# library and will be loaded in run-time by the OpenSSL library.
# sctp include SCTP support
# 386 generate 80386 code
+# enable-weak-ssl-ciphers
+# Enable weak ciphers that are disabled by default. This currently
+# only includes RC4 based ciphers.
# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
# -<xxx> +<xxx> compiler options are passed through
# which has to be accompanied by explicit -D_THREAD_SAFE and
# sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which
# seems to be sufficient?
-my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
+our $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
#
# API compability name to version number mapping.
$config{fipslibdir}="/usr/local/ssl/fips-2.0/lib/";
my $nofipscanistercheck=0;
$config{baseaddr}="0xFB00000";
-my $threads=0;
+my $auto_threads=1; # enable threads automatically? true by default
my $default_ranlib;
$config{fips}=0;
"ui",
"unit-test",
"whirlpool",
+ "weak-ssl-ciphers",
"zlib",
"zlib-dynamic",
);
our %disabled = ( # "what" => "comment"
"ec_nistp_64_gcc_128" => "default",
- "egd" => "default",
- "md2" => "default",
- "rc5" => "default",
- "sctp" => "default",
- "shared" => "default",
- "ssl-trace" => "default",
- "static-engine" => "default",
- "unit-test" => "default",
- "zlib" => "default",
- "crypto-mdebug" => "default",
- "heartbeats" => "default",
+ "egd" => "default",
+ "md2" => "default",
+ "rc5" => "default",
+ "sctp" => "default",
+ "shared" => "default",
+ "ssl-trace" => "default",
+ "ssl3" => "default",
+ "ssl3-method" => "default",
+ "static-engine" => "default",
+ "unit-test" => "default",
+ "weak-ssl-ciphers" => "default",
+ "zlib" => "default",
+ "zlib-dynamic" => "default",
+ "crypto-mdebug" => "default",
+ "heartbeats" => "default",
);
# Note: => pair form used for aesthetics, not to truly make a hash table
my $libs="";
my $target="";
$config{options}="";
-my $build_prefix = "release_";
+$config{build_type} = "release";
my @argvcopy=@ARGV;
{
$disabled{$1} = "option";
}
+ # No longer an automatic choice
+ $auto_threads = 0 if ($1 eq "threads");
}
elsif (/^enable-(.+)$/)
{
{
delete $disabled{"dynamic-engine"};
}
+ elsif ($1 eq "zlib-dynamic")
+ {
+ delete $disabled{"zlib"};
+ }
my $algo = $1;
delete $disabled{$algo};
- $threads = 1 if ($algo eq "threads");
+ # No longer an automatic choice
+ $auto_threads = 0 if ($1 eq "threads");
}
elsif (/^--strict-warnings$/)
{
}
elsif (/^--debug$/)
{
- $build_prefix = "debug_";
+ $config{build_type} = "debug";
}
elsif (/^--release$/)
{
- $build_prefix = "release_";
+ $config{build_type} = "release";
}
elsif (/^386$/)
{ $config{processor}=386; }
# Support for legacy targets having a name starting with 'debug-'
my ($d, $t) = $target =~ m/^(debug-)?(.*)$/;
if ($d) {
- $build_prefix = "debug_";
+ $config{build_type} = "debug";
# If we do not find debug-foo in the table, the target is set to foo.
if (!$table{$target}) {
# For cflags, lflags, plib_lflags, ex_libs and defines, add the debug_
# or release_ attributes.
# Do it in such a way that no spurious space is appended (hence the grep).
-$config{defines} = [ @{$target{defines}},
- @{$target{$build_prefix."defines"}} ];
-$config{cflags} = join(" ",
- grep { $_ ne "" } ($target{cflags},
- $target{$build_prefix."cflags"}));
-$config{ex_libs} = join(" ",
- grep { $_ ne "" } ($target{ex_libs},
- $target{$build_prefix."ex_libs"}));
+$config{defines} = [];
+$config{cflags} = "";
+$config{ex_libs} = "";
+$config{shared_ldflag} = "";
# Make sure build_scheme is consistent.
$target{build_scheme} = [ $target{build_scheme} ]
if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m)
{
$config{cflags} .= " -mno-cygwin";
- $target{shared_ldflag} .= " -mno-cygwin";
+ $config{shared_ldflag} .= " -mno-cygwin";
}
if ($target =~ /linux.*-mips/ && !$disabled{asm} && $user_cflags !~ /-m(ips|arch=)/) {
$target{dso_scheme} =~ tr/[a-z]/[A-Z]/;
if ($target{dso_scheme} eq "DLFCN")
{
- $config{defines} = [ "DSO_DLFCN", "HAVE_DLFCN_H",
- @{$config{defines}} ]
+ unshift @{$config{defines}}, "DSO_DLFCN", "HAVE_DLFCN_H";
}
elsif ($target{dso_scheme} eq "DLFCN_NO_H")
{
- $config{defines} = [ "DSO_DLFCN", @{$config{defines}} ]
+ unshift @{$config{defines}}, "DSO_DLFCN";
}
else
{
- $config{defines} = [ "DSO_$target{dso_scheme}",
- @{$config{defines}} ]
- }
- }
-
-my $thread_cflags = "";
-my @thread_defines;
-if ($target{thread_cflag} ne "(unknown)" && !$disabled{threads})
- {
- # If we know how to do it, support threads by default.
- $threads = 1;
- }
-if ($target{thread_cflag} eq "(unknown)" && $threads)
- {
- # If the user asked for "threads", [s]he is also expected to
- # provide any system-dependent compiler options that are
- # necessary.
- if ($no_user_cflags && $no_user_defines)
- {
- print "You asked for multi-threading support, but didn't\n";
- print "provide any system-specific compiler options\n";
- exit(1);
+ unshift @{$config{defines}}, "DSO_$target{dso_scheme}";
}
- push @thread_defines, "OPENSSL_THREADS";
- }
-else
- {
- $thread_cflags=" $target{thread_cflag}";
- push @thread_defines, @{$target{thread_defines}}, "OPENSSL_THREADS";
}
$config{ex_libs}="$libs$config{ex_libs}" if ($libs ne "");
if ($disabled{asm})
{
- @{$config{defines}} = grep !/^[BL]_ENDIAN$/, @{$config{defines}}
- if ($config{fips});
+ if ($config{fips})
+ {
+ @{$config{defines}} = grep !/^[BL]_ENDIAN$/, @{$config{defines}};
+ @{$target{defines}} = grep !/^[BL]_ENDIAN$/, @{$target{defines}};
+ }
}
-if ($threads)
- {
- $config{cflags} = "$thread_cflags $config{cflags}" if $thread_cflags;
- push @{$config{defines}}, @thread_defines;
- push @{$config{openssl_thread_defines}}, @thread_defines;
- }
+# If threads aren't disabled, check how possible they are
+unless ($disabled{threads}) {
+ if ($auto_threads) {
+ # Enabled by default, disable it forcibly if unavailable
+ if ($target{thread_scheme} eq "(unknown)") {
+ $disabled{threads} = "unavailable";
+ }
+ } else {
+ # The user chose to enable threads explicitely, let's see
+ # if there's a chance that's possible
+ if ($target{thread_scheme} eq "(unknown)") {
+ # If the user asked for "threads" and we don't have internal
+ # knowledge how to do it, [s]he is expected to provide any
+ # system-dependent compiler options that are necessary. We
+ # can't truly check that the given options are correct, but
+ # we expect the user to know what [s]He is doing.
+ if ($no_user_cflags && $no_user_defines) {
+ die "You asked for multi-threading support, but didn't\n"
+ ,"provide any system-specific compiler options\n";
+ }
+ }
+ }
+}
+
+# If threads still aren't disabled, add a C macro to ensure the source
+# code knows about it. Any other flag is taken care of by the configs.
+unless($disabled{threads}) {
+ foreach (("defines", "openssl_thread_defines")) {
+ push @{$config{$_}}, "OPENSSL_THREADS";
+ }
+}
# With "deprecated" disable all deprecated features.
if (defined($disabled{"deprecated"})) {
if ($config{processor} eq "386") {
$target{wp_asm_src}=$table{DEFAULTS}->{wp_asm_src};
} elsif (!$disabled{"whirlpool"}) {
- $config{cflags}.=" -DWHIRLPOOL_ASM";
+ push @{$config{defines}}, "WHIRLPOOL_ASM";
}
}
if ($target{modes_asm_src} =~ /ghash-/) {
# ALL MODIFICATIONS TO %config and %target MUST BE DONE FROM HERE ON
+$config{afalg}="";
+if ($target =~ m/^linux/) {
+ my $minver = 4*10000 + 1*100 + 0;
+ if ($config{cross_compile_prefix} eq "") {
+ my $verstr = `uname -r`;
+ my ($ma, $mi1, $mi2) = split("\\.", $verstr);
+ ($mi2) = $mi2 =~ /(\d+)/;
+ my $ver = $ma*10000 + $mi1*100 + $mi2;
+ if ($ver < $minver) {
+ $disabled{afalg} = "too-old-kernel";
+ } else {
+ push @{$config{engdirs}}, "afalg";
+ }
+ }
+} else {
+ $disabled{afalg} = "not-linux";
+}
+
+push @{$config{openssl_other_defines}}, "OPENSSL_NO_AFALGENG" if ($disabled{afalg});
+
# If we use the unified build, collect information from build.info files
my %unified_info = ();
my @engines = ();
my @scripts = ();
my @extra = ();
+ my @overrides = ();
my @intermediates = ();
my @rawlines = ();
my %depends = ();
my %renames = ();
my %sharednames = ();
+ my %generate = ();
push @{$config{build_infos}}, catfile(abs2rel($sourced, $blddir), $f);
my $template = Text::Template->new(TYPE => 'FILE',
qr/^\s*EXTRA\s*=\s*(.*)\s*$/
=> sub { push @extra, split(/\s+/, $1)
if !@skip || $skip[$#skip] > 0 },
+ qr/^\s*OVERRIDES\s*=\s*(.*)\s*$/
+ => sub { push @overrides, split(/\s+/, $1)
+ if !@skip || $skip[$#skip] > 0 },
qr/^\s*ORDINALS\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/,
=> sub { push @{$ordinals{$1}}, split(/\s+/, $2)
qr/^\s*DEPEND\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
=> sub { push @{$depends{$1}}, split(/\s+/, $2)
if !@skip || $skip[$#skip] > 0 },
+ qr/^\s*GENERATE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
+ => sub { push @{$generate{$1}}, $2
+ if !@skip || $skip[$#skip] > 0 },
qr/^\s*RENAME\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
=> sub { push @{$renames{$1}}, split(/\s+/, $2)
if !@skip || $skip[$#skip] > 0 },
$unified_info{extra}->{$extra} = 1;
}
+ foreach (@overrides) {
+ my $override = cleanfile($buildd, $_, $blddir);
+ $unified_info{overrides}->{$override} = 1;
+ }
+
push @{$unified_info{rawlines}}, @rawlines;
unless ($disabled{shared}) {
my %known_ordinals =
(
crypto =>
- cleanfile($sourced, catfile("util", "libeay.num"), $blddir),
+ cleanfile($sourced, catfile("util", "libcrypto.num"), $blddir),
ssl =>
- cleanfile($sourced, catfile("util", "ssleay.num"), $blddir)
+ cleanfile($sourced, catfile("util", "libssl.num"), $blddir)
);
my $o = $known_ordinals{$_};
die "Ordinals for $ddest defined more than once\n"
}
}
+ foreach (keys %generate) {
+ my $dest = $_;
+ my $ddest = cleanfile($buildd, $_, $blddir);
+ if ($unified_info{rename}->{$ddest}) {
+ $ddest = $unified_info{rename}->{$ddest};
+ }
+ die "more than one generator for $dest: "
+ ,join(" ", @{$generate{$_}}),"\n"
+ if scalar @{$generate{$_}} > 1;
+ my @generator = split /\s+/, $generate{$dest}->[0];
+ $generator[0] = cleanfile($sourced, $generator[0], $blddir),
+ $unified_info{generate}->{$ddest} = [ @generator ];
+ }
+
foreach (keys %depends) {
my $dest = $_;
my $ddest = cleanfile($buildd, $_, $blddir);
### Make unified_info a bit more efficient
# One level structures
- foreach (("programs", "libraries", "engines", "scripts", "extra")) {
+ foreach (("programs", "libraries", "engines", "scripts", "extra", "overrides")) {
$unified_info{$_} = [ sort keys %{$unified_info{$_}} ];
}
# Two level structures
print "IsMK1MF =", ($builder eq "mk1mf" ? "yes" : "no"), "\n";
print "CC =$target{cc}\n";
-print "CFLAG =$config{cflags}\n";
-print "DEFINES =",join(" ", @{$config{defines}}),"\n";
+print "CFLAG =$target{cflags} $config{cflags}\n";
+print "DEFINES =",join(" ", @{$target{defines}}, @{$config{defines}}),"\n";
print "LFLAG =$target{lflags}\n";
print "PLIB_LFLAG =$target{plib_lflags}\n";
-print "EX_LIBS =$config{ex_libs}\n";
+print "EX_LIBS =$target{ex_libs} $config{ex_libs}\n";
print "APPS_OBJ =$target{apps_obj}\n";
print "CPUID_OBJ =$target{cpuid_obj}\n";
print "UPLINK_OBJ =$target{uplink_obj}\n";
VALUE "FileDescription", "OpenSSL Shared Library\\0"
VALUE "FileVersion", "$config{version}\\0"
#if defined(CRYPTO)
- VALUE "InternalName", "libeay32\\0"
- VALUE "OriginalFilename", "libeay32.dll\\0"
+ VALUE "InternalName", "libcrypto32\\0"
+ VALUE "OriginalFilename", "libcrypto32.dll\\0"
#elif defined(SSL)
- VALUE "InternalName", "ssleay32\\0"
- VALUE "OriginalFilename", "ssleay32.dll\\0"
+ VALUE "InternalName", "libssl32\\0"
+ VALUE "OriginalFilename", "libssl32.dll\\0"
#endif
VALUE "ProductName", "The OpenSSL Toolkit\\0"
VALUE "ProductVersion", "$config{version}\\0"
Configured for $target.
EOF
-print <<"EOF" if (!$disabled{threads} && !$threads);
+print <<"EOF" if ($disabled{threads} eq "unavailable");
The library could not be configured for supporting multi-threaded
applications as the compiler options required on this system are not known.
}
}
+our $add_called = 0;
# Helper function to implement adding values to already existing configuration
# values. It handles elements that are ARRAYs, CODEs and scalars
sub _add {
}
} (@_);
+ $add_called = 1;
+
if ($found_array) {
[ @values ];
} else {
my $target = shift;
my @breadcrumbs = @_;
+ my $extra_checks = defined($ENV{CONFIGURE_EXTRA_CHECKS});
+
if (grep { $_ eq $target } @breadcrumbs) {
die "inherit_from loop! target backtrace:\n "
,$target,"\n ",join("\n ", @breadcrumbs),"\n";
my $target = shift;
my $entry = shift;
+ $add_called = 0;
+
while(ref($object) eq "CODE") {
$object = $object->(@$inherited);
}
return ();
}
elsif (ref($object) eq "ARRAY") {
+ local $add_called; # To make sure recursive calls don't affect it
return [ map { process_values($_, $inherited, $target, $entry) }
@$object ];
} elsif (ref($object) eq "") {
}
foreach (sort keys %all_keys) {
+ my $previous = $combined_inheritance{$_};
# Current target doesn't have a value for the current key?
# Assign it the default combiner, the rest of this loop body
unless(defined($table{$target}->{$_})) {
delete $table{$target}->{$_};
}
+ if ($extra_checks &&
+ $previous && !($add_called || $previous ~~ $table{$target}->{$_})) {
+ warn "$_ got replaced in $target\n";
+ }
}
# Finally done, return the result.
"cc",
"cflags",
"defines",
- "debug_cflags",
- "debug_defines",
- "release_cflags",
- "release_defines",
- "thread_cflag",
"unistd",
"ld",
"lflags",
"plib_lflags",
"ex_libs",
- "debug_lflags",
- "debug_plib_lflags",
- "debug_ex_libs",
- "release_lflags",
- "release_plib_lflags",
- "release_ex_libs",
"bn_ops",
"cpuid_obj",
"bn_obj",
"cmll_obj",
"modes_obj",
"padlock_obj",
+ "thread_scheme",
"perlasm_scheme",
"dso_scheme",
"shared_target",