# library and will be loaded in run-time by the OpenSSL library.
# sctp include SCTP support
# 386 generate 80386 code
+# enable-weak-ssl-ciphers
+# Enable weak ciphers that are disabled by default. This currently
+# only includes RC4 based ciphers.
# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
# -<xxx> +<xxx> compiler options are passed through
# which has to be accompanied by explicit -D_THREAD_SAFE and
# sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which
# seems to be sufficient?
-my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
+our $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
#
# API compability name to version number mapping.
"0.9.8" => "0x00908000L",
};
-my $base_target = "BASE"; # The template that all other inherit from
our %table = ();
our %config = ();
+our %withargs = ();
# Forward declarations ###############################################
$config{fipslibdir}="/usr/local/ssl/fips-2.0/lib/";
my $nofipscanistercheck=0;
$config{baseaddr}="0xFB00000";
-my $threads=0;
+my $auto_threads=1; # enable threads automatically? true by default
my $default_ranlib;
$config{fips}=0;
"ui",
"unit-test",
"whirlpool",
+ "weak-ssl-ciphers",
"zlib",
"zlib-dynamic",
);
our %disabled = ( # "what" => "comment"
"ec_nistp_64_gcc_128" => "default",
- "egd" => "default",
- "md2" => "default",
- "rc5" => "default",
- "sctp" => "default",
- "shared" => "default",
- "ssl-trace" => "default",
- "static-engine" => "default",
- "unit-test" => "default",
- "zlib" => "default",
- "crypto-mdebug" => "default",
- "heartbeats" => "default",
+ "egd" => "default",
+ "md2" => "default",
+ "rc5" => "default",
+ "sctp" => "default",
+ "shared" => "default",
+ "ssl-trace" => "default",
+ "ssl3" => "default",
+ "ssl3-method" => "default",
+ "static-engine" => "default",
+ "unit-test" => "default",
+ "weak-ssl-ciphers" => "default",
+ "zlib" => "default",
+ "zlib-dynamic" => "default",
+ "crypto-mdebug" => "default",
+ "heartbeats" => "default",
);
# Note: => pair form used for aesthetics, not to truly make a hash table
my $libs="";
my $target="";
$config{options}="";
-my %withargs=();
-my $build_prefix = "release_";
+$config{build_type} = "release";
my @argvcopy=@ARGV;
{
$disabled{$1} = "option";
}
+ # No longer an automatic choice
+ $auto_threads = 0 if ($1 eq "threads");
}
elsif (/^enable-(.+)$/)
{
{
delete $disabled{"dynamic-engine"};
}
+ elsif ($1 eq "zlib-dynamic")
+ {
+ delete $disabled{"zlib"};
+ }
my $algo = $1;
delete $disabled{$algo};
- $threads = 1 if ($algo eq "threads");
+ # No longer an automatic choice
+ $auto_threads = 0 if ($1 eq "threads");
}
elsif (/^--strict-warnings$/)
{
}
elsif (/^--debug$/)
{
- $build_prefix = "debug_";
+ $config{build_type} = "debug";
}
elsif (/^--release$/)
{
- $build_prefix = "release_";
+ $config{build_type} = "release";
}
elsif (/^386$/)
{ $config{processor}=386; }
$user_cflags.=" ".$_;
}
}
- elsif ($_ =~ /^([^:]+):(.+)$/)
- {
- eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string
- $target=$1;
- }
else
{
die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
# Support for legacy targets having a name starting with 'debug-'
my ($d, $t) = $target =~ m/^(debug-)?(.*)$/;
if ($d) {
- $build_prefix = "debug_";
+ $config{build_type} = "debug";
# If we do not find debug-foo in the table, the target is set to foo.
if (!$table{$target}) {
}
}
$config{target} = $target;
-delete $table{$base_target}->{template}; # or the next test will fail.
my %target = resolve_config($target);
&usage if (!%target || $target{template});
-# Set up defaults
-my %target = ( %{$table{$base_target}}, %target );
+%target = ( %{$table{DEFAULTS}}, %target );
$target{exe_extension}="";
$target{exe_extension}=".exe" if ($config{target} eq "DJGPP"
if ($config{target} =~ /^(?:Cygwin|mingw)/);
-$default_ranlib = which("ranlib") || "true";
-$config{perl} = $ENV{'PERL'} || which("perl5") || which("perl") || "perl";
-my $make = $ENV{'MAKE'} || "make";
-
$config{cross_compile_prefix} = $ENV{'CROSS_COMPILE'}
if $config{cross_compile_prefix} eq "";
-# Allow environment CC to override compiler...
-$target{cc} = $ENV{CC} || $target{cc};
+# Allow overriding the names of some tools. USE WITH CARE
+$config{perl} = $ENV{'PERL'} || which("perl5") || which("perl") || "perl";
+$target{cc} = $ENV{'CC'} || $target{cc} || "cc";
+$target{ranlib} = $ENV{'RANLIB'} || $target{ranlib} || which("ranlib") || "true";
+$target{ar} = $ENV{'AR'} || $target{ar} || "ar";
+$target{nm} = $ENV{'NM'} || $target{nm} || "nm";
# For cflags, lflags, plib_lflags, ex_libs and defines, add the debug_
# or release_ attributes.
# Do it in such a way that no spurious space is appended (hence the grep).
-$config{defines} = [ @{$target{defines}},
- @{$target{$build_prefix."defines"}} ];
-$config{cflags} = join(" ",
- grep { $_ ne "" } ($target{cflags},
- $target{$build_prefix."cflags"}));
-$config{lflags} = join(" ",
- grep { $_ ne "" } ($target{lflags},
- $target{$build_prefix."lflags"}));
-$config{plib_lflags} = join(" ",
- grep { $_ ne "" } ($target{plib_lflags},
- $target{$build_prefix."plib_lflags"}));
-$config{ex_libs} = join(" ",
- grep { $_ ne "" } ($target{ex_libs},
- $target{$build_prefix."ex_libs"}));
-
-$target{ranlib} = $ENV{'RANLIB'} || $target{ranlib} || $default_ranlib;
-$target{ar} = $ENV{'AR'} || "ar";
-$target{arflags} = "" if !defined($target{arflags});
-$target{nm} = "nm";
+$config{defines} = [];
+$config{cflags} = "";
+$config{ex_libs} = "";
+$config{shared_ldflag} = "";
+
# Make sure build_scheme is consistent.
$target{build_scheme} = [ $target{build_scheme} ]
if ref($target{build_scheme}) ne "ARRAY";
if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m)
{
$config{cflags} .= " -mno-cygwin";
- $target{shared_ldflag} .= " -mno-cygwin";
+ $config{shared_ldflag} .= " -mno-cygwin";
}
if ($target =~ /linux.*-mips/ && !$disabled{asm} && $user_cflags !~ /-m(ips|arch=)/) {
$target{dso_scheme} =~ tr/[a-z]/[A-Z]/;
if ($target{dso_scheme} eq "DLFCN")
{
- $config{defines} = [ "DSO_DLFCN", "HAVE_DLFCN_H",
- @{$config{defines}} ]
+ unshift @{$config{defines}}, "DSO_DLFCN", "HAVE_DLFCN_H";
}
elsif ($target{dso_scheme} eq "DLFCN_NO_H")
{
- $config{defines} = [ "DSO_DLFCN", @{$config{defines}} ]
+ unshift @{$config{defines}}, "DSO_DLFCN";
}
else
{
- $config{defines} = [ "DSO_$target{dso_scheme}",
- @{$config{defines}} ]
- }
- }
-
-my $thread_cflags = "";
-my @thread_defines;
-if ($target{thread_cflag} ne "(unknown)" && !$disabled{threads})
- {
- # If we know how to do it, support threads by default.
- $threads = 1;
- }
-if ($target{thread_cflag} eq "(unknown)" && $threads)
- {
- # If the user asked for "threads", [s]he is also expected to
- # provide any system-dependent compiler options that are
- # necessary.
- if ($no_user_cflags && $no_user_defines)
- {
- print "You asked for multi-threading support, but didn't\n";
- print "provide any system-specific compiler options\n";
- exit(1);
+ unshift @{$config{defines}}, "DSO_$target{dso_scheme}";
}
- push @thread_defines, "OPENSSL_THREADS";
- }
-else
- {
- $thread_cflags=" $target{thread_cflag}";
- push @thread_defines, @{$target{thread_defines}}, "OPENSSL_THREADS";
}
$config{ex_libs}="$libs$config{ex_libs}" if ($libs ne "");
if ($disabled{asm})
{
- @{$config{defines}} = grep !/^[BL]_ENDIAN$/, @{$config{defines}}
- if ($config{fips});
- }
-
-if ($threads)
- {
- $config{cflags} = "$thread_cflags $config{cflags}" if $thread_cflags;
- push @{$config{defines}}, @thread_defines;
- push @{$config{openssl_thread_defines}}, @thread_defines;
- }
-
-unless ($disabled{zlib})
- {
- push @{$config{defines}}, "ZLIB";
- if (defined($disabled{"zlib-dynamic"}))
- {
- if (defined($withargs{zlib_lib}))
- {
- $config{ex_libs} .= " -L" . $withargs{zlib_lib} . " -lz";
- }
- else
- {
- $config{ex_libs} .= " -lz";
- }
- }
- else
+ if ($config{fips})
{
- push @{$config{defines}}, "ZLIB_SHARED";
+ @{$config{defines}} = grep !/^[BL]_ENDIAN$/, @{$config{defines}};
+ @{$target{defines}} = grep !/^[BL]_ENDIAN$/, @{$target{defines}};
}
}
+# If threads aren't disabled, check how possible they are
+unless ($disabled{threads}) {
+ if ($auto_threads) {
+ # Enabled by default, disable it forcibly if unavailable
+ if ($target{thread_scheme} eq "(unknown)") {
+ $disabled{threads} = "unavailable";
+ }
+ } else {
+ # The user chose to enable threads explicitely, let's see
+ # if there's a chance that's possible
+ if ($target{thread_scheme} eq "(unknown)") {
+ # If the user asked for "threads" and we don't have internal
+ # knowledge how to do it, [s]he is expected to provide any
+ # system-dependent compiler options that are necessary. We
+ # can't truly check that the given options are correct, but
+ # we expect the user to know what [s]He is doing.
+ if ($no_user_cflags && $no_user_defines) {
+ die "You asked for multi-threading support, but didn't\n"
+ ,"provide any system-specific compiler options\n";
+ }
+ }
+ }
+}
+
+# If threads still aren't disabled, add a C macro to ensure the source
+# code knows about it. Any other flag is taken care of by the configs.
+unless($disabled{threads}) {
+ foreach (("defines", "openssl_thread_defines")) {
+ push @{$config{$_}}, "OPENSSL_THREADS";
+ }
+}
+
# With "deprecated" disable all deprecated features.
if (defined($disabled{"deprecated"})) {
$config{api} = $maxapi;
push @{$config{openssl_sys_defines}}, "OPENSSL_SYS_$target{sys_id}";
}
-if ($target{ranlib} eq "")
- {
- $target{ranlib} = $default_ranlib;
- }
-
unless ($disabled{asm}) {
- $target{cpuid_asm_src}=$table{BASE}->{cpuid_asm_src} if ($config{processor} eq "386");
+ $target{cpuid_asm_src}=$table{DEFAULTS}->{cpuid_asm_src} if ($config{processor} eq "386");
$target{bn_asm_src} =~ s/\w+-gf2m.c// if (defined($disabled{ec2m}));
# bn-586 is the only one implementing bn_*_part_words
if ($target{md5_asm_src}) {
push @{$config{defines}}, "MD5_ASM";
}
- $target{cast_asm_src}=$table{BASE}->{cast_asm_src} unless $disabled{pic}; # CAST assembler is not PIC
+ $target{cast_asm_src}=$table{DEFAULTS}->{cast_asm_src} unless $disabled{pic}; # CAST assembler is not PIC
if ($target{rmd160_asm_src}) {
push @{$config{defines}}, "RMD160_ASM";
}
}
if ($target{wp_asm_src} =~ /mmx/) {
if ($config{processor} eq "386") {
- $target{wp_asm_src}=$table{BASE}->{wp_asm_src};
+ $target{wp_asm_src}=$table{DEFAULTS}->{wp_asm_src};
} elsif (!$disabled{"whirlpool"}) {
- $config{cflags}.=" -DWHIRLPOOL_ASM";
+ push @{$config{defines}}, "WHIRLPOOL_ASM";
}
}
if ($target{modes_asm_src} =~ /ghash-/) {
# ALL MODIFICATIONS TO %config and %target MUST BE DONE FROM HERE ON
+$config{afalg}="";
+if ($target =~ m/^linux/) {
+ my $minver = 4*10000 + 1*100 + 0;
+ if ($config{cross_compile_prefix} eq "") {
+ my $verstr = `uname -r`;
+ my ($ma, $mi1, $mi2) = split("\\.", $verstr);
+ ($mi2) = $mi2 =~ /(\d+)/;
+ my $ver = $ma*10000 + $mi1*100 + $mi2;
+ if ($ver < $minver) {
+ $disabled{afalg} = "too-old-kernel";
+ } else {
+ push @{$config{engdirs}}, "afalg";
+ }
+ }
+} else {
+ $disabled{afalg} = "not-linux";
+}
+
+push @{$config{openssl_other_defines}}, "OPENSSL_NO_AFALGENG" if ($disabled{afalg});
+
# If we use the unified build, collect information from build.info files
my %unified_info = ();
if (-f catfile($srcdir, "engines", $_, "build.info"));
}
+ $config{build_infos} = [ ];
+
foreach (@build_infos) {
my $sourced = catdir($srcdir, $_->[0]);
my $buildd = catdir($blddir, $_->[0]);
my @engines = ();
my @scripts = ();
my @extra = ();
+ my @overrides = ();
my @intermediates = ();
my @rawlines = ();
my %depends = ();
my %renames = ();
my %sharednames = ();
+ my %generate = ();
+ push @{$config{build_infos}}, catfile(abs2rel($sourced, $blddir), $f);
my $template = Text::Template->new(TYPE => 'FILE',
SOURCE => catfile($sourced, $f));
die "Something went wrong with $sourced/$f: $!\n" unless $template;
qr/^\s*EXTRA\s*=\s*(.*)\s*$/
=> sub { push @extra, split(/\s+/, $1)
if !@skip || $skip[$#skip] > 0 },
+ qr/^\s*OVERRIDES\s*=\s*(.*)\s*$/
+ => sub { push @overrides, split(/\s+/, $1)
+ if !@skip || $skip[$#skip] > 0 },
qr/^\s*ORDINALS\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/,
=> sub { push @{$ordinals{$1}}, split(/\s+/, $2)
qr/^\s*DEPEND\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
=> sub { push @{$depends{$1}}, split(/\s+/, $2)
if !@skip || $skip[$#skip] > 0 },
+ qr/^\s*GENERATE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
+ => sub { push @{$generate{$1}}, $2
+ if !@skip || $skip[$#skip] > 0 },
qr/^\s*RENAME\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
=> sub { push @{$renames{$1}}, split(/\s+/, $2)
if !@skip || $skip[$#skip] > 0 },
$unified_info{extra}->{$extra} = 1;
}
+ foreach (@overrides) {
+ my $override = cleanfile($buildd, $_, $blddir);
+ $unified_info{overrides}->{$override} = 1;
+ }
+
push @{$unified_info{rawlines}}, @rawlines;
unless ($disabled{shared}) {
my %known_ordinals =
(
crypto =>
- cleanfile($sourced, catfile("util", "libeay.num"), $blddir),
+ cleanfile($sourced, catfile("util", "libcrypto.num"), $blddir),
ssl =>
- cleanfile($sourced, catfile("util", "ssleay.num"), $blddir)
+ cleanfile($sourced, catfile("util", "libssl.num"), $blddir)
);
my $o = $known_ordinals{$_};
die "Ordinals for $ddest defined more than once\n"
}
}
+ foreach (keys %generate) {
+ my $dest = $_;
+ my $ddest = cleanfile($buildd, $_, $blddir);
+ if ($unified_info{rename}->{$ddest}) {
+ $ddest = $unified_info{rename}->{$ddest};
+ }
+ die "more than one generator for $dest: "
+ ,join(" ", @{$generate{$_}}),"\n"
+ if scalar @{$generate{$_}} > 1;
+ my @generator = split /\s+/, $generate{$dest}->[0];
+ $generator[0] = cleanfile($sourced, $generator[0], $blddir),
+ $unified_info{generate}->{$ddest} = [ @generator ];
+ }
+
foreach (keys %depends) {
my $dest = $_;
my $ddest = cleanfile($buildd, $_, $blddir);
### Make unified_info a bit more efficient
# One level structures
- foreach (("programs", "libraries", "engines", "scripts", "extra")) {
+ foreach (("programs", "libraries", "engines", "scripts", "extra", "overrides")) {
$unified_info{$_} = [ sort keys %{$unified_info{$_}} ];
}
# Two level structures
print "IsMK1MF =", ($builder eq "mk1mf" ? "yes" : "no"), "\n";
print "CC =$target{cc}\n";
-print "CFLAG =$config{cflags}\n";
-print "DEFINES =",join(" ", @{$config{defines}}),"\n";
-print "LFLAG =$config{lflags}\n";
-print "PLIB_LFLAG =$config{plib_lflags}\n";
-print "EX_LIBS =$config{ex_libs}\n";
+print "CFLAG =$target{cflags} $config{cflags}\n";
+print "DEFINES =",join(" ", @{$target{defines}}, @{$config{defines}}),"\n";
+print "LFLAG =$target{lflags}\n";
+print "PLIB_LFLAG =$target{plib_lflags}\n";
+print "EX_LIBS =$target{ex_libs} $config{ex_libs}\n";
+print "APPS_OBJ =$target{apps_obj}\n";
print "CPUID_OBJ =$target{cpuid_obj}\n";
+print "UPLINK_OBJ =$target{uplink_obj}\n";
print "BN_ASM =$target{bn_obj}\n";
print "EC_ASM =$target{ec_obj}\n";
print "DES_ENC =$target{des_obj}\n";
VALUE "FileDescription", "OpenSSL Shared Library\\0"
VALUE "FileVersion", "$config{version}\\0"
#if defined(CRYPTO)
- VALUE "InternalName", "libeay32\\0"
- VALUE "OriginalFilename", "libeay32.dll\\0"
+ VALUE "InternalName", "libcrypto32\\0"
+ VALUE "OriginalFilename", "libcrypto32.dll\\0"
#elif defined(SSL)
- VALUE "InternalName", "ssleay32\\0"
- VALUE "OriginalFilename", "ssleay32.dll\\0"
+ VALUE "InternalName", "libssl32\\0"
+ VALUE "OriginalFilename", "libssl32.dll\\0"
#endif
VALUE "ProductName", "The OpenSSL Toolkit\\0"
VALUE "ProductVersion", "$config{version}\\0"
Configured for $target.
EOF
-print <<"EOF" if (!$disabled{threads} && !$threads);
+print <<"EOF" if ($disabled{threads} eq "unavailable");
The library could not be configured for supporting multi-threaded
applications as the compiler options required on this system are not known.
}
}
+our $add_called = 0;
# Helper function to implement adding values to already existing configuration
# values. It handles elements that are ARRAYs, CODEs and scalars
sub _add {
my @values =
map {
- if (ref($_) eq "ARRAY") {
- $found_array = 1;
- @$_;
+ my $res = $_;
+ while (ref($res) eq "CODE") {
+ $res = $res->();
+ }
+ if (defined($res)) {
+ if (ref($res) eq "ARRAY") {
+ $found_array = 1;
+ @$res;
+ } else {
+ $res;
+ }
} else {
- $_;
+ ();
}
} (@_);
+ $add_called = 1;
+
if ($found_array) {
[ @values ];
} else {
- join($separator, @values);
+ join($separator, grep { defined($_) && $_ ne "" } @values);
}
}
sub add_before {
my $target = shift;
my @breadcrumbs = @_;
+ my $extra_checks = defined($ENV{CONFIGURE_EXTRA_CHECKS});
+
if (grep { $_ eq $target } @breadcrumbs) {
die "inherit_from loop! target backtrace:\n "
,$target,"\n ",join("\n ", @breadcrumbs),"\n";
my %all_keys =
map { $_ => 1 } (keys %combined_inheritance,
keys %{$table{$target}});
+
+ sub process_values {
+ my $object = shift;
+ my $inherited = shift; # Always a [ list ]
+ my $target = shift;
+ my $entry = shift;
+
+ $add_called = 0;
+
+ while(ref($object) eq "CODE") {
+ $object = $object->(@$inherited);
+ }
+ if (!defined($object)) {
+ return ();
+ }
+ elsif (ref($object) eq "ARRAY") {
+ local $add_called; # To make sure recursive calls don't affect it
+ return [ map { process_values($_, $inherited, $target, $entry) }
+ @$object ];
+ } elsif (ref($object) eq "") {
+ return $object;
+ } else {
+ die "cannot handle reference type ",ref($object)
+ ," found in target ",$target," -> ",$entry,"\n";
+ }
+ }
+
foreach (sort keys %all_keys) {
+ my $previous = $combined_inheritance{$_};
# Current target doesn't have a value for the current key?
# Assign it the default combiner, the rest of this loop body
$table{$target}->{$_} = $default_combiner;
}
- my $valuetype = ref($table{$target}->{$_});
- if ($valuetype eq "CODE") {
- # CODE reference, execute it with the inherited values as
- # arguments.
- $table{$target}->{$_} =
- $table{$target}->{$_}->(@{$combined_inheritance{$_}});
- } elsif ($valuetype eq "ARRAY" || $valuetype eq "") {
- # ARRAY or Scalar, just leave it as is.
- } else {
- # Some other type of reference that we don't handle.
- # Better to abort at this point.
- die "cannot handle reference type $valuetype,"
- ," found in target $target -> $_\n";
- }
+ $table{$target}->{$_} = process_values($table{$target}->{$_},
+ $combined_inheritance{$_},
+ $target, $_);
+ unless(defined($table{$target}->{$_})) {
+ delete $table{$target}->{$_};
+ }
+ if ($extra_checks &&
+ $previous && !($add_called || $previous ~~ $table{$target}->{$_})) {
+ warn "$_ got replaced in $target\n";
+ }
}
# Finally done, return the result.
"cc",
"cflags",
"defines",
- "debug_cflags",
- "debug_defines",
- "release_cflags",
- "release_defines",
- "thread_cflag",
"unistd",
"ld",
"lflags",
"plib_lflags",
"ex_libs",
- "debug_lflags",
- "debug_plib_lflags",
- "debug_ex_libs",
- "release_lflags",
- "release_plib_lflags",
- "release_ex_libs",
"bn_ops",
"cpuid_obj",
"bn_obj",
"cmll_obj",
"modes_obj",
"padlock_obj",
+ "thread_scheme",
"perlasm_scheme",
"dso_scheme",
"shared_target",