4 This directory contains a few sets of files that are used for
5 configuration in diverse ways:
7 *.conf Target platform configurations, please read
8 'Configurations of OpenSSL target platforms' for more
10 *.tmpl Build file templates, please read 'Build-file
11 programming with the "unified" build system' as well
12 as 'Build info files' for more information.
13 *.pm Helper scripts / modules for the main `Configure`
14 script. See 'Configure helper scripts for more
18 Configurations of OpenSSL target platforms
19 ==========================================
21 Configuration targets are a collection of facts that we know about
22 different platforms and their capabilities. We organise them in a
23 hash table, where each entry represent a specific target.
25 Note that configuration target names must be unique across all config
26 files. The Configure script does check that a config file doesn't
27 have config targets that shadow config targets from other files.
29 In each table entry, the following keys are significant:
31 inherit_from => Other targets to inherit values from.
32 Explained further below. [1]
33 template => Set to 1 if this isn't really a platform
34 target. Instead, this target is a template
35 upon which other targets can be built.
36 Explained further below. [1]
38 sys_id => System identity for systems where that
39 is difficult to determine automatically.
41 enable => Enable specific configuration features.
42 This MUST be an array of words.
43 disable => Disable specific configuration features.
44 This MUST be an array of words.
45 Note: if the same feature is both enabled
46 and disabled, disable wins.
48 as => The assembler command. This is not always
49 used (for example on Unix, where the C
50 compiler is used instead).
51 asflags => Default assembler command flags [4].
52 cpp => The C preprocessor command, normally not
53 given, as the build file defaults are
55 cppflags => Default C preprocessor flags [4].
56 defines => As an alternative, macro definitions may be
57 given here instead of in `cppflags' [4].
58 If given here, they MUST be as an array of
59 the string such as "MACRO=value", or just
60 "MACRO" for definitions without value.
61 includes => As an alternative, inclusion directories
62 may be given here instead of in `cppflags'
63 [4]. If given here, the MUST be an array
64 of strings, one directory specification
66 cc => The C compiler command, usually one of "cc",
67 "gcc" or "clang". This command is normally
68 also used to link object files and
69 libraries into the final program.
70 cxx => The C++ compiler command, usually one of
71 "c++", "g++" or "clang++". This command is
72 also used when linking a program where at
73 least one of the object file is made from
75 cflags => Defaults C compiler flags [4].
76 cxxflags => Default C++ compiler flags [4]. If unset,
77 it gets the same value as cflags.
79 (linking is a complex thing, see [3] below)
80 ld => Linker command, usually not defined
81 (meaning the compiler command is used
83 (NOTE: this is here for future use, it's
85 lflags => Default flags used when linking apps,
86 shared libraries or DSOs [4].
87 ex_libs => Extra libraries that are needed when
88 linking shared libraries, DSOs or programs.
89 The value is also assigned to Libs.private
90 in $(libdir)/pkgconfig/libcrypto.pc.
92 shared_cppflags => Extra C preprocessor flags used when
93 processing C files for shared libraries.
94 shared_cflag => Extra C compiler flags used when compiling
95 for shared libraries, typically something
97 shared_ldflag => Extra linking flags used when linking
101 module_ldflags => Has the same function as the corresponding
102 `shared_' attributes, but for building DSOs.
103 When unset, they get the same values as the
104 corresponding `shared_' attributes.
106 ar => The library archive command, the default is
108 (NOTE: this is here for future use, it's
110 arflags => Flags to be used with the library archive
111 command. On Unix, this includes the
112 command letter, 'r' by default.
114 ranlib => The library archive indexing command, the
115 default is 'ranlib' it it exists.
117 unistd => An alternative header to the typical
118 '<unistd.h>'. This is very rarely needed.
120 shared_extension => File name extension used for shared
122 obj_extension => File name extension used for object files.
123 On unix, this defaults to ".o" (NOTE: this
124 is here for future use, it's not
126 exe_extension => File name extension used for executable
127 files. On unix, this defaults to "" (NOTE:
128 this is here for future use, it's not
130 shlib_variant => A "variant" identifier inserted between the base
131 shared library name and the extension. On "unixy"
132 platforms (BSD, Linux, Solaris, MacOS/X, ...) this
133 supports installation of custom OpenSSL libraries
134 that don't conflict with other builds of OpenSSL
135 installed on the system. The variant identifier
136 becomes part of the SONAME of the library and also
137 any symbol versions (symbol versions are not used or
138 needed with MacOS/X). For example, on a system
139 where a default build would normally create the SSL
140 shared library as 'libssl.so -> libssl.so.1.1' with
141 the value of the symlink as the SONAME, a target
142 definition that sets 'shlib_variant => "-abc"' will
143 create 'libssl.so -> libssl-abc.so.1.1', again with
144 an SONAME equal to the value of the symlink. The
145 symbol versions associated with the variant library
146 would then be 'OPENSSL_ABC_<version>' rather than
147 the default 'OPENSSL_<version>'. The string inserted
148 into symbol versions is obtained by mapping all
149 letters in the "variant" identifier to upper case
150 and all non-alphanumeric characters to '_'.
152 thread_scheme => The type of threads is used on the
153 configured platform. Currently known
154 values are "(unknown)", "pthreads",
155 "uithreads" (a.k.a solaris threads) and
156 "winthreads". Except for "(unknown)", the
157 actual value is currently ignored but may
158 be used in the future. See further notes
160 dso_scheme => The type of dynamic shared objects to build
161 for. This mostly comes into play with
162 modules, but can be used for other purposes
163 as well. Valid values are "DLFCN"
164 (dlopen() et al), "DLFCN_NO_H" (for systems
165 that use dlopen() et al but do not have
166 fcntl.h), "DL" (shl_load() et al), "WIN32"
168 uplink_arch => The architecture to be used for compiling uplink
169 source. This acts as a selector in build.info files.
170 This is separate from asm_arch because it's compiled
171 even when 'no-asm' is given, even though it contains
173 perlasm_scheme => The perlasm method used to create the
174 assembler files used when compiling with
175 assembler implementations.
176 shared_target => The shared library building method used.
177 This serves multiple purposes:
178 - as index for targets found in shared_info.pl.
179 - as linker script generation selector.
180 To serve both purposes, the index for shared_info.pl
181 should end with '-shared', and this suffix will be
182 removed for use as a linker script generation
183 selector. Note that the latter is only used if
184 'shared_defflag' is defined.
185 build_scheme => The scheme used to build up a Makefile.
186 In its simplest form, the value is a string
187 with the name of the build scheme.
188 The value may also take the form of a list
189 of strings, if the build_scheme is to have
190 some options. In this case, the first
191 string in the list is the name of the build
193 Currently recognised build scheme is "unified".
194 For the "unified" build scheme, this item
195 *must* be an array with the first being the
196 word "unified" and the second being a word
197 to identify the platform family.
199 multilib => On systems that support having multiple
200 implementations of a library (typically a
201 32-bit and a 64-bit variant), this is used
202 to have the different variants in different
205 bn_ops => Building options (was just bignum options in
206 the earlier history of this option, hence the
207 name). This is a string of words that describe
208 algorithms' implementation parameters that
209 are optimal for the designated target platform,
210 such as the type of integers used to build up
211 the bignum, different ways to implement certain
212 ciphers and so on. To fully comprehend the
213 meaning, the best is to read the affected
217 THIRTY_TWO_BIT bignum limbs are 32 bits,
218 this is default if no
219 option is specified, it
220 works on any supported
221 system [unless "wider"
222 limb size is implied in
224 BN_LLONG bignum limbs are 32 bits,
225 but 64-bit 'unsigned long
226 long' is used internally
228 SIXTY_FOUR_BIT_LONG bignum limbs are 64 bits
229 and sizeof(long) is 8;
230 SIXTY_FOUR_BIT bignums limbs are 64 bits,
231 but execution environment
233 RC4_CHAR RC4 key schedule is made
234 up of 'unsigned char's;
235 RC4_INT RC4 key schedule is made
236 up of 'unsigned int's;
237 EXPORT_VAR_AS_FN for shared libraries,
241 cpuid_asm_src => assembler implementation of cpuid code as
242 well as OPENSSL_cleanse().
244 bn_asm_src => Assembler implementation of core bignum
247 ec_asm_src => Assembler implementation of core EC
249 des_asm_src => Assembler implementation of core DES
250 encryption functions.
251 Defaults to 'des_enc.c fcrypt_b.c'
252 aes_asm_src => Assembler implementation of core AES
254 Defaults to 'aes_core.c aes_cbc.c'
255 bf_asm_src => Assembler implementation of core BlowFish
257 Defaults to 'bf_enc.c'
258 md5_asm_src => Assembler implementation of core MD5
260 sha1_asm_src => Assembler implementation of core SHA1,
261 functions, and also possibly SHA256 and
263 cast_asm_src => Assembler implementation of core CAST
265 Defaults to 'c_enc.c'
266 rc4_asm_src => Assembler implementation of core RC4
268 Defaults to 'rc4_enc.c rc4_skey.c'
269 rmd160_asm_src => Assembler implementation of core RMD160
271 rc5_asm_src => Assembler implementation of core RC5
273 Defaults to 'rc5_enc.c'
274 wp_asm_src => Assembler implementation of core WHIRLPOOL
276 cmll_asm_src => Assembler implementation of core CAMELLIA
278 Defaults to 'camellia.c cmll_misc.c cmll_cbc.c'
279 modes_asm_src => Assembler implementation of cipher modes,
280 currently the functions gcm_gmult_4bit and
282 padlock_asm_src => Assembler implementation of core parts of
283 the padlock engine. This is mandatory on
284 any platform where the padlock engine might
288 [1] as part of the target configuration, one can have a key called
289 'inherit_from' that indicate what other configurations to inherit
290 data from. These are resolved recursively.
292 Inheritance works as a set of default values that can be overridden
293 by corresponding key values in the inheriting configuration.
295 Note 1: any configuration table can be used as a template.
296 Note 2: pure templates have the attribute 'template => 1' and
297 cannot be used as build targets.
299 If several configurations are given in the 'inherit_from' array,
300 the values of same attribute are concatenated with space
301 separation. With this, it's possible to have several smaller
302 templates for different configuration aspects that can be combined
303 into a complete configuration.
305 instead of a scalar value or an array, a value can be a code block
306 of the form 'sub { /* your code here */ }'. This code block will
307 be called with the list of inherited values for that key as
308 arguments. In fact, the concatenation of strings is really done
309 by using 'sub { join(" ",@_) }' on the list of inherited values.
317 ignored => "This should not appear in the end result",
326 inherit_from => [ "foo", "bar" ],
327 hehe => sub { join(" ",(@_,"!!!")) },
331 The entry for "laughter" will become as follows after processing:
340 [2] OpenSSL is built with threading capabilities unless the user
341 specifies 'no-threads'. The value of the key 'thread_scheme' may
342 be "(unknown)", in which case the user MUST give some compilation
345 [3] OpenSSL has three types of things to link from object files or
348 - shared libraries; that would be libcrypto and libssl.
349 - shared objects (sometimes called dynamic libraries); that would
351 - applications; those are apps/openssl and all the test apps.
353 Very roughly speaking, linking is done like this (words in braces
354 represent the configuration settings documented at the beginning
358 {ld} $(CFLAGS) {lflags} {shared_ldflag} -o libfoo.so \
359 foo/something.o foo/somethingelse.o {ex_libs}
362 {ld} $(CFLAGS) {lflags} {module_ldflags} -o libeng.so \
363 blah1.o blah2.o -lcrypto {ex_libs}
366 {ld} $(CFLAGS) {lflags} -o app \
367 app1.o utils.o -lssl -lcrypto {ex_libs}
369 [4] There are variants of these attribute, prefixed with `lib_',
370 `dso_' or `bin_'. Those variants replace the unprefixed attribute
371 when building library, DSO or program modules specifically.
373 Historically, the target configurations came in form of a string with
374 values separated by colons. This use is deprecated. The string form
377 "target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:{bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:{bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:{rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:{padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:{shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:{arflags}:{multilib}"
383 The build.info files that are spread over the source tree contain the
384 minimum information needed to build and distribute OpenSSL. It uses a
385 simple and yet fairly powerful language to determine what needs to be
386 built, from what sources, and other relationships between files.
388 For every build.info file, all file references are relative to the
389 directory of the build.info file for source files, and the
390 corresponding build directory for built files if the build tree
391 differs from the source tree.
393 When processed, every line is processed with the perl module
394 Text::Template, using the delimiters "{-" and "-}". The hashes
395 %config and %target are passed to the perl fragments, along with
396 $sourcedir and $builddir, which are the locations of the source
397 directory for the current build.info file and the corresponding build
398 directory, all relative to the top of the build tree.
400 'Configure' only knows inherently about the top build.info file. For
401 any other directory that has one, further directories to look into
402 must be indicated like this:
404 SUBDIRS=something someelse
406 On to things to be built; they are declared by setting specific
414 Note that the files mentioned for PROGRAMS, LIBS and MODULES *must* be
415 without extensions. The build file templates will figure them out.
417 For each thing to be built, it is then possible to say what sources
421 SOURCE[foo]=foo.c common.c
422 SOURCE[bar]=bar.c extra.c common.c
424 It's also possible to tell some other dependencies:
426 DEPEND[foo]=libsomething
427 DEPEND[libbar]=libsomethingelse
429 (it could be argued that 'libsomething' and 'libsomethingelse' are
430 source as well. However, the files given through SOURCE are expected
431 to be located in the source tree while files given through DEPEND are
432 expected to be located in the build tree)
434 It's also possible to depend on static libraries explicitly:
436 DEPEND[foo]=libsomething.a
437 DEPEND[libbar]=libsomethingelse.a
439 This should be rarely used, and care should be taken to make sure it's
440 only used when supported. For example, native Windows build doesn't
441 support building static libraries and DLLs at the same time, so using
442 static libraries on Windows can only be done when configured
445 In some cases, it's desirable to include some source files in the
446 shared form of a library only:
448 SHARED_SOURCE[libfoo]=dllmain.c
450 For any file to be built, it's also possible to tell what extra
451 include paths the build of their source files should use:
455 It's also possible to specify C macros that should be defined:
457 DEFINE[foo]=FOO BAR=1
459 In some cases, one might want to generate some source files from
460 others, that's done as follows:
462 GENERATE[foo.s]=asm/something.pl $(CFLAGS)
463 GENERATE[bar.s]=asm/bar.S
465 The value of each GENERATE line is a command line or part of it.
466 Configure places no rules on the command line, except that the first
467 item must be the generator file. It is, however, entirely up to the
468 build file template to define exactly how those command lines should
469 be handled, how the output is captured and so on.
471 Sometimes, the generator file itself depends on other files, for
472 example if it is a perl script that depends on other perl modules.
473 This can be expressed using DEPEND like this:
475 DEPEND[asm/something.pl]=../perlasm/Foo.pm
477 There may also be cases where the exact file isn't easily specified,
478 but an inclusion directory still needs to be specified. INCLUDE can
479 be used in that case:
481 INCLUDE[asm/something.pl]=../perlasm
483 NOTE: GENERATE lines are limited to one command only per GENERATE.
485 Finally, you can have some simple conditional use of the build.info
486 information, looking like this:
496 The expression in square brackets is interpreted as a string in perl,
497 and will be seen as true if perl thinks it is, otherwise false. For
498 example, the above would have "something" used, since 1 is true.
500 Together with the use of Text::Template, this can be used as
501 conditions based on something in the passed variables, for example:
503 IF[{- $disabled{shared} -}]
505 SOURCE[libcrypto]=...
512 Build-file programming with the "unified" build system
513 ======================================================
515 "Build files" are called "Makefile" on Unix-like operating systems,
516 "descrip.mms" for MMS on VMS, "makefile" for nmake on Windows, etc.
518 To use the "unified" build system, the target configuration needs to
519 set the three items 'build_scheme', 'build_file' and 'build_command'.
520 In the rest of this section, we will assume that 'build_scheme' is set
521 to "unified" (see the configurations documentation above for the
524 For any name given by 'build_file', the "unified" system expects a
525 template file in Configurations/ named like the build file, with
526 ".tmpl" appended, or in case of possible ambiguity, a combination of
527 the second 'build_scheme' list item and the 'build_file' name. For
528 example, if 'build_file' is set to "Makefile", the template could be
529 Configurations/Makefile.tmpl or Configurations/unix-Makefile.tmpl.
530 In case both Configurations/unix-Makefile.tmpl and
531 Configurations/Makefile.tmpl are present, the former takes
534 The build-file template is processed with the perl module
535 Text::Template, using "{-" and "-}" as delimiters that enclose the
536 perl code fragments that generate configuration-dependent content.
537 Those perl fragments have access to all the hash variables from
540 The build-file template is expected to define at least the following
541 perl functions in a perl code fragment enclosed with "{-" and "-}".
542 They are all expected to return a string with the lines they produce.
544 generatesrc - function that produces build file lines to generate
545 a source file from some input.
547 It's called like this:
549 generatesrc(src => "PATH/TO/tobegenerated",
550 generator => [ "generatingfile", ... ]
551 generator_incs => [ "INCL/PATH", ... ]
552 generator_deps => [ "dep1", ... ]
553 generator => [ "generatingfile", ... ]
554 incs => [ "INCL/PATH", ... ],
555 deps => [ "dep1", ... ],
556 intent => one of "libs", "dso", "bin" );
558 'src' has the name of the file to be generated.
559 'generator' is the command or part of command to
560 generate the file, of which the first item is
561 expected to be the file to generate from.
562 generatesrc() is expected to analyse and figure out
563 exactly how to apply that file and how to capture
564 the result. 'generator_incs' and 'generator_deps'
565 are include directories and files that the generator
566 file itself depends on. 'incs' and 'deps' are
567 include directories and files that are used if $(CC)
568 is used as an intermediary step when generating the
569 end product (the file indicated by 'src'). 'intent'
570 indicates what the generated file is going to be
573 src2obj - function that produces build file lines to build an
574 object file from source files and associated data.
576 It's called like this:
578 src2obj(obj => "PATH/TO/objectfile",
579 srcs => [ "PATH/TO/sourcefile", ... ],
580 deps => [ "dep1", ... ],
581 incs => [ "INCL/PATH", ... ]
582 intent => one of "lib", "dso", "bin" );
584 'obj' has the intended object file with '.o'
585 extension, src2obj() is expected to change it to
586 something more suitable for the platform.
587 'srcs' has the list of source files to build the
588 object file, with the first item being the source
589 file that directly corresponds to the object file.
590 'deps' is a list of explicit dependencies. 'incs'
591 is a list of include file directories. Finally,
592 'intent' indicates what this object file is going
595 obj2lib - function that produces build file lines to build a
596 static library file ("libfoo.a" in Unix terms) from
601 obj2lib(lib => "PATH/TO/libfile",
602 objs => [ "PATH/TO/objectfile", ... ]);
604 'lib' has the intended library file name *without*
605 extension, obj2lib is expected to add that. 'objs'
606 has the list of object files to build this library.
608 libobj2shlib - backward compatibility function that's used the
609 same way as obj2shlib (described next), and was
610 expected to build the shared library from the
611 corresponding static library when that was suitable.
612 NOTE: building a shared library from a static
613 library is now DEPRECATED, as they no longer share
614 object files. Attempting to do this will fail.
616 obj2shlib - function that produces build file lines to build a
617 shareable object library file ("libfoo.so" in Unix
618 terms) from the corresponding object files.
622 obj2shlib(shlib => "PATH/TO/shlibfile",
623 lib => "PATH/TO/libfile",
624 objs => [ "PATH/TO/objectfile", ... ],
625 deps => [ "PATH/TO/otherlibfile", ... ]);
627 'lib' has the base (static) library ffile name
628 *without* extension. This is useful in case
629 supporting files are needed (such as import
630 libraries on Windows).
631 'shlib' has the corresponding shared library name
632 *without* extension. 'deps' has the list of other
633 libraries (also *without* extension) this library
634 needs to be linked with. 'objs' has the list of
635 object files to build this library.
637 obj2dso - function that produces build file lines to build a
638 dynamic shared object file from object files.
642 obj2dso(lib => "PATH/TO/libfile",
643 objs => [ "PATH/TO/objectfile", ... ],
644 deps => [ "PATH/TO/otherlibfile",
647 This is almost the same as obj2shlib, but the
648 intent is to build a shareable library that can be
649 loaded in runtime (a "plugin"...).
651 obj2bin - function that produces build file lines to build an
652 executable file from object files.
656 obj2bin(bin => "PATH/TO/binfile",
657 objs => [ "PATH/TO/objectfile", ... ],
658 deps => [ "PATH/TO/libfile", ... ]);
660 'bin' has the intended executable file name
661 *without* extension, obj2bin is expected to add
662 that. 'objs' has the list of object files to build
663 this library. 'deps' has the list of library files
664 (also *without* extension) that the programs needs
667 in2script - function that produces build file lines to build a
668 script file from some input.
672 in2script(script => "PATH/TO/scriptfile",
673 sources => [ "PATH/TO/infile", ... ]);
675 'script' has the intended script file name.
676 'sources' has the list of source files to build the
677 resulting script from.
679 In all cases, file file paths are relative to the build tree top, and
680 the build file actions run with the build tree top as current working
683 Make sure to end the section with these functions with a string that
684 you thing is appropriate for the resulting build file. If nothing
685 else, end it like this:
687 ""; # Make sure no lingering values end up in the Makefile
691 Configure helper scripts
692 ========================
694 Configure uses helper scripts in this directory:
699 These scripts are per platform family, to check the integrity of the
700 tools used for configuration and building. The checker script used is
701 either {build_platform}-{build_file}-checker.pm or
702 {build_platform}-checker.pm, where {build_platform} is the second
703 'build_scheme' list element from the configuration target data, and
704 {build_file} is 'build_file' from the same target data.
706 If the check succeeds, the script is expected to end with a non-zero
707 expression. If the check fails, the script can end with a zero, or