The following datatypes were made opaque: X509_OBJECT, X509_STORE_CTX, + X509_STORE, X509_LOOKUP, and X509_LOOKUP_METHOD. The unused type + X509_CERT_FILE_CTX was removed. + [Rich Salz] + + *) "shared" builds are now the default. To create only static libraries use + the "no-shared" Configure option. + [Matt Caswell] + + *) Remove the no-aes, no-hmac, no-rsa, no-sha and no-md5 Configure options. + All of these option have not worked for some while and are fundamental + algorithms. + [Matt Caswell] + + *) Make various cleanup routines no-ops and mark them as deprecated. Most + global cleanup functions are no longer required because they are handled + via auto-deinit (see OPENSSL_init_crypto and OPENSSL_init_ssl man pages). + Explicitly de-initing can cause problems (e.g. where a library that uses + OpenSSL de-inits, but an application is still using it). The affected + functions are CONF_modules_free(), ENGINE_cleanup(), OBJ_cleanup(), + EVP_cleanup(), BIO_sock_cleanup(), CRYPTO_cleanup_all_ex_data(), + RAND_cleanup(), SSL_COMP_free_compression_methods(), ERR_free_strings() and + COMP_zlib_cleanup(). + [Matt Caswell] + + *) --strict-warnings no longer enables runtime debugging options + such as REF_DEBUG. Instead, debug options are automatically + enabled with '--debug' builds. + [Andy Polyakov, Emilia Käsper] + + *) Made DH and DH_METHOD opaque. The structures for managing DH objects + have been moved out of the public header files. New functions for managing + these have been added. + [Matt Caswell] + + *) Made RSA and RSA_METHOD opaque. The structures for managing RSA + objects have been moved out of the public header files. New + functions for managing these have been added. + [Richard Levitte] + + *) Made DSA and DSA_METHOD opaque. The structures for managing DSA objects + have been moved out of the public header files. New functions for managing + these have been added. + [Matt Caswell] + + *) Made BIO and BIO_METHOD opaque. The structures for managing BIOs have been + moved out of the public header files. New functions for managing these + have been added. + [Matt Caswell] + + *) Removed no-rijndael as a config option. Rijndael is an old name for AES. + [Matt Caswell] + + *) Removed the mk1mf build scripts. + [Richard Levitte] + + *) Headers are now wrapped, if necessary, with OPENSSL_NO_xxx, so + it is always safe to #include a header now. + [Rich Salz] + + *) Removed the aged BC-32 config and all its supporting scripts + [Richard Levitte] + + *) Removed support for Ultrix, Netware, and OS/2. + [Rich Salz] + + *) Add support for HKDF. + [Alessandro Ghedini] + + *) Add support for blake2b and blake2s + [Bill Cox] + + *) Added support for "pipelining". Ciphers that have the + EVP_CIPH_FLAG_PIPELINE flag set have a capability to process multiple + encryptions/decryptions simultaneously. There are currently no built-in + ciphers with this property but the expectation is that engines will be able + to offer it to significantly improve throughput. Support has been extended + into libssl so that multiple records for a single connection can be + processed in one go (for >=TLS 1.1). + [Matt Caswell] + + *) Added the AFALG engine. This is an async capable engine which is able to + offload work to the Linux kernel. In this initial version it only supports + AES128-CBC. The kernel must be version 4.1.0 or greater. + [Catriona Lucey] + + *) OpenSSL now uses a new threading API. It is no longer necessary to + set locking callbacks to use OpenSSL in a multi-threaded environment. There + are two supported threading models: pthreads and windows threads. It is + also possible to configure OpenSSL at compile time for "no-threads". The + old threading API should no longer be used. The functions have been + replaced with "no-op" compatibility macros. + [Alessandro Ghedini, Matt Caswell] + + *) Modify behavior of ALPN to invoke callback after SNI/servername + callback, such that updates to the SSL_CTX affect ALPN. + [Todd Short] + + *) Add SSL_CIPHER queries for authentication and key-exchange. + [Todd Short] + + *) Changes to the DEFAULT cipherlist: + - Prefer (EC)DHE handshakes over plain RSA. + - Prefer AEAD ciphers over legacy ciphers. + - Prefer ECDSA over RSA when both certificates are available. + - Prefer TLSv1.2 ciphers/PRF. + - Remove DSS, SEED, IDEA, CAMELLIA, and AES-CCM from the + default cipherlist. + [Emilia Käsper] + + *) Change the ECC default curve list to be this, in order: x25519, + secp256r1, secp521r1, secp384r1. + [Rich Salz] + + *) RC4 based libssl ciphersuites are now classed as "weak" ciphers and are + disabled by default. They can be re-enabled using the + enable-weak-ssl-ciphers option to Configure. + [Matt Caswell] + + *) If the server has ALPN configured, but supports no protocols that the + client advertises, send a fatal "no_application_protocol" alert. + This behaviour is SHALL in RFC 7301, though it isn't universally + implemented by other servers. + [Emilia Käsper] + + *) Add X25519 support. + Add ASN.1 and EVP_PKEY methods for X25519. This includes support + for public and private key encoding using the format documented in + draft-ietf-curdle-pkix-02. The corresponding EVP_PKEY method supports + key generation and key derivation. + + TLS support complies with draft-ietf-tls-rfc4492bis-08 and uses + X25519(29). + [Steve Henson] + + *) Deprecate SRP_VBASE_get_by_user. + SRP_VBASE_get_by_user had inconsistent memory management behaviour. + In order to fix an unavoidable memory leak (CVE-2016-0798), + SRP_VBASE_get_by_user was changed to ignore the "fake user" SRP + seed, even if the seed is configured. + + Users should use SRP_VBASE_get1_by_user instead. Note that in + SRP_VBASE_get1_by_user, caller must free the returned value. Note + also that even though configuring the SRP seed attempts to hide + invalid usernames by continuing the handshake with fake + credentials, this behaviour is not constant time and no strong + guarantees are made that the handshake is indistinguishable from + that of a valid user. + [Emilia Käsper] + + *) Configuration change; it's now possible to build dynamic engines + without having to build shared libraries and vice versa. This + only applies to the engines in engines/, those in crypto/engine/ + will always be built into libcrypto (i.e. "static"). + + Building dynamic engines is enabled by default; to disable, use + the configuration option "disable-dynamic-engine". + + The only requirements for building dynamic engines are the + presence of the DSO module and building with position independent + code, so they will also automatically be disabled if configuring + with "disable-dso" or "disable-pic". + + The macros OPENSSL_NO_STATIC_ENGINE and OPENSSL_NO_DYNAMIC_ENGINE + are also taken away from openssl/opensslconf.h, as they are + irrelevant. + [Richard Levitte] + + *) Configuration change; if there is a known flag to compile + position independent code, it will always be applied on the + libcrypto and libssl object files, and never on the application + object files. This means other libraries that use routines from + libcrypto / libssl can be made into shared libraries regardless + of how OpenSSL was configured. + + If this isn't desirable, the configuration options "disable-pic" + or "no-pic" can be used to disable the use of PIC. This will + also disable building shared libraries and dynamic engines. + [Richard Levitte] + + *) Removed JPAKE code. It was experimental and has no wide use. + [Rich Salz] + + *) The INSTALL_PREFIX Makefile variable has been renamed to + DESTDIR. That makes for less confusion on what this variable + is for. Also, the configuration option --install_prefix is + removed. + [Richard Levitte] + + *) Heartbeat for TLS has been removed and is disabled by default + for DTLS; configure with enable-heartbeats. Code that uses the + old #define's might need to be updated. + [Emilia Käsper, Rich Salz] + + *) Rename REF_CHECK to REF_DEBUG. + [Rich Salz] + + *) New "unified" build system + + The "unified" build system is aimed to be a common system for all + platforms we support. With it comes new support for VMS. + + This system builds supports building in a different directory tree + than the source tree. It produces one Makefile (for unix family + or lookalikes), or one descrip.mms (for VMS). + + The source of information to make the Makefile / descrip.mms is + small files called 'build.info', holding the necessary + information for each directory with source to compile, and a + template in Configurations, like unix-Makefile.tmpl or + descrip.mms.tmpl. + + With this change, the library names were also renamed on Windows + and on VMS. They now have names that are closer to the standard + on Unix, and include the major version number, and in certain + cases, the architecture they are built for. See "Notes on shared + libraries" in INSTALL. + + We rely heavily on the perl module Text::Template. + [Richard Levitte] + + *) Added support for auto-initialisation and de-initialisation of the library. + OpenSSL no longer requires explicit init or deinit routines to be called, + except in certain circumstances. See the OPENSSL_init_crypto() and + OPENSSL_init_ssl() man pages for further information. + [Matt Caswell] + + *) The arguments to the DTLSv1_listen function have changed. Specifically the + "peer" argument is now expected to be a BIO_ADDR object. + + *) Rewrite of BIO networking library. The BIO library lacked consistent + support of IPv6, and adding it required some more extensive + modifications. This introduces the BIO_ADDR and BIO_ADDRINFO types, + which hold all types of addresses and chains of address information. + It also introduces a new API, with functions like BIO_socket, + BIO_connect, BIO_listen, BIO_lookup and a rewrite of BIO_accept. + The source/sink BIOs BIO_s_connect, BIO_s_accept and BIO_s_datagram + have been adapted accordingly. + [Richard Levitte] + + *) RSA_padding_check_PKCS1_type_1 now accepts inputs with and without + the leading 0-byte. + [Emilia Käsper] + + *) CRIME protection: disable compression by default, even if OpenSSL is + compiled with zlib enabled. Applications can still enable compression + by calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by + using the SSL_CONF library to configure compression. + [Emilia Käsper] + + *) The signature of the session callback configured with + SSL_CTX_sess_set_get_cb was changed. The read-only input buffer + was explicitly marked as 'const unsigned char*' instead of + 'unsigned char*'. + [Emilia Käsper] + + *) Always DPURIFY. Remove the use of uninitialized memory in the + RNG, and other conditional uses of DPURIFY. This makes -DPURIFY a no-op. + [Emilia Käsper] + + *) Removed many obsolete configuration items, including + DES_PTR, DES_RISC1, DES_RISC2, DES_INT + MD2_CHAR, MD2_INT, MD2_LONG + BF_PTR, BF_PTR2 + IDEA_SHORT, IDEA_LONG + RC2_SHORT, RC2_LONG, RC4_LONG, RC4_CHUNK, RC4_INDEX + [Rich Salz, with advice from Andy Polyakov] + + *) Many BN internals have been moved to an internal header file. + [Rich Salz with help from Andy Polyakov] + + *) Configuration and writing out the results from it has changed. + Files such as Makefile include/openssl/opensslconf.h and are now + produced through general templates, such as Makefile.in and + crypto/opensslconf.h.in and some help from the perl module + Text::Template. + + Also, the center of configuration information is no longer + Makefile. Instead, Configure produces a perl module in + configdata.pm which holds most of the config data (in the hash + table %config), the target data that comes from the target + configuration in one of the Configurations/*.conf files (in + %target). + [Richard Levitte] + + *) To clarify their intended purposes, the Configure options + --prefix and --openssldir change their semantics, and become more + straightforward and less interdependent. + + --prefix shall be used exclusively to give the location INSTALLTOP + where programs, scripts, libraries, include files and manuals are + going to be installed. The default is now /usr/local. + + --openssldir shall be used exclusively to give the default + location OPENSSLDIR where certificates, private keys, CRLs are + managed. This is also where the default openssl.cnf gets + installed. + If the directory given with this option is a relative path, the + values of both the --prefix value and the --openssldir value will + be combined to become OPENSSLDIR. + The default for --openssldir is INSTALLTOP/ssl. + + Anyone who uses --openssldir to specify where OpenSSL is to be + installed MUST change to use --prefix instead. + [Richard Levitte] + + *) The GOST engine was out of date and therefore it has been removed. An up + to date GOST engine is now being maintained in an external repository. + See: https://wiki.openssl.org/index.php/Binaries. Libssl still retains + support for GOST ciphersuites (these are only activated if a GOST engine + is present). + [Matt Caswell] + + *) EGD is no longer supported by default; use enable-egd when + configuring. + [Ben Kaduk and Rich Salz] + + *) The distribution now has Makefile.in files, which are used to + create Makefile's when Configure is run. *Configure must be run + before trying to build now.* + [Rich Salz] + + *) The return value for SSL_CIPHER_description() for error conditions + has changed. + [Rich Salz] + + *) Support for RFC6698/RFC7671 DANE TLSA peer authentication. + + Obtaining and performing DNSSEC validation of TLSA records is + the application's responsibility. The application provides + the TLSA records of its choice to OpenSSL, and these are then + used to authenticate the peer. + + The TLSA records need not even come from DNS. They can, for + example, be used to implement local end-entity certificate or + trust-anchor "pinning", where the "pin" data takes the form + of TLSA records, which can augment or replace verification + based on the usual WebPKI public certification authorities. + [Viktor Dukhovni] + + *) Revert default OPENSSL_NO_DEPRECATED setting. Instead OpenSSL + continues to support deprecated interfaces in default builds. + However, applications are strongly advised to compile their + source files with -DOPENSSL_API_COMPAT=0x10100000L, which hides + the declarations of all interfaces deprecated in 0.9.8, 1.0.0 + or the 1.1.0 releases. + + In environments in which all applications have been ported to + not use any deprecated interfaces OpenSSL's Configure script + should be used with the --api=1.1.0 option to entirely remove + support for the deprecated features from the library and + unconditionally disable them in the installed headers. + Essentially the same effect can be achieved with the "no-deprecated" + argument to Configure, except that this will always restrict + the build to just the latest API, rather than a fixed API + version. + + As applications are ported to future revisions of the API, + they should update their compile-time OPENSSL_API_COMPAT define + accordingly, but in most cases should be able to continue to + compile with later releases. + + The OPENSSL_API_COMPAT versions for 1.0.0, and 0.9.8 are + 0x10000000L and 0x00908000L, respectively. However those + versions did not support the OPENSSL_API_COMPAT feature, and + so applications are not typically tested for explicit support + of just the undeprecated features of either release. + [Viktor Dukhovni] + + *) Add support for setting the minimum and maximum supported protocol. + It can bet set via the SSL_set_min_proto_version() and + SSL_set_max_proto_version(), or via the SSL_CONF's MinProtocol and + MaxProtcol. It's recommended to use the new APIs to disable + protocols instead of disabling individual protocols using + SSL_set_options() or SSL_CONF's Protocol. This change also + removes support for disabling TLS 1.2 in the OpenSSL TLS + client at compile time by defining OPENSSL_NO_TLS1_2_CLIENT. + [Kurt Roeckx] + + *) Support for ChaCha20 and Poly1305 added to libcrypto and libssl. + [Andy Polyakov] + + *) New EC_KEY_METHOD, this replaces the older ECDSA_METHOD and ECDH_METHOD + and integrates ECDSA and ECDH functionality into EC. Implementations can + now redirect key generation and no longer need to convert to or from + ECDSA_SIG format. + + Note: the ecdsa.h and ecdh.h headers are now no longer needed and just + include the ec.h header file instead. + [Steve Henson] + + *) Remove support for all 40 and 56 bit ciphers. This includes all the export + ciphers who are no longer supported and drops support the ephemeral RSA key + exchange. The LOW ciphers currently doesn't have any ciphers in it. + [Kurt Roeckx] + + *) Made EVP_MD_CTX, EVP_MD, EVP_CIPHER_CTX, EVP_CIPHER and HMAC_CTX + opaque. For HMAC_CTX, the following constructors and destructors + were added: + + HMAC_CTX *HMAC_CTX_new(void); + void HMAC_CTX_free(HMAC_CTX *ctx); + + For EVP_MD and EVP_CIPHER, complete APIs to create, fill and + destroy such methods has been added. See EVP_MD_meth_new(3) and + EVP_CIPHER_meth_new(3) for documentation. + + Additional changes: + 1) EVP_MD_CTX_cleanup(), EVP_CIPHER_CTX_cleanup() and + HMAC_CTX_cleanup() were removed. HMAC_CTX_reset() and + EVP_MD_CTX_reset() should be called instead to reinitialise + an already created structure. + 2) For consistency with the majority of our object creators and + destructors, EVP_MD_CTX_(create|destroy) were renamed to + EVP_MD_CTX_(new|free). The old names are retained as macros + for deprecated builds. + [Richard Levitte] + + *) Added ASYNC support. Libcrypto now includes the async sub-library to enable + cryptographic operations to be performed asynchronously as long as an + asynchronous capable engine is used. See the ASYNC_start_job() man page for + further details. Libssl has also had this capability integrated with the + introduction of the new mode SSL_MODE_ASYNC and associated error + SSL_ERROR_WANT_ASYNC. See the SSL_CTX_set_mode() and SSL_get_error() man + pages. This work was developed in partnership with Intel Corp. + [Matt Caswell] + + *) SSL_{CTX_}set_ecdh_auto() has been removed and ECDH is support is + always enabled now. If you want to disable the support you should + exclude it using the list of supported ciphers. This also means that the + "-no_ecdhe" option has been removed from s_server. + [Kurt Roeckx] + + *) SSL_{CTX}_set_tmp_ecdh() which can set 1 EC curve now internally calls + SSL_{CTX_}set1_curves() which can set a list. + [Kurt Roeckx] + + *) Remove support for SSL_{CTX_}set_tmp_ecdh_callback(). You should set the + curve you want to support using SSL_{CTX_}set1_curves(). + [Kurt Roeckx] + + *) State machine rewrite. The state machine code has been significantly + refactored in order to remove much duplication of code and solve issues + with the old code (see ssl/statem/README for further details). This change + does have some associated API changes. Notably the SSL_state() function + has been removed and replaced by SSL_get_state which now returns an + "OSSL_HANDSHAKE_STATE" instead of an int. SSL_set_state() has been removed + altogether. The previous handshake states defined in ssl.h and ssl3.h have + also been removed. + [Matt Caswell] + + *) All instances of the string "ssleay" in the public API were replaced + with OpenSSL (case-matching; e.g., OPENSSL_VERSION for #define's) + Some error codes related to internal RSA_eay API's were renamed. + [Rich Salz] + + *) The demo files in crypto/threads were moved to demo/threads. + [Rich Salz] + + *) Removed obsolete engines: 4758cca, aep, atalla, cswift, nuron, gmp, + sureware and ubsec. + [Matt Caswell, Rich Salz] + + *) New ASN.1 embed macro. + + New ASN.1 macro ASN1_EMBED. This is the same as ASN1_SIMPLE except the + structure is not allocated: it is part of the parent. That is instead of + + FOO *x; + + it must be: + + FOO x; + + This reduces memory fragmentation and make it impossible to accidentally + set a mandatory field to NULL. + + This currently only works for some fields specifically a SEQUENCE, CHOICE, + or ASN1_STRING type which is part of a parent SEQUENCE. Since it is + equivalent to ASN1_SIMPLE it cannot be tagged, OPTIONAL, SET OF or + SEQUENCE OF. + [Steve Henson] + + *) Remove EVP_CHECK_DES_KEY, a compile-time option that never compiled. + [Emilia Käsper] + + *) Removed DES and RC4 ciphersuites from DEFAULT. Also removed RC2 although + in 1.0.2 EXPORT was already removed and the only RC2 ciphersuite is also + an EXPORT one. COMPLEMENTOFDEFAULT has been updated accordingly to add + DES and RC4 ciphersuites. + [Matt Caswell] + + *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs. + This changes the decoding behaviour for some invalid messages, + though the change is mostly in the more lenient direction, and + legacy behaviour is preserved as much as possible. + [Emilia Käsper] + + *) Fix no-stdio build. + [ David Woodhouse and also + Ivan Nestlerode ] + + *) New testing framework + The testing framework has been largely rewritten and is now using + perl and the perl modules Test::Harness and an extended variant of + Test::More called OpenSSL::Test to do its work. All test scripts in + test/ have been rewritten into test recipes, and all direct calls to + executables in test/Makefile have become individual recipes using the + simplified testing OpenSSL::Test::Simple. + + For documentation on our testing modules, do: + + perldoc test/testlib/OpenSSL/Test/Simple.pm + perldoc test/testlib/OpenSSL/Test.pm + + [Richard Levitte] + + *) Revamped memory debug; only -DCRYPTO_MDEBUG and -DCRYPTO_MDEBUG_ABORT + are used; the latter aborts on memory leaks (usually checked on exit). + Some undocumented "set malloc, etc., hooks" functions were removed + and others were changed. All are now documented. + [Rich Salz] + + *) In DSA_generate_parameters_ex, if the provided seed is too short, + return an error + [Rich Salz and Ismo Puustinen ] + + *) Rewrite PSK to support ECDHE_PSK, DHE_PSK and RSA_PSK. Add ciphersuites + from RFC4279, RFC4785, RFC5487, RFC5489. + + Thanks to Christian J. Dietrich and Giuseppe D'Angelo for the + original RSA_PSK patch. + [Steve Henson] + + *) Dropped support for the SSL3_FLAGS_DELAY_CLIENT_FINISHED flag. This SSLeay + era flag was never set throughout the codebase (only read). Also removed + SSL3_FLAGS_POP_BUFFER which was only used if + SSL3_FLAGS_DELAY_CLIENT_FINISHED was also set. + [Matt Caswell] + + *) Changed the default name options in the "ca", "crl", "req" and "x509" + to be "oneline" instead of "compat". + [Richard Levitte] + + *) Remove SSL_OP_TLS_BLOCK_PADDING_BUG. This is SSLeay legacy, we're + not aware of clients that still exhibit this bug, and the workaround + hasn't been working properly for a while. + [Emilia Käsper] + + *) The return type of BIO_number_read() and BIO_number_written() as well as + the corresponding num_read and num_write members in the BIO structure has + changed from unsigned long to uint64_t. On platforms where an unsigned + long is 32 bits (e.g. Windows) these counters could overflow if >4Gb is + transferred. + [Matt Caswell] + + *) Given the pervasive nature of TLS extensions it is inadvisable to run + OpenSSL without support for them. It also means that maintaining + the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably + not well tested). Therefore the OPENSSL_NO_TLSEXT option has been removed. + [Matt Caswell] + + *) Removed support for the two export grade static DH ciphersuites + EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites + were newly added (along with a number of other static DH ciphersuites) to + 1.0.2. However the two export ones have *never* worked since they were + introduced. It seems strange in any case to be adding new export + ciphersuites, and given "logjam" it also does not seem correct to fix them. + [Matt Caswell] + + *) Version negotiation has been rewritten. In particular SSLv23_method(), + SSLv23_client_method() and SSLv23_server_method() have been deprecated, + and turned into macros which simply call the new preferred function names + TLS_method(), TLS_client_method() and TLS_server_method(). All new code + should use the new names instead. Also as part of this change the ssl23.h + header file has been removed. + [Matt Caswell] + + *) Support for Kerberos ciphersuites in TLS (RFC2712) has been removed. This + code and the associated standard is no longer considered fit-for-purpose. + [Matt Caswell] + + *) RT2547 was closed. When generating a private key, try to make the + output file readable only by the owner. This behavior change might + be noticeable when interacting with other software. + + *) Documented all exdata functions. Added CRYPTO_free_ex_index. + Added a test. + [Rich Salz] + + *) Added HTTP GET support to the ocsp command. + [Rich Salz] + + *) Changed default digest for the dgst and enc commands from MD5 to + sha256 + [Rich Salz] + + *) RAND_pseudo_bytes has been deprecated. Users should use RAND_bytes instead. + [Matt Caswell] + + *) Added support for TLS extended master secret from + draft-ietf-tls-session-hash-03.txt. Thanks for Alfredo Pironti for an + initial patch which was a great help during development. + [Steve Henson] + + *) All libssl internal structures have been removed from the public header + files, and the OPENSSL_NO_SSL_INTERN option has been removed (since it is + now redundant). Users should not attempt to access internal structures + directly. Instead they should use the provided API functions. + [Matt Caswell] + + *) config has been changed so that by default OPENSSL_NO_DEPRECATED is used. + Access to deprecated functions can be re-enabled by running config with + "enable-deprecated". In addition applications wishing to use deprecated + functions must define OPENSSL_USE_DEPRECATED. Note that this new behaviour + will, by default, disable some transitive includes that previously existed + in the header files (e.g. ec.h will no longer, by default, include bn.h) + [Matt Caswell] + + *) Added support for OCB mode. OpenSSL has been granted a patent license + compatible with the OpenSSL license for use of OCB. Details are available + at https://www.openssl.org/source/OCB-patent-grant-OpenSSL.pdf. Support + for OCB can be removed by calling config with no-ocb. + [Matt Caswell] + + *) SSLv2 support has been removed. It still supports receiving a SSLv2 + compatible client hello. + [Kurt Roeckx] + + *) Increased the minimal RSA keysize from 256 to 512 bits [Rich Salz], + done while fixing the error code for the key-too-small case. + [Annie Yousar ] + + *) CA.sh has been removed; use CA.pl instead. + [Rich Salz] + + *) Removed old DES API. + [Rich Salz] + + *) Remove various unsupported platforms: + Sony NEWS4 + BEOS and BEOS_R5 + NeXT + SUNOS + MPE/iX + Sinix/ReliantUNIX RM400 + DGUX + NCR + Tandem + Cray + 16-bit platforms such as WIN16 + [Rich Salz] + + *) Clean up OPENSSL_NO_xxx #define's + Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF + Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx + OPENSSL_NO_EC{DH,DSA} merged into OPENSSL_NO_EC + OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160 + OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO + Remove OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY + OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP + OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK + OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY + Remove MS_STATIC; it's a relic from platforms <32 bits. + [Rich Salz] + + *) Cleaned up dead code + Remove all but one '#ifdef undef' which is to be looked at. + [Rich Salz] + + *) Clean up calling of xxx_free routines. + Just like free(), fix most of the xxx_free routines to accept + NULL. Remove the non-null checks from callers. Save much code. + [Rich Salz] + + *) Add secure heap for storage of private keys (when possible). + Add BIO_s_secmem(), CBIGNUM, etc. + Contributed by Akamai Technologies under our Corporate CLA. + [Rich Salz] + + *) Experimental support for a new, fast, unbiased prime candidate generator, + bn_probable_prime_dh_coprime(). Not currently used by any prime generator. + [Felix Laurie von Massenbach ] + + *) New output format NSS in the sess_id command line tool. This allows + exporting the session id and the master key in NSS keylog format. + [Martin Kaiser ] + + *) Harmonize version and its documentation. -f flag is used to display + compilation flags. + [mancha ] + + *) Fix eckey_priv_encode so it immediately returns an error upon a failure + in i2d_ECPrivateKey. Thanks to Ted Unangst for feedback on this issue. + [mancha ] + + *) Fix some double frees. These are not thought to be exploitable. + [mancha ] + + *) A missing bounds check in the handling of the TLS heartbeat extension + can be used to reveal up to 64k of memory to a connected client or + server. + + Thanks for Neel Mehta of Google Security for discovering this bug and to + Adam Langley and Bodo Moeller for + preparing the fix (CVE-2014-0160) + [Adam Langley, Bodo Moeller] + + *) Fix for the attack described in the paper "Recovering OpenSSL + ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" + by Yuval Yarom and Naomi Benger. Details can be obtained from: + http://eprint.iacr.org/2014/140 + + Thanks to Yuval Yarom and Naomi Benger for discovering this + flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076) + [Yuval Yarom and Naomi Benger] + + *) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file(): + this fixes a limitation in previous versions of OpenSSL. + [Steve Henson] + + *) Experimental encrypt-then-mac support. + + Experimental support for encrypt then mac from + draft-gutmann-tls-encrypt-then-mac-02.txt + + To enable it set the appropriate extension number (0x42 for the test + server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x42 + + For non-compliant peers (i.e. just about everything) this should have no + effect. + + WARNING: EXPERIMENTAL, SUBJECT TO CHANGE. + + [Steve Henson] + + *) Add EVP support for key wrapping algorithms, to avoid problems with + existing code the flag EVP_CIPHER_CTX_WRAP_ALLOW has to be set in + the EVP_CIPHER_CTX or an error is returned. Add AES and DES3 wrap + algorithms and include tests cases. + [Steve Henson] + + *) Extend CMS code to support RSA-PSS signatures and RSA-OAEP for + enveloped data. + [Steve Henson] + + *) Extended RSA OAEP support via EVP_PKEY API. Options to specify digest, + MGF1 digest and OAEP label. + [Steve Henson] + + *) Make openssl verify return errors. + [Chris Palmer and Ben Laurie] + + *) New function ASN1_TIME_diff to calculate the difference between two + ASN1_TIME structures or one structure and the current time. + [Steve Henson] + + *) Update fips_test_suite to support multiple command line options. New + test to induce all self test errors in sequence and check expected + failures. + [Steve Henson] + + *) Add FIPS_{rsa,dsa,ecdsa}_{sign,verify} functions which digest and + sign or verify all in one operation. + [Steve Henson] + + *) Add fips_algvs: a multicall fips utility incorporating all the algorithm + test programs and fips_test_suite. Includes functionality to parse + the minimal script output of fipsalgest.pl directly. + [Steve Henson] + + *) Add authorisation parameter to FIPS_module_mode_set(). + [Steve Henson] + + *) Add FIPS selftest for ECDH algorithm using P-224 and B-233 curves. + [Steve Henson] + + *) Use separate DRBG fields for internal and external flags. New function + FIPS_drbg_health_check() to perform on demand health checking. Add + generation tests to fips_test_suite with reduced health check interval to + demonstrate periodic health checking. Add "nodh" option to + fips_test_suite to skip very slow DH test. + [Steve Henson] + + *) New function FIPS_get_cipherbynid() to lookup FIPS supported ciphers + based on NID. + [Steve Henson] + + *) More extensive health check for DRBG checking many more failure modes. + New function FIPS_selftest_drbg_all() to handle every possible DRBG + combination: call this in fips_test_suite. + [Steve Henson] + + *) Add support for canonical generation of DSA parameter 'g'. See + FIPS 186-3 A.2.3. + + *) Add support for HMAC DRBG from SP800-90. Update DRBG algorithm test and + POST to handle HMAC cases. + [Steve Henson] + + *) Add functions FIPS_module_version() and FIPS_module_version_text() + to return numerical and string versions of the FIPS module number. + [Steve Henson] + + *) Rename FIPS_mode_set and FIPS_mode to FIPS_module_mode_set and + FIPS_module_mode. FIPS_mode and FIPS_mode_set will be implemented + outside the validated module in the FIPS capable OpenSSL. + [Steve Henson] + + *) Minor change to DRBG entropy callback semantics. In some cases + there is no multiple of the block length between min_len and + max_len. Allow the callback to return more than max_len bytes + of entropy but discard any extra: it is the callback's responsibility + to ensure that the extra data discarded does not impact the + requested amount of entropy. + [Steve Henson] + + *) Add PRNG security strength checks to RSA, DSA and ECDSA using + information in FIPS186-3, SP800-57 and SP800-131A. + [Steve Henson] + + *) CCM support via EVP. Interface is very similar to GCM case except we + must supply all data in one chunk (i.e. no update, final) and the + message length must be supplied if AAD is used. Add algorithm test + support. + [Steve Henson] + + *) Initial version of POST overhaul. Add POST callback to allow the status + of POST to be monitored and/or failures induced. Modify fips_test_suite + to use callback. Always run all selftests even if one fails. + [Steve Henson] + + *) XTS support including algorithm test driver in the fips_gcmtest program. + Note: this does increase the maximum key length from 32 to 64 bytes but + there should be no binary compatibility issues as existing applications + will never use XTS mode. + [Steve Henson] + + *) Extensive reorganisation of FIPS PRNG behaviour. Remove all dependencies + to OpenSSL RAND code and replace with a tiny FIPS RAND API which also + performs algorithm blocking for unapproved PRNG types. Also do not + set PRNG type in FIPS_mode_set(): leave this to the application. + Add default OpenSSL DRBG handling: sets up FIPS PRNG and seeds with + the standard OpenSSL PRNG: set additional data to a date time vector. + [Steve Henson] + + *) Rename old X9.31 PRNG functions of the form FIPS_rand* to FIPS_x931*. + This shouldn't present any incompatibility problems because applications + shouldn't be using these directly and any that are will need to rethink + anyway as the X9.31 PRNG is now deprecated by FIPS 140-2 + [Steve Henson] + + *) Extensive self tests and health checking required by SP800-90 DRBG. + Remove strength parameter from FIPS_drbg_instantiate and always + instantiate at maximum supported strength. + [Steve Henson] + + *) Add ECDH code to fips module and fips_ecdhvs for primitives only testing. + [Steve Henson] + + *) New algorithm test program fips_dhvs to handle DH primitives only testing. + [Steve Henson] + + *) New function DH_compute_key_padded() to compute a DH key and pad with + leading zeroes if needed: this complies with SP800-56A et al. + [Steve Henson] + + *) Initial implementation of SP800-90 DRBGs for Hash and CTR. Not used by + anything, incomplete, subject to change and largely untested at present. + [Steve Henson] + + *) Modify fipscanisteronly build option to only build the necessary object + files by filtering FIPS_EX_OBJ through a perl script in crypto/Makefile. + [Steve Henson] + + *) Add experimental option FIPSSYMS to give all symbols in + fipscanister.o and FIPS or fips prefix. This will avoid + conflicts with future versions of OpenSSL. Add perl script + util/fipsas.pl to preprocess assembly language source files + and rename any affected symbols. + [Steve Henson] + + *) Add selftest checks and algorithm block of non-fips algorithms in + FIPS mode. Remove DES2 from selftests. + [Steve Henson] + + *) Add ECDSA code to fips module. Add tiny fips_ecdsa_check to just + return internal method without any ENGINE dependencies. Add new + tiny fips sign and verify functions. + [Steve Henson] + + *) New build option no-ec2m to disable characteristic 2 code. + [Steve Henson] + + *) New build option "fipscanisteronly". This only builds fipscanister.o + and (currently) associated fips utilities. Uses the file Makefile.fips + instead of Makefile.org as the prototype. + [Steve Henson] + + *) Add some FIPS mode restrictions to GCM. Add internal IV generator. + Update fips_gcmtest to use IV generator. + [Steve Henson] + + *) Initial, experimental EVP support for AES-GCM. AAD can be input by + setting output buffer to NULL. The *Final function must be + called although it will not retrieve any additional data. The tag + can be set or retrieved with a ctrl. The IV length is by default 12 + bytes (96 bits) but can be set to an alternative value. If the IV + length exceeds the maximum IV length (currently 16 bytes) it cannot be + set before the key. + [Steve Henson] + + *) New flag in ciphers: EVP_CIPH_FLAG_CUSTOM_CIPHER. This means the + underlying do_cipher function handles all cipher semantics itself + including padding and finalisation. This is useful if (for example) + an ENGINE cipher handles block padding itself. The behaviour of + do_cipher is subtly changed if this flag is set: the return value + is the number of characters written to the output buffer (zero is + no longer an error code) or a negative error code. Also if the + input buffer is NULL and length 0 finalisation should be performed. + [Steve Henson] + + *) If a candidate issuer certificate is already part of the constructed + path ignore it: new debug notification X509_V_ERR_PATH_LOOP for this case. + [Steve Henson] + + *) Improve forward-security support: add functions + + void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int (*cb)(SSL *ssl, int is_forward_secure)) + void SSL_set_not_resumable_session_callback(SSL *ssl, int (*cb)(SSL *ssl, int is_forward_secure)) + + for use by SSL/TLS servers; the callback function will be called whenever a + new session is created, and gets to decide whether the session may be + cached to make it resumable (return 0) or not (return 1). (As by the + SSL/TLS protocol specifications, the session_id sent by the server will be + empty to indicate that the session is not resumable; also, the server will + not generate RFC 4507 (RFC 5077) session tickets.) + + A simple reasonable callback implementation is to return is_forward_secure. + This parameter will be set to 1 or 0 depending on the ciphersuite selected + by the SSL/TLS server library, indicating whether it can provide forward + security. + [Emilia Käsper (Google)] + + *) New -verify_name option in command line utilities to set verification + parameters by name. + [Steve Henson] + + *) Initial CMAC implementation. WARNING: EXPERIMENTAL, API MAY CHANGE. + Add CMAC pkey methods. + [Steve Henson] + + *) Experimental renegotiation in s_server -www mode. If the client + browses /reneg connection is renegotiated. If /renegcert it is + renegotiated requesting a certificate. + [Steve Henson] + + *) Add an "external" session cache for debugging purposes to s_server. This + should help trace issues which normally are only apparent in deployed + multi-process servers. + [Steve Henson] + + *) Extensive audit of libcrypto with DEBUG_UNUSED. Fix many cases where + return value is ignored. NB. The functions RAND_add(), RAND_seed(), + BIO_set_cipher() and some obscure PEM functions were changed so they + can now return an error. The RAND changes required a change to the + RAND_METHOD structure. + [Steve Henson] + + *) New macro __owur for "OpenSSL Warn Unused Result". This makes use of + a gcc attribute to warn if the result of a function is ignored. This + is enable if DEBUG_UNUSED is set. Add to several functions in evp.h + whose return value is often ignored. + [Steve Henson] + + *) New -noct, -requestct, -requirect and -ctlogfile options for s_client. + These allow SCTs (signed certificate timestamps) to be requested and + validated when establishing a connection. + [Rob Percival ] + + Changes between 1.0.2g and 1.0.2h [3 May 2016] + + *) Prevent padding oracle in AES-NI CBC MAC check + + A MITM attacker can use a padding oracle attack to decrypt traffic + when the connection uses an AES CBC cipher and the server support + AES-NI. + + This issue was introduced as part of the fix for Lucky 13 padding + attack (CVE-2013-0169). The padding check was rewritten to be in + constant time by making sure that always the same bytes are read and + compared against either the MAC or padding bytes. But it no longer + checked that there was enough data to have both the MAC and padding + bytes. + + This issue was reported by Juraj Somorovsky using TLS-Attacker. + (CVE-2016-2107) + [Kurt Roeckx] + + *) Fix EVP_EncodeUpdate overflow + + An overflow can occur in the EVP_EncodeUpdate() function which is used for + Base64 encoding of binary data. If an attacker is able to supply very large + amounts of input data then a length check can overflow resulting in a heap + corruption. + + Internally to OpenSSL the EVP_EncodeUpdate() function is primarily used by + the PEM_write_bio* family of functions. These are mainly used within the + OpenSSL command line applications, so any application which processes data + from an untrusted source and outputs it as a PEM file should be considered + vulnerable to this issue. User applications that call these APIs directly + with large amounts of untrusted data may also be vulnerable. + + This issue was reported by Guido Vranken. + (CVE-2016-2105) + [Matt Caswell] + + *) Fix EVP_EncryptUpdate overflow + + An overflow can occur in the EVP_EncryptUpdate() function. If an attacker + is able to supply very large amounts of input data after a previous call to + EVP_EncryptUpdate() with a partial block then a length check can overflow + resulting in a heap corruption. Following an analysis of all OpenSSL + internal usage of the EVP_EncryptUpdate() function all usage is one of two + forms. The first form is where the EVP_EncryptUpdate() call is known to be + the first called function after an EVP_EncryptInit(), and therefore that + specific call must be safe. The second form is where the length passed to + EVP_EncryptUpdate() can be seen from the code to be some small value and + therefore there is no possibility of an overflow. Since all instances are + one of these two forms, it is believed that there can be no overflows in + internal code due to this problem. It should be noted that + EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths. + Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances + of these calls have also been analysed too and it is believed there are no + instances in internal usage where an overflow could occur. + + This issue was reported by Guido Vranken. + (CVE-2016-2106) + [Matt Caswell] + + *) Prevent ASN.1 BIO excessive memory allocation + + When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() + a short invalid encoding can cause allocation of large amounts of memory + potentially consuming excessive resources or exhausting memory. + + Any application parsing untrusted data through d2i BIO functions is + affected. The memory based functions such as d2i_X509() are *not* affected. + Since the memory based functions are used by the TLS library, TLS + applications are not affected. + + This issue was reported by Brian Carpenter. + (CVE-2016-2109) + [Stephen Henson] + + *) EBCDIC overread + + ASN1 Strings that are over 1024 bytes can cause an overread in applications + using the X509_NAME_oneline() function on EBCDIC systems. This could result + in arbitrary stack data being returned in the buffer. + + This issue was reported by Guido Vranken. + (CVE-2016-2176) + [Matt Caswell] + + *) Modify behavior of ALPN to invoke callback after SNI/servername + callback, such that updates to the SSL_CTX affect ALPN. + [Todd Short] + + *) Remove LOW from the DEFAULT cipher list. This removes singles DES from the + default. + [Kurt Roeckx] + + *) Only remove the SSLv2 methods with the no-ssl2-method option. When the + methods are enabled and ssl2 is disabled the methods return NULL. + [Kurt Roeckx] + + Changes between 1.0.2f and 1.0.2g [1 Mar 2016] + + * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. + Builds that are not configured with "enable-weak-ssl-ciphers" will not + provide any "EXPORT" or "LOW" strength ciphers. + [Viktor Dukhovni] + + * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2 + is by default disabled at build-time. Builds that are not configured with + "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, + users who want to negotiate SSLv2 via the version-flexible SSLv23_method() + will need to explicitly call either of: + + SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); + or + SSL_clear_options(ssl, SSL_OP_NO_SSLv2); + + as appropriate. Even if either of those is used, or the application + explicitly uses the version-specific SSLv2_method() or its client and + server variants, SSLv2 ciphers vulnerable to exhaustive search key + recovery have been removed. Specifically, the SSLv2 40-bit EXPORT + ciphers, and SSLv2 56-bit DES are no longer available. + (CVE-2016-0800) + [Viktor Dukhovni] + + *) Fix a double-free in DSA code + + A double free bug was discovered when OpenSSL parses malformed DSA private + keys and could lead to a DoS attack or memory corruption for applications + that receive DSA private keys from untrusted sources. This scenario is + considered rare. + + This issue was reported to OpenSSL by Adam Langley(Google/BoringSSL) using + libFuzzer. + (CVE-2016-0705) + [Stephen Henson] + + *) Disable SRP fake user seed to address a server memory leak. + + Add a new method SRP_VBASE_get1_by_user that handles the seed properly. + + SRP_VBASE_get_by_user had inconsistent memory management behaviour. + In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user + was changed to ignore the "fake user" SRP seed, even if the seed + is configured. + + Users should use SRP_VBASE_get1_by_user instead. Note that in + SRP_VBASE_get1_by_user, caller must free the returned value. Note + also that even though configuring the SRP seed attempts to hide + invalid usernames by continuing the handshake with fake + credentials, this behaviour is not constant time and no strong + guarantees are made that the handshake is indistinguishable from + that of a valid user. + (CVE-2016-0798) + [Emilia Käsper] + + *) Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption + + In the BN_hex2bn function the number of hex digits is calculated using an + int value |i|. Later |bn_expand| is called with a value of |i * 4|. For + large values of |i| this can result in |bn_expand| not allocating any + memory because |i * 4| is negative. This can leave the internal BIGNUM data + field as NULL leading to a subsequent NULL ptr deref. For very large values + of |i|, the calculation |i * 4| could be a positive value smaller than |i|. + In this case memory is allocated to the internal BIGNUM data field, but it + is insufficiently sized leading to heap corruption. A similar issue exists + in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn + is ever called by user applications with very large untrusted hex/dec data. + This is anticipated to be a rare occurrence. + + All OpenSSL internal usage of these functions use data that is not expected + to be untrusted, e.g. config file data or application command line + arguments. If user developed applications generate config file data based + on untrusted data then it is possible that this could also lead to security + consequences. This is also anticipated to be rare. + + This issue was reported to OpenSSL by Guido Vranken. + (CVE-2016-0797) + [Matt Caswell] + + *) Fix memory issues in BIO_*printf functions + + The internal |fmtstr| function used in processing a "%s" format string in + the BIO_*printf functions could overflow while calculating the length of a + string and cause an OOB read when printing very long strings. + + Additionally the internal |doapr_outch| function can attempt to write to an + OOB memory location (at an offset from the NULL pointer) in the event of a + memory allocation failure. In 1.0.2 and below this could be caused where + the size of a buffer to be allocated is greater than INT_MAX. E.g. this + could be in processing a very long "%s" format string. Memory leaks can + also occur. + + The first issue may mask the second issue dependent on compiler behaviour. + These problems could enable attacks where large amounts of untrusted data + is passed to the BIO_*printf functions. If applications use these functions + in this way then they could be vulnerable. OpenSSL itself uses these + functions when printing out human-readable dumps of ASN.1 data. Therefore + applications that print this data could be vulnerable if the data is from + untrusted sources. OpenSSL command line applications could also be + vulnerable where they print out ASN.1 data, or if untrusted data is passed + as command line arguments. + + Libssl is not considered directly vulnerable. Additionally certificates etc + received via remote connections via libssl are also unlikely to be able to + trigger these issues because of message size limits enforced within libssl. + + This issue was reported to OpenSSL Guido Vranken. + (CVE-2016-0799) + [Matt Caswell] + + *) Side channel attack on modular exponentiation + + A side-channel attack was found which makes use of cache-bank conflicts on + the Intel Sandy-Bridge microarchitecture which could lead to the recovery + of RSA keys. The ability to exploit this issue is limited as it relies on + an attacker who has control of code in a thread running on the same + hyper-threaded core as the victim thread which is performing decryptions. + + This issue was reported to OpenSSL by Yuval Yarom, The University of + Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and + Nadia Heninger, University of Pennsylvania with more information at + http://cachebleed.info. + (CVE-2016-0702) + [Andy Polyakov] + + *) Change the req app to generate a 2048-bit RSA/DSA key by default, + if no keysize is specified with default_bits. This fixes an + omission in an earlier change that changed all RSA/DSA key generation + apps to use 2048 bits by default. + [Emilia Käsper] + + Changes between 1.0.2e and 1.0.2f [28 Jan 2016] + *) DH small subgroups + + Historically OpenSSL only ever generated DH parameters based on "safe" + primes. More recently (in version 1.0.2) support was provided for + generating X9.42 style parameter files such as those required for RFC 5114 + support. The primes used in such files may not be "safe". Where an + application is using DH configured with parameters based on primes that are + not "safe" then an attacker could use this fact to find a peer's private + DH exponent. This attack requires that the attacker complete multiple + handshakes in which the peer uses the same private DH exponent. For example + this could be used to discover a TLS server's private DH exponent if it's + reusing the private DH exponent or it's using a static DH ciphersuite. + + OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in + TLS. It is not on by default. If the option is not set then the server + reuses the same private DH exponent for the life of the server process and + would be vulnerable to this attack. It is believed that many popular + applications do set this option and would therefore not be at risk. + + The fix for this issue adds an additional check where a "q" parameter is + available (as is the case in X9.42 based parameters). This detects the + only known attack, and is the only possible defense for static DH + ciphersuites. This could have some performance impact. + + Additionally the SSL_OP_SINGLE_DH_USE option has been switched on by + default and cannot be disabled. This could have some performance impact. + + This issue was reported to OpenSSL by Antonio Sanso (Adobe). + (CVE-2016-0701) + [Matt Caswell] + + *) SSLv2 doesn't block disabled ciphers + + A malicious client can negotiate SSLv2 ciphers that have been disabled on + the server and complete SSLv2 handshakes even if all SSLv2 ciphers have + been disabled, provided that the SSLv2 protocol was not also disabled via + SSL_OP_NO_SSLv2. + + This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram + and Sebastian Schinzel. + (CVE-2015-3197) + [Viktor Dukhovni] + Changes between 1.0.2d and 1.0.2e [3 Dec 2015] *) BN_mod_exp may produce incorrect results on x86_64 @@ -64,7 +1664,7 @@ *) Alternate chains certificate forgery - During certificate verfification, OpenSSL will attempt to find an + During certificate verification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be @@ -73,23 +1673,14 @@ This issue was reported to OpenSSL by Adam Langley/David Benjamin (Google/BoringSSL). - (CVE-2015-1793) [Matt Caswell] - *) Race condition handling PSK identify hint - - If PSK identity hints are received by a multi-threaded client then - the values are wrongly updated in the parent SSL_CTX structure. This can - result in a race condition potentially leading to a double free of the - identify hint data. - (CVE-2015-3196) - [Stephen Henson] - Changes between 1.0.2b and 1.0.2c [12 Jun 2015] *) Fix HMAC ABI incompatibility. The previous version introduced an ABI incompatibility in the handling of HMAC. The previous ABI has now been restored. + [Matt Caswell] Changes between 1.0.2a and 1.0.2b [11 Jun 2015] @@ -159,22 +1750,11 @@ (CVE-2015-1791) [Matt Caswell] - *) Removed support for the two export grade static DH ciphersuites - EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites - were newly added (along with a number of other static DH ciphersuites) to - 1.0.2. However the two export ones have *never* worked since they were - introduced. It seems strange in any case to be adding new export - ciphersuites, and given "logjam" it also does not seem correct to fix them. - [Matt Caswell] - *) Only support 256-bit or stronger elliptic curves with the 'ecdh_auto' setting (server) or by default (client). Of supported curves, prefer P-256 (both). [Emilia Kasper] - *) Reject DH handshakes with parameters shorter than 768 bits. - [Kurt Roeckx and Emilia Kasper] - Changes between 1.0.2 and 1.0.2a [19 Mar 2015] *) ClientHello sigalgs DoS fix @@ -340,13 +1920,9 @@ Changes between 1.0.1l and 1.0.2 [22 Jan 2015] - *) Change RSA and DH/DSA key generation apps to generate 2048-bit - keys by default. - [Kurt Roeckx] - *) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g. ARMv5 through ARMv8, as opposite to "locking" it to single one. - So far those who have to target multiple plaforms would compromise + So far those who have to target multiple platforms would compromise and argue that binary targeting say ARMv5 would still execute on ARMv8. "Universal" build resolves this compromise by providing near-optimal performance even on newer platforms. @@ -406,7 +1982,7 @@ [Steve Henson] *) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file(): - this fixes a limiation in previous versions of OpenSSL. + this fixes a limitation in previous versions of OpenSSL. [Steve Henson] *) Extended RSA OAEP support via EVP_PKEY API. Options to specify digest, @@ -515,9 +2091,9 @@ *) Add support for certificate stores in CERT structure. This makes it possible to have different stores per SSL structure or one store in - the parent SSL_CTX. Include distint stores for certificate chain + the parent SSL_CTX. Include distinct stores for certificate chain verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN - to build and store a certificate chain in CERT structure: returing + to build and store a certificate chain in CERT structure: returning an error if the chain cannot be built: this will allow applications to test if a chain is correctly configured. @@ -578,7 +2154,7 @@ [Steve Henson] *) Integrate hostname, email address and IP address checking with certificate - verification. New verify options supporting checking in opensl utility. + verification. New verify options supporting checking in openssl utility. [Steve Henson] *) Fixes and wildcard matching support to hostname and email checking @@ -615,7 +2191,7 @@ When in FIPS mode the approved implementations are used as normal, when not in FIPS mode the internal unapproved versions are used instead. This means that the FIPS capable OpenSSL isn't forced to use the - (often lower perfomance) FIPS implementations outside FIPS mode. + (often lower performance) FIPS implementations outside FIPS mode. [Steve Henson] *) Transparently support X9.42 DH parameters when calling @@ -760,7 +2336,7 @@ 3. Check DSA/ECDSA signatures use DER. - Reencode DSA/ECDSA signatures and compare with the original received + Re-encode DSA/ECDSA signatures and compare with the original received signature. Return an error if there is a mismatch. This will reject various cases including garbage after signature @@ -850,7 +2426,7 @@ *) Add additional DigestInfo checks. - Reencode DigestInto in DER and check against the original when + Re-encode DigestInto in DER and check against the original when verifying RSA signature: this will reject any improperly encoded DigestInfo structures. @@ -982,7 +2558,7 @@ [mancha ] *) Fix eckey_priv_encode so it immediately returns an error upon a failure - in i2d_ECPrivateKey. Thanks to Ted Unangst for feedback on this issue. + in i2d_ECPrivateKey. [mancha ] *) Fix some double frees. These are not thought to be exploitable. @@ -1173,7 +2749,7 @@ *) Some servers which support TLS 1.0 can choke if we initially indicate support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA - encrypted premaster secret. As a workaround use the maximum pemitted + encrypted premaster secret. As a workaround use the maximum permitted client version in client hello, this should keep such servers happy and still work with previous versions of OpenSSL. [Steve Henson] @@ -1303,7 +2879,7 @@ *) Add GCM support to TLS library. Some custom code is needed to split the IV between the fixed (from PRF) and explicit (from TLS record) portions. This adds all GCM ciphersuites supported by RFC5288 and - RFC5289. Generalise some AES* cipherstrings to inlclude GCM and + RFC5289. Generalise some AES* cipherstrings to include GCM and add a special AESGCM string for GCM only. [Steve Henson] @@ -1317,9 +2893,9 @@ [Steve Henson] *) For FIPS capable OpenSSL interpret a NULL default public key method - as unset and return the appopriate default but do *not* set the default. - This means we can return the appopriate method in applications that - swicth between FIPS and non-FIPS modes. + as unset and return the appropriate default but do *not* set the default. + This means we can return the appropriate method in applications that + switch between FIPS and non-FIPS modes. [Steve Henson] *) Redirect HMAC and CMAC operations to FIPS module in FIPS mode. If an @@ -1447,7 +3023,7 @@ in CMS and PKCS7 code. When RSA decryption fails use a random key for content decryption and always return the same error. Note: this attack needs on average 2^20 messages so it only affects automated senders. The - old behaviour can be reenabled in the CMS code by setting the + old behaviour can be re-enabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where an MMA defence is not necessary. Thanks to Ivan Nestlerode for discovering @@ -1743,7 +3319,7 @@ as part of the CRL checking and indicate a new error "CRL path validation error" in this case. Applications wanting additional details can use the verify callback and check the new "parent" field. If this is not - NULL CRL path validation is taking place. Existing applications wont + NULL CRL path validation is taking place. Existing applications won't see this because it requires extended CRL support which is off by default. @@ -1976,7 +3552,7 @@ *) New option -sigopt to dgst utility. Update dgst to use EVP_Digest{Sign,Verify}*. These two changes make it possible to use - alternative signing paramaters such as X9.31 or PSS in the dgst + alternative signing parameters such as X9.31 or PSS in the dgst utility. [Steve Henson] @@ -2216,7 +3792,7 @@ *) Add a ctrl to asn1 method to allow a public key algorithm to express a default digest type to use. In most cases this will be SHA1 but some algorithms (such as GOST) need to specify an alternative digest. The - return value indicates how strong the prefernce is 1 means optional and + return value indicates how strong the preference is 1 means optional and 2 is mandatory (that is it is the only supported type). Modify ASN1_item_sign() to accept a NULL digest argument to indicate it should use the default md. Update openssl utilities to use the default digest @@ -2261,7 +3837,7 @@ manual pages. [Oliver Tappe ] - *) New utility "genpkey" this is analagous to "genrsa" etc except it can + *) New utility "genpkey" this is analogous to "genrsa" etc except it can generate keys for any algorithm. Extend and update EVP_PKEY_METHOD to support key and parameter generation and add initial key generation functionality for RSA. @@ -2360,7 +3936,7 @@ '-key2 ...', '-servername_fatal' (subject to change). This allows testing the HostName extension for a specific single host name ('-cert' and '-key' remain fallbacks for handshakes without HostName - negotiation). If the unrecogninzed_name alert has to be sent, this by + negotiation). If the unrecognized_name alert has to be sent, this by default is a warning; it becomes fatal with the '-servername_fatal' option. @@ -2591,7 +4167,7 @@ processed after finishing the corresponding handshake. There is currently no limitation to this buffer allowing an attacker to perform a DOS attack with sending records with future epochs until there is no - memory left. This patch adds the pqueue_size() function to detemine + memory left. This patch adds the pqueue_size() function to determine the size of a buffer and limits the record buffer to 100 entries. (CVE-2009-1377) [Robin Seggelmann, discovered by Daniel Mentz] @@ -2704,7 +4280,7 @@ ChangeCipherSpec as first record (CVE-2009-1386). [PR #1679] - *) Fix a state transitition in s3_srvr.c and d1_srvr.c + *) Fix a state transition in s3_srvr.c and d1_srvr.c (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...). [Nagendra Modadugu] @@ -2756,9 +4332,9 @@ This work was sponsored by Logica. [Steve Henson] - *) Fix bug in X509_ATTRIBUTE creation: dont set attribute using + *) Fix bug in X509_ATTRIBUTE creation: don't set attribute using ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain - attribute creation routines such as certifcate requests and PKCS#12 + attribute creation routines such as certificate requests and PKCS#12 files. [Steve Henson] @@ -2833,7 +4409,7 @@ [Ian Lister (tweaked by Geoff Thorpe)] *) Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9 - implemention in the following ways: + implementation in the following ways: Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be hard coded. @@ -2974,7 +4550,7 @@ '-key2 ...', '-servername_fatal' (subject to change). This allows testing the HostName extension for a specific single host name ('-cert' and '-key' remain fallbacks for handshakes without HostName - negotiation). If the unrecogninzed_name alert has to be sent, this by + negotiation). If the unrecognized_name alert has to be sent, this by default is a warning; it becomes fatal with the '-servername_fatal' option. @@ -3031,7 +4607,7 @@ implementation in BN_mod_exp_mont_consttime().) The old name remains as a deprecated alias. - Similary, RSA_FLAG_NO_EXP_CONSTTIME is replaced by a more general + Similarly, RSA_FLAG_NO_EXP_CONSTTIME is replaced by a more general RSA_FLAG_NO_CONSTTIME flag since the RSA implementation now uses constant-time implementations for more than just exponentiation. Here too the old name is kept as a deprecated alias. @@ -3183,7 +4759,7 @@ unofficial, and the ID has long expired. [Bodo Moeller] - *) Fix RSA blinding Heisenbug (problems sometimes occured on + *) Fix RSA blinding Heisenbug (problems sometimes occurred on dual-core machines) and other potential thread-safety issues. [Bodo Moeller] @@ -3338,7 +4914,7 @@ to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file() [Walter Goulet] - *) Remove buggy and incompletet DH cert support from + *) Remove buggy and incomplete DH cert support from ssl/ssl_rsa.c and ssl/s3_both.c [Nils Larsch] @@ -3552,7 +5128,7 @@ [Geoff Thorpe] *) Reorganise PKCS#7 code to separate the digest location functionality - into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest(). + into PKCS7_find_digest(), digest addition into PKCS7_bio_add_digest(). New function PKCS7_set_digest() to set the digest type for PKCS#7 digestedData type. Add additional code to correctly generate the digestedData type and add support for this type in PKCS7 initialization @@ -3735,7 +5311,7 @@ *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD and DH_METHOD (eg. by ENGINE implementations) to override the normal software implementations. For DSA and DH, parameter generation can - also be overriden by providing the appropriate method callbacks. + also be overridden by providing the appropriate method callbacks. [Geoff Thorpe] *) Change the "progress" mechanism used in key-generation and @@ -3818,13 +5394,13 @@ the "shared" options was given to ./Configure or ./config. Otherwise, they are inserted in libcrypto.a. /usr/local/ssl/engines is the default directory for dynamic - engines, but that can be overriden at configure time through + engines, but that can be overridden at configure time through the usual use of --prefix and/or --openssldir, and at run time with the environment variable OPENSSL_ENGINES. [Geoff Thorpe and Richard Levitte] *) Add Makefile.shared, a helper makefile to build shared - libraries. Addapt Makefile.org. + libraries. Adapt Makefile.org. [Richard Levitte] *) Add version info to Win32 DLLs. @@ -4198,7 +5774,7 @@ unofficial, and the ID has long expired. [Bodo Moeller] - *) Fix RSA blinding Heisenbug (problems sometimes occured on + *) Fix RSA blinding Heisenbug (problems sometimes occurred on dual-core machines) and other potential thread-safety issues. [Bodo Moeller] @@ -4303,7 +5879,7 @@ *) Added support for proxy certificates according to RFC 3820. Because they may be a security thread to unaware applications, - they must be explicitely allowed in run-time. See + they must be explicitly allowed in run-time. See docs/HOWTO/proxy_certificates.txt for further information. [Richard Levitte] @@ -4353,8 +5929,8 @@ [Steve Henson] *) Perform some character comparisons of different types in X509_NAME_cmp: - this is needed for some certificates that reencode DNs into UTF8Strings - (in violation of RFC3280) and can't or wont issue name rollover + this is needed for some certificates that re-encode DNs into UTF8Strings + (in violation of RFC3280) and can't or won't issue name rollover certificates. [Steve Henson] @@ -4528,7 +6104,7 @@ Changes between 0.9.7 and 0.9.7a [19 Feb 2003] *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked - via timing by performing a MAC computation even if incorrrect + via timing by performing a MAC computation even if incorrect block cipher padding has been found. This is a countermeasure against active attacks where the attacker has to distinguish between bad padding and a MAC verification error. (CVE-2003-0078) @@ -4790,7 +6366,7 @@ done To be absolutely sure not to disturb the source tree, a "make clean" - is a good thing. If it isn't successfull, don't worry about it, + is a good thing. If it isn't successful, don't worry about it, it probably means the source directory is very clean. [Richard Levitte] @@ -4949,7 +6525,7 @@ default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS [Steve Henson] - *) Prelminary ENGINE config module. + *) Preliminary ENGINE config module. [Steve Henson] *) New experimental application configuration code. @@ -5124,7 +6700,7 @@ *) New function SSL_renegotiate_pending(). This returns true once renegotiation has been requested (either SSL_renegotiate() call - or HelloRequest/ClientHello receveived from the peer) and becomes + or HelloRequest/ClientHello received from the peer) and becomes false once a handshake has been completed. (For servers, SSL_renegotiate() followed by SSL_do_handshake() sends a HelloRequest, but does not ensure that a handshake takes @@ -5412,7 +6988,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k const ASN1_ITEM *it = &ASN1_INTEGER_it; - wont compile. This is used by the any applications that need to + won't compile. This is used by the any applications that need to declare their own ASN1 modules. This was fixed by adding the option EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly needed for static libraries under Win32. @@ -6013,7 +7589,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k entropy, EGD style sockets (served by EGD or PRNGD) will automatically be queried. The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and - /etc/entropy will be queried once each in this sequence, quering stops + /etc/entropy will be queried once each in this sequence, querying stops when enough entropy was collected without querying more sockets. [Lutz Jaenicke] @@ -6041,7 +7617,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k information from an OCSP_CERTID structure (which will be created when the request structure is built). These are built from lower level functions which work on OCSP_SINGLERESP structures but - wont normally be used unless the application wishes to examine + won't normally be used unless the application wishes to examine extensions in the OCSP response for example. Replace nonce routines with a pair of functions. @@ -6117,7 +7693,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) New function X509V3_add1_i2d(). This automatically encodes and adds an extension. Its behaviour can be customised with various flags to append, replace or delete. Various wrappers added for - certifcates and CRLs. + certificates and CRLs. [Steve Henson] *) Fix to avoid calling the underlying ASN1 print routine when @@ -6125,7 +7701,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k OCSP_SERVICELOC extension. Tidy up print OCSP format. [Steve Henson] - *) Make mkdef.pl parse some of the ASN1 macros and add apropriate + *) Make mkdef.pl parse some of the ASN1 macros and add appropriate entries for variables. [Steve Henson] @@ -6285,7 +7861,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Lenka Fibikova , Bodo Moeller] #if 0 - The following entry accidentily appeared in the CHANGES file + The following entry accidentally appeared in the CHANGES file distributed with OpenSSL 0.9.7. The modifications described in it do *not* apply to OpenSSL 0.9.7. @@ -6662,7 +8238,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Nils Larsch ] *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines: - an end-of-file condition would erronously be flagged, when the CRLF + an end-of-file condition would erroneously be flagged, when the CRLF was just at the end of a processed block. The bug was discovered when processing data through a buffering memory BIO handing the data to a BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov @@ -6869,7 +8445,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller; bug noticed by Andy Schneider ] *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C - should end in 'break', not 'goto end' which circuments various + should end in 'break', not 'goto end' which circumvents various cleanups done in state SSL_ST_OK. But session related stuff must be disabled for SSL_ST_OK in the case that we just sent a HelloRequest. @@ -6880,7 +8456,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't reveal whether illegal block cipher padding was found or a MAC - verification error occured. (Neither SSLerr() codes nor alerts + verification error occurred. (Neither SSLerr() codes nor alerts are directly visible to potential attackers, but the information may leak via logfiles.) @@ -7402,7 +8978,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller; problems reported by Anders Gertz ] *) Correct util/mkdef.pl to be selective about disabled algorithms. - Previously, it would create entries for disableed algorithms no + Previously, it would create entries for disabled algorithms no matter what. [Richard Levitte] @@ -7527,7 +9103,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Sven Uszpelkat ] *) Major change in util/mkdef.pl to include extra information - about each symbol, as well as presentig variables as well + about each symbol, as well as presenting variables as well as functions. This change means that there's n more need to rebuild the .num files when some algorithms are excluded. [Richard Levitte] @@ -7592,7 +9168,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Steve Henson] *) When a certificate request is read in keep a copy of the - original encoding of the signed data and use it when outputing + original encoding of the signed data and use it when outputting again. Signatures then use the original encoding rather than a decoded, encoded version which may cause problems if the request is improperly encoded. @@ -7846,7 +9422,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) When some versions of IIS use the 'NET' form of private key the key derivation algorithm is different. Normally MD5(password) is used as a 128 bit RC4 key. In the modified case - MD5(MD5(password) + "SGCKEYSALT") is used insted. Added some + MD5(MD5(password) + "SGCKEYSALT") is used instead. Added some new functions i2d_RSA_NET(), d2i_RSA_NET() etc which are the same as the old Netscape_RSA functions except they have an additional 'sgckey' parameter which uses the modified algorithm. Also added @@ -8134,7 +9710,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k its own key. ssl_cert_dup, which is used by SSL_new, now copies DH keys in addition to parameters -- in previous versions (since OpenSSL 0.9.3) the - 'default key' from SSL_CTX_set_tmp_dh would always be lost, meanining + 'default key' from SSL_CTX_set_tmp_dh would always be lost, meaning you effectivly got SSL_OP_SINGLE_DH_USE when using this macro. [Bodo Moeller] @@ -8374,7 +9950,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k include a #define from the old name to the new. The original intent was that statically linked binaries could for example just call SSLeay_add_all_ciphers() to just add ciphers to the table and not - link with digests. This never worked becayse SSLeay_add_all_digests() + link with digests. This never worked because SSLeay_add_all_digests() and SSLeay_add_all_ciphers() were in the same source file so calling one would link with the other. They are now in separate source files. [Steve Henson] @@ -8513,7 +10089,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Changes to X509_ATTRIBUTE utilities. These have been renamed from X509_*() to X509at_*() on the grounds that they don't handle X509 - structures and behave in an analagous way to the X509v3 functions: + structures and behave in an analogous way to the X509v3 functions: they shouldn't be called directly but wrapper functions should be used instead. @@ -9287,7 +10863,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Bugfix: ssl23_get_client_hello did not work properly when called in state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read, - but a retry condition occured while trying to read the rest. + but a retry condition occurred while trying to read the rest. [Bodo Moeller] *) The PKCS7_ENC_CONTENT_new() function was setting the content type as @@ -10157,7 +11733,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Matthias Loepfe ] *) Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add - advapi32.lib to Win32 build and change the pem test comparision + advapi32.lib to Win32 build and change the pem test comparison to fc.exe (thanks to Ulrich Kroener for the suggestion). Fix misplaced ASNI prototypes and declarations in evp.h and crypto/des/ede_cbcm_enc.c. @@ -10212,7 +11788,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k other platforms details on the command line without having to patch the Configure script everytime: One now can use ``perl Configure :
'', i.e. platform ids are allowed to have details appended - to them (seperated by colons). This is treated as there would be a static + to them (separated by colons). This is treated as there would be a static pre-configured entry in Configure's %table under key with value
and ``perl Configure '' is called. So, when you want to perform a quick test-compile under FreeBSD 3.1 with pgcc and without @@ -10242,7 +11818,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) General source tree makefile cleanups: Made `making xxx in yyy...' display consistent in the source tree and replaced `/bin/rm' by `rm'. - Additonally cleaned up the `make links' target: Remove unnecessary + Additionally cleaned up the `make links' target: Remove unnecessary semicolons, subsequent redundant removes, inline point.sh into mklink.sh to speed processing and no longer clutter the display with confusing stuff. Instead only the actually done links are displayed. @@ -10553,7 +12129,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k error code, add initial support to X509_print() and x509 application. [Steve Henson] - *) Takes a deep breath and start addding X509 V3 extension support code. Add + *) Takes a deep breath and start adding X509 V3 extension support code. Add files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this stuff is currently isolated and isn't even compiled yet. [Steve Henson] @@ -10727,7 +12303,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Fixed sk_insert which never worked properly. [Steve Henson] - *) Fix ASN1 macros so they can handle indefinite length construted + *) Fix ASN1 macros so they can handle indefinite length constructed EXPLICIT tags. Some non standard certificates use these: they can now be read in. [Steve Henson] @@ -10735,7 +12311,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc) into a single doc/ssleay.txt bundle. This way the information is still preserved but no longer messes up this directory. Now it's new room for - the new set of documenation files. + the new set of documentation files. [Ralf S. Engelschall] *) SETs were incorrectly DER encoded. This was a major pain, because they diff --git a/third_party/openssl/CHANGES.SSLeay b/third_party/openssl/CHANGES.SSLeay deleted file mode 100644 index ca5cd72976..0000000000 --- a/third_party/openssl/CHANGES.SSLeay +++ /dev/null @@ -1,968 +0,0 @@ -This file contains the changes for the SSLeay library up to version -0.9.0b. For later changes, see the file "CHANGES". - - SSLeay CHANGES - ______________ - -Changes between 0.8.x and 0.9.0b - -10-Apr-1998 - -I said the next version would go out at easter, and so it shall. -I expect a 0.9.1 will follow with portability fixes in the next few weeks. - -This is a quick, meet the deadline. Look to ssl-users for comments on what -is new etc. - -eric (about to go bushwalking for the 4 day easter break :-) - -16-Mar-98 - - Patch for Cray T90 from Wayne Schroeder - - Lots and lots of changes - -29-Jan-98 - - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from - Goetz Babin-Ebell . - - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or - TLS1_VERSION. - -7-Jan-98 - - Finally reworked the cipher string to ciphers again, so it - works correctly - - All the app_data stuff is now ex_data with funcion calls to access. - The index is supplied by a function and 'methods' can be setup - for the types that are called on XXX_new/XXX_free. This lets - applications get notified on creation and destruction. Some of - the RSA methods could be implemented this way and I may do so. - - Oh yes, SSL under perl5 is working at the basic level. - -15-Dec-97 - - Warning - the gethostbyname cache is not fully thread safe, - but it should work well enough. - - Major internal reworking of the app_data stuff. More functions - but if you were accessing ->app_data directly, things will - stop working. - - The perlv5 stuff is working. Currently on message digests, - ciphers and the bignum library. - -9-Dec-97 - - Modified re-negotiation so that server initated re-neg - will cause a SSL_read() to return -1 should retry. - The danger otherwise was that the server and the - client could end up both trying to read when using non-blocking - sockets. - -4-Dec-97 - - Lots of small changes - - Fix for binaray mode in Windows for the FILE BIO, thanks to - Bob Denny - -17-Nov-97 - - Quite a few internal cleanups, (removal of errno, and using macros - defined in e_os.h). - - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where - the automactic naming out output files was being stuffed up. - -29-Oct-97 - - The Cast5 cipher has been added. MD5 and SHA-1 are now in assember - for x86. - -21-Oct-97 - - Fixed a bug in the BIO_gethostbyname() cache. - -15-Oct-97 - - cbc mode for blowfish/des/3des is now in assember. Blowfish asm - has also been improved. At this point in time, on the pentium, - md5 is %80 faster, the unoptimesed sha-1 is %79 faster, - des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc - is %62 faster. - -12-Oct-97 - - MEM_BUF_grow() has been fixed so that it always sets the buf->length - to the value we are 'growing' to. Think of MEM_BUF_grow() as the - way to set the length value correctly. - -10-Oct-97 - - I now hash for certificate lookup on the raw DER encoded RDN (md5). - This breaks things again :-(. This is efficent since I cache - the DER encoding of the RDN. - - The text DN now puts in the numeric OID instead of UNKNOWN. - - req can now process arbitary OIDs in the config file. - - I've been implementing md5 in x86 asm, much faster :-). - - Started sha1 in x86 asm, needs more work. - - Quite a few speedups in the BN stuff. RSA public operation - has been made faster by caching the BN_MONT_CTX structure. - The calulating of the Ai where A*Ai === 1 mod m was rather - expensive. Basically a 40-50% speedup on public operations. - The RSA speedup is now 15% on pentiums and %20 on pentium - pro. - -30-Sep-97 - - After doing some profiling, I added x86 adm for bn_add_words(), - which just adds 2 arrays of longs together. A %10 speedup - for 512 and 1024 bit RSA on the pentium pro. - -29-Sep-97 - - Converted the x86 bignum assembler to us the perl scripts - for generation. - -23-Sep-97 - - If SSL_set_session() is passed a NULL session, it now clears the - current session-id. - -22-Sep-97 - - Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned - certificates. - - Bug in crypto/evp/encode.c where by decoding of 65 base64 - encoded lines, one line at a time (via a memory BIO) would report - EOF after the first line was decoded. - - Fix in X509_find_by_issuer_and_serial() from - Dr Stephen Henson - -19-Sep-97 - - NO_FP_API and NO_STDIO added. - - Put in sh config command. It auto runs Configure with the correct - parameters. - -18-Sep-97 - - Fix x509.c so if a DSA cert has different parameters to its parent, - they are left in place. Not tested yet. - -16-Sep-97 - - ssl_create_cipher_list() had some bugs, fixes from - Patrick Eisenacher - - Fixed a bug in the Base64 BIO, where it would return 1 instead - of -1 when end of input was encountered but should retry. - Basically a Base64/Memory BIO interaction problem. - - Added a HMAC set of functions in preporarion for TLS work. - -15-Sep-97 - - Top level makefile tweak - Cameron Simpson - - Prime generation spead up %25 (512 bit prime, pentium pro linux) - by using montgomery multiplication in the prime number test. - -11-Sep-97 - - Ugly bug in ssl3_write_bytes(). Basically if application land - does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code - did not check the size and tried to copy the entire buffer. - This would tend to cause memory overwrites since SSLv3 has - a maximum packet size of 16k. If your program uses - buffers <= 16k, you would probably never see this problem. - - Fixed a few errors that were cause by malloc() not returning - 0 initialised memory.. - - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using - SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing - since this flags stops SSLeay being able to handle client - cert requests correctly. - -08-Sep-97 - - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched - on, the SSL server routines will not use a SSL_SESSION that is - held in it's cache. This in intended to be used with the session-id - callbacks so that while the session-ids are still stored in the - cache, the decision to use them and how to look them up can be - done by the callbacks. The are the 'new', 'get' and 'remove' - callbacks. This can be used to determine the session-id - to use depending on information like which port/host the connection - is coming from. Since the are also SSL_SESSION_set_app_data() and - SSL_SESSION_get_app_data() functions, the application can hold - information against the session-id as well. - -03-Sep-97 - - Added lookup of CRLs to the by_dir method, - X509_load_crl_file() also added. Basically it means you can - lookup CRLs via the same system used to lookup certificates. - - Changed things so that the X509_NAME structure can contain - ASN.1 BIT_STRINGS which is required for the unique - identifier OID. - - Fixed some problems with the auto flushing of the session-id - cache. It was not occuring on the server side. - -02-Sep-97 - - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size) - which is the maximum number of entries allowed in the - session-id cache. This is enforced with a simple FIFO list. - The default size is 20*1024 entries which is rather large :-). - The Timeout code is still always operating. - -01-Sep-97 - - Added an argument to all the 'generate private key/prime` - callbacks. It is the last parameter so this should not - break existing code but it is needed for C++. - - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64() - BIO. This lets the BIO read and write base64 encoded data - without inserting or looking for '\n' characters. The '-A' - flag turns this on when using apps/enc.c. - - RSA_NO_PADDING added to help BSAFE functionality. This is a - very dangerous thing to use, since RSA private key - operations without random padding bytes (as PKCS#1 adds) can - be attacked such that the private key can be revealed. - - ASN.1 bug and rc2-40-cbc and rc4-40 added by - Dr Stephen Henson - -31-Aug-97 (stuff added while I was away) - - Linux pthreads by Tim Hudson (tjh@cryptsoft.com). - - RSA_flags() added allowing bypass of pub/priv match check - in ssl/ssl_rsa.c - Tim Hudson. - - A few minor bugs. - -SSLeay 0.8.1 released. - -19-Jul-97 - - Server side initated dynamic renegotiation is broken. I will fix - it when I get back from holidays. - -15-Jul-97 - - Quite a few small changes. - - INVALID_SOCKET usage cleanups from Alex Kiernan - -09-Jul-97 - - Added 2 new values to the SSL info callback. - SSL_CB_START which is passed when the SSL protocol is started - and SSL_CB_DONE when it has finished sucsessfully. - -08-Jul-97 - - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c - that related to DSA public/private keys. - - Added all the relevent PEM and normal IO functions to support - reading and writing RSAPublic keys. - - Changed makefiles to use ${AR} instead of 'ar r' - -07-Jul-97 - - Error in ERR_remove_state() that would leave a dangling reference - to a free()ed location - thanks to Alex Kiernan - - s_client now prints the X509_NAMEs passed from the server - when requesting a client cert. - - Added a ssl->type, which is one of SSL_ST_CONNECT or - SSL_ST_ACCEPT. I had to add it so I could tell if I was - a connect or an accept after the handshake had finished. - - SSL_get_client_CA_list(SSL *s) now returns the CA names - passed by the server if called by a client side SSL. - -05-Jul-97 - - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index - 0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com). - -04-Jul-97 - - Fixed some things in X509_NAME_add_entry(), thanks to - Matthew Donald . - - I had a look at the cipher section and though that it was a - bit confused, so I've changed it. - - I was not setting up the RC4-64-MD5 cipher correctly. It is - a MS special that appears in exported MS Money. - - Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3 - spec. I was missing the two byte length header for the - ClientDiffieHellmanPublic value. This is a packet sent from - the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG - option will enable SSLeay server side SSLv3 accept either - the correct or my 080 packet format. - - Fixed a few typos in crypto/pem.org. - -02-Jul-97 - - Alias mapping for EVP_get_(digest|cipher)byname is now - performed before a lookup for actual cipher. This means - that an alias can be used to 're-direct' a cipher or a - digest. - - ASN1_read_bio() had a bug that only showed up when using a - memory BIO. When EOF is reached in the memory BIO, it is - reported as a -1 with BIO_should_retry() set to true. - -01-Jul-97 - - Fixed an error in X509_verify_cert() caused by my - miss-understanding how 'do { contine } while(0);' works. - Thanks to Emil Sit for educating me :-) - -30-Jun-97 - - Base64 decoding error. If the last data line did not end with - a '=', sometimes extra data would be returned. - - Another 'cut and paste' bug in x509.c related to setting up the - STDout BIO. - -27-Jun-97 - - apps/ciphers.c was not printing due to an editing error. - - Alex Kiernan send in a nice fix for - a library build error in util/mk1mf.pl - -26-Jun-97 - - Still did not have the auto 'experimental' code removal - script correct. - - A few header tweaks for Watcom 11.0 under Win32 from - Rolf Lindemann - - 0 length OCTET_STRING bug in asn1_parse - - A minor fix with an non-existent function in the MS .def files. - - A few changes to the PKCS7 stuff. - -25-Jun-97 - SSLeay 0.8.0 finally it gets released. - -24-Jun-97 - Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to - use a temporary RSA key. This is experimental and needs some more work. - Fixed a few Win16 build problems. - -23-Jun-97 - SSLv3 bug. I was not doing the 'lookup' of the CERT structure - correctly. I was taking the SSL->ctx->default_cert when I should - have been using SSL->cert. The bug was in ssl/s3_srvr.c - -20-Jun-97 - X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the - rest of the library. Even though I had the code required to do - it correctly, apps/req.c was doing the wrong thing. I have fixed - and tested everything. - - Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c. - -19-Jun-97 - Fixed a bug in the SSLv2 server side first packet handling. When - using the non-blocking test BIO, the ssl->s2->first_packet flag - was being reset when a would-block failure occurred when reading - the first 5 bytes of the first packet. This caused the checking - logic to run at the wrong time and cause an error. - - Fixed a problem with specifying cipher. If RC4-MD5 were used, - only the SSLv3 version would be picked up. Now this will pick - up both SSLv2 and SSLv3 versions. This required changing the - SSL_CIPHER->mask values so that they only mask the ciphers, - digests, authentication, export type and key-exchange algorithms. - - I found that when a SSLv23 session is established, a reused - session, of type SSLv3 was attempting to write the SSLv2 - ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char - method has been modified so it will only write out cipher which - that method knows about. - - - Changes between 0.8.0 and 0.8.1 - - *) Mostly bug fixes. - There is an Ephemeral DH cipher problem which is fixed. - - SSLeay 0.8.0 - -This version of SSLeay has quite a lot of things different from the -previous version. - -Basically check all callback parameters, I will be producing documentation -about how to use things in th future. Currently I'm just getting 080 out -the door. Please not that there are several ways to do everything, and -most of the applications in the apps directory are hybrids, some using old -methods and some using new methods. - -Have a look in demos/bio for some very simple programs and -apps/s_client.c and apps/s_server.c for some more advanced versions. -Notes are definitly needed but they are a week or so away. - -Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com) ---- -Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to -get those people that want to move to using the new code base off to -a quick start. - -Note that Eric has tidied up a lot of the areas of the API that were -less than desirable and renamed quite a few things (as he had to break -the API in lots of places anyrate). There are a whole pile of additional -functions for making dealing with (and creating) certificates a lot -cleaner. - -01-Jul-97 -Tim Hudson -tjh@cryptsoft.com - ----8<--- - -To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could -use something like the following (assuming you #include "crypto.h" which -is something that you really should be doing). - -#if SSLEAY_VERSION_NUMBER >= 0x0800 -#define SSLEAY8 -#endif - -buffer.h -> splits into buffer.h and bio.h so you need to include bio.h - too if you are working with BIO internal stuff (as distinct - from simply using the interface in an opaque manner) - -#include "bio.h" - required along with "buffer.h" if you write - your own BIO routines as the buffer and bio - stuff that was intermixed has been separated - out - -envelope.h -> evp.h (which should have been done ages ago) - -Initialisation ... don't forget these or you end up with code that -is missing the bits required to do useful things (like ciphers): - -SSLeay_add_ssl_algorithms() -(probably also want SSL_load_error_strings() too but you should have - already had that call in place) - -SSL_CTX_new() - requires an extra method parameter - SSL_CTX_new(SSLv23_method()) - SSL_CTX_new(SSLv2_method()) - SSL_CTX_new(SSLv3_method()) - - OR to only have the server or the client code - SSL_CTX_new(SSLv23_server_method()) - SSL_CTX_new(SSLv2_server_method()) - SSL_CTX_new(SSLv3_server_method()) - or - SSL_CTX_new(SSLv23_client_method()) - SSL_CTX_new(SSLv2_client_method()) - SSL_CTX_new(SSLv3_client_method()) - -SSL_set_default_verify_paths() ... renamed to the more appropriate -SSL_CTX_set_default_verify_paths() - -If you want to use client certificates then you have to add in a bit -of extra stuff in that a SSLv3 server sends a list of those CAs that -it will accept certificates from ... so you have to provide a list to -SSLeay otherwise certain browsers will not send client certs. - -SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file)); - - -X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0) - or provide a buffer and size to copy the - result into - -X509_add_cert -> X509_STORE_add_cert (and you might want to read the - notes on X509_NAME structure changes too) - - -VERIFICATION CODE -================= - -The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to -more accurately reflect things. - -The verification callback args are now packaged differently so that -extra fields for verification can be added easily in future without -having to break things by adding extra parameters each release :-) - -X509_cert_verify_error_string -> X509_verify_cert_error_string - - -BIO INTERNALS -============= - -Eric has fixed things so that extra flags can be introduced in -the BIO layer in future without having to play with all the BIO -modules by adding in some macros. - -The ugly stuff using - b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY) -becomes - BIO_clear_retry_flags(b) - - b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY) -becomes - BIO_set_retry_read(b) - -Also ... BIO_get_retry_flags(b), BIO_set_flags(b) - - - -OTHER THINGS -============ - -X509_NAME has been altered so that it isn't just a STACK ... the STACK -is now in the "entries" field ... and there are a pile of nice functions -for getting at the details in a much cleaner manner. - -SSL_CTX has been altered ... "cert" is no longer a direct member of this -structure ... things are now down under "cert_store" (see x509_vfy.h) and -things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE. -If your code "knows" about this level of detail then it will need some -surgery. - -If you depending on the incorrect spelling of a number of the error codes -then you will have to change your code as these have been fixed. - -ENV_CIPHER "type" got renamed to "nid" and as that is what it actually -has been all along so this makes things clearer. -ify_cert_error_string(ctx->error)); - -SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST - and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO - - - - Changes between 0.7.x and 0.8.0 - - *) There have been lots of changes, mostly the addition of SSLv3. - There have been many additions from people and amongst - others, C2Net has assisted greatly. - - Changes between 0.7.x and 0.7.x - - *) Internal development version only - -SSLeay 0.6.6 13-Jan-1997 - -The main additions are - -- assember for x86 DES improvments. - From 191,000 per second on a pentium 100, I now get 281,000. The inner - loop and the IP/FP modifications are from - Svend Olaf Mikkelsen . Many thanks for his - contribution. -- The 'DES macros' introduced in 0.6.5 now have 3 types. - DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which - is best and there is a summery of mine in crypto/des/options.txt -- A few bug fixes. -- Added blowfish. It is not used by SSL but all the other stuff that - deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes. - There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'. - BF_PTR2 is pentium/x86 specific. The correct option is setup in - the 'Configure' script. -- There is now a 'get client certificate' callback which can be - 'non-blocking'. If more details are required, let me know. It will - documented more in SSLv3 when I finish it. -- Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test' - now tests the ca program. -- Lots of little things modified and tweaked. - - SSLeay 0.6.5 - -After quite some time (3 months), the new release. I have been very busy -for the last few months and so this is mostly bug fixes and improvments. - -The main additions are - -- assember for x86 DES. For all those gcc based systems, this is a big - improvement. From 117,000 DES operation a second on a pentium 100, - I now get 191,000. I have also reworked the C version so it - now gives 148,000 DESs per second. -- As mentioned above, the inner DES macros now have some more variant that - sometimes help, sometimes hinder performance. There are now 3 options - DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling) - and DES_RISC (a more register intensive version of the inner macro). - The crypto/des/des_opts.c program, when compiled and run, will give - an indication of the correct options to use. -- The BIO stuff has been improved. Read doc/bio.doc. There are now - modules for encryption and base64 encoding and a BIO_printf() function. -- The CA program will accept simple one line X509v3 extensions in the - ssleay.cnf file. Have a look at the example. Currently this just - puts the text into the certificate as an OCTET_STRING so currently - the more advanced X509v3 data types are not handled but this is enough - for the netscape extensions. -- There is the start of a nicer higher level interface to the X509 - strucutre. -- Quite a lot of bug fixes. -- CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used - to define the malloc(), free() and realloc() routines to use - (look in crypto/crypto.h). This is mostly needed for Windows NT/95 when - using DLLs and mixing CRT libraries. - -In general, read the 'VERSION' file for changes and be aware that some of -the new stuff may not have been tested quite enough yet, so don't just plonk -in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break. - -SSLeay 0.6.4 30/08/96 eay - -I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3, -Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-). - -The main changes in this release - -- Thread safe. have a read of doc/threads.doc and play in the mt directory. - For anyone using 0.6.3 with threads, I found 2 major errors so consider - moving to 0.6.4. I have a test program that builds under NT and - solaris. -- The get session-id callback has changed. Have a read of doc/callback.doc. -- The X509_cert_verify callback (the SSL_verify callback) now - has another argument. Have a read of doc/callback.doc -- 'ca -preserve', sign without re-ordering the DN. Not tested much. -- VMS support. -- Compile time memory leak detection can now be built into SSLeay. - Read doc/memory.doc -- CONF routines now understand '\', '\n', '\r' etc. What this means is that - the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines. -- 'ssleay ciphers' added, lists the default cipher list for SSLeay. -- RC2 key setup is now compatable with Netscape. -- Modifed server side of SSL implementation, big performance difference when - using session-id reuse. - -0.6.3 - -Bug fixes and the addition of some nice stuff to the 'ca' program. -Have a read of doc/ns-ca.doc for how hit has been modified so -it can be driven from a CGI script. The CGI script is not provided, -but that is just being left as an excersize for the reader :-). - -0.6.2 - -This is most bug fixes and functionality improvements. - -Additions are -- More thread debugging patches, the thread stuff is still being - tested, but for those keep to play with stuff, have a look in - crypto/cryptlib.c. The application needs to define 1 (or optionaly - a second) callback that is used to implement locking. Compiling - with LOCK_DEBUG spits out lots of locking crud :-). - This is what I'm currently working on. -- SSL_CTX_set_default_passwd_cb() can be used to define the callback - function used in the SSL*_file() functions used to load keys. I was - always of the opinion that people should call - PEM_read_RSAPrivateKey() and pass the callback they want to use, but - it appears they just want to use the SSL_*_file() function() :-(. -- 'enc' now has a -kfile so a key can be read from a file. This is - mostly used so that the passwd does not appear when using 'ps', - which appears imposible to stop under solaris. -- X509v3 certificates now work correctly. I even have more examples - in my tests :-). There is now a X509_EXTENSION type that is used in - X509v3 certificates and CRLv2. -- Fixed that signature type error :-( -- Fixed quite a few potential memory leaks and problems when reusing - X509, CRL and REQ structures. -- EVP_set_pw_prompt() now sets the library wide default password - prompt. -- The 'pkcs7' command will now, given the -print_certs flag, output in - pem format, all certificates and CRL contained within. This is more - of a pre-emtive thing for the new verisign distribution method. I - should also note, that this also gives and example in code, of how - to do this :-), or for that matter, what is involved in going the - other way (list of certs and crl -> pkcs7). -- Added RSA's DESX to the DES library. It is also available via the - EVP_desx_cbc() method and via 'enc desx'. - -SSLeay 0.6.1 - -The main functional changes since 0.6.0 are as follows -- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is - that from now on, I'll keep the .def numbers the same so they will be. -- RSA private key operations are about 2 times faster that 0.6.0 -- The SSL_CTX now has more fields so default values can be put against - it. When an SSL structure is created, these default values are used - but can be overwritten. There are defaults for cipher, certificate, - private key, verify mode and callback. This means SSL session - creation can now be - ssl=SSL_new() - SSL_set_fd(ssl,sock); - SSL_accept(ssl) - .... - All the other uglyness with having to keep a global copy of the - private key and certificate/verify mode in the server is now gone. -- ssl/ssltest.c - one process talking SSL to its self for testing. -- Storage of Session-id's can be controled via a session_cache_mode - flag. There is also now an automatic default flushing of - old session-id's. -- The X509_cert_verify() function now has another parameter, this - should not effect most people but it now means that the reason for - the failure to verify is now available via SSL_get_verify_result(ssl). - You don't have to use a global variable. -- SSL_get_app_data() and SSL_set_app_data() can be used to keep some - application data against the SSL structure. It is upto the application - to free the data. I don't use it, but it is available. -- SSL_CTX_set_cert_verify_callback() can be used to specify a - verify callback function that completly replaces my certificate - verification code. Xcert should be able to use this :-). - The callback is of the form int app_verify_callback(arg,ssl,cert). - This needs to be documented more. -- I have started playing with shared library builds, have a look in - the shlib directory. It is very simple. If you need a numbered - list of functions, have a look at misc/crypto.num and misc/ssl.num. -- There is some stuff to do locking to make the library thread safe. - I have only started this stuff and have not finished. If anyone is - keen to do so, please send me the patches when finished. - -So I have finally made most of the additions to the SSL interface that -I thought were needed. - -There will probably be a pause before I make any non-bug/documentation -related changes to SSLeay since I'm feeling like a bit of a break. - -eric - 12 Jul 1996 -I saw recently a comment by some-one that we now seem to be entering -the age of perpetual Beta software. -Pioneered by packages like linux but refined to an art form by -netscape. - -I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-). - -There are quite a large number of sections that are 'works in -progress' in this package. I will also list the major changes and -what files you should read. - -BIO - this is the new IO structure being used everywhere in SSLeay. I -started out developing this because of microsoft, I wanted a mechanism -to callback to the application for all IO, so Windows 3.1 DLL -perversion could be hidden from me and the 15 different ways to write -to a file under NT would also not be dictated by me at library build -time. What the 'package' is is an API for a data structure containing -functions. IO interfaces can be written to conform to the -specification. This in not intended to hide the underlying data type -from the application, but to hide it from SSLeay :-). -I have only really finished testing the FILE * and socket/fd modules. -There are also 'filter' BIO's. Currently I have only implemented -message digests, and it is in use in the dgst application. This -functionality will allow base64/encrypto/buffering modules to be -'push' into a BIO without it affecting the semantics. I'm also -working on an SSL BIO which will hide the SSL_accept()/SLL_connet() -from an event loop which uses the interface. -It is also possible to 'attach' callbacks to a BIO so they get called -before and after each operation, alowing extensive debug output -to be generated (try running dgst with -d). - -Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few -functions that used to take FILE *, now take BIO *. -The wrappers are easy to write - -function_fp(fp,x) -FILE *fp; - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) error..... - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=function_bio(b,x); - BIO_free(b); - return(ret); - } -Remember, there are no functions that take FILE * in SSLeay when -compiled for Windows 3.1 DLL's. - --- -I have added a general EVP_PKEY type that can hold a public/private -key. This is now what is used by the EVP_ functions and is passed -around internally. I still have not done the PKCS#8 stuff, but -X509_PKEY is defined and waiting :-) - --- -For a full function name listings, have a look at ms/crypt32.def and -ms/ssl32.def. These are auto-generated but are complete. -Things like ASN1_INTEGER_get() have been added and are in here if you -look. I have renamed a few things, again, have a look through the -function list and you will probably find what you are after. I intend -to at least put a one line descrition for each one..... - --- -Microsoft - thats what this release is about, read the MICROSOFT file. - --- -Multi-threading support. I have started hunting through the code and -flaging where things need to be done. In a state of work but high on -the list. - --- -For random numbers, edit e_os.h and set DEVRANDOM (it's near the top) -be be you random data device, otherwise 'RFILE' in e_os.h -will be used, in your home directory. It will be updated -periodically. The environment variable RANDFILE will override this -choice and read/write to that file instead. DEVRANDOM is used in -conjunction to the RFILE/RANDFILE. If you wish to 'seed' the random -number generator, pick on one of these files. - --- - -The list of things to read and do - -dgst -d -s_client -state (this uses a callback placed in the SSL state loop and - will be used else-where to help debug/monitor what - is happening.) - -doc/why.doc -doc/bio.doc <- hmmm, needs lots of work. -doc/bss_file.doc <- one that is working :-) -doc/session.doc <- it has changed -doc/speed.doc - also play with ssleay version -a. I have now added a SSLeay() - function that returns a version number, eg 0600 for this release - which is primarily to be used to check DLL version against the - application. -util/* Quite a few will not interest people, but some may, like - mk1mf.pl, mkdef.pl, -util/do_ms.sh - -try -cc -Iinclude -Icrypto -c crypto/crypto.c -cc -Iinclude -Issl -c ssl/ssl.c -You have just built the SSLeay libraries as 2 object files :-) - -Have a general rummage around in the bin stall directory and look at -what is in there, like CA.sh and c_rehash - -There are lots more things but it is 12:30am on a Friday night and I'm -heading home :-). - -eric 22-Jun-1996 -This version has quite a few major bug fixes and improvements. It DOES NOT -do SSLv3 yet. - -The main things changed -- A Few days ago I added the s_mult application to ssleay which is - a demo of an SSL server running in an event loop type thing. - It supports non-blocking IO, I have finally gotten it right, SSL_accept() - can operate in non-blocking IO mode, look at the code to see how :-). - Have a read of doc/s_mult as well. This program leaks memory and - file descriptors everywhere but I have not cleaned it up yet. - This is a demo of how to do non-blocking IO. -- The SSL session management has been 'worked over' and there is now - quite an expansive set of functions to manipulate them. Have a read of - doc/session.doc for some-things I quickly whipped up about how it now works. - This assume you know the SSLv2 protocol :-) -- I can now read/write the netscape certificate format, use the - -inform/-outform 'net' options to the x509 command. I have not put support - for this type in the other demo programs, but it would be easy to add. -- asn1parse and 'enc' have been modified so that when reading base64 - encoded files (pem format), they do not require '-----BEGIN' header lines. - The 'enc' program had a buffering bug fixed, it can be used as a general - base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d' - respecivly. Leaving out the '-a' flag in this case makes the 'enc' command - into a form of 'cat'. -- The 'x509' and 'req' programs have been fixed and modified a little so - that they generate self-signed certificates correctly. The test - script actually generates a 'CA' certificate and then 'signs' a - 'user' certificate. Have a look at this shell script (test/sstest) - to see how things work, it tests most possible combinations of what can - be done. -- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name - of SSL_set_cipher_list() is now the correct API (stops confusion :-). - If this function is used in the client, only the specified ciphers can - be used, with preference given to the order the ciphers were listed. - For the server, if this is used, only the specified ciphers will be used - to accept connections. If this 'option' is not used, a default set of - ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this - list for all ciphers started against the SSL_CTX. So the order is - SSL cipher_list, if not present, SSL_CTX cipher list, if not - present, then the library default. - What this means is that normally ciphers like - NULL-MD5 will never be used. The only way this cipher can be used - for both ends to specify to use it. - To enable or disable ciphers in the library at build time, modify the - first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c. - This file also contains the 'pref_cipher' list which is the default - cipher preference order. -- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net' - options work. They should, and they enable loading and writing the - netscape rsa private key format. I will be re-working this section of - SSLeay for the next version. What is currently in place is a quick and - dirty hack. -- I've re-written parts of the bignum library. This gives speedups - for all platforms. I now provide assembler for use under Windows NT. - I have not tested the Windows 3.1 assembler but it is quite simple code. - This gives RSAprivate_key operation encryption times of 0.047s (512bit key) - and 0.230s (1024bit key) on a pentium 100 which I consider reasonable. - Basically the times available under linux/solaris x86 can be achieve under - Windows NT. I still don't know how these times compare to RSA's BSAFE - library but I have been emailing with people and with their help, I should - be able to get my library's quite a bit faster still (more algorithm changes). - The object file crypto/bn/asm/x86-32.obj should be used when linking - under NT. -- 'make makefile.one' in the top directory will generate a single makefile - called 'makefile.one' This makefile contains no perl references and - will build the SSLeay library into the 'tmp' and 'out' directories. - util/mk1mf.pl >makefile.one is how this makefile is - generated. The mk1mf.pl command take several option to generate the - makefile for use with cc, gcc, Visual C++ and Borland C++. This is - still under development. I have only build .lib's for NT and MSDOS - I will be working on this more. I still need to play with the - correct compiler setups for these compilers and add some more stuff but - basically if you just want to compile the library - on a 'non-unix' platform, this is a very very good file to start with :-). - Have a look in the 'microsoft' directory for my current makefiles. - I have not yet modified things to link with sockets under Windows NT. - You guys should be able to do this since this is actually outside of the - SSLeay scope :-). I will be doing it for myself soon. - util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock - to build without RC2/RC4, to require RSAref for linking, and to - build with no socket code. - -- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher - that was posted to sci.crypt has been added to the library and SSL. - I take the view that if RC2 is going to be included in a standard, - I'll include the cipher to make my package complete. - There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers - at compile time. I have not tested this recently but it should all work - and if you are in the USA and don't want RSA threatening to sue you, - you could probably remove the RC4/RC2 code inside these sections. - I may in the future include a perl script that does this code - removal automatically for those in the USA :-). -- I have removed all references to sed in the makefiles. So basically, - the development environment requires perl and sh. The build environment - does not (use the makefile.one makefile). - The Configure script still requires perl, this will probably stay that way - since I have perl for Windows NT :-). - -eric (03-May-1996) - -PS Have a look in the VERSION file for more details on the changes and - bug fixes. -I have fixed a few bugs, added alpha and x86 assembler and generally cleaned -things up. This version will be quite stable, mostly because I'm on -holidays until 10-March-1996. For any problems in the interum, send email -to Tim Hudson . - -SSLeay 0.5.0 - -12-12-95 -This is going out before it should really be released. - -I leave for 11 weeks holidays on the 22-12-95 and so I either sit on -this for 11 weeks or get things out. It is still going to change a -lot in the next week so if you do grab this version, please test and -give me feed back ASAP, inculuding questions on how to do things with -the library. This will prompt me to write documentation so I don't -have to answer the same question again :-). - -This 'pre' release version is for people who are interested in the -library. The applications will have to be changed to use -the new version of the SSL interface. I intend to finish more -documentation before I leave but until then, look at the programs in -the apps directory. As far as code goes, it is much much nicer than -the old version. - -The current library works, has no memory leaks (as far as I can tell) -and is far more bug free that 0.4.5d. There are no global variable of -consequence (I believe) and I will produce some documentation that -tell where to look for those people that do want to do multi-threaded -stuff. - -There should be more documentation. Have a look in the -doc directory. I'll be adding more before I leave, it is a start -by mostly documents the crypto library. Tim Hudson will update -the web page ASAP. The spelling and grammar are crap but -it is better than nothing :-) - -Reasons to start playing with version 0.5.0 -- All the programs in the apps directory build into one ssleay binary. -- There is a new version of the 'req' program that generates certificate - requests, there is even documentation for this one :-) -- There is a demo certification authorithy program. Currently it will - look at the simple database and update it. It will generate CRL from - the data base. You need to edit the database by hand to revoke a - certificate, it is my aim to use perl5/Tk but I don't have time to do - this right now. It will generate the certificates but the management - scripts still need to be written. This is not a hard task. -- Things have been cleaned up alot. -- Have a look at the enc and dgst programs in the apps directory. -- It supports v3 of x509 certiticates. - - -Major things missing. -- I have been working on (and thinging about) the distributed x509 - hierachy problem. I have not had time to put my solution in place. - It will have to wait until I come back. -- I have not put in CRL checking in the certificate verification but - it would not be hard to do. I was waiting until I could generate my - own CRL (which has only been in the last week) and I don't have time - to put it in correctly. -- Montgomery multiplication need to be implemented. I know the - algorithm, just ran out of time. -- PKCS#7. I can load and write the DER version. I need to re-work - things to support BER (if that means nothing, read the ASN1 spec :-). -- Testing of the higher level digital envelope routines. I have not - played with the *_seal() and *_open() type functions. They are - written but need testing. The *_sign() and *_verify() functions are - rock solid. -- PEM. Doing this and PKCS#7 have been dependant on the distributed - x509 heirachy problem. I started implementing my ideas, got - distracted writing a CA program and then ran out of time. I provide - the functionality of RSAref at least. -- Re work the asm. code for the x86. I've changed by low level bignum - interface again, so I really need to tweak the x86 stuff. gcc is - good enough for the other boxes. - diff --git a/third_party/openssl/CONTRIBUTING b/third_party/openssl/CONTRIBUTING index 9d63d8abb6..1eebaf37ec 100644 --- a/third_party/openssl/CONTRIBUTING +++ b/third_party/openssl/CONTRIBUTING @@ -1,38 +1,54 @@ -HOW TO CONTRIBUTE TO OpenSSL ----------------------------- +HOW TO CONTRIBUTE PATCHES TO OpenSSL +------------------------------------ -Development is coordinated on the openssl-dev mailing list (see -http://www.openssl.org for information on subscribing). If you -would like to submit a patch, send it to rt@openssl.org with -the string "[PATCH]" in the subject. Please be sure to include a -textual explanation of what your patch does. - -You can also make GitHub pull requests. If you do this, please also send -mail to rt@openssl.org with a brief description and a link to the PR so -that we can more easily keep track of it. +(Please visit https://www.openssl.org/community/getting-started.html for +other ideas about how to contribute.) +Development is coordinated on the openssl-dev mailing list (see the +above link or https://mta.openssl.org for information on subscribing). If you are unsure as to whether a feature will be useful for the general -OpenSSL community please discuss it on the openssl-dev mailing list first. -Someone may be already working on the same thing or there may be a good -reason as to why that feature isn't implemented. - -Patches should be as up to date as possible, preferably relative to the -current Git or the last snapshot. They should follow our coding style -(see https://www.openssl.org/policies/codingstyle.html) and compile without -warnings using the --strict-warnings flag. OpenSSL compiles on many varied -platforms: try to ensure you only use portable features. - -Our preferred format for patch files is "git format-patch" output. For example -to provide a patch file containing the last commit in your local git repository -use the following command: - -# git format-patch --stdout HEAD^ >mydiffs.patch - -Another method of creating an acceptable patch file without using git is as -follows: - -# cd openssl-work -# [your changes] -# ./Configure dist; make clean -# cd .. -# diff -ur openssl-orig openssl-work > mydiffs.patch +OpenSSL community you might want to discuss it on the openssl-dev mailing +list first. Someone may be already working on the same thing or there +may be a good reason as to why that feature isn't implemented. + +To submit a patch, make a pull request on GitHub. If you think the patch +could use feedback from the community, please start a thread on openssl-dev +to discuss it. + +Having addressed the following items before the PR will help make the +acceptance and review process faster: + + 1. Anything other than trivial contributions will require a contributor + licensing agreement, giving us permission to use your code. See + https://www.openssl.org/policies/cla.html for details. + + 2. All source files should start with the following text (with + appropriate comment characters at the start of each line and the + year(s) updated): + + Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved. + + Licensed under the OpenSSL license (the "License"). You may not use + this file except in compliance with the License. You can obtain a copy + in the file LICENSE in the source distribution or at + https://www.openssl.org/source/license.html + + 3. Patches should be as current as possible; expect to have to rebase + often. We do not accept merge commits; You will be asked to remove + them before a patch is considered acceptable. + + 4. Patches should follow our coding style (see + https://www.openssl.org/policies/codingstyle.html) and compile without + warnings. Where gcc or clang is available you should use the + --strict-warnings Configure option. OpenSSL compiles on many varied + platforms: try to ensure you only use portable features. + Clean builds via Travis and AppVeyor are expected, and done whenever + a PR is created or updated. + + 5. When at all possible, patches should include tests. These can + either be added to an existing test, or completely new. Please see + test/README for information on the test framework. + + 6. New features or changed functionality must include + documentation. Please look at the "pod" files in doc/apps, doc/crypto + and doc/ssl for examples of our style. diff --git a/third_party/openssl/Configurations/00-base-templates.conf b/third_party/openssl/Configurations/00-base-templates.conf new file mode 100644 index 0000000000..3455b3ace8 --- /dev/null +++ b/third_party/openssl/Configurations/00-base-templates.conf @@ -0,0 +1,293 @@ +# -*- Mode: perl -*- +%targets=( + DEFAULTS => { + template => 1, + + cflags => "", + defines => [], + thread_scheme => "(unknown)", # Assume we don't know + thread_defines => [], + + apps_aux_src => "", + cpuid_asm_src => "mem_clr.c", + uplink_aux_src => "", + bn_asm_src => "bn_asm.c", + ec_asm_src => "", + des_asm_src => "des_enc.c fcrypt_b.c", + aes_asm_src => "aes_core.c aes_cbc.c", + bf_asm_src => "bf_enc.c", + md5_asm_src => "", + cast_asm_src => "c_enc.c", + rc4_asm_src => "rc4_enc.c rc4_skey.c", + rmd160_asm_src => "", + rc5_asm_src => "rc5_enc.c", + wp_asm_src => "wp_block.c", + cmll_asm_src => "camellia.c cmll_misc.c cmll_cbc.c", + modes_asm_src => "", + padlock_asm_src => "", + chacha_asm_src => "chacha_enc.c", + poly1305_asm_src => "", + + unistd => "", + shared_target => "", + shared_cflag => "", + shared_defines => [], + shared_ldflag => "", + shared_rcflag => "", + shared_extension => "", + + build_scheme => [ "unified", "unix" ], + build_file => "Makefile", + }, + + BASE_common => { + template => 1, + defines => + sub { + my @defs = (); + push @defs, "ZLIB" unless $disabled{zlib}; + push @defs, "ZLIB_SHARED" unless $disabled{"zlib-dynamic"}; + return [ @defs ]; + }, + }, + + BASE_unix => { + inherit_from => [ "BASE_common" ], + template => 1, + + ex_libs => + sub { + unless ($disabled{zlib}) { + if (defined($disabled{"zlib-dynamic"})) { + if (defined($withargs{zlib_lib})) { + return "-L".$withargs{zlib_lib}." -lz"; + } else { + return "-lz"; + } + } + } + return (); }, + + build_scheme => [ "unified", "unix" ], + build_file => "Makefile", + }, + + BASE_Windows => { + inherit_from => [ "BASE_common" ], + template => 1, + + ex_libs => + sub { + unless ($disabled{zlib}) { + if (defined($disabled{"zlib-dynamic"})) { + return $withargs{zlib_lib} // "ZLIB1"; + } + } + return (); + }, + + ld => "link", + lflags => "/nologo", + loutflag => "/out:", + ar => "lib", + arflags => "/nologo", + aroutflag => "/out:", + rc => "rc", + rcoutflag => "/fo", + mt => "mt", + mtflags => "-nologo", + mtinflag => "-manifest ", + mtoutflag => "-outputresource:", + + build_file => "makefile", + build_scheme => [ "unified", "windows" ], + }, + + BASE_VMS => { + inherit_from => [ "BASE_common" ], + template => 1, + + build_file => "descrip.mms", + build_scheme => [ "unified", "VMS" ], + }, + + uplink_common => { + template => 1, + apps_aux_src => add("../ms/applink.c"), + uplink_aux_src => add("../ms/uplink.c"), + defines => add("OPENSSL_USE_APPLINK"), + }, + x86_uplink => { + inherit_from => [ "uplink_common" ], + template => 1, + uplink_aux_src => add("uplink-x86.s"), + }, + x86_64_uplink => { + inherit_from => [ "uplink_common" ], + template => 1, + uplink_aux_src => add("uplink-x86_64.s"), + }, + ia64_uplink => { + inherit_from => [ "uplink_common" ], + template => 1, + uplink_aux_src => add("uplink-ia64.s"), + }, + + x86_asm => { + template => 1, + cpuid_asm_src => "x86cpuid.s", + bn_asm_src => "bn-586.s co-586.s x86-mont.s x86-gf2m.s", + ec_asm_src => "ecp_nistz256.c ecp_nistz256-x86.s", + des_asm_src => "des-586.s crypt586.s", + aes_asm_src => "aes-586.s vpaes-x86.s aesni-x86.s", + bf_asm_src => "bf-586.s", + md5_asm_src => "md5-586.s", + cast_asm_src => "cast-586.s", + sha1_asm_src => "sha1-586.s sha256-586.s sha512-586.s", + rc4_asm_src => "rc4-586.s", + rmd160_asm_src => "rmd-586.s", + rc5_asm_src => "rc5-586.s", + wp_asm_src => "wp_block.c wp-mmx.s", + cmll_asm_src => "cmll-x86.s", + modes_asm_src => "ghash-x86.s", + padlock_asm_src => "e_padlock-x86.s", + chacha_asm_src => "chacha-x86.s", + poly1305_asm_src=> "poly1305-x86.s", + }, + x86_elf_asm => { + template => 1, + inherit_from => [ "x86_asm" ], + perlasm_scheme => "elf" + }, + x86_64_asm => { + template => 1, + cpuid_asm_src => "x86_64cpuid.s", + bn_asm_src => "asm/x86_64-gcc.c x86_64-mont.s x86_64-mont5.s x86_64-gf2m.s rsaz_exp.c rsaz-x86_64.s rsaz-avx2.s", + ec_asm_src => "ecp_nistz256.c ecp_nistz256-x86_64.s", + aes_asm_src => "aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s", + md5_asm_src => "md5-x86_64.s", + sha1_asm_src => "sha1-x86_64.s sha256-x86_64.s sha512-x86_64.s sha1-mb-x86_64.s sha256-mb-x86_64.s", + rc4_asm_src => "rc4-x86_64.s rc4-md5-x86_64.s", + wp_asm_src => "wp-x86_64.s", + cmll_asm_src => "cmll-x86_64.s cmll_misc.c", + modes_asm_src => "ghash-x86_64.s aesni-gcm-x86_64.s", + padlock_asm_src => "e_padlock-x86_64.s", + chacha_asm_src => "chacha-x86_64.s", + poly1305_asm_src=> "poly1305-x86_64.s", + }, + ia64_asm => { + template => 1, + cpuid_asm_src => "ia64cpuid.s", + bn_asm_src => "bn-ia64.s ia64-mont.s", + aes_asm_src => "aes_core.c aes_cbc.c aes-ia64.s", + md5_asm_src => "md5-ia64.s", + sha1_asm_src => "sha1-ia64.s sha256-ia64.s sha512-ia64.s", + rc4_asm_src => "rc4-ia64.s rc4_skey.c", + modes_asm_src => "ghash-ia64.s", + perlasm_scheme => "void" + }, + sparcv9_asm => { + template => 1, + cpuid_asm_src => "sparcv9cap.c sparccpuid.S", + bn_asm_src => "asm/sparcv8plus.S sparcv9-mont.S sparcv9a-mont.S vis3-mont.S sparct4-mont.S sparcv9-gf2m.S", + ec_asm_src => "ecp_nistz256.c ecp_nistz256-sparcv9.S", + des_asm_src => "des_enc-sparc.S fcrypt_b.c dest4-sparcv9.S", + aes_asm_src => "aes_core.c aes_cbc.c aes-sparcv9.S aest4-sparcv9.S aesfx-sparcv9.S", + md5_asm_src => "md5-sparcv9.S", + sha1_asm_src => "sha1-sparcv9.S sha256-sparcv9.S sha512-sparcv9.S", + cmll_asm_src => "camellia.c cmll_misc.c cmll_cbc.c cmllt4-sparcv9.S", + modes_asm_src => "ghash-sparcv9.S", + poly1305_asm_src=> "poly1305-sparcv9.S", + perlasm_scheme => "void" + }, + sparcv8_asm => { + template => 1, + cpuid_asm_src => "", + bn_asm_src => "asm/sparcv8.S", + des_asm_src => "des_enc-sparc.S fcrypt_b.c", + perlasm_scheme => "void" + }, + alpha_asm => { + template => 1, + cpuid_asm_src => "alphacpuid.s", + bn_asm_src => "bn_asm.c alpha-mont.S", + sha1_asm_src => "sha1-alpha.S", + modes_asm_src => "ghash-alpha.S", + perlasm_scheme => "void" + }, + mips32_asm => { + template => 1, + bn_asm_src => "bn-mips.s mips-mont.s", + aes_asm_src => "aes_cbc.c aes-mips.S", + sha1_asm_src => "sha1-mips.S sha256-mips.S", + }, + mips64_asm => { + inherit_from => [ "mips32_asm" ], + template => 1, + sha1_asm_src => add("sha512-mips.S"), + poly1305_asm_src=> "poly1305-mips.S", + }, + s390x_asm => { + template => 1, + cpuid_asm_src => "s390xcap.c s390xcpuid.S", + bn_asm_src => "asm/s390x.S s390x-mont.S s390x-gf2m.s", + aes_asm_src => "aes-s390x.S aes-ctr.fake aes-xts.fake", + sha1_asm_src => "sha1-s390x.S sha256-s390x.S sha512-s390x.S", + rc4_asm_src => "rc4-s390x.s", + modes_asm_src => "ghash-s390x.S", + chacha_asm_src => "chacha-s390x.S", + poly1305_asm_src=> "poly1305-s390x.S", + }, + armv4_asm => { + template => 1, + cpuid_asm_src => "armcap.c armv4cpuid.S", + bn_asm_src => "bn_asm.c armv4-mont.S armv4-gf2m.S", + ec_asm_src => "ecp_nistz256.c ecp_nistz256-armv4.S", + aes_asm_src => "aes_cbc.c aes-armv4.S bsaes-armv7.S aesv8-armx.S", + sha1_asm_src => "sha1-armv4-large.S sha256-armv4.S sha512-armv4.S", + modes_asm_src => "ghash-armv4.S ghashv8-armx.S", + chacha_asm_src => "chacha-armv4.S", + poly1305_asm_src=> "poly1305-armv4.S", + perlasm_scheme => "void" + }, + aarch64_asm => { + template => 1, + cpuid_asm_src => "armcap.c arm64cpuid.S", + ec_asm_src => "ecp_nistz256.c ecp_nistz256-armv8.S", + bn_asm_src => "bn_asm.c armv8-mont.S", + aes_asm_src => "aes_core.c aes_cbc.c aesv8-armx.S vpaes-armv8.S", + sha1_asm_src => "sha1-armv8.S sha256-armv8.S sha512-armv8.S", + modes_asm_src => "ghashv8-armx.S", + chacha_asm_src => "chacha-armv8.S", + poly1305_asm_src=> "poly1305-armv8.S", + }, + parisc11_asm => { + template => 1, + cpuid_asm_src => "pariscid.s", + bn_asm_src => "bn_asm.c parisc-mont.s", + aes_asm_src => "aes_core.c aes_cbc.c aes-parisc.s", + sha1_asm_src => "sha1-parisc.s sha256-parisc.s sha512-parisc.s", + rc4_asm_src => "rc4-parisc.s", + modes_asm_src => "ghash-parisc.s", + perlasm_scheme => "32" + }, + parisc20_64_asm => { + template => 1, + inherit_from => [ "parisc11_asm" ], + perlasm_scheme => "64", + }, + ppc64_asm => { + template => 1, + cpuid_asm_src => "ppccpuid.s ppccap.c", + bn_asm_src => "bn-ppc.s ppc-mont.s ppc64-mont.s", + aes_asm_src => "aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s aesp8-ppc.s", + sha1_asm_src => "sha1-ppc.s sha256-ppc.s sha512-ppc.s sha256p8-ppc.s sha512p8-ppc.s", + modes_asm_src => "ghashp8-ppc.s", + chacha_asm_src => "chacha-ppc.s", + poly1305_asm_src=> "poly1305-ppc.s poly1305-ppcfp.s", + }, + ppc32_asm => { + inherit_from => [ "ppc64_asm" ], + template => 1 + }, +); diff --git a/third_party/openssl/Configurations/10-main.conf b/third_party/openssl/Configurations/10-main.conf new file mode 100644 index 0000000000..39b89e7e98 --- /dev/null +++ b/third_party/openssl/Configurations/10-main.conf @@ -0,0 +1,1894 @@ +## -*- mode: perl; -*- +## Standard openssl configuration targets. + +# Helper functions for the Windows configs +my $vc_win64a_info = {}; +sub vc_win64a_info { + unless (%$vc_win64a_info) { + if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) { + $vc_win64a_info = { as => "nasm", + asflags => "-f win64 -DNEAR -Ox -g", + asoutflag => "-o" }; + } elsif ($disabled{asm}) { + $vc_win64a_info = { as => "ml64", + asflags => "/c /Cp /Cx /Zi", + asoutflag => "/Fo" }; + } else { + $die->("NASM not found - please read INSTALL and NOTES.WIN for further details\n"); + $vc_win64a_info = { as => "{unknown}", + asflags => "", + asoutflag => "" }; + } + } + return $vc_win64a_info; +} + +my $vc_win32_info = {}; +sub vc_win32_info { + unless (%$vc_win32_info) { + my $ver=`nasm -v 2>NUL`; + my $vew=`nasmw -v 2>NUL`; + if ($ver ne "" || $vew ne "") { + $vc_win32_info = { as => $ver ge $vew ? "nasm" : "nasmw", + asflags => "-f win32", + asoutflag => "-o", + perlasm_scheme => "win32n" }; + } elsif ($disabled{asm}) { + $vc_win32_info = { as => "ml", + asflags => "/nologo /Cp /coff /c /Cx /Zi", + asoutflag => "/Fo", + perlasm_scheme => "win32" }; + } else { + $die->("NASM not found - please read INSTALL and NOTES.WIN for further details\n"); + $vc_win32_info = { as => "{unknown}", + asflags => "", + asoutflag => "", + perlasm_scheme => "win32" }; + } + } + return $vc_win32_info; +} + +my $vc_wince_info = {}; +sub vc_wince_info { + unless (%$vc_wince_info) { + # sanity check + $die->('%OSVERSION% is not defined') if (!defined($ENV{'OSVERSION'})); + $die->('%PLATFORM% is not defined') if (!defined($ENV{'PLATFORM'})); + $die->('%TARGETCPU% is not defined') if (!defined($ENV{'TARGETCPU'})); + + # + # Idea behind this is to mimic flags set by eVC++ IDE... + # + my $wcevers = $ENV{'OSVERSION'}; # WCENNN + my $wcevernum; + my $wceverdotnum; + if ($wcevers =~ /^WCE([1-9])([0-9]{2})$/) { + $wcevernum = "$1$2"; + $wceverdotnum = "$1.$2"; + } else { + $die->('%OSVERSION% value is insane'); + $wcevernum = "{unknown}"; + $wceverdotnum = "{unknown}"; + } + my $wcecdefs = "-D_WIN32_WCE=$wcevernum -DUNDER_CE=$wcevernum"; # -D_WIN32_WCE=NNN + my $wcelflag = "/subsystem:windowsce,$wceverdotnum"; # ...,N.NN + + my $wceplatf = $ENV{'PLATFORM'}; + + $wceplatf =~ tr/a-z0-9 /A-Z0-9_/; + $wcecdefs .= " -DWCE_PLATFORM_$wceplatf"; + + my $wcetgt = $ENV{'TARGETCPU'}; # just shorter name... + SWITCH: for($wcetgt) { + /^X86/ && do { $wcecdefs.=" -Dx86 -D_X86_ -D_i386_ -Di_386_"; + $wcelflag.=" /machine:X86"; last; }; + /^ARMV4[IT]/ && do { $wcecdefs.=" -DARM -D_ARM_ -D$wcetgt"; + $wcecdefs.=" -DTHUMB -D_THUMB_" if($wcetgt=~/T$/); + $wcecdefs.=" -QRarch4T -QRinterwork-return"; + $wcelflag.=" /machine:THUMB"; last; }; + /^ARM/ && do { $wcecdefs.=" -DARM -D_ARM_ -D$wcetgt"; + $wcelflag.=" /machine:ARM"; last; }; + /^MIPSIV/ && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt"; + $wcecdefs.=" -D_MIPS64 -QMmips4 -QMn32"; + $wcelflag.=" /machine:MIPSFPU"; last; }; + /^MIPS16/ && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt"; + $wcecdefs.=" -DMIPSII -QMmips16"; + $wcelflag.=" /machine:MIPS16"; last; }; + /^MIPSII/ && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt"; + $wcecdefs.=" -QMmips2"; + $wcelflag.=" /machine:MIPS"; last; }; + /^R4[0-9]{3}/ && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000"; + $wcelflag.=" /machine:MIPS"; last; }; + /^SH[0-9]/ && do { $wcecdefs.=" -D$wcetgt -D_${wcetgt}_ -DSHx"; + $wcecdefs.=" -Qsh4" if ($wcetgt =~ /^SH4/); + $wcelflag.=" /machine:$wcetgt"; last; }; + { $wcecdefs.=" -D$wcetgt -D_${wcetgt}_"; + $wcelflag.=" /machine:$wcetgt"; last; }; + } + + $vc_wince_info = { cflags => $wcecdefs, + lflags => $wcelflag }; + } + return $vc_wince_info; +} + +# Helper functions for the VMS configs +my $vms_info = {}; +sub vms_info { + unless (%$vms_info) { + my $pointer_size = shift; + my $pointer_size_str = $pointer_size == 0 ? "" : "$pointer_size"; + + $vms_info->{disable_warns} = [ ]; + $vms_info->{pointer_size} = $pointer_size_str; + if ($pointer_size == 64) { + `PIPE CC /NOCROSS_REFERENCE /NOLIST /NOOBJECT /WARNINGS = DISABLE = ( MAYLOSEDATA3, EMPTYFILE ) NL: 2> NL:`; + if ($? == 0) { + push @{$vms_info->{disable_warns}}, "MAYLOSEDATA3"; + } + } + + unless ($disabled{zlib}) { + my $default_zlib = 'GNV$LIBZSHR' . $pointer_size_str; + if (defined($disabled{"zlib-dynamic"})) { + $vms_info->{zlib} = $withargs{zlib_lib} || "$default_zlib/SHARE"; + } else { + $vms_info->{def_zlib} = $withargs{zlib_lib} || $default_zlib; + # In case the --with-zlib-lib value contains something like + # /SHARE or /LIB or so at the end, remove it. + $vms_info->{def_zlib} =~ s|/.*$||g; + } + } + } + return $vms_info; +} + +%targets = ( + +#### Basic configs that should work on any 32-bit box + "gcc" => { + cc => "gcc", + cflags => picker(debug => "-O0 -g", + release => "-O3"), + thread_scheme => "(unknown)", + bn_ops => "BN_LLONG", + }, + "cc" => { + cc => "cc", + cflags => "-O", + thread_scheme => "(unknown)", + }, + +#### VOS Configurations + "vos-gcc" => { + inherit_from => [ "BASE_unix" ], + cc => "gcc", + cflags => picker(default => "-Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN", + debug => "-O0 -g", + release => "-O3"), + thread_scheme => "(unknown)", + sys_id => "VOS", + lflags => "-Wl,-map", + bn_ops => "BN_LLONG", + shared_extension => ".so", + }, + +#### Solaris configurations + "solaris-common" => { + inherit_from => [ "BASE_unix" ], + template => 1, + cflags => "-DFILIO_H", + ex_libs => add("-lsocket -lnsl -ldl"), + dso_scheme => "dlfcn", + thread_scheme => "pthreads", + shared_target => "solaris-shared", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, +#### Solaris x86 with GNU C setups + "solaris-x86-gcc" => { + # NB. GNU C has to be configured to use GNU assembler, and not + # /usr/ccs/bin/as. Failure to comply will result in compile + # failures [at least] in 32-bit build. + # [Above statement is in direct contradition with one below. + # Latter is kept, because it's formally inappropriate to + # modify compile flags in letter release.] + # -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have + # to do it here because whenever GNU C instantiates an assembler + # template it surrounds it with #APP #NO_APP comment pair which + # (at least Solaris 7_x86) /usr/ccs/bin/as fails to assemble + # with "Illegal mnemonic" error message. + inherit_from => [ "solaris-common", asm("x86_elf_asm") ], + cc => "gcc", + cflags => add_before(picker(default => "-Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM", + debug => "-O0 -g", + release => "-O3 -fomit-frame-pointer"), + threads("-pthread")), + bn_ops => "BN_LLONG", + shared_cflag => "-fPIC", + shared_ldflag => "-shared -static-libgcc", + }, + "solaris64-x86_64-gcc" => { + # -shared -static-libgcc might appear controversial, but modules + # taken from static libgcc do not have relocations and linking + # them into our shared objects doesn't have any negative side + # effects. On the contrary, doing so makes it possible to use + # gcc shared build with Sun C. Given that gcc generates faster + # code [thanks to inline assembler], I would actually recommend + # to consider using gcc shared build even with vendor compiler:-) + # + inherit_from => [ "solaris-common", asm("x86_64_asm") ], + cc => "gcc", + cflags => add_before(picker(default => "-m64 -Wall -DL_ENDIAN", + debug => "-O0 -g", + release => "-O3"), + threads("-pthread")), + bn_ops => "SIXTY_FOUR_BIT_LONG", + perlasm_scheme => "elf", + shared_cflag => "-fPIC", + shared_ldflag => "-m64 -shared -static-libgcc", + multilib => "/64", + }, + +#### Solaris x86 with Sun C setups + # There used to be solaris-x86-cc target, but it was removed, + # primarily because vendor assembler can't assemble our modules + # with -KPIC flag. As result it, assembly support, was not even + # available as option. But its lack means lack of side-channel + # resistant code, which is incompatible with security by todays + # standards. Fortunately gcc is readily available prepackaged + # option, which we can firmly point at... + # + # On related note, solaris64-x86_64-cc target won't compile code + # paths utilizing AVX and post-Haswell instruction extensions. + # Consider switching to solaris64-x86_64-gcc even here... + # + "solaris64-x86_64-cc" => { + inherit_from => [ "solaris-common", asm("x86_64_asm") ], + cc => "cc", + cflags => add_before(picker(default => "-xarch=generic64 -xstrconst -Xa -DL_ENDIAN", + debug => "-g", + release => "-xO5 -xdepend -xbuiltin"), + threads("-D_REENTRANT")), + thread_scheme => "pthreads", + lflags => add("-xarch=generic64",threads("-mt")), + ex_libs => add(threads("-lpthread")), + bn_ops => "SIXTY_FOUR_BIT_LONG", + perlasm_scheme => "elf", + shared_cflag => "-KPIC", + shared_ldflag => "-xarch=generic64 -G -dy -z text", + multilib => "/64", + }, + +#### SPARC Solaris with GNU C setups + "solaris-sparcv7-gcc" => { + inherit_from => [ "solaris-common" ], + cc => "gcc", + cflags => add_before(picker(default => "-Wall -DB_ENDIAN -DBN_DIV2W", + debug => "-O0 -g", + release => "-O3"), + threads("-pthread")), + bn_ops => "BN_LLONG RC4_CHAR", + shared_cflag => "-fPIC", + shared_ldflag => "-shared", + }, + "solaris-sparcv8-gcc" => { + inherit_from => [ "solaris-sparcv7-gcc", asm("sparcv8_asm") ], + cflags => add_before("-mcpu=v8"), + }, + "solaris-sparcv9-gcc" => { + # -m32 should be safe to add as long as driver recognizes + # -mcpu=ultrasparc + inherit_from => [ "solaris-sparcv7-gcc", asm("sparcv9_asm") ], + cflags => add_before("-m32 -mcpu=ultrasparc"), + }, + "solaris64-sparcv9-gcc" => { + inherit_from => [ "solaris-sparcv9-gcc" ], + cflags => sub { my $f=join(" ",@_); $f =~ s/\-m32/-m64/; $f; }, + bn_ops => "BN_LLONG RC4_CHAR", + shared_ldflag => "-m64 -shared", + multilib => "/64", + }, + +#### SPARC Solaris with Sun C setups +# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2. +# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 +# SC5.0 note: Compiler common patch 107357-01 or later is required! + "solaris-sparcv7-cc" => { + inherit_from => [ "solaris-common" ], + cc => "cc", + cflags => add_before(picker(default => "-xstrconst -Xa -DB_ENDIAN -DBN_DIV2W", + debug => "-g", + release => "-xO5 -xdepend"), + threads("-D_REENTRANT")), + lflags => add(threads("-mt")), + ex_libs => add(threads("-lpthread")), + bn_ops => "BN_LLONG RC4_CHAR", + shared_cflag => "-KPIC", + shared_ldflag => "-G -dy -z text", + }, +#### + "solaris-sparcv8-cc" => { + inherit_from => [ "solaris-sparcv7-cc", asm("sparcv8_asm") ], + cflags => add_before("-xarch=v8"), + }, + "solaris-sparcv9-cc" => { + inherit_from => [ "solaris-sparcv7-cc", asm("sparcv9_asm") ], + cflags => add_before("-xarch=v8plus"), + }, + "solaris64-sparcv9-cc" => { + inherit_from => [ "solaris-sparcv7-cc", asm("sparcv9_asm") ], + cflags => add_before("-xarch=v9"), + lflags => add_before("-xarch=v9"), + bn_ops => "BN_LLONG RC4_CHAR", + shared_ldflag => "-xarch=v9 -G -dy -z text", + multilib => "/64", + }, + +#### IRIX 6.x configs +# Only N32 and N64 ABIs are supported. + "irix-mips3-gcc" => { + inherit_from => [ "BASE_unix", asm("mips64_asm") ], + cc => "gcc", + cflags => combine(picker(default => "-mabi=n32 -DB_ENDIAN -DBN_DIV3W", + debug => "-g -O0", + release => "-O3"), + threads("-D_SGI_MP_SOURCE")), + ex_libs => add(threads("-lpthread")), + bn_ops => "RC4_CHAR SIXTY_FOUR_BIT", + thread_scheme => "pthreads", + perlasm_scheme => "n32", + dso_scheme => "dlfcn", + shared_target => "irix-shared", + shared_ldflag => "-mabi=n32", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "32", + }, + "irix-mips3-cc" => { + inherit_from => [ "BASE_unix", asm("mips64_asm") ], + cc => "cc", + cflags => combine(picker(default => "-n32 -mips3 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W", + debug => "-g -O0", + release => "-O2"), + threads("-D_SGI_MP_SOURCE")), + ex_libs => add(threads("-lpthread")), + bn_ops => "RC4_CHAR SIXTY_FOUR_BIT", + thread_scheme => "pthreads", + perlasm_scheme => "n32", + dso_scheme => "dlfcn", + shared_target => "irix-shared", + shared_ldflag => "-n32", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "32", + }, + # N64 ABI builds. + "irix64-mips4-gcc" => { + inherit_from => [ "BASE_unix", asm("mips64_asm") ], + cc => "gcc", + cflags => combine(picker(default => "-mabi=64 -mips4 -DB_ENDIAN -DBN_DIV3W", + debug => "-g -O0", + release => "-O3"), + threads("-D_SGI_MP_SOURCE")), + ex_libs => add(threads("-lpthread")), + bn_ops => "RC4_CHAR SIXTY_FOUR_BIT_LONG", + thread_scheme => "pthreads", + perlasm_scheme => "64", + dso_scheme => "dlfcn", + shared_target => "irix-shared", + shared_ldflag => "-mabi=64", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "64", + }, + "irix64-mips4-cc" => { + inherit_from => [ "BASE_unix", asm("mips64_asm") ], + cc => "cc", + cflags => combine(picker(default => "-64 -mips4 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W", + debug => "-g -O0", + release => "-O2"), + threads("-D_SGI_MP_SOURCE")), + ex_libs => add(threads("-lpthread")), + bn_ops => "RC4_CHAR SIXTY_FOUR_BIT_LONG", + thread_scheme => "pthreads", + perlasm_scheme => "64", + dso_scheme => "dlfcn", + shared_target => "irix-shared", + shared_ldflag => "-64", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "64", + }, + +#### Unified HP-UX ANSI C configs. +# Special notes: +# - Originally we were optimizing at +O4 level. It should be noted +# that the only difference between +O3 and +O4 is global inter- +# procedural analysis. As it has to be performed during the link +# stage the compiler leaves behind certain pseudo-code in lib*.a +# which might be release or even patch level specific. Generating +# the machine code for and analyzing the *whole* program appears +# to be *extremely* memory demanding while the performance gain is +# actually questionable. The situation is intensified by the default +# HP-UX data set size limit (infamous 'maxdsiz' tunable) of 64MB +# which is way too low for +O4. In other words, doesn't +O3 make +# more sense? +# - Keep in mind that the HP compiler by default generates code +# suitable for execution on the host you're currently compiling at. +# If the toolkit is meant to be used on various PA-RISC processors +# consider './Configure hpux-parisc-[g]cc +DAportable'. +# - -DMD32_XARRAY triggers workaround for compiler bug we ran into in +# 32-bit message digests. (For the moment of this writing) HP C +# doesn't seem to "digest" too many local variables (they make "him" +# chew forever:-). For more details look-up MD32_XARRAY comment in +# crypto/sha/sha_lcl.h. +# - originally there were 32-bit hpux-parisc2-* targets. They were +# scrapped, because a) they were not interchangeable with other 32-bit +# targets; b) performance-critical 32-bit assembly modules implement +# even PA-RISC 2.0-specific code paths, which are chosen at run-time, +# thus adequate performance is provided even with PA-RISC 1.1 build. +# + "hpux-parisc-gcc" => { + inherit_from => [ "BASE_unix" ], + cc => "gcc", + cflags => combine(picker(default => "-DB_ENDIAN -DBN_DIV2W", + debug => "-O0 -g", + release => "-O3"), + threads("-pthread")), + ex_libs => add("-Wl,+s -ldld"), + bn_ops => "BN_LLONG", + thread_scheme => "pthreads", + dso_scheme => "dl", + shared_target => "hpux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-shared", + shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "hpux-parisc1_1-gcc" => { + inherit_from => [ "hpux-parisc-gcc", asm("parisc11_asm") ], + multilib => "/pa1.1", + }, + "hpux64-parisc2-gcc" => { + inherit_from => [ "BASE_unix", asm("parisc20_64_asm") ], + cc => "gcc", + cflags => combine(picker(default => "-DB_ENDIAN", + debug => "-O0 -g", + release => "-O3"), + threads("-D_REENTRANT")), + ex_libs => add("-ldl"), + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", + thread_scheme => "pthreads", + dso_scheme => "dlfcn", + shared_target => "hpux-shared", + shared_cflag => "-fpic", + shared_ldflag => "-shared", + shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "/pa20_64", + }, + + # More attempts at unified 10.X and 11.X targets for HP C compiler. + # + # Chris Ruemmler + # Kevin Steves + "hpux-parisc-cc" => { + inherit_from => [ "BASE_unix" ], + cc => "cc", + cflags => combine(picker(default => "+Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY", + debug => "+O0 +d -g", + release => "+O3"), + threads("-D_REENTRANT")), + ex_libs => add("-Wl,+s -ldld",threads("-lpthread")), + bn_ops => "RC4_CHAR", + thread_scheme => "pthreads", + dso_scheme => "dl", + shared_target => "hpux-shared", + shared_cflag => "+Z", + shared_ldflag => "-b", + shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "hpux-parisc1_1-cc" => { + inherit_from => [ "hpux-parisc-cc", asm("parisc11_asm") ], + cflags => add_before("+DA1.1"), + multilib => "/pa1.1", + }, + "hpux64-parisc2-cc" => { + inherit_from => [ "BASE_unix", asm("parisc20_64_asm") ], + cc => "cc", + cflags => combine(picker(default => "+DD64 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY", + debug => "+O0 +d -g", + release => "+O3"), + threads("-D_REENTRANT")), + ex_libs => add("-ldl",threads("-lpthread")), + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", + thread_scheme => "pthreads", + dso_scheme => "dlfcn", + shared_target => "hpux-shared", + shared_cflag => "+Z", + shared_ldflag => "+DD64 -b", + shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "/pa20_64", + }, + + # HP/UX IA-64 targets + "hpux-ia64-cc" => { + inherit_from => [ "BASE_unix", asm("ia64_asm") ], + cc => "cc", + cflags => combine(picker(default => "-Ae +DD32 +Olit=all -z -DB_ENDIAN", + debug => "+O0 +d -g", + release => "+O2"), + threads("-D_REENTRANT")), + ex_libs => add("-ldl",threads("-lpthread")), + bn_ops => "SIXTY_FOUR_BIT", + thread_scheme => "pthreads", + dso_scheme => "dlfcn", + shared_target => "hpux-shared", + shared_cflag => "+Z", + shared_ldflag => "+DD32 -b", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "/hpux32", + }, + # Frank Geurts has patiently assisted + # with debugging of the following config. + "hpux64-ia64-cc" => { + inherit_from => [ "BASE_unix", asm("ia64_asm") ], + cc => "cc", + cflags => combine(picker(default => "-Ae +DD64 +Olit=all -z -DB_ENDIAN", + debug => "+O0 +d -g", + release => "+O3"), + threads("-D_REENTRANT")), + ex_libs => add("-ldl", threads("-lpthread")), + bn_ops => "SIXTY_FOUR_BIT_LONG", + thread_scheme => "pthreads", + dso_scheme => "dlfcn", + shared_target => "hpux-shared", + shared_cflag => "+Z", + shared_ldflag => "+DD64 -b", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "/hpux64", + }, + # GCC builds... + "hpux-ia64-gcc" => { + inherit_from => [ "BASE_unix", asm("ia64_asm") ], + cc => "gcc", + cflags => combine(picker(default => "-DB_ENDIAN", + debug => "-O0 -g", + release => "-O3"), + threads("-pthread")), + ex_libs => add("-ldl"), + bn_ops => "SIXTY_FOUR_BIT", + thread_scheme => "pthreads", + dso_scheme => "dlfcn", + shared_target => "hpux-shared", + shared_cflag => "-fpic", + shared_ldflag => "-shared", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "/hpux32", + }, + "hpux64-ia64-gcc" => { + inherit_from => [ "BASE_unix", asm("ia64_asm") ], + cc => "gcc", + cflags => combine(picker(default => "-mlp64 -DB_ENDIAN", + debug => "-O0 -g", + release => "-O3"), + threads("-pthread")), + ex_libs => add("-ldl"), + bn_ops => "SIXTY_FOUR_BIT_LONG", + thread_scheme => "pthreads", + dso_scheme => "dlfcn", + shared_target => "hpux-shared", + shared_cflag => "-fpic", + shared_ldflag => "-mlp64 -shared", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "/hpux64", + }, + +#### HP MPE/iX http://jazz.external.hp.com/src/openssl/ + "MPE/iX-gcc" => { + inherit_from => [ "BASE_unix" ], + cc => "gcc", + cflags => "-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB", + sys_id => "MPE", + ex_libs => add("-L/SYSLOG/PUB -lsyslog -lsocket -lcurses"), + thread_scheme => "(unknown)", + bn_ops => "BN_LLONG", + }, + +#### DEC Alpha Tru64 targets. Tru64 is marketing name for OSF/1 version 4 +#### and forward. In reality 'uname -s' still returns "OSF1". Originally +#### there were even osf1-* configs targeting prior versions provided, +#### but not anymore... + "tru64-alpha-gcc" => { + inherit_from => [ "BASE_unix", asm("alpha_asm") ], + cc => "gcc", + cflags => combine("-std=c9x -D_XOPEN_SOURCE=500 -D_OSF_SOURCE -O3", + threads("-pthread")), + ex_libs => "-lrt", # for mlock(2) + bn_ops => "SIXTY_FOUR_BIT_LONG", + thread_scheme => "pthreads", + dso_scheme => "dlfcn", + shared_target => "alpha-osf1-shared", + shared_extension => ".so", + }, + "tru64-alpha-cc" => { + inherit_from => [ "BASE_unix", asm("alpha_asm") ], + cc => "cc", + cflags => combine("-std1 -D_XOPEN_SOURCE=500 -D_OSF_SOURCE -tune host -fast -readonly_strings", + threads("-pthread")), + ex_libs => "-lrt", # for mlock(2) + bn_ops => "SIXTY_FOUR_BIT_LONG", + thread_scheme => "pthreads", + dso_scheme => "dlfcn", + shared_target => "alpha-osf1-shared", + shared_ldflag => "-msym", + shared_extension => ".so", + }, + +#### +#### Variety of LINUX:-) +#### +# *-generic* is endian-neutral target, but ./config is free to +# throw in -D[BL]_ENDIAN, whichever appropriate... + "linux-generic32" => { + inherit_from => [ "BASE_unix" ], + cc => "gcc", + cflags => combine(picker(default => "-Wall", + debug => "-O0 -g", + release => "-O3"), + threads("-pthread")), + ex_libs => add("-ldl"), + bn_ops => "BN_LLONG RC4_CHAR", + thread_scheme => "pthreads", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC -DOPENSSL_USE_NODELETE", + shared_ldflag => "-Wl,-znodelete", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "linux-generic64" => { + inherit_from => [ "linux-generic32" ], + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", + }, + + "linux-ppc" => { + inherit_from => [ "linux-generic32", asm("ppc32_asm") ], + perlasm_scheme => "linux32", + }, + "linux-ppc64" => { + inherit_from => [ "linux-generic64", asm("ppc64_asm") ], + cflags => add("-m64 -DB_ENDIAN"), + perlasm_scheme => "linux64", + shared_ldflag => add("-m64"), + multilib => "64", + }, + "linux-ppc64le" => { + inherit_from => [ "linux-generic64", asm("ppc64_asm") ], + cflags => add("-m64 -DL_ENDIAN"), + perlasm_scheme => "linux64le", + shared_ldflag => add("-m64"), + }, + + "linux-armv4" => { + ################################################################ + # Note that -march is not among compiler options in linux-armv4 + # target description. Not specifying one is intentional to give + # you choice to: + # + # a) rely on your compiler default by not specifying one; + # b) specify your target platform explicitly for optimal + # performance, e.g. -march=armv6 or -march=armv7-a; + # c) build "universal" binary that targets *range* of platforms + # by specifying minimum and maximum supported architecture; + # + # As for c) option. It actually makes no sense to specify + # maximum to be less than ARMv7, because it's the least + # requirement for run-time switch between platform-specific + # code paths. And without run-time switch performance would be + # equivalent to one for minimum. Secondly, there are some + # natural limitations that you'd have to accept and respect. + # Most notably you can *not* build "universal" binary for + # big-endian platform. This is because ARMv7 processor always + # picks instructions in little-endian order. Another similar + # limitation is that -mthumb can't "cross" -march=armv6t2 + # boundary, because that's where it became Thumb-2. Well, this + # limitation is a bit artificial, because it's not really + # impossible, but it's deemed too tricky to support. And of + # course you have to be sure that your binutils are actually + # up to the task of handling maximum target platform. With all + # this in mind here is an example of how to configure + # "universal" build: + # + # ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 + # + inherit_from => [ "linux-generic32", asm("armv4_asm") ], + perlasm_scheme => "linux32", + }, + "linux-aarch64" => { + inherit_from => [ "linux-generic64", asm("aarch64_asm") ], + perlasm_scheme => "linux64", + }, + "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 + inherit_from => [ "linux-generic32", asm("aarch64_asm") ], + cflags => add("-mabi=ilp32"), + bn_ops => "SIXTY_FOUR_BIT RC4_CHAR", + perlasm_scheme => "linux64", + shared_ldflag => add("-mabi=ilp32"), + }, + + "linux-mips32" => { + # Configure script adds minimally required -march for assembly + # support, if no -march was specified at command line. + inherit_from => [ "linux-generic32", asm("mips32_asm") ], + cflags => add("-mabi=32 -DBN_DIV3W"), + perlasm_scheme => "o32", + shared_ldflag => add("-mabi=32"), + }, + # mips32 and mips64 below refer to contemporary MIPS Architecture + # specifications, MIPS32 and MIPS64, rather than to kernel bitness. + "linux-mips64" => { + inherit_from => [ "linux-generic32", asm("mips64_asm") ], + cflags => add("-mabi=n32 -DBN_DIV3W"), + bn_ops => "SIXTY_FOUR_BIT RC4_CHAR", + perlasm_scheme => "n32", + shared_ldflag => add("-mabi=n32"), + multilib => "32", + }, + "linux64-mips64" => { + inherit_from => [ "linux-generic64", asm("mips64_asm") ], + cflags => add("-mabi=64 -DBN_DIV3W"), + perlasm_scheme => "64", + shared_ldflag => add("-mabi=64"), + multilib => "64", + }, + + #### IA-32 targets... + #### These two targets are a bit aged and are to be used on older Linux + #### machines where gcc doesn't understand -m32 and -m64 + "linux-elf" => { + inherit_from => [ "linux-generic32", asm("x86_elf_asm") ], + cflags => add(picker(default => "-DL_ENDIAN", + release => "-fomit-frame-pointer")), + bn_ops => "BN_LLONG", + }, + "linux-aout" => { + inherit_from => [ "BASE_unix", asm("x86_asm") ], + cc => "gcc", + cflags => add(picker(default => "-DL_ENDIAN -Wall", + debug => "-O0 -g", + release => "-O3 -fomit-frame-pointer")), + bn_ops => "BN_LLONG", + thread_scheme => "(unknown)", + perlasm_scheme => "a.out", + }, + + #### X86 / X86_64 targets + "linux-x86" => { + inherit_from => [ "linux-generic32", asm("x86_asm") ], + cflags => add(picker(default => "-m32 -DL_ENDIAN", + release => "-fomit-frame-pointer")), + bn_ops => "BN_LLONG", + perlasm_scheme => "elf", + shared_ldflag => add("-m32"), + }, + "linux-x86-clang" => { + inherit_from => [ "linux-x86" ], + cc => "clang", + cxx => "clang++", + cflags => add("-Wextra -Qunused-arguments"), + }, + "linux-x86_64" => { + inherit_from => [ "linux-generic64", asm("x86_64_asm") ], + cflags => add("-m64 -DL_ENDIAN"), + bn_ops => "SIXTY_FOUR_BIT_LONG", + perlasm_scheme => "elf", + shared_ldflag => add("-m64"), + multilib => "64", + }, + "linux-x86_64-clang" => { + inherit_from => [ "linux-x86_64" ], + cc => "clang", + cflags => add("-Wextra -Qunused-arguments"), + }, + "linux-x32" => { + inherit_from => [ "linux-generic32", asm("x86_64_asm") ], + cflags => add("-mx32 -DL_ENDIAN"), + bn_ops => "SIXTY_FOUR_BIT", + perlasm_scheme => "elf32", + shared_ldflag => add("-mx32"), + multilib => "x32", + }, + + "linux-ia64" => { + inherit_from => [ "linux-generic64", asm("ia64_asm") ], + bn_ops => "SIXTY_FOUR_BIT_LONG", + }, + + "linux64-s390x" => { + inherit_from => [ "linux-generic64", asm("s390x_asm") ], + cflags => add("-m64 -DB_ENDIAN"), + perlasm_scheme => "64", + shared_ldflag => add("-m64"), + multilib => "64", + }, + "linux32-s390x" => { + #### So called "highgprs" target for z/Architecture CPUs + # "Highgprs" is kernel feature first implemented in Linux + # 2.6.32, see /proc/cpuinfo. The idea is to preserve most + # significant bits of general purpose registers not only + # upon 32-bit process context switch, but even on + # asynchronous signal delivery to such process. This makes + # it possible to deploy 64-bit instructions even in legacy + # application context and achieve better [or should we say + # adequate] performance. The build is binary compatible with + # linux-generic32, and the idea is to be able to install the + # resulting libcrypto.so alongside generic one, e.g. as + # /lib/highgprs/libcrypto.so.x.y, for ldconfig and run-time + # linker to autodiscover. Unfortunately it doesn't work just + # yet, because of couple of bugs in glibc + # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1... + # + inherit_from => [ "linux-generic32", asm("s390x_asm") ], + cflags => add("-m31 -Wa,-mzarch -DB_ENDIAN"), + bn_asm_src => sub { my $r=join(" ",@_); $r=~s|asm/s390x\.S|bn_asm.c|; $r; }, + perlasm_scheme => "31", + shared_ldflag => add("-m31"), + multilib => "/highgprs", + }, + + #### SPARC Linux setups + # Ray Miller has + # patiently assisted with debugging of following two configs. + "linux-sparcv8" => { + inherit_from => [ "linux-generic32", asm("sparcv8_asm") ], + cflags => add("-mcpu=v8 -DB_ENDIAN -DBN_DIV2W"), + }, + "linux-sparcv9" => { + # it's a real mess with -mcpu=ultrasparc option under Linux, + # but -Wa,-Av8plus should do the trick no matter what. + inherit_from => [ "linux-generic32", asm("sparcv9_asm") ], + cflags => add("-m32 -mcpu=ultrasparc -Wa,-Av8plus -DB_ENDIAN -DBN_DIV2W"), + shared_ldflag => add("-m32"), + }, + "linux64-sparcv9" => { + # GCC 3.1 is a requirement + inherit_from => [ "linux-generic64", asm("sparcv9_asm") ], + cflags => add("-m64 -mcpu=ultrasparc -DB_ENDIAN"), + bn_ops => "BN_LLONG RC4_CHAR", + shared_ldflag => add("-m64"), + multilib => "64", + }, + + "linux-alpha-gcc" => { + inherit_from => [ "linux-generic64", asm("alpha_asm") ], + cflags => add("-DL_ENDIAN"), + bn_ops => "SIXTY_FOUR_BIT_LONG", + }, + "linux-c64xplus" => { + inherit_from => [ "BASE_unix" ], + # TI_CGT_C6000_7.3.x is a requirement + cc => "cl6x", + cflags => combine("--linux -ea=.s -eo=.o -mv6400+ -o2 -ox -ms -pden -DOPENSSL_SMALL_FOOTPRINT", + threads("-D_REENTRANT")), + bn_ops => "BN_LLONG", + cpuid_asm_src => "c64xpluscpuid.s", + bn_asm_src => "asm/bn-c64xplus.asm c64xplus-gf2m.s", + aes_asm_src => "aes-c64xplus.s aes_cbc.c aes-ctr.fake", + sha1_asm_src => "sha1-c64xplus.s sha256-c64xplus.s sha512-c64xplus.s", + rc4_asm_src => "rc4-c64xplus.s", + modes_asm_src => "ghash-c64xplus.s", + chacha_asm_src => "chacha-c64xplus.s", + poly1305_asm_src => "poly1305-c64xplus.s", + thread_scheme => "pthreads", + perlasm_scheme => "void", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "--pic", + shared_ldflag => add("-z --sysv --shared"), + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + ranlib => "true", + }, + +#### Android: linux-* but without pointers to headers and libs. + # + # It takes pair of prior-set environment variables to make it work: + # + # CROSS_SYSROOT=/some/where/android-ndk-/platforms/android-/arch- + # CROSS_COMPILE= + # + # As well as PATH adjusted to cover ${CROSS_COMPILE}gcc and company. + # For example to compile for ICS and ARM with NDK 10d, you'd: + # + # ANDROID_NDK=/some/where/android-ndk-10d + # CROSS_SYSROOT=$ANDROID_NDK/platforms/android-14/arch-arm + # CROSS_COMPILE=arm-linux-adroideabi- + # PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuild/linux-x86_64/bin + # + "android" => { + inherit_from => [ "linux-generic32" ], + # Special note about unconditional -fPIC and -pie. The underlying + # reason is that Lollipop refuses to run non-PIE. But what about + # older systems and NDKs? -fPIC was never problem, so the only + # concern is -pie. Older toolchains, e.g. r4, appear to handle it + # and binaries turn mostly functional. "Mostly" means that oldest + # Androids, such as Froyo, fail to handle executable, but newer + # systems are perfectly capable of executing binaries targeting + # Froyo. Keep in mind that in the nutshell Android builds are + # about JNI, i.e. shared libraries, not applications. + cflags => add(picker(default => "-mandroid -fPIC --sysroot=\$(CROSS_SYSROOT) -Wa,--noexecstack")), + bin_cflags => "-pie", + }, + "android-x86" => { + inherit_from => [ "android", asm("x86_asm") ], + cflags => add(picker(release => "-fomit-frame-pointer")), + bn_ops => "BN_LLONG", + perlasm_scheme => "android", + }, + ################################################################ + # Contemporary Android applications can provide multiple JNI + # providers in .apk, targeting multiple architectures. Among + # them there is "place" for two ARM flavours: generic eabi and + # armv7-a/hard-float. However, it should be noted that OpenSSL's + # ability to engage NEON is not constrained by ABI choice, nor + # is your ability to call OpenSSL from your application code + # compiled with floating-point ABI other than default 'soft'. + # [Latter thanks to __attribute__((pcs("aapcs"))) declaration.] + # This means that choice of ARM libraries you provide in .apk + # is driven by application needs. For example if application + # itself benefits from NEON or is floating-point intensive, then + # it might be appropriate to provide both libraries. Otherwise + # just generic eabi would do. But in latter case it would be + # appropriate to + # + # ./Configure android-armeabi -D__ARM_MAX_ARCH__=8 + # + # in order to build "universal" binary and allow OpenSSL take + # advantage of NEON when it's available. + # + "android-armeabi" => { + inherit_from => [ "android", asm("armv4_asm") ], + }, + "android-mips" => { + inherit_from => [ "android", asm("mips32_asm") ], + perlasm_scheme => "o32", + }, + + "android64" => { + inherit_from => [ "linux-generic64" ], + cflags => add(picker(default => "-mandroid -fPIC --sysroot=\$(CROSS_SYSROOT) -Wa,--noexecstack")), + bin_cflags => "-pie", + }, + "android64-aarch64" => { + inherit_from => [ "android64", asm("aarch64_asm") ], + perlasm_scheme => "linux64", + }, + +#### *BSD + "BSD-generic32" => { + # As for thread cflag. Idea is to maintain "collective" set of + # flags, which would cover all BSD flavors. -pthread applies + # to them all, but is treated differently. OpenBSD expands is + # as -D_POSIX_THREAD -lc_r, which is sufficient. FreeBSD 4.x + # expands it as -lc_r, which has to be accompanied by explicit + # -D_THREAD_SAFE and sometimes -D_REENTRANT. FreeBSD 5.x + # expands it as -lc_r, which seems to be sufficient? + inherit_from => [ "BASE_unix" ], + cc => "cc", + cflags => combine(picker(default => "-Wall", + debug => "-O0 -g", + release => "-O3"), + threads("-pthread -D_THREAD_SAFE -D_REENTRANT")), + bn_ops => "BN_LLONG", + thread_scheme => "pthreads", + dso_scheme => "dlfcn", + shared_target => "bsd-gcc-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "BSD-generic64" => { + inherit_from => [ "BSD-generic32" ], + bn_ops => "SIXTY_FOUR_BIT_LONG", + }, + + "BSD-x86" => { + inherit_from => [ "BSD-generic32", asm("x86_asm") ], + cflags => add(picker(default => "-DL_ENDIAN", + release => "-fomit-frame-pointer")), + bn_ops => "BN_LLONG", + shared_target => "bsd-shared", + perlasm_scheme => "a.out", + }, + "BSD-x86-elf" => { + inherit_from => [ "BSD-x86" ], + perlasm_scheme => "elf", + }, + + "BSD-sparcv8" => { + inherit_from => [ "BSD-generic32", asm("sparcv8_asm") ], + cflags => add("-mcpu=v8 -DB_ENDIAN"), + }, + "BSD-sparc64" => { + # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it + # simply *happens* to work around a compiler bug in gcc 3.3.3, + # triggered by RIPEMD160 code. + inherit_from => [ "BSD-generic64", asm("sparcv9_asm") ], + cflags => add("-DB_ENDIAN -DMD32_REG_T=int"), + bn_ops => "BN_LLONG", + }, + + "BSD-ia64" => { + inherit_from => [ "BSD-generic64", asm("ia64_asm") ], + cflags => add_before("-DL_ENDIAN"), + bn_ops => "SIXTY_FOUR_BIT_LONG", + }, + + "BSD-x86_64" => { + inherit_from => [ "BSD-generic64", asm("x86_64_asm") ], + cflags => add_before("-DL_ENDIAN"), + bn_ops => "SIXTY_FOUR_BIT_LONG", + perlasm_scheme => "elf", + }, + + "bsdi-elf-gcc" => { + inherit_from => [ "BASE_unix", asm("x86_elf_asm") ], + cc => "gcc", + cflags => "-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -Wall", + ex_libs => add("-ldl"), + bn_ops => "BN_LLONG", + thread_scheme => "(unknown)", + dso_scheme => "dlfcn", + shared_target => "bsd-gcc-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + + "nextstep" => { + inherit_from => [ "BASE_unix" ], + cc => "cc", + cflags => "-O -Wall", + unistd => "", + bn_ops => "BN_LLONG", + thread_scheme => "(unknown)", + }, + "nextstep3.3" => { + inherit_from => [ "BASE_unix" ], + cc => "cc", + cflags => "-O3 -Wall", + unistd => "", + bn_ops => "BN_LLONG", + thread_scheme => "(unknown)", + }, + +# QNX + "qnx4" => { + inherit_from => [ "BASE_unix" ], + cc => "cc", + cflags => "-DL_ENDIAN -DTERMIO", + thread_scheme => "(unknown)", + }, + "QNX6" => { + inherit_from => [ "BASE_unix" ], + cc => "gcc", + ex_libs => add("-lsocket"), + dso_scheme => "dlfcn", + shared_target => "bsd-gcc-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "QNX6-i386" => { + inherit_from => [ "BASE_unix", asm("x86_elf_asm") ], + cc => "gcc", + cflags => "-DL_ENDIAN -O2 -Wall", + ex_libs => add("-lsocket"), + dso_scheme => "dlfcn", + shared_target => "bsd-gcc-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + +#### SCO/Caldera targets. +# +# Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc. +# Now we only have blended unixware-* as it's the only one used by ./config. +# If you want to optimize for particular microarchitecture, bypass ./config +# and './Configure unixware-7 -Kpentium_pro' or whatever appropriate. +# Note that not all targets include assembler support. Mostly because of +# lack of motivation to support out-of-date platforms with out-of-date +# compiler drivers and assemblers. Tim Rice has +# patiently assisted to debug most of it. +# +# UnixWare 2.0x fails destest with -O. + "unixware-2.0" => { + inherit_from => [ "BASE_unix" ], + cc => "cc", + cflags => combine("-DFILIO_H -DNO_STRINGS_H", + threads("-Kthread")), + ex_libs => add("-lsocket -lnsl -lresolv -lx"), + thread_scheme => "uithreads", + }, + "unixware-2.1" => { + inherit_from => [ "BASE_unix" ], + cc => "cc", + cflags => combine("-O -DFILIO_H", + threads("-Kthread")), + ex_libs => add("-lsocket -lnsl -lresolv -lx"), + thread_scheme => "uithreads", + }, + "unixware-7" => { + inherit_from => [ "BASE_unix", asm("x86_elf_asm") ], + cc => "cc", + cflags => combine("-O -DFILIO_H -Kalloca", + threads("-Kthread")), + ex_libs => add("-lsocket -lnsl"), + thread_scheme => "uithreads", + bn_ops => "BN_LLONG", + perlasm_scheme => "elf-1", + dso_scheme => "dlfcn", + shared_target => "svr5-shared", + shared_cflag => "-Kpic", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "unixware-7-gcc" => { + inherit_from => [ "BASE_unix", asm("x86_elf_asm") ], + cc => "gcc", + cflags => combine("-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -Wall", + threads("-D_REENTRANT")), + ex_libs => add("-lsocket -lnsl"), + bn_ops => "BN_LLONG", + thread_scheme => "pthreads", + perlasm_scheme => "elf-1", + dso_scheme => "dlfcn", + shared_target => "gnu-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, +# SCO 5 - Ben Laurie says the -O breaks the SCO cc. + "sco5-cc" => { + inherit_from => [ "BASE_unix", asm("x86_elf_asm") ], + cc => "cc", + cflags => "-belf", + ex_libs => add("-lsocket -lnsl"), + thread_scheme => "(unknown)", + perlasm_scheme => "elf-1", + dso_scheme => "dlfcn", + shared_target => "svr3-shared", + shared_cflag => "-Kpic", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "sco5-gcc" => { + inherit_from => [ "BASE_unix", asm("x86_elf_asm") ], + cc => "gcc", + cflags => "-O3 -fomit-frame-pointer", + ex_libs => add("-lsocket -lnsl"), + bn_ops => "BN_LLONG", + thread_scheme => "(unknown)", + perlasm_scheme => "elf-1", + dso_scheme => "dlfcn", + shared_target => "svr3-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + +#### IBM's AIX. + # Below targets assume AIX >=5. Caveat lector. If you are accustomed + # to control compilation "bitness" by setting $OBJECT_MODE environment + # variable, then you should know that in OpenSSL case it's considered + # only in ./config. Once configured, build procedure remains "deaf" to + # current value of $OBJECT_MODE. + "aix-gcc" => { + inherit_from => [ "BASE_unix", asm("ppc32_asm") ], + cc => "gcc", + cflags => combine(picker(default => "-DB_ENDIAN", + debug => "-O0 -g", + release => "-O"), + threads("-pthread")), + sys_id => "AIX", + bn_ops => "BN_LLONG RC4_CHAR", + thread_scheme => "pthreads", + perlasm_scheme => "aix32", + dso_scheme => "dlfcn", + shared_target => "aix-shared", + shared_ldflag => "-shared -static-libgcc -Wl,-G", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + arflags => "-X32", + }, + "aix64-gcc" => { + inherit_from => [ "BASE_unix", asm("ppc64_asm") ], + cc => "gcc", + cflags => combine(picker(default => "-maix64 -DB_ENDIAN", + debug => "-O0 -g", + release => "-O"), + threads("-pthread")), + sys_id => "AIX", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", + thread_scheme => "pthreads", + perlasm_scheme => "aix64", + dso_scheme => "dlfcn", + shared_target => "aix-shared", + shared_ldflag => "-maix64 -shared -static-libgcc -Wl,-G", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + arflags => "-X64", + }, + "aix-cc" => { + inherit_from => [ "BASE_unix", asm("ppc32_asm") ], + cc => "cc", + cflags => combine(picker(default => "-q32 -DB_ENDIAN -qmaxmem=16384 -qro -qroconst", + debug => "-O0 -g", + release => "-O"), + threads("-qthreaded -D_THREAD_SAFE")), + sys_id => "AIX", + bn_ops => "BN_LLONG RC4_CHAR", + thread_scheme => "pthreads", + ex_libs => threads("-lpthreads"), + perlasm_scheme => "aix32", + dso_scheme => "dlfcn", + shared_target => "aix-shared", + shared_ldflag => "-q32 -G", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + arflags => "-X 32", + }, + "aix64-cc" => { + inherit_from => [ "BASE_unix", asm("ppc64_asm") ], + cc => "cc", + cflags => combine(picker(default => "-q64 -DB_ENDIAN -qmaxmem=16384 -qro -qroconst", + debug => "-O0 -g", + release => "-O"), + threads("-qthreaded -D_THREAD_SAFE")), + sys_id => "AIX", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", + thread_scheme => "pthreads", + ex_libs => threads("-lpthreads"), + perlasm_scheme => "aix64", + dso_scheme => "dlfcn", + shared_target => "aix-shared", + shared_ldflag => "-q64 -G", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + arflags => "-X 64", + }, + +# SIEMENS BS2000/OSD: an EBCDIC-based mainframe + "BS2000-OSD" => { + inherit_from => [ "BASE_unix" ], + cc => "c89", + cflags => "-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC", + ex_libs => add("-lsocket -lnsl"), + bn_ops => "THIRTY_TWO_BIT RC4_CHAR", + thread_scheme => "(unknown)", + }, + +# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe +# You need to compile using the c89.sh wrapper in the tools directory, because the +# IBM compiler does not like the -L switch after any object modules. +# + "OS390-Unix" => { + inherit_from => [ "BASE_unix" ], + cc => "c89.sh", + cflags => "-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE", + bn_ops => "THIRTY_TWO_BIT RC4_CHAR", + thread_scheme => "(unknown)", + }, + +#### Visual C targets +# +# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 +# +# Note about -wd4090, disable warning C4090. This warning returns false +# positives in some situations. Disabling it altogether masks both +# legitimate and false cases, but as we compile on multiple platforms, +# we rely on other compilers to catch legitimate cases. +# +# Also note that we force threads no matter what. Configuring "no-threads" +# is ignored. + "VC-common" => { + inherit_from => [ "BASE_Windows" ], + template => 1, + cc => "cl", + cflags => "-W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE", + defines => add(sub { my @defs = (); + unless ($disabled{"zlib-dynamic"}) { + my $zlib = + $withargs{zlib_lib} // "ZLIB1"; + push @defs, + quotify("perl", + 'LIBZ="' . $zlib . '"'); + } + return [ @defs ]; + }), + coutflag => "/Fo", + lib_cflags => add("/Zi /Fdossl_static"), + dso_cflags => "/Zi /Fddso", + bin_cflags => "/Zi /Fdapp", + lflags => add("/debug"), + shared_ldflag => "/dll", + shared_target => "win-shared", # meaningless except it gives Configure a hint + thread_scheme => "winthreads", + dso_scheme => "win32", + apps_aux_src => add("win32_init.c"), + }, + "VC-noCE-common" => { + inherit_from => [ "VC-common" ], + template => 1, + cflags => add(picker(default => "-DUNICODE -D_UNICODE", + debug => + sub { + ($disabled{shared} ? "" : "/MDd") + ." /Od -DDEBUG -D_DEBUG"; + }, + release => + sub { + ($disabled{shared} ? "" : "/MD") + ." /O2"; + })), + lib_cflags => add(sub { $disabled{shared} ? "/MT /Zl" : () }), + # Following might/should appears controversial, i.e. defining + # /MDd without evaluating $disabled{shared}. It works in + # non-shared build because static library is compiled with /Zl + # and bares no reference to specific RTL. And it works in + # shared build because multiple /MDd options are not prohibited. + # But why /MDd in static build? Well, basically this is just a + # reference point, which allows to catch eventual errors that + # would prevent those who want to wrap OpenSSL into own .DLL. + # Why not /MD in release build then? Well, some are likely to + # prefer [non-debug] openssl.exe to be free from Micorosoft RTL + # redistributable. + bin_cflags => add(picker(debug => "/MDd", + release => sub { $disabled{shared} ? "/MT" : () }, + )), + bin_lflags => add("/subsystem:console /opt:ref"), + ex_libs => add(sub { + my @ex_libs = (); + push @ex_libs, 'ws2_32.lib' unless $disabled{sock}; + push @ex_libs, 'gdi32.lib advapi32.lib crypt32.lib user32.lib'; + return join(" ", @ex_libs); + }), + }, + "VC-WIN64-common" => { + inherit_from => [ "VC-noCE-common" ], + template => 1, + ex_libs => add(sub { + my @ex_libs = (); + push @ex_libs, 'bufferoverflowu.lib' if (`cl 2>&1` =~ /14\.00\.4[0-9]{4}\./); + return join(" ", @_, @ex_libs); + }), + bn_ops => "SIXTY_FOUR_BIT EXPORT_VAR_AS_FN", + build_scheme => add("VC-W64", { separator => undef }), + }, + "VC-WIN64I" => { + inherit_from => [ "VC-WIN64-common", asm("ia64_asm"), + sub { $disabled{shared} ? () : "ia64_uplink" } ], + as => "ias", + asflags => "-d debug", + asoutflag => "-o", + sys_id => "WIN64I", + bn_asm_src => sub { return undef unless @_; + my $r=join(" ",@_); $r=~s|bn-ia64.s|bn_asm.c|; $r; }, + perlasm_scheme => "ias", + multilib => "-ia64", + }, + "VC-WIN64A" => { + inherit_from => [ "VC-WIN64-common", asm("x86_64_asm"), + sub { $disabled{shared} ? () : "x86_64_uplink" } ], + as => sub { vc_win64a_info()->{as} }, + asflags => sub { vc_win64a_info()->{asflags} }, + asoutflag => sub { vc_win64a_info()->{asoutflag} }, + sys_id => "WIN64A", + bn_asm_src => sub { return undef unless @_; + my $r=join(" ",@_); $r=~s|asm/x86_64-gcc|bn_asm|; $r; }, + perlasm_scheme => "auto", + multilib => "-x64", + }, + "VC-WIN32" => { + # x86 Win32 target defaults to ANSI API, if you want UNICODE, + # configure with 'perl Configure VC-WIN32 -DUNICODE -D_UNICODE' + inherit_from => [ "VC-noCE-common", asm("x86_asm"), + sub { $disabled{shared} ? () : "uplink_common" } ], + as => sub { vc_win32_info()->{as} }, + asflags => sub { vc_win32_info()->{asflags} }, + asoutflag => sub { vc_win32_info()->{asoutflag} }, + ex_libs => add(sub { + my @ex_libs = (); + # WIN32 UNICODE build gets linked with unicows.lib for + # backward compatibility with Win9x. + push @ex_libs, 'unicows.lib' + if (grep { $_ eq "UNICODE" } @user_defines); + return join(" ", @ex_libs, @_); + }), + sys_id => "WIN32", + bn_ops => "BN_LLONG EXPORT_VAR_AS_FN", + perlasm_scheme => sub { vc_win32_info()->{perlasm_scheme} }, + build_scheme => add("VC-W32", { separator => undef }), + }, + "VC-CE" => { + inherit_from => [ "VC-common" ], + as => "ml", + asflags => "/nologo /Cp /coff /c /Cx /Zi", + asoutflag => "/Fo", + cc => "cl", + cflags => + picker(default => + combine('/W3 /WX /GF /Gy /nologo -DUNICODE -D_UNICODE -DOPENSSL_SYS_WINCE -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -DOPENSSL_SMALL_FOOTPRINT', + sub { vc_wince_info()->{cflags}; }, + sub { defined($ENV{'WCECOMPAT'}) + ? '-I$(WCECOMPAT)/include' : (); }, + sub { defined($ENV{'PORTSDK_LIBPATH'}) + ? '-I$(PORTSDK_LIBPATH)/../../include' : (); }, + sub { `cl 2>&1` =~ /Version ([0-9]+)\./ && $1>=14 + ? ($disabled{shared} ? " /MT" : " /MD") + : " /MC"; }), + debug => "/Od -DDEBUG -D_DEBUG", + release => "/O1i"), + lflags => combine("/nologo /opt:ref", + sub { vc_wince_info()->{lflags}; }, + sub { defined($ENV{PORTSDK_LIBPATH}) + ? "/entry:mainCRTstartup" : (); }), + sys_id => "WINCE", + bn_ops => "BN_LLONG EXPORT_VAR_AS_FN", + ex_libs => add(sub { + my @ex_libs = (); + push @ex_libs, 'ws2.lib' unless $disabled{sock}; + push @ex_libs, 'crypt32.lib'; + if (defined($ENV{WCECOMPAT})) { + my $x = '$(WCECOMPAT)/lib'; + if (-f "$x/$ENV{TARGETCPU}/wcecompatex.lib") { + $x .= '/$(TARGETCPU)/wcecompatex.lib'; + } else { + $x .= '/wcecompatex.lib'; + } + push @ex_libs, $x; + } + push @ex_libs, '$(PORTSDK_LIBPATH)/portlib.lib' + if (defined($ENV{'PORTSDK_LIBPATH'})); + push @ex_libs, ' /nodefaultlib coredll.lib corelibc.lib' + if ($ENV{'TARGETCPU'} eq "X86"); + return @ex_libs; + }), + build_scheme => add("VC-WCE", { separator => undef }), + }, + +#### MinGW + "mingw" => { + inherit_from => [ "BASE_unix", asm("x86_asm"), + sub { $disabled{shared} ? () : "x86_uplink" } ], + cc => "gcc", + cflags => combine(picker(default => "-DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE -m32 -Wall", + debug => "-g -O0", + release => "-O3 -fomit-frame-pointer"), + threads("-D_MT")), + sys_id => "MINGW32", + ex_libs => add("-lws2_32 -lgdi32 -lcrypt32"), + bn_ops => "BN_LLONG EXPORT_VAR_AS_FN", + thread_scheme => "winthreads", + perlasm_scheme => "coff", + dso_scheme => "win32", + shared_target => "mingw-shared", + shared_cflag => add("-D_WINDLL"), + shared_ldflag => "-static-libgcc", + shared_rcflag => "--target=pe-i386", + shared_extension => ".dll", + multilib => "", + apps_aux_src => add("win32_init.c"), + }, + "mingw64" => { + # As for OPENSSL_USE_APPLINK. Applink makes it possible to use + # .dll compiled with one compiler with application compiled with + # another compiler. It's possible to engage Applink support in + # mingw64 build, but it's not done, because till mingw64 + # supports structured exception handling, one can't seriously + # consider its binaries for using with non-mingw64 run-time + # environment. And as mingw64 is always consistent with itself, + # Applink is never engaged and can as well be omitted. + inherit_from => [ "BASE_unix", asm("x86_64_asm") ], + cc => "gcc", + cflags => combine(picker(default => "-DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE -m64 -Wall", + debug => "-g -O0", + release => "-O3"), + threads("-D_MT")), + sys_id => "MINGW64", + ex_libs => add("-lws2_32 -lgdi32 -lcrypt32"), + bn_ops => "SIXTY_FOUR_BIT EXPORT_VAR_AS_FN", + thread_scheme => "winthreads", + perlasm_scheme => "mingw64", + dso_scheme => "win32", + shared_target => "mingw-shared", + shared_cflag => add("-D_WINDLL"), + shared_ldflag => "-static-libgcc", + shared_rcflag => "--target=pe-x86-64", + shared_extension => ".dll", + multilib => "64", + apps_aux_src => add("win32_init.c"), + }, + +#### UEFI + "UEFI" => { + inherit_from => [ "BASE_unix" ], + cc => "cc", + cflags => "-DL_ENDIAN -O", + sys_id => "UEFI", + }, + +#### UWIN + "UWIN" => { + inherit_from => [ "BASE_unix" ], + cc => "cc", + cflags => "-DTERMIOS -DL_ENDIAN -O -Wall", + sys_id => "UWIN", + bn_ops => "BN_LLONG", + dso_scheme => "win32", + }, + +#### Cygwin + "Cygwin-x86" => { + inherit_from => [ "BASE_unix", asm("x86_asm") ], + cc => "gcc", + cflags => picker(default => "-DTERMIOS -DL_ENDIAN -Wall", + debug => "-g -O0", + release => "-O3 -fomit-frame-pointer"), + sys_id => "CYGWIN", + bn_ops => "BN_LLONG", + thread_scheme => "pthread", + perlasm_scheme => "coff", + dso_scheme => "dlfcn", + shared_target => "cygwin-shared", + shared_cflag => "-D_WINDLL", + shared_ldflag => "-shared", + shared_extension => ".dll", + }, + "Cygwin-x86_64" => { + inherit_from => [ "BASE_unix", asm("x86_64_asm") ], + cc => "gcc", + cflags => picker(default => "-DTERMIOS -DL_ENDIAN -Wall", + debug => "-g -O0", + release => "-O3"), + sys_id => "CYGWIN", + bn_ops => "SIXTY_FOUR_BIT_LONG", + thread_scheme => "pthread", + perlasm_scheme => "mingw64", + dso_scheme => "dlfcn", + shared_target => "cygwin-shared", + shared_cflag => "-D_WINDLL", + shared_ldflag => "-shared", + shared_extension => ".dll", + }, + # Backward compatibility for those using this target + "Cygwin" => { + inherit_from => [ "Cygwin-x86" ] + }, + # In case someone constructs the Cygwin target name themself + "Cygwin-i386" => { + inherit_from => [ "Cygwin-x86" ] + }, + "Cygwin-i486" => { + inherit_from => [ "Cygwin-x86" ] + }, + "Cygwin-i586" => { + inherit_from => [ "Cygwin-x86" ] + }, + "Cygwin-i686" => { + inherit_from => [ "Cygwin-x86" ] + }, + +##### MacOS X (a.k.a. Darwin) setup + "darwin-common" => { + inherit_from => [ "BASE_unix" ], + template => 1, + cc => "cc", + cflags => combine(picker(default => "", + debug => "-g -O0", + release => "-O3"), + threads("-D_REENTRANT")), + sys_id => "MACOSX", + plib_lflags => "-Wl,-search_paths_first", + bn_ops => "BN_LLONG RC4_CHAR", + thread_scheme => "pthreads", + perlasm_scheme => "osx32", + dso_scheme => "dlfcn", + ranlib => "ranlib -c", + shared_target => "darwin-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-dynamiclib", + shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", + }, + # Option "freeze" such as -std=gnu9x can't negatively interfere + # with future defaults for below two targets, because MacOS X + # for PPC has no future, it was discontinued by vendor in 2009. + "darwin-ppc-cc" => { + inherit_from => [ "darwin-common", asm("ppc32_asm") ], + cflags => add("-arch ppc -std=gnu9x -DB_ENDIAN -Wa,-force_cpusubtype_ALL"), + perlasm_scheme => "osx32", + shared_ldflag => "-arch ppc -dynamiclib", + }, + "darwin64-ppc-cc" => { + inherit_from => [ "darwin-common", asm("ppc64_asm") ], + cflags => add("-arch ppc64 -std=gnu9x -DB_ENDIAN"), + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", + perlasm_scheme => "osx64", + shared_ldflag => "-arch ppc64 -dynamiclib", + }, + "darwin-i386-cc" => { + inherit_from => [ "darwin-common", asm("x86_asm") ], + cflags => add(picker(default => "-arch i386 -DL_ENDIAN", + release => "-fomit-frame-pointer")), + bn_ops => "BN_LLONG RC4_INT", + perlasm_scheme => "macosx", + shared_ldflag => "-arch i386 -dynamiclib", + }, + "darwin64-x86_64-cc" => { + inherit_from => [ "darwin-common", asm("x86_64_asm") ], + cflags => add("-arch x86_64 -DL_ENDIAN -Wall"), + bn_ops => "SIXTY_FOUR_BIT_LONG", + perlasm_scheme => "macosx", + shared_ldflag => "-arch x86_64 -dynamiclib", + }, + +#### iPhoneOS/iOS +# +# It takes three prior-set environment variables to make it work: +# +# CROSS_COMPILE=/where/toolchain/is/usr/bin/ [note ending slash] +# CROSS_TOP=/where/SDKs/are +# CROSS_SDK=iPhoneOSx.y.sdk +# +# Exact paths vary with Xcode releases, but for couple of last ones +# they would look like this: +# +# CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/ +# CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer +# CROSS_SDK=iPhoneOS.sdk +# + "iphoneos-cross" => { + inherit_from => [ "darwin-common" ], + cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"), + sys_id => "iOS", + }, + "ios-cross" => { + inherit_from => [ "darwin-common", asm("armv4_asm") ], + # It should be possible to go below iOS 6 and even add -arch armv6, + # thus targeting iPhone pre-3GS, but it's assumed to be irrelevant + # at this point. + cflags => add("-arch armv7 -mios-version-min=6.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"), + sys_id => "iOS", + perlasm_scheme => "ios32", + }, + "ios64-cross" => { + inherit_from => [ "darwin-common", asm("aarch64_asm") ], + cflags => add("-arch arm64 -mios-version-min=7.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"), + sys_id => "iOS", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", + perlasm_scheme => "ios64", + }, + +##### GNU Hurd + "hurd-x86" => { + inherit_from => [ "BASE_unix" ], + inherit_from => [ asm("x86_elf_asm") ], + cc => "gcc", + cflags => combine("-DL_ENDIAN -O3 -fomit-frame-pointer -Wall", + threads("-pthread")), + ex_libs => add("-ldl"), + bn_ops => "BN_LLONG", + thread_scheme => "pthreads", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + +##### VxWorks for various targets + "vxworks-ppc60x" => { + inherit_from => [ "BASE_unix" ], + cc => "ccppc", + cflags => "-D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip", + sys_id => "VXWORKS", + ex_libs => add("-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/common"), + }, + "vxworks-ppcgen" => { + inherit_from => [ "BASE_unix" ], + cc => "ccppc", + cflags => "-D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip", + sys_id => "VXWORKS", + ex_libs => add("-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon"), + }, + "vxworks-ppc405" => { + inherit_from => [ "BASE_unix" ], + cc => "ccppc", + cflags => "-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h", + sys_id => "VXWORKS", + lflags => "-r", + }, + "vxworks-ppc750" => { + inherit_from => [ "BASE_unix" ], + cc => "ccppc", + cflags => "-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG)", + sys_id => "VXWORKS", + lflags => "-r", + }, + "vxworks-ppc750-debug" => { + inherit_from => [ "BASE_unix" ], + cc => "ccppc", + cflags => "-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DPEDANTIC -DDEBUG -g", + sys_id => "VXWORKS", + lflags => "-r", + }, + "vxworks-ppc860" => { + inherit_from => [ "BASE_unix" ], + cc => "ccppc", + cflags => "-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h", + sys_id => "VXWORKS", + lflags => "-r", + }, + "vxworks-simlinux" => { + inherit_from => [ "BASE_unix" ], + cc => "ccpentium", + cflags => "-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK", + sys_id => "VXWORKS", + lflags => "-r", + ranlib => "ranlibpentium", + }, + "vxworks-mips" => { + inherit_from => [ "BASE_unix", asm("mips32_asm") ], + cc => "ccmips", + cflags => combine("-mrtp -mips2 -O -G 0 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/h/wrn/coreip", + threads("-D_REENTRANT")), + sys_id => "VXWORKS", + ex_libs => add("-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon"), + thread_scheme => "pthreads", + perlasm_scheme => "o32", + ranlib => "ranlibmips", + }, + +#### uClinux + "uClinux-dist" => { + inherit_from => [ "BASE_unix" ], + cc => "$ENV{'CC'}", + cflags => combine("\$(CFLAGS)", + threads("-D_REENTRANT")), + plib_lflags => "\$(LDFLAGS)", + ex_libs => add("\$(LDLIBS)"), + bn_ops => "BN_LLONG", + thread_scheme => "pthreads", + dso_scheme => "$ENV{'LIBSSL_dlfcn'}", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-shared", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + ranlib => "$ENV{'RANLIB'}", + }, + "uClinux-dist64" => { + inherit_from => [ "BASE_unix" ], + cc => "$ENV{'CC'}", + cflags => combine("\$(CFLAGS)", + threads("-D_REENTRANT")), + plib_lflags => "\$(LDFLAGS)", + ex_libs => add("\$(LDLIBS)"), + bn_ops => "SIXTY_FOUR_BIT_LONG", + thread_scheme => "pthreads", + dso_scheme => "$ENV{'LIBSSL_dlfcn'}", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-shared", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + ranlib => "$ENV{'RANLIB'}", + }, + + ##### VMS + "vms-generic" => { + inherit_from => [ "BASE_VMS" ], + template => 1, + cc => "CC/DECC", + cflags => picker(default => "/STANDARD=(ISOC94,RELAXED)/NOLIST/PREFIX=ALL", + debug => "/NOOPTIMIZE/DEBUG", + release => "/OPTIMIZE/NODEBUG"), + defines => add("OPENSSL_USE_NODELETE"), + lflags => picker(default => "/MAP", + debug => "/DEBUG/TRACEBACK", + release => "/NODEBUG/NOTRACEBACK"), + lib_cflags => add("/NAMES=(AS_IS,SHORTENED)/EXTERN_MODEL=STRICT_REFDEF"), + dso_cflags => add("/NAMES=(AS_IS,SHORTENED)"), + shared_target => "vms-shared", + dso_scheme => "vms", + thread_scheme => "pthreads", + + apps_aux_src => "vms_decc_init.c vms_term_sock.c", + }, + + "vms-alpha" => { + inherit_from => [ "vms-generic" ], + cflags => add(sub { my @warnings = + @{vms_info(0)->{disable_warns}}; + @warnings + ? "/WARNINGS=DISABLE=(".join(",",@warnings).")" : (); }), + defines => + add(sub { + return vms_info(0)->{def_zlib} + ? "LIBZ=\"\"\"".vms_info(0)->{def_zlib}."\"\"\"" : (); + }), + ex_libs => add(sub { return vms_info(0)->{zlib} || (); }), + pointer_size => sub { return vms_info(0)->{pointer_size} }, + #as => "???", + #debug_aflags => "/NOOPTIMIZE/DEBUG", + #release_aflags => "/OPTIMIZE/NODEBUG", + bn_opts => "SIXTY_FOUR_BIT RC4_INT", + }, + "vms-alpha-p32" => { + inherit_from => [ "vms-generic" ], + cflags => + add("/POINTER_SIZE=32", + sub { my @warnings = + @{vms_info(32)->{disable_warns}}; + @warnings + ? "/WARNINGS=DISABLE=(".join(",",@warnings).")" : (); + } ), + defines => + add(sub { + return vms_info(32)->{def_zlib} + ? "LIBZ=\"\"\"".vms_info(32)->{def_zlib}."\"\"\"" : (); + }), + ex_libs => add(sub { return vms_info(32)->{zlib} || (); }), + pointer_size => sub { return vms_info(32)->{pointer_size} }, + }, + "vms-alpha-p64" => { + inherit_from => [ "vms-generic" ], + cflags => + add("/POINTER_SIZE=64=ARGV", + sub { my @warnings = + @{vms_info(64)->{disable_warns}}; + @warnings + ? "/WARNINGS=DISABLE=(".join(",",@warnings).")" : (); + } ), + defines => + add(sub { + return vms_info(64)->{def_zlib} + ? "LIBZ=\"\"\"".vms_info(64)->{def_zlib}."\"\"\"" : (); + }), + ex_libs => add(sub { return vms_info(64)->{zlib} || (); }), + pointer_size => sub { return vms_info(64)->{pointer_size} }, + }, + "vms-ia64" => { + inherit_from => [ "vms-generic" ], + cflags => add(sub { my @warnings = + @{vms_info(0)->{disable_warns}}; + @warnings + ? "/WARNINGS=DISABLE=(".join(",",@warnings).")" : (); }), + defines => + add(sub { + return vms_info(0)->{def_zlib} + ? "LIBZ=\"\"\"".vms_info(0)->{def_zlib}."\"\"\"" : (); + }), + ex_libs => add(sub { return vms_info(0)->{zlib} || (); }), + pointer_size => sub { return vms_info(0)->{pointer_size} }, + #as => "I4S", + #debug_aflags => "/NOOPTIMIZE/DEBUG", + #release_aflags => "/OPTIMIZE/NODEBUG", + bn_opts => "SIXTY_FOUR_BIT RC4_INT", + }, + "vms-ia64-p32" => { + inherit_from => [ "vms-generic" ], + cflags => + add("/POINTER_SIZE=32", + sub { my @warnings = + @{vms_info(32)->{disable_warns}}; + @warnings + ? "/WARNINGS=DISABLE=(".join(",",@warnings).")" : (); + } ), + defines => + add(sub { + return vms_info(32)->{def_zlib} + ? "LIBZ=\"\"\"".vms_info(32)->{def_zlib}."\"\"\"" : (); + }), + ex_libs => add(sub { return vms_info(32)->{zlib} || (); }), + pointer_size => sub { return vms_info(32)->{pointer_size} }, + }, + "vms-ia64-p64" => { + inherit_from => [ "vms-generic" ], + cflags => + add("/POINTER_SIZE=64=ARGV", + sub { my @warnings = + @{vms_info(64)->{disable_warns}}; + @warnings + ? "/WARNINGS=DISABLE=(".join(",",@warnings).")" : (); + } ), + defines => + add(sub { + return vms_info(64)->{def_zlib} + ? "LIBZ=\"\"\"".vms_info(64)->{def_zlib}."\"\"\"" : (); + }), + ex_libs => add(sub { return vms_info(64)->{zlib} || (); }), + pointer_size => sub { return vms_info(64)->{pointer_size} }, + }, + +); diff --git a/third_party/openssl/Configurations/50-djgpp.conf b/third_party/openssl/Configurations/50-djgpp.conf new file mode 100644 index 0000000000..f532bd16f7 --- /dev/null +++ b/third_party/openssl/Configurations/50-djgpp.conf @@ -0,0 +1,15 @@ +# We can't make any commitment to support the DJGPP platform, +# and rely entirely on the OpenSSL community to help is fine +# tune and test. + +%targets = ( + "DJGPP" => { + inherit_from => [ asm("x86_asm") ], + cc => "gcc", + cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall", + sys_id => "MSDOS", + ex_libs => add("-L/dev/env/WATT_ROOT/lib -lwatt"), + bn_ops => "BN_LLONG", + perlasm_scheme => "a.out", + }, +); diff --git a/third_party/openssl/Configurations/50-haiku.conf b/third_party/openssl/Configurations/50-haiku.conf new file mode 100644 index 0000000000..f114666609 --- /dev/null +++ b/third_party/openssl/Configurations/50-haiku.conf @@ -0,0 +1,29 @@ +%targets = ( + "haiku-common" => { + template => 1, + cc => "cc", + cflags => add_before(picker(default => "-DL_ENDIAN -Wall -include \$(SRCDIR)/os-dep/haiku.h", + debug => "-g -O0", + release => "-O2"), + threads("-D_REENTRANT")), + sys_id => "HAIKU", + ex_libs => "-lnetwork", + perlasm_scheme => "elf", + thread_scheme => "pthreads", + dso_scheme => "dlfcn", + shared_target => "gnu-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-shared", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "haiku-x86" => { + inherit_from => [ "haiku-common", asm("x86_elf_asm") ], + cflags => add(picker(release => "-fomit-frame-pointer")), + bn_ops => "BN_LLONG", + }, + "haiku-x86_64" => { + inherit_from => [ "haiku-common" ], + cflags => add("-m64"), + bn_ops => "SIXTY_FOUR_BIT_LONG", + }, +); diff --git a/third_party/openssl/Configurations/50-masm.conf b/third_party/openssl/Configurations/50-masm.conf new file mode 100644 index 0000000000..60a55072f2 --- /dev/null +++ b/third_party/openssl/Configurations/50-masm.conf @@ -0,0 +1,17 @@ +# We can't make commitment to supporting Microsoft assembler, +# because it would mean supporting all masm versions. This in +# in turn is because masm is not really an interchangeable option, +# while users tend to have reasons to stick with specific Visual +# Studio versions. It's usually lesser hassle to make it work +# with latest assembler, but tweaking for older versions had +# proven to be daunting task. This is experimental target, for +# production builds stick with [up-to-date version of] nasm. + +%targets = ( + "VC-WIN64A-masm" => { + inherit_from => [ "VC-WIN64A" ], + as => "ml64", + asflags => "/c /Cp /Cx /Zi", + asoutflag => "/Fo", + }, +); diff --git a/third_party/openssl/Configurations/90-team.conf b/third_party/openssl/Configurations/90-team.conf new file mode 100644 index 0000000000..0a83c22aaa --- /dev/null +++ b/third_party/openssl/Configurations/90-team.conf @@ -0,0 +1,112 @@ +## -*- mode: perl; -*- +## Build configuration targets for openssl-team members + +%targets = ( + "purify" => { + cc => "purify gcc", + cflags => "-g -Wall", + thread_scheme => "(unknown)", + ex_libs => add(" ","-lsocket -lnsl"), + }, + "debug" => { + cc => "gcc", + cflags => "-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror", + thread_scheme => "(unknown)", + }, + "debug-erbridge" => { + inherit_from => [ "x86_64_asm" ], + cc => "gcc", + cflags => combine("$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -m64 -DL_ENDIAN -DTERMIO -g", + threads("-D_REENTRANT")), + ex_libs => add(" ","-ldl"), + bn_ops => "SIXTY_FOUR_BIT_LONG", + thread_scheme => "pthreads", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-m64", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "64", + }, + "debug-linux-pentium" => { + inherit_from => [ "x86_elf_asm" ], + cc => "gcc", + cflags => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentium -Wall", + threads("-D_REENTRANT")), + ex_libs => add(" ","-ldl"), + bn_ops => "BN_LLONG", + thread_scheme => "pthreads", + dso_scheme => "dlfcn", + }, + "debug-linux-ppro" => { + inherit_from => [ "x86_elf_asm" ], + cc => "gcc", + cflags => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall", + threads("-D_REENTRANT")), + ex_libs => add(" ","-ldl"), + bn_ops => "BN_LLONG", + thread_scheme => "pthreads", + dso_scheme => "dlfcn", + }, + "debug-linux-ia32-aes" => { + cc => "gcc", + cflags => combine("-DL_ENDIAN -O3 -fomit-frame-pointer -Wall", + threads("-D_REENTRANT")), + ex_libs => add(" ","-ldl"), + bn_ops => "BN_LLONG", + cpuid_asm_src => "x86cpuid.s", + bn_asm_src => "bn-586.s co-586.s x86-mont.s", + des_asm_src => "des-586.s crypt586.s", + aes_asm_src => "aes_x86core.s aes_cbc.s aesni-x86.s", + bf_asm_src => "bf-586.s", + md5_asm_src => "md5-586.s", + sha1_asm_src => "sha1-586.s sha256-586.s sha512-586.s", + cast_asm_src => "cast-586.s", + rc4_asm_src => "rc4-586.s", + rmd160_asm_src => "rmd-586.s", + rc5_asm_src => "rc5-586.s", + wp_asm_src => "wp_block.s wp-mmx.s", + modes_asm_src => "ghash-x86.s", + padlock_asm_src => "e_padlock-x86.s", + thread_scheme => "pthreads", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "dist" => { + cc => "cc", + cflags => "-O", + thread_scheme => "(unknown)", + }, + "debug-test-64-clang" => { + inherit_from => [ "x86_64_asm" ], + cc => "clang", + cflags => combine("$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe", + threads("${BSDthreads}")), + bn_ops => "SIXTY_FOUR_BIT_LONG", + thread_scheme => "pthreads", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "bsd-gcc-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "darwin64-debug-test-64-clang" => { + inherit_from => [ "x86_64_asm" ], + cc => "clang", + cflags => combine("-arch x86_64 -DL_ENDIAN $gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe", + threads("${BSDthreads}")), + sys_id => "MACOSX", + bn_ops => "SIXTY_FOUR_BIT_LONG", + thread_scheme => "pthreads", + perlasm_scheme => "macosx", + dso_scheme => "dlfcn", + shared_target => "darwin-shared", + shared_cflag => "-fPIC -fno-common", + shared_ldflag => "-arch x86_64 -dynamiclib", + shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", + }, +); diff --git a/third_party/openssl/Configurations/INTERNALS.Configure b/third_party/openssl/Configurations/INTERNALS.Configure new file mode 100644 index 0000000000..b28305deca --- /dev/null +++ b/third_party/openssl/Configurations/INTERNALS.Configure @@ -0,0 +1,136 @@ +Configure Internals +=================== + +[ note: this file uses markdown for formatting ] + +Intro +----- + +This is a collection of notes that are hopefully of interest to those +who decide to dive into Configure and what it does. This is a living +document and anyone is encouraged to add to it and submit changes. +There's no claim for this document to be complete at any time, but it +will hopefully reach such a point in time. + + +---------------------------------------------------------------------- + +Parsing build.info files, processing conditions +----------------------------------------------- + +Processing conditions in build.info files is done with the help of a +condition stack that tell if a build.info should be processed or if it +should just be skipped over. The possible states of the stack top are +expressed in the following comment from Configure: + + # The top item of this stack has the following values + # -2 positive already run and we found ELSE (following ELSIF should fail) + # -1 positive already run (skip until ENDIF) + # 0 negatives so far (if we're at a condition, check it) + # 1 last was positive (don't skip lines until next ELSE, ELSIF or ENDIF) + # 2 positive ELSE (following ELSIF should fail) + +Ground rule is that non-condition lines are skipped over if the +stack top is > 0. Condition lines (IF, ELSIF, ELSE and ENDIF +statements) need to be processed either way to keep track of the skip +stack states, so they are a little more intricate. + +Instead of trying to describe in words, here are some example of what +the skip stack should look like after each line is processed: + +Example 1: + +| IF[1] | 1 | | +| ... whatever ... | | this line is processed | +| IF[1] | 1 1 | | +| ... whatever ... | | this line is processed | +| ELSIF[1] | 1 -1 | | +| ... whatever ... | | this line is skipped over | +| ELSE | 1 -2 | | +| ... whatever ... | | this line is skipped over | +| ENDIF | 1 | | +| ... whatever ... | | this line is processed | +| ELSIF[1] | -1 | | +| ... whatever ... | | this line is skipped over | +| IF[1] | -1 -1 | | +| ... whatever ... | | this line is skipped over | +| ELSIF[1] | -1 -1 | | +| ... whatever ... | | this line is skipped over | +| ELSE | -1 -2 | | +| ... whatever ... | | this line is skipped over | +| ENDIF | -1 | | +| ... whatever ... | | this line is skipped over | +| ENDIF | | | + +Example 2: + +| IF[0] | 0 | | +| ... whatever ... | | this line is skipped over | +| IF[1] | 0 -1 | | +| ... whatever ... | | this line is skipped over | +| ELSIF[1] | 0 -1 | | +| ... whatever ... | | this line is skipped over | +| ELSE | 0 -2 | | +| ... whatever ... | | this line is skipped over | +| ENDIF | 0 | | +| ... whatever ... | | this line is skipped over | +| ELSIF[1] | 1 | | +| ... whatever ... | | this line is processed | +| IF[1] | 1 1 | | +| ... whatever ... | | this line is processed | +| ELSIF[1] | 1 -1 | | +| ... whatever ... | | this line is skipped over | +| ELSE | 1 -2 | | +| ... whatever ... | | this line is skipped over | +| ENDIF | 1 | | +| ... whatever ... | | this line is processed | +| ENDIF | | | + +Example 3: + +| IF[0] | 0 | | +| ... whatever ... | | this line is skipped over | +| IF[0] | 0 -1 | | +| ... whatever ... | | this line is skipped over | +| ELSIF[1] | 0 -1 | | +| ... whatever ... | | this line is skipped over | +| ELSE | 0 -2 | | +| ... whatever ... | | this line is skipped over | +| ENDIF | 0 | | +| ... whatever ... | | this line is skipped over | +| ELSIF[1] | 1 | | +| ... whatever ... | | this line is processed | +| IF[0] | 1 0 | | +| ... whatever ... | | this line is skipped over | +| ELSIF[1] | 1 1 | | +| ... whatever ... | | this line is processed | +| ELSE | 1 -2 | | +| ... whatever ... | | this line is skipped over | +| ENDIF | 1 | | +| ... whatever ... | | this line is processed | +| ENDIF | | | + +Example 4: + +| IF[0] | 0 | | +| ... whatever ... | | this line is skipped over | +| IF[0] | 0 -1 | | +| ... whatever ... | | this line is skipped over | +| ELSIF[0] | 0 -1 | | +| ... whatever ... | | this line is skipped over | +| ELSE | 0 -2 | | +| ... whatever ... | | this line is skipped over | +| ENDIF | 0 | | +| ... whatever ... | | this line is skipped over | +| ELSIF[1] | 1 | | +| ... whatever ... | | this line is processed | +| IF[0] | 1 0 | | +| ... whatever ... | | this line is skipped over | +| ELSIF[0] | 1 0 | | +| ... whatever ... | | this line is skipped over | +| ELSE | 1 2 | | +| ... whatever ... | | this line is processed | +| ENDIF | 1 | | +| ... whatever ... | | this line is processed | +| ENDIF | | | + diff --git a/third_party/openssl/Configurations/README b/third_party/openssl/Configurations/README new file mode 100644 index 0000000000..47971c27b5 --- /dev/null +++ b/third_party/openssl/Configurations/README @@ -0,0 +1,696 @@ +Intro +===== + +This directory contains a few sets of files that are used for +configuration in diverse ways: + + *.conf Target platform configurations, please read + 'Configurations of OpenSSL target platforms' for more + information. + *.tmpl Build file templates, please read 'Build-file + programming with the "unified" build system' as well + as 'Build info files' for more information. + *.pm Helper scripts / modules for the main `Configure` + script. See 'Configure helper scripts for more + information. + + +Configurations of OpenSSL target platforms +========================================== + +Target configurations are a collection of facts that we know about +different platforms and their capabilities. We organise them in a +hash table, where each entry represent a specific target. + +In each table entry, the following keys are significant: + + inherit_from => Other targets to inherit values from. + Explained further below. [1] + template => Set to 1 if this isn't really a platform + target. Instead, this target is a template + upon which other targets can be built. + Explained further below. [1] + + sys_id => System identity for systems where that + is difficult to determine automatically. + + cc => The compiler command, usually one of "cc", + "gcc" or "clang". This command is normally + also used to link object files and + libraries into the final program. + cflags => Flags that are used at all times when + compiling. + defines => As an alternative, macro definitions may be + present here instead of in `cflags'. If + given here, they MUST be as an array of the + string such as "MACRO=value", or just + "MACRO" for definitions without value. + shared_cflag => Extra compilation flags used when + compiling for shared libraries, typically + something like "-fPIC". + + (linking is a complex thing, see [3] below) + ld => Linker command, usually not defined + (meaning the compiler command is used + instead). + (NOTE: this is here for future use, it's + not implemented yet) + lflags => Flags that are used when linking apps. + shared_ldflag => Flags that are used when linking shared + or dynamic libraries. + plib_lflags => Extra linking flags to appear just before + the libraries on the command line. + ex_libs => Extra libraries that are needed when + linking. + + ar => The library archive command, the default is + "ar". + (NOTE: this is here for future use, it's + not implemented yet) + arflags => Flags to be used with the library archive + command. + + ranlib => The library archive indexing command, the + default is 'ranlib' it it exists. + + unistd => An alternative header to the typical + ''. This is very rarely needed. + + shared_extension => File name extension used for shared + libraries. + obj_extension => File name extension used for object files. + On unix, this defaults to ".o" (NOTE: this + is here for future use, it's not + implemented yet) + exe_extension => File name extension used for executable + files. On unix, this defaults to "" (NOTE: + this is here for future use, it's not + implemented yet) + + thread_scheme => The type of threads is used on the + configured platform. Currently known + values are "(unknown)", "pthreads", + "uithreads" (a.k.a solaris threads) and + "winthreads". Except for "(unknown)", the + actual value is currently ignored but may + be used in the future. See further notes + below [2]. + dso_scheme => The type of dynamic shared objects to build + for. This mostly comes into play with + engines, but can be used for other purposes + as well. Valid values are "DLFCN" + (dlopen() et al), "DLFCN_NO_H" (for systems + that use dlopen() et al but do not have + fcntl.h), "DL" (shl_load() et al), "WIN32" + and "VMS". + perlasm_scheme => The perlasm method used to created the + assembler files used when compiling with + assembler implementations. + shared_target => The shared library building method used. + This is a target found in Makefile.shared. + build_scheme => The scheme used to build up a Makefile. + In its simplest form, the value is a string + with the name of the build scheme. + The value may also take the form of a list + of strings, if the build_scheme is to have + some options. In this case, the first + string in the list is the name of the build + scheme. + Currently recognised build scheme is "unified". + For the "unified" build scheme, this item + *must* be an array with the first being the + word "unified" and the second being a word + to identify the platform family. + + multilib => On systems that support having multiple + implementations of a library (typically a + 32-bit and a 64-bit variant), this is used + to have the different variants in different + directories. + + bn_ops => Building options (was just bignum options in + the earlier history of this option, hence the + name). This is a string of words that describe + algorithms' implementation parameters that + are optimal for the designated target platform, + such as the type of integers used to build up + the bignum, different ways to implement certain + ciphers and so on. To fully comprehend the + meaning, the best is to read the affected + source. + The valid words are: + + THIRTY_TWO_BIT bignum limbs are 32 bits, + this is default if no + option is specified, it + works on any supported + system [unless "wider" + limb size is implied in + assembly code]; + BN_LLONG bignum limbs are 32 bits, + but 64-bit 'unsigned long + long' is used internally + in calculations; + SIXTY_FOUR_BIT_LONG bignum limbs are 64 bits + and sizeof(long) is 8; + SIXTY_FOUR_BIT bignums limbs are 64 bits, + but execution environment + is ILP32; + RC4_CHAR RC4 key schedule is made + up of 'unsigned char's; + RC4_INT RC4 key schedule is made + up of 'unsigned int's; + EXPORT_VAR_AS_FN for shared libraries, + export vars as + accessor functions. + + apps_extra_src => Extra source to build apps/openssl, as + needed by the target. + cpuid_asm_src => assembler implementation of cpuid code as + well as OPENSSL_cleanse(). + Default to mem_clr.c + bn_asm_src => Assembler implementation of core bignum + functions. + Defaults to bn_asm.c + ec_asm_src => Assembler implementation of core EC + functions. + des_asm_src => Assembler implementation of core DES + encryption functions. + Defaults to 'des_enc.c fcrypt_b.c' + aes_asm_src => Assembler implementation of core AES + functions. + Defaults to 'aes_core.c aes_cbc.c' + bf_asm_src => Assembler implementation of core BlowFish + functions. + Defaults to 'bf_enc.c' + md5_asm_src => Assembler implementation of core MD5 + functions. + sha1_asm_src => Assembler implementation of core SHA1, + functions, and also possibly SHA256 and + SHA512 ones. + cast_asm_src => Assembler implementation of core CAST + functions. + Defaults to 'c_enc.c' + rc4_asm_src => Assembler implementation of core RC4 + functions. + Defaults to 'rc4_enc.c rc4_skey.c' + rmd160_asm_src => Assembler implementation of core RMD160 + functions. + rc5_asm_src => Assembler implementation of core RC5 + functions. + Defaults to 'rc5_enc.c' + wp_asm_src => Assembler implementation of core WHIRLPOOL + functions. + cmll_asm_src => Assembler implementation of core CAMELLIA + functions. + Defaults to 'camellia.c cmll_misc.c cmll_cbc.c' + modes_asm_src => Assembler implementation of cipher modes, + currently the functions gcm_gmult_4bit and + gcm_ghash_4bit. + padlock_asm_src => Assembler implementation of core parts of + the padlock engine. This is mandatory on + any platform where the padlock engine might + actually be built. + + +[1] as part of the target configuration, one can have a key called + 'inherit_from' that indicate what other configurations to inherit + data from. These are resolved recursively. + + Inheritance works as a set of default values that can be overridden + by corresponding key values in the inheriting configuration. + + Note 1: any configuration table can be used as a template. + Note 2: pure templates have the attribute 'template => 1' and + cannot be used as build targets. + + If several configurations are given in the 'inherit_from' array, + the values of same attribute are concatenated with space + separation. With this, it's possible to have several smaller + templates for different configuration aspects that can be combined + into a complete configuration. + + instead of a scalar value or an array, a value can be a code block + of the form 'sub { /* your code here */ }'. This code block will + be called with the list of inherited values for that key as + arguments. In fact, the concatenation of strings is really done + by using 'sub { join(" ",@_) }' on the list of inherited values. + + An example: + + "foo" => { + template => 1, + haha => "ha ha", + hoho => "ho", + ignored => "This should not appear in the end result", + }, + "bar" => { + template => 1, + haha => "ah", + hoho => "haho", + hehe => "hehe" + }, + "laughter" => { + inherit_from => [ "foo", "bar" ], + hehe => sub { join(" ",(@_,"!!!")) }, + ignored => "", + } + + The entry for "laughter" will become as follows after processing: + + "laughter" => { + haha => "ha ha ah", + hoho => "ho haho", + hehe => "hehe !!!", + ignored => "" + } + +[2] OpenSSL is built with threading capabilities unless the user + specifies 'no-threads'. The value of the key 'thread_scheme' may + be "(unknown)", in which case the user MUST give some compilation + flags to Configure. + +[3] OpenSSL has three types of things to link from object files or + static libraries: + + - shared libraries; that would be libcrypto and libssl. + - shared objects (sometimes called dynamic libraries); that would + be the engines. + - applications; those are apps/openssl and all the test apps. + + Very roughly speaking, linking is done like this (words in braces + represent the configuration settings documented at the beginning + of this file): + + shared libraries: + {ld} $(CFLAGS) {shared_ldflag} -shared -o libfoo.so \ + -Wl,--whole-archive libfoo.a -Wl,--no-whole-archive \ + {plib_lflags} -lcrypto {ex_libs} + + shared objects: + {ld} $(CFLAGS) {shared_ldflag} -shared -o libeng.so \ + blah1.o blah2.o {plib_lflags} -lcrypto {ex_libs} + + applications: + {ld} $(CFLAGS) {lflags} -o app \ + app1.o utils.o {plib_lflags} -lssl -lcrypto {ex_libs} + + +Historically, the target configurations came in form of a string with +values separated by colons. This use is deprecated. The string form +looked like this: + + "target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:{bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:{bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:{rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:{padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:{shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:{arflags}:{multilib}" + + +Build info files +================ + +The build.info files that are spread over the source tree contain the +minimum information needed to build and distribute OpenSSL. It uses a +simple and yet fairly powerful language to determine what needs to be +built, from what sources, and other relationships between files. + +For every build.info file, all file references are relative to the +directory of the build.info file for source files, and the +corresponding build directory for built files if the build tree +differs from the source tree. + +When processed, every line is processed with the perl module +Text::Template, using the delimiters "{-" and "-}". The hashes +%config and %target are passed to the perl fragments, along with +$sourcedir and $builddir, which are the locations of the source +directory for the current build.info file and the corresponding build +directory, all relative to the top of the build tree. + +To begin with, things to be built are declared by setting specific +variables: + + PROGRAMS=foo bar + LIBS=libsomething + ENGINES=libeng + SCRIPTS=myhack + EXTRA=file1 file2 + +Note that the files mentioned for PROGRAMS, LIBS and ENGINES *must* be +without extensions. The build file templates will figure them out. + +For each thing to be built, it is then possible to say what sources +they are built from: + + PROGRAMS=foo bar + SOURCE[foo]=foo.c common.c + SOURCE[bar]=bar.c extra.c common.c + +It's also possible to tell some other dependencies: + + DEPEND[foo]=libsomething + DEPEND[libbar]=libsomethingelse + +(it could be argued that 'libsomething' and 'libsomethingelse' are +source as well. However, the files given through SOURCE are expected +to be located in the source tree while files given through DEPEND are +expected to be located in the build tree) + +For some libraries, we maintain files with public symbols and their +slot in a transfer vector (important on some platforms). It can be +declared like this: + + ORDINALS[libcrypto]=crypto + +The value is not the name of the file in question, but rather the +argument to util/mkdef.pl that indicates which file to use. + +One some platforms, shared libraries come with a name that's different +from their static counterpart. That's declared as follows: + + SHARED_NAME[libfoo]=cygfoo-{- $config{shlibver} -} + +The example is from Cygwin, which has a required naming convention. + +Sometimes, it makes sense to rename an output file, for example a +library: + + RENAME[libfoo]=libbar + +That lines has "libfoo" get renamed to "libbar". While it makes no +sense at all to just have a rename like that (why not just use +"libbar" everywhere?), it does make sense when it can be used +conditionally. See a little further below for an example. + +In some cases, it's desirable to include some source files in the +shared form of a library only: + + SHARED_SOURCE[libfoo]=dllmain.c + +For any file to be built, it's also possible to tell what extra +include paths the build of their source files should use: + + INCLUDE[foo]=include + +In some cases, one might want to generate some source files from +others, that's done as follows: + + GENERATE[foo.s]=asm/something.pl $(CFLAGS) + GENERATE[bar.s]=asm/bar.S + +The value of each GENERATE line is a command line or part of it. +Configure places no rules on the command line, except the the first +item muct be the generator file. It is, however, entirely up to the +build file template to define exactly how those command lines should +be handled, how the output is captured and so on. + +Sometimes, the generator file itself depends on other files, for +example if it is a perl script that depends on other perl modules. +This can be expressed using DEPEND like this: + + DEPEND[asm/something.pl]=../perlasm/Foo.pm + +There may also be cases where the exact file isn't easily specified, +but an inclusion directory still needs to be specified. INCLUDE can +be used in that case: + + INCLUDE[asm/something.pl]=../perlasm + +NOTE: GENERATE lines are limited to one command only per GENERATE. + +As a last resort, it's possible to have raw build file lines, between +BEGINRAW and ENDRAW lines as follows: + + BEGINRAW[Makefile(unix)] + haha.h: {- $builddir -}/Makefile + echo "/* haha */" > haha.h + ENDRAW[Makefile(unix)] + +The word within square brackets is the build_file configuration item +or the build_file configuration item followed by the second word in the +build_scheme configuration item for the configured target within +parenthesis as shown above. For example, with the following relevant +configuration items: + + build_file => "build.ninja" + build_scheme => [ "unified", "unix" ] + +... these lines will be considered: + + BEGINRAW[build.ninja] + build haha.h: echo "/* haha */" > haha.h + ENDRAW[build.ninja] + + BEGINRAW[build.ninja(unix)] + build hoho.h: echo "/* hoho */" > hoho.h + ENDRAW[build.ninja(unix)] + +Should it be needed because the recipes within a RAW section might +clash with those generated by Configure, it's possible to tell it +not to generate them with the use of OVERRIDES, for example: + + SOURCE[libfoo]=foo.c bar.c + + OVERRIDES=bar.o + BEGINRAW[Makefile(unix)] + bar.o: bar.c + $(CC) $(CFLAGS) -DSPECIAL -c -o $@ $< + ENDRAW[Makefile(unix)] + +See the documentation further up for more information on configuration +items. + +Finally, you can have some simple conditional use of the build.info +information, looking like this: + + IF[1] + something + ELSIF[2] + something other + ELSE + something else + ENDIF + +The expression in square brackets is interpreted as a string in perl, +and will be seen as true if perl thinks it is, otherwise false. For +example, the above would have "something" used, since 1 is true. + +Together with the use of Text::Template, this can be used as +conditions based on something in the passed variables, for example: + + IF[{- $disabled{shared} -}] + LIBS=libcrypto + SOURCE[libcrypto]=... + ELSE + LIBS=libfoo + SOURCE[libfoo]=... + ENDIF + +or: + + # VMS has a cultural standard where all libraries are prefixed. + # For OpenSSL, the choice is 'ossl_' + IF[{- $config{target} =~ /^vms/ -}] + RENAME[libcrypto]=ossl_libcrypto + RENAME[libssl]=ossl_libssl + ENDIF + + +Build-file programming with the "unified" build system +====================================================== + +"Build files" are called "Makefile" on Unix-like operating systems, +"descrip.mms" for MMS on VMS, "makefile" for nmake on Windows, etc. + +To use the "unified" build system, the target configuration needs to +set the three items 'build_scheme', 'build_file' and 'build_command'. +In the rest of this section, we will assume that 'build_scheme' is set +to "unified" (see the configurations documentation above for the +details). + +For any name given by 'build_file', the "unified" system expects a +template file in Configurations/ named like the build file, with +".tmpl" appended, or in case of possible ambiguity, a combination of +the second 'build_scheme' list item and the 'build_file' name. For +example, if 'build_file' is set to "Makefile", the template could be +Configurations/Makefile.tmpl or Configurations/unix-Makefile.tmpl. +In case both Configurations/unix-Makefile.tmpl and +Configurations/Makefile.tmpl are present, the former takes +precedence. + +The build-file template is processed with the perl module +Text::Template, using "{-" and "-}" as delimiters that enclose the +perl code fragments that generate configuration-dependent content. +Those perl fragments have access to all the hash variables from +configdata.pem. + +The build-file template is expected to define at least the following +perl functions in a perl code fragment enclosed with "{-" and "-}". +They are all expected to return a string with the lines they produce. + + generatesrc - function that produces build file lines to generate + a source file from some input. + + It's called like this: + + generatesrc(src => "PATH/TO/tobegenerated", + generator => [ "generatingfile", ... ] + generator_incs => [ "INCL/PATH", ... ] + generator_deps => [ "dep1", ... ] + generator => [ "generatingfile", ... ] + incs => [ "INCL/PATH", ... ], + deps => [ "dep1", ... ], + intent => one of "libs", "dso", "bin" ); + + 'src' has the name of the file to be generated. + 'generator' is the command or part of command to + generate the file, of which the first item is + expected to be the file to generate from. + generatesrc() is expected to analyse and figure out + exactly how to apply that file and how to capture + the result. 'generator_incs' and 'generator_deps' + are include directories and files that the generator + file itself depends on. 'incs' and 'deps' are + include directories and files that are used if $(CC) + is used as an intermediary step when generating the + end product (the file indicated by 'src'). 'intent' + indicates what the generated file is going to be + used for. + + src2obj - function that produces build file lines to build an + object file from source files and associated data. + + It's called like this: + + src2obj(obj => "PATH/TO/objectfile", + srcs => [ "PATH/TO/sourcefile", ... ], + deps => [ "dep1", ... ], + incs => [ "INCL/PATH", ... ] + intent => one of "lib", "dso", "bin" ); + + 'obj' has the intended object file *without* + extension, src2obj() is expected to add that. + 'srcs' has the list of source files to build the + object file, with the first item being the source + file that directly corresponds to the object file. + 'deps' is a list of explicit dependencies. 'incs' + is a list of include file directories. Finally, + 'intent' indicates what this object file is going + to be used for. + + obj2lib - function that produces build file lines to build a + static library file ("libfoo.a" in Unix terms) from + object files. + + called like this: + + obj2lib(lib => "PATH/TO/libfile", + objs => [ "PATH/TO/objectfile", ... ]); + + 'lib' has the intended library file name *without* + extension, obj2lib is expected to add that. 'objs' + has the list of object files (also *without* + extension) to build this library. + + libobj2shlib - function that produces build file lines to build a + shareable object library file ("libfoo.so" in Unix + terms) from the corresponding static library file + or object files. + + called like this: + + libobj2shlib(shlib => "PATH/TO/shlibfile", + lib => "PATH/TO/libfile", + objs => [ "PATH/TO/objectfile", ... ], + deps => [ "PATH/TO/otherlibfile", ... ], + ordinals => [ "word", "/PATH/TO/ordfile" ]); + + 'lib' has the intended library file name *without* + extension, libobj2shlib is expected to add that. + 'shlib' has the corresponding shared library name + *without* extension. 'deps' has the list of other + libraries (also *without* extension) this library + needs to be linked with. 'objs' has the list of + object files (also *without* extension) to build + this library. 'ordinals' MAY be present, and when + it is, its value is an array where the word is + "crypto" or "ssl" and the file is one of the ordinal + files util/libeay.num or util/ssleay.num in the + source directory. + + This function has a choice; it can use the + corresponding static library as input to make the + shared library, or the list of object files. + + obj2dso - function that produces build file lines to build a + dynamic shared object file from object files. + + called like this: + + obj2dso(lib => "PATH/TO/libfile", + objs => [ "PATH/TO/objectfile", ... ], + deps => [ "PATH/TO/otherlibfile", + ... ]); + + This is almost the same as libobj2shlib, but the + intent is to build a shareable library that can be + loaded in runtime (a "plugin"...). The differences + are subtle, one of the most visible ones is that the + resulting shareable library is produced from object + files only. + + obj2bin - function that produces build file lines to build an + executable file from object files. + + called like this: + + obj2bin(bin => "PATH/TO/binfile", + objs => [ "PATH/TO/objectfile", ... ], + deps => [ "PATH/TO/libfile", ... ]); + + 'bin' has the intended executable file name + *without* extension, obj2bin is expected to add + that. 'objs' has the list of object files (also + *without* extension) to build this library. 'deps' + has the list of library files (also *without* + extension) that the programs needs to be linked + with. + + in2script - function that produces build file lines to build a + script file from some input. + + called like this: + + in2script(script => "PATH/TO/scriptfile", + sources => [ "PATH/TO/infile", ... ]); + + 'script' has the intended script file name. + 'sources' has the list of source files to build the + resulting script from. + +In all cases, file file paths are relative to the build tree top, and +the build file actions run with the build tree top as current working +directory. + +Make sure to end the section with these functions with a string that +you thing is appropriate for the resulting build file. If nothing +else, end it like this: + + ""; # Make sure no lingering values end up in the Makefile + -} + + +Configure helper scripts +======================== + +Configure uses helper scripts in this directory: + +Checker scripts +--------------- + +These scripts are per platform family, to check the integrity of the +tools used for configuration and building. The checker script used is +either {build_platform}-{build_file}-checker.pm or +{build_platform}-checker.pm, where {build_platform} is the second +'build_scheme' list element from the configuration target data, and +{build_file} is 'build_file' from the same target data. + +If the check succeeds, the script is expected to end with a non-zero +expression. If the check fails, the script can end with a zero, or +with a `die`. diff --git a/third_party/openssl/Configurations/README.design b/third_party/openssl/Configurations/README.design new file mode 100644 index 0000000000..bea9790afb --- /dev/null +++ b/third_party/openssl/Configurations/README.design @@ -0,0 +1,641 @@ +Design document for the unified scheme data +=========================================== + +How are things connected? +------------------------- + +The unified scheme takes all its data from the build.info files seen +throughout the source tree. These files hold the minimum information +needed to build end product files from diverse sources. See the +section on build.info files below. + +From the information in build.info files, Configure builds up an +information database as a hash table called %unified_info, which is +stored in configdata.pm, found at the top of the build tree (which may +or may not be the same as the source tree). + +Configurations/common.tmpl uses the data from %unified_info to +generate the rules for building end product files as well as +intermediary files with the help of a few functions found in the +build-file templates. See the section on build-file templates further +down for more information. + +build.info files +---------------- + +As mentioned earlier, build.info files are meant to hold the minimum +information needed to build output files, and therefore only (with a +few possible exceptions [1]) have information about end products (such +as scripts, library files and programs) and source files (such as C +files, C header files, assembler files, etc). Intermediate files such +as object files are rarely directly referred to in build.info files (and +when they are, it's always with the file name extension .o), they are +inferred by Configure. By the same rule of minimalism, end product +file name extensions (such as .so, .a, .exe, etc) are never mentioned +in build.info. Their file name extensions will be inferred by the +build-file templates, adapted for the platform they are meant for (see +sections on %unified_info and build-file templates further down). + +The variables PROGRAMS, LIBS, ENGINES and SCRIPTS are used to declare +end products. There are variants for them with '_NO_INST' as suffix +(PROGRAM_NO_INST etc) to specify end products that shouldn't get +installed. + +The variables SOURCE, DEPEND, INCLUDE and ORDINALS are indexed by a +produced file, and their values are the source used to produce that +particular produced file, extra dependencies, include directories +needed, and ordinal files (explained further below. + +All their values in all the build.info throughout the source tree are +collected together and form a set of programs, libraries, engines and +scripts to be produced, source files, dependencies, etc etc etc. + +Let's have a pretend example, a very limited contraption of OpenSSL, +composed of the program 'apps/openssl', the libraries 'libssl' and +'libcrypto', an engine 'engines/ossltest' and their sources and +dependencies. + + # build.info + LIBS=libcrypto libssl + ORDINALS[libcrypto]=crypto + ORDINALS[libssl]=ssl + INCLUDE[libcrypto]=include + INCLUDE[libssl]=include + DEPEND[libssl]=libcrypto + +This is the top directory build.info file, and it tells us that two +libraries are to be built, there are some ordinals to be used to +declare what symbols in those libraries are seen as public, the +include directory 'include/' shall be used throughout when building +anything that will end up in each library, and that the library +'libssl' depend on the library 'libcrypto' to function properly. + + # apps/build.info + PROGRAMS=openssl + SOURCE[openssl]=openssl.c + INCLUDE[openssl]=.. ../include + DEPEND[openssl]=../libssl + +This is the build.info file in 'apps/', one may notice that all file +paths mentioned are relative to the directory the build.info file is +located in. This one tells us that there's a program to be built +called 'apps/openssl' (the file name extension will depend on the +platform and is therefore not mentioned in the build.info file). It's +built from one source file, 'apps/openssl.c', and building it requires +the use of '.' and 'include' include directories (both are declared +from the point of view of the 'apps/' directory), and that the program +depends on the library 'libssl' to function properly. + + # crypto/build.info + LIBS=../libcrypto + SOURCE[../libcrypto]=aes.c evp.c cversion.c + DEPEND[cversion.o]=buildinf.h + + GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" + DEPEND[buildinf.h]=../Makefile + DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm + +This is the build.info file in 'crypto', and it tells us a little more +about what's needed to produce 'libcrypto'. LIBS is used again to +declare that 'libcrypto' is to be produced. This declaration is +really unnecessary as it's already mentioned in the top build.info +file, but can make the info file easier to understand. This is to +show that duplicate information isn't an issue. + +This build.info file informs us that 'libcrypto' is built from a few +source files, 'crypto/aes.c', 'crypto/evp.c' and 'crypto/cversion.c'. +It also shows us that building the object file inferred from +'crypto/cversion.c' depends on 'crypto/buildinf.h'. Finally, it +also shows the possibility to declare how some files are generated +using some script, in this case a perl script, and how such scripts +can be declared to depend on other files, in this case a perl module. + +Two things are worth an extra note: + +'DEPEND[cversion.o]' mentions an object file. DEPEND indexes is the +only location where it's valid to mention them + +Lines in 'BEGINRAW'..'ENDRAW' sections must always mention files as +seen from the top directory, no exception. + + # ssl/build.info + LIBS=../libssl + SOURCE[../libssl]=tls.c + +This is the build.info file in 'ssl/', and it tells us that the +library 'libssl' is built from the source file 'ssl/tls.c'. + + # engines/build.info + ENGINES=dasync + SOURCE[dasync]=e_dasync.c + DEPEND[dasync]=../libcrypto + INCLUDE[dasync]=../include + + ENGINES_NO_INST=ossltest + SOURCE[ossltest]=e_ossltest.c + DEPEND[ossltest]=../libcrypto + INCLUDE[ossltest]=../include + +This is the build.info file in 'engines/', telling us that two engines +called 'engines/dasync' and 'engines/ossltest' shall be built, that +dasync's source is 'engines/e_dasync.c' and ossltest's source is +'engines/e_ossltest.c' and that the include directory 'include/' may +be used when building anything that will be part of these engines. +Also, both engines depend on the library 'libcrypto' to function +properly. Finally, only dasync is being installed, as ossltest is +only for internal testing. + +When Configure digests these build.info files, the accumulated +information comes down to this: + + LIBS=libcrypto libssl + ORDINALS[libcrypto]=crypto + SOURCE[libcrypto]=crypto/aes.c crypto/evp.c crypto/cversion.c + DEPEND[crypto/cversion.o]=crypto/buildinf.h + INCLUDE[libcrypto]=include + ORDINALS[libssl]=ssl + SOURCE[libssl]=ssl/tls.c + INCLUDE[libssl]=include + DEPEND[libssl]=libcrypto + + PROGRAMS=apps/openssl + SOURCE[apps/openssl]=apps/openssl.c + INCLUDE[apps/openssl]=. include + DEPEND[apps/openssl]=libssl + + ENGINES=engines/dasync + SOURCE[engines/dasync]=engines/e_dasync.c + DEPEND[engines/dasync]=libcrypto + INCLUDE[engines/dasync]=include + + ENGINES_NO_INST=engines/ossltest + SOURCE[engines/ossltest]=engines/e_ossltest.c + DEPEND[engines/ossltest]=libcrypto + INCLUDE[engines/ossltest]=include + + GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" + DEPEND[crypto/buildinf.h]=Makefile + DEPEND[util/mkbuildinf.pl]=util/Foo.pm + + +A few notes worth mentioning: + +LIBS may be used to declare routine libraries only. + +PROGRAMS may be used to declare programs only. + +ENGINES may be used to declare engines only. + +The indexes for SOURCE and ORDINALS must only be end product files, +such as libraries, programs or engines. The values of SOURCE +variables must only be source files (possibly generated) + +INCLUDE and DEPEND shows a relationship between different files +(usually produced files) or between files and directories, such as a +program depending on a library, or between an object file and some +extra source file. + +When Configure processes the build.info files, it will take it as +truth without question, and will therefore perform very few checks. +If the build tree is separate from the source tree, it will assume +that all built files and up in the build directory and that all source +files are to be found in the source tree, if they can be found there. +Configure will assume that source files that can't be found in the +source tree (such as 'crypto/bildinf.h' in the example above) are +generated and will be found in the build tree. + + +The %unified_info database +-------------------------- + +The information in all the build.info get digested by Configure and +collected into the %unified_info database, divided into the following +indexes: + + depends => a hash table containing 'file' => [ 'dependency' ... ] + pairs. These are directly inferred from the DEPEND + variables in build.info files. + + engines => a list of engines. These are directly inferred from + the ENGINES variable in build.info files. + + generate => a hash table containing 'file' => [ 'generator' ... ] + pairs. These are directly inferred from the GENERATE + variables in build.info files. + + includes => a hash table containing 'file' => [ 'include' ... ] + pairs. These are directly inferred from the INCLUDE + variables in build.info files. + + install => a hash table containing 'type' => [ 'file' ... ] pairs. + The types are 'programs', 'libraries', 'engines' and + 'scripts', and the array of files list the files of + that type that should be installed. + + libraries => a list of libraries. These are directly inferred from + the LIBS variable in build.info files. + + ordinals => a hash table containing 'file' => [ 'word', 'ordfile' ] + pairs. 'file' and 'word' are directly inferred from + the ORDINALS variables in build.info files, while the + file 'ofile' comes from internal knowledge in + Configure. + + programs => a list of programs. These are directly inferred from + the PROGRAMS variable in build.info files. + + rawlines => a list of build-file lines. These are a direct copy of + the BEGINRAW..ENDRAW lines in build.info files. Note: + only the BEGINRAW..ENDRAW section for the current + platform are copied, the rest are ignored. + + scripts => a list of scripts. There are directly inferred from + the SCRIPTS variable in build.info files. + + sources => a hash table containing 'file' => [ 'sourcefile' ... ] + pairs. These are indirectly inferred from the SOURCE + variables in build.info files. Object files are + mentioned in this hash table, with source files from + SOURCE variables, and AS source files for programs and + libraries. + + shared_sources => + a hash table just like 'sources', but only as source + files (object files) for building shared libraries. + +As an example, here is how the build.info files example from the +section above would be digested into a %unified_info table: + + our %unified_info = ( + "depends" => + { + "apps/openssl" => + [ + "libssl", + ], + "crypto/buildinf.h" => + [ + "Makefile", + ], + "crypto/cversion.o" => + [ + "crypto/buildinf.h", + ], + "engines/ossltest" => + [ + "libcrypto", + ], + "libssl" => + [ + "libcrypto", + ], + "util/mkbuildinf.pl" => + [ + "util/Foo.pm", + ], + }, + "engines" => + [ + "engines/dasync", + "engines/ossltest", + ], + "generate" => + { + "crypto/buildinf.h" => + [ + "util/mkbuildinf.pl", + "\"\$(CC)", + "\$(CFLAGS)\"", + "\"$(PLATFORM)\"", + ], + }, + "includes" => + { + "apps/openssl" => + [ + ".", + "include", + ], + "engines/ossltest" => + [ + "include" + ], + "libcrypto" => + [ + "include", + ], + "libssl" => + [ + "include", + ], + "util/mkbuildinf.pl" => + [ + "util", + ], + } + "install" => + { + "engines" => + [ + "engines/dasync", + ], + "libraries" => + [ + "libcrypto", + "libssl", + ], + "programs" => + [ + "apps/openssl", + ], + }, + "libraries" => + [ + "libcrypto", + "libssl", + ], + "ordinals" => + { + "libcrypto" => + [ + "crypto", + "util/libcrypto.num", + ], + "libssl" => + [ + "ssl", + "util/libssl.num", + ], + }, + "programs" => + [ + "apps/openssl", + ], + "rawlines" => + [ + ], + "sources" => + { + "apps/openssl" => + [ + "apps/openssl.o", + ], + "apps/openssl.o" => + [ + "apps/openssl.c", + ], + "crypto/aes.o" => + [ + "crypto/aes.c", + ], + "crypto/cversion.o" => + [ + "crypto/cversion.c", + ], + "crypto/evp.o" => + [ + "crypto/evp.c", + ], + "engines/e_ossltest.o" => + [ + "engines/e_ossltest.c", + ], + "engines/ossltest" => + [ + "engines/e_ossltest.o", + ], + "libcrypto" => + [ + "crypto/aes.c", + "crypto/cversion.c", + "crypto/evp.c", + ], + "libssl" => + [ + "ssl/tls.c", + ], + "ssl/tls.o" => + [ + "ssl/tls.c", + ], + }, + ); + +As can be seen, everything in %unified_info is fairly simple suggest +of information. Still, it tells us that to build all programs, we +must build 'apps/openssl', and to build the latter, we will need to +build all its sources ('apps/openssl.o' in this case) and all the +other things it depends on (such as 'libssl'). All those dependencies +need to be built as well, using the same logic, so to build 'libssl', +we need to build 'ssl/tls.o' as well as 'libcrypto', and to build the +latter... + + +Build-file templates +-------------------- + +Build-file templates are essentially build-files (such as Makefile on +Unix) with perl code fragments mixed in. Those perl code fragment +will generate all the configuration dependent data, including all the +rules needed to build end product files and intermediary files alike. +At a minimum, there must be a perl code fragment that defines a set of +functions that are used to generates specific build-file rules, to +build static libraries from object files, to build shared libraries +from static libraries, to programs from object files and libraries, +etc. + + generatesrc - function that produces build file lines to generate + a source file from some input. + + It's called like this: + + generatesrc(src => "PATH/TO/tobegenerated", + generator => [ "generatingfile", ... ] + generator_incs => [ "INCL/PATH", ... ] + generator_deps => [ "dep1", ... ] + incs => [ "INCL/PATH", ... ], + deps => [ "dep1", ... ], + intent => one of "libs", "dso", "bin" ); + + 'src' has the name of the file to be generated. + 'generator' is the command or part of command to + generate the file, of which the first item is + expected to be the file to generate from. + generatesrc() is expected to analyse and figure out + exactly how to apply that file and how to capture + the result. 'generator_incs' and 'generator_deps' + are include directories and files that the generator + file itself depends on. 'incs' and 'deps' are + include directories and files that are used if $(CC) + is used as an intermediary step when generating the + end product (the file indicated by 'src'). 'intent' + indicates what the generated file is going to be + used for. + + src2obj - function that produces build file lines to build an + object file from source files and associated data. + + It's called like this: + + src2obj(obj => "PATH/TO/objectfile", + srcs => [ "PATH/TO/sourcefile", ... ], + deps => [ "dep1", ... ], + incs => [ "INCL/PATH", ... ] + intent => one of "lib", "dso", "bin" ); + + 'obj' has the intended object file *without* + extension, src2obj() is expected to add that. + 'srcs' has the list of source files to build the + object file, with the first item being the source + file that directly corresponds to the object file. + 'deps' is a list of explicit dependencies. 'incs' + is a list of include file directories. Finally, + 'intent' indicates what this object file is going + to be used for. + + obj2lib - function that produces build file lines to build a + static library file ("libfoo.a" in Unix terms) from + object files. + + called like this: + + obj2lib(lib => "PATH/TO/libfile", + objs => [ "PATH/TO/objectfile", ... ]); + + 'lib' has the intended library file name *without* + extension, obj2lib is expected to add that. 'objs' + has the list of object files (also *without* + extension) to build this library. + + libobj2shlib - function that produces build file lines to build a + shareable object library file ("libfoo.so" in Unix + terms) from the corresponding static library file + or object files. + + called like this: + + libobj2shlib(shlib => "PATH/TO/shlibfile", + lib => "PATH/TO/libfile", + objs => [ "PATH/TO/objectfile", ... ], + deps => [ "PATH/TO/otherlibfile", ... ], + ordinals => [ "word", "/PATH/TO/ordfile" ]); + + 'lib' has the intended library file name *without* + extension, libobj2shlib is expected to add that. + 'shlib' has the corresponding shared library name + *without* extension. 'deps' has the list of other + libraries (also *without* extension) this library + needs to be linked with. 'objs' has the list of + object files (also *without* extension) to build + this library. 'ordinals' MAY be present, and when + it is, its value is an array where the word is + "crypto" or "ssl" and the file is one of the ordinal + files util/libcrypto.num or util/libssl.num in the + source directory. + + This function has a choice; it can use the + corresponding static library as input to make the + shared library, or the list of object files. + + obj2dynlib - function that produces build file lines to build a + dynamically loadable library file ("libfoo.so" on + Unix) from object files. + + called like this: + + obj2dynlib(lib => "PATH/TO/libfile", + objs => [ "PATH/TO/objectfile", ... ], + deps => [ "PATH/TO/otherlibfile", + ... ]); + + This is almost the same as libobj2shlib, but the + intent is to build a shareable library that can be + loaded in runtime (a "plugin"...). The differences + are subtle, one of the most visible ones is that the + resulting shareable library is produced from object + files only. + + obj2bin - function that produces build file lines to build an + executable file from object files. + + called like this: + + obj2bin(bin => "PATH/TO/binfile", + objs => [ "PATH/TO/objectfile", ... ], + deps => [ "PATH/TO/libfile", ... ]); + + 'bin' has the intended executable file name + *without* extension, obj2bin is expected to add + that. 'objs' has the list of object files (also + *without* extension) to build this library. 'deps' + has the list of library files (also *without* + extension) that the programs needs to be linked + with. + + in2script - function that produces build file lines to build a + script file from some input. + + called like this: + + in2script(script => "PATH/TO/scriptfile", + sources => [ "PATH/TO/infile", ... ]); + + 'script' has the intended script file name. + 'sources' has the list of source files to build the + resulting script from. + +Along with the build-file templates is the driving engine +Configurations/common.tmpl, which looks through all the information in +%unified_info and generates all the rulesets to build libraries, +programs and all intermediate files, using the rule generating +functions defined in the build-file template. + +As an example with the smaller build.info set we've seen as an +example, producing the rules to build 'libcrypto' would result in the +following calls: + + # Note: libobj2shlib will only be called if shared libraries are + # to be produced. + # Note 2: libobj2shlib gets both the name of the static library + # and the names of all the object files that go into it. It's up + # to the implementation to decide which to use as input. + # Note 3: common.tmpl peals off the ".o" extension from all object + # files, as the platform at hand may have a different one. + libobj2shlib(shlib => "libcrypto", + lib => "libcrypto", + objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ], + deps => [ ] + ordinals => [ "crypto", "util/libcrypto.num" ]); + + obj2lib(lib => "libcrypto" + objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ]); + + src2obj(obj => "crypto/aes" + srcs => [ "crypto/aes.c" ], + deps => [ ], + incs => [ "include" ], + intent => "lib"); + + src2obj(obj => "crypto/evp" + srcs => [ "crypto/evp.c" ], + deps => [ ], + incs => [ "include" ], + intent => "lib"); + + src2obj(obj => "crypto/cversion" + srcs => [ "crypto/cversion.c" ], + deps => [ "crypto/buildinf.h" ], + incs => [ "include" ], + intent => "lib"); + + generatesrc(src => "crypto/buildinf.h", + generator => [ "util/mkbuildinf.pl", "\"$(CC)", + "$(CFLAGS)\"", "\"$(PLATFORM)\"" ], + generator_incs => [ "util" ], + generator_deps => [ "util/Foo.pm" ], + incs => [ ], + deps => [ ], + intent => "lib"); + +The returned strings from all those calls are then concatenated +together and written to the resulting build-file. diff --git a/third_party/openssl/Configurations/common.tmpl b/third_party/openssl/Configurations/common.tmpl new file mode 100644 index 0000000000..9d7fbf2e77 --- /dev/null +++ b/third_party/openssl/Configurations/common.tmpl @@ -0,0 +1,231 @@ +{- # -*- Mode: perl -*- + + use File::Basename; + + # A cache of objects for which a recipe has already been generated + my %cache; + + # resolvedepends and reducedepends work in tandem to make sure + # there are no duplicate dependencies and that they are in the + # right order. This is especially used to sort the list of + # libraries that a build depends on. + sub resolvedepends { + my $thing = shift; + my @listsofar = @_; # to check if we're looping + my @list = @{$unified_info{depends}->{$thing}}; + my @newlist = (); + if (scalar @list) { + foreach my $item (@list) { + # It's time to break off when the dependency list starts looping + next if grep { $_ eq $item } @listsofar; + push @newlist, $item, resolvedepends($item, @listsofar, $item); + } + } + @newlist; + } + sub reducedepends { + my @list = @_; + my @newlist = (); + while (@list) { + my $item = shift @list; + push @newlist, $item + unless grep { $item eq $_ } @list; + } + @newlist; + } + + # dogenerate is responsible for producing all the recipes that build + # generated source files. It recurses in case a dependency is also a + # generated source file. + sub dogenerate { + my $src = shift; + return "" if $cache{$src}; + my $obj = shift; + my $bin = shift; + my %opts = @_; + if ($unified_info{generate}->{$src}) { + die "$src is generated by Configure, should not appear in build file\n" + if ref $unified_info{generate}->{$src} eq ""; + my $script = $unified_info{generate}->{$src}->[0]; + $OUT .= generatesrc(src => $src, + generator => $unified_info{generate}->{$src}, + generator_incs => $unified_info{includes}->{$script}, + generator_deps => $unified_info{depends}->{$script}, + deps => $unified_info{depends}->{$src}, + incs => [ @{$unified_info{includes}->{$bin}}, + @{$unified_info{includes}->{$obj}} ], + %opts); + foreach (@{$unified_info{depends}->{$src}}) { + dogenerate($_, $obj, $bin, %opts); + } + } + $cache{$src} = 1; + } + + # doobj is responsible for producing all the recipes that build + # object files as well as dependency files. + sub doobj { + my $obj = shift; + return "" if $cache{$obj}; + (my $obj_no_o = $obj) =~ s|\.o$||; + my $bin = shift; + my %opts = @_; + if (@{$unified_info{sources}->{$obj}}) { + $OUT .= src2obj(obj => $obj_no_o, + srcs => $unified_info{sources}->{$obj}, + deps => $unified_info{depends}->{$obj}, + incs => [ @{$unified_info{includes}->{$bin}}, + @{$unified_info{includes}->{$obj}} ], + %opts); + foreach ((@{$unified_info{sources}->{$obj}}, + @{$unified_info{depends}->{$obj}})) { + dogenerate($_, $obj, $bin, %opts); + } + } + $cache{$obj} = 1; + } + + # dolib is responsible for building libraries. It will call + # libobj2shlib is shared libraries are produced, and obj2lib in all + # cases. It also makes sure all object files for the library are + # built. + sub dolib { + my $lib = shift; + return "" if $cache{$lib}; + unless ($disabled{shared}) { + my %ordinals = + $unified_info{ordinals}->{$lib} + ? (ordinals => $unified_info{ordinals}->{$lib}) : (); + $OUT .= libobj2shlib(shlib => $unified_info{sharednames}->{$lib}, + lib => $lib, + objs => [ map { (my $x = $_) =~ s|\.o$||; $x } + (@{$unified_info{sources}->{$lib}}, + @{$unified_info{shared_sources}->{$lib}}) ], + deps => [ reducedepends(resolvedepends($lib)) ], + %ordinals); + foreach (@{$unified_info{shared_sources}->{$lib}}) { + doobj($_, $lib, intent => "lib"); + } + } + $OUT .= obj2lib(lib => $lib, + objs => [ map { (my $x = $_) =~ s|\.o$||; $x } + @{$unified_info{sources}->{$lib}} ]); + foreach (@{$unified_info{sources}->{$lib}}) { + doobj($_, $lib, intent => "lib"); + } + $cache{$lib} = 1; + } + + # doengine is responsible for building engines. It will call + # obj2dso, and also makes sure all object files for the library + # are built. + sub doengine { + my $lib = shift; + return "" if $cache{$lib}; + $OUT .= obj2dso(lib => $lib, + objs => [ map { (my $x = $_) =~ s|\.o$||; $x } + (@{$unified_info{sources}->{$lib}}, + @{$unified_info{shared_sources}->{$lib}}) ], + deps => [ resolvedepends($lib) ]); + foreach ((@{$unified_info{sources}->{$lib}}, + @{$unified_info{shared_sources}->{$lib}})) { + doobj($_, $lib, intent => "dso"); + } + $cache{$lib} = 1; + } + + # dobin is responsible for building programs. It will call obj2bin, + # and also makes sure all object files for the library are built. + sub dobin { + my $bin = shift; + return "" if $cache{$bin}; + my $deps = [ reducedepends(resolvedepends($bin)) ]; + $OUT .= obj2bin(bin => $bin, + objs => [ map { (my $x = $_) =~ s|\.o$||; $x } + @{$unified_info{sources}->{$bin}} ], + deps => $deps); + foreach (@{$unified_info{sources}->{$bin}}) { + doobj($_, $bin, intent => "bin"); + } + $cache{$bin} = 1; + } + + # dobin is responsible for building scripts from templates. It will + # call in2script. + sub doscript { + my $script = shift; + return "" if $cache{$script}; + $OUT .= in2script(script => $script, + sources => $unified_info{sources}->{$script}); + $cache{$script} = 1; + } + + sub dodir { + my $dir = shift; + return "" if !exists(&generatedir) or $cache{$dir}; + $OUT .= generatedir(dir => $dir, + deps => $unified_info{dirinfo}->{$dir}->{deps}, + %{$unified_info{dirinfo}->{$_}->{products}}); + $cache{$dir} = 1; + } + + # Start with populating the cache with all the overrides + %cache = map { $_ => 1 } @{$unified_info{overrides}}; + + # For convenience collect information regarding directories where + # files are generated, those generated files and the end product + # they end up in where applicable. Then, add build rules for those + # directories + if (exists &generatedir) { + my %loopinfo = ( "dso" => [ @{$unified_info{engines}} ], + "lib" => [ @{$unified_info{libraries}} ], + "bin" => [ @{$unified_info{programs}} ], + "script" => [ @{$unified_info{scripts}} ] ); + foreach my $type (keys %loopinfo) { + foreach my $product (@{$loopinfo{$type}}) { + my %dirs = (); + my $pd = dirname($product); + + # We already have a "test" target, and the current directory + # is just silly to make a target for + $dirs{$pd} = 1 unless $pd eq "test" || $pd eq "."; + + foreach (@{$unified_info{sources}->{$product}}) { + my $d = dirname($_); + + # We don't want to create targets for source directories + # when building out of source + next if ($config{sourcedir} ne $config{builddir} + && $d =~ m|^\Q$config{sourcedir}\E|); + # We already have a "test" target, and the current directory + # is just silly to make a target for + next if $d eq "test" || $d eq "."; + + $dirs{$d} = 1; + push @{$unified_info{dirinfo}->{$d}->{deps}}, $_ + if $d ne $pd; + } + foreach (keys %dirs) { + push @{$unified_info{dirinfo}->{$_}->{products}->{$type}}, + $product; + } + } + } + } + + # Build mandatory generated headers + foreach (@{$unified_info{depends}->{""}}) { dogenerate($_); } + + # Build all known libraries, engines, programs and scripts. + # Everything else will be handled as a consequence. + foreach (@{$unified_info{libraries}}) { dolib($_); } + foreach (@{$unified_info{engines}}) { doengine($_); } + foreach (@{$unified_info{programs}}) { dobin($_); } + foreach (@{$unified_info{scripts}}) { doscript($_); } + + foreach (sort keys %{$unified_info{dirinfo}}) { dodir($_); } + + # Finally, should there be any applicable BEGINRAW/ENDRAW sections, + # they are added here. + $OUT .= $_."\n" foreach @{$unified_info{rawlines}}; +-} diff --git a/third_party/openssl/Configurations/descrip.mms.tmpl b/third_party/openssl/Configurations/descrip.mms.tmpl new file mode 100644 index 0000000000..6f6a9ace24 --- /dev/null +++ b/third_party/openssl/Configurations/descrip.mms.tmpl @@ -0,0 +1,776 @@ +## descrip.mms to build OpenSSL on OpenVMS +## +## {- join("\n## ", @autowarntext) -} +{- + use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/; + + # Our prefix, claimed when speaking with the VSI folks Tuesday + # January 26th 2016 + our $osslprefix = 'OSSL$'; + (our $osslprefix_q = $osslprefix) =~ s/\$/\\\$/; + + our $sover = sprintf "%02d%02d", $config{shlib_major}, $config{shlib_minor}; + our $osslver = sprintf "%02d%02d", split(/\./, $config{version}); + + our $sourcedir = $config{sourcedir}; + our $builddir = $config{builddir}; + sub sourcefile { + catfile($sourcedir, @_); + } + sub buildfile { + catfile($builddir, @_); + } + sub sourcedir { + catdir($sourcedir, @_); + } + sub builddir { + catdir($builddir, @_); + } + sub tree { + (my $x = shift) =~ s|\]$|...]|; + $x + } + sub move { + my $f = catdir(@_); + my $b = abs2rel(rel2abs("."),rel2abs($f)); + $sourcedir = catdir($b,$sourcedir) + if !file_name_is_absolute($sourcedir); + $builddir = catdir($b,$builddir) + if !file_name_is_absolute($builddir); + ""; + } + + # Because we need to make two computations of these data, + # we store them in arrays for reuse + our @shlibs = map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}; + our @install_shlibs = map { $unified_info{sharednames}->{$_} || () } @{$unified_info{install}->{libraries}}; + our @generated = ( ( map { (my $x = $_) =~ s|\.S$|\.s|; $x } + grep { defined $unified_info{generate}->{$_} } + map { @{$unified_info{sources}->{$_}} } + grep { /\.o$/ } keys %{$unified_info{sources}} ), + ( grep { /\.h$/ } keys %{$unified_info{generate}} ) ); + + # This is a horrible hack, but is needed because recursive inclusion of files + # in different directories does not work well with HP C. + my $sd = sourcedir("crypto", "async", "arch"); + foreach (grep /\[\.crypto\.async\.arch\].*\.o$/, keys %{$unified_info{sources}}) { + (my $x = $_) =~ s|\.o$|.OBJ|; + $unified_info{before}->{$x} + = qq(arch_include = F\$PARSE("$sd","A.;",,,"SYNTAX_ONLY") - "A.;" + define arch 'arch_include'); + $unified_info{after}->{$x} + = qq(deassign arch); + } + my $sd1 = sourcedir("ssl","record"); + my $sd2 = sourcedir("ssl","statem"); + $unified_info{before}->{"[.test]heartbeat_test.OBJ"} + = $unified_info{before}->{"[.test]ssltest_old.OBJ"} + = qq(record_include = F\$PARSE("$sd1","A.;",,,"SYNTAX_ONLY") - "A.;" + define record 'record_include' + statem_include = F\$PARSE("$sd2","A.;",,,"SYNTAX_ONLY") - "A.;" + define statem 'statem_include'); + $unified_info{after}->{"[.test]heartbeat_test.OBJ"} + = $unified_info{after}->{"[.test]ssltest.OBJ"} + = qq(deassign statem + deassign record); + foreach (grep /^\[\.ssl\.(?:record|statem)\].*\.o$/, keys %{$unified_info{sources}}) { + (my $x = $_) =~ s|\.o$|.OBJ|; + $unified_info{before}->{$x} + = qq(record_include = F\$PARSE("$sd1","A.;",,,"SYNTAX_ONLY") - "A.;" + define record 'record_include' + statem_include = F\$PARSE("$sd2","A.;",,,"SYNTAX_ONLY") - "A.;" + define statem 'statem_include'); + $unified_info{after}->{$x} + = qq(deassign statem + deassign record); + } + # This makes sure things get built in the order they need + # to. You're welcome. + sub dependmagic { + my $target = shift; + + return "$target : build_generated\n\t\pipe \$(MMS) \$(MMSQUALIFIERS) depend && \$(MMS) \$(MMSQUALIFIERS) _$target\n_$target"; + } + #use Data::Dumper; + #print STDERR "DEBUG: before:\n", Dumper($unified_info{before}); + #print STDERR "DEBUG: after:\n", Dumper($unified_info{after}); + ""; +-} +PLATFORM={- $config{target} -} +OPTIONS={- $config{options} -} +CONFIGURE_ARGS=({- join(", ",quotify_l(@{$config{perlargv}})) -}) +SRCDIR={- $config{sourcedir} -} +BLDDIR={- $config{builddir} -} + +# Allow both V and VERBOSE to indicate verbosity. This only applies +# to testing. +VERBOSE=$(V) + +VERSION={- $config{version} -} +MAJOR={- $config{major} -} +MINOR={- $config{minor} -} +SHLIB_VERSION_NUMBER={- $config{shlib_version_number} -} +SHLIB_VERSION_HISTORY={- $config{shlib_version_history} -} +SHLIB_MAJOR={- $config{shlib_major} -} +SHLIB_MINOR={- $config{shlib_minor} -} +SHLIB_TARGET={- $target{shared_target} -} + +EXE_EXT=.EXE +LIB_EXT=.OLB +SHLIB_EXT=.EXE +OBJ_EXT=.OBJ +DEP_EXT=.D + +LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @{$unified_info{libraries}}) -} +SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @shlibs) -} +ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{engines}}) -} +PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{programs}}) -} +SCRIPTS={- join(", ", map { "-\n\t".$_ } @{$unified_info{scripts}}) -} +{- output_off() if $disabled{makedepend}; "" -} +DEPS={- our @deps = map { (my $x = $_) =~ s|\.o$|\$(DEP_EXT)|; $x; } + grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ } + keys %{$unified_info{sources}}; + join(", ", map { "-\n\t".$_ } @deps); -} +{- output_on() if $disabled{makedepend}; "" -} +GENERATED_MANDATORY={- join(", ", map { "-\n\t".$_ } @{$unified_info{depends}->{""}} ) -} +GENERATED={- join(", ", map { "-\n\t".$_ } @generated) -} + +INSTALL_LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @{$unified_info{install}->{libraries}}) -} +INSTALL_SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @install_shlibs) -} +INSTALL_ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{engines}}) -} +INSTALL_PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{programs}}) -} +{- output_off() if $disabled{apps}; "" -} +BIN_SCRIPTS=[.tools]c_rehash.pl +MISC_SCRIPTS=[.apps]CA.pl, [.apps]tsget.pl +{- output_on() if $disabled{apps}; "" -} + +APPS_OPENSSL={- use File::Spec::Functions; + catfile("apps","openssl") -} + +# DESTDIR is for package builders so that they can configure for, say, +# SYS$COMMON:[OPENSSL] and yet have everything installed in STAGING:[USER]. +# In that case, configure with --prefix=SYS$COMMON:[OPENSSL] and then run +# MMS with /MACROS=(DESTDIR=STAGING:[USER]). The result will end up in +# STAGING:[USER.OPENSSL]. +# Normally it is left empty. +DESTDIR= + +# Do not edit this manually. Use Configure --prefix=DIR to change this! +INSTALLTOP={- our $installtop = + catdir($config{prefix}) || "SYS\$COMMON:[OPENSSL]"; + $installtop -} +SYSTARTUP={- catdir($installtop, '[.SYS$STARTUP]'); -} +# This is the standard central area to store certificates, private keys... +OPENSSLDIR={- catdir($config{openssldir}) or + $config{prefix} ? catdir($config{prefix},"COMMON") + : "SYS\$COMMON:[OPENSSL-COMMON]" -} +# The same, but for C +OPENSSLDIR_C={- $osslprefix -}DATAROOT:[000000] +# Where installed engines reside, for C +ENGINESDIR_C={- $osslprefix -}ENGINES{- $sover.$target{pointer_size} -}: + +CC= {- $target{cc} -} +CFLAGS= /DEFINE=({- join(",", @{$target{defines}}, @{$config{defines}},"OPENSSLDIR=\"\"\"\$(OPENSSLDIR_C)\"\"\"","ENGINESDIR=\"\"\"\$(ENGINESDIR_C)\"\"\"") -}) {- $target{cflags} -} {- $config{cflags} -} +CFLAGS_Q=$(CFLAGS) +DEPFLAG= /DEFINE=({- join(",", @{$config{depdefines}}) -}) +LDFLAGS= {- $target{lflags} -} +EX_LIBS= {- $target{ex_libs} ? ",".$target{ex_libs} : "" -}{- $config{ex_libs} ? ",".$config{ex_libs} : "" -} +LIB_CFLAGS={- $target{lib_cflags} || "" -} +DSO_CFLAGS={- $target{dso_cflags} || "" -} +BIN_CFLAGS={- $target{bin_cflags} || "" -} + +PERL={- $config{perl} -} + +# We let the C compiler driver to take care of .s files. This is done in +# order to be excused from maintaining a separate set of architecture +# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC +# gcc, then the driver will automatically translate it to -xarch=v8plus +# and pass it down to assembler. +AS={- $target{as} -} +ASFLAG={- $target{asflags} -} + +# .FIRST and .LAST are special targets with MMS and MMK. +# The defines in there are for C. includes that look like +# this: +# +# #include +# #include "internal/bar.h" +# +# will use the logical names to find the files. Expecting +# DECompHP C to find files in subdirectories of whatever was +# given with /INCLUDE is a fantasy, unfortunately. +NODEBUG=@ +.FIRST : + $(NODEBUG) openssl_inc1 = F$PARSE("[.include.openssl]","A.;",,,"syntax_only") - "A.;" + $(NODEBUG) openssl_inc2 = F$PARSE("{- catdir($config{sourcedir},"[.include.openssl]") -}","A.;",,,"SYNTAX_ONLY") - "A.;" + $(NODEBUG) internal_inc1 = F$PARSE("[.crypto.include.internal]","A.;",,,"SYNTAX_ONLY") - "A.;" + $(NODEBUG) internal_inc2 = F$PARSE("{- catdir($config{sourcedir},"[.include.internal]") -}","A.;",,,"SYNTAX_ONLY") - "A.;" + $(NODEBUG) internal_inc3 = F$PARSE("{- catdir($config{sourcedir},"[.crypto.include.internal]") -}","A.;",,,"SYNTAX_ONLY") - "A.;" + $(NODEBUG) DEFINE openssl 'openssl_inc1','openssl_inc2' + $(NODEBUG) DEFINE internal 'internal_inc1','internal_inc2','internal_inc3' + $(NODEBUG) staging_dir = "$(DESTDIR)" + $(NODEBUG) staging_instdir = "" + $(NODEBUG) staging_datadir = "" + $(NODEBUG) IF staging_dir .NES. "" THEN - + staging_instdir = F$PARSE("A.;",staging_dir,"[]",,"SYNTAX_ONLY") + $(NODEBUG) IF staging_instdir - "]A.;" .NES. staging_instdir THEN - + staging_instdir = staging_instdir - "]A.;" + ".OPENSSL-INSTALL]" + $(NODEBUG) IF staging_instdir - "A.;" .NES. staging_instdir THEN - + staging_instdir = staging_instdir - "A.;" + "[OPENSSL-INSTALL]" + $(NODEBUG) IF staging_dir .NES. "" THEN - + staging_datadir = F$PARSE("A.;",staging_dir,"[]",,"SYNTAX_ONLY") + $(NODEBUG) IF staging_datadir - "]A.;" .NES. staging_datadir THEN - + staging_datadir = staging_datadir - "]A.;" + ".OPENSSL-COMMON]" + $(NODEBUG) IF staging_datadir - "A.;" .NES. staging_datadir THEN - + staging_datadir = staging_datadir - "A.;" + "[OPENSSL-COMMON]" + $(NODEBUG) ! + $(NODEBUG) ! Installation logical names + $(NODEBUG) ! + $(NODEBUG) installtop = F$PARSE(staging_instdir,"$(INSTALLTOP)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + ".]" + $(NODEBUG) datatop = F$PARSE(staging_datadir,"$(OPENSSLDIR)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + ".]" + $(NODEBUG) DEFINE ossl_installroot 'installtop' + $(NODEBUG) DEFINE ossl_dataroot 'datatop' + $(NODEBUG) ! + $(NODEBUG) ! Figure out the architecture + $(NODEBUG) ! + $(NODEBUG) arch = f$edit( f$getsyi( "arch_name"), "upcase") + $(NODEBUG) ! + $(NODEBUG) ! Set up logical names for the libraries, so LINK and + $(NODEBUG) ! running programs can use them. + $(NODEBUG) ! + $(NODEBUG) {- join("\n\t\$(NODEBUG) ", map { "DEFINE ".uc($_)." 'F\$ENV(\"DEFAULT\")'".uc($_)."\$(SHLIB_EXT)" } map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}) || "!" -} + +.LAST : + $(NODEBUG) {- join("\n\t\$(NODEBUG) ", map { "DEASSIGN ".uc($_) } map { $unified_info{sharednames}->{$_} || () } @{$unified_info{libraries}}) || "!" -} + $(NODEBUG) DEASSIGN ossl_dataroot + $(NODEBUG) DEASSIGN ossl_installroot + $(NODEBUG) DEASSIGN internal + $(NODEBUG) DEASSIGN openssl +.DEFAULT : + @ ! MMS cannot handle no actions... + +# The main targets ################################################### + +{- dependmagic('all'); -} : build_libs_nodep, build_engines_nodep, build_programs_nodep +{- dependmagic('build_libs'); -} : build_libs_nodep +{- dependmagic('build_engines'); -} : build_engines_nodep +{- dependmagic('build_programs'); -} : build_programs_nodep + +build_generated : $(GENERATED_MANDATORY) +build_libs_nodep : $(LIBS), $(SHLIBS) +build_engines_nodep : $(ENGINES) +build_programs_nodep : $(PROGRAMS), $(SCRIPTS) + +# Kept around for backward compatibility +build_apps build_tests : build_programs + +test : tests +{- dependmagic('tests'); -} : build_programs_nodep, build_engines_nodep + @ ! {- output_off() if $disabled{tests}; "" -} + SET DEFAULT [.test]{- move("test") -} + CREATE/DIR [.test-runs] + DEFINE SRCTOP {- sourcedir() -} + DEFINE BLDTOP {- builddir() -} + DEFINE RESULT_D {- builddir(qw(test test-runs)) -} + DEFINE OPENSSL_ENGINES {- builddir("engines") -} + DEFINE OPENSSL_DEBUG_MEMORY "on" + IF "$(VERBOSE)" .NES. "" THEN DEFINE VERBOSE "$(VERBOSE)" + $(PERL) {- sourcefile("test", "run_tests.pl") -} $(TESTS) + DEASSIGN OPENSSL_DEBUG_MEMORY + DEASSIGN OPENSSL_ENGINES + DEASSIGN BLDTOP + DEASSIGN SRCTOP + SET DEFAULT [-]{- move("..") -} + @ ! {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} + @ WRITE SYS$OUTPUT "Tests are not supported with your chosen Configure options" + @ ! {- output_on() if !$disabled{tests}; "" -} + +list-tests : + @ ! {- output_off() if $disabled{tests}; "" -} + @ DEFINE SRCTOP {- sourcedir() -} + @ $(PERL) {- sourcefile("test", "run_tests.pl") -} list + @ DEASSIGN SRCTOP + @ ! {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} + @ WRITE SYS$OUTPUT "Tests are not supported with your chosen Configure options" + @ ! {- output_on() if !$disabled{tests}; "" -} + +install : install_sw install_ssldirs install_docs + @ WRITE SYS$OUTPUT "" + @ WRITE SYS$OUTPUT "######################################################################" + @ WRITE SYS$OUTPUT "" + @ IF "$(DESTDIR)" .EQS. "" THEN - + PIPE ( WRITE SYS$OUTPUT "Installation complete" ; - + WRITE SYS$OUTPUT "" ; - + WRITE SYS$OUTPUT "Run @$(SYSTARTUP)openssl_startup{- $osslver -} to set up logical names" ; - + WRITE SYS$OUTPUT "then run @$(SYSTARTUP)openssl_utils{- $osslver -} to define commands" ; - + WRITE SYS$OUTPUT "" ) + @ IF "$(DESTDIR)" .NES. "" THEN - + PIPE ( WRITE SYS$OUTPUT "Staging installation complete" ; - + WRITE SYS$OUTPUT "" ; - + WRITE SYS$OUTPUT "Finish or package in such a way that the contents of the directory tree" ; - + WRITE SYS$OUTPUT staging_instdir ; - + WRITE SYS$OUTPUT "ends up in $(INSTALLTOP)," ; - + WRITE SYS$OUTPUT "and that the contents of the contents of the directory tree" ; - + WRITE SYS$OUTPUT staging_datadir ; - + WRITE SYS$OUTPUT "ends up in $(OPENSSLDIR)" ; - + WRITE SYS$OUTPUT "" ; - + WRITE SYS$OUTPUT "When in its final destination," ; - + WRITE SYS$OUTPUT "Run @$(SYSTARTUP)openssl_startup{- $osslver -} to set up logical names" ; - + WRITE SYS$OUTPUT "then run @$(SYSTARTUP)openssl_utils{- $osslver -} to define commands" ; - + WRITE SYS$OUTPUT "" ) + +check_install : + spawn/nolog @ossl_installroot:[SYSTEST]openssl_ivp{- $osslver -}.com + +uninstall : uninstall_docs uninstall_sw + +# Because VMS wants the generation number (or *) to delete files, we can't +# use $(LIBS), $(PROGRAMS), $(GENERATED) and $(ENGINES)directly. +libclean : + {- join("\n\t", map { "- DELETE $_.OLB;*" } @{$unified_info{libraries}}) || "@ !" -} + {- join("\n\t", map { "- DELETE $_.EXE;*,$_.MAP;*,$_.OPT;*" } @shlibs) || "@ !" -} + +clean : libclean + {- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @{$unified_info{programs}}) || "@ !" -} + {- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @{$unified_info{engines}}) || "@ !" -} + {- join("\n\t", map { "- DELETE $_;*" } @{$unified_info{scripts}}) || "@ !" -} + {- join("\n\t", map { "- DELETE $_;*" } @generated) || "@ !" -} + - DELETE [...]*.MAP;* + - DELETE [...]*.D;* + - DELETE [...]*.OBJ;*,*.LIS;* + - DELETE []CXX$DEMANGLER_DB.;* + - DELETE [.VMS]openssl_startup.com;* + - DELETE [.VMS]openssl_shutdown.com;* + - DELETE []vmsconfig.pm;* + +distclean : clean + - DELETE configdata.pm;* + - DELETE descrip.mms;* + +depend : descrip.mms +descrip.mms : FORCE + @ ! {- output_off() if $disabled{makedepend}; "" -} + @ $(PERL) -pe "if (/^# DO NOT DELETE.*/) { exit(0); }" - + < descrip.mms > descrip.mms-new + @ OPEN/APPEND DESCRIP descrip.mms-new + @ WRITE DESCRIP "# DO NOT DELETE THIS LINE -- make depend depends on it." + {- join("\n\t", map { "\@ IF F\$SEARCH(\"$_\") .NES. \"\" THEN TYPE $_ /OUTPUT=DESCRIP:" } @deps); -} + @ CLOSE DESCRIP + @ PIPE ( $(PERL) -e "use File::Compare qw/compare_text/; my $x = compare_text(""descrip.mms"",""descrip.mms-new""); exit(0x10000000 + ($x == 0));" || - + RENAME descrip.mms-new descrip.mms ) + @ IF F$SEARCH("descrip.mms-new") .NES. "" THEN DELETE descrip.mms-new;* + -@ SPAWN/OUTPUT=NLA0: PURGE/NOLOG descrip.mms + @ ! {- output_on() if $disabled{makedepend}; "" -} + +# Install helper targets ############################################# + +install_sw : all install_shared _install_dev_ns - + install_engines _install_runtime_ns - + install_startup install_ivp + +uninstall_sw : uninstall_shared _uninstall_dev_ns - + uninstall_engines _uninstall_runtime_ns - + uninstall_startup uninstall_ivp + +install_docs : install_html_docs + +uninstall_docs : uninstall_html_docs + +install_ssldirs : check_INSTALLTOP + - CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[000000] + IF F$SEARCH("OSSL_DATAROOT:[000000]CERTS.DIR;1") .EQS. "" THEN - + CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[CERTS] + IF F$SEARCH("OSSL_DATAROOT:[000000]PRIVATE.DIR;1") .EQS. "" THEN - + CREATE/DIR/PROT=(S:RWED,O:RWE,G,W) OSSL_DATAROOT:[PRIVATE] + IF F$SEARCH("OSSL_DATAROOT:[000000]MISC.DIR;1") .EQS. "" THEN - + CREATE/DIR/PROT=(S:RWED,O:RWE,G,W) OSSL_DATAROOT:[MISC] + COPY/PROT=W:RE $(MISC_SCRIPTS) OSSL_DATAROOT:[MISC] + @ ! Install configuration file + COPY/PROT=W:R {- sourcefile("apps", "openssl-vms.cnf") -} - + ossl_dataroot:[000000]openssl.cnf-dist + IF F$SEARCH("OSSL_DATAROOT:[000000]openssl.cnf") .EQS. "" THEN - + COPY/PROT=W:R {- sourcefile("apps", "openssl-vms.cnf") -} - + ossl_dataroot:[000000]openssl.cnf + +install_shared : check_INSTALLTOP + @ {- output_off() if $disabled{shared}; "" -} ! + @ WRITE SYS$OUTPUT "*** Installing shareable images" + @ ! Install shared (runtime) libraries + - CREATE/DIR ossl_installroot:[LIB.'arch'] + {- join("\n ", + map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" } + @install_shlibs) -} + @ {- output_on() if $disabled{shared}; "" -} ! + +_install_dev_ns : check_INSTALLTOP + @ WRITE SYS$OUTPUT "*** Installing development files" + @ ! Install header files + - CREATE/DIR ossl_installroot:[include.openssl] + COPY/PROT=W:R openssl:*.h ossl_installroot:[include.openssl] + @ ! Install static (development) libraries + - CREATE/DIR ossl_installroot:[LIB.'arch'] + {- join("\n ", + map { "COPY/PROT=W:R $_.OLB ossl_installroot:[LIB.'arch']" } + @{$unified_info{install}->{libraries}}) -} + +install_dev : install_shared _install_dev_ns + +_install_runtime_ns : check_INSTALLTOP + @ ! Install the main program + - CREATE/DIR ossl_installroot:[EXE.'arch'] + COPY/PROT=W:RE [.APPS]openssl.EXE - + ossl_installroot:[EXE.'arch']openssl{- $osslver -}.EXE + @ ! Install scripts + COPY/PROT=W:RE $(BIN_SCRIPTS) ossl_installroot:[EXE] + @ ! {- output_on() if $disabled{apps}; "" -} + +install_runtime : install_shared _install_runtime_ns + +install_engines : check_INSTALLTOP + @ {- output_off() unless scalar @{$unified_info{engines}}; "" -} ! + @ WRITE SYS$OUTPUT "*** Installing engines" + - CREATE/DIR ossl_installroot:[ENGINES{- $sover.$target{pointer_size} -}.'arch'] + {- join("\n ", + map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[ENGINES$sover$target{pointer_size}.'arch']" } + @{$unified_info{install}->{engines}}) -} + @ {- output_on() unless scalar @{$unified_info{engines}}; "" -} ! + +install_startup : [.VMS]openssl_startup.com [.VMS]openssl_shutdown.com - + [.VMS]openssl_utils.com, check_INSTALLTOP + - CREATE/DIR ossl_installroot:[SYS$STARTUP] + COPY/PROT=W:RE [.VMS]openssl_startup.com - + ossl_installroot:[SYS$STARTUP]openssl_startup{- $osslver -}.com + COPY/PROT=W:RE [.VMS]openssl_shutdown.com - + ossl_installroot:[SYS$STARTUP]openssl_shutdown{- $osslver -}.com + COPY/PROT=W:RE [.VMS]openssl_utils.com - + ossl_installroot:[SYS$STARTUP]openssl_utils{- $osslver -}.com + +install_ivp : [.VMS]openssl_ivp.com check_INSTALLTOP + - CREATE/DIR ossl_installroot:[SYSTEST] + COPY/PROT=W:RE [.VMS]openssl_ivp.com - + ossl_installroot:[SYSTEST]openssl_ivp{- $osslver -}.com + +[.VMS]openssl_startup.com : vmsconfig.pm {- sourcefile("VMS", "openssl_startup.com.in") -} + - CREATE/DIR [.VMS] + $(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} - + {- sourcefile("VMS", "openssl_startup.com.in") -} - + > [.VMS]openssl_startup.com + +[.VMS]openssl_utils.com : vmsconfig.pm {- sourcefile("VMS", "openssl_utils.com.in") -} + - CREATE/DIR [.VMS] + $(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} - + {- sourcefile("VMS", "openssl_utils.com.in") -} - + > [.VMS]openssl_utils.com + +[.VMS]openssl_shutdown.com : vmsconfig.pm {- sourcefile("VMS", "openssl_shutdown.com.in") -} + - CREATE/DIR [.VMS] + $(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} - + {- sourcefile("VMS", "openssl_shutdown.com.in") -} - + > [.VMS]openssl_shutdown.com + +[.VMS]openssl_ivp.com : vmsconfig.pm {- sourcefile("VMS", "openssl_ivp.com.in") -} + - CREATE/DIR [.VMS] + $(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} - + {- sourcefile("VMS", "openssl_ivp.com.in") -} - + > [.VMS]openssl_ivp.com + +vmsconfig.pm : configdata.pm + OPEN/WRITE/SHARE=READ CONFIG []vmsconfig.pm + WRITE CONFIG "package vmsconfig;" + WRITE CONFIG "use strict; use warnings;" + WRITE CONFIG "use Exporter;" + WRITE CONFIG "our @ISA = qw(Exporter);" + WRITE CONFIG "our @EXPORT = qw(%config %target %withargs %unified_info %disabled);" + WRITE CONFIG "our %config = (" + WRITE CONFIG " target => '","{- $config{target} -}","'," + WRITE CONFIG " version => '","{- $config{version} -}","'," + WRITE CONFIG " shlib_major => '","{- $config{shlib_major} -}","'," + WRITE CONFIG " shlib_minor => '","{- $config{shlib_minor} -}","'," + WRITE CONFIG " no_shared => '","{- $disabled{shared} -}","'," + WRITE CONFIG " INSTALLTOP => '$(INSTALLTOP)'," + WRITE CONFIG " OPENSSLDIR => '$(OPENSSLDIR)'," + WRITE CONFIG " pointer_size => '","{- $target{pointer_size} -}","'," + WRITE CONFIG ");" + WRITE CONFIG "our %target = ();" + WRITE CONFIG "our %disabled = ();" + WRITE CONFIG "our %withargs = ();" + WRITE CONFIG "our %unified_info = ();" + WRITE CONFIG "1;" + CLOSE CONFIG + +install_html_docs : check_INSTALLTOP + sourcedir = F$PARSE("{- $sourcedir -}A.;","[]") - "]A.;" + ".DOC]" + $(PERL) {- sourcefile("util", "process_docs.pl") -} - + --sourcedir='sourcedir' --destdir=ossl_installroot:[HTML] - + --type=html + +check_INSTALLTOP : + @ IF "$(INSTALLTOP)" .EQS. "" THEN - + WRITE SYS$ERROR "INSTALLTOP should not be empty" + @ IF "$(INSTALLTOP)" .EQS. "" THEN - + EXIT %x10000002 + +# Helper targets ##################################################### + +# Developer targets ################################################## + +debug_logicals : + SH LOGICAL/PROC openssl,internal,ossl_installroot,ossl_dataroot + +# Building targets ################################################### + +configdata.pm : $(SRCDIR)Configure $(SRCDIR)config.com {- join(" ", @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -} + @ WRITE SYS$OUTPUT "Reconfiguring..." + perl $(SRCDIR)Configure reconf + @ WRITE SYS$OUTPUT "*************************************************" + @ WRITE SYS$OUTPUT "*** ***" + @ WRITE SYS$OUTPUT "*** Please run the same mms command again ***" + @ WRITE SYS$OUTPUT "*** ***" + @ WRITE SYS$OUTPUT "*************************************************" + @ PIPE ( EXIT %X10000000 ) + +{- + use File::Basename; + use File::Spec::Functions qw/abs2rel rel2abs catfile catdir/; + + sub generatesrc { + my %args = @_; + my $generator = join(" ", @{$args{generator}}); + my $generator_incs = join("", map { ' "-I'.$_.'"' } @{$args{generator_incs}}); + my $deps = join(", -\n\t\t", @{$args{generator_deps}}, @{$args{deps}}); + + if ($args{src} !~ /\.[sS]$/) { + if ($args{generator}->[0] =~ m|^.*\.in$|) { + my $dofile = abs2rel(rel2abs(catfile($config{sourcedir}, + "util", "dofile.pl")), + rel2abs($config{builddir})); + return <<"EOF"; +$args{src} : $args{generator}->[0] $deps + \$(PERL) "-I\$(BLDDIR)" "-Mconfigdata" $dofile \\ + "-o$target{build_file}" $generator > \$@ +EOF + } else { + return <<"EOF"; +$args{src} : $args{generator}->[0] $deps + \$(PERL)$generator_incs $generator > \$@ +EOF + } + } else { + die "No method to generate assembler source present.\n"; + } + } + + sub src2obj { + my %args = @_; + my $obj = $args{obj}; + my $deps = join(", -\n\t\t", @{$args{srcs}}, @{$args{deps}}); + + # Because VMS C isn't very good at combining a /INCLUDE path with + # #includes having a relative directory (like '#include "../foo.h"), + # the best choice is to move to the first source file's intended + # directory before compiling, and make sure to write the object file + # in the correct position (important when the object tree is other + # than the source tree). + my $forward = dirname($args{srcs}->[0]); + my $backward = abs2rel(rel2abs("."), rel2abs($forward)); + my $objd = abs2rel(rel2abs(dirname($obj)), rel2abs($forward)); + my $objn = basename($obj); + my $srcs = + join(", ", + map { abs2rel(rel2abs($_), rel2abs($forward)) } @{$args{srcs}}); + my $ecflags = { lib => '$(LIB_CFLAGS)', + dso => '$(DSO_CFLAGS)', + bin => '$(BIN_CFLAGS)' } -> {$args{intent}}; + my $incs_on = "\@ !"; + my $incs_off = "\@ !"; + my $incs = ""; + my @incs = (); + push @incs, @{$args{incs}} if @{$args{incs}}; + unless ($disabled{zlib}) { + # GNV$ZLIB_INCLUDE is the standard logical name for later zlib + # incarnations. + push @incs, ($withargs{zlib_include} || 'GNV$ZLIB_INCLUDE:'); + } + if (@incs) { + $incs_on = + "DEFINE tmp_includes " + .join(",-\n\t\t\t", map { + file_name_is_absolute($_) + ? $_ : catdir($backward,$_) + } @incs); + $incs_off = "DEASSIGN tmp_includes"; + $incs = " /INCLUDE=(tmp_includes:)"; + } + my $before = $unified_info{before}->{$obj.".OBJ"} || "\@ !"; + my $after = $unified_info{after}->{$obj.".OBJ"} || "\@ !"; + my $depbuild = $disabled{makedepend} ? "" + : " /MMS=(FILE=${objd}${objn}.tmp-D,TARGET=$obj.OBJ)"; + + return <<"EOF"; +$obj.OBJ : $deps + ${before} + SET DEFAULT $forward + $incs_on + \$(CC) \$(CFLAGS)${ecflags}${incs}${depbuild} /OBJECT=${objd}${objn}.OBJ /REPOSITORY=$backward $srcs + $incs_off + SET DEFAULT $backward + ${after} + \@ PIPE ( \$(PERL) -e "use File::Compare qw/compare_text/; my \$x = compare_text(""$obj.D"",""$obj.tmp-D""); exit(0x10000000 + (\$x == 0));" || - + RENAME $obj.tmp-D $obj.d ) + \@ IF F\$SEARCH("$obj.tmp-D") .NES. "" THEN DELETE $obj.tmp-D;* + - PURGE $obj.OBJ +EOF + } + sub libobj2shlib { + my %args = @_; + my $lib = $args{lib}; + my $shlib = $args{shlib}; + my $libd = dirname($lib); + my $libn = basename($lib); + (my $mkdef_key = $libn) =~ s/^${osslprefix_q}lib([^0-9]*)\d*/$1/i; + my @deps = map { + $disabled{shared} ? $_.".OLB" + : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}}; + my $deps = join(", -\n\t\t", @deps); + my $shlib_target = $disabled{shared} ? "" : $target{shared_target}; + my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : ""; + my $engine_opt = abs2rel(rel2abs(catfile($config{sourcedir}, + "VMS", "engine.opt")), + rel2abs($config{builddir})); + my $mkdef_pl = abs2rel(rel2abs(catfile($config{sourcedir}, + "util", "mkdef.pl")), + rel2abs($config{builddir})); + my $translatesyms_pl = abs2rel(rel2abs(catfile($config{sourcedir}, + "VMS", "translatesyms.pl")), + rel2abs($config{builddir})); + # The "[]" hack is because in .OPT files, each line inherits the + # previous line's file spec as default, so if no directory spec + # is present in the current line and the previous line has one that + # doesn't apply, you're in for a surprise. + my $write_opt = + join("\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_; + $x =~ s|(\.EXE)|$1/SHARE|; + $x =~ s|(\.OLB)|$1/LIB|; + "WRITE OPT_FILE \"$x\"" } @deps) + || "\@ !"; + return <<"EOF"; +$shlib.EXE : $lib.OLB $deps $ordinalsfile + \$(PERL) $mkdef_pl "$mkdef_key" "VMS" > $shlib.SYMVEC-tmp + \$(PERL) $translatesyms_pl \$(BLDDIR)CXX\$DEMANGLER_DB. < $shlib.SYMVEC-tmp > $shlib.SYMVEC + DELETE $shlib.SYMVEC-tmp;* + OPEN/WRITE/SHARE=READ OPT_FILE $shlib.OPT + WRITE OPT_FILE "IDENTIFICATION=""V$config{version}""" + TYPE $shlib.SYMVEC /OUTPUT=OPT_FILE: + WRITE OPT_FILE "$lib.OLB/LIBRARY" + $write_opt + CLOSE OPT_FILE + LINK /MAP=$shlib.MAP /FULL/SHARE=$shlib.EXE $shlib.OPT/OPT \$(EX_LIBS) + DELETE $shlib.SYMVEC;* + PURGE $shlib.EXE,$shlib.OPT,$shlib.MAP +EOF + } + sub obj2dso { + my %args = @_; + my $lib = $args{lib}; + my $libd = dirname($lib); + my $libn = basename($lib); + (my $libn_nolib = $libn) =~ s/^lib//; + my @objs = map { "$_.OBJ" } @{$args{objs}}; + my @deps = map { + $disabled{shared} ? $_.".OLB" + : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}}; + my $deps = join(", -\n\t\t", @objs, @deps); + my $shlib_target = $disabled{shared} ? "" : $target{shared_target}; + my $engine_opt = abs2rel(rel2abs(catfile($config{sourcedir}, + "VMS", "engine.opt")), + rel2abs($config{builddir})); + # The "[]" hack is because in .OPT files, each line inherits the + # previous line's file spec as default, so if no directory spec + # is present in the current line and the previous line has one that + # doesn't apply, you're in for a surprise. + my $write_opt1 = + join(",-\"\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_; + "WRITE OPT_FILE \"$x" } @objs). + "\""; + my $write_opt2 = + join("\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_; + $x =~ s|(\.EXE)|$1/SHARE|; + $x =~ s|(\.OLB)|$1/LIB|; + "WRITE OPT_FILE \"$x\"" } @deps) + || "\@ !"; + return <<"EOF"; +$lib.EXE : $deps + OPEN/WRITE/SHARE=READ OPT_FILE $lib.OPT + TYPE $engine_opt /OUTPUT=OPT_FILE: + $write_opt1 + $write_opt2 + CLOSE OPT_FILE + LINK /MAP=$lib.MAP /FULL/SHARE=$lib.EXE $lib.OPT/OPT \$(EX_LIBS) + - PURGE $lib.EXE,$lib.OPT,$lib.MAP +EOF + } + sub obj2lib { + my %args = @_; + my $lib = $args{lib}; + my $objs = join(", -\n\t\t", map { $_.".OBJ" } (@{$args{objs}})); + my $fill_lib = join("\n\t", (map { "LIBRARY/REPLACE $lib.OLB $_.OBJ" } + @{$args{objs}})); + return <<"EOF"; +$lib.OLB : $objs + LIBRARY/CREATE/OBJECT $lib.OLB + $fill_lib + - PURGE $lib.OLB +EOF + } + sub obj2bin { + my %args = @_; + my $bin = $args{bin}; + my $bind = dirname($bin); + my $binn = basename($bin); + my @objs = map { "$_.OBJ" } @{$args{objs}}; + my @deps = map { + $disabled{shared} ? $_.".OLB" + : $unified_info{sharednames}->{$_}.".EXE"; } @{$args{deps}}; + my $deps = join(", -\n\t\t", @objs, @deps); + # The "[]" hack is because in .OPT files, each line inherits the + # previous line's file spec as default, so if no directory spec + # is present in the current line and the previous line has one that + # doesn't apply, you're in for a surprise. + my $write_opt1 = + join(",-\"\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_; + "WRITE OPT_FILE \"$x" } @objs). + "\""; + my $write_opt2 = + join("\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_; + $x =~ s|(\.EXE)|$1/SHARE|; + $x =~ s|(\.OLB)|$1/LIB|; + "WRITE OPT_FILE \"$x\"" } @deps) + || "\@ !"; + return <<"EOF"; +$bin.EXE : $deps + OPEN/WRITE/SHARE=READ OPT_FILE $bin.OPT + $write_opt1 + $write_opt2 + CLOSE OPT_FILE + LINK/EXEC=$bin.EXE \$(LDFLAGS) $bin.OPT/OPT \$(EX_LIBS) + - PURGE $bin.EXE,$bin.OPT +EOF + } + sub in2script { + my %args = @_; + my $script = $args{script}; + return "" if grep { $_ eq $script } @{$args{sources}}; # No overwrite! + my $sources = join(" ", @{$args{sources}}); + my $dofile = abs2rel(rel2abs(catfile($config{sourcedir}, + "util", "dofile.pl")), + rel2abs($config{builddir})); + return <<"EOF"; +$script : $sources + \$(PERL) "-I\$(BLDDIR)" "-Mconfigdata" $dofile - + "-o$target{build_file}" $sources > $script + SET FILE/PROT=(S:RWED,O:RWED,G:RE,W:RE) $script + PURGE $script +EOF + } + "" # Important! This becomes part of the template result. +-} diff --git a/third_party/openssl/Configurations/unix-Makefile.tmpl b/third_party/openssl/Configurations/unix-Makefile.tmpl new file mode 100644 index 0000000000..3dd09c2466 --- /dev/null +++ b/third_party/openssl/Configurations/unix-Makefile.tmpl @@ -0,0 +1,1039 @@ +## +## Makefile for OpenSSL +## +## {- join("\n## ", @autowarntext) -} +{- + our $objext = $target{obj_extension} || ".o"; + our $depext = $target{dep_extension} || ".d"; + our $exeext = $target{exe_extension} || ""; + our $libext = $target{lib_extension} || ".a"; + our $shlibext = $target{shared_extension} || ".so"; + our $shlibextsimple = $target{shared_extension_simple} || ".so"; + our $shlibextimport = $target{shared_import_extension} || ""; + our $dsoext = $target{dso_extension} || ".so"; + + sub windowsdll { $config{target} =~ /^(?:Cygwin|mingw)/ } + + our $sover = $config{target} =~ /^mingw/ + ? $config{shlib_major}."_".$config{shlib_minor} + : $config{shlib_major}.".".$config{shlib_minor}; + + # shlib and shlib_simple both take a static library name and figure + # out what the shlib name should be. + # + # When OpenSSL is configured "no-shared", these functions will just + # return empty lists, making them suitable to join(). + # + # With Windows DLL producers, shlib($libname) will return the shared + # library name (which usually is different from the static library + # name) with the default shared extension appended to it, while + # shlib_simple($libname) will return the static library name with + # the shared extension followed by ".a" appended to it. The former + # result is used as the runtime shared library while the latter is + # used as the DLL import library. + # + # On all Unix systems, shlib($libname) will return the library name + # with the default shared extension, while shlib_simple($libname) + # will return the name from shlib($libname) with any SO version number + # removed. On some systems, they may therefore return the exact same + # string. + sub shlib { + return () if $disabled{shared}; + my $lib = shift; + return $unified_info{sharednames}->{$lib} . $shlibext; + } + sub shlib_simple { + return () if $disabled{shared}; + + my $lib = shift; + if (windowsdll()) { + return $lib . $shlibextimport; + } + return $lib . $shlibextsimple; + } + + # dso is a complement to shlib / shlib_simple that returns the + # given libname with the simple shared extension (possible SO version + # removed). This differs from shlib_simple() by being unconditional. + sub dso { + my $engine = shift; + + return $engine . $dsoext; + } + # This makes sure things get built in the order they need + # to. You're welcome. + sub dependmagic { + my $target = shift; + + return "$target: build_generated\n\t\$(MAKE) depend && \$(MAKE) _$target\n_$target"; + } + ''; +-} +PLATFORM={- $config{target} -} +OPTIONS={- $config{options} -} +CONFIGURE_ARGS=({- join(", ",quotify_l(@{$config{perlargv}})) -}) +SRCDIR={- $config{sourcedir} -} +BLDDIR={- $config{builddir} -} + +VERSION={- $config{version} -} +MAJOR={- $config{major} -} +MINOR={- $config{minor} -} +SHLIB_VERSION_NUMBER={- $config{shlib_version_number} -} +SHLIB_VERSION_HISTORY={- $config{shlib_version_history} -} +SHLIB_MAJOR={- $config{shlib_major} -} +SHLIB_MINOR={- $config{shlib_minor} -} +SHLIB_TARGET={- $target{shared_target} -} + +LIBS={- join(" ", map { $_.$libext } @{$unified_info{libraries}}) -} +SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{libraries}}) -} +SHLIB_INFO={- join(" ", map { "\"".shlib($_).";".shlib_simple($_)."\"" } @{$unified_info{libraries}}) -} +ENGINES={- join(" ", map { dso($_) } @{$unified_info{engines}}) -} +PROGRAMS={- join(" ", map { $_.$exeext } @{$unified_info{programs}}) -} +SCRIPTS={- join(" ", @{$unified_info{scripts}}) -} +{- output_off() if $disabled{makedepend}; "" -} +DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; } + grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ } + keys %{$unified_info{sources}}); -} +{- output_on() if $disabled{makedepend}; "" -} +GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}} ) -} +GENERATED={- join(" ", + ( map { (my $x = $_) =~ s|\.S$|\.s|; $x } + grep { defined $unified_info{generate}->{$_} } + map { @{$unified_info{sources}->{$_}} } + grep { /\.o$/ } keys %{$unified_info{sources}} ), + ( grep { /\.h$/ } keys %{$unified_info{generate}} )) -} + +INSTALL_LIBS={- join(" ", map { $_.$libext } @{$unified_info{install}->{libraries}}) -} +INSTALL_SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{install}->{libraries}}) -} +INSTALL_SHLIB_INFO={- join(" ", map { "\"".shlib($_).";".shlib_simple($_)."\"" } @{$unified_info{install}->{libraries}}) -} +INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines}}) -} +INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } @{$unified_info{install}->{programs}}) -} +{- output_off() if $disabled{apps}; "" -} +BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash +MISC_SCRIPTS=$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget +{- output_on() if $disabled{apps}; "" -} + +APPS_OPENSSL={- use File::Spec::Functions; + catfile("apps","openssl") -} + +# DESTDIR is for package builders so that they can configure for, say, +# /usr/ and yet have everything installed to /tmp/somedir/usr/. +# Normally it is left empty. +DESTDIR= + +# Do not edit these manually. Use Configure with --prefix or --openssldir +# to change this! Short explanation in the top comment in Configure +INSTALLTOP={- # $prefix is used in the OPENSSLDIR perl snippet + # + our $prefix = $config{prefix} || "/usr/local"; + $prefix -} +OPENSSLDIR={- # + # The logic here is that if no --openssldir was given, + # OPENSSLDIR will get the value from $prefix plus "/ssl". + # If --openssldir was given and the value is an absolute + # path, OPENSSLDIR will get its value without change. + # If the value from --openssldir is a relative path, + # OPENSSLDIR will get $prefix with the --openssldir + # value appended as a subdirectory. + # + use File::Spec::Functions; + our $openssldir = + $config{openssldir} ? + (file_name_is_absolute($config{openssldir}) ? + $config{openssldir} + : catdir($prefix, $config{openssldir})) + : catdir($prefix, "ssl"); + $openssldir -} +LIBDIR={- # + # if $prefix/lib$target{multilib} is not an existing + # directory, then assume that it's not searched by linker + # automatically, in which case adding $target{multilib} suffix + # causes more grief than we're ready to tolerate, so don't... + our $multilib = + -d "$prefix/lib$target{multilib}" ? $target{multilib} : ""; + our $libdir = $config{libdir} || "lib$multilib"; + $libdir -} +ENGINESDIR={- use File::Spec::Functions; + catdir($prefix,$libdir,"engines-$sover") -} + +# Convenience variable for those who want to set the rpath in shared +# libraries and applications +LIBRPATH=$(INSTALLTOP)/$(LIBDIR) + +MANDIR=$(INSTALLTOP)/share/man +DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) +HTMLDIR=$(DOCDIR)/html + +# MANSUFFIX is for the benefit of anyone who may want to have a suffix +# appended after the manpage file section number. "ssl" is popular, +# resulting in files such as config.5ssl rather than config.5. +MANSUFFIX= +HTMLSUFFIX=html + + + +CROSS_COMPILE= {- $config{cross_compile_prefix} -} +CC= $(CROSS_COMPILE){- $target{cc} -} +CFLAGS={- our $cflags2 = join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}}),"-DOPENSSLDIR=\"\\\"\$(OPENSSLDIR)\\\"\"","-DENGINESDIR=\"\\\"\$(ENGINESDIR)\\\"\"") -} {- $target{cflags} -} {- $config{cflags} -} +CFLAGS_Q={- $cflags2 =~ s|([\\"])|\\$1|g; $cflags2 -} {- $config{cflags} -} +LDFLAGS= {- $target{lflags} -} +PLIB_LDFLAGS= {- $target{plib_lflags} -} +EX_LIBS= {- $target{ex_libs} -} {- $config{ex_libs} -} +LIB_CFLAGS={- $target{shared_cflag} || "" -} +LIB_LDFLAGS={- $target{shared_ldflag}." ".$config{shared_ldflag} -} +DSO_CFLAGS={- $target{shared_cflag} || "" -} +DSO_LDFLAGS=$(LIB_LDFLAGS) +BIN_CFLAGS={- $target{bin_cflags} -} + +PERL={- $config{perl} -} + +ARFLAGS= {- $target{arflags} -} +AR=$(CROSS_COMPILE){- $target{ar} || "ar" -} $(ARFLAGS) r +RANLIB= {- $target{ranlib} -} +NM= $(CROSS_COMPILE){- $target{nm} || "nm" -} +RCFLAGS={- $target{shared_rcflag} -} +RC= $(CROSS_COMPILE){- $target{rc} || "windres" -} +RM= rm -f +RMDIR= rmdir +TAR= {- $target{tar} || "tar" -} +TARFLAGS= {- $target{tarflags} -} +MAKEDEPEND={- $config{makedepprog} -} + +BASENAME= openssl +NAME= $(BASENAME)-$(VERSION) +TARFILE= ../$(NAME).tar + +# We let the C compiler driver to take care of .s files. This is done in +# order to be excused from maintaining a separate set of architecture +# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC +# gcc, then the driver will automatically translate it to -xarch=v8plus +# and pass it down to assembler. +AS=$(CC) -c +ASFLAG=$(CFLAGS) +PERLASM_SCHEME= {- $target{perlasm_scheme} -} + +# For x86 assembler: Set PROCESSOR to 386 if you want to support +# the 80386. +PROCESSOR= {- $config{processor} -} + +# We want error [and other] messages in English. Trouble is that make(1) +# doesn't pass macros down as environment variables unless there already +# was corresponding variable originally set. In other words we can only +# reassign environment variables, but not set new ones, not in portable +# manner that is. That's why we reassign several, just to be sure... +LC_ALL=C +LC_MESSAGES=C +LANG=C + +# The main targets ################################################### + +{- dependmagic('all'); -}: build_libs_nodep build_engines_nodep build_programs_nodep link-utils +{- dependmagic('build_libs'); -}: build_libs_nodep +{- dependmagic('build_engines'); -}: build_engines_nodep +{- dependmagic('build_programs'); -}: build_programs_nodep + +build_generated: $(GENERATED_MANDATORY) +build_libs_nodep: libcrypto.pc libssl.pc openssl.pc +build_engines_nodep: $(ENGINES) +build_programs_nodep: $(PROGRAMS) $(SCRIPTS) + +# Kept around for backward compatibility +build_apps build_tests: build_programs + +test: tests +{- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep link-utils + @ : {- output_off() if $disabled{tests}; "" -} + ( cd test; \ + mkdir -p test-runs; \ + SRCTOP=../$(SRCDIR) \ + BLDTOP=../$(BLDDIR) \ + RESULT_D=test-runs \ + PERL="$(PERL)" \ + EXE_EXT={- $exeext -} \ + OPENSSL_ENGINES=`cd ../$(BLDDIR)/engines; pwd` \ + OPENSSL_DEBUG_MEMORY=on \ + $(PERL) ../$(SRCDIR)/test/run_tests.pl $(TESTS) ) + @ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} + @echo "Tests are not supported with your chosen Configure options" + @ : {- output_on() if !$disabled{tests}; "" -} + +list-tests: + @ : {- output_off() if $disabled{tests}; "" -} + @SRCTOP="$(SRCDIR)" \ + $(PERL) $(SRCDIR)/test/run_tests.pl list + @ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} + @echo "Tests are not supported with your chosen Configure options" + @ : {- output_on() if !$disabled{tests}; "" -} + +install: install_sw install_ssldirs install_docs + +uninstall: uninstall_docs uninstall_sw + +libclean: + @set -e; for s in $(SHLIB_INFO); do \ + s1=`echo "$$s" | cut -f1 -d";"`; \ + s2=`echo "$$s" | cut -f2 -d";"`; \ + echo $(RM) $$s1; \ + $(RM) $$s1; \ + if [ "$$s1" != "$$s2" ]; then \ + echo $(RM) $$s2; \ + $(RM) $$s2; \ + fi; \ + done + $(RM) $(LIBS) + $(RM) *.map + +clean: libclean + $(RM) $(PROGRAMS) $(TESTPROGS) $(ENGINES) $(SCRIPTS) + $(RM) $(GENERATED) + -$(RM) `find . -name '*{- $depext -}' -a \! -path "./.git/*"` + -$(RM) `find . -name '*{- $objext -}' -a \! -path "./.git/*"` + $(RM) core + $(RM) tags TAGS doc-nits + $(RM) test/.rnd + $(RM) openssl.pc libcrypto.pc libssl.pc + -$(RM) `find . -type l -a \! -path "./.git/*"` + $(RM) $(TARFILE) + +distclean: clean + $(RM) configdata.pm + $(RM) Makefile + +# We check if any depfile is newer than Makefile and decide to +# concatenate only if that is true. +depend: + @: {- output_off() if $disabled{makedepend}; "" -} + @if egrep "^# DO NOT DELETE THIS LINE" Makefile >/dev/null && [ -z "`find $(DEPS) -newer Makefile 2>/dev/null; exit 0`" ]; then :; else \ + ( $(PERL) -pe 'exit 0 if /^# DO NOT DELETE THIS LINE.*/' < Makefile; \ + echo '# DO NOT DELETE THIS LINE -- make depend depends on it.'; \ + echo; \ + for f in $(DEPS); do \ + if [ -f $$f ]; then cat $$f; fi; \ + done ) > Makefile.new; \ + if cmp Makefile.new Makefile >/dev/null 2>&1; then \ + rm -f Makefile.new; \ + else \ + mv -f Makefile.new Makefile; \ + fi; \ + fi + @: {- output_on() if $disabled{makedepend}; "" -} + +# Install helper targets ############################################# + +install_sw: all install_dev install_engines install_runtime + +uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev + +install_docs: install_man_docs install_html_docs + +uninstall_docs: uninstall_man_docs uninstall_html_docs + $(RM) -r -v $(DESTDIR)$(DOCDIR) + +install_ssldirs: + @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/certs + @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/private + @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/misc + @set -e; for x in dummy $(MISC_SCRIPTS); do \ + if [ "$$x" = "dummy" ]; then continue; fi; \ + fn=`basename $$x`; \ + echo "install $$x -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ + cp $$x $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \ + chmod 755 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \ + mv -f $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new \ + $(DESTDIR)$(OPENSSLDIR)/misc/$$fn; \ + done + @echo "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist" + @cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new + @chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new + @mv -f $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist + @if ! [ -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf" ]; then \ + echo "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \ + cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \ + chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \ + fi + +install_dev: + @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) + @echo "*** Installing development files" + @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/include/openssl + @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -} + @echo "install $(SRCDIR)/ms/applink.c -> $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" + @cp $(SRCDIR)/ms/applink.c $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c + @chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c + @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -} + @set -e; for i in $(SRCDIR)/include/openssl/*.h \ + $(BLDDIR)/include/openssl/*.h; do \ + fn=`basename $$i`; \ + echo "install $$i -> $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ + cp $$i $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \ + chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \ + done + @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR) + @set -e; for l in $(INSTALL_LIBS); do \ + fn=`basename $$l`; \ + echo "install $$l -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn"; \ + cp $$l $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new; \ + $(RANLIB) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new; \ + chmod 644 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new; \ + mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new \ + $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn; \ + done + @ : {- output_off() if $disabled{shared}; "" -} + @set -e; for s in $(INSTALL_SHLIB_INFO); do \ + s1=`echo "$$s" | cut -f1 -d";"`; \ + s2=`echo "$$s" | cut -f2 -d";"`; \ + fn1=`basename $$s1`; \ + fn2=`basename $$s2`; \ + : {- output_off() if windowsdll(); "" -}; \ + echo "install $$s1 -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1"; \ + cp $$s1 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1.new; \ + chmod 755 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1.new; \ + mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1.new \ + $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1; \ + if [ "$$fn1" != "$$fn2" ]; then \ + echo "link $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2 -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1"; \ + ln -sf $$fn1 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2; \ + fi; \ + : {- output_on() if windowsdll(); "" -}{- output_off() unless windowsdll(); "" -}; \ + echo "install $$s2 -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2"; \ + cp $$s2 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2.new; \ + chmod 755 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2.new; \ + mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2.new \ + $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2; \ + : {- output_on() unless windowsdll(); "" -}; \ + done + @ : {- output_on() if $disabled{shared}; "" -} + @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig + @echo "install libcrypto.pc -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc" + @cp libcrypto.pc $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig + @chmod 644 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc + @echo "install libssl.pc -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc" + @cp libssl.pc $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig + @chmod 644 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc + @echo "install openssl.pc -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc" + @cp openssl.pc $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig + @chmod 644 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc + +uninstall_dev: + @echo "*** Uninstalling development files" + @ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -} + @echo "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" + @$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c + @ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -} + @set -e; for i in $(SRCDIR)/include/openssl/*.h \ + $(BLDDIR)/include/openssl/*.h; do \ + fn=`basename $$i`; \ + echo "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ + $(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \ + done + -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include/openssl + -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include + @set -e; for l in $(INSTALL_LIBS); do \ + fn=`basename $$l`; \ + echo "$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn"; \ + $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn; \ + done + @ : {- output_off() if $disabled{shared}; "" -} + @set -e; for s in $(INSTALL_SHLIB_INFO); do \ + s1=`echo "$$s" | cut -f1 -d";"`; \ + s2=`echo "$$s" | cut -f2 -d";"`; \ + fn1=`basename $$s1`; \ + fn2=`basename $$s2`; \ + : {- output_off() if windowsdll(); "" -}; \ + echo "$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1"; \ + $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn1; \ + if [ "$$fn1" != "$$fn2" ]; then \ + echo "$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2"; \ + $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2; \ + fi; \ + : {- output_on() if windowsdll(); "" -}{- output_off() unless windowsdll(); "" -}; \ + echo "$(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2"; \ + $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn2; \ + : {- output_on() unless windowsdll(); "" -}; \ + done + @ : {- output_on() if $disabled{shared}; "" -} + $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc + $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc + $(RM) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc + -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/pkgconfig + -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/$(LIBDIR) + +install_engines: + @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) + @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(ENGINESDIR)/ + @echo "*** Installing engines" + @set -e; for e in dummy $(INSTALL_ENGINES); do \ + if [ "$$e" = "dummy" ]; then continue; fi; \ + fn=`basename $$e`; \ + echo "install $$e -> $(DESTDIR)$(ENGINESDIR)/$$fn"; \ + cp $$e $(DESTDIR)$(ENGINESDIR)/$$fn.new; \ + chmod 755 $(DESTDIR)$(ENGINESDIR)/$$fn.new; \ + mv -f $(DESTDIR)$(ENGINESDIR)/$$fn.new \ + $(DESTDIR)$(ENGINESDIR)/$$fn; \ + done + +uninstall_engines: + @echo "*** Uninstalling engines" + @set -e; for e in dummy $(INSTALL_ENGINES); do \ + if [ "$$e" = "dummy" ]; then continue; fi; \ + fn=`basename $$e`; \ + if [ "$$fn" = '{- dso("ossltest") -}' ]; then \ + continue; \ + fi; \ + echo "$(RM) $(DESTDIR)$(ENGINESDIR)/$$fn"; \ + $(RM) $(DESTDIR)$(ENGINESDIR)/$$fn; \ + done + -$(RMDIR) $(DESTDIR)$(ENGINESDIR) + +install_runtime: + @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) + @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin + @ : {- output_off() if windowsdll(); "" -} + @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/$(LIBDIR) + @ : {- output_on() if windowsdll(); "" -} + @echo "*** Installing runtime files" + @set -e; for s in dummy $(INSTALL_SHLIBS); do \ + if [ "$$s" = "dummy" ]; then continue; fi; \ + fn=`basename $$s`; \ + : {- output_off() unless windowsdll(); "" -}; \ + echo "install $$s -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ + cp $$s $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ + chmod 644 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ + mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \ + $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + : {- output_on() unless windowsdll(); "" -}{- output_off() if windowsdll(); "" -}; \ + echo "install $$s -> $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn"; \ + cp $$s $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new; \ + chmod 755 $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new; \ + mv -f $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn.new \ + $(DESTDIR)$(INSTALLTOP)/$(LIBDIR)/$$fn; \ + : {- output_on() if windowsdll(); "" -}; \ + done + @set -e; for x in dummy $(INSTALL_PROGRAMS); do \ + if [ "$$x" = "dummy" ]; then continue; fi; \ + fn=`basename $$x`; \ + echo "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ + cp $$x $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ + chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ + mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \ + $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + done + @set -e; for x in dummy $(BIN_SCRIPTS); do \ + if [ "$$x" = "dummy" ]; then continue; fi; \ + fn=`basename $$x`; \ + echo "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ + cp $$x $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ + chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ + mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \ + $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + done + +uninstall_runtime: + @echo "*** Uninstalling runtime files" + @set -e; for x in dummy $(INSTALL_PROGRAMS); \ + do \ + if [ "$$x" = "dummy" ]; then continue; fi; \ + fn=`basename $$x`; \ + echo "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ + $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + done; + @set -e; for x in dummy $(BIN_SCRIPTS); \ + do \ + if [ "$$x" = "dummy" ]; then continue; fi; \ + fn=`basename $$x`; \ + echo "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ + $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + done + @ : {- output_off() unless windowsdll(); "" -} + @set -e; for s in dummy $(INSTALL_SHLIBS); do \ + if [ "$$s" = "dummy" ]; then continue; fi; \ + fn=`basename $$s`; \ + echo "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ + $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ + done + @ : {- output_on() unless windowsdll(); "" -} + -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin + + +install_man_docs: + @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) + @echo "*** Installing manpages" + $(PERL) $(SRCDIR)/util/process_docs.pl \ + --destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX) + +uninstall_man_docs: + @echo "*** Uninstalling manpages" + $(PERL) $(SRCDIR)/util/process_docs.pl \ + --destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX) \ + --remove + +install_html_docs: + @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) + @echo "*** Installing HTML manpages" + $(PERL) $(SRCDIR)/util/process_docs.pl \ + --destdir=$(DESTDIR)$(HTMLDIR) --type=html + +uninstall_html_docs: + @echo "*** Uninstalling manpages" + $(PERL) $(SRCDIR)/util/process_docs.pl \ + --destdir=$(DESTDIR)$(HTMLDIR) --type=html --remove + + +# Developer targets (note: these are only available on Unix) ######### + +update: generate errors ordinals + +generate: generate_apps generate_crypto_bn generate_crypto_objects \ + generate_crypto_conf generate_crypto_asn1 + +doc-nits: + (cd $(SRCDIR); $(PERL) util/find-doc-nits -n ) >doc-nits + if [ -s doc-nits ] ; then cat doc-nits; rm doc-nits ; exit 1; fi + +# Test coverage is a good idea for the future +#coverage: $(PROGRAMS) $(TESTPROGRAMS) +# ... + +lint: + lint -DLINT $(INCLUDES) $(SRCS) + +generate_apps: + ( cd $(SRCDIR); $(PERL) VMS/VMSify-conf.pl \ + < apps/openssl.cnf > apps/openssl-vms.cnf ) + +generate_crypto_bn: + ( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h ) + +generate_crypto_objects: + ( cd $(SRCDIR); $(PERL) crypto/objects/objects.pl \ + crypto/objects/objects.txt \ + crypto/objects/obj_mac.num \ + include/openssl/obj_mac.h ) + ( cd $(SRCDIR); $(PERL) crypto/objects/obj_dat.pl \ + include/openssl/obj_mac.h \ + crypto/objects/obj_dat.h ) + ( cd $(SRCDIR); $(PERL) crypto/objects/objxref.pl \ + crypto/objects/obj_mac.num \ + crypto/objects/obj_xref.txt \ + > crypto/objects/obj_xref.h ) + +generate_crypto_conf: + ( cd $(SRCDIR); $(PERL) crypto/conf/keysets.pl \ + > crypto/conf/conf_def.h ) + +generate_crypto_asn1: + ( cd $(SRCDIR); $(PERL) crypto/asn1/charmap.pl \ + > crypto/asn1/charmap.h ) + +errors: + ( cd $(SRCDIR); $(PERL) util/ck_errf.pl -strict */*.c */*/*.c ) + ( cd $(SRCDIR); $(PERL) util/mkerr.pl -recurse -write ) + ( cd $(SRCDIR)/engines; \ + for e in *.ec; do \ + $(PERL) ../util/mkerr.pl -conf $$e \ + -nostatic -staticloader -write *.c; \ + done ) + +ordinals: + ( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b util/mkdef.pl crypto update ) + ( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b util/mkdef.pl ssl update ) + +test_ordinals: + ( cd test; \ + SRCTOP=../$(SRCDIR) \ + BLDTOP=../$(BLDDIR) \ + $(PERL) ../$(SRCDIR)/test/run_tests.pl test_ordinals ) + +tags TAGS: FORCE + rm -f TAGS tags + -ctags -R . + -etags `find . -name '*.[ch]' -o -name '*.pm'` + +# Release targets (note: only available on Unix) ##################### + +# If your tar command doesn't support --owner and --group, make sure to +# use one that does, for example GNU tar +TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0 --group 0 -cvf - +PREPARE_CMD=: +tar: + set -e; \ + TMPDIR=/var/tmp/openssl-copy.$$$$; \ + DISTDIR=$(NAME); \ + mkdir -p $$TMPDIR/$$DISTDIR; \ + (cd $(SRCDIR); \ + git ls-tree -r --name-only --full-tree HEAD \ + | grep -v '^fuzz/corpora' \ + | while read F; do \ + mkdir -p $$TMPDIR/$$DISTDIR/`dirname $$F`; \ + cp $$F $$TMPDIR/$$DISTDIR/$$F; \ + done); \ + (cd $$TMPDIR/$$DISTDIR; \ + $(PREPARE_CMD); \ + find . -type d -print | xargs chmod 755; \ + find . -type f -print | xargs chmod a+r; \ + find . -type f -perm -0100 -print | xargs chmod a+x); \ + (cd $$TMPDIR; $(TAR_COMMAND) $$DISTDIR) \ + | (cd $(SRCDIR); gzip --best > $(TARFILE).gz); \ + rm -rf $$TMPDIR + cd $(SRCDIR); ls -l $(TARFILE).gz + +dist: + @$(MAKE) PREPARE_CMD='$(PERL) ./Configure dist' tar + +# Helper targets ##################################################### + +link-utils: $(BLDDIR)/util/opensslwrap.sh + +$(BLDDIR)/util/opensslwrap.sh: configdata.pm + @if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \ + mkdir -p "$(BLDDIR)/util"; \ + ln -sf "../$(SRCDIR)/util/opensslwrap.sh" "$(BLDDIR)/util"; \ + fi + +FORCE: + +# Building targets ################################################### + +libcrypto.pc libssl.pc openssl.pc: configdata.pm $(LIBS) {- join(" ",map { shlib_simple($_) } @{$unified_info{libraries}}) -} +libcrypto.pc: + @ ( echo 'prefix=$(INSTALLTOP)'; \ + echo 'exec_prefix=$${prefix}'; \ + echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ + echo 'includedir=$${prefix}/include'; \ + echo 'enginesdir=$${libdir}/engines-{- $sover -}'; \ + echo ''; \ + echo 'Name: OpenSSL-libcrypto'; \ + echo 'Description: OpenSSL cryptography library'; \ + echo 'Version: '$(VERSION); \ + echo 'Libs: -L$${libdir} -lcrypto'; \ + echo 'Libs.private: $(EX_LIBS)'; \ + echo 'Cflags: -I$${includedir}' ) > libcrypto.pc + +libssl.pc: + @ ( echo 'prefix=$(INSTALLTOP)'; \ + echo 'exec_prefix=$${prefix}'; \ + echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ + echo 'includedir=$${prefix}/include'; \ + echo ''; \ + echo 'Name: OpenSSL-libssl'; \ + echo 'Description: Secure Sockets Layer and cryptography libraries'; \ + echo 'Version: '$(VERSION); \ + echo 'Requires.private: libcrypto'; \ + echo 'Libs: -L$${libdir} -lssl'; \ + echo 'Libs.private: $(EX_LIBS)'; \ + echo 'Cflags: -I$${includedir}' ) > libssl.pc + +openssl.pc: + @ ( echo 'prefix=$(INSTALLTOP)'; \ + echo 'exec_prefix=$${prefix}'; \ + echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ + echo 'includedir=$${prefix}/include'; \ + echo ''; \ + echo 'Name: OpenSSL'; \ + echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \ + echo 'Version: '$(VERSION); \ + echo 'Requires: libssl libcrypto' ) > openssl.pc + +configdata.pm: $(SRCDIR)/Configure $(SRCDIR)/config {- join(" ", @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -} + @echo "Detected changed: $?" + @echo "Reconfiguring..." + $(PERL) $(SRCDIR)/Configure reconf + @echo "**************************************************" + @echo "*** ***" + @echo "*** Please run the same make command again ***" + @echo "*** ***" + @echo "**************************************************" + @false + +{- + use File::Basename; + use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/; + + # Helper function to figure out dependencies on libraries + # It takes a list of library names and outputs a list of dependencies + sub compute_lib_depends { + if ($disabled{shared}) { + return map { $_.$libext } @_; + } + + # Depending on shared libraries: + # On Windows POSIX layers, we depend on {libname}.dll.a + # On Unix platforms, we depend on {shlibname}.so + return map { shlib_simple($_) } @_; + } + + sub generatesrc { + my %args = @_; + my $generator = join(" ", @{$args{generator}}); + my $generator_incs = join("", map { " -I".$_ } @{$args{generator_incs}}); + my $incs = join("", map { " -I".$_ } @{$args{incs}}); + my $deps = join(" ", @{$args{generator_deps}}, @{$args{deps}}); + + if ($args{src} !~ /\.[sS]$/) { + if ($args{generator}->[0] =~ m|^.*\.in$|) { + my $dofile = abs2rel(rel2abs(catfile($config{sourcedir}, + "util", "dofile.pl")), + rel2abs($config{builddir})); + return <<"EOF"; +$args{src}: $args{generator}->[0] $deps + \$(PERL) "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\ + "-o$target{build_file}" $generator > \$@ +EOF + } else { + return <<"EOF"; +$args{src}: $args{generator}->[0] $deps + \$(PERL)$generator_incs $generator > \$@ +EOF + } + } else { + if ($args{generator}->[0] =~ /\.pl$/) { + $generator = 'CC="$(CC)" $(PERL)'.$generator_incs.' '.$generator; + } elsif ($args{generator}->[0] =~ /\.m4$/) { + $generator = 'm4 -B 8192'.$generator_incs.' '.$generator.' >' + } elsif ($args{generator}->[0] =~ /\.S$/) { + $generator = undef; + } else { + die "Generator type for $args{src} unknown: $generator\n"; + } + + if (defined($generator)) { + # If the target is named foo.S in build.info, we want to + # end up generating foo.s in two steps. + if ($args{src} =~ /\.S$/) { + (my $target = $args{src}) =~ s|\.S$|.s|; + return <<"EOF"; +$target: $args{generator}->[0] $deps + ( trap "rm -f \$@.*" INT 0; \\ + $generator \$@.S; \\ + \$(CC) $incs \$(CFLAGS) -E \$@.S | \\ + \$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@.i && \\ + mv -f \$@.i \$@ ) +EOF + } + # Otherwise.... + return <<"EOF"; +$args{src}: $args{generator}->[0] $deps + $generator \$@ +EOF + } + return <<"EOF"; +$args{src}: $args{generator}->[0] $deps + \$(CC) $incs \$(CFLAGS) -E \$< | \\ + \$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@ +EOF + } + } + + # Should one wonder about the end of the Perl snippet, it's because this + # second regexp eats up line endings as well, if the removed path is the + # last in the line. We may therefore need to put back a line ending. + sub src2obj { + my %args = @_; + my $obj = $args{obj}; + my @srcs = map { if ($unified_info{generate}->{$_}) { + (my $x = $_) =~ s/\.S$/.s/; $x + } else { + $_ + } + } ( @{$args{srcs}} ); + my $srcs = join(" ", @srcs); + my $deps = join(" ", @srcs, @{$args{deps}}); + my $incs = join("", map { " -I".$_ } @{$args{incs}}); + unless ($disabled{zlib}) { + if ($withargs{zlib_include}) { + $incs .= " -I".$withargs{zlib_include}; + } + } + my $ecflags = { lib => '$(LIB_CFLAGS)', + dso => '$(DSO_CFLAGS)', + bin => '$(BIN_CFLAGS)' } -> {$args{intent}}; + my $makedepprog = $config{makedepprog}; + my $recipe = <<"EOF"; +$obj$objext: $deps +EOF + if (!$disabled{makedepend} && $makedepprog !~ /\/makedepend/) { + $recipe .= <<"EOF"; + \$(CC) $incs \$(CFLAGS) $ecflags -MMD -MF $obj$depext.tmp -MT \$\@ -c -o \$\@ $srcs + \@touch $obj$depext.tmp + \@if cmp $obj$depext.tmp $obj$depext > /dev/null 2> /dev/null; then \\ + rm -f $obj$depext.tmp; \\ + else \\ + mv $obj$depext.tmp $obj$depext; \\ + fi +EOF + } else { + $recipe .= <<"EOF"; + \$(CC) $incs \$(CFLAGS) $ecflags -c -o \$\@ $srcs +EOF + if (!$disabled{makedepend} && $makedepprog =~ /\/makedepend/) { + $recipe .= <<"EOF"; + -\$(MAKEDEPEND) -f- -o"|\$\@" -- $incs \$(CFLAGS) $ecflags -- $srcs \\ + >$obj$depext.tmp 2>/dev/null + -\$(PERL) -i -pe 's/^.*\\|//; s/ \\/(\\\\.|[^ ])*//; \$\$_ = undef if (/: *\$\$/ || /^(#.*| *)\$\$/); \$\$_.="\\n" unless !defined(\$\$_) or /\\R\$\$/g;' $obj$depext.tmp + \@if cmp $obj$depext.tmp $obj$depext > /dev/null 2> /dev/null; then \\ + rm -f $obj$depext.tmp; \\ + else \\ + mv $obj$depext.tmp $obj$depext; \\ + fi +EOF + } + } + return $recipe; + } + # On Unix, we build shlibs from static libs, so we're ignoring the + # object file array. We *know* this routine is only called when we've + # configure 'shared'. + sub libobj2shlib { + my %args = @_; + my $lib = $args{lib}; + my $shlib = $args{shlib}; + my $libd = dirname($lib); + my $libn = basename($lib); + (my $libname = $libn) =~ s/^lib//; + my $linklibs = join("", map { my $d = dirname($_); + my $f = basename($_); + (my $l = $f) =~ s/^lib//; + " -L$d -l$l" } @{$args{deps}}); + my $deps = join(" ",compute_lib_depends(@{$args{deps}})); + my $shlib_target = $target{shared_target}; + my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : ""; + my $target = shlib_simple($lib); + my $target_full = shlib($lib); + return <<"EOF" +# With a build on a Windows POSIX layer (Cygwin or Mingw), we know for a fact +# that two files get produced, {shlibname}.dll and {libname}.dll.a. +# With all other Unix platforms, we often build a shared library with the +# SO version built into the file name and a symlink without the SO version +# It's not necessary to have both as targets. The choice falls on the +# simplest, {libname}$shlibextimport for Windows POSIX layers and +# {libname}$shlibextsimple for the Unix platforms. +$target: $lib$libext $deps $ordinalsfile + \$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\ + PLATFORM=\$(PLATFORM) \\ + PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$libd" \\ + INSTALLTOP='\$(INSTALLTOP)' LIBDIR='\$(LIBDIR)' \\ + LIBDEPS='\$(PLIB_LDFLAGS) '"$linklibs"' \$(EX_LIBS)' \\ + LIBNAME=$libname SHLIBVERSION=\$(SHLIB_MAJOR).\$(SHLIB_MINOR) \\ + STLIBNAME=$lib$libext \\ + SHLIBNAME=$target SHLIBNAME_FULL=$target_full \\ + CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(LIB_CFLAGS)' \\ + LDFLAGS='\$(LDFLAGS)' SHARED_LDFLAGS='\$(LIB_LDFLAGS)' \\ + RC='\$(RC)' SHARED_RCFLAGS='\$(RCFLAGS)' \\ + link_shlib.$shlib_target +EOF + . (windowsdll() ? <<"EOF" : ""); + rm -f apps/$shlib$shlibext + rm -f test/$shlib$shlibext + cp -p $shlib$shlibext apps/ + cp -p $shlib$shlibext test/ +EOF + } + sub obj2dso { + my %args = @_; + my $dso = $args{lib}; + my $dsod = dirname($dso); + my $dson = basename($dso); + my $shlibdeps = join("", map { my $d = dirname($_); + my $f = basename($_); + (my $l = $f) =~ s/^lib//; + " -L$d -l$l" } @{$args{deps}}); + my $deps = join(" ",compute_lib_depends(@{$args{deps}})); + my $shlib_target = $target{shared_target}; + my $objs = join(" ", map { $_.$objext } @{$args{objs}}); + my $target = dso($dso); + return <<"EOF"; +$target: $objs $deps + \$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\ + PLATFORM=\$(PLATFORM) \\ + PERL="\$(PERL)" SRCDIR='\$(SRCDIR)' DSTDIR="$dsod" \\ + LIBDEPS='\$(PLIB_LDFLAGS) '"$shlibdeps"' \$(EX_LIBS)' \\ + SHLIBNAME_FULL=$target LDFLAGS='\$(LDFLAGS)' \\ + CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(DSO_CFLAGS)' \\ + SHARED_LDFLAGS='\$(DSO_LDFLAGS)' \\ + LIBEXTRAS="$objs" \\ + link_dso.$shlib_target +EOF + } + sub obj2lib { + my %args = @_; + my $lib = $args{lib}; + my $objs = join(" ", map { $_.$objext } @{$args{objs}}); + return <<"EOF"; +$lib$libext: $objs + \$(AR) \$\@ \$\? + \$(RANLIB) \$\@ || echo Never mind. +EOF + } + sub obj2bin { + my %args = @_; + my $bin = $args{bin}; + my $bind = dirname($bin); + my $binn = basename($bin); + my $objs = join(" ", map { $_.$objext } @{$args{objs}}); + my $deps = join(" ",compute_lib_depends(@{$args{deps}})); + my $linklibs = join("", map { my $d = dirname($_); + my $f = basename($_); + $d = "." if $d eq $f; + (my $l = $f) =~ s/^lib//; + " -L$d -l$l" } @{$args{deps}}); + my $shlib_target = $disabled{shared} ? "" : $target{shared_target}; + return <<"EOF"; +$bin$exeext: $objs $deps + \$(RM) $bin$exeext + \$(MAKE) -f \$(SRCDIR)/Makefile.shared -e \\ + PERL="\$(PERL)" SRCDIR=\$(SRCDIR) \\ + APPNAME=$bin$exeext OBJECTS="$objs" \\ + LIBDEPS='\$(PLIB_LDFLAGS) '"$linklibs"' \$(EX_LIBS)' \\ + CC='\$(CC)' CFLAGS='\$(CFLAGS) \$(BIN_CFLAGS)' \\ + LDFLAGS='\$(LDFLAGS)' \\ + link_app.$shlib_target +EOF + } + sub in2script { + my %args = @_; + my $script = $args{script}; + my $sources = join(" ", @{$args{sources}}); + my $dofile = abs2rel(rel2abs(catfile($config{sourcedir}, + "util", "dofile.pl")), + rel2abs($config{builddir})); + return <<"EOF"; +$script: $sources + \$(PERL) "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\ + "-o$target{build_file}" $sources > "$script" + chmod a+x $script +EOF + } + sub generatedir { + my %args = @_; + my $dir = $args{dir}; + my @deps = map { s|\.o$|$objext|; $_ } @{$args{deps}}; + my @actions = (); + my %extinfo = ( dso => $dsoext, + lib => $libext, + bin => $exeext ); + + foreach my $type (("dso", "lib", "bin", "script")) { + next unless defined($unified_info{dirinfo}->{$dir}->{products}->{$type}); + # For lib object files, we could update the library. However, it + # was decided that it's enough to build the directory local object + # files, so we don't need to add any actions, and the dependencies + # are already taken care of. + if ($type ne "lib") { + foreach my $prod (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) { + if (dirname($prod) eq $dir) { + push @deps, $prod.$extinfo{$type}; + } else { + push @actions, "\t@ : No support to produce $type ".join(", ", @{$unified_info{dirinfo}->{$dir}->{products}->{$type}}); + } + } + } + } + + my $deps = join(" ", @deps); + my $actions = join("\n", "", @actions); + return <<"EOF"; +$args{dir} $args{dir}/: $deps$actions +EOF + } + "" # Important! This becomes part of the template result. +-} diff --git a/third_party/openssl/Configurations/unix-checker.pm b/third_party/openssl/Configurations/unix-checker.pm new file mode 100644 index 0000000000..b39b0eb7cb --- /dev/null +++ b/third_party/openssl/Configurations/unix-checker.pm @@ -0,0 +1,22 @@ +#! /usr/bin/perl + +use Config; + +# Check that the perl implementation file modules generate paths that +# we expect for the platform +use File::Spec::Functions qw(:DEFAULT rel2abs); + +if (rel2abs('.') !~ m|/|) { + die <[2] eq "VC-W32" ? + "ProgramFiles(x86)" : "ProgramW6432"; + my $win_commonenv = + $target{build_scheme}->[2] eq "VC-W32" + ? "CommonProgramFiles(x86)" : "CommonProgramW6432"; + our $win_installroot = + defined($ENV{$win_installenv}) + ? $win_installenv : 'ProgramFiles'; + our $win_commonroot = + defined($ENV{$win_commonenv}) + ? $win_commonenv : 'CommonProgramFiles'; + + # expand variables early + $win_installroot = $ENV{$win_installroot}; + $win_commonroot = $ENV{$win_commonroot}; + + sub shlib { + return () if $disabled{shared}; + my $lib = shift; + return $unified_info{sharednames}->{$lib} . $shlibext; + } + + sub shlib_import { + return () if $disabled{shared}; + my $lib = shift; + return $lib . $shlibextimport; + } + + sub dso { + my $dso = shift; + + return $dso . $dsoext; + } + # This makes sure things get built in the order they need + # to. You're welcome. + sub dependmagic { + my $target = shift; + + return "$target: build_generated\n\t\$(MAKE) depend && \$(MAKE) _$target\n_$target"; + } + ''; +-} + +PLATFORM={- $config{target} -} +SRCDIR={- $config{sourcedir} -} +BLDDIR={- $config{builddir} -} + +VERSION={- $config{version} -} +MAJOR={- $config{major} -} +MINOR={- $config{minor} -} + +SHLIB_VERSION_NUMBER={- $config{shlib_version_number} -} + +LIBS={- join(" ", map { $_.$libext } @{$unified_info{libraries}}) -} +SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{libraries}}) -} +SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{libraries}}) -} +ENGINES={- join(" ", map { dso($_) } @{$unified_info{engines}}) -} +ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; dso($_) } @{$unified_info{engines}}) -} +PROGRAMS={- our @PROGRAMS = map { $_.$exeext } @{$unified_info{programs}}; join(" ", @PROGRAMS) -} +PROGRAMPDBS={- join(" ", map { $_.".pdb" } @{$unified_info{programs}}) -} +SCRIPTS={- join(" ", @{$unified_info{scripts}}) -} +{- output_off() if $disabled{makedepend}; "" -} +DEPS={- join(" ", map { (my $x = $_) =~ s|\.o$|$depext|; $x; } + grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ } + keys %{$unified_info{sources}}); -} +{- output_on() if $disabled{makedepend}; "" -} +GENERATED_MANDATORY={- join(" ", @{$unified_info{depends}->{""}} ) -} +GENERATED={- join(" ", + ( map { (my $x = $_) =~ s|\.[sS]$|\.asm|; $x } + grep { defined $unified_info{generate}->{$_} } + map { @{$unified_info{sources}->{$_}} } + grep { /\.o$/ } keys %{$unified_info{sources}} ), + ( grep { /\.h$/ } keys %{$unified_info{generate}} )) -} + +INSTALL_LIBS={- join(" ", map { $_.$libext } @{$unified_info{install}->{libraries}}) -} +INSTALL_SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{install}->{libraries}}) -} +INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{install}->{libraries}}) -} +INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines}}) -} +INSTALL_ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; dso($_) } @{$unified_info{install}->{engines}}) -} +INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -} +INSTALL_PROGRAMPDBS={- join(" ", map { $_.".pdb" } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -} +{- output_off() if $disabled{apps}; "" -} +BIN_SCRIPTS=$(BLDDIR)\tools\c_rehash.pl +MISC_SCRIPTS=$(BLDDIR)\apps\CA.pl $(BLDDIR)\apps\tsget.pl +{- output_on() if $disabled{apps}; "" -} + +APPS_OPENSSL={- use File::Spec::Functions; + catfile("apps","openssl") -} + +# Do not edit these manually. Use Configure with --prefix or --openssldir +# to change this! Short explanation in the top comment in Configure +INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet + # + use File::Spec::Functions qw(:DEFAULT splitpath); + our $prefix = canonpath($config{prefix} + || "$win_installroot\\OpenSSL"); + our ($prefix_dev, $prefix_dir, $prefix_file) = + splitpath($prefix, 1); + $prefix_dev -} +INSTALLTOP_dir={- canonpath($prefix_dir) -} +OPENSSLDIR_dev={- # + # The logic here is that if no --openssldir was given, + # OPENSSLDIR will get the value from $prefix plus "/ssl". + # If --openssldir was given and the value is an absolute + # path, OPENSSLDIR will get its value without change. + # If the value from --openssldir is a relative path, + # OPENSSLDIR will get $prefix with the --openssldir + # value appended as a subdirectory. + # + use File::Spec::Functions qw(:DEFAULT splitpath); + our $openssldir = + $config{openssldir} ? + (file_name_is_absolute($config{openssldir}) ? + canonpath($config{openssldir}) + : catdir($prefix, $config{openssldir})) + : canonpath("$win_commonroot\\SSL"); + our ($openssldir_dev, $openssldir_dir, $openssldir_file) = + splitpath($openssldir, 1); + $openssldir_dev -} +OPENSSLDIR_dir={- canonpath($openssldir_dir) -} +LIBDIR={- our $libdir = $config{libdir} || "lib"; + $libdir -} +ENGINESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath); + our $enginesdir = catdir($prefix,$libdir,"engines-$sover"); + our ($enginesdir_dev, $enginesdir_dir, $enginesdir_file) = + splitpath($enginesdir, 1); + $enginesdir_dev -} +ENGINESDIR_dir={- canonpath($enginesdir_dir) -} +!IF "$(DESTDIR)" != "" +INSTALLTOP=$(DESTDIR)$(INSTALLTOP_dir) +OPENSSLDIR=$(DESTDIR)$(OPENSSLDIR_dir) +ENGINESDIR=$(DESTDIR)$(ENGINESDIR_dir) +!ELSE +INSTALLTOP=$(INSTALLTOP_dev)$(INSTALLTOP_dir) +OPENSSLDIR=$(OPENSSLDIR_dev)$(OPENSSLDIR_dir) +ENGINESDIR=$(ENGINESDIR_dev)$(ENGINESDIR_dir) +!ENDIF + +CC={- $target{cc} -} +CFLAGS={- join(" ",(map { "-D".$_} @{$target{defines}}, @{$config{defines}})) -} {- join(" ", quotify_l("-DENGINESDIR=\"$enginesdir\"", "-DOPENSSLDIR=\"$openssldir\"")) -} {- $target{cflags} -} {- $config{cflags} -} +COUTFLAG={- $target{coutflag} || "/Fo" -}$(OSSL_EMPTY) +RC={- $target{rc} || "rc" -} +RCOUTFLAG={- $target{rcoutflag} || "/fo" -}$(OSSL_EMPTY) +LD={- $target{ld} || "link" -} +LDFLAGS={- $target{lflags} -} +LDOUTFLAG={- $target{loutflag} || "/out:" -}$(OSSL_EMPTY) +EX_LIBS={- $target{ex_libs} -} +LIB_CFLAGS={- join(" ", $target{lib_cflags}, $target{shared_cflag}) || "" -} +LIB_LDFLAGS={- $target{shared_ldflag} || "" -} +DSO_CFLAGS={- join(" ", $target{dso_cflags}, $target{shared_cflag}) || "" -} +DSO_LDFLAGS={- join(" ", $target{dso_lflags}, $target{shared_ldflag}) || "" -} +BIN_CFLAGS={- $target{bin_cflags} -} +BIN_LDFLAGS={- $target{bin_lflags} -} + +PERL={- $config{perl} -} + +AR={- $target{ar} -} +ARFLAGS= {- $target{arflags} -} +AROUTFLAG={- $target{aroutflag} || "/out:" -}$(OSSL_EMPTY) + +MT={- $target{mt} -} +MTFLAGS= {- $target{mtflags} -} +MTINFLAG={- $target{mtinflag} || "-manifest " -}$(OSSL_EMPTY) +MTOUTFLAG={- $target{mtoutflag} || "-outputresource:" -}$(OSSL_EMPTY) + +AS={- $target{as} -} +ASFLAGS={- $target{asflags} -} +ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY) +PERLASM_SCHEME= {- $target{perlasm_scheme} -} + +PROCESSOR= {- $config{processor} -} + +# The main targets ################################################### + +{- dependmagic('all'); -}: build_libs_nodep build_engines_nodep build_programs_nodep +{- dependmagic('build_libs'); -}: build_libs_nodep +{- dependmagic('build_engines'); -}: build_engines_nodep +{- dependmagic('build_programs'); -}: build_programs_nodep + +build_generated: $(GENERATED_MANDATORY) +build_libs_nodep: $(LIBS) {- join(" ",map { shlib_import($_) } @{$unified_info{libraries}}) -} +build_engines_nodep: $(ENGINES) +build_programs_nodep: $(PROGRAMS) $(SCRIPTS) + +# Kept around for backward compatibility +build_apps build_tests: build_programs + +test: tests +{- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep + @rem {- output_off() if $disabled{tests}; "" -} + -mkdir $(BLDDIR)\test\test-runs + set SRCTOP=$(SRCDIR) + set BLDTOP=$(BLDDIR) + set RESULT_D=$(BLDDIR)\test\test-runs + set PERL=$(PERL) + set OPENSSL_DEBUG_MEMORY=on + "$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS) + @rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} + @echo "Tests are not supported with your chosen Configure options" + @rem {- output_on() if !$disabled{tests}; "" -} + +list-tests: + @rem {- output_off() if $disabled{tests}; "" -} + @set SRCTOP=$(SRCDIR) + @"$(PERL)" "$(SRCDIR)\test\run_tests.pl" list + @rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} + @echo "Tests are not supported with your chosen Configure options" + @rem {- output_on() if !$disabled{tests}; "" -} + +install: install_sw install_ssldirs install_docs + +uninstall: uninstall_docs uninstall_sw + +libclean: + "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """$$1.*"""; } @ARGV" $(SHLIBS) + "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """apps/$$1.*"""; } @ARGV" $(SHLIBS) + "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """test/$$1.*"""; } @ARGV" $(SHLIBS) + -del /Q /F $(LIBS) + -del /Q ossl_static.pdb + +clean: libclean + {- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) -} + -del /Q /F $(ENGINES) + -del /Q /F $(SCRIPTS) + -del /Q /F $(GENERATED) + -del /Q /S /F *.d + -del /Q /S /F *.obj + -del /Q /S /F *.pdb + -del /Q /S /F *.exp + -del /Q /S /F engines\*.ilk + -del /Q /S /F engines\*.lib + -del /Q /S /F apps\*.lib + -del /Q /S /F engines\*.manifest + -del /Q /S /F apps\*.manifest + -del /Q /S /F test\*.manifest + +distclean: clean + -del /Q /F configdata.pm + -del /Q /F makefile + +depend: + +# Install helper targets ############################################# + +install_sw: all install_dev install_engines install_runtime + +uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev + +install_docs: install_html_docs + +uninstall_docs: uninstall_html_docs + +install_ssldirs: + @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\certs" + @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\private" + @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\misc" + @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\openssl.cnf" \ + "$(OPENSSLDIR)\openssl.cnf.dist" + @IF NOT EXIST "$(OPENSSLDIR)\openssl.cnf" \ + "$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\openssl.cnf" \ + "$(OPENSSLDIR)\openssl.cnf" + @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(MISC_SCRIPTS) \ + "$(OPENSSLDIR)\misc" + +install_dev: + @if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 ) + @echo *** Installing development files + @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl" + @rem {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -} + @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \ + "$(INSTALLTOP)\include\openssl" + @rem {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -} + @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\include\openssl\*.h" \ + "$(INSTALLTOP)\include\openssl" + @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BLDDIR)\include\openssl\*.h \ + "$(INSTALLTOP)\include\openssl" + @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\$(LIBDIR)" + @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_LIBS) \ + "$(INSTALLTOP)\$(LIBDIR)" + @if "$(SHLIBS)"=="" \ + "$(PERL)" "$(SRCDIR)\util\copy.pl" ossl_static.pdb \ + "$(INSTALLTOP)\$(LIBDIR)" + +uninstall_dev: + +install_engines: + @if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 ) + @echo *** Installing engines + @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(ENGINESDIR)" + @if not "$(ENGINES)"=="" \ + "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINES) "$(ENGINESDIR)" + @if not "$(ENGINES)"=="" \ + "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINEPDBS) "$(ENGINESDIR)" + +uninstall_engines: + +install_runtime: + @if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 ) + @echo *** Installing runtime files + @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin" + @if not "$(SHLIBS)"=="" \ + "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBS) "$(INSTALLTOP)\bin" + @if not "$(SHLIBS)"=="" \ + "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBPDBS) \ + "$(INSTALLTOP)\bin" + @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMS) \ + "$(INSTALLTOP)\bin" + @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMPDBS) \ + "$(INSTALLTOP)\bin" + @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BIN_SCRIPTS) \ + "$(INSTALLTOP)\bin" + +uninstall_runtime: + +install_html_docs: + "$(PERL)" "$(SRCDIR)\util\process_docs.pl" \ + "--destdir=$(INSTALLTOP)\html" --type=html + +uninstall_html_docs: + +# Building targets ################################################### + +configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -} + @echo "Detected changed: $?" + @echo "Reconfiguring..." + "$(PERL)" "$(SRCDIR)\Configure" reconf + @echo "**************************************************" + @echo "*** ***" + @echo "*** Please run the same make command again ***" + @echo "*** ***" + @echo "**************************************************" + @exit 1 + +{- + use File::Basename; + use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/; + + # Helper function to figure out dependencies on libraries + # It takes a list of library names and outputs a list of dependencies + sub compute_lib_depends { + if ($disabled{shared}) { + return map { $_.$libext } @_; + } + return map { shlib_import($_) } @_; + } + + sub generatesrc { + my %args = @_; + (my $target = $args{src}) =~ s/\.[sS]$/.asm/; + my $generator = '"'.join('" "', @{$args{generator}}).'"'; + my $generator_incs = join("", map { " -I \"$_\"" } @{$args{generator_incs}}); + my $incs = join("", map { " /I \"$_\"" } @{$args{incs}}); + my $deps = @{$args{deps}} ? + '"'.join('" "', @{$args{generator_deps}}, @{$args{deps}}).'"' : ''; + + if ($target !~ /\.asm$/) { + if ($args{generator}->[0] =~ m|^.*\.in$|) { + my $dofile = abs2rel(rel2abs(catfile($config{sourcedir}, + "util", "dofile.pl")), + rel2abs($config{builddir})); + return <<"EOF"; +$target: "$args{generator}->[0]" $deps + "\$(PERL)" "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\ + "-o$target{build_file}" $generator > \$@ +EOF + } else { + return <<"EOF"; +$target: "$args{generator}->[0]" $deps + "\$(PERL)"$generator_incs $generator > \$@ +EOF + } + } else { + if ($args{generator}->[0] =~ /\.pl$/) { + $generator = '"$(PERL)"'.$generator_incs.' '.$generator; + } elsif ($args{generator}->[0] =~ /\.S$/) { + $generator = undef; + } else { + die "Generator type for $src unknown: $generator\n"; + } + + if (defined($generator)) { + # If the target is named foo.S in build.info, we want to + # end up generating foo.s in two steps. + if ($args{src} =~ /\.S$/) { + return <<"EOF"; +$target: "$args{generator}->[0]" $deps + set ASM=\$(AS) + $generator \$@.S + \$(CC) $incs \$(CFLAGS) /EP /C \$@.S > \$@.i && move /Y \$@.i \$@ + del /Q \$@.S +EOF + } + # Otherwise.... + return <<"EOF"; +$target: "$args{generator}->[0]" $deps + set ASM=\$(AS) + $generator \$@ +EOF + } + return <<"EOF"; +$target: "$args{generator}->[0]" $deps + \$(CC) $incs \$(CFLAGS) /EP /C "$args{generator}->[0]" > \$@.i && move /Y \$@.i \$@ +EOF + } + } + + sub src2obj { + my %args = @_; + my $obj = $args{obj}; + my @srcs = map { (my $x = $_) =~ s/\.s$/.asm/; $x + } ( @{$args{srcs}} ); + my $srcs = '"'.join('" "', @srcs).'"'; + my $deps = '"'.join('" "', @srcs, @{$args{deps}}).'"'; + my $incs = join("", map { ' /I "'.$_.'"' } @{$args{incs}}); + unless ($disabled{zlib}) { + if ($withargs{zlib_include}) { + $incs .= ' /I "'.$withargs{zlib_include}.'"'; + } + } + my $ecflags = { lib => '$(LIB_CFLAGS)', + dso => '$(DSO_CFLAGS)', + bin => '$(BIN_CFLAGS)' } -> {$args{intent}}; + my $makedepprog = $config{makedepprog}; + if ($srcs[0] =~ /\.asm$/) { + return <<"EOF"; +$obj$objext: $deps + \$(AS) \$(ASFLAGS) \$(ASOUTFLAG)\$\@ $srcs +EOF + } + return <<"EOF" if (!$disabled{makedepend}); +$obj$depext: $deps + \$(CC) \$(CFLAGS) $ecflags$inc /Zs /showIncludes $srcs 2>&1 | \\ + "\$(PERL)" -n << > $obj$depext +chomp; +s/^Note: including file: *//; +\$\$collect{\$\$_} = 1; +END { print '$obj$objext: ',join(" ", sort keys \%collect),"\\n" } +<< +$obj$objext: $obj$depext + \$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ @<< +$srcs +<< +EOF + return <<"EOF" if ($disabled{makedepend}); +$obj$objext: $deps + \$(CC) $incs \$(CFLAGS) $ecflags -c \$(COUTFLAG)\$\@ $srcs +EOF + } + + # On Unix, we build shlibs from static libs, so we're ignoring the + # object file array. We *know* this routine is only called when we've + # configure 'shared'. + sub libobj2shlib { + my %args = @_; + my $lib = $args{lib}; + my $shlib = $args{shlib}; + (my $mkdef_key = $lib) =~ s/^lib//i; + my $objs = join("\n", map { $_.$objext } @{$args{objs}}); + my $linklibs = join("", + map { "\n$_" } compute_lib_depends(@{$args{deps}})); + my $deps = join(" ", + (map { $_.$objext } @{$args{objs}}), + compute_lib_depends(@{$args{deps}})); + my $ordinalsfile = defined($args{ordinals}) ? $args{ordinals}->[1] : ""; + my $mkdef_pl = abs2rel(rel2abs(catfile($config{sourcedir}, + "util", "mkdef.pl")), + rel2abs($config{builddir})); + my $mkrc_pl = abs2rel(rel2abs(catfile($config{sourcedir}, + "util", "mkrc.pl")), + rel2abs($config{builddir})); + my $target = shlib_import($lib); + return <<"EOF" +$target: $deps "$ordinalsfile" "$mkdef_pl" + "\$(PERL)" "$mkdef_pl" "$mkdef_key" 32 > $shlib.def + "\$(PERL)" -i.tmp -pe "s|^LIBRARY\\s+${mkdef_key}32|LIBRARY $shlib|;" $shlib.def + DEL $shlib.def.tmp + "\$(PERL)" "$mkrc_pl" $shlib$shlibext > $shlib.rc + \$(RC) \$(RCOUTFLAG)$shlib.res $shlib.rc + IF EXIST $shlib$shlibext.manifest DEL /F /Q $shlib$shlibext.manifest + \$(LD) \$(LDFLAGS) \$(LIB_LDFLAGS) \\ + /implib:\$@ \$(LDOUTFLAG)$shlib$shlibext /def:$shlib.def @<< || (DEL /Q \$(\@B).* $shlib.* && EXIT 1) +$objs $shlib.res$linklibs \$(EX_LIBS) +<< + IF EXIST $shlib$shlibext.manifest \\ + \$(MT) \$(MTFLAGS) \$(MTINFLAG)$shlib$shlibext.manifest \$(MTOUTFLAG)$shlib$shlibext + IF EXIST apps\\$shlib$shlibext DEL /Q /F apps\\$shlib$shlibext + IF EXIST test\\$shlib$shlibext DEL /Q /F test\\$shlib$shlibext + COPY $shlib$shlibext apps + COPY $shlib$shlibext test +EOF + } + sub obj2dso { + my %args = @_; + my $dso = $args{lib}; + my $dso_n = basename($dso); + my $objs = join("\n", map { $_.$objext } @{$args{objs}}); + my $linklibs = join("", + map { "\n$_" } compute_lib_depends(@{$args{deps}})); + my $deps = join(" ", + (map { $_.$objext } @{$args{objs}}), + compute_lib_depends(@{$args{deps}})); + return <<"EOF"; +$dso$dsoext: $deps + IF EXIST $dso$dsoext.manifest DEL /F /Q $dso$dsoext.manifest + \$(LD) \$(LDFLAGS) \$(DSO_LDFLAGS) \$(LDOUTFLAG)$dso$dsoext /def:<< @<< +LIBRARY $dso_n +EXPORTS + bind_engine @1 + v_check @2 +<< +$objs$linklibs \$(EX_LIBS) +<< + IF EXIST $dso$dsoext.manifest \\ + \$(MT) \$(MTFLAGS) \$(MTINFLAG)$dso$dsoext.manifest \$(MTOUTFLAG)$dso$dsoext +EOF + } + sub obj2lib { + # Because static libs and import libs are both named the same in native + # Windows, we can't have both. We skip the static lib in that case, + # as the shared libs are what we use anyway. + return "" unless $disabled{"shared"}; + + my %args = @_; + my $lib = $args{lib}; + my $objs = join("\n", map { $_.$objext } @{$args{objs}}); + my $deps = join(" ", map { $_.$objext } @{$args{objs}}); + return <<"EOF"; +$lib$libext: $deps + \$(AR) \$(ARFLAGS) \$(AROUTFLAG)$lib$libext @<< +\$** +<< +EOF + } + sub obj2bin { + my %args = @_; + my $bin = $args{bin}; + my $objs = join("\n", map { $_.$objext } @{$args{objs}}); + my $linklibs = join("", + map { "\n$_" } compute_lib_depends(@{$args{deps}})); + my $deps = join(" ", + (map { $_.$objext } @{$args{objs}}), + compute_lib_depends(@{$args{deps}})); + return <<"EOF"; +$bin$exeext: $deps + IF EXIST $bin$exeext.manifest DEL /F /Q $bin$exeext.manifest + \$(LD) \$(LDFLAGS) \$(BIN_LDFLAGS) \$(LDOUTFLAG)$bin$exeext @<< +$objs setargv.obj$linklibs \$(EX_LIBS) +<< + IF EXIST $bin$exeext.manifest \\ + \$(MT) \$(MTFLAGS) \$(MTINFLAG)$bin$exeext.manifest \$(MTOUTFLAG)$bin$exeext +EOF + } + sub in2script { + my %args = @_; + my $script = $args{script}; + my $sources = '"'.join('" "', @{$args{sources}}).'"'; + my $dofile = abs2rel(rel2abs(catfile($config{sourcedir}, + "util", "dofile.pl")), + rel2abs($config{builddir})); + return <<"EOF"; +$script: $sources + "\$(PERL)" "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\ + "-o$target{build_file}" $sources > "$script" +EOF + } + sub generatedir { + my %args = @_; + my $dir = $args{dir}; + my @deps = map { s|\.o$|$objext|; $_ } @{$args{deps}}; + my @actions = (); + my %extinfo = ( dso => $dsoext, + lib => $libext, + bin => $exeext ); + + foreach my $type (("dso", "lib", "bin", "script")) { + next unless defined($unified_info{dirinfo}->{$dir}->{products}->{$type}); + # For lib object files, we could update the library. However, + # LIB on Windows doesn't work that way, so we won't create any + # actions for it, and the dependencies are already taken care of. + if ($type ne "lib") { + foreach my $prod (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) { + if (dirname($prod) eq $dir) { + push @deps, $prod.$extinfo{$type}; + } else { + push @actions, "\t@rem No support to produce $type ".join(", ", @{$unified_info{dirinfo}->{$dir}->{products}->{$type}}); + } + } + } + } + + my $deps = join(" ", @deps); + my $actions = join("\n", "", @actions); + return <<"EOF"; +$args{dir} $args{dir}\\ : $deps$actions +EOF + } + "" # Important! This becomes part of the template result. +-} diff --git a/third_party/openssl/Configure b/third_party/openssl/Configure index ac86cd6cf6..d6449636f3 100755 --- a/third_party/openssl/Configure +++ b/third_party/openssl/Configure @@ -1,45 +1,45 @@ -: -eval 'exec perl -S $0 ${1+"$@"}' - if $running_under_some_shell; -## +#! /usr/bin/env perl +# -*- mode: perl; -*- +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + ## Configure -- OpenSSL source tree configuration script -## -require 5.000; +use 5.10.0; use strict; +use File::Basename; +use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/; +use File::Path qw/mkpath/; +use if $^O ne "VMS", 'File::Glob' => qw/glob/; # see INSTALL for instructions. -my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; # Options: # -# --openssldir install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the -# --prefix option is given; /usr/local/ssl otherwise) -# --prefix prefix for the OpenSSL include, lib and bin directories -# (Default: the OPENSSLDIR directory) -# -# --install_prefix Additional prefix for package builders (empty by -# default). This needn't be set in advance, you can -# just as well use "make INSTALL_PREFIX=/whatever install". -# -# --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected -# to live in the subdirectory lib/ and the header files in -# include/. A value is required. -# --with-krb5-lib Declare where the Kerberos 5 libraries live. A value is -# required. -# (Default: KRB5_DIR/lib) -# --with-krb5-include Declare where the Kerberos 5 header files live. A -# value is required. -# (Default: KRB5_DIR/include) -# --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently -# supported values are "MIT" and "Heimdal". A value is required. -# -# --test-sanity Make a number of sanity checks on the data in this file. -# This is a debugging tool for OpenSSL developers. +# --config add the given configuration file, which will be read after +# any "Configurations*" files that are found in the same +# directory as this script. +# --prefix prefix for the OpenSSL installation, which includes the +# directories bin, lib, include, share/man, share/doc/openssl +# This becomes the value of INSTALLTOP in Makefile +# (Default: /usr/local) +# --openssldir OpenSSL data area, such as openssl.cnf, certificates and keys. +# If it's a relative directory, it will be added on the directory +# given with --prefix. +# This becomes the value of OPENSSLDIR in Makefile and in C. +# (Default: PREFIX/ssl) # # --cross-compile-prefix Add specified prefix to binutils components. # +# --api One of 0.9.8, 1.0.0 or 1.1.0. Do not compile support for +# interfaces deprecated as of the specified OpenSSL version. +# # no-hw-xxx do not compile support for specific crypto hardware. # Generic OpenSSL-style methods relating to this support # are always compiled but return NULL if the hardware @@ -49,1292 +49,985 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta # multithreaded applications (default is "threads" if we # know how to do it) # [no-]shared [don't] try to create shared libraries when supported. +# [no-]pic [don't] try to build position independent code when supported. +# If disabled, it also disables shared and dynamic-engine. # no-asm do not use assembler # no-dso do not compile in any native shared-library methods. This # will ensure that all methods just return NULL. -# no-krb5 do not compile in any KRB5 library or code. +# no-egd do not compile support for the entropy-gathering daemon APIs # [no-]zlib [don't] compile support for zlib compression. # zlib-dynamic Like "zlib", but the zlib library is expected to be a shared # library and will be loaded in run-time by the OpenSSL library. # sctp include SCTP support -# 386 generate 80386 code -# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2 +# enable-weak-ssl-ciphers +# Enable weak ciphers that are disabled by default. +# 386 generate 80386 code in assembly modules +# no-sse2 disables IA-32 SSE2 code in assembly modules, the above +# mentioned '386' option implies this one # no- build without specified algorithm (rsa, idea, rc5, ...) -# - + compiler options are passed through +# - + compiler options are passed through +# -static while -static is also a pass-through compiler option (and +# as such is limited to environments where it's actually +# meaningful), it triggers a number configuration options, +# namely no-dso, no-pic, no-shared and no-threads. It is +# argued that the only reason to produce statically linked +# binaries (and in context it means executables linked with +# -static flag, and not just executables linked with static +# libcrypto.a) is to eliminate dependency on specific run-time, +# a.k.a. libc version. The mentioned config options are meant +# to achieve just that. Unfortunately on Linux it's impossible +# to eliminate the dependency completely for openssl executable +# because of getaddrinfo and gethostbyname calls, which can +# invoke dynamically loadable library facility anyway to meet +# the lookup requests. For this reason on Linux statically +# linked openssl executable has rather debugging value than +# production quality. # # DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items # provided to stack calls. Generates unique stack functions for # each possible stack type. -# DES_PTR use pointer lookup vs arrays in the DES in crypto/des/des_locl.h -# DES_RISC1 use different DES_ENCRYPT macro that helps reduce register -# dependancies but needs to more registers, good for RISC CPU's -# DES_RISC2 A different RISC variant. -# DES_UNROLL unroll the inner DES loop, sometimes helps, somtimes hinders. -# DES_INT use 'int' instead of 'long' for DES_LONG in crypto/des/des.h -# This is used on the DEC Alpha where long is 8 bytes -# and int is 4 # BN_LLONG use the type 'long long' in crypto/bn/bn.h -# MD2_CHAR use 'char' instead of 'int' for MD2_INT in crypto/md2/md2.h -# MD2_LONG use 'long' instead of 'int' for MD2_INT in crypto/md2/md2.h -# IDEA_SHORT use 'short' instead of 'int' for IDEA_INT in crypto/idea/idea.h -# IDEA_LONG use 'long' instead of 'int' for IDEA_INT in crypto/idea/idea.h -# RC2_SHORT use 'short' instead of 'int' for RC2_INT in crypto/rc2/rc2.h -# RC2_LONG use 'long' instead of 'int' for RC2_INT in crypto/rc2/rc2.h # RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h -# RC4_LONG use 'long' instead of 'int' for RC4_INT in crypto/rc4/rc4.h -# RC4_INDEX define RC4_INDEX in crypto/rc4/rc4_locl.h. This turns on -# array lookups instead of pointer use. -# RC4_CHUNK enables code that handles data aligned at long (natural CPU -# word) boundary. -# RC4_CHUNK_LL enables code that handles data aligned at long long boundary -# (intended for 64-bit CPUs running 32-bit OS). -# BF_PTR use 'pointer arithmatic' for Blowfish (unsafe on Alpha). -# BF_PTR2 intel specific version (generic version is more efficient). -# # Following are set automatically by this script # -# MD5_ASM use some extra md5 assember, -# SHA1_ASM use some extra sha1 assember, must define L_ENDIAN for x86 -# RMD160_ASM use some extra ripemd160 assember, +# MD5_ASM use some extra md5 assembler, +# SHA1_ASM use some extra sha1 assembler, must define L_ENDIAN for x86 +# RMD160_ASM use some extra ripemd160 assembler, # SHA256_ASM sha256_block is implemented in assembler # SHA512_ASM sha512_block is implemented in assembler -# AES_ASM ASE_[en|de]crypt is implemented in assembler +# AES_ASM AES_[en|de]crypt is implemented in assembler # Minimum warning options... any contributions to OpenSSL should at least get -# past these. - -my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; - -# TODO(openssl-team): fix problems and investigate if (at least) the following -# warnings can also be enabled: -# -Wconditional-uninitialized, -Wswitch-enum, -Wunused-macros, -# -Wmissing-field-initializers, -Wmissing-variable-declarations, -# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align, -# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token -# -Wextended-offsetof -my $clang_disabled_warnings = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof"; +# past these. + +# DEBUG_UNUSED enables __owur (warn unused result) checks. +my $gcc_devteam_warn = "-DDEBUG_UNUSED" + # -DPEDANTIC complements -pedantic and is meant to mask code that + # is not strictly standard-compliant and/or implementation-specific, + # e.g. inline assembly, disregards to alignment requirements, such + # that -pedantic would complain about. Incidentally -DPEDANTIC has + # to be used even in sanitized builds, because sanitizer too is + # supposed to and does take notice of non-standard behaviour. Then + # -pedantic with pre-C9x compiler would also complain about 'long + # long' not being supported. As 64-bit algorithms are common now, + # it grew impossible to resolve this without sizeable additional + # code, so we just tell compiler to be pedantic about everything + # but 'long long' type. + . " -DPEDANTIC -pedantic -Wno-long-long" + . " -Wall" + . " -Wextra" + . " -Wno-unused-parameter" + . " -Wno-missing-field-initializers" + . " -Wsign-compare" + . " -Wmissing-prototypes" + . " -Wshadow" + . " -Wformat" + . " -Wtype-limits" + . " -Wundef" + . " -Werror" + ; # These are used in addition to $gcc_devteam_warn when the compiler is clang. # TODO(openssl-team): fix problems and investigate if (at least) the -# following warnings can also be enabled: -Wconditional-uninitialized, -# -Wswitch-enum, -Wunused-macros, -Wmissing-field-initializers, -# -Wmissing-variable-declarations, -# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align, -# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token -# -Wextended-offsetof -my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments"; +# following warnings can also be enabled: +# -Wswitch-enum +# -Wcast-align +# -Wunreachable-code +# -Wlanguage-extension-token -- no, we use asm() +# -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc +# -Wextended-offsetof -- no, needed in CMS ASN1 code +my $clang_devteam_warn = "" + . " -Qunused-arguments" + . " -Wno-language-extension-token" + . " -Wno-extended-offsetof" + . " -Wconditional-uninitialized" + . " -Wincompatible-pointer-types-discards-qualifiers" + . " -Wmissing-variable-declarations" + ; + +# This adds backtrace information to the memory leak info. Is only used +# when crypto-mdebug-backtrace is enabled. +my $memleak_devteam_backtrace = "-rdynamic"; my $strict_warnings = 0; -my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; - -# MD2_CHAR slags pentium pros -my $x86_gcc_opts="RC4_INDEX MD2_INT"; - -# MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT -# Don't worry about these normally - -my $tcc="cc"; -my $tflags="-fast -Xa"; -my $tbn_mul=""; -my $tlib="-lnsl -lsocket"; -#$bits1="SIXTEEN_BIT "; -#$bits2="THIRTY_TWO_BIT "; -my $bits1="THIRTY_TWO_BIT "; -my $bits2="SIXTY_FOUR_BIT "; - -my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o::des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:"; - -my $x86_elf_asm="$x86_asm:elf"; - -my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o:"; -my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void"; -my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o::void"; -my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o:::::::::::::void"; -my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash-alpha.o::void"; -my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::"; -my $mips32_asm=$mips64_asm; $mips32_asm =~ s/\s*sha512\-mips\.o//; -my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:"; -my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o::void"; -my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o:"; -my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32"; -my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64"; -my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o:"; -my $ppc32_asm=$ppc64_asm; -my $no_asm="::::::::::::::::void"; - # As for $BSDthreads. Idea is to maintain "collective" set of flags, -# which would cover all BSD flavors. -pthread applies to them all, +# which would cover all BSD flavors. -pthread applies to them all, # but is treated differently. OpenBSD expands is as -D_POSIX_THREAD # -lc_r, which is sufficient. FreeBSD 4.x expands it as -lc_r, # which has to be accompanied by explicit -D_THREAD_SAFE and # sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which # seems to be sufficient? -my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; - -#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $ec_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $modes_obj : $engines_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib - -my %table=( -# File 'TABLE' (created by 'make TABLE') contains the data from this list, -# formatted for better readability. - - -#"b", "${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::", -#"bl-4c-2c", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::", -#"bl-4c-ri", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::", -#"b2-is-ri-dp", "${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::", - -# Our development configs -"purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::", -"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::", -"debug-ben", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe::(unknown):::::", -"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", -"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", -"debug-ben-debug", "gcc44:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe::(unknown)::::::", -"debug-ben-debug-64", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-ben-macos", "cc:$gcc_devteam_warn -arch i386 -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::-Wl,-search_paths_first::::", -"debug-ben-macos-gcc46", "gcc-mp-4.6:$gcc_devteam_warn -Wconversion -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::", -"debug-ben-darwin64","cc:$gcc_devteam_warn -g -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"debug-ben-debug-64-clang", "clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::", -"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", -"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o::des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"dist", "cc:-O::(unknown)::::::", - -# Basic configs that should work on any (32 and less bit) box -"gcc", "gcc:-O3::(unknown):::BN_LLONG:::", -"cc", "cc:-O::(unknown)::::::", - -####VOS Configurations -"vos-gcc","gcc:-O3 -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:", -"debug-vos-gcc","gcc:-O0 -g -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:", - -#### Solaris x86 with GNU C setups -# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it -# here because whenever GNU C instantiates an assembler template it -# surrounds it with #APP #NO_APP comment pair which (at least Solaris -# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic" -# error message. -"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# -shared -static-libgcc might appear controversial, but modules taken -# from static libgcc do not have relocations and linking them into our -# shared objects doesn't have any negative side-effects. On the contrary, -# doing so makes it possible to use gcc shared build with Sun C. Given -# that gcc generates faster code [thanks to inline assembler], I would -# actually recommend to consider using gcc shared build even with vendor -# compiler:-) -# -"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", - -#### Solaris x86 with Sun C setups -"solaris-x86-cc","cc:-fast -xarch=generic -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", - -#### SPARC Solaris with GNU C setups -"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv8-gcc","gcc:-mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc -"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", -#### -"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### SPARC Solaris with Sun C setups -# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2. -# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 -# SC5.0 note: Compiler common patch 107357-01 or later is required! -"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", -#### -"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### SunOS configs, assuming sparc for the gcc one. -#"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::", -"sunos-gcc","gcc:-O3 -mcpu=v8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::", - -#### IRIX 5.x configs -# -mips2 flag is added by ./config when appropriate. -"irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"irix-cc", "cc:-O2 -use_readonly_const -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -#### IRIX 6.x configs -# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke -# './Configure irix-cc -o32' manually. -"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", -"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", -# N64 ABI builds. -"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", - -#### Unified HP-UX ANSI C configs. -# Special notes: -# - Originally we were optimizing at +O4 level. It should be noted -# that the only difference between +O3 and +O4 is global inter- -# procedural analysis. As it has to be performed during the link -# stage the compiler leaves behind certain pseudo-code in lib*.a -# which might be release or even patch level specific. Generating -# the machine code for and analyzing the *whole* program appears -# to be *extremely* memory demanding while the performance gain is -# actually questionable. The situation is intensified by the default -# HP-UX data set size limit (infamous 'maxdsiz' tunable) of 64MB -# which is way too low for +O4. In other words, doesn't +O3 make -# more sense? -# - Keep in mind that the HP compiler by default generates code -# suitable for execution on the host you're currently compiling at. -# If the toolkit is ment to be used on various PA-RISC processors -# consider './config +DAportable'. -# - +DD64 is chosen in favour of +DA2.0W because it's meant to be -# compatible with *future* releases. -# - If you run ./Configure hpux-parisc-[g]cc manually don't forget to -# pass -D_REENTRANT on HP-UX 10 and later. -# - -DMD32_XARRAY triggers workaround for compiler bug we ran into in -# 32-bit message digests. (For the moment of this writing) HP C -# doesn't seem to "digest" too many local variables (they make "him" -# chew forever:-). For more details look-up MD32_XARRAY comment in -# crypto/sha/sha_lcl.h. -# -# -# Since there is mention of this in shlib/hpux10-cc.sh -"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc1_1-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${parisc11_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1", -"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32", -"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o:::::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64", - -# More attempts at unified 10.X and 11.X targets for HP C compiler. -# -# Chris Ruemmler -# Kevin Steves -"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc1_1-cc","cc:+DA1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc11_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1", -"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32", -"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc20_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64", - -# HP/UX IA-64 targets -"hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32", -# Frank Geurts has patiently assisted with -# with debugging of the following config. -"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64", -# GCC builds... -"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32", -"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64", - -# Legacy HPUX 9.X configs... -"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### HP MPE/iX http://jazz.external.hp.com/src/openssl/ -"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", - -# DEC Alpha OSF/1/Tru64 targets. -# -# "What's in a name? That which we call a rose -# By any other word would smell as sweet." -# -# - William Shakespeare, "Romeo & Juliet", Act II, scene II. -# -# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version -# -"osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", -"osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", -"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", - -#### -#### Variety of LINUX:-) -#### -# *-generic* is endian-neutral target, but ./config is free to -# throw in -D[BL]_ENDIAN, whichever appropriate... -"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -####################################################################### -# Note that -march is not among compiler options in below linux-armv4 -# target line. Not specifying one is intentional to give you choice to: -# -# a) rely on your compiler default by not specifying one; -# b) specify your target platform explicitly for optimal performance, -# e.g. -march=armv6 or -march=armv7-a; -# c) build "universal" binary that targets *range* of platforms by -# specifying minimum and maximum supported architecture; -# -# As for c) option. It actually makes no sense to specify maximum to be -# less than ARMv7, because it's the least requirement for run-time -# switch between platform-specific code paths. And without run-time -# switch performance would be equivalent to one for minimum. Secondly, -# there are some natural limitations that you'd have to accept and -# respect. Most notably you can *not* build "universal" binary for -# big-endian platform. This is because ARMv7 processor always picks -# instructions in little-endian order. Another similar limitation is -# that -mthumb can't "cross" -march=armv6t2 boundary, because that's -# where it became Thumb-2. Well, this limitation is a bit artificial, -# because it's not really impossible, but it's deemed too tricky to -# support. And of course you have to be sure that your binutils are -# actually up to the task of handling maximum target platform. With all -# this in mind here is an example of how to configure "universal" build: -# -# ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 -# -"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# Configure script adds minimally required -march for assembly support, -# if no -march was specified at command line. mips32 and mips64 below -# refer to contemporary MIPS Architecture specifications, MIPS32 and -# MIPS64, rather than to kernel bitness. -"linux-mips32", "gcc:-mabi=32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-mips64", "gcc:-mabi=n32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", -"linux64-mips64", "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -#### IA-32 targets... -"linux-ia32-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", -#### -"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-ppc64le","gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", -"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"debug-linux-x86_64-clang", "clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", -"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -#### So called "highgprs" target for z/Architecture CPUs -# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see -# /proc/cpuinfo. The idea is to preserve most significant bits of -# general purpose registers not only upon 32-bit process context -# switch, but even on asynchronous signal delivery to such process. -# This makes it possible to deploy 64-bit instructions even in legacy -# application context and achieve better [or should we say adequate] -# performance. The build is binary compatible with linux-generic32, -# and the idea is to be able to install the resulting libcrypto.so -# alongside generic one, e.g. as /lib/highgprs/libcrypto.so.x.y, for -# ldconfig and run-time linker to autodiscover. Unfortunately it -# doesn't work just yet, because of couple of bugs in glibc -# sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1... -"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs", -#### SPARC Linux setups -# Ray Miller has patiently -# assisted with debugging of following two configs. -"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# it's a real mess with -mcpu=ultrasparc option under Linux, but -# -Wa,-Av8plus should do the trick no matter what. -"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# GCC 3.1 is a requirement -"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -#### Alpha Linux with GNU C and Compaq C setups -# Special notes: -# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you -# ought to run './Configure linux-alpha+bwx-gcc' manually, do -# complement the command line with -mcpu=ev56, -mcpu=ev6 or whatever -# which is appropriate. -# - If you use ccc keep in mind that -fast implies -arch host and the -# compiler is free to issue instructions which gonna make elder CPU -# choke. If you wish to build "blended" toolkit, add -arch generic -# *after* -fast and invoke './Configure linux-alpha-ccc' manually. -# -# -# -"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", -"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", - -# Android: linux-* but without pointers to headers and libs. -"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### *BSD [do see comment about ${BSDthreads} above!] -"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it -# simply *happens* to work around a compiler bug in gcc 3.3.3, -# triggered by RIPEMD160 code. -"BSD-sparc64", "gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-ia64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86_64", "cc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -"nextstep", "cc:-O -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", -"nextstep3.3", "cc:-O3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", - -# NCR MP-RAS UNIX ver 02.03.01 -"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::", - -# QNX -"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:", -"QNX6", "gcc:::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"QNX6-i386", "gcc:-DL_ENDIAN -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -# BeOS -"beos-x86-r5", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lnet:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC -DPIC:-shared:.so", -"beos-x86-bone", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lbind -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC:-shared:.so", - -#### SCO/Caldera targets. -# -# Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc. -# Now we only have blended unixware-* as it's the only one used by ./config. -# If you want to optimize for particular microarchitecture, bypass ./config -# and './Configure unixware-7 -Kpentium_pro' or whatever appropriate. -# Note that not all targets include assembler support. Mostly because of -# lack of motivation to support out-of-date platforms with out-of-date -# compiler drivers and assemblers. Tim Rice has -# patiently assisted to debug most of it. -# -# UnixWare 2.0x fails destest with -O. -"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", -"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", -"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}-1:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# SCO 5 - Ben Laurie says the -O breaks the SCO cc. -"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### IBM's AIX. -"aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", -"aix-gcc", "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X32", -"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64", -# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE -# at build time. $OBJECT_MODE is respected at ./config stage! -"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", -"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", +our $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; # -# Cray T90 and similar (SDSC) -# It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT -# defined. The T90 ints and longs are 8 bytes long, and apparently the -# B_ENDIAN code assumes 4 byte ints. Fortunately, the non-B_ENDIAN and -# non L_ENDIAN code aligns the bytes in each word correctly. -# -# The BIT_FIELD_LIMITS define is to avoid two fatal compiler errors: -#'Taking the address of a bit field is not allowed. ' -#'An expression with bit field exists as the operand of "sizeof" ' -# (written by Wayne Schroeder ) +# API compatibility name to version number mapping. # -# j90 is considered the base machine type for unicos machines, -# so this configuration is now called "cray-j90" ... -"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG DES_INT:::", +my $maxapi = "1.1.0"; # API for "no-deprecated" builds +my $apitable = { + "1.1.0" => "0x10100000L", + "1.0.0" => "0x10000000L", + "0.9.8" => "0x00908000L", +}; +our %table = (); +our %config = (); +our %withargs = (); + +# Forward declarations ############################################### + +# read_config(filename) # -# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov) -# -# The BIT_FIELD_LIMITS define was written for the C90 (it seems). I added -# another use. Basically, the problem is that the T3E uses some bit fields -# for some st_addr stuff, and then sizeof and address-of fails -# I could not use the ams/alpha.o option because the Cray assembler, 'cam' -# did not like it. -"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:::", - -# DGUX, 88100. -"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):::RC4_INDEX DES_UNROLL:::", -"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lnsl -lsocket:RC4_INDEX DES_UNROLL:::", -"dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown)::-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", - -# Sinix/ReliantUNIX RM400 -# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */ -"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${no_asm}:dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"SINIX","cc:-O::(unknown):SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::", -"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::", - -# SIEMENS BS2000/OSD: an EBCDIC-based mainframe -"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", - -# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe -# You need to compile using the c89.sh wrapper in the tools directory, because the -# IBM compiler does not like the -L switch after any object modules. -# -"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", +# Reads a configuration file and populates %table with the contents +# (which the configuration file places in %targets). +sub read_config; -# Visual C targets +# resolve_config(target) # -# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 -"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32", -"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32", -"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32", -"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32", -# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement -# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE' -"VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", -# Unified CE target -"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", -"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", - -# Borland C++ 4.5 -"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32", - -# MinGW -"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall::-D_MT:MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a", -# As for OPENSSL_USE_APPLINK. Applink makes it possible to use .dll -# compiled with one compiler with application compiled with another -# compiler. It's possible to engage Applink support in mingw64 build, -# but it's not done, because till mingw64 supports structured exception -# handling, one can't seriously consider its binaries for using with -# non-mingw64 run-time environment. And as mingw64 is always consistent -# with itself, Applink is never engaged and can as well be omitted. -"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a", - -# UWIN -"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", - -# Cygwin -"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", -"Cygwin-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -O3 -Wall:::CYGWIN::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", - -# NetWare from David Ward (dsward@novell.com) -# requires either MetroWerks NLM development tools, or gcc / nlmconv -# NetWare defaults socket bio to WinSock sockets. However, -# the builds can be configured to use BSD sockets instead. -# netware-clib => legacy CLib c-runtime support -"netware-clib", "mwccnlm::::::${x86_gcc_opts}::", -"netware-clib-bsdsock", "mwccnlm::::::${x86_gcc_opts}::", -"netware-clib-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", -"netware-clib-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", -# netware-libc => LibC/NKS support -"netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", -"netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", -"netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", -"netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", - -# DJGPP -"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", - -# Ultrix from Bernhard Simon -"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::", -"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::BN_LLONG::::", -# K&R C is no longer supported; you need gcc on old Ultrix installations -##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::", - -##### MacOS X (a.k.a. Rhapsody or Darwin) setup -"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::", -"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN -Wa,-force_cpusubtype_ALL::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:".eval{my $asm=$x86_asm;$asm=~s/cast\-586\.o//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"debug-darwin64-x86_64-cc","cc:-arch x86_64 -ggdb -g2 -O0 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -# iPhoneOS/iOS -"iphoneos-cross","llvm-gcc:-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", - -##### A/UX -"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", - -##### Sony NEWS-OS 4.x -"newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::", - -##### GNU Hurd -"hurd-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", - -##### OS/2 EMX -"OS2-EMX", "gcc::::::::", - -##### VxWorks for various targets -"vxworks-ppc60x","ccppc:-D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/common:::::", -"vxworks-ppcgen","ccppc:-D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon:::::", -"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", -"vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::", -"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::", -"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", -"vxworks-simlinux","ccpentium:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK:::VXWORKS:-r::${no_asm}::::::ranlibpentium:", -"vxworks-mips","ccmips:-mrtp -mips2 -O -G 0 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/h/wrn/coreip::-D_REENTRANT:VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon::${mips32_asm}:o32::::::ranlibmips:", - -##### Compaq Non-Stop Kernel (Tandem) -"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::", - -# uClinux -"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::", -"uClinux-dist64","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):SIXTY_FOUR_BIT_LONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::", +# Resolves all the late evaluations, inheritances and so on for the +# chosen target and any target it inherits from. +sub resolve_config; -); -my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A - debug-VC-WIN64I debug-VC-WIN64A - VC-NT VC-CE VC-WIN32 debug-VC-WIN32 - BC-32 - netware-clib netware-clib-bsdsock - netware-libc netware-libc-bsdsock); - -my $idx = 0; -my $idx_cc = $idx++; -my $idx_cflags = $idx++; -my $idx_unistd = $idx++; -my $idx_thread_cflag = $idx++; -my $idx_sys_id = $idx++; -my $idx_lflags = $idx++; -my $idx_bn_ops = $idx++; -my $idx_cpuid_obj = $idx++; -my $idx_bn_obj = $idx++; -my $idx_ec_obj = $idx++; -my $idx_des_obj = $idx++; -my $idx_aes_obj = $idx++; -my $idx_bf_obj = $idx++; -my $idx_md5_obj = $idx++; -my $idx_sha1_obj = $idx++; -my $idx_cast_obj = $idx++; -my $idx_rc4_obj = $idx++; -my $idx_rmd160_obj = $idx++; -my $idx_rc5_obj = $idx++; -my $idx_wp_obj = $idx++; -my $idx_cmll_obj = $idx++; -my $idx_modes_obj = $idx++; -my $idx_engines_obj = $idx++; -my $idx_perlasm_scheme = $idx++; -my $idx_dso_scheme = $idx++; -my $idx_shared_target = $idx++; -my $idx_shared_cflag = $idx++; -my $idx_shared_ldflag = $idx++; -my $idx_shared_extension = $idx++; -my $idx_ranlib = $idx++; -my $idx_arflags = $idx++; -my $idx_multilib = $idx++; - -my $prefix=""; -my $libdir=""; -my $openssldir=""; -my $exe_ext=""; -my $install_prefix= "$ENV{'INSTALL_PREFIX'}"; -my $cross_compile_prefix=""; -my $fipsdir="/usr/local/ssl/fips-2.0"; -my $fipslibdir=""; -my $baseaddr="0xFB00000"; -my $no_threads=0; -my $threads=0; -my $no_shared=0; # but "no-shared" is default -my $zlib=1; # but "no-zlib" is default -my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used -my $no_rfc3779=1; # but "no-rfc3779" is default -my $no_asm=0; -my $no_dso=0; -my $no_gmp=0; -my @skip=(); -my $Makefile="Makefile"; -my $des_locl="crypto/des/des_locl.h"; -my $des ="crypto/des/des.h"; -my $bn ="crypto/bn/bn.h"; -my $md2 ="crypto/md2/md2.h"; -my $rc4 ="crypto/rc4/rc4.h"; -my $rc4_locl="crypto/rc4/rc4_locl.h"; -my $idea ="crypto/idea/idea.h"; -my $rc2 ="crypto/rc2/rc2.h"; -my $bf ="crypto/bf/bf_locl.h"; -my $bn_asm ="bn_asm.o"; -my $des_enc="des_enc.o fcrypt_b.o"; -my $aes_enc="aes_core.o aes_cbc.o"; -my $bf_enc ="bf_enc.o"; -my $cast_enc="c_enc.o"; -my $rc4_enc="rc4_enc.o rc4_skey.o"; -my $rc5_enc="rc5_enc.o"; -my $md5_obj=""; -my $sha1_obj=""; -my $rmd160_obj=""; -my $cmll_enc="camellia.o cmll_misc.o cmll_cbc.o"; -my $processor=""; -my $default_ranlib; -my $perl; -my $fips=0; +# Information collection ############################################# + +# Unified build supports separate build dir +my $srcdir = catdir(absolutedir(dirname($0))); # catdir ensures local syntax +my $blddir = catdir(absolutedir(".")); # catdir ensures local syntax +my $dofile = abs2rel(catfile($srcdir, "util/dofile.pl")); + +my $local_config_envname = 'OPENSSL_LOCAL_CONFIG_DIR'; + +$config{sourcedir} = abs2rel($srcdir); +$config{builddir} = abs2rel($blddir); + +# Collect reconfiguration information if needed +my @argvcopy=@ARGV; + +if (grep /^reconf(igure)?$/, @argvcopy) { + if (-f "./configdata.pm") { + my $file = "./configdata.pm"; + unless (my $return = do $file) { + die "couldn't parse $file: $@" if $@; + die "couldn't do $file: $!" unless defined $return; + die "couldn't run $file" unless $return; + } + + @argvcopy = defined($configdata::config{perlargv}) ? + @{$configdata::config{perlargv}} : (); + die "Incorrect data to reconfigure, please do a normal configuration\n" + if (grep(/^reconf/,@argvcopy)); + $ENV{CROSS_COMPILE} = $configdata::config{cross_compile_prefix} + if defined($configdata::config{cross_compile_prefix}); + $ENV{CC} = $configdata::config{cc} + if defined($configdata::config{cc}); + $ENV{BUILDFILE} = $configdata::config{build_file} + if defined($configdata::config{build_file}); + $ENV{$local_config_envname} = $configdata::config{local_config_dir} + if defined($configdata::config{local_config_dir}); + + print "Reconfiguring with: ", join(" ",@argvcopy), "\n"; + print " CROSS_COMPILE = ",$ENV{CROSS_COMPILE},"\n" + if $ENV{CROSS_COMPILE}; + print " CC = ",$ENV{CC},"\n" if $ENV{CC}; + print " BUILDFILE = ",$ENV{BUILDFILE},"\n" if $ENV{BUILDFILE}; + print " $local_config_envname = ",$ENV{$local_config_envname},"\n" + if $ENV{$local_config_envname}; + } else { + die "Insufficient data to reconfigure, please do a normal configuration\n"; + } +} + +$config{perlargv} = [ @argvcopy ]; + +# Collect version numbers +$config{version} = "unknown"; +$config{version_num} = "unknown"; +$config{shlib_version_number} = "unknown"; +$config{shlib_version_history} = "unknown"; + +collect_information( + collect_from_file(catfile($srcdir,'include/openssl/opensslv.h')), + qr/OPENSSL.VERSION.TEXT.*OpenSSL (\S+) / => sub { $config{version} = $1; }, + qr/OPENSSL.VERSION.NUMBER.*(0x\S+)/ => sub { $config{version_num}=$1 }, + qr/SHLIB_VERSION_NUMBER *"([^"]+)"/ => sub { $config{shlib_version_number}=$1 }, + qr/SHLIB_VERSION_HISTORY *"([^"]*)"/ => sub { $config{shlib_version_history}=$1 } + ); +if ($config{shlib_version_history} ne "") { $config{shlib_version_history} .= ":"; } + +($config{major}, $config{minor}) + = ($config{version} =~ /^([0-9]+)\.([0-9\.]+)/); +($config{shlib_major}, $config{shlib_minor}) + = ($config{shlib_version_number} =~ /^([0-9]+)\.([0-9\.]+)/); +die "erroneous version information in opensslv.h: ", + "$config{major}, $config{minor}, $config{shlib_major}, $config{shlib_minor}\n" + if ($config{major} eq "" || $config{minor} eq "" + || $config{shlib_major} eq "" || $config{shlib_minor} eq ""); + +# Collect target configurations + +my $pattern = catfile(dirname($0), "Configurations", "*.conf"); +foreach (sort glob($pattern)) { + &read_config($_); +} -if (exists $ENV{FIPSDIR}) +if (defined $ENV{$local_config_envname}) { + if ($^O eq 'VMS') { + # VMS environment variables are logical names, + # which can be used as is + $pattern = $local_config_envname . ':' . '*.conf'; + } else { + $pattern = catfile($ENV{$local_config_envname}, '*.conf'); + } + + foreach (sort glob($pattern)) { + &read_config($_); + } +} + + +print "Configuring OpenSSL version $config{version} ($config{version_num})\n"; + +$config{prefix}=""; +$config{openssldir}=""; +$config{processor}=""; +$config{libdir}=""; +$config{cross_compile_prefix}=""; +$config{fipslibdir}="/usr/local/ssl/fips-2.0/lib/"; +my $nofipscanistercheck=0; +$config{baseaddr}="0xFB00000"; +my $auto_threads=1; # enable threads automatically? true by default +my $default_ranlib; +$config{fips}=0; + +# Top level directories to build +$config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "util", "tools", "fuzz" ]; +# crypto/ subdirectories to build +$config{sdirs} = [ + "objects", + "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", + "des", "aes", "rc2", "rc4", "rc5", "idea", "bf", "cast", "camellia", "seed", "chacha", "modes", + "bn", "ec", "rsa", "dsa", "dh", "dso", "engine", + "buffer", "bio", "stack", "lhash", "rand", "err", + "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui", + "cms", "ts", "srp", "cmac", "ct", "async", "kdf" + ]; + +# Known TLS and DTLS protocols +my @tls = qw(ssl3 tls1 tls1_1 tls1_2); +my @dtls = qw(dtls1 dtls1_2); + +# Explicitly known options that are possible to disable. They can +# be regexps, and will be used like this: /^no-${option}$/ +# For developers: keep it sorted alphabetically + +my @disablables = ( + "afalgeng", + "asan", + "asm", + "async", + "autoalginit", + "autoerrinit", + "bf", + "blake2", + "camellia", + "capieng", + "cast", + "chacha", + "cmac", + "cms", + "comp", + "crypto-mdebug", + "crypto-mdebug-backtrace", + "ct", + "deprecated", + "des", + "dgram", + "dh", + "dsa", + "dso", + "dtls", + "dynamic-engine", + "ec", + "ec2m", + "ecdh", + "ecdsa", + "ec_nistp_64_gcc_128", + "egd", + "engine", + "err", + "filenames", + "fuzz-libfuzzer", + "fuzz-afl", + "gost", + "heartbeats", + "hw(-.+)?", + "idea", + "makedepend", + "md2", + "md4", + "mdc2", + "msan", + "multiblock", + "nextprotoneg", + "ocb", + "ocsp", + "pic", + "poly1305", + "posix-io", + "psk", + "rc2", + "rc4", + "rc5", + "rdrand", + "rfc3779", + "rmd160", + "scrypt", + "sctp", + "seed", + "shared", + "sock", + "srp", + "srtp", + "sse2", + "ssl", + "ssl-trace", + "static-engine", + "stdio", + "threads", + "tls", + "ts", + "ubsan", + "ui", + "unit-test", + "whirlpool", + "weak-ssl-ciphers", + "zlib", + "zlib-dynamic", + ); +foreach my $proto ((@tls, @dtls)) { - $fipsdir = $ENV{FIPSDIR}; - $fipsdir =~ s/\/$//; + push(@disablables, $proto); + push(@disablables, "$proto-method"); } +my %deprecated_disablables = ( + "ssl2" => undef, + "buf-freelists" => undef, + "ripemd" => "rmd160" + ); + # All of the following is disabled by default (RC5 was enabled before 0.9.8): -my %disabled = ( # "what" => "comment" [or special keyword "experimental"] - "ec_nistp_64_gcc_128" => "default", - "gmp" => "default", - "jpake" => "experimental", - "libunbound" => "experimental", - "md2" => "default", - "rc5" => "default", - "rfc3779" => "default", - "sctp" => "default", - "shared" => "default", - "ssl-trace" => "default", - "store" => "experimental", - "unit-test" => "default", - "zlib" => "default", - "zlib-dynamic" => "default" - ); -my @experimental = (); - -# This is what $depflags will look like with the above defaults -# (we need this to see if we should advise the user to run "make depend"): -my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST"; +our %disabled = ( # "what" => "comment" + "asan" => "default", + "crypto-mdebug" => "default", + "crypto-mdebug-backtrace" => "default", + "ec_nistp_64_gcc_128" => "default", + "egd" => "default", + "fuzz-libfuzzer" => "default", + "fuzz-afl" => "default", + "heartbeats" => "default", + "md2" => "default", + "msan" => "default", + "rc5" => "default", + "sctp" => "default", + "ssl-trace" => "default", + "ssl3" => "default", + "ssl3-method" => "default", + "ubsan" => "default", + "unit-test" => "default", + "weak-ssl-ciphers" => "default", + "zlib" => "default", + "zlib-dynamic" => "default", + ); + +# Note: => pair form used for aesthetics, not to truly make a hash table +my @disable_cascades = ( + # "what" => [ "cascade", ... ] + sub { $config{processor} eq "386" } + => [ "sse2" ], + "ssl" => [ "ssl3" ], + "ssl3-method" => [ "ssl3" ], + "zlib" => [ "zlib-dynamic" ], + "des" => [ "mdc2" ], + "ec" => [ "ecdsa", "ecdh" ], + + "dgram" => [ "dtls", "sctp" ], + "sock" => [ "dgram" ], + "dtls" => [ @dtls ], + sub { 0 == scalar grep { !$disabled{$_} } @dtls } + => [ "dtls" ], + + # SSL 3.0, (D)TLS 1.0 and TLS 1.1 require MD5 and SHA + "md5" => [ "ssl", "tls1", "tls1_1", "dtls1" ], + "sha" => [ "ssl", "tls1", "tls1_1", "dtls1" ], + + # Additionally, SSL 3.0 requires either RSA or DSA+DH + sub { $disabled{rsa} + && ($disabled{dsa} || $disabled{dh}); } + => [ "ssl" ], + + # (D)TLS 1.0 and TLS 1.1 also require either RSA or DSA+DH + # or ECDSA + ECDH. (D)TLS 1.2 has this requirement as well. + # (XXX: We don't support PSK-only builds). + sub { $disabled{rsa} + && ($disabled{dsa} || $disabled{dh}) + && ($disabled{ecdsa} || $disabled{ecdh}); } + => [ "tls1", "tls1_1", "tls1_2", + "dtls1", "dtls1_2" ], + + "tls" => [ @tls ], + sub { 0 == scalar grep { !$disabled{$_} } @tls } + => [ "tls" ], + + # SRP and HEARTBEATS require TLSEXT + "tlsext" => [ "srp", "heartbeats" ], + + "crypto-mdebug" => [ "crypto-mdebug-backtrace" ], + + # Without DSO, we can't load dynamic engines, so don't build them dynamic + "dso" => [ "dynamic-engine" ], + + # Without position independent code, there can be no shared libraries or DSOs + "pic" => [ "shared" ], + "shared" => [ "dynamic-engine" ], + "engine" => [ "afalgeng" ], + + # no-autoalginit is only useful when building non-shared + "autoalginit" => [ "shared", "apps" ], + + "stdio" => [ "apps", "capieng", "egd" ], + "apps" => [ "tests" ], + "comp" => [ "zlib" ], + sub { !$disabled{"unit-test"} } => [ "heartbeats" ], + + sub { !$disabled{"msan"} } => [ "asm" ], + ); + +# Avoid protocol support holes. Also disable all versions below N, if version +# N is disabled while N+1 is enabled. +# +my @list = (reverse @tls); +while ((my $first, my $second) = (shift @list, shift @list)) { + last unless @list; + push @disable_cascades, ( sub { !$disabled{$first} && $disabled{$second} } + => [ @list ] ); + unshift @list, $second; +} +my @list = (reverse @dtls); +while ((my $first, my $second) = (shift @list, shift @list)) { + last unless @list; + push @disable_cascades, ( sub { !$disabled{$first} && $disabled{$second} } + => [ @list ] ); + unshift @list, $second; +} # Explicit "no-..." options will be collected in %disabled along with the defaults. -# To remove something from %disabled, use "enable-foo" (unless it's experimental). +# To remove something from %disabled, use "enable-foo". # For symmetry, "disable-foo" is a synonym for "no-foo". -# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable. -# We will collect such requests in @experimental. -# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO. - - my $no_sse2=0; &usage if ($#ARGV < 0); -my $flags; -my $depflags; -my $openssl_experimental_defines; -my $openssl_algorithm_defines; -my $openssl_thread_defines; -my $openssl_sys_defines=""; -my $openssl_other_defines; -my $libs; -my $libkrb5=""; -my $target; -my $options; -my $symlink; -my $make_depend=0; -my %withargs=(); - -my @argvcopy=@ARGV; -my $argvstring=""; -my $argv_unprocessed=1; - -while($argv_unprocessed) +my $user_cflags=""; +my @user_defines=(); +$config{openssl_api_defines}=[]; +$config{openssl_algorithm_defines}=[]; +$config{openssl_thread_defines}=[]; +$config{openssl_sys_defines}=[]; +$config{openssl_other_defines}=[]; +my $libs=""; +my $target=""; +$config{options}=""; +$config{build_type} = "release"; + +my %unsupported_options = (); +my %deprecated_options = (); +while (@argvcopy) { - $flags=""; - $depflags=""; - $openssl_experimental_defines=""; - $openssl_algorithm_defines=""; - $openssl_thread_defines=""; - $openssl_sys_defines=""; - $openssl_other_defines=""; - $libs=""; - $target=""; - $options=""; - $symlink=1; - - $argv_unprocessed=0; - $argvstring=join(' ',@argvcopy); - -PROCESS_ARGS: - foreach (@argvcopy) + $_ = shift @argvcopy; + # VMS is a case insensitive environment, and depending on settings + # out of our control, we may receive options uppercased. Let's + # downcase at least the part before any equal sign. + if ($^O eq "VMS") { - s /^-no-/no-/; # some people just can't read the instructions - - # rewrite some options in "enable-..." form - s /^-?-?shared$/enable-shared/; - s /^sctp$/enable-sctp/; - s /^threads$/enable-threads/; - s /^zlib$/enable-zlib/; - s /^zlib-dynamic$/enable-zlib-dynamic/; - - if (/^no-(.+)$/ || /^disable-(.+)$/) + s/^([^=]*)/lc($1)/e; + } + s /^-no-/no-/; # some people just can't read the instructions + + # rewrite some options in "enable-..." form + s /^-?-?shared$/enable-shared/; + s /^sctp$/enable-sctp/; + s /^threads$/enable-threads/; + s /^zlib$/enable-zlib/; + s /^zlib-dynamic$/enable-zlib-dynamic/; + + if (/^(no|disable|enable)-(.+)$/) + { + my $word = $2; + if (!exists $deprecated_disablables{$word} + && !grep { $word =~ /^${_}$/ } @disablables) + { + $unsupported_options{$_} = 1; + next; + } + } + if (/^no-(.+)$/ || /^disable-(.+)$/) + { + foreach my $proto ((@tls, @dtls)) + { + if ($1 eq "$proto-method") + { + $disabled{"$proto"} = "option($proto-method)"; + last; + } + } + if ($1 eq "dtls") + { + foreach my $proto (@dtls) + { + $disabled{$proto} = "option(dtls)"; + } + $disabled{"dtls"} = "option(dtls)"; + } + elsif ($1 eq "ssl") + { + # Last one of its kind + $disabled{"ssl3"} = "option(ssl)"; + } + elsif ($1 eq "tls") + { + # XXX: Tests will fail if all SSL/TLS + # protocols are disabled. + foreach my $proto (@tls) + { + $disabled{$proto} = "option(tls)"; + } + } + elsif ($1 eq "static-engine") + { + delete $disabled{"dynamic-engine"}; + } + elsif ($1 eq "dynamic-engine") + { + $disabled{"dynamic-engine"} = "option"; + } + elsif (exists $deprecated_disablables{$1}) + { + $deprecated_options{$_} = 1; + if (defined $deprecated_disablables{$1}) + { + $disabled{$deprecated_disablables{$1}} = "option"; + } + } + else + { + $disabled{$1} = "option"; + } + # No longer an automatic choice + $auto_threads = 0 if ($1 eq "threads"); + } + elsif (/^enable-(.+)$/) + { + if ($1 eq "static-engine") + { + $disabled{"dynamic-engine"} = "option"; + } + elsif ($1 eq "dynamic-engine") + { + delete $disabled{"dynamic-engine"}; + } + elsif ($1 eq "zlib-dynamic") + { + delete $disabled{"zlib"}; + } + my $algo = $1; + delete $disabled{$algo}; + + # No longer an automatic choice + $auto_threads = 0 if ($1 eq "threads"); + } + elsif (/^--strict-warnings$/) + { + $strict_warnings = 1; + } + elsif (/^--debug$/) + { + $config{build_type} = "debug"; + } + elsif (/^--release$/) + { + $config{build_type} = "release"; + } + elsif (/^386$/) + { $config{processor}=386; } + elsif (/^fips$/) + { + $config{fips}=1; + } + elsif (/^rsaref$/) + { + # No RSAref support any more since it's not needed. + # The check for the option is there so scripts aren't + # broken + } + elsif (/^nofipscanistercheck$/) + { + $config{fips} = 1; + $nofipscanistercheck = 1; + } + elsif (/^[-+]/) + { + if (/^--prefix=(.*)$/) { - if (!($disabled{$1} eq "experimental")) - { - if ($1 eq "ssl") - { - $disabled{"ssl2"} = "option(ssl)"; - $disabled{"ssl3"} = "option(ssl)"; - } - elsif ($1 eq "tls") - { - $disabled{"tls1"} = "option(tls)" - } - elsif ($1 eq "ssl3-method") - { - $disabled{"ssl3-method"} = "option(ssl)"; - $disabled{"ssl3"} = "option(ssl)"; - } - else - { - $disabled{$1} = "option"; - } - } + $config{prefix}=$1; + die "Directory given with --prefix MUST be absolute\n" + unless file_name_is_absolute($config{prefix}); } - elsif (/^enable-(.+)$/ || /^experimental-(.+)$/) + elsif (/^--api=(.*)$/) { - my $algo = $1; - if ($disabled{$algo} eq "experimental") - { - die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n" - unless (/^experimental-/); - push @experimental, $algo; - } - delete $disabled{$algo}; - - $threads = 1 if ($algo eq "threads"); + $config{api}=$1; } - elsif (/^--test-sanity$/) + elsif (/^--libdir=(.*)$/) { - exit(&test_sanity()); + $config{libdir}=$1; } - elsif (/^--strict-warnings/) + elsif (/^--openssldir=(.*)$/) { - $strict_warnings = 1; + $config{openssldir}=$1; } - elsif (/^reconfigure/ || /^reconf/) + elsif (/^--with-zlib-lib=(.*)$/) { - if (open(IN,"<$Makefile")) - { - while () - { - chomp; - if (/^CONFIGURE_ARGS=(.*)/) - { - $argvstring=$1; - @argvcopy=split(' ',$argvstring); - die "Incorrect data to reconfigure, please do a normal configuration\n" - if (grep(/^reconf/,@argvcopy)); - print "Reconfiguring with: $argvstring\n"; - $argv_unprocessed=1; - close(IN); - last PROCESS_ARGS; - } - } - close(IN); - } - die "Insufficient data to reconfigure, please do a normal configuration\n"; + $withargs{zlib_lib}=$1; } - elsif (/^386$/) - { $processor=386; } - elsif (/^fips$/) + elsif (/^--with-zlib-include=(.*)$/) { - $fips=1; + $withargs{zlib_include}=$1; } - elsif (/^rsaref$/) + elsif (/^--with-fuzzer-lib=(.*)$/) { - # No RSAref support any more since it's not needed. - # The check for the option is there so scripts aren't - # broken + $withargs{fuzzer_lib}=$1; } - elsif (/^[-+]/) + elsif (/^--with-fuzzer-include=(.*)$/) { - if (/^--prefix=(.*)$/) - { - $prefix=$1; - } - elsif (/^--libdir=(.*)$/) - { - $libdir=$1; - } - elsif (/^--openssldir=(.*)$/) - { - $openssldir=$1; - } - elsif (/^--install.prefix=(.*)$/) - { - $install_prefix=$1; - } - elsif (/^--with-krb5-(dir|lib|include|flavor)=(.*)$/) - { - $withargs{"krb5-".$1}=$2; - } - elsif (/^--with-zlib-lib=(.*)$/) - { - $withargs{"zlib-lib"}=$1; - } - elsif (/^--with-zlib-include=(.*)$/) - { - $withargs{"zlib-include"}="-I$1"; - } - elsif (/^--with-fipsdir=(.*)$/) - { - $fipsdir="$1"; - } - elsif (/^--with-fipslibdir=(.*)$/) - { - $fipslibdir="$1"; - } - elsif (/^--with-baseaddr=(.*)$/) - { - $baseaddr="$1"; - } - elsif (/^--cross-compile-prefix=(.*)$/) - { - $cross_compile_prefix=$1; - } - elsif (/^-[lL](.*)$/ or /^-Wl,/) - { - $libs.=$_." "; - } - else # common if (/^[-+]/), just pass down... - { - $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei; - $flags.=$_." "; - } + $withargs{fuzzer_include}=$1; } - elsif ($_ =~ /^([^:]+):(.+)$/) + elsif (/^--with-fipslibdir=(.*)$/) { - eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string - $target=$1; + $config{fipslibdir}="$1/"; } - else + elsif (/^--with-baseaddr=(.*)$/) { - die "target already defined - $target (offending arg: $_)\n" if ($target ne ""); - $target=$_; + $config{baseaddr}="$1"; } - - unless ($_ eq $target || /^no-/ || /^disable-/) + elsif (/^--cross-compile-prefix=(.*)$/) + { + $config{cross_compile_prefix}=$1; + } + elsif (/^--config=(.*)$/) + { + read_config $1; + } + elsif (/^-[lL](.*)$/ or /^-Wl,/) + { + $libs.=$_." "; + } + elsif (/^-rpath$/ or /^-R$/) + # -rpath is the OSF1 rpath flag + # -R is the old Solaris rpath flag + { + my $rpath = shift(@argvcopy) || ""; + $rpath .= " " if $rpath ne ""; + $libs.=$_." ".$rpath; + } + elsif (/^-static$/) + { + $libs.=$_." "; + $disabled{"dso"} = "forced"; + $disabled{"pic"} = "forced"; + $disabled{"shared"} = "forced"; + $disabled{"threads"} = "forced"; + } + elsif (/^-D(.*)$/) { - # "no-..." follows later after implied disactivations - # have been derived. (Don't take this too seroiusly, - # we really only write OPTIONS to the Makefile out of - # nostalgia.) - - if ($options eq "") - { $options = $_; } - else - { $options .= " ".$_; } + push @user_defines, $1; + } + else # common if (/^[-+]/), just pass down... + { + $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei; + $user_cflags.=" ".$_; } } - } - - - -if ($processor eq "386") - { - $disabled{"sse2"} = "forced"; - } - -if (!defined($withargs{"krb5-flavor"}) || $withargs{"krb5-flavor"} eq "") - { - $disabled{"krb5"} = "krb5-flavor not specified"; - } - -if (!defined($disabled{"zlib-dynamic"})) - { - # "zlib-dynamic" was specifically enabled, so enable "zlib" - delete $disabled{"zlib"}; - } - -if (defined($disabled{"rijndael"})) - { - $disabled{"aes"} = "forced"; - } -if (defined($disabled{"des"})) - { - $disabled{"mdc2"} = "forced"; - } -if (defined($disabled{"ec"})) - { - $disabled{"ecdsa"} = "forced"; - $disabled{"ecdh"} = "forced"; - } + else + { + die "target already defined - $target (offending arg: $_)\n" if ($target ne ""); + $target=$_; + } + unless ($_ eq $target || /^no-/ || /^disable-/) + { + # "no-..." follows later after implied disactivations + # have been derived. (Don't take this too seriously, + # we really only write OPTIONS to the Makefile out of + # nostalgia.) -# SSL 2.0 requires MD5 and RSA -if (defined($disabled{"md5"}) || defined($disabled{"rsa"})) - { - $disabled{"ssl2"} = "forced"; - } + if ($config{options} eq "") + { $config{options} = $_; } + else + { $config{options} .= " ".$_; } + } -if ($fips && $fipslibdir eq "") - { - $fipslibdir = $fipsdir . "/lib/"; - } + if (defined($config{api}) && !exists $apitable->{$config{api}}) { + die "***** Unsupported api compatibility level: $config{api}\n", + } -# RSAX ENGINE sets default non-FIPS RSA method. -if ($fips) - { - $disabled{"rsax"} = "forced"; + if (keys %deprecated_options) + { + warn "***** Deprecated options: ", + join(", ", keys %deprecated_options), "\n"; + } + if (keys %unsupported_options) + { + die "***** Unsupported options: ", + join(", ", keys %unsupported_options), "\n"; + } } -# SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH -if (defined($disabled{"md5"}) || defined($disabled{"sha"}) - || (defined($disabled{"rsa"}) - && (defined($disabled{"dsa"}) || defined($disabled{"dh"})))) - { - $disabled{"ssl3"} = "forced"; - $disabled{"tls1"} = "forced"; - } +if ($libs =~ /(^|\s)-Wl,-rpath,/ + && !$disabled{shared} + && !($disabled{asan} && $disabled{msan} && $disabled{ubsan})) { + die "***** Cannot simultaneously use -rpath, shared libraries, and\n", + "***** any of asan, msan or ubsan\n"; +} -if (defined($disabled{"tls1"})) +if ($config{fips}) { - $disabled{"tlsext"} = "forced"; + delete $disabled{"shared"} if ($disabled{"shared"} =~ /^default/); } - -if (defined($disabled{"ec"}) || defined($disabled{"dsa"}) - || defined($disabled{"dh"})) +else { - $disabled{"gost"} = "forced"; + @{$config{dirs}} = grep !/^fips$/, @{$config{dirs}}; } -# SRP and HEARTBEATS require TLSEXT -if (defined($disabled{"tlsext"})) - { - $disabled{"srp"} = "forced"; - $disabled{"heartbeats"} = "forced"; +my @tocheckfor = (keys %disabled); +while (@tocheckfor) { + my %new_tocheckfor = (); + my @cascade_copy = (@disable_cascades); + while (@cascade_copy) { + my ($test, $descendents) = (shift @cascade_copy, shift @cascade_copy); + if (ref($test) eq "CODE" ? $test->() : defined($disabled{$test})) { + foreach(grep { !defined($disabled{$_}) } @$descendents) { + $new_tocheckfor{$_} = 1; $disabled{$_} = "forced"; + } } + } + @tocheckfor = (keys %new_tocheckfor); +} +our $die = sub { die @_; }; if ($target eq "TABLE") { - foreach $target (sort keys %table) { - print_table_entry($target); - } - exit 0; + local $die = sub { warn @_; }; + foreach (sort keys %table) { + print_table_entry($_, "TABLE"); + } + exit 0; } if ($target eq "LIST") { - foreach (sort keys %table) { - print; - print "\n"; - } - exit 0; + foreach (sort keys %table) { + print $_,"\n" unless $table{$_}->{template}; + } + exit 0; } -if ($target =~ m/^CygWin32(-.*)$/) { - $target = "Cygwin".$1; +if ($target eq "HASH") { + local $die = sub { warn @_; }; + print "%table = (\n"; + foreach (sort keys %table) { + print_table_entry($_, "HASH"); + } + exit 0; } -print "Configuring for $target\n"; - -&usage if (!defined($table{$target})); - +# Backward compatibility? +if ($target =~ m/^CygWin32(-.*)$/) { + $target = "Cygwin".$1; +} foreach (sort (keys %disabled)) { - $options .= " no-$_"; + $config{options} .= " no-$_"; printf " no-%-12s %-10s", $_, "[$disabled{$_}]"; if (/^dso$/) - { $no_dso = 1; } + { } elsif (/^threads$/) - { $no_threads = 1; } + { } elsif (/^shared$/) - { $no_shared = 1; } + { } + elsif (/^pic$/) + { } elsif (/^zlib$/) - { $zlib = 0; } - elsif (/^static-engine$/) + { } + elsif (/^dynamic-engine$/) + { } + elsif (/^makedepend$/) { } elsif (/^zlib-dynamic$/) { } - elsif (/^symlinks$/) - { $symlink = 0; } elsif (/^sse2$/) { $no_sse2 = 1; } + elsif (/^engine$/) + { + @{$config{dirs}} = grep !/^engines$/, @{$config{dirs}}; + @{$config{sdirs}} = grep !/^engine$/, @{$config{sdirs}}; + push @{$config{openssl_other_defines}}, "OPENSSL_NO_ENGINE"; + print " OPENSSL_NO_ENGINE (skip engines)"; + } else { - my ($ALGO, $algo); - ($ALGO = $algo = $_) =~ tr/[\-a-z]/[_A-Z]/; + my ($WHAT, $what); - if (/^asm$/ || /^err$/ || /^hw$/ || /^hw-/) + ($WHAT = $what = $_) =~ tr/[\-a-z]/[_A-Z]/; + + # Fix up C macro end names + $WHAT = "RMD160" if $what eq "ripemd"; + + # fix-up crypto/directory name(s) + $what = "ripemd" if $what eq "rmd160"; + $what = "whrlpool" if $what eq "whirlpool"; + + if ($what ne "async" && $what ne "err" + && grep { $_ eq $what } @{$config{sdirs}}) { - $openssl_other_defines .= "#define OPENSSL_NO_$ALGO\n"; - print " OPENSSL_NO_$ALGO"; - - if (/^err$/) { $flags .= "-DOPENSSL_NO_ERR "; } - elsif (/^asm$/) { $no_asm = 1; } + push @{$config{openssl_algorithm_defines}}, "OPENSSL_NO_$WHAT"; + @{$config{sdirs}} = grep { $_ ne $what} @{$config{sdirs}}; + + print " OPENSSL_NO_$WHAT (skip dir)"; } else { - $openssl_algorithm_defines .= "#define OPENSSL_NO_$ALGO\n"; - print " OPENSSL_NO_$ALGO"; - - if (/^krb5$/) - { $no_krb5 = 1; } - else - { - push @skip, $algo; - # fix-up crypto/directory name(s) - @skip[$#skip]="whrlpool" if $algo eq "whirlpool"; - print " (skip dir)"; - - $depflags .= " -DOPENSSL_NO_$ALGO"; - } + push @{$config{openssl_other_defines}}, "OPENSSL_NO_$WHAT"; + print " OPENSSL_NO_$WHAT"; + + if (/^err$/) { push @user_defines, "OPENSSL_NO_ERR"; } } } print "\n"; } -my $exp_cflags = ""; -foreach (sort @experimental) - { - my $ALGO; - ($ALGO = $_) =~ tr/[a-z]/[A-Z]/; - - # opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined - $openssl_experimental_defines .= "#define OPENSSL_NO_$ALGO\n"; - $exp_cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO"; - } - -my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds; - -$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/); -$exe_ext=".nlm" if ($target =~ /netware/); -$exe_ext=".pm" if ($target =~ /vos/); -$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq ""); -$prefix=$openssldir if $prefix eq ""; - -$default_ranlib= &which("ranlib") or $default_ranlib="true"; -$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl") - or $perl="perl"; -my $make = $ENV{'MAKE'} || "make"; - -$cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq ""; - -chop $openssldir if $openssldir =~ /\/$/; -chop $prefix if $prefix =~ /.\/$/; - -$openssldir=$prefix . "/ssl" if $openssldir eq ""; -$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; - +print "Configuring for $target\n"; -print "IsMK1MF=$IsMK1MF\n"; +# Support for legacy targets having a name starting with 'debug-' +my ($d, $t) = $target =~ m/^(debug-)?(.*)$/; +if ($d) { + $config{build_type} = "debug"; -my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); -my $cc = $fields[$idx_cc]; -# Allow environment CC to override compiler... -if($ENV{CC}) { - $cc = $ENV{CC}; + # If we do not find debug-foo in the table, the target is set to foo. + if (!$table{$target}) { + $target = $t; + } } +$config{target} = $target; +my %target = resolve_config($target); + +&usage if (!%target || $target{template}); + +my %conf_files = map { $_ => 1 } (@{$target{_conf_fname_int}}); +$config{conf_files} = [ sort keys %conf_files ]; +%target = ( %{$table{DEFAULTS}}, %target ); + +$target{exe_extension}=""; +$target{exe_extension}=".exe" if ($config{target} eq "DJGPP" + || $config{target} =~ /^(?:Cygwin|mingw)/); +$target{exe_extension}=".pm" if ($config{target} =~ /vos/); + +($target{shared_extension_simple}=$target{shared_extension}) + =~ s|\.\$\(SHLIB_MAJOR\)\.\$\(SHLIB_MINOR\)||; +$target{dso_extension}=$target{shared_extension_simple}; +($target{shared_import_extension}=$target{shared_extension_simple}.".a") + if ($config{target} =~ /^(?:Cygwin|mingw)/); + + +$config{cross_compile_prefix} = $ENV{'CROSS_COMPILE'} + if $config{cross_compile_prefix} eq ""; + +# Allow overriding the names of some tools. USE WITH CARE +# Note: only Unix cares about HASHBANGPERL... that explains +# the default string. +$config{perl} = $ENV{'PERL'} || ($^O ne "VMS" ? $^X : "perl"); +$config{hashbangperl} = + $ENV{'HASHBANGPERL'} || $ENV{'PERL'} || "/usr/bin/env perl"; +$target{cc} = $ENV{'CC'} || $target{cc} || "cc"; +$target{ranlib} = $ENV{'RANLIB'} || $target{ranlib} || + (which("$config{cross_compile_prefix}ranlib") ? + "\$(CROSS_COMPILE)ranlib" : "true"); +$target{ar} = $ENV{'AR'} || $target{ar} || "ar"; +$target{nm} = $ENV{'NM'} || $target{nm} || "nm"; +$target{rc} = + $ENV{'RC'} || $ENV{'WINDRES'} || $target{rc} || "windres"; + +# Allow overriding the build file name +$target{build_file} = $ENV{BUILDFILE} || $target{build_file} || "Makefile"; + +# Cache information necessary for reconfiguration +$config{cc} = $target{cc}; +$config{build_file} = $target{build_file}; + +# For cflags, lflags, plib_lflags, ex_libs and defines, add the debug_ +# or release_ attributes. +# Do it in such a way that no spurious space is appended (hence the grep). +$config{defines} = []; +$config{cflags} = ""; +$config{ex_libs} = ""; +$config{shared_ldflag} = ""; + +# Make sure build_scheme is consistent. +$target{build_scheme} = [ $target{build_scheme} ] + if ref($target{build_scheme}) ne "ARRAY"; + +my ($builder, $builder_platform, @builder_opts) = + @{$target{build_scheme}}; + +foreach my $checker (($builder_platform."-".$target{build_file}."-checker.pm", + $builder_platform."-checker.pm")) { + my $checker_path = catfile($srcdir, "Configurations", $checker); + if (-f $checker_path) { + my $fn = $ENV{CONFIGURE_CHECKER_WARN} + ? sub { warn $@; } : sub { die $@; }; + if (! do $checker_path) { + if ($@) { + $fn->($@); + } elsif ($!) { + $fn->($!); + } else { + $fn->("The detected tools didn't match the platform\n"); + } + } + last; + } +} + +push @{$config{defines}}, "NDEBUG" if $config{build_type} eq "release"; -my $cflags = $fields[$idx_cflags]; -my $unistd = $fields[$idx_unistd]; -my $thread_cflag = $fields[$idx_thread_cflag]; -my $sys_id = $fields[$idx_sys_id]; -my $lflags = $fields[$idx_lflags]; -my $bn_ops = $fields[$idx_bn_ops]; -my $cpuid_obj = $fields[$idx_cpuid_obj]; -my $bn_obj = $fields[$idx_bn_obj]; -my $ec_obj = $fields[$idx_ec_obj]; -my $des_obj = $fields[$idx_des_obj]; -my $aes_obj = $fields[$idx_aes_obj]; -my $bf_obj = $fields[$idx_bf_obj]; -my $md5_obj = $fields[$idx_md5_obj]; -my $sha1_obj = $fields[$idx_sha1_obj]; -my $cast_obj = $fields[$idx_cast_obj]; -my $rc4_obj = $fields[$idx_rc4_obj]; -my $rmd160_obj = $fields[$idx_rmd160_obj]; -my $rc5_obj = $fields[$idx_rc5_obj]; -my $wp_obj = $fields[$idx_wp_obj]; -my $cmll_obj = $fields[$idx_cmll_obj]; -my $modes_obj = $fields[$idx_modes_obj]; -my $engines_obj = $fields[$idx_engines_obj]; -my $perlasm_scheme = $fields[$idx_perlasm_scheme]; -my $dso_scheme = $fields[$idx_dso_scheme]; -my $shared_target = $fields[$idx_shared_target]; -my $shared_cflag = $fields[$idx_shared_cflag]; -my $shared_ldflag = $fields[$idx_shared_ldflag]; -my $shared_extension = $fields[$idx_shared_extension]; -my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib]; -my $ar = $ENV{'AR'} || "ar"; -my $arflags = $fields[$idx_arflags]; -my $multilib = $fields[$idx_multilib]; - -# if $prefix/lib$multilib is not an existing directory, then -# assume that it's not searched by linker automatically, in -# which case adding $multilib suffix causes more grief than -# we're ready to tolerate, so don't... -$multilib="" if !-d "$prefix/lib$multilib"; - -$libdir="lib$multilib" if $libdir eq ""; - -$cflags = "$cflags$exp_cflags"; - -# '%' in $lflags is used to split flags to "pre-" and post-flags -my ($prelflags,$postlflags)=split('%',$lflags); -if (defined($postlflags)) { $lflags=$postlflags; } -else { $lflags=$prelflags; undef $prelflags; } - -if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m) +if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m) { - $cflags =~ s/\-mno\-cygwin\s*//; - $shared_ldflag =~ s/\-mno\-cygwin\s*//; + $config{cflags} .= " -mno-cygwin"; + $config{shared_ldflag} .= " -mno-cygwin"; } -if ($target =~ /linux.*\-mips/ && !$no_asm && $flags !~ /\-m(ips|arch=)/) { +if ($target =~ /linux.*-mips/ && !$disabled{asm} && $user_cflags !~ /-m(ips|arch=)/) { # minimally required architecture flags for assembly modules - $cflags="-mips2 $cflags" if ($target =~ /mips32/); - $cflags="-mips3 $cflags" if ($target =~ /mips64/); + $config{cflags}="-mips2 $config{cflags}" if ($target =~ /mips32/); + $config{cflags}="-mips3 $config{cflags}" if ($target =~ /mips64/); } my $no_shared_warn=0; my $no_user_cflags=0; - -if ($flags ne "") { $cflags="$flags$cflags"; } -else { $no_user_cflags=1; } - -# Kerberos settings. The flavor must be provided from outside, either through -# the script "config" or manually. -if (!$no_krb5) - { - my ($lresolv, $lpath, $lext); - if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/) - { - die "Sorry, Heimdal is currently not supported\n"; - } - ##### HACK to force use of Heimdal. - ##### WARNING: Since we don't really have adequate support for Heimdal, - ##### using this will break the build. You'll have to make - ##### changes to the source, and if you do, please send - ##### patches to openssl-dev@openssl.org - if ($withargs{"krb5-flavor"} =~ /^force-[Hh]eimdal$/) - { - warn "Heimdal isn't really supported. Your build WILL break\n"; - warn "If you fix the problems, please send a patch to openssl-dev\@openssl.org\n"; - $withargs{"krb5-dir"} = "/usr/heimdal" - if $withargs{"krb5-dir"} eq ""; - $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. - "/lib -lgssapi -lkrb5 -lcom_err" - if $withargs{"krb5-lib"} eq "" && !$IsMK1MF; - $cflags="-DKRB5_HEIMDAL $cflags"; - } - if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/) - { - $withargs{"krb5-dir"} = "/usr/kerberos" - if $withargs{"krb5-dir"} eq ""; - $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. - "/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto" - if $withargs{"krb5-lib"} eq "" && !$IsMK1MF; - $cflags="-DKRB5_MIT $cflags"; - $withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//; - if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/) - { - $cflags="-DKRB5_MIT_OLD11 $cflags"; - } - } - LRESOLV: - foreach $lpath ("/lib", "/usr/lib") - { - foreach $lext ("a", "so") - { - $lresolv = "$lpath/libresolv.$lext"; - last LRESOLV if (-r "$lresolv"); - $lresolv = ""; - } - } - $withargs{"krb5-lib"} .= " -lresolv" - if ("$lresolv" ne ""); - $withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include" - if $withargs{"krb5-include"} eq "" && - $withargs{"krb5-dir"} ne ""; - } +my $no_user_defines=0; # The DSO code currently always implements all functions so that no # applications will have to worry about that from a compilation point @@ -1342,788 +1035,1396 @@ if (!$no_krb5) # has support compiled in for them. Currently each method is enabled # by a define "DSO_" ... we translate the "dso_scheme" config # string entry into using the following logic; -my $dso_cflags; -if (!$no_dso && $dso_scheme ne "") +if (!$disabled{dso} && $target{dso_scheme} ne "") { - $dso_scheme =~ tr/[a-z]/[A-Z]/; - if ($dso_scheme eq "DLFCN") + $target{dso_scheme} =~ tr/[a-z]/[A-Z]/; + if ($target{dso_scheme} eq "DLFCN") { - $dso_cflags = "-DDSO_DLFCN -DHAVE_DLFCN_H"; + unshift @{$config{defines}}, "DSO_DLFCN", "HAVE_DLFCN_H"; } - elsif ($dso_scheme eq "DLFCN_NO_H") + elsif ($target{dso_scheme} eq "DLFCN_NO_H") { - $dso_cflags = "-DDSO_DLFCN"; + unshift @{$config{defines}}, "DSO_DLFCN"; } else { - $dso_cflags = "-DDSO_$dso_scheme"; + unshift @{$config{defines}}, "DSO_$target{dso_scheme}"; } - $cflags = "$dso_cflags $cflags"; } -my $thread_cflags; -my $thread_defines; -if ($thread_cflag ne "(unknown)" && !$no_threads) - { - # If we know how to do it, support threads by default. - $threads = 1; - } -if ($thread_cflag eq "(unknown)" && $threads) +$config{ex_libs}="$libs$config{ex_libs}" if ($libs ne ""); + +if ($disabled{asm}) { - # If the user asked for "threads", [s]he is also expected to - # provide any system-dependent compiler options that are - # necessary. - if ($no_user_cflags) + if ($config{fips}) { - print "You asked for multi-threading support, but didn't\n"; - print "provide any system-specific compiler options\n"; - exit(1); + @{$config{defines}} = grep !/^[BL]_ENDIAN$/, @{$config{defines}}; + @{$target{defines}} = grep !/^[BL]_ENDIAN$/, @{$target{defines}}; } - $thread_cflags="-DOPENSSL_THREADS $cflags" ; - $thread_defines .= "#define OPENSSL_THREADS\n"; - } -else - { - $thread_cflags="-DOPENSSL_THREADS $thread_cflag $cflags"; - $thread_defines .= "#define OPENSSL_THREADS\n"; -# my $def; -# foreach $def (split ' ',$thread_cflag) -# { -# if ($def =~ s/^-D// && $def !~ /^_/) -# { -# $thread_defines .= "#define $def\n"; -# } -# } - } - -$lflags="$libs$lflags" if ($libs ne ""); - -if ($no_asm) - { - $cpuid_obj=$bn_obj=$ec_obj= - $des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj= - $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj=""; } -if (!$no_shared) - { - $cast_obj=""; # CAST assembler is not PIC - } +# If threads aren't disabled, check how possible they are +unless ($disabled{threads}) { + if ($auto_threads) { + # Enabled by default, disable it forcibly if unavailable + if ($target{thread_scheme} eq "(unknown)") { + $disabled{threads} = "unavailable"; + } + } else { + # The user chose to enable threads explicitly, let's see + # if there's a chance that's possible + if ($target{thread_scheme} eq "(unknown)") { + # If the user asked for "threads" and we don't have internal + # knowledge how to do it, [s]he is expected to provide any + # system-dependent compiler options that are necessary. We + # can't truly check that the given options are correct, but + # we expect the user to know what [s]He is doing. + if ($no_user_cflags && $no_user_defines) { + die "You asked for multi-threading support, but didn't\n" + ,"provide any system-specific compiler options\n"; + } + } + } +} -if ($threads) - { - $cflags=$thread_cflags; - $openssl_thread_defines .= $thread_defines; - } +# If threads still aren't disabled, add a C macro to ensure the source +# code knows about it. Any other flag is taken care of by the configs. +unless($disabled{threads}) { + foreach (("defines", "openssl_thread_defines")) { + push @{$config{$_}}, "OPENSSL_THREADS"; + } +} -if ($zlib) - { - $cflags = "-DZLIB $cflags"; - if (defined($disabled{"zlib-dynamic"})) - { - if (defined($withargs{"zlib-lib"})) - { - $lflags = "$lflags -L" . $withargs{"zlib-lib"} . " -lz"; - } - else - { - $lflags = "$lflags -lz"; - } - } - else - { - $cflags = "-DZLIB_SHARED $cflags"; - } - } +# With "deprecated" disable all deprecated features. +if (defined($disabled{"deprecated"})) { + $config{api} = $maxapi; +} -# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org -my $shared_mark = ""; -if ($shared_target eq "") +if ($target{shared_target} eq "") { - $no_shared_warn = 1 if !$no_shared; - $no_shared = 1; - } -if (!$no_shared) - { - if ($shared_cflag ne "") - { - $cflags = "$shared_cflag -DOPENSSL_PIC $cflags"; - } + $no_shared_warn = 1 + if ((!$disabled{shared} || !$disabled{"dynamic-engine"}) + && !$config{fips}); + $disabled{shared} = "no-shared-target"; + $disabled{pic} = $disabled{shared} = $disabled{"dynamic-engine"} = + "no-shared-target"; } -if (!$IsMK1MF) - { - # add {no-}static-engine to options to allow mkdef.pl to work without extra arguments - if ($no_shared) - { - $openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n"; - $options.=" static-engine"; - } - else - { - $openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n"; - $options.=" no-static-engine"; - } - } +if ($disabled{"dynamic-engine"}) { + push @{$config{defines}}, "OPENSSL_NO_DYNAMIC_ENGINE"; + $config{dynamic_engines} = 0; +} else { + push @{$config{defines}}, "OPENSSL_NO_STATIC_ENGINE"; + $config{dynamic_engines} = 1; +} -$cpuid_obj.=" uplink.o uplink-x86.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/); +unless ($disabled{"fuzz-libfuzzer"}) { + $config{cflags} .= "-fsanitize-coverage=edge,indirect-calls "; +} + +unless ($disabled{asan}) { + $config{cflags} .= "-fsanitize=address "; +} +unless ($disabled{ubsan}) { + # -DPEDANTIC or -fnosanitize=alignment may also be required on some + # platforms. + $config{cflags} .= "-fsanitize=undefined -fno-sanitize-recover=all "; +} + +unless ($disabled{msan}) { + $config{cflags} .= "-fsanitize=memory "; +} + +unless ($disabled{"fuzz-libfuzzer"} && $disabled{"fuzz-afl"} + && $disabled{asan} && $disabled{ubsan} && $disabled{msan}) { + $config{cflags} .= "-fno-omit-frame-pointer -g "; +} # # Platform fix-ups # -if ($target =~ /\-icc$/) # Intel C compiler - { - my $iccver=0; - if (open(FD,"$cc -V 2>&1 |")) - { - while() { $iccver=$1 if (/Version ([0-9]+)\./); } - close(FD); - } - if ($iccver>=8) - { - $cflags=~s/\-KPIC/-fPIC/; - # Eliminate unnecessary dependency from libirc.a. This is - # essential for shared library support, as otherwise - # apps/openssl can end up in endless loop upon startup... - $cflags.=" -Dmemcpy=__builtin_memcpy -Dmemset=__builtin_memset"; - } - if ($iccver>=9) - { - $lflags.=" -i-static"; - $lflags=~s/\-no_cpprt/-no-cpprt/; - } - if ($iccver>=10) - { - $lflags=~s/\-i\-static/-static-intel/; - } - if ($iccver>=11) - { - $cflags.=" -no-intel-extensions"; # disable Cilk - $lflags=~s/\-no\-cpprt/-no-cxxlib/; - } - } -# Unlike other OSes (like Solaris, Linux, Tru64, IRIX) BSD run-time -# linkers (tested OpenBSD, NetBSD and FreeBSD) "demand" RPATH set on -# .so objects. Apparently application RPATH is not global and does -# not apply to .so linked with other .so. Problem manifests itself -# when libssl.so fails to load libcrypto.so. One can argue that we -# should engrave this into Makefile.shared rules or into BSD-* config -# lines above. Meanwhile let's try to be cautious and pass -rpath to -# linker only when --prefix is not /usr. -if ($target =~ /^BSD\-/) +# This saves the build files from having to check +if ($disabled{pic}) { - $shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|); + $target{shared_cflag} = $target{shared_ldflag} = + $target{shared_rcflag} = ""; } - -if ($sys_id ne "") +else { - #$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags"; - $openssl_sys_defines="#define OPENSSL_SYSNAME_$sys_id\n"; + push @{$config{defines}}, "OPENSSL_PIC"; } -if ($ranlib eq "") +if ($target{sys_id} ne "") { - $ranlib = $default_ranlib; + push @{$config{openssl_sys_defines}}, "OPENSSL_SYS_$target{sys_id}"; } -#my ($bn1)=split(/\s+/,$bn_obj); -#$bn1 = "" unless defined $bn1; -#$bn1=$bn_asm unless ($bn1 =~ /\.o$/); -#$bn_obj="$bn1"; +unless ($disabled{asm}) { + $target{cpuid_asm_src}=$table{DEFAULTS}->{cpuid_asm_src} if ($config{processor} eq "386"); + $target{bn_asm_src} =~ s/\w+-gf2m.c// if (defined($disabled{ec2m})); + + # bn-586 is the only one implementing bn_*_part_words + push @{$config{defines}}, "OPENSSL_BN_ASM_PART_WORDS" if ($target{bn_asm_src} =~ /bn-586/); + push @{$config{defines}}, "OPENSSL_IA32_SSE2" if (!$no_sse2 && $target{bn_asm_src} =~ /86/); + + push @{$config{defines}}, "OPENSSL_BN_ASM_MONT" if ($target{bn_asm_src} =~ /-mont/); + push @{$config{defines}}, "OPENSSL_BN_ASM_MONT5" if ($target{bn_asm_src} =~ /-mont5/); + push @{$config{defines}}, "OPENSSL_BN_ASM_GF2m" if ($target{bn_asm_src} =~ /-gf2m/); + + if ($config{fips}) { + push @{$config{openssl_other_defines}}, "OPENSSL_FIPS"; + } + + if ($target{sha1_asm_src}) { + push @{$config{defines}}, "SHA1_ASM" if ($target{sha1_asm_src} =~ /sx86/ || $target{sha1_asm_src} =~ /sha1/); + push @{$config{defines}}, "SHA256_ASM" if ($target{sha1_asm_src} =~ /sha256/); + push @{$config{defines}}, "SHA512_ASM" if ($target{sha1_asm_src} =~ /sha512/); + } + if ($target{rc4_asm_src} ne $table{DEFAULTS}->{rc4_asm_src}) { + push @{$config{defines}}, "RC4_ASM"; + } + if ($target{md5_asm_src}) { + push @{$config{defines}}, "MD5_ASM"; + } + $target{cast_asm_src}=$table{DEFAULTS}->{cast_asm_src} unless $disabled{pic}; # CAST assembler is not PIC + if ($target{rmd160_asm_src}) { + push @{$config{defines}}, "RMD160_ASM"; + } + if ($target{aes_asm_src}) { + push @{$config{defines}}, "AES_ASM" if ($target{aes_asm_src} =~ m/\baes-/);; + # aes-ctr.fake is not a real file, only indication that assembler + # module implements AES_ctr32_encrypt... + push @{$config{defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//); + # aes-xts.fake indicates presence of AES_xts_[en|de]crypt... + push @{$config{defines}}, "AES_XTS_ASM" if ($target{aes_asm_src} =~ s/\s*aes-xts\.fake//); + $target{aes_asm_src} =~ s/\s*(vpaes|aesni)-x86\.s//g if ($no_sse2); + push @{$config{defines}}, "VPAES_ASM" if ($target{aes_asm_src} =~ m/vpaes/); + push @{$config{defines}}, "BSAES_ASM" if ($target{aes_asm_src} =~ m/bsaes/); + } + if ($target{wp_asm_src} =~ /mmx/) { + if ($config{processor} eq "386") { + $target{wp_asm_src}=$table{DEFAULTS}->{wp_asm_src}; + } elsif (!$disabled{"whirlpool"}) { + push @{$config{defines}}, "WHIRLPOOL_ASM"; + } + } + if ($target{modes_asm_src} =~ /ghash-/) { + push @{$config{defines}}, "GHASH_ASM"; + } + if ($target{ec_asm_src} =~ /ecp_nistz256/) { + push @{$config{defines}}, "ECP_NISTZ256_ASM"; + } + if ($target{padlock_asm_src} ne $table{DEFAULTS}->{padlock_asm_src}) { + push @{$config{defines}}, "PADLOCK_ASM"; + } + if ($target{poly1305_asm_src} ne "") { + push @{$config{defines}}, "POLY1305_ASM"; + } +} -$cpuid_obj="" if ($processor eq "386"); +my %predefined; -$bn_obj = $bn_asm unless $bn_obj ne ""; -# bn-586 is the only one implementing bn_*_part_words -$cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn-586/); -$cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /86/); +if ($^O ne "VMS") { + my $cc = "$config{cross_compile_prefix}$target{cc}"; -$cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /-mont/); -$cflags.=" -DOPENSSL_BN_ASM_MONT5" if ($bn_obj =~ /-mont5/); -$cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($bn_obj =~ /-gf2m/); + # collect compiler pre-defines from gcc or gcc-alike... + open(PIPE, "$cc -dM -E -x c /dev/null 2>&1 |"); + while () { + m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last; + $predefined{$1} = $2 // ""; + } + close(PIPE); -if ($fips) - { - $openssl_other_defines.="#define OPENSSL_FIPS\n"; - $cflags .= " -I\$(FIPSDIR)/include"; + if (!$disabled{makedepend}) { + # We know that GNU C version 3 and up as well as all clang + # versions support dependency generation + if ($predefined{__GNUC__} >= 3) { + $config{makedepprog} = $cc; + } else { + $config{makedepprog} = which('makedepend'); + $disabled{makedepend} = "unavailable" unless $config{makedepprog}; } + } +} -$cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/); -$des_obj=$des_enc unless ($des_obj =~ /\.o$/); -$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); -$cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/); -$rc4_obj=$rc4_enc unless ($rc4_obj =~ /\.o$/); -$rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/); -if ($sha1_obj =~ /\.o$/) - { -# $sha1_obj=$sha1_enc; - $cflags.=" -DSHA1_ASM" if ($sha1_obj =~ /sx86/ || $sha1_obj =~ /sha1/); - $cflags.=" -DSHA256_ASM" if ($sha1_obj =~ /sha256/); - $cflags.=" -DSHA512_ASM" if ($sha1_obj =~ /sha512/); - if ($sha1_obj =~ /sse2/) - { if ($no_sse2) - { $sha1_obj =~ s/\S*sse2\S+//; } - elsif ($cflags !~ /OPENSSL_IA32_SSE2/) - { $cflags.=" -DOPENSSL_IA32_SSE2"; } - } - } -if ($md5_obj =~ /\.o$/) - { -# $md5_obj=$md5_enc; - $cflags.=" -DMD5_ASM"; - } -if ($rmd160_obj =~ /\.o$/) - { -# $rmd160_obj=$rmd160_enc; - $cflags.=" -DRMD160_ASM"; - } -if ($aes_obj =~ /\.o$/) - { - $cflags.=" -DAES_ASM" if ($aes_obj =~ m/\baes\-/);; - # aes-ctr.o is not a real file, only indication that assembler - # module implements AES_ctr32_encrypt... - $cflags.=" -DAES_CTR_ASM" if ($aes_obj =~ s/\s*aes\-ctr\.o//); - # aes-xts.o indicates presense of AES_xts_[en|de]crypt... - $cflags.=" -DAES_XTS_ASM" if ($aes_obj =~ s/\s*aes\-xts\.o//); - $aes_obj =~ s/\s*(vpaes|aesni)\-x86\.o//g if ($no_sse2); - $cflags.=" -DVPAES_ASM" if ($aes_obj =~ m/vpaes/); - $cflags.=" -DBSAES_ASM" if ($aes_obj =~ m/bsaes/); - } -else { - $aes_obj=$aes_enc; - } -$wp_obj="" if ($wp_obj =~ /mmx/ && $processor eq "386"); -if ($wp_obj =~ /\.o$/ && !$disabled{"whirlpool"}) - { - $cflags.=" -DWHIRLPOOL_ASM"; - } -else { - $wp_obj="wp_block.o"; - } -$cmll_obj=$cmll_enc unless ($cmll_obj =~ /.o$/); -if ($modes_obj =~ /ghash\-/) - { - $cflags.=" -DGHASH_ASM"; - } -if ($ec_obj =~ /ecp_nistz256/) - { - $cflags.=" -DECP_NISTZ256_ASM"; - } -# "Stringify" the C flags string. This permits it to be made part of a string -# and works as well on command lines. -$cflags =~ s/([\\\"])/\\\1/g; - -my $version = "unknown"; -my $version_num = "unknown"; -my $major = "unknown"; -my $minor = "unknown"; -my $shlib_version_number = "unknown"; -my $shlib_version_history = "unknown"; -my $shlib_major = "unknown"; -my $shlib_minor = "unknown"; - -open(IN,') - { - $version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /; - $version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/; - $shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/; - $shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/; - } -close(IN); -if ($shlib_version_history ne "") { $shlib_version_history .= ":"; } -if ($version =~ /(^[0-9]*)\.([0-9\.]*)/) - { - $major=$1; - $minor=$2; - } +# Deal with bn_ops ################################################### -if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/) - { - $shlib_major=$1; - $shlib_minor=$2; - } +$config{bn_ll} =0; +$config{export_var_as_fn} =0; +my $def_int="unsigned int"; +$config{rc4_int} =$def_int; +($config{b64l},$config{b64},$config{b32})=(0,0,1); + +my $count = 0; +foreach (sort split(/\s+/,$target{bn_ops})) { + $count++ if /SIXTY_FOUR_BIT|SIXTY_FOUR_BIT_LONG|THIRTY_TWO_BIT/; + $config{export_var_as_fn}=1 if $_ eq 'EXPORT_VAR_AS_FN'; + $config{bn_ll}=1 if $_ eq 'BN_LLONG'; + $config{rc4_int}="unsigned char" if $_ eq 'RC4_CHAR'; + ($config{b64l},$config{b64},$config{b32}) + =(0,1,0) if $_ eq 'SIXTY_FOUR_BIT'; + ($config{b64l},$config{b64},$config{b32}) + =(1,0,0) if $_ eq 'SIXTY_FOUR_BIT_LONG'; + ($config{b64l},$config{b64},$config{b32}) + =(0,0,1) if $_ eq 'THIRTY_TWO_BIT'; +} +die "Exactly one of SIXTY_FOUR_BIT|SIXTY_FOUR_BIT_LONG|THIRTY_TWO_BIT can be set in bn_ops\n" + if $count > 1; -my $ecc = $cc; -$ecc = "clang" if `$cc --version 2>&1` =~ /clang/; + +# Hack cflags for better warnings (dev option) ####################### + +# "Stringify" the C flags string. This permits it to be made part of a string +# and works as well on command lines. +$config{cflags} =~ s/([\\\"])/\\$1/g; + +if (defined($config{api})) { + $config{openssl_api_defines} = [ "OPENSSL_MIN_API=".$apitable->{$config{api}} ]; + my $apiflag = sprintf("OPENSSL_API_COMPAT=%s", $apitable->{$config{api}}); + push @{$config{defines}}, $apiflag; +} if ($strict_warnings) { my $wopt; - die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/); + die "ERROR --strict-warnings requires gcc or gcc-alike" + unless defined($predefined{__GNUC__}); foreach $wopt (split /\s+/, $gcc_devteam_warn) { - $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) + $config{cflags} .= " $wopt" unless ($config{cflags} =~ /(?:^|\s)$wopt(?:\s|$)/) } - if ($ecc eq "clang") + if (defined($predefined{__clang__})) { foreach $wopt (split /\s+/, $clang_devteam_warn) { - $cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/) + $config{cflags} .= " $wopt" unless ($config{cflags} =~ /(?:^|\s)$wopt(?:\s|$)/) } } } -open(IN,'$Makefile.new") || die "unable to create $Makefile.new:$!\n"; -print OUT "### Generated automatically from Makefile.org by Configure.\n\n"; -my $sdirs=0; -while () +unless ($disabled{"crypto-mdebug-backtrace"}) { - chomp; - $sdirs = 1 if /^SDIRS=/; - if ($sdirs) { - my $dir; - foreach $dir (@skip) { - s/(\s)$dir /$1/; - s/\s$dir$//; - } - } - $sdirs = 0 unless /\\$/; - s/engines // if (/^DIRS=/ && $disabled{"engine"}); - s/ccgost// if (/^ENGDIRS=/ && $disabled{"gost"}); - s/^VERSION=.*/VERSION=$version/; - s/^MAJOR=.*/MAJOR=$major/; - s/^MINOR=.*/MINOR=$minor/; - s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/; - s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/; - s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/; - s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/; - s/^SHLIB_EXT=.*/SHLIB_EXT=$shared_extension/; - s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/; - s/^MULTILIB=.*$/MULTILIB=$multilib/; - s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/; - s/^LIBDIR=.*$/LIBDIR=$libdir/; - s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/; - s/^PLATFORM=.*$/PLATFORM=$target/; - s/^OPTIONS=.*$/OPTIONS=$options/; - s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/; - if ($cross_compile_prefix) - { - s/^CC=.*$/CROSS_COMPILE= $cross_compile_prefix\nCC= \$\(CROSS_COMPILE\)$cc/; - s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/; - s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/; - s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc"; - } - else { - s/^CC=.*$/CC= $cc/; - s/^AR=\s*ar/AR= $ar/; - s/^RANLIB=.*/RANLIB= $ranlib/; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang"; - } - s/^CFLAG=.*$/CFLAG= $cflags/; - s/^DEPFLAG=.*$/DEPFLAG=$depflags/; - s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/; - s/^EX_LIBS=.*$/EX_LIBS= $lflags/; - s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/; - s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/; - s/^BN_ASM=.*$/BN_ASM= $bn_obj/; - s/^EC_ASM=.*$/EC_ASM= $ec_obj/; - s/^DES_ENC=.*$/DES_ENC= $des_obj/; - s/^AES_ENC=.*$/AES_ENC= $aes_obj/; - s/^BF_ENC=.*$/BF_ENC= $bf_obj/; - s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/; - s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/; - s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/; - s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/; - s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/; - s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/; - s/^WP_ASM_OBJ=.*$/WP_ASM_OBJ= $wp_obj/; - s/^CMLL_ENC=.*$/CMLL_ENC= $cmll_obj/; - s/^MODES_ASM_OBJ.=*$/MODES_ASM_OBJ= $modes_obj/; - s/^ENGINES_ASM_OBJ.=*$/ENGINES_ASM_OBJ= $engines_obj/; - s/^PERLASM_SCHEME=.*$/PERLASM_SCHEME= $perlasm_scheme/; - s/^PROCESSOR=.*/PROCESSOR= $processor/; - s/^ARFLAGS=.*/ARFLAGS= $arflags/; - s/^PERL=.*/PERL= $perl/; - s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/; - s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; - s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/; - s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/; - - s/^FIPSDIR=.*/FIPSDIR=$fipsdir/; - s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; - s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips; - s/^BASEADDR=.*/BASEADDR=$baseaddr/; - - s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; - s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; - s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); - if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/) - { - my $sotmp = $1; - s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/; - } - elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.dylib$/) + foreach my $wopt (split /\s+/, $memleak_devteam_backtrace) { - s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.dylib/; + $config{cflags} .= " $wopt" unless ($config{cflags} =~ /(?:^|\s)$wopt(?:\s|$)/) } - elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) + if ($target =~ /^BSD-/) { - my $sotmp = $1; - s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; + $config{ex_libs} .= " -lexecinfo"; } - elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/) - { - s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/; - } - s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/; - print OUT $_."\n"; - } -close(IN); -close(OUT); -rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile; -rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n"; - -print "CC =$cc\n"; -print "CFLAG =$cflags\n"; -print "EX_LIBS =$lflags\n"; -print "CPUID_OBJ =$cpuid_obj\n"; -print "BN_ASM =$bn_obj\n"; -print "EC_ASM =$ec_obj\n"; -print "DES_ENC =$des_obj\n"; -print "AES_ENC =$aes_obj\n"; -print "BF_ENC =$bf_obj\n"; -print "CAST_ENC =$cast_obj\n"; -print "RC4_ENC =$rc4_obj\n"; -print "RC5_ENC =$rc5_obj\n"; -print "MD5_OBJ_ASM =$md5_obj\n"; -print "SHA1_OBJ_ASM =$sha1_obj\n"; -print "RMD160_OBJ_ASM=$rmd160_obj\n"; -print "CMLL_ENC =$cmll_obj\n"; -print "MODES_OBJ =$modes_obj\n"; -print "ENGINES_OBJ =$engines_obj\n"; -print "PROCESSOR =$processor\n"; -print "RANLIB =$ranlib\n"; -print "ARFLAGS =$arflags\n"; -print "PERL =$perl\n"; -print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n" - if $withargs{"krb5-include"} ne ""; - -my $des_ptr=0; -my $des_risc1=0; -my $des_risc2=0; -my $des_unroll=0; -my $bn_ll=0; -my $def_int=2; -my $rc4_int=$def_int; -my $md2_int=$def_int; -my $idea_int=$def_int; -my $rc2_int=$def_int; -my $rc4_idx=0; -my $rc4_chunk=0; -my $bf_ptr=0; -my @type=("char","short","int","long"); -my ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0); -my $export_var_as_fn=0; - -my $des_int; - -foreach (sort split(/\s+/,$bn_ops)) - { - $des_ptr=1 if /DES_PTR/; - $des_risc1=1 if /DES_RISC1/; - $des_risc2=1 if /DES_RISC2/; - $des_unroll=1 if /DES_UNROLL/; - $des_int=1 if /DES_INT/; - $bn_ll=1 if /BN_LLONG/; - $rc4_int=0 if /RC4_CHAR/; - $rc4_int=3 if /RC4_LONG/; - $rc4_idx=1 if /RC4_INDEX/; - $rc4_chunk=1 if /RC4_CHUNK/; - $rc4_chunk=2 if /RC4_CHUNK_LL/; - $md2_int=0 if /MD2_CHAR/; - $md2_int=3 if /MD2_LONG/; - $idea_int=1 if /IDEA_SHORT/; - $idea_int=3 if /IDEA_LONG/; - $rc2_int=1 if /RC2_SHORT/; - $rc2_int=3 if /RC2_LONG/; - $bf_ptr=1 if $_ eq "BF_PTR"; - $bf_ptr=2 if $_ eq "BF_PTR2"; - ($b64l,$b64,$b32,$b16,$b8)=(0,1,0,0,0) if /SIXTY_FOUR_BIT/; - ($b64l,$b64,$b32,$b16,$b8)=(1,0,0,0,0) if /SIXTY_FOUR_BIT_LONG/; - ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0) if /THIRTY_TWO_BIT/; - ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,1,0) if /SIXTEEN_BIT/; - ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/; - $export_var_as_fn=1 if /EXPORT_VAR_AS_FN/; } -open(IN,'crypto/opensslconf.h.new') || die "unable to create crypto/opensslconf.h.new:$!\n"; -print OUT "/* opensslconf.h */\n"; -print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n"; - -print OUT "#ifdef __cplusplus\n"; -print OUT "extern \"C\" {\n"; -print OUT "#endif\n"; -print OUT "/* OpenSSL was configured with the following options: */\n"; -my $openssl_algorithm_defines_trans = $openssl_algorithm_defines; -$openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n# endif\n#endif/mg; -$openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n# define $1\n# endif/mg; -$openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; -$openssl_algorithm_defines = " /* no ciphers excluded */\n" if $openssl_algorithm_defines eq ""; -$openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; -$openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; -$openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; -print OUT $openssl_sys_defines; -print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n"; -print OUT $openssl_experimental_defines; -print OUT "\n"; -print OUT $openssl_algorithm_defines; -print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n\n"; -print OUT $openssl_thread_defines; -print OUT $openssl_other_defines,"\n"; - -print OUT "/* The OPENSSL_NO_* macros are also defined as NO_* if the application\n"; -print OUT " asks for it. This is a transient feature that is provided for those\n"; -print OUT " who haven't had the time to do the appropriate changes in their\n"; -print OUT " applications. */\n"; -print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n"; -print OUT $openssl_algorithm_defines_trans; -print OUT "#endif\n\n"; - -print OUT "#define OPENSSL_CPUID_OBJ\n\n" if ($cpuid_obj ne "mem_clr.o"); - -while () - { - if (/^#define\s+OPENSSLDIR/) - { - my $foo = $openssldir; - $foo =~ s/\\/\\\\/g; - print OUT "#define OPENSSLDIR \"$foo\"\n"; - } - elsif (/^#define\s+ENGINESDIR/) - { - my $foo = "$prefix/$libdir/engines"; - $foo =~ s/\\/\\\\/g; - print OUT "#define ENGINESDIR \"$foo\"\n"; - } - elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/) - { printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n" - if $export_var_as_fn; - printf OUT "#%s OPENSSL_EXPORT_VAR_AS_FUNCTION\n", - ($export_var_as_fn)?"define":"undef"; } - elsif (/^#define\s+OPENSSL_UNISTD/) - { - $unistd = "" if $unistd eq ""; - print OUT "#define OPENSSL_UNISTD $unistd\n"; - } - elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/) - { printf OUT "#%s SIXTY_FOUR_BIT_LONG\n",($b64l)?"define":"undef"; } - elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT/) - { printf OUT "#%s SIXTY_FOUR_BIT\n",($b64)?"define":"undef"; } - elsif (/^#((define)|(undef))\s+THIRTY_TWO_BIT/) - { printf OUT "#%s THIRTY_TWO_BIT\n",($b32)?"define":"undef"; } - elsif (/^#((define)|(undef))\s+SIXTEEN_BIT/) - { printf OUT "#%s SIXTEEN_BIT\n",($b16)?"define":"undef"; } - elsif (/^#((define)|(undef))\s+EIGHT_BIT/) - { printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; } - elsif (/^#((define)|(undef))\s+BN_LLONG\s*$/) - { printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; } - elsif (/^\#define\s+DES_LONG\s+.*/) - { printf OUT "#define DES_LONG unsigned %s\n", - ($des_int)?'int':'long'; } - elsif (/^\#(define|undef)\s+DES_PTR/) - { printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; } - elsif (/^\#(define|undef)\s+DES_RISC1/) - { printf OUT "#%s DES_RISC1\n",($des_risc1)?'define':'undef'; } - elsif (/^\#(define|undef)\s+DES_RISC2/) - { printf OUT "#%s DES_RISC2\n",($des_risc2)?'define':'undef'; } - elsif (/^\#(define|undef)\s+DES_UNROLL/) - { printf OUT "#%s DES_UNROLL\n",($des_unroll)?'define':'undef'; } - elsif (/^#define\s+RC4_INT\s/) - { printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; } - elsif (/^#undef\s+RC4_CHUNK/) - { - printf OUT "#undef RC4_CHUNK\n" if $rc4_chunk==0; - printf OUT "#define RC4_CHUNK unsigned long\n" if $rc4_chunk==1; - printf OUT "#define RC4_CHUNK unsigned long long\n" if $rc4_chunk==2; +if ($user_cflags ne "") { $config{cflags}="$config{cflags}$user_cflags"; } +else { $no_user_cflags=1; } +if (@user_defines) { $config{defines}=[ @{$config{defines}}, @user_defines ]; } +else { $no_user_defines=1; } + +# ALL MODIFICATIONS TO %config and %target MUST BE DONE FROM HERE ON + +unless ($disabled{afalgeng}) { + $config{afalgeng}=""; + if ($target =~ m/^linux/) { + my $minver = 4*10000 + 1*100 + 0; + if ($config{cross_compile_prefix} eq "") { + my $verstr = `uname -r`; + my ($ma, $mi1, $mi2) = split("\\.", $verstr); + ($mi2) = $mi2 =~ /(\d+)/; + my $ver = $ma*10000 + $mi1*100 + $mi2; + if ($ver < $minver) { + $disabled{afalgeng} = "too-old-kernel"; + } else { + push @{$config{engdirs}}, "afalg"; + } + } else { + $disabled{afalgeng} = "cross-compiling"; + } + } else { + $disabled{afalgeng} = "not-linux"; + } +} + +push @{$config{openssl_other_defines}}, "OPENSSL_NO_AFALGENG" if ($disabled{afalgeng}); + +# If we use the unified build, collect information from build.info files +my %unified_info = (); + +my $buildinfo_debug = defined($ENV{CONFIGURE_DEBUG_BUILDINFO}); +if ($builder eq "unified") { + use lib catdir(dirname(__FILE__),"util"); + use with_fallback qw(Text::Template); + + sub cleandir { + my $base = shift; + my $dir = shift; + my $relativeto = shift || "."; + + $dir = catdir($base,$dir) unless isabsolute($dir); + + # Make sure the directories we're building in exists + mkpath($dir); + + my $res = abs2rel(absolutedir($dir), rel2abs($relativeto)); + #print STDERR "DEBUG[cleandir]: $dir , $base => $res\n"; + return $res; + } + + sub cleanfile { + my $base = shift; + my $file = shift; + my $relativeto = shift || "."; + + $file = catfile($base,$file) unless isabsolute($file); + + my $d = dirname($file); + my $f = basename($file); + + # Make sure the directories we're building in exists + mkpath($d); + + my $res = abs2rel(catfile(absolutedir($d), $f), rel2abs($relativeto)); + #print STDERR "DEBUG[cleanfile]: $d , $f => $res\n"; + return $res; + } + + # Store the name of the template file we will build the build file from + # in %config. This may be useful for the build file itself. + my @build_file_template_names = + ( $builder_platform."-".$target{build_file}.".tmpl", + $target{build_file}.".tmpl" ); + my @build_file_templates = (); + + # First, look in the user provided directory, if given + if (defined $ENV{$local_config_envname}) { + @build_file_templates = + map { + if ($^O eq 'VMS') { + # VMS environment variables are logical names, + # which can be used as is + $local_config_envname . ':' . $_; + } else { + catfile($ENV{$local_config_envname}, $_); } - elsif (/^#((define)|(undef))\s+RC4_INDEX/) - { printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; } - elsif (/^#(define|undef)\s+I386_ONLY/) - { printf OUT "#%s I386_ONLY\n", ($processor eq "386")? - "define":"undef"; } - elsif (/^#define\s+MD2_INT\s/) - { printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; } - elsif (/^#define\s+IDEA_INT\s/) - {printf OUT "#define IDEA_INT unsigned %s\n",$type[$idea_int];} - elsif (/^#define\s+RC2_INT\s/) - {printf OUT "#define RC2_INT unsigned %s\n",$type[$rc2_int];} - elsif (/^#(define|undef)\s+BF_PTR/) - { - printf OUT "#undef BF_PTR\n" if $bf_ptr == 0; - printf OUT "#define BF_PTR\n" if $bf_ptr == 1; - printf OUT "#define BF_PTR2\n" if $bf_ptr == 2; - } - else - { print OUT $_; } - } -close(IN); -print OUT "#ifdef __cplusplus\n"; -print OUT "}\n"; -print OUT "#endif\n"; -close(OUT); -rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h"; -rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n"; - - -# Fix the date - -print "SIXTY_FOUR_BIT_LONG mode\n" if $b64l; -print "SIXTY_FOUR_BIT mode\n" if $b64; -print "THIRTY_TWO_BIT mode\n" if $b32; -print "SIXTEEN_BIT mode\n" if $b16; -print "EIGHT_BIT mode\n" if $b8; -print "DES_PTR used\n" if $des_ptr; -print "DES_RISC1 used\n" if $des_risc1; -print "DES_RISC2 used\n" if $des_risc2; -print "DES_UNROLL used\n" if $des_unroll; -print "DES_INT used\n" if $des_int; -print "BN_LLONG mode\n" if $bn_ll; -print "RC4 uses u$type[$rc4_int]\n" if $rc4_int != $def_int; -print "RC4_INDEX mode\n" if $rc4_idx; -print "RC4_CHUNK is undefined\n" if $rc4_chunk==0; -print "RC4_CHUNK is unsigned long\n" if $rc4_chunk==1; -print "RC4_CHUNK is unsigned long long\n" if $rc4_chunk==2; -print "MD2 uses u$type[$md2_int]\n" if $md2_int != $def_int; -print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int; -print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int; -print "BF_PTR used\n" if $bf_ptr == 1; -print "BF_PTR2 used\n" if $bf_ptr == 2; - -if($IsMK1MF) { - open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h"; - printf OUT <[0]); + my $buildd = catdir($blddir, $_->[0]); + + mkpath($buildd); + + my $f = $_->[1]; + # The basic things we're trying to build + my @programs = (); + my @programs_install = (); + my @libraries = (); + my @libraries_install = (); + my @engines = (); + my @engines_install = (); + my @scripts = (); + my @scripts_install = (); + my @extra = (); + my @overrides = (); + my @intermediates = (); + my @rawlines = (); + + my %ordinals = (); + my %sources = (); + my %shared_sources = (); + my %includes = (); + my %depends = (); + my %renames = (); + my %sharednames = (); + my %generate = (); + + push @{$config{build_infos}}, catfile(abs2rel($sourced, $blddir), $f); + my $template = Text::Template->new(TYPE => 'FILE', + SOURCE => catfile($sourced, $f)); + die "Something went wrong with $sourced/$f: $!\n" unless $template; + my @text = + split /^/m, + $template->fill_in(HASH => { config => \%config, + target => \%target, + disabled => \%disabled, + withargs => \%withargs, + builddir => abs2rel($buildd, $blddir), + sourcedir => abs2rel($sourced, $blddir), + buildtop => abs2rel($blddir, $blddir), + sourcetop => abs2rel($srcdir, $blddir) }, + DELIMITERS => [ "{-", "-}" ]); + + # The top item of this stack has the following values + # -2 positive already run and we found ELSE (following ELSIF should fail) + # -1 positive already run (skip until ENDIF) + # 0 negatives so far (if we're at a condition, check it) + # 1 last was positive (don't skip lines until next ELSE, ELSIF or ENDIF) + # 2 positive ELSE (following ELSIF should fail) + my @skip = (); + collect_information( + collect_from_array([ @text ], + qr/\\$/ => sub { my $l1 = shift; my $l2 = shift; + $l1 =~ s/\\$//; $l1.$l2 }), + # Info we're looking for + qr/^\s*IF\[((?:\\.|[^\\\]])*)\]\s*$/ + => sub { + if (! @skip || $skip[$#skip] > 0) { + push @skip, !! $1; + } else { + push @skip, -1; + } + }, + qr/^\s*ELSIF\[((?:\\.|[^\\\]])*)\]\s*$/ + => sub { die "ELSIF out of scope" if ! @skip; + die "ELSIF following ELSE" if abs($skip[$#skip]) == 2; + $skip[$#skip] = -1 if $skip[$#skip] != 0; + $skip[$#skip] = !! $1 + if $skip[$#skip] == 0; }, + qr/^\s*ELSE\s*$/ + => sub { die "ELSE out of scope" if ! @skip; + $skip[$#skip] = -2 if $skip[$#skip] != 0; + $skip[$#skip] = 2 if $skip[$#skip] == 0; }, + qr/^\s*ENDIF\s*$/ + => sub { die "ENDIF out of scope" if ! @skip; + pop @skip; }, + qr/^\s*PROGRAMS(_NO_INST)?\s*=\s*(.*)\s*$/ + => sub { + if (!@skip || $skip[$#skip] > 0) { + my $install = $1; + my @x = tokenize($2); + push @programs, @x; + push @programs_install, @x unless $install; + } + }, + qr/^\s*LIBS(_NO_INST)?\s*=\s*(.*)\s*$/ + => sub { + if (!@skip || $skip[$#skip] > 0) { + my $install = $1; + my @x = tokenize($2); + push @libraries, @x; + push @libraries_install, @x unless $install; + } + }, + qr/^\s*ENGINES(_NO_INST)?\s*=\s*(.*)\s*$/ + => sub { + if (!@skip || $skip[$#skip] > 0) { + my $install = $1; + my @x = tokenize($2); + push @engines, @x; + push @engines_install, @x unless $install; + } + }, + qr/^\s*SCRIPTS(_NO_INST)?\s*=\s*(.*)\s*$/ + => sub { + if (!@skip || $skip[$#skip] > 0) { + my $install = $1; + my @x = tokenize($2); + push @scripts, @x; + push @scripts_install, @x unless $install; + } + }, + qr/^\s*EXTRA\s*=\s*(.*)\s*$/ + => sub { push @extra, tokenize($1) + if !@skip || $skip[$#skip] > 0 }, + qr/^\s*OVERRIDES\s*=\s*(.*)\s*$/ + => sub { push @overrides, tokenize($1) + if !@skip || $skip[$#skip] > 0 }, + + qr/^\s*ORDINALS\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/, + => sub { push @{$ordinals{$1}}, tokenize($2) + if !@skip || $skip[$#skip] > 0 }, + qr/^\s*SOURCE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/ + => sub { push @{$sources{$1}}, tokenize($2) + if !@skip || $skip[$#skip] > 0 }, + qr/^\s*SHARED_SOURCE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/ + => sub { push @{$shared_sources{$1}}, tokenize($2) + if !@skip || $skip[$#skip] > 0 }, + qr/^\s*INCLUDE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/ + => sub { push @{$includes{$1}}, tokenize($2) + if !@skip || $skip[$#skip] > 0 }, + qr/^\s*DEPEND\[((?:\\.|[^\\\]])*)\]\s*=\s*(.*)\s*$/ + => sub { push @{$depends{$1}}, tokenize($2) + if !@skip || $skip[$#skip] > 0 }, + qr/^\s*GENERATE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/ + => sub { push @{$generate{$1}}, $2 + if !@skip || $skip[$#skip] > 0 }, + qr/^\s*RENAME\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/ + => sub { push @{$renames{$1}}, tokenize($2) + if !@skip || $skip[$#skip] > 0 }, + qr/^\s*SHARED_NAME\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/ + => sub { push @{$sharednames{$1}}, tokenize($2) + if !@skip || $skip[$#skip] > 0 }, + qr/^\s*BEGINRAW\[((?:\\.|[^\\\]])+)\]\s*$/ + => sub { + my $lineiterator = shift; + my $target_kind = $1; + while (defined $lineiterator->()) { + s|\R$||; + if (/^\s*ENDRAW\[((?:\\.|[^\\\]])+)\]\s*$/) { + die "ENDRAW doesn't match BEGINRAW" + if $1 ne $target_kind; + last; + } + next if @skip && $skip[$#skip] <= 0; + push @rawlines, $_ + if ($target_kind eq $target{build_file} + || $target_kind eq $target{build_file}."(".$builder_platform.")"); + } + }, + qr/^(?:#.*|\s*)$/ => sub { }, + "OTHERWISE" => sub { die "Something wrong with this line:\n$_\nat $sourced/$f" }, + "BEFORE" => sub { + if ($buildinfo_debug) { + print STDERR "DEBUG: Parsing ",join(" ", @_),"\n"; + print STDERR "DEBUG: ... before parsing, skip stack is ",join(" ", map { int($_) } @skip),"\n"; + } + }, + "AFTER" => sub { + if ($buildinfo_debug) { + print STDERR "DEBUG: .... after parsing, skip stack is ",join(" ", map { int($_) } @skip),"\n"; + } + }, + ); + die "runaway IF?" if (@skip); + + foreach (keys %renames) { + die "$_ renamed to more than one thing: " + ,join(" ", @{$renames{$_}}),"\n" + if scalar @{$renames{$_}} > 1; + my $dest = cleanfile($buildd, $_, $blddir); + my $to = cleanfile($buildd, $renames{$_}->[0], $blddir); + die "$dest renamed to more than one thing: " + ,$unified_info{rename}->{$dest}, $to + unless !defined($unified_info{rename}->{$dest}) + or $unified_info{rename}->{$dest} eq $to; + $unified_info{rename}->{$dest} = $to; + } + + foreach (@programs) { + my $program = cleanfile($buildd, $_, $blddir); + if ($unified_info{rename}->{$program}) { + $program = $unified_info{rename}->{$program}; + } + $unified_info{programs}->{$program} = 1; + } + + foreach (@programs_install) { + my $program = cleanfile($buildd, $_, $blddir); + if ($unified_info{rename}->{$program}) { + $program = $unified_info{rename}->{$program}; + } + $unified_info{install}->{programs}->{$program} = 1; + } + + foreach (@libraries) { + my $library = cleanfile($buildd, $_, $blddir); + if ($unified_info{rename}->{$library}) { + $library = $unified_info{rename}->{$library}; + } + $unified_info{libraries}->{$library} = 1; + } + + foreach (@libraries_install) { + my $library = cleanfile($buildd, $_, $blddir); + if ($unified_info{rename}->{$library}) { + $library = $unified_info{rename}->{$library}; + } + $unified_info{install}->{libraries}->{$library} = 1; + } + + die <<"EOF" if scalar @engines and !$config{dynamic_engines}; +ENGINES can only be used if configured with 'dynamic-engine'. +This is usually a fault in a build.info file. EOF - close(OUT); -} else { - my $make_command = "$make PERL=\'$perl\'"; - my $make_targets = ""; - $make_targets .= " links" if $symlink; - $make_targets .= " depend" if $depflags ne $default_depflags && $make_depend; - $make_targets .= " gentests" if $symlink; - (system $make_command.$make_targets) == 0 or exit $? - if $make_targets ne ""; - if ( $perl =~ m@^/@) { - &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";'); - &dofile("apps/CA.pl",$perl,'^#!/', '#!%s'); - } else { - # No path for Perl known ... - &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";'); - &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s'); - } - if ($depflags ne $default_depflags && !$make_depend) { - print <{$library}) { + $library = $unified_info{rename}->{$library}; + } + $unified_info{engines}->{$library} = 1; + } + + foreach (@engines_install) { + my $library = cleanfile($buildd, $_, $blddir); + if ($unified_info{rename}->{$library}) { + $library = $unified_info{rename}->{$library}; + } + $unified_info{install}->{engines}->{$library} = 1; + } + + foreach (@scripts) { + my $script = cleanfile($buildd, $_, $blddir); + if ($unified_info{rename}->{$script}) { + $script = $unified_info{rename}->{$script}; + } + $unified_info{scripts}->{$script} = 1; + } + + foreach (@scripts_install) { + my $script = cleanfile($buildd, $_, $blddir); + if ($unified_info{rename}->{$script}) { + $script = $unified_info{rename}->{$script}; + } + $unified_info{install}->{scripts}->{$script} = 1; + } + + foreach (@extra) { + my $extra = cleanfile($buildd, $_, $blddir); + $unified_info{extra}->{$extra} = 1; + } + + foreach (@overrides) { + my $override = cleanfile($buildd, $_, $blddir); + $unified_info{overrides}->{$override} = 1; + } + + push @{$unified_info{rawlines}}, @rawlines; + + unless ($disabled{shared}) { + # Check sharednames. + foreach (keys %sharednames) { + my $dest = cleanfile($buildd, $_, $blddir); + if ($unified_info{rename}->{$dest}) { + $dest = $unified_info{rename}->{$dest}; + } + die "shared_name for $dest with multiple values: " + ,join(" ", @{$sharednames{$_}}),"\n" + if scalar @{$sharednames{$_}} > 1; + my $to = cleanfile($buildd, $sharednames{$_}->[0], $blddir); + die "shared_name found for a library $dest that isn't defined\n" + unless $unified_info{libraries}->{$dest}; + die "shared_name for $dest with multiple values: " + ,$unified_info{sharednames}->{$dest}, ", ", $to + unless !defined($unified_info{sharednames}->{$dest}) + or $unified_info{sharednames}->{$dest} eq $to; + $unified_info{sharednames}->{$dest} = $to; + } + + # Additionally, we set up sharednames for libraries that don't + # have any, as themselves. + foreach (keys %{$unified_info{libraries}}) { + if (!defined $unified_info{sharednames}->{$_}) { + $unified_info{sharednames}->{$_} = $_ + } + } + } + + foreach (keys %ordinals) { + my $dest = $_; + my $ddest = cleanfile($buildd, $_, $blddir); + if ($unified_info{rename}->{$ddest}) { + $ddest = $unified_info{rename}->{$ddest}; + } + foreach (@{$ordinals{$dest}}) { + my %known_ordinals = + ( + crypto => + cleanfile($sourced, catfile("util", "libcrypto.num"), $blddir), + ssl => + cleanfile($sourced, catfile("util", "libssl.num"), $blddir) + ); + my $o = $known_ordinals{$_}; + die "Ordinals for $ddest defined more than once\n" + if $unified_info{ordinals}->{$ddest}; + $unified_info{ordinals}->{$ddest} = [ $_, $o ]; + } + } + + foreach (keys %sources) { + my $dest = $_; + my $ddest = cleanfile($buildd, $_, $blddir); + if ($unified_info{rename}->{$ddest}) { + $ddest = $unified_info{rename}->{$ddest}; + } + foreach (@{$sources{$dest}}) { + my $s = cleanfile($sourced, $_, $blddir); + + # If it isn't in the source tree, we assume it's generated + # in the build tree + if (! -f $s) { + $s = cleanfile($buildd, $_, $blddir); + } + # We recognise C and asm files + if ($s =~ /\.[csS]\b$/) { + (my $o = $_) =~ s/\.[csS]\b$/.o/; + $o = cleanfile($buildd, $o, $blddir); + $unified_info{sources}->{$ddest}->{$o} = 1; + $unified_info{sources}->{$o}->{$s} = 1; + } else { + $unified_info{sources}->{$ddest}->{$s} = 1; + } + } + } + + foreach (keys %shared_sources) { + my $dest = $_; + my $ddest = cleanfile($buildd, $_, $blddir); + if ($unified_info{rename}->{$ddest}) { + $ddest = $unified_info{rename}->{$ddest}; + } + foreach (@{$shared_sources{$dest}}) { + my $s = cleanfile($sourced, $_, $blddir); + + # If it isn't in the source tree, we assume it's generated + # in the build tree + if (! -f $s) { + $s = cleanfile($buildd, $_, $blddir); + } + # We recognise C and asm files + if ($s =~ /\.[csS]\b$/) { + (my $o = $_) =~ s/\.[csS]\b$/.o/; + $o = cleanfile($buildd, $o, $blddir); + $unified_info{shared_sources}->{$ddest}->{$o} = 1; + $unified_info{sources}->{$o}->{$s} = 1; + } else { + die "unrecognised source file type for shared library: $s\n"; + } + } + } + + foreach (keys %generate) { + my $dest = $_; + my $ddest = cleanfile($buildd, $_, $blddir); + if ($unified_info{rename}->{$ddest}) { + $ddest = $unified_info{rename}->{$ddest}; + } + die "more than one generator for $dest: " + ,join(" ", @{$generate{$_}}),"\n" + if scalar @{$generate{$_}} > 1; + my @generator = split /\s+/, $generate{$dest}->[0]; + $generator[0] = cleanfile($sourced, $generator[0], $blddir), + $unified_info{generate}->{$ddest} = [ @generator ]; + } + + foreach (keys %depends) { + my $dest = $_; + my $ddest = $dest eq "" ? "" : cleanfile($sourced, $_, $blddir); + + # If the destination doesn't exist in source, it can only be + # a generated file in the build tree. + if ($ddest ne "" && ! -f $ddest) { + $ddest = cleanfile($buildd, $_, $blddir); + if ($unified_info{rename}->{$ddest}) { + $ddest = $unified_info{rename}->{$ddest}; + } + } + foreach (@{$depends{$dest}}) { + my $d = cleanfile($sourced, $_, $blddir); + + # If we know it's generated, or assume it is because we can't + # find it in the source tree, we set file we depend on to be + # in the build tree rather than the source tree, and assume + # and that there are lines to build it in a BEGINRAW..ENDRAW + # section or in the Makefile template. + if (! -f $d + || (grep { $d eq $_ } + map { cleanfile($srcdir, $_, $blddir) } + grep { /\.h$/ } keys %{$unified_info{generate}})) { + $d = cleanfile($buildd, $_, $blddir); + } + # Take note if the file to depend on is being renamed + if ($unified_info{rename}->{$d}) { + $d = $unified_info{rename}->{$d}; + } + $unified_info{depends}->{$ddest}->{$d} = 1; + # If we depend on a header file or a perl module, let's make + # sure it can get included + if ($dest ne "" && $d =~ /\.(h|pm)$/) { + my $i = dirname($d); + push @{$unified_info{includes}->{$ddest}->{source}}, $i + unless grep { $_ eq $i } @{$unified_info{includes}->{$ddest}->{source}}; + } + } + } + + foreach (keys %includes) { + my $dest = $_; + my $ddest = cleanfile($sourced, $_, $blddir); + + # If the destination doesn't exist in source, it can only be + # a generated file in the build tree. + if (! -f $ddest) { + $ddest = cleanfile($buildd, $_, $blddir); + if ($unified_info{rename}->{$ddest}) { + $ddest = $unified_info{rename}->{$ddest}; + } + } + foreach (@{$includes{$dest}}) { + my $is = cleandir($sourced, $_, $blddir); + my $ib = cleandir($buildd, $_, $blddir); + push @{$unified_info{includes}->{$ddest}->{source}}, $is + unless grep { $_ eq $is } @{$unified_info{includes}->{$ddest}->{source}}; + push @{$unified_info{includes}->{$ddest}->{build}}, $ib + unless grep { $_ eq $ib } @{$unified_info{includes}->{$ddest}->{build}}; + } + } + } + + ### Make unified_info a bit more efficient + # One level structures + foreach (("programs", "libraries", "engines", "scripts", "extra", "overrides")) { + $unified_info{$_} = [ sort keys %{$unified_info{$_}} ]; + } + # Two level structures + foreach my $l1 (("install", "sources", "shared_sources", "ldadd", "depends")) { + foreach my $l2 (sort keys %{$unified_info{$l1}}) { + $unified_info{$l1}->{$l2} = + [ sort keys %{$unified_info{$l1}->{$l2}} ]; + } + } + # Includes + foreach my $dest (sort keys %{$unified_info{includes}}) { + if (defined($unified_info{includes}->{$dest}->{build})) { + my @source_includes = + ( @{$unified_info{includes}->{$dest}->{source}} ); + $unified_info{includes}->{$dest} = + [ @{$unified_info{includes}->{$dest}->{build}} ]; + foreach my $inc (@source_includes) { + push @{$unified_info{includes}->{$dest}}, $inc + unless grep { $_ eq $inc } @{$unified_info{includes}->{$dest}}; + } + } else { + $unified_info{includes}->{$dest} = + [ @{$unified_info{includes}->{$dest}->{source}} ]; + } + } +} + +# For the schemes that need it, we provide the old *_obj configs +# from the *_asm_obj ones +foreach (grep /_(asm|aux)_src$/, keys %target) { + my $src = $_; + (my $obj = $_) =~ s/_(asm|aux)_src$/_obj/; + ($target{$obj} = $target{$src}) =~ s/\.[csS]\b/.o/g; +} + +# Write down our configuration where it fits ######################### -Since you've disabled or enabled at least one algorithm, you need to do -the following before building: +open(OUT,">configdata.pm") || die "unable to create configdata.pm: $!\n"; +print OUT <<"EOF"; +package configdata; + +use strict; +use warnings; + +use Exporter; +#use vars qw(\@ISA \@EXPORT); +our \@ISA = qw(Exporter); +our \@EXPORT = qw(\%config \%target \%disabled \%withargs \%unified_info \@disablables); - make depend EOF - } +print OUT "our %config = (\n"; +foreach (sort keys %config) { + if (ref($config{$_}) eq "ARRAY") { + print OUT " ", $_, " => [ ", join(", ", + map { quotify("perl", $_) } + @{$config{$_}}), " ],\n"; + } else { + print OUT " ", $_, " => ", quotify("perl", $config{$_}), ",\n" + } } +print OUT <<"EOF"; +); + +EOF +print OUT "our %target = (\n"; +foreach (sort keys %target) { + if (ref($target{$_}) eq "ARRAY") { + print OUT " ", $_, " => [ ", join(", ", + map { quotify("perl", $_) } + @{$target{$_}}), " ],\n"; + } else { + print OUT " ", $_, " => ", quotify("perl", $target{$_}), ",\n" + } +} +print OUT <<"EOF"; +); + +EOF +print OUT "our \%available_protocols = (\n"; +print OUT " tls => [ ", join(", ", map { quotify("perl", $_) } @tls), " ],\n"; +print OUT " dtls => [ ", join(", ", map { quotify("perl", $_) } @dtls), " ],\n"; +print OUT <<"EOF"; +); + +EOF +print OUT "our \@disablables = (\n"; +foreach (@disablables) { + print OUT " ", quotify("perl", $_), ",\n"; +} +print OUT <<"EOF"; +); + +EOF +print OUT "our \%disabled = (\n"; +foreach (sort keys %disabled) { + print OUT " ", quotify("perl", $_), " => ", quotify("perl", $disabled{$_}), ",\n"; +} +print OUT <<"EOF"; +); + +EOF +print OUT "our %withargs = (\n"; +foreach (sort keys %withargs) { + if (ref($withargs{$_}) eq "ARRAY") { + print OUT " ", $_, " => [ ", join(", ", + map { quotify("perl", $_) } + @{$withargs{$_}}), " ],\n"; + } else { + print OUT " ", $_, " => ", quotify("perl", $withargs{$_}), ",\n" + } +} +print OUT <<"EOF"; +); -# create the ms/version32.rc file if needed -if ($IsMK1MF && ($target !~ /^netware/)) { - my ($v1, $v2, $v3, $v4); - if ($version_num =~ /(^[0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) { - $v1=hex $1; - $v2=hex $2; - $v3=hex $3; - $v4=hex $4; - } - open (OUT,">ms/version32.rc") || die "Can't open ms/version32.rc"; - print OUT < - -LANGUAGE 0x09,0x01 - -1 VERSIONINFO - FILEVERSION $v1,$v2,$v3,$v4 - PRODUCTVERSION $v1,$v2,$v3,$v4 - FILEFLAGSMASK 0x3fL -#ifdef _DEBUG - FILEFLAGS 0x01L -#else - FILEFLAGS 0x00L -#endif - FILEOS VOS__WINDOWS32 - FILETYPE VFT_DLL - FILESUBTYPE 0x0L -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904b0" - BEGIN - // Required: - VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0" - VALUE "FileDescription", "OpenSSL Shared Library\\0" - VALUE "FileVersion", "$version\\0" -#if defined(CRYPTO) - VALUE "InternalName", "libeay32\\0" - VALUE "OriginalFilename", "libeay32.dll\\0" -#elif defined(SSL) - VALUE "InternalName", "ssleay32\\0" - VALUE "OriginalFilename", "ssleay32.dll\\0" -#endif - VALUE "ProductName", "The OpenSSL Toolkit\\0" - VALUE "ProductVersion", "$version\\0" - // Optional: - //VALUE "Comments", "\\0" - VALUE "LegalCopyright", "Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" - //VALUE "LegalTrademarks", "\\0" - //VALUE "PrivateBuild", "\\0" - //VALUE "SpecialBuild", "\\0" - END - END - BLOCK "VarFileInfo" - BEGIN - VALUE "Translation", 0x409, 0x4b0 - END -END EOF - close(OUT); - } - -print <($indent + 4, $_); + } + print OUT " "x$indent, "],\n"; + } elsif (ref $_ eq "HASH") { + my %h = %$_; + print OUT " "x$indent, "{\n"; + foreach (sort keys %h) { + if (ref $h{$_} eq "") { + print OUT " "x($indent + 4), quotify("perl", $_), " => ", quotify("perl", $h{$_}), ",\n"; + } else { + print OUT " "x($indent + 4), quotify("perl", $_), " =>\n"; + $recurse->($indent + 8, $h{$_}); + } + } + print OUT " "x$indent, "},\n"; + } else { + print OUT " "x$indent, quotify("perl", $_), ",\n"; + } + } + }; + print OUT "our %unified_info = (\n"; + foreach (sort keys %unified_info) { + if (ref $unified_info{$_} eq "") { + print OUT " "x4, quotify("perl", $_), " => ", quotify("perl", $unified_info{$_}), ",\n"; + } else { + print OUT " "x4, quotify("perl", $_), " =>\n"; + $recurse->(8, $unified_info{$_}); + } + } + print OUT <<"EOF"; +); + +EOF +} +print OUT "1;\n"; +close(OUT); + + +print "CC =$config{cross_compile_prefix}$target{cc}\n"; +print "CFLAG =$target{cflags} $config{cflags}\n"; +print "SHARED_CFLAG =$target{shared_cflag}\n"; +print "DEFINES =",join(" ", @{$target{defines}}, @{$config{defines}}),"\n"; +print "LFLAG =$target{lflags}\n"; +print "PLIB_LFLAG =$target{plib_lflags}\n"; +print "EX_LIBS =$target{ex_libs} $config{ex_libs}\n"; +print "APPS_OBJ =$target{apps_obj}\n"; +print "CPUID_OBJ =$target{cpuid_obj}\n"; +print "UPLINK_OBJ =$target{uplink_obj}\n"; +print "BN_ASM =$target{bn_obj}\n"; +print "EC_ASM =$target{ec_obj}\n"; +print "DES_ENC =$target{des_obj}\n"; +print "AES_ENC =$target{aes_obj}\n"; +print "BF_ENC =$target{bf_obj}\n"; +print "CAST_ENC =$target{cast_obj}\n"; +print "RC4_ENC =$target{rc4_obj}\n"; +print "RC5_ENC =$target{rc5_obj}\n"; +print "MD5_OBJ_ASM =$target{md5_obj}\n"; +print "SHA1_OBJ_ASM =$target{sha1_obj}\n"; +print "RMD160_OBJ_ASM=$target{rmd160_obj}\n"; +print "CMLL_ENC =$target{cmll_obj}\n"; +print "MODES_OBJ =$target{modes_obj}\n"; +print "PADLOCK_OBJ =$target{padlock_obj}\n"; +print "CHACHA_ENC =$target{chacha_obj}\n"; +print "POLY1305_OBJ =$target{poly1305_obj}\n"; +print "BLAKE2_OBJ =$target{blake2_obj}\n"; +print "PROCESSOR =$config{processor}\n"; +print "RANLIB =", $target{ranlib} eq '$(CROSS_COMPILE)ranlib' ? + "$config{cross_compile_prefix}ranlib" : + "$target{ranlib}", "\n"; +print "ARFLAGS =$target{arflags}\n"; +print "PERL =$config{perl}\n"; +print "\n"; +print "SIXTY_FOUR_BIT_LONG mode\n" if $config{b64l}; +print "SIXTY_FOUR_BIT mode\n" if $config{b64}; +print "THIRTY_TWO_BIT mode\n" if $config{b32}; +print "BN_LLONG mode\n" if $config{bn_ll}; +print "RC4 uses $config{rc4_int}\n" if $config{rc4_int} ne $def_int; + +my %builders = ( + unified => sub { + run_dofile(catfile($blddir, $target{build_file}), + @{$config{build_file_templates}}); + }, + ); + +$builders{$builder}->($builder_platform, @builder_opts); + +print <<"EOF"; Configured for $target. EOF -print <<\EOF if (!$no_threads && !$threads); +print <<"EOF" if ($disabled{threads} eq "unavailable"); The library could not be configured for supporting multi-threaded applications as the compiler options required on this system are not known. See file INSTALL for details if you need multi-threading. EOF -print <<\EOF if ($no_shared_warn); +print <<"EOF" if ($no_shared_warn); -You gave the option 'shared'. Normally, that would give you shared libraries. -Unfortunately, the OpenSSL configuration doesn't include shared library support -for this platform yet, so it will pretend you gave the option 'no-shared'. If -you can inform the developpers (openssl-dev\@openssl.org) how to support shared -libraries on this platform, they will at least look at it and try their best -(but please first make sure you have tried with a current version of OpenSSL). +The options 'shared', 'pic' and 'dynamic-engine' aren't supported on this +platform, so we will pretend you gave the option 'no-pic', which also disables +'shared' and 'dynamic-engine'. If you know how to implement shared libraries +or position independent code, please let us know (but please first make sure +you have tried with a current version of OpenSSL). +EOF + +print <<"EOF" if (-f catfile($srcdir, "configdata.pm") && $srcdir ne $blddir); + +WARNING: there are indications that another build was made in the source +directory. This build may have picked up artifacts from that build, the +safest course of action is to clean the source directory and redo this +configuration. EOF exit(0); +###################################################################### +# +# Helpers and utility functions +# + +# Configuration file reading ######################################### + +# Note: All of the helper functions are for lazy evaluation. They all +# return a CODE ref, which will return the intended value when evaluated. +# Thus, whenever there's mention of a returned value, it's about that +# intended value. + +# Helper function to implement conditional inheritance depending on the +# value of $disabled{asm}. Used in inherit_from values as follows: +# +# inherit_from => [ "template", asm("asm_tmpl") ] +# +sub asm { + my @x = @_; + sub { + $disabled{asm} ? () : @x; + } +} + +# Helper function to implement conditional value variants, with a default +# plus additional values based on the value of $config{build_type}. +# Arguments are given in hash table form: +# +# picker(default => "Basic string: ", +# debug => "debug", +# release => "release") +# +# When configuring with --debug, the resulting string will be +# "Basic string: debug", and when not, it will be "Basic string: release" +# +# This can be used to create variants of sets of flags according to the +# build type: +# +# cflags => picker(default => "-Wall", +# debug => "-g -O0", +# release => "-O3") +# +sub picker { + my %opts = @_; + return sub { add($opts{default} || (), + $opts{$config{build_type}} || ())->(); } +} + +# Helper function to combine several values of different types into one. +# This is useful if you want to combine a string with the result of a +# lazy function, such as: +# +# cflags => combine("-Wall", sub { $disabled{zlib} ? () : "-DZLIB" }) +# +sub combine { + my @stuff = @_; + return sub { add(@stuff)->(); } +} + +# Helper function to implement conditional values depending on the value +# of $disabled{threads}. Can be used as follows: +# +# cflags => combine("-Wall", threads("-pthread")) +# +sub threads { + my @flags = @_; + return sub { add($disabled{threads} ? () : @flags)->(); } +} + + + +our $add_called = 0; +# Helper function to implement adding values to already existing configuration +# values. It handles elements that are ARRAYs, CODEs and scalars +sub _add { + my $separator = shift; + + # If there's any ARRAY in the collection of values OR the separator + # is undef, we will return an ARRAY of combined values, otherwise a + # string of joined values with $separator as the separator. + my $found_array = !defined($separator); + + my @values = + map { + my $res = $_; + while (ref($res) eq "CODE") { + $res = $res->(); + } + if (defined($res)) { + if (ref($res) eq "ARRAY") { + $found_array = 1; + @$res; + } else { + $res; + } + } else { + (); + } + } (@_); + + $add_called = 1; + + if ($found_array) { + [ @values ]; + } else { + join($separator, grep { defined($_) && $_ ne "" } @values); + } +} +sub add_before { + my $separator = " "; + if (ref($_[$#_]) eq "HASH") { + my $opts = pop; + $separator = $opts->{separator}; + } + my @x = @_; + sub { _add($separator, @x, @_) }; +} +sub add { + my $separator = " "; + if (ref($_[$#_]) eq "HASH") { + my $opts = pop; + $separator = $opts->{separator}; + } + my @x = @_; + sub { _add($separator, @_, @x) }; +} + +# configuration reader, evaluates the input file as a perl script and expects +# it to fill %targets with target configurations. Those are then added to +# %table. +sub read_config { + my $fname = shift; + open(CONFFILE, "< $fname") + or die "Can't open configuration file '$fname'!\n"; + my $x = $/; + undef $/; + my $content = ; + $/ = $x; + close(CONFFILE); + my %targets = (); + { + # Protect certain tables from tampering + local %table = %::table; + + eval $content; + warn $@ if $@; + } + + # For each target, check that it's configured with a hash table. + foreach (keys %targets) { + if (ref($targets{$_}) ne "HASH") { + if (ref($targets{$_}) eq "") { + warn "Deprecated target configuration for $_, ignoring...\n"; + } else { + warn "Misconfigured target configuration for $_ (should be a hash table), ignoring...\n"; + } + delete $targets{$_}; + } else { + $targets{$_}->{_conf_fname_int} = add([ $fname ]); + } + } + + %table = (%table, %targets); + +} + +# configuration resolver. Will only resolve all the lazy evaluation +# codeblocks for the chosen target and all those it inherits from, +# recursively +sub resolve_config { + my $target = shift; + my @breadcrumbs = @_; + +# my $extra_checks = defined($ENV{CONFIGURE_EXTRA_CHECKS}); + + if (grep { $_ eq $target } @breadcrumbs) { + die "inherit_from loop! target backtrace:\n " + ,$target,"\n ",join("\n ", @breadcrumbs),"\n"; + } + + if (!defined($table{$target})) { + warn "Warning! target $target doesn't exist!\n"; + return (); + } + # Recurse through all inheritances. They will be resolved on the + # fly, so when this operation is done, they will all just be a + # bunch of attributes with string values. + # What we get here, though, are keys with references to lists of + # the combined values of them all. We will deal with lists after + # this stage is done. + my %combined_inheritance = (); + if ($table{$target}->{inherit_from}) { + my @inherit_from = + map { ref($_) eq "CODE" ? $_->() : $_ } @{$table{$target}->{inherit_from}}; + foreach (@inherit_from) { + my %inherited_config = resolve_config($_, $target, @breadcrumbs); + + # 'template' is a marker that's considered private to + # the config that had it. + delete $inherited_config{template}; + + foreach (keys %inherited_config) { + if (!$combined_inheritance{$_}) { + $combined_inheritance{$_} = []; + } + push @{$combined_inheritance{$_}}, $inherited_config{$_}; + } + } + } + + # We won't need inherit_from in this target any more, since we've + # resolved all the inheritances that lead to this + delete $table{$target}->{inherit_from}; + + # Now is the time to deal with those lists. Here's the place to + # decide what shall be done with those lists, all based on the + # values of the target we're currently dealing with. + # - If a value is a coderef, it will be executed with the list of + # inherited values as arguments. + # - If the corresponding key doesn't have a value at all or is the + # empty string, the inherited value list will be run through the + # default combiner (below), and the result becomes this target's + # value. + # - Otherwise, this target's value is assumed to be a string that + # will simply override the inherited list of values. + my $default_combiner = add(); + + my %all_keys = + map { $_ => 1 } (keys %combined_inheritance, + keys %{$table{$target}}); + + sub process_values { + my $object = shift; + my $inherited = shift; # Always a [ list ] + my $target = shift; + my $entry = shift; + + $add_called = 0; + + while(ref($object) eq "CODE") { + $object = $object->(@$inherited); + } + if (!defined($object)) { + return (); + } + elsif (ref($object) eq "ARRAY") { + local $add_called; # To make sure recursive calls don't affect it + return [ map { process_values($_, $inherited, $target, $entry) } + @$object ]; + } elsif (ref($object) eq "") { + return $object; + } else { + die "cannot handle reference type ",ref($object) + ," found in target ",$target," -> ",$entry,"\n"; + } + } + + foreach (sort keys %all_keys) { + my $previous = $combined_inheritance{$_}; + + # Current target doesn't have a value for the current key? + # Assign it the default combiner, the rest of this loop body + # will handle it just like any other coderef. + if (!exists $table{$target}->{$_}) { + $table{$target}->{$_} = $default_combiner; + } + + $table{$target}->{$_} = process_values($table{$target}->{$_}, + $combined_inheritance{$_}, + $target, $_); + unless(defined($table{$target}->{$_})) { + delete $table{$target}->{$_}; + } +# if ($extra_checks && +# $previous && !($add_called || $previous ~~ $table{$target}->{$_})) { +# warn "$_ got replaced in $target\n"; +# } + } + + # Finally done, return the result. + return %{$table{$target}}; +} + sub usage { print STDERR $usage; @@ -2133,6 +2434,7 @@ sub usage my $k=0; foreach $i (sort keys %table) { + next if $table{$i}->{template}; next if $i =~ /^debug/; $k += length($i) + 1; if ($k > 78) @@ -2144,6 +2446,7 @@ sub usage } foreach $i (sort keys %table) { + next if $table{$i}->{template}; next if $i !~ /^debug/; $k += length($i) + 1; if ($k > 78) @@ -2157,121 +2460,330 @@ sub usage exit(1); } -sub which - { - my($name)=@_; - my $path; - foreach $path (split /:/, $ENV{PATH}) - { - if (-f "$path/$name$exe_ext" and -x _) - { - return "$path/$name$exe_ext" unless ($name eq "perl" and - system("$path/$name$exe_ext -e " . '\'exit($]<5.0);\'')); - } - } - } +sub run_dofile +{ + my $out = shift; + my @templates = @_; + + unlink $out || warn "Can't remove $out, $!" + if -f $out; + foreach (@templates) { + die "Can't open $_, $!" unless -f $_; + } + my $perlcmd = (quotify("maybeshell", $config{perl}))[0]; + my $cmd = "$perlcmd \"-I.\" \"-Mconfigdata\" \"$dofile\" -o\"Configure\" \"".join("\" \"",@templates)."\" > \"$out.new\""; + #print STDERR "DEBUG[run_dofile]: \$cmd = $cmd\n"; + system($cmd); + exit 1 if $? != 0; + rename("$out.new", $out) || die "Can't rename $out.new, $!"; +} -sub dofile - { - my $f; my $p; my %m; my @a; my $k; my $ff; - ($f,$p,%m)=@_; +sub which +{ + my ($name)=@_; + + if (eval { require IPC::Cmd; 1; }) { + IPC::Cmd->import(); + return scalar IPC::Cmd::can_run($name); + } else { + # if there is $directories component in splitpath, + # then it's not something to test with $PATH... + return $name if (File::Spec->splitpath($name))[1]; + + foreach (File::Spec->path()) { + my $fullpath = catfile($_, "$name$target{exe_extension}"); + if (-f $fullpath and -x $fullpath) { + return $fullpath; + } + } + } +} - open(IN,"<$f.in") || open(IN,"<$f") || die "unable to open $f:$!\n"; - @a=; - close(IN); - foreach $k (keys %m) - { - grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)),@a); - } - open(OUT,">$f.new") || die "unable to open $f.new:$!\n"; - print OUT @a; - close(OUT); - rename($f,"$f.bak") || die "unable to rename $f\n" if -e $f; - rename("$f.new",$f) || die "unable to rename $f.new\n"; - } +# Configuration printer ############################################## sub print_table_entry - { - my $target = shift; - - my ($cc, $cflags, $unistd, $thread_cflag, $sys_id, $lflags, - $bn_ops, $cpuid_obj, $bn_obj, $ec_obj, $des_obj, $aes_obj, $bf_obj, - $md5_obj, $sha1_obj, $cast_obj, $rc4_obj, $rmd160_obj, - $rc5_obj, $wp_obj, $cmll_obj, $modes_obj, $engines_obj, - $perlasm_scheme, $dso_scheme, $shared_target, $shared_cflag, - $shared_ldflag, $shared_extension, $ranlib, $arflags, $multilib)= - split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); - - print < length($b) } @sequence)[-1]); + print " '$target' => {\n"; + foreach (@sequence) { + if ($target{$_}) { + if (ref($target{$_}) eq "ARRAY") { + print " '",$_,"'"," " x ($largest - length($_))," => [ ",join(", ", map { "'$_'" } @{$target{$_}})," ],\n"; + } else { + print " '",$_,"'"," " x ($largest - length($_))," => '",$target{$_},"',\n"; + } + } } + print " },\n"; + } +} -sub test_sanity - { - my $errorcnt = 0; +# Utility routines ################################################### - print STDERR "=" x 70, "\n"; - print STDERR "=== SANITY TESTING!\n"; - print STDERR "=== No configuration will be done, all other arguments will be ignored!\n"; - print STDERR "=" x 70, "\n"; +# On VMS, if the given file is a logical name, File::Spec::Functions +# will consider it an absolute path. There are cases when we want a +# purely syntactic check without checking the environment. +sub isabsolute { + my $file = shift; - foreach $target (sort keys %table) - { - @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); + # On non-platforms, we just use file_name_is_absolute(). + return file_name_is_absolute($file) unless $^O eq "VMS"; - if ($fields[$idx_dso_scheme-1] =~ /^(beos|dl|dlfcn|win32|vms)$/) - { - $errorcnt++; - print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n"; - print STDERR " in the previous field\n"; - } - elsif ($fields[$idx_dso_scheme+1] =~ /^(beos|dl|dlfcn|win32|vms)$/) - { - $errorcnt++; - print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n"; - print STDERR " in the following field\n"; - } - elsif ($fields[$idx_dso_scheme] !~ /^(beos|dl|dlfcn|win32|vms|)$/) - { - $errorcnt++; - print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] field = ",$fields[$idx_dso_scheme],"\n"; - print STDERR " valid values are 'beos', 'dl', 'dlfcn', 'win32' and 'vms'\n"; - } - } - print STDERR "No sanity errors detected!\n" if $errorcnt == 0; - return $errorcnt; - } + # If the file spec includes a device or a directory spec, + # file_name_is_absolute() is perfectly safe. + return file_name_is_absolute($file) if $file =~ m|[:\[]|; + + # Here, we know the given file spec isn't absolute + return 0; +} + +# Makes a directory absolute and cleans out /../ in paths like foo/../bar +# On some platforms, this uses rel2abs(), while on others, realpath() is used. +# realpath() requires that at least all path components except the last is an +# existing directory. On VMS, the last component of the directory spec must +# exist. +sub absolutedir { + my $dir = shift; + + # realpath() is quite buggy on VMS. It uses LIB$FID_TO_NAME, which + # will return the volume name for the device, no matter what. Also, + # it will return an incorrect directory spec if the argument is a + # directory that doesn't exist. + if ($^O eq "VMS") { + return rel2abs($dir); + } + + # We use realpath() on Unix, since no other will properly clean out + # a directory spec. + use Cwd qw/realpath/; + + return realpath($dir); +} + +sub quotify { + my %processors = ( + perl => sub { my $x = shift; + $x =~ s/([\\\$\@"])/\\$1/g; + return '"'.$x.'"'; }, + maybeshell => sub { my $x = shift; + (my $y = $x) =~ s/([\\\"])/\\$1/g; + if ($x ne $y || $x =~ m|\s|) { + return '"'.$y.'"'; + } else { + return $x; + } + }, + ); + my $for = shift; + my $processor = + defined($processors{$for}) ? $processors{$for} : sub { shift; }; + + return map { $processor->($_); } @_; +} + +# collect_from_file($filename, $line_concat_cond_re, $line_concat) +# $filename is a file name to read from +# $line_concat_cond_re is a regexp detecting a line continuation ending +# $line_concat is a CODEref that takes care of concatenating two lines +sub collect_from_file { + my $filename = shift; + my $line_concat_cond_re = shift; + my $line_concat = shift; + + open my $fh, $filename || die "unable to read $filename: $!\n"; + return sub { + my $saved_line = ""; + $_ = ""; + while (<$fh>) { + s|\R$||; + if (defined $line_concat) { + $_ = $line_concat->($saved_line, $_); + $saved_line = ""; + } + if (defined $line_concat_cond_re && /$line_concat_cond_re/) { + $saved_line = $_; + next; + } + return $_; + } + die "$filename ending with continuation line\n" if $_; + close $fh; + return undef; + } +} + +# collect_from_array($array, $line_concat_cond_re, $line_concat) +# $array is an ARRAYref of lines +# $line_concat_cond_re is a regexp detecting a line continuation ending +# $line_concat is a CODEref that takes care of concatenating two lines +sub collect_from_array { + my $array = shift; + my $line_concat_cond_re = shift; + my $line_concat = shift; + my @array = (@$array); + + return sub { + my $saved_line = ""; + $_ = ""; + while (defined($_ = shift @array)) { + s|\R$||; + if (defined $line_concat) { + $_ = $line_concat->($saved_line, $_); + $saved_line = ""; + } + if (defined $line_concat_cond_re && /$line_concat_cond_re/) { + $saved_line = $_; + next; + } + return $_; + } + die "input text ending with continuation line\n" if $_; + return undef; + } +} + +# collect_information($lineiterator, $line_continue, $regexp => $CODEref, ...) +# $lineiterator is a CODEref that delivers one line at a time. +# All following arguments are regex/CODEref pairs, where the regexp detects a +# line and the CODEref does something with the result of the regexp. +sub collect_information { + my $lineiterator = shift; + my %collectors = @_; + + while(defined($_ = $lineiterator->())) { + s|\R$||; + my $found = 0; + if ($collectors{"BEFORE"}) { + $collectors{"BEFORE"}->($_); + } + foreach my $re (keys %collectors) { + if ($re !~ /^OTHERWISE|BEFORE|AFTER$/ && /$re/) { + $collectors{$re}->($lineiterator); + $found = 1; + }; + } + if ($collectors{"OTHERWISE"}) { + $collectors{"OTHERWISE"}->($lineiterator, $_) + unless $found || !defined $collectors{"OTHERWISE"}; + } + if ($collectors{"AFTER"}) { + $collectors{"AFTER"}->($_); + } + } +} + +# tokenize($line) +# $line is a line of text to split up into tokens +# returns a list of tokens +# +# Tokens are divided by spaces. If the tokens include spaces, they +# have to be quoted with single or double quotes. Double quotes +# inside a double quoted token must be escaped. Escaping is done +# with backslash. +# Basically, the same quoting rules apply for " and ' as in any +# Unix shell. +sub tokenize { + my $line = my $debug_line = shift; + my @result = (); + + while ($line =~ s|^\s+||, $line ne "") { + my $token = ""; + while ($line ne "" && $line !~ m|^\s|) { + if ($line =~ m/^"((?:[^"\\]+|\\.)*)"/) { + $token .= $1; + $line = $'; + } elsif ($line =~ m/^'([^']*)'/) { + $token .= $1; + $line = $'; + } elsif ($line =~ m/^(\S+)/) { + $token .= $1; + $line = $'; + } + } + push @result, $token; + } + + if ($ENV{CONFIGURE_DEBUG_TOKENIZE}) { + print STDERR "DEBUG[tokenize]: Parsed '$debug_line' into:\n"; + print STDERR "DEBUG[tokenize]: ('", join("', '", @result), "')\n"; + } + return @result; +} diff --git a/third_party/openssl/GitConfigure b/third_party/openssl/GitConfigure deleted file mode 100755 index bbab33ebc5..0000000000 --- a/third_party/openssl/GitConfigure +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -BRANCH=`git rev-parse --abbrev-ref HEAD` - -./Configure $@ no-symlinks -make files -util/mk1mf.pl OUT=out.$BRANCH TMP=tmp.$BRANCH INC=inc.$BRANCH copy > makefile.$BRANCH -make -f makefile.$BRANCH init diff --git a/third_party/openssl/GitMake b/third_party/openssl/GitMake deleted file mode 100755 index 47beffd6bc..0000000000 --- a/third_party/openssl/GitMake +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -BRANCH=`git rev-parse --abbrev-ref HEAD` - -make -f makefile.$BRANCH $@ diff --git a/third_party/openssl/INSTALL b/third_party/openssl/INSTALL index 1325079f2a..3e21cc29d1 100644 --- a/third_party/openssl/INSTALL +++ b/third_party/openssl/INSTALL @@ -1,121 +1,528 @@ - INSTALLATION ON THE UNIX PLATFORM - --------------------------------- + OPENSSL INSTALLATION + -------------------- - [Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X) - and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS, - INSTALL.MacOS and INSTALL.NW. - - This document describes installation on operating systems in the Unix - family.] + This document describes installation on all supported operating + systems (the Linux/Unix family, OpenVMS and Windows) To install OpenSSL, you will need: - * make - * Perl 5 + * A make implementation + * Perl 5 with core modules (please read NOTES.PERL) + * The perl module Text::Template (please read NOTES.PERL) * an ANSI C compiler - * a development environment in form of development libraries and C + * a development environment in the form of development libraries and C header files - * a supported Unix operating system + * a supported operating system + + For additional platform specific requirements, solutions to specific + issues and other details, please read one of these: + + * NOTES.UNIX (any supported Unix like system) + * NOTES.VMS (OpenVMS) + * NOTES.WIN (any supported Windows) + * NOTES.DJGPP (DOS platform with DJGPP) + + Notational conventions in this document + --------------------------------------- + + Throughout this document, we use the following conventions in command + examples: + + $ command Any line starting with a dollar sign + ($) is a command line. + + { word1 | word2 | word3 } This denotes a mandatory choice, to be + replaced with one of the given words. + A simple example would be this: + + $ echo { FOO | BAR | COOKIE } + + which is to be understood as one of + these: + + $ echo FOO + - or - + $ echo BAR + - or - + $ echo COOKIE + + [ word1 | word2 | word3 ] Similar to { word1 | word2 | word3 } + except it's optional to give any of + those. In addition to the examples + above, this would also be valid: + + $ echo + + {{ target }} This denotes a mandatory word or + sequence of words of some sort. A + simple example would be this: + + $ type {{ filename }} + + which is to be understood to use the + command 'type' on some file name + determined by the user. + + [[ options ]] Similar to {{ target }}, but is + optional. + + Note that the notation assumes spaces around {, }, [, ], {{, }} and + [[, ]]. This is to differentiate from OpenVMS directory + specifications, which also use [ and ], but without spaces. Quick Start ----------- If you want to just get on with it, do: - $ ./config - $ make - $ make test - $ make install + on Unix: + + $ ./config + $ make + $ make test + $ make install + + on OpenVMS: - [If any of these steps fails, see section Installation in Detail below.] + $ @config + $ mms + $ mms test + $ mms install - This will build and install OpenSSL in the default location, which is (for - historical reasons) /usr/local/ssl. If you want to install it anywhere else, - run config like this: + on Windows (only pick one of the targets for configuration): - $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl + $ perl Configure { VC-WIN32 | VC-WIN64A | VC-WIN64I | VC-CE } + $ nmake + $ nmake test + $ nmake install + + If any of these steps fails, see section Installation in Detail below. + + This will build and install OpenSSL in the default location, which is: + + Unix: normal installation directories under /usr/local + OpenVMS: SYS$COMMON:[OPENSSL-'version'...], where 'version' is the + OpenSSL version number with underscores instead of periods. + Windows: C:\Program Files\OpenSSL or C:\Program Files (x86)\OpenSSL + + If you want to install it anywhere else, run config like this: + + On Unix: + + $ ./config --prefix=/opt/openssl --openssldir=/usr/local/ssl + + On OpenVMS: + + $ @config --prefix=PROGRAM:[INSTALLS] --openssldir=SYS$MANAGER:[OPENSSL] + + (Note: if you do add options to the configuration command, please make sure + you've read more than just this Quick Start, such as relevant NOTES.* files, + the options outline below, as configuration options may change the outcome + in otherwise unexpected ways) Configuration Options --------------------- There are several options to ./config (or ./Configure) to customize - the build: - - --prefix=DIR Install in DIR/bin, DIR/lib, DIR/include/openssl. - Configuration files used by OpenSSL will be in DIR/ssl - or the directory specified by --openssldir. - - --openssldir=DIR Directory for OpenSSL files. If no prefix is specified, - the library files and binaries are also installed there. - - no-threads Don't try to build with support for multi-threaded - applications. - - threads Build with support for multi-threaded applications. - This will usually require additional system-dependent options! - See "Note on multi-threading" below. - - no-zlib Don't try to build with support for zlib compression and - decompression. - - zlib Build with support for zlib compression/decompression. - - zlib-dynamic Like "zlib", but has OpenSSL load the zlib library dynamically - when needed. This is only supported on systems where loading - of shared libraries is supported. This is the default choice. - - no-shared Don't try to create shared libraries. - - shared In addition to the usual static libraries, create shared - libraries on platforms where it's supported. See "Note on - shared libraries" below. - - no-asm Do not use assembler code. - - 386 Use the 80386 instruction set only (the default x86 code is - more efficient, but requires at least a 486). Note: Use - compiler flags for any other CPU specific configuration, - e.g. "-m32" to build x86 code on an x64 system. - - no-sse2 Exclude SSE2 code pathes. Normally SSE2 extention is - detected at run-time, but the decision whether or not the - machine code will be executed is taken solely on CPU - capability vector. This means that if you happen to run OS - kernel which does not support SSE2 extension on Intel P4 - processor, then your application might be exposed to - "illegal instruction" exception. There might be a way - to enable support in kernel, e.g. FreeBSD kernel can be - compiled with CPU_ENABLE_SSE, and there is a way to - disengage SSE2 code pathes upon application start-up, - but if you aim for wider "audience" running such kernel, - consider no-sse2. Both 386 and no-asm options above imply - no-sse2. - - no- Build without the specified cipher (bf, cast, des, dh, dsa, - hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha). - The crypto/ directory can be removed after running - "make depend". - - -Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx These system specific options will - be passed through to the compiler to allow you to - define preprocessor symbols, specify additional libraries, - library directories or other compiler options. - - -DHAVE_CRYPTODEV Enable the BSD cryptodev engine even if we are not using - BSD. Useful if you are running ocf-linux or something - similar. Once enabled you can also enable the use of - cryptodev digests, which is usually slower unless you have - large amounts data. Use -DUSE_CRYPTODEV_DIGESTS to force - it. + the build (note that for Windows, the defaults for --prefix and + --openssldir depend in what configuration is used and what Windows + implementation OpenSSL is built on. More notes on this in NOTES.WIN): + + --api=x.y.z + Don't build with support for deprecated APIs below the + specified version number. For example "--api=1.1.0" will + remove support for all APIS that were deprecated in OpenSSL + version 1.1.0 or below. + + --cross-compile-prefix=PREFIX + The PREFIX to include in front of commands for your + toolchain. It's likely to have to end with dash, e.g. + a-b-c- would invoke GNU compiler as a-b-c-gcc, etc. + Unfortunately cross-compiling is too case-specific to + put together one-size-fits-all instructions. You might + have to pass more flags or set up environment variables + to actually make it work. Android and iOS cases are + discussed in corresponding Configurations/10-main.cf + sections. But there are cases when this option alone is + sufficient. For example to build the mingw64 target on + Linux "--cross-compile-prefix=x86_64-w64-mingw32-" + works. Naturally provided that mingw packages are + installed. Today Debian and Ubuntu users have option to + install a number of prepackaged cross-compilers along + with corresponding run-time and development packages for + "alien" hardware. To give another example + "--cross-compile-prefix=mipsel-linux-gnu-" suffices + in such case. Needless to mention that you have to + invoke ./Configure, not ./config, and pass your target + name explicitly. + + --debug + Build OpenSSL with debugging symbols. + + --libdir=DIR + The name of the directory under the top of the installation + directory tree (see the --prefix option) where libraries will + be installed. By default this is "lib". Note that on Windows + only ".lib" files will be stored in this location. dll files + will always be installed to the "bin" directory. + + --openssldir=DIR + Directory for OpenSSL configuration files, and also the + default certificate and key store. Defaults are: + + Unix: /usr/local/ssl + Windows: C:\Program Files\Common Files\SSL + or C:\Program Files (x86)\Common Files\SSL + OpenVMS: SYS$COMMON:[OPENSSL-COMMON] + + --prefix=DIR + The top of the installation directory tree. Defaults are: + + Unix: /usr/local + Windows: C:\Program Files\OpenSSL + or C:\Program Files (x86)\OpenSSL + OpenVMS: SYS$COMMON:[OPENSSL-'version'] + + --release + Build OpenSSL without debugging symbols. This is the default. + + --strict-warnings + This is a developer flag that switches on various compiler + options recommended for OpenSSL development. It only works + when using gcc or clang as the compiler. If you are + developing a patch for OpenSSL then it is recommended that + you use this option where possible. + + --with-zlib-include=DIR + The directory for the location of the zlib include file. This + option is only necessary if enable-zlib (see below) is used + and the include file is not already on the system include + path. + + --with-zlib-lib=LIB + On Unix: this is the directory containing the zlib library. + If not provided the system library path will be used. + On Windows: this is the filename of the zlib library (with or + without a path). This flag must be provided if the + zlib-dynamic option is not also used. If zlib-dynamic is used + then this flag is optional and a default value ("ZLIB1") is + used if not provided. + On VMS: this is the filename of the zlib library (with or + without a path). This flag is optional and if not provided + then "GNV$LIBZSHR", "GNV$LIBZSHR32" or "GNV$LIBZSHR64" is + used by default depending on the pointer size chosen. + + no-afalgeng + Don't build the AFALG engine. This option will be forced if + on a platform that does not support AFALG. + + enable-asan + Build with the Address sanitiser. This is a developer option + only. It may not work on all platforms and should never be + used in production environments. It will only work when used + with gcc or clang and should be used in conjunction with the + no-shared option. + + no-asm + Do not use assembler code. On some platforms a small amount + of assembler code may still be used. + + no-async + Do not build support for async operations. + + no-autoalginit + Don't automatically load all supported ciphers and digests. + Typically OpenSSL will make available all of its supported + ciphers and digests. For a statically linked application this + may be undesirable if small executable size is an objective. + This only affects libcrypto. Ciphers and digests will have to + be loaded manually using EVP_add_cipher() and + EVP_add_digest() if this option is used. This option will + force a non-shared build. + + no-autoerrinit + Don't automatically load all libcrypto/libssl error strings. + Typically OpenSSL will automatically load human readable + error strings. For a statically linked application this may + be undesirable if small executable size is an objective. + + + no-capieng + Don't build the CAPI engine. This option will be forced if + on a platform that does not support CAPI. + + no-cms + Don't build support for CMS features + + no-comp + Don't build support for SSL/TLS compression. If this option + is left enabled (the default), then compression will only + work if the zlib or zlib-dynamic options are also chosen. + + enable-crypto-mdebug + Build support for debugging memory allocated via + OPENSSL_malloc() or OPENSSL_zalloc(). + + enable-crypto-mdebug-backtrace + As for crypto-mdebug, but additionally provide backtrace + information for allocated memory. + TO BE USED WITH CARE: this uses GNU C functionality, and + is therefore not usable for non-GNU config targets. If + your build complains about the use of '-rdynamic' or the + lack of header file execinfo.h, this option is not for you. + ALSO NOTE that even though execinfo.h is available on your + system (through Gnulib), the functions might just be stubs + that do nothing. + + no-ct + Don't build support for Certificate Transparency. + + no-deprecated + Don't build with support for any deprecated APIs. This is the + same as using "--api" and supplying the latest version + number. + + no-dgram + Don't build support for datagram based BIOs. Selecting this + option will also force the disabling of DTLS. + + no-dso + Don't build support for loading Dynamic Shared Objects. + + no-dynamic-engine + Don't build the dynamically loaded engines. This only has an + effect in a "shared" build + + no-ec + Don't build support for Elliptic Curves. + + no-ec2m + Don't build support for binary Elliptic Curves + + enable-ec_nistp_64_gcc_128 + Enable support for optimised implementations of some commonly + used NIST elliptic curves. This is only supported on some + platforms. + + enable-egd + Build support for gathering entropy from EGD (Entropy + Gathering Daemon). + + no-engine + Don't build support for loading engines. + + no-err + Don't compile in any error strings. + + no-filenames + Don't compile in filename and line number information (e.g. + for errors and memory allocation). + + enable-fuzz-libfuzzer, enable-fuzz-afl + Build with support for fuzzing using either libfuzzer or AFL. + These are developer options only. They may not work on all + platforms and should never be used in production environments. + See the file fuzz/README.md for further details. + + no-gost + Don't build support for GOST based ciphersuites. Note that + if this feature is enabled then GOST ciphersuites are only + available if the GOST algorithms are also available through + loading an externally supplied engine. + + enable-heartbeats + Build support for DTLS heartbeats. + + no-hw-padlock + Don't build the padlock engine. + + no-makedepend + Don't generate dependencies. + + no-multiblock + Don't build support for writing multiple records in one + go in libssl (Note: this is a different capability to the + pipelining functionality). + + no-nextprotoneg + Don't build support for the NPN TLS extension. + + no-ocsp + Don't build support for OCSP. + + no-pic + Don't build with support for Position Independent Code. + + no-posix-io + Don't use POSIX IO capabilities. + + no-psk + Don't build support for Pre-Shared Key based ciphersuites. + + no-rdrand + Don't use hardware RDRAND capabilities. + + no-rfc3779 + Don't build support for RFC3779 ("X.509 Extensions for IP + Addresses and AS Identifiers") + + sctp + Build support for SCTP + + no-shared + Do not create shared libraries, only static ones. See "Note + on shared libraries" below. + + no-sock + Don't build support for socket BIOs + + no-srp + Don't build support for SRP or SRP based ciphersuites. + + no-srtp + Don't build SRTP support + + no-sse2 + Exclude SSE2 code paths from 32-bit x86 assembly modules. + Normally SSE2 extension is detected at run-time, but the + decision whether or not the machine code will be executed + is taken solely on CPU capability vector. This means that + if you happen to run OS kernel which does not support SSE2 + extension on Intel P4 processor, then your application + might be exposed to "illegal instruction" exception. + There might be a way to enable support in kernel, e.g. + FreeBSD kernel can be compiled with CPU_ENABLE_SSE, and + there is a way to disengage SSE2 code paths upon application + start-up, but if you aim for wider "audience" running + such kernel, consider no-sse2. Both the 386 and + no-asm options imply no-sse2. + + enable-ssl-trace + Build with the SSL Trace capabilities (adds the "-trace" + option to s_client and s_server). + + no-static-engine + Don't build the statically linked engines. This only + has an impact when not built "shared". + + no-stdio + Don't use anything from the C header file "stdio.h" that + makes use of the "FILE" type. Only libcrypto and libssl can + be built in this way. Using this option will suppress + building the command line applications. Additionally since + the OpenSSL tests also use the command line applications the + tests will also be skipped. + + no-threads + Don't try to build with support for multi-threaded + applications. + + threads + Build with support for multi-threaded applications. Most + platforms will enable this by default. However if on a + platform where this is not the case then this will usually + require additional system-dependent options! See "Note on + multi-threading" below. + + no-ts + Don't build Time Stamping Authority support. + + enable-ubsan + Build with the Undefined Behaviour sanitiser. This is a + developer option only. It may not work on all platforms and + should never be used in production environments. It will only + work when used with gcc or clang and should be used in + conjunction with the "-DPEDANTIC" option (or the + --strict-warnings option). + + no-ui + Don't build with the "UI" capability (i.e. the set of + features enabling text based prompts). + + enable-unit-test + Enable additional unit test APIs. This should not typically + be used in production deployments. + + enable-weak-ssl-ciphers + Build support for SSL/TLS ciphers that are considered "weak" + (e.g. RC4 based ciphersuites). + + zlib + Build with support for zlib compression/decompression. + + zlib-dynamic + Like "zlib", but has OpenSSL load the zlib library + dynamically when needed. This is only supported on systems + where loading of shared libraries is supported. + + 386 + In 32-bit x86 builds, when generating assembly modules, + use the 80386 instruction set only (the default x86 code + is more efficient, but requires at least a 486). Note: + This doesn't affect code generated by compiler, you're + likely to complement configuration command line with + suitable compiler-specific option. + + no- + Don't build support for negotiating the specified SSL/TLS + protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2, dtls, + dtls1 or dtls1_2). If "no-tls" is selected then all of tls1, + tls1_1 and tls1_2 are disabled. Similarly "no-dtls" will + disable dtls1 and dtls1_2. The "no-ssl" option is synonymous + with "no-ssl3". Note this only affects version negotiation. + OpenSSL will still provide the methods for applications to + explicitly select the individual protocol versions. + + no--method + As for no- but in addition do not build the methods for + applications to explicitly select individual protocol + versions. + + enable- + Build with support for the specified algorithm, where + is one of: md2 or rc5. + + no- + Build without support for the specified algorithm, where + is one of: bf, blake2, camellia, cast, chacha, cmac, + des, dh, dsa, ecdh, ecdsa, idea, md4, mdc2, ocb, poly1305, + rc2, rc4, rmd160, scrypt, seed or whirlpool. The "ripemd" + algorithm is deprecated and if used is synonymous with rmd160. + + -Dxxx, lxxx, -Lxxx, -Wl, -rpath, -R, -framework, -static + These system specific options will be recocognised and + passed through to the compiler to allow you to define + preprocessor symbols, specify additional libraries, library + directories or other compiler options. It might be worth + noting that some compilers generate code specifically for + processor the compiler currently executes on. This is not + necessarily what you might have in mind, since it might be + unsuitable for execution on other, typically older, + processor. Consult your compiler documentation. + + -xxx, +xxx + Additional options that are not otherwise recognised are + passed through as they are to the compiler as well. Again, + consult your compiler documentation. + Installation in Detail ---------------------- 1a. Configure OpenSSL for your operation system automatically: - $ ./config [options] + NOTE: This is not available on Windows. + + $ ./config [[ options ]] # Unix + + or + + $ @config [[ options ]] ! OpenVMS + + For the remainder of this text, the Unix form will be used in all + examples, please use the appropriate form for your platform. This guesses at your operating system (and compiler, if necessary) and configures OpenSSL based on this guess. Run ./config -t to see @@ -125,172 +532,367 @@ On some systems, you can include debugging information as follows: - $ ./config -d [options] + $ ./config -d [[ options ]] 1b. Configure OpenSSL for your operating system manually OpenSSL knows about a range of different operating system, hardware and compiler combinations. To see the ones it knows about, run - $ ./Configure + $ ./Configure # Unix + + or + + $ perl Configure # All other platforms + + For the remainder of this text, the Unix form will be used in all + examples, please use the appropriate form for your platform. Pick a suitable name from the list that matches your system. For most operating systems there is a choice between using "cc" or "gcc". When you have identified your system (and if necessary compiler) use this name - as the argument to ./Configure. For example, a "linux-elf" user would + as the argument to Configure. For example, a "linux-elf" user would run: - $ ./Configure linux-elf [options] + $ ./Configure linux-elf [[ options ]] - If your system is not available, you will have to edit the Configure - program and add the correct configuration for your system. The - generic configurations "cc" or "gcc" should usually work on 32 bit - systems. + If your system isn't listed, you will have to create a configuration + file named Configurations/{{ something }}.conf and add the correct + configuration for your system. See the available configs as examples + and read Configurations/README and Configurations/README.design for + more information. - Configure creates the file Makefile.ssl from Makefile.org and - defines various macros in crypto/opensslconf.h (generated from - crypto/opensslconf.h.in). + The generic configurations "cc" or "gcc" should usually work on 32 bit + Unix-like systems. - 2. Build OpenSSL by running: + Configure creates a build file ("Makefile" on Unix, "makefile" on Windows + and "descrip.mms" on OpenVMS) from a suitable template in Configurations, + and defines various macros in include/openssl/opensslconf.h (generated from + include/openssl/opensslconf.h.in). - $ make + 1c. Configure OpenSSL for building outside of the source tree. - This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the - OpenSSL binary ("openssl"). The libraries will be built in the top-level - directory, and the binary will be in the "apps" directory. + OpenSSL can be configured to build in a build directory separate from + the directory with the source code. It's done by placing yourself in + some other directory and invoking the configuration commands from + there. - If "make" fails, look at the output. There may be reasons for - the failure that aren't problems in OpenSSL itself (like missing - standard headers). If it is a problem with OpenSSL itself, please - report the problem to (note that your - message will be recorded in the request tracker publicly readable - via http://www.openssl.org/support/rt.html and will be forwarded to a - public mailing list). Include the output of "make report" in your message. - Please check out the request tracker. Maybe the bug was already - reported or has already been fixed. + Unix example: - [If you encounter assembler error messages, try the "no-asm" - configuration option as an immediate fix.] + $ mkdir /var/tmp/openssl-build + $ cd /var/tmp/openssl-build + $ /PATH/TO/OPENSSL/SOURCE/config [[ options ]] - Compiling parts of OpenSSL with gcc and others with the system - compiler will result in unresolved symbols on some systems. + or - 3. After a successful build, the libraries should be tested. Run: + $ /PATH/TO/OPENSSL/SOURCE/Configure {{ target }} [[ options ]] - $ make test + OpenVMS example: - If a test fails, look at the output. There may be reasons for - the failure that isn't a problem in OpenSSL itself (like a missing - or malfunctioning bc). If it is a problem with OpenSSL itself, - try removing any compiler optimization flags from the CFLAG line - in Makefile.ssl and run "make clean; make". Please send a bug - report to , including the output of - "make report" in order to be added to the request tracker at - http://www.openssl.org/support/rt.html. + $ set default sys$login: + $ create/dir [.tmp.openssl-build] + $ set default [.tmp.openssl-build] + $ @[PATH.TO.OPENSSL.SOURCE]config [[ options ]] - 4. If everything tests ok, install OpenSSL with + or - $ make install + $ @[PATH.TO.OPENSSL.SOURCE]Configure {{ target }} [[ options ]] - This will create the installation directory (if it does not exist) and - then the following subdirectories: + Windows example: - certs Initially empty, this is the default location - for certificate files. - man/man1 Manual pages for the 'openssl' command line tool - man/man3 Manual pages for the libraries (very incomplete) - misc Various scripts. - private Initially empty, this is the default location - for private key files. + $ C: + $ mkdir \temp-openssl + $ cd \temp-openssl + $ perl d:\PATH\TO\OPENSSL\SOURCE\Configure {{ target }} [[ options ]] - If you didn't choose a different installation prefix, the - following additional subdirectories will be created: + Paths can be relative just as well as absolute. Configure will + do its best to translate them to relative paths whenever possible. - bin Contains the openssl binary and a few other - utility programs. - include/openssl Contains the header files needed if you want to - compile programs with libcrypto or libssl. - lib Contains the OpenSSL library files themselves. + 2. Build OpenSSL by running: - Use "make install_sw" to install the software without documentation, - and "install_docs_html" to install HTML renditions of the manual - pages. + $ make # Unix + $ mms ! (or mmk) OpenVMS + $ nmake # Windows - Package builders who want to configure the library for standard - locations, but have the package installed somewhere else so that - it can easily be packaged, can use + This will build the OpenSSL libraries (libcrypto.a and libssl.a on + Unix, corresponding on other platforms) and the OpenSSL binary + ("openssl"). The libraries will be built in the top-level directory, + and the binary will be in the "apps" subdirectory. - $ make INSTALL_PREFIX=/tmp/package-root install + If the build fails, look at the output. There may be reasons + for the failure that aren't problems in OpenSSL itself (like + missing standard headers). If you are having problems you can + get help by sending an email to the openssl-users email list (see + https://www.openssl.org/community/mailinglists.html for details). If + it is a bug with OpenSSL itself, please open an issue on GitHub, at + https://github.com/openssl/openssl/issues. Please review the existing + ones first; maybe the bug was already reported or has already been + fixed. - (or specify "--install_prefix=/tmp/package-root" as a configure - option). The specified prefix will be prepended to all - installation target filenames. + (If you encounter assembler error messages, try the "no-asm" + configuration option as an immediate fix.) + Compiling parts of OpenSSL with gcc and others with the system + compiler will result in unresolved symbols on some systems. - NOTE: The header files used to reside directly in the include - directory, but have now been moved to include/openssl so that - OpenSSL can co-exist with other libraries which use some of the - same filenames. This means that applications that use OpenSSL - should now use C preprocessor directives of the form + 3. After a successful build, the libraries should be tested. Run: - #include + $ make test # Unix + $ mms test ! OpenVMS + $ nmake test # Windows - instead of "#include ", which was used with library versions - up to OpenSSL 0.9.2b. + NOTE: you MUST run the tests from an unprivileged account (or + disable your privileges temporarily if your platform allows it). - If you install a new version of OpenSSL over an old library version, - you should delete the old header files in the include directory. + If some tests fail, look at the output. There may be reasons for + the failure that isn't a problem in OpenSSL itself (like a + malfunction with Perl). You may want increased verbosity, that + can be accomplished like this: - Compatibility issues: + $ make VERBOSE=1 test # Unix - * COMPILING existing applications + $ mms /macro=(VERBOSE=1) test ! OpenVMS + + $ nmake VERBOSE=1 test # Windows + + If you want to run just one or a few specific tests, you can use + the make variable TESTS to specify them, like this: + + $ make TESTS='test_rsa test_dsa' test # Unix + $ mms/macro="TESTS=test_rsa test_dsa" test ! OpenVMS + $ nmake TESTS='test_rsa test_dsa' test # Windows + + And of course, you can combine (Unix example shown): + + $ make VERBOSE=1 TESTS='test_rsa test_dsa' test - To compile an application that uses old filenames -- e.g. - "#include " --, it will usually be enough to find - the CFLAGS definition in the application's Makefile and - add a C option such as + You can find the list of available tests like this: - -I/usr/local/ssl/include/openssl + $ make list-tests # Unix + $ mms list-tests ! OpenVMS + $ nmake list-tests # Windows - to it. + Have a look at the manual for the perl module Test::Harness to + see what other HARNESS_* variables there are. - But don't delete the existing -I option that points to - the ..../include directory! Otherwise, OpenSSL header files - could not #include each other. + If you find a problem with OpenSSL itself, try removing any + compiler optimization flags from the CFLAGS line in Makefile and + run "make clean; make" or corresponding. - * WRITING applications + To report a bug please open an issue on GitHub, at + https://github.com/openssl/openssl/issues. - To write an application that is able to handle both the new - and the old directory layout, so that it can still be compiled - with library versions up to OpenSSL 0.9.2b without bothering - the user, you can proceed as follows: + 4. If everything tests ok, install OpenSSL with - - Always use the new filename of OpenSSL header files, - e.g. #include . + $ make install # Unix + $ mms install ! OpenVMS + $ nmake install # Windows + + This will install all the software components in this directory + tree under PREFIX (the directory given with --prefix or its + default): + + Unix: + + bin/ Contains the openssl binary and a few other + utility scripts. + include/openssl + Contains the header files needed if you want + to build your own programs that use libcrypto + or libssl. + lib Contains the OpenSSL library files. + lib/engines Contains the OpenSSL dynamically loadable engines. + + share/man/man1 Contains the OpenSSL command line man-pages. + share/man/man3 Contains the OpenSSL library calls man-pages. + share/man/man5 Contains the OpenSSL configuration format man-pages. + share/man/man7 Contains the OpenSSL other misc man-pages. + + share/doc/openssl/html/man1 + share/doc/openssl/html/man3 + share/doc/openssl/html/man5 + share/doc/openssl/html/man7 + Contains the HTML rendition of the man-pages. + + OpenVMS ('arch' is replaced with the architecture name, "Alpha" + or "ia64", 'sover' is replaced with the shared library version + (0101 for 1.1), and 'pz' is replaced with the pointer size + OpenSSL was built with): + + [.EXE.'arch'] Contains the openssl binary. + [.EXE] Contains a few utility scripts. + [.include.openssl] + Contains the header files needed if you want + to build your own programs that use libcrypto + or libssl. + [.LIB.'arch'] Contains the OpenSSL library files. + [.ENGINES'sover''pz'.'arch'] + Contains the OpenSSL dynamically loadable engines. + [.SYS$STARTUP] Contains startup, login and shutdown scripts. + These define appropriate logical names and + command symbols. + [.SYSTEST] Contains the installation verification procedure. + [.HTML] Contains the HTML rendition of the manual pages. + + + Additionally, install will add the following directories under + OPENSSLDIR (the directory given with --openssldir or its default) + for you convenience: + + certs Initially empty, this is the default location + for certificate files. + private Initially empty, this is the default location + for private key files. + misc Various scripts. - - Create a directory "incl" that contains only a symbolic - link named "openssl", which points to the "include" directory - of OpenSSL. - For example, your application's Makefile might contain the - following rule, if OPENSSLDIR is a pathname (absolute or - relative) of the directory where OpenSSL resides: + Package builders who want to configure the library for standard + locations, but have the package installed somewhere else so that + it can easily be packaged, can use - incl/openssl: - -mkdir incl - cd $(OPENSSLDIR) # Check whether the directory really exists - -ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl + $ make DESTDIR=/tmp/package-root install # Unix + $ mms/macro="DESTDIR=TMP:[PACKAGE-ROOT]" install ! OpenVMS - You will have to add "incl/openssl" to the dependencies - of those C files that include some OpenSSL header file. + The specified destination directory will be prepended to all + installation target paths. - - Add "-Iincl" to your CFLAGS. + Compatibility issues with previous OpenSSL versions: - With these additions, the OpenSSL header files will be available - under both name variants if an old library version is used: - Your application can reach them under names like , - while the header files still are able to #include each other - with names of the form . + * COMPILING existing applications + OpenSSL 1.1.0 hides a number of structures that were previously + open. This includes all internal libssl structures and a number + of EVP types. Accessor functions have been added to allow + controlled access to the structures' data. + + This means that some software needs to be rewritten to adapt to + the new ways of doing things. This often amounts to allocating + an instance of a structure explicitly where you could previously + allocate them on the stack as automatic variables, and using the + provided accessor functions where you would previously access a + structure's field directly. + + Some APIs have changed as well. However, older APIs have been + preserved when possible. + + Environment Variables + --------------------- + + A number of environment variables can be used to provide additional control + over the build process. Typically these should be defined prior to running + config or Configure. Not all environment variables are relevant to all + platforms. + + AR + The name of the ar executable to use. + + BUILDFILE + Use a different build file name than the platform default + ("Makefile" on Unixly platforms, "makefile" on native Windows, + "descrip.mms" on OpenVMS). This requires that there is a + corresponding build file template. See Configurations/README + for further information. + + CC + The compiler to use. Configure will attempt to pick a default + compiler for your platform but this choice can be overridden + using this variable. Set it to the compiler executable you wish + to use, e.g. "gcc" or "clang". + + CROSS_COMPILE + This environment variable has the same meaning as for the + "--cross-compile-prefix" Configure flag described above. If both + are set then the Configure flag takes precedence. + + NM + The name of the nm executable to use. + + OPENSSL_LOCAL_CONFIG_DIR + OpenSSL comes with a database of information about how it + should be built on different platforms as well as build file + templates for those platforms. The database is comprised of + ".conf" files in the Configurations directory. The build + file templates reside there as well as ".tmpl" files. See the + file Configurations/README for further information about the + format of ".conf" files as well as information on the ".tmpl" + files. + In addition to the standard ".conf" and ".tmpl" files, it is + possible to create your own ".conf" and ".tmpl" files and store + them locally, outside the OpenSSL source tree. This environment + variable can be set to the directory where these files are held + and will have Configure to consider them in addition to the + standard ones. + + PERL + The name of the Perl executable to use when building OpenSSL. + + HASHBANGPERL + The command string for the Perl executable to insert in the + #! line of perl scripts that will be publically installed. + Default: /usr/bin/env perl + Note: the value of this variable is added to the same scripts + on all platforms, but it's only relevant on Unix-like platforms. + + RC + The name of the rc executable to use. The default will be as + defined for the target platform in the ".conf" file. If not + defined then "windres" will be used. The WINDRES environment + variable is synonymous to this. If both are defined then RC + takes precedence. + + RANLIB + The name of the ranlib executable to use. + + WINDRES + See RC. + + Makefile targets + ---------------- + + The Configure script generates a Makefile in a format relevant to the specific + platform. The Makefiles provide a number of targets that can be used. Not all + targets may be available on all platforms. Only the most common targets are + described here. Examine the Makefiles themselves for the full list. + + all + The default target to build all the software components. + + clean + Remove all build artefacts and return the directory to a "clean" + state. + + depend + Rebuild the dependencies in the Makefiles. This is a legacy + option that no longer needs to be used in OpenSSL 1.1.0. + + install + Install all OpenSSL components. + + install_sw + Only install the OpenSSL software components. + + install_docs + Only install the OpenSSL documentation components. + + install_man_docs + Only install the OpenSSL man pages (Unix only). + + install_html_docs + Only install the OpenSSL html documentation. + + list-tests + Prints a list of all the self test names. + + test + Build and run the OpenSSL self tests. + + uninstall + Uninstall all OpenSSL components. + + update + This is a developer option. If you are developing a patch for + OpenSSL you may need to use this if you want to update + automatically generated files; add new error codes or add new + (or change the visibility of) public API functions. (Unix only). Note on multi-threading ----------------------- @@ -308,22 +910,45 @@ you can still use "no-threads" to suppress an annoying warning message from the Configure script.) - - Note on shared libraries - ------------------------ - - Shared libraries have certain caveats. Binary backward compatibility - can't be guaranteed before OpenSSL version 1.0. The only reason to - use them would be to conserve memory on systems where several programs - are using OpenSSL. - - For some systems, the OpenSSL Configure script knows what is needed to - build shared libraries for libcrypto and libssl. On these systems, - the shared libraries are currently not created by default, but giving - the option "shared" will get them created. This method supports Makefile - targets for shared library creation, like linux-shared. Those targets - can currently be used on their own just as well, but this is expected - to change in future versions of OpenSSL. + OpenSSL provides built-in support for two threading models: pthreads (found on + most UNIX/Linux systems), and Windows threads. No other threading models are + supported. If your platform does not provide pthreads or Windows threads then + you should Configure with the "no-threads" option. + + Notes on shared libraries + ------------------------- + + For most systems the OpenSSL Configure script knows what is needed to + build shared libraries for libcrypto and libssl. On these systems + the shared libraries will be created by default. This can be suppressed and + only static libraries created by using the "no-shared" option. On systems + where OpenSSL does not know how to build shared libraries the "no-shared" + option will be forced and only static libraries will be created. + + Shared libraries are named a little differently on different platforms. + One way or another, they all have the major OpenSSL version number as + part of the file name, i.e. for OpenSSL 1.1.x, 1.1 is somehow part of + the name. + + On most POSIXly platforms, shared libraries are named libcrypto.so.1.1 + and libssl.so.1.1. + + on Cygwin, shared libraries are named cygcrypto-1.1.dll and cygssl-1.1.dll + with import libraries libcrypto.dll.a and libssl.dll.a. + + On Windows build with MSVC or using MingW, shared libraries are named + libcrypto-1_1.dll and libssl-1_1.dll for 32-bit Windows, libcrypto-1_1-x64.dll + and libssl-1_1-x64.dll for 64-bit x86_64 Windows, and libcrypto-1_1-ia64.dll + and libssl-1_1-ia64.dll for IA64 Windows. With MSVC, the import libraries + are named libcrypto.lib and libssl.lib, while with MingW, they are named + libcrypto.dll.a and libssl.dll.a. + + On VMS, shareable images (VMS speak for shared libraries) are named + ossl$libcrypto0101_shr.exe and ossl$libssl0101_shr.exe. However, when + OpenSSL is specifically built for 32-bit pointers, the shareable images + are named ossl$libcrypto0101_shr32.exe and ossl$libssl0101_shr32.exe + instead, and when built for 64-bit pointers, they are named + ossl$libcrypto0101_shr64.exe and ossl$libssl0101_shr64.exe. Note on random number generation -------------------------------- @@ -333,28 +958,7 @@ internal PRNG. If not properly seeded, the internal PRNG will refuse to deliver random bytes and a "PRNG not seeded error" will occur. On systems without /dev/urandom (or similar) device, it may be necessary - to install additional support software to obtain random seed. + to install additional support software to obtain a random seed. Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(), and the FAQ for more information. - Note on support for multiple builds - ----------------------------------- - - OpenSSL is usually built in its source tree. Unfortunately, this doesn't - support building for multiple platforms from the same source tree very well. - It is however possible to build in a separate tree through the use of lots - of symbolic links, which should be prepared like this: - - mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`" - cd objtree/"`uname -s`-`uname -r`-`uname -m`" - (cd $OPENSSL_SOURCE; find . -type f) | while read F; do - mkdir -p `dirname $F` - rm -f $F; ln -s $OPENSSL_SOURCE/$F $F - echo $F '->' $OPENSSL_SOURCE/$F - done - make -f Makefile.org clean - - OPENSSL_SOURCE is an environment variable that contains the absolute (this - is important!) path to the OpenSSL source tree. - - Also, operations like 'make update' should still be made in the source tree. diff --git a/third_party/openssl/INSTALL.DJGPP b/third_party/openssl/INSTALL.DJGPP deleted file mode 100644 index 1047ec90a5..0000000000 --- a/third_party/openssl/INSTALL.DJGPP +++ /dev/null @@ -1,47 +0,0 @@ - - - INSTALLATION ON THE DOS PLATFORM WITH DJGPP - ------------------------------------------- - - OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time - environment for 16-bit DOS, but only with long filename support. - If you wish to compile on native DOS with 8+3 filenames, you will - have to tweak the installation yourself, including renaming files - with illegal or duplicate names. - - You should have a full DJGPP environment installed, including the - latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package - requires that PERL and BC also be installed. - - All of these can be obtained from the usual DJGPP mirror sites or - directly at "http://www.delorie.com/pub/djgpp". For help on which - files to download, see the DJGPP "ZIP PICKER" page at - "http://www.delorie.com/djgpp/zip-picker.html". You also need to have - the WATT-32 networking package installed before you try to compile - OpenSSL. This can be obtained from "http://www.bgnett.no/~giva/". - The Makefile assumes that the WATT-32 code is in the directory - specified by the environment variable WATT_ROOT. If you have watt-32 - in directory "watt32" under your main DJGPP directory, specify - WATT_ROOT="/dev/env/DJDIR/watt32". - - To compile OpenSSL, start your BASH shell, then configure for DJGPP by - running "./Configure" with appropriate arguments: - - ./Configure no-threads --prefix=/dev/env/DJDIR DJGPP - - And finally fire up "make". You may run out of DPMI selectors when - running in a DOS box under Windows. If so, just close the BASH - shell, go back to Windows, and restart BASH. Then run "make" again. - - RUN-TIME CAVEAT LECTOR - -------------- - - Quoting FAQ: - - "Cryptographic software needs a source of unpredictable data to work - correctly. Many open source operating systems provide a "randomness - device" (/dev/urandom or /dev/random) that serves this purpose." - - As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd - party "randomness" DOS driver. One such driver, NOISE.SYS, can be - obtained from "http://www.rahul.net/dkaufman/index.html". diff --git a/third_party/openssl/INSTALL.MacOS b/third_party/openssl/INSTALL.MacOS deleted file mode 100644 index 01c60d81f9..0000000000 --- a/third_party/openssl/INSTALL.MacOS +++ /dev/null @@ -1,72 +0,0 @@ -OpenSSL - Port To The Macintosh OS 9 or Earlier -=============================================== - -Thanks to Roy Wood initial support for Mac OS (pre -X) is now provided. "Initial" means that unlike other platforms where you -get an SDK and a "swiss army" openssl application, on Macintosh you only -get one sample application which fetches a page over HTTPS(*) and dumps it -in a window. We don't even build the test applications so that we can't -guarantee that all algorithms are operational. - -Required software: - -- StuffIt Expander 5.5 or later, alternatively MacGzip and SUNtar; -- Scriptable Finder; -- CodeWarrior Pro 5; - -Installation procedure: - -- fetch the source at ftp://ftp.openssl.org/ (well, you probably already - did, huh?) -- unpack the .tar.gz file: - - if you have StuffIt Expander then just drag it over it; - - otherwise uncompress it with MacGzip and then unpack with SUNtar; -- locate MacOS folder in OpenSSL source tree and open it; -- unbinhex mklinks.as.hqx and OpenSSL.mcp.hqx if present (**), do it - "in-place", i.e. unpacked files should end-up in the very same folder; -- execute mklinks.as; -- open OpenSSL.mcp(***) and build 'GetHTTPS PPC' target(****); -- that's it for now; - -(*) URL is hardcoded into ./MacOS/GetHTTPS.src/GetHTTPS.cpp, lines 40 - to 42, change appropriately. -(**) If you use SUNtar, then it might have already unbinhexed the files - in question. -(***) The project file was saved with CW Pro 5.3. If you have an earlier - version and it refuses to open it, then download - http://www.openssl.org/~appro/OpenSSL.mcp.xml and import it - overwriting the original OpenSSL.mcp. -(****) Other targets are works in progress. If you feel like giving 'em a - shot, then you should know that OpenSSL* and Lib* targets are - supposed to be built with the GUSI, MacOS library which mimics - BSD sockets and some other POSIX APIs. The GUSI distribution is - expected to be found in the same directory as the openssl source tree, - i.e., in the parent directory to the one where this very file, - namely INSTALL.MacOS, resides. For more information about GUSI, see - http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html - -Finally some essential comments from our generous contributor:-) - -"I've gotten OpenSSL working on the Macintosh. It's probably a bit of a -hack, but it works for what I'm doing. If you don't like the way I've done -it, then feel free to change what I've done. I freely admit that I've done -some less-than-ideal things in my port, and if you don't like the way I've -done something, then feel free to change it-- I won't be offended! - -... I've tweaked "bss_sock.c" a little to call routines in a "MacSocket" -library I wrote. My MacSocket library is a wrapper around OpenTransport, -handling stuff like endpoint creation, reading, writing, etc. It is not -designed as a high-performance package such as you'd use in a webserver, -but is fine for lots of other applications. MacSocket also uses some other -code libraries I've written to deal with string manipulations and error -handling. Feel free to use these things in your own code, but give me -credit and/or send me free stuff in appreciation! :-) - -... - -If you have any questions, feel free to email me as the following: - -roy@centricsystems.ca - --Roy Wood" - diff --git a/third_party/openssl/INSTALL.NW b/third_party/openssl/INSTALL.NW deleted file mode 100644 index 609a7309e1..0000000000 --- a/third_party/openssl/INSTALL.NW +++ /dev/null @@ -1,454 +0,0 @@ - -INSTALLATION ON THE NETWARE PLATFORM ------------------------------------- - -Notes about building OpenSSL for NetWare. - - -BUILD PLATFORM: ---------------- -The build scripts (batch files, perl scripts, etc) have been developed and -tested on W2K. The scripts should run fine on other Windows platforms -(NT, Win9x, WinXP) but they have not been tested. They may require some -modifications. - - -Supported NetWare Platforms - NetWare 5.x, NetWare 6.x: -------------------------------------------------------- -OpenSSL can either use the WinSock interfaces introduced in NetWare 5, -or the BSD socket interface. Previous versions of NetWare, 4.x and 3.x, -are only supported if OpenSSL is build for CLIB and BSD sockets; -WinSock builds only support NetWare 5 and up. - -On NetWare there are two c-runtime libraries. There is the legacy CLIB -interfaces and the newer LIBC interfaces. Being ANSI-C libraries, the -functionality in CLIB and LIBC is similar but the LIBC interfaces are built -using Novell Kernal Services (NKS) which is designed to leverage -multi-processor environments. - -The NetWare port of OpenSSL can be configured to build using CLIB or LIBC. -The CLIB build was developed and tested using NetWare 5.0 sp6.0a. The LIBC -build was developed and tested using the NetWare 6.0 FCS. - -The necessary LIBC functionality ships with NetWare 6. However, earlier -NetWare 5.x versions will require updates in order to run the OpenSSL LIBC -build (NetWare 5.1 SP8 is known to work). - -As of June 2005, the LIBC build can be configured to use BSD sockets instead -of WinSock sockets. Call Configure (usually through netware\build.bat) using -a target of "netware-libc-bsdsock" instead of "netware-libc". - -As of June 2007, support for CLIB and BSD sockets is also now available -using a target of "netware-clib-bsdsock" instead of "netware-clib"; -also gcc builds are now supported on both Linux and Win32 (post 0.9.8e). - -REQUIRED TOOLS: ---------------- -Based upon the configuration and build options used, some or all of the -following tools may be required: - -* Perl for Win32 - required (http://www.activestate.com/ActivePerl) - Used to run the various perl scripts on the build platform. - -* Perl 5.8.0 for NetWare v3.20 (or later) - required - (http://developer.novell.com) Used to run the test script on NetWare - after building. - -* Compiler / Linker - required: - Metrowerks CodeWarrior PDK 2.1 (or later) for NetWare (commercial): - Provides command line tools used for building. - Tools: - mwccnlm.exe - C/C++ Compiler for NetWare - mwldnlm.exe - Linker for NetWare - mwasmnlm.exe - x86 assembler for NetWare (if using assembly option) - - gcc / nlmconv Cross-Compiler, available from Novell Forge (free): - http://forge.novell.com/modules/xfmod/project/?aunixnw - -* Assemblers - optional: - If you intend to build using the assembly options you will need an - assembler. Work has been completed to support two assemblers, Metrowerks - and NASM. However, during development, a bug was found in the Metrowerks - assembler which generates incorrect code. Until this problem is fixed, - the Metrowerks assembler cannot be used. - - mwasmnlm.exe - Metrowerks x86 assembler - part of CodeWarrior tools. - (version 2.2 Built Aug 23, 1999 - not useable due to code - generation bug) - - nasmw.exe - Netwide Assembler NASM - version 0.98 was used in development and testing - -* Make Tool - required: - In order to build you will need a make tool. Two make tools are - supported, GNU make (gmake.exe) or Microsoft nmake.exe. - - make.exe - GNU make for Windows (version 3.75 used for development) - http://gnuwin32.sourceforge.net/packages/make.htm - - nmake.exe - Microsoft make (Version 6.00.8168.0 used for development) - http://support.microsoft.com/kb/132084/EN-US/ - -* Novell Developer Kit (NDK) - required: (http://developer.novell.com) - - CLIB - BUILDS: - - WinSock2 Developer Components for NetWare: - For initial development, the October 27, 2000 version was used. - However, future versions should also work. - - NOTE: The WinSock2 components include headers & import files for - NetWare, but you will also need the winsock2.h and supporting - headers (pshpack4.h, poppack.h, qos.h) delivered in the - Microsoft SDK. Note: The winsock2.h support headers may change - with various versions of winsock2.h. Check the dependencies - section on the NDK WinSock2 download page for the latest - information on dependencies. These components are unsupported by - Novell. They are provided as a courtesy, but it is strongly - suggested that all development be done using LIBC, not CLIB. - - As of June 2005, the WinSock2 components are available at: - http://forgeftp.novell.com//ws2comp/ - - - NLM and NetWare libraries for C (including CLIB and XPlat): - If you are going to build a CLIB version of OpenSSL, you will - need the CLIB headers and imports. The March, 2001 NDK release or - later is recommended. - - Earlier versions should work but haven't been tested. In recent - versions the import files have been consolidated and function - names moved. This means you may run into link problems - (undefined symbols) when using earlier versions. The functions - are available in earlier versions, but you will have to modifiy - the make files to include additional import files (see - openssl\util\pl\netware.pl). - - - LIBC - BUILDS: - - Libraries for C (LIBC) - LIBC headers and import files - If you are going to build a LIBC version of OpenSSL, you will - need the LIBC headers and imports. The March 14, 2002 NDK release or - later is required. - - NOTE: The LIBC SDK includes the necessary WinSock2 support. - It is not necessary to download the WinSock2 NDK when building for - LIBC. The LIBC SDK also includes the appropriate BSD socket support - if configuring to use BSD sockets. - - -BUILDING: ---------- -Before building, you will need to set a few environment variables. You can -set them manually or you can modify the "netware\set_env.bat" file. - -The set_env.bat file is a template you can use to set up the path -and environment variables you will need to build. Modify the -various lines to point to YOUR tools and run set_env.bat. - - netware\set_env.bat [compiler] - - target - "netware-clib" - CLIB NetWare build - - "netware-libc" - LIBC NetWare build - - compiler - "gnuc" - GNU GCC Compiler - - "codewarrior" - MetroWerks CodeWarrior (default) - -If you don't use set_env.bat, you will need to set up the following -environment variables: - - PATH - Set PATH to point to the tools you will use. - - INCLUDE - The location of the NDK include files. - - CLIB ex: set INCLUDE=c:\ndk\nwsdk\include\nlm - LIBC ex: set INCLUDE=c:\ndk\libc\include - - PRELUDE - The absolute path of the prelude object to link with. For - a CLIB build it is recommended you use the "clibpre.o" files shipped - with the Metrowerks PDK for NetWare. For a LIBC build you should - use the "libcpre.o" file delivered with the LIBC NDK components. - - CLIB ex: set PRELUDE=c:\ndk\nwsdk\imports\clibpre.o - LIBC ex: set PRELUDE=c:\ndk\libc\imports\libcpre.o - - IMPORTS - The locaton of the NDK import files. - - CLIB ex: set IMPORTS=c:\ndk\nwsdk\imports - LIBC ex: set IMPORTS=c:\ndk\libc\imports - - -In order to build, you need to run the Perl scripts to configure the build -process and generate a make file. There is a batch file, -"netware\build.bat", to automate the process. - -Build.bat runs the build configuration scripts and generates a make file. -If an assembly option is specified, it also runs the scripts to generate -the assembly code. Always run build.bat from the "openssl" directory. - - netware\build [target] [debug opts] [assembly opts] [configure opts] - - target - "netware-clib" - CLIB NetWare build (WinSock Sockets) - - "netware-clib-bsdsock" - CLIB NetWare build (BSD Sockets) - - "netware-libc" - LIBC NetWare build (WinSock Sockets) - - "netware-libc-bsdsock" - LIBC NetWare build (BSD Sockets) - - debug opts - "debug" - build debug - - assembly opts - "nw-mwasm" - use Metrowerks assembler - "nw-nasm" - use NASM assembler - "no-asm" - don't use assembly - - configure opts- all unrecognized arguments are passed to the - perl 'configure' script. See that script for - internal documentation regarding options that - are available. - - examples: - - CLIB build, debug, without assembly: - netware\build.bat netware-clib debug no-asm - - LIBC build, non-debug, using NASM assembly, add mdc2 support: - netware\build.bat netware-libc nw-nasm enable-mdc2 - - LIBC build, BSD sockets, non-debug, without assembly: - netware\build.bat netware-libc-bsdsock no-asm - -Running build.bat generates a make file to be processed by your make -tool (gmake or nmake): - - CLIB ex: gmake -f netware\nlm_clib_dbg.mak - LIBC ex: gmake -f netware\nlm_libc.mak - LIBC ex: gmake -f netware\nlm_libc_bsdsock.mak - - -You can also run the build scripts manually if you do not want to use the -build.bat file. Run the following scripts in the "\openssl" -subdirectory (in the order listed below): - - perl configure no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock] - configures no assembly build for specified netware environment - (CLIB or LIBC). - - perl util\mkfiles.pl >MINFO - generates a listing of source files (used by mk1mf) - - perl util\mk1mf.pl no-asm [other config opts] [netware-clib|netware-libc|netware-libc-bsdsock >netware\nlm.mak - generates the makefile for NetWare - - gmake -f netware\nlm.mak - build with the make tool (nmake.exe also works) - -NOTE: If you are building using the assembly option, you must also run the -various Perl scripts to generate the assembly files. See build.bat -for an example of running the various assembly scripts. You must use the -"no-asm" option to build without assembly. The configure and mk1mf scripts -also have various other options. See the scripts for more information. - - -The output from the build is placed in the following directories: - - CLIB Debug build: - out_nw_clib.dbg - static libs & test nlm(s) - tmp_nw_clib.dbg - temporary build files - outinc_nw_clib - necessary include files - - CLIB Non-debug build: - out_nw_clib - static libs & test nlm(s) - tmp_nw_clib - temporary build files - outinc_nw_clib - necesary include files - - LIBC Debug build: - out_nw_libc.dbg - static libs & test nlm(s) - tmp_nw_libc.dbg - temporary build files - outinc_nw_libc - necessary include files - - LIBC Non-debug build: - out_nw_libc - static libs & test nlm(s) - tmp_nw_libc - temporary build files - outinc_nw_libc - necesary include files - - -TESTING: --------- -The build process creates the OpenSSL static libs ( crypto.lib, ssl.lib, -rsaglue.lib ) and several test programs. You should copy the test programs -to your NetWare server and run the tests. - -The batch file "netware\cpy_tests.bat" will copy all the necessary files -to your server for testing. In order to run the batch file, you need a -drive mapped to your target server. It will create an "OpenSSL" directory -on the drive and copy the test files to it. CAUTION: If a directory with the -name of "OpenSSL" already exists, it will be deleted. - -To run cpy_tests.bat: - - netware\cpy_tests [output directory] [NetWare drive] - - output directory - "out_nw_clib.dbg", "out_nw_libc", etc. - NetWare drive - drive letter of mapped drive - - CLIB ex: netware\cpy_tests out_nw_clib m: - LIBC ex: netware\cpy_tests out_nw_libc m: - - -The Perl script, "do_tests.pl", in the "OpenSSL" directory on the server -should be used to execute the tests. Before running the script, make sure -your SEARCH PATH includes the "OpenSSL" directory. For example, if you -copied the files to the "sys:" volume you use the command: - - SEARCH ADD SYS:\OPENSSL - - -To run do_tests.pl type (at the console prompt): - - perl \openssl\do_tests.pl [options] - - options: - -p - pause after executing each test - -The do_tests.pl script generates a log file "\openssl\test_out\tests.log" -which should be reviewed for errors. Any errors will be denoted by the word -"ERROR" in the log. - -DEVELOPING WITH THE OPENSSL SDK: --------------------------------- -Now that everything is built and tested, you are ready to use the OpenSSL -libraries in your development. - -There is no real installation procedure, just copy the static libs and -headers to your build location. The libs (crypto.lib & ssl.lib) are -located in the appropriate "out_nw_XXXX" directory -(out_nw_clib, out_nw_libc, etc). - -The headers are located in the appropriate "outinc_nw_XXX" directory -(outinc_nw_clib, outinc_nw_libc). - -One suggestion is to create the following directory -structure for the OpenSSL SDK: - - \openssl - |- bin - | |- openssl.nlm - | |- (other tests you want) - | - |- lib - | | - crypto.lib - | | - ssl.lib - | - |- include - | | - openssl - | | | - (all the headers in "outinc_nw\openssl") - - -The program "openssl.nlm" can be very useful. It has dozens of -options and you may want to keep it handy for debugging, testing, etc. - -When building your apps using OpenSSL, define "NETWARE". It is needed by -some of the OpenSSL headers. One way to do this is with a compile option, -for example "-DNETWARE". - - - -NOTES: ------- - -Resource leaks in Tests ------------------------- -Some OpenSSL tests do not clean up resources and NetWare reports -the resource leaks when the tests unload. If this really bugs you, -you can stop the messages by setting the developer option off at the console -prompt (set developer option = off). Or better yet, fix the tests to -clean up the resources! - - -Multi-threaded Development ---------------------------- -The NetWare version of OpenSSL is thread-safe, however multi-threaded -applications must provide the necessary locking function callbacks. This -is described in doc\threads.doc. The file "openssl-x.x.x\crypto\threads\mttest.c" -is a multi-threaded test program and demonstrates the locking functions. - - -What is openssl2.nlm? ---------------------- -The openssl program has numerous options and can be used for many different -things. Many of the options operate in an interactive mode requiring the -user to enter data. Because of this, a default screen is created for the -program. However, when running the test script it is not desirable to -have a seperate screen. Therefore, the build also creates openssl2.nlm. -Openssl2.nlm is functionally identical but uses the console screen. -Openssl2 can be used when a non-interactive mode is desired. - -NOTE: There are may other possibilities (command line options, etc) -which could have been used to address the screen issue. The openssl2.nlm -option was chosen because it impacted only the build not the code. - - -Why only static libraries? --------------------------- -Globals, globals, and more globals. The OpenSSL code uses many global -variables that are allocated and initialized when used for the first time. - -On NetWare, most applications (at least historically) run in the kernel. -When running in the kernel, there is one instance of global variables. -For regular application type NLM(s) this isn't a problem because they are -the only ones using the globals. However, for a library NLM (an NLM which -exposes functions and has no threads of execution), the globals cause -problems. Applications could inadvertently step on each other if they -change some globals. Even worse, the first application that triggers a -global to be allocated and initialized has the allocated memory charged to -itself. Now when that application unloads, NetWare will clean up all the -applicaton's memory. The global pointer variables inside OpenSSL now -point to freed memory. An abend waiting to happen! - -To work correctly in the kernel, library NLM(s) that use globals need to -provide a set of globals (instance data) for each application. Another -option is to require the library only be loaded in a protected address -space along with the application using it. - -Modifying the OpenSSL code to provide a set of globals (instance data) for -each application isn't technically difficult, but due to the large number -globals it would require substantial code changes and it wasn't done. Hence, -the build currently only builds static libraries which are then linked -into each application. - -NOTE: If you are building a library NLM that uses the OpenSSL static -libraries, you will still have to deal with the global variable issue. -This is because when you link in the OpenSSL code you bring in all the -globals. One possible solution for the global pointer variables is to -register memory functions with OpenSSL which allocate memory and charge it -to your library NLM (see the function CRYPTO_set_mem_functions). However, -be aware that now all memory allocated by OpenSSL is charged to your NLM. - - -CodeWarrior Tools and W2K ---------------------------- -There have been problems reported with the CodeWarrior Linker -(mwldnlm.exe) in the PDK 2.1 for NetWare when running on Windows 2000. The -problems cause the link step to fail. The only work around is to obtain an -updated linker from Metrowerks. It is expected Metrowerks will release -PDK 3.0 (in beta testing at this time - May, 2001) in the near future which -will fix these problems. - - -Makefile "vclean" ------------------- -The generated makefile has a "vclean" target which cleans up the build -directories. If you have been building successfully and suddenly -experience problems, use "vclean" (gmake -f netware\nlm_xxxx.mak vclean) and retry. - - -"Undefined Symbol" Linker errors --------------------------------- -There have been linker errors reported when doing a CLIB build. The problems -occur because some versions of the CLIB SDK import files inadvertently -left out some symbols. One symbol in particular is "_lrotl". The missing -functions are actually delivered in the binaries, but they were left out of -the import files. The issues should be fixed in the September 2001 release -of the NDK. If you experience the problems you can temporarily -work around it by manually adding the missing symbols to your version of -"clib.imp". - diff --git a/third_party/openssl/INSTALL.OS2 b/third_party/openssl/INSTALL.OS2 deleted file mode 100644 index 530316db18..0000000000 --- a/third_party/openssl/INSTALL.OS2 +++ /dev/null @@ -1,31 +0,0 @@ - - Installation on OS/2 - -------------------- - - You need to have the following tools installed: - - * EMX GCC - * PERL - * GNU make - - - To build the makefile, run - - > os2\os2-emx - - This will configure OpenSSL and create OS2-EMX.mak which you then use to - build the OpenSSL libraries & programs by running - - > make -f os2-emx.mak - - If that finishes successfully you will find the libraries and programs in the - "out" directory. - - Alternatively, you can make a dynamic build that puts the library code into - crypto.dll and ssl.dll by running - - > make -f os2-emx-dll.mak - - This will build the above mentioned dlls and a matching pair of import - libraries in the "out_dll" directory along with the set of test programs - and the openssl application. diff --git a/third_party/openssl/INSTALL.VMS b/third_party/openssl/INSTALL.VMS deleted file mode 100644 index e5d43a57ab..0000000000 --- a/third_party/openssl/INSTALL.VMS +++ /dev/null @@ -1,293 +0,0 @@ - VMS Installation instructions - written by Richard Levitte - - - -Intro: -====== - -This file is divided in the following parts: - - Requirements - Mandatory reading. - Checking the distribution - Mandatory reading. - Compilation - Mandatory reading. - Logical names - Mandatory reading. - Test - Mandatory reading. - Installation - Mandatory reading. - Backward portability - Read if it's an issue. - Possible bugs or quirks - A few warnings on things that - may go wrong or may surprise you. - TODO - Things that are to come. - - -Requirements: -============= - -To build and install OpenSSL, you will need: - - * DEC C or some other ANSI C compiler. VAX C is *not* supported. - [Note: OpenSSL has only been tested with DEC C. Compiling with - a different ANSI C compiler may require some work] - -Checking the distribution: -========================== - -There have been reports of places where the distribution didn't quite get -through, for example if you've copied the tree from a NFS-mounted Unix -mount point. - -The easiest way to check if everything got through as it should is to check -for one of the following files: - - [.CRYPTO]OPENSSLCONF.H_IN - [.CRYPTO]OPENSSLCONF_H.IN - -They should never exist both at once, but one of them should (preferably -the first variant). If you can't find any of those two, something went -wrong. - -The best way to get a correct distribution is to download the gzipped tar -file from ftp://ftp.openssl.org/source/, use GUNZIP to uncompress it and -use VMSTAR to unpack the resulting tar file. - -GUNZIP is available in many places on the net. One of the distribution -points is the WKU software archive, ftp://ftp.wku.edu/vms/fileserv/ . - -VMSTAR is also available in many places on the net. The recommended place -to find information about it is http://www.free.lp.se/vmstar/ . - - -Compilation: -============ - -I've used the very good command procedures written by Robert Byer -, and just slightly modified them, making -them slightly more general and easier to maintain. - -You can actually compile in almost any directory separately. Look -for a command procedure name xxx-LIB.COM (in the library directories) -or MAKExxx.COM (in the program directories) and read the comments at -the top to understand how to use them. However, if you want to -compile all you can get, the simplest is to use MAKEVMS.COM in the top -directory. The syntax is the following: - - @MAKEVMS