## Configure -- OpenSSL source tree configuration script
-require 5.10.0;
+use 5.10.0;
use strict;
use File::Basename;
use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
# library and will be loaded in run-time by the OpenSSL library.
# sctp include SCTP support
-# 386 generate 80386 code
# enable-weak-ssl-ciphers
# Enable weak ciphers that are disabled by default. This currently
# only includes RC4 based ciphers.
-# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
+# 386 generate 80386 code in assembly modules
+# no-sse2 disables IA-32 SSE2 code in assembly modules, the above
+# mentioned '386' option implies this one
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
# -<xxx> +<xxx> compiler options are passed through
+# -static while -static is also a pass-through compiler option (and
+# as such is limited to environments where it's actually
+# meaningful), it triggers a number configuration options,
+# namely no-dso, no-pic, no-shared and no-threads. It is
+# argued that the only reason to produce statically linked
+# binaries (and in context it means executables linked with
+# -static flag, and not just executables linked with static
+# libcrypto.a) is to eliminate dependency on specific run-time,
+# a.k.a. libc version. The mentioned config options are meant
+# to achieve just that. Unfortunately on Linux it's impossible
+# to eliminate the dependency completely for openssl executable
+# because of getaddrinfo and gethostbyname calls, which can
+# invoke dynamically loadable library facility anyway to meet
+# the lookup requests. For this reason on Linux statically
+# linked openssl executable has rather debugging value than
+# production quality.
#
# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
# provided to stack calls. Generates unique stack functions for
. " -Wshadow"
. " -Wformat"
. " -Wtype-limits"
+ . " -Wundef"
. " -Werror"
;
. " -Wconditional-uninitialized"
. " -Wincompatible-pointer-types-discards-qualifiers"
. " -Wmissing-variable-declarations"
+ . " -Wundef"
;
# This adds backtrace information to the memory leak info. Is only used
}
-print "Configuring OpenSSL version $config{version} (0x$config{version_num})\n";
+print "Configuring OpenSSL version $config{version} ($config{version_num})\n";
$config{prefix}="";
$config{openssldir}="";
$config{fips}=0;
# Top level directories to build
-$config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "tools", "fuzz" ];
+$config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "util", "tools", "fuzz" ];
# crypto/ subdirectories to build
$config{sdirs} = [
"objects",
"dgram" => [ "dtls", "sctp" ],
"sock" => [ "dgram" ],
"dtls" => [ @dtls ],
+ sub { 0 == scalar grep { !$disabled{$_} } @dtls }
+ => [ "dtls" ],
# SSL 3.0, (D)TLS 1.0 and TLS 1.1 require MD5 and SHA
"md5" => [ "ssl", "tls1", "tls1_1", "dtls1" ],
"dtls1", "dtls1_2" ],
"tls" => [ @tls ],
+ sub { 0 == scalar grep { !$disabled{$_} } @tls }
+ => [ "tls" ],
# SRP and HEARTBEATS require TLSEXT
"tlsext" => [ "srp", "heartbeats" ],
my %unsupported_options = ();
my %deprecated_options = ();
-foreach (@argvcopy)
+while (@argvcopy)
{
+ $_ = shift @argvcopy;
# VMS is a case insensitive environment, and depending on settings
# out of our control, we may receive options uppercased. Let's
# downcase at least the part before any equal sign.
{
$libs.=$_." ";
}
+ elsif (/^-rpath$/ or /^-R$/)
+ # -rpath is the OSF1 rpath flag
+ # -R is the old Solaris rpath flag
+ {
+ my $rpath = shift(@argvcopy) || "";
+ $rpath .= " " if $rpath ne "";
+ $libs.=$_." ".$rpath;
+ }
elsif (/^-static$/)
{
$libs.=$_." ";
+ $disabled{"dso"} = "forced";
$disabled{"pic"} = "forced";
$disabled{"shared"} = "forced";
$disabled{"threads"} = "forced";
}
}
+if ($libs =~ /(^|\s)-Wl,-rpath,/
+ && !$disabled{shared}
+ && !($disabled{asan} && $disabled{msan} && $disabled{ubsan})) {
+ die "***** Cannot simultaneously use -rpath, shared libraries, and\n",
+ "***** any of asan, msan or ubsan\n";
+}
+
if ($config{fips})
{
delete $disabled{"shared"} if ($disabled{"shared"} =~ /^default/);
@tocheckfor = (keys %new_tocheckfor);
}
+our $die = sub { die @_; };
if ($target eq "TABLE") {
+ local $die = sub { warn @_; };
foreach (sort keys %table) {
print_table_entry($_, "TABLE");
}
}
if ($target eq "HASH") {
+ local $die = sub { warn @_; };
print "%table = (\n";
foreach (sort keys %table) {
print_table_entry($_, "HASH");
@{$config{dirs}} = grep !/^engines$/, @{$config{dirs}};
@{$config{sdirs}} = grep !/^engine$/, @{$config{sdirs}};
push @{$config{openssl_other_defines}}, "OPENSSL_NO_ENGINE";
+ print " OPENSSL_NO_ENGINE (skip engines)";
}
else
{
- my ($ALGO, $algo);
- ($ALGO = $algo = $_) =~ tr/[\-a-z]/[_A-Z]/;
+ my ($WHAT, $what);
+
+ ($WHAT = $what = $_) =~ tr/[\-a-z]/[_A-Z]/;
+
+ # Fix up C macro end names
+ $WHAT = "RMD160" if $what eq "ripemd";
- if (/^asm$/ || /^err$/ || /^hw$/ || /^hw-/ || /^async$/
- || /^autoalginit/ || /^autoerrinit/)
+ # fix-up crypto/directory name(s)
+ $what = "ripemd" if $what eq "rmd160";
+ $what = "whrlpool" if $what eq "whirlpool";
+
+ if ($what ne "async" && $what ne "err"
+ && grep { $_ eq $what } @{$config{sdirs}})
{
- push @{$config{openssl_other_defines}}, "OPENSSL_NO_$ALGO";
- print " OPENSSL_NO_$ALGO";
+ push @{$config{openssl_algorithm_defines}}, "OPENSSL_NO_$WHAT";
+ @{$config{sdirs}} = grep { $_ ne $what} @{$config{sdirs}};
- if (/^err$/) { push @user_defines, "OPENSSL_NO_ERR"; }
+ print " OPENSSL_NO_$WHAT (skip dir)";
}
else
{
- ($ALGO,$algo) = ("RMD160","rmd160") if ($algo eq "ripemd");
-
- push @{$config{openssl_algorithm_defines}}, "OPENSSL_NO_$ALGO";
- print " OPENSSL_NO_$ALGO";
+ push @{$config{openssl_other_defines}}, "OPENSSL_NO_$WHAT";
+ print " OPENSSL_NO_$WHAT";
- # fix-up crypto/directory name(s)
- $algo="whrlpool" if $algo eq "whirlpool";
- $algo="ripemd" if $algo eq "rmd160";
- @{$config{sdirs}} = grep { $_ ne $algo} @{$config{sdirs}};
-
- print " (skip dir)";
+ if (/^err$/) { push @user_defines, "OPENSSL_NO_ERR"; }
}
}
&usage if (!%target || $target{template});
+my %conf_files = map { $_ => 1 } (@{$target{_conf_fname_int}});
+$config{conf_files} = [ sort keys %conf_files ];
%target = ( %{$table{DEFAULTS}}, %target );
$target{exe_extension}="";
my ($builder, $builder_platform, @builder_opts) =
@{$target{build_scheme}};
+foreach my $checker (($builder_platform."-".$target{build_file}."-checker.pm",
+ $builder_platform."-checker.pm")) {
+ my $checker_path = catfile($srcdir, "Configurations", $checker);
+ if (-f $checker_path) {
+ my $fn = $ENV{CONFIGURE_CHECKER_WARN}
+ ? sub { warn $@; } : sub { die $@; };
+ if (! do $checker_path) {
+ if ($@) {
+ $fn->($@);
+ } elsif ($!) {
+ $fn->($!);
+ } else {
+ $fn->("The detected tools didn't match the platform\n");
+ }
+ }
+ last;
+ }
+}
+
push @{$config{defines}}, "NDEBUG" if $config{build_type} eq "release";
if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m)
if ($target{ec_asm_src} =~ /ecp_nistz256/) {
push @{$config{defines}}, "ECP_NISTZ256_ASM";
}
+ if ($target{padlock_asm_src} ne $table{DEFAULTS}->{padlock_asm_src}) {
+ push @{$config{defines}}, "PADLOCK_ASM";
+ }
if ($target{poly1305_asm_src} ne "") {
push @{$config{defines}}, "POLY1305_ASM";
}
# We know that GNU C version 3 and up as well as all clang
# versions support dependency generation
$config{makedepprog} = $ccpcc
- if (/clang/ || (/gcc/ && $compiler_major > 3));
+ if (/clang/ || (/gcc/ && $compiler_major >= 3));
$ecc = "clang" if /clang/;
$ecc = "gcc" if /gcc/;
last if ($config{makedepprog} || !$lines--);
my $buildinfo_debug = defined($ENV{CONFIGURE_DEBUG_BUILDINFO});
if ($builder eq "unified") {
- # Store the name of the template file we will build the build file from
- # in %config. This may be useful for the build file itself.
- my @build_file_template_names =
- ( $builder_platform."-".$target{build_file}.".tmpl",
- $target{build_file}.".tmpl" );
- my @build_file_templates = ();
-
- # First, look in the user provided directory, if given
- if (defined $ENV{$local_config_envname}) {
- @build_file_templates =
- map {
- if ($^O eq 'VMS') {
- # VMS environment variables are logical names,
- # which can be used as is
- $local_config_envname . ':' . $_;
- } else {
- catfile($ENV{$local_config_envname}, $_);
- }
- }
- @build_file_template_names;
- }
- # Then, look in our standard directory
- push @build_file_templates,
- ( map { catfile($srcdir, "Configurations", $_) }
- @build_file_template_names );
-
- my $build_file_template;
- for $_ (@build_file_templates) {
- $build_file_template = $_;
- last if -f $build_file_template;
-
- $build_file_template = undef;
- }
- if (!defined $build_file_template) {
- die "*** Couldn't find any of:\n", join("\n", @build_file_templates), "\n";
- }
- $config{build_file_template} = $build_file_template;
-
use lib catdir(dirname(__FILE__),"util");
use with_fallback qw(Text::Template);
return $res;
}
+ # Store the name of the template file we will build the build file from
+ # in %config. This may be useful for the build file itself.
+ my @build_file_template_names =
+ ( $builder_platform."-".$target{build_file}.".tmpl",
+ $target{build_file}.".tmpl" );
+ my @build_file_templates = ();
+
+ # First, look in the user provided directory, if given
+ if (defined $ENV{$local_config_envname}) {
+ @build_file_templates =
+ map {
+ if ($^O eq 'VMS') {
+ # VMS environment variables are logical names,
+ # which can be used as is
+ $local_config_envname . ':' . $_;
+ } else {
+ catfile($ENV{$local_config_envname}, $_);
+ }
+ }
+ @build_file_template_names;
+ }
+ # Then, look in our standard directory
+ push @build_file_templates,
+ ( map { cleanfile($srcdir, catfile("Configurations", $_), $blddir) }
+ @build_file_template_names );
+
+ my $build_file_template;
+ for $_ (@build_file_templates) {
+ $build_file_template = $_;
+ last if -f $build_file_template;
+
+ $build_file_template = undef;
+ }
+ if (!defined $build_file_template) {
+ die "*** Couldn't find any of:\n", join("\n", @build_file_templates), "\n";
+ }
+ $config{build_file_templates}
+ = [ $build_file_template,
+ cleanfile($srcdir, catfile("Configurations", "common.tmpl"),
+ $blddir) ];
+
my @build_infos = ( [ ".", "build.info" ] );
foreach (@{$config{dirs}}) {
push @build_infos, [ $_, "build.info" ]
my %builders = (
unified => sub {
run_dofile(catfile($blddir, $target{build_file}),
- $config{build_file_template},
- catfile($srcdir, "Configurations", "common.tmpl"));
+ @{$config{build_file_templates}});
},
);
close(CONFFILE);
my %targets = ();
{
- local %table = %::table; # Protect %table from tampering
+ # Protect certain tables from tampering
+ local %table = %::table;
eval $content;
warn $@ if $@;
warn "Misconfigured target configuration for $_ (should be a hash table), ignoring...\n";
}
delete $targets{$_};
- }
+ } else {
+ $targets{$_}->{_conf_fname_int} = add([ $fname ]);
+ }
}
%table = (%table, %targets);
foreach (@templates) {
die "Can't open $_, $!" unless -f $_;
}
- my $cmd = "$config{perl} \"-I.\" \"-Mconfigdata\" \"$dofile\" -o\"Configure\" \"".join("\" \"",@templates)."\" > \"$out.new\"";
+ my $perlcmd = (quotify("maybeshell", $config{perl}))[0];
+ my $cmd = "$perlcmd \"-I.\" \"-Mconfigdata\" \"$dofile\" -o\"Configure\" \"".join("\" \"",@templates)."\" > \"$out.new\"";
#print STDERR "DEBUG[run_dofile]: \$cmd = $cmd\n";
system($cmd);
exit 1 if $? != 0;
"unistd",
"ld",
"lflags",
+ "loutflag",
"plib_lflags",
"ex_libs",
"bn_ops",
- "cpuid_obj",
- "bn_obj",
- "ec_obj",
- "des_obj",
- "aes_obj",
- "bf_obj",
- "md5_obj",
- "sha1_obj",
- "cast_obj",
- "rc4_obj",
- "rmd160_obj",
- "rc5_obj",
- "wp_obj",
- "cmll_obj",
- "modes_obj",
- "padlock_obj",
+ "apps_aux_src",
+ "cpuid_asm_src",
+ "uplink_aux_src",
+ "bn_asm_src",
+ "ec_asm_src",
+ "des_asm_src",
+ "aes_asm_src",
+ "bf_asm_src",
+ "md5_asm_src",
+ "cast_asm_src",
+ "sha1_asm_src",
+ "rc4_asm_src",
+ "rmd160_asm_src",
+ "rc5_asm_src",
+ "wp_asm_src",
+ "cmll_asm_src",
+ "modes_asm_src",
+ "padlock_asm_src",
+ "chacha_asm_src",
+ "poly1035_asm_src",
"thread_scheme",
"perlasm_scheme",
"dso_scheme",
"shared_target",
"shared_cflag",
+ "shared_defines",
"shared_ldflag",
"shared_rcflag",
"shared_extension",
- "shared_extension_simple",
- "shared_import_extension",
"dso_extension",
"obj_extension",
"exe_extension",
"ranlib",
"ar",
"arflags",
+ "aroutflag",
+ "rc",
+ "rcflags",
+ "rcoutflag",
+ "mt",
+ "mtflags",
+ "mtinflag",
+ "mtoutflag",
"multilib",
"build_scheme",
);
# On non-platforms, we just use file_name_is_absolute().
return file_name_is_absolute($file) unless $^O eq "VMS";
- # If the file spec includes a device or a directpry spec,
+ # If the file spec includes a device or a directory spec,
# file_name_is_absolute() is perfectly safe.
return file_name_is_absolute($file) if $file =~ m|[:\[]|;
perl => sub { my $x = shift;
$x =~ s/([\\\$\@"])/\\$1/g;
return '"'.$x.'"'; },
+ maybeshell => sub { my $x = shift;
+ (my $y = $x) =~ s/([\\\"])/\\$1/g;
+ if ($x ne $y || $x =~ m|\s|) {
+ return '"'.$y.'"';
+ } else {
+ return $x;
+ }
+ },
);
my $for = shift;
my $processor =