# library and will be loaded in run-time by the OpenSSL library.
# sctp include SCTP support
# 386 generate 80386 code
+# enable-weak-ssl-ciphers
+# Enable weak ciphers that are disabled by default. This currently
+# only includes RC4 based ciphers.
# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
# -<xxx> +<xxx> compiler options are passed through
"ui",
"unit-test",
"whirlpool",
+ "weak-ssl-ciphers",
"zlib",
"zlib-dynamic",
);
our %disabled = ( # "what" => "comment"
"ec_nistp_64_gcc_128" => "default",
- "egd" => "default",
- "md2" => "default",
- "rc5" => "default",
- "sctp" => "default",
- "shared" => "default",
- "ssl-trace" => "default",
- "static-engine" => "default",
- "unit-test" => "default",
- "zlib" => "default",
- "crypto-mdebug" => "default",
- "heartbeats" => "default",
+ "egd" => "default",
+ "md2" => "default",
+ "rc5" => "default",
+ "sctp" => "default",
+ "shared" => "default",
+ "ssl-trace" => "default",
+ "ssl3" => "default",
+ "ssl3-method" => "default",
+ "static-engine" => "default",
+ "unit-test" => "default",
+ "weak-ssl-ciphers" => "default",
+ "zlib" => "default",
+ "zlib-dynamic" => "default",
+ "crypto-mdebug" => "default",
+ "heartbeats" => "default",
);
# Note: => pair form used for aesthetics, not to truly make a hash table
{
delete $disabled{"dynamic-engine"};
}
+ elsif ($1 eq "zlib-dynamic")
+ {
+ delete $disabled{"zlib"};
+ }
my $algo = $1;
delete $disabled{$algo};
# For cflags, lflags, plib_lflags, ex_libs and defines, add the debug_
# or release_ attributes.
# Do it in such a way that no spurious space is appended (hence the grep).
-$config{defines} = $target{defines} || [];
-$config{cflags} = $target{cflags} || "";
-$config{ex_libs} = $target{ex_libs} || "";
+$config{defines} = [];
+$config{cflags} = "";
+$config{ex_libs} = "";
+$config{shared_ldflag} = "";
# Make sure build_scheme is consistent.
$target{build_scheme} = [ $target{build_scheme} ]
if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m)
{
$config{cflags} .= " -mno-cygwin";
- $target{shared_ldflag} .= " -mno-cygwin";
+ $config{shared_ldflag} .= " -mno-cygwin";
}
if ($target =~ /linux.*-mips/ && !$disabled{asm} && $user_cflags !~ /-m(ips|arch=)/) {
$target{dso_scheme} =~ tr/[a-z]/[A-Z]/;
if ($target{dso_scheme} eq "DLFCN")
{
- $config{defines} = [ "DSO_DLFCN", "HAVE_DLFCN_H",
- @{$config{defines}} ]
+ unshift @{$config{defines}}, "DSO_DLFCN", "HAVE_DLFCN_H";
}
elsif ($target{dso_scheme} eq "DLFCN_NO_H")
{
- $config{defines} = [ "DSO_DLFCN", @{$config{defines}} ]
+ unshift @{$config{defines}}, "DSO_DLFCN";
}
else
{
- $config{defines} = [ "DSO_$target{dso_scheme}",
- @{$config{defines}} ]
+ unshift @{$config{defines}}, "DSO_$target{dso_scheme}";
}
}
if ($disabled{asm})
{
- @{$config{defines}} = grep !/^[BL]_ENDIAN$/, @{$config{defines}}
- if ($config{fips});
+ if ($config{fips})
+ {
+ @{$config{defines}} = grep !/^[BL]_ENDIAN$/, @{$config{defines}};
+ @{$target{defines}} = grep !/^[BL]_ENDIAN$/, @{$target{defines}};
+ }
}
# If threads aren't disabled, check how possible they are
if ($config{processor} eq "386") {
$target{wp_asm_src}=$table{DEFAULTS}->{wp_asm_src};
} elsif (!$disabled{"whirlpool"}) {
- $config{cflags}.=" -DWHIRLPOOL_ASM";
+ push @{$config{defines}}, "WHIRLPOOL_ASM";
}
}
if ($target{modes_asm_src} =~ /ghash-/) {
# ALL MODIFICATIONS TO %config and %target MUST BE DONE FROM HERE ON
+$config{afalg}="";
+if ($target =~ m/^linux/) {
+ my $minver = 4*10000 + 1*100 + 0;
+ if ($config{cross_compile_prefix} eq "") {
+ my $verstr = `uname -r`;
+ my ($ma, $mi1, $mi2) = split("\\.", $verstr);
+ ($mi2) = $mi2 =~ /(\d+)/;
+ my $ver = $ma*10000 + $mi1*100 + $mi2;
+ if ($ver < $minver) {
+ $disabled{afalg} = "too-old-kernel";
+ } else {
+ push @{$config{engdirs}}, "afalg";
+ }
+ }
+} else {
+ $disabled{afalg} = "not-linux";
+}
+
+push @{$config{openssl_other_defines}}, "OPENSSL_NO_AFALGENG" if ($disabled{afalg});
+
# If we use the unified build, collect information from build.info files
my %unified_info = ();
my %known_ordinals =
(
crypto =>
- cleanfile($sourced, catfile("util", "libeay.num"), $blddir),
+ cleanfile($sourced, catfile("util", "libcrypto.num"), $blddir),
ssl =>
- cleanfile($sourced, catfile("util", "ssleay.num"), $blddir)
+ cleanfile($sourced, catfile("util", "libssl.num"), $blddir)
);
my $o = $known_ordinals{$_};
die "Ordinals for $ddest defined more than once\n"
print "IsMK1MF =", ($builder eq "mk1mf" ? "yes" : "no"), "\n";
print "CC =$target{cc}\n";
-print "CFLAG =$config{cflags}\n";
-print "DEFINES =",join(" ", @{$config{defines}}),"\n";
+print "CFLAG =$target{cflags} $config{cflags}\n";
+print "DEFINES =",join(" ", @{$target{defines}}, @{$config{defines}}),"\n";
print "LFLAG =$target{lflags}\n";
print "PLIB_LFLAG =$target{plib_lflags}\n";
-print "EX_LIBS =$config{ex_libs}\n";
+print "EX_LIBS =$target{ex_libs} $config{ex_libs}\n";
print "APPS_OBJ =$target{apps_obj}\n";
print "CPUID_OBJ =$target{cpuid_obj}\n";
print "UPLINK_OBJ =$target{uplink_obj}\n";
VALUE "FileDescription", "OpenSSL Shared Library\\0"
VALUE "FileVersion", "$config{version}\\0"
#if defined(CRYPTO)
- VALUE "InternalName", "libeay32\\0"
- VALUE "OriginalFilename", "libeay32.dll\\0"
+ VALUE "InternalName", "libcrypto32\\0"
+ VALUE "OriginalFilename", "libcrypto32.dll\\0"
#elif defined(SSL)
- VALUE "InternalName", "ssleay32\\0"
- VALUE "OriginalFilename", "ssleay32.dll\\0"
+ VALUE "InternalName", "libssl32\\0"
+ VALUE "OriginalFilename", "libssl32.dll\\0"
#endif
VALUE "ProductName", "The OpenSSL Toolkit\\0"
VALUE "ProductVersion", "$config{version}\\0"